Establish a Sustainable ESG Reporting Program

  • Buy Link or Shortcode: {j2store}194|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: IT Governance, Risk & Compliance
  • Parent Category Link: /it-governance-risk-and-compliance

Consistent, high-quality disclosure of ESG practices is the means by which organizations can demonstrate they are acting responsibly and in the best interest of their customers and society. Organizations may struggle with these challenges when implementing an ESG reporting program:

  • Narrowing down ESG efforts to material ESG issues
  • Building a sustainable reporting framework
  • Assessing and solving for data gaps and data quality issues
  • Being aware of the tools and best practices available to support regulatory and performance reporting

Our Advice

Critical Insight

  • A tactical approach to ESG reporting will backfire. The reality of climate change and investor emphasis is not going away. For long-term success, organizations need to design an ESG reporting program that is flexible, interoperable, and digital.
  • Implementing a robust reporting program takes time. Start early, remain focused, and make plans to continually improve data quality and collection and performance metrics.
  • The “G” in ESG may not be capturing the limelight under ESG legislation yet, but there are key factors within the governance component that are under the regulatory microscope, including data, cybersecurity, fraud, and diversity and inclusion. Be sure you stay on top of these issues and include performance metrics in your internal and external reporting frameworks.

Impact and Result

  • Successful organizations recognize that transparent ESG disclosure is necessary for long-term corporate performance.
  • Taking the time up front to design a robust and proactive ESG reporting program will pay off in the long run.
  • Future-proof your ESG reporting program by leveraging new tools, technologies, and software applications.

Establish a Sustainable ESG Reporting Program Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Establish a Sustainable ESG Reporting Program Storyboard – A comprehensive framework to define an ESG reporting program that supports your ESG goals and reporting requirements.

This storyboard provides a three-phased approach to establishing a comprehensive ESG reporting framework to drive sustainable corporate performance. It will help you identify what to report, understand how to implement your reporting program, and review in-house and external software and tooling options.

  • Establish a Sustainable ESG Reporting Program Storyboard

2. ESG Reporting Workbook – A tool to document decisions, rationale, and implications of key activities to support your ESG reporting program.

The workbook allows IT and business leaders to document decisions as they work through the steps to establish a comprehensive ESG reporting framework.

  • ESG Reporting Workbook

3. ESG Reporting Implementation Plan – A tool to document tasks required to deliver and address gaps in your ESG reporting program.

This planning tool guides IT and business leaders in planning, prioritizing, and addressing gaps to build an ESG reporting program.

  • ESG Reporting Implementation Plan Template

4. ESG Reporting Presentation Template – A guide to communicate your ESG reporting approach to internal stakeholders.

Use this template to create a presentation that explains the drivers behind the strategy, communicates metrics, demonstrates gaps and costs, and lays out the timeline for the implementation plan.

  • ESG Reporting Presentation Template

Infographic

Workshop: Establish a Sustainable ESG Reporting Program

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Determine Material ESG Factors

The Purpose

Determine material ESG factors.

Key Benefits Achieved

Learn how to identify your key stakeholders and material ESG risks.

Activities

1.1 Create a list of stakeholders and applicable ESG factors.

1.2 Create a materiality map.

Outputs

List of stakeholders and applicable ESG factors

Materiality map

2 Define Performance and Reporting Metrics

The Purpose

Define performance and reporting metrics.

Key Benefits Achieved

Align your ESG strategy with key performance metrics.

Activities

2.1 Create a list of SMART metrics.

2.2 Create a list of reporting obligations.

Outputs

SMART metrics

List of reporting obligations

3 Assess Data and Implementation Gaps

The Purpose

Assess data and implementation gaps.

Key Benefits Achieved

Surface data and technology gaps.

Activities

3.1 Create a list of high-priority data gaps.

3.2 Summarize high-level implementation considerations.

Outputs

List of high-priority data gaps

Summary of high-level implementation considerations

4 Consider Software and Tooling Options

The Purpose

Select software and tooling options and develop implementation plan.

Key Benefits Achieved

Complete your roadmap and internal communication document.

Activities

4.1 Review tooling and technology options.

4.2 Prepare ESG reporting implementation plan.

4.3 Prepare the ESG reporting program presentation.

Outputs

Selected tooling and technology

ESG reporting implementation plan

ESG reporting strategy presentation

Further reading

Establish a Sustainable ESG Reporting Program

Strengthen corporate performance by implementing a holistic and proactive reporting approach.

Analyst Perspective

The shift toward stakeholder capitalism cannot be pinned on one thing; rather, it is a convergence of forces that has reshaped attitudes toward the corporation. Investor attention on responsible investing has pushed corporations to give greater weight to the achievement of corporate goals beyond financial performance.

Reacting to the new investor paradigm and to the wider systemic risk to the financial system of climate change, global regulators have rapidly mobilized toward mandatory climate-related disclosure.

IT will be instrumental in meeting the immediate regulatory mandate, but their role is much more far-reaching. IT has a role to play at the leadership table shaping strategy and assisting the organization to deliver on purpose-driven goals.

Delivering high-quality, relevant, and consistent disclosure is the key to unlocking and driving sustainable corporate performance. IT leaders should not underestimate the influence they have in selecting the right technology and data model to support ESG reporting and ultimately support top-line growth.

Photo of Yaz Palanichamy

Yaz Palanichamy
Senior Research Analyst
Info-Tech Research Group

Photo of Donna Bales

Donna Bales
Principal Research Director
Info-Tech Research Group

Executive Summary

Your Challenge

Your organization needs to define a ESG reporting strategy that is driven by corporate purpose.

Climate-related disclosure mandates are imminent; you need to prepare for them by building a sustainable reporting program now.

There are many technologies available to support your ESG program plans. How do you choose the one that is right for your organization?

Common Obstacles

Knowing how to narrow down ESG efforts to material ESG issues for your organization.

Understanding the key steps to build a sustainable ESG reporting program.

Assessing and solving for data gaps and data quality issues.

Being aware of the tools and best practices available to support regulatory and performance reporting.

Info-Tech’s Approach

Learn best-practice approaches to develop and adopt an ESG reporting program approach to suit your organization’s unique needs.

Understand the key features, tooling options, and vendors in the ESG software market.

Learn through analyst insights, case studies, and software reviews on best-practice approaches and tool options.

Info-Tech Insight

Implementing a robust reporting program takes time. Start early, remain focused, and plan to continually improve data quality and collection and performance metrics

Putting “E,” “S,” and “G” in context

Corporate sustainability depends on managing ESG factors well

Environmental, social, and governance are the components of a sustainability framework that is used to understand and measure how an organization impacts or is affected by society as a whole.

Human activities, particularly fossil fuel burning since the middle of the twentieth century, have increased greenhouse gas concentration, resulting in observable changes to the atmosphere, ocean, cryosphere, and biosphere. The “E” in ESG relates to the positive and negative impacts an organization may have on the environment, such as the energy it takes in and the waste it discharges.

The “S” in ESG is the most ambiguous component in the framework, as social impact relates not only to risks but also to prosocial behavior. It’s the most difficult to measure but can have significant financial and reputational impact on corporations if material and poorly managed.

The “G” in ESG is foundational to the realization of “S” and “E.” It encompasses how well an organization integrates these considerations into the business and how well the organization engages with key stakeholders, receives feedback, and is transparent with its intentions.

A diagram that shows common examples of ESG issues.

The impact of ESG factors on investment decisions

Alleviate Investment Risk

Organizational Reputation: Seventy-four percent of those surveyed were concerned that failing to improve their corporate ESG performance would negatively impact their organization’s branding and overall reputation in the market (Intelex, 2022).

Ethical Business Compliance: Adherence to well-defined codes of business conduct and implementation of anti-corruption and anti-bribery practices is a great way to distinguish between organizations with good/poor governance intentions.

Shifting Consumer Preferences: ESG metrics can also largely influence consumer preferences in buying behavior intentions. Research from McKinsey shows that “upward of 70 percent” of consumers surveyed on purchases in multiple industries said they would pay an additional 5 percent for a green product if it met the same performance standards as a nongreen alternative (McKinsey, 2019).

Responsible Supply Chain Management: The successful alignment of ESG criteria with supply chain operations can lead to several benefits (e.g. producing more sustainable product offerings, maintaining constructive relationships with more sustainability-focused suppliers).

Environmental Stewardship: The growing climate crisis has forced companies of all sizes to rethink how they plan their corporate environmental sustainability practices.

Compliance With Regulatory Guidelines: An increasing emphasis on regulations surrounding ESG disclosure rates may result in some institutional investors taking a more proactive stance toward ESG-related initiatives.

Sustaining Competitive Advantage: Given today’s globalized economy, many businesses are constantly confronted with environmental issues (e.g. water scarcity, air pollution) as well as social problems (e.g. workplace wellness issues). Thus, investment in ESG factors is simply a part of maintaining competitive advantage.

Leaders increasingly see ESG as a competitive differentiator

The perceived importance of ESG has dramatically increased from 2020 to 2023

A diagram that shows the perceived importance of ESG in 2020 and 2023.

In a survey commissioned by Schneider Electric, researchers categorized the relative importance of ESG planning initiatives for global IT business leaders. ESG was largely identified as a critical factor in sustaining competitive advantage against competitors and maintaining positive investor/public relations.
Source: S&P Market Intelligence, 2020; N=825 IT decision makers

“74% of finance leaders say investors increasingly use nonfinancial information in their decision-making.”
Source: EY, 2020

Regulatory pressure to report on carbon emission is building globally

The Evolving Regulatory Landscape

Canada

  • Canadian Securities Administrators (CSA) NI 51-107 Disclosure of Climate-related Matters

United States

  • Securities and Exchange Commission (SEC) 33-11042 – The Enhancement and Standardization of Climate-Related Disclosures for Investors
  • SEC 33-11038 Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure
  • Nasdaq Board Diversity Rule (5605(f))

Europe

  • European Commission Sustainable Finance Disclosure Regulation (SFDR)
  • European Commission EU Supply Chain Act
  • The German Supply Chain Act (GSCA)
  • Financial Conduct Authority UK Proposal (DP 21/4) Sustainability Disclosure Requirements and investment labels
  • UK Modern Slavery Act, 2015

New Zealand

  • The Financial Sector (Climate-related Disclosures and Other Matters) Amendment Act 2021

Accurate ESG reporting will be critical to meet regulatory requirements

ESG reporting is the disclosure of environmental, social, and governance (ESG) data via qualitative and quantitative reports.

It is how organizations make their sustainability commitments and strategies transparent to stakeholders.

For investors it provides visibility into a company's ESG activities, enabling them to align investments to their values and avoid companies that cause damage to the environment or are offside on social and governance issues.

Despite the growing practice of ESG reporting, reporting standards and frameworks are still evolving and the regulatory approach for climate-related disclosure is inconsistent across jurisdictions, making it challenging for organizations to develop a robust reporting program.

“Environmental, social and governance (ESG) commitments are at the core a data problem.”

Source: EY, 2022

However, organizations will struggle to meet reporting requirements

An image that shows 2 charts: How accurately can your organization report on the impact of its ESG Initiatives; and More specifically, if it was required to do so, how accurately could your organization report on its carbon footprint.

Despite the commitment to support an ESG Initiative, less than a quarter of IT professionals say their organization can accurately report on the impact of its ESG initiatives, and 44% say their reporting on impacts is not accurate.

Reporting accuracy was even worse for reporting on carbon footprint with 46% saying their organization could not report on its carbon footprint accurately. This despite most IT professionals saying they are working to support environmental mandates.

Global sustainability rankings based on ESG dimensions

Global Country Sustainability Ranking Map

An image of Global Country Sustainability Ranking Map, with a score of 0 to 10.

Country Sustainability Scores (CSR) as of October 2021
Scores range from 1 (poor) to 10 (best)
Source: Robeco, 2021

ESG Performance Rankings From Select Countries

Top ESG and sustainability performer

Finland has ranked consistently as a leading sustainability performer in recent years. Finland's strongest ESG pillar is the environment, and its environmental ranking of 9.63/10 is the highest out of all 150 countries.

Significant score deteriorations

Brazil, France, and India are among the countries whose ESG score rankings have deteriorated significantly in the past three years.

Increasing political tensions and risks as well as aftershock effects of the COVID-19 pandemic (e.g. high inequality and insufficient access to healthcare and education) have severely impacted Brazil’s performance across the governance and social pillars of the ESG framework, ultimately causing its overall ESG score to drop to a CSR value of 5.31.

Largest gains and losses in ESG scores

Canada has received worse scores for corruption, political risk, income inequality, and poverty over the past three years.

Taiwan has seen its rankings improve in terms of overall ESG scores. Government effectiveness, innovation, a strong semiconductor manufacturing market presence, and stronger governance initiatives have been sufficient to compensate for a setback in income and economic inequality.

Source: Robeco, 2021

Establish a Sustainable Environmental, Social, and Governance (ESG) Reporting Program

A diagram of establishing a sustainable ESG reporting program.

Blueprint benefits

Business Benefits

  • Clarity on technical and organizational gaps in the organization’s ability to deliver ESG reporting strategy.
  • Transparency on the breadth of the change program, internal capabilities needed, and accountable owners.
  • Reduced likelihood of liability.
  • Improved corporate performance and top-line growth.
  • Confidence that the organization is delivering high-quality, comprehensive ESG disclosure.

IT Benefits

  • Understanding of IT’s role as strategic enabler for delivering high-quality ESG disclosure and sustainable corporate performance.
  • Transparency on primary data gaps and technology and tools needed to support the ESG reporting strategy.
  • Clear direction of material ESG risks and how to prioritize implementation efforts.
  • Awareness of tool selection options.

Blueprint deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

Photo of Executive Presentation.

Key deliverable: Executive Presentation

Leverage this presentation deck to improve corporate performance by implementing a holistic and proactive ESG reporting program.

Photo of Workbook

Workbook

As you work through the activities, use this workbook to document decisions and rationale and to sketch your materiality map.

Photo of Implementation Plan

Implementation Plan

Use this implementation plan to address organizational, technology, and tooling gaps.

Photo of RFP Template

RFP Template

Leverage Info-Tech’s RFP Template to source vendors to fill technology gaps.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

Guided Implementation
"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

Workshop
"We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

Consulting
"Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostics and consistent frameworks are used throughout all four options.

Guided Implementation

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is 8 to 12 calls over the course of 4 to 6 months.

What does a typical GI on this topic look like?

A diagram that shows Guided Implementation in 3 phases.

Workshop Overview

Day 1

Day 2

Day 3

Day 4

Day 5

Activities

Determine Material ESG Factors

1.1 Review ESG drivers.
1.2 Identify key stakeholders and what drives their behavior.
1.3 Discuss materiality frameworks options and select baseline model.
1.4 Identify material risks and combine and categorize risks.
1.5 Map material risks on materiality assessment map.

Define Performance and Reporting Metrics

2.1 Understand common program metrics for each ESG component.
2.2 Consider and select program metrics.
2.3 Discuss ESG risk metrics.
2.4 Develop SMART metrics.
2.5 Surface regulatory reporting obligations.

Assess Data and Implementation Gaps

3.1 Assess magnitude and prioritize data gaps.
3.2 Discuss high-level implementation considerations and organizational gaps.

Software and Tooling Options

4.1 Review technology options.
4.2 Brainstorm technology and tooling options and the feasibility of implementing.
4.3 Prepare implementation plan.
4.4 Draft ESG reporting program communication.
4.5 Optional – Review software selection options.

Next Steps and Wrap-Up (offsite)

5.1 Complete in-progress deliverables from previous four days.
5.2 Set up review time for workshop deliverables and to discuss next steps.

Deliverables

1. Customized list of key stakeholders and material ESG risks
2. Materiality assessment map

1. SMART metrics
2. List of regulatory reporting obligations

1. High-priority data gaps
2. High-level implementation considerations

1. Technology and tooling opportunities
2. Implementation Plan
3. ESG Reporting Communication

1. ESG Reporting Workbook
2. Implementation Plan

Contact your account representative for more information.
workshops@infotech.com
1-888-670-8889

Phase 1

Explore ESG Reporting

A diagram that shows phase 1 to 3 of establishing ESG reporting program.

This phase will walk you through the following:

  • Define key stakeholders and material ESG factors.
  • Identify material ESG issues.
  • Develop SMART program metrics.
  • List reporting obligations.
  • Surface high-level data gaps.
  • Record high-level implementation considerations.

This phase involves the following participants: CIO, CCO, CSO, business leaders, legal, marketing and communications, head of ESG reporting, and any dedicated ESG team members

Practical steps for ESG disclosure

Measuring and tracking incremental change among dimensions such as carbon emissions reporting, governance, and diversity, equity, and inclusion (DEI) requires organizations to acquire, analyze, and synthesize data from beyond their internal organizational ecosystems

A diagram that shows 5 steps of identify, assess, implement, report & communicate, and monitor & improve.

1.1 Ensure your reporting requirements are comprehensive

A diagram of reporting lifecycle.

This section will walk you through some key considerations for establishing your ESG reporting strategy. The first step in this process is to identify the scope of your reporting program.

Defining the scope of your reporting program

  1. Stakeholder requirements: When developing a reporting program consider all your stakeholder needs as well as how they want to consume the information.
  2. Materiality assessment: Conduct a materiality assessment to identify the material ESG issues most critical to your organization. Organizations will need to report material risks to internal and external stakeholders.
  3. Purpose-driven goals: Your ESG reporting must include metrics to measure performance against your purpose-driven strategy.
  4. Regulatory requirements & industry: Work with your compliance and legal teams to understand which reporting requirements apply. Don’t forget requirements under the “S” and “G” components. Some jurisdictions require DEI reporting, and the Securities and Exchange Commission (SEC) in the US recently announced cybersecurity disclosure of board expertise and management oversight practices.

Factor 1: Stakeholder requirements

Work with key stakeholders to determine what to report

A diagram that shows internal and external stakeholders.

Evaluate your stakeholder landscape

Consider each of these areas of the ESG Stakeholder Wheel and identify your stakeholders. Once stakeholders are identified, consider how the ESG factors might be perceived by delving into the ESG factors that matter to each stakeholder and what drives their behavior.

A diagram of ESG impact, including materiality assessment, interviews, benchmark verses competitors, metrics and trend analysis.

Determine ESG impact on stakeholders

Review materiality assessment frameworks for your industry to surface ESG factors for your segment and stakeholder group(s).

Perform research and analysis of the competition and stakeholder trends, patterns, and behavior

Support your findings with stakeholder interviews.

Stakeholders will prioritize ESG differently. Understanding their commitment is a critical success factor.

Many of your stakeholders care about ESG commitments…

27%: Support for social and environmental proposals at shareholder meetings of US companies rose to 27% in 2020 (up from 21% in 2017).
Source: Sustainable Investments Institute, 2020.

79%: of investors consider ESG risks and opportunities an important factor in investment decision making.
Source: “Global Investor Survey,” PwC, 2021.

...Yet

33%: of survey respondents cited that a lack of attention or support from senior leadership was one of the major barriers preventing their companies from making any progress on ESG issues.
Source: “Consumer Intelligence Survey,” PwC, 2021.

Info-Tech Insight

To succeed with ESG reporting it is essential to understand who we hold ourselves accountable to and to focus ESG efforts in areas with the optimal balance between people, the planet, and profits

Activity 1: Define stakeholders

Input: Internal documentation (e.g. strategy, annual reports), ESG Stakeholder Wheel
Output: List of key stakeholders and applicable ESG factors
Materials: Whiteboard/flip charts, ESG Reporting Workbook
Participants: Chief Sustainability Officer, Chief Compliance Officer, Head of ESG Reporting, Business leaders

2 hours

  1. Using the ESG Stakeholder Wheel as a baseline, consider the breadth of your organization’s value chain and write down all your stakeholders.
  2. Discuss what drives their behavior. Be as detailed as you can be. For example, if it’s a consumer, delve into their age group and the factors that may drive their behavior.
  3. List the ESG factors that may be important to each stakeholder.
  4. Write down the communication channels you expect to use to communicate ESG information to this stakeholder group.
  5. Rate the priority of this stakeholder to your organization.
  6. Record this information in ESG Reporting Workbook.
  7. Optional – consider testing the results with a targeted survey.

Download the ESG Reporting Workbook

Activity 1: Example

An example of activity 1 (defining stakeholders)

Factor 2: Materiality assessments

Conduct a materiality assessment to inform company strategy and establish targets and metrics for risk and performance reporting

The concept of materiality as it relates to ESG is the process of gaining different perspectives on ESG issues and risks that may have significant impact (both positive and negative) on or relevance to company performance.

The objective of a materiality assessment is to identify material ESG issues most critical to your organization by looking at a broad range of social and environmental factors. Its purpose is to narrow strategic focus and enable an organization to assess the impact of financial and non-financial risks aggregately.

It helps to make the case for ESG action and strategy, assess financial impact, get ahead of long-term risks, and inform communication strategies.

Organizations can use assessment tools from Sustainalytics or GRI, SASB Standards, or guidance and benchmarking information from industry associations to help assess ESG risks .

An image of materiality matrix to understand ESG exposure

Info-Tech Insight

The materiality assessment informs your risk management approach. Material ESG risks identified should be integrated into your organization’s risk reporting framework.

Supplement your materiality assessment with stakeholder interviews

A diagram that shows steps of stakeholder interviews.

How you communicate the results of your ESG assessment may vary depending on whether you’re communicating to internal or external stakeholders and their communication delivery preferences.

Using the results from your materiality assessment, narrow down your key stakeholders list. Enhance your strategy for disclosure and performance measurement through direct and indirect stakeholder engagement.

Decide on the most suitable format to reach out to these stakeholders. Smaller groups lend themselves to interviews and forums, while surveys and questionnaires work well for larger groups.

Develop relevant questions tailored to your company and the industry and geography you are in.

Once you receive the results, decide how and when you will communicate them.

Determine how they will be used to inform your strategy.

Steps to determine material ESG factors

Step 1

Select framework

A diagram of framework

Review reporting frameworks and any industry guidance and select a baseline reporting framework to begin your materiality assessment.

Step 2

Begin to narrow down

A diagram of narrowing down stakeholders

Work with stakeholders to narrow down your list to a shortlist of high-priority material ESG issues.

Step 3

Consolidate and group

A diagram of ESG grouping

Group ESG issues under ESG components, your company’s strategic goals, or the UN’s Sustainable Development Goals.

Step 4

Rate the risks of ESG factors

A diagram of rating the risks of ESG factors

Assign an impact and likelihood scale for each risk and assign your risk threshold.

Step 5

Map

A diagram of material map

Use a material map framework such as GRI or SASB or Info-Tech’s materiality map to visualize your material ESG risks.

Materiality assessment

The materiality assessment is a strategic tool used to help identify, refine, and assess the numerous ESG issues in the context of your organization.

There is no universally accepted approach to materiality assessments. Although the concept of materiality is often embedded within a reporting standard, your approach to conducting the materiality assessment does not need to link to a specific reporting standard. Rather, it can be used as a baseline to develop your own.

To arrive at the appropriate outcome for your organization, careful consideration is needed to tailor the materiality assessment to meet your organization’s objectives.

When defining the scope of your materiality assessment consider:

  • Your corporate ESG purpose and sustainability strategy
  • Your audience and what drives their behavior
  • The relevance of the ESG issues to your organization. Do they impact strategy? Increase risk?
  • The boundaries of your materiality assessment (e.g. regions or business departments, supply chains it will cover)
  • Whether you want to assess from a double materiality perspective

A diagram of framework

Consider your stakeholders and your industry when selecting your materiality assessment tool – this will ensure you provide relevant disclosure information to the stakeholders that need it.

Double materiality is an extension of the financial concept of materiality and considers the broader impact of an organization on the world at large – particularly to people and climate.

Prioritize and categorize

A diagram of narrowing down stakeholders

Using internal information (e.g. strategy, surveys) and external information (e.g. competitors, industry best practices), create a longlist of ESG issues.

Discuss and narrow down the list. Be sure to consider opportunities – not just material risks!

A diagram of ESG grouping

Group the issues under ESG components or defined strategic goals for your organization. Another option is to use the UN’s Sustainable Development Goals to categorize.

Differentiate ESG factors that you already measure and report.

The benefit of clustering is that it shows related topics and how they may positively or negatively influence one another.

Internal risk disclosure should not be overlooked

Bank of America estimates ESG disputes have cost S&P companies more than $600 billion in market capitalization in the last seven years alone.

ESG risks are good predictors of future risks and are therefore key inputs to ensure long-term corporate success.

Regardless of the size of your organization, it’s important to build resilience against ESG risks.

To protect an organization against an ESG incident and potential liability risk, ESG risks should be treated like any other risk type and incorporated into risk management and internal reporting practices, including climate scenario analysis.

Some regulated entities will be required to meet climate-related financial disclosure expectations, and sound risk management practices will be prescribed through regulatory guidance. However, all organizations should instill sound risk practices.

ESG risk management done right will help protect against ESG mishaps that can be expensive and damaging while demonstrating commitment to stakeholders that have influence over all corporate performance.

Source: GreenBiz, 2022.

A diagram of risk landscape.

IT has a role to play to provide the underlying data and technology to support good risk decisions.

Visualize your material risks

Leverage industry frameworks or use Info-Tech’s materiality map to visualize your material ESG risks.

GRI’s Materiality Matrix

A photo of GRI’s Materiality Matrix

SASB’s Materiality Map

A photo of SASB’s Materiality Map

Info-Tech’s Materiality Map

A diagram of material map

Activity 2: Materiality assessment

Input: ESG corporate purpose or any current ESG metrics; Customer satisfaction or employee engagement surveys; Materiality assessment tools from SASB, Sustainalytics, GRI, or industry frameworks; Outputs from stakeholder outreach/surveys
Output: Materiality map, a list of material ESG issues
Materials: Whiteboard/flip charts, ESG Reporting Workbook
Participants: Chief Sustainability Officer, Chief Compliance Officer, Head of ESG Reporting, Business leaders, Participants from marketing and communications

2-3 hour

  1. Begin by reviewing various materiality assessment frameworks to agree on a baseline framework. This will help to narrow down a list of topics that are relevant to your company and industry.
  2. As a group, discuss the potential impact and start listing material issues. At first the list will be long, but the group will work collectively to prioritize and consolidate the list.
  3. Begin to combine and categorize the results by aligning them to your ESG purpose and strategic pillars.
  4. Treat each ESG issue as a risk and map against the likelihood and impact of the risk.
  5. Map the topics on your materiality map. Most of the materiality assessment tools have materiality maps – you may choose to use their map.
  6. Record this information in the ESG Reporting Workbook.

Download the ESG Reporting Workbook

Case Study: Novartis

Logo of Novartis

  • INDUSTRY: Pharmaceuticals
  • SOURCE: Novartis, 2022

Novartis, a leading global healthcare company based in Switzerland, stands out as a leader in providing medical consultancy services to address the evolving needs of patients worldwide. As such, its purpose is to use science and technologically innovative solutions to address some of society’s most debilitating, challenging, and ethically significant healthcare issues.

The application of Novartis’ materiality assessment process in understanding critical ESG topics important to their shareholders, stakeholder groups, and society at large enables the company to better quantify references to its ESG sustainability metrics.

Novartis applies its materiality assessment process to better understand relevant issues affecting its underlying business operations across its entire value chain. Overall, employing Novartis’s materiality assessment process helps the company to better manage its societal, environmental, and economic impacts, thus engaging in more socially responsible governance practices.

Novartis’ materiality assessment is a multitiered process that includes three major elements:

  1. Identifying key stakeholders, which involves a holistic analysis of internal colleagues and external stakeholders.
  2. Collecting quantitative feedback and asking relevant stakeholders to rank a set of issues (e.g. climate change governance, workplace culture, occupational health and safety) and rate how well Novartis performs across each of those identified issues.
  3. Eliciting qualitative insights by coordinating interviews and workshops with survey participants to better understand why the issues brought up during survey sessions were perceived as important.

Results

In 2021, Novartis had completed its most recent materiality assessment. From this engagement, both internal and external stakeholders had ranked as important eight clusters that Novartis is impacting on from an economic, societal, and environmental standpoint. The top four clusters were patient health and safety, access to healthcare, innovation, and ethical business practices.

Factor 3: ESG program goals

Incorporate ESG performance metrics that support your ESG strategy

Another benefit of the materiality assessment is that it helps to make the case for ESG action and provides key information for developing a purpose-led strategy.

An internal ESG strategy should drive toward company-specific goals such as green-house gas emission targets, use of carbon neutral technologies, focus on reusable products, or investment in DEI programs.

Most organizations focus on incremental goals of reducing negative impacts to existing operations or improving the value to existing stakeholders rather than transformative goals.

Yet, a strategy that is authentic and aligned with key stakeholders and long-term goals will bring sustainable value.

The strategy must be supported by an accountability and performance measurement framework such as SMART metrics.

A fulsome reporting strategy should include performance metrics

A photo of SMART metrics: Specific, Measurable, Actionable, Realistic, Time-bound.

Activity 3: SMART metrics

Input: ESG corporate purpose or any current ESG metrics, Outputs from activities 1 and 2, Internally defined metrics (i.e. risk metrics or internal reporting requirements)
Output: SMART metrics
Materials: Whiteboard/flip charts, ESG Reporting Workbook
Participants: Chief Sustainability Officer, Chief Compliance Officer, Chief Risk officer/Risk leaders, Head of ESG Reporting, Business leaders, Participants from marketing and communications

1-2 hours

  1. Document a list of appropriate metrics to assess the success of your ESG program.
  2. Use the sample metrics listed in the table on the next slide as a starting point.
  3. Fill in the chart to indicate the:
    1. Name of the success metric
    2. Method for measuring success
    3. Baseline measurement
    4. Target measurement
    5. Actual measurements at various points throughout the process of improving the risk management program
    6. A deadline for each metric to meet the target measurement
  4. Record this information in the ESG Reporting Workbook.

Download the ESG Reporting Workbook

Sample ESG metrics

Leverage industry resources to help define applicable metrics

Environmental

  • Greenhouse gas emissions – total corporate
  • Carbon footprint – percent emitted and trend
  • Percentage of air and water pollution
  • Renewable energy share per facility
  • Percentage of recycled material in a product
  • Ratio of energy saved to actual use
  • Waste creation by weight
  • Circular transition indicators

Social

  • Rates of injury
  • Lost time incident rate
  • Proportion of spend on local suppliers
  • Entry-level wage vs. local minimum wage
  • Percentage of management who identify with specific identity groups (i.e. gender and ethnic diversity)
  • Percentage of suppliers screened for accordance to ESG vs. total number of suppliers
  • Consumer responsiveness

Governance

  • Annual CEO compensation compared to median
  • Percentage of employees trained in conflict-of-interest policy
  • Number of data breaches using personally identifiable information (PII)
  • Number of incidents relating to management corruption
  • Percentage of risks with mitigation plans in place

Activity 3: Develop SMART project metrics

1-3 hours

Attach metrics to your goals to gauge the success of the ESG program.

Sample Metrics

An image of sample metrics

Factor 4: Regulatory reporting obligations

Identify your reporting obligations

High-level overview of reporting requirements:

An image of high-level reporting requirements in Canada, the United Kingdom, Europe, and the US.

Refer to your legal and compliance team for the most up-to-date and comprehensive requirements.

The focus of regulators is to move to mandatory reporting of material climate-related financial information.

There is some alignment to the TCFD* framework, but there is a lack of standardization in terms of scope across jurisdictions.
*TCFD is the Task Force on Climate-Related Financial Disclosures.

Activity 4: Regulatory obligations

Input: Corporate strategy documents; Compliance registry or internal governance, risk, and compliance (GRC) tool
Output: A list of regulatory obligations
Materials: Whiteboard/flip charts, ESG Reporting Workbook
Participants: Chief Sustainability Officer, Chief Compliance Officer, Chief Legal Officer, Head of ESG Reporting, Business leaders

1-2 hours

  1. Begin by listing the jurisdictions in which you operate or plan to operate.
  2. For each jurisdiction, list any known current or future regulatory requirements. Consider all ESG components.
  3. Log whether the requirements are mandatory or voluntary and the deadline to report.
  4. Write any details about reporting framework; for example, if a reporting framework such as TCFD is prescribed.
  5. Record this information in the ESG Reporting Workbook.

Download the ESG Reporting Workbook

1.2 Assess impact and weigh options

A diagram of reporting lifecycle.

Once the scope of your ESG reporting framework has been identified, further assessment is needed to determine program direction and to understand and respond to organizational impact.

Key factors for further assessment and decisions include

  1. Reporting framework options. Consider mandated reporting frameworks and any industry standards when deciding your baseline reporting framework. Strive to have a common reporting methodology that serves all your reporting needs: regulatory, corporate, shareholders, risk reporting, etc.
  2. Perform gap analysis. The gap analysis will reveal areas where data may need to be sourced or where tools or external assistance may be needed to help deliver your reporting strategy.
  3. Organizational impact and readiness. The gap analysis will help to determine whether your current operating model can support the reporting program or whether additional resources, tools, or infrastructure will be needed.

1.2.1 Decide on baseline reporting framework

1. Determine the appropriate reporting framework for your organization

Reporting standards are available to enable relevant, high-quality, and comparable information. It’s the job of the reporting entity to decide on the most suitable framework for their organization.

The most established standard for sustainability reporting is the Global Reporting Initiative (GRI), which has supported sustainability reporting for over 20 years.

The Task Force on Climate-Related Financial Disclosures (TCFD) was created by the Financial Stability Board to align ESG disclosure with financial reporting. Many global regulators support this framework.

The International Sustainability Standards Board (ISSB) is developing high-quality, understandable, and enforceable global standards using the Sustainability Accounting Standards Board (SASB) as a baseline. It is good practice to use SASB Standards until the ISSB standards are available.

2. Decide which rating agencies you will use and why they are important

ESG ratings are provided by third-party agencies and are increasingly being used for financing and transparency to investors. ESG ratings provide both qualitative and quantitative information.

However, there are multiple providers, so organizations need to consider which ones are the most important and how many they want to use.

Some of the most popular rating agencies include Sustainalytics, MSCI, Bloomberg, Moody's, S&P Global, and CDP.

Reference Appendix Below

1.2.2 Determine data gaps

The ESG reporting mandate is built on the assumption of consistent, good-quality data

To meet ESG objectives, corporations are challenged with collecting non-financial data from across functional business and geographical locations and from their supplier base and supply chains.

One of the biggest impediments to ESG implementation is the lack of high-quality data and of mature processes and tools to support data collection.

An important step for delivering reporting requirements is to perform a gap analysis early on to surface gaps in the primary data needed to deliver your reporting strategy.

The output of this exercise will also inform and help prioritize implementation, as it may show that new data sets need to be sourced or tools purchased to collect and aggregate data.

Conduct a gap analysis to determine gaps in primary data

A diagram of gap analysis to determine gaps in primary data.

Activity 5: Gap analysis

Input: Business (ESG) strategy, Data inventory (if exists), Output from Activity 1: Key stakeholders, Output from Activity 2: Materiality map, Output of Activity 3: SMART metrics, Output of Activity 4: Regulatory obligations
Output: List of high-priority data gaps
Materials: Whiteboard/flip charts, ESG Reporting Workbook
Participants: Chief Sustainability Officer, Chief Compliance Officer, Chief Legal Officer, Head of ESG Reporting, Business leaders, Data analysts

1-3 hours

  1. Using the outputs from activities 1-4, list your organization’s ESG issues in order of priority. You may choose to develop your priority list by stakeholder group or by material risks.
  2. List any defined SMART metric from Activity 3.
  3. Evaluate data availability and quality of the data (if existing) as well as any impediments to sourcing the data.
  4. Make note if this is a common datapoint, i.e. would you disclose this data in more than one report?
  5. Record this information in the ESG Reporting Workbook.

Download the ESG Reporting Workbook

1.3 Take a holistic implementation approach

Currently, 84 percent of businesses don’t integrate their ESG performance with financial and risk management reporting.

Source: “2023 Canadian ESG Reporting Insights,” PwC.

A diagram of reporting lifecycle.

When implementing an ESG reporting framework, it is important not to implement in silos but to take a strategic approach that considers the evolving nature of ESG and the link to value creation and sound decision making.

Key implementation considerations include

  1. Setting clear metrics and targets. Key performance indicators (KPIs) and key risk indicators (KRIs) are used to measure ESG factor performance. It’s essential that they are relevant and are constructed using high-quality data. Your performance metrics should be continually assessed and adapted as your ESG program evolves.
  2. Data challenges. Without good-quality data it is impossible to accurately measure ESG performance, generate actionable insights on ESG performance and risk, and provide informative metrics to investors and other stakeholders. Design your data model to be flexible and digital where possible to enable data interoperability.
  3. Architectural approach. IT will play a key role in the design of your reporting framework, including the decision on whether to build, buy, or deliver a hybrid solution. Every organization will build their reporting program to suit their unique needs; however, taking a holistic and proactive approach will support and sustain your strategy long term.

1.3.1 Metrics and targets for climate-related disclosure

“The future of sustainability reporting is digital – and tagged.”
Source: “XBRL Is Coming,” Novisto, 2022.

In the last few years, global regulators have proposed or effected legislation requiring public companies to disclose climate-related information.

Yet according to Info-Tech’s 2023 Trends and Priorities survey, most IT professionals expect to support environmental mandates but are not prepared to accurately report on their organization’s carbon footprint.

IT groups have a critical role to play in helping organizations develop strategic plans to meet ESG goals, measure performance, monitor risks, and deliver on disclosure requirements.

To future-proof your reporting structure, your data should be readable by humans and machines.

eXtensible Business Reporting Language (XBRL) tagging is mandated in several jurisdictions for financial reporting, and several reporting frameworks are adopting XBRL for sustainability reporting so that non-financial and financial disclosure frameworks are aligned.

Example environmental metrics

  • Amount of scope 1, 2, or 3 GHG emissions
  • Total energy consumption
  • Total water consumption
  • Progress toward net zero emission
  • Percentage of recycled material in a product

1.3.1 Metrics and targets for social disclosure

“59% of businesses only talk about their positive performance, missing opportunities to build trust with stakeholders through balanced and verifiable ESG reporting.”
Source: “2023 Canadian ESG Reporting Insights,” PwC.

To date, regulatory focus has been on climate-related disclosure, although we are beginning to see signals in Europe and the UK that they are turning their attention to social issues.

Social reporting focuses on the socioeconomic impacts of an organization’s initiatives or activities on society (indirect or direct).

The “social” component of ESG can be the most difficult to quantify, but if left unmonitored it can leave your organization open to litigation from consumers, employees, and activists.

Although organizations have been disclosing mandated metrics such as occupational health and safety and non-mandated activities such as community involvement for years, the scope of reporting is typically narrow and hard to measure in financial terms.

This is now changing with the recognition by companies of the value of social reporting to brand image, traceability, and overall corporate performance.

Example social metrics

  • Rate of injury
  • Lost time incident rate
  • Proportion of spend on local suppliers
  • Entry-level wage versus local minimum wage
  • Percentage of management within specific identity groups (i.e. gender and ethnic diversity)
  • Number of workers impacted by discrimination

Case Study: McDonald’s Corporation (MCD)

Logo of McDonald’s

  • INDUSTRY: Food service retailer
  • SOURCE: RBC Capital Markets, 2021; McDonald’s, 2019

McDonald’s Corporation is the leading global food service retailer. Its purpose is not only providing burgers to dinner tables around the world but also serving its communities, customers, crew, farmers, franchisees, and suppliers alike. As such, not only is the company committed to having a positive impact on communities and in maintaining the growth and success of the McDonald's system, but it is also committed to conducting its business operations in a way that is mindful of its ESG commitments.

An image of McDonald’s Better Together

McDonald’s Better Together: Gender Balance & Diversity strategy and Women in Tech initiative

In 2019, MCD launched its Better Together: Gender Balance & Diversity strategy as part of a commitment to improving the representation and visibility of women at all levels of the corporate structure by 2023.

In conjunction with the Better Together strategy, MCD piloted a “Women in Tech” initiative through its education and tuition assistance program, Archways to Opportunity. The initiative enabled women from company-owned restaurants and participating franchisee restaurants to learn skills in areas such as data science, cybersecurity, artificial intelligence. MCD partnered with Microsoft and Colorado Technical University to carry out the initiative (McDonald’s, 2019).

Both initiatives directly correlate to the “S” of the ESG framework, as the benefits of gender-diverse leadership continue to be paramount in assessing the core strengths of a company’s overreaching ESG portfolio. Hence, public companies will continue to face pressure from investors to act in accordance with these social initiatives.

Results

MCD’s Better Together and Women in Tech programs ultimately helped improve recruitment and retention rates among its female employee base. After the initialization of the gender balance and diversification strategy, McDonald’s signed on to the UN Women’s Empowerment Principles to help accelerate global efforts in addressing the gender disparity problem.

1.3.1 Metrics and targets for governance disclosure

Do not lose sight of regulatory requirements

Strong governance is foundational element of a ESG program, yet governance reporting is nascent and is often embedded in umbrella legislation pertaining to a particular risk factor.

A good example of this is the recent proposal by the Securities and Exchange Commission in the US (CFR Parts 229, 232, 239, 240, and 249, Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure), which will require public companies to:

  • Disclosure of board oversight of cyber risk.
  • Disclose management’s role in managing and accessing cybersecurity-related risks.

The "G” component includes more than traditional governance factors and acts as a catch-all for other important ESG factors such as fraud, cybersecurity, and data hygiene. Make sure you understand how risk may manifest in your organization and put safeguards in place.

Example governance metrics

  • Annual CEO compensation compared to median
  • Percentage of employees trained in conflict-of-interest policy
  • Completed number of supplier assessments
  • Number of data breaches using PII
  • Number of material cybersecurity breaches

Info-Tech Insight

The "G" in ESG may not be capturing the limelight under ESG legislation yet, but there are key governance factors that are that are under regulatory radar, including data, cybersecurity, fraud, and DEI. Be sure you stay on top of these issues and include performance metrics into your internal and external reporting frameworks.

1.3.2 Conquering data management challenges

48% of investment decision makers, including 58% of institutional investors, say companies’ self-reported ESG performance data is “much more important” than companies’ conventional financial data when informing their investment decisions (Benchmark ESG, 2021).

Due to the nascent nature of climate-related reporting, data challenges such as the availability, usability, comparability, and workflow integration surface early in the ESG program journey when sourcing and organizing data:

  • It is challenging to collect non-financial data across functional business and geographical locations and from supplier base and supply chains.
  • The lack of common standards leads to comparability challenges, hindering confidence in the outputs.

In addition to good, reliable inputs, organizations need to have the infrastructure to access new data sets and convert raw data into actionable insights.

The establishment of data model and workflow processes to track data lineage is essential to support an ESG program. To be successful, it is critical that flexibility, scalability, and transparency exist in the architectural design. Data architecture must scale to capture rapidly growing volumes of unstructured raw data with the associated file formats.

A photo of conceptual model for data lineage.

Download Info-Tech’s Create and Manage Enterprise Data Models blueprint

1.3.3 Reporting architecture

CIOs play an important part in formulating the agenda and discourse surrounding baseline ESG reporting initiatives

Building and operating an ESG program requires the execution of a large number of complex tasks.

IT leaders have an important role to play in selecting the right technology approach to support a long-term strategy that will sustain and grow corporate performance.

The decision to buy a vendor solution or build capabilities in-house will largely depend on your organization’s ESG ambitions and the maturity of in-house business and IT capabilities.

For large, heavily regulated entities an integrated platform for ESG reporting can provide organizations with improved risk management and internal controls.

Example considerations when deciding to meet ESG reporting obligations in-house

  • Size and type of organization
  • Extent of regulatory requirements and scrutiny
  • The amount of data you want to report
  • Current maturity of data architecture, particularly your ability to scale
  • Current maturity of your risk and control program – how easy is it to enhance current processes?
  • The availability and quality of primary data
  • Data set gaps
  • In-house expertise in data, model risk, and change management
  • Current operating model – is it siloed or integrated?
  • Implementation time
  • Program cost
  • The availability of vendor solutions that may address gaps

Info-Tech Insight

Executive leadership should take a more holistic and proactive stance to not only accurately reporting upon baseline corporate financial metrics but also capturing and disclosing relevant ESG performance metrics to drive alternative streams of valuation across their respective organizational environments.

Activity 6: High-level implementation considerations

Input: Business (ESG) strategy, Data inventory (if exists), Asset inventory (if exists), Output from Activity 5
Output: Summary of high-level implementation considerations
Materials: Whiteboard/flip charts, ESG Reporting Workbook
Participants: Chief Sustainability Officer, Head of ESG Reporting, Business leaders, Data analysts, Data and IT architect/leaders,

2-3 hours

  1. Review the implementation considerations on the previous slide to help determine the appropriate technology approach.
  2. For each implementation consideration, describe the current state.
  3. Discuss and draft the implications of reaching the desired future state by listing implications and organizational gaps.
  4. Discuss as a group if there is an obvious implementation approach.
  5. At this point, further analysis may be needed. Form a subcommittee or assign a leader to conduct further analysis.
  6. Record this information in the ESG Reporting Workbook.

Download the ESG Reporting Workbook

1.3.4 Ensure your implementation team has a high degree of trust and communication

If external partners are needed, dedicate an internal resource to managing the vendor and partner relationships.

Communication: Teams must have some type of communication strategy. This can be broken into:

  • Regularity: Having a set time each day to communicate progress and a set day to conduct retrospectives.
  • Ceremonies: Injecting awards and continually emphasizing delivery of value to encourage relationship building and constructive motivation.
  • Escalation: Voicing any concerns and having someone responsible for addressing those concerns.

Proximity: Distributed teams create complexity as communication can break down. This can be mitigated by:

  • Location: Placing teams in proximity to close the barrier of geographical distance and time zone differences.
  • Inclusion: Making a deliberate attempt to pull remote team members into discussions and ceremonies.
  • Communication tools: Having the right technology (e.g. videoconference) to help bring teams closer together virtually.

Trust: Members should trust other members are contributing to the project and completing their required tasks on time. Trust can be developed and maintained by:

  • Accountability: Having frequent quality reviews and feedback sessions. As work becomes more transparent, people become more accountable.
  • Role clarity: Having a clear definition of what everyone’s role is.

1.4 Clear effective communication

Improving investor transparency is one of the key drivers behind disclosure, so making the data easy to find and consumable is essential

A diagram of reporting lifecycle.

Your communication of ESG performance is intricately linked to corporate value creation. When designing your communications strategy, consider:

  • Your message – make it authentic and tell a consistent story.
  • How data will be used to support the narrative.
  • How your ESG program may impact internal and external programs and build a communication strategy that is fit for purpose. Example programs are:
    • Employee recruitment
    • New product rollout
    • New customer campaign
  • The design of the communication and how well it suits the audience. Communications may take the form of campaigns, thought leadership, infographics, etc.
  • The appropriateness of communication channels to your various audiences and the messages you want to convey. For example, social media, direct outreach, shareholder circular, etc.

1.5 Continually evaluate

A diagram of reporting lifecycle.

A recent BDC survey of 121 large companies and public-sector buyers found that 82% require some disclosure from their suppliers on ESG, and that's expected to grow to 92% by 2024.
Source: BDC, 2023

ESG's link to corporate performance means that organizations must stay on top of ESG issues that may impact the long-term sustainability of their business.

ESG components will continue to evolve, and as they do so will stakeholder views. It is important to continually survey your stakeholders to ensure you are optimally managing ESG risks and opportunities.

To keep ESG on the strategy agenda, we recommend that organizations:

  • Appoint a chief sustainability officer (CSO) with a seat on executive leadership committees.
  • Embed ESG into existing governance and form a tactical ESG working group committee.
  • Ensure ESG risks are integrated into the enterprise risk management program.
  • Continually challenge your ESG strategy.
  • Regularly review risks and opportunities through proactive outreach to stakeholders.

Download The ESG Imperative and Its Impact on Organizations

Phase 2

Streamline Requirements and Tool Selection

A diagram that shows phase 1 to 3 of establishing ESG reporting program.

This phase will walk you through the following activities:

  • Assess technology and tooling opportunities.
  • Prepare ESG reporting implementation plan.
  • Write ESG reporting presentation document.

This phase involves the following participants: CIO, CCO, CSO, EA, IT application and data leaders, procurement, business leaders, marketing and communications, head of ESG reporting, and any dedicated ESG team members

2.1 Streamline your requirements and tool section

Spend the time up front to enable success and meet expectations

Before sourcing any technology, it’s important to have a good understanding of your requirements.

Key elements to consider:

  1. ESG reporting scope. Large enterprises will have more complex workflow requirements, but they also will have larger teams to potentially manage in-house. Smaller organizations will need easy-to-use, low-cost solutions.
  2. Industry and value chain. Look for industry-specific solutions, as they will be more tailored to your needs and will enable you to be up and running quicker.
  3. Coverage. Ensure the tool has adequate regulatory coverage to meet your current and future needs.
  4. Gap in functionality. Be clear on the problem you are trying to solve and/or the gap in workflow. Refer to the reporting lifecycle and be clear on your needs before sourcing technology.
  5. Resourcing. Factor in capacity during and after implementation and negotiate the appropriate support.

Industry perspective

The importance of ESG is something that will need to be considered for most, if not every decision in the future, and having reliable and available information is essential. While the industry will continue to see investment and innovation that drives operational efficiency and productivity, we will also see strong ESG themes in these emerging technologies to ensure they support both sustainable and socially responsible operations.

With the breadth of technology Datamine already has addressing the ESG needs for the mining industry combined with our new technology, our customers can make effective and timely decisions through incorporating ESG data into their planning and scheduling activities to meet customer demands, while staying within the confines of their chosen ESG targets.

Photo of Chris Parry

Chris Parry
VP of ESG, Datamine

Photo of Datamine Photo of isystain

Activity 7: Brainstorm tooling options

Use the technology feature list below to identify areas along the ESG workflow where automated tools or third-party solutions may create efficiencies

Technological Solutions Feature Bucket

Basic Feature Description

Advanced Feature Description

Natural language processing (NLP) tools

Ability to use NLP tools to track and monitor sentiment data from news and social media outlets.

Leveraging NLP toolsets can provide organizations granular insights into workplace sentiment levels, which is a core component of any ESG strategy. A recent study by MarketPsych, a company that uses NLP technologies to analyze sentiment data from news and social media feeds, linked stock price performance to workplace sentiment levels.

Distributed ledger technologies (DLTs)

DLTs can help ensure greater reporting transparency, in line with stringent regulatory reporting requirements.

DLT as an ESG enabler, with advanced capabilities such as an option to provide demand response services linked to electricity usage and supply forecasting.

Cloud-based data management and reporting systems

Cloud-based data management and reporting can support ESG initiatives by providing increased reporting transparency and a better understanding of diverse social and environmental risks.

Leverage newfound toolsets such as Microsoft Cloud for Sustainability – a SaaS offering that enables organizations to seamlessly record, report, and reduce their emissions on a path toward net zero.

IoT technologies

Integration of IoT devices can help enhance the integrity of ESG reporting through the collection of descriptive and accurate ESG metrics (e.g. energy efficiency, indoor air quality, water quality and usage).

Advanced management of real-time occupancy monitoring: for example, the ability to reduce energy consumption rates by ensuring energy is only used when spaces and individual cubicles are occupied.

2.2 Vendors tools and technologies to support ESG reporting

In a recent survey of over 1,000 global public- and private-sector leaders, 87% said they see AI as a helpful tool to fight climate change.
Source: Boston Consulting Group

Technology providers are part of the solution and can be leveraged to collect, analyze, disclose, track, and report on the vast amount of data.

Increasingly organizations are using artificial intelligence to build climate resiliency:

  • AI is useful for the predictive modelling of potential climate events due to its ability to gather and analyze and synthesize large complete data sets.

And protect organizations from vulnerabilities:

  • AI can be used to identify and assess vulnerabilities that may lead to business disruption or risks in production or the supply chain.

A diagram of tooling, including DLT, natural language processing, cloud-based data management and IoT.

2.3 ESG reporting software selection

What Is ESG Reporting Software?

Our definition: ESG reporting software helps organizations improve the transparency and accountability of their ESG program and track, measure, and report their sustainability efforts.

Key considerations for reporting software selection:

  • While there are boutique ESG vendors in the market, organizations with existing GRC tools may first want to discuss ESG coverage with their existing vendor as it will enable better integration.
  • Ensure that the vendors you are evaluating support the requirements and regulations in your region, industry, and geography. Regulation is moving quickly – functionality needs to be available now and not just on the roadmap.
  • Determine the level of software integration support you need before meeting with vendors and ensure they will be able to provide it – when you need it!

Adoption of ESG reporting software has historically been low, but these tools will become critical as organizations strive to meet increasing ESG reporting requirements.

In a recent ESG planning and performance survey conducted by ESG SaaS company Diligent Corporation, it was found that over half of all organizations surveyed do not publish ESG metrics of any kind, and only 9% of participants are actively using software that supports ESG data collection, analysis, and reporting.

Source: Diligent, 2021.

2.3.1 Elicit and prioritize granular requirements for your ESG reporting software

Understanding business needs through requirements gathering is the key to defining everything about what is being purchased. However, it is an area where people often make critical mistakes.

Poorly scoped requirements

Fail to be comprehensive and miss certain areas of scope.

Focus on how the solution should work instead of what it must accomplish.

Have multiple levels of detail within the requirements that are inconsistent and confusing.

Drill all the way down into system-level detail.

Add unnecessary constraints based on what is done today rather than focusing on what is needed for tomorrow.

Omit constraints or preferences that buyers think are obvious.

Best practices

Get a clear understanding of what the system needs to do and what it is expected to produce.

Test against the principle of MECE – requirements should be “mutually exclusive and collectively exhaustive.”

Explicitly state the obvious and assume nothing.

Investigate what is sold on the market and how it is sold. Use language that is consistent with that of the market and focus on key differentiators – not table stakes.

Contain the appropriate level of detail – the level should be suitable for procurement and sufficient for differentiating vendors.

Download Info-Tech's Improve Requirements Gathering blueprint

2.3.1 Identify critical and nice-to-have features

Central Data Repository: Collection of stored data from existing databases merged into one location that can then be shared, analyzed, or updated.

Automatic Data Collection: Ability to automate data flows, collect responses from multiple sources at specified intervals, and check them against acceptance criteria.

Automatic KPI Calculations, Conversions, and Updates: Company-specific metrics can be automatically calculated, converted, and tracked.

Built-In Indicator Catalogs and Benchmarking: Provides common recognized frameworks or can integrate a catalog of ESG indicators.

Custom Reporting: Ability to create reports on company emissions, energy, and asset data in company-branded templates.

User-Based Access and Permissions: Ability to control access to specific content or data sets based on the end user’s roles.

Real-Time Capabilities: Ability to analyze and visualize data as soon as it becomes available in underlying systems.

Version Control: Tracking of document versions with each iteration of document changes.

Intelligent Alerts and Notifications: Ability to create, manage, send, and receive notifications, enhancing efficiency and productivity.

Audit Trail: View all previous activity including any recent edits and user access.

Encrypted File Storage and Transfer: Ability to encrypt a file before transmitting it over the network to hide content from being viewed or extracted.

Activity 7: Technology and tooling options

Input: Business (ESG) strategy, Data inventory (if exists), Asset inventory (if exists), Output from Activity 5, Output from Activity 6,
Output: List of tooling options
Materials: Whiteboard/flip charts, ESG Reporting Workbook
Participants: Chief Sustainability Officer, Head of ESG Reporting, Business leaders, Data analysts, Data and IT architect/leaders

1-2 hours

  1. Begin by listing key requirements and features for your ESG reporting program.
  2. Use the outputs from activities 5 and 6 and the technology feature list on the previous slide to help brainstorm technology and tooling options.
  3. Discuss the availability and readiness of each option. Note that regulatory requirements will have an effective date that will impact the time to market for introducing new tooling.
  4. Discuss and assign a priority.
  5. At this point, further analysis may be needed. Form a subcommittee or assign a leader to conduct further analysis.
  6. Record this information in the ESG Reporting Workbook.

Download the ESG Reporting Workbook

Activity 8: Implementation plan

Input: Business (ESG) strategy, Output from Activity 5, Output from Activity 6, Output from Activity 7
Output: ESG Reporting Implementation Plan
Materials: Whiteboard/flip charts, ESG Reporting Implementation Plan Template
Participants: Chief Sustainability Officer, Head of ESG Reporting, Business leaders, Data analysts, PMO, Data and IT architect/leaders

1-2 hours

  1. Use the outputs from activities 5 to 7 and list required implementation tasks. Set a priority for each task.
  2. Assign the accountable owner as well as the group responsible. Larger organizations and large, complex change programs will have a group of owners.
  3. Track any dependencies and ensure the project timeline aligns.
  4. Add status as well as start and end dates.
  5. Complete in the ESG Reporting Implementation Plan Template.

Download the ESG Reporting Implementation Plan Template

Activity 9: Internal communication

Input: Business (ESG) strategy, ESG Reporting Workbook, ESG reporting implementation plan
Output: ESG Reporting Presentation Template
Materials: Whiteboard/flip charts, ESG Reporting Presentation Template, Internal communication templates
Participants: Chief Sustainability Officer, Head of Marketing/ Communications, Business leaders, PMO

1-2 hours

Since a purpose-driven ESG program presents a significant change in how organizations operate, the goals and intentions need to be understood throughout the organization. Once you have developed your ESG reporting strategy it is important that it is communicated, understood, and accepted. Use the ESG Reporting Presentation Template as a guide to deliver your story.

  1. Consider your audience and discuss and agree on the key elements you want to convey.
  2. Prepare the presentation.
  3. Test the presentation with smaller group before communicating to senior leadership/board

Download the ESG Reporting Presentation Template

Phase 3

Select ESG Reporting Software

A diagram that shows phase 1 to 3 of establishing ESG reporting program.

This phase will provide additional material on Info-Tech’s expertise in the following areas:

  • Info-Tech’s approach to RFPs
  • Info-Tech tools for software selection
  • Example ESG software assessments

3.1 Leverage Info-Tech’s expertise

Develop an inclusive and thorough approach to the RFP process

An image that a process of 7 steps.

The Info-Tech difference:

  1. The secret to managing an RFP is to make it as manageable and as thorough as possible. The RFP process should be like any other aspect of business – with a standard process in place, you are better able to handle whatever comes your way, because you know the steps you need to follow to produce a top-notch RFP.
  2. The business then identifies the need for more information about a product/service or determines that a purchase is required.
  3. A team of stakeholders from each area impacted gather all business, technical, legal, and risk requirements. What are the expectations of the vendor relationship post-RFP? How will the vendors be evaluated?
  4. Based on predetermined requirements, either an RFI or an RFP is issued to vendors with a due date.

Info-Tech Insight

Review Info-Tech’s process and understand how you can prevent your organization from leaking negotiation leverage while preventing vendors from taking control of your RFP.

Software Selection Engagement

5 Advisory Calls Over a 5-Week Period to Accelerate Your Selection Process

Expert Analyst Guidance over5 weeks on average to select and negotiate software.

Save Money, Align Stakeholders, Speed Up the Process & make better decisions.

Use a Repeatable, Formal Methodology to improve your application selection process.

Better, Faster Results, guaranteed, included in membership.

A diagram of selection engagement over a 5-week period.

CLICK HERE to Book Your Selection Engagement

Leverage the Contract Review Service to level the playing field with your shortlisted vendors

You may be faced with multiple products, services, master service agreements, licensing models, service agreements, and more.

Use the Contract Review Service to gain insights on your agreements.

Consider the aspects of a contract review:

  1. Are all key terms included?
  2. Are they applicable to your business?
  3. Can you trust that results will be delivered?
  4. What questions should you be asking from an IT perspective?

Validate that a contract meets IT’s and the business’ needs by looking beyond the legal terminology. Use a practical set of questions, rules, and guidance to improve your value for dollar spent.

A photo of Contract Review Service.

Click here to book The Contract Review Service

Download blueprint Master Contract Review and Negotiation for Software Agreements

3.2 Vendor spotlight assessments

See above for a vendor landscape overview of key ESG reporting software providers

The purpose of this section is to showcase various vendors and companies that provide software solutions to help users manage and prioritize their ESG reporting initiatives.

This section showcases the core capabilities of each software platform to provide Info-Tech members with industry insights regarding some of the key service providers that operate within the ESG vendor market landscape.

Info-Tech members who are concerned with risks stemming from the inability to sort and disseminate unstructured ESG data reporting metrics or interested in learning more about software offerings that can help automate the data collection, processing, and management of ESG metrics will find high-level insights into the ESG vendor market space.

Vendor spotlight

A photo of Datamine Isystain

The establishment of the Datamine ESG unit comes at the same time the mining sector is showing an increased interest in managing ESG and its component systems as part of a single scope.

With miners collecting and dealing with ever-increasing quantities of data and looking for ways to leverage it to make data-driven decisions that enhance risk management and increase profitability, integrated software solutions are – now more than ever – essential in supporting continuous improvement and maintaining data fidelity and data integrity across the entire mining value chain.

An example of Datamine Isystain An example of Datamine Isystain An example of Datamine Isystain

Key Features:

  • Discover GIS for geochemical, water, erosion, and vegetation modelling and management.
  • Qmed for workforce health management, COVID testing, and vaccine administration.
  • MineMarket and Reconcilor for traceability and auditing, giving visibility to chain of custody and governance across the value chain, from resource modelling to shipping and sales.
  • Centric Mining Systems – intelligence software for real-time transparency and governance across multiple sites and systems, including key ESG performance indicator reporting.
  • Zyght – a leading health, safety, and environment solution for high-impact industries that specializes in environment, injury, risk management, safe work plans, document management, compliance, and reporting.
  • Isystain – a cloud-based platform uniquely designed to support health, safety & environment, sustainability reporting, compliance and governance, and social investment reporting. Designed for seamless integration within an organization’s existing software ecosystems providing powerful analytics and reporting capabilities to streamline the production of sustainability and performance reporting.

Vendor spotlight

A logo of Benchmark ESG

Benchmark ESG provides industry-leading ESG data management and reporting software that can assist organizations in managing operational risk and compliance, sustainability, product stewardship, and ensuring responsible sourcing across complex global operations.

An example of Benchmark ESG An example of Benchmark ESG

Key Features:

Vendor spotlight

A logo of PWC

PwC’s ESG Management Solution provides quick insights into ways to improve reporting transparency surrounding your organization’s ESG commitments.

According to PwC’s most recent CEO survey, the number one motivator for CEOs in mitigating climate change risks is their own desire to help solve this global problem and drive transparency with stakeholders.
Source: “Annual Global CEO Survey,” PwC, 2022.

An example of PWC An example of PWC

Key Features:

  • Streamlined data mining capabilities. PwC’s ESG solution provides the means to streamline, automate, and standardize the input of sustainability data based on non-financial reporting directive (NFRD) and corporate sustainability reporting directive (CSRD) regulations.
  • Company and product carbon footprint calculation and verification modules.
  • Robust dashboarding capabilities. Option to create custom-tailored sustainability monitoring dashboards or integrate existing ESG data from an application to existing dashboards.
  • Team management functionalities that allow for more accessible cross-departmental communication and collaboration. Ability to check progress on tasks, assign tasks, set automatic notifications/deadlines, etc.

Vendor spotlight

A logo of ServiceNow

ServiceNow ESG Management (ESGM) and reporting platform helps organizations transform the way they manage, visualize, and report on issues across the ESG spectrum.

The platform automates the data collection process and the organization and storage of information in an easy-to-use system. ServiceNow’s ESGM solution also develops dashboards and reports for internal user groups and ensures that external disclosure reports are aligned with mainstream ESG standards and frameworks.

We know that doing well as a business is about more than profits. One workflow at a time, we believe we can change the world – to be more sustainable, equitable, and ethical.
Source: ServiceNow, 2021.

An example of ServiceNow

Key Features:

  1. An executive dashboard to help coherently outline the status of various ESG indicators, including material topics, goals, and disclosure policies all in one centralized hub
  2. Status review modules. Ensure that your organization has built-in modules to help them better document and monitor their ESG goals and targets using a single source of truth.
  3. Automated disclosure modules. ESGM helps organizations create more descriptive ESG disclosure reports that align with industry accountability standards (e.g. SASB, GRI, CDP).

Other key vendors to consider

An image of other 12 key vendors

Related Info-Tech Research

Photo of The ESG Imperative and Its Impact on Organizations

The ESG Imperative and Its Impact on Organizations

Use this blueprint to educate yourself on ESG factors and the broader concept of sustainability.

Identify changes that may be needed in your organizational operating model, strategy, governance, and risk management approach.

Learn about Info-Tech’s ESG program approach and use it as a framework to begin your ESG program journey.

Photo of Private Equity and Venture Capital Growing Impact of ESG Report

Private Equity and Venture Capital Growing Impact of ESG Report

Increasingly, new capital has a social mandate attached to it due to the rise of ESG investment principles.

Learn about how the growing impact of ESG affects both your organization and IT specifically, including challenges and opportunities, with expert assistance.

Definitions

Terms

Definition

Corporate Social Responsibility

Management concept whereby organizations integrate social and environmental concerns in their operations and interactions with their stakeholders.

Chief Sustainability Officer

Steers sustainability commitments, helps with compliance, and helps ensure internal commitments are met. Responsibilities may extend to acting as a liaison with government and public affairs, fostering an internal culture, acting as a change agent, and leading delivery.

ESG

An acronym that stands for environment, social, and governance. These are the three components of a sustainability program.

ESG Standard

Contains detailed disclosure criteria including performance measures or metrics. Standards provide clear, consistent criteria and specifications for reporting. Typically created through consultation process.

ESG Framework

A broad contextual model for information that provides guidance and shapes the understanding of a certain topic. It sets direction but does not typically delve into the methodology. Frameworks are often used in conjunction with standards.

ESG Factors

The factors or issues that fall under the three ESG components. Measures the sustainability performance of an organization.

ESG Rating

An aggregated score based on the magnitude of an organization’s unmanaged ESG risk. Ratings are provided by third-party rating agencies and are increasingly being used for financing, transparency to investors, etc.

ESG Questionnaire

ESG surveys or questionnaires are administered by third parties and used to assess an organization’s sustainability performance. Participation is voluntary.

Key Risk Indicator (KRI)

A measure to indicate the potential presence, level, or trend of a risk.

Key Performance Indicator (KPI)

A measure of deviation from expected outcomes to help a firm see how it is performing.

Materiality

Material topics are topics that have a direct or indirect impact on an organization's ability to create, preserve, or erode economic, environmental, and social impact for itself and its stakeholder and society as a whole.

Materiality Assessment

A tool to identify and prioritize the ESG issues most critical to the organization.

Risk Sensing

The range of activities carried out to identify and understand evolving sources of risk that could have a significant impact on the organization (e.g. social listening).

Sustainability

The ability of an organization and broader society to endure and survive over the long term by managing adverse impacts well and promoting positive opportunities.

Sustainalytics

Now part of Morningstar. Sustainalytics provides ESG research, ratings, and data to institutional investors and companies.

UN Guiding Principles on Business and Human Rights (UNGPs)

An essential methodological foundation for how impacts across all dimensions should be assessed.

Reporting and standard frameworks

Standard

Definition and focus

CDP
(Formally Carbon Disclosure Project)

CDP has created standards and metrics for comparing sustainability impact. Focuses on environmental data (e.g. carbon, water, and forests) and on data disclosure and benchmarking.

Audience: All stakeholders

Dow Jones Sustainability Indices (DJSI)

Heavy on corporate governance and company performance. Equal balance of economic, environmental, and social.

Audience: All stakeholders

Global Reporting Initiative (GRI)

International standards organization that has a set of standards to help organizations understand and communicate their impacts on climate change and social responsibility. The standard has a strong emphasis on transparency and materiality, especially on social issues.

Audience: All stakeholders

International Sustainability Standards Board (ISSB)

Standard-setting board that sits within the International Financial Reporting Standards (IFRS) Foundation. The IFRS Foundation is a not-for-profit, public-interest organization established to develop high-quality, understandable, enforceable, and globally accepted accounting and sustainability disclosure standards.

Audience: Investor-focused

United Nations Sustainable Development Goals (SDGs)

Global partnership across sectors and industries that sets out 17 goals to achieve sustainable development for all.

Audience: All stakeholders

Sustainability Accounting Standards Board (SASB)
Now part of IFSR foundation

Industry-specific standards to help corporations select topics that may impact their financial performance. Focus on material impacts on financial condition or operating performance.

Audience: Investor-focused

Task Force on Climate-Related Financial Disclosures (TCFD; created by the Financial Stability Board)

Standards framework focused on the impact of climate risk on financial and operating performance. More broadly the disclosures inform investors of positive and negative measures taken to build climate resilience and make transparent the exposure to climate-related risk.

Audience: Investors, financial stakeholders

Bibliography

"2021 Global Investor Survey: The Economic Realities of ESG." PwC, Dec. 2021. Accessed May 2022.

"2023 Canadian ESG Reporting Insights." PwC, Nov. 2022. Accessed Dec. 2022.

Althoff, Judson. "Microsoft Cloud for Sustainability: Empowering Organizations On Their Path To Net Zero." Microsoft Blog, 14 July 2021. Accessed May 2022.

"Balancing Sustainability and Profitability." IBM, Feb. 2022. Accessed June. 2022.

"Beyond Compliance: Consumers and Employees Want Business to Do More on ESG." PwC, Nov. 2021. Accessed July 2022.

Bizo, Daniel. "Multi-Tenant Datacenters and Sustainability: Ambitions and Reality." S&P Market Intelligence, Sept. 2020. Web.

Bolden, Kyle. "Aligning nonfinancial reporting with your ESG strategy to communicate long-term value." EY, 18 Dec. 2020. Web.

Carril, Christopher, et al. "Looking at Restaurants Through an ESG Lens: ESG Stratify – Equity Research Report." RBC Capital Markets, 5 Jan. 2021. Accessed Jun. 2022.

"Celebrating and Advancing Women." McDonald’s, 8 March 2019. Web.

Clark, Anna. "Get your ESG story straight: A sustainability communication starter kit." GreenBiz, 20 Dec. 2022, Accessed Dec. 2022.

Courtnell, Jane. “ESG Reporting Framework, Standards, and Requirements.” Corporate Compliance Insights, Sept. 2022. Accessed Dec. 2022.

“Country Sustainability Ranking. Country Sustainability: Visibly Harmed by Covid-19.” Robeco, Oct. 2021. Accessed June 2022.

“Defining the “G” in ESG Governance Factors at the Heart of Sustainable Business.” World Economic Forum, June 2022. Web.

“Digital Assets: Laying ESG Foundations.” Global Digital Finance, Nov. 2021. Accessed April 2022.

“Dow Jones Sustainability Indices (DJCI) Index Family.” S&P Global Intelligence, n.d. Accessed June 2022.

"ESG in Your Business: The Edge You Need to Land Large Contracts." BDC, March 2023, Accessed April 2023.

“ESG Performance and Its Impact on Corporate Reputation.” Intelex Technologies, May 2022. Accessed July 2022.

“ESG Use Cases. IoT – Real-Time Occupancy Monitoring.” Metrikus, March 2021. Accessed April 2022.

Fanter, Tom, et al. “The History & Evolution of ESG.” RMB Capital, Dec. 2021. Accessed May 2022.

Flynn, Hillary, et al. “A guide to ESG materiality assessments.” Wellington Management, June 2022, Accessed September 2022

“From ‘Disclose’ to ‘Disclose What Matters.’” Global Reporting Initiative, Dec. 2018. Accessed July 2022.

“Getting Started with ESG.” Sustainalytics, 2022. Web.

“Global Impact ESG Fact Sheet.” ServiceNow, Dec. 2021. Accessed June 2022.

Gorley, Adam. “What is ESG and Why It’s Important for Risk Management.” Sustainalytics, March 2022. Accessed May 2022.

Hall, Lindsey. “You Need Near-Term Accountability to Meet Long-Term Climate Goals.” S&P Global Sustainable1, Oct. 2021. Accessed April 2022.

Henisz, Witold, et al. “Five Ways That ESG Creates Value.” McKinsey, Nov. 2019. Accessed July 2022.

“Integrating ESG Factors in the Investment Decision-Making Process of Institutional Investors.” OECD iLibrary, n.d. Accessed July 2022.

“Investor Survey.” Benchmark ESG, Nov. 2021. Accessed July 2022.

Jackson, Brian. Tech Trends 2023, Info-Tech Research Group, Dec. 2022, Accessed Dec. 2022.

Keet, Lior. “What Is the CIO’s Role in the ESG Equation?” EY, 2 Feb. 2022. Accessed May 2022.

Lev, Helee, “Understanding ESG risks and why they matter” GreenBiz, June 2022. Accessed Dec 2022.

Marsh, Chris, and Simon Robinson. “ESG and Technology: Impacts and Implications.” S&P Global Market Intelligence, March 2021. Accessed April 2022.

Martini, A. “Socially Responsible Investing: From the Ethical Origins to the Sustainable Development Framework of the European Union.” Environment, Development and Sustainability, vol. 23, Nov. 2021. Web.

Maher, Hamid, et al. “AI Is Essential for Solving the Climate Crisis.” Boston Consulting Group, 7 July 2022. Web.

“Materiality Assessment. Identifying and Taking Action on What Matters Most.” Novartis, n.d. Accessed June. 2022.

Morrow, Doug, et al. “Understanding ESG Incidents: Key Lessons for Investors.” Sustainalytics, July 2017. Accessed May 2022.

“Navigating Climate Data Disclosure.” Novisto, July 2022. Accessed Nov. 2022.

Nuttall, Robin, et al. “Why ESG Scores Are Here to Stay.” McKinsey & Company, May 2020. Accessed July 2022.

“Opportunities in Sustainability – 451 Research’s Analysis of Sustainability Perspectives in the Data Center Industry.” Schneider Electric, Sept. 2020. Accessed May 2022.

Peterson, Richard. “How Can NLP Be Used to Quantify ESG Analytics?” Refinitiv, Feb. 2021. Accessed June 2022.

“PwC’s 25th Annual Global CEO Survey: Reimagining the Outcomes That Matter.” PwC, Jan. 2022. Accessed June 2022.

“SEC Proposes Rules on Cybersecurity, Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies.” Securities and Exchange Commission, 9 May 2022. Press release.

Serafeim, George. “Social-Impact Efforts That Create Real Value.” Harvard Business Review, Sept. 2020. Accessed May 2022.

Sherrie, Gonzalez. “ESG Planning and Performance Survey.” Diligent, 24 Sept. 2021. Accessed July 2022.

“Special Reports Showcase, Special Report: Mid-Year Report on Proposed SEC Rule 14-8 Change.” Sustainable Investments Institute, July 2020. Accessed April 2022.

“State of European Tech. Executive Summary Report.” Atomico, Nov. 2021. Accessed June 2022.

“Top Challenges in ESG Reporting, and How ESG Management Solution Can Help.” Novisto, Sept. 2022. Accessed Nov. 2022.

Vaughan-Smith, Gary. “Navigating ESG data sets and ‘scores’.” Silverstreet Capital, 23 March 2022. Accessed Dec. 2022.

Waters, Lorraine. “ESG is not an environmental issue, it’s a data one.” The Stack, 20 May 2021. Web.

Wells, Todd. “Why ESG, and Why Now? New Data Reveals How Companies Can Meet ESG Demands – And Innovate Supply Chain Management.” Diginomica, April 2022. Accessed July 2022.

“XBRL is coming to corporate sustainability Reporting.” Novisto, Aug. 2022. Accessed Dec. 2022.

Research Contributors and Experts

Photo of Chris Parry

Chris Parry
VP of ESG, Datamine

Chris Parry has recently been appointed as the VP of ESG at Datamine Software. Datamine’s dedicated ESG division provides specialized ESG technology for sustainability management by supporting key business processes necessary to drive sustainable outcomes.

Chris has 15 years of experience building and developing business for enterprise applications and solutions in both domestic and international markets.

Chris has a true passion for business-led sustainable development and is focused on helping organizations achieve their sustainable business outcomes through business transformation and digital software solutions.

Datamine’s comprehensive ESG capability supports ESG issues such as the environment, occupational health and safety, and medical health and wellbeing. The tool assists with risk management, stakeholder management and business intelligence.

Innovation

  • Buy Link or Shortcode: {j2store}21|cart{/j2store}
  • Related Products: {j2store}21|crosssells{/j2store}
  • Teaser Video: Visit Website
  • Teaser Video Title: Digital Ethics = Data Equity
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • sidebar graphic: Visit Link
  • Parent Category Name: Strategy and Governance
  • Parent Category Link: /strategy-and-governance
Innovation is the at heart of every organization, especially in these fast moving times. It does not matter if you are in a supporting or "traditional" sector.  The company performing the service in a faster, better and more efficient way, wins.

innovation

Activate Your Augmented Reality Initiative

  • Buy Link or Shortcode: {j2store}465|cart{/j2store}
  • member rating overall impact (scale of 10): 10.0/10 Overall Impact
  • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
  • member rating average days saved: Read what our members are saying
  • Parent Category Name: Customer Relationship Management
  • Parent Category Link: /customer-relationship-management
  • Augmented reality is a new technology and use cases are still emerging. Organizations have to work hard to stay ahead of the curve and predict how they will be impacted.
  • There are limited off-the-shelf augmented reality solutions in terms of business applications. IT not only needs to understand the emerging augmented reality hardware, but also the plethora of development platforms.

Our Advice

Critical Insight

  • Augmented reality presents a new avenue to solve problems that cannot be addressed efficiently with existing technology. It is a new tool that will impact the way you work.
  • Beyond addressing existing problems, augmented reality will provide the ability to differently execute business processes. Current processes have been designed with existing systems and capabilities in mind. Augmented reality impacts organizational design processes that are more complex.
  • As a technology with an evolving set of use cases, IT and the business must anticipate some of the challenges that may arise with the use of augmented reality (e.g. health and safety, application development, regulatory).

Impact and Result

  • Our methodology addresses the possible issues by using a case-study approach to demonstrate the “art of the possible” for augmented reality.
  • With an understanding of augmented reality, it is possible to find applicable use cases for this emerging technology and get a leg up on competitors.
  • By utilizing Info-Tech’s Augmented Reality Use Case Picklist and the Augmented Reality Stakeholder Presentation Template, the IT team and their business stakeholders can confidently approach augmented reality adoption.

Activate Your Augmented Reality Initiative Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why your organization should care about augmented reality’s potential to transform the workplace and how Info-Tech will support you as you identify and build your augmented reality use case.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Understand augmented reality

Analyze the four key benefits of augmented reality to understand how the technology can resolve industry issues.

  • Activate Your Augmented Reality Initiative – Phase 1: Understand Augmented Reality
  • Augmented Reality Glossary

2. Finding space for augmented reality

Develop and prioritize use cases for augmented reality using Info-Tech’s AR Initiative Framework.

  • Activate Your Augmented Reality Initiative – Phase 2: Finding Space for Augmented Reality
  • Augmented Reality Use Case Picklist

3. Communicate project decisions to stakeholders

Present the augmented reality initiative to stakeholders and understand the way forward for the AR initiative.

  • Activate Your Augmented Reality Initiative – Phase 3: Communicate Project Decisions to Stakeholders
  • Augmented Reality Stakeholder Presentation Template
[infographic]

Workshop: Activate Your Augmented Reality Initiative

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Understand Augmented Reality and Its Use Cases

The Purpose

Understand the fundamentals of augmented reality technology and its real-world business applications.

Key Benefits Achieved

A prioritized list of augmented reality use cases.

Activities

1.1 Introduce augmented reality technology.

1.2 Understand augmented reality use cases.

1.3 Review augmented reality case studies.

Outputs

An understanding of the history and current state of augmented reality technology.

An understanding of “the art of the possible” for augmented reality.

An enhanced understanding of augmented reality.

2 Conduct an Environmental Scan and Internal Review

The Purpose

Examine where the organization stands in the current competitive environment.

Key Benefits Achieved

Understanding of what is needed from an augmented reality initiative to differentiate your organization from its competitors.

Activities

2.1 Environmental analysis (PEST+SWOT).

2.2 Competitive analysis.

2.3 Listing of interaction channels and disposition.

Outputs

An understanding of the internal and external propensity for augmented reality.

An understanding of comparable organizations’ approach to augmented reality.

A chart with the disposition of each interaction channel and its applicability to augmented reality.

3 Parse Critical Technology Drivers

The Purpose

Determine which business processes will be affected by augmented reality.

Key Benefits Achieved

Understanding of critical technology drivers and their KPIs.

Activities

3.1 Identify affected process domains.

3.2 Brainstorm impacts of augmented reality on workflow enablement.

3.3 Distill critical technology drivers.

3.4 Identify KPIs for each driver.

Outputs

A list of affected process domains.

An awareness of critical technology drivers for the augmented reality initiative.

Navigate the Digital ID Ecosystem to Enhance Customer Experience

  • Buy Link or Shortcode: {j2store}76|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: IT Strategy
  • Parent Category Link: /it-strategy
  • Amid the pandemic-fueled surge in online services, organizations require secure solutions to safeguard digital interactions. These solutions must be uniform, interoperable, and fortified against security threats.
  • Although the digital identity ecosystem has garnered significant attention and investment, many organizations remain uncertain about its potential for authentication and the authorization required for B2B and B2C transactions, and in turn reducing their cost of operations and transferring their data risks.

Our Advice

Critical Insight

  • Limited / lack of understanding of the global digital ID ecosystem and its varying approaches across countries handicaps businesses in defining the benefits digital ID can bring to customer interactions and overall business management.
  • In addition, key obstacles exist in balancing customer privacy, data security, and regulatory requirements while pursuing excellent end-user experience and high customer adoption.
  • Info-Tech Insight: Focusing on customer touchpoints and transforming them are key to excellent experience and increasing their life-time value (LTV) to them and to your organization. Digital ID is that tool of transformation.

Impact and Result

  • Digital ID has many dimensions, and its ecosystem's sustainability lies in the key principles it is built on. Understanding the digital identity ecosystem and its responsibilities is crucial to formulating an approach to adopt it. Also, focusing on key success factors drives digital ID adoption.
  • Before embarking on the digital identity adoption journey, it is essential to assess your readiness. It is also necessary to understand the risks and challenges. Specific steps to digital ID adoption can help realize the potential of digital identity and enhance the customers' experience.

Navigate the Digital ID Ecosystem to Enhance Customer Experience Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Navigate the Digital ID Ecosystem to Enhance Customer Experience Storyboard – Learn how to adopt Digital ID to drive benefits, enhance customer experience, improve efficiency, manage data risks, and uncover new opportunities.

This research focuses on verified digital identity ecosystems and explores risks, opportunities, and challenges of relying on verified digital IDs and also how adopting digital identity initiatives can improve customer experience and operational efficiency. It covers:

  • Definition and dimensions of digital identity
  • Key responsibilities and principles of digital identity ecosystem
  • Success factors for digital identity adoption
  • Global evolution and unique approaches in Estonia, India, Canada, UK, and Australia
  • Industries that benefit most from digital ID development
  • Key use cases of digital ID
  • Benefits to governments, ID providers, ID consumers, and end users
  • Readiness checklist and ten steps to digital ID adoption
  • Risks and challenges of digital identity adoption
  • Key recommendations to realize potential of digital identity
  • Taxonomy and definitions of terms in the digital identity ecosystem
    • Navigate the Digital ID Ecosystem to Enhance Customer Experience Storyboard
    • Familiarize Yourself With the Digital ID Ecosystem Taxonomy
    • Assess Your Digital ID Adoption Readiness

    Infographic

    Further reading

    Navigate the Digital ID Ecosystem to Enhance Customer Experience

    Beyond the hype: How it can help you become more customer-focused?

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    Amid the pandemic-fueled surge of online services, organizations require secure solutions to safeguard digital interactions. These solutions must be uniform, interoperable, and fortified against security threats.

    Although the digital identity ecosystem has garnered significant attention and investment, many organizations remain uncertain about its potential for authentication and authorization required for B2B and B2C transactions.

    They still wonder if digital ID can help reduce cost of operations and transfer data risks.

    Limited or lack of understanding of the global Digital ID ecosystem and its varying approaches across countries handicap businesses in defining the potential benefits Digital ID can bring to customer interactions and overall business management.

    In addition, key obstacles exist in balancing customer privacy (including the right to be forgotten), data security, and regulatory requirements while pursuing desired end-user experience and high customer adoption.

    Digital ID has many dimensions, and its ecosystem's sustainability lies in the key principles it is built on. Understanding the digital identity ecosystem and its responsibilities is crucial to formulate an approach to adopt it. Also, focusing on key success factors drives digital ID adoption.

    Before embarking on the digital identity adoption journey, it is essential to assess your readiness. It is also necessary to understand the risks and challenges. Specific steps to digital ID adoption can help realize the potential of digital identity and enhance the customers' experience.

    Info-Tech Insight

    Focusing on customer touchpoints and transforming them is key to excellent user experience and increasing their lifetime value (LTV) to them and to your organization. Digital ID is that tool of transformation.

    Analyst Perspective

    Manish Jain.

    Manish Jain

    Principal Research Director

    Analyst Profile

    “I just believed. I believed that the technology would change people's lives. I believed putting real identity online - putting technology behind real identity - was the missing link.”

    - Sheryl Sandberg (Brockes, Emma. “Facebook’s Sheryl Sandberg: who are you calling bossy?” The Guardian, 5 April 2014)

    Sometimes dismissed as mere marketing gimmicks, digital identity initiatives are anything but. While some argue that any online credential is a "Digital ID," rendering the hype around it pointless, the truth is that a properly built digital ID ecosystem has the power to transform laggard economies into global digital powerhouses. Moreover, digital IDs can help businesses transfer some of their cybersecurity risks and unlock new revenue channels by enabling a foundation for secure and efficient value delivery.

    In addition, digital identity is crucial for digital and financial inclusion, simplifying onboarding processes and opening up new opportunities for previously underserved populations. For example, in India, the Aadhaar digital ID ecosystem brought over 481 million1 people into the formal economy by enabling access to financial services. Similarly, in Indonesia, the e-KIP digital ID program paved the way for 10 million new bank accounts, 94% of which were for women2.

    However, digital identity initiatives also come with valid concerns, such as the risk of a single point of failure and the potential to widen the digital divide.

    This research focuses on the verified digital identity ecosystem, exploring the risks, opportunities, and challenges organizations face relying on these verified digital IDs to know their customers before delivering value. By understanding and adopting digital identity initiatives, organizations can unlock their full potential and provide a seamless customer experience while ensuring operational efficiency.

    1 India Aadhaar PMJDY (https://pmjdy.gov.in/account)
    2 Women’s World Banking, 2020.

    Digital Identity Ecosystem and vital ingredients of adoption

    Digital Identity Ecosystem.

    What is digital identity?

    Definitions may vary, depending on the focus.

    “Digital identity (ID) is a set of attributes that links a physical person with their online interactions. Digital ID refers to one’s online persona - an online footprint. It touches important aspects of one’s everyday life, from financial services to health care and beyond.” - DIACC Canada

    “Digital identity is a digital representation of a person. It enables them to prove who they are during interactions and transactions. They can use it online or in person.” - UK Digital Identity and Attributes Trust Framework

    “Digital identity is an electronic representation of an entity (person or other entity such as a business) and it allows people and other entities to be recognized online.” - Australia Trusted Digital Identity Framework

    A digital identity is primarily an electronic form of identity representing an entity uniquely , while abstracting all other identity attributes of the entity. In addition to an electronic form, it may also exist in a physical form (identity certificate), linked through an identifier representing the same entity.

    Digital identity has many dimensions*, and in turn categories

    Trust

    • Verified (Govt. issued IDs)
    • Unverified (Email Id)

    Subject

    • Individual
    • Organization
    • Device
    • Service

    Usability

    • Single-purpose (Disposable)
    • Multi-purpose (Reusable)

    Provider

    • Sovereign Government
    • Provincial Government
    • Local Government
    • Public Organization
    • Private Organization
    • Self

    Jurisdiction

    • Global (Passport)
    • National (DL)
    • State/Provincial (Health Card)
    • Local (Voting Card)
    • Private (Social)

    Form

    • Physical Card
    • Virtual Identifier
    • Online/App Account
    • PKI Keys
    • Tokens

    Governance

    • Sovereign
    • Federated
    • Decentralized
    • Trust Framework -based
    • Self-sovereign

    Expiry

    • Permanent (Lifetime, Years)
    • Temporary (Minutes, Hours)
    • Revocable

    Usage Mode

    • online only
    • offline only
    • Online/offline

    Purpose

    • Authorization (driver’s license, passport, employment)
    • Authentication (birth certificate, social security number)
    • Activity Linking (preferences, habits, and priorities)
    • Historical Record (Resume, educational financial, health history)
    • Social Interactions (Social Media)
    • Machine Connectivity

    Info-Tech Insight

    Digital ID has taken different meanings for different people, serving different purposes in different environments. Based on various aspects of Digital Identification, it can be categorized in several types. However, most of the time when people refer to a form of identification as Digital ID, they refer to a verified id with built-in trust either from the government OR the eco-system.

    * Please refer to Taxonomy for the definition of each of the dimensions

    Understanding a digital identity ecosystem is key to formulating your approach to adopt it

    The image contains a screenshot of a digital identity ecosystem diagram.

    Info-Tech Insight

    Digital identity ecosystems comprise many entities playing different roles, and sometimes more than one. In addition, variations in approach by jurisdictions drive how many active players are in the ecosystem for that jurisdiction.

    For example, in countries like Estonia and India, government plays the role of trust and governance authority as well as ID provider, but didn’t start with any Digital ID wallet. In contrast, in Ukraine, Diia App is primarily a Digital ID Wallet. Similarly, in the US, different states are adopting private Digital ID Wallet providers like Apple.

    Digital ID ecosystem’s sustainability lies in the key principles it is built on

    Social, economic, and legal alignment with target stakeholders
    Transparent governance and operation
    Legally auditable and enforceable
    Robust and Resilient – High availability
    Security – At rest, in progress, and in transit
    Privacy and Control with users
    Omni-channel Convenience – User and Operations
    Minimum data transfer between entities
    Technical interoperability enabled through open standards and protocol
    Scalable and interoperable at policy level
    Cost effective – User and operations
    Inclusive and accessible

    Info-Tech Insight

    A transparent, resilient, and auditable digital ID system must be aligned with socio-economic realities of the target stakeholders. It not only respects their privacy and security of their data by minimizing the data transfer between entities, but also drives desired customer experience by providing an omni-channel, interoperable, scalable, and inclusive ecosystem while still being cost-effective for the collaborators.

    Source: Adapted from Canada PCTF, UK Trust framework, European Commission, Australia TDIF, and others

    Focus on key success factors to drive the digital ID adoption

    Digital ID success factors

    Legislative regulatory framework – Removes uncertainty
    Security & Privacy Assurance- builds trust
    Smooth user experience – Drives preferences
    Transparent ecosystem – Drives inclusivity
    Multi-channel – Drive consistent experience online / offline
    Inter-operability thorough open standards
    Digital literacy – Education and awareness
    Multi-purpose & reusable – Reduce consumer burden
    Collaborative ecosystem –Build network effect

    Source: Adapted from Canada PCTF, UK digital identity & attributes trust framework , European eIDAS, and others

    Info-Tech Insight

    Driving adoption of Digital ID requires affirmative actions from all ecosystem players including governing authorities, identity providers, and identity consumers (relying parties).

    These nine success factors can help drive sustainable adoption of the Digital ID.

    Among many responsibilities the ecosystem players have, identity governance is the key to sustainability

    • Digital identity provision
      • Creating identity attributes
      • Create a reusable identity and attribute service
      • Create a digital identity
      • Assess and manage quality of an identity and attributes
      • Making identity provision inclusive and accessible
    • Digital identity resolution
      • Enabling inclusive access to products and services through digital identity
      • Authenticate and authorize identity subjects before permitting access to their identity and attributes
    • Digital identity governance
      • Manage digital identity and attributes
      • Make Identity service interoperable, and sharable
      • Recover digital identity and attribute accounts
      • Notifying users on accessing identity or making changes on more attributes
      • Report and audit – exclusion, accessibility
      • Retiring an identity or attribute service
      • Respond to complaints and disputes
    • Enterprise risk management and governance
    The image contains a screenshot of a diagram to demonstrate how identity governance is the key to sustainability.
    • Privacy and security
      • Use encryption
      • Privacy compliance framework
      • Consumer Privacy Protection laws (CPPA, GDPR etc.)
      • Acquiring and managing user consents & agreements
      • Prohibited processing of personal data
      • Security controls and governance
    • Information management
      • Record management
      • Archival
      • Disposal (on expiry or to comply with regulations)
      • CIA (confidentiality, integrity, availability)
    • Fraud management
      • Fraud monitoring and reporting
      • Fraud intelligence and analysis
      • Sharing threat indicators
      • Legal, policies and procedures for fraud management
    • Incident response
      • Respond to fraud incidents
      • Respond to a service delivery incident
      • Responding to data breaches
      • Performing and participating in investigation

    Global evolution of digital ID is following the socio-economic aspirations of countries

    The image contains a screenshot of a graph that demonstrates global evolution of digital ID.

    Source: Adapted from the book: Identification Revolution: Can Digital ID be harnessed for Development? (Gelb & Metz), 2018

    Info-Tech Insight

    The world became global a long time ago; however, it sustained economic progress without digital IDs for most of the world's population.

    With the pandemic, when political rhetoric pointed to the demand for localized supply chains, economies became irreversibly digital. In this digital economy, the digital ID ecosystem is the fulcrum of sustainable growth.

    At a time in overlapping jurisdictions, multiple digital IDs can exist. For example, one is issued by a local municipality, one by the province, and another by the national government.

    Global footprint of digital ID is evolving rapidly, but varies in approach

    The image contains a screenshot of a Global footprint of digital ID.

    Info-Tech Insight

    Countries’ approach to the digital ID is rooted in their socio-economic environment and global aspirations.

    Emerging economies with large underserved populations prioritize fast implementation of digital ID through centralized systems.

    Developed economies with smaller populations, low trust in government, and established ID systems prioritize developing trust frameworks to drive decentralized full-scale implementation.

    There is no right way except the one which follows Digital ID principles and aligns with a country’s and its people’s aspirations.

    Estonia's e-identity is the key to its digital agenda 2030

    • Regulatory Body and Operational Governance: Estonian Information System Authority (RIA).
    • Identity Providers: Government of Estonia; Private sector doesn’t issue IDs but can leverage Digital ID ecosystem.
    • Decentralized Approach: Permissioned Blockchain Architecture with built-in data traceability implemented on KSI (Keyless Signature Infrastructure).
    • X-Road – Secure, interoperable open-source data exchange platform between collection point where Data is stored.
    • Digital Identity Form: e-ID
    • Key Use cases:
      • Financial, Telecom: e-KYC, e-Banking
      • Digital Authentication: ID Card, Mobile ID, Smart ID, Digital Signatures
      • E-governance: e-Voting, e-Residency, e-Services Registries, e-Business Register
      • Smart City and mobility: Freight Transportation, Passenger Mobility
      • Healthcare: e-Health Record, e-Prescription, e-Ambulance
    • ID-card
    • Smart ID
    • Mobile ID
    • e-Residency

    Uniqueness

    Estonia pioneered the digital ID implementation with a centralized approach and later transitioned to a decentralized ecosystem driving trust to attract non-citizens into Estonia’s digital economy.

    99% Of Estonian residents have an ID card enabling use of electronic ID

    1.4 B Digital signatures given (2021)

    99% Public Services available as e-Services

    17K+ Productive years saved (five working days/citizen/year saved accessing public services)

    25K E-resident companies contributed more than €32 million in tax

    *Source: https://e-estonia.com/wp-content/uploads/e-estonia-211022_eng.pdf ;

    https://www.e-resident.gov.ee/dashboard

    The image contains a timeline of events from 2001-2020 for Estonia..

    India’s Aadhaar is the foundation of its digital journey through “India stack”

    • Regulatory Accountability and Operational Governance: Unique Identification Authority of India (UIDAI).
    • Identity Provider: Govt. of India.
    • Digital Identity Form: Physical and electronic ID Card; Online (Identifier + OTP), and offline (identifier + biometric) usage; mAadhaar App & Web Portal
    • India Stack: a set of open APIs and digital assets to leverage Aadhaar in identity, data, and payments at scale.
    • Key Use cases:
      • Financial, Telecom: eKYC, Unified Payments Interface (UPI)
      • Digital Wallet: Digi Locker
      • Digital Authentication: eSign, and Aadhaar Auth.
      • Public Welfare: Public Distribution of Service, Social Pension, Employment Guarantee
      • Public service access: Enrollment to School, Healthcare

    1.36B People enrolled

    80% Beneficiaries feel Aadhaar has made PDS, employment guarantee and social pensions more reliable

    91.6% Are very satisfied or somewhat satisfied with Aadhaar

    14B eKYC transactions done by 218 eKYC authentication agencies (KUA)

    Source: https://uidai.gov.in/aadhaar_dashboard/india.php; https://www.stateofaadhaar.in/

    World Bank Report on Private Sector Impacts from ID

    Uniqueness

    “The Aadhaar digital identity system could reduce onboarding costs for Indian firms from 1,500 rupees to as low as an estimated 10 rupees.”

    -World Bank Report on Private Sector Impacts from ID

    With lack of public trust in private sector, government brought in private sector executives in public ecosystem to lead the largest identity program globally and build the India stack to leverage the power of Digital Identity.

    The image contains a screenshot of India's Aadhaar timeline from 2009-2022.

    Ukraine’s Diia is a resilient act to preserve their identities during threat to their existence

    Regulatory Accountability and Operational Governance: Ministry of Digital Transformation.

    Identity provider: Federated govt. agencies.

    Digital identity form: Diia App & Portal as a digital wallet for all IDs including digital driving license.

    • Key use cases:
      • eGovernance – Issuing license and permits, business registration, vaccine certificates.
      • Public communication: air-raid alerts, notifications, court decisions and fines.
      • Financial, Telecom: KYC compliance, mobile donations.
      • eBusiness: Diia City legal framework for IT industry, Diia Business Portal for small and medium businesses.
      • Digital sharing and authentication: Diia signature and Diia QR.
      • Public service access: Diia Education Portal for digital education and digital skills development, healthcare.

    18.5M People downloaded the Diia app.

    14 Digital IDs provided by other ID providers are available through Diia.

    70 Government services are available through Diia.

    ~1M Private Entrepreneurs used Diia to register their companies.

    1300 Tons of paper estimated to be saved by reducing paper applications for new IDs and replacements.

    Source:

    • Ukraine Govt. Website for Invest and trade
    • Diia Case study prepared for the office of Canadian senator colin deacon.

    Uniqueness

    “One of the reasons for the Diia App's popularity is its focus on user experience. In September 2022, the Diia App simplified 25 public services and digitized 16 documents. The Ministry of Digital Transformation aims to make 100% of all public services available online by 2024.”

    - Vladyslava Aleksenko

    Project Lead—digital Identity, Ukraine

    The image contains a screenshot of the timeline for Diia.

    Canada’s PCTF (Pan Canadian Trust Framework) driving the federated digital identity ecosystem

    • Regulatory Accountability: Treasury Board of Canada Secretariat (TBS); Canadian Digital Service (CDS); Office of CIO
    • Standard Setting: Digital Identification and Authentication Council of Canada (DIACC)
    • Frameworks:
      • Treasury Board Directive on Identity Management
      • Pan Canadian Trust Framework (PCTF)
      • Voilà Verified Trustmark Program: ISO aligned compliance certification program on PCTF
      • Governing / Certificate Authority: Trustmark Oversight Board (TOB) and DIACC accredited assessor
      • Operational Governance: Federated between identity providers and identity consumers
      • Identity Providers: Public and Private Sector
      • Other entities involved: Digital ID Lab (Voila Verified Auditor); Kuma (Accredited Assessor)
    The image contains a screenshot of PCTF Components.

    82% People supportive of Digital ID.

    2/3 Canadians prefer public-private partnership for Pan-Canadian digital ID framework.

    >40% Canadians prefer completing various tasks and transactions digitally.

    75% Canadians are willing to share personal information for better experience.

    >80% Trust government, healthcare providers, and financial institutions with their personal information.

    Source: DIACC Survey 2021

    Uniqueness

    Although a few provinces in Canada started their Digital ID journey already, federally, Canada lacked an approach.

    Now Canada is developing a federated Digital ID ecosystem driven through the Pan-Canadian Trust Framework (PCTF) led by a non-profit (DIACC) formed with public and private partnership.

    The image contains a screenshot of Canada's PCTF timeline from 2002-2025.

    Australia’s digital id is pivotal to its vision to become one of the Top-3 digital governments globally by 2025*

    * Australia Digital Government Strategy 2021
    • Regulatory responsibility and standard: Digital Transformation Agency (DTA)’s Digital Identity
    • Operational support and oversight: Service Australia, Interim Oversight Authority (IOA).
    • Accredited identity providers (by 2022): Australian Taxation Office (ATO)’s myGovID, Australia Post’s Digital ID, MasterCard’s ID, OCR Labs App
    • Framework: Trusted Digital Identity Framework (TDIF)
      • Digital Identity Exchange
      • Identity Service Providers and Attribute Verification Service
      • Attribute Service Providers
      • Credential Service Providers
      • Relying Parties
    • Others: States such as NSW, Victoria, and Queensland have their own digital identity programs

    8.6M People using myGovID by Jun-2022

    117 Services accessible through Digital Id System

    The image contains a screenshot diagram of Digital Identity.

    Uniqueness

    Australia started its journey of Digital ID with a centralized Digital ID ecosystem.

    However, now it preparing to transition to a centrally governed Trust framework-based ecosystem expanding to private sector.

    The image contains a screenshot of Australia's Digital id timeline from 2014-2022.

    UK switches gear to the Trust Framework approach to build a public-private digital ID ecosystem

    • Government: Ministry of Digital Infrastructure / Department of Digital, Culture, Media, and Sport
    • Governing Body / Certificate Authority / Operational Governance: TBD
    • Approach: Trust Framework-based UK Digital Identity and attributes trust framework (UKDIATF)
    • Identity providers: Transitioning from “GOV.UK Verify” to a federated digital identity system aligned with “Trust Framework” – enabling both government (“One Login for Government”) and private sector identity providers.
    The image contains a screenshot of the Trust Framework.

    Uniqueness

    UK embarked its Digital ID journey through Gov.UK Verify but decided to scrap it recently.

    It is now preparing to build a trust framework-based federated digital ID ecosystem with roles like schema-owners and orchestration service providers for private sector and drive the collaboration between industry players.

    The image contains a screenshot of UK timeline from 2011-2023.

    Digital ID will transform all industries, though financial services and e-governance will gain most

    Cross Industry

    Financial Services

    Insurance

    E-governance

    Healthcare & Lifesciences

    Travel and Tourism

    E-Commerce

    • Onboarding (customer, employee, patient, etc.)
    • Fraud-prevention (identity theft)
    • Availing restricted services (buying liquor)
    • Secure-sharing of credentials and qualifications (education, experience, gig worker)
    • For businesses, customer 360
    • For businesses, reliable data-driven decision making with lower frequency of ‘astroturfing’ (false identities) and ‘ballot-stuffing’ (duplicate identities)
    • Account opening
    • Asset transfer
    • Payments
    • For businesses, risk management - know your customer (KYC), anti-money laundering (AML), customer due diligence (CDD)
    • Insurance history
    • Insurance claim
    • Public distribution schemes (PDS)
    • Subsidy payments (direct to consumer)
    • Obtain government benefits (maternity, pension, employment guarantee / insurance payments)
    • Tax filing
    • Issuing credentials (birth certificate, passport)
    • Voting
    • For businesses, availing governments supports
    • For SMB businesses, easier regulatory compliance
    • Digital health
    • Out of state public healthcare
    • Secure access to health and diagnostic records
    • For businesses, data sharing between providers and with payers
    • Travel booking
    • Cross-border travel
    • Car rental
    • Secure peer-to-peer sales
    • Secure peer-to-peer sales

    USE CASE

    Car rental

    INDUSTRY: Travel & Tourism

    Source: Info-Tech Research Group

    Challenge

    Solution

    Results

    Verifying the driver’s license (DL) is the first step a car rental company takes before handing over the keys.

    While the rental company only need to know the validity of the DL and if it belongs to the presenter, is bears the liability of much more data presented to them through the DL.

    For customers, it is impossible to rent a car if they forget their DL. If the customer has their driver’s license, they compromise their privacy and security as they hand over their license to the representative.

    The process is not only time consuming, it also creates unnecessary risks to both the business and the renter.

    A digital id-based rental process allows the renter to present the digital id online or in person.

    As the customer approaches the car rental they present their digital id on the mobile app, which has already authenticated the presenter though the biometrics or other credentials.

    The customer selects the purpose of the business as “Car Rental”, and only the customer’s name, photo, and validity of the DL appear on the screen for the representative to see (selective disclosures).

    If the car pick-up is online, only this information is shared with the car rental company, which in turn shares the car and key location with the renter.

    A digital identity-based identity verification can ensure a rental company has access to the minimum data it needs to comply with local laws, which in turn reduces its data leak risk.

    It also reduces customer risks linked to forgetting the DL, and data privacy.

    Digital identity also reduces the risk originated from identity fraud leading to stolen cars.

    USE CASE

    e-Governance public distribution service

    INDUSTRY: Government

    Source: Info-Tech Research Group

    Challenge

    Solution

    Results

    In both emerging and developed economies, public distribution of resources – food, subsidies, or cash – is a critical process through which many people (especially from marginalized sections) survive on.

    They often either don’t have required valid proof of identity or fall prey to low-level corruption when someone defrauds them by claiming the benefit.

    As a result, they either completely miss out on claiming government-provided social benefits OR only receive a part of what they are eligible for.

    A Digital ID based public distribution can help created a Direct Benefit Transfer ecosystem.

    Here beneficiaries register (manually OR automatically from other government records) for the benefits they are eligible for.

    On the specific schedule, they receive their benefit – monetary benefit in their bank accounts, and non-cash benefits, in person from authorized points-of-sales (POS), without any middleman with discretionary decision powers on the distribution.

    India launched its Financial Inclusion Program (Prime Minister's Public Finance Scheme) in 2014.

    The program was linked with India’s Digital Id Aadhaar to smoothen the otherwise bureaucratic and discretionary process for opening a bank account.

    In last eight years, ~481M (Source: PMJDY) beneficiaries have opened a bank account and deposited ~ ₹1.9Trillion (USD$24B), a part of which came as social benefits directly deposited to these accounts from the government of India.

    USE CASE

    Real-estate investment and sale

    INDUSTRY: Asset Management

    Source: Info-Tech Research Group

    Challenge

    Solution

    Results

    “Impersonators posing as homeowners linked to 32 property fraud cases in Ontario and B.C.” – Global News Canada1

    “The level of fraud in the UK is such that it is now a national security threat” – UK Finance Lobby Group2

    Real estate is the most expensive investment people make in their lives. However, lately it has become a soft target for title fraud. Fraudsters steal the title to one’s home and sell it or apply for a new mortgage against it.

    At the root cause of these fraud are usually identity theft when a fraudster steals someone’s identity and impersonates them as the title owner.

    Digital identity tagged to the home ownership / title record can reduce the identity fraud in title transfer.

    When a person wants to sell their house OR apply for a new mortgage on house, multiple notifications will be triggered to their contact attributes on digital ID – phone, email, postal address, and digital ID Wallet, if applicable.

    The homeowner will be mandated to authorize the transaction on at least two channels they had set as preferred, to ensure that the transaction has the consent of the registered homeowner.

    This process will stop any fraud transactions until at least two modes are compromised.

    Even if two modes are compromised, the real homeowner will receive the notification on offline communication modes, and they can then alert the institution or lawyer to block the transaction.

    It will especially help elderly people, who are more prone to fall prey to identity frauds when somebody uses their IDs to impersonate them.

    1 Global News (https://globalnews.ca/news/9437913/homeowner-impersonators-lined-32-fraud-cases-ontario-bc/)

    2 UK Finance Lobby Group (https://www.ukfinance.org.uk/system/files/Half-year-fraud-update-2021-FINAL.pdf)

    Adopting digital ID benefits everybody – governments, id providers, id consumers, and end users

    Governments & identity providers

    (public & private)

    Customers and end users

    (subjects)

    Identity consumer

    (relying parties)

    • Growth in GDP
    • Save costs of providing identity
    • Unlock new revenue source by economic expansion
    • Choice and convenience
    • Control of what data is shared
    • Experience driven by simplicity and data minimalization
    • Reduced cost of availing services
    • Operational efficiency
    • Overall cost efficiency of delivering service and products
    • Reduce risk of potential litigation
    • Reduce risk of fraud
    • Enhanced customer experience leading to increased lifetime value
    • Streamlined storage and access
    • Encourage innovation

    Digital ID will transform all industries, though financial services and e-governance will gain most

    Governments and identity providers (public and private)

    • Growth in GDP by reducing bureaucracy and discretion from the governance processes.
      • As per a McKinsey report, digital ID could unlock the economic value equivalent of 3%-13% of GDP across seven focus countries (Brazil, Ethiopia, India, Nigeria, China, UK, USA) in 2030.
      • “Estonia saves two percent of GDP by signing things digitally; imagine if it could go global.” - aavi Rõivas, Prime Minister of the Republic of Estonia (International Peace Institute)
    • Unlock new revenue source by economic expansion.
      • Estonia earned €32 million in tax revenue from e-resident companies (e-Estonia).
    • Save costs of providing identity in collaboration with 3rd parties and reduce fraud.
      • Canada estimates savings of $482 million for provincial and federal governments, and $4.5 billion for private sector organizations through digital id adoption (2022 Budget Statement).

    Digital ID brings end users choice, convenience, control, and cost-saving, driving overall experience

    Customers and end users (subjects)

    • Choice: Citizens have the choice and convenience to interact safely and conveniently online and offline.
    • Convenience: No compulsion to make physical trips to access service, as end users can identify themselves safely and reliably online, as they do offline.
    • Control: A decentralized, privacy enhancing solution – neither government nor private companies control your digital ID. How and when you use digital ID is entirely up to you.
    • Cost Saving: Save costs of availing service by reducing the offline documentation.
    • Experience: Improved experience while availing service without a need to present multiple documents every time.

    Digital id benefits identity consumers by enhancing multiple dimensions of their value streams

    Identity consumer (relying parties)

    • Operational efficiency: Eliminating unnecessary steps and irrelevant data from the value stream increases overall operational efficiency.
    • Cost efficiency: Helps businesses to reduce overall cost of operations like regulatory requirements.
      • World Bank estimated that the Aadhaar could reduce onboarding costs for Indian firms from ₹1,500/- ($23) to as low as an estimated ₹10/- ($0.15) (*World Bank ID4D)
    • Reduce risk of potential litigation issues: Encourage data minimization.
    • Privacy and security: Businesses can reduce the risk of fraud to organizations and users and can significantly boost the privacy and security of their IT assets.
    • Enhanced customer experience: The decrease in the number of touchpoints and faster turnaround.
    • Streamlined storage and access: Store all available data in a single place, and when required.
    • Encourage innovation: Reduce efforts required in authentication and authorization of users.

    Before embarking on the digital identity adoption journey, assess your readiness

    Legislative coverage

    Does your target jurisdiction have adequate legislative framework to enable uses of digital identities in your industry?

    Trust framework

    If the Digital ID ecosystem in your target jurisdiction is trust framework-based, do you have adequate understanding of it?

    Customer touch-points

    Do you have exact understanding of value stream and customer touch-points where you interact with user identity?

    Relevant identity attributes

    Do you have exact understanding of the identity attributes that your business processes need to deliver customer value?

    Regulatory compliance

    Do you have required systems to ensure your compliance with industry regulations around customer PII and identity?

    Interoperability with IMS

    Is your existing identity management system interoperable with Open-source Digital Identity ecosystem?

    Enterprise governance

    Have you established an integrated enterprise governance framework covering business processes, technical systems, and risk management?

    Communication strategy

    Do have a clear strategy (mode, method, means) to communicate with your target customer and persuade them to adopt digital identity?

    Security operations center

    Do you have security operations center coordinating detection, response, resolution, and communication of potential data breaches?

    Ten steps to adopt to enhance the customer experience

    Considering the complexity of digital identity adoption, and its impact on customer experience, it is vital to assess the ecosystem and adopt an MVP approach before a big-bang launch.

    Diagram to help assess the ecosystem.

    1. Define the use case and identify the customer touchpoint in the value stream which can be improved with a verified digital identity.
    2. Ensure your organization is ready to adopt digital identity (Refer to Digital identity adoption readiness),
    3. Identify an Identity Service Provider (Government, private sector), if there are options.
    4. Understand its technical requirements and assess, to the finer detail, your technical landscape for interoperability.
    5. Set-up a business contract for terms of usages and liabilities.
    6. Create and execute a Minimum Viable Program (MVP) of integration which can be tested with real customers.
    7. Extend MVP to the complete solution and define key success metrics.
    8. Canary-launch with a segment of target customers before a full launch.
    9. Educate customers on the usages and benefits, and adapt your communication plan taking feedback
    10. Monitor and continuously improve the solution based on the feedback from ecosystem partners and end-customers, and regulatory changes.

    Understand and manage the risks and challenges of digital identity adoption

    Digital ID adoption is a major change for everyone in the ecosystem.

    Manage associated risks to avoid the derailing of integration with your business processes and a negative impact on customer experience.

    Manage Risks.

    1. Privacy and security risks – Customer’s sensitive data may get centralized with the identity provider.
    2. Single point of failure while relying a specific IDs; it also increases the impact of identity theft and fraud risk.
    3. Centralization and control risks – Identity provider or identity service broker / orchestrator may control who can participate.
    4. Not universal, interoperability risks – if purpose-specific.
    5. Impact omni-channel experience - Not always available (legal / printable) for offline use.
    6. Exclusion and discrimination risks – Specific data requirements may exclude a group of people.
    7. Scope for misuse and misinterpretation if compromised and not reclaimed in timely manner.
    8. Adoption and usability risks – Subjects / relying parties may not see benefit due to lack of awareness or suspicion.
    9. Liability Agreement gaps between identity provider and identity consumer (relying party).

    Recommendations to help you realize the potential of digital identity into your value streams

    1

    Customer-centricity

    Digital identity initiative should prioritize customer experience when evaluating its fit in the value stream. Adopting it should not sacrifice end-user experience to gain a few brownie points.

    See Info-Tech’s Adopt Design Thinking in Your Organization blueprint, to ensure customer remains at the center of your Digital Adoption initiative.

    2

    Privacy and security

    Adopting digital identity reduces data risk by minimizing data transfer between providers and consumers. However, securing identity attributes in value streams still requires strengthening enterprise security systems and processes.

    See Info-Tech’s Assess and Govern Identity Security blueprint for the actions you may take to secure and govern digital identity.

    3

    Inclusion and awareness

    Adopting digital identity may alter customer interaction with an organization. To avoid excluding target customer segments, design digital identity accordingly. Educating and informing customers about the changes can facilitate faster adoption.

    See Info-Tech’s Social Media blueprint and IT Diversity & Inclusion Tactics to make inclusion and awareness part of digital adoption

    4

    Quantitative success metrics

    To measure the success of a digital ID adoption program, it's essential to use quantitative metrics that align with business KPIs. Some measurable KPIs may include:

    • Reduction in number of IDs business used to serve 90% of customers
    • Reduction in overall cost of operation
      • Reduction in cost of user authentication
    • Reduction in process cycle time (less time required to complete a task – e.g. KYC)

    Taxonomy – Digital ID ecosystem

    (Alphabetical order)

    Continues..

    Attributes: An identity attribute is a statement or information about a specific aspect of entity’s identity ,substantiating they are who they claim to be, own, or have.

    Attribute (or Credential) provider: An attribute or credential provider could be an organization which issues the primary attribute or credential to a subject or entity. They are also responsible for identity-attribute binding, credential maintenance, suspension, recovery, and authentication.

    Attribute (or Credential) service provider: An attribute service provider could be an organization which originally vetted user’s credentials and certified a specific attribute of their identity. It could also be a software, such as digital wallet, which can store and share a user’s attribute with a third party once consented by the user. (Source: UK Govt. Trust Framework)

    Attribute binding: This is a process an attribute service providers uses to link the attributes they created to a person or an organization through an identifier. This process makes attributes useful and valuable for other entities using these attributes. For example, when a new employee joins a company, they are given a unique employee number (an identifier), which links the person with their job title and other aspects (attributes) of his job. (Source: UK Govt. Trust Framework)

    Authentication service provider: An organization which is responsible for creating and managing authenticators and their lifecycle (issuance, suspension, recovery, maintenance, revocation, and destruction of authenticators). (Source: DIACC)

    Authenticator: Information or biometric characteristics under the control of an individual that is a specific instance of something the subject has, knows, or does. E.g. private signing keys, user passwords, or biometrics like face, fingerprints. (Source: Canada PCTF)

    Authentication (identity verification): The process of confirming or denying that the identity presented relates to the subject who is making the claim by comparing the credentials presented with the ones presented during identity proofing.

    Authorization: The process of validating if the authenticated entity has permission to access a resource (service or product).

    Biometrics attributes: Human attributes like retina (iris), fingerprint, heartbeat, facial, handprint, thumbprint, voice print.

    Centralized identity: Digital identities which are fully governed by a centralized government entity. It may have enrollment or registration agencies, private or public sector, to issue the identities, and the technical system may still be decentralized to keep data federated.

    Certificate Authority (CA or accredited assessors): An organization or an entity that conducts assessments to validate the framework compliance of identity or attribute providers (such as websites, email addresses, companies, or individual persons) serving other users, and binding them to cryptographic keys through the issuance of electronic documents known as digital certificates.

    Taxonomy – Digital ID ecosystem

    (Alphabetical order)

    Continues..

    Collective (non-resolvable) attributes: Nationality, domicile, citizenship, immigration status, age group, disability, income group, membership, (outstanding) credit limit, credit score range.

    Contextual identity: A type of identity which establishes an entity’s existence in a specific context – real or virtual. These can be issued by public or private identity providers and are governed by the organizational policies. E.g. employee ID, membership ID, social media ID, machine ID.

    Credentials: A physical or a digital representation of something that establishes an entity’s eligibility to do something for which it is seeking permission, or an association/affiliation with another, generally well-known entity. E.g. Passport, DL, password. In the context of Digital Identity, every identity needs to be attached with a credential to ensure that the subject of the identity can control how and by whom that identity can be used.

    Cryptographic hash function: A hash function is a one-directional mathematical operation performed on a message of any length to get a unique, deterministic, and fixed size numerical string (the hash) which can’t be reverse engineered to get the input data without deploying disproportionate resources. It is the foundation of modern security solutions in DLT / blockchain as they help in verifying the integrity and authenticity of the message.

    Decentralized identity (DID) or self-sovereign identity: This is a way to give back the control of identity to the subject whose identity it is, using an identity wallet in which they collect verified information about themselves from certified issuers (such as the government). By controlling what information is shared from the wallet to requesting third parties (e.g. when registering for a new online service), the user can better manage their privacy, such as only presenting proof that they’re over 18 without needing to reveal their date of birth. Source: (https://www.gsma.com/identity/decentralised-identity)

    Digital identity wallet: A type of digital wallet refers to a secure, trusted software applications (native mobile app, mobile web apps, or Rivas-hosted web applications) based on common standards, allowing a user to store and use their identity attributes, identifiers, and other credentials without loosing or sharing control of them. This is different than Digital Payment Wallets used for financial transactions. (Source: https://www.worldbank.org/content/dam/photos/1440x300/2022/feb/eID_WB_presentation_BS.pdf)

    Digital identity: A digital identity is primarily an electronic form of identity representing an entity uniquely , while abstracting all other identity attributes of the entity. In addition to an electronic form, it may also exist in a physical form (identity certificate), linked through an identifier representing the same entity. E.g. Estonia eID , India Aadhar, digital citizenship ID.

    Digital object architecture: DOA is an open architecture for interoperability among various information systems, including ID wallets, identity providers, and consumers. It focuses on digital objects and comprises three core components: the identifier/resolution system, the repository system, and the registry system. There are also two protocols that connect these components. (Source: dona.net)

    Digital signature: A digital signature is an electronic, encrypted stamp of authentication on digital information such as email messages, macros, or electronic documents. A signature confirms that the information originated from the signer and has not been altered. (Source: Microsoft)

    Taxonomy – Digital ID ecosystem

    (Alphabetical order)

    Continues..

    Entity (or Subject): In the context of identity, an entity is a person, group, object, or a machine whose claims need to be ascertained and identity needs to be established before his request for a service or products can be fulfilled. An entity can also be referred to as a subject whose identity needs to be ascertained before delivering a service.

    Expiry: This is another dimension of an identity and determines the validity of an ID. Most of the identities are longer term, but there can be a few like digital tokens and URLs which can be issued for a few hours or even minutes. There are some which can be revoked after a pre-condition is met.

    Federated identity: Federated identity is an agreement between two organizations about the definition and use of identity attributes and identifiers of a consumer entity requesting a service. If successful, it allows a consumer entity to get authenticated by one organization (identity provider) and then authorized by another organization. E.g. accessing a third-party website using Google credentials.

    Foundational identity: A type of identity which establishes an entity’s existence in the real world. These are generally issued by public sector / government agencies, governed by a legal farmwork within a jurisdiction, and are widely accepted at least in that jurisdiction. E.g. birth certificate, citizenship certificate.

    Governance: This is a dimension of identity that covers the governance model for a digital ID ecosystem. While traditionally it has been under the sovereign government or a federated structure, in recent times, it has been decentralized through DLT technologies or trust-framework based. It can also be self-sovereign, where individuals fully control their data and ID attributes.

    Identifier: A digital identifier is a string of characters that uniquely represents an entity’s identity in a specific context and scope even if one or more identity attributes of the subject change over time. E.g. driver’s license, SSN, SIN, email ID, digital token, user ID, device ID, cookie ID.

    Identity: An identity is an instrument used by an entity to provide the required information about itself to another entity in order to avail a service, access a resource, or exercise a privilege. An identity formed by 1-n identity attributes and a unique identifier.

    Identity and access management (IAM): IAM is a set of frameworks, technologies, and processes to enable the creation, maintenance, and use of digital identity, ensuring that the right people gain access to the right materials and records at the right time. (Source: https://iam.harvard.edu/)

    Identity consumer (Relying party): An organization, or an entity relying on identity provider to mitigate IT risks around knowing its customers before delivering the end-user value (product/service) without deteriorating end-user experience. E.g. Canada Revenue Agency using SecureKey service and relying on Banking institutions to authenticate users; Telecom service providers in India relying on Aadhaar identity system to authenticate the customer's identity.

    Identity form: A dimension of identity that defines its forms depending on the scope it wants to serve. It can be a physical card for offline uses, a virtual identifier like a number, or an app/account with multiple identity attributes. Cryptographic keys and tokens can also be forms of identity.

    Taxonomy – Digital ID ecosystem

    (Alphabetical order)

    Continues...

    Identity infrastructure provider: Organizations involved in creating and maintaining technological infrastructure required to manage the lifecycle of digital identities, attributes, and credentials. They implement functions like security, privacy, resiliency, and user experience as specified in the digital identity policy and trust framework.

    Identity proofing: A process of asserting the identification of a subject at a useful identity assurance level when the subject provides evidence to a credential service provider (CSP), reliably identifying themselves. (Source: NIST Special Publication 800-63A)

    Identity provider (Attestation authority): An organization or an entity validating the foundation or contextual claims of a subject and establishing identifier(s) for a subject. E.g. DMV (US) and MTA (Canada) issuing drivers’ licenses; Google / Facebook issuing authentication tokens for their users logging in on other websites.

    Identity validation: The process of confirming or denying the accuracy of identity information of a subject as established by an authorized party. It doesn’t ensure that the presenter is using their own identity.

    Identity verification (Authentication): The process of confirming or denying that the identity presented relates to the subject who is making the claim by comparing the credentials presented with the ones presented during identity proofing.

    Internationalized resource identifier (IRI): IRIs are equivalent to URIs except that IRIs also allow non-ascii characters in the address space, while URIs only allow us-ascii encoding. (Source: w3.org)

    Jurisdiction: A dimension of identity that covers the physical area or virtual space where an identity is legally acceptable for the purpose defined under law. It can be global, like it is for passport, or it can be local within a municipality for specific services. For unverified digital IDs, it can be the social network.

    Multi-factor Authentication (MFA): Multi-factor authentication is a layered approach to securing digital assets (data and applications), where a system requires a user to present a combination of two or more credentials to verify a user’s identity for login. These factors can be a combination of (i) something you know like a password/PIN; (ii) something you have like a token on mobile device; and (iii) something you are like a biometric. (Adapted from https://www.cisa.gov/publication/multi-factor-authentication-mfa)

    Oauth (Open authorization): OAuth is a standard authorization protocol and used for access delegation. It allows internet users to access websites by using credentials managed by a third-party authorization server / Identity Provider. It is designed for HTTP and allows access tokens to be issued by an authorization server to third-party websites. E.g. Google, Facebook, Twitter, LinkedIn use Oauth to delegate access.

    OpenID: OpenID is a Web Authentication Protocol and implements reliance authentication mechanism. It facilitates the functioning of federated identity by allowing a user to use an existing account (e.g. Google, Facebook, Yahoo) to sign into third-party websites without needing to create new credentials. (Source: https://openid.net/).

    Taxonomy – Digital ID ecosystem

    (Alphabetical order)

    Continues...

    Personally identifiable information (PII): PII is a set of attributes which can be used, through direct or indirect means, to infer the real-world identity of the individual whose information is input. E.g. National ID (SSN/SIN/Aadhar) DL, name, date of birth, age, address, age, identifier, university credentials, health condition, email, domain name, website URI (web resolvable) , phone number, credit card number, username/password, public key / private key. (Source: https://www.dol.gov)

    Predicates: The mathematical or logical operations such as equality or greater than on attributes (e.g. prove your salary is greater than x or your age is greater than y) to prove a claim without sharing the actual values.

    Purpose: This dimension of a digital id defines for what purpose digital id can be used. It can be one or many of these – authentication, authorization, activity linking, historical record keeping, social interactions, and machine connectivity for IoT use cases.

    Reliance authentication: Relying on a third-party authentication before providing a service. It is a method followed in a federated entity system.

    Risk-based authentication: A mechanism to protect against account compromise or identity theft. It correlates an authentication request with transitional facts like requester’s location, past frequency of login, etc. to reduce the risk of potential fraud.

    Scheme in trust framework: A specific set of rules (standard and custom) around the use of digital identities and attributes as agreed by one or more organizations. It is useful when those organizations have similar products, services, business processes. (Source: UK Govt. Trust Framework). E.g. Many credit unions agree on how they will use the identity in loan origination and servicing.

    Selective disclosure (Assertion): A way to present one’s identity by sharing only a limited amount information that is critical to make an authentication / authorization decision. E.g. when presenting your credentials, you could share something proving you are 18 years or above, but not share your name, exact age, address, etc.

    Trust: A dimension of an identity, which essentially is a belief in the reliability, truth, ability, or strength of that identity. While in the physical world all acceptable form of identities come with a verified trust, in online domain, it can be unverified. Also, where an identity is only acceptable as per the contract between two entities, but not widely.

    Trust framework: The trust framework is a set of rules that different organizations agree to follow to deliver one or more of their services. This includes legislation, standards, guidance, and the rules in this document. By following these rules, all services and organizations using the trust framework can describe digital identities and attributes they’ve created in a consistent way. This should make it easier for organizations and users to complete interactions and transactions or share information with other trust framework participants. (Source: UK Govt. Trust Framework)

    Taxonomy – Digital ID ecosystem

    (Alphabetical order)

    Continues...

    Uniform resource identifier (URI): A universal name in registered name spaces and addresses referring to registered protocols or name spaces.

    Uniform resource locator (URL): A type of URI which expresses an address which maps onto an access algorithm using network protocols. (Source: https://www.w3.org/)

    Uniform resource name (URN): A type of URI that includes a name within a given namespace but may not be accessible on the internet.

    Usability: A dimension of identity that defines how many times it can be used. While most of the identities are multi-use, a few digital identities are in token form and can be used only once to authenticate oneself.

    Usage mode: A dimension of identity that defines the service mode in which a digital ID can be used. While all digital IDs are made for online usage, many can also be used in offline interactions.

    Verifiable credentials: This W3C standard specification provides a standard way to express credentials on the Web in a way that is cryptographically secure, privacy-respecting, and machine-verifiable. (Source: https://www.w3.org/TR/vc-data-model/)

    X.509 Certificates: X.509 certificates are standard digital documents that represent an entity providing a service to another entity. They're issued by a certification authority (CA), subordinate CA, or registration authority. These certificates play an important role in ascertaining the validity of an identity provider and in turn the identities issued by it. (Source: https://learn.microsoft.com/en-us/azure/iot-hub/reference-x509-certificates)

    Zero-knowledge proofs: A method by which one party (the prover) can prove to another party (the verifier) that something is true, without revealing any information apart from the fact that this specific statement is true. (Source: 1989 SIAM Paper)

    Zero-trust security: A cybersecurity paradigm focused on resource protection and the premise that trust is never granted implicitly but must be continually evaluated. It evaluates each access request as if it is a fraud attempt, and grants access only if it passes the authentication and authorization test. (Source: Adapted from NIST, SP 800-207: Zero Trust Architecture, 2020)

    Related Info-Tech Research

    Build a Zero Trust Roadmap
    Leverage an iterative and repeatable process to apply zero trust to your organization.

    Assess and Govern Identity Security
    Strong identity security and governance are the keys to the zero-trust future.

    Adopt Design Thinking in Your Organization
    Innovation needs design thinking to ensure customer remains at the center of everything the organization does.

    Social Media
    Leveraging Social Media to connect with your customers and educate them to drive the value proposition of your efforts.

    IT Diversity & Inclusion Tactics
    Equip your teams to create an inclusive environment and mobilize inclusion efforts across the organization.


    Research Contributors and Experts

    David Wallace

    David Wallace
    Executive Counselor

    Erik Avakian

    Erik Avakian
    Technical Counselor, Data Architecture and Governance

    Matthew Bourne

    Matthew Bourne
    Managing Partner, Public Sector Global Services

    Mike Tweedie

    Mike Tweedie
    Practice Lead, CIO Research Development

    Aaron Shum

    Aaron Shum
    Vice President, Security & Privacy

    Works Cited

    India Aadhaar PMJDY (https://pmjdy.gov.in/account)
    Theis, S., Rusconi, G., Panggabean, E., Kelly, S. (2020). Delivering on the Potential of Digitized G2P: Driving Women’s Financial Inclusion and Empowerment through Indonesia’s Program Keluarga Harapan. Women’s World Banking.
    DIACC Canada (https://diacc.ca/the-diacc/)
    UK digital identity & attributes trust framework alpha v2 (0.2) - GOV.UK (https://www.gov.uk/government/publications/uk-digital-identity-attributes-trust-framework-updated-version/uk-digital-identity-and-attributes-trust-framework-alpha-version-2)
    Australia Trusted Digital Identity Framework (https://www.digitalidentity.gov.au/tdif#changes)
    eIDAS (https://digital-strategy.ec.europa.eu/en/policies/eidas-regulation)
    Europe Digital Wallet – POTENTIAL (https://www.digital-identity-wallet.eu/)
    Canada PCTF (https://diacc.ca/trust-framework/)
    Identification Revolution: Can Digital ID be harnessed for Development? (Gelb & Metz), 2018
    e-Estonia website (https://e-estonia.com/solutions/e-identity/id-card/)
    Aadhaar Dashboard (https://uidai.gov.in/)
    DIACC Website (https://diacc.ca/the-diacc/)
    Australia Digital ID website (https://www.digitalidentity.gov.au/tdif#changes)
    UK Policy paper - digital identity & attributes trust framework (https://www.gov.uk/government/publications/uk-digital-identity-attributes-trust-framework-updated-version/uk-digital-identity-and-attributes-trust-framework-alpha-version-2)
    Ukraine Govt. website (https://ukraine.ua/invest-trade/digitalization/)
    Singapore SingPass Website (https://www.tech.gov.sg/products-and-services/singpass/)
    Norway BankID Website (https://www.bankid.no/en/private/about-us/)
    Brazil National ID Card website (https://www.gov.br/casacivil/pt-br/assuntos/noticias/2022/julho/nova-carteira-de-identidade-nacional-modelo-unico-a-partir-de-agosto)
    Indonesia Coverage in Professional Security Magazine (https://www.professionalsecurity.co.uk/products/id-cards/indonesian-cards/)
    Philippine ID System (PhilSys) website (https://www.philsys.gov.ph/)
    China coverage on eGovReview (https://www.egovreview.com/article/news/559/china-announces-plans-national-digital-ids)
    Thales Group Website - DHS’s Automated Biometric Identification System IDENT (https://www.thalesgroup.com/en/markets/digital-identity-and-security/government/customer-cases/ident-automated-biometric-identification-system)
    FranceConnect (https://franceconnect.gouv.fr/)
    Germany: Office for authorization cert. (https://www.personalausweisportal.de/Webs/PA/DE/startseite/startseite-node.html)
    Italian Digital Services Authority (https://www.spid.gov.it/en/)
    Monacco Mconnect (https://mconnect.gouv.mc/en)
    Estonia eID (https://e-estonia.com/wp-content/uploads/e-estonia-211022_eng.pdf)
    E-Residency Dashboard (https://www.e-resident.gov.ee/dashboard)
    Unique ID authority of India (https://uidai.gov.in/aadhaar_dashboard/india.php)
    State of Aadhaar (https://www.stateofaadhaar.in/)
    World Bank (https://documents1.worldbank.org/curated/en/219201522848336907/pdf/Private-Sector-Economic-Impacts-from-Identification-Systems.pdf)
    WorldBank - ID4D 2022 Annual Report (https://documents.worldbank.org/en/publication/documents-reports/documentdetail/099437402012317995/idu00fd54093061a70475b0a3b50dd7e6cdfe147)
    Ukraine Govt. Website for Invest and trade (https://ukraine.ua/invest-trade/digitalization/)
    Diia Case study prepared for the office of Canadian senator colin deacon (https://static1.squarespace.com/static/63851cbda1515c69b8a9a2b9/t/6398f63a9d78ae73d2fd5725/1670968891441/2022-case-study-report-diia-mobile-application.pdf)
    Canadian Digital Identity Research (https://diacc.ca/wp-content/uploads/2022/04/DIACC-2021-Research-Report-ENG.pdf)
    Voilà Verified Trustmark (https://diacc.ca/voila-verified/)
    Digital Identity, 06A Federation Onboarding Guidance paper, March 2022 (https://www.digitalidentity.gov.au/sites/default/files/2022-04/TDIF%2006A%20Federation%20Onboarding%20Guidance%20-%20Release%204.6%20%28Doc%20Version%201.2%29.pdf)
    UK digital identity & attributes trust framework alpha v2 (0.2) - GOV.UK (https://www.gov.uk/government/publications/uk-digital-identity-attributes-trust-framework-updated-version/uk-digital-identity-and-attributes-trust-framework-alpha-version-2)
    A United Nations Estimate of KYC/AML (https://www.imf.org/Publications/fandd/issues/2018/12/imf-anti-money-laundering-and-economic-stability-straight)
    India Aadhaar PMJDY (https://pmjdy.gov.in/account)
    Global News (https://globalnews.ca/news/9437913/homeowner-impersonators-lined-32-fraud-cases-ontario-bc/)
    UK Finance Lobby Group (https://www.ukfinance.org.uk/system/files/Half-year-fraud-update-2021-FINAL.pdf) McKinsey Digital ID report ( https://www.mckinsey.com/capabilities/mckinsey-digital/our-insights/digital-identification-a-key-to-inclusive-growth) International Peace Institute ( https://www.ipinst.org/2016/05/information-technology-and-governance-estonia#7)
    E-Estonia Report (https://e-estonia.com/wp-content/uploads/e-estonia-211022_eng.pdf)
    2022 Budget Statement (https://diacc.ca/2022/04/07/2022-budget-statement/)
    World Bank ID4D - Private Sector Economic Impacts from Identification Systems 2018 (https://documents1.worldbank.org/curated/en/219201522848336907/Private-Sector-Economic-Impacts-from-Identification-Systems.pdf)
    DIACC Canada (https://diacc.ca/the-diacc/)
    UK digital identity & attributes trust framework alpha v2 (0.2) - GOV.UK (https://www.gov.uk/government/publications/uk-digital-identity-attributes-trust-framework-updated-version/uk-digital-identity-and-attributes-trust-framework-alpha-version-2)
    https://www.gsma.com/identity/decentralised-identity
    https://www.worldbank.org/content/dam/photos/1440x300/2022/feb/eID_WB_presentation_BS.pdf
    Microsoft Digital signatures and certificates (https://support.microsoft.com/en-us/office/digital-signatures-and-certificates-8186cd15-e7ac-4a16-8597-22bd163e8e96)
    https://www.worldbank.org/content/dam/photos/1440x300/2022/feb/eID_WB_presentation_BS.pdf
    https://www.dona.net/digitalobjectarchitecture
    IAM (https://iam.harvard.edu/)
    NIST Special Publication 800-63A (https://pages.nist.gov/800-63-3/sp800-63a.html)
    https://www.cisa.gov/publication/multi-factor-authentication-mfa
    https://openid.net/
    U.S. DEPARTMENT OF LABOR (https://www.dol.gov/)
    UK govt. trust framework (https://www.gov.uk/government/publications/uk-digital-identity-attributes-trust-framework-updated-version/uk-digital-identity-and-attributes-trust-framework-alpha-version-2)
    https://www.w3.org/
    Verifiable Credentials Data Model v1.1 (https://www.w3.org/TR/vc-data-model/)
    https://learn.microsoft.com/en-us/azure/iot-hub/reference-x509-certificates

    Determine the Future of Microsoft Project in Your Organization

    • Buy Link or Shortcode: {j2store}357|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $125,999 Average $ Saved
    • member rating average days saved: 50 Average Days Saved
    • Parent Category Name: Project Management Office
    • Parent Category Link: /project-management-office
    • You use Microsoft tools to manage your work, projects, and/or project portfolio.
    • Its latest offering, Project for the web, is new and you’re not sure what to make of it. Microsoft says it will soon replace Microsoft Project and Project Online, but the new software doesn’t seem to do what the old software did.
    • The organization has adopted M365 for collaboration and work management. Meetings happen on Teams, projects are scoped a bit with Planner, and the operations group uses Azure Boards to keep track of what they need to get done.
    • Despite your reservations about the new project management software, Microsoft software has become even more ubiquitous.

    Our Advice

    Critical Insight

    • The various MS Project offerings (but most notably the latest, Project for the web) hold the promise of integrating with the rest of M365 into a unified work management solution. However, out of the box, Project for the web and the various platforms within M365 are all disparate utilities that need to be pieced together in a purpose-built manner to make use of them for holistic work management purposes. If you’re looking for a cohesive product out of the box, look elsewhere. If you’re looking to assemble a wide array of work, project, and portfolio management functions across different functions and departments, you may have found what you seek.
    • Rather than choosing tools based on your gaps, assess your current maturity level so that you optimize your investment in the Microsoft landscape.

    Impact and Result

    Follow Info-Tech’s path in this blueprint to:

    • Perform a tool audit to trim your work management tool landscape.
    • Navigate the MS Project and M365 licensing landscape.
    • Make sense of what to do with Project for the web and take the right approach to rolling it out (i.e. DIY or MS Gold Partner driven) based upon your needs.
    • Create an action plan to inform next steps.

    After following the program in this blueprint, you will be prepared to advise the organization on how to best leverage the rapidly shifting work management options within M365 and the place of MS Project within it.

    Determine the Future of Microsoft Project in Your Organization Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should make sense of the MS Project and M365 landscapes, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Determine your tool needs

    Assess your work management tool landscape, current state maturity, and licensing needs to inform a purpose-built work management action plan.

    • M365 Task Management Tool Guide
    • M365 Project Management Tool Guide
    • M365 Project Portfolio Management Tool Guide
    • Tool Audit Workbook
    • Force Field Analysis Tool
    • Microsoft Project & M365 Licensing Tool
    • Project Portfolio Management Maturity Assessment Workbook (With Tool Analysis)
    • Project Management Maturity Assessment Workbook (With Tool Analysis)

    2. Weigh your MS Project implementation options

    Get familiar with Project for the web’s extensibility as well as the MS Gold Partner ecosystem as you contemplate the best implementation approach(s) for your organization.

    • None
    • None

    3. Finalize your implementation approach

    Prepare a boardroom-ready presentation that will help you communicate your MS Project and M365 action plan to PMO and organizational stakeholders.

    • Microsoft Project & M365 Action Plan Template

    Infographic

    Workshop: Determine the Future of Microsoft Project in Your Organization

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess Driving Forces and Risks

    The Purpose

    Assess the goals and needs as well as the risks and constraints of a work management optimization.

    Take stock of your organization’s current work management tool landscape.

    Key Benefits Achieved

    Clear goals and alignment across workshop participants as well as an understanding of the risks and constraints that will need to be mitigated to succeed.

    Current-state insight into the organization’s work management tool landscape.

    Activities

    1.1 Review the business context.

    1.2 Explore the M365 work management landscape.

    1.3 Identify driving forces for change.

    1.4 Analyze potential risks.

    1.5 Perform current-state analysis on work management tools.

    Outputs

    Business context

    Current-state understanding of the task, project, and portfolio management options in M365 and how they align with the organization’s ways of working

    Goals and needs analysis

    Risks and constraints analysis

    Work management tool overview

    2 Determine Tool Needs and Process Maturity

    The Purpose

    Determine your organization’s work management tool needs as well as its current level of project management and project portfolio management process maturity.

    Key Benefits Achieved

    An understanding of your tooling needs and your current levels of process maturity.

    Activities

    2.1 Review tool audit dashboard and conduct the final audit.

    2.2 Identify current Microsoft licensing.

    2.3 Assess current-state maturity for project management.

    2.4 Define target state for project management.

    2.5 Assess current-state maturity for project portfolio management.

    2.6 Define target state for project portfolio management.

    Outputs

    Tool audit

    An understanding of licensing options and what’s needed to optimize MS Project options

    Project management current-state analysis

    Project management gap analysis

    Project portfolio management current-state analysis

    Project portfolio management gap analysis

    3 Weigh Your Implementation Options

    The Purpose

    Take stock of your implementation options for Microsoft old project tech and new project tech.

    Key Benefits Achieved

    An optimized implementation approach based upon your organization’s current state and needs.

    Activities

    3.1 Prepare a needs assessment for Microsoft 365 and Project Plan licenses.

    3.2 Review the business case for Microsoft licensing.

    3.3 Get familiar with Project for the web.

    3.4 Assess the MS Gold Partner Community.

    3.5 Conduct a feasibility test for PFTW.

    Outputs

    M365 and Project Plan needs assessment

    Business case for additional M365 and MS Project licensing

    An understand of Project for the web and how to extend it

    MS Gold Partner outreach plan

    A go/no-go decision for extending Project for the web on your own

    4 Finalize Implementation Approach

    The Purpose

    Determine the best implementation approach for your organization and prepare an action plan.

    Key Benefits Achieved

    A purpose-built implementation approach to help communicate recommendations and needs to key stakeholders.

    Activities

    4.1 Decide on the implementation approach.

    4.2 Identify the audience for your proposal.

    4.3 Determine timeline and assign accountabilities.

    4.4 Develop executive summary presentation.

    Outputs

    An implementation plan

    Stakeholder analysis

    A communication plan

    Initial executive presentation

    5 Next Steps and Wrap-Up (offsite)

    The Purpose

    Finalize your M365 and MS Project work management recommendations and get ready to communicate them to key stakeholders.

    Key Benefits Achieved

    Time saved in developing and communicating an action plan.

    Stakeholder buy-in.

    Activities

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Outputs

    Finalized executive presentation

    A gameplan to communicate your recommendations to key stakeholders as well as a roadmap for future optimization

    Further reading

    Determine the Future of Microsoft Project in Your Organization

    View your task management, project management, and project portfolio management options through the lens of M365.

    EXECUTIVE BRIEF

    Analyst Perspective

    Microsoft Project is an enigma

    Microsoft Project has dominated its market since being introduced in the 1980s, yet the level of adoption and usage per license is incredibly low.

    The software is ubiquitous, mostly considered to represent its category for “Project Management.” Yet, the software is conflated with its “Portfolio Management” offerings as organizations make platform decisions with Microsoft Project as the incorrectly identified incumbent.

    And incredibly, Microsoft has dominated the next era of productivity software with the “365” offerings. Yet, it froze the “Project” family of offerings and introduced the not-yet-functional “Project for the web.”

    Having a difficult time understanding what to do with, and about, Microsoft Project? You’re hardly alone. It’s not simply a question of tolerating, embracing, or rejecting the product: many who choose a competitor find they’re still paying for Microsoft Project-related licensing for years to come.

    If you’re in the Microsoft 365 ecosystem, use this research to understand your rapidly shifting landscape of options.

    (Barry Cousins, Project Portfolio Management Practice Lead, Info-Tech Research Group)

    Executive Summary

    Your Challenge

    You use Microsoft (MS) tools to manage your work, projects, and/or project portfolio.

    Their latest offering, Project for the web, is new and you’re not sure what to make of it. Microsoft says it will soon replace Microsoft Project and Project Online, but the new software doesn’t seem to do what the old software did.

    The organization has adopted M365 for collaboration and work management. Meetings happen on Teams, projects are scoped a bit with Planner, and the operations group uses Azure Boards to keep track of what they need to get done.

    Despite your reservations about the new project management software, Microsoft software has become even more ubiquitous.

    Common Obstacles

    M365 provides the basic components for managing tasks, projects, and project portfolios, but there is no instruction manual for making those parts work together.

    M365 isn’t the only set of tools at play. Business units and teams across the organization have procured other non-Microsoft tools for work management without involving IT.

    Microsoft’s latest project offering, Project for the web, is still evolving and you’re never sure if it is stable or ready for prime time. The missing function seems to involve the more sophisticated project planning disciplines, which are still important to larger, longer, and costlier projects.

    Common Obstacles

    Follow Info-Tech’s path in this blueprint to:

    • Perform a tool audit to trim your work management tool landscape.
    • Navigate the MS Project and M365 licensing landscape.
    • Make sense of what to do with Project for the web and take the right approach to rolling it out (i.e. DIY or MS Gold Partner driven) for your needs.
    • Create an action plan to inform next steps.

    After following the program in this blueprint, you will be prepared to advise the organization on how to best leverage the rapidly shifting work management options within M365 and the place of MS Project within it.

    M365 and, within it, O365 are taking over

    Accelerated partly by the pandemic and the move to remote work, Microsoft’s market share in the work productivity space has grown exponentially in the last two years.

    70% of Fortune 500 companies purchased 365 from Sept. 2019 to Sept. 2020. (Thexyz blog, 2020)

    In its FY21 Q2 report, Microsoft reported 47.5 million M365 consumer subscribers – an 11.2% increase from its FY20 Q4 reporting. (Office 365 for IT Pros, 2021)

    As of September 2020, there were 258,000,000 licensed O365 users. (Thexyz blog, 2020)

    In this blueprint, we’ll look at what the what the phenomenal growth of M365 means for PMOs and project portfolio practitioners who identify as Microsoft shops

    The market share of M365 warrants a fresh look at Microsoft’s suite of project offerings

    For many PMO and project portfolio practitioners, the footprint of M365 in their organizations’ work management cultures is forcing a renewed look at Microsoft’s suite of project offerings.

    The complicating factor is this renewed look comes at a transitional time in Microsoft’s suite of project and portfolio offerings.

    • The market dominance of MS Project Server and Project Online are wanning, with Microsoft promising the end-of-life for Online sometime in the coming years.
    • Project Online’s replacement, Project for the web, is a viable task management and lightweight project management tool, but its viability as a replacement for the rigor of Project Online is at present largely a question mark.
    • Related to the uncertainty and promise around Project for the web, the Dataverse and the Power Platform offer a glimpse into a democratized future of work management tools but anything specific about that future has yet to solidify.

    Microsoft Project has 66% market share in the project management tool space. (Celoxis, 2018)

    A copy of MS project is sold or licensed every 20 seconds. (Integent, 2013)

    MS Project is evolving to meet new work management realities

    It also evolved to not meet the old project management realities.

    • The lines between traditional project management and operational task management solutions are blurring as organizations struggle to keep up with demands.
    • To make the software easier to use, modern work management doesn’t involve the complexities from days past. You won’t find anywhere to introduce complex predecessor-successor relationships, unbalanced assignments with front-loading or back-loading, early-start/late-finish, critical path, etc.
    • “Work management” is among the latest buzzwords in IT consulting. With Project for the web (PFTW), Azure Boards, and Planner, Microsoft is attempting to compete with lighter and better-adopted tools like Trello, Basecamp, Asana, Wrike, and Monday.com.
    • Buyers of project and work management software have struggled to understand how PFTW will still be usable if it gets the missing project management function from MS Project.

    Info-Tech Insight

    Beware of the Software Granularity Paradox.

    Common opinion 1: “Plans and estimates that are granular enough to be believable are too detailed to manage and maintain.”

    Common opinion 2: “Plans simple enough to publish aren’t detailed enough to produce believable estimates.”

    In other words, software simple enough to get widely adopted doesn’t produce believable plans. Software that can produce believable plans is too complex to use at scale.

    A viable task and project management option must walk the line between these dichotomies.

    M365 gives you the pieces, but it’s on PMO users to piece them together in a viable way

    With the new MS Project and M365, it’s on PMOs to avoid the granularity paradox and produce a functioning solution that fits with the organization’s ways of working.

    Common perception still sees Microsoft Project as a rich software tool. Thus, when we consider the next generation of Microsoft Project, it’s easy to expect a newer and friendlier version of what we knew before.

    In truth, the new solution is a collection of partially integrated but largely disparate tools that each satisfy a portion of the market’s needs. While it looks like a rich collection of function when viewed through high-level requirements, users will find:

    • Overlaps, where multiple tools satisfy the same functional requirement (e.g. “assign a task”)
    • Gaps, where a tool doesn’t quite do enough and you’re forced to incorporate another tool (e.g. reverting back to Microsoft Project for advanced resource planning)
    • Islands, where tools don’t fluently talk to each other (e.g. Planner data integrated in real-time with portfolio data, which requires clunky, unstable, decentralized end-user integrations with Microsoft Power Automate)
    A colourful arrangement of Microsoft programs arranged around a pile of puzzle pieces.

    Info-Tech's approach

    Use our framework to best leverage the right MS Project offerings and M365 components for your organization’s work management needs.

    The Info-Tech difference:

    1. A simple to follow framework to help you make sense of a chaotic landscape.
    2. Practical and tactical tools that will help you save time.
    3. Leverage industry best practices and practitioner-based insights.
    An Info-Tech framework titled 'Determine the Future of Microsoft Project in Your Organization, subtitle 'View your task, project, and portfolio management options through the lens of Microsoft 365'. There are four main sections titled 'Background', 'Approaches', 'Deployments', and 'Portfolio Outcomes'. In '1) Background' are 'Analyze Content', 'Assess Constraints', and 'Determine Goals and Needs'. In '2) Approaches' are 'DIY: Are you ready to do it yourself?' 'Info-Tech: Can our analysts help?', and 'MS Gold Partner: Are you better off with a third party?'. In '3) Deployments' are five sections: 'Personal Task Management', Barriers to Portfolio Outcomes: Isolated to One Person. 'Team Task Management', Barriers to Portfolio Outcomes: Isolated to One Team. 'Project Portfolio Management', Barriers to Portfolio Outcomes: Isolated to One Project. 'Project Management', Barriers to Portfolio Outcomes: Functionally Incomplete. 'Enterprise Project and Portfolio Management', Barriers to Portfolio Outcomes: Underadopted. In '4) Portfolio Outcomes' are 'Informed Steering Committee', 'Increased Project Throughput', 'Improved Portfolio Responsiveness', 'Optimized Resource Utilization', and 'Reduced Monetary Waste'.

    Determine the Future of Microsoft Project in Your Organization

    View your task, project, and portfolio management options through the lens of Microsoft 365.

    1. Background

    • Analyze Content
    • Assess Constraints
    • Determine Goals and Needs

    2. Approaches

    • DIY – Are you ready to do it yourself?
    • Info-Tech – Can our analysts help?
    • MS Gold Partner – Are you better off with a third party?

    3. Deployments

      Task Management

    • Personal Task Management
      • Who does it? Knowledge workers
      • What is it? To-do lists
      • Common Approaches
        • Paper list and sticky notes
        • Light task tools
      • Applications
        • Planner
        • To Do
      • Level of Rigor 1/5
      • Barriers to Portfolio Outcomes: Isolated to One Person
    • Team Task Management
      • Who does it? Groups of knowledge workers
      • What is it? Collaborative to-do lists
      • Common Approaches
        • Kanban boards
        • Spreadsheets
        • Light task tools
      • Applications
        • Planner
        • Azure Boards
        • Teams
      • Level of Rigor 2/5
      • Barriers to Portfolio Outcomes: Isolated to One Team
    • Project Management

    • Project Portfolio Management
      • Who does it? PMO Directors, Portfolio Managers
      • What is it?
        • Centralized list of projects
        • Request and intake handling
        • Aggregating reporting
      • Common Approaches
        • Spreadsheets
        • PPM software
        • Roadmaps
      • Applications
        • Project for the Web
        • Power Platform
      • Level of Rigor 3/5
      • Barriers to Portfolio Outcomes: Isolated to One Project
    • Project Management
      • Who does it? Project Managers
      • What is it? Deterministic scheduling of related tasks
      • Common Approaches
        • Spreadsheets
        • Lists
        • PM software
        • PPM software
      • Applications
        • Project Desktop Client
      • Level of Rigor 4/5
      • Barriers to Portfolio Outcomes: Functionally Incomplete
    • Enterprise Project and Portfolio Management

    • Enterprise Project and Portfolio Management
      • Who does it? PMO and ePMO Directors, Portfolio Managers, Project Managers
      • What is it?
        • Centralized request and intake handling
        • Resource capacity management
        • Deterministic scheduling of related tasks
      • Common Approaches
        • PPM software
      • Applications
        • Project Online
        • Project Desktop Client
        • Project Server
      • Level of Rigor 5/5
      • Barriers to Portfolio Outcomes: Underadopted

    4. Portfolio Outcomes

    • Informed Steering Committee
    • Increased Project Throughput
    • Improved Portfolio Responsiveness
    • Optimized Resource Utilization
    • Reduced Monetary Waste

    Info-Tech's methodology for Determine the Future of MS Project for Your Organization

    1. Determine Your Tool Needs

    2. Weigh Your MS Project Implementation Options

    3. Finalize Your Implementation Approach

    Phase Steps

    1. Survey the M365 Work Management Tools
    2. Perform a Process Maturity Assessment to Help Inform Your M365 Starting Point
    3. Consider the Right MS Project Licenses for Your Stakeholders
    1. Get Familiar With Extending Project for the Web Using Power Apps
    2. Assess the MS Gold Partner Community
    1. Prepare an Action Plan

    Phase Outcomes

    1. Work Management Tool Audit
    2. MS Project and Power Platform Licensing Needs
    3. Project Management and Project Portfolio Management Maturity Assessment
    1. Project for the Web Readiness Assessment
    2. MS Gold Partner Outreach Plan
    1. MS Project and M365 Action Plan Presentation

    Insight Summary

    Overarching blueprint insight: Microsoft Parts Sold Separately. Assembly required.

    The various MS Project offerings (but most notably the latest, Project for the web) hold the promise of integrating with the rest of M365 into a unified work management solution. However, out of the box, Project for the web and the various platforms within M365 are all disparate utilities that need to be pieced together in a purpose-built manner to make use of them for holistic work management purposes.

    If you’re looking for a cohesive product out of the box, look elsewhere. If you’re looking to assemble a wide array of work, project, and portfolio management functions across different functions and departments, you may have found what you seek

    Phase 1 insight: Align your tool choice to your process maturity level.

    Rather than choosing tools based on your gaps, make sure to assess your current maturity level so that you optimize your investment in the Microsoft landscape.

    Phase 2 insight: Weigh your options before jumping into Microsoft’s new tech.

    Microsoft’s new Project plans (P1, P3, and P5) suggest there is a meaningful connection out of the box between its old tech (Project desktop, Project Server, and Project Online) and its new tech (Project for the web).

    However, the offerings are not always interoperable.

    Phase 3 insight: Keep the iterations small as you move ahead with trials and implementations.

    Organizations are changing as fast as the software we use to run them.

    If you’re implementing parts of this platform, keep the changes small as you monitor the vendors for new software versions and integrations.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverable: Microsoft Project & M365 Action Plan Template

    The Action Plan will help culminate and present:

    • Context and Constraints
    • DIY Implementation Approach
    Or
    • MS Partner Implementation Approach
    • Future-State Vision and Goals
    Samples of Info-Tech's key deliverable 'Microsoft Project and M365 Action Plan Template'.

    Tool Audit Workbook

    Sample of Info-Tech deliverable 'Tool Audit Workbook'.

    Assess your organization's current work management tool landscape and determine what tools drive value for individual users and teams and which ones can be rationalized.

    Force Field Analysis

    Sample of Info-Tech deliverable 'Force Field Analysis'.

    Document the driving and resisting forces for making a change to your work management tools.

    Maturity Assessments

    Sample of Info-Tech deliverable 'Maturity Assessments'.

    Use these assessments to identify gaps in project management and project portfolio management processes. The results will help guide process improvement efforts and measure success and progress.

    Microsoft Project & M365 Licensing Tool

    Sample of Info-Tech deliverable 'Microsoft Project and M365 Licensing Tool'.

    Determine the best licensing options and approaches for your implementation of Microsoft Project.

    Curate your work management tools to harness valuable portfolio outcomes

    • Increase Project Throughput

      Do more projects by ensuring the right projects and the right amount of projects are approved and executed.
    • Support an Informed Steering Committee

      Easily compare progress of projects across the portfolio and enable the leadership team to make decisions.
    • Improve portfolio responsiveness

      Make the portfolio responsive to executive steering when new projects and changing priorities need rapid action.
    • Optimize Resource Utilization

      Assign the right resources to approved projects and minimize the chronic over-allocation of resources that leads to burnout.
    • Reduce Monetary Waste

      Terminate low-value projects early and avoid sinking additional funds into unsuccessful ventures.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 6 to 8 calls over the course of 3 to 4 months.

      Introduction

    • Call #1: Scope requirements, objectives, and your specific challenges.
    • Phase 1

    • Call #2: Explore the M365 work management landscape.
    • Call #3: Discuss Microsoft Project Plans and their capabilities.
    • Call #4: Assess current-state maturity.
    • Phase 2

    • Call #5: Get familiar with extending Project for the web using Power Apps.
    • Call #6: Assess the MS Gold Partner Community.
    • Phase 3

    • Call #7: Determine approach and deployment.
    • Call #8: Discuss action plan.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1
    Assess Driving Forces and Risks

    Day 2
    Determine Tool Needs and Process Maturity

    Day 3
    Weigh Your Implementation Options

    Day 4
    Finalize Implementation Approach

    Day 5
    Next Steps and Wrap-Up (offsite)

    Activities

    • 1.1 Review the business context.
    • 1.2 Explore the M365 work management landscape.
    • 1.3 Identify driving forces for change.
    • 1.4 Analyze potential risks.
    • 1.5 Perform current-state analysis on work management tools.
    • 2.1 Review tool audit dashboard and conduct the final audit.
    • 2.2 Identify current Microsoft licensing.
    • 2.3 Assess current-state maturity for project management.
    • 2.4 Define target state for project management.
    • 2.5 Assess current-state maturity for project portfolio management.
    • 2.6 Define target state for project portfolio management.
    • 3.1 Prepare a needs assessment for Microsoft 365 and Project Plan licenses.
    • 3.2 Review the business case for Microsoft licensing.
    • 3.3 Get familiar with Project for the web.
    • 3.4 Assess the MS Gold Partner Community.
    • 3.5 Conduct a feasibility test for PFTW.
    • 4.1 Decide on the implementation approach.
    • 4.2 Identify the audience for your proposal.
    • 4.3 Determine timeline and assign accountabilities.
    • 4.4 Develop executive summary presentation.
    • 5.1 Complete in-progress deliverables from previous four days.
    • 5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    1. Force Field Analysis
    2. Tool Audit Workbook
    1. Tool Audit Workbook
    2. Project Management Maturity Assessment
    3. Portfolio Management Maturity Assessment
    1. Microsoft Project and M365 Licensing Tool
    1. Microsoft Project & M365 Action Plan
    1. Microsoft Project & M365 Action Plan

    Determine the Future of Microsoft Project for Your Organization

    Phase 1: Determine Your Tool Needs

    Phase 1: Determine Your Tool Needs

    Phase 2: Weigh Your Implementation Options Phase 3: Finalize Your Implementation Approach
    • Step 1.1: Survey the M365 work management landscape
    • Step 1.2: Explore the Microsoft Project Plans and their capabilities
    • Step 1.3: Assess the maturity of your current PM & PPM capabilities
    • Step 2.1: Get familiar with extending Project for the web using Power Apps
    • Step 2.2: Assess the MS Gold Partner Community
    • Step 3.1: Prepare an action plan

    Phase Outcomes

    • Tool Audit
    • Microsoft Project Licensing Analysis
    • Project Management Maturity Assessment
    • Project Portfolio Management Maturity Assessments

    Step 1.1

    Survey the M365 Work Management Landscape

    Activities

    • 1.1.1 Distinguish between task, project, and portfolio capabilities
    • 1.1.2 Review Microsoft’s offering for task, project, and portfolio management needs
    • 1.1.4 Assess your organizational context and constraints
    • 1.1.3 Explore typical deployment options

    This step will walk you through the following activities:

    • Assessing your organization’s context for project and project portfolio management
    • Documenting the organization’s constraints
    • Establishing the organization’s goals and needs

    This step involves the following participants:

    • PMO Director
    • Resource Managers
    • Project Managers
    • Knowledge Workers

    Outcomes of Step

    • Knowledge of the Microsoft ecosystem as it relates to task, project, and portfolio management
    • Current organizational context and constraints

    Don’t underestimate the value of interoperability

    The whole Microsoft suite is worth more than the sum of its parts … if you know how to put it together.

    38% of the worldwide office suite market belongs to Microsoft. (Source: Statistica, 2021)

    1 in 3 small to mid-sized organizations moving to Microsoft Project say they are doing so because it integrates well with Office 365. (Source: CBT Nuggets, 2018)

    There’s a gravity to the Microsoft ecosystem.

    And while there is no argument that there are standalone task management tools, project management tools, or portfolio management tools that are likely more robust, feature-rich, and easier to adopt, it’s rare that you find an ecosystem that can do it all, to an acceptable level.

    That is the value proposition of Microsoft: the ubiquity, familiarity, and versatility. It’s the Swiss army knife of software products.

    The work management landscape is evolving

    With M365, Microsoft is angling to become the industry leader, and your organization’s hub, for work management.

    Workers lose up to 40% of their time multi-tasking and switching between applications. (Bluescape, 2018)

    25 Context switches – On average, workers switch between 10 apps, 25 times a day. (Asana, 2021)

    “Work management” is among the latest buzzwords in IT consulting.

    What is work management? It was born of a blurring of the traditional lines between operational or day-to-day tasks and project management tasks, as organizations struggle to keep up with both operational and project demands.

    To make the software easier to use, modern work management doesn’t involve the complexities from days past. You won’t find anywhere to introduce complex predecessor-successor relationships, unbalanced assignments with front-loading or back-loading, early-start/late-finish, critical path, etc.

    Indeed, with Project for the web, Azure Boards, Planner, and other M365 utilities, Microsoft is attempting to compete with lighter and better-adopted tools (e.g. Trello, Wike, Monday.com).

    The Microsoft world of work management can be understood across three broad categories

    1. Task Management

      Task management is essentially the same as keeping track of a to-do list. While you can have a project-related task, you can also have a non-project-related task. The sum of project and non-project tasks make up the work that you need to complete.
    2. Project Management

      Project management (PM) is a methodical approach to planning and guiding project processes from start to finish. Implementing PM processes helps establish repeatable steps and controls that enable project success. Documentation of PM processes leads to consistent results and dependable delivery on expectations.
    3. Portfolio Management

      Project portfolio management (PPM) is a strategic approach to approving, prioritizing, resourcing, and reporting on project. In addition, effective PPM should nurture the completion of projects in the portfolio in the most efficient way and track the extent to which the organization is realizing the intended benefits from completed projects.

    The slides ahead explain each of these modes of working in the Microsoft ecosystem in turn. Further, Info-Tech’s Task, Project, and Project Portfolio Management Tool Guides explain these areas in more detail.

    Use Info-Tech’s Tool Guides assess your MS Project and M365 work management options

    Lean on Info-Tech’s Tool Guides as you navigate Microsoft’s tasks management, project management, and project portfolio management options.

    • The slides ahead take you through a bird’s-eye view of what your MS Project and M365 work management options look like across Info-Tech’s three broad categories
    • In addition to these slides, Info-Tech has three in-depth tool guides that take you through your operational task management, project management, and project portfolio management options in MS Project and M365.
    • These tool guides can be leveraged as you determine whether Microsoft has the required toolset for your organization’s task, project, and project portfolio management needs.

    Download Info-Tech’s Task Management, Project Management, and Project Portfolio Management Tool Guides

    Task Management Overview

    What is task management?

    • It is essentially the same as keeping track of a to-do list. While you can have a project-related task, you can also have a non-project-related task. The sum of project and non-project tasks make up the work that you need to complete.

    What are the benefits of task management using applications within the MS suite?

    • Many organizations already own the tools and don't have to go out and buy something separately.
    • There is easy integration with other MS applications.

    What is personal task management?

    • Tools that allow you to structure work that is visible only to you. This can include work from tasks you are going to be completing for yourself and tasks you are completing as part of a larger work effort.

    What is team task management?

    • Tools that allow users to structure work that is visible to a group. When something is moved or changed, it affects what the group is seeing because it is a shared platform.

    Get familiar with the Microsoft product offerings for task management

    A diagram of Microsoft products and what they can help accomplish. It starts on the right with 'Teams' and 'Outlook'. Both can flow through to 'Personal Task Management' with products 'Teams Tasks' and 'To-Do', but Teams also flows into 'Team Task Management' with products 'Planner' and 'Project for the web'. See the next two slides for more details on these modes of working.

    Download the M365 Task Management Tool Guide

    Personal Task Management

    The To-Do list

    • Who does it?
      • Knowledge workers
    • What is it?
      • How each knowledge worker organizes their individual work tasks in M365
    • When is it done?
      • As needed throughout the day
    • Where is it done?
      • Paper
      • Digital location
    • How is it done?
      • DIY and self-developed
      • Usually not repeatable and evolves depending on work location and tools available
      • Not governed

    Microsoft differentiator:

    Utilities like Planner and To-Do make it easier to turn what are often ad hoc approaches into a more repeatable process.

    Team Task Management

    The SharedTo-Do list

    • Who does it?
      • Groups of knowledge workers
    • What is it?
      • Temporary and permanent collections of knowledge workers
    • When is it done?
      • As needed or on a pre-determined cadence
    • Where is it done?
      • Paper
      • Digital location
    • How is it done?
      • User norms are established organically and adapted based upon the needs of the team.
      • To whatever extent processes are repeatable in the first place, they remain repeatable only if the team is a collective.
      • Usually governed within the team and not subject to wider visibility.

    Microsoft differentiator:

    Teams has opened personal task management tactics up to more collaborative approaches.

    Project Management Overview

    2003

    Project Server: This product serves many large enterprise clients, but Microsoft has stated that it is at end of life. It is appealing to industries and organizations where privacy is paramount. This is an on-premises system that combines servers like SharePoint, SQL, and BI to report on information from Project Desktop Client. To realize the value of this product, there must be adoption across the organization and engagement at the project-task level for all projects within the portfolio.

    2013

    Project Online: This product serves many medium enterprise clients. It is appealing for IT departments who want to get a rich set of features that can be used to intake projects, assign resources, and report on project portfolio health. It is a cloud solution built on the SharePoint platform, which provides many users a sense of familiarity. However, due to the bottom-up reporting nature of this product, again, adoption across the organization and engagement at the project task level for all projects within the portfolio is critical.

    2020

    Project for the web: This product is the newest on the market and is quickly being evolved. Many O365 enthusiasts have been early adopters of Project for the web despite its limited features when compared to Project Online. It is also a cloud solution that encourages citizen developers by being built on the MS Power Platform. This positions the product well to integrate with Power BI, Power Automate, and Power Apps. It is, so far, the only MS product that lends itself to abstracted portfolio management, which means it doesn’t rely on project task level engagement to produce portfolio reports. The portfolio can also run with a mixed methodology by funneling Project, Azure Boards, and Planner boards into its roadmap function.

    Get familiar with the Microsoft product offerings for project management

    A diagram of Microsoft products and what they can help accomplish in Personal and Team Project Management. Products listed include 'Project Desktop Client', 'Project Online', 'SharePoint', 'Power Platform', 'Azure DevOps', 'Project for the web', Project Roadmap', 'Project Home', and 'Project Server'. See the next slide for more details on personal and team project management as modes of working.

    Download the M365 Project Management Tool Guide

    Project Management

    Orchestrating the delivery of project work

    • Who does it?
      • Project managers
    • What is it?
      • Individual project managers developing project plans and schedules in the MS Project Desktop Client
    • When is it done?
      • Throughout the lifecycle of the project
    • Where is it done?
      • Digital location
    • How is it done?
      • Used by individual project managers to develop and manage project plans.
      • Common approaches may or may not involve reconciliation of resource capacity through integration with Active Directory.
      • Sometimes usage norms are established by organizational project management governance standards, though individual use of the desktop client is largely ungoverned.

    Microsoft differentiator:

    For better or worse, Microsoft’s core solution is veritably synonymous with project management itself and has formally contributed to the definition of the project management space.

    Project Portfolio Management Overview

    Optimize what you’re already using and get familiar with the Power Platform.

    What does PPM look like within M365?

    • The Office suite in the Microsoft 365 suite boasts the world’s most widely used application for the purposes of abstracted and strategic PPM: Excel. For the purposes of PPM, Excel is largely implemented in a suboptimal fashion, and as a result, organizations fail to gain PPM adoption and maturation through its use.
    • Until very recently, Microsoft toolset did not explicitly address abstracted PPM needs.
    • However, with the latest version of M365 and Project for the web, Microsoft is boasting of renewed PPM capabilities from its toolset. These capabilities are largely facilitated through what Microsoft is calling its Power Platform (i.e. a suite of products that includes Power, Power Apps, and Power Automate).

    Explore the Microsoft product offering for abstracted project portfolio management

    A diagram of Microsoft products for 'Adaptive or Abstracted Portfolio Management'. Products listed include 'Excel', 'MS Lists', 'Forms', 'Teams', and the 'Power Platform' products 'Power BI', 'Power Apps', and 'Power Automate'. See the next slide for more details on adaptive or abstracted portfolio management as a mode of working.

    Download the M365 Project Portfolio Management Tool Guide

    Project Portfolio Management

    Doing the right projects, at the right time, with the right resources

    • Who does it?
      • PMO directors; portfolio managers
    • What is it?
      A strategic approach to approving, prioritizing, resourcing, and reporting on projects using applications in M365 and Project for the web. In distinction to enterprise PPM, a top-down or abstracted approach is applied, meaning PPM data is not tied to project task details.
    • Where is it done?
      • Digital tool, either homegrown or commercial
    • How is it done?
      • Currently in M365, PPM approaches are largely self-developed, though Microsoft Gold Partners are commonly involved.
      • User norms are still evolving, along with the software’s (Project for the web) function.

    Microsoft differentiator:

    Integration between Project for the web and Power Apps allows for custom approaches.

    Project Portfolio Management Overview

    Microsoft’s legacy project management toolset has contributed to the definition of traditional or enterprise PPM space.

    A robust and intensive bottom-up approach that requires task level roll-ups from projects to inform portfolio level data. For this model to work, reconciliation of individual resource capacity must be universal and perpetually current.

    If your organization has low or no maturity with PPM, this approach will be tough to make successful.

    In fact, most organizations under adopt the tools required to effectively operate with the traditional project portfolio management. Once adopted and operationalized, this combination of tools gives the executives the most precise view of the current state of projects within the portfolio.

    Explore the Microsoft product offering for enterprise project portfolio management

    A diagram of Microsoft products for 'Enterprise or Traditional Portfolio Management'. Products listed include 'Project Desktop Client', 'SharePoint', 'Project Online', 'Azure DevOps', 'Project Roadmaps', and 'Project Home'. See the next slide for more details on this as a mode of working.

    Download the M365 Project Portfolio Management Tool Guide

    Enterprise Project and Portfolio Management

    Bottom-up approach to managing the project portfolio

    • Who does it?
      • PMO and ePMO directors; portfolio managers
      • Project managers
    • What is it?
      • A strategic approach to approving, prioritizing, resourcing, and reporting on projects using applications in M365 and Project for the web. In distinction to enterprise PPM, a top-down or abstracted approach is applied, meaning PPM data is not tied to project task details.
    • Where is it done?
      • Digital tool that is usually commercial.
    • How is it done?
      • Microsoft Gold Partner involvement is highly likely in successful implementations.
      • Usage norms are long established and customized solutions are prevalent.
      • To be successful, use must be highly governed.
      • Reconciliation of individual resource capacity must be universal and perpetually current.

    Microsoft differentiator:

    Microsoft’s established network of Gold Partners helps to make this deployment a viable option.

    Assess your current tool ecosystem across work management categories

    Use Info-Tech’s Tool Audit Workbook to assess the value and satisfaction for the work management tools currently in use.

    • With the modes of working in mind that have been addressed in the previous slides and in Info-Tech’s Tool Guides, the activity slides ahead encourage you to engage your wider organization to determine all of the ways of working across individuals and teams.
    • Depending on the scope of your work management optimization, these engagements may be limited to IT or may extend to the business.
    • Use Info-Tech’s Tool Audit Workbook to help you gather and make sense of the tool data you collect. The result of this activity is to gain insight into the tools that drive value and fail to drive value across your work management categories with a view to streamline the organization’s tool ecosystem.

    Download Info-Tech’s Tool Audit Workbook

    Sample of Info-Tech's Tool Audit Workbook.

    1.2.1 Compile list of tools

    1-3 hours

    Input: Information on tools used to complete task, project, and portfolio tasks

    Output: Analyzed list of tools

    Materials: Whiteboard/Flip Charts, Tool Audit Workbook

    Participants: Portfolio Manager (PMO Director), PMO Admin Team, Project Managers, Business Stakeholders

    1. Identify the stakeholder groups that are in scope. For each group that you’ve identified, brainstorm the different tools and artifacts that are necessary to get the task, project, and project portfolio management functions done.
    2. Make sure to record the tool name and specify its category (standard document, artifact, homegrown solution, or commercial solution).
    3. Think about and discuss how often the tool is being used for each use case across the organization. Document whether its use is required. Then assess reporting functionality, data accuracy, and cost.
    4. Lastly, give a satisfaction rating for each use case.

    Excerpt from the Tool Audit Workbook

    Excerpt from Info-Tech's Tool Audit Workbook on compiling tools.

    1.2.1 Review dashboard

    1-3 hours

    Input: List of key PPM decision points, List of who is accountable for PPM decisions, List of who has PPM decision-making authority

    Output: Prioritized list of PPM decision-making support needs

    Materials: Whiteboard/Flip Charts, Tool Audit Workbook

    Participants: Portfolio Manager (PMO Director), PMO Admin Team, CIO

    Discuss the outputs of the Dashboards tab to inform your decision maker on whether to pass or fail the tool for each use case.

    Sample of a BI dashboard used to evaluate the usefulness of tools. Written notes include: 'Slice the data based on stakeholder group, tool, use case, and category', and 'Review the results of the questionnaire by comparing cost and satisfaction'.

    1.2.1 Execute final audit

    1 hour

    Input: List of key PPM decision points, List of who is accountable for PPM decisions, List of who has PPM decision-making authority

    Output: Prioritized list of PPM decision-making support needs

    Materials: Whiteboard/Flip Charts, Tool Audit Workbook

    Participants: Portfolio Manager (PMO Director), PMO Admin Team, CIO

    1. Using the information available, schedule time with the leadership team to present the results.
    2. Identify the accountable party to make the final decision on what current tools pass or fail the final audit.
    3. Mind the gap presented by the failed tools and look to possibilities within the M365 and Microsoft Project suite. For each tool that is deemed unsatisfactory for the future state, mark it as “Fail” in column O on tab 2 of the Tool Audit Workbook. This will ensure the item shows in the “Fail” column on tab 4 of the tool when you refresh the data.
    4. For each of the tools that “fail” your audit and that you’re going to make recommendations to rationalize in a future state, try to capture the annual total current-state spending on licenses, and the work modes the tool currently supports (i.e. task, project, and/or portfolio management).
    5. Additionally, start to think about future-state replacements for each tool within or outside of the M365/MS Project platforms. As we move forward to finalize your action plan in the last phase of this blueprint, we will capture and present this information to key stakeholders.

    Document your goals, needs, and constraints before proceeding

    Use Info-Tech’s Force Field Analysis Tool to help weigh goals and needs against risks and constraints associated with a work management change.

    • Now that you have discussed the organization’s ways of working and assessed its tool landscape – and made some initial decisions on some tool options that might need to change across that landscape – gather key stakeholders to define (a) why a change is needed at this time and (b) to document some of the risks and constraints associated with changing.
    • Info-Tech’s Force Field Analysis Tool can be used to capture these data points. It takes an organizational change management approach and asks you to consider the positive and negative forces associated with a work management tool change at this time.
    • The slides ahead walk you through a force field analysis activity and help you to navigate the relevant tabs in the Tool.

    Download Info-Tech's Force Field Analysis Tool

    Sample of Info-Tech's Force Field Analysis Tool.

    1.2.1 Identify goals and needs (1 of 2)

    Use tab 1 of the Force Field Analysis Workbook to assess goals and needs.

    30 minutes

    Input: Opportunities associated with determining the use case for Microsoft Project and M365 in your organization

    Output: Plotted opportunities based on probability and impact

    Materials: Whiteboard/Flip Charts, Force Field Analysis Tool

    Participants: Portfolio Manager (PMO Director), PMO Admin Team, Project Managers

    1. Brainstorm opportunities associated with exploring and/or implementing Microsoft Project and the Microsoft 365 suite of products for task, project, and project portfolio management.
    2. Document relevant opportunities in tab 1 of the Force Field Analysis Tool. For each driving force for the change (note: a driving force can include goals and needs) that is identified, provide a category that explains why the driving force is a concern (i.e. with this force is the organization looking to mature, integrate, scape, or accelerate?).
    3. In addition, assess the ease of achieving or realizing each goal or need and the impact of realizing them on the PMO and/or the organization.
    4. See the next slide for a screenshot that helps you navigate tab 1 of the Tool.

    Download the Force Field Analysis Tool

    1.2.1 Identify goals and needs (2 of 2)

    Screenshot of tab 1 of the Force Field Analysis Workbook.

    Screenshot of tab 1 of the Force Field Analysis Workbook. There are five columns referred to as columns B through F with the headings 'Opportunities', 'Category', 'Source', 'Ease of Achieving', and 'Impact on PMO/Organization'.

    In column B on tab 1, note the specific opportunities the group would like to call out.

    In column C, categorize the goal or need being articulated by the list of drop-down options: will it accelerate the time to benefit? Will it help to integrate systems and data sources? Will it mature processes and the organization overall? Will it help to scale across the organization? Choose the option that best aligns with the opportunity.

    In column D, categorize the source of the goal or need as internal or external.

    In column E, use the drop-down menus to indicate the ease of realizing each goal or need for the organization. Will it be relatively easy to manifest or will there be complexities to implementing it?

    In column F, use the drop-down menus to indicate the positive impact of realizing or achieving each need on the PMO and/or the organization.

    On tab 3 of the Force Field Analysis Workbook, your inputs on tab 1 are summarized in graphical form from columns B to G. On tab 3, these goals and needs results are contrasted with your inputs on tab 2 (see next slide).

    1.2.2 Identify risk and constraints (1 of 2)

    Use tab 2 of the Force Field Analysis Workbook to assess opposing forces to change.

    30 minutes

    Input: Risks associated with determining the use case for Microsoft Project and M365 in your organization

    Output: Plotted risks based on probability and impact

    Materials: Whiteboard/Flip Charts, Force Field Analysis Tool

    Participants: Portfolio Manager (PMO Director), PMO Admin Team, Project Managers

    1. With the same working group from 1.2.1, brainstorm risks, constraints, and other opposing forces pertaining to your potential future state.
    2. Document relevant opposing forces in tab 2 of the Force Field Analysis Tool. For each opposing force for the change (note: a driving force can include goals and needs) that is identified, provide a category that explains why the opposing force is a concern (i.e. will it impact or is it impacted by time, resources, maturity, budget, or culture?).
    3. In addition, assess the likelihood of the risk or constraint coming to light and the negative impact of it coming to light for your proposed change.
    4. See the next slide for a screenshot that helps you navigate tab 2 of the Force Field Analysis Tool.

    Download the Force Field Analysis Tool

    1.2.2 Identify risk and constraints (2 of 2)

    Screenshot of tab 2 of the Force Field Analysis Workbook.

    Screenshot of tab 2 of the Force Field Analysis Workbook. There are five columns referred to as columns B through F with the headings 'Risks and Constraints', 'Category', 'Source', 'Likelihood of Constraint/Risk/Resisting Force Being Felt', and 'Impact to Derailing Goals and Needs'.

    In column B on tab 2, note the specific risks and constraints the group would like to call out.

    In column C, categorize the risk or constraint being articulated by the list of drop-down options: will it impact or is it impacted by time, resources, budget, culture or maturity?

    In column D, categorize the source of the goal or need as internal or external.

    In column E, use the drop-down menus to indicate the likelihood of each risk or constraint materializing during your implementation. Will it definitely occur or is there just a small chance it could come to light?

    In column F, use the drop-down menus to indicate the negative impact of the risk or constraint to achieving your goals and needs.

    On tab 3 of the Force Field Analysis Workbook, your inputs on tab 2 are summarized in graphical form from columns I to N. On tab 3, your risk and constraint results are contrasted with your inputs on tab 1 to help you gauge the relative weight of driving vs. opposing forces.

    Step 1.2

    Explore the Microsoft Project Plans and their capabilities

    Activities

    • 1.1.1 Review the Microsoft 365 licensing features
    • 1.1.2 Explore the Microsoft Project Plan licenses
    • 1.1.3 Prepare a needs assessment for Microsoft 365 and Project Plan licenses

    This step will walk you through the following activities:

    • Review the suite of task management, project management, and project portfolio management options available in Microsoft 365.
    • Prepare a preliminary checklist of required M365 apps for your stakeholders.

    This step usually involves the following participants:

    • PMO/Portfolio Manager
    • Project Managers
    • CIO and other executive stakeholders
    • Other project portfolio stakeholders (project and IT workers)

    Outcomes of Step

    • Preliminary requirements for an M365 project management and project portfolio management tool implementation

    Microsoft recently revamped its project plans to balance its old and new tech

    Access to the new tech, Project for the web, comes with all license types, while Project Online Professional and Premium licenses have been revamped as P3 and P5.

    Navigating Microsoft licensing is never easy, and Project for the web has further complicated licensing needs for project professionals.

    As we’ll cover in step 2.1 of this blueprint, Project for the web can be extended beyond its base lightweight work management functionality using the Power Platform (Power Apps, Power Automate, and Power BI). Depending on the scope of your implementation, this can require additional Power Platform licensing.

    • In this step, we will help you understand the basics of what’s already included in your enterprise M365 licensing as well as what’s new in Microsoft’s recent Project licensing plans (P1, P3, and P5).
    • As we cover toward the end of this step, you can use Info-Tech’s MS Project and M365 Licensing Tool to help you understand your plan and licensing needs. Further assistance on licensing can be found in the Task, Project, and Portfolio Management Tool Guides that accompany this blueprint and Info-Tech’s Modernize Your Microsoft Licensing for the Cloud Era.

    Download Info-Tech’s Modernize Your Microsoft Licensing for the Cloud Era

    Licensing features for knowledge workers

    Please note that licensing packages are frequently subject to change. This is up to date as of August 2021. For the most up-to-date information on licensing, visit the Microsoft website.

    Bundles are extremely common and can be more cost effective than à la carte options for the Microsoft products.

    The biggest differentiator between M365 and O365 is that the M365 product also includes Windows 10 and Enterprise Mobility and Security.

    The color coding in the diagram indicates that the same platform/application suite is available.

    Platform or Application M365 E3 M365 E5 O365 E1 O365 E3 O365 E5
    Microsoft Forms X X X X X
    Microsoft Lists X X X X X
    OneDrive X X X X X
    Planner X X X X X
    Power Apps for Office 365 X X X X X
    Power Automate for Office X X X X X
    Power BI Pro X X
    Power Virtual Agents for Teams X X X X X
    SharePoint X X X X X
    Stream X X X X X
    Sway X X X X X
    Teams X X X X X
    To Do X X X X X

    Get familiar with Microsoft Project Plan 1

    Please note that licensing packages are frequently subject to change. This is up to date as of August 2021. For the most up to date information on licensing, visit the Microsoft website.

    Who is a good fit?

    • New project managers
    • Zero-allocation project managers
    • Individuals and organizations who want to move out of Excel into something less fragile (easily breaking formulas)

    What does it include?

    • Access to Project Home, a landing page to access all project plans you’ve created or have been assigned to.
    • Access to Grid View, Board View, and Timeline (Gantt) View to plan and manage your projects with Project for the web
    • Sharing Project for the web plans across Microsoft Teams channels
    • Co-authoring on project plans

    When does it make sense?

    • Lightweight project management
    • No process to use bottom-up approach for resourcing data
    • Critical-path analysis is not required
    • Organization does not have an appetite for project management rigor

    Get familiar with Microsoft Project Plan 3

    Please note that licensing packages are frequently subject to change. This is up to date as of August 2021. For the most up to date information on licensing, visit the Microsoft website.

    Who is a good fit?

    • Experienced and dedicated project managers
    • Organizations with complex projects
    • Large project teams are required to complete project work
    • Organizations have experience using project management software

    What does it include?

    Everything in Project Plan 1 plus the following:

    • Reporting through Power BI Report template apps (note that there are no pre-built reports for Project for the web)
    • Access to build a Roadmap of projects from Project for the web and Azure DevOps with key milestones, statuses, and deadlines
    • Project Online to submit and track timesheets for project teams
    • MS Project Desktop Client to support resource management

    When does it make sense?

    • Project management is an established discipline at the organization
    • Critical-path analysis is commonly used
    • Organization has some appetite for project management rigor
    • Resources are expected to submit timesheets to allow for more precise resource management data

    Get familiar with Microsoft Project Plan 5

    Please note that licensing packages are frequently subject to change. This is up to date as of August 2021. For the most up to date information on licensing, visit the Microsoft website.

    Who is a good fit?

    • Experienced and dedicated project managers
    • Experienced and dedicated PMO directors
    • Dedicated portfolio managers
    • Organizations proficient at sustaining data in a standard tool

    What does it include?

    Everything in Project Plan 3 plus the following:

    • Portfolio selection and optimization
    • Demand management
    • Enterprise resource planning and management through deterministic task and resource scheduling
    • MS Project Desktop Client to support resource management

    When does it make sense?

    • Project management is a key success factor at the organization
    • Organization employs a bottom-up approach for resourcing data
    • Critical-path analysis is required
    • Formal project portfolio management processes are well established
    • The organization is willing to either put in the time, energy, and resources to learn to configure the system through DIY or is willing to leverage a Microsoft Partner to help them do so

    What’s included in each plan (1 of 2)

    Plan details are up to date as of September 2021. Plans and pricing can change often. Visit the Microsoft website to validate plan options and get pricing details.
    MS Project Capabilities Info-Tech's Editorial Description P1 P3 P5
    Project Home Essentially a landing page that allows you to access all the project plans you've created or that you're assigned to. It amalgamates plans created in Project for the web, the Project for the web app in Power Apps, and Project Online. X X X
    Grid view One of three options in which to create your project plans in Project for the web (board view and timeline view are the other options). You can switch back and forth between the options. X X X
    Board view One of three options in which to create your project plans in Project for the web (grid view and timeline view are the other options). You can switch back and forth between the options. X X X
    Timeline (Gantt) view One of three options in which to create your project plans in Project for the web (board view and grid view are the other options). You can switch back and forth between the options. X X X
    Collaboration and communication This references the ability to add Project for the web project plans to Teams channels. X X X
    Coauthoring Many people can have access to the same project plan and can update tasks. X X X
    Project planning and scheduling For this the marketing lingo says "includes familiar scheduling tools to assign project tasks to team members and use different views like Grid, Board, and Timeline (Gantt chart) to oversee the schedule." Unclear how this is different than the project plans in the three view options above. X X X

    X - Functionality Included in Plan

    O - Functionality Not Included in Plan

    What’s included in each plan (2 of 2)

    Plan details are up to date as of September 2021. Plans and pricing can change often. Visit the Microsoft website to validate plan options and get pricing details.
    MS Project Capabilities Info-Tech's Editorial Description P1 P3 P5
    Reporting This seems to reference Excel reports and the Power BI Report Template App, which can be used if you're using Project Online. There are no pre-built reports for Project for the web, but third-party Power Apps are available. O X X
    Roadmap Roadmap is a platform that allows you to take one or more projects from Project for the web and Azure DevOps and create an organizational roadmap. Once your projects are loaded into Roadmap you can perform additional customizations like color status reporting and adding key days and milestones. O X X
    Timesheet submission Project Online and Server 2013 and 2016 allow team members to submit timesheets if the functionality is required. O X X
    Resource management The rich MS Project client supports old school, deterministic project scheduling at the project level. O X X
    Desktop client The full desktop client comes with P3 and P5, where it acts as the rich editor for project plans. The software enjoys a multi-decade market dominance as a project management tool but was never paired with an enterprise collaboration server engine that enjoyed the same level of success. O X X
    Portfolio selection and optimization Portfolio selection and optimization has been offered as part of the enterprise project and portfolio suite for many years. Most people taking advantage of this capability have used a Microsoft Partner to formalize and operationalize the feature. O O X
    Demand Management Enterprise demand management is targeted at the most rigorous of project portfolio management practices. Most people taking advantage of this capability have used a Microsoft Partner to formalize and operationalize the feature. O O X
    Enterprise resource planning and management The legacy MS Project Online/Server platform supports enterprise-wide resource capacity management through an old-school, deterministic task and resource scheduling engine, assuming scaled-out deployment of Active Directory. Most people succeeding with this capability have used a Microsoft Partner to formalize and operationalize the feature. O O X

    X - Functionality Included in Plan

    O - Functionality Not Included in Plan

    Use Info-Tech’s MS Project and M365 Licensing Tool

    Leverage the analysis in Info-Tech’s MS Project & M365 Licensing Tool to help inform your initial assumptions about what you need and how much to budget for it.

    • The Licensing Tool can help you determine what Project Plan licensing different user groups might need as well as additional Power Platform licensing that may be required.
    • It consists of four main tabs: two set-up tabs where you can validate the plan and pricing information for M365 and MS Project; an analysis tab where you set up your user groups and follow a survey to assess their Project Plan needs; and another analysis tab where you can document your Power Platform licensing needs across your user groups.
    • There is also a business case tab that breaks down your total licensing needs. The outputs of this tab can be used in your MS Project & M365 Action Plan Template, which we will help you develop in phase three of this blueprint.

    Download Info-Tech's Microsoft Project & M365 Licensing Tool

    Sample of Info-Tech's Microsoft Project and M365 Licensing Tool.

    1.2.1 Conduct a needs assessment

    1-2 hours

    Input: List of key user groups/profiles, Number of users and current licenses

    Output: List of Microsoft applications/capabilities included with each license, Analysis of user group needs for Microsoft Project Plan licenses

    Materials: Microsoft Project & 365 Licensing Tool

    Participants: Portfolio Manager (PMO Director), PMO Admin Team, Project Managers

    1. As a group, analyze the applications included in your current or desired 365 license and calculate any additional Power Platform licensing needs.
    2. Screenshot of the 'Application/Capabilities' screen from the 'Microsoft Project and M365 Licensing Tool'.
    3. Within the same group, use the drop-down menus to analyze your high-level MS Project requirements by selecting whether each capability is necessary or not.
    4. Your inputs to the needs assessment will determine the figures in the Business Case tab. Consider exporting this information to PDF or other format to distribute to stakeholders.
    5. Screenshot of the 'Business Case' tab from the 'Microsoft Project and M365 Licensing Tool'.

    Download Info-Tech's Microsoft Project & M365 Licensing Tool

    Step 1.3

    Assess the maturity of your current PM & PPM capabilities

    Activities

    • Assess current state project and project portfolio management processes and tools
    • Determine target state project and project portfolio management processes and tools

    This step will walk you through the following activities:

    • Assess current state project and project portfolio management processes and tools
    • Determine target state project and project portfolio management processes and tools

    This step usually involves the following participants:

    • PMO/Portfolio Manager
    • Project Managers
    • CIO and other executive stakeholders
    • Other project portfolio stakeholders (project and IT workers)

    Outcomes of Step

    • Current and target state maturity for project management and project portfolio management processes

    Project portfolio management and project management are more than tools

    Implementing commercial tools without a matching level of process discipline is a futile exercise, leaving organizations frustrated at the wasted time and money.

    • The tool is only as good as the data that is input. There is often a misunderstanding that a tool will be “automatic.” While it is true that a tool can help make certain processes easier and more convenient by aggregating information, enhancing reporting, and coauthoring, it will not make up the data. If data becomes stale, the tool is no longer valid for accurate decision making.
    • Getting people onboard and establishing a clear process is often the hardest part. As IT folk, it can be easy to get wrapped up in the technology. All too often excitement around tools can drown out the important requisites around people and process. The reality is people and process are a necessary condition for a tool to be successful. Having a tool will not be sufficient to overcome obstacles like poor stakeholder buy-in, inadequate governance, and the absence of a standard operating procedure.

    • Slow is the way to go. When deciding what tools to purchase, start small and scale up rather than going all in and all too often ending up with many unused features and fees.

    "There's been a chicken-egg debate raging in the PPM world for decades: What comes first, the tool or the process? It seems reasonable to say, ‘We don't have a process now, so we'll just adopt the one in the tool.’ But you'll soon find out that the tool doesn't have a process, and you needed to do more planning and analysis before buying the tool." (Barry Cousins, Practice Lead, Project Portfolio Management)

    Assess your process maturity to determine the right tool approach

    Take the time to consider and reflect on the current and target state of the processes for project portfolio management and project management.

    Project Portfolio Management

    • Status and Progress Reporting
      1. Intake, Approval, and Prioritization

        PPM is the practice of selecting the right projects and ensuring the organization has the necessary resources to complete them. PPM should enable executive decision makers to make sense of the excess of demand and give IT the ability to prioritize those projects that are most valuable to the business.
      2. Resource Management

      3. Project Management

        1. Initiation
        2. Planning
        3. Execution
        4. Monitoring and Controlling
        5. Closing
        Tailor a project management framework to fit your organization. Formal methodologies aren’t always the best fit. Take what you can use from formal frameworks and define a right-sized approach to your project management processes.
      4. Project Closure

      5. Benefits Tracking

    Info-Tech’s maturity assessment tools can help you match your tools to your maturity level

    Use Info-Tech’s Project Portfolio Management Maturity Assessment Tool and Project Management Maturity Assessment Tool.

    • The next few slides in this step take you through using our maturity assessment tools to help gauge your current-state and target-state maturity levels for project management (PM) and project portfolio management (PPM).
    • In addition to the process maturity assessments, these workbooks also help you document current-state support tools and desired target-state tools.
    • The outputs of these workbooks can be used in your MS Project & M365 Action Plan Template, which we will help you develop in phase three of this blueprint.

    Download Info-Tech’s Project Portfolio Management Maturity Assessment Tool and Project Management Maturity Assessment Tool

    Samples of Info-Tech's Project Portfolio Management Maturity Assessment Tool and Project Management Maturity Assessment Tool.

    Conduct a gap analysis survey for both project and project portfolio management.

    • Review the category and activity statements: For each gap analysis tab in the maturity assessments, use the comprehensive activity statements to identify gaps for the organization.
    • Assess the current state: To assess the current state, evaluate whether the statement should be labeled as:
      • Absent: There is no evidence of any activities supporting this process.
      • Initial: Activity is ad hoc and not well defined.
      • Defined: Activity is established and there is moderate adherence to its execution.
      • Repeatable: Activity is established, documented, repeatable, and integrated with other phases of the process.
      • Managed: Activity execution is tracked by gathering qualitative and quantitative feedback

    Once this is documented, take some time to describe the type of tool being used to do this (commercial, home-grown, standardized document) and provide additional details, where applicable.

    Define the target state: Repeat the assessment of activity statements for the target state. Then gauge the organizational impact and complexity of improving each capability on a scale of very low to very high.

    Excerpt from Info-Tech's Project Portfolio Management Maturity Assessment Tool, the 'PPM Current State Target State Maturity Assessment Survey'. It has five columns whose purpose is denoted in notes. Column 1 'Category within the respective discipline'; Column 2 'Statement to consider'; Column 3 'Select the appropriate answer for current and target state'; Column 4 'Define the tool type'; Column 5 'Provide addition detail about the tool'.

    Analyze survey results for project and project portfolio management maturity

    Take stock of the gap between current state and target state.

    • What process areas have the biggest gap between current and target state?
    • What areas are aligned across current and target state?

    Identify what areas are currently the least and most mature.

    • What process area causes the most pain in the organization?
    • What process area is the organization’s lowest priority?

    Note the overall current process maturity.

    • After having done this exercise, does the overall maturity come as a surprise?
    • If so, what are some of the areas that were previously overlooked?
    A table and bar graph documenting and analysis of maturity survey results. The table has four columns labelled 'Process Area', 'Current Process Completeness', 'Current Maturity Level', and 'Target State Maturity'. Rows headers in the 'Process Area' column are 'Intake, Approval, and Prioritization', 'Resource Management', 'Portfolio Reporting', 'Project Closure and Benefits Realization', 'Portfolio Administration', and finally 'Overall Maturity'. The 'Current Process Completeness' column's values are in percentages. The 'Current Maturity Level' and 'Target State Maturity' columns' values can be one of the following: 'Absent', 'Initial', 'Defined', 'Repeatable', or 'Managed'. The bar chart visualizes the levels of the 'Target State' and 'Current State' with 'Absent' from 0-20%, 'Initial' from 20-40%, 'Defined' from 40-60%, 'Repeatable' from 60-80%, and 'Managed' from 80-100%.
    • Identify process areas with low levels of maturity
    • Spot areas of inconsistency between current and target state.
    • Assess the overall gap to get a sense of the magnitude of the effort required to get to the target state.
    • 100% doesn’t need to be the goal. Set a goal that is sustainable and always consider the value to effort ratio.

    Screenshot your results and put them into the MS Project and M365 Action Plan Template.

    Review the tool overview and plan to address gaps (tabs 3 & 4)

    Tool Overview:

    Analyze the applications used to support your project management and project portfolio management processes.

    Look for:

    • Tools that help with processes across the entire PM or PPM lifecycle.
    • Tools that are only used for one specific process.

    Reflect on the overlap between process areas with pain points and the current tools being used to complete this process.

    Consider the sustainability of the target-state tool choice

    Screenshot of a 'Tool Overview' table. Chart titled 'Current-to-Target State Supporting Tools by PPM Activity' documenting the current and target states of different supporting tools by PPM Activity. Tools listed are 'N/A', 'Standardized Document', 'Homegrown Tool', and 'Commercial Tool'.

    You have the option to create an action plan for each of the areas of improvement coming out of your maturity assessment.

    This can include:

    • Tactical Optimization Action: What is the main action needed to improve capability?
    • Related Actions: Is there a cross-over with any actions for other capabilities?
    • Timeframe: Is this near-term, mid-term, or long-term?
    • Proposed Start Date
    • Proposed Go-Live Date
    • RACI: Who will be responsible, accountable, consulted, and informed?
    • Status: What is the status of this action item over time?

    Determine the Future of Microsoft Project for Your Organization

    Phase 2: Weigh Your Implementation Options

    Phase 1: Determine Your Tool Needs

    Phase 2: Weigh Your Implementation Options

    Phase 3: Finalize Your Implementation Approach
    • Step 1.1: Survey the M365 work management landscape
    • Step 1.2: Perform a process maturity assessment to help inform your M365 starting point
    • Step 1.3: Consider the right MS Project licenses for your stakeholders
    • Step 2.1: Get familiar with extending Project for the web using Power Apps
    • Step 2.2: Assess the MS Gold Partner Community
    • Step 3.1: Prepare an action plan

    Phase Outcomes

    • A decision on how best to proceed (or not proceed) with Project for the web
    • A Partner outreach plan

    Step 2.1

    Get familiar with extending Project for the web using Power Apps

    Activities

    • Get familiar with Project for the web: how it differs from Microsoft’s traditional project offerings and where it is going
    • Understand the basics of how to extend Project for the web in Power Apps
    • Perform a feasibility test

    This step will walk you through the following activities:

    • Get familiar with Project for the web
    • Understand the basics of how to extend Project for the web in Power Apps
    • Perform a feasibility test to determine if taking a DIY approach to extending Project for the web is right for your organization currently

    This step usually involves the following participants:

    • Portfolio Manager (PMO Director)
    • Project Managers
    • Other relevant PMO stakeholders

    Outcomes of Step

    • A decision on how best to proceed (or not proceed) with Project for the web

    Project for the web is the latest of Microsoft’s project management offerings

    What is Project for the web?

    • First introduced in 2019 as Project Service, Project for the web (PFTW) is Microsoft’s entry into the world of cloud-based work management and lightweight project management options.
    • Built on the Power Platform and leveraging the Dataverse for data storage, PFTW integrates with the many applications that M365 users are already employing in their day-to-day work management and collaboration activities.
    • It is available as a part of your M365 subscription with the minimum activation of P1 license – it comes with P3 and P5 licenses as well.
    • From a functionality and user experience perspective, PFTW is closer to applications like Planner or Azure Boards than it is to traditional MS Project options.

    What does it do?

    • PFTW allows for task and dependency tracking and basic timeline creation and scheduling and offers board and grid view options. It also allows real-time coauthoring of tasks among team members scheduled to the same project.
    • PFTW also comes with a product/functionality Microsoft calls Roadmap, which allows users to aggregate multiple project timelines into a single view for reporting purposes.

    What doesn't it do?

    • With PFTW, Microsoft is offering noticeably less traditional project management functionality than its existing solutions. Absent are table stakes project management capabilities like critical path, baselining, resource load balancing, etc.

    Who is it for?

    • Currently, in its base lightweight project management option, PFTW is targeted toward occasional or part-time project managers (not the PMP-certified set) tasked with overseeing and/or collaborating on small to mid-sized initiatives and projects.

    Put Project for the web in perspective

    Out of the box, PFTW occupies a liminal space when it comes to work management options

    • More than a task management tool, but not quite a full project management tool
    • Not exactly a portfolio management tool, yet some PPM reporting functionality is inherent in the PFTW through Roadmap

    The table to the right shows some of the functionality in PFTW in relation to the task management functionality of Planner and the enterprise project and portfolio management functionality of Project Online.

    Table 2.1a Planner Project for the web Project Online
    Coauthoring on Tasks X X
    Task Planning X X X
    Resource Assignments X X X
    Board Views X X X
    MS Teams Integration X X X
    Roadmap X X
    Table and Gantt Views X X
    Task Dependency Tracking X X
    Timesheets X
    Financial Planning X
    Risks and Issues Tracking X
    Program Management X
    Advanced Portfolio Management X

    Project for the web will eventually replace Project Online

    • As early as 2018 Microsoft has been foreshadowing a transition away from the SharePoint-backed Project environments of Server and Online toward something based in Common Data Service (CDS) – now rebranded as the Dataverse.
    • Indeed, as recently as the spring of 2021, at its Reimagine Project Management online event, Microsoft reiterated its plans to sunset Project Online and transition existing Online users to the new environment of Project for the web – though it provided no firm dates when this might occur.
      • The reason for this move away from Online appears to be an acknowledgment that the rigidity of the tool is awkward in our current dynamic, collaborative, and overhead-adverse work management paradigm.
      • To paraphrase a point made by George Bullock, Sr. Product Marketing Manager, for Microsoft at the Reimagine Project Management event, teams want to manage work as they see fit, but the rigidity of legacy solutions doesn’t allow for this, leading to a proliferation of tools and data sprawl. (This comment was made during the “Overview of Microsoft Project” session during the Reimagine event.)

    PFTW is Microsoft’s proposed future-state antidote to this challenge. Its success will depend on how well users are able to integrate the solution into a wider M365 work management setting.

    "We are committed to supporting our customers on Project Online and helping them transition to Project for the Web. No end-of-support has been set for Project Online, but when the time comes, we will communicate our plans on the transition path and give you plenty of advance notice." (Heather Heide, Program Manager, Microsoft Planner and Project. This comment was made during the “Overview of Microsoft Project” session during the Reimagine event.)

    Project for the web can be extended beyond its base lightweight functionality

    Project for the web can be extended to add more traditional and robust project and project portfolio management functionality using the Power Platform.

    Microsoft plans to sunset Project Online in favor of PFTW will at first be a head-scratcher for those familiar with the extensive PPM functionality in Project Online and underwhelmed by the project and portfolio management in PFTW.

    However, having built the solution upon the Power Platform, Microsoft has made it possible to take the base functionality in PFTW and extend it to create a more custom, organizationally specific user experience.

    • With a little taste of what can be done with PFTW by leveraging the Power Platform – and, in particular, Power Apps – it becomes more obvious how we, as users, can begin to evolve the base tool toward a more traditional PPM solution and how, in time, Microsoft’s developers may develop the next iteration of PFTW into something more closely resembling Project Online.

    Before users get too excited about using these tools to build a custom PPM approach, we should consider the time, effort, and skills required. The slides ahead will take you through a series of considerations to help you gauge whether your PMO is ready to go it alone in extending the solution.

    Extending the tool enhances functionality

    Table 2.1a in this step displayed the functionality in PFTW in relation to the task management tool Planner and the robust PPM functionality in Online.

    The table to the right shows how the functionality in PFTW can differ from the base solution and Project Online when it is extended using the model-driven app option in Power Apps.

    Caveat: The list of functionality and processes in this table is sample data.

    This functionality is not inherent in the solution as soon as you integrate with Power Apps. Rather it must be built – and your success in developing these functions will depend upon the time and skills you have available.

    Table 2.1b Project for the web PFTW extended with PowerApps Project Online
    Critical Path X
    Timesheets X
    Financial Planning X X
    Risks and Issues Tracking X X
    Program Management X
    Status Updates X
    Project Requests X
    Business Cases X
    Project Charters X
    Resource Planning and Capacity Management X X
    Project Change Requests X

    Get familiar with the basics of Power Apps before you decide to go it alone

    While the concept of being able to customize and grow a commercial PPM tool is enticing, the reality of low-code development and application maintenance may be too much for resource-constrained PMOs.

    Long story short: Extending PFTW in Power Apps is time consuming and can be frustrating for the novice to intermediate user.

    It can take days, even weeks, just to find your feet in Power Apps, let alone to determine requirements to start building out a custom model-driven app. The latter activity can entail creating custom columns and tables, determining relationships between tables to get required outputs, in addition to basic design activities.

    Time-strapped and resource-constrained practitioners should pause before committing to this deployment approach. To help better understand the commitment, the slides ahead cover the basics of extending PFTW in Power Apps:

    1. Dataverse environments.
    2. Navigating Power App Designer and Sitemap Designer
    3. Customizing tables and forms in the Dataverse

    See Info-Tech’s M365 Project Portfolio Management Tool Guide for more information on Power Apps in general.

    Get familiar with Power Apps licensing

    Power Apps for 365 comes with E1 through E5 M365 licenses (and F3 and F5 licenses), though additional functionality can be purchased if required.

    While extending Project for the web with Power Apps does not at this time, in normal deployments, require additional licensing from what is included in a E3 or E5 license, it is not out of the realm of possibility that a more complex deployment could incur costs not included in the Power Apps for 365 that comes with your enterprise agreement.

    The table to the right shows current additional licensing options.

    Power Apps, Per User, Per App Plan

    Per User Plan

    Cost: US$10 per user per app per month, with a daily Dataverse database capacity of 40 MB and a daily Power Platform request capacity of 1,000. Cost: US$40 per user per month, with a daily Dataverse database capacity of 250 MB and a daily Power Platform request capacity of 5,000.
    What's included? This option is marketed as the option that allows organizations to “get started with the platform at a lower entry point … [or those] that run only a few apps.” Users can run an application for a specific business case scenario with “the full capabilities of Power Apps” (meaning, we believe, that unlicensed users can still submit data via an app created by a licensed user). What's included? A per-user plan allows licensed users to run unlimited canvas apps and model-driven apps – portal apps, the licensing guide says, can be “provisioned by customers on demand.” Dataverse database limits (the 250 MB and 5,000 request capacity mentioned above) are pooled at the per tenant, not the per user plan license, capacity.

    For more on Power Apps licensing, refer to Info-Tech’s Modernize Your Microsoft Licensing for the Cloud Era for more information.

    What needs to be configured?

    Extending Project for the web requires working with your IT peers to get the right environments configured based upon your needs.

    • PFTW data is stored in the Microsoft Dataverse (formerly Common Data Service or CDS).
    • The organization’s Dataverse can be made up of one to many environments based upon its needs. Environments are individual databases with unique proprieties in terms of who can access them and what applications can store data in them.
    • Project for the web supports three different types of environments: default, production, and sandbox.
    • You can have multiple instances of a custom PFTW app deployed across these environments and across different users – and the environment you choose depends upon the use case of each instance.

    Types of Environments

    • Default Environment

      • It is the easiest to deploy and get started with the PFTW Power App in the default environment. However, it is also the most restricted environment with the least room for configuration.
      • Microsoft recommends this environment for simple deployments or for projects that span the organization. This is because everyone in the organization is by default a member of this environment – and, with the least room for configuration, the app is relatively straightforward.
      • At minimum, you need one project license to deploy PFTW in the default environment.
    • Production Environment

      • This environment affords more flexibility for how a custom app can be configured and deployed. Unlike the default environment, deploying a production environment is a manual process (through the Power Platform Admin Center) and security roles need to be set to limit users who can access the environment.
      • Because users can be limited, production environments can be used to support more advanced deployments and can support diverse processes for different teams.
      • At present, you need at least five Project licenses to deploy to production environments.
    • Sandbox Environment

      • This environment is for users who are responsible for the creation of custom apps. It offers the same functionality as a production environment but allows users to make changes without jeopardizing a production environment.

    Resources to provide your IT colleagues with to help in your PFTW deployment:

    1. Project for the web admin help (Product Documentation, Microsoft)
    2. Advanced deployment for Project for the web (Video, Microsoft)
    3. Get Started with Project Power App (Product Support Documentation, Microsoft)
    4. Project for the Web Security Roles (Product Support Documentation, Microsoft)

    Get started creating or customizing a model-driven app

    With the proper environments procured, you can now start extending Project for the web.

    • Navigate to the environment you would like to extend PFTW within. For the purposes of the slides ahead, we’ll be using a sandbox environment for an example. Ensure you have the right access set up for production and sandbox environments of your own (see links on previous slide for more assistance).
    • To begin extending PFTW, the two core features you need to be familiar with before you start in Power Apps are (1) Tables/Entities and (2) the Power Apps Designer – and in particular the Site Map.

    From the Power Apps main page in 365, you can change your environment by selecting from the options in the top right-hand corner of the screen.

    Screenshot of the Power Apps “Apps” page in a sandbox environment. The Project App will appear as “Project” when the application is installed, though it is also easy to create an app from scratch.

    Model-driven apps are built around tables

    In Power Apps, tables (formerly called entities and still referred to as entities in the Power Apps Designer) function much like tables in Excel: they are containers of columns of data for tracking purposes. Tables define the data for your app, and you build your app around them.

    In general, there are three types of tables:

    • Standard: These are out-of-the box tables included with a Dataverse environment. Most standard tables can be customized.
    • Managed: These are tables that get imported into an environment as part of a managed solution. Managed tables cannot be customized.
    • Custom: These types of tables can either be imported from another solution or created directly in the Dataverse environment. To create custom tables, users need to have System Administrator or System Customizer security roles within the Dataverse.

    Tables can be accessed under Data banner on the left-hand panel of your Power Apps screen.

    The below is a list of standard tables that can be used to customize your Project App.

    A screenshot of the 'Data' banner in 'Power Apps' and a list of table names.

    Table Name

    Display Name

    msdyn_project Project
    msdyn_projectchange Change
    msdyn_projectprogram Program
    msdyn_projectrequest Request
    msdyn_projectrisk Risk
    msdyn_projectissue Issue
    msdyn_projectstatusreport Status

    App layouts are designed in the Power App Designer

    You configure tables with a view to using them in the design of your app in the Power Apps Designer.

    • If you’re customizing a Project for the web app manually installed into your production or sandbox environment, you can access Designer by highlighting the app from your list of apps on the Apps page and clicking “Edit” in the ribbon above.
      • If you’re creating a model-driven app from scratch, Designer will open past the “Create a New App” intro screen.
      • If you need to create separate apps in your environment for different PMOs or business units, it is as easy to create an app from scratch as it is to customize the manual install.
    • The App Designer is where you can design the layout of your model-driven app and employ the right data tables.
    Screenshot of the 'App Designer' screen in 'Power Apps'.

    The Site Map determines the navigation for your app, i.e. it is where you establish the links and pages users will navigate. We will review the basics of the sitemap on the next few slides.

    The tables that come loaded into your Project Power App environment (at this time, 37) via the manual install will appear in the Power Apps Designer in the Entity View pane at the bottom of the page. You do not have to use all of them in your design.

    Navigate the Sitemap Designer

    With the components of the previous two slides in mind, let’s walk through how to use them together in the development of a Project app.

    As addressed in the previous slide, the sitemap determines the navigation for your app, i.e. it is where you establish the links and the pages that users will navigate.

    To get to the Sitemap Designer, highlight the Project App from your list of apps on the Apps page and click “Edit” in the ribbon above. If you’re creating a model-driven app from scratch, Designer will open past the “Create a New App” intro screen.

    • To start designing your app layout, click the pencil icon beside the Site Map logo on the App Designer screen.
    • This will take you into the Sitemap Designer (see screenshot to the right). This is where you determine the layout of your app and the relevant data points (and related tables from within the Dataverse) that will factor into your Project App.
    • In the Sitemap Designer, you simply drag and drop the areas, groups, and subareas you want to see in your app’s user interface (see next slide for more details).
    Screenshot of the 'Sitemap Designer' in 'Power Apps'.

    Use Areas, Groups, and Subareas as building blocks for your App

    Screenshots of the main window and the right-hand panel in the 'Sitemap Designer', and of the subarea pop-up panel where you connect components to data tables. The first two separate elements into 'Area', 'Group', and 'Subarea'.

    Drag and drop the relevant components from the panel on the right-hand side of the screen into the main window to design the core pieces that will be present within your user interface.

    For each subarea in your design, use the pop-up panel on the right-hand side of the screen to connect your component the relevant table from within your Dataverse environment.

    How do Areas, Groups, and Subareas translate into an app?

    Screenshots of the main window in the 'Sitemap Designer' and of a left-hand panel from a published 'Project App'. There are notes defining the terms 'Area', 'Group', and 'Subarea' in the context of the screenshot.

    The names or titles for your Areas and Groups can be customized within the Sitemap Designer.

    The names or titles for your Subareas is dependent upon your table name within the Dataverse.

    Area: App users can toggle the arrows to switch between Areas.

    Group: These will change to reflect the chosen Area.

    Subarea: The tables and forms associated with each subarea.

    How to properly save and publish your changes made in the Sitemap Designer and Power Apps Designer:

    1. When you are done making changes to your components within the Sitemap Designer, and want your changes to go live, hit the “Publish” button in the top right corner; when it has successfully published, select “Save and Close.”
    2. You will be taken back to the Power App Designer homepage. Hit “Save,” then “Publish,” and then finally “Play,” to go to your app or “Save and Close.”

    How to find the right tables in the Dataverse

    While you determine which tables will play into your app in the Sitemap Designer, you use the Tables link to customize tables and forms.

    Screenshots of the tables search screen and the 'Tables' page under the 'Data' banner in 'Power Apps'.

    The Tables page under the Data banner in Power Apps houses all of the tables available in your Dataverse environment. Do not be overwhelmed or get too excited. Only a small portion of the tables in the Tables folder in Power Apps will be relevant when it comes to extending PFTW.

    Find the table you would like to customize and/or employ in your app and select it. The next slides will look at customizing the table (if you need to) and designing an app based upon the table.

    To access all the tables in your environment, you’ll need to ensure your filter is set correctly on the top right-hand corner of the screen, otherwise you will only see a small portion of the tables in your Dataverse environment.

    If you’re a novice, it will take you some time to get familiar with the table structure in the Dataverse.

    We recommend you start with the list of tables listed on slide. You can likely find something there that you can use or build from for most PPM purposes.

    How to customize a table (1 of 3)

    You won’t necessarily need to customize a table, but if you do here are some steps to help you get familiar with the basics.

    Screenshot of the 'Columns' tab, open in the 'msdyn_project table' in 'Power Apps'.

    In this screenshot, we are clicked into the msdyn_project (display name: Project) table. As you can see, there are a series of tabs below the name of the table, and we are clicked into the Columns tab. This is where you can see all of the data points included in the table.

    You are not able to customize all columns. If a column that you are not able to customize does not meet your needs, you will need to create a custom column from the “+Add column” option.

    “Required” or “Optional” status pertains to when the column or field is used within your app. For customizable or custom columns this status can be set when you click into each column.

    How to customize a table (2 of 3)

    Create a custom “Status” column.

    By way of illustrating how you might need to customize a table, we’ll highlight the “msdyn_project_statecode” (display name: Project Status) column that comes preloaded in the Project (msdyn_project) table.

    • The Project Status column only gives you a binary choice. While you are able to customize what that binary choice is (it comes preloaded with “Active” and “Inactive” as the options) you cannot add additional choices – so you cannot set it to red/yellow/green, the most universally adopted options for status in the project portfolio management world.
    • Because of this, let’s look at the effort involved in creating a choice and adding a custom column to your table based upon that choice.
    Screenshots of the '+New choice' button in the 'Choices' tab and the 'New choice' pane that opens when you click it.

    From within the Choices tab, click “+New choice” option to create a custom choice.

    A pane will appear to the right of your screen. From there you can give your choice a name, and under the “Items” header, add your list of options.

    Click save. Your custom choice is now saved to the Choices tab in the Dataverse environment and can be used in your table. Further customizations can be made to your choice if need be.

    How to customize a table (3 of 3)

    Back in the Tables tab, you can put your new choice to work by adding a column to a table and selecting your custom choice.

    Screenshots of the pop-up window that appear when you click '+Add Column', and details of what happens when you select the data type 'Choice'.

    Start by selecting “+ Add Column” at the top left-hand side of your table. A window will appear on the right-hand side of the page, and you will have options to name your column and choose the data type.

    As you can see in this screenshot to the left, data type options include text, number and date types, and many more. Because we are looking to use our custom choice for this example, we are going to choose “Choice.”

    When you select “Choice” as your data type, all of the choice options available or created in your Dataverse environment will appear. Find your custom choice – in this example the one name “RYG Status” – and click done. When the window closes, be sure to select “Save Table.”

    How to develop a Form based upon your table (1 of 3 – open the form editor)

    A form is the interface users will engage with when using your Project app.

    When the Project app is first installed in your environment, the main user form will be lacking, with only a few basic data options.

    This form can be customized and additional tabs can be added to your user interface.

    1. To do this, go to the table you want to customize.
    2. In the horizontal series of tabs at the top of the screen, below the table title select the “Forms” option.
    3. Click on the main information option or select Edit Form for the form with “Main” under its form type. A new window will open where you can customize your form.
    Screenshot of the 'Forms' tab, open in the 'msdyn_project' table in 'Power Apps'.

    Select the Forms tab.

    Start with the form that has “Main” as its Format Type.

    How to develop a Form based upon your table (2 of 3 – add a component)

    Screenshot of the 'Components' window in 'Power Apps' with a list of layouts as a window to the right of the main screen where you can name and format the chosen layout.

    You can add element like columns or sections to your form by selecting the Components window.

    In this example, we are adding a 1-Column section. When you select that option from the menu options on the left of the screen, a window will open to the right of the screen where you can name and format the section.

    Choose the component you would like to add from the layout options. Depending on the table element you are looking to use, you can also add input options like number inputs and star ratings and pull in related data elements like a project timeline.

    How to develop a Form based upon your table (3 of 3 – add table columns)

    Screenshot of the 'Table Columns' window in 'Power Apps' and instructions for adding table columns.

    If you click on the “Table Columns” option on the left-hand pane, all of the column options from within your table will appear in alphabetical order.

    When clicked within the form section you would like to add the new column to, select the column from the list of option in the left-hand pane. The new data point will appear within the section. You can order and format section elements as you would like.

    When you are done editing the form, click the “Save” icon in the top right-hand corner. If you are ready for your changes to go live within your Project App, select the “Publish” icon in the top right-hand corner. Your updated form will go live within all of the apps that use it.

    The good and the bad of extending Project for the web

    The content in this step has not instructed users how to extend PFTW; rather, it has covered three basic core pieces of Power Apps that those interesting in PFTW need to be aware of: Dataverse environments, the Power Apps and Sitemaps Designers, and Tables and associated Forms.

    Because we have only covered the very tip of the iceberg, those interested in going further and taking a DIY approach to extending PFTW will need to build upon these basics to unlock further functionality. Indeed, it takes work to develop the product into something that begins to resemble a viable enterprise project and portfolio management solution. Here are some of the good and the bad elements associated with that work:

    The Good:

    • You can right-size and purpose build: add as much or as little project management rigor as your process requires. Related, you can customize the solution in multiple ways to suit the needs of specific business units or portfolios.
    • Speed to market: it is possible to get up and running quickly with a minimum-viable product.

    The Bad:

    • Work required: to build anything beyond MVP requires independent research and trial and error.
    • Time required: to build anything beyond MVP requires time and skills that many PMOs don’t have.
    • Shadow support costs: ungoverned app creation could have negative support and maintenance impacts across IT.

    "The move to Power Platform and low code development will […increase] maintenance overhead. Will low code solution hit problems at scale? [H]ow easy will it be to support hundreds or thousands of small applications?

    I can hear the IT support desks already complaining at the thought of this. This part of the puzzle is yet to hit real world realities of support because non developers are busy creating lots of low code applications." (Ben Hosking, Software Developer and Blogger, "Why low code software development is eating the world")

    Quick start your extension with the Accelerator

    For those starting out, there is a pre-built app you can import into your environment to extend the Project for the web app without any custom development.

    • If the DIY approach in the previous slides was overwhelming, and you don’t have the budget for a MS Partner route in the near-term, this doesn’t mean that evolving your Project for the web app is unattainable.
    • Thanks to a partnership between OnePlan (one of the MS Gold Partners we detail in the next step) and Microsoft, Project for the web users have access to a free resource to help them evolve the base Project app. It’s called the “Project for the web Accelerator” (commonly referred to as “the Accelerator” for short).
    • Users interested in learning more about, and accessing, this free resource should refer to the links below:
      1. The Future of Microsoft Project Online (source: OnePlan).
      2. Introducing the Project Accelerator (source: Microsoft).
      3. Project for the web Accelerator (source: GitHub)
    Screen shot from one of the dashboards that comes with the Accelerator (image source: GitHub).

    2.1.1 Perform a feasibility test (1 of 2)

    15 mins

    As we’ve suggested, and as the material in this step indicates, extending PFTW in a DIY fashion is not small task. You need a knowledge of the Dataverse and Power Apps, and access to the requisite skills, time, and resources to develop the solution.

    To determine whether your PMO and organization are ready to go it alone in extending PFTW, perform the following activity:

    1. Convene a collection of portfolio, project, and PMO staff.
    2. Using the six-question survey on tab 5 of the Microsoft Project & M365 Licensing Tool (see screenshot to the right) as a jumping off point for a discussion, consider the readiness of your PMO or project organization to undertake a DIY approach to extending and implementing PFTW at this time.
    3. You can use the recommendations on tab 5 of the Microsoft Project & 365 Licensing Tool to inform your next steps, and input the gauge graphic in section 4 of the Microsoft Project & M365 Action Plan Template.
    Screenshots from the 'Project for the Web Extensibility Feasibility Test'.

    Go to tab 5 of the Microsoft Project & M365 Licensing Tool

    See next slide for additional activity details

    2.1.1 Perform a feasibility test (2 of 2)

    Input: The contents of this step, The Project for the Web Extensibility Feasibility Test (tab 5 in the Microsoft Project & 365 Licensing Tool)

    Output: Initial recommendations on whether to proceed and how to proceed with a DIY approach to extending Project for the web

    Materials: The Project for the Web Extensibility Feasibility Test (tab 5 in the Microsoft Project & 365 Licensing Tool)

    Participants: Portfolio Manager (PMO Director), Project Managers, Other relevant PMO stakeholders

    Step 2.2

    Assess the Microsoft Gold Partner Community

    Activities

    • Review what to look for in a Microsoft Partner
    • Determine whether your needs would benefit from reaching out to a Microsoft Partner
    • Review three key Partners from the North American market
    • Create a Partner outreach plan

    This step will walk you through the following activities:

    • Review what to look for in a Microsoft Partner.
    • Determine whether your needs would benefit from reaching out to a Microsoft Partner.
    • Review three key Partners from the North American market.

    This step usually involves the following participants:

    • Portfolio Manager (PMO Director)
    • Project Managers
    • Other relevant PMO stakeholders

    Outcomes of Step

    • A better understanding of MS Partners
    • A Partner outreach plan

    You don’t have to go it alone

    Microsoft has an established community of Partners who can help in your customizations and implementations of Project for the web and other MS Project offerings.

    If the content in the previous step seemed too technical or overly complex in a way that scared you away from a DIY approach to extending Microsoft’s latest project offering (and at some point in the near future, soon to be its only project offering), Project for the web, fear not.

    You do not have to wade into the waters of extending Project for the web alone, or for that matter, in implementing any other MS Project solution.

    Instead, Microsoft nurtures a community of Silver and Gold partners who offer hands-on technical assistance and tool implementation services. While the specific services provided vary from partner to partner, all can assist in the customization and implementation of any of Microsoft’s Project offerings.

    In this step we will cover what to look for in a Partner and how to assess whether you are a good candidate for the services of a Partner. We will also highlight three Partners from within the North American market.

    The basics of the Partner community

    What is a Microsoft Partner?

    Simply put, an MS Gold Partner is a software or professional services organization that provides sales and services related to Microsoft products.

    They’re resellers, implementors, integrators, software manufacturers, trainers, and virtually any other technology-related business service.

    • Microsoft has for decades opted out of being a professional services organization, outside of its very “leading edge” offerings from MCS (Microsoft Consulting Services) for only those technologies that are so new that they aren’t yet supported by MS Partners.
    • As you can see in the chart on the next slide, to become a silver or gold certified partner, firms must demonstrate expertise in specific areas of business and technology in 18 competency areas that are divided into four categories: applications and infrastructure, business applications, data and AI, and modern workplace and security.

    More information on what it takes to become a Microsoft Partner:

    1. Partner Center (Document Center, Microsoft)
    2. Differentiate your business by attaining Microsoft competencies (Document Center, Microsoft)
    3. Partner Network Homepage (Webpage, Microsoft)
    4. See which partner offer is right for you (Webpage, Microsoft)

    Types of partnerships and qualifications

    Microsoft Partner Network

    Microsoft Action Pack

    Silver Competency

    Gold Competency

    What is it?

    The Microsoft Partner Network (MPN) is a community that offers members tools, information, and training. Joining the MPN is an entry-level step for all partners. The Action Pack is an annual subscription offered to entry-level partners. It provides training and marketing materials and access to expensive products and licenses at a vastly reduced price. Approximately 5% of firms in the Microsoft Partner Network (MPN) are silver partners. These partners are subject to audits and annual competency exams to maintain silver status. Approximately 1% of firms in the Microsoft Partner Network (MPN) are gold partners. These partners are subject to audits and annual competency exams to maintain Gold status.

    Requirements

    Sign up for a membership Annual subscription fee While requirements can vary across competency area, broadly speaking, to become a silver partner firms must:
    • Pass regular exams and skills assessments, with at least two individuals on staff with Microsoft Certified Professional Status.
    • Hit annual customer, revenue, and licensing metrics.
    • Pay the annual subscription fee.
    While requirements can vary across competency area, broadly speaking, to become a gold partner firms must:
    • Pass regular exams and skills assessments, with at least two individuals on staff with Microsoft Certified Professional Status.
    • Hit annual customer, revenue, and licensing metrics.
    • Pay the annual subscription fee.

    Annual Fee

    No Cost $530 $1800 $5300

    When would a MS Partner be helpful?

    • Project management and portfolio management practitioners might look into procuring the services of a Microsoft Partner for a variety of reasons.
    • Because services vary from partner to partner (help to extend Project for the web, implement Project Server or Project Online, augment PMO staffing, etc.) we won’t comment on specific needs here.
    • Instead, the three most common conditions that trigger the need are listed to the right.

    Speed

    When you need to get results faster than your staff can grow the needed capabilities.

    Cost

    When the complexity of the purchase decision, implementation, communication, training, configuration, and/or customization cannot be cost-justified for internal staff, often because you’ll only do it once.

    Expertise & Skills

    When your needs cannot be met by the core Microsoft technology without significant extension or customization.

    Canadian Microsoft Partners Spotlight

    As part of our research process for this blueprint, Info-Tech asked Microsoft Canada for referrals and introductions to leading Microsoft Partners. We spent six months collaborating with them on fresh research into the underlying platform.

    These vendors are listed below and are highlighted in subsequent slides.

    Spotlighted Partners:

    Logo for One Plan. Logo for PMO Outsource Ltd. Logo for Western Principles.

    Please Note: While these vendors were referred to us by Microsoft Canada and have a footprint in the Canadian market, their footprints extend beyond this to the North American and global markets.

    A word about our approach

    Photo of Barry Cousins, Project Portfolio Management Practice Lead, Info-Tech Research Group.
    Barry Cousins
    Project Portfolio Management Practice Lead
    Info-Tech Research Group

    Our researchers have been working with Microsoft Project Online and Microsoft Project Server clients for years, and it’s fair to say that most of these clients (at some point) used a Microsoft Partner in their deployment. They’re not really software products, per se; they’re platforms. As a Microsoft Partner in 2003 when Project Server got its first big push, I heard it loud and clear: “Some assembly required. You might only make 7% on the licensing, but the world’s your oyster for services.”

    In the past few years, Microsoft froze the market for major Microsoft Project decisions by making it clear that the existing offering is not getting updates while the new offering (Project for the web) doesn’t do what the old one did. And in a fascinating timing coincidence, the market substantially adopted Microsoft 365 during that period, which enables access to Project for the web.

    Many of Info-Tech’s clients are justifiably curious, confused, and concerned, while the Microsoft Partners have persisted in their knowledge and capability. So, we asked Microsoft Canada for referrals and introductions to leading Microsoft Partners and spent six months collaborating with them on fresh research into the underlying platform.

    Disclosure: Info-Tech conducted collaborative research with the partners listed on the previous slide to produce this publication. Market trends and reactions were studied, but the only clients identified were in case studies provided by the Microsoft Partners. Info-Tech’s customers have been, and remain, anonymous. (Barry Cousins, Project Portfolio Management Practice Lead, Info-Tech Research Group)

    MS Gold Partner Spotlight:

    OnePlan

    Logo for One Plan.
    Headquarters: San Marcos, California, and Toronto, Ontario
    Number of Employees: ~80
    Active Since: 2007 (as EPMLive)
    Website: www.oneplan.ai

    Who are they?

    • While the OnePlan brand has only been the marketplace for a few years, the company has been a major player in MS Gold Partner space for well over a decade.
    • Born out of EPMLive in the mid-aughts, OnePlan Solutions has evolved through a series of acquisitions, including Upland, Tivitie, and most recently Wicresoft.

    What do they do?

    • Software: Its recent rebranding is largely because OnePlan Solutions is as much a software company as it is a professional services firm. The OnePlan software product is an impressive solution that can be used on its own to facilitate the portfolio approaches outlined on the next slide and that can also integrate with the tools your organization is already using to manage tasks (see here for a full rundown of the solutions within the Microsoft stack and beyond OnePlan can integrate with).
    • Beyond its ability to integrate with existing solutions, as a software product, OnePlan has modules for resource planning, strategic portfolio planning, financial planning, time tracking, and more.

    • PPM Consulting Services: The OnePlan team also offers portfolio management consulting services. See the next slide for a list of its approaches to project portfolio management.

    Markets served

    • US, Canada, Europe, and Australia

    Channel Differentiation

    • OnePlan scales to all the PPM needs of all industry types.
    • Additionally, OnePlan offers insights and functionality specific to the needs of BioTech-Pharma.

    What differentiates OnePlan?

    • OnePlan co-developed the Project Accelerator for Project for the web with Microsoft. The OnePlan team’s involvement in developing the Accelerator and making it free for users to access suggests it is aligned to and has expertise in the purpose-built and collaborative vision behind Microsoft’s move away from Project Online and toward the Power Platform and Teams collaboration.
    • 2021 MS Gold Partner of the Year. At Microsoft’s recent Microsoft Inspire event, OnePlan was recognized as the Gold Partner of the Year for Project and Portfolio Management as well as a finalist for Power Apps and Power Automate.
    • OnePlan Approaches: Below is a list of the services or approaches to project portfolio management that OnePlan provides. See its website for more details.
      • Strategic Portfolio Management: Align work to objectives and business outcomes. Track performance against the proposed objectives outcomes.
      • Agile Portfolio Management: Implement Agile practices across the organization, both at the team and executive level.
      • Adaptive Portfolio Management: Allow teams to use the project methodology and tools that best suit the work/team. Maintain visibility and decision making across the entire portfolio.
      • Professional Services Automation: Use automation to operate with greater efficiency.

    "OnePlan offers a strategic portfolio, financial and resource management solution that fits the needs of every PMO. Optimize your portfolio, financials and resources enterprise wide." (Paul Estabrooks, Vice President at OnePlan)

    OnePlan Case Study

    This case study was provided to Info-Tech by OnePlan.

    Brambles

    INDUSTRY: Supply Chain & Logistics
    SOURCE: OnePlan

    Overview: Brambles plays a key role in the delivery or return of products amongst global trading partners such as manufacturers, distributors and retailers.

    Challenge

    Brambles had a variety of Project Management tools with no easy way of consolidating project management data. The proliferation of project management solutions was hindering the execution of a long-term business transformation strategy. Brambles needed certain common and strategic project management processes and enterprise project reporting while still allowing individual project management solutions to be used as part of the PPM platform.

    Solution

    As part of the PMO-driven business transformation strategy, Brambles implemented a project management “operating system” acting as a foundation for core processes such as project intake, portfolio management, resource, and financial planning and reporting while providing integration capability for a variety of tools used for project execution.

    OnePlan’s new Adaptive PPM platform, combining the use of PowerApps and OnePlan, gives Brambles the desired PPM operating system while allowing for tool flexibility at the execution level.

    Results

    • Comprehensive picture of progress across the portfolio.
    • Greater adoption by allowing flexibility of work management tools.
    • Modern portfolio management solution that enables leadership to make confident decision.

    Solution Details

    • OnePlan
    • Project
    • Power Apps
    • Power Automate
    • Power BI
    • Teams

    Contacting OnePlan Solutions

    www.oneplan.ai

    Joe Larscheid: jlarscheid@oneplan.ai
    Paul Estabrooks: pestabrooks@oneplan.ai
    Contact Us: contact@oneplan.ai
    Partners: partner@oneplan.ai

    Partner Resources. OnePlan facilitates regular ongoing live webinars on PPM topics that anyone can sign up for on the OnePlan website.

    For more information on upcoming webinars, or to access recordings of past webinars, see here.

    Additional OnePlan Resources

    1. How to Extend Microsoft Teams into a Collaborative Project, Portfolio and Work Management Solution (on-demand webinar, OnePlan’s YouTube channel)
    2. What Does Agile PPM Mean To The Modern PMO (on-demand webinar, OnePlan’s YouTube channel)
    3. OnePlan is fused with the Microsoft User Experience (blog article, OnePlan)
    4. Adaptive Portfolio Management Demo – Bringing Order to the Tool Chaos with OnePlan (product demo, OnePlan’s YouTube channel)
    5. How OnePlan is aligning with Microsoft’s Project and Portfolio Management Vision (blog article, OnePlan)
    6. Accelerating Office 365 Value with a Hybrid Project Portfolio Management Solution (product demo, OnePlan’s YouTube channel)

    MS Gold Partner Spotlight:

    PMO Outsource Ltd.

    Logo for PMO Outsource Ltd.

    Headquarters: Calgary, Alberta, and Mississauga, Ontario
    Website: www.pmooutsource.com

    Who are they?

    • PMO Outsource Ltd. is a Microsoft Gold Partner and PMI certified professional services firm based in Alberta and Ontario, Canada.
    • It offers comprehensive project and portfolio management offerings with a specific focus on project lifecycle management, including demand management, resource management, and governance and communication practices.

    What do they do?

    • Project Online and Power Platform Expertise. The PMO Outsource Ltd. team has extensive knowledge in both Microsoft’s old tech (Project Server and Desktop) and in its newer, cloud-based technologies (Project Online, Project for the web, the Power Platform, and Dynamics 365). As the case study in two slides demonstrates, PMO Outsource Ltd. Uses its in-depth knowledge of the Microsoft suite to help organizations automate project and portfolio data collection process, create efficiencies, and encourage cloud adoption.
    • PPM Consulting Services: In addition to its Microsoft platform expertise, the PMO Outsource Ltd. team also offers project and portfolio management consulting services, helping organizations evolve their process and governance structures as well as their approaches to PPM tooling.

    Markets served

    • Global

    Channel Differentiation

    • PMO Outsource Ltd. scales to all the PPM needs of all industry types.

    What differentiates PMO Outsource Ltd.?

    • PMO Staff Augmentation. In addition to its technology and consulting services, PMO Outsource Ltd. offers PMO staff augmentation services. As advertised on its website, it offers “scalable PMO staffing solutions. Whether you require Project Managers, Business Analysts, Admins or Coordinators, [PMO Outsource Ltd.] can fulfill your talent search requirements from a skilled pool of resources.”
    • Multiple and easy-to-understand service contract packages. PMO Outsource Ltd. offers many prepackaged service offerings to suit PMOs’ needs. Those packages include “PMO Management, Admin, and Support,” “PPM Solution, Site and Workflow Configuration,” and “Add-Ons.” For full details of what’s included in these services packages, see the PMO Outsource Ltd. website.
    • PMO Outsource Ltd. Services: Below is a list of the services or approaches to project portfolio management that PMO Outsource Ltd. Provides. See its website for more details.
      • Process Automation, Workflows, and Tools. Facilitate line of sight by tailoring Microsoft’s technology to your organization’s needs and creating custom workflows.
      • PMO Management Framework. Receive a professionally managed PPM methodology as well as governance standardization of processes, tools, and templates.
      • Custom BI Reports. Leverage its expertise in reporting and dashboarding to create the visibility your organization needs.

    "While selecting an appropriate PPM tool, the PMO should not only evaluate the standard industry tools but also analyze which tool will best fit the organization’s strategy, budget, and culture in the long run." (Neeta Manghnani, PMO Strategist, PMO Outsource Ltd.)

    PMO Outsource Ltd. Case Study

    This case study was provided to Info-Tech by PMO Outsource Ltd.

    SAMUEL

    INDUSTRY: Manufacturing
    SOURCE: PMO Outsource Ltd.

    Challenge

    • MS Project 2013 Server (Legacy/OnPrem)
    • Out-of-support application and compliance with Office 365
    • Out-of-support third-party application for workflows
    • No capability for resource management
    • Too many manual processes for data maintenance and server administration

    Solution

    • Migrate project data to MS Project Online
    • Recreate workflows using Power Automate solution
    • Configure Power BI content packs for Portfolio reporting and resource management dashboards
    • Recreate OLAP reports from legacy environment using Power BI
    • Cut down nearly 50% of administrative time by automating PMO/PPM processes
    • Save costs on Server hardware/application maintenance by nearly 75%

    Full Case Study Link

    • For full details about how PMO Outsource Ltd. assisted Samuel in modernizing its solution and creating efficiencies, visit the Microsoft website where this case study is highlighted.

    Contacting PMO Outsource Ltd.

    www.pmooutsource.com

    700 8th Ave SW, #108
    Calgary, AB T2P 1H2
    Telephone : +1 (587) 355-3745
    6045 Creditview Road, #169
    Mississauga, ON L5V 0B1
    Telephone : +1 (289) 334-1228
    Information: info@pmooutsource.com
    LinkedIn: https://www.linkedin.com/company/pmo-outsource/

    Partner Resources. PMO Outsource Ltd.’s approach is rooted within a robust and comprehensive PPM framework that is focused on driving strategic outcomes and business success.

    For a full overview of its PPM framework, see here.

    Additional PMO Outsource Ltd. Resources

    1. 5 Benefits of PPM tools and PMO process automation (blog article, PMO Outsource Ltd.)
    2. Importance of PMO (blog article, PMO Outsource Ltd.)
    3. Meet the Powerful and Reimagined PPM tool for Everyone! (video, PMO Outsource Ltd. LinkedIn page)
    4. MS Project Tips: How to add #Sprints to an existing Project? (video, PMO Outsource Ltd. LinkedIn page)
    5. MS Project Tips: How to add a milestone to your project? (video, PMO Outsource Ltd. LinkedIn page)
    6. 5 Benefits of implementing Project Online Tools (video, PMO Outsource Ltd. LinkedIn page)

    MS Gold Partner Spotlight:

    Western Principles

    Logo for Western Principles.

    Headquarters: Vancouver, British Columbia
    Years Active: 16 Years
    Website: www.westernprinciples.com

    Who are they?

    • Western Principles is a Microsoft Gold Partner and UMT 360 PPM software provider based in British Columbia with a network of consultants across Canada.
    • In the last sixteen years, it has successfully conducted over 150 PPM implementations, helping in the implementation, training, and support of Microsoft Project offerings as well as UMT360 – a software solution provider that, much like OnePlan, enhances the PPM capabilities of the Microsoft platform.

    What do they do?

    • Technology expertise. The Western Principles team helps organizations maximize the value they are getting form the Microsoft Platform. Not only does it offer expertise in all the solutions in the MS Project ecosystem, it also helps organizations optimize their use and understanding of Teams, SharePoint, the Power Platform, and more. In addition to the Microsoft platform, Western Principles is partnered with many other technology providers, including UMT360 for strategic portfolio management, the Simplex Group for project document controls, HMS for time sheets, and FluentPro for integration, back-ups, and migrations.
    • PPM Consulting Services: In addition to its technical services and solutions, Western Principles offers PPM consulting and staff augmentation services.

    Markets served

    • Canada

    Channel Differentiation

    • Western Principles scales to all the PPM needs of all industry types, public and private sector.
    • In addition, its website offers persona-specific information based on the PPM needs of engineering and construction, new product development, marketing, and more.

    What differentiates Western Principles?

    • Gold-certified UMT 360 partner. In addition to being a Microsoft Gold Partner, Western Principles is a gold-certified UMT 360 partner. UMT 360 is a strategic portfolio management tool that integrates with many other work management solutions to offer holistic line of sight into the organization’s supply-demand pain points and strategic portfolio management needs. Some of the solutions UMT 360 integrates with include Project Online and Project for the web, Azure DevOps, Jira, and many more. See here for more information on the impressive functionality in UMT360.
    • Sustainment Services. Adoption can be the bane of most PPM tool implementations. Among the many services Western Principles offers, its “sustainment services” stand out. According to Western Principles’ website, these services are addressed to those who require “continual maintenance, change, and repair activities” to keep PPM systems in “good working order” to help maximize ROI.
    • Western Principles Services: In addition to the above, below is a list of some of the services that Western Principles offers. See its website for a full list of services.
      • Process Optimization: Determine your requirements and process needs.
      • Integration: Create a single source of truth.
      • Training: Ensure your team knows how to use the systems you implement.
      • Staff Augmentation: Provide experienced project team members based upon your needs.

    "One of our principles is to begin with the end in mind. This means that we will work with you to define a roadmap to help you advance your strategic portfolio … and project management capabilities. The roadmap for each customer is different and based on where you are today, and where you need to get to." (Western Principles, “Your Strategic Portfolio Management roadmap,” Whitepaper)

    Contacting Western Principles

    www.westernprinciples.com

    610 – 700 West Pender St.
    Vancouver, BC V6C 1G8
    +1 (800) 578-4155
    Information: info@westernprinciples.com
    LinkedIn: https://www.linkedin.com/company/western-principle...

    Partner Resources. Western Principles provides a multitude of current case studies on its home page. These case studies let you know what the firm is working on this year and the type of support it provides to its clientele.

    To access these case studies, see here.

    Additional Western Principles Resources

    1. Program and Portfolio Roll ups with Microsoft Project and Power BI (video, Western Principles YouTube Channel)
    2. Dump the Spreadsheets for Microsoft Project Online (video, Western Principles YouTube Channel)
    3. Power BI for Project for the web (video, Western Principles YouTube Channel)
    4. How to do Capacity Planning and Resource Management in Microsoft Project Online [Part 1 & Part 2] (video, Western Principles YouTube Channel)
    5. Extend & Integrate Microsoft Project (whitepaper, Western Principles)
    6. Your COVID-19 Return-to-Work Plan (whitepaper, Western Principles)

    Watch Info-Tech’s Analyst-Partner Briefing Videos to lean more

    Info-Tech was able to sit down with the partners spotlighted in this step to discuss the current state of the PPM market and Microsoft’s place within it.

    • All three partners spotlighted in this step contributed to Info-Tech’s research process for this publication.
    • For two of the partners, OnePlan and PMO Outsource Ltd., Info-Tech was able to record a conversation where our analysts and the partners discuss Microsoft’s current MS Project offerings, the current state of the PPM tool market, and the services and the approaches of each respective partner.
    • A third video briefing with Western Principles has not happened yet due to logistical reasons. We are hoping we can include a video chat with our peers at Western Principles in the near future.
    Screenshot form the Analyst-Partner Briefing Videos. In addition to the content covered in this step, you can use these videos for further information about the partners to inform your next steps.

    Download Info-Tech’s Analyst-Partner Briefing Videos (OnePlan & PMO Outsource Ltd.)

    2.2.1 Create a partner outreach plan

    1-3 hours

    Input: Contents of this step, List of additional MS Gold Partners

    Output: A completed partner outreach program

    Materials: MS Project & M365 Action Plan Template

    Participants: Portfolio Manager (PMO Director), PMO Admin Team, Project Managers, CIO

    1. With an understanding of the partner ecosystem, compile a working group of PMO peers and stakeholders to produce a gameplan for engaging the MS Gold Partner ecosystem.
      • For additional partner options see Microsoft’s Partner Page.
    2. Using slide 20 in Info-Tech’s MS Project and M365 Action Plan Template, document the Partners you would want or have scheduled briefings with.
      • As you go through the briefings and research process, document the pros and cons and areas of specialized associated with each vendor for your particular work management implementation.

    Download the Microsoft Project & M365 Action Plan Template

    2.2.2 Document your PM and PPM requirements

    1-3 hours

    Input: Project Portfolio Management Maturity Assessment, Project Management Maturity Assessment

    Output: MS Project & M365 Action Plan Template

    Materials: Project Portfolio Management Maturity Assessment, Project Management Maturity Assessment, MS Project & M365 Action Plan Template

    Participants: Portfolio Manager (PMO Director), PMO Admin Team, Project Managers, CIO

    1. As you prepare to engage the Partner Community, you should have a sense of where your project management and project portfolio management gaps are to better communicate your tooling needs.
    2. Leverage tab 4 from both your Project Portfolio Management Assessment and Project Management Assessment from step 1.3 of this blueprint to help document and communicate your requirements. Those tabs prioritize your project and portfolio management needs by highest impact for the organization.
    3. You can use the outputs of the tab to inform your inputs on slide 23 of the MS Project & M365 Action Plan Template to present to organizational stakeholders and share with the Partners you are briefing with.

    Download the Microsoft Project & M365 Action Plan Template

    Determine the Future of Microsoft Project for Your Organization

    Phase 3: Finalize Your Implementation Approach

    Phase 1: Determine Your Tool NeedsPhase 2: Weigh Your Implementation Options

    Phase 3: Finalize Your Implementation Approach

    • Step 1.1: Survey the M365 work management landscape
    • Step 1.2: Perform a process maturity assessment to help inform your M365 starting point
    • Step 1.3: Consider the right MS Project licenses for your stakeholders
    • Step 2.1: Get familiar with extending Project for the web using Power Apps
    • Step 2.2: Assess the MS Gold Partner Community
    • Step 3.1: Prepare an action plan

    Phase Outcomes

    An action plan concerning what to do with MS Project and M365 for your PMO or project organization.

    Step 3.1

    Prepare an action plan

    Activities

    • Compile the current state results
    • Prepare an Implementation Roadmap
    • Complete your presentation deck

    This step will walk you through the following activities:

    • Assess the impact of organizational change for the project
    • Develop your vision for stakeholders
    • Compile the current state results and document the implementation approach
    • Create clarity through a RACI and proposed implementation timeline

    This step usually involves the following participants:

    • Portfolio Manager (PMO Director)
    • PMO Admin Team
    • Business Analysts
    • Project Managers

    Outcomes of Step

    • Microsoft Project and M365 Action Plan

    Assess the impact of organizational change

    Be prepared to answer: “What’s in it for me?”

    Before jumping into licensing and third-party negotiations, ensure you’ve clearly assessed the impact of change.

    Tailor the work effort involved in each step, as necessary:

    1. Assess the impact
      • Use the impact assessment questions to identify change impacts.
    2. Plan for change
      • Document the impact on each stakeholder group.
      • Anticipate their response.
      • Curate a compelling message for each stakeholder group.
      • Develop a communication plan.
    3. Act according to plan
      • Identify your executive sponsor.
      • Enable the sponsor to drive change communication.
      • Coach managers on how they can drive change at the individual level.

    Impact Assessment Questions

    • Will the change impact how our clients/customers receive, consume, or engage with our products/services?
    • Will there be a price increase?
    • Will there be a change to compensation and/or rewards?
    • Will the vision or mission of the job change?
    • Will the change span multiple locations/time zones?
    • Are multiple products/services impacted by this change?
    • Will staffing levels change?
    • Will this change increase the workload?
    • Will the tools of the job be substantially different?
    • Will a new or different set of skills be needed?
    • Will there be a change in reporting relationships?
    • Will the workflow and approvals be changed?
    • Will there be a substantial change to scheduling and logistics?

    Master Organizational Change Management Practices blueprint

    Develop your vision for stakeholders

    After careful analysis and planning, it’s time to synthesize your findings to those most impacted by the change.

    Executive Brief

    • Prepare a compelling message about the current situation.
    • Outline the considerations the working group took into account when developing the action plan.
    • Succinctly describe the recommendations proposed by the working group.

    Goals

    • Identify the goals for the project.
    • Explain the details for each goal to develop the organizational rationale for the project.
    • These goals are the building blocks for the change communication that the executive sponsor will use to build a coalition of sponsors.

    Future State Vision

    • Quantify the high-level costs and benefits of moving forward with this project.
    • Articulate the future- state maturity level for both the project and project portfolio management process.
    • Reiterate the organizational rationale and drivers for change.

    "In failed transformations, you often find plenty of plans, directives, and programs, but no vision…A useful rule of thumb: If you can’t communicate the vision to someone in five minutes or less and get a reaction that signifies both understanding and interest, you are not yet done…" (John P. Kotter, Leading Change)

    Get ready to compile the analysis completed throughout this blueprint in the subsequent activities. The outputs will come together in your Microsoft Project and M365 Action Plan.

    Use the Microsoft Project & M365 Action Plan Template to help communicate your vision

    Our boardroom-ready presentation and communication template can be customized using the outputs of this blueprint.

    • Getting stakeholders to understand why you are recommending specific work management changes and then communicating exactly what those changes are and what they will cost is key to the success of your work management implementation.
    • To that end, the slides ahead walk you through how to customize the Microsoft Project & M365 Action Plan Template.
    • Many of the current-state analysis activities you completed during phase 1 of this blueprint can be directly made use of within the template as can the decisions you made and requirements you documented during phase 2.
    • By the end of this step, you will have a boardroom-ready presentation that will help you communicate your future-state vision.
    Screenshot of Info-Tech's Microsoft Project and M365 Action Plan Template with a note to 'Update the presentation or distribution date and insert your name, role, and organization'.

    Download Info-Tech’s Microsoft Project & M365 Action Plan Template

    3.1.1 Compile current state results

    1-3 hours

    Input: Force Field Analysis Tool, Tool Audit Workbook, Project Management Maturity Assessment Tool, Project Portfolio Management Maturity Assessment Tool

    Output: Section 1: Executive Brief, Section 2: Context and Constraints

    Materials: Microsoft Project and M365 Action Plan Template

    Participants: PMO Director, PMO Admin Team, Business Analysts, Project Managers

    1. As a group, review the results of the tools introduced throughout this blueprint. Use this information along with organizational knowledge to document the business context and current state.
    2. Update the driving forces for change and risks and constraints slides using your outputs from the Force Field Analysis Tool.
    3. Update the current tool landscape, tool satisfaction, and tool audit results slides using your outputs from the Tool Audit Workbook.
    4. Update the gap analysis results slides using your outputs from the Project Management and Project Portfolio Management Maturity Assessment Tools.

    Screenshots of 'Business Context and Current State' screen from the 'Force Field Analysis Tool', the 'Tool Audit Results' screen from the 'Tool Audit Workbook', and the 'Project Portfolio Management Gap Analysis Results' screen from the 'PM and PPM Maturity Assessments Tool'.

    Download the Microsoft Project & M365 Action Plan Template

    3.2.1 Option A: Prepare a DIY roadmap

    1-3 hours; Note: This is only applicable if you have chosen the DIY route

    Input: List of key PPM decision points, List of who is accountable for PPM decisions, List of who has PPM decision-making authority

    Output: Section 3: DIY Implementation Approach

    Materials: Microsoft Project and M365 Action Plan Template

    Participants: PMO Director, PMO Admin Team, Business Analysts, Project Managers

    1. As a group, review the results of the Microsoft Project and M365 Licensing Tool. Use this information along with organizational knowledge and discussion with the working group to complete Section 3: DIY Implementation Approach.
    2. Copy and paste your results from tab 5 of the Microsoft Project and M365 Licensing Tool. Update the Implementation Approach slide to detail the rationale for selecting this option.
    3. Update the Action Plan to articulate the details for total and annual costs of the proposed licensing solution.
    4. Facilitate a discussion to determine roles and responsibilities for the implementation. Based on the size, risk, and complexity of the implementation, create a reasonable timeline.
    Screenshots from the 'Microsoft Project and M365 Action Plan Template' outlining the 'DIY Implementation Approach'.

    Download the Microsoft Project and M365 Action Plan Template

    3.2.1 Option b: Prepare a Partner roadmap

    1-3 hours; Note: This is only applicable if you have chosen the Partner route

    Input: Microsoft Project and M365 Licensing Tool, Information on Microsoft Partners

    Output: Section 4: Microsoft Partner Implementation Route

    Materials: Microsoft Project and M365 Action Plan Template

    Participants: PMO Director, PMO Admin Team, Business Analysts, Project Managers

    1. As a group, review the results of the Microsoft Project and M365 Licensing Tool. Use this information along with organizational knowledge and discussion with the working group to complete Section 4: Microsoft Partner Implementation Route.
    2. Copy and paste your results from tab 5 of the Microsoft Project and M365 Licensing Tool. Update the Implementation Approach slide to detail the rationale for selecting this option.
    3. Develop an outreach plan for the Microsoft Partners you are planning to survey. Set targets for briefing dates and assign an individual to own any back-and-forth communication. Document the pros and cons of each Partner and gauge interest in continuing to analyze the vendor as a possible solution.
    4. Facilitate a discussion to determine roles and responsibilities for the implementation. Based on the size, risk, and complexity of the implementation, create a reasonable timeline.

    Screenshots from the 'Microsoft Project and M365 Action Plan Template' outlining the 'Microsoft Partner Implementation Route'.

    Microsoft Project and M365 Action Plan Template

    3.1.2 Complete your presentation deck

    1-2 hours

    Input: Outputs from the exercises in this blueprint

    Output: Section 5: Future-State Vision and Goals

    Materials: Microsoft Project and M365 Action Plan Template

    Participants: PMO Director, PMO Admin Team, Business Analysts, Project Managers

    1. Put the finishing touches on your presentation deck by documenting your future- state vision and goals.
    2. Prepare to present to your stakeholders.
      • Understand your audience, their needs and priorities, and their degree of knowledge and experiences with technology. This informs what to include in your presentation and how to position the message and goal.
    3. Review the deck beginning to end and check for spelling, grammar, and vertical logic.
    4. Practice delivering the vision for the project through several practice sessions.

    Screenshots from the 'Microsoft Project and M365 Action Plan Template' regarding finishing touches.

    Microsoft Project and M365 Action Plan Template

    Pitch your vision to key stakeholders

    There are multiple audiences for your pitch, and each audience requires a different level of detail when addressed. Depending on the outcomes expected from each audience, a suitable approach must be chosen. The format and information presented will vary significantly from group to group.

    Audience

    Key Contents

    Outcome

    Business Executives

    • Section 1: Executive Brief
    • Section 2: Context and Constraints
    • Section 5: Future-State Vision and Goals
    • Identify executive sponsor

    IT Leadership

    • Sections 1-5 with a focus on Section 3 or 4 depending on implementation approach
    • Get buy-in on proposed project
    • Identify skills or resourcing constraints

    Business Managers

    • Section 1: Executive Brief
    • Section 2: Context and Constraints
    • Section 5: Future-State Vision and Goals
    • Get feedback on proposed plan
    • Identify any unassessed risks and organizational impacts

    Business Users

    • Section 1: Executive Brief
    • Support the organizational change management process

    Summary of Accomplishment

    Problem Solved

    Knowledge Gained
    • How you work: Work management and the various ways of working (personal and team task management, strategic project portfolio management, formal project management, and enterprise project and portfolio management).
    • Where you need to go: Project portfolio management and project management current- and target-state maturity levels.
    • What you need: Microsoft Project Plans and requisite M365 licensing.
    • The skills you need: Extending Project for the web.
    • Who you need to work with: Get to know the Microsoft Gold Partner community.
    Deliverables Completed
    • M365 Tool Guides
    • Tool Audit Workbook
    • Force Field Analysis Tool
    • Project Portfolio Management Maturity Assessment Tool
    • Project Management Maturity Assessment Tool
    • Microsoft Project & M365 Action Plan Template

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop

    Contact your account representative for more information
    workshops@infotech.com
    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

    Photo of Barry Cousins.
    Contact your account representative for more information
    workshops@infotech.com 1-888-670-8889

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Perform a work management tool audit

    Gain insight into the tools that drive value or fail to drive value across your work management landscape with a view to streamline the organization’s tool ecosystem.

    Prepare an action plan for your tool needs

    Prepare the right work management tool recommendations for your IT teams and/or business units and develop a boardroom-ready presentation to communicate needs and next steps.

    Research Contributors and Experts

    Neeta Manghnani
    PMO Strategist
    PMO Outsource Ltd.

    Photo of Neeta Manghnani, PMO Strategist, PMO Outsource Ltd.
    • Innovative, performance-driven executive with significant experience managing Portfolios, Programs & Projects, and technical systems for international corporations with complex requirements. A hands-on, dynamic leader with over 20 years of experience guiding and motivating cross-functional teams. Highly creative and brings a blend of business acumen and expertise in multiple IT disciplines, to maximize the corporate benefit from capital investments.
    • Successfully deploys inventive solutions to automate processes and improve the functionality, scalability and security of critical business systems and applications. Leverages PMO/PPM management and leadership skills to meet the strategic goals and business initiatives.

    Robert Strickland
    Principal Consultant & Owner
    PMO Outsource Ltd.

    Photo of Robert Strickland, Principal Consultant and Owner, PMO Outsource Ltd.
    • Successful entrepreneur, leader, and technologist for over 15 years, is passionate about helping organizations leverage the value of SharePoint, O365, Project Online, Teams and the Power Platform. Expertise in implementing portals, workflows and collaboration experiences that create business value. Strategic manager with years of successful experience building businesses, developing custom solutions, delivering projects, and managing budgets. Strong transformational leader on large implementations with a technical pedigree.
    • A digital transformation leader helping clients move to the cloud, collaborate, automate their business processes and eliminate paper forms, spreadsheets and other manual practices.

    Related Info-Tech Research

    • Develop a Project Portfolio Management Strategy
      Time is money; spend it wisely.
    • Establish Realistic IT Resource Management Practices
      Holistically balance IT supply and demand to avoid overallocation.
    • Tailor Project Management Processes to Fit Your Projects
      Spend less time managing processes and more time delivering results

    Bibliography

    “13 Reasons not to use Microsoft Project.” Celoxis, 14 Sept. 2018. Accessed 17 Sept. 2021.

    Advisicon. “Project Online vs Project for the Web.” YouTube, 13 Nov. 2013. Accessed 17 Sept. 2021.

    Branscombe, Mary. “Is Project Online ready to replace Microsoft Project?” TechRepublic, 23 Jan. 2020. Accessed 17 Sept. 2021.

    Chemistruck, Dan. “The Complete Office 365 and Microsoft 365 Licensing Comparison.” Infused Innovations, 4 April 2019. Accessed 17 Sept. 2021.

    “Compare Project management solutions and costs.” Microsoft. Accessed 17 Sept. 2021.

    Day to Day Dynamics 365. “Microsoft Project for the web - Model-driven app.” YouTube, 29 Oct. 2019. Accessed 17 Sept. 2021.

    “Deploying Project for the web.” Microsoft, 24 Aug. 2021. Accessed 17 Sept. 2021.

    “Differentiate your business by attaining Microsoft competencies.” Microsoft, 26 Jan. 2021. Accessed 17 Sept. 2021.

    “Extend & Integrate Microsoft Project.” Western Principles. Accessed 17 Sept. 2021.

    “Get Started with Project Power App.” Microsoft. Accessed 17 Sept. 2021.

    Hosking, Ben. “Why low code software development is eating the world.” DevGenius, May 2021. Accessed 17 Sept. 2021.

    “How in the World is MS Project Still a Leading PM Software?” CBT Nuggets, 12 Nov. 2018. Accessed 17 Sept. 2021.

    Integent. “Project for the Web - Create a Program Entity and a model-driven app then expose in Microsoft Teams.” YouTube, 25 Mar. 2020. Accessed 17 Sept. 2021.

    “Introducing the Project Accelerator.” Microsoft, 10 Mar. 2021. Accessed 17 Sept. 2021.

    “Join the Microsoft Partner Network.” Microsoft. Accessed 17 Sept. 2021.

    Kaneko, Judy. “How Productivity Tools Can Lead to a Loss of Productivity.” Bluescape, 2 Mar. 2018 Accessed 17 Sept. 2021.

    Kotter, John. Leading Change. Harvard Business School Press, 1996.

    Leis, Merily. “What is Work Management.” Scoro. Accessed 17 Sept. 2021.

    Liu, Shanhong. “Number of Office 365 company users worldwide as of June 2021, by leading country.” Statistica, 2021. Web.

    Manghnani, Neeta. “5 Benefits of PPM tools and PMO process automation.” PMO Outsource Ltd., 11 Apr. 2021. Accessed 17 Sept. 2021.

    “Microsoft 365 and Office 365 plan options.” Microsoft, 31 Aug. 2021. Accessed 17 Sept. 2021.

    “Microsoft 365 for enterprise.” Microsoft. Accessed 17 Sept. 2021

    “Microsoft Office 365 Usage Statistics.” Thexyz blog, 18 Sept. 2020. Accessed 17 Sept. 2021.

    “Microsoft Power Apps, Microsoft Power Automate and Microsoft Power Virtual Agents Licensing Guide.” Microsoft, June 2021. Web.

    “Microsoft Project service description.” Microsoft, 31 Aug. 2021. Accessed 17 Sept. 2021.

    “Microsoft Project Statistics.” Integent Blog, 12 Dec. 2013. Accessed 17 Sept. 2021.

    Nanji, Aadil . Modernize Your Microsoft Licensing for the Cloud Era. Info-Tech Research Group, 12 Mar. 2020. Accessed 17 Sept. 2021.

    “Number of Office 365 company users worldwide as of June 2021, by leading country.” Statista, 8 June 2021. Accessed 17 Sept. 2021.

    “Overcoming disruption in a digital world.” Asana. Accessed 17 Sept. 2021.

    Pajunen, Antti. “Customizing and extending Project for the web.” Day to Day Dynamics 365, 20 Jan. 2020. Accessed 17 Sept. 2021.

    “Partner Center Documentation.” Microsoft. Accessed 17 Sept. 2021.

    Pragmatic Works. “Building First Power Apps Model Driven Application.” YouTube, 21 June 2019. Accessed 17 Sept. 2021.

    “Project architecture overview.” Microsoft, 27 Mar. 2020. Accessed 17 Sept. 2021.

    “Project for the web Accelerator.” GitHub. Accessed 17 Sept. 2021.

    “Project for the web admin help.” Microsoft, 28 Oct. 2019. Accessed 17 Sept. 2021.

    “Project for the Web – The New Microsoft Project.” TPG. Accessed 17 Sept. 2021.

    “Project for the Web Security Roles.” Microsoft, 1 July 2021. Accessed 17 Sept. 2021.

    “Project Online: Project For The Web vs Microsoft Project vs Planner vs Project Online.” PM Connection, 30 Nov. 2020. Accessed 17 Sept. 2021.

    Redmond, Tony. “Office 365 Insights from Microsoft’s FY21 Q2 Results.” Office 365 for IT Pros, 28 Jan. 2021. Accessed 17 Sept. 2021.

    Reimagine Project Management with Microsoft. “Advanced deployment for Project for the web.” YouTube, 4 Aug. 2021. Accessed 17 Sept. 2021.

    Reimagine Project Management with Microsoft. “Overview of Microsoft Project.” YouTube, 29 July 2021. Accessed 17 Sept. 2021.

    “See which partner offer is right for you.” Microsoft. Accessed 17 Sept. 2021.

    Shalomova, Anna. “Microsoft Project for Web 2019 vs. Project Online: What’s Best for Enterprise Project Management?” FluentPro, 23 July 2020. Accessed 17 Sept. 2021.

    Speed, Richard. “One Project to rule them all: Microsoft plots end to Project Online while nervous Server looks on.” The Register, 28 Sept. 2018. Accessed 17 Sept. 2021.

    Spataro, Jared. “A new vision for modern work management with Microsoft Project.” Microsoft, 25 Sept. 2018. Accessed 17 Sept. 2021.

    Stickel, Robert. “OnePlan Recognized as Winner of 2021 Microsoft Project & Portfolio Management Partner of the Year.” OnePlan, 8 July 2021. Accessed 17 Sept. 2021.

    Stickel, Robert. “The Future of Project Online.” OnePlan, 2 Mar. 2021. Accessed 17 Sept. 2021.

    Stickel, Robert. “What It Means to be Adaptive.” OnePlan, 24 May 2021. Accessed 17 Sept. 2021.

    “The Future of Microsoft Project Online.” OnePlan. Accessed 17 Sept. 2021.

    Weller, Joe. “Demystifying Microsoft Project Licensing.” Smartsheet, 10 Mar. 2016. Accessed 17 Sept. 2021.

    Western Principles Inc. “Dump the Spreadsheets for Microsoft Project Online.” YouTube, 2 July 2020. Accessed 17 Sept. 2021.

    Western Principles Inc. “Project Online or Project for the web? Which project management system should you use?” YouTube, 11 Aug. 2020. Accessed 17 Sept. 2021.

    “What is Power Query?” Microsoft, 22 July 2021. Web.

    Wicresoft. “The Power of the New Microsoft Project and Microsoft 365.” YouTube, 29 May 2020. Accessed 17 Sept. 2021.

    Wicresoft. “Why the Microsoft Power Platform is the Future of PPM.” YouTube, 11 June 2020. Accessed 17 Sept. 2021.

    Achieve IT Spend & Staffing Transparency

    • IT spend has increased in volume and complexity, but how IT spend decisions are made has not kept pace.
    • In most organizations, technology has evolved faster than the business’ understanding of what it is, how it works, and what it can do for them.
    • How traditional financial accounting methods are applied to IT expenditure don’t align well to modern IT realities.
    • IT is often directed to make cuts when cost optimization and targeted investment are what’s really needed to sustain and grow the organization in the long term.

    Our Advice

    Critical Insight

    • Meaningful conversations about IT spend don’t happen nearly as frequently as they should. When they do happen, they are often inhibited by a lack of IT financial management (ITFM) maturity combined with the absence of a shared vocabulary between IT, the CFO, and other business function leaders.
    • Supporting data about actual technology spend taking place that would inform decision making is often scattered and incomplete.
    • Creating transparency in your IT financial data is essential to powering collaborative and informed technology spend decisions.

    Impact and Result

    • Understand the uses and benefits of making your IT spend more transparent.
    • Discover and organize your IT financial data.
    • Map your organization’s total technology spend against four IT stakeholder views: CFO, CIO, CXO, and CEO.
    • Gain vocabulary and facts that will help you tell the true story of IT spend.

    Members may also be interested in Info-Tech's IT Spend & Staffing Benchmarking Service.

    Achieve IT Spend & Staffing Transparency Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Achieve IT Spend & Staffing Transparency Deck – A detailed, do-it-yourself framework and process for clearly mapping your organization’s total technology spend.

    This deck mirrors Info-Tech’s own internal methods for delivering its IT Spend & Staffing Benchmarking Service in a do-it-yourself format. Based on Info-Tech’s proven ITFM Cost Model, it includes an IT spend mapping readiness assessment, expert advice for sourcing and organizing your financial data, a methodology for mapping IT staff and vendor spend according to four key stakeholder views (CFO, CIO, CXO, and CEO), and guidance on how to analyze and share your results.

    • Achieve IT Spend & Staffing Transparency Storyboard

    2. IT Spend & Staffing Transparency Workbook – A structured Excel tool that allows you to allocate your IT spend across four key stakeholder views and generate high-impact visualizations.

    This workbook offers a step-by-step approach for mapping and visualizing your organization’s true IT spend.

    • IT Spend & Staffing Transparency Workbook

    3. IT Spend & Staffing Transparency Executive Presentation Template – A PowerPoint template that helps you summarize and showcase key results from your IT spend transparency exercise.

    This presentation template offers a recommended structure for introducing key executive stakeholders to your organization’s true IT spending behavior and IT financial management as a whole.

    • IT Spend & Staffing Transparency Executive Presentation Template

    Infographic

    Further reading

    Achieve IT Spend & Staffing Transparency

    Lay a foundation for meaningful conversations with the business.

    Analyst Perspective

    Take the first step in your IT spend journey.

    Talking about money is hard. Talking to the CEO, CFO, and other business leaders about money is even harder, especially if IT is seen as just a cost center, is not understood by stakeholders, or is simply taken for granted. In times of economic hardship, already lean IT operations are tasked with becoming even leaner.

    When there's little fat to trim, making IT spend decisions without understanding the spend's origin, location, extent, and purpose can lead to mistakes that weaken, not strengthen, the organization.

    The first step in optimizing IT spend decisions is setting a baseline. This means having a comprehensive and transparent view of all technology spend, organization-wide. This baseline is the only way to have meaningful, data-driven conversations with stakeholders and approvers around what IT delivers to the business and the implications of making changes to IT funding.

    Before stepping forward in your IT financial management journey, know exactly where you're standing today.

    Jennifer Perrier, Principal Research Director, ITFM Practice

    Jennifer Perrier
    Principal Research Director, ITFM Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge Common Obstacles Info-Tech's Approach
    IT spend has increased in volume and complexity, but how IT spend decisions are made has not kept pace:
    • Technology has evolved faster than the business' understanding of what it is, how it works, and what it can do for them.
    • How traditional financial accounting methods are applied doesn't align well to modern IT realities.
    • IT is directed to make cuts when cost optimization and targeted investment are what's really needed to sustain and grow the organization in the long-term.
    Meaningful conversations about IT spend don't happen nearly as much as they should. This is often due to:
    • A lack of maturity in how ITFM (IT financial management) is executed within IT and across the organization as a whole.
    • The absence of a shared vocabulary between IT, the CFO, and other business function leaders.
    • Scattered and incomplete data about the actual technology spend taking place in the organization.
    Lay a foundation for meaningful conversations and informed decision-making around IT spend.
    • Understand the uses and benefits of making your IT spend more transparent.
    • Discover and organize your IT financial data.
    • Map your organization's total technology spend against four IT stakeholder views: CFO, CIO, CXO, and CEO.
    • Gain both vocabulary and facts that will help you tell the true story of IT spend.

    Info-Tech Insight
    Create transparency in your IT financial data to power both collaborative and informed technology spend decisions.

    IT spend has grown alongside IT complexity

    IT spend has grown alongside IT complexity

    Growth creates change ... and challenges

    IT has become more integral to business operations and achievement of strategic goals, driving complexity in how IT funds are allocated and managed.

    How IT funds are spent has changed
    Value demonstration is two-pronged. The first is return on performance investment, focused on formal and objective goals, metrics, and KPIs. The second is stakeholder satisfaction, a more subjective measure driven by IT-business alignment and relationship. IT leaders must do both well to prove and promote IT's value.
    Funding decision cadence has sped up
    Many organizations have moved from three- to five-year strategic planning cycles to one-year planning horizons or less, most noticeably since the 2008/2009 recession. Not only has the pace of technological change accelerated, but so too has volatility in the broader business and economic environments, forcing rapid response.
    Justification rigor around IT spend has increased
    The need for formal business cases, proposals, and participation in formal governance processes has increased, as has demand for financial transparency. With many IT departments still reporting into the CFO, there's no getting around it - today's IT leaders need to possess financial management savvy.
    Clearly showing business value has become priority
    IT spend has moved from the purchase of discrete hardware and software tools traditionally associated with IT to the need to address larger-scale issues around interoperability, integration, and virtualized cloud solutions. Today's focus is more on big-picture architecture than on day-to-day operations.

    ITFM capabilities haven't grown with IT spend

    IT still needs to prove itself.

    Increased integration with the core business has made it a priority for the head of IT to be well-versed in business language and practice, specifically in the areas of measurement and financial management.

    However, IT staff across all industries aren't very confident in how well IT is doing in managing its finances via three core processes:

    • Accounting of costs and budgets.
    • Optimizing costs to gain the best return on investment.
    • Demonstrating IT's value to the business.

    Recent data from 4,137 respondents to Info-Tech's IT Management & Governance Diagnostic shows that while most IT staff feel that these three financial management processes are important, notably fewer feel that IT management is effective at executing them.

    IT leadership's capabilities around fundamental cost data capture appear to be lagging, not to mention the essential value-added capabilities around optimizing costs and showing how IT contributes to business value.

    Graph of Cost and Budget Management

    Graph of Cost Optimization

    Questions for support transition

    Source: IT Management & Governance Diagnostic, Info-Tech Research Group, 2022.

    Take the perspective of key IT stakeholders as a first step in ITFM capability improvement

    Other business unit leaders need to deliver on their own specific and unique accountabilities. Create true IT spend transparency by accounting for these multiple perspectives.

    Exactly how is IT spending all that money we give them?
    Many IT costs, like back-end infrastructure and apps maintenance, can be invisible to the business.

    Why doesn't my department get more support from IT?
    Some business needs won't align with spend priorities, while others seem to take more than their fair share.

    Does the amount we spend on each IT service make sense?
    IT will get little done or fall short of meeting service level requirements without appropriate funding.

    I know what IT costs us, but what is it really worth?
    Questions about value arise as IT investment and spend increase. How to answer these questions is critical.

    At the end of the day, telling IT's spend story to the business is a significant challenge if you don't understand your audience, have a shared vocabulary, or use a repeatable framework.

    Mapping your IT spend against a reusable framework helps generate transparency

    A framework makes transparency possible by simplifying methods, creating common language, and reducing noise.

    However, the best methodological framework won't work if the materials and information plugged into it are weak. With IT spend, the materials and information are your staff and your vendor financial data. To achieve true transparency, inputs must have the following three characteristics:

    Availability Reliability Usability
    The data and information are up-to-date and accessible when needed. The data and information are accurate, complete, and verifiable. The data and information are clearly defined, consistently and predictably organized, consumable, and meaningful for decision-making.

    A framework is an organizing principle. When it comes to better understanding your IT spend, the things being organized by a framework are your method and your data.

    If your IT spend information is transparent, you have an excellent foundation for having the right conversations with the right people in order to make strategically impactful decisions.

    Info-Tech's approach enables meaningful dialogue with stakeholders about IT spend

    View of meaningful dialogue with stakeholders about IT spend

    Investing time in preparing and mapping your IT spend data enables better IT governance

    While other IT spend transparency methods exist, Info-Tech's is designed to be straightforward and tactical.

    Info-Tech method for IT spend transparency

    Put your data to work instead of being put to work by your data.

    Introducing Info-Tech's methodology for creating transparency on technology spend

    1. Know your objectives 2. Gather required data 3. Map your IT staff spend 4. Map your IT vendor spend 5. Identify implications for IT
    Phase Steps
    1. Review your business context
    2. Set IT staff and vendor spend transparency objectives
    3. Assess effort and readiness
    1. Collect IT staff spend data
    2. Collect IT vendor spend data
    3. Define industry-specific CXO Business View categories
    1. Categorize IT staff spend in each of the four views
    2. Validate
    1. Categorize IT vendor spend in each of the four views
    2. Validate
    1. Analyze your findings
    2. Craft your key messages
    3. Create an executive presentation
    Phase Outcomes Goals and scope for your IT spend and staffing transparency effort. Information and data required to perform the IT staff and vendor spend transparency initiative. A mapping of the allocation of IT staff spend across the four views of the Info-Tech ITFM Cost Model. A mapping of the allocation of IT vendor spend across the four views of the Info-Tech ITFM Cost Model. An analysis of your results and a presentation to aid your communication of findings with stakeholders.

    Insight Summary

    Overarching insight
    Take the perspective of key stakeholders and lay out your organization's complete IT spend footprint in terms they understand to enable meaningful conversations and start evolving your IT financial management capability.

    Phase 1 insight
    Your IT spend transparency efforts are only useful if you actually do something with the outcomes of those efforts. Be clear about where you want your IT transparency journey to take you.

    Phase 2 insight
    Your IT spend transparency efforts are only as good as the quality of your inputs. Take the time to properly source, clean, and organize your data.

    Phase 3 insight
    Map your IT staff spend data first. It involves work but is relatively straightforward. Practice your mapping approach here and carry forward your lessons learned.

    Phase 4 insight
    The importance of good, usable data will become apparent when mapping your IT vendor spend. Apply consistent and meaningful vendor labels to enable true aggregation and insight.

    Phase 5 insight
    Communicating your final IT spend transparency mapping with executive stakeholders is your opportunity to debut IT financial management as not just an IT issue but an organization-wide concern.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals.

    Use this tool in Phases 1-4

    IT Spend & Staffing Transparency Workbook

    Input your IT staff and vendor spend data to generate visual outputs for analysis and presentation in your communications.

    Key deliverable:

    IT Spend & Staffing Transparency Executive Presentation

    Create a showcase for your newly-transparent IT staff and vendor spend data and present it to key business stakeholders.

    Use this tool in Phase 5

    IT and business blueprint benefits

    IT Benefits Business Benefits
    • Gain insight into exactly where you're spending IT funds on hardware, software, service providers, and the workforce.
    • Understand how much it's costing IT to deliver specific IT services.
    • Illustrate differences in business consumption of IT spend.
    • Learn the ratio of spend allocated to innovation vs. growth vs. keeping the lights on (KTLO).
    • Develop a series of core IT spend metrics including IT spend as a percent of revenue, IT spend per organization employee, and IT spend per IT staff member.
    • Create a complete IT spend baseline to serve as a foundation for future benchmarking, cost optimization, and other forms of IT financial analysis.
    • Understand the relative allocation of IT spend across capital vs. operational expenditure.
    • See the degree to which IT differentially supports and enables organizational goals, strategies, and functions.
    • Have better data for informing the organization's IT spend allocation and prioritization decisions.
    • Gain better visibility into real-life IT spending behaviors, cadences, and patterns.
    • Identify potential areas of spend waste as well as underinvestment.
    • Understand the true value that IT brings to the business.

    Measure the value of this blueprint

    You will know that your IT spend and staffing transparency effort is succeeding when:

    • Your understanding of where technology funds are really being allocated is comprehensive.
    • You're having active and meaningful dialogue with key stakeholders about IT spend issues.
    • IT spend transparency is a permanent part of your IT financial management toolkit.

    In phase 1 of this blueprint, we will help you identify initiatives where you can leverage the outcomes of your IT spend and staffing transparency effort.

    In phases 2, 3, and 4, we will guide you through the process of mapping your IT staff and vendor spend data so you can generate your own IT spend metrics based on reliable sources and verifiable facts.

    Win #1: Knowing how to reliably source the financial data you need to make decisions.

    Win #2: Getting your IT spend data in an organized format that you can actually analyze.

    Win #3: Having a framework that puts IT spend in a language stakeholders understand.

    Win #4: Gaining a practical starting point to mature ITFM practices like cost optimization.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit Guided Implementation Workshop Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    Info-Tech recommends the following calls in your Guided Implementation.

    Phase 1: Know your objectives Phase 2: Gather required data Phase 3: Map your IT staff spend Phase 4: Map your IT vendor spend Phase 5: Identify implications for IT
    Call #1: Discuss your IT spend and staffing transparency objectives and readiness. Call #2: Review spend and staffing data sources and identify data organization and cleanup needs. Call #3: Review your mapped IT staff spend and resolve lingering challenges. Call #4: Review your mapped IT vendor spend and resolve lingering challenges. Call #5: Analyze your mapping outputs for opportunities and devise next steps.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between four to six calls over the course of two to three months.

    Want even more help with your IT spend transparency effort?

    Let us fast-track your IT spend journey.

    The path to IT financial management maturity starts with knowing exactly where your money is going. To streamline this effort, Info-Tech offers an IT Spend & Staffing Benchmarking service that provides full transparency into where your money is going without any heavy lifting on your part.

    This unique service features:

    • A client-proven approach to meet your IT spend transparency goals.
    • Vendor and staff spend mapping that reveals business consumption of IT.
    • Industry benchmarking to compare your spending and staffing to that of your peers.
    • Results in a fraction of the time with much less effort than going it alone.
    • Expert review of results and ongoing discussions with Info-Tech analysts.

    If you'd like Info-Tech to pave the way to IT spend transparency, contact your account manager for more information - we're happy to talk anytime.

    Phase 1

    Know Your Objectives

    This phase will walk you through the following activities:

    • Establish IT spend and staffing transparency uses and objectives
    • Assess your readiness to tackle IT spend and staffing transparency

    This phase involves the following participants:

    • Head of IT
    • IT financial lead
    • Other members of IT management

    Phase 1: Know your objectives

    Envision what transparency can do.

    You're at the very beginning of your IT spend transparency journey. In this phase you will:

    • Set your objectives for making your IT spend and staffing transparent.
    • Assess your readiness to tackle the exercise and gauge how much work you'll need to do in order to do it well.

    "I've heard this a lot lately from clients: 'I've got my hands on this data, but it's not structured in a way that will allow me to make any decisions about it. I have these journal entries and they have some accounting codes, GL descriptors, cost objects, and some vendors, but it's not enough detail to make any decisions about my services, my applications, my asset spend.'"
    - Angie Reynolds, Principal Research Director, ITFM Practice, Info-Tech Research Group

    Transparency positively enables both business outcomes and the practice of business ethics

    However, transparency's real superpower is in how it provides fact-based context.

    • More accurate and relevant data for decision-making.
    • Better managed and more impactful financial outcomes.
    • Increased inclusion of people in the decisions that affect them.
    • Clearer accountabilities for organizational efficiency and effectiveness goals.
    • Concrete proof that business priorities and decisions are being acted on and implemented.
    • Greater trust and respect between IT and the business.
    • Demonstration of integrity in how funds are being used.

    IT spend transparency efforts are only useful if you actually do something with the outputs

    Identify in advance how you plan to leverage IT spend transparency outcomes.

    CFO expense view

    • Demonstrate actual IT costs at the right level of granularity.
    • Update/change the categories finance uses to track IT spend.
    • Adjust the expected CapEx/OpEx ratio.

    CXO business view

    • Calculate consumption of IT resources by department.
    • Implement a showback/chargeback mechanism.
    • Change the funding conversation about proposed IT projects.

    CIO service view

    • Calculate the total cost to deliver a specific IT service.
    • Adjust the IT service spend-to-value ratio as per business priorities.
    • Rightsize IT service levels to reflect true value to the business.

    CEO innovation view

    • Formalize the organization's position on use of cloud/outsourcing.
    • Reduce the portion of spend dedicated to "keeping the lights on."
    • Develop a plan for boosting commitment to innovation investment.

    When determining your end objectives, think about the real questions IT is being asked by the business and how IT spend transparency will help you answer them.

    CFO: Financial accounting perspective

    IT spend used to be looked at from a strictly financial accounting perspective - this is the view of the CFO and the finance department. Their question, "exactly how is IT spending all that money we give them," is really about how money is distributed across different asset classes. This question breaks down into other questions that IT leaders needs to ask themselves in order to provide answers:

    • How should I classify my IT costs? What are the standard categories you need to have that are meaningful to folks crunching the corporate numbers? If you're too detailed, it won't make sense to them. If you pick outmoded categories, you'll have to adjust in the future as IT evolves, which makes tracking year-over-year spend patterns harder.
    • What information should I include in my plans and reports? This is about two things. One is about communicating with the finance department in language that reduces back-and-forth and eliminates misinterpretation. The other is about aligning with the categories the finance department uses to track financial data in the general ledger.
    • How do I justify current spend? This is about clarity and transparency. Specifically itemizing spend into categories that are meaningful for your audience does a lot of justification work for you since you don't have to re-explain what everything means.
    • How do I justify a budget increase? In a declining economy, this question may not be appropriate. However, establishing a baseline puts you in a better position to discuss spend requirements based on past performance and to focus the conversation.

    Exactly how is IT spending all that money we give them?

    Example
    Asset Class % IT Spend
    Workforce 42.72%
    Software - Cloud 9.26%
    Software - On Prem 13.61%
    Hardware - Cloud 0.59%
    Hardware - On Prem 15.68%
    Contract Services 18.14%
    Info-Tech IT Spend & Staffing Studies, 2022.

    CIO: IT operations management perspective

    As the CIO role was adopted, IT spend was viewed from the IT operations management perspective. Optimizing the IT delivery model is a critical step to reducing time to provision services. For the IT leader, the questions they need to ask themselves are:

    • What's the impact of cloud adoption on speed of delivery? Leveraging a SaaS solution can reduce time to deployment as well as increase your ability to scale; however, integration with other functionality will still be a challenge that will incur costs.
    • Where can I improve spend efficiency? This is about optimizing spend in your IT delivery model. What service levels does the business require and what's the most cost-effective way to meet those levels without incurring significant technical debt?
    • Is my support model optimized? By reviewing where support staff are focused and which services are using most of your resources, you can investigate underlying drivers of your staffing requirements. If staff costs in support of a business function are high, perhaps the portfolio of applications needs to be reviewed.
    • How does our spend compare to others? Benchmarking against peers is a useful input, but reflects common practice, not best practice. For example, if you need to invest in IT security, your entire industry is lagging on this front, and you happen to be doing slightly better than most, then bringing forth this benchmark won't help you make the case. Starting with year-over-year internal benchmarking is essential - establish your categories, establish your baseline, and track it consistently.

    Does the amount we spend on each IT service make sense?

    Example
    Service Area % IT Spend
    App Development 9.06%
    App Maintenance 30.36%
    Hosting/Network 25.39%
    End User 18.59%
    Data & BI 3.58%
    Security & Risk 5.21%
    IT Management 7.82%
    Info-Tech IT Spend & Staffing Studies, 2022.

    CXO: Business unit perspective

    As business requests have increased, so too has the importance of the business unit perspective. Each business function has a unique mandate to fulfill in the organization and also competes with other business functions for IT resources. By understanding business consumption of IT, organizations can bring transparency and drive a different dialog with their business partners. Every IT leader should find out the answers to these questions:

    • Which business units consume the most IT resources? By understanding consumption of IT by business function, IT organizations can clearly articulate which business units are getting the highest share of IT resources. This will bring much needed clarity when it comes to IT spend prioritization and investment.
    • Which business units are underserved by IT? By providing full transparency into where all IT spend is consumed, organizations can determine if certain business functions may need increased attention in an upcoming budget cycle. Knowing which levers to pull is critical in aligning IT activities with delivering business value.
    • How do I best communicate spend data internally? Different audiences need information presented to them differently. This is not just about the language - it's also about the frequency, format, and channel you use. Ask your audiences directly what methods of communication stand the best chance of you being seen and heard.
    • Where do I need better business sponsorship for IT projects? If a lot of IT spend is going toward one or two business units, the leaders of those units need to be active sponsors of IT projects and associated spend that will benefit all users.

    Why doesn't my business unit get more support from IT?

    Example
    Business Function % IT Spend
    HR Department 6.16%
    Finance Department 15.15%
    IT Department 10.69%
    Business Function 1 23.80%
    Business Function 2 10.20%
    Business Function 3 6.80%
    Business Function 4 27.20%
    Source: Info-Tech IT Spend & Staffing Studies, 2022.

    CEO: Strategic vs. operations perspective

    With a business view now available, evaluating IT spend from a strategic standpoint is critical. Simply put, how much is being spent keeping the lights on (KTLO) in the organization versus supporting business or organizational growth versus net-new business innovations? This view is not about what IT costs but rather how it is being prioritized to drive revenue, operating margin, or market share. Here are the questions IT leaders should be asking themselves along with the organization's executive leadership and the CEO:

    • Why is KTLO spend so high? This question is a good gauge of where the line is drawn between operations and strategy. Many IT departments want to reduce time spent on maintenance and redeploy resource investment toward strategic projects. This reallocation must include retiring or eliminating technologies to free up funds.
    • What should our operational spend priorities be? Maintenance and basic operations aren't going anywhere. The issue is what is necessary and what could be done more wisely. Are you throwing good money after bad on a high-maintenance legacy system?
    • Which projects and investments should we prioritize? The answer to this question should tightly align with business strategic goals and account for the lion's share of growth and innovation spend.
    • Are we spending enough on innovative initiatives? This is the ultimate dialogue between business partners, the CEO, and IT that needs to take place, yet often doesn't.

    I know what IT costs us, but what is it really worth?

    Example
    Focus Area % IT Spend
    KTLO 89.16%
    Grow 7.18%
    Innovate 3.66%
    Info-Tech IT Spend Studies, 2022.

    Be clear about where you want your IT spend transparency journey to take you in real life

    Transparent IT spend data will allow you to have conversations you couldn't have before. Consider this example of how telling an IT spend story could evolve.

    I want to ...
    Analyze the impact of the cloud on IT operating expenditure to update finance's expectations of a realistic IT CapEx/OpEx ratio now and into the future.

    To address the problem of ...

    • Many of our key software vendors have eliminated on-premises products and only offer software as an OpEx service.
    • Assumptions that modern IT solutions are largely on-premises and can be treated as capitalizable assets are out-of-date and don't reflect IT financial realities.

    And will use transparency to ...

    • Provide the CFO with specific, accurate, and annotated OpEx by product/service and vendor for all cloud-based and on-premises solutions.
    • Facilitate a realistic calculation of CapEx/OpEx distribution based on actuals, as well as let us develop defendable projections of OpEx into the future based on typical annual service fee increases and anticipated growth in the number of users/licenses.

    1.1 Establish ITFM objectives that leverage IT spend transparency

    Duration: One hour

    1. Consider the problems or issues commonly voiced by the business about IT, as well as your own ongoing challenges in communicating with stakeholders. Document these problems/issues as questions or statements as spoken by a person. To help structure your brainstorming, consider these general process domains and examples:
      1. Spend tracking and reporting. E.g. Why is IT's OpEx so high? We need you to increase IT's percentage of CapEx.
      2. Service levels and business continuity. E.g. Why do we need to hire more service desk staff? There are more of them in IT than any other role.
      3. Project and operations resourcing. E.g. Why can't IT just buy this new app we want? It's not very expensive.
      4. Strategy and innovation. E.g. Did output increase or decrease last quarter per input unit? IT should be able to run those reports for us.
    2. For each problem/issue noted, identify:
      1. The source(s) of the question/concern (e.g. CEO, CFO, CXO, CIO).
      2. The financial process involved (e.g. accurate costing, verification of costs, building a business case to invest).
    3. For each problem/issue, identify a broader project-style initiative where having transparent IT spend data is a valuable input. One initiative may apply to multiple problems/issues. For each initiative:
      1. Give it a working title.
      2. State the goal for the initiative with reference to ITFM aspirations.
      3. Identify key stakeholders (these will likely overlap with the problem/issue source).
      4. Set general time frames for resolution.

    Document your outputs on the slide immediately following the instruction slides for this exercise. Examples are included.

    1.1 Establish ITFM objectives that leverage IT spend transparency

    Input Output
    • Organizational knowledge
    • List of the potential uses and objectives of transparent IT spend and staffing data
    Materials Participants
    • Whiteboard/flip charts
    • Head of IT
    • IT financial lead

    ITFM initiatives that leverage transparency

    Problem/Issue Statement Source/ Stakeholder Associated ITFM Process Potential Initiative Initiative Goal Time Frame
    "Why is IT's OpEx so high? We need you to increase IT's percentage of CapEx." CFO IT spend categorization and reporting. Analyze the impact of the cloud on IT operating expenditure. To update finance's expectations of a realistic IT CapEx/OpEx ratio. <12 months
    "Why do we need to hire more service desk staff? There are more of them in IT than any other role." CFO, VP of HR Business case for hiring IT staff. Document ongoing IT support requirements for proposed ERP platform migration project. To ensure sufficient resources for an anticipated increase in service desk tickets due to implementation of a new ERP system. 1-3 months
    "Why can't IT just buy this new app we want? It's not very expensive." CEO, all CXOs/VPs Total cost of technology ownership. Develop a mechanism to review the lifecycle impact on IT of proposed technology purchases. To determine if functionality of new tool already exists in the org. and the total cost of ownership of a new app. <6 months
    "Did output increase or decrease last quarter per input unit? IT should be able to run those reports for us." CEO, CFO, VP of Production IT service costing. Develop an organizational business intelligence strategy. To create a comprehensive plan for evolving BI capability in the organization and transferring report development to users. Select a department for pilot. <12 months

    Your organization's governance culture will affect how you approach transparency

    Know your governance culture Lower Governance
    • Few regulations.
    • Financial reporting is largely internal.
    • Change is frequent and rapid.
    • Informal or nonexistent mechanisms and structures.
    • Data sharing behavior driven by competitive concerns.
    Higher Governance
    • Many regulations.
    • Stringent and regular external reporting requirements.
    • Change is limited and/or slow.
    • Defined and established mechanisms and structures.
    • Data sharing behavior driven by regulatory concerns.
    Determine impact on opportunities How does your governance culture impact IT spend transparency opportunities?
    Resistance to formality and bureaucracy Resistance to change and uncertainty
    Set expectations and approach You have plenty of room to implement transparency rigor within the confines of IT, but getting others to give you the time and attention you want will be a challenge. One-on-one, informal relationship building to create goodwill and dialogue is needed before putting forth recommendations or numbers. Many existing procedures must be accommodated and respected. While you can benefit by working with preexisting mechanisms and touchpoints, expect any changes you want to make to things like IT cost categories or CapEx/OpEx ratios to require a lot of time, meetings, and case-making.

    IT's current maturity around ITFM practice will also affect your approach to transparency

    Know your ITFM maturity level Lower ITFM Maturity
    • No/few formal policies, standards, or procedures exist.
    • There is little/no formal education or experience within IT around budget, costing, charging, or accounting practices.
    • Financial reporting is sporadic and inconsistent in its contents.
    • Business cases are rarely used in decision-making.
    • Financial data is neither reliable nor readily available.
    Higher ITFM Maturity
    • Formal policies, standards, and procedures are enforced organization-wide for all financial management activities.
    • Formally-trained accountants are embedded within IT.
    • Financial reporting is regular, scheduled, and defined.
    • Business cases are leveraged in most decision-making activities.
    • Financial data is governed, centralized, and current.
    Determine stakeholders' financial literacy How does your degree of ITFM maturity impact IT spend transparency opportunities?
    Improve your own financial literacy first Determine stakeholders' financial literacy
    Set expectations and approach Brush up on core financial management and accounting concepts before taking the discussion beyond IT's walls. Do start mapping your costs, but just know how to communicate what the data is saying before sharing it. Not everyone will be at your level, familiar with ITFM language and concepts, or focused on the same things you are. Gauge where your audience is at so you can prepare for meaningful dialogue.

    1.2 Assess your readiness to tackle IT spend transparency

    Duration: One hour

    Note: This assessment is general in nature. It's intended to help you identify and prepare for potential challenges in your IT spend and staffing transparency effort.

    1. Rate your agreement with the "Data & Information" and "Experience, Expertise, & Support" statements listed on the slide immediately following the two instruction slides for this exercise. For each statement, indicate the extent to which you agree or disagree, where:
      1. 1 = Strongly disagree
      2. 2 = Disagree
      3. 3 = Neither agree nor disagree
      4. 4 = Agree
      5. 5 = Strongly agree
    2. Add up your numerical scores for all statements, where the highest possible score is 65.
    3. Assess your general readiness against the following guidelines:
      1. 50-65: Ready. The transparency exercise will involve work, but should be straightforward since you have the data, skills, tools, processes, and support to do it.
      2. 40-49: Ready, with caveats. The transparency exercise is doable but will require some preparatory legwork and investigation on your part around data sourcing, organization, and interpretation.
      3. 30-39: Challenged. The transparency exercise will present some obstacles. Expect to encounter data gaps, inconsistencies, errors, roadblocks, and frustrations that will need to be resolved.
      4. Less than 30: Not ready. You don't have the data, skills, tools, processes, and/or support to do the data transparency exercise. Take time to develop a stronger foundation of financial literacy and governance before tackling it.

    Document your outputs on the slide immediately following the two instruction slides for this exercise.

    1.2 Assess your readiness to tackle IT spend transparency

    InputOutput
    • Organizational knowledge
    • Estimation of IT spend and staffing transparency effort
    MaterialsParticipants
    • Whiteboard/flip charts
    • Head of IT
    • IT financial lead

    IT spend transparency readiness assessment

    Data & Information
    Statement Rating
    We know how to access all IT department spend records.
    We know how to access all non-IT-department technology spend records.
    We know how to access all IT vendor/contractor agreements.
    We know how to access data about our IT staff costs and allocation, such as organizational charts and salaries/benefits.
    Our financial and staffing data is up-to-date.
    Our financial and staffing data are labeled, described, and organized so that we know what they're referring to.
    Our financial and staffing data are in a format that we can easily manipulate (e.g. export, copy and paste, perform calculations).
    Experience, Expertise, & Support
    Statement Rating
    We have sufficient expertise within the IT department to navigate and accurately interpret financial records.
    We have reasonable access to expertise/resources in our finance department to support us in an IT spend transparency exercise.
    We can allocate sufficient time (about 40 hours) and resources in the near term to do an IT spend transparency exercise.
    We have current accountabilities to track and internally report financial information to others on at least a monthly basis.
    There are existing financial policies, procedures, and standards in the organization with which we must closely adhere and comply.
    We have had the experience of participating in, or responding to the results of, an internal or external audit.

    Rating scale:
    1 = Strongly Disagree; 2 = Disagree; 3 = Neither agree nor disagree; 4 = Agree; 5 = Strongly agree
    Assessment scale:
    Less than 30 = Not ready; 30-39 = Challenged; 40-49 = Ready with caveats; 50-65 = Ready

    Take a closer look at the statements you rated 1, 2, or 3. These will be areas of challenge no matter what your total score on the assessment scale.

    Phase 1: Know your objectives

    Achievement summary

    You've now completed the first two steps on your IT spend transparency journey. You have:

    • Set your objectives for making your IT spend and staffing transparent.
    • Assessed your readiness to tackle the exercise and know how much work you'll need to do in order to do it well.

    "Mapping to a transparency model is labor intensive. You can do it once and never revisit it again, but we would never advise that. What it does is play well into an IT financial management maturity roadmap."
    - Monica Braun, Research Director, ITFM Practice, Info-Tech Research Group

    Phase 2

    Gather Required Data

    This phase will walk you through the following activities:

    • Gather, clean, and organize your data
    • Build your industry-specific business views

    This phase involves the following participants:

    • Head of IT
    • IT financial lead
    • Other members of IT management

    Phase 2: Gather required data

    Finish your preparation.

    You're now ready to do the final preparation for your IT spend and staffing transparency journey. In this phase you will:

    • Gather your IT spend and staffing data and information.
    • Clean and organize your data to streamline mapping.
    • Identify your baseline data points.

    "Some feel like they don't have all the data, so they give up. Don't. Every data point counts."
    - Rex Ding, Research Specialist, ITFM Practice, Info-Tech Research Group

    Your IT spend transparency efforts are only as good as the quality of your inputs

    Aim for a comprehensive, complete, and accurate set of data and information.

    Diagram of comprehensive, complete, and accurate set of data and information

    Start by understanding what's included in technology spend

    Info-Tech's ITFM Technology Inventory

    In scope:

    • All network, telecom, and data center equipment.
    • All end-user productivity software and devices (e.g. laptops, peripheral devices, cell phones).
    • Information security.
    • All acquisition, development, maintenance, and management of business and operations software.
    • All systems used for the storage and management of business assets, data, records, and information.
    • All managed IT services.
    • Third-party consulting services.
    • All identifiable spend from the business for the above.

    Expand your thinking: Total tech spend goes beyond what's under IT's operational umbrella

    "Technology" means all technology in the organization regardless of where it lives, who bought it, who owns it, who runs it, or who uses it.

    IT may have low or no visibility into technologies that exist in the broader business environment beyond IT. Accept that you won't gain 100% visibility right now. However, do get started and be persistent.

    Where to look for non-IT technology ...

    • Highly specialized business functions - niche tools that are probably used by only a few people.
    • Power users and the "underserved" - cloud-based workflow, communication, and productivity tools they got on their own.
    • Operational technology - network-connected industrial, building, or physical security sensors and control systems.
    • Recently acquired/merged entities - inherited software.

    Who might get you what you need ...

    • Business unit and team leaders - identification of what they use and copies of their spend records and/or contracts.
    • Finance - a report of the "software" expenditure category to spot unrecognized technologies and their owners.
    • Vendors - copies of contracts if not forthcoming internally.
    • Your service desk - informal knowledge gained about unknown technologies at play in the course of doing their job.

    The IT spend and staffing transparency exercise is an opportunity to kick-start a technology discovery process that will give you and the business a true picture of your technology profile, use, and spend.

    Seek out data at the right level of granularity with the right supporting information

    Key data and information to seek out:

    • Credits applied to appropriate debits that show net expense, or detailed descriptions of credits with no matching debit.
    • Cash-based accounting (not accrual accounting). If accrual, will need to determine how to simplify the data for your uses.
    • Vendor names, asset classes, descriptors, and departments.
    • A total spend amount (CapEx + OpEx) that:
      • Aligns with the spend period.
      • Passes your gut check for total IT spend.
      • Includes annual amounts for multi-year contracts (e.g. one year of a three-year Microsoft enterprise agreement).
      • Includes technology spend from the business (e.g. OT that IT supports).
    • Insights on large projects.
    • Consolidated recurring payments, salaries and benefits, and other small expenses.

    Look for these data descriptors in your files:

    • Cost center/accounting unit
    • Cost center/department description
    • GL ACCT
    • CL account description
    • Activity description
    • Status
    • Program/business function/project description
    • Accounting period
    • Transaction amount
    • Vendor/vendor name
    • Product/product name

    Avoid data that's hard to use or problematic as it will slow you down and bring limited benefits

    Spend data that's out of scope:

    • Depreciation/amortization.
    • Gain or loss of asset write-off.
    • Physical security (e.g. key cards, cameras, motion sensors, floodlights).
    • Printer consumables costs.
    • Heating and cooling costs (for data centers).

    Challenging data formats:

    • Large raw data files with limited or no descriptors.
    • Major accounts (hardware and software) combined in the same line item.
    • Line items (especially software) with no vendor reference information.
    • PDF files or screenshots that you can't extract data from readily. Use Excel or CSV files whenever possible.

    Getting at the data you need can be easy or hard – it all depends

    This is where your governance culture and ITFM maturity start to come into play.

    Data source Potential data and information What to expect
    IT Current/past budget, vendor agreements, IT project records, discretionary spend, number of IT employees. The rigor of your ITFM practice and centralization of data and documents will affect how straightforward this is.
    Finance General ledger, cash and income statements, contractor payments and other accounts payable, general revenue. Secure their expertise early. Let them know what you're trying to do and what you need. They may be willing to prepare data for you in the format you need and help you decipher records.
    Purchasing List of vendors/suppliers, vendor agreements, purchase invoices. Purchasing often has more descriptive information about vendors than finance. They can also point you to tech spend in other departments that you didn't know about.
    Human Resources Organizational chart, staff salaries and benefits, number of employees overall and by department. Data about benefits costs is something you're not likely to have, and there's only one place you can reliably get it.
    Other Business Units Non-IT technology spend vendor agreements and purchase invoices, number of department employees. Other departments may be tracking spend in an entirely different way than you. Be prepared to dig and reconcile.

    There may be some data or information you can't get without a Herculean effort. Don't worry about it too much - these items are usually relatively minor and won't significantly affect the overall picture.

    Commit to finding out what you don't know

    Many IT leaders don't have visibility into other departments' technology spend. In some cases, the fact that spend is even happening may be a complete surprise.

    Near-term visibility fix ...

    • Ask your finance department for a report on all technology-related spend categories. "Software" is a broad category that finance departments tend to track. Scan the report for items that don't look familiar and confirm the originating department or approver.
    • Check in with the procurement office. See what technology-related contracts they have on record and which departments "own" them. Get copies of those contracts if possible.
    • Contact individual department heads or technology spend approvers. Devise your contact shortlist based on what you already know or learned from finance and procurement. Position your outreach as a discovery process that supports your transparency effort. Avoid coming across as though you're judging their spend or planning to take over their technologies.

    Long-term visibility fix ...

    • Develop your relationships with other business unit leaders. This will help open the lines of communication permanently.
    • Establish a cross-functional central technology office or group. The main task of this unit is to set and manage technology standards organization-wide, including standards for tracking and documenting technology costs and asset lifecycle factors.
    • Ensure IT is formally involved in all technology spend proposals and plans. This gives IT the opportunity to assess them for security compliance, IT network/system interoperability, manageability, and IT support requirements prior to purchase.
    • Ensure IT is notified of all technology financial transactions. This includes contracts, invoices, and payments for all one-time purchases, subscription fees, and maintenance costs.

    Finally, note any potential anomalies in the IT spend period you're looking at

    No two years have the exact same spend patterns. One-time spend for a big capital project, for example, can dramatically alter your overall spend landscape.

    Look for the following anomalies:

    • New or ongoing capital implementations or projects that span more than one fiscal year.
    • Completed projects that have recently transitioned, or are transitioning, from CapEx (decreasing) to OpEx (increasing).
    • A major internal reorganization or merger, acquisition, or divestiture event.
    • Crises, disasters, or other rare emergencies.
    • Changes in IT funding sources (e.g. new or expiring grants).

    These anomalies often explain why IT spend is unusually high in certain areas. There's often a good business reason.

    In many cases, doing a separate spend transparency exercise for these anomalous projects or events can isolate their costs from other spend so their true nature and impact can be better understood.

    2.1 Gather your input data and information

    Duration: Variable

    1. Develop a complete list of the spending and staffing data and information you need to complete the transparency mapping exercise. For each required item, note the following:
      1. Description of data needed (i.e. type, timeframe, and format).
      2. Ideal timeframe or deadline for receipt.
      3. Probable source(s) and contact(s).
      4. Additional facilitation/support required.
      5. Person on your transparency team responsible for obtaining it.
    2. Set up a data and information repository to store all files as soon as they're received. Ideally, you'll want all data/information files to be in an electronic format so that everything can be stored in one place. Avoid paper documents if possible.
    3. Conduct your outreach to obtain the input data and information on your list. This could include delegating it to a subordinate, sending emails, making phone calls, booking meetings, and so on.
    4. Review the data and information received to confirm that it's the right type of data, at the correct level of granularity, for the right timeframe, in a usable format, and is generally accurate.
    5. Enter documentation about your data and information sources in tab "1. Data & Information Sources" in the IT Spend & Staffing Transparency Workbook to reflect what you needed and where you got it in order to make the discovery process easier in the future.
    6. In the same tab in the IT Spend & Staffing Transparency Workbook, document any significant events that occurred that directly or indirectly impacted the selected year's spend values. These could include mergers/acquisitions/divestitures, major reorganizations or changes in leadership, significant shifts in product offerings or strategic direction, large capital projects, legal/regulatory changes, natural disasters, or changes in the economy.

    Download the IT Spend & Staffing Transparency Workbook

    2.1 Gather your input data and information

    InputOutput
    • Knowledge of potential data and information sources
    • List of data and information required to complete the IT spend and staffing transparency exercise
    MaterialsParticipants
    • Whiteboard/flip charts
    • Head of IT
    • IT financial lead

    Tidy up your data before beginning any spend mapping

    Most organizations aren't immaculate in their tech spend documentation and tracking practices. This creates data rife with gaps that lives in hard-to-use formats.

    The more preparation you do to approach the "good data" intersection point in the diagram below, the easier your mapping effort will be and the more useful and insightful your final findings.

    Venn diagram of good data

    Make your data "un-unique" to reduce the number of line items and make it manageable

    There's a good chance that the IT spend data you've received is in the form of tens of thousands of unique line items. Use the checklist below to help you roll it up.

    Warning: Never overwrite your original data. Insert new columns/rows and put your alternate information in these instead.

    Step 1: Standardize vendor names

    • Start with known large vendors.
    • Select a standard name for the vendor.
    • Brainstorm possible variations on the vendor name, including abbreviations and shortforms.
    • Search for the vendor in your data and document the new standardized vendor name in the appropriate row.
    • Repeat the above for all vendors.
    • Sort the new vendor name column from A-Z. Look for instances where names remain unique or are missing entirely. Reconcile if needed and fill in missing data.

    Step 2: Consolidate vendor spend

    • Sort the new vendor name column from A-Z. Start with vendors that have the most line items.
    • Add together related spend items from a given vendor. Create a new row for the consolidated spend item and flag it as consolidated. Keep the following item types in separate rows:
      • Hardware vs. software spend for the same vendor.
      • Cloud vs. on-premises spend for the same vendor.
    • Repeat the above for all vendors.
    • Consider breaking out separate rows for overly consolidated line items that contain too many different types of IT spend.

    2.2 Clean and organize your data

    Duration: Variable

    1. Check to ensure that you have all data and information required to conduct the IT spend transparency exercise.
    2. Conduct an initial scan to assess the data's current state of hygiene and overall usability. Flag anything of concern and follow up with the data/information provider to fix or reconcile any issues.
    3. Normalize your data to make it easier to work with. This includes selecting data format standards and changing anything that doesn't conform to those standards. This includes items such as date conventions, currencies, and so on.
    4. Standardize product and vendor naming/references throughout to enable searching, sorting, and grouping. For example, Microsoft Office may be variably referred to as "Microsoft", "Office", "Office 365", and "Office365" throughout your data. Pick one descriptor for the product/vendor and replace all related references with that descriptor.
    5. Consolidate and aggregate your data. Ideally, the data you received from your sources has already been simplified; however, you may need to further organize it to reduce the number of individual line items to a more manageable number. The transparency exercise uses relatively high-level categories, so combine data sets and aggregate where feasible without losing appropriate granularity.
    6. Archive any original copies of files that have been modified or replaced with consolidated/aggregated versions for future reference if needed.

    2.2 Clean and organize your data

    InputOutput
    • Data and information files
    • A normalized set of data and information for completing the IT spend and staffing transparency exercise
    MaterialsParticipants
    • Whiteboard/flip charts
    • Head of IT
    • IT financial lead

    Select IT spend "buckets" for the CXO Business View as your final preparatory step

    Every organization has both industry-agnostic and industry-specific lines of business that are the direct beneficiaries of IT spend.

    Common shared business functions:

    • Human resources.
    • Finance and accounting.
    • Sales/customer service.
    • Marketing and advertising.
    • Legal services and regulatory compliance.
    • Information technology.

    It may seem odd to see IT on the business functions list since the purpose of this exercise is to map IT spend. For business view purposes, IT spend refers to what IT spends on itself to support its own internal operations.

    Examples of industry-specific functions:

    • Manufacturing: Product research and development; production operations; supply chain management.
    • Retail banking: Core banking services; loan, mortgage and credit services; investment and wealth management services.
    • Hospitals: Patient intake and admissions; patient diagnosis; patient treatment; patient recovery and ongoing care.
    • Insurance: Actuarial analysis; policy creation; underwriting; claims processing.

    See the Appendix of this blueprint for definitions of shared business functions plus sample industry-specific business view categories.

    Define your CXO Business View categories to set yourself up well for future ITFM analyses

    The CXO Business View buckets you set up today are tools you can and should reuse in your overall approach to ITFM governance. Spend some time to get them right.

    Stay high-level

    Getting too granular invites administrative headaches and overhead. Keep things high-level and general:

    • Limit the number of direct stakeholders represented: This will reduce communication overhead and ensure you're dealing only with people who have real decision-making authority.
    • Look to your org. chart: Note the departments or business units listed across the top of the chart that have one executive or top-ranking senior manager accountable for them. These business units often translate as-is into a tidy CXO Business View category.

    Limit your number of buckets

    Tracking IT spend across more than 8-10 shared and industry-specific business categories is impractical.

    • Simplify your options: Too many buckets gets confusing and invites time-wasting doubt.
    • Reduce future rework: Business structures will change, which means recategorizing spend data. Using a forklift is a lot easier than using tweezers.
    • Stick to major business units: Create separate "Business Other" and "Industry Other" catch-all categories to track IT spend for smaller functions that fall outside of major business unit structures.

    Stay high-level with the CXO Business View

    Be clear on what's in and what's out of your categories to keep everyone on the same page

    Clear lines of demarcation between CXO Business View categories reduce confusion, doubt, and wheel-reinvention when deciding where to allocate IT spend.

    Ensure clear boundaries

    Mutual exclusivity is key when defining categories in any taxonomical structure.

    • Avoid overlaps: Each high-level business function category should have few or no core function or process overlaps with another business function category. Aim for clear vertical separation.
    • Be encompassing: When defining a category, list all the business capabilities and sub-functions included in that category. For example, if defining the finance and accounting function, remember to specify its less obvious accountabilities, like enterprise asset management if appropriate.

    Identify exclusions

    Listing what's out can be just as informative and clarifying as listing what's in.

    • Beware odd bedfellows: Minor business groups are often tucked under a bigger organizational entity even though the two use different processes and technologies. Separate them if appropriate and state this exclusion in the bigger entity's definition.
    • Draw a line: If a process crosses business function categories, state which sub-steps are out of scope.
    • Document your decisions: This helps ensure you allocate IT spend the same way every time.

    Clear lines of demarcation between CXO Business View categories

    2.3 Build your industry-specific business views

    Duration: Two hours

    1. Confirm your list of high-level shared business services (human resources, finance and accounting, etc.) as provided in Info-Tech's IT Spend & Staffing Transparency Workbook. Rename them if needed to match the nomenclature used in your organization.
    2. Set and define your additional list of high-level, industry-specific business categories that are unique to or define your industry. See the slides immediately following this exercise for tips on developing these categories, as well as the appendix of this blueprint for some examples of industry-specific categories and definitions.
    3. Create "Business Other" and "Industry Other" categories to capture minor groups and activities supported by IT that fall beyond the major shared and industry-specific business functions you've shortlisted. Briefly note the business groups/activities that fall under these categories.
    4. Edit/enter your shared and industry-specific business function categories and their definitions on tab "2. Business View Definitions" in the IT Spend & Staffing Transparency Workbook.

    Download the IT Spend & Staffing Transparency Workbook

    2.3 Build your industry-specific business views

    InputOutput
    • Knowledge about your organization's structure and business functions/units
    • A list of major shared business functions and industry-specific business functions/capabilities that are defining of your industry
    MaterialsParticipants
    • Whiteboard/flip charts
    • Head of IT
    • IT financial lead

    Lock in key pieces of baseline data

    Calculating core IT spend metrics relies on a few key numbers. Settle these first based on known data before diving into detailed mapping.

    These baseline data will allow you to calculate high-level metrics like IT spend as a percent of revenue and year-over-year percent change in IT spend, as well as more granular metrics like IT staff spend per employee for a specific IT service.

    Baseline data checklist

    • IT spend analysis period (date range).
    • Currency used.
    • Organizational revenue.
    • Organizational OpEx.
    • Total current year IT spend.
    • Total current year IT CapEx and IT OpEx.
    • Total previous-year IT spend.
    • Total projected next-year IT spend.
    • Number of organizational employees.
    • Number of IT employees.

    You may have discovered some things you didn't know about during the mapping process. Revisit your baseline data when your mapping is complete and make adjustments where needed.

    2.4 Enter your baseline data

    Duration: One hour

    1. Navigate to tab "3. Baseline Data" in the IT Spend & Staffing Transparency Workbook. Using the data you've gathered, enter the following information to set your baseline data for future calculations:
      1. Your IT spend analysis date range. This can be concrete dates, a fiscal year abbreviation, etc.
      2. The currency you will be using throughout the workbook. It's important that all monetary values entered are in the same currency.
      3. Your organization's total revenue and total operating expenditure (OpEx) for the spend analysis data range you've specified. Revenue includes all sources of funding/income.
      4. Your total IT OpEx and total IT capital expenditure (CapEx). The workbook will add your OpEx and CapEx values for you to arrive at a total IT spend value.
      5. Total IT spend for the year prior to the current IT spend analysis date range, as well as anticipated total IT spend for the year following.
      6. Total IT staff spend (salaries, benefits, training, travel, and fees for employees and contractors in a staff augmentation role) for the spend analysis date range.
      7. The total number of organizational employees and total number of IT employees. These are typically full-time equivalent (FTE) values and include contractors in a staff augmentation role.
    2. Make note of any issues that have influenced the values you entered.

    Download the IT Spend & Staffing Transparency Workbook

    2.4 Enter your baseline data

    InputOutput
    • Cleaned and organized spend and staffing data and information
    • Finalized baseline data for deriving spend metrics
    MaterialsParticipants
    • IT Spend & Staffing Transparency Workbook
    • Head of IT
    • IT financial lead

    Phase 2: Gather required data

    Achievement summary

    You've now completed all preparation steps for your IT spend transparency journey. You have:

    • Gathered your IT spend and staffing data and information.
    • Cleaned and organized your data to streamline mapping.
    • Identified your baseline data points.

    "As an IT person, you're not speaking the same language at all as the accounting department. There's almost always a session of education that's required first."
    - Angie Reynolds, Principal Research Director, ITFM Practice, Info-Tech Research Group

    Phase 3

    Map Your IT Staff Spend

    This phase will walk you through the following activities:

    • Mapping your IT staff spend across the four views of the ITFM Cost Model
    • Validating your mapping

    This phase involves the following participants:

    • Head of IT
    • IT financial lead
    • Other members of IT management

    Phase 3: Map your IT staff spend

    Allocate your workforce costs across the four views.

    Now it's time to tackle the first part of your hands-on spend mapping effort, namely IT staff spend. In this phase you will:

    • Allocate your IT staff spend across the four views of the ITFM Cost Model.
    • Validate your mapping to ensure that it's accurate and complete.

    "We're working towards the truth. We know the answer, but it's how to get it. Take Data & BI. For some organizations, four FTEs is too many. Are these people really doing Data & BI? Look at the big picture and see if something's missing."
    - Rex Ding, Research Specialist, ITFM Practice, Info-Tech Research Group

    Staffing costs comprise a significant percent of OpEx

    Staffing is the first thing that comes to mind when it comes to spend. Intentionally bring it out of the shadows to promote constructive conversations.

    • Total staffing costs stand out from other IT spend line items. This is because they're comparatively large, often comprising 30-50% of total IT costs.
    • Standing out comes at a price. Staff costs are where business leadership looks first if they want cuts. If IT leadership doesn't bring forward ways to cut staffing costs as part of a broader cost-cutting mandate, it will be seen as ignorant of business priorities at best and outright insubordinate at worst.
    • Staffing costs as a percentage of total costs vary between IT functions. On the business side, there's a lack of understanding about what functions IT staff serve and support and the real-world costs of obtaining (and keeping) needed IT skills. For example, IT security staffing costs as a percentage of that service's total OpEx will likely be higher than service desk staff given the scarcity and higher market value of the former. Trimming 20% of IT staffing costs from the IT security function has much different implications than cutting 20% of service desk staffing costs.

    Staffing spend transparency can do a lot to change the conversation from one where the business thinks that IT management is just being self-protecting to one where they know that IT management is actually protecting the business.

    Demonstrating the legitimate reasons behind IT staff spend is critical in both rationalizing past and current spend decisions as well as informing future decisions.

    Info-Tech recommends that you map your IT staffing costs before all other IT costs

    Mapping your IT staffing spend first is a good idea because:

    • Staffing costs are usually documented more clearly, simply, and accurately than other IT costs.
    • Gathering all your IT staffing data is usually a one-stop shop (i.e. the HR department).
    • The comparative straightforwardness of mapping staff costs compared to other IT costs gives you the opportunity to:
      • Get familiar with the ITFM Cost Model views and categories.
      • Get the hang of the hands-on mapping process.
      • Determine the kinds of speed bumps and questions you'll encounter down the road when you tackle the more complicated mappings.

    "Some companies will say software developer. Others say application development specialist or engineer. What are these things? You have to have conversations ..."
    - Rex Ding, Research Specialist, ITFM Practice, Info-Tech Research Group

    Understand the CFO Expense View: "Workforce" categories defined

    For the staffing spend mapping exercise, we're defining the Workforce category here and will offer Vendor category definitions in the vendor spend mapping exercise later.

    Workforce: The total costs of employing labor in the IT organization. This includes all salary/wages, benefits, travel/training, dues and memberships, and contractor pay. Managed services expenses associated with an external service provider should be excluded from Workforce and included in Contract Services.

    Employee: A person employed by the IT organization on a permanent full-time or part-time basis. Costs include salary, benefits, training, travel and expenses, and professional dues and memberships. These relationships are managed under human resources and the bulk of spend transactions via payroll processes.

    Contractor: A person serving in a non-permanent staff augmentation role. These relationships are typically managed under procurement or finance and spend transactions handled via invoicing and accounts payable processes. Labor costs associated with an external service provider are excluded.

    CFO Expense View

    Mapping your IT staff across the CFO Expense View is relatively cut-and-dried

    The CFO Expense View is the most straightforward in terms of mapping IT staffing costs as it's made up of only two main categories: Workforce and Vendor.

    In the CFO Expense View, all IT spend on staffing is allocated to the Workforce bucket under either Employee or Contractor.

    What constitutes a Contractor can be confusing given increased use of long-term labor augmentation strategies, so being absolutely clear about this is imperative. For spend mapping purposes:

    • Any staff members under independent contract where individuals are paid directly by your organization as opposed to indirectly via a service provider (e.g. staffing firm) are considered Workforce > Contractor.
    • Any circumstances where you pay a third-party organization for labor is slotted under Vendor > Contract Services.

    CFO Expense View

    Understand the CIO Service View: Categories defined

    We've provided definitions for the major categories that require clarification.

    Applications Development: Purchase/development, testing, and deployment of application projects. Includes internally developed or packaged solutions.

    Applications Maintenance: Software maintenance fees or maintaining current application functionality along with minor enhancements.

    Hosting & Networks: Compute, storage, and network functionality for running/hosting applications and providing communications/connectivity for the organization.

    End User: Procurement, provision, management, and maintenance (break/fix) of end-user devices (desktop, laptops, tablets, peripherals, and phones) as well as purchase/support and use of productivity software on these devices. The IT service desk is included here as well.

    PPM & Projects: People, processes, and technologies dedicated to the management of IT projects and the IT project portfolio as a whole.

    Data & BI: Strategy and oversight of the technology used to support data warehousing, business intelligence, and analytics.

    IT Management: Senior IT leadership, IT finance, IT strategy and governance, enterprise architecture, process management, vendor management, talent management, and program and portfolio management oversight.

    Security: Information security strategy and oversight, practices, procedures, compliance, and risk mitigation to protect and prevent unauthorized access to organizational data and technology assets.

    CIO Service View

    Mapping your IT staff across the CIO Service View is a slightly harder exercise

    The complexity of mapping staff across this view depends on how your IT department is organized and the degree of role specialization vs. generalization.

    The CIO Service View mirrors how many IT departments are organized into teams or work groups. However, some partial percentage-based allocations are probably required, especially for smaller IT units with more generalized, cross-functional roles. For example:

    • A systems administrator's costs may need to be allocated 80% to Hosting & Networks and 20% to Security.
    • An app development team lead may spend about 40% of their time doing hands-on Development work and the other 60% on project management (i.e. PPM & Projects).

    Info-Tech has found that allocating staffing costs for Data & BI raises the most doubts as it can be very entangled with Applications and other spend. Do the best you can.

    Understand the CXO Expense View: Categories defined

    Expand shared services and industry function categories as suits your organization.

    Industry Functions: As listed and defined by you for your specific industry.

    Human Resources: IT staff and specific application functionality in support of organizational human resource management.

    Finance & Accounting: IT staff and specific application functionality in support of corporate finance and accounting.

    Shared Services Other: IT staff and specific application functionality in support of all other shared enterprise functions.

    Information Technology: IT staff and specific application functionality in support of IT performing its own internal IT operations functions.

    Industry Other: IT staff and specific application functionality in support of all other industry-specific functions.

    CXO Expense View

    Mapping your IT staff across the CXO Business View warrants the most time

    This view is probably the most difficult as many IT department roles are set up according to lines of IT service, not lines of business. Prepare to do a little math.

    The CXO Expense View also requires percentage-based splitting of role spend, but to a greater extent.

    • Start by mapping staff cost allocations for those roles that are at, or close to, 100% dedicated to a specific business function (if any).
    • For IT roles that support organization-wide or multi-department functions, knowing the percent of employees that work in each relevant business unit and parceling IT staff spend by those same percentages may be easiest. For example, a general systems administrator's costs could be allocated as 4% to HR, 2% to finance, 25% to sales, 20% to production operations, and so on based on the percentage of employees in each of the supported business units.

    Take a minute to figure out how you plan to map IT's indirect CXO Business View costs

    Direct IT costs are those that are dedicated to a specific business unit or user group, such a marketing campaign management app, specialized devices used by a specific subset of workers in the field, or a business analyst embedded full-time in a sales organization.

    VS

    Indirect IT costs are pretty much everything else that's shared broadly across the organization and can't be tied to just one stakeholder or user group, such as network infrastructure, the service desk, and office productivity apps. These costs must be fairly and evenly distributed.

    No indirect mapping method is perfect, but here's a suggestion:

    • Take the respective headcount of all business functions sharing the IT resource/service in question.
    • Calculate each business function's staff as a percentage of all organizational staff.
    • Use this same percent of staff to calculate and allocate a business function's indirect staff and indirect vendor costs.

    "There is always a conversation about indirect allocations. There's never been an organization I've heard of or worked for which has been able to allocate every technology cost directly to a business consumption or business unit."
    Monica Braun, ITFM Research Director, Info-Tech Research Group

    Example:

    • A company of 560 employees has six HR staff (about 1.1% of total staff).
    • Network admin staffing costs $143,000, so $1,573 (1.1%) would be allocated to HR.
    • Internet services cost $40,000, so $440 (1.1%) would be allocated to HR.

    Some indirect costs are shared by multiple business functions, but not all. In these cases, exclude non-participating business functions from the total number of organizational employees and re-calculate a new percent of staff for each participating business function.

    Know where you're most likely to encounter direct vs. indirect IT staffing costs

    Info-Tech has found that direct vs. indirect staffing spend is more commonly found in some areas than others. Use this insight to focus your work.

    Direct IT staffing spend

    Definition: Individuals or teams whose total time is formally dedicated to the support of one business unit/function.

    • Data & BI (direct to one non-IT unit)
    • IT Management (direct to IT)
      • Service planning & Architecture
      • Strategy & Governance
      • Financial Management
      • People & Resources

    Hybrid IT staffing spend

    Definition: Teams with a percent of time or entire FTEs formally dedicated to one business unit/function while the remainder of the time or team is generalized.

    • Applications
      • Applications Development
      • Applications Maintenance
    • IT Management
      • PPM & Projects

    Indirect IT staffing spend

    Definition: Individuals or teams whose total time is generalized to the support of multiple or all business units or functions.

    • Infrastructure
      • Hosting & Networks
      • End Users
    • Security

    Indirect staff spend only comes into play in the CXO Business View. Thoroughly map the CIO Service View first and leverage its outcomes to inform your allocations to individual business and industry functions.

    Understand the CEO Innovation View: Categories defined

    Be particularly clear on your understanding of the difference between business growth and business innovation.

    Business Innovation: IT spend/ activities focused on the development of new business capability, new products and services, and/or introduction of existing products/ services into new markets. It does not include expansion or update of existing capabilities.

    Business Growth: IT spend/activities focused on the expansion, scaling, or modernization of an existing business capability, product/service, or market. This is specifically related to growth within a current market.

    Keep the Lights On: IT spend/activities focused on keeping the organization running on a day-to-day basis. This includes all activities used to ensure the smooth operation of business functions and overall business continuity.

    CEO Innovation View

    Important Note

    Info-Tech analysts often skip mapping staff for the CEO Innovation View when delivering the IT Spend & Staffing Benchmarking Service.

    This is because, for many organizations, either most IT staff spend is allocated to Keep the Lights On or any IT staff allocation to Business Growth and Business Innovation activities is untracked, undocumented, and difficult to parse out.

    Mapping your IT staff across the CEO Innovation View is largely straightforward

    Clear divisions between CapEx and OpEx can be your friend when it comes to mapping this view. Focus your efforts on parsing growth vs. innovation.

    • The majority of IT staff costs are OpEx: And the majority of OpEx will land in the Keep the Lights On category. This is a comparatively simple mapping exercise. Know in advance that this will be the largest of the three buckets in the CEO Innovation View by a very wide margin, so don't be surprised if over 90% of IT staffing costs end up here.
    • Most of the remaining IT staff costs will be tied to capital projects and investments: This means that they will land in either Business Growth or Business Innovation, with the majority typically sitting under Business Growth. Again, don't be surprised if the Business Innovation category holds less than 3% of total IT staffing spend.

    Take your IT staff spend mapping to the next level with detailed time and headcount data

    Overlay a broader assessment of your IT staff

    Info-Tech's IT Staffing Assessment diagnostic can expand your view of what's really happening on the staffing front.

    • Learn your true distribution of IT staff across the same IT services listed in the ITFM Cost Model's CIO Service View.
    • Get other metrics such as degrees of seniority, manager span of control, and IT staff perception of their effectiveness.

    Take action

    1. Set it up: Contact your Info-Tech Account Manager and sign your team up to take the diagnostic.
    2. Assess the findings: Review the output report, specifically how your staff says they spend their time versus what your organization chart's been telling you.
    3. Apply the percentages: Use the FTE allocation percentages in the output report to guide how you distribute your staff spend across the CIO Service View.
    4. Expand your analysis: Use your staff's feedback around perceived aids and obstacles to effectiveness in order to inform and defend your recommendations and decisions on how IT funds should be spent.

    Consider these final tips for mapping your IT staffing costs before diving in

    Mapping your IT staffing costs definitely requires some work. However, knowing the common stumbling blocks and being systematic will yield the best results.

    Approach: Be efficient to be effective

    Start with what you know best: Map the CFO Expense View first to plug in information you already have. Next, map the CIO Service View since it's most aligned to your organization chart.

    Keep a list of questions: You'll need to seek clarifications. Note your questions, but don't reach out until you've done a first pass at the mapping - don't annoy people with a barrage of questions.

    Delegate: Your managers and leads have a more accurate view of exactly what their staff do. Consider delegating the CIO Service View and CXO Business View to them or turn the mapping exercise into a series of collaborative leadership team activities.

    Biggest challenge: Role/title ambiguity

    • The Business Analyst role is often vague. These staffers are often jacks-of-all-trades in IT. You probably can't rely on a generic job description to figure out exactly which services and business functions BAs are spending their time on. Plan to ask a lot of questions.
    • Other role titles may be completely inaccurate. Is the word "system" referring to apps, infrastructure, or both? Is the user experience specialist actually a programmer? Is a manager really managing anything? Know your organization's tendencies around meaningful job titling and set your workload expectations accordingly.

    Key step - validate! If you see services or functions with low or no allocation, or something just doesn't look right, investigate. Someone's doing that work - take the time to figure out who.

    3.1 Map your IT staffing costs

    Duration: Variable

    1. Navigate to tab "4. Staff Spend Mapping" in the IT Spend & Staffing Transparency Workbook. On one row, enter the name of an individual or group to be mapped, their role/title (if an individual), and their total known cost as per your collected data.
    2. Under the CFO Expense View (columns F-G), enter the number of FTEs represented by the individual or group named and their status (i.e. Employee or Contractor).
    3. Under the CIO Service View (columns L-AF), allocate the individual or group's spend as a percentage across all service categories. If the allocation for a service is 0%, leave the cell blank.
    4. Under the CXO Business View (columns AI-BA), allocate the individual or group's spend as a percentage across all business function and industry-specific function categories. If the allocation for a function is 0%, leave the cell blank.
    5. Under the CEO Innovation View (columns BD-BH), allocate the individual or group's spend as a percentage across Business Innovation, Business Growth, and Keep the Lights On. If the allocation for an investment type is 0%, leave the cell blank.
    6. Repeat steps 2 to 5 for all other IT staff (as individuals or groups).
    7. Follow up on and resolve any additional inquiries you need to make based on questions that arose during the mapping process.
    8. Validate your mapping by:
      1. Identifying spend categories that have zero staff spend allocation. Additional percentage allocation splits for certain roles are probably required.
      2. Investigating spend categories that seem to have very high or very low spend allocations based on a gut check. Again, double-check your percentage allocation splits.
      3. Ensuring your amounts add up to your previously calculated total IT staff spend. A balance tracker is provided on tab "6. Tracker & General Outputs" of the IT Spend & Staffing Transparency Workbook.

    Download the IT Spend & Staffing Transparency Workbook

    3.1 Map your staffing costs

    Input Output
    • Cleaned and organized IT staffing data and information
    • Finalized mapping of IT staff spend across the four views of the ITFM Cost Model
    Materials Participants
    • IT Spend & Staffing Transparency Workbook
    • Head of IT
    • IT financial lead
    • Other IT management as required

    Phase 3: Map your IT staff spend

    Achievement summary

    You've now completed your IT staff spend mapping. You have:

    • Allocated your IT staff spend across the four views of the ITFM Cost Model.
    • Validated your mapping to ensure it's accurate and complete.

    "Some want to allocate everybody to IT, but that's not how we do it. [In one CXO Business View mapping], a client allocated all their sand network people to the IT department. At the end of the process, the IT department itself accounted for 20% of total IT spend. We went back and reallocated those indirect staff costs across the business."
    - Kennedy Confurius, Research Analyst, ITFM Practice, Info-Tech Research Group

    Phase 4

    Map Your IT Vendor Spend

    This phase will walk you through the following activities:

    • Mapping your IT vendor spend across the four views of the ITFM Cost Model
    • Validating your mapping

    This phase involves the following participants:

    • Head of IT
    • IT financial lead
    • Other members of IT management

    Phase 4: Map your IT vendor spend

    Allocate your vendor costs across the four views.

    Now you're ready to take on the second part of your spend mapping, namely IT vendor spend. In this phase you will:

    • Allocate your IT vendor spend across the four views of the ITFM Cost Model.
    • Validate your mapping to ensure it's accurate and complete.

    "[One CIO] said that all technology spend runs through their IT group. But they didn't have hardware in their financial data file - no cellphones or laptops, no network or server expenses. They thought they had everything, but they didn't know what they didn't have. Assume it's out there somewhere."
    - Kennedy Confurius, Research Analyst, ITFM Practice, Info-Tech Research Group

    Tackle the non-staff side of IT spend

    Info-Tech analysts find that mapping the IT vendor spend data is harder because the source data is often scattered and not meaningfully labeled.

    • Be patient and systematic. As with mapping your IT staff spend data, the more organized you are from the outset and the more thoroughly you've prepared your data, the more straightforward the exercise will be.
      • Did you "un-unique" your data? If not, do that now before attempting mapping.
    • Get comfortable with making some assumptions. You need to get through the exercise, so sometimes making a best guess and entering a value is better than diving down a rabbit hole. Your gut is probably right anyway. But only make assumptions around smaller line items that don't have a massive impact on your final numbers. Never assume anything when it comes to big-ticket items.
    • Curb your urge to fix. Some of your buckets will start to get big, while others will barely budge. This is normal ... and interesting! Resist the urge to "balance" staffing spend in a bucket by loading it with apps and hardware for fear that the staffing spend looks too high and will be questioned. This exercise is about how things are, not how they look.

    "A common financial data problem is no vendor names. I've noticed that, even if the vendor name is there, there are no descriptors. You cannot actually tell what type of service it is. Data security? Infrastructure? Networking? Ask yourself 'What did we purchase and what does it do?'"
    - Aman Kumari, Research Specialist, ITFM Practice, Info-Tech Research Group

    Understand the CFO Expense View: Vendor categories defined

    These are the final definitions for this view. See the previous section for CFO Expense View > Workforce definitions used in the IT staffing cost mapping exercise.

    Vendor: Provider of a good or service in exchange for payment.

    Hardware: Costs of procuring, maintaining, and managing all IT hardware, including end-user devices, data center and networking equipment, cabling, and hybrid appliances for both on-premises and cloud-based providers.

    Software: Costs for all software (applications, database, middleware, utilities, tools) used across the organization. This includes purchase, maintenance, and licensing costs.

    Contract Services: Costs for all third-party services including managed service providers, consultants, and advisory services.

    Cloud: Offsite hosting and delivery of an on-demand software or hardware computing function by a third-party provider, often on a subscription-type basis.

    On-Prem: On-site hosting and delivery of a software or hardware computing function, often requiring upfront purchase cost and subsequent maintenance costs.

    Managed Services: Costs for outsourcing the provision and maintenance of a technical process or function.

    Consulting & Advisory: Costs for the third-party provision of professional or technical advice and expertise.

    CFO Expense View

    Know if a technology is cloud-based or on-premises before mapping

    A technology may be one, the other, or both if multiple versions are in play. Financial records rarely indicate which, but on-premises vs. cloud matters in your planning.

    On-Premises

    • Check your CapEx. Any net-new purchases of software or hardware for the IT spend analysis year in question should appear on the CapEx side of the equation. After the first year of implementation/rollout, all ongoing maintenance and management costs should be found under OpEx.
    • Focus on real in-year costs.
      • Don't try to map depreciation or amortization associated with CapEX. Instead, map any upfront purchase costs that occurred in the relevant IT spend analysis year.
      • Map any OpEX costs incurred from maintenance and management. For multi-year maintenance contracts, apply the percentage of fees paid for the relevant year.

    Cloud

    • Check your OpEx. Cloud services are typically fee-based, which means the costs often come in the form of regularly timed bills akin to a subscription.
    • Differentiate new services from older ones. If the cloud service was initiated during the IT spend analysis year in question, there may be some one-time service setup and initiation fees that were legitimately slotted under CapEx. If the cloud service isn't new, then all costs should be OpEx.

    Vendors are increasingly "retiring" on-premises software products. This means an older version may be on-prem, a newer one cloud, and you may have both in play.

    Mapping built-in data, analytics, and security functions can raise doubts

    With so many apps focused on capturing, manipulating, and protecting data, built-in analytics, reporting, and security functions blur CIO Service View bucket boundaries.

    Applications vs. Data & BI

    • In recent years, much more powerful analysis and report-generation features have been added to core enterprise applications. If analytics and reporting functionality is an extended feature of a database-driven application, such as ERP or CRM, then map it to one of the Applications buckets.
    • If the sole purpose of the application is to store, manipulate, query, analyze, and/or visualize data, then log its costs under Data & BI. These would include technologies such as data warehouses, marts, cubes, and lakes; desktop data visualization tools; enterprise business intelligence platforms; and specialized reporting tools.

    Applications vs. Security

    • A similar conundrum exists for Security. So many tools today have built-in security functionality that cannot be unintegrated from the app they support. Don't even try to isolate native security functionality for spend mapping purposes - map it to Applications.
    • If the tool is a special-purpose, standalone security tool or security platform, then map it to Security. These tools usually sit within, and are used/managed by, IT. They include firewalls; antivirus/anti-malware; intrusion prevention, detection and response; access control and authentication; encryption; and penetration testing and vulnerability assessment.

    Putting spend in the right bucket does matter. However, if uncertainty persists, err on the side of consistency. For most organizations Applications Maintenance does end up being the biggest bucket.

    When mapping the CXO Business View, do the biggest vendors first

    Below is a suggested order of operations to clear through the majority of vendor spend as early as possible in the process.

    1 Sort high to low Sort your list of vendor spend from highest to lowest. Your top 20 vendors should constitute most of the spend.
    2 Map multi-department enterprise apps Flag your top apps vendors that have presence in most or all of your business units. Map these first. These tend to be enterprise-level business apps "owned" by core business functions but used broadly across the organization such as enterprise resource planning (ERP), customer relationship management (CRM), and people management systems.
    3 Map end-user spend Identify top vendors of general end-user technologies like office productivity apps, desktop hardware, and IT service desk tools. Allocate percentages according to your selected indirect spend mapping method.
    4 Map core infrastructure spend Map the behind-the-scenes network, telecom, and data center technologies that underpin IT, plus any infrastructure managed services. Again, apply your selected indirect spend mapping method.
    5 Map business-unit specific technologies This is the spend that's often incurred by just one department. This may also be technology spend that's out in the business, not in IT proper. Map it to the right business function or put it in Business Other or Industry Other if the business function doesn't have its own bucket.
    6 Map the miscellaneous Only smaller spend items likely remain at this point. When in doubt, map them to either Business Other or Industry Other.

    After mapping the CXO Business View, your Other buckets might be getting a bit big

    It's common for the Business Other and Industry Other categories to be quite large, and even the largest. This is okay, but plan to dig deeper and understand why.

    Remember "when in doubt, map to either the Business Other or Industry Other category"? Know what large Other buckets might really be telling you. After your first pass at mapping the CXO Business View, review Business Other and Industry Other if either is more than about 10% of your total spend.
    Diversification: Your organization has a wide array of business functions and/or associated staff that exist outside the core business and industry-specific categories selected. Are there minor business functions that can reasonably be included with the core categories identified? If not, don't force it. Better to keep your core buckets clean and uncomplicated.
    Non-core monolith: There's a significant technology installation outside the core that's associated with a comparatively minor business function. Is there a business function incurring substantial technology spend that should probably be broken out on its own and added to the core? If so, do it. Spend is unlikely to get smaller as the organization grows, so best to shine a light on it now.
    Shadow IT: There's significant technology spend in several areas of the organization that is unowned, unmanaged, or serving an unknown purpose as far as IT is concerned. Is a lot of the spend non-IT technology in the business? If yes, flag it and plan to learn more. It's likely that technologies living elsewhere in the organization will become IT concerns eventually. Better to be ready than to be surprised.

    As with staffing, CapEx vs. OpEx helps map the CEO Innovation View

    Mapping to this view was optional for IT staffing. For hard technology vendor spend, mapping this view is key. Use the guidance below to determine what goes where.

    Keep the Lights On
    Spend usually triggered by a service deck ticket or work order, not a formal project. Includes:

    • Daily maintenance and management.
    • Repair or upgrade of existing technology to preserve business function/continuity.
    • Purchase of "commodity" technology, such as standard-issue laptops and licenses for office productivity software.

    Business Growth
    Spend usually in the context of a formal project under a CapEx umbrella. Includes:

    • Technology spend that directly supports business expansion of an existing product or service and/or market.
    • Modernizing existing technology.
    • Extension of, or investment in, existing infrastructure to ensure reliability and availability in response to growth-driven scaling of headcount and utilization.

    Business Innovation
    Spend is always in the context of a formal project and should be 100% CapEx in the first year after purchase. Includes:

    • Technology spend that directly supports development and rollout of new products or service and/or entry into new markets.
    • Use of existing technology or investment in net-new technology in direct support of a new business initiative, direction, or requirement.

    In many organizations, most technology spend will be allocated to Keep the Lights On. This is normal but should generate conversations with the business about redirecting funds to growth and innovation.

    Remember these top tips when mapping your technology vendor spend

    The benefits of having tidy and organized data can't be overstated, as your source data will be in a more varied state for this phase of the mapping than with IT staffing data.

    Approach: Move from macro to micro

    • Start with the big enterprise apps: These will probably be in the top five of your vendor spend list and will likely have good info about how and by whom they're used. Get them out of the way.
    • Clear out shared technologies. This will feature infrastructure and operations plus office productivity and communications spend. Portioning spend by department headcount for the CXO Business View is the hardest part. Get this forklift task out of the way too.
    • Don't sweat the small stuff. Wasting hours chasing the details of a $500 line item isn't worth it when you have five-, six-, or even seven-figure line items to map.

    Biggest challenge: Poor vendor labeling

    • Vendor labels are often an inconsistent mess or missing entirely. Standardize and apply consistent vendor labels throughout your data so that you can aggregate your data into a workable form.
    • Spend transactions with the same vendor can be scattered all over the place in your general ledger. Take the time to "un-unique" your data to save yourself tremendous grief later on.
    • Start new go-forward labeling habits. Talk to finance about your new list of vendor naming standards and tagging spend as on-prem or cloud. Getting their cooperation with these are major wins.

    Key step - validate! If you see services or functions with low or no allocation, or something just doesn't look right, investigate. There's probably a technology out there in the business doing that work.

    4.1 Map your IT vendor spend

    Duration: Variable

    1. Navigate to tab "5. Vendor Spend Mapping" in the IT Spend & Staffing Transparency Workbook. On one row, enter a spend line item (vendor, product, etc.), a brief description, and the known amount of spend.
    2. Under the CFO Expense View (columns F-P), allocate the line item's spend as a percentage across all asset-class categories. If the allocation for a line item is 0%, leave the cell blank.
    3. Under the CIO Service View (columns S-AM), allocate the line item's spend as a percentage across all service categories. If the allocation for a service is 0%, leave the cell blank.
    4. Under the CXO Business View (columns AP-BH), allocate the line item's spend as a percentage across all business function and industry-specific function categories. If the allocation for a function is 0%, leave the cell blank.
    5. Under the CEO Innovation View (columns BK-BO), allocate the line item's spend as a percentage across Business Innovation, Business Growth, and Keep the Lights On. If the allocation for an investment type is 0%, leave the cell blank.
    6. Repeat steps 2-5 for all spend line items.
    7. Follow up on and resolve any additional inquiries you need to make based on questions that arose during the mapping process.
    8. Validate your mapping by:
      1. Ensuring your amounts add up to your previously calculated total IT vendor spend. A balance tracker is provided on tab "6. Tracker & General Outputs" of the IT Spend & Staffing Transparency Workbook.
      2. Identifying spend categories that have zero spend allocation. Additional percentage allocation splits for certain line items are probably required.
      3. Investigating spend categories that seem to have very high or very low spend allocations based on a gut check. Again, double-check your percentage allocation splits.

    Download the IT Spend & Staffing Transparency Workbook

    4.1 Map your IT vendor spend

    InputOutput
    • Cleaned and organized IT vendor spend data and information
    • Finalized mapping of IT vendor spend across the four views of the IT Cost Model
    MaterialsParticipants
    • IT Spend & Staffing Transparency Workbook
    • Head of IT
    • IT financial lead
    • Other IT management as required

    Phase 4: Map your IT vendor spend

    Achievement summary

    You've now completed your IT vendor spend mapping. You have:

    • Allocated your IT vendor spend across the four views of the ITFM Cost Model.
    • Validated your mapping to ensure it's accurate and complete.

    "A lot of organizations log their spending by vendor name with no description of the goods or services they actually purchased from the vendor. It could be hardware, software, consulting services ... anything. Having a clear understanding of what's really in there is an essential aspect of the spend conversation."
    - Rex Ding, Research Specialist, ITFM Practice, Info-Tech Research Group

    Phase 5

    Identify Implications for IT

    This phase will walk you through the following activities:

    • Analyzing the results of your IT staff and vendor spend mapping across the four views of the ITFM Cost Model
    • Preparing an executive presentation of your transparent IT spend

    This phase involves the following participants:

    • Head of IT
    • IT financial lead
    • Other members of IT management

    Phase 5: Identify implications for IT

    Analyze and communicate.

    You're now nearing the end of the first leg in your IT spend transparency journey. In this phase you will:

    • Analyze the results of your IT spend mapping process.
    • Revisit your transparency objectives.
    • Prepare an executive presentation so you can share findings with other leaders in your organization.

    "Don't plug in numbers just to make yourself look good or please someone else. The only way to improve is to look at real life."
    - Monica Braun, Research Director, ITFM Practice, Info-Tech Research Group

    You've mapped your IT spend data. Now what?

    With mapped data in hand, now you can start to tell IT's spend story with stakeholders in the business.

    Mapping your IT spend is a lot of work, but what you've achieved is impressive (applause!) as well as essential for growing your ITFM maturity. Now put your hard work to work.

    • Consider benchmarking. While not covered in-depth here, benchmarking against yourself in a year-over-year approach as well as against external industry peers are very useful exercises in your technology spend analysis.
    • Review your numbers and graphs. Your IT Spend & Staffing Transparency Workbook contains a series of data visualizations that will help you see the big picture as well as relationships between spend categories.
    • Note the very big numbers, the very small numbers, and the things that just look odd. You'll want to investigate and understand these further.
    • Prepare to communicate. Facilitating conversations with stakeholders in the business is the immediate objective of the IT spend and staffing transparency exercise. Decide where and with whom you want to start dialogue.

    The slides that follow show sample data summaries and visualizations generated in the IT Spend & Staffing Transparency Workbook. We'll take a look at the metrics, tables, and graphs you now have available to you post-mapping and how you can potentially use them in conversations with different IT stakeholders.

    Evaluate how you might use benchmarks before diving into your analysis

    Benchmarking can be a useful input for contextualizing and interpreting your IT spend data. It's not essential at this point but should be part of your ITFM toolkit.

    There are two basic types of benchmarking ...

    Internal: Capturing a current-state set of data about an in-house operation to serve as a baseline. Over time, snapshots of the same data are taken and compared to the baseline to track and assess changes. Common uses for internal benchmarking include:

    • Assessing the impact of a project or initiative.
    • Measuring year-over-year performance.

    External: Seeking out aggregated, current-state data about a peer-group operation to assess your own relative status or performance on the same operation. Common uses for external benchmarking include:

    • Understanding common practices in the industry.
    • Strategic and operational visioning, planning, and goal-setting.
    • Putting together a business case for change or investment.

    Both types of benchmarking benefit from some formality and rigor. Info-Tech can help you stand up an ITFM benchmarking approach as well as connect you with actual IT spend peer benchmarks via our IT Spend & Staffing Benchmarking service.

    5.1 Analyze the results of your IT spend mapping

    Duration: Variable

    1. Review the guidance slides that follow the two instruction slides for this exercise to provide yourself with a grounding on how to interpret and analyze your mapped IT staff and vendor spend data.
    2. Systematically review the data tables and graphs on the "Outputs" tabs 6 through 10 in the IT Spend & Staffing Transparency Workbook. There are several approaches you can take - use the one that works best for you. For example:
      1. Review each view in its entirety, one at a time.
      2. Review all workforce spend collectively across all four views, followed by all vendor spend across all four views (or vice versa).
    3. Make note of any spend values that are comparatively high or low or strike you as odd or worth further investigation.
    4. Craft a series of spend-related questions you want to answer for yourself and your stakeholders using the data.
      1. For example, you need to cut costs and apps maintenance is high. Your question could be, "Can we cut costs on applications maintenance staffing?"
      2. Alternatively, you can develop a series of statements (research hypotheses) that you seek to prove true or false with the data. This approach is useful for testing assumptions you've been making. For example, "We can cut spending on applications maintenance staff. True or false?"
    5. Use the template provided on tab "11. Data Analysis" in the IT Spend & Staffing Transparency Workbook to document your findings and conclusions, along with the data that supports them.

    Download the IT Spend & Staffing Transparency Workbook

    5.1 Analyze the results of your IT spend mapping

    InputOutput
    • Tabular and graphical data outputs
    • Conclusions and potential actions about IT staff and vendor spend
    MaterialsParticipants
    • IT Spend & Staffing Transparency Workbook
    • Head of IT
    • IT financial lead
    • Other IT management as required

    High-level findings: Use these IT spend metrics to review and set big picture goals

    Think of these metrics as key anchors in your long-term strategic planning efforts.

    Use IT spend metrics to review and set big goals

    It's common for the business to want a sacrifice in IT OpEx in favor of CapEx

    CapEx and OpEx approval mechanisms are often entirely separate. Different tax treatment for CapEx means that it's usually preferred by the business over OpEx.

    OpEx is often seen as a sunk cost (i.e. an IT problem).

    • Barring a major decision or event, OpEx on an individual item will generally trend upward over time, often by a few percent every year, in lockstep with inflation and growth in organizational headcount.
    • A good portion of OpEx, however, is necessary for basic business continuity.

    CapEx is usually seen as investment (i.e. a business growth opportunity).

    • CapEx behaves quite differently than OpEx. On-the-books capitalized spend on an individual asset tends to trend downward over time due to depreciation or amortization.
    • CapEx only tends to go up when a net-new capital project is initiated, and organizations often have more control over if, when, and how this spend happens.

    Break down the OpEx/CapEx wall. Reference OpEx whenever you talk about CapEx. The best way to do this is via Total Cost of Ownership (TCO).

    • Present data on long-term OpEx projections whenever a new capital project is proposed and ensure ongoing maintenance funds are secured.
    • Educate your CFO about the impact of the cloud on OpEx. See if internal OpEx/CapEx ratio expectations can be adjusted to reflect this reality.

    Spend by asset class offers the CFO a visual illustration of where the money's really gone

    The major spend categories should look very familiar to your CFO. It's the minor sub-categories that sit underneath where you ultimately want to drive the conversation.

    Traditional categories don't reflect IT reality anymore.

    • Most finance departments have "software" accounts that contain apples and oranges, plus other dissimilar fruit.
    • Software isn't just software anymore. Now it's on-premises (CapEx) or cloud (OpEx). The same distinction applies to traditional hardware due to the advent of managed services.
    • The basic categories traditionally used to tag IT spend are out of date. This makes it hard for IT to have meaningful conversations with the CFO since they're not working from the same glossary.

    "Software (on-premises)" and "hardware (cloud)" are more meaningful descriptors than "software" and "hardware." Shift the dialogue.

    Start the migration from major categories to minor categories.

    • Still give the CFO the traditional major categories they're looking for but start including minor category breakdowns into your communications. Most importantly, have a meeting to explain what these minor categories are and why they're important to managing IT effectively.
    • Next, see if the CFO can formally split on-premises vs. cloud software on the books as a first step in making IT spend tracking more meaningful.

    Employees vs. contractors warrants a specific conversation, plus a change in mindset

    IT leaders often find it easier to get approval for contracted labor than to hire a permanent employee. However, the true value proposition for contractors does vary.

    The decision to go with permanent employees or contractors depends on your ultimate goals.

    • Contractors tend to be less expensive and provide more flexibility when adjusting to changing business needs. However, contractors may be less dedicated and take their skills and knowledge with them when they leave.
    • Permanent employees bring additional costs like benefits and training. Plus, letting them go is a lot more complicated. However, they can also bring real value in a way a contractor can't when it comes to sustaining long-term strategic growth. They're assets in themselves.

    Far too often, labor-sourcing decisions are driven by controlling near-term costs instead of generating and sustaining long-term value.

    Introduce the cost-to-value ratio to your workforce spend conversations.

    • Your mapped data will allow you to talk about comparative headcount and spend. This is a financial conversation devoid of context.
    • Go beyond. Show how workforce spend has allowed stated goals to be achieved while controlling for costs. This is the true definition of value.

    CFO Expense View: Shift the ITFM conversation

    Now that you've mapped your IT spend data to the CFO Expense View, there are some questions you're better equipped to answer, namely:

    • How should I classify my IT costs?
    • What information should I include in my plans and reports?
    • How do I justify current spend?
    • How do I justify a budget increase?

    You now have:

    • A starting point for educating the CFO about IT spend realities.
    • A foundation for creating a shared glossary of terms that works for both IT and the finance department and facilitates more meaningful conversations.
    • Proof that there are major areas of IT spend, such as cloud software, that are distinctive and probably warrant their own financial category in the general ledger.
    • A transparent record of IT spend that shows that you understand and care about financial issues, fostering the goodwill and trust that facilitates investment in IT.
    • A starting point to change the ITFM conversation with the CFO from one focused on cost to one focused on value.

    Exactly how is IT spending all that money we give them?

    Exactly like this ...

    Chart of the CFO Expense View

    The CIO Service View aligns with how IT organizes and manages itself – this is your view

    The data mapped here is a critical input for IT's service planning and management program and should be integrated into your IT performance measurement activities.

    Major service categories: These values give a high-level snapshot of your general IT service spend priorities. In most organizations, Applications dominates, making it a focus for cost optimization.

    Minor service categories: The level of granularity for these values prove more practical when measuring performance and making service management decisions - not too big, not too small. While not reflected in this example, application maintenance is usually the largest relative consumer of IT spend in most organizations.

    Data & BI and security: Isolating the exact spend for these services is challenging given that they're often entangled in applications and infrastructure spend respectively, and separate spend tracking for both is a comparatively recent practice.

    Table of CIO Service View

    Check the alignment of individual service spend against known business objectives

    Some IT services are taken for granted by the business, while others are virtually invisible. This lack of visibility often translates into funding misalignments.

    Is the amount of spend on a given service in parallel with the service's overall importance?

    • Though often unstated, ensuring continuity of basic business operations is always the top priority. This means business apps, core infrastructure, end users, and security need to be appropriately funded - these should collectively comprise the majority of IT service spend.
    • Strategy-supporting IT services, like data & BI, see high investment variability between organizations. If its strategic role/importance doesn't align with spend, flag it as an issue you'll need to reconcile with the business by increasing funding (important) or reducing service levels (unimportant).
    • The strategic importance of IT as a whole is often reflected in the spend on IT management services. If spend is low, IT's probably seen as a support function, not a strategic one.

    Identify the hot spots and pick your battles.

    • Spend levels are just approximate gauges of where and how the business is willing to spend its money. Start with this simple gut check.
    • Noting the areas of importance vs. spend misalignment will help you identify where negotiations with the business should probably happen.

    A mature IT cost optimization practice is often approached from the service perspective

    When optimizing IT costs, you have two OpEx levers to pull - vendor spend and staff spend. Isolating these two sources of IT service spend will help shortlist your options.

    It's all about how much room you have to move.

    • Any decision made about how a service is provisioned will push vendor and staff spend in clear, predictable, and often opposite directions (e.g. in-house and people-intensive services tend to see higher staff spend, while outsourced and tech-intensive services higher vendor spend).
    • Service levels required by the business should be the driving factor behind service design and spend decisions. High service spend may reflect priority but may also indicate it's over-built and is ripe for a cost-optimization treatment.
    • Service spend is a useful barometer for tracking the financial impact of any changes made to IT. Add simple unit-cost metrics like "service spend per organizational employee" and "service spend per FTE assigned to the service" to see if and how the dial has moved over time.

    Grow your IT service management practice.

    • The real power of the CIO Service View is laying the groundwork for next-level IT service management initiatives like developing a service catalog, negotiating service-level agreements, rolling out chargeback and showback mechanisms, and calculating IT's value to the business.
    • Use service spend as a common denominator for both your IT service management and IT performance management programs. Better yet, integrate the two programs to ensure a single version of the truth.

    CIO Service View: Optimize your cost-to-value ratio

    Now that you've mapped your IT spend data to the CIO Service View, there are some questions you're better equipped to answer, namely:

    • What's the impact of cloud adoption on speed of delivery?
    • Where can I improve spend efficiency?
    • Is my support model optimized?
    • How does our spend compare to others?

    You now have:

    • Data that shows the financial impact of change decisions on service costs.
    • Insight into the relationship between vendor spend and staff spend within a given IT service.
    • The information you need to start developing service unit costing mechanisms.
    • A tool for setting and right-sizing service-level agreements with the business.
    • A more focused starting point for investigating IT cost-optimization opportunities.
    • A baseline for benchmarking common IT services against your peers.

    Does the amount we spend on each IT service make sense?

    We have some good opportunities for optimization ...

    Chart of CIO Service View

    The CXO Business View will spur conversations that may have never happened before

    This view is a potential game changer as previously unknown technology spend is often revealed, triggering change in IT's relationship with business unit leaders.

    Table of CXO Business View

    The big beneficiaries of IT spend will leap out

    The CXO Business View mapping does have a "shock and awe" quality to it given large spend disparities. They may be totally legitimate, but they're still eye-catching.

    Share information, don't push recommendations.

    • Have a series of one-on-one meetings with business unit leaders to present these numbers.
      • Approach initial meetings as information-sharing sessions only. The data is probably new to them, and they'll need time to reflect and ask questions.
      • Bring a list of the big-ticket spend items for that business unit to focus the conversation.
    • Present these numbers at a broader leadership meeting.
      • It's critical for everyone to hear the same truth and learn about each other's technology needs and uses.
      • This is where recommendations for better aligning IT spend with business goals and cost-optimization strategies should surface. A group approach will bring technology haves and have-nots into the open, as well as provide a forum for collaborative solutioning.

    If possible, slice the numbers by business unit headcount.

    • IT spend per business unit employee is an attention-getting metric that can help gain entry to important conversations.
    • Comparing per-employee spend across different business functions is not necessarily an apples-to-apples comparison, as units like HR may have few employees but serve the entire organization. Bring up these kinds of differences to provide context and avoid misinterpretations.

    Questions will arise in how you calculated and allocated indirect IT spend

    IT spend for things like core infrastructure and end-user services must be distributed fairly across multiple or all business units. Be prepared to explain your methods.

    Be transparent in your transparency.

    • Distributing indirect spend is imprecise by nature. You can't account for every unique circumstance. However, you can devise a logic-driven, general approach that's defensible, fair, and works for most people most of the time.
    • Lay out your assumptions from the start. This is an important part of communicating transparently and can prevent unwanted descent into weedy rabbit holes.
      • List what you classified as indirect spend. Use the CFO Expense View and/or CIO Service View categories to aid your presentation of this information.
      • Point out known circumstances that didn't fit your general allocation method and how you handled them. Opting to ignore minor anomalies is reasonable but be sure to tell business unit leaders you did this and why.

    Use questions about indirect IT staff spend distribution to engage stakeholders.

    • As a percentage, the indirect IT staff spend allocation to a specific business unit may be higher than that for IT vendor spend since IT staff tend to operate more generally than the technologies they support.
    • Leverage any pushback about indirect spend as an opportunity to engage the broader business leadership group. Let them arrive at a consensus of how they want it done and confirm buy-in.

    CXO Business View: Bring the truth to light

    Now that you've mapped your IT spend data to the CXO Business View, there are some questions you're better equipped to answer, namely:

    • Which business units consume the most IT resources?
    • Which business units are underserved by IT?
    • How do I best communicate spend data internally?
    • Where do I need better business sponsorship for IT projects?

    You now have:

    • A reason-based accounting of direct and indirect amounts spent on IT vendors and staff in support of each major business unit.
    • Insight into the technology haves and have-nots in your organization and where opportunities to optimize costs may exist.
    • Attention-getting numbers that will help you engage business-unit leaders in meaningful conversations about their use of IT resources and the value they receive.
    • A mechanism to assess if a business unit's consumption of IT is appropriate and aligned with its purpose and mandate in the organization.
    • A list of previously unknown business-side technologies that IT will investigate further.

    Why doesn't my business unit get more support from IT?

    Let's look at how you compare to the other departments ...

    Chart of the CXO Business View

    From the CEO's high-level perspective, IT spend is a collection of distinct financial islands

    From IT's perspective, these islands are intimately connected, with events on one affecting what happens (or doesn't) on another. Focus on the bridges.

    Table of CEO High-level Perspective

    Focus more on unifying the view of technology spend than on the numbers

    When talking to the CEO, seek to build mutual understanding and encourage a holistic approach to the organization's technology spend.

    Use the numbers to get to the real issues.

    • Clarify with the CEO what business innovation, business growth, and KTLO means to them and the role each plays in the organization's strategic and operational plans.
    • Find out the role they think IT, and technology as a whole, has in realizing business plans. Only then can you look at the relative allocation of IT spend with them to see if the aspiration aligns with reality.
    • Eventually, you'll need to discuss expectations around who pays the bills for operationally supporting capital technology investments over the long-term (i.e. IT or the business units that actually want and use it). You'll have concrete examples of business projects that consumed IT operations resources without a corresponding increase in IT's OpEx budget.

    Focus your KTLO spend conversation on risk and trade-off.

    • Every strategic conversation needs to look at the impact on ongoing operations. Every discussion about CapEx needs to investigate the long-term repercussions for OpEx. Look at the whole tech spend picture.
    • Use risk to get KTLO/OpEx into the conversation. Be straightforward (i.e. "If we do/don't do this, then we can/can't do that"). Simply put, mitigating the risks that get in the way of having it all usually requires spending.

    CEO Innovation View: Learn what's really expected of IT

    Now that you've mapped your IT spend data to the CEO Innovation View, there are some questions you're better equipped to answer, namely:

    • Why is KTLO spend so high?
    • What should our operational spend priorities be?
    • Which projects and investments should we prioritize?
    • Are we spending enough on innovative initiatives?

    You now have:

    • A holistic, organization-wide view of total technology spend in support of different investment types, namely business innovation, business growth, and keeping things up and running.
    • Data-driven examples that prove the impact of near-term capital spend on long-term operational expenses and the intimate relationship between the two types of spend.
    • A way to measure the degree of alignment between the innovation and growth goals the organization has and how money is actually being spent to realize those goals.
    • A platform to discuss how technology investment decision-making and governance can work better to realize organizational mandates and goals.

    I know what IT costs us, but what is it really worth?

    Here's how tech spend directly supports business objectives ...

    Chart of CEO Innovation View

    Revisit your IT spend transparency objectives before crafting your executive presentation

    Go back to exercise 1.1 to remind yourself why you undertook this effort in the first place, clear your head of all that data, and refocus on the big picture.

    Review the real problems and issues you need to address and the key stakeholders.
    This will guide what data you focus on or showcase with other business leaders. For example, if IT OpEx is perceived as high, be prepared to examine the CapEx/OpEx ratio as well as cloud-related spend's impact on OpEx.

    Flag ITFM processes you'll develop as part of your ITFM maturity improvement plan.
    You won't become a TCO math expert overnight, but being able to communicate your awareness of and commitment to developing and applying ITFM capabilities helps build confidence in you and the information you're presenting.

    Use your first big presentation to debut ITFM.
    ITFM as a formal practice and the changes you hope to make may be a novel concept for your business peers. Use your newfound IT spend and staffing transparency to gently wade into the topic instead of going for the deep dive.

    Now it's time to present your transparent IT spend and staffing data to your executive

    Pull out of analysis mode. You're starting to tell the IT spend story, and this is just the first chapter. Introduce your cast of characters and pique your audience's interest.

    The goal of this first presentation is to showcase IT spend in general and make sure that everyone's getting the same information as everyone else.

    Go broad, not deep
    Defer any in-depth examinations until after you're sure you have everyone's attention. Only dive deep when you're ready to talk about specific plans via follow-up sessions.

    Focus on the CXO
    Given your audience, the CXO Business View may be the most interesting for them and will trigger the most questions and discussion. Plan to spend the largest chunk of your time here.

    Avoid judgment
    Let the numbers speak for themselves. Do point out what's high and what's low, but don't offer your opinion about whether it's good or bad. Let your audience draw their own conclusions.

    Ask for impressions
    Education and awareness are primary objectives. What comes up will give a good indication of what's known, what's news, who's interested, and where there's work to do.

    Pick a starting point
    Ask what they see as high-priority areas for both optimizing IT costs as well as improving the organization's approach to making IT spend decisions in general.

    What to include in your presentation ...

    • Purpose: Why you did the IT spend and staffing transparency exercise.
    • Method: The models and processes you used to map the data.
    • Data: Charts from the IT Spend & Staffing Transparency Workbook.
    • Feedback: Space for your audience to voice their thoughts.
    • Next steps: Discussion and summary of actions to come.

    5.2 Develop an executive presentation

    Duration: Two hours

    1. Download the IT Staff & Spend Executive Presentation Template.
    2. Copy and paste the IT spend output tables and graphs into the template. (Note: Pasting as an image will preserve formatting.)
    3. Incorporate observations and insights about your analysis of your IT spend metrics.
    4. Conduct an internal review of the final presentation to ensure it includes all the elements you need and is error free.
    5. Book time to make your presentation to the executive team. Plan time after the presentation to field questions, engage in follow-up information sessions, and act on feedback.

    Note: Refer to your organization's standards and norms for executive-level presentations and either adapt the Info-Tech template accordingly or use your own.

    Input Output
    • Tabular and graphical data outputs in the IT Spend & Staffing Transparency Workbook
    • Executive presentation summarizing your organization's actual IT spend
    Materials Participants
    • IT Spend & Staffing Transparency Workbook
    • IT Staff & Spend Executive Presentation Template
    • CIO/IT directors
    • IT financial lead
    • Other IT management

    Download the IT Spend & Staffing Transparency Executive Presentation TemplateTemplate

    Phase 5: Identify implications for IT

    Achievement summary

    You've done the hard part in starting your IT spend transparency journey. You have:

    • Analyzed the results of your IT spend mapping process.
    • Revisited your transparency objectives.
    • Prepared an executive presentation so you can share findings with other leaders in your organization.

    "Having internal conversations, especially if there is doubt, allows for accuracy and confidence in your model. I was showing someone the cost of a service he managed. He didn't believe the service was so expensive. We went through it: here are the people we allocated, the assets we allocated, and the software we allocated. It was right - that was the total cost. He was like, 'No way. Wow.' The costs were high, and the transparency is what allowed for a conversation on cost optimization."
    - Monica Braun, Research Director, ITFM Practice, Info-Tech Research Group

    Next Steps

    Achieve IT Spend & Staffing Transparency

    This final section will provide you with:

    • An overall summary of accomplishment
    • Recommended next steps
    • A list of contributors to this research
    • Some related Info-Tech resources to help you grow your ITFM practice

    Summary of Accomplishment

    Congratulations! You now have a fully transparent view of your IT spend.

    You've now mapped the entirety of technology spend in your organization. You've:

    1. Learned the key sources of spend data and information in your organization.
    2. Set some standards for data organization and labeling.
    3. Have a methodology for continuing to track and document spend in a transparent way.
    4. Crafted an executive presentation that's a first step in having more meaningful and constructive conversations about IT spend with your key stakeholders.

    What's next?

    With a reliable baseline, you can look forward to more informed and defensible IT budgeting and cost optimization. Use your newly-transparent IT spend as a foundation for improving your financial data hygiene in the near term and evolving your overall ITFM governance maturity in the long-term.

    If you would like additional support, have our analysts guide you through an Info-Tech full-service engagement or Guided Implementation.

    Contact your account representative for more information.

    1-888-670-8889

    Research Contributors and Experts

    Monica Braun, Research Director, ITFM Practice

    Monica Braun
    Research Director, ITFM Practice
    Info-Tech Research Group

    Dave Kish, Practice Lead, ITFM Practice

    Dave Kish
    Practice Lead, ITFM Practice
    Info-Tech Research Group

    Kennedy Confurius, Research Analyst, ITFM Practice

    Kennedy Confurius
    Research Analyst, ITFM Practice
    Info-Tech Research Group

    Aman Kumari, Research Specialist, ITFM Practice

    Aman Kumari
    Research Specialist, ITFM Practice
    Info-Tech Research Group

    Rex Ding, Research Specialist, ITFM Practice

    Rex Ding
    Research Specialist, ITFM Practice
    Info-Tech Research Group

    Angie Reynolds, Principal Research Director, ITFM Practice

    Angie Reynolds
    Principal Research Director, ITFM Practice
    Info-Tech Research Group

    Related Info-Tech Research

    Build Your IT Cost Optimization Roadmap

    • Cost optimization often doesn't go beyond the cutting part, but cutting costs isn't strategic - it's reactive and can easily result in mistakes.
    • True cost optimization is much more than this. Re-focus your efforts on optimizing your cost-to-value ratio and implementing a sustainable cost-optimization practice.

    Build an IT Budget

    • Budgetary approval is difficult because finance executives have a limited understanding of IT and use a different vocabulary.
    • Detailed budgets must be constructed in a way that is transparent but at a level of appropriate detail in order to limit complexity and confusion.

    Manage an IT Budget

    • No one likes to be over budget, but being under budget isn't necessarily good either.
    • Implement a budget management process that documents your planned budget and actual expenditures, tracks variances, and responds to those variances to stay on track.
    • Control for under- or overspending using Info Tech's budget management tool and tactics.

    APPENDIX

    Sample shared business services

    Sample industry-specific business services

    Sample shared business functions

    Business function Definition
    Human Resources The management of the recruitment, training, development, appraisal, compensation/reward, retention, and departure of employees in an organization. Does not include management of subcontractor or outsourced relationships.
    Finance and Accounting The management and analysis of an organization's revenue, funds, spend, investments, financial transactions, accounts, and financial statements. Often includes enterprise asset management.
    Procurement and Supplier Management Acquiring materials, goods, and services from an external party, including identifying potential suppliers/providers, managing tendering or bidding processes, negotiating terms and agreements, and managing the relationship with the vendor/provider.
    Information Technology The development, management, and optimization of information technology resources and systems over their lifecycle in support of an organization's work priorities and goals. Includes computer-based information and communication systems, but typically excludes industrial operational technologies.
    Legal Expertise in interpretation, implication, and application of legislation and regulation that affects the enterprise, including guidance and support in the areas of risk, contracting, compliance, ownership, and litigation.
    Regulatory Affairs and Compliance Management Identification, operationalization, monitoring, reporting, and enforcement of the standards, rules, codes, and laws that apply to an organization's operating environment and the products and services it offers.
    Sales Transactional provision of a product or service to a buyer at an agreed-upon price. Includes identifying and developing prospective buyers, presenting and explaining the product/service, overcoming prospect objections and concerns to purchase, negotiating terms, developing contracts, and billing or invoicing.
    Customer Service and Support A range of activities designed to optimize the customer experience with an organization and its products and services throughout the customer lifecycle with the goals of retaining the customer; encouraging additional spend or consumption; the customer positively influencing other potential customers; and minimizing financial and reputational business risks.
    Marketing and Advertising Understanding customer/prospect needs, developing strategies to meet those needs, and promotion of the organization's products/services to a target market via a range of channels to maximize revenue, membership, donations, and/or develop the organization's brand or reputation. Includes market research and analysis and promotion, campaign, and brand management.

    Sample industry-specific functions

    Supply chain and capital-intensive industries.

    Industry function Definition
    Product Innovation Research, design, development, and launch of new products, including the engineering of their underlying production processes.
    Product and Service Portfolio Management The management of an organization's collection of products and services, including management of the product/service roadmap; product/service portfolio and catalog; product/service quality and performance; and product/service pricing, bundling and markdown.
    Logistics and Supply Chain Management Sourcing raw materials or component parts needed and shipping of a finished product. Includes demand planning; procurement/supplier management; inventory management; yard management; allocation management; fulfillment and replenishment; and product distribution and delivery.
    Production Operations Manufacture, storage, and tracking of a product and ensuring product and production process quality. Includes operations management, materials management, quality/safety control, packaging management, and management of the tools, equipment, and technologies that support it.
    Architecture & Engineering The design and planning of structures or critical infrastructure systems according to scientific, functional, and aesthetic principles.
    Construction New construction, assembly, or alteration of buildings and critical infrastructure (e.g. transportation systems; telecommunications systems; utilities generation/transmission/distribution facilities and systems). Includes management of all construction project plans and the people, materials, and equipment required to execute.
    Real Estate Management Management of any residential, commercial, or industrial real estate holdings (land and buildings), including any financial dealings such as its purchase, sale, transfer, and rental as well as ongoing maintenance and repair of associated infrastructure and capital assets.

    Sample industry-specific functions

    Financial services and insurance industries.

    Industry function Definition
    Core Banking Services Includes ATM management; account management (opening, deposit/withdrawal, interest calculation, overdraft management, closing); payments processing; funds transfers; foreign currency exchange; cash management.
    Loan, Mortgage, and Credit Services Includes application, adjudication, and approval; facility; disbursement/card issuance; authorization management; merchant services; interest calculation; billing/payment; debt/collections management.
    Investment and Wealth Management Processes for the investment of premiums/monies received from policy holders/customers to generate wealth. Often two-pronged: internal investment to fund claim payout in the case of insurance, and customer-facing investment as a financial service (e.g. retirement planning/annuities). Includes product development and management, investment management, safety deposit box services, trust management services.
    Actuarial Analysis & Policy Creation Development of new policy products based on analysis of past losses and patterns, forecasts of financial risks, and assessment of potential profitability (i.e. actuarial science). These processes also include development of rate schedules (pricing) and the reserves that the insurer needs to have available for potential claim payouts.
    Underwriting & Policy Administration Processes for assessing risk of a potential policy holder; determining whether to insure them or not; setting the premiums the policy holder must pay; and administering the policy over the course of its lifecycle (including updates and billing).
    Claims Processing & Claims Management Processes for receiving, investigating, evaluating, approving/denying, and disbursing a claim payout. This process is unique to the insurance industry. In health insurance, ongoing case management processes need to be considered here whereby the insurer monitors and approves patient treatments over a long-term basis to ensure that the treatments are both necessary and beneficial.

    Sample industry-specific functions

    Healthcare industry

    Industry function Definition
    Patient Intake & Admissions Processes whereby key pieces of information about a patient are registered, updated, or confirmed with the healthcare provider in order to access healthcare services. Includes patient triage, intake management, and admissions management. These processes are generally administrative in nature.
    Patient Diagnosis A range of methods for determining the medical condition a patient has in order to provide appropriate care or treatment. Includes examination, consultation, testing, and diagnostic imaging.
    Patient Treatment The range of medical procedures, methods, and interventions to mitigate, relieve, or cure a patient's symptom, injury, disease, or other medical condition. Includes consultation and referral; treatment and care planning; medical procedure management; nursing and personal support; medicine management; trauma management; diet and nutrition management; and patient transportation.
    Patient Recovery & Ongoing Care Processes and methods for tracking the progress of a patient post-treatment; improving their health outcomes; restoring, maintaining, or improving their quality of life; and discharging or transferring them to other providers. Includes remote monitoring of vital parameters, physical therapy, post-trauma care, and a range of restorative and lifestyle modification programs.

    Sample industry-specific functions

    Gaming and hospitality industries

    Industry function Definition
    Accommodation Short-term lodging in hotel facilities. Includes management and maintenance of guest rooms and common spaces, amenities (e.g. swimming pool), and other related services (e.g. valet parking).
    Gaming Includes table wagering games and gambling activities such as slot machines or any other activity that includes on premises mobile casino gaming.
    Food & Beverage Services Food and beverages prepared, served, or available for sale by the hotel on the hotel premises via restaurants and bars and room service. Excludes catering (see Events Management) and management or operation of independent leased food and beverage establishments located on the hotel premises.
    Entertainment & Events Planning, coordination, and on-premises hosting of events including conferences, conventions, trade shows, parties, ceremonies and live entertainment, and other forms of recreation on the hotel premises. Includes all aspects of entertainment operations, facility management and catering for the event.

    Develop a Web Experience Management Strategy

    • Buy Link or Shortcode: {j2store}555|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • Web Experience Management (WEM) solutions have emerged as applications that provide marketers and other customer experience professionals with a complete set of tools for web content management, delivery, campaign execution, and site analytics.
    • However, many organizations are unsure of how to leverage these new technologies to enhance their customer interaction strategy.

    Our Advice

    Critical Insight

    • WEM products are not a one-size-fits-all investment: unique evaluations and customization is required in order to deploy a solution that fits your organization.
    • WEM technology often complements core CRM and marketing management products – it does not supplant it, and must augment the rest of your customer experience management portfolio.
    • WEM provides benefits by giving web visitors a better experience – leveraging tools such as web analytics gives the customer a tailored experience. Marketing can then monitor their behavior and use this information to warm leads.

    Impact and Result

    • Deploy a WEM platform and execute initiatives that will strengthen the web-facing customer experience, improving customer satisfaction and unlocking new revenue opportunities.
    • Avoid making unnecessary new WEM investments.
    • Make informed decisions about the types of technologies and initiatives that are necessary to support WEM.

    Develop a Web Experience Management Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop a WEM strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Harness the value of web experience management

    Make the case for a web experience management suite and structure the WEM strategy project.

    • Develop a Web Experience Management Strategy Phase 1: Harness the Value of Web Experience Management
    • Web Experience Management Strategy Summary Template
    • WEM Project Charter Template

    2. Create the vision for web experience management

    Identify the target state WEM strategy, assess current state, and identify gaps.

    • Develop a Web Experience Management Strategy Phase 2: Create the Vision for Web Experience Management

    3. Execute initiatives for WEM deployment

    Build the WEM technology stack and create a web strategy initiatives roadmap.

    • Develop a Web Experience Management Strategy Phase 3: Execute Initiatives for WEM Deployment
    • Web Process Automation Investment Appropriateness Assessment Tool
    [infographic]

    Workshop: Develop a Web Experience Management Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Launch the WEM Selection Project

    The Purpose

    Discuss the general project overview for the WEM selection.

    Key Benefits Achieved

    Launch of your WEM selection project.

    Development of your organization’s WEM requirements. 

    Activities

    1.1 Facilitation of activities from the Launch the WEM Project and Collect Requirements phase, including project scoping and resource planning.

    1.2 Conduct overview of the WEM market landscape, trends, and vendors.

    1.3 Conduct process mapping for selected marketing processes.

    1.4 Interview business stakeholders.

    1.5 Prioritize WEM functional requirements.

    Outputs

    WEM Procurement Project Charter

    WEM Use-Case Fit Assessment

    2 Plan the Procurement and Implementation Process

    The Purpose

    Plan the procurement and the implementation of the WEM solution.

    Key Benefits Achieved

    Selection of a WEM solution.

    A plan for implementing the selected WEM solution. 

    Activities

    2.1 Complete marketing process mapping with business stakeholders.

    2.2 Interview IT staff and project team, identify technical requirements for the WEM suite, and document high-level solution requirements.

    2.3 Perform a use-case scenario assessment, review use-case scenario results, identify use-case alignment, and review the WEM Vendor Landscape vendor profiles and performance.

    2.4 Create a custom vendor shortlist and investigate additional vendors for exploration in the marketplace.

    2.5 Meet with project manager to discuss results and action items.

    Outputs

    Vendor Shortlist

    WEM RFP

    Vendor Evaluations

    Selection of a WEM Solution

    WEM projected work break-down

    Implementation plan

    Framework for WEM deployment and CRM/Marketing Management Suite Integration

    Enterprise Application Selection and Implementation

    • Buy Link or Shortcode: {j2store}29|cart{/j2store}
    • Related Products: {j2store}29|crosssells{/j2store}
    • member rating overall impact (scale of 10): 9.0/10
    • member rating average dollars saved: $37,356
    • member rating average days saved: 34
    • Parent Category Name: Applications
    • Parent Category Link: /applications

    The challenge

    • Large scale implementations are prone to failure. This is probably also true in your company. Typically large endeavors like this overrun the budget, are late to deliver, or are abandoned altogether. It would be best if you manage your risks when starting such a new project.

    Our advice

    Insight

    • Large-scale software implementations continue to fail at very high rates. A recent report by McKinsey & Company estimates that 66% go over budget, 33% over time, and 17% delivered less value than expected. Most companies will survive a botched implementation, but 17% threatened the existence of the company involved.
    • With all the knowledge sharing that we have today with oodles of data at our disposal, we should expect IT-providers to have clear, standardized frameworks to handle these implementations. But projects that overrun by more than 200% still occur more often than you may think.
    • When you solicit a systems integrator (SI), you want to equip yourself to manage the SI and not be utterly dependent on their methodology.

    Impact and results 

    • You can assume proper accountability for the implementation and avoid over-reliance on the systems integrator.
    • Leverage the collective knowledge and advice of additional IT professionals
    • Review the pitfalls and lessons learned from failed integrations.
    • Manage risk at every stage.
    • Perform a self-assessment at various stages of the integration path.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Executive Summary

    Determine the rations for your implementation

    See if a custom-of-the-shelf process optimization makes sense.

    • Storyboard: Govern and Manage an Enterprise Software Implementation (ppt)

    Prepare

    Determine the right (level of) governance for your implementation.

    • Large Software Implementation Maturity Assessment Tool (xls)
    • Project Success Measurement Tool (xls)
    • Risk Mitigation Plan Template (xls)

    Plan and analyze

    Prepare for the overall implementation journey and gather your requirements. Then conduct a stage-gate assessment of this phase.

    • Project Phases Entry and Exit Criteria Checklist Tool (xls)
    • Project Lessons Learned Document (doc)

    Design, build and deploy

    Conduct a stage-gate assessment after every step below.

    • Make exact designs of the software implementation and ensure that all stakeholders and the integrator completely understand.
    • Build the solution according to the requirements and designs.
    • Thoroughly test and evaluate that the implementation meets your business expectations. 
    • Then deploy

    Initiate your roadmap

    Review your dispositions to ensure they align with your goals. 

    • Build an Application Rationalization Framework – Phase 4: Initiate Your Roadmap (ppt)
    • Disposition Prioritization Tool (xls)

    Customer Value Contribution

    I'm proud to announce our new Customer Value Contribution Calculator©, or CVCC© in short.

    It enhances and possibly replaces the BIA (Business Impact Analysis) process with a much simpler way.

    More info to follow shortly.

    Drive Customer Convenience by Enabling Text-Based Customer Support

    • Buy Link or Shortcode: {j2store}531|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Customer Relationship Management
    • Parent Category Link: /customer-relationship-management
    • Text messaging services and applications (such as SMS, iMessage, WhatsApp, and Facebook Messenger) have seen explosive growth over the last decade. They are an entrenched part of consumers’ daily lives. For many demographics, text messaging rather than audio calls is the preferred medium of communication via smartphone.
    • Despite the popularity of text messaging services and applications with consumers, organizations have been slow to adequately incorporate these channels into their customer service strategy.
    • The result is a major disconnect between the channel preferences of consumers and the customer service options being offered by businesses.

    Our Advice

    Critical Insight

    • IT must work with their counterparts in customer service to build a technology roadmap that incorporates text messaging services and apps as a core channel for customer interaction. Doing so will increase IT’s stature as an innovator in the eyes of the business, while allowing the broader organization to leapfrog competitors that have not yet added text-based support to their repertoire of service channels. Incorporating text messaging as a customer service channel will increase customer satisfaction, improve retention, and reduce cost-to-serve.
    • A prudent strategy for text-based customer service begins with defining the value proposition and creating objectives: is there a strong fit with the organization’s customers and service use cases? Next, organizations must create a technology enablement roadmap for text-based support that incorporates the right tools and applications to deliver it. Finally, the strategy must address best practices for text-based customer service workflows and appropriate resourcing.

    Impact and Result

    • Understand the value and use cases for text-based customer support.
    • Create a framework for enabling technologies that will support scalable text-based customer service.
    • Improve underlying business metrics such as customer satisfaction, retention, and time to resolution by having a plan for text-based support.
    • Better align IT with customer service and support needs.

    Drive Customer Convenience by Enabling Text-Based Customer Support Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should be leveraging text-based services for customer support, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create the business case for text-based customer support

    Understand the use cases and benefits of using text-based services for customer support, and establish how they align to the organization’s current service strategy.

    • Drive Customer Convenience by Enabling Text-Based Customer Support – Phase 1: Create the Business Case for Text-Based Customer Support
    • Text-Based Customer Support Strategic Summary Template
    • Text-Based Customer Support Project Charter Template
    • Text-Based Customer Support Business Case Assessment

    2. Create a technology enablement framework for text-based customer support

    Identify the right applications that will be needed to adequately support a text-based support strategy.

    • Drive Customer Convenience by Enabling Text-Based Customer Support – Phase 2: Create a Technology Enablement Framework for Text-Based Customer Support
    • Text-Based Customer Support Requirements Traceability Matrix

    3. Create customer service workflows for text-based support

    Create repeatable workflows and escalation policies for text-centric support.

    • Drive Customer Convenience by Enabling Text-Based Customer Support – Phase 3: Create Customer Service Workflows for Text-Based Support
    • Text-Based Customer Support TCO Tool
    • Text-Based Customer Support Acceptable Use Policy
    [infographic]

    Workshop: Drive Customer Convenience by Enabling Text-Based Customer Support

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Create the Business Case for Text-Based Support

    The Purpose

    Create the business case for text-based support.

    Key Benefits Achieved

    A clear direction on the drivers and value proposition of text-based customer support for your organization.

    Activities

    1.1 Identify customer personas.

    1.2 Define business and IT drivers.

    Outputs

    Identification of IT and business drivers.

    Project framework and guiding principles for the project.

    2 Create a Technology Enablement Framework for Text-Based Support

    The Purpose

    Create a technology enablement framework for text-based support.

    Key Benefits Achieved

    Prioritized requirements for text-based support and a vetted shortlist of the technologies needed to enable it.

    Activities

    2.1 Determine the correct migration strategy based on the current version of Exchange.

    2.2 Plan the user groups for a gradual deployment.

    Outputs

    Exchange migration strategy.

    User group organization by priority of migration.

    3 Create Service Workflows for Text-Based Support

    The Purpose

    Create service workflows for text-based support.

    Key Benefits Achieved

    Customer service workflows and escalation policies, as well as risk mitigation considerations.

    Present final deliverable to key stakeholders.

    Activities

    3.1 Review the text channel matrix.

    3.2 Build the inventory of customer service applications that are needed to support text-based service.

    Outputs

    Extract requirements for text-based customer support.

    4 Finalize Your Text Service Strategy

    The Purpose

    Finalize the text service strategy.

    Key Benefits Achieved

    Resource and risk mitigation plan.

    Activities

    4.1 Build core customer service workflows for text-based support.

    4.2 Identify text-centric risks and create a mitigation plan.

    4.3 Identify metrics for text-based support.

    Outputs

    Business process models assigned to text-based support.

    Formulation of risk mitigation plan.

    Key metrics for text-based support.

    Build an IT Risk Management Program

    • Buy Link or Shortcode: {j2store}192|cart{/j2store}
    • member rating overall impact (scale of 10): 8.3/10 Overall Impact
    • member rating average dollars saved: $31,532 Average $ Saved
    • member rating average days saved: 17 Average Days Saved
    • Parent Category Name: IT Governance, Risk & Compliance
    • Parent Category Link: /it-governance-risk-and-compliance
    • Risk is unavoidable. Without a formal program to manage IT risk, you may be unaware of your severest IT risks.
    • The business could be making decisions that are not informed by risk.
    • Reacting to risks AFTER they occur can be costly and crippling, yet it is one of the most common tactics used by IT departments.

    Our Advice

    Critical Insight

    • IT risk is business risk. Every IT risk has business implications. Create an IT risk management program that shares accountability with the business.

    Impact and Result

    • Transform your ad hoc IT risk management processes into a formalized, ongoing program, and increase risk management success.
    • Take a proactive stance against IT threats and vulnerabilities by identifying and assessing IT’s greatest risks before they occur.
    • Involve key stakeholders including the business senior management team to gain buy-in and to focus on IT risks most critical to the organization.

    Build an IT Risk Management Program Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build an IT Risk Management Program – A holistic approach to managing IT risks within your organization and involving key business stakeholders.

    Gain business buy-in to understanding the key IT risks that could negatively impact the organization and create an IT risk management program to properly identify, assess, respond, monitor, and report on those risks.

    • Build an IT Risk Management Program – Phases 1-3

    2. Risk Management Program Manual – A single source of truth for the risk management program to exist and be updated to reflect changes.

    Leverage this Risk Management Program Manual to ensure that the decisions around how IT risks will be governed and managed can be documented in a single source accessible by those involved.

    • Risk Management Program Manual

    3. Risk Register & Risk Costing Tool – A set of tools to document identified risk events. Assess each risk event and consider the appropriate response based on your organization’s threshold for risk.

    Engage these tools in your organization if you do not currently have a GRC tool to document risk events as they relate to the IT function. Consider the best risk response to high severity risk events to ensure all possible situations are considered.

    • Risk Register Tool
    • Risk Costing Tool

    4. Risk Event Action Plan and Risk Report – A template to document the chosen risk responses and ensure accountable owners agree on selected response method.

    Establish clear guidelines and responses to risk events that will leave your organization vulnerable to unwanted threats. Ensure risk owners have agreed to the risk responses and are willing to take accountability for that response.

    • Risk Event Action Plan
    • Risk Report

    Infographic

    Workshop: Build an IT Risk Management Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Review IT Risk Fundamentals and Governance

    The Purpose

    To assess current risk management maturity, develop goals, and establish IT risk governance.

    Key Benefits Achieved

    Identified obstacles to effective IT risk management.

    Established attainable goals to increase maturity.

    Clearly laid out risk management accountabilities and responsibilities for IT and business stakeholders.

    Activities

    1.1 Assess current program maturity

    1.2 Complete RACI chart

    1.3 Create the IT risk council

    1.4 Identify and engage key stakeholders

    1.5 Add organization-specific risk scenarios

    1.6 Identify risk events

    Outputs

    Maturity Assessment

    Risk Management Program Manual

    Risk Register

    2 Identify IT Risks

    The Purpose

    Identify and assess all IT risks.

    Key Benefits Achieved

    Created a comprehensive list of all IT risk events.

    Risk events prioritized according to risk severity – as defined by the business.

    Activities

    2.1 Identify risk events (continued)

    2.2 Augment risk event list using COBIT 5 processes

    2.3 Determine the threshold for (un)acceptable risk

    2.4 Create impact and probability scales

    2.5 Select a technique to measure reputational cost

    2.6 Conduct risk severity level assessment

    Outputs

    Finalized List of IT Risk Events

    Risk Register

    Risk Management Program Manual

    3 Identify IT Risks (continued)

    The Purpose

    Prioritize risks, establish monitoring responsibilities, and develop risk responses for top risks.

    Key Benefits Achieved

    Risk monitoring responsibilities are established.

    Risk response strategies have been identified for all key risks.

    Activities

    3.1 Conduct risk severity level assessment

    3.2 Document the proximity of the risk event

    3.3 Conduct expected cost assessment

    3.4 Develop key risk indicators (KRIs) and escalation protocols

    3.5 Root cause analysis

    3.6 Identify and assess risk responses

    Outputs

    Risk Register

    Risk Management Program Manual

    Risk Event Action Plans

    4 Monitor, Report, and Respond to IT Risk

    The Purpose

    Assess and select risk responses for top risks and effectively communicate recommendations and priorities to the business.

    Key Benefits Achieved

    Thorough analysis has been conducted on the value and effectiveness of risk responses for high severity risk events.

    Authoritative risk response recommendations can be made to senior leadership.

    A finalized Risk Management Program Manual is ready for distribution to key stakeholders.

    Activities

    4.1 Identify and assess risk responses

    4.2 Risk response cost-benefit analysis

    4.3 Create multi-year cost projections

    4.4 Review techniques for embedding risk management in IT

    4.5 Finalize the Risk Report and Risk Management Program Manual

    4.6 Transfer ownership of risk responses to project managers

    Outputs

    Risk Report

    Risk Management Program Manual

    Further reading

    Build an IT Risk Management Program

    Mitigate the IT risks that could negatively impact your organization.

    Table of Contents

    3 Executive Brief

    4 Analyst Perspective

    5 Executive Summary

    19 Phase 1: Review IT Risk Fundamentals & Governance

    43 Phase 2: Identify and Assess IT Risk

    74 Phase 3: Monitor, Communicate, and Respond to IT Risk

    102 Appendix

    108 Bibliography

    Build an IT Risk Management Program

    Mitigate the IT risks that could negatively impact your organization.

    EXECUTIVE BRIEF

    Analyst Perspective

    Siloed risks are risky business for any enterprise.

    Photo of Valence Howden, Principal Research Director, CIO Practice.
    Valence Howden
    Principal Research Director, CIO Practice
    Photo of Brittany Lutes, Senior Research Analyst, CIO Practice.
    Brittany Lutes
    Senior Research Analyst, CIO Practice

    Risk is an inherent part of life but not very well understood or executed within organizations. This has led to risk being avoided or, when it’s implemented, being performed in isolated siloes with inconsistencies in understanding of impact and terminology.

    Looking at risk in an integrated way within an organization drives a truer sense of the thresholds and levels of risks an organization is facing – making it easier to manage and leverage risk while reducing risks associated with different mitigation responses to the same risk events.

    This opens the door to using risk information – not only to prevent negative impacts but as a strategic differentiator in decision making. It helps you know which risks are worth taking, driving strong positive outcomes for your organization.

    Executive Summary

    Your Challenge

    IT has several challenges when it comes to addressing risk management:

    • Risk is unavoidable. Without a formal program to manage IT risk, you may be unaware of your severest IT risks.
    • The business could be making decisions that are not informed by risk.
    • Reacting to risks after they occur can be costly and crippling, yet it is one of the most common tactics used by IT departments.

    Common Obstacles

    Many IT organizations realize these obstacles:

    • IT risks and business risks are often addressed separately, causing inconsistencies in the approach.
    • Security risk receives such a high profile that it often eclipses other important IT risks, leaving the organization vulnerable.
    • Failing to include the business in IT risk management leaves IT leaders too accountable; the business must have accountability as well.

    Info-Tech’s Approach

    • Transform your ad hoc IT risk management processes into a formalized, ongoing program and increase risk management success.
    • Take a proactive stance against IT threats and vulnerabilities by identifying and assessing IT’s greatest risks before they occur.
    • Involve key stakeholders, including the business senior management team, to gain buy-in and to focus on the IT risks most critical to the organization.

    Info-Tech Insight

    IT risk is business risk. Every IT risk has business implications. Create an IT risk management program that shares accountability with the business.

    Ad hoc approaches to managing risk fail because…

    If you are like the majority of IT departments, you do not have a consistent and comprehensive strategy for managing IT risk.

    1. Ad hoc risk management is reactionary.
    2. Ad hoc risk management is often focused only on IT security.
    3. Ad hoc risk management lacks alignment with business objectives.

    The results:

    • Increased business risk exposure caused by a lack of understanding of the impact of IT risks on the business.
    • Increased IT non-compliance, resulting in costly settlements and fines.
    • IT audit failure.
    • Ineffective management of risk caused by poor risk information and wrong risk response decisions.
    • Increased unnecessary and avoidable IT failures and fixes.

    58% of organizations still lack a systematic and robust method to actually report on risks (Source: AICPA, 2021)

    Data is an invaluable asset – ensure it’s protected

    Case Studies

    Logo for Cognyte.

    Cognyte, a vendor hired to be a cybersecurity analytics company, had over five billion records exposed in Spring 2021. The data was compromised for four days, providing attackers with plenty of opportunities to obtain personally identifying information. (SecureBlink., 2021 & Security Magazine, 2021)

    Logo for Facebook.

    Facebook, the world’s largest social media giant, had over 533 million Facebook users’ personal data breached when data sets were able to be cross-listed with one another. (Business Insider, 2021 & Security Magazine, 2021)

    Logo for MGM Resorts.

    In 2020, over 10.6 million customers experienced some sort of data being accessible, with 1,300 having serious personally identifying information breached. (The New York Times, 2020)

    Risk management is a business enabler

    Formalize risk management to increase your likelihood of success.

    By identifying areas of risk exposure and creating solutions proactively, obstacles can be removed or circumvented before they become a real problem.

    A certain amount of risk is healthy and can stimulate innovation:

    • A formal risk management strategy doesn’t mean trying to mitigate every possible risk; it means exposing the organization to the right amount of risk.
    • Taking a formal risk management approach allows an organization to thoughtfully choose which risks it is willing to accept.
    • Organizations with high risk management maturity will vault themselves ahead of the competition because they will be aware of which risks to prepare for, which risks to ignore, and which risks to take.

    Only 12% of organizations are using risk as a strategic tool most or all of the time (Source: AICPA, 2021)

    IT risk is enterprise risk

    Accountability for IT risks and the decisions made to address them should be shared between IT and the business.

    Multiple types of risk, 'Finance', 'IT', 'People', and 'Digital', funneling into 'ENTERPRISE RISKS'. IT risks have a direct and often aggregated impact on enterprise risks and opportunities in the same way other business risks can. This relationship must be understood and addressed through integrated risk management to ensure a consistent approach to risk.

    Follow the steps of this blueprint to build or optimize your IT risk management program

    Cycle of 'Goverance' beginning with '1. Identify', '2. Assess', '3. Respond', '4. Monitor', '5. Report'.

    Start Here

    PHASE 1
    Review IT Risk Fundamentals and Governance
    PHASE 2
    Identify and Assess IT Risk
    PHASE 3
    Monitor, Report, and Respond to IT Risk

    1.1

    Review IT Risk Management Fundamentals

    1.2

    Establish a Risk Governance Framework

    2.1

    Identify IT Risks

    2.2

    Assess and Prioritize IT Risks

    3.1

    Monitor IT Risks and Develop Risk Responses

    3.2

    Report IT Risk Priorities

    Integrate Risk and Use It to Your Advantage

    Accelerate and optimize your organization by leveraging meaningful risk data to make intelligent enterprise risk decisions.

    Risk management is more than checking an audit box or demonstrating project due diligence.

    Risk Drivers
    • Audit & compliance
    • Preserve value & avoid loss
    • Previous risk impact driver
    • Major transformation
    • Strategic opportunities
    Arrow pointing right. Only 7% of organizations are in a “leading” or “aspirational” level of risk maturity. (OECD, 2021) 63% of organizations struggle when it comes to defining their appetite toward strategy related risks. (“Global Risk Management Survey,” Deloitte, 2021) Late adopters of risk management were 70% more likely to use instinct over data or facts to inform an efficient process. (Clear Risk, 2020) 55% of organizations have little to no training on ERM to properly implement such practices. (AICPA, NC State Poole College of Management, 2021)
    1. Assess Enterprise Risk Maturity 3. Build a Risk Management Program Plan 4. Establish Risk Management Processes 5. Implement a Risk Management Program
    2. Determine Authority with Governance
    Unfortunately, less than 50% of those in risk focused roles are also in a governance role where they have the authority to provide risk oversight. (Governance Institute of Australia, 2020)
    IT can improve the maturity of the organization’s risk governance and help identify risk owners who have authority and accountability.

    Governance and related decision making is optimized with integrated and aligned risk data.

    List of 'Integrated Risk Maturity Categories': '1. Context & Strategic Direction', '2. Risk Culture and Authority', '3. Risk Management Process', and '4. Risk Program Optimization'. The five types of a risk in 'Enterprise Risk Management (ERM)': 'IT', 'Security', 'Digital', 'Vendor/TPRM', and 'Other'.

    ERM incorporates the different types of risk, including IT, security, digital, vendor, and other risk types.

    The program plan is meant to consider all the major risk types in a unified approach.

    The 'Risk Process' cycle starting with '1. Identify', '2. Assess', '3. Respond', '4. Monitor', '5. Report', and back to the beginning. Implementation of an integrated risk management program requires ongoing access to risk data by those with decision making authority who can take action.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverable:

    Risk Management Program Manual

    Use the tools and activities in each phase of the blueprint to create a comprehensive, customized program manual for the ongoing management of IT risk.

    Sample of the key deliverable, Risk Manangement Program Fund.
    Integrated Risk Maturity Assessment

    Assess the organization's current maturity and readiness for integrated risk management (IRM).

    Sample of the Integrated Risk Maturity Assessment blueprint. Centralized Risk Register

    The repository for all the risks that have been identified within your environment.

    Sample of the Centralized Risk Register blueprint.
    Risk Costing Tool

    A potential cost-benefit analysis of possible risk responses to determine a good method to move forward.

    Sample of the Risk Costing Tool blueprint. Risk Report & Risk Event Action Plan

    A method to report risk severity and hold risk owners accountable for chosen method of responding.

    Samples of the Risk Report & Risk Event Action Plan blueprints.

    Benefit from industry-leading best practices

    As a part of our research process, we used the COSO, ISO 31000, and COBIT 2019 frameworks. Contextualizing IT risk management within these frameworks ensured that our project-focused approach is grounded in industry-leading best practices for managing IT risk.

    Logo for COSO.

    COSO’s Enterprise Risk Management — Integrating with Strategy and Performance addresses the evolution of enterprise risk management and the need for organizations to improve their approach to managing risk to meet the demands of an evolving business environment. (COSO)

    Logo for ISO.

    ISO 31000
    Risk Management can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats, and effectively allocate and use resources for risk treatment. (ISO 31000)

    Logo for COBIT.

    COBIT 2019’s IT functions were used to develop and refine our Ten IT Risk Categories used in our top-down risk identification methodology. (COBIT 2019)

    Abandon ad hoc risk management

    A strong risk management foundation is valuable when building your IT risk management program.

    This research covers the following IT risk fundamentals:

    • Benefits of formalized risk management
    • Key terms and definitions
    • Risk management within ERM
    • Risk management independent of ERM
    • Four key principles of IT risk management
    • Importance of a risk management program manual
    • Importance of buy-in and support from the business

    Drivers of Formalized Risk Management:

    Drivers External to IT
    External Audit Internal Audit
    Mandated by ERM
    Occurrence of Risk Event
    Demonstrating IT’s value to the business Proactive initiative
    Emerging IT risk awareness
    Grassroots Drivers

    Blueprint benefits

    IT Benefits

    • Increased on-time, in-scope, and on-budget completion of IT projects.
    • Meet the business’ service requirements.
    • Improved satisfaction with IT by senior leadership and business units.
    • Fewer resources wasted on fire-fighting.
    • Improved availability, integrity, and confidentiality of sensitive data.
    • More efficient use of resources.
    • Greater ability to respond to evolving threats.

    Business Benefits

    • Reduced operational surprises or failures.
    • Improved IT flexibility when responding to risk events and market fluctuations.
    • Reduced budget uncertainty.
    • Improved ability to make decisions when developing long-term strategies.
    • Improved stakeholder and shareholder confidence.
    • Achieved compliance with external regulations.
    • Competitive advantage over organizations with immature risk management practices.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 6 to 8 calls over the course of 3 to 6 months.

    What does a typical GI on this topic look like?

      Phase 1

    • Call #1: Assess current risk maturity and organizational buy-in.
    • Call #2: Establish an IT risk council and determine IT risk management program goals.
    • Phase 2

    • Call #3: Identify the risk categories used to organize risk events.
    • Call #4: Identify the threshold for risk the organization can withstand.
    • Phase 3

    • Call #5: Create a method to assess risk event severity.
    • Call #6: Establish a method to monitor priority risks and consider possible risk responses.
    • Call #7: Communicate risk priorities to the business and implement risk management plan.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5
    Activities
    Review IT Risk Fundamentals and Governance

    1.1 Assess current program maturity

    1.2 Complete RACI chart

    1.3 Create the IT risk council

    1.4 Identify and engage key stakeholders

    1.5 Add organization-specific risk scenarios

    1.6 Identify risk events

    Identify IT Risks

    2.1 Identify risk events (continued)

    2.2 Augment risk event list using COBIT5 processes

    2.3 Determine the threshold for (un)acceptable risk

    2.4 Create impact and probability scales

    2.5 Select a technique to measure reputational cost

    2.6 Conduct risk severity level assessment

    Assess IT Risks

    3.1 Conduct risk severity level assessment

    3.2 Document the proximity of the risk event

    3.3 Conduct expected cost assessment

    3.4 Develop key risk indicators (KRIs) and escalation protocols

    3.5 Perform root cause analysis

    3.6 Identify and assess risk responses

    Monitor, Report, and Respond to IT Risk

    4.1 Identify and assess risk responses

    4.2 Risk response cost-benefit analysis

    4.3 Create multi-year cost projections

    4.4 Review techniques for embedding risk management in IT

    4.5 Finalize the Risk Report and Risk Management Program Manual

    4.6 Transfer ownership of risk responses to project managers

    Next Steps and Wrap-Up (offsite)

    5.1 Complete in-progress deliverables from previous four days

    5.2 Set up review time for workshop deliverables and to discuss next steps

    Outcomes
    1. Maturity Assessment
    2. Risk Management Program Manual
    1. Finalized List of IT Risk Events
    2. Risk Register
    3. Risk Management Program Manual
    1. Risk Register
    2. Risk Event Action Plans
    3. Risk Management Program Manual
    1. Risk Report
    2. Risk Management Program Manual
    1. Workshop Report
    2. Risk Management Program Manual

    Build an IT Risk Management Program

    Phase 1

    Review IT Risk Fundamentals and Governance

    Phase 1

    • 1.1 Review IT Risk Management Fundamentals
    • 1.2 Establish a Risk Governance Framework

    Phase 2

    • 2.1 Identify IT Risks
    • 2.2 Assess and Prioritize IT Risks

    Phase 3

    • 3.1 Develop Risk Responses and Monitor IT Risks
    • 3.2 Report IT Risk Priorities

    This phase will walk you through the following activities:

    • Gain buy-in from senior leadership
    • Assess current program maturity
    • Identify obstacles and pain points
    • Determine the risk culture of the organization
    • Develop risk management goals
    • Develop SMART project metrics
    • Create the IT risk council
    • Complete a RACI chart

    This phase involves the following participants:

    • IT executive leadership
    • Business executive leadership

    Step 1.1

    Review IT Risk Management Fundamentals

    Activities
    • 1.1.1 Gain buy-in from senior leadership
    • 1.1.2 Assess current program maturity

    This step involves the following participants:

    • IT executive leadership
    • Business executive leadership

    Outcomes of this step

    • Reviewed key IT principles and terminology
    • Gained understanding of the relationship between IT risk management and ERM
    • Introduced to Info-Tech’s IT Risk Management Framework
    • Obtained the support of senior leadership
    Step 1.1 Step 1.2

    Effective IT risk management is possible with or without ERM

    Whether or not your organization has ERM, integrating your IT risk management program with the business is possible.

    Most IT departments find themselves in one of these two organizational frameworks for managing IT risk:

    Core Responsibilities With an ERM Without an ERM
    • Risk Decision-Making Authority
    • Final Accountability
    Senior Leadership Team Senior Leadership Team
    • Risk Governance
    • Risk Prioritization & Communication
    ERM IT Risk Management
    • Risk Identification
    • Risk Assessment
    • Risk Monitoring
    IT Risk Management
    Pro: IT’s risk management responsibilities are defined (assessment schedules, escalation and reporting procedures).
    Con: IT may lack autonomy to implement IT risk management best practices.
    Pro: IT is free to create its own IT risk council and develop customized processes that serve its unique needs.
    Con: Lack of clear reporting procedures and mechanisms to share accountability with the business.

    Info-Tech’s IT risk management framework walks you through each step to achieve risk readiness

    IT Risk Management Framework

    Risk Governance
    • Optimize Risk Management Processes
    • Assess Risk Maturity
    • Measure the Success of the Program
    A cycle surrounds the words 'Business Objectives', referring to the surrounding lists. On the top half is 'Communication', and the bottom is 'Monitoring'. Risk Identification
    • Engage Stakeholder Participation
    • Use Risk Identification Frameworks
    • Compile IT-Related Risks
    Risk Response
    • Establish Monitoring Responsibilities
    • Perform Cost-Benefit Analysis
    • Report Risk Response Actions
    Risk Assessment
    • Establish Thresholds for Unacceptable Risk
    • Calculate Expected Cost
    • Determine Risk Severity & Prioritize IT Risks

    Effective IT risk management benefits

    Obtain the support of the senior leadership team or IT steering committee by communicating how IT risk impacts their priorities.

    Risk management benefits To engage the business...
    IT is compliant with external laws and regulations. Identify the industry or legal legislation and regulations your organization abides by.
    IT provides support for business compliance. Find relevant business compliance issues, and relate compliance failures to cost.
    IT regularly communicates costs, benefits, and risks to the business. Acknowledge the number of times IT and the business miscommunicate critical information.
    Information and processing infrastructure are very secure. Point to past security breaches or potential vulnerabilities in your systems.
    IT services are usually delivered in line with business requirements. Bring up IT services that the business was unsatisfied with. Explain that their inputs in identifying risks are correlated with project quality.
    IT related business risks are managed very well. Make it clear that with no risk tracking process, business processes become exposed and tend to slow down.
    IT projects are completed on time and within budget. Point out late or over-budget projects due to the occurrence of unforeseen risks.

    1.1.1 Gain buy-in from senior leadership

    1-4 hours

    Input: List of IT personnel and business stakeholders

    Output: Buy-in from senior leadership for an IT risk management program

    Materials: Risk Management Program Manual

    Participants: IT executive leadership, Business executive leadership

    The resource demands of IT risk management will vary from organization to organization. Here are typical requirements:

    • Occasional participation of key IT personnel and select business stakeholders in IT risk council meetings (e.g. once every two weeks).
    • Periodic risk assessments (e.g. 4 days, twice a year).
    • IT personnel must take on risk monitoring responsibilities (e.g. 1-4 hours per week).
    • Record the results in the Program Manual sections 3.3, 3.4 and 3.5.

    Record the results in the Risk Management Program Manual.

    Integrated Risk Maturity Assessment

    The purpose of the Integrated Risk Maturity Assessment is to assess the organization's current maturity and readiness for integrated risk management (IRM)

    Frequently and continually assessing your organization’s maturity toward integrated risk ensures the right risk management program can be adopted by your organization.

    Integrated Risk Maturity Assessment
    A simple tool to understand if your organization is ready to embrace integrated risk management by measuring maturity across four key categories: Context & Strategic Direction, Risk Culture & Authority, Risk Management Process, and Risk Program Optimization.
    Sample of the Integrated Risk Maturity Assessment deliverable.

    Use the results from this integrated risk maturity assessment to determine the type of risk management program that can and should be adopted by your organizations.

    Some organizations will need to remain siloed and focused on IT risk management only, while others will be able to integrate risk-related information to start enabling automatic controls that respond to this data.

    1.1.2 Assess current program maturity

    1-4 hours

    Input: List of IT personnel and business stakeholders

    Output: Maturity scores across four key risk categories

    Materials: Integrated Risk Maturity Assessment Tool

    Participants: IT executive leadership, Business executive leadership

    This assessment is intended for frequent use; process completeness should be re-evaluated on a regular basis.

    How to Use This Assessment:

    1. Download the Integrated Risk Management Maturity Assessment Tool.
    2. Tab 2, "Data Entry:" This is a qualitative assessment of your integrated risk management process and is organized by the categories of integrated risk maturity. You will be asked to rate the extent to which you are executing the activities required to successfully complete each phase of the assessment. Use the drop-down menus provided to select the appropriate level of execution for each activity listed.
    3. Tab 3, "Results:" This tab will display your rate of IRM completeness/maturity. You will receive a score for each category as well as an overall score. The results will be displayed numerically, by percentage, and graphically.

    Record the results in the Integrated Risk Maturity Assessment.

    Integrated Risk Maturity Categories

    Semi-circle with colored points indicating four categories.

    1

    Context & Strategic Direction Understanding of the organization’s main objectives and how risk can support or enhance those objectives.

    2

    Risk Culture and Authority Examine if risk-based decisions are being made by those with the right level of authority and if the organization’s risk appetite is embedded in the culture.

    3

    Risk Management Process Determine if the current process to identify, assess, respond to, monitor, and report on risks is benefitting the organization.

    4

    Risk Program Optimization Consider opportunities where risk-related data is being gathered, reported, and used to make informed decisions across the enterprise.

    Step 1.2

    Establish a Risk Governance Framework

    Activities
    • 1.2.1 Identify pain points/obstacles and opportunities
    • 1.2.2 Determine the risk culture of the organization
    • 1.2.3 Develop risk management goals
    • 1.2.4 Develop SMART project metrics
    • 1.2.5 Create the IT risk council
    • 1.2.6 Complete a RACI chart

    This step involves the following participants:

    • IT executive leadership
    • Business executive leadership

    Outcomes of this step

    • Developed goals for the risk management program
    • Established the IT risk council
    • Assigned accountability and responsibility for risk management processes

    Review IT Risk Fundamentals and Governance

    Step 1.1 Step 1.2

    Create an IT risk governance framework that integrates with the business

    Follow these best practices to make sure your requirements are solid:

    1. Self-assess your current approach to IT risk management.
    2. Identify organizational obstacles and set attainable risk management goals.
    3. Track the effectiveness and success of the program using SMART risk management metrics.
    4. Establish an IT risk council tasked with managing IT risk.
    5. Set clear risk management accountabilities and responsibilities for IT and business stakeholders.

    Key metrics for your IT risk governance framework

    Challenges:
    • Key stakeholders are left out or consulted once risks have already occurred.
    • Failure to employ consistent risk identification methodologies results in omitted and unknown risks.
    • Risk assessments do not reflect organizational priorities and may not align with thresholds for acceptable risk.
    • Risk assessment occurs sporadically or only after a major risk event has already occurred.
    Key metrics:
    • Number of risk management processes done ad hoc.
    • Frequency that IT risk appears as an agenda item at IT steering committee meetings.
    • Percentage of IT employees whose performance evaluations reflect risk management objectives.
    • Percentage of IT risk council members who are trained in risk management activities.
    • Number of open positions in the IT risk council.
    • Cost of risk management program operations per year.

    Info-Tech Insight

    Metrics provide the foundation for determining the success of your IT risk management program and ensure ongoing funding to support appropriate risk responses.

    IT risk management success factors

    Support and sponsorship from senior leadership

    IT risk management has more success when initiated by a member of the senior leadership team or the board, rather than emerging from IT as a grassroots initiative.

    Sponsorship increases the likelihood that risk management is prioritized and receives the necessary resources and attention. It also ensures that IT risk accountability is assumed by senior leadership.

    Risk culture and awareness

    A risk-aware organizational culture embraces new policies and processes that reflect a proactive approach to risk.

    An organization with a risk-aware culture is better equipped to facilitate communication vertically within the organization.

    Risk awareness can be embedded by revising job descriptions and performance assessments to reflect IT risk management responsibilities.

    Organization size

    Smaller organizations can often institute a mature risk management program much more quickly than larger organizations.

    It is common for key personnel within smaller organizations to be responsible for multiple roles associated with risk management, making it easier to integrate IT and business risk management.

    Larger organizations may find it more difficult to integrate a more complex and dispersed network of individuals responsible for various risk management responsibilities.

    1.2.1 Identify obstacles and pain points

    1-4 hours

    Input: Integrated Risk Maturity Assessment

    Output: Obstacles and pain points identified

    Materials: IT Risk Management Success Factors

    Participants: IT executive leadership, Business executive leadership

    Anticipate potential challenges and “blind spots” by determining which success factors are missing from your current situation.

    Instructions:

    1. List the potential obstacles and missing success factors that you must overcome to effectively manage IT risk and build a risk management program.
    2. Consider some opportunities that could be leveraged to increase the success of this program.
    3. Use this list in Activity 1.2.3 to develop program goals.

    Risk Management

    Replace the example pain points and opportunities with real scenarios in your organization.

    Pain Points/Obstacles
    • Lack of leadership buy-in
    • Skills and understanding around risk management within IT
    • Skills and understanding around risk management within the organization
    • Lack of a defined risk management posture
    Opportunities
    • Changes in regulations related to risk
    • Organization moving toward an integrated risk management program
    • Ability to leverage lessons learned from similar companies
    • Strong process management and adherence to policies by employees in the organization

    1.2.2 Determine the risk culture of your organization

    1-3 hours

    Determine how your organization fits the criteria listed below. Descriptions and examples do not have to match your organization perfectly.

    Risk Tolerant
    • You have no compliance requirements.
    • You have no sensitive data.
    • Customers do not expect you to have strong security controls.
    • Revenue generation and innovative products take priority and risk is acceptable.
    • The organization does not have remote locations.
    • It is likely that your organization does not operate within the following industries:
      • Finance
      • Health care
      • Telecom
      • Government
      • Research
      • Education
    Moderate
    • You have some compliance requirements, e.g.:
      • HIPAA
      • PIPEDA
    • You have sensitive data, and are required to retain records.
    • Customers expect strong security controls.
    • Information security is visible to senior leadership.
    • The organization has some remote locations.
    • Your organization most likely operates within the following industries:
      • Government
      • Research
      • Education
    Risk Averse
    • You have multiple, strict compliance and/or regulatory requirements.
    • You house sensitive data, such as medical records.
    • Customers expect your organization to maintain strong and current security controls.
    • Information security is highly visible to senior management and public investors.
    • The organization has multiple remote locations.
    • Your organization operates within the following industries:
      • Finance
      • Healthcare
      • Telecom

    Be aware of the organization’s attitude towards risk

    Risk culture is an organization’s attitude towards taking risks. This attitude manifests itself in two ways:

    One element of risk culture is what levels of risk the organization is willing to accept to pursue its objectives and what levels of risk are deemed unacceptable. This is often called risk appetite.
    Risk tolerant

    Risk-tolerant organizations embrace the potential of accelerating growth and the attainment of business objectives by taking calculated risks.

    Risk averse

    Risk-averse organizations prefer consistent, gradual growth and goal attainment by embracing a more cautious stance toward risk.

    The other component of risk culture is the degree to which risk factors into decision making.
    Risk conscious

    Risk-conscious organizations place a high priority on being aware of all risks impacting business objectives, regardless of whether they choose to accept or respond to those risks.

    Unaware

    Organizations that are largely unaware of the impact of risk generally believe there are few major risks impacting business objectives and choose to invest resources elsewhere.

    Info-Tech Insight

    Organizations typically fall in the middle of these spectrums. While risk culture will vary depending on the industry and maturity of the organization, a culture with a balanced risk appetite that is extremely risk conscious is able to make creative, dynamic decisions with reasonable limits placed on risk-related decision making.

    1.2.3 Develop goals for the IT risk management program

    1-4 hours

    Input: Integrated Risk Maturity Assessment, Risk Culture, Pain Points and Opportunities

    Output: Goals for the IT risk management program

    Materials: Risk Management Program Manual

    Participants: IT executive leadership, Business executive leadership

    Translate your maturity assessment and knowledge about organizational risk culture, potential obstacles, and success factors to develop goals for your IT risk management program.

    Instructions:

    1. In the Risk Management Program Manual, revise, replace, or add to the high-level goals provided in section 2.4.
    2. Make sure that you have three to five high-level goals that reflect the current and targeted maturity of IT risk management processes.
    3. Integrate potential obstacles, pain points, and insights from the organization’s risk culture.

    Record the results in the Risk Management Program Manual.

    1.2.4 Develop SMART project metrics

    1-3 hours

    Create metrics for measuring the success of the IT risk management program.

    Ensure that all success metrics are SMART Instructions
    1. Document a list of appropriate metrics to assess the success of the IT risk management program on a whiteboard.
    2. Use the sample metrics listed in the table on the next slide as a starting point.
    3. Fill in the chart to indicate the:
      1. Name of the success metric
      2. Method for measuring success
      3. Baseline measurement
      4. Target measurement
      5. Actual measurements at various points throughout the process of improving the risk management program
      6. A deadline for each metric to meet the target measurement
    Strong Make sure the objective is clear and detailed.
    Measurable Objectives are measurable if there are specific metrics assigned to measure success. Metrics should be objective.
    Actionable Objectives become actionable when specific initiatives designed to achieve the objective are identified.
    Realistic Objectives must be achievable given your current resources or known available resources.
    Time-Bound An objective without a timeline can be put off indefinitely. Furthermore, measuring success is challenging without a timeline.

    1.2.4 Develop SMART project metrics (continued)

    1-3 hours

    Attach metrics to your goals to gauge the success of the IT risk management program.

    Replace the example metrics with accurate KPIs or metrics for your organization.

    Sample Metrics
    Name Method Baseline Target Deadline Checkpoint 1 Checkpoint 2 Final
    Number of risks identified (per year) Risk register 0 100 Dec. 31
    Number of business units represented (risk identification) Meeting minutes 0 5 Dec. 31
    Frequency of risk assessment Assessments recorded in risk management program manual 0 2 per year Year 2
    Percentage of identified risk events that undergo expected cost assessment Ratio of risks assessed in the risk costing tool to risks assessed in the risk register 0 20% Dec. 31
    Number of top risks without an identified risk response Risk register 5 0 March 1
    Cost of risk management program operations per year Meeting frequency and duration, multiplied by the cost of participation $2,000 $5,000 Dec. 31

    Create the IT risk committee (ITRC)

    Responsibilities of the ITRC:
    1. Formalize risk management processes.
    2. Identify and review major risks throughout the IT department.
    3. Recommend an appropriate risk appetite or level of exposure.
    4. Review the assessment of the impact and likelihood of identified risks.
    5. Review the prioritized list of risks.
    6. Create a mitigation plan to minimize risk likelihood and impact.
    7. Review and communicate overall risk impact and risk management success.
    8. Assign risk ownership responsibilities of key risks to ensure key risks are monitored and risk responses are effectively implemented.
    9. Address any concerns in regards to the risk management program, including, but not limited to, reviewing their risk management duties and resourcing.
    10. Communicate risk reports to senior management annually.
    11. Make any alterations to the committee roster and the individuals’ responsibilities as needed and document changes.
    Must be on the ITRC:
    • CIO
    • CRO (if applicable)
    • Senior Directors
    • Security Officer
    • Head of Operations

    Must be on the ITRC:

    • CFO
    • Senior representation from every business unit impacted by IT risk

    1.2.5 Create the IT risk council

    1-4 hours

    Input: List of IT personnel and business stakeholders

    Output: Goals for the IT risk management program

    Materials: Risk Management Program Manual

    Participants: CIO, CRO (if applicable), Senior Directors, Head of Operations

    Identify the essential individuals from both the IT department and the business to create a permanent committee that meets regularly and carries out IT risk management activities.

    Instructions:

    1. Review sections 3.1 (Mandate) and 3.2 (Agenda and Responsibilities) of the IT Risk Committee Charter, located in the Risk Management Program Manual. Make any necessary revisions.
    2. In section 3.3, document how frequently the council is scheduled to meet.
    3. In section 3.4, document members of the IT risk council.
    4. Obtain sign-off for the IT risk council from the CIO or another member of the senior leadership team in section 3.5 of the manual.

    Record the results in the Risk Management Program Manual.

    1.2.6 Complete RACI chart

    1-3 hours

    A RACI diagram is a useful visualization that identifies redundancies and ensures that every role, project, or task has an accountable party.

    RACI is an acronym made up of four participatory roles: Instructions
    1. Use the template provided on the following slide, and add key stakeholders who do not appear and are relevant for your organization.
    2. For each activity, assign each stakeholder a letter.
    3. There must be an accountable party for each activity (every activity must have an “A”).
    4. For activities that do not apply to a particular stakeholder, leave the space blank.
    5. Once the chart is complete, copy/paste it into section 4.1 of the Risk Management Program Manual.
    Responsible Stakeholders who undertake the activity.
    Accountable Stakeholders who are held responsible for failure or take credit for success.
    Consulted Stakeholders whose opinions are sought.
    Informed Stakeholders who receive updates.

    1.2.6 Complete RACI chart (continued)

    1-3 hours

    Assign risk management accountabilities and responsibilities to key stakeholders:

    Stakeholder Coordination Risk Identification Risk Thresholds Risk Assessment Identify Responses Cost-Benefit Analysis Monitoring Risk Decision Making
    ITRC A R I R R R A C
    ERM C I C I I I I C
    CIO I A A A A A I R
    CRO I R C I R
    CFO I R C I R
    CEO I R C I A
    Business Units I C C C
    IT I I I I I I R C
    PMO C C C
    Legend: Responsible Accountable Consulted Informed

    Build an IT Risk Management Program

    Phase 2

    Identify and Assess IT Risk

    Phase 1

    • 1.1 Review IT Risk Management Fundamentals
    • 1.2 Establish a Risk Governance Framework

    Phase 2

    • 2.1 Identify IT Risks
    • 2.2 Assess and Prioritize IT Risks

    Phase 3

    • 3.1 Develop Risk Responses and Monitor IT Risks
    • 3.2 Report IT Risk Priorities

    This phase will walk you through the following activities:

    • Add organization-specific risk scenarios
    • Identify risk events
    • Augment risk event list using COBIT 2019 processes
    • Conduct a PESTLE analysis
    • Determine the threshold for (un)acceptable risk
    • Create a financial impact assessment scale
    • Select a technique to measure reputational cost
    • Create a likelihood scale
    • Assess risk severity level
    • Assess expected cost

    This phase involves the following participants:

    • IT risk council
    • Relevant business stakeholders
    • Representation from senior management team
    • Business Risk Owners

    Step 2.1

    Identify IT Risks

    Activities
    • 2.1.1 Add organization-specific risk scenarios
    • 2.1.2 Identify risk events
    • 2.1.3 Augment risk event list using COBIT 19 processes
    • 2.1.4 Conduct a PESTLE analysis

    This step involves the following participants:

    • IT executive leadership
    • IT Risk Council
    • Business executive leadership
    • Business risk owners

    Outcomes of this step

    • Participation of key stakeholders
    • Comprehensive list of IT risk events
    Identify and Assess IT Risk
    Step 2.1 Step 2.2

    Get to know what you don’t know

    1. Engage the right stakeholders in risk identification.
    2. Employ Info-Tech’s top-down approach to risk identification.
    3. Augment your risk event list using alternative frameworks.
    Key metrics:
    • Total risks identified
    • New risks identified
    • Frequency of updates to the Risk Register Tool
    • Number of realized risk events not identified in the Risk Register Tool
    • Level of business participation in enterprise IT risk identification
      • Number of business units represented
      • Number of meetings attended in person
      • Number of risk reports received

    Info-Tech Insight

    What you don’t know CAN hurt you. How do you identify IT-related threats and vulnerabilities that you are not already aware of? Now that you have created a strong risk governance framework that formalizes risk management within IT and connects it to the enterprise, follow the steps outlined in this section to reveal all of IT’s risks.

    Engage key stakeholders

    Ensure that all key risks are identified by engaging key business stakeholders.

    Benefits of obtaining business involvement during the risk identification stage:
    • You will identify risk events you had not considered or you weren’t aware of.
    • You will identify risks more accurately.
    • Risk identification is an opportunity to raise awareness of IT risk management early in the process.

    Executive Participation:

    • CIO participation is integral when building a comprehensive register of risk events impacting IT.
    • CIOs and IT directors possess a holistic view of all of IT’s functions.
    • CIOs and IT directors are uniquely placed to identify how IT affects other business units and the attainment of business objectives. If applicable, CRO and CTO participation is also critical.

    Prioritizing and Selecting Stakeholders

    1. Reliance on IT services and technologies to achieve business objectives.
    2. Relationship with IT, and willingness to engage in risk management activities.
    3. Unique perspectives, skills, and experiences that IT may not possess.

    Info-Tech Insight

    While IT personnel are better equipped to identify IT risk than anyone, IT does not always have an accurate view of the business’ exposure to IT risk. Strive to maintain a 3 to 1 ratio of IT to non-IT personnel involved in the process.

    Enable IT to target risk holistically

    Take a top-down approach to risk identification to guide brainstorming

    Info-Tech’s risk categories are consistent with a risk identification method called Risk Prompting.

    A risk prompt list is a list that categorizes risks into types or areas. The n10 risk categories encapsulate the services, activities, responsibilities, and functions of most IT departments. Use these categories and the example risk scenarios provided as prompts to guide brainstorming and organize risks.

    Risk Category: High-level groupings that describe risk pertaining to major IT functions. See the following slide for all ten of Info-Tech’s IT risk categories. Risk Scenario: An abstract profile representing common risk groups that are more specific than risk categories. Typically, organizations are able to identify two to five scenarios for each category. Risk Event: Specific threats and vulnerabilities that fall under a particular risk scenario. Organizations are able to identify anywhere between 1 and 20 events for each scenario. See the Appendix of the Risk Management Program Manual for a list of risk event examples.

    Risk Category

    Risk Scenario

    Risk Event

    Compliance Regulatory compliance Being fined for not complying/being aware of a new regulation.
    Externally originated attack Phishing attack on the organization.
    Operational Technology evaluation & selection Partnering with a vendor that is not in compliance with a key regulation.
    Capacity planning Not having sufficient resources to support a DRP.
    Third-Party Risk Vendor management Vendor performance requirements are improperly defined.
    Vendor selection Vendors are improperly selected to meet the defined use case.

    2.1.1 Add organization-specific risk scenarios

    1-3 hours

    Review Info-Tech’s ten IT risk categories and add risk scenarios to the examples provided.

    IT Reputational
    • Negative PR
    • Consumers writing negative reviews
    • Employees writing negative reviews
    IT Financial
    • Stock prices drop
    • Value of the organization is reduced
    IT Strategic
    • Organization prioritizes innovation but remains focused on operational
    • Unable to access data to support strategic initiative
    Operational
    • Enterprise architecture
    • Technology evaluation and selection
    • Capacity planning
    • Operational errors
    Availability
    • Power outage
    • Increased data workload
    • Single source of truth
    • Lacking knowledge transfer processes for critical tasks
    Performance
    • Network failure
    • Service levels not being met
    • Capacity overload
    Compliance
    • Regulatory compliance
    • Standards compliance
    • Audit compliance
    Security
    • Malware
    • Internally originated attack
    Third Party
    • Vendor selection
    • Vendor management
    • Contract termination
    Digital
    • No back-up process if automation fails

    2.1.2 Identify risk events

    1-4 hours

    Input: IT risk categories

    Output: Risk events identified and categorized

    Materials: Risk Register Tool

    Participants: IT risk council, Relevant business stakeholders, Representation from senior management team, Business risk owners, CRO (if applicable)

    Use Info-Tech’s IT risk categories and scenarios to brainstorm a comprehensive list of IT-related threats and vulnerabilities impacting your organization.

    Instructions:

    1. Document risk events in the Risk Register Tool.
    2. List risk scenarios (organized by risk category) in the Risk Events/Threats column.
    3. Disseminate the list to key stakeholders who were unable to participate and solicit their feedback.
      • Consult the RACI chart located in section 4.1 of the Risk Management Program Manual.
    4. Attack one scenario at a time, exhausting all realistic risk events for that grouping before moving onto the next scenario. Each scenario should take approximately 45-60 minutes.

    Tip: If disagreement arises regarding whether a specific risk event is relevant to the organization or not and it cannot be resolved quickly, include it in the list. The applicability of these risks will become apparent during the assessment process.

    Record the results in the Risk Register Tool.

    2.1.3 Augment the risk event list using COBIT 2019 processes (Optional)

    1-3 hours

    Other industry-leading frameworks provide alternative ways of conceptualizing the functions and responsibilities of IT and may help you uncover additional risk events.

    1. Managed IT Management Framework
    2. Managed Strategy
    3. Managed Enterprise Architecture
    4. Managed Innovation
    5. Managed Portfolio
    6. Managed Budget and Costs
    7. Managed Human Resources
    8. Managed Relationships
    9. Managed Service Agreements
    10. Managed Vendors
    11. Managed Quality
    12. Managed Risk
    13. Managed Security
    14. Managed Data
    15. Managed Programs
    16. Managed Requirements Definition
    17. Managed Solutions Identification and Build
    18. Managed Availability and Capacity
    19. Managed Organizational Change Enablement
    20. Managed IT Changes
    1. Managed IT Change Acceptance and Transitioning
    2. Managed Knowledge
    3. Managed Assets
    4. Managed Configuration
    5. Managed Projects
    6. Managed Operations
    7. Managed Service Requests and Incidents
    8. Managed Problems
    9. Managed Continuity
    10. Managed Security Services
    11. Managed Business Process Controls
    12. Managed Performance and Conformance Monitoring
    13. Managed System of Internal Control
    14. Managed Compliance with External Requirements
    15. Managed Assurance
    16. Ensured Governance Framework Setting and Maintenance
    17. Ensured Benefits Delivery
    18. Ensured Risk Optimization
    19. Ensured Resource Optimization
    20. Ensured Stakeholder Engagement

    Instructions:

    1. Review COBIT 2019’s 40 IT processes and identify additional risk events.
    2. Match risk events to the corresponding risk category and scenario and add them to the Risk Register Tool.

    2.1.4 Finalize your risk register by conducting a PESTLE analysis (Optional)

    1-3 hours

    Explore alternative identification techniques to incorporate external factors and avoid “groupthink.”

    Consider the External Environment – PESTLE Analysis

    Despite efforts to encourage equal participation in the risk identification process, key risks may not have been shared in previous exercises.

    Conduct a PESTLE analysis as a final safety net to ensure that all key risk events have been identified.

    Avoid “Groupthink” – Nominal Group Technique

    The Nominal Group Technique uses the silent generation of ideas and an enforced “safe” period of time where ideas are shared but not discussed to encourage judgement-free idea generation.

    • Ideas are generated silently and independently.
    • Ideas are then shared and documented; however, discussion is delayed until all of the group’s ideas have been recorded.
    • Idea generation can occur before the meeting and be kept anonymous.

    Note: Employing either of these techniques will lengthen an already time-consuming process. Only consider these techniques if you have concerns regarding the homogeneity of the ideas being generated or if select individuals are dominating the exercise.

    List the following factors influencing the risk event:
    • Political factors
    • Economic factors
    • Social factors
    • Technological factors
    • Legal factors
    • Environmental factors
    'PESTLE Analysis' presented as a wheel with the acronym's meanings surrounding the title. 'Political Factors', 'Economic Factors', 'Social Factors', 'Technological Factors', 'Legal Factors', and 'Environmental Factors'.

    Step 2.2

    Assess and Prioritize IT Risks

    Activities
    • 2.2.1 Determine the threshold for (un)acceptable risk
    • 2.2.2 Create a financial impact assessment scale
    • 2.2.3 Select a technique to measure reputational cost
    • 2.2.4 Create a likelihood scale
    • 2.2.5 Risk severity level assessment
    • 2.2.6 Expected cost assessment

    This step involves the following participants:

    • IT risk council
    • Relevant business stakeholders
    • Representation from senior management team
    • Business risk owners

    Outcomes of this step

    • Business-approved thresholds for unacceptable risk
    • Completed Risk Register Tool with risks prioritized according to severity
    • Expected cost calculations for high-priority risks

    Identify and Assess IT Risk

    Step 2.1 Step 2.2

    Reveal the organization’s greatest IT threats and vulnerabilities

    1. Establish business-approved risk thresholds for acceptable and unacceptable risk.
    2. Conduct a streamlined assessment of all risks to separate acceptable and unacceptable risks.
    3. Perform a deeper, cost-based assessment of prioritized risks.
    Key metrics:
    • Frequency of IT risk assessments
      • (Annually, bi-annually, etc.)
    • Assessment accuracy
      • Percentage of risk assessments that are substantiated by later occurrences or testing
      • Ratio of cumulative actual costs to expected costs
    • Assessment consistency
      • Percentage of risk assessments that are substantiated by third-party audit
    • Assessment rigor
      • Percentage of identified risk events that undergo first-level assessment (severity scores)
      • Percentage of identified risk events that undergo second-level assessment (expected cost)
    • Stakeholder oversight and participation
      • Level of executive participation in IT risk assessment (attend in person, receive report, etc.)
      • Number of business stakeholder reviews per risk assessment

    Info-Tech Insight

    Risk is money. It’s impossible to make intelligent decisions about risks without knowing what their financial impact will be.

    Review risk assessment fundamentals

    Risk assessment provides you with the raw materials to conduct an informed cost-benefit analysis and make robust risk response decisions.

    In this section, you will be prioritizing your IT risks according to their risk severity, which is a reflection of their expected cost.

    Calculating risk severity

    How much you expect a risk event to cost if it were to occur:

    Likelihood of Risk Impact

    e.g. $250,000 or “High”

    X

    Calibrated by how likely the risk is to occur:

    Likelihood of Risk Occurrence

    e.g. 10% or “Low”

    =

    Produces a dollar value or “severity level” for comparing risks:

    Risk Severity

    e.g. $25,000 or “Medium”
    Which must be evaluated against thresholds for acceptable risk and the cost of risk responses.

    Risk Tolerance
    Risk Response

    CBA
    Cost-benefit analysis

    Maintain the engagement of key stakeholders in the risk assessment process

    1

    Engage the Business During Assessment Process

    Asking business stakeholders to make significant contributions to the assessment exercise may be unrealistic (particularly for members of the senior leadership team, other than the CIO).

    Ensure that they work with you to finalize thresholds for acceptable or unacceptable risk.

    2

    Verify the Risk Impact and Assessment

    If IT has ranked risk events appropriately, the business will be more likely to offer their input. Share impact and likelihood values for key risks to see if they agree with the calculated risk severity scores.

    3

    Identify Where the Business Focuses Attention

    While verifying, pay attention to the risk events that the business stresses as key risks. Keep these risks in mind when prioritizing risk responses as they are more likely to receive funding.

    Try to communicate the assessments of these risk events in terms of expected cost to attract the attention of business leaders.

    Info-Tech Insight

    If business executives still won’t provide the necessary information to update your initial risk assessments, IT should approach business unit leaders and lower-level management. Lean on strong relationships forged over time between IT and business managers or supervisors to obtain any additional information.

    Info-Tech recommends a two-level approach to risk assessment

    Review the two levels of risk assessment offered in this blueprint.

    Risk severity level assessment (mandatory)

    1

    Information

    Number of risks: Assess all risk events identified in Phase 1.
    Units of measurement: Use customized likelihood and impact “levels.”
    Time required: One to five minutes per risk event.

    Assess Likelihood

    Negligible
    Low
    Moderate
    High
    Very High

    X

    Assess Likelihood

    Negligible
    Low
    Moderate
    High
    Very High

    =

    Output


    Risk Security Level:

    Moderate

    Example of a risk severity level assessment chart.
    Chart risk events according to risk severity as this allows you to organize and prioritize IT risks.

    Assess all of your identified risk events with a risk severity-level assessment.

    • By creating a likelihood and impact assessment scale divided into three to nine “levels” (sometimes referred to as “buckets”), you can evaluate every risk event quickly while being confident that risks are being assessed accurately.
    • In the following activities, you will create likelihood and impact scales that align with your organizational risk appetite and tolerance.
    • Severity-level assessment is a “first pass” of your risk list, revealing your organization’s most severe IT risks, which can be assessed in greater detail by incorporating expected cost into your evaluation.

    Info-Tech recommends a two-level approach to risk assessment (continued)

    Expected cost assessment (optional)

    2

    Information

    Number of risks: Only assess high-priority risks revealed by severity-level assessment.
    Units of measurement: Use actual likelihood values (%) and impact costs ($).
    Time required: 10-20 minutes per risk event.

    Assess Likelihood

    15%

    Moderate

    X

    Assess Likelihood

    $100,000

    High

    =

    Output


    Expected Cost:

    $15,000

    Expected cost is useful for conducting cost-benefit analysis and comparing IT risks to non-IT risks and other budget priorities for the business.

    Conduct expected cost assessments for IT’s greatest risks.

    For risk events warranting further analysis, translate risk severity levels into hard expected-cost numbers.

    Why conduct expected cost assessments?
    • Expected cost represents how much you would expect to pay in an average year for each risk event.
    • Communicate risk priorities to the business in language they can understand.
    • While risk severity levels are useful for comparing one IT risk to another, expected cost data allows the business to compare IT risks to non-IT risks that may not use the same scales.
    Why is expected cost assessment optional?
    • Determining robust likelihood values and precise impact estimates can be challenging and time consuming.
    • Some risk events may require extensive data gathering and industry analysis.

    Implement and leverage a centralized risk register

    The purpose of the risk register is to act as the repository for all the risks that have been identified within your environment.

    Use this tool to:

    1. Collect and maintain a repository for all IT risk events impacting the organization and relevant information for each risk.
      • Capture all relevant IT risk information in one location.
      • Organize risk identification and assessment information for transparent risk management, stakeholder review, and/or internal audit.
    2. Calculate risk severity scores to prioritize risk events and determine which risks require a risk response.
      • Separate acceptable and unacceptable risks (as determined by the business).
      • Rank risks based on severity levels.
    3. Assess risk responses and calculate residual risk.
      • Evaluate the effect that proposed risk response actions will have on top risk events and quantify residual risk magnitude.
      • This step will be completed in section 3.1

    2.2.1 Determine the threshold for (un)acceptable risk

    1-4 hours

    Input: Risk events, Risk appetite

    Output: Threshold for risk identified

    Materials: Risk Register Tool, Risk Management Program Manual

    Participants: IT risk council, Relevant business stakeholders, Representation from senior management team, Business risk owner

    Instructions:

    There are times when the business needs to know about IT risks with high expected costs.

    1. Create an expected cost threshold that defines what constitutes an acceptable and unacceptable risk for the organization. This figure should be a concrete dollar value. In the next exercises, you will build risk impact and likelihood scales with this value in mind, ensuring that “high” or “extreme” risks are immediately communicated to senior leadership.
    2. Do not consider IT budget restrictions when developing this number. The acceptable risk threshold should reflect the business’ tolerance/appetite for risk.

    This threshold is typically based on the organization’s ability to absorb financial losses, and its tolerance/appetite towards risk.

    If your organization has ERM, adopt the existing acceptability threshold.

    Record this threshold in section 5.3 of the Risk Management Program Manual

    2.2.2 Create a financial impact assessment scale

    1-4 hours

    Input: Risk events, Risk threshold

    Output: Financial impact scale created

    Materials: Risk Register Tool, Risk Management Program Manual

    Participants: IT risk council, Relevant business stakeholders, Representation from senior management team, Business risk owner

    Instructions:

    1. Create a scale to assess the financial impact of risk events.
      • Typically, risk impacts are assessed on a scale of 1-5; however, some organizations may prefer to assess risks using 3, 4, 7, or 9-point scales.
    2. Ensure that the unacceptable risk threshold is reflected in the scale.
      • In the example provided, the unacceptable risk threshold ($100,000) is represented as “High” on the impact scale.
    3. Attach labels to each point on the scale. Effective labels will easily distinguish between risks on either side of the unacceptable risk threshold.

    Record the risk impact scale in section 5.3 of the Risk Management Program Manual

    Convert project overruns and service outages into costs

    Use the tables below to quickly convert impacts typically measured in units of time to financial cost. Replace the values in the table with those that reflect your own costs.

    • While project overruns and service outages may have intangible impacts beyond the unexpected costs stemming from paying employees and lost revenue (such as adding complexity to project management and undermining the business’ confidence in IT), these measurements will provide adequate impact estimations for risk assessment.
    • Remember, complex risk events can be analyzed further with an expected cost assessment.
    Project Overruns Scale for the use of cost assessment with dollar amounts associated with impact levels. '$250,000 - Extreme', '$100,000 - High', '$60,000 - Moderate', '$35,000 - Low', '$10,000 - Negligible'.

    Project

    Time (days)

    20 days

    Number of employees

    8

    Average cost per employee (per day)

    $300

    Estimated cost

    $48,000
    Service Outages

    Service

    Time (hours)

    4 hours

    Lost revenue (per hour)

    $10,000

    Estimated cost

    $40,000

    Impact scale

    Low

    2.2.3 Select a technique to measure reputational cost (1 of 3)

    1-3 hours

    Realized risk events may have profound reputational costs that do not immediately impact your bottom line.

    Reputational cost can take several forms, including the internal and external perception of:
    1. Brand likeability
    2. Product quality
    3. Leadership capability
    4. Social responsibility

    Based on your industry and the nature of the risk, select one of the three techniques described in this section to incorporate reputational costs into your risk assessment.

    Technique #1 – Use financial indicators:

    For-profit companies typically experience reputational loss as a gradual decline in the strength of their brand, exclusion from industry groups, or lost revenue.

    If possible, use these measures to put a price on reputational loss:

    • Lost revenue attributable to reputation loss
    • Loss of market share attributable to reputation loss
    • Drops in share price attributable to reputation loss (for public companies)

    Match this dollar value to the corresponding level on the impact scale created in Activity 2.2.2.

    • If you are not able to effectively translate all reputational costs into financial costs, proceed to techniques 2 and 3 on the following slides.

    2.2.3 Select a technique to measure reputational cost (2 of 3)

    1-3 hours
    It is common for public sector or not-for-profit organizations to have difficulty putting a price tag on intangible reputational costs.
    • For example, a government organization may be unable to directly quantify the cost of losing the confidence and/or support of the public.
    • A helpful technique is to reframe how reputation is assigned value.
    Technique #2 – Calculate the value of avoiding reputational cost:
    1. Imagine that the particular risk event you are assessing has occurred. Describe the resulting reputational cost using qualitative language.

    For example:

    A data breach, which caused the unsanctioned disclosure of 2,000 client files, has inflicted high reputational costs on the organization. These have impacted the organization in the following ways:

    • Loss of organizational trust in IT
    • IT’s reputation as a value provider to the organization is tarnished
    • Loss of client trust in the organization
    • Potential for a public reprimand of the organization by the government to restore public trust
  • Then, determine (hypothetically) how much money the organization would be willing to spend to prevent the reputational cost from being incurred.
  • Match this dollar value to the corresponding level on the impact scale created in Activity 2.2.2.
  • 2.2.3 Select a technique to measure reputational cost (3 of 3)

    1-3 hours

    If you feel that the other techniques have not reflected reputational impacts in the overall severity level of the risk, create a parallel scale that roughly matches your financial impact scale.

    Technique #3 – Create a parallel scale for reputational impact:

    Visibility is a useful metric for measuring reputational impact. Visibility measures how widely knowledge of the risk event has spread and how negatively the organization is perceived. Visibility has two main dimensions:

    • Internal vs. External
    • Low Amplification vs. High Amplification
    • Internal/External: The further outside of the organization that the risk event is visible, the higher the reputational impact.
      Low/High Amplification: The greater the ability of the actor to communicate and amplify the occurrence of a risk event, the higher the reputational impact.
      After establishing a scale for reputational impact, test whether it reflects the severity of the financial impact levels in the financial impact scale.

    • For example, if the media learns about a recent data breach, does that feel like a $100,000 loss?
    Example:
    Scale for the use of cost assessment  of reputational impact with dimension combinations associated with impact levels. 'External, High Amp, (regulators, lawsuits) - Extreme', 'Internal, High Amp, (CEO) - Low', 'Internal, Low Amp (IT) - Negligible'.

    2.2.4 Create a likelihood scale

    1-3 hours

    Instructions:
    1. Create a scale to assess the likelihood that a risk event will occur over a given period of time.
      • Info-Tech recommends assessing the likelihood that the risk event will occur over a period of one year (the IT risk council should be reassessing the risk event no less than once per year).
    2. Ensure that the likelihood scale contains the same number of levels as the financial impact scale (3, 4, 5, 7, or 9).
    3. The example provided is likely to satisfy most IT departments; however, you may customize the distribution of likelihood values to reflect the organization’s aversion towards uncertainty.
      • For example, an extremely risk-averse organization may consider any risk event with a likelihood greater than 20% to have a “High” likelihood of occurrence.
    4. Attach the same labels used for the financial impact scale (Low, Moderate, High, etc.)

    Record the risk impact scale in section 5.3 of the Risk Management Program Manual

    Scale to assess the likelihood that a risk event will occur. '80-99% - Extreme', '60-79% - High', '40-59% - Moderate' '20-39% - Low', '1-19% - Negligible'.

    Info-Tech Insight

    Note: Info-Tech endorses the use of likelihood values (1-99%) rather than frequency (3 times per year) as a measurement.
    For an explanation of why likelihood values lead to more precise and robust risk assessment, see the Appendix.

    2.2.5 Risk severity level assessment

    6-10 hours

    Input: Risk events identified

    Output: Assessed the likelihood of occurrence and impact for all identified risk events

    Materials: Risk Register Tool

    Participants: IT risk council, Relevant business stakeholders, Representation from senior management team, Business risk owner

    Instructions:

    1. Document the “Risk Category” and “Existing Controls.” in the Risk Register Tool.
      • (See the slide following this activity for tips on identifying existing controls.)
    2. Assign each risk event a likelihood and impact level.
      • Remember, you are assessing the impact that a risk event will have on the organization as a whole, not just on IT.
    3. When assigning a financial impact level to a risk event, factor in the likely number of instances that the event will occur within the time frame for which you are assessing (usually one year).
      • For risk events like third-party service outages that typically occur a few times each year, assign them an impact level that reflects the likelihood of financial impact the risk event will have over the entire year.
      • E.g. If your organization is likely to experience two major service outages next year and each outage costs the organization approximately $15,000, the total financial impact is $30,000.

    Record results in the Risk Register Tool

    2.2.5 Risk severity level assessment (continued)

    Instructions (continued):
    1. Assign a risk owner to non-negligible risk events.
      • For organizations that practice ongoing risk management and frequently reassess their risk portfolio (minimum once per year), risk ownership does not need to be assigned to “Negligible” or low-level risks.
      • View the following slides for advice on how to select a risk owner and information on their responsibilities.
    2. As you input the first few likelihood and impact values, compare them to one another to ensure consistency and accuracy:
      • Is a service outage really twice as impactful as our primary software provider going out of business?
      • Is a data breach far more likely than a ›1 hour web-services outage?
    Tips for Selecting Likelihood Values:

    Does ~10% sound right?

    Test a likelihood estimate by assessing the truth of the following statements:

    • The risk event will likely occur once in the next ten years (if the environment remains nearly identical).
    • If ten organizations existed that were nearly identical to our own, it is likely that one out of ten would experience the risk event this year.

    Screenshot of a risk severity level assessment.

    Identify current risk controls

    Consider how IT is already addressing key risks.

    Types of current risk control

    Tactical controls

    Apply to individual risks only.

    Example: A tactical control for backup/replication failure is faster WAN lines.

    Tactical risk control Strategic controls

    Apply to multiple risks.

    Example: A strategic control for backup/replication failure is implementing formal DR plans.

    Strategic risk control
    Risk event Risk event Risk event

    Screenshot of the column headings on the risk severity level assessment with 'Current Controls' highlighted.
    Consider both tactical and strategic controls already in place when filling out risk event information in the Risk Register Tool.

    Info-Tech Insight

    Identifying existing risk controls (past risk responses) provides a clear picture of the measures already in place to avoid, mitigate, or transfer key risks. This reveals opportunities to improve existing risk controls, or where new strategies are needed, to reduce risk severity levels below business thresholds.

    Assign a risk owner for each risk event

    Designate a member of the IT risk council to be responsible for each risk event.

    Selecting the Appropriate Risk Owner

    Use the following considerations to determine the best owner for each risk:

    • The risk owner should be familiar with the process, project, or IT function related to the risk event.
    • The risk owner should have access to the necessary data to monitor and measure the severity of the risk event.
    • The risk owner’s performance assessment should reflect their ability to demonstrate the ongoing management of their assigned risk events.

    Screenshot of the column headings on the risk severity level assessment with 'Risk Owner' highlighted.

    Risk Owner Responsibilities

    Risk ownership means that an individual is responsible for the following activities:

    • Monitoring the threat or vulnerability for changes in the likelihood of occurrence and/or likely impact.
    • Monitoring changes in the market and external environment that may alter the severity of the risk event.
    • Monitoring changes of closely related risks with interdependencies.
    • Developing and using key risk indicators (KRIs) to measure changes in risk severity.
    • Regularly reporting changes in risk severity to the IT risk council.
    • If necessary, escalating the risk event to other IT risk council personnel or senior management for reassessment.
    • Monitoring risk severity levels for risk events after a risk response has been implemented.

    Use Info-Tech’s Risk Costing Tool to calculate the expected cost of IT’s high-priority risks (optional)

    Sample of the Risk Costing Tool.

    Use this tool to:

    1. Conduct a deeper analysis of severe risks.
      • Determine specific likelihood and financial impact values to communicate the severity of the risk in the Expected Cost tab.
      • Identify the maximum financial impact that the risk event may inflict.
    2. Assess the effectiveness of multiple risk responses for each risk event.
      • Determine how proposed risk events will change the likelihood of occurrence and financial impact of the risk event.
    3. Incorporate risk proximity into your cost-benefit analysis of risk responses.
      • Illustrate how spending decisions will impact the expected cost of the risk event over time.

    2.2.6 Expected cost assessment (optional)

    Assign likelihood and financial impact values to high-priority risks.

    Select risks with these characteristics:

    Strongly consider conducting an expected cost assessment for risk events that meet one or more of the following criteria.

    The risk:

    • Has been assigned to the highest risk severity level.
    • Has exposed the organization previously and had severe implications.
    • Exceeds the organization’s threshold for financial impact.
    • Involves an IT function that is highly visible to the business.
    • Will likely require risk response actions that will exceed current IT budgetary constraints.
    • Is conducive to expected cost assessment:
      • There is general consensus on likelihood estimates.
      • There is general consensus on financial impact estimates.
      • Historical data exists to support estimates.
    Determine which risks require a deeper assessment:

    Info-Tech recommends conducting a second-level assessment for 5-15% of your IT risk register.

    Communicating the expected cost of high-priority risks significantly increases awareness of IT risks by the business.

    Communicating risks to the business using their language also increases the likelihood that risk responses will receive the necessary support and investment


    Record the list of risk events requiring second-level assessment in the Risk Costing Tool.

    • Transfer the likelihood and impact levels for each event into the Risk Costing Tool using data from the Risk Register Tool.

    2.2.6 Expected cost assessment (continued)

    Assign likelihood and financial impact values to high-priority risks.

    Instructions:
    1. Go through the list of prioritized risks in the Risk Costing Tool one by one. Indicate the likelihood and impact level (from the Risk Register Tool) for the risk event being assessed.
    2. Record likelihood values (1-99%) and impact values ($) from participants.
      • Only record values from individuals that indicate they are fairly confident with their estimates.
      • Keep likelihood estimates to values that are multiples of five.
    3. Estimate and record the maximum impact that the risk event could inflict.
      • See Appendix III for information on how the possibility of high-impact scenarios may influence your decision making.
    4. Discuss the estimates provided. Eliminate outliers and retracted estimates.
      • If you are unable to achieve consensus, take the average of the values provided.
    5. If you are having difficulty arriving at a likelihood or impact value, select the median value of the level assigned to the risk during the risk severity level assessment.
      • E.g. Risk event assigned to likelihood level “Moderate” (20-39%). Select a likelihood value of 30%.

    Screenshot of the column headings on the risk severity level assessment with 'Optional Inherent Likelihood Parameters' and 'Optional Inherent Impact Parameters' highlighted.

    Who should participate?
    • Depending on the size of your IT risk council, you may want to consider conducting this exercise in a smaller group.
    • Ideally, you should try to find the right balance between ensuring that the necessary experience and knowledge is in the room while insulating the exercise from outlier opinions, noise, and distractions.

    Evaluate likelihood and impact

    Refine your risk assessment process by developing more accurate measurements of likelihood and impact.

    Intersubjective likelihood

    The goal of the expected cost assessment is to develop robust intersubjective estimates of likelihood and financial impact.

    By aggregating a number of expert opinions of what they deem to be the “correct” value, you will arrive at a collectively determined value that better reflects reality than an individual opinion.

    Example: The Delphi Method

    The Delphi Method is a common technique to produce a judgement that is representative of the collective opinion of a group.

    • Participants are sent a series of sequential questionnaires (typically by email).
    • The first questionnaire asks them what the likelihood, likely impact, and expected cost is for a specific risk event.
    • Data from the questionnaire is compiled and then communicated in a subsequent questionnaire, which encourages participants to restate or revise their estimates given the group’s judgements.
    • With each successive questionnaire, responses will typically converge around a single intersubjective value.
    Justifying Your Estimates:

    When asked to explain the numbers you arrived at during the risk assessment, pointing to an assessment methodology gives greater credibility to your estimates.

    • Assign one individual to take notes during the assessment exercise.
    • Have them document the main rationale behind each value and the level of consensus.

    Info-Tech Insight

    The underlying assumption behind intersubjective forecasting is that group judgements are more accurate than individual judgements. However, this may not be the case at all.

    Sometimes, a single expert opinion is more valuable than many uninformed opinions. Defining whose opinion is valuable and whose is not is an unpleasant exercise; therefore, selecting the right personnel to participate in the exercise is crucially important.

    Build an IT Risk Management Program

    Phase 3

    Monitor, Respond, and Report on IT Risk

    Phase 1

    • 1.1 Review IT Risk Management Fundamentals
    • 1.2 Establish a Risk Governance Framework

    Phase 2

    • 2.1 Identify IT Risks
    • 2.2 Assess and Prioritize IT Risks

    Phase 3

    • 3.1 Develop Risk Responses and Monitor IT Risks
    • 3.2 Report IT Risk Priorities

    This phase will walk you through the following activities:

    • Develop key risk indicators (KRIs) and escalation protocols
    • Establish the reporting schedule
    • Identify and assess risk responses
    • Analyze risk response cost-benefit
    • Create multi-year cost projections
    • Obtain executive approval for risk action plans
    • Socialize the Risk Report
    • Transfer ownership of risk responses to project managers
    • Finalize the Risk Management Program Manual

    This phase involves the following participants:

    • IT risk council
    • Relevant business stakeholders
    • Representation from senior management team
    • Risk business owner

    Step 3.1

    Monitor IT Risks and Develop Risk Responses

    Activities
    • 3.1.1 Develop key risk indicators (KRIs) and escalation protocols
    • 3.1.2 Establish the reporting schedule
    • 3.1.3 Identify and assess risk responses
    • 3.1.4 Risk response cost-benefit analysis
    • 3.1.5 Create multi-year cost projections

    This step involves the following participants:

    • IT risk council
    • Relevant business stakeholders
    • Representation from senior management team
    • Business risk owner

    Outcomes of this step

    • Completed risk event action plans
    • Risk responses identified and assessed for top risks
    • Risk response selected for top risks

    Monitor, Respond, and Report on IT Risk

    Step 3.1 Step 3.2

    Use Info-Tech’s Risk Event Action Plan to manage high-priority risks

    Manage risks in between risk assessments and create a paper trail for key risks that exceed the unacceptable risk threshold. Use a new form for every high-priority risk that requires tracking.

    Risk Event Action Plan Sample of the Risk Event Action Plan deliverable.

    Obtaining sign-off from the senior leadership team or from the ERM office is an important step of the risk management process. The Risk Event Action Plan ensures that high-priority risks are closely monitored and that changes in risk severity are detected and reported.

    Clear documentation is a way to ensure that critical information is shared with management so that they can make informed risk decisions. These reports should be succinct yet comprehensive; depending on time and resources, it is good practice to fill out this form and obtain sign-off for the majority of IT risks.

    3.1.1 Develop key risk indicators (KRIs) and escalation protocols

    The risk owner should be held accountable for monitoring their assigned risks but may delegate responsibility for these tasks.

    Instructions:
    1. Design key risk indicators (KRIs) for risks that measure changes in their severity and document them in the Risk Event Action Plan.
      • See the following slide for examples.
    2. Clearly document the risk owner and the individual(s) carrying out risk monitoring activities (delegates) in the Risk Event Action Plan.

    Note: Examples of KRIs can be found on the following slide.

    What are KRIs?
    • KRIs should be observable metrics that alert the IT risk council and management when risk severity exceeds acceptable risk thresholds.
    • KRIs should serve as tripwires or early-warning indicators that trigger further actions to be taken on the risk.
    • Further actions may include:
      • Escalation to the risk owner (if delegated) or to a member of the senior leadership team.
      • Reporting to the IT risk council or IT steering committee.
      • Reassessment.
      • Updating the risk monitoring schedule.

    Document KRIs, escalation thresholds, and escalation protocols for each risk in a Risk Event Action Plan.

    Developing KRIs for success

    Visualization of KRI development, from the 'Risk Event' to the 'Intermediate Steps' with 'KRI Measurements' to the image of a growing seed.

    Examples of KRIs

    • Number of resources who quit or were fired who had access to critical data
    • Number of risk mitigation initiatives unfunded
    • Changes in time horizon of mitigation implementation
    • Number of employees who did not report phishing attempts
    • Amount of time required to get critical operations access to necessary data
    • Number of days it takes to implement a new regulation or compliance control

    3.1.2 Establish the reporting schedule

    For each risk event, document how frequently the risk owner must report to the IT risk council in the Risk Event Action Plan.

    • A clear reporting schedule enforces accountability for each risk event, ensuring that risk owners are fulfilling their monitoring responsibilities.
    • The ongoing discussion of risks between assessment cycles also increases overall awareness of how IT risks are not static but constantly evolving.
    Reporting Risk Event
    Weekly reports to ITRC Risk event severity represented as a thermometer with levels 'Extreme', 'High', 'Moderate', 'Low', and 'Negligible'.
    Bi-weekly reports to ITRC
    Monthly reports to ITRC
    Report to ITRC only if KRI thresholds triggered
    No reports; reassessed bi-annually

    Use Info-Tech’s tools to identify, analyze, and select risk responses

    1

    (Mandatory)
    Tool

    Screenshot of the Risk Register Tool.

    Risk Register Tool

    Information
    • Develop risk responses for all risk events pre-populated on the “2. Risk Register” sheet of the Risk Register Tool.
    • Document the root cause of the risk (Activity 3.1.3) and other contributing factors (Activity 3.1.4).
    • Identify risk responses (Activity 3.1.5).
    • Predict the effectiveness of the risk response, if implemented, by estimating the residual likelihood and impact of the risk (Activity 3.1.5).
    • The tool will calculate the residual severity of the risk after applying the risk response.

    2

    (Optional)
    Tool

    Screenshot of the Risk Costing Tool.

    Risk Costing Tool

    Information
    • Continue your second-level risk analysis for top risks for which you calculated expected cost in section 2.2.
    • Activity 3.1.5:
      • Identify between one and four risk response options for each risk.
      • Develop precise values for residual likelihood and impact.
      • Compare expected cost of the risk event to expected residual cost.
      • Select the risk response to recommend to senior leadership and document it in the Risk Register Tool.

    Determine the root cause of IT risks

    Root cause analysis

    Use the “Five Whys” methodology to identify the root cause and contributing/exacerbating factors for each risk event.

    Diagnosing the root cause of a risk as well as the environmental factors that increase its potential impact and likelihood of occurring allow you to identify more effective risk responses.

    Risk responses that only address the symptoms of the risk are less likely to succeed than responses that address the core issue.

    Concentric circles with 'Root Cause' at the center, 'Contributing Factors' around it, and 'Symptoms' on the outer circle.

    Example of 'The Five Whys Methodology', tracing symptoms to their root cause. In 'Symptoms' we see 'Risk Event: Network outage', Why? 'Network congestion', Why? Then on to 'Contributing Factors' the answer is 'Inadequate bandwidth for latency-sensitive applications', Why? 'Increased business use of latency-sensitive applications', Why? And finally to the 'Root Cause', 'Business units rely on 'real-time' data gathered from latency-sensitive applications', Why?

    Identify factors that contribute to the severity of the risk

    Environmental factors interact with the root cause to increase the likelihood or impact of the risk event.

    What factors matter?

    Identify relevant actors and assets that amplify or diminish the severity of the risk.

    Actors

    • Internal (business units)
    • External (vendor, regulator, market, competitor, hostile actor)

    Assets/Resources

    • Infrastructure
    • Applications
    • Processes
    • Information/data
    • Personnel
    • Reputation
    • Operations
    Develop risk responses that target contributing factors.
    Root cause:
    Business units rely on “real-time” data gathered from latency-sensitive applications

    Actors: Enterprise App users (Finance, Product Development, Product Management)

    Asset/resource: Applications, network

    Risk response:
    Decrease the use of latency-sensitive applications.

    X

    Decreasing the use of key apps contradicts business objectives.

    Contributing factors:
    Unreliable router software

    Actors: Network provider, router vendor, router software vendor, IT department

    Asset/resource: Network, router, router software

    Risk response:
    Replace the vendor that provides routers and router software.

    Replacing the vendor would reduce network outages at a relatively low cost.

    Symptoms:
    Network outage

    Actors: All business units, network provider

    Asset/resource: Network, business operations, employee productivity

    Risk response:
    Replace legacy systems.

    X

    Replacing legacy systems would be too costly.

    3.1.3 Identify and assess risk responses

    Instructions:
    Complete the following steps for each risk event.
    1. Identify a risk response action that will help reduce the likelihood of occurrence or the impact if the event were to occur.
      • Indicate the type of risk response (avoidance, mitigation, transfer, acceptance, or no risk exists).
    2. Assign each risk response action a residual likelihood level and a residual impact level.
      • This is the same step performed in Activity 2.2.6, when initial likelihood and impact levels were determined; however, now you are estimating the likelihood and impact of the risk event after the risk response action has been implemented successfully.
      • The Risk Register Tool will generate a residual risk severity level for each risk event.
    3. Identify the potential Risk Action Owner (Project Manager) if the response is selected and turned into an IT project, and document this in the Risk Register Tool.
    Document the following in the Risk Event Action Plan for each risk event:
      • Risk response actions
      • Residual likelihood and impact levels
      • Residual risk severity level
    • Review the following slides about the four types of risk response to help complete the activity.
      1. Avoidance
      2. Mitigation
      3. Transfer
      4. Acceptance

    Record the results in the Risk Event Action Plan.

    Take actions to avoid the risk entirely

    Risk Avoidance

    • Risk avoidance involves taking evasive maneuvers to avoid the risk event.
    • Risk avoidance targets risk likelihood, decreasing the likelihood of the risk event occurring.
    • Since risk avoidance measures are fairly drastic, the likelihood is often reduced to negligible levels.
    • However, risk avoidance response actions often sacrifice potential benefits to eliminate the possibility of the risk entirely.
    • Typically, risk avoidance measures should only be taken for risk events with extremely high severity and when the severity (expected cost) of the risk event exceeds the cost (benefits sacrificed) of avoiding the risk.

    Example

    Risk event: Information security vulnerability from third-party cloud services provider.

    • Risk avoidance action: Store all data in-house.
    • Benefits sacrificed: Cost savings, storage flexibility, etc.
    Stock photo of a person hikiing along a damp, foggy, valley path.

    Pursue projects that reduce the likelihood or impact of the risk event

    Risk Mitigation

    • Risk mitigation actions are risk responses that reduce the likelihood and impact of the risk event.
    • Risk mitigation actions can be to either implement new controls or enhance existing ones.
    Example 1

    Most risk responses will reduce both the likelihood of the risk event occurring and its potential impact.

    Example

    Mitigation: Purchase and implement enterprise mobility management (EMM) software with remote wipe capability.

    • EMM reduces the likelihood that sensitive data is accessed by a nefarious actor.
    • The remote-wipe capability reduces the impact by closing the window that sensitive data can be accessed from.
    Example 2

    However, some risk responses will have a greater effect on decreasing the likelihood of a risk event with little effect on decreasing impact.

    Example

    Mitigation: Create policies that restrict which personnel can access sensitive data on mobile devices.

    • This mitigation decreases the number of corporate phones that have access to (or are storing) sensitive data, thereby decreasing the likelihood that a device is compromised.
    Example 3

    Others will reduce the potential impact without decreasing its likelihood of occurring.

    Example

    Mitigation: Use robust encryption for all sensitive data.

    • Corporate-issued mobile phones are just as likely to fall into the hands of nefarious actors, but the financial impact they can inflict on the organization is greatly reduced.

    Pursue projects that reduce the likelihood or impact of the risk event (continued)

    Use the following IT functions to guide your selection of risk mitigation actions:

    Process Improvement

    Key processes that would most directly improve the risk profile:

    • Change Management
    • Project Management
    • Vendor Management
    Infrastructure Management
    • Disaster Recovery Plan/Business Continuity Plan
    • Redundancy and Resilience
    • Preventative Maintenance
    • Physical Environment Security
    Personnel
    • Greater staff depth in key areas
    • Increased discipline around documentation
    • Knowledge Management
    • Training
    Rationalization and Simplification

    This is a foundational activity, as complexity is a major source of risk:

    • Application Rationalization – reducing the number of applications
    • Data Management – reducing the volume and locations of data

    Transfer risks to a third party

    Risk transfer: the exchange of uncertain future costs for fixed present costs.

    Insurance

    The most common form of risk transfer is the purchase of insurance.

    • The uncertain future cost of an IT risk event can be transferred to an insurance company who assumes the risk in exchange for insurance premiums.
    • The most common form of IT-relevant insurance is cyberinsurance.

    Not all risks can be insured. Insurable risks typically possess the following five characteristics:

    1. The loss must be accidental (the risk event cannot be insured if it could have been avoided by taking reasonable actions).
    2. The insured cannot profit from the occurrence of the risk event.
    3. The loss must be able to be measured in monetary terms.
    4. The organization must have an insurable interest (it must be the party that incurs the loss).
    5. An insurance company must offer insurance against that risk.
    Other Forms of Risk Transfer

    Other forms of risk transfer include:

    • Self-insurance
      • Appropriate funds can be set aside in advance to address the financial impact of a risk event should it occur.
    • Warranties
    • Contractual transfer
      • The financial impact of a risk event can be transferred to a third party through clauses agreed to in a contract.
      • For example, a vendor can be contractually obligated to assume all costs resulting from failing to secure the organization’s data.
    • Example email addressing fields of an IT Risk Transfer to an insurance company.

    Accept risks that fall below established thresholds

    Risk Acceptance

    Accepting a risk means tolerating the expected cost of a risk event. It is a conscious and deliberate decision to retain the threat.

    You may choose to accept a risk event for one of the following three reasons:

    1. The risk severity (expected cost) of the risk event falls below acceptability thresholds and does not justify an investment in a risk avoidance, mitigation, or transfer measure.
    2. The risk severity (expected cost) exceeds acceptability thresholds but all effective risk avoidance, mitigation, and transfer measures are ineffective or prohibitively expensive.
    3. The risk severity (expected cost) exceeds acceptability thresholds but there are no feasible risk avoidance, mitigation, and transfer measures to be implemented.

    Info-Tech Insight

    Constant monitoring and the assignment of responsibility and accountability for accepted risk events is crucial for effective management of these risks. No IT risk should be accepted without detailed documentation outlining the reasoning behind that decision and evidence of approval by senior management.

    3.1.4 Risk response cost-benefit analysis (optional)

    The purpose of a cost-benefit analysis (CBA) is to guide financial decision making.

    This helps IT make risk-conscious investment decisions that fall within the IT budget and helps the organization make sound budgetary decisions for risk response projects that cannot be addressed by IT’s existing budget.

    Instructions:
    1. Reopen the Risk Costing Tool. For each risk that you conducted an expected cost assessment in section 2.2 for, find the Excel sheet that corresponds to the risk number (e.g. R001).
    2. Identify between one and four risk response options for the risk event and document them in the Risk Costing Tool.
      • The “Risk Response 1” field will be automatically populated with expected cost data for a scenario where no action was taken (risk acceptance). This will serve as a baseline for comparing alternative responses.
      • For the following steps, go through the risk responses one by one.
    3. Estimate the first-year cost for the risk response.
      • This cost should reflect initial capital expenditures and first-year operating expenditures.
    Screenshot of the Risk Response cost-benefit-analysis from the Risk Costing Tool with 'Capital Expenditures' and 'Operating Expenditures' highlighted.

    Record the results in the Risk Costing Tool.

    3.1.4 Risk response cost-benefit analysis (continued)

    The purpose of a cost-benefit analysis (CBA) is to guide financial decision making.

    Instructions:

    1. Estimate residual risk likelihood and financial impact for Year 1 with the risk response in place.
      • Rather than estimating the likelihood level (low, medium, high), determine a precise likelihood value of the risk event occurring once the response has been implemented.
      • Estimate the dollar value of financial impacts if the risk event were to occur with the risk response in place.
      • Screenshot of the Risk Response cost-benefit-analysis from the Risk Costing Tool with figured for 'Financial Impact' and 'Probability' highlighted. The tool will calculate the expected residual cost of the risk event: (Financial Impact x Likelihood) - Costs = Expected Residual Cost
    2. Select the highest value risk response and document it in the Risk Register Tool.
    3. Document your analysis and recommendations in the Risk Event Action Plan.

    Note: See Activity 3.1.5 to build multi-year cost projections for risk responses.

    3.1.5 Create multi-year cost projections (optional)

    Select between risk response options by projecting their costs and benefits over multiple years.

    • It can be difficult to choose between risk response options that require different payment schedules. A risk response project with costs spread out over more than one year (e.g. incremental upgrades to an IT system) may be more advantageous than a project with costs concentrated up front that may cost less in the long run (e.g. replacing the system).
    • However, the impact that risk response projects have on reducing risk severity is not necessarily static. For example, an expensive project like replacing a system may drastically reduce the risk severity of a system failure. Whereas, incremental system upgrades may only marginally reduce risk severity in the short term but reach similar levels as a full system replacement in a few years.
    Instructions:

    Calculate expected cost for multiple years using the Risk Costing Tool for:

    • Risk events that are subject to change in severity over time.
    • Risk responses that reduce the severity of the risk gradually.
    • Risk responses that cannot be implemented immediately.

    Copy and paste the graphs into the Risk Report and the Risk Event Action Plan for the risk event.

    Sample charts on the cost of risk responses from the Risk Costing Tool.

    Record the results in the Risk Costing Tool.

    Step 3.2

    Report IT Risk Priorities

    Activities
    • 3.2.1 Obtain executive approval for risk action plans
    • 3.2.2 Socialize the Risk Report
    • 3.2.3 Transfer ownership of risk responses to project managers
    • 3.2.4 Finalize the Risk Management Program Manual

    This step involves the following participants:

    • IT risk council
    • Relevant business stakeholders
    • Representation from senior management team

    Outcomes of this step

    • Obtained approval for risk action plans
    • Communicated IT’s risk recommendations to senior leadership
    • Embedded risk management into day-to-day IT operations

    Monitor, Respond, and Report on IT Risk

    Step 3.1 Step 3.2

    Effectively deliver IT risk expertise to the business

    Communicate IT risk management in two directions:

    1. Up to senior leadership (and ERM if applicable)
    2. Down to IT employees (embedding risk awareness)
    3. Visualization of communicating Up to 'Senior Leadership' and Down to 'IT Personnel'.

    Create a strong paper trail and obtain sign-off for the ITRC’s recommendations.

    Now that you have collected all of the necessary raw data, you must communicate your insights and recommendations effectively.

    A fundamental task of risk management is communicating risk information to senior management. It is your responsibility to enable them to make informed risk decisions. This can be considered upward communication.

    The two primary goals of upward communication are:

    1. Transferring accountability for high-priority IT risks to the ERM or to senior leadership.
    2. Obtaining funds for risk response projects recommended by the ITRC.

    Good risk management also has a trickle-down effect impacting all of IT. This can be considered downward communication.

    The two primary goals of downward communication are:

    1. Fostering a risk-aware IT culture.
    2. Ensuring that the IT risk management program maintains momentum and runs effectively.

    3.2.1 Obtain executive approval for risk action plans

    Best Practices and Key Benefits

    Best practice is for all acceptable risks to also be signed-off by senior leadership. However, for ITRCs that brainstorm 100+ risks, this may not be possible. If this is the case, prioritize accepted risks that were assessed to be closest to the organization’s thresholds.

    By receiving a stamp of approval for each key risk from senior management, you ensure that:

    1. The organization is aware of important IT risks that may impact business objectives.
    2. The organization supports the risk assessment conducted by the ITRC.
    3. The organization supports the plan of action and monitoring responsibilities proposed by the ITRC.
    4. If a risk event were to occur, the organization holds ultimate accountability.
    Sample of the Risk Event Action Plan template.

    Task:
    All IT risks that were flagged for exceeding the organization’s severity thresholds must obtain sign-off by the CIO or another member of the senior leadership team.

    • In the assessment phase, you evaluated risks using severity thresholds approved by the business and determined whether or not they justified a risk response.
    • Whether your recommendation was to accept the risk or to analyze possible risk responses, the business should be made aware of most IT risks.

    3.2.2 Socialize the risk report

    Create a succinct, impactful document that summarizes the outcomes of risk assessment and highlights the IT risk council’s top recommendations to the senior leadership team.

    The Risk Report contains:
    • An executive summary page highlighting the main takeaways for senior management:
      • A short summary of results from the most recent risk assessment
      • Dashboard
      • A list of top 10 risks ordered from most severe to least
    • Subsequent individual risk analyses (1 to 10)
      • Detailed risk assessment data
      • Risk responses
      • Risk response analysis
      • Multi-year cost projection (see the following slide)
      • Dashboard
      • Recommendations
    Sample of the Risk Report template.

    Risk Report

    Pursue projects that reduce the likelihood or impact of the risk event

    Encourage risk awareness to extend the benefits of risk management to every aspect of IT.

    Benefits of risk awareness:

    • More preventative and proactive approaches to IT projects are discussed and considered.
    • Changes to the IT threat landscape are more likely to be detected, communicated, and acted upon.
    • IT possesses a realistic perception of its ability to perform functions and provide services.
    • Contingency plans are put in place to hedge against risk events.
    • Fewer IT risks go unidentified.
    • CIOs and business executives make better risk decisions.

    Consequences of low risk awareness:

    • False confidence about the number of IT risks impacting the organization and their severity.
    • Risk-relevant information is not communicated to the ITRC, which may result in inaccurate risk assessments.
    • Confusion surrounding whose responsibility it is to consider how risk impacts IT decision making.
    • Uncertainty and panic when unanticipated risks impact the IT department and the organization.

    Embedding risk management in the IT department is a full-time job

    Take concrete steps to increase risk-aware decision making in IT.

    The IT risk council plays an instrumental role in fostering a culture of risk awareness throughout the IT department. In addition to periodic risk assessments, fulfilling reporting requirements, and undertaking ongoing monitoring responsibilities, members of the ITRC can take a number of actions to encourage other IT employees to adopt a risk-focused approach, particularly at the project planning stage.

    Embed risk management in project planning

    Make time for discussing project risks at every project kick-off.
    • A main benefit of including senior personnel from across IT in the ITRC is that they are able to disseminate the IT risk council’s findings to their respective practices.
    • At project kick-off meetings, schedule time to identify and assess project-specific risks.
    • Encourage the project team to identify strategies to reduce the likelihood and impact of those risks and document these in the project charter.
    • Lead by example by being clear and open about what constitutes acceptable and unacceptable risks.

    Embed risk management with employee

    Train IT staff on the ITRC’s planned responses to specific risk events.
    • If a response to a particular risk event is not to implement a project but rather to institute new policies or procedures, ensure that changes are communicated to employees and that they receive training.
    Provide risk management education opportunities.
    • Remember that a more risk-aware IT employee provides more value to the organization.
    • Invest in your employees by encouraging them to pursue education opportunities like receiving risk management accreditation or providing them with educational experiences such as workshops, seminars, and eLearning.

    Embedding risk management in the IT department is a full-time job (continued)

    Encourage risk awareness by adjusting performance metrics and job titles.

    Performance metrics:

    Depending on the size of your IT department and the amount of resources dedicated to ongoing risk management, you may consider embedding risk management responsibilities into the performance assessments of certain ITRC members or other IT personnel.

    • Personalize the risk management program metrics you have documented in your Risk Management Program Manual.
    • Evidence that KPIs are monitored and frequently reported is also a good indicator that risk owners are fulfilling their risk management responsibilities.
    • Info-Tech Insight

      If risk management responsibilities are not built into performance assessments, it is less likely that they will invest time and energy into these tasks. Adding risk management metrics to performance assessments directly links good job performance with good risk management, making it more likely that ITRC activities and initiatives gain traction throughout the IT department.

    Job descriptions:

    Changing job titles to reflect the focus of an individual’s role on managing IT risk may be a good way to distinguish personnel tasked with developing KRIs and monitoring risks on a week-to-week basis.

    • Some examples include IT Risk Officer, IT Risk Manager, and IT Risk Analyst.

    3.2.3 Transfer ownership of risk responses to project managers

    Once risk responses have obtained approval and funding, it is time to transform them into fully-fledged projects.

    Image of a hand giving a key to another hand and a circle split into quadrants of Governance with 'Governance of Risks' being put into 'Governance of Projects'.

    3.2.4 Finalize the Risk Management Program Manual

    Go back through the Risk Management Program Manual and ensure that the material will accurately reflect your approach to risk management going forward.

    Remember, the program manual is a living document that should be evolving alongside your risk management program, reflecting best practices, knowledge, and experiences accrued from your own assessments and experienced risk events.

    The best way to ensure that the program manual continues to guide and document your risk management program is to make it the focal point of every ITRC meeting and ensure that one participant is tasked with making necessary adjustments and additions.

    Sample of the Risk Management Program Manual. Risk Management Program Manual

    “Upon completing the Info-Tech workshop, the deliverables that we were left with were really outstanding. We put together a 3-year project plan from a high level, outlining projects that will touch upon our high risk areas.” (Director of Security & Risk, Water Management Company)

    Don’t allow your risk management program to flatline

    54% of small businesses haven’t implemented controls to respond to the threat of cyber attacks (Source: Insurance Bureau of Canada, 2021)

    Don’t be lulled into a false sense of security. It might be your greatest risk.

    So you’ve identified the most important IT risks and implemented projects to protect IT and the business.

    Unfortunately, your risk assessment is already outdated.

    Perform regular health checks to keep your finger on the pulse of the key risks threatening the business and your reputation.

    To continue the momentum of your newly forged IT risk management program, read Info-Tech’s research on conducting periodic risk assessments and “health checks”:

    Revive Your Risk Management Program With a Regular Health Check

    • Complete Info-Tech’s Risk Management Health Check to seize the momentum you created by building a robust IT risk management program and create a process for conducting periodic health checks and embedding ongoing risk management into every aspect of IT.
    • Our focus is on using data to make IT risk assessment less like an art and more like a science. Ongoing data-driven risk management is self-improving and grounded in historical data.

    Appendix I: Familiarize yourself with key risk terminology

    Review important risk management terms and definitions.

    Risk

    An uncertain event or set of events which, should it occur, will have an effect on the achievement of objectives. A risk consists of a combination of the likelihood of a perceived threat or opportunity occurring and the magnitude of its impact on objectives (Office of Government Commerce, 2007).

    Threat

    An event that can create a negative outcome (e.g. hostile cyber/physical attacks, human errors).

    Vulnerability

    A weakness that can be taken advantage of in a system (e.g. weakness in hardware, software, business processes).

    Risk Management

    The systematic application of principles, approaches, and processes to the tasks of identifying and assessing risks, and then planning and implementing risk responses. This provides a disciplined environment for proactive decision making (Office of Government Commerce, 2007).

    Risk Category

    Distinct from a risk event, a category is an abstract profile of risk. It represents a common group of risks. For example, you can group certain types of risks under the risk category of IT Operations Risks.

    Risk Event

    A specific occurrence of an event that falls under a particular risk category. For example, a phishing attack is a risk event that falls under the risk category of IT Security Risks.

    Risk Appetite

    An organization’s attitude towards risk taking, which determines the amount of risk that it considers acceptable. Risk appetite also refers to an organization’s willingness to take on certain levels of exposure to risk, which is influenced by the organization’s capacity to financially bear risk.

    Enterprise Risk Management

    (ERM) – A strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of organizational risks and managing the combined impact of those risks as an interrelated risk portfolio (RIMS, 2015).

    Appendix II: Likelihood vs. Frequency

    Why we measure likelihood, not frequency:

    The basic formula of Likelihood x Impact = Severity is a common methodology used across risk management frameworks. However, some frameworks measure likelihood using Frequency rather than Likelihood.

    Frequency is typically measured as the number of instances an event occurs over a given period of time (e.g. once per month).

    • For risk assessment, historical data regarding the frequency of a risk event is commonly used to indicate the likelihood that the event will happen in the future.

    Likelihood is a numerical representation of the “degree of belief” that the risk event will occur in a given future timeframe (e.g. 25% likelihood that the event will occur within the next year).

    False Objectivity

    While some may argue that frequency provides an objective measurement of likelihood, it is well understood in the field of likelihood theory that historical data regarding the frequency of a risk event may have little bearing over the likelihood of that event happening in the future. Frequency is often an indication of future likelihood but should not be considered an objective measurement of it.

    Likelihood scales that use frequency underestimate the magnitude of risks that lack historical precedent. For example, an IT department that has never experienced a high-impact data breach would adopt a very low likelihood score using the frequentist approach. However, if all of the organization’s major competitors have suffered a major breach within the last two years, they ought to possess a much higher degree of belief that the risk event will occur within the next year.

    Likelihood is a more comprehensive measurement of future likelihood, as frequency can be used to inform the selection of a likelihood value. The process of selecting intersubjective likelihood values will naturally internalize historical data such as the frequency that the event occurred in the past. Further, the frequency that the event is expected to occur in the future can be captured by the expected impact value. For example, a risk event that has an expected impact per occurrence of $10,000 that is expected to occur three times over the next year has an expected impact of $30,000.

    Appendix III: Should max impacts sway decision making?

    Don’t just fixate on the most likely impact – be aware of high-impact outcomes.

    During assessment, risks are evaluated according to their most likely financial impact.

    • For example, a service outage will likely last for two hours and may have an expected cost of $14,000.

    Naturally, focusing on the most likely financial impact will exclude higher impacts that – while theoretically possible – are so unlikely that they do not warrant any real consideration.

    • For example, it is possible that a service outage could last for days; however, the likelihood for such an event may be well below 1%.

    While the risk severity level assessment allows you to present impacts as a range of values (e.g. $50,000 to $75,000), the expected cost assessment requires you to select specific values.

    • However, this analysis may fail to consider much higher potential impacts that have non-negligible likelihood values (likelihood values that you cannot ignore).
    • What you consider “non-negligible” will depend on your organizational risk tolerance/appetite.

    Sometimes called Black Swan events or Fat-Tailed outcomes, high-impact events may occur when the far right of the likelihood distribution – or the “tail” – is thicker than a normal distribution (see fig. 2).

    • A good example is a data breach. While small to medium impacts are far more likely to occur than a devastating intrusion, the high-impact scenario cannot be ignored completely.

    For risk events that contain non-negligible likelihoods (too high to be ignored) consider elevating the risk severity level or expected cost.

    Figure 1 is a graph presenting a 'Normal Likelihood Distribution', the axes being 'Likelihood' and 'Financial Impact'.
    Figure 2 is a graph presenting a 'Fat-Tailed Likelihood Distribution' with a point at the top of the parabola labelled 'Most Likely Impact' but with a much wider bottom labelled 'Fat-Tailed Outcomes', the axes being 'Likelihood' and 'Financial Impact'.

    Leverage Info-Tech’s research on security and compliance risk to identify additional risk events

    Title card of the Info-tech blueprint 'Take Control of Compliance Improvement to Conquer Every Audit' with subtitle 'Don't gamble recklessly with external compliance. Play a winning system and take calculated risks to stack the odds in your favor.


    Take Control of Compliance Improvement to Conquer Every Audit

    Info-Tech Insight

    Don’t gamble recklessly with external compliance. Play a winning system and take calculated risks to stack the odds in your favor.

    Take an agile approach to analyze your gaps and prioritize your remediations. You don’t always have to be fully compliant as long as your organization understands and can live with the consequences.

    Stock photo of a woman sitting at a computer surrounded by rows of computers.


    Develop and Implement a Security Risk Management Program

    Info-Tech Insight

    Security risk management equals cost effectiveness.

    Time spent upfront identifying and prioritizing risks can mean the difference between spending too much and staying on budget.

    Research Contributors and Experts

    Sandi Conrad
    Principal Research Director
    Info-Tech Research Group

    Christine Coz
    Executive Counsellor
    Info-Tech Research Group

    Milena Litoiu
    Principal Research Director
    Info-Tech Research Group

    Scott Magerfleisch
    Executive Advisor
    Info-Tech Research Group

    Aadil Nanji
    Research Director
    Info-Tech Research Group

    Andy Neill
    Associate Vice-President of Research
    Info-Tech Research Group

    Daisha Pennie
    IT Risk Management
    Oklahoma State University

    Ken Piddington
    CIO and Executive Advisor
    MRE Consulting

    Frank Sewell
    Research Director
    Info-Tech Research Group

    Andrew Sharpe
    Research Director
    Info-Tech Research Group

    Chris Warner
    Consulting Director- Security
    Info-Tech Research Group

    Sterling Bjorndahl
    Director of IT Operations
    eHealth Saskatchewan

    Research Contributors and Experts

    Ibrahim Abdel-Kader
    Research Analyst
    Info-Tech Research Group

    Tamara Dwarika
    Internal Auditor
    A leading North American Utility

    Anne Leroux
    Director
    ES Computer Training

    Ian Mulholland
    Research Director
    Info-Tech Research Group

    Michel Fossé
    Consulting Services Manager
    IBM Canada (LGS)

    Petar Hristov
    Research Director
    Info-Tech Research Group

    Steve Woodward
    Research Director
    CEO, Cloud Perspectives

    *Plus 10 additional interviewees who wish to remain anonymous.

    Bibliography

    “2021 State of the CIO.” IDG, 28 January 2021. Web.

    “4 Reasons Why CIOs Lose Their Jobs.” Silverton Consulting, 2012. Web.

    Beasley, Mark, Bruce Branson, and Bonnie Hancock. “The State of Risk Oversight,” AICPA, April 2021. Web.

    COBIT 2019. ISACA, 2019. Web.

    “Cognyte jeopardized its database exposing 5 billion records, including earlier data breaches.” SecureBlink, 21 June 2021. Web.

    Culp, Steve. “Accenture 2019 Global Risk Management Study, Financial Services Report.” Accenture, 2019. Web.

    Curtis, Patchin, and Mark Carey. “Risk Assessment in Practice.” COSO Committee of Sponsoring Organizations of the Treadway Commission, Deloitte & Touche LLP, 2012. Web.

    “Cyber Risk Management.” Insurance Bureau of Canada (IBC), 2022. Web.

    Eccles, Robert G., Scott C. Newquist, and Roland Schatz. “Reputation and Its Risks.” Harvard Business Review, February 2007. Web.

    Eden, C. and F. Ackermann. Making Strategy: The Journey of Strategic Management. Sage Publications, 1998.

    “Enterprise Risk Management Maturity Model.” OECD, 9 February 2021. Web.

    Ganguly, Saptarshi, Holger Harreis, Ben Margolis, and Kayvaun Rowshankish. “Digital Risks: Transforming risk management for the 2020s.” McKinsey & Company, 10 February 2017. Web.

    “Governance Institute of Australia Risk Management Survey 2020.” Governance Institute of Australia, 2020. Web.

    “Guidance on Enterprise Risk Management.” COSO, 2022. Web.

    Henriquez, Maria. “The Top 10 Data Breaches of 2021” Security Magazine, 9 December 2021. Web.

    Holmes, Aaron. “533 million Facebook users’ phone numbers and personal data have been leaked online.” Business Insider, 3 April 2021. Web.

    Bibliography

    “Integrated Risk and Compliance Management for Banks and Financial Services Organizations: Benefits of a Holistic Approach.” MetricStream, 2022. Web.

    “ISACA’s Risk IT Framework Offers a Structured Methodology for Enterprises to Manage Information and Technology Risk.” ISACA, 25 June 2020. Web.

    ISO 31000 Risk Management. ISO, 2018. Web.

    Lawton, George. “10 Enterprise Risk Management Trends in 2022.” TechTarget, 2 February 2022. Web.

    Levenson, Michael. “MGM Resorts Says Data Breach Exposed Some Guests’ Personal Information.” The New York Times, 19 February 2020. Web.

    Management of Risk (M_o_R): Guidance for Practitioners. Office of Government Commerce, 2007. Web.

    “Many small businesses vulnerable to cyber attacks.” Insurance Bureau of Canada (IBC), 5 October 2021.

    Maxwell, Phil. “Why risk-informed decision-making matters.” EY, 3 December 2019. Web.

    “Measuring and Mitigating Reputational Risk.” Marsh, September 2014. Web.

    Natarajan, Aarthi. “The Top 6 Business Risks you should Prepare for in 2022.” Diligent, 22 December 2021. Web.

    “Operational Risk Management Excellence – Get to Strong Survey: Executive Report.” KMPG and RMA, 2014. Web.

    “Third-party risk is becoming a first priority challenge.” Deloitte, 2022. Web.

    Thomas, Adam, and Dan Kinsella. “Extended Enterprise Risk Management Survey, 2020.” Deloitte, 2021. Web.

    Treasury Board Secretariat. “Guide to Integrated Risk Management.” Government of Canada, 12 May 2016. Web.

    Webb, Rebecca. “6 Reasons Data is Key for Risk Management.” ClearRisk, 13 January 2021. Web.

    “What is Enterprise Risk Management (ERM)?” RIMS, 2015. Web.

    Wiggins, Perry. “Do you spend enough time assessing strategic risks?” CFO, 26 January 2022. Web.

    Renovate the Data Center

    • Buy Link or Shortcode: {j2store}497|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Data Center & Facilities Optimization
    • Parent Category Link: /data-center-and-facilities-optimization
    • 33% of enterprises will be undertaking facility upgrades or refreshes in 2010 aimed at extending the life of their existing data centers.
    • Every upgrade or refresh targeting specific components in the facility to address short-term pain will have significant impact on the data center environment as a whole. Planning upfront and establishing a clear project scope will minimize expensive changes in later years.
    • This solution set will provide you with step-by-step design, planning, and selection tools to define a Data Center renovation plan to reduce cost and risk while supporting cost-effective long-term growth for power, cooling, standby power, and fire protection renovations.

    Our Advice

    Critical Insight

    • 88% of organizations cited they would spend more time and effort on documenting and identifying facility requirements for initial project scoping. Organizations can prevent scope creep by conducting the necessary project planning up front and identify requirements and the effect that the renovation project will have in all areas of the data center facility.
    • Data Center facilities renovations must include the specific requirements related to power provisioning, stand-by power, cooling, and fire protection - not just the immediate short-term pain.
    • 39% of organizations cited they would put more emphasis on monitoring contractor management and performance to improve the outcome of the data center renovation project.

    Impact and Result

    • Early internal efforts to create a budget and facility requirements yields better cost and project outcomes when construction begins. Each data center renovation project is unique and should have its own detailed budget.
    • Upfront planning and detailed project scoping can prevent a cascading impact on data center renovation projects to other areas of the data center that can increase project size, scope and spend.
    • Contractor selection is one of the most important first steps in a complex data center renovation. Organizations must ensure the contractor selected has experience specifically in data center renovation.

    Renovate the Data Center Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and understand the renovation project.

    • Storyboard: Renovate the Data Center
    • None
    • Data Center Annual Review Checklist

    2. Renovate power in the data center.

    • Data Center Power Requirements Calculator

    3. Renovate cooling in the data center.

    • Data Center Cooling Requirements Calculator

    4. Renovate standby power in the data center.

    • Data Center Standby Power Requirements Calculator

    5. Define current and future fire protection requirements.

    • Fire Protection & Suppression Engineer Selection Criteria Checklist
    • None

    6. Assess the opportunities and establish a clear project scope.

    • Data Center Renovation Project Charter
    • Data Center Renovation Project Planning & Monitoring Tool

    7. Establish a budget for the data center renovation project.

    • Data Center Renovation Budget Tool

    8. Select a general contractor to execute the project.

    • None
    • Data Center Renovation Contractor Scripted Interview
    • Data Center Renovation Contractor Scripted Interview Scorecard
    • Data Center Renovation Contractor Reference Checklist
    [infographic]

    DORA - Article 7 — Explained

    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A

    Intro

    While this text is about DORA requirements, it is really about resilient availability of your service. Even if you are not bound to this regulation, maybe you are not a financial services provider, the requirements and tips on how to get there are invaluable to your client satisfaction.

    Legal text

    In order to address and manage ICT risk, financial entities shall use and maintain updated ICT systems, protocols and tools that are:
    (a) appropriate to the magnitude of operations supporting the conduct of their activities, in accordance with the
    proportionality principle as referred to in Article 4;
    (b) reliable;
    (c) equipped with sufficient capacity to accurately process the data necessary for the performance of activities and the timely provision of services, and to deal with peak orders, message or transaction volumes, as needed, including where new technology is introduced;
    (d) technologically resilient in order to adequately deal with additional information processing needs as required under
    stressed market conditions or other adverse situations.

    What do you need to do?

    • Determine what systems you need.
    • Inventory the systems you have.
    • Make sure your systems and applications are sized right for your business
      • and made resilient according to the business functions they support
        in relation to the size of the business functions they support (proportionality)
      • and are reliable, meaning they produce consistent results
      • and are resilient, meaning they can withstand adverse effects where needed 

    How do you do this?

    For requirement (a)

    • Identify the capacity requirements for your services
    • Also identify the capacity requirements in case of serious decapacitating events (Business continuity)
    • Detail your capacity management plan so that you can meet the requirements
    • Test your systems for compliamce with these requirements

    For requirement (b)

    • Show the parts of your IT policy that deals with availability, 
    • Show the technical Disaster recovery plans and their execution reports (ideally over a number of years)
    • Show the availability reports for your systems.
    • Show the vulnerability management reports for your systems (optional)

    For requirement (C)

    • Show the availability reports for your systems: this is really the end-result: if you can show that your systems are available even under heavy load, you have won half the battle.
    • Show the capacity requirements for your systems. This is where you can prove you really thought about demad for your service.
    • Show the capacity monitoring plans, plans and roadmaps and reports for your systems
    •  Show the load testing reports executed on your systems

     For requirement (d)

    • Show the identified attacks scenarios and you defend against them
    •  Show the results of your resilience test plans: talk about High availability, Disaster recovery, and manual workaround or alternative workflows (that is business continuity.)

    Many of these solutions will depend on the the solutions and responses to other DORA requirements.

     

    dora

    2021 Q3 Research Highlights

    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: The Briefs
    • Parent Category Link: /the-briefs
    Our research team is a prolific bunch! Every quarter we produce lots of research to help you get the most value out of your organization. This PDF contains a selection of our most compelling research from the third quarter of 2021.

    Implement and Mature Your User Experience Design Practice

    • Buy Link or Shortcode: {j2store}430|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Requirements & Design
    • Parent Category Link: /requirements-and-design

    Many organizations want to get to market quickly and on budget but don’t know the steps to get the right product/service to satisfy the users and business. This may be made apparent through uninformed decisions leading to lack of adoption of your product or service, rework due to post-implementation user feedback, or the competition discovering new approaches that outshine yours.

    Our Advice

    Critical Insight

    Ensure your practice has a clear understanding of the design problem space – not just the solution. An understanding of the user is critical to this.

    Impact and Result

    • Create a practice that is focused on human outcomes; it starts and ends with the people you are designing for. This includes:
      • Establishing a practice with a common vision.
      • Enhancing the practice through four design factors.
      • Communicating a roadmap to improve your business through design.
    • Create a practice that develops solutions specific to the needs of users, customers, and stakeholders.

    Implement and Mature Your User Experience Design Practice Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement an experience design practice, review Info-Tech’s methodology, and understand the four dimensions we recommend using to mature your practice.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build the foundation

    Motivate your team with a common vision, mission, and goals.

    • Design Roadmap Workbook
    • User Experience Practice Roadmap

    2. Review the design dimensions

    Examine your practice – from the perspectives of organizational alignment, business outcomes, design perspective, and design integration – to determine what it takes to improve your maturity.

    3. Build your roadmap and communications

    Bring it all together – determine your team structure, the roadmap for the practice maturity, and communication plan.

    [infographic]

    Workshop: Implement and Mature Your User Experience Design Practice

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Answer “So What?”

    The Purpose

    Make the case for UX. Bring the team together with a common mission, vision, and goals.

    Key Benefits Achieved

    Mission, vision, and goals for design

    Activities

    1.1 Define design practice goals.

    1.2 Generate the vision statement.

    1.3 Develop the mission statement.

    Outputs

    Design vision statement

    Design mission statement

    Design goals

    2 Examine Design Dimensions

    The Purpose

    Review the dimensions that help organizations to mature, and assess what next steps make sense for your organization.

    Key Benefits Achieved

    Develop initiatives that are right-sized for your organization.

    Activities

    2.1 Examine organizational alignment.

    2.2 Establish priorities for initiatives.

    2.3 Identify business value sources.

    2.4 Identify design perspective.

    2.5 Brainstorm design integration.

    2.6 Complete UCD-Canvas.

    Outputs

    Documented initiatives for design maturity

    Design canvas framework

    3 Create Structure and Initiatives

    The Purpose

    Make your design practice structure right for you.

    Key Benefits Achieved

    Examine patterns and roles for your organization.

    Activities

    3.1 Structure your design practice.

    Outputs

    Design practice structure with patterns

    4 Roadmap and Communications

    The Purpose

    Define the communications objectives and audience for your roadmap.

    Develop your communication plan.

    Sponsor check-in.

    Key Benefits Achieved

    Complete in-progress deliverables from previous four days.

    Set up review time for workshop deliverables and to discuss next steps.

    Activities

    4.1 Define the communications objectives and audience for your roadmap.

    4.2 Develop your communication plan.

    Outputs

    Communication Plan and Roadmap

    How to build a Service Desk Chatbot POC

    • Buy Link or Shortcode: {j2store}16|cart{/j2store}
    • Related Products: {j2store}16|crosssells{/j2store}
    • member rating overall impact (scale of 10): 9.7/10
    • member rating average dollars saved: 11,197
    • member rating average days saved: 8
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk

    The challenge

    Build a chatbot that creates value for your business

     

    • Ensure your chatbot meets your business needs.
    • Bring scalability to your customer service delivery in a cost-effective manner.
    • Measure your chatbot objectives with clear metrics.
    • Pre-determine your ticket categories to use during the proof of concept.

    Our advice

    Insight

    • Build your chatbot to create business value. Whether increasing service or resource efficiency, keep value creation in mind when making decisions with your proof of concept.

    Impact and results 

    • When implemented effectively, chatbots can help save costs, generate new revenue, and ultimately increase customer satisfaction for external and internal-facing customers.

    The roadmap

    Read our concise Executive Brief to find out why you building a chatbot proof of concept is a good idea, review our methodology, and understand the four ways we can support you to successfully complete this project. Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Start here

    Form your chatbot strategy.

    Build the right metrics to measure the success of your chatbot POC

    • Chatbot ROI Calculator (xls)
    • Chatbot POC Metrics Tool (xls)

    Build the foundation for your chatbot.

    Architect the chatbot to maximize business value

    • Chatbot Conversation Tree Library

    Continue to improve your chatbot.

    Now take your chatbot proof of concept to production

    • Chatbot POC RACI (doc)
    • Chatbot POC Implementation Roadmap (xls)
    • Chatbot POC Communication Plan (doc)Chatbot ROI Calculator (xls)

    Design an Enterprise Architecture Strategy

    • Buy Link or Shortcode: {j2store}580|cart{/j2store}
    • member rating overall impact (scale of 10): 9.4/10 Overall Impact
    • member rating average dollars saved: $63,181 Average $ Saved
    • member rating average days saved: 30 Average Days Saved
    • Parent Category Name: Strategy & Operating Model
    • Parent Category Link: /strategy-and-operating-model
    • The enterprise architecture (EA) team is constantly challenged to articulate the value of its function.
    • The CIO has asked the EA team to help articulate the business value the team brings.
    • Traceability from the business goals and vision to the EA contributions often does not exist.
    • Also, clients often struggle with complexity, priorities, and agile execution.

    Our Advice

    Critical Insight

    • EA can deliver many benefits to an organization. However, to increase the likelihood of success, the EA group needs to deliver value to the business and cannot be seen solely as IT.
    • Support from the organization is needed.
    • An EA strategy anchored in a value proposition will ensure that EA focuses on driving the most critical outcomes in support of the organization’s enterprise strategy.
    • As agility is not just for project execution, architects need to understand ways to deliver their guidance to influence project execution in real time, to enable the enterprise agility, and to enhance their responsiveness to changing conditions.

    Impact and Result

    • Create an EA value proposition based on enterprise needs that clearly articulates the expected contributions of the EA function.
    • Establish the EA fundamentals (vision and mission statement, goals and objectives, and principles) needed to position the EA function to deliver the promised value proposition.
    • Identify the services that EA has to provide to the organization to deliver on the promised value proposition.

    Design an Enterprise Architecture Strategy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Design an Enterprise Architecture Strategy Deck – A guide to help you define services that your EA function will provide to the organization.

    Establish an effective EA function that will realize value for the organization with an EA strategy.

    • Design an Enterprise Architecture Strategy – Phases 1-4

    2. EA Function Strategy Template – A communication tool to secure the approval of the EA strategy from organizational stakeholders.

    Use this template to document the outputs of the EA strategy and to communicate the EA strategy for approval by stakeholders.

    • EA Function Strategy Template

    3. Stakeholder Power Map Template – A template to help visualize the importance of various stakeholders and their concerns.

    Identify and prioritize the stakeholders that are important to your IT strategy development effort.

    • Stakeholder Power Map Template

    4. PESTLE Analysis Template – A template to help you complete and document a PESTLE analysis.

    Use this template to analyze the effect of external factors on IT.

    • PESTLE Analysis Template

    5. EA Value Proposition Template – A template to communicate the value EA can provide to the organization.

    Use this template to create an EA value proposition that explicitly communicates to stakeholders how an EA function can contribute to addressing their needs.

    • EA Value Proposition Template

    6. EA Goals and Objectives Template – A template to identify the EA goals that support the identified promises of value from the EA value proposition.

    Use this template to help set goals for your EA function based on the EA value proposition and identify objectives to measure the progression towards those EA goals.

    • EA Goals and Objectives Template

    7. EA Principles Template – A template to identify the universal EA principles relevant to your organization.

    Use this template to define relevant universal EA principles and create new EA principles to guide and inform IT investment decisions.

    • EA Principles Template – EA Strategy

    8. EA Service Planning Tool – A template to identify the EA services your organization will provide to deliver on the EA value proposition.

    Use this template to identify the EA services relevant to your organization and then define how those services will be accessed.

    • EA Service Planning Tool
    [infographic]

    Workshop: Design an Enterprise Architecture Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Map the EA Contributions to Business Goals

    The Purpose

    Show an example of traceability.

    Key Benefits Achieved

    Members have a real-world example of traceability between business goals and EA contributions.

    Activities

    1.1 Start from the business goals of the organization.

    1.2 Document business and IT drivers.

    1.3 Identify EA contributions that help achieve the business goals.

    Outputs

    Business goals documented.

    Business and IT drivers documented.

    Identified EA contributions and traced them to business goals.

    2 Determine the Role of the Architect in the Agile Ceremonies of the Organization

    The Purpose

    Create an understanding about role of architect in Agile ceremonies.

    Key Benefits Achieved

    Understanding of the role of the EA architect in Agile ceremonies.

    Activities

    2.1 Document the Agile ceremony used in the organization (based on SAFe or other Agile approaches).

    2.2 Determine which ceremonies the system architect will participate in.

    2.3 Determine which ceremonies the solution architect will participate in.

    2.4 Determine which ceremonies the enterprise architect will participate in.

    2.5 Determine architect syncs, etc.

    Outputs

    Documented the Agile ceremonial used in the organization (based on SAFe or other Agile approaches).

    Determined which ceremonies the system architect will participate in.

    Determined which ceremonies the solution architect will participate in.

    Determined which ceremonies the enterprise architect will participate in.

    Determined architect syncs, etc.

    Further reading

    Design an Enterprise Architecture Strategy

    Develop a strategy that fits the organization’s maturity and remains adaptable to unforeseen future changes.

    EXECUTIVE BRIEF

    Build a right-size enterprise architecture strategy

    Enterprise Architecture Strategy

    Business & IT Strategy
    • Organizational Goals and Objectives
    • Business Drivers
    • Environment and Industry Trends
    • EA Capabilities and Services
    • Business Architecture
    • Data Architecture
    • Application Architecture
    • Integration Architecture
    • Innovation
    • Roles and Organizational Structure
    • Security Architecture
    • Technology Architecture
    • Integration Architecture
    • Insight and Knowledge
    • EA Operating Model
    Unlock the Value of Architecture
    • Increased Business and IT Alignment
    • Robust, Flexible, Scalable, Interoperable, Extensible and Reliable Solutions
    • Timely/Agile Service Delivery and Operations
    • Cost-Effective Solutions
    • Appropriate Risk Management to Address the Risk Appetite
    • Increased Competitive Advantage
    Current Environment
    • Business and IT Challenges
    • Opportunities
    • Enterprise Architecture Maturity

    Enterprise Architecture – Thought Model

    A thought model built around 'Enterprise Architecture', represented by a diagram on a cross-section of a ship which will be explained in the next slide. It begins with an arrow that says 'Organizational goals are the driving force and the ultimate goal' pointing to a bubble titled 'Organization' containing 'Analysis', 'Decisions', 'Actions'. An blue arrow on the right side with one '$' is labelled 'Iterations' and connects 'Organization' to 'Enterprise Architecture', 'Enterprise architecture creates new business value'. A green arrow on the left side with five '$' is labelled 'Goals' and connects back to 'Organization'. A the bottom, a bubble titled 'External forces, pressures, trends, data, etc.' has a blue arrow on the right side with one '$' connecting back to 'Enterprise Architecture'. Another blue arrow representing an output is labelled 'Outcomes' and originates from 'Enterprise Architecture'.

    Enterprise Architecture Capabilities

    A diagram on a cross-section of a ship representing 'Enterprise Architecture', including a row of process arrows beneath the ship pointing forward all labelled 'Agile iteration' and one airborne arrow above the stern pointing forward labelled 'Business Strategy'. Overlaid on the ship, starting at the back, are 'EA Strategy', 'EA Operating Model', 'Enterprise Principles, Methods, etc.', 'Foundational enterprise decisions: Business, Data/Apps, Technology, Integration, Security', 'Enterprise Reference Architecture', 'Goals, Value Chain, Capability, Business Processes', 'Enterprise Governance (e.g., Standard Mgmt.)', 'Domain Arch', 'Data & App Architecture', 'Security Architecture', 'Infrastructure: Cloud, Hybrid, etc.', at the very front is 'Implementation', and running along the bottom from back to front is 'Operations, Monitoring, and Continuous Improvement'.

    Analyst Perspective

    Enterprise architecture (EA) needs to be right-sized for the needs of the organization.

    Photo of Milena Litoiu, Principal/Senior Director, Enterprise Architecture, Info-Tech Research Group

    Enterprise architecture is NOT a one-size-fits-all endeavor. It needs to be right-sized to the needs of the organization.

    Enterprise architects are boots on the ground and part of the solution; in addition, they need to have a good understanding of the corporate strategy, vision, and goals and have a vested interest on the optimization of the outcomes for the enterprise. They also need to anticipate the moves ahead, to be able to determine future trends and how they will impact the enterprise.

    Milena Litoiu
    Principal/Senior Director, Enterprise Architecture
    Info-Tech Research Group

    Analyst Perspective

    EA provides business options based on a deep understanding of the organization.

    “Enterprise architects need to think about and consider different areas of expertise when formulating potential business options. By understanding the context, the puzzle pieces can combine to create a positive business outcome that aligns with the organization’s strategies. Sometimes there will be missing pieces; leveraging what you know to create an outline of the pieces and collaborating with others can provide a general direction.”

    Jean Bujold
    Senior Workshop Delivery Director
    Info-Tech Research Group

    “The role of enterprise architecture is to eliminate misalignment between the business and IT and create value for the organization.”

    Reddy Doddipalli
    Senior Workshop Director, Research
    Info-Tech Research Group

    “Every transformation journey is an opportunity to learn: ‘Tell me and I forget. Teach me and I remember. Involve me and I learn.’ Benjamin Franklin.”

    Graham Smith
    Senior Lead Enterprise Architect and Independent Consultant

    Develop an enterprise architecture strategy that:

    • Helps the organization make decisions that are hard to change in a complex environment.
    • Fits the current organization’s maturity and remains flexible and adaptable to unforeseen future changes.

    Executive Summary

    Your Challenge

    We need to make decisions today for an unknown future. Decisions are influenced by:

    • Changes in the environment you operate in.
    • Complexity of both the business and IT landscapes.
    • IT’s difficulty in keeping up with business demands and remaining agile.
    • Program/project delivery pressure and long-term planning needs.
    • Other internal and external factors affecting your enterprise.

    Common Obstacles

    Decisions are often made:

    • Without a clear understanding of the business goals.
    • Without a holistic understanding; sometimes in conflict with one another.
    • That hinder the continuity of the organization.
    • That prevent value optimization at the enterprise level.

    The more complex an organization, the more players involved, the more difficult it is to overcome these obstacles.

    Info-Tech’s Approach

    • Is a holistic, top-down approach, from the business goals all the way to implementation.
    • Has EA act as the canary in the coal mine. EA will identify and mitigate risks in the organization.
    • Enables EA to provide an essential service rather than be an isolated kingdom or an ivory tower.
    • Acknowledges that EA is a balancing act among competing demands.
    • Makes decisions using guiding principles and guardrails, to create a flexible architecture that can evolve and expand, enabling enterprise agility.

    Info-Tech Insight

    There is no “right architecture” for organizations of all sizes, maturities, and cultural contexts. The value of enterprise architecture can only be measured against the business goals of a single organization. Enterprise architecture needs to be right-sized for your organization.

    Info-Tech insight summary on arch. agility

    Continuous innovation is of paramount importance in achieving and maintaining competitive advantage in the marketplace.

    Business engagement

    It is important to trace architectural decisions to business goals. As business goals evolve, architecture should evolve as well.

    As new business input is provided during Agile cycles, architecture is continuously evolving.

    EA fundamentals

    EA fundamentals will shape how enterprise architects think and act, how they engage with the organization, what decisions they make, etc.

    Start small and lean and evolve as needed.

    Continuously align strategy with delivery and operations.

    Architects should establish themselves as business partners as well as implementation/delivery leaders.

    Enterprise services

    Definitions of enterprise services should start from the business goals of the organization and the capabilities IT needs to perform for the organization to survive in the marketplace.

    Continuous delivery and continuous innovation are the two facets of architecture.

    Tactical insight

    Your current maturity should be reflected as a baseline in the strategy.

    Tactical insight

    Take Agile/opportunistic steps toward your strategic North star.

    Tactical insight

    EA services differ based on goals, maturity, and the Agile appetite of the enterprise.

    From the best industry experts

    “The trick to getting value from enterprise architecture is to commit to the long haul.”

    Jeanne W. Ross, MIT CISR
    Co-author of Enterprise Architecture as Strategy: Creating a Foundation for Business Execution,
    Harvard Business Press, 2006.

    Typical EA maturity stages

    A line chart that moves through multiple stages titled 'Enterprise Architecture Maturity Stages (MIT CISR)' The five stages of the chart, starting on the left, are 'Business Silos', 'Standardized Technology', 'Optimized Core', 'Business Componentization', and 'Digital Ecosystem'. 'The trick to getting value from enterprise architecture is to commit to the long haul.' The line begins at the bottom left of the chart and gradually creates a stretched S shape to the top right. Points along the line, respective to the aforementioned stages, are 'Locally Optimal Business Solutions', 'Technology Infrastructure Platform', 'Digitized Process Platform', 'Repository of Reusable Business Components', 'Components Connecting with Partners' Components', and at the end of the line, outside of the chart is 'Strategic Business Value from Technology'. Percentages along the bottom, respective to the aforementioned stages, read 20%, 36%, 45%, 7%, 2%. Percentages are rough approximations based on findings reported in Mocker, M., Ross, J.W., Beath, C.M., 'How Companies Use Digital Technologies to Enhance Customer Offerings--Summary of Survey Findings,' MIT CISR Working Paper No. 434, Feb. 2019. Copyright MIT, 2019.

    Enterprise Architecture maturity

    A maturity ladder visualization for 'Enterprise Architecture' with five color-coded levels. From the bottom up, the colors and designations are Red: 'Unstable', Orange: 'Firefighter', Yellow: 'Trusted Operator', Blue: 'Business Partner', and Green: 'Innovator'. Beside the visualization at the bottom it says 'EA is here', then an arrow in the direction of the top where it says 'EA needs to be here'.
    • Innovator – Transforms the Business
      Reliable Technology Innovation
    • Business Partner – Expands the Business
      Effective Use of Enterprise Architecture in all Business Projects, Enterprise Architecture Is Strategically Engaged
    • Trusted Operator – Optimizes the Business
      Enterprise Architecture Provides Business, Data, Application & Technology Architectures for All IT Projects
    • Firefighter – Supports the Business
      Reliable Architecture for Some Practices/Projects
    • Unstable – Struggles to Support
      Inability to Provide Reliable Architectures

    Info-Tech Insight

    There is no “absolute maturity” for organizations of all sizes, maturities, and cultural contexts. The maturity of enterprise architecture can only be measured against the business goals of the organization.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com1-888-670-8889

    Session 1 Session 2 Session 3 Session 4 Session 5
    Activities
    Identify organizational needs and landscape

    1.0 Interview stakeholders to identify business and technology needs

    1.1 Review organization perspective, including business needs, challenges, and strategic directions

    1.2 Conduct PESTLE analysis to identify business and technology trends

    1.3 Conduct SWOT analysis to identify business and technology internal perspective

    Create the EA value proposition

    2.1 Identify and prioritize EA stakeholders

    2.2 Create business and technology drivers from needs

    2.3 Define the EA value proposition

    2.4 Identify EA maturity and target

    Define the EA fundamentals

    3.1 Define the EA goals and objectives

    3.2 Determine EA scope

    3.3 Create a set of EA principles

    3.4. Define the need of a methodology/agility

    3.5 Create the EA vision and mission statement

    Identify the EA framework and communicate the EA strategy

    4.1 Define initial EA operating model and governance mechanism

    4.2 Define the activities and services the EA function will provide, derived from business goals

    4.3 Determine effectiveness measures

    4.4 Create EA roadmap and next steps

    4.5 Build communication plan for stakeholders

    Next Steps and Wrap-Up (offsite)

    5.1 Generate workshop report

    5.2 Set up review time for workshop report and to discuss next steps

    Outcomes
    1. Stakeholder insights
    2. Organizational needs, challenges, and direction summary
    3. PESTLE & SWOT analysis
    1. Stakeholder power map
    2. List of business and technology drivers with associated pains
    3. Set of EA contributions articulating the promises of value in the EA value proposition
    4. EA maturity assessment
    1. EA scope
    2. List of EA principles
    3. EA vision statement
    4. EA mission statement
    5. Statement about role of enterprise architect relative to agility
    1. EA capabilities mapped to business goals of the organization
    2. List of EA activities and services the EA function is committed to providing
    3. KPI definitions
    4. EA roadmap
    5. EA communication plan
    1. Completed workshop report on EA strategy with roadmap, recommendations, and outcomes from workshop

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 8 to 12 calls over the course of 4 to 6 months.

    While variations depend on the maturity of the organization as well as its aspirations, these are some typical steps:

      Phase 1

    • Call #1: Explore the role of EA in your organization.
    • Phase 2

    • Call #2: Identify and prioritize stakeholders.
    • Call #3: Use a PESTLE analysis to identify business and technology needs.
    • Call #4: Prepare for stakeholder interviews.
    • Call #5: Discuss your EA value proposition.
    • Phase 3

    • Call #5: Understand the importance of EA fundamentals.
    • Call #6: Define the relevant EA services and their contributions to the organization.
    • Call #7: Measure EA effectiveness.
    • Phase 4

    • Call #8: Build your EA roadmap and communication plan.
    • Call #9: Discuss the EA role relative to agility.
    • Call #10: Summarize results and plan next steps.

    Design an Enterprise Architecture Strategy

    Phase 1

    Explore the Role of Enterprise Architecture

    Phase 1

    • 1.1 Explore a general EA strategy approach
    • 1.2 Introduce Agile EA architecture

    Phase 2

    • 2.1 Define the business and technology drivers
    • 2.2 Define your value proposition

    Phase 3

    • 3.1 Realize the importance of EA fundamentals
    • 3.2 Finalize the EA fundamentals

    Phase 4

    • 4.1 Select relevant EA services
    • 4.2 Finalize the set of services and secure approval

    This phase will walk you through the following activities:

    Define the role of the group and different roles inside the enterprise architecture competency.

    This phase involves the following participants:

    • CIO
    • IT Leaders
    • Business Leaders

    Enterprise architecture optimizes the outcomes of the entire organization

    Corporate Strategy –› Enterprise Architecture Strategy

    Info-Tech Insight

    Enterprise architecture needs to have input from the corporate strategy of the organization. Similarly, EA governance needs to be informed by corporate governance. If this is not the case, it is like planning and governing with your eyes closed.

    Existing EA functions vary in the value they achieve due to their level of maturity

    EA Functions
    Operationalized
    • EA function is operationalized and operates as an effective core function.
    • Effectively aligns the business and IT through governance, communication, and engagement.
    –––› Common EA value
    Decreased cost Reduced risk
    Emerging
    • Emerging but limited ad hoc EA function.
    • Limited by lack of alignment to the business and IT.
    –x–› Cut through complexity Increased agility
    (Source: Booz & Co., 2009)

    Benefits of enterprise architecture

    1. Focuses on business outcomes (business centricity)
    2. Provides traceability of architectural decisions to/from business goals
    3. Provides ways to measure results
    4. Provides consistency across different lines of business: establishes a common vocabulary, reducing inconsistencies
    5. Reduces duplications, creating additional efficiencies at the enterprise level
    6. Presents an actionable migration to the strategy/vision, through short-term milestones/steps

    Benefits of enterprise architecture continued

    1. Done right, increases agility
    2. Done right, reduces costs
    3. Done right, mitigates risks
    4. Done right, stimulates innovation
    5. Done right, helps achieve the stated business goals (e.g. customer satisfaction) and improves the enterprise agility.
    6. Done right, enhances competitive advantage of the enterprise

    Qualities of a well-established and practical enterprise architecture

    1. Objective
    2. Impartial
    3. Credible
    4. Practical
    5. Measurable
    6. (Source: University of Toronto, 2021)

    Role of the enterprise architecture

    • Primarily to set up guardrails for the enterprise, so Agile teams work independently in a safe, ready-to-integrate environment
    • Establish strategy
    • Establish priorities
    • Continuously innovate
    • Establish enterprise standards and enterprise guardrails to guide Solution/Domain/Portfolio Architectures
    • Align with and be informed by the organization’s direction

    Members of the Architecture Board:

    • Chief (Business) Strategist
    • Lead Enterprise Architect
    • Business SME from each major domain
    • IT SME from each major domain
    • Operational & Infrastructure SME
    • Security & Risk Officer
    • Process Management
    • Other relevant stakeholders

    For enterprise architecture to contribute, EA must address the organizational vision and goals

    External Factors –› Layers of a Business Model
    (Organization)
    –› Architecture Supported Transformation
    Industry Changes Business Strategy
    Competition Value Streams
    (Business Outcomes)
    Regulatory Impacts Business Capability Maps
    • Security
    Workforce Impacts Execution
    • Policies
    • Processes
    • People
    • Information
    • Applications
    • Technology

    Info-Tech Insight

    External forces can affect the organization as a whole; they need to be included as part of the holistic approach for enterprise architecture.

    How does EA provide value?

    Business and Technology Drivers – A set of statements created from business and technology needs. Gathered from information sources, it communicates improvements needed.

    • Vision, Aspirations, Long-Term Goals – Vision, aspirations, long term goals

      • EA Contributions – EA contributions that will alleviate obstructions. Removing the obstructions will allow EA to help satisfy business and technology needs.

        • Promise of Value – A statement that depicts a concrete benefit that the EA practice can provide for the organization in response to business and technology drivers.

    Info-Tech Insight

    Enterprise architecture needs to create and be part of a culture where decisions are made through collaboration while focusing on enterprise-wide efficiencies (e.g. reduced duplication, reusability, enterprise-wide cost minimization, overall security, comprehensive risk mitigation, and any other cross-cutting concerns) to optimize corporate business goals.

    The EA function scope is influenced by the EA value proposition and previously developed EA fundamentals

    Establish the EA function scope by using the EA value proposition and EA fundamentals that have already been developed. After defining the EA function scope, refer back to these statements to ensure it accurately reflects the EA value proposition and EA fundamentals.

    EA value proposition

    +

    EA vision statement
    EA mission statement
    EA goals and objectives

    —›
    Influences

    Organizational coverage

    Architectural domains

    Depth

    Time horizon

    —›
    Defines
    EA function scope

    EA team characteristics

    Create the optimal EA strategy by including personnel who understand a broad set of topics in the organization

    The team assembled to create the EA strategy will be defined as the “EA strategy creation team” in this blueprint.

    • Someone who has been in the organization for a long time and has built strong relationships with key stakeholders. This individual can exert influence and become the EA strategy sponsor.
    • An individual who understands how the different technology components in the organization support its business operations.
    • Someone in the organization who can communicate IT concepts to business managers in a language the business understands.
    • An individual with a strategy background or perspective on the organization. This individual will understand where the organization is headed.
    • Any individuals who feel an acute pain as a result of poorly made investment decisions. They can be champions of EA strategy in their respective functions.

    EA skills and competencies

    Apart from business know-how, the EA team should have the following skills

    • Architectural thinking
    • Analytical
    • Trusted, credible
    • Can handle complexity
    • Can change perspectives
    • Can learn fast (business and technology)
    • Independent and steadfast
    • Not afraid to go against the stream
    • Able to understand problems of others with empathy
    • Able to estimate scaling on design decisions such as model patterns
    • Intrinsic capability to identify where relevant details are
    • Able to identify root causes quickly
    • Able to communicate complex issues clearly
    • Able to negotiate and come up with acceptable solutions
    • Can model well
    • Able to change perspectives (from business to implementation and operational perspectives).

    Use of enterprise architecture methodologies

    Balance EA methodologies with Agile approaches

    Using an enterprise architecture methodology is a good starting point to achieving a common understanding of what that is. Often, organizations agree to "tailor" methodologies to their needs.

    The use of lean/Agile approaches will increase efficiency beyond traditional methodologies.

    Use of EA methodologies vs. Agile methods

    When to use what?

    • Use an existing methodology to structure your thinking and establish a common vocabulary to communicate basic concepts, processes, and approaches.
    • Customize the methodology to your needs; make it as lean as possible.
    • Execute in an Agile way, but keep in mind the thoughtful checks recommended by your end-to-end methodology.
    • Clarify goals.
    • Have good measures and metrics in place.
    • Continuously monitor progress, fit for purpose, etc.
    • Highlight risks, roadblocks, etc.
    • Get support.
    • Communicate vision, goals, key decisions, etc.
    • Iterate.

    Business strategy first, EA strategy second, and EA operating model third

    Corporate Strategy
    “Why does our enterprise exist in the market?”
    EA Strategy
    “What does EA need to be and do to support the enterprise’s ability to meet its goals? What is EA’s value proposition?”
    Business & IT Operating Culture
    “How does the organization’s culture and structure influence the EA operating model?”
    EA Operating Model
    How does EA need to operate on a daily basis to deliver the value proposition?”

    High-level perspective

    Creating an effective practice involves many moving parts.

    A visual of the many moving parts in an effective practice; there are 6 smaller circles in a large circle, an input arrow labelled 'Environment', an output arrow labelled 'Results', and a thin arrow connecting 'Results' back to 'Environment'. Of the circles, 'Leadership' is in the center, connected to each of the others, while 'Culture', 'Strategy', 'Core Processes', 'Structure', and 'Systems' create a cycle. (Source: The Center for Organizational Design)

    • Environment. Influences that are external to the organization, such as customer perceptions, changing needs, and changes in technology, and the organization’s ability to adjust to them.
    • Strategy. The business strategy defines how the organization adds value and acts as the rudder to direct the organization. Organizational strategy defines the character of the organization, what it wants to be, its values, its vision, its mission, etc.
    • Core Process. The flow of work through the organization.
    • Structure. How people are organized around business processes. Includes reporting structures, boundaries, roles, and responsibilities. The structure should assist the organization with achieving its goals rather than hinder its performance.
    • Systems. Interrelated sets of tasks or activities that help organize and coordinate work.
    • Culture. The personality of the organization: its leadership style, attitudes, habits, and management practices. Culture measures how well philosophy is translated into practice.
    • Results. Measurement of how well the organization achieved its goals.
    • Leadership. Brings the organization together by providing vision and strategy; designing, monitoring, and nurturing the culture; and fostering agility.

    The answer to the strategic planning entity dilemma is enterprise architecture

    Enterprise architecture is a discipline that defines the structure and operation of an organization. The intent of enterprise architecture is to determine how an organization can most effectively achieve its current and future objectives.

    Vision, goals, and aspirations as well internal and external pressures

    Business current state

    • Existing capability
    • Existing capability
    • Existing capability
    • Existing capability
    • Existing capability
    Enterprise Architecture

    IT current state

    • IT asset management
    • Database services
    • Application development

    Business target state

    • Existing capability
    • Existing capability
    • Existing capability
    • Existing capability
    • Existing capability
    • New capability

    IT target state

    • IT asset management
    • Database services
    • Application development
    • Business analytics
    Complex, overlapping, contradictory world of humans vs. logical binary world of IT
    EA is a planning tool to help achieve the corporate business goals

    EA spans across all the domains of architecture

    Business architecture is the cornerstone that sets the foundation for all other architectural domains: security, data, application, and technology.

    A flow-like diagram titled 'Enterprise Architecture' beginning with 'Digital Architecture' and 'Business Architecture', which feeds into 'Security Architecture', which feeds into both 'Data Architecture' and 'Application Architecture', which both feed into 'Technology Architecture: Infrastructure'.

    “An enterprise architecture practice is both difficult and costly to set up. It is normally built around a process of peer review and involves the time and talent of the strategic technical leadership of an enterprise.” (The Open Group Architecture Framework, 2018)

    Enterprise architecture deployment continuum

    A diagram visualizing the Enterprise architecture deployment continuum with two continuums, 'Level of Embedding' and 'EA Value', assigning terms to EA deployments based on where they fall. On the left is an 'Ivory Tower' configuration: EA' is separated from the 'BU's but is still controlling them. Level of Embedding: 'Centralized', EA Value: 'Dictatorship'. In the center is a 'Balanced' configuration: 'EA' is spread across and connected to each 'BU'. Level of Embedding: 'Federated', EA Value: 'Democracy'. On the right is a 'Siloed' configuration: Each 'BU' has its own separate 'EA'. Level of Embedding: 'Decentralized', EA Value: 'Abdication of enterprise role'.

    Info-Tech Insight

    The primary question during the design of the EA operating model is how to integrate the EA function with the rest of the business.

    If the EA practice functions on its own, you end up with ivory tower syndrome and a dictatorship.

    If you totally embed the EA function within business units it will become siloed with no enterprise value.

    Organizations need to balance consistency at the enterprise level with creativity from the grass roots.

    Enterprise vs. Program/Portfolio/Domain

    Enterprise vs. Program/Portfolio/Domain. Image depicts where Enterprise Scope overlaps Program/Portfolio Scope. Enterprise Scope includes Business Architecture. Program/Portfolio Scope includes Business Requirements, Business Process, and Solutions Architecture. Overlap between scope includes Technology Architecture, Data Architecture, and Applications Architecture.

    Info-Tech Insight

    Decisions at the enterprise level apply across multiple programs/portfolios/solutions and represent the guardrails set for all to play within.

    Decide on the degree of centralization

    Larger organizations with multiple domains/divisions or business units will need to decide which architecture functions will be centralized and which, if any, will be decentralized as they plan to scope their EA program. What are the core functions to be centralized for the EA to deliver the greatest benefits?

    Typically, we see a need to have a centralized repository of reusable assets and standards across the organization, while other approaches/standards can operate locally.

    Centralization

    • Allows for more strategic planning
    • Visibility into standards and assets across the organization promotes rationalization and cost savings
    • Ensures enterprise-wide assets are used
    • More strategic sourcing of vendors and resellers
    • Can centrally negotiate pricing for better deals
    • Easier to manage risk and prepare for audits
    • Greater coordination of resources
    • Derives benefits from enterprise decisions, e.g. integration…

    Decentralization

    • May allow for more innovation
    • May be easier to demonstrate local compliance if the organization is geographically decentralized
    • May be easier to procure software if offices are in different countries
    • Deployment and installation of software on user devices may be easier

    EA strategy

    What is the role of enterprise architecture vis-à-vis business goals?

    • What needs to be done?
    • Who needs to be involved?
    • When?
    • Where?
    • Why?
    • How?

    Top-down approach starting from the goals of the organization

      What the Business Sees...
    • Business Goals
      • Value Streams
          What the CxO Sees...
        • Capabilities
            What the App Managers See...
          • Processes
            • Applications
                What the Program Managers See...
              • Programs/Projects

    Info-Tech Insight

    Being able to answer the deceptively simple question “How am I doing?” requires traceability to and from the business goals to be achieved all the way to applications, to infrastructure, and ultimately, to the funded initiatives (portfolios, programs, projects, etc.).

    Measure EA strategy effectiveness by tracking the benefits it provides to the corporate business goals

    The success of the EA function spans across three main dimensions:

    1. The delivery of EA-enabled business outcomes that are most important to the enterprise.
    2. The alignment between the business and the technology from a planning perspective.
    3. Improvements in the corporate business goals due to EA contributions (standardization, rationalization, reuse, etc.).

    Corporate Business Goals

    • Reduction in operating costs
    • Decreased regulatory compliance infractions
    • Increased revenue from existing channels
    • Increased revenue from new channels
    • Faster time to business value
    • Improved business agility
    • Reduction in enterprise risk exposure

    EA Contributions

    • Alignment of IT investments to business strategy
    • Achievement of business results directly linked to IT involvement
    • Application and platform rationalization
    • Standards in place
    • Flexible architecture
    • Better integration
    • Higher organizational satisfaction with technology-enabled services and solutions

    Measurements

    • Cost reductions based on application and platform rationalization
    • Time and cost reductions due to standardization
    • Time reduction for integration
    • Service reused
    • Stakeholder satisfaction with EA services
    • Increase in customer satisfaction
    • Rework minimized
    • Lower cost of integration
    • Risk reduction
    • Faster time to market
    • Better scalability, etc.

    Info-Tech Insight

    Organizations must create clear and smart KPIs (key performance indicators) across the board.

    From corporate strategy to enterprise architecture

    A model connecting 'Enterprise Architecture' with 'Corporate Strategy' through 'EA Services' and 'EA Strategy'.

    Info-Tech Insight

    In the absence of a corporate strategy, enterprise architecture is missing its North Star.

    However, enterprise architects can partner with the business strategists to build the needed vision.

    Traceability to and from business corporate business goals to EA contributions (sample)

    A model connecting 'Enterprise Architecture' with 'Corporate Goals' through 'EA Contributions'.

    Enterprise architecture journey

    The enterprise architecture journey, from left to right: 'Business Goals' and 'EA Maturity Assessment', 'EA Strategy', 'Industry-Specific Capability Model' and 'Customized to the Organization's Needs', 'EA Operating Model' and 'EA Governance', 'Business Architecture' and 'EA Tooling', 'Data Architecture' and 'Application Architecture', 'Infrastructure Architecture'.

    Agile architecture principles

    Agile architecture principles:
    • Fast learning cycle
    • Explore alternatives
    • Create environment for decentralized ideation and innovation

    According to the Scaled Agile Framework, three of the most applicable principles for the architectural professions refer to the following:

    1. "Fast learning cycle" refers to learning cycles that allow for quick reiterations as well as the opportunity to fail fast to learn fast.
    2. "Explore alternatives" refers to the exploration phase and also to the need to make tough decisions and balance competing demands.
    3. "Create environment for decentralized ideation and innovation" ensures that no one has a monopoly on innovation. Moreover, EA needs to invite ideas from various stakeholders (from the business to operations as well as implementers, etc.).

    Architecture roles in lean enterprises

    Typical architecture roles in modern/Agile lean enterprises

    • System Architect
    • Solution Architect
    • Enterprise Architect

    Depth vs. strategy focus

    Typical architect roles

    A graph with different architect roles mapped onto it. Axes are 'Low Strategic Impact' to 'High Strategic Impact' and 'Breadth' to 'Depth'. 'Enterprise Architect' has the highest strategic impact and most breadth. 'Technical/System Architect' has the lowest strategic impact and most depth. 'Solution Architect' sits in the middle of both axes.

    Architecture roles continued

    The three architect roles from above and their impacts on the list of 'Common Domains' to the right. 'Enterprise Architect's impact is 'Across Value Streams', 'Solution Architect's impact is 'Across Systems', 'Technical/System Architect's impact is 'Single System'. Adapted from Scaled Agile.

    Common Domains

    Business Architecture

    Information Architecture

    Application Architecture

    Technical Architecture

    Integration Architecture

    Security Architecture

    Others

    Info-Tech Insight

    All architects are boots on the ground and play in the solutioning space. What differs is their decisions’ impact (the enterprise architect’s decisions affects all domains and solutions).

    SAFe definitions of the Enterprise/Solution and System Architect roles can be found here.

    The role of the Enterprise Architect is detailed here.

    Collaboration models across the enterprise

    A collaboration model with 'Enterprise Architecture' at the top consisting of a 'Chief Enterprise Architect', 'Enterprise Architects', and 'EA Concerns across solutions': 'Architect A', 'Architect B', and 'Architect C'. Each lettered Architect is connected to their respective 'Solution Architect (A-C)' which runs their respective 'Delivery Team (A-C)' with 'Other Team Members'.(Adapted from Disciplined Agile)

    There are both formal and informal collaborations between enterprise architects and solution architects across the enterprise.

    Info-Tech Insight

    Enterprise architects should collaborate with solutions architects to create the best solutions at the enterprise level and to provide guidance across the board.

    Architect roles in SAFe

    According to Scale Agile Framework 5 for Lean Enterprises:

    • The system architect participates in the Essential SAFe
    • Solution architects and system architects participate in Large Solution
    • The enterprise architect participates in the Portfolio SAFe
    • Enterprise, solution, and system architects are all involved in Full SAFe

    Please check the SAFe Scaled Agile site for detailed information on the approach.

    Architect roles and their participation in Agile events (see likely events and a typical calendar)

    Info-Tech Insight

    A clear commitment for architects to achieve and support agility is needed. Architects should not be in an ivory tower; they should be hands on and engaged in all relevant Agile ceremonies, like the pre- and post-program increment (PI) planning, etc.

    Architect syncs are also required to ensure the needed collaboration.

    Architect participation in Agile ceremonies, according to SAFe:

    Architecture runway (at scale)

    Info-Tech Insight

    Architecting for scale, modularity, and extensibility is key for the architecture to adapt to changing conditions and evolve.

    Proactively address NFRs; architect for performance and security.

    Continuously refine the solution intent.

    For large solutions, longer foundational architectural runways are needed.

    Having an intentional continuous improvement/continuous development (CI/CD) pipeline to continuously release, test, and monitor is key to evolving large and complex systems.

    Parallel continuous exploration/integration/deployment

    A cycle titled DevOps containing three smaller cycles labelled 'Continuous Explorations', 'Continuous Integration', and 'Continuous Deployment'.

    Info-Tech Insight

    Architects need to help make some fundamental decisions, e.g. help define the environment that best supports continuous innovation or exploration and continuous integration, deployment, and delivery.

    Typical strategic enterprise architecture involvement

    Enterprise Architect —DRIVES–› Enterprise Architecture Strategy

    Enterprise Architecture Strategy
    • Application Strategy
    • Business Strategy
    • Data Strategy
    • Implementation Strategy
    • Infrastructure Strategy
    • Inter-domain Collaboration
    • Integration Strategy
    • Operations Strategy
    • Security Strategy
    • (Adapted from Scaled Agile)

    The EA statement relative to agility

    The enterprise architecture statement relative to agility specifies the architects’ responsibilities as well as the Agile protocols they will participate in. This statement will guide every architect’s participation in planning meetings, pre- and post-PI, various syncs, etc. Use simple and concise terminology; speak loudly and clearly.

    Strong EA statement relative to agility has the following characteristics:

    • Describes what different architect roles do to achieve the vision of the organization
    • In an agile way
    • Compelling
    • Easy to grasp
    • Sharply focused
    • Specific
    • Concise

    Sample EA statement relative to agility

    • Create strategies that provide guardrails for the organization, provide standards, reusable assets, accelerators, and other decisions at the enterprise level that support agility.
    • Participate in pre-PI and post-PI planning activities, architect syncs, etc.

    A clear statement can include additional details surrounding the enterprise architect’s role relative to agility

    Below is a sample of connecting keywords to form an enterprise architect role statement, relative to agility.

    Optimize, transform, and innovate by defining and implementing the [Company]’s target enterprise architecture in an agile way.

    Optimize – We collaborate with the business to analyze and optimize business capabilities and business processes to enable the agile and efficient attainment of [Company name] business objectives.

    Transform – We support IT-enabled business transformation programs by building and maintaining a shared vision of the future-state enterprise and consistently communicating it to stakeholders.

    Innovate – We identify and develop new and creative opportunities for IT to enable the business. We communicate the art of the possible to the business.

    Defining and implementing – We engage with project teams early and guide solution design and selection to ensure alignment to the target-state enterprise architecture and provide guidance and accelerators.

    Target enterprise structure in an agile way – We analyze business needs and priorities and assess the current state of the enterprise. We build and maintain the target enterprise architecture blueprints that define:

    • Business capabilities and processes (business architecture)
    • Data, application, and technology assets that enable business capabilities and processes (technology architecture)
    • Architecture principles
    • Standards and reusable assets
    • Continuous exploration, integration, and deployment

    Traditional vs. Agile approaches

    Traditional Enterprise Architecture Next-Generation Enterprise Architecture
    Scope: Technology focused Business transformation (scope includes both business and technology)
    Bottom up Top down
    Inside out Outside In
    Point to point; difficult to change Expandable, extensible, evolvable
    Control-based: Governance intensive; often over-centralized Guidance-based: Collaboration and partnership-driven based on accepted guardrails
    Big up-front planning Incremental/dynamic planning; frequent changes
    Functional siloes and isolated projects, programs, and portfolios Enterprise-driven outcome optimization (across value streams)

    Info-Tech Insight

    The role of the architecture in Lean (Agile) approaches is to set up the needed guardrails and ensure a safe environment where everyone can be effective and creative.

    Design an Enterprise Architecture Strategy

    Phase 2

    Create the EA Value Proposition

    Phase 1

    • 1.1 Explore a general EA strategy approach
    • 1.2 Introduce Agile EA architecture

    Phase 2

    • 2.1 Define the business and technology drivers
    • 2.2 Define your value proposition

    Phase 3

    • 3.1 Realize the importance of EA fundamentals
    • 3.2 Finalize the EA fundamentals

    Phase 4

    • 4.1 Select relevant EA services
    • 4.2 Finalize the set of services and secure approval

    This phase will walk you through the following activities:

    • Identify and prioritize EA stakeholders.
    • Create business and technology drivers from stakeholder information.
    • Identify business pains and technology drivers.
    • Define EA contributions to alleviate the pains.
    • Create promises of value to fully articulate the value proposition.

    This phase involves the following participants:

    • CIO
    • IT Leaders
    • Business Leaders

    Step 2.1

    Define the Business and Technology Drivers

    Activities
    • 2.1.1 Use a stakeholder power map to identify and prioritize EA stakeholders
    • 2.1.2 Conduct a PESTLE analysis
    • 2.1.3 Review strategic planning documents
    • 2.1.4 Conduct EA stakeholder interviews

    This step will walk you through the following activities:

    • Learn the five-step process to create an EA value proposition.
    • Uncover business and technology needs from stakeholders.

    This step involves the following participants:

    • CIO
    • IT Leaders
    • Business Leaders

    Outcomes of this step

    An understanding of your organization’s EA needs.

    Create the Value Proposition

    Step 2.1 Step 2.2

    Value proposition is an important step in the creation of the EA strategy

    Creating an EA value proposition should be the first step to realizing a healthy EA function. The EA value proposition demonstrates to organizational stakeholders the importance of EA in helping to realize their needs.

    Five steps towards the successful articulation of EA value proposition:

    1. Identify and prioritize stakeholders. The EA function must know to whom to communicate the value proposition.
    2. Construct business and technology drivers. Drivers are derived from the needs of the business and IT. Needs come from the analysis of external factors, strategic documents, and interviewing stakeholders. Helping stakeholders and the organization realize their needs demonstrates the value of EA.
    3. Discover pains that prevent driver realization. There are always challenges that obstruct drivers of the organization. Find out what they are to get closer to showing the value of EA.
    4. Brainstorm EA contributions. Pains that obstruct drivers have now been identified. To demonstrate EA’s value, think about how EA can help to alleviate those pains. Create statements that show how EA’s contribution will be able to overcome the pain to show the value of EA.
    5. Derive promises of value. Complete the articulation of value for the EA value proposition by stating how realizing the business or technology will provide in terms of value for the organization. Speak with the stakeholders to discover the value that can be achieved.

    Info-Tech Insight

    EA can deliver many benefits to an organization. To increase the likelihood of success, each EA group needs to commit to delivering value to their organization based on the current operating environment and the desired direction of the enterprise. An EA value proposition will articulate the group’s promises of value to the enterprise.

    The foundation of an optimal EA value proposition is laid by defining the right stakeholders

    All stakeholders need to know how the EA function can help them. Provide the stakeholders with an understanding of the EA strategy’s impact on the business by involving them.

    A stakeholder map can be a powerful tool to help identify and prioritize stakeholders. A stakeholder map is a visual sketch of how various stakeholders interact with your organization, with each other, and with external audience segments.

    An example stakeholder map with the 'Key players' quadrant highlighted, it includes 'CEO', 'CIO', and the modified position of 'CFO' after being engaged.

    “Stakeholder management is critical to the success of every project in every organization I have ever worked with. By engaging the right people in the right way in your project, you can make a big difference to its success…and to your career.” (Rachel Thompson, MindTools)

    2.1.1 Use a stakeholder power map to identify and prioritize EA stakeholders

    2 hours

    Input: Expertise from the EA strategy creation team

    Output: An identified and prioritized set of stakeholders for the EA function to target

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    1. A stakeholder power map helps to visualize the importance of various stakeholders and their concerns so you can prioritize your time according to the most powerful and most impacted stakeholders.
    2. Evaluate each stakeholder in terms of power, Involvement, impact, and support.
      • Power: How much influence does the stakeholder have? Enough to drive the project forward or into the ground?
      • Involvement: How interested is the stakeholder? How involved is the stakeholder in the project already?
      • Impact: To what degree will the stakeholder be impacted? Will this significantly change how they do their job?
      • Support: Is the stakeholder a supporter of the project? Neutral? A resistor?
    3. Map each stakeholder to an area on the Power Map Template.
    4. Ask yourself if the power map looks accurate. Is there someone who has no involvement in EA strategy development but should?
    5. Some stakeholders may have influence over others. For example, a COO who highly values the opinion of the Director of Operations would be influenced by that director. Draw an arrow from one stakeholder to another to signify this relationship.

    Download the Stakeholder Power Map Template for more detailed instructions on completing this activity.

    Each stakeholder will have a set of needs that will influence the final EA value proposition

    All stakeholders will have a set of needs they would like to address. Take those needs and translate them into business and technology drivers. Drivers help clearly articulate to stakeholders, and the EA function, the stakeholder needs to be addressed.

    Business Driver

    Business drivers are internal or external business conditions, changing business capabilities, and changing market trends that impact the way EA operates and provides value to the enterprise.

    Examples:

    Ensure corporate compliance with legislation pertaining to data and security (e.g. regulated oil fields).

    Enable the automation and digitization of internal processes and services to business stakeholders.

    Technology Driver

    Technology drivers are internal or external technology conditions or factors that are not within the control of the EA group that impact the way that the EA group operates and provides value to the enterprise.

    Examples:

    Establish standards and policies for enabling the organization to take advantage of cloud and mobile technologies.

    Reduce the frequency of shadow IT by lowering the propensity to make business–technology decisions in isolation.

    (Source: The Strategic CFO, 2013)

    Gather information from stakeholders to begin the process of distilling business and technology drivers

    Review information sources, then analyze them to derive business and technology drivers. Information sources are not targeted towards EA stakeholders. Analyze the information sources to create drivers that are relevant to EA stakeholders.

    Information Sources Drivers (Examples)

    PESTLE Analysis

    Strategy Documents

    Stakeholder Interviews

    SWOT Analysis

    —›

    Analysis

    —›

    Help the organization align technology investments with corporate strategy

    Ensure corporate compliance with legislation.

    Increase the organization’s speed to market.

    Business and Technology Needs

    By examining information sources, the EA team will come across a set of business and technology needs. Through analysis, these needs can be synthesized into drivers.

    The PESTLE analysis will help you uncover external factors impacting the organization

    PESTLE examines six perspectives for external factors that may impact business and technology needs. Below are prompting questions to facilitate a PESTLE analysis working session.

    Political
    • Will a change in government (at any level) affect your organization?
    • Do inter-government or trade relations affect you?
    • Are there shareholder needs or demands that must be considered?
    • How are your costs changing (moving off-shore, fluctuations in markets, etc.)?
    • Do currency fluctuations have an effect on your business?
    • Can you attract and pay for top-quality talent (e.g. desirable location, reasonable cost of living, changes to insurance requirements)?
    Economic
    Social
    • What are the demographics of your customers and/or employees?
    • What are the attitudes of your customers and/or staff (e.g. do they require social media, collaboration, transparency of costs)?
    • What is the general lifecycle of an employee (i.e. is there high turnover)?
    • Is there a market of qualified staff?
    • Is your business seasonal?
    • Do you require constant technology upgrades (e.g. faster network, new hardware)?
    • What is the appetite for innovation within your industry/business?
    • Are there demands for increasing data storage, quality, BI, etc.?
    • Are you looking to cloud technologies?
    • What is the stance on bring your own device?
    • Are you required to do a significant amount of development work in-house?
    Technological
    Legal
    • Are there changes to trade laws?
    • Are there changes to regulatory requirements (i.e. data storage policies, privacy policies)?
    • Are there union factors that must be considered?
    • Is there a push towards being environmentally friendly?
    • Does the weather have any effect on your business (hurricanes, flooding, etc.)?
    Environmental

    2.1.2 Conduct a PESTLE analysis

    2 hours

    Input: Expertise from EA strategy creation team

    Output: Identified set of business and technology needs from PESTLE

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    1. Begin conducting the PESTLE analysis by breaking the participants into groups. Divide the six different perspectives amongst the groups.
    2. Ask each group to begin to derive business and technology needs from their assigned perspectives. Use some of the areas noted below along with the questions on the previous slide to derive business and technology needs.
      • Political: Examine taxes, environmental regulations, and zoning restrictions.
      • Economic: Examine interest rates, inflation rate, exchange rates, the financial and stock markets, and the job market.
      • Social: Examine gender, race, age, income, disabilities, educational attainment, employment status, and religion.
      • Technological: Examine servers, computers, networks, software, database technologies, wireless capabilities, and availability of Software as a Service.
      • Legal: Examine trade laws, labor laws, environmental laws, and privacy laws.
      • Environmental: Examine green initiatives, ethical issues, weather patterns, and pollution.
    3. Ask each group to take into account the following questions when deriving business and technology needs:
      • Will business components require any changes to address the factor?
      • Will information technology components changes be needed to address any factor?
    4. Have each team record its findings. Have each team present its list and have remaining teams give feedback and additional suggestions. Record any changes in this step.

    Download the PESTLE Analysis Template to assist with completing this activity.

    Strategic planning documents can provide information regarding the direction of the organization

    Some organizations (and business units) create an authoritative strategy document. These documents contain corporate aspirations and outline initiatives, reorganizations, and shifts in strategy. From these documents, a set of business and technology needs can be generated.

    Overt Statements

    • Corporate objectives and initiatives are often explicitly stated in these documents. Look for statements that begin with phrases such as “Our corporate objectives are…”
    • Remember that different organizations use different terminology; if you cannot find the word goal or objective then look for “pillar,” “imperative,” “theme,” etc.

    Turn these statements to business and technology needs by:

    Asking the following:
    • Is there a need from a business perspective to address these objectives, initiatives, and shifts in strategy?
    • Is there a need from a technology perspective to address these objectives, initiatives, and shifts in strategy?

    Covert Statements

    • Some corporate objectives and initiatives will be mentioned in passing and will require clarification. For example: “As we continue to penetrate new markets, we will be diversifying our manufacturing geography to simplify distribution.”

    2.1.3 Review strategic planning documents

    2 hours

    Input: Strategic documents in the organization

    Output: Identified set of business and technology needs from documents

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Begin the identification process of business and technology needs from strategic documents with the following steps:

    1. Work with the EA strategy creation team to identify the strategic documents within the organization. Look for documents with any of the following content:
      • Corporate strategy document
      • Business unit strategy documents
      • Annual general reports
    2. Gather the strategic documents into one place and call a meeting with the EA strategy creation team to identify the business and technology needs in those documents.
    3. Pick one document and look through its contents. Look for future-looking words such as:
      • We will be…
      • We are planning to…
      • We will need…
    4. Consider those portions of the document with future-looking words and ask the following:
      • Will business components require any changes to address these objectives?
      • Will information technology components changes be needed to address these objectives?
    5. Record the business and technology needs identified in step 4. As well, record any questions you may have regarding the document contents for stakeholders to validate later.
    6. Move to the next document once complete. Complete steps 3-5 for the remaining strategy documents.

    Stakeholder interviews will help you collect primary data and will shed light on stakeholder priorities and challenges

    In this interview process, you will be asking EA stakeholders questions that uncover their business and technology needs. You will also be able to ask follow-up questions to get a better understanding of abstract or complex concepts from the strategy document review and PESTLE analysis.

    EA Stakeholders:

    • Stakeholders may not think of their business and technology needs. But stakeholders will often explicitly state their objectives and initiatives.
    • Objectives often result in risks, opportunities, and annoyances:
      • Risks: Potential damage associated with pursuing an objective or initiative.
      • Opportunities: Potential gains that could be leveraged when capturing objectives and initiatives.
      • Annoyances: Roadblocks that could hinder the pursuit of objectives and initiatives.
    • Ask stakeholders questions on these areas to discern their business and technology needs.

    Risks + Opportunities + Annoyances –› Business and Technology Needs

    2.1.4 Conduct EA stakeholder interviews

    4-8 hours

    Input: Expertise from the EA stakeholders

    Output: Business and technology needs for EA stakeholders

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team, Identified EA stakeholders

    1. Schedule an interview with each of the stakeholders that were identified as key stakeholders in the Stakeholder Power Map.
    2. Meet with the key EA stakeholders and start business and technology needs gathering. Schedule each identified key stakeholder for an interview.
    3. When a stakeholder arrives for their interview, ask the following questions and record the answers to help uncover needs. Be sure to record which stakeholder answered the question. Further, record any future stakeholders that agree.
      • What are the current strengths of your organization?
      • What are the current weaknesses of your organization?
      • What is the number 1 risk you need to prevent?
      • What is the number 1 opportunity you want to capitalize on?
      • What is the number 1 annoying pet peeve you want to remove?
      • How would you prioritize these risks, opportunities, and annoyances?
    4. Recorded answer example: “We can’t see what the other departments are doing; when we spend a lot of money to invest in something, we later find out the capability is already within the company.”
    5. After completing each interview, verify with each stakeholder that you have captured their business and technology needs. Continue the interview process until all identified key stakeholders have been interviewed.
    6. Capture all inputs into a SWOT (strengths, weaknesses, opportunities, and threats) format.

    Step 2.2

    Define Your Value Proposition

    Activities
    • 2.2.1 Create a set of business and technology drivers from business and technology needs
    • 2.2.2 Identify the pains associated with the business and technology drivers
    • 2.2.3 Identify the EA contributions that can address the pains
    • 2.2.4 Create promises of value to shape the EA value proposition

    This step will walk you through the following activities:

    • Use business and technology drivers to determine EA’s role in your organization.

    This step involves the following participants:

    • CIO
    • IT Leaders
    • Business Leaders

    Outcomes of this step

    A value proposition document that ties the value of the EA function to stakeholder needs.

    Create the EA Value Proposition

    Step 2.1 Step 2.2

    Synthesize the collected data into business and technology drivers

    Two triangles labelled 'Business needs' and 'Technology needs' point to a cloud labelled 'Analysis', which connects to the driver attributes on the right via a dotted line.

    There are several key attributes that a driver should have.

    Driver Key Attributes
    • A succinct statement.
    • Begins with “action words” to communicate a call to action (e.g. Support, Help, Enable).
    • Written in a language understood by all parties involved.
    • Communicates a need for improvement or prevention.

    “The greatest impact of enterprise architecture is the strategic impact. Put the mission and the needs of the organization first.” (Matthew Kern, Clear Government Solutions)

    2.2.1 Create a set of business and technology drivers from business and technology needs

    3 hours

    Input: Expertise from EA strategy creation team

    Output: A set of business and technology drivers

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team, EA stakeholders

    Meet with the EA strategy creation team and follow the steps below to begin the process of synthesizing the business and technology needs into drivers.

    1. Lay out the documented business and technology needs your team gathered from PESTLE analysis, strategy document reviews, and stakeholder interviews.
    2. Assess the documented business and technology needs to see if there are common themes. Consolidate those similar business and technology needs by crafting one driver for them. For example:
      • PESTLE: Influx of competitors in the marketplace causing tighter margins.
      • Document review: Improve investment quality and their value to the organization.
      • Stakeholder interview: “We can’t see what the other departments are doing; when we spend a lot of money to invest in something, we later find out the capability is already within the company.”
      • Consolidated business driver example: Help the organization align investments with the corporate strategy and departmental priorities.
    3. As well, synthesize the business and technology needs that cannot be consolidated.
    4. Verify the completed list of drivers with stakeholders. This is to ensure you have fully captured their needs.

    Download the EA Value Proposition Template to record your findings in this activity.

    When addressing business and technology drivers, an organization can expect obstacles

    A pain is an obstacle that business stakeholders will face when attempting to address business and technology drivers. Identify the pains associated with each driver so that EA’s contributions can be linked to resolving obstacles to address business needs.

    Business and Technology Drivers

    Pains

    Created by assessing information sources. A sentence that states the nature of the pain and how the pain stops the organization from addressing the drivers.
    Examples:
    • Business driver: Help the organization align investments with the corporate strategy and departmental priorities.
    • Technology driver: Improve the organization’s technology responsiveness and increase speed to market.
    Examples:
    • Business driver pains: Lack of holistic view of business capabilities obstructs the organization from aligning investments with corporate strategy and departmental priorities.
    • Technology driver pains: Ineffective application development requiring delays decreases the speed to market.

    2.2.2 Identify the pains associated with the business and technology drivers

    2 hours

    Input: Expertise from EA strategy creation team and EA stakeholders

    Output: An associated pain that obstructs each identified driver

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team, EA stakeholders

    Call a meeting with the EA strategy creation team and any available stakeholders to identify the pains that obstruct addressing the business and technology drivers.

    Take each driver and ask the questions below to the EA strategy creation team and to any EA stakeholders who are available. Record the answers to identify the pains when realizing the drivers.

    1. What are your challenges in performing the activity or process today?
    2. What other business activities/processes will be impacted/improved if we solve this?
    3. What compliance/regulatory/policy concerns do we need to consider in any solution?
    4. What are the steps in the process/activity?

    Take the recorded answers and follow the steps below to create the pain statements:

    1. Answers to the questions above can be long, unfocused, or spoken in a casual manner. To turn the answer into pains, refine the recorded answers into a succinct sentence that captures its meaning.
      • Recorded answer example: “I feel like there needs to be a holistic view of the organization. If we had a tool to see all the capabilities across the business, then we can figure out what investments should be prioritized.”
      • Example of pain statement: Lack of holistic view of business capabilities obstructs the organization from aligning investments with corporate strategy and departmental priorities.
    2. When the list of pains has been written out, verify with the stakeholders that you have fully captured their pains.

    Download the EA Value Proposition Template to record your findings in this activity.

    The identified pains can be alleviated by a set of EA contributions

    Set the foundations for the value proposition by brainstorming the EA contributions that can alleviate the pains.

    Business and technology drivers produce:

    Pains

    —›
    EA contributions produce:

    Value by alleviating pains

    Pains

    Obstructions to addressing business and technology drivers. Stakeholders will face these pains.

    Examples
    • Business driver pains: Lack of holistic view of business capabilities obstructs the organization from aligning investments with corporate strategy and departmental priorities.
    EA contributions

    Activities the EA function can perform to help alleviate the pains. Demonstrates the contributions the EA function can make to business value.

    Examples:
    • Business driver EA contributions: Business capability mapping shows the business capabilities of the organization and the technology that supports those capabilities in the current and target state. This provides a view for the set of investments that are needed by the organization, which can then be prioritized.

    Enterprise architecture functions can provide a diverse set of contributions to any organization – Sample

    EA contribution category EA contribution details
    Define business capabilities and processes As-is and target business capabilities and processes are documented and understood by both IT and the business.
    Design information flows and services Information flows and services effectively support business capabilities and processes.
    Analyze gaps and identify project opportunities Create informed project identification, scope definition, and project portfolio management.
    Optimize technology assets Greater homogeneity and interoperability between tangible and intangible technology assets.
    Create and maintain technology standards Decrease development, integration, and support efforts. Reduce complexity and improve interoperability.
    Rationalize technology assets Tangible and intangible technology assets are rationalized to adequately and efficiently support information flows and services.

    2.2.3 Identify the EA contributions that can address the pains

    2 hours

    Input: Expertise from EA strategy creation team

    Output: EA contributions that addresses the pains that were identified

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Gather with the EA strategy creation team, take each pain, then ask and record the answers to the questions below to identify the EA contributions that would solve the pains:

    1. What activities can the EA practice conduct to overcome the pain?
    2. What are the core EA models that can help accurately define the problem and assist in finding appropriate resolutions?
    3. What are the general EA benefits that can be associated with solving this pain?

    Answers to the questions above will generate a list of activities EA can do to help alleviate the pains. Use the following steps to complete this activity:

    1. Create a stronger tie between the EA contributions and pains by linking the EA contribution statement to the pain.
      • Example of pain statement: Lack of holistic view of business capabilities obstructs the organization from aligning investments with corporate strategy and departmental priorities.
      • Example of EA contributions statement: Business capability mapping shows the business capabilities of the organization and the technology that supports those capabilities in the current and target state. This provides a view for the set of investments that are needed by the organization, which can then be prioritized.
    2. Verify with the stakeholders that they understand the EA contributions have been written out and how those contributions address the pains.

    Download the EA Value Proposition Template to record your findings in this activity.

    EA promises of value articulate EA’s commitment to the organization

    • Business Goals and Technology Drivers
      A set of statements created from business and technology needs. Gathered from information sources, it communicates improvements needed.

      • Value Streams, Aspirations, Long-Term Goals
        Value streams, aspirations, long-term goals

        • EA Contributions
          EA contributions that will alleviate the obstructions. Removing the obstructions will allow EA to help satisfy business and technology needs.

          • Promise of Value
            A statement that depicts a concrete benefit the EA practice can provide for the organization in response to business and technology drivers.
            Communicate the statements in a language that stakeholders understand to complete the articulation of EA’s value proposition.

    2.2.4 Create promises of value to shape the EA value proposition

    2 hours

    Input: Expertise from EA strategy creation team and EA stakeholders

    Output: Promises of value for each business and technology driver

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team, EA stakeholders

    Now that the EA contributions have been identified, identify the promises of value to articulate the value proposition.

    Take each driver, then ask and record the answers to the questions below to identify the promises of value when realizing the drivers:

    1. What does amazing look like if we solve this perfectly?
    2. What other business activities/processes will be impacted/improved if we solve this?
    3. What measures of success/change should we use to prove value of the effort (KPIs/ROI)?

    Take the recorded answers and follow the steps below to create the promises of value.

    1. Answers to the questions above can be long, unfocused, or spoken in a casual manner. To turn the answer into a promise of value, refine the recorded answer into a succinct sentence that captures its meaning.
      • Business driver example: Help the organization align investments with the corporate strategy and departmental priorities.
      • Recorded answer example: “If this would be solved perfectly, we would have a very easy time planning investments and investment planning hours can be spent doing other activities.”
      • Promises of value example: Increase the number of investments that have a direct tie to corporate strategy.
    2. When the promises of value have been written out, verify with the stakeholders that you have fully captured their ideas.

    Download the EA Value Proposition Template to record your findings in this activity.

    Design an Enterprise Architecture Strategy

    Phase 3

    Build the EA Fundamentals

    Phase 1

    • 1.1 Explore a general EA strategy approach
    • 1.2 Introduce Agile EA architecture

    Phase 2

    • 2.1 Define the business and technology drivers
    • 2.2 Define your value proposition

    Phase 3

    • 3.1 Realize the importance of EA fundamentals
    • 3.2 Finalize the EA fundamentals

    Phase 4

    • 4.1 Select relevant EA services
    • 4.2 Finalize the set of services and secure approval

    This phase will walk you through the following activities:

    • Create an EA vision statement and an EA mission statement.
    • Create EA goals, define EA objectives, and link them to EA goals.
    • Define the EA function scope dimensions.
    • Create a set of EA principles for your organization.
    • Discuss current methodology.

    This phase involves the following participants:

    • CIO
    • EA Team
    • IT Leaders
    • Business Leaders

    Step 3.1

    Realize the Importance of EA Fundamentals

    Activities
    • 3.1.1 Create the EA vision statement
    • 3.1.2 Create the EA mission statement
    • 3.1.3 Create EA goals
    • 3.1.4 Define EA objectives and link them to EA goals
    • 3.1.5 Record the details of each EA objective

    This step will walk you through the following activities:

    • Define and document the fundamentals that guide the EA function.

    This step involves the following participants:

    • CIO
    • EA Team
    • IT Leaders
    • Business Leaders

    Outcomes of this step

    • Vision and mission statements for the EA function.
    • A set of EA goals and a set of objectives to track progression toward those goals.
    Build the EA Fundamentals
    Step 3.1 Step 3.2

    EA fundamentals guide the EA function

    EA fundamentals include a vision statement, a mission statement, goals and objectives, and principles. They are a set of documented statements that guide the EA function. The fundamentals guide the EA function in terms of its strategy and decision making.

    EA vision statement EA mission statement

    EA fundamentals

    EA goals and objectives EA principles

    Info-Tech Insight

    Treat the critical elements of the EA group the same way as you would a business. Create a directional foundation for EA and define the vision, mission, goals, principles, and scope necessary to deliver on the established value proposition.

    The EA vision statement articulates the aspirations of the EA function

    The enterprise architecture vision statement communicates a desired future state of the EA function. The statement is expressed in the present tense. It seeks to articulate the desired role of the EA function and how the EA function will be perceived.

    Strong EA vision statements have the following characteristics:

    • Describe a desired future
    • Focus on ends, not means
    • Communicate promise
    • Concise, no unnecessary words
    • Compelling
    • Achievable
    • Inspirational
    • Memorable

    Sample EA vision statements:

    • To be a trusted partner for both the business and IT, driving enterprise effectiveness, efficiency, and agility at [Company Name].
    • To be a trusted partner and advisor to both the business and IT, contributing to business-IT alignment and cost reduction at [Company Name].
    • To create distinctive value and accelerate [Company Name]’s transformation.

    The EA mission statement articulates the purpose of the EA function

    The enterprise architecture mission statement specifies the team’s purpose or “reason of being.” The mission should guide each day’s activities and decisions. The mission statements use simple and concise terminology, speak loudly and clearly, and generate enthusiasm for the organization.

    Strong EA mission statements have the following characteristics:

    • Articulates EA function purpose and reason for existence
    • Describes what the EA function does to achieve its vision
    • Defines who the customers of the EA function are
    • Compelling
    • Easy to grasp
    • Sharply focused
    • Inspirational
    • Memorable
    • Concise

    Sample EA mission statements:

    • Define target enterprise architecture for [Company Name], identify solution opportunities, inform IT investment management, and direct solution development, acquisition, and operation compliance.
    • Synergize with both the business and IT to define and help realize [Company Name]’s target enterprise architecture that enables the business strategy and optimizes IT assets, resources, and capabilities.

    The EA vision and mission statements become relevant to EA stakeholders when linked to the promises of value

    The process for constructing the enterprise architecture vision statement and enterprise architecture mission statement is articulated below.

    Promises of value Derive keywords Construct draft statements Reference test criteria Finalize statements
    Derive the a set of keywords from the promises of value to accurately capture their essence. Create the initial statement using the keywords. Check the initial statement against a set of test criteria to ensure their quality. Finalize the statement after referencing the initial statement against the test criteria.

    Derive keywords from promises of value to begin the vision and mission statement creation process

    Develop keywords by summarizing the promises of value that were derived from drivers into one word that will take on the essence of the promise. See examples below:

    Business and technology drivers Promises of value Keywords
    Help the organization align investments with the corporate strategy and departmental priorities. Increase the number of investments that have a direct tie to corporate strategy. Business
    Support the rapid growth and development of the company through fiscal planning, project planning, and technology sustainability. Ensure budgets and projects are delivered on time with the assistance of technology. IT-Enabled
    Reduce the duplication and work effort to build and deploy technology solutions across the entire organization. Aim to reduce the number of redundant applications in the organization to streamline processes and save costs. Catalyst
    Improve the organization’s technology responsiveness and increase speed to market. Reduce the number of days required in the SDLC for all core business support projects. Value delivery

    An inspirational vision statement is greater than the sum of the individual words

    Ensure the sentence is cohesive and captures additional value outside of the keywords. The statement as a whole should be greater than the sum of the parts. Expand upon the meaning of the words, if necessary, to communicate the value. Below is an example of a finished vision statement.

    Sample

    Be a catalyst for IT-enabled business value delivery.

    Catalyst – We will continuously interact with the business and IT to accelerate and improve results.

    IT-enabled – We will ensure the optimal use of technology in enabling business capabilities to achieve business objectives.

    Business – We will be perceived as a business-focused unit that understands [Company name]’s business priorities and required business capabilities.

    Value delivery – EA’s value will be recognized by both business and IT stakeholders. We will track and market EA’s contribution to business value organization-wide.

    A clear mission statement can include additional details surrounding the EA team’s desired and expected value

    Likewise, below is a sample of connecting keywords together to form an EA mission statement:

    Optimize, transform, and innovate by defining and implementing the [Company]’s target enterprise architecture.

    Optimize – We collaborate with the business to analyze and optimize business capabilities and business processes to enable the agile and efficient attainment of [Company name] business objectives.

    Transform – We support IT-enabled business transformation programs by building and maintaining a shared vision of the future-state enterprise and consistently communicating it to stakeholders.

    Innovate – We identify and develop new and creative opportunities for IT to enable the business. We communicate the art of the possible to the business.

    Defining and implementing – We engage with project teams early and guide solution design and selection to ensure alignment to the target-state enterprise architecture.

    Target enterprise structure – We analyze business needs and priorities and assess the current state of the enterprise. We build and maintain the target enterprise architecture blueprints that define:

    • Business capabilities and processes (business architecture)
    • Data, application, and technology assets that enable business capabilities and processes (technology architecture)
    • Architecture principles and standards

    3.1.1 Create the EA vision statement

    1 hour

    Input: Identified promises of value, Vision statement test criteria

    Output: EA function vision statement

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Begin the creation of the EA vision statement by following the steps below:

    1. Gather the EA strategy creation team and have the promises of value from the EA value proposition laid out.
    2. Select one promise of value and work with the team to identify one word that captures the essence of that promise of value.
    3. Continue to the next promise of value until all of the promises of value have a keyword identified.
    4. Have the identified set of keywords laid out and see if any of their meanings are similar and can be consolidated together. Consolidate similar meaning keywords.
    5. Create the initial draft of the EA vision statement by linking the keywords together.
    6. Check the initial draft of the vision statement against the test criteria below. Ask the team if the vision statement satisfies each of the test criteria.
      • Do you find this vision exciting?
      • Is the vision clear, compelling, and easy to grasp?
      • Does this vision somehow connect to the core purpose?
      • Will this vision be exciting to a broad base of people in the organization, not just those within the EA team?
    7. Make changes to the initial draft to satisfy the test criteria. Socialize the EA vision statement with EA stakeholders to make sure it captures their needs.

    3.1.2 Create the EA mission statement

    1 hour

    Input: Identified promises of value, Mission statement test criteria

    Output: EA function mission statement

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Begin the creation of the EA mission statement by following the steps below:

    1. Gather the EA strategy creation team and have the promises of value from the EA value proposition laid out.
    2. Select one promise of value and work with the team to identify one word that captures the essence of that promise of value.
    3. Continue to the next promise of value until all of the promises of value have a keyword identified.
    4. Have the identified set of keywords laid out, and see if any of their meanings are similar and can be consolidated together. Consolidate similar meaning keywords.
    5. Create the initial draft of the EA mission statement by linking the keywords together.
    6. Check the initial draft of the mission statement against the following test criteria below. Ask the team if the mission statement satisfies each of the test criteria.
      • Do you find this purpose personally inspiring?
      • Does the purpose help you to decide what activities to not pursue, to eliminate from consideration? Is this purpose authentic – something true to what the organization is all about – not merely words on paper that sound nice?
      • Would this purpose be greeted with enthusiasm rather than cynicism by a broad base of people in the organization?
    7. Make changes to the initial draft to satisfy the test criteria. Socialize the EA mission statement with EA stakeholders to make sure it captures their needs.

    EA goals demonstrate the achievement of success of the EA function

    Enterprise architecture goals define specific desired outcomes of an EA function. EA goals are important because they establish the milestones the EA function can strive toward to deliver their promises of value.

    Inform EA goals by examining:

    Promises of value

    —›
    EA goals produce:

    Targets and milestones

    Promises of value

    Produce EA strategic outcomes that can be classified into four categories. The four categories are:

    • Business performance
    • IT performance
    • Customer value
    • Risk management
    EA goals

    Support the strategic outcomes. EA goals can be strategic or operational:

    • EA strategic goals support the strategic outcomes.
    • EA operational goals help measure the architecture capability quality and supporting processes.

    3.1.3 Create EA goals

    2 hours

    Input: Identified promises of value

    Output: EA goals

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Begin the creation of EA goals by following the steps below:

    1. Gather the EA strategy creation team and the identified promises of value from Phase 2, Create the EA Value Proposition.
    2. Open the EA Goals and Objectives Template and examine the list of default EA goals already within the template.
    3. Take the identified promises of value and discuss with the team if any of the EA goals in the template relate to the promises of value. Record the related EA goal and promise of value. See example below:
      • Promises of value example: Increase the number of investments that have a direct tie to corporate strategy.
      • Related EA goal example: Alignment of IT and business strategy.
    4. Repeat step 3 until all identified promises of value have been examined in relation to the EA goals in the template.
    5. If there are promises of value that are not related to an EA goal in the template, create EA goals to relate to those promises of value. Keep in mind that EA goals need to support the strategic outcomes produced by the promises of value. Record the EA goals in the template and document the related promises of value.

    Download the EA Goals and Objectives Template to assist with completing this activity.

    Starting with COBIT, select the appropriate objectives to track EA goals – Sample

    Below are examples of EA goals and the objectives that track their performance:

    IT performance-oriented goals Objectives
    Alignment of IT and business strategy
    • Increase the percentage of enterprise strategic goals and requirements supported by IT strategic goals by X percent in the fiscal year.
    • Improve stakeholder satisfaction with planned function and services portfolio scope by X percent in the fiscal year.
    • Increase the percentage of IT value drivers mapped to business value drivers by X percent in the next fiscal year.
    Increase in IT agility
    • Improve business executive satisfaction with IT’s responsiveness to new requirements by X percent in the fiscal year.
    • Increase the number of critical business processes supported by up-to-date infrastructure and applications in the next three years.
    • Lower the average time to turn strategic IT objectives into agreed-upon and approved initiatives.
    Optimization of IT assets, resources, and capabilities
    • Increase the frequency of capability maturity and cost optimization assessments.
    • Improve the frequency of reporting for assessment result trends.
    • Raise the satisfaction levels of business and IT executives with IT-related costs and capabilities by X percent.

    3.1.4 Define EA objectives and link them to EA goals

    2 hours

    Input: Defined EA goals

    Output: EA objectives linked to EA goals

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Begin the process of defining EA objectives and linking them to EA goals using the following steps:

    1. Gather the EA strategy creation team and open the EA Goals and Objectives Template.
    2. Have the goals laid out, and refer to the objectives already in the EA Goals and Objectives Template. Examine if any of them will fit the goals your team has created.
    3. If some of the goals your team has created do not fit with the objectives in the template, begin the process of creating new objectives. Remember, EA objectives are SMART metrics that help track the progress toward the EA goals.
    4. Create an EA objective and check if it is SMART by asking some of the questions below:
      • Specific: Is the objective specific to the goal? Is the objective clear to anyone who has basic knowledge of the goal?
      • Measurable: Is it possible to figure out how far the team would be away from completing the objective?
      • Agreed Upon: Does everyone involved agree the objective is the correct way to measure progress?
      • Realistic: Can the objective be met within the availability of resources, knowledge, and time?
      • Time Based: Is there a time-bound component to the goal?
    5. Continue to create new objectives until each goal has an objective linked to it.

    Download the EA Goals and Objectives Template to assist with completing this activity.

    For each of the objectives, determine how they will be collected, reported, and implemented

    Add details to the enterprise architecture objectives previously defined to increase their clarity to stakeholders.

    EA objective detail category Description
    Unit of measure
    • The unit in which the objective will be presented.
    Calculation formula
    • The formula by which the objective will be calculated.
    Objective baseline, status, and target
    • Baseline: The state of the objective at the start of measurement.
    • Status: The current state of the measurement.
    • Target: The target state the measurement should reach.
    Data collection
    • Responsible: The individual responsible for collecting the data.
    • Source: Where the data originates.
    • Frequency: How often the data will be collected to calculate the objective.
    Reporting
    • Target Audience: The people the objective will be presented to.
    • Method: The method used to present the data collected on the objective (e.g. report, presentation).
    • Frequency: How often the data will be presented to the target audience.

    3.1.5 Record the details of each EA objective

    2 hours

    Input: Defined list of EA objectives

    Output: Increased detail into each defined EA objective

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Record the details of each EA objective. Use the following steps below to assist with recording the details:

    1. Gather the EA strategy creation team, and open the EA Goals and Objectives Template.
    2. Select one objective that has been identified and discuss the formula for calculating the objective and in what units the objective will be recorded. Record the information in the “Calculation formula” and “Unit of measure” columns in the template once they have been agreed upon.
    3. Using the same objective, move to the “Data Collection” portion of the template. Discuss and record the following: the source of the data that generates the objective, the frequency of reporting on the objective, and the person responsible for reporting the objective.
    4. Move to the “Reporting” portion of the template. Discuss and record the target audience for the objective and the reporting frequency and method to those audiences.
    5. Examine the “Objective baseline,” “Objective status,” and “Objective target” columns. Record any measurement you may currently have in the “Objective baseline” column. Record what you would like the objective measurement to be in the “Objective target” column. Note: Keep track of the progression towards the target in the “Objective status” column in the future.
    6. Select the next objective and complete steps 2–5 for that measure. Continue this process until you have recorded details for all objectives.

    Download the EA Goals and Objectives Template to assist with completing this activity.

    Step 3.2

    Finalize the EA Fundamentals

    Activities
    • 3.2.1 Define the organizational coverage dimension of the EA function scope
    • 3.2.2 Define the architectural domains and depth dimension
    • 3.2.3 Define the time horizon dimension
    • 3.2.4 Create a set of EA principles for your organization
    • 3.2.5 Add the rationale and implications to the principles
    • 3.2.6 Operationalize the EA principles
    • 3.2.7 Discuss the need for classical methodology and/or a combination including Agile practices

    This step will walk you through the following activities:

    • Define the EA function scope dimensions.
    • Create a set of EA principles.
    • Discuss the organization’s current methodology, if any, and whether it works for the business.

    This step involves the following participants:

    • CIO
    • EA Team
    • IT Leaders
    • Business Leaders

    Outcomes of this step

    • Defined scope of the EA function.
    • A set of EA principles for your organization.
    • A decision on traditional vs. Agile methodology or a blend of both.

    Build the EA Fundamentals

    Step 3.1 Step 3.2

    A clear EA function scope defines the EA sandbox

    The EA function scope constrains the promises of value the EA function will deliver on by taking into account factors across four dimensions. The EA function scope ensures that the EA function is not stretched beyond its current/planned means and capabilities when delivering the promised value. The four dimensions are illustrated below:

    Organizational coverage
    Determine the focus of the enterprise architecture effort in terms of specific business units, functions, departments, capabilities, or geographical areas.
    Depth
    Determine the appropriate level of detail to be captured, based on the intended use of the enterprise architecture and the contingent decisions to be made.

    EA Scope

    Architectural Domains
    Determine the EA domains (business, data, application, infrastructure, security) that are appropriate to address stakeholder concerns and architecture requirements.
    Time horizon
    Determine the target-state architecture’s objective time period.

    The EA function scope is influenced by the EA value proposition and previously developed EA fundamentals

    Establish the EA function scope by using the EA value proposition and EA fundamentals that have been developed. After defining the EA function scope, refer back to these statements to ensure the EA function scope accurately reflects the EA value proposition and EA fundamentals.

    EA value proposition

    +

    EA vision statement
    EA mission statement
    EA goals and objectives

    —›
    Influences

    Organizational coverage

    Architectural domains

    Depth

    Time horizon

    —›
    Defines
    EA function scope

    EA scope – Organizational Coverage

    The organizational coverage dimension of EA scope determines the focus of enterprise architecture effort in the organization. Coverage can be determined by specific business units, functions, departments, capabilities, or geographic areas. Info-Tech has typically seen two types of coverage based on the size of the organization.

    Small and medium-size enterprise

    Indicators: Full-time employees dedicated to manage its data and IT infrastructure. Individuals are IT generalists and may have multiple roles.

    Recommended coverage: Typically, for small and medium-size businesses, the organizational coverage of architecture work is the entire enterprise. (Source: The Open Group, 2018)

    Large enterprise

    Indicators: Dedicated full-time IT staff with expertise to manage specific applications or parts of the IT infrastructure.

    Recommended coverage: For large enterprises, it is often necessary to develop a number of architectures focused on specific business segments and/or geographies. In this federated model, an overarching enterprise architecture should be established to ensure interoperability and conformance to overarching EA principles. (Source: DCIG, 2011)

    EA objectives track the progression towards the target set by EA goals

    Enterprise architecture objectives are specific metrics that help measure and monitor progress towards achieving an EA goal. Objectives are SMART.

    EA goals —› EA objectives
    • EA strategic goals:
      • Business performance
      • IT performance
      • Customer value
      • Risk management
    • EA operational goals
    • Specific
    • Measurable
    • Agreed upon
    • Realistic
    • Time bound
    (Source: Project Smart, 2014)

    Download the EA Goals and Objectives Template to see examples between the relationship of EA goals to objectives.

    Measure the EA strategy effectiveness by tracking the benefits it provides to the corporate business goals

    The success of the EA function is influenced by the following:

    • The delivery of EA-enabled business outcomes that are most important to the enterprise.
    • The alignment between the business and IT from a planning perspective.
    • Improvements in the corporate business goals due to EA contributions (standardization, rationalization, reuse, etc.).
    Corporate Business Goals Measurements
    • Reduction in operating costs
    • Decrease in regulatory compliance infractions
    • Increased revenue from existing channels
    • Increased revenue from new channels
    • Faster time to business value
    • Improved business agility
    • Reduction in enterprise risk exposure
    • Cost reductions based on application and platform rationalization
    • Standard-based solutions
    • Time reduction for integration
    • Service reused
    • Stakeholder satisfaction with EA services
    • Increase customer satisfaction
    • Rework minimized
    • Lower cost of integration
    • Risk reduction
    • Faster time to market
    • Better scalability, etc.

    3.2.1 Define the organizational coverage dimension of the EA function scope

    2 hours

    Input: EA value proposition, Previously defined EA fundamentals

    Output: Organizational coverage dimension of EA scope defined

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Define the organizational coverage of the EA function scope using the following steps below:

    1. Gather the EA strategy creation team. As well, gather the EA value proposition, the EA vision and mission statements, and the EA goals and objectives your team has already created.
    2. Ask the team to read each of the documents gathered in the previous step. This ensures the concepts are fresh in the team members’ minds when defining the EA function scope organizational coverage.
    3. Consider how much of the organization the EA function would need to cover. Refer to the gathered materials to assist with your decision. For example:
      • EA mission statement: Optimize, transform, and innovate by defining and implementing the [Company]’s target enterprise architecture.
      • Implications on organizational coverage: If the purpose of the EA function is to help optimize, transform, and innovate with target-state architecture mapping, then the scope should cover the entire organization. Only by mapping the entire organization’s architecture can the EA function assist with optimizing, transforming, and innovating.
    4. Work with the EA strategy creation team to examine all the gathered materials and document the implications on organization coverage as shown in step 3.
    5. Discuss with the team and select the organizational coverage level that best fits the documented implications for all the gathered materials. Refer back to the gathered materials and make any changes necessary to ensure they support the selected organizational coverage.

    EA scope – Architectural Domains

    A complete enterprise architecture should address all five architectural domains. The five architectural domains are business, data, application, infrastructure, and security.

    Enterprise Architecture
    —› Data Architecture
    Business Architecture —› Infrastructure Architecture
    Security Architecture
    —› Application Architecture

    “The realities of resource and time constraints often mean there is not enough time, funding, or resources to build a top-down, all-inclusive architecture encompassing all four architecture domains. Build architecture domains with a specific purpose in mind.” (The Open Group, 2018)

    Each architectural domain creates a different view of the organization

    Below are the definitions of different domains of enterprise architecture (Info-Tech perspective; others can be identified as well, e.g. Integration Architecture).

    Business Architecture

    Business architecture is a means of demonstrating the business value of subsequent architecture work to key stakeholders and the return on investment to those stakeholders from supporting and participating in the subsequent work. Business architecture defines the business strategy, governance, organization, and key business processes.

    Data Architecture

    Describes the structure of an organization’s logical and physical data assets and data management resources.

    Application Architecture

    Provides a blueprint for the individual applications to be deployed, their interactions, and their relationships to the core business processes of the organization.

    Infrastructure Architecture

    Represents the sum of hardware, software, and telecommunications-related IT capability associated with a particular enterprise. It is concerned with the synergistic operations and management of the devices in the organization.

    Security Architecture

    Provides an unified security design that addresses the necessities and potential risks involved in a certain scenario or environment. It also specifies when and where to apply security controls.
    (Sources: The Open Group, 2018; IT Architecture Journal, 2014; Technopedia, 2016)

    EA scope – Depth

    EA scope depth defines the architectural detail for each EA domain that the organization has selected to pursue. The level of depth is broken down into four levels. The level of depth the organization decides to pursue should be consistent across the domains.

    Contextual
    • Helps define the organization scope, and examines external and internal requirements and their effect on the organization. For example, enterprise governance.
    Conceptual
    • High-level representations of the organization or what the organization wants to be. For example, business strategy, IT strategy.
    Logical
    • Models that define how to implement the representation in the conceptual stage. For example, identifying the business gaps from the current state to the target state defined by the business strategy.
    Physical
    • The technology and physical tools used to implement the representation created in the logical stage. For example, business processes that need to be created to bridge the gaps identified and reach the target stage.
    (Source: Zachman International, 2011) Business Architecture Data Architecture Application Architecture Infrastructure Architecture Security Architecture

    Each architectural depth level contains a set of key artifacts

    The graphic below depicts examples of the key artifacts that each domain of architecture would produce at each depth level.

    Contextual Enterprise Governance
    Conceptual Business strategy Business objects Use-case models Technology landscaping Security policy
    Logical Business capabilities Data attribution Application integration Network/ hardware topology Security standards
    Physical Business process Database design Application design Configuration management Security configuration
    Business Architecture Data Architecture Application Architecture Infrastructure Architecture Security Architecture

    3.2.2 Define the architectural domains and depth dimension of the EA function scope

    2 hours

    Input: EA value proposition, Previously defined EA fundamentals

    Output: Architectural domain and depth dimensions of EA scope defined

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Define the EA function scope for your organization using the following steps below:

    1. Gather the EA strategy creation team. As well, gather the EA value proposition, the EA vision and mission statements, and the EA goals and objectives that your team has already created.
    2. Ask the team to read each of the documents gathered in the previous step. This ensures the concepts are fresh in the team members’ minds when defining the architectural domains and depth of the EA function scope.
    3. Consider the architectural domains and the depth those domains need to reach. Refer to the gathered materials to assist with your decision. For example:
      • Promise of value: Increase the number of IT investments with a direct tie to business strategy.
      • Implications on architectural domains: The EA function will need business architecture. Business architecture generates business capability mapping, which will anticipate what IT investments are needed for the future.
      • Implications on depth: Depth for business architecture needs to reach a logical level to encompass business capabilities.
    4. Work with the EA strategy creation team to examine all the gathered materials and document the implications on architectural domains and depth as shown in step 3.
    5. Discuss with the team and select the architectural domains and the depth for each domain that best fits the documented implication. Refer back to the gathered materials and make any changes necessary to ensure they support the selected architectural domains and depth.

    EA scope – Time Horizon

    The EA scope time horizon dictates how long to plan for the architecture.

    It is important that the EA team’s work has an appropriate planning horizon while avoiding two extremes:

    1. A planning horizon that is too short focuses on immediate operational goals and strategic quick wins, missing the “big picture,” and fails to support the achievement of strategic long-term enterprise goals.
    2. A planning horizon that is too long is at a higher risk of becoming irrelevant.

    Target the same strategic planning horizon as your business. Additionally, consider the following recommendations:

    Planning Horizon: 1 year 2-3 years 5 years
    Recommended under the following conditions:
    • Corporate strategy is not stable and frequently changes direction (typical for small and some mid-sized companies).
    • There will be a major update of the corporate strategy in one year.
    • The company will be acquired by or merged with another company in one year.
    • The business' strategic plan spans the next two to three years, and corporate strategy is moderately stable within this time frame (typical for mid-sized and some large companies).
    • The business' strategic plan spans the next five years and corporate strategy is very stable (typical for large companies).

    3.2.3 Define the time horizon dimension of the EA function scope

    2 hours

    Input: EA value proposition, Previously defined EA fundamentals

    Output: Time horizon dimension of EA scope defined

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Define the EA function scope for your organization using the following steps below:

    1. Gather the EA strategy creation team. As well, gather the EA value proposition, the EA vision and mission statements, and the EA goals and objectives your team has already created.
    2. Ask the team to read each of the documents gathered in the previous step. This ensures the concepts are fresh in the team members’ minds when crafting the EA function scope.
    3. Consider the time horizons of the EA function scope. Refer to the gathered materials to assist with your decision. For example:
      • EA Objective: Increase the percentage of enterprise strategic goals and requirements supported by IT strategic goals by 30% in the next 3 years.
      • Implications on time horizon: Because it will take 3 years to measure the success of these EA objectives, the time horizon may need to be 3 years.
    4. Work with the EA strategy creation team to examine all the gathered materials and document the implications on time horizon as shown in step 3.
    5. Discuss with the team and select the time horizon that best fits the documented implication. Refer back to the gathered materials and make any changes necessary to ensure they support the selected architectural time horizon.

    EA principles capture the EA value proposition essence and provide guidance for the decisions that impact architecture

    EA principles are shared, long-lasting beliefs that guide the use of IT in constructing, transforming, and operating the enterprise by informing and restricting target-state enterprise architecture design, IT investment portfolio management, solution development, and procurement decisions.

    EA value proposition Influences
    —›
    EA Principles Guide and inform
    —›
    Decisions on the Use of IT Direct and control
    ‹—
    Specific Domain Policies
    ‹———————

    What decisions should be made?
    ————— ————— —————
    How should decisions be made?
    ————— ————— —————————›
    Who has the accountability and authority to make decisions?

    EA principles must be carefully constructed to make sure they are adhered to and relevant

    Info-Tech has identified a set of characteristics that EA principles should possess. Having these characteristics ensures the EA principles are relevant and followed in the organization.

    Approach focused EA principles are focused on the approach, i.e. how the enterprise is built, transformed, and operated, as apposed to what needs to be built, which is defined by both functional and non-functional requirements.
    Business relevant Create EA principles specific to the organization. Tie EA principles to the organization’s priorities and strategic aspirations.
    Long lasting Build EA principles that will withstand the test of time.
    Prescriptive Inform and direct decision making with EA principles that are actionable. Avoid truisms, general statements, and observations.
    Verifiable If compliance can’t be verified, the principle is less likely to be followed.
    Easily digestible EA principles must be clearly understood by everyone in IT and by business stakeholders. EA principles aren’t a secret manuscript of the EA team. EA principles should be succinct; wordy principles are hard to understand and remember.
    Followed Successful EA principles represent a collection of beliefs shared among enterprise stakeholders. EA principles must be continuously “preached” to all stakeholders to achieve and maintain buy-in.

    In organizations where formal policy enforcement works well, EA principles should be enforced through appropriate governance processes.

    Review ten universal EA principles to determine if your organization wishes to adopt them

    1. Enterprise value focus We aim to provide maximum long-term benefits to the enterprise as a whole while optimizing total costs of ownership and risks.
    2. Fit for purpose We maintain capability levels and create solutions that are fit for purpose without over-engineering them.
    3. Simplicity We choose the simplest solutions and aim to reduce operational complexity of the enterprise.
    4. Reuse › buy › build We maximize reuse of existing assets. If we can’t reuse, we procure externally. As a last resort, we build custom solutions.
    5. Managed data We handle data creation, modification, and use enterprise-wide in compliance with our data governance policy.
    6. Controlled technical diversity We control the variety of technology platforms we use.
    7. Managed security We manage security enterprise-wide in compliance with our security governance policy.
    8. Compliance to laws and regulations We operate in compliance with all applicable laws and regulations.
    9. Innovation We seek innovative ways to use technology for business advantage.
    10. Customer centricity We deliver best experiences to our customers with our services and products.

    3.2.4 Create a set of EA principles for your organization

    2 hours

    Input: Info-Tech’s ten universal EA principles, Identified promises of value

    Output: A defined set of EA principles for your organization

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Create a set of EA principles for your organization using the steps below:

    1. Gather the EA strategy creation team, download the EA Principles Template – EA Strategy, and have the identified promises of value opened.
    2. Select one universal principle and relate it to the promises of value by discussing with the EA strategy creation team. If there is a relation, record “Yes” in the template on the slide “Select the applicability of 10 universally accepted EA principles.” See example below:
      • Universal principle: Enterprise value focus – We aim to provide maximum long-term benefits to the enterprise as a whole while optimizing total costs of ownership and risks.
      • Related promise of value example: Increase the number of investments that have a direct tie with corporate strategy.
    3. Continue the process in step 2 until all ten universal EA principles have been examined. If there is a universal principle that is unrelated to a promise of value, discuss with the team whether the principle still needs to be included. If the principle is not included, record “No” in the template on the slide “Select the applicability of 10 universally accepted EA principles.”
    4. If there are any promises of value that are not captured by the universally accepted EA principles, the team may choose to create new principles. Create the new principles in the format below and record them in the template.
      • Name: The name of the principle, in a few words.
      • Statement: A sentence that expands on the “Name” section and explains what the principle achieves.

    Download the EA Principles Template – EA Strategy to document this step.

    Organizational stakeholders are more likely to follow EA principles when a rationale and an implication are provided

    After defining the set of EA principles, ensure they are all expanded upon with a rationale and implications. The rationale and implications ensure principles are more likely to be followed because they communicate why the principles are important and how they are to be used.

    Name
    • The name of the EA principle, in a few words.
    Statement
    • A sentence that expands on the “Name” section and explains what the principle achieves.
    Rationale
    • Describes the business benefits and reasoning for establishing the principle.
    • Explicitly links the principle to business/IT vision, mission, priorities, goals, or strategic aspirations (strategic themes).
    Implications
    • Describe when and how the principle is to be applied.
    • Communicate this section with “must” sentences.
    • Refer to domain-specific policies that provide detailed, domain-specific direction on how to apply the principle.

    3.2.5 Add the rationale and implications to the principles that have been created

    2 hours

    Input: Identified set of EA principles

    Output: EA principles that have rationale and implications

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Add the rationale and implication of each EA principle that your organization has selected using the following steps:

    1. Gather the EA strategy creation team and open the EA Principles Template – EA Strategy.
    2. Examine the EA Principles Template – EA Strategy. Look for the detailed descriptions of all the applicable EA universal principles, and discuss with the team whether the pre-populated rationale and implications need to be changed.
    3. Make sure all the rationale and implication sections of the applicable universal EA principles have been examined. Record the changes on the slide devoted to each principle in the template.
    4. Examine any new principles created outside of the universal EA principles. Create the rationale and implication sections for each of those principles. Use the slide “Review the rationale and implications for the applicable universal principles” in the EA Principles Template – EA Strategy to assist with this step.

    Download the EA Principles Template – EA Strategy to document this step.

    3.2.6 Operationalize the EA principles to ensure they are used when decisions are being made

    1-2 hours

    Input: Defined set of EA principles

    Output: EA principles are successfully operationalized

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Begin to operationalize the EA principles by reviewing the proposed principles with business and technology leadership to secure their approval.

    1. Publish the list of principles, their rationale, and their implications.
    2. Include the principles in any existing policies that guide decision making for the use of technology within the business.
    3. Provide existing governance bodies with the authority to enforce adherence to principles, and communicate the waiver process.
    4. Ensure that project-level teams are aware of the principles and have at least one champion guiding the decisions of the team.

    Review a use case for the utilization of EA principles – Sample

    After operationalizing the EA principles for your organization, the organization can now use those principles to guide and inform its IT investment decisions. Below is an example of a scenario where EA principles were used to guide and inform an IT investment decision.

    Organization wants to provision an application but it needs to decide how to do so, and it considers the relevant EA principles:

    • Reuse › buy › build
    • Managed security
    • Innovation

    The organization has decided to go with a specialized vendor, even though it normally prefers to reuse existing components. The vendor has experience in this domain, understands the data security implications, and can help the organization mitigate risk. Lastly, the vendor is known for providing new solutions on a regular basis and is a market leader, making it more likely to provide the organization with innovative solutions.

    An oil and gas company created EA fundamentals to guide the EA function

    CASE STUDY

    Industry: Oil & Gas
    Source: Info-Tech

    Challenge

    As an enterprise architecture function starting from ground zero, the organization did not have the EA fundamentals in place to guide the EA function. Further, the organization also did not possess an EA function scope to define the boundaries of the EA function.

    Due to the lack of EA scope, the EA function did not know which part of the organization to provide contributions toward. A lack of EA fundamentals caused confusion regarding the future direction of the EA function.

    Solution

    Info-Tech worked with the EA team to define the different components of the EA fundamentals. This included EA vision and mission statements, EA goals and objectives, and EA principles.

    Additionally, Info-Tech worked with the EA team to define the EA function scope.

    These EA strategy components were created by examining the needs of the business. The components were aligned with the identified needs of the EA stakeholders.

    Results

    The defined EA function scope helped set out the responsibilities of the enterprise architecture function to the organization.

    The EA vision and mission statements and EA goals and objectives were used to guide the direction of the EA function. These fundamentals helped the EA function improve its maturity and deliver on its promises.

    The EA principles were used in IT review boards to guide the decisions on IT investments in the organization.

    3.2.7 Discuss the need for a classical methodology and/or a combination including Agility practices

    1 hour

    Input: Existing methodologies

    Output: Decisions about need of agility, ceremonies, and protocols to be used

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Add the rationale and implication of adopting an Agile methodology and/or a combination with a traditional methodology.

    1. Is there an EA methodology adopted by the organization? Is there a classical one, or is it purely Agile?
    2. What would need to happen to address the business goals of the organization (e.g. is there a need to be more agile?)? Do you need to have more decisions centralized (e.g. to adopt certain standards, security controls)?
    3. Where on the decentralization continuum does your organization need to be?
    4. What role would Enterprise Architects have (would they need to be part of existing ceremonies? Would they need to blend traditional and agile processes?)?
    5. If a customized methodology is required, identify this as an item to be included as part of the EA roadmap (can be run as a Agile Enterprise Operating Model workshop).

    Design an Enterprise Architecture Strategy

    Phase 4

    Design the EA Services

    Phase 1

    • 1.1 Explore a general EA strategy approach
    • 1.2 Introduce Agile EA architecture

    Phase 2

    • 2.1 Define the business and technology drivers
    • 2.2 Define your value proposition

    Phase 3

    • 3.1 Realize the importance of EA fundamentals
    • 3.2 Finalize the EA fundamentals

    Phase 4

    • 4.1 Select relevant EA services
    • 4.2 Finalize the set of services and secure approval

    This phase will walk you through the following activities:

    • Select relevant EA services
    • Finalize the set of services and secure approval

    This phase involves the following participants:

    • CIO
    • EA Team
    • IT Leaders
    • Business Leaders

    Step 4.1

    Select Relevant EA Services

    Activities
    • 4.1.1 Select the EA services relevant to your organization
    • 4.1.2 Identify if your organization needs additional services outside of the recommended list
    • 4.1.3 Complete all of the service catalog fields for each service to show the organization how each can be consumed

    This step will walk you through the following activities:

    • Communicate a definition of EA services.
    • Link services to the previously identified EA contributions.

    This step involves the following participants:

    • CIO
    • EA Team
    • IT Leaders
    • Business Leaders

    Outcomes of this step

    • A defined set of services the EA function will provide.
    • An EA service catalog that demonstrates to the organization how each provided service can be accessed and consumed.

    Design the EA Services

    Step 3.1 Step 3.2

    The definition of EA services will allow the group to communicate how they can add value to EA stakeholders

    Enterprise architecture services are a set of activities the enterprise architecture function provides for the organization. EA services are important because the services themselves provide a set of benefits for the organization.

    Enterprise Architecture Services

    • A means of delivering value to the business by facilitating outcomes service consumers want to achieve.
    • EA services are defined from the business perspective using business language.
    • EA services are designed to enable required business activities.

    Viewing the EA function from a service perspective resolves the following pains:

    • Business users don’t know how EA can assist them.
    • Business users don’t know how to request access to a service with multiple sources of information available.
    • EA has no way of managing expectations for their users, which tend to inflate.
    • EA does not have a holistic view of all the services they need to provide.

    Link EA services to the previously identified EA contributions

    Previously identified EA contributions can be linked to EA services, which helps the EA function identify a set of EA services that are important to business stakeholders. Further, linking the EA contributions to EA services can define for the EA function the services they need to provide.

    Demonstrate EA service value by linking them to EA contributions

    1. EA stakeholders generate drivers
    2. Drivers have pains that obstruct them
    3. Pains are alleviated by EA contributions
    4. EA contributions help define the EA services needed

      • EA Contributions
        Example EA contribution: Business capability mapping shows the business capabilities of the organization and the technology that supports those capabilities in the current and target state. This provides a view for the set of investments that are needed by the organization, which can then be prioritized.

        • EA Services
          Example EA service: Target-state business capability mapping

    4.1.1 Select the EA services relevant to your organization

    2 hours

    Input: Previously identified EA contributions from the EA value proposition

    Output: A set of EA services selected for the organization from Info-Tech’s defined set of EA services

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Begin the selection of EA services relevant to your organization by following the steps below:

    1. Gather the EA strategy creation team, and the list of identified EA contributions that the team formulated during Phase 2.
    2. Open the EA Service Planning Tool, select one sub-service, and read its definition.
    3. Based on the definition of the sub-service, refer back to the identified list of EA contributions and check if there is an identified EA contribution that matches the service.
      • If the EA service definitions matches one of the identified EA contributions, then that EA service is relevant to the organization. If there is no match, then the EA service may not be relevant to the organization.
    4. Highlight the sub-service if it is relevant. Add a checkmark beside the EA contribution if it is addressed by a sub-service.
    5. Select the next sub-service and repeat steps 2-4. Continue down the list of sub-services in the EA Service Planning Tool until all sub-services have been examined.

    Download the EA Service Planning Tool to assist with this activity.

    4.1.2 Identify if your organization needs additional services outside of the recommended list

    2 hours

    Input: Expertise from the EA strategy creation team, Previously defined EA contributions

    Output: A defined set of EA services outside the list Info-Tech has recommended

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Identify if services outside of the recommended list in the EA Service Planning Tool are relevant to your organization by using the steps below:

    1. Gather the EA strategy creation team and the list of EA contributions with checkmarks for contributions addressed by EA services.
    2. Take the list of unaddressed EA contributions and select one EA contribution in the list. Assess whether an EA service is required to address the EA contribution. Ask the group the following:
      • Can the EA practice provide the service now?
      • Does providing this EA service line up with the previously defined EA function scope and EA fundamentals?
    3. Decide if a service needs to be provided for that contribution. If yes, give the service a name and a definition.
    4. Then, decide if the service fits into one of the service categories in the EA Service Planning Tool. If there is no fit, create another service category. Define the new service category as well.
    5. Continue to the next unaddressed EA contribution and repeat steps 2-4. Repeat this process until all unaddressed EA contributions have been assessed.

    Download the EA Service Planning Tool to assist with this activity.

    Create the EA service catalog to demonstrate to the organization how each service can be accessed and used

    The EA service catalog is an important communicator to the business. It shifts the technology-oriented view of EA to services that show direct benefit to the business. It is a tool that communicates and provides clarity to the business about the EA services that are available and how those services can assist them.

    Define the services to show value Define the service catalog to show how to use those services
    Already defined
    • EA service categories
    • The services needed by the EA stakeholders in each EA service category
    Need to define
    • Should EA deliver this service?
    • Service triggers
    • Service provider
    • Service requestor

    Info-Tech Insight

    The EA group must provide the organization with a list of services it will provide to demonstrate value. This will help the team manage expectations and the workload while giving organizational stakeholders a clear understanding of how to engage EA and what lies outside of EA’s involvement.

    4.1.3 Complete all the service catalog fields for each service to show the organization how each can be consumed

    4 hours

    Input: Expertise from the EA strategy creation team

    Output: Service details for each EA service in your organization

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Complete the details for each relevant EA service in the EA Service Planning Tool by using the following steps:

    1. Gather the EA strategy creation team, and open the EA Service Planning Tool.
    2. Select one of the services you have defined as relevant and begin the process of defining the service. Define the following fields:
      • Should EA deliver this service? Should the EA team provide this service? (Yes/No)
      • Service trigger: What trigger will signal the need for the service?
      • Service provider: Who in the EA team will provide the service?
      • Service requestor: Who outside of the EA team has requested this service?
    3. Have the EA strategy creation team discuss and define each of the fields for the service above. Record the decisions in the corresponding columns of the EA Service Planning Tool.
    4. Select the next required EA service, and repeat steps 2 and 3. Repeat the process until all required EA services have their details defined.

    Download the EA Service Planning Tool to assist with this activity.

    Step 4.2

    Finalize the Set of Services and Secure Approval

    Activities
    • 4.2.1 Secure approval for your organization’s EA strategy
    • 4.2.2 Map the EA contributions to business goals
    • 4.2.3 Quantify the EA effectiveness
    • 4.2.4 Determine the role of the architect in the Agile ceremonies of the organization

    This step will walk you through the following activities:

    • Present the EA strategy to stakeholders.
    • Determine service details for each EA service in your organization.

    This step involves the following participants:

    • CIO
    • EA Team
    • IT Leaders
    • Business Leaders

    Outcomes of this step

    • Secured approval for your organization’s EA strategy.
    • Measure effectiveness of EA contributions.

    Design the EA Services

    Step 4.1 Step 4.2

    Present the EA strategy to stakeholders to secure approval of the finalized EA strategy

    For the EA strategy to be successfully executed, it must be approved by the EA stakeholders. Securing their approval will increase the likelihood of success in the execution of the EA operating model.

    Outputs that make up the EA strategy —› Present outputs to EA strategy stakeholders
    • Business and technology drivers
    • EA function value proposition

    • EA vision statement
    • EA mission statement
    • EA goals and objectives
    • EA scope
    • EA principles

    • EA function services
    • Identified and prioritized EA stakeholders.








    • The checkmark symbol represents the outputs this blueprint assists with creating.

    4.2.1 Secure approval of your organization’s EA strategy

    1 hour

    Input: Completed EA Function Strategy Template, Expertise from EA strategy creation team

    Output: Approval of the EA strategy

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team, Key EA stakeholders

    Use the following steps to assist with securing approval for your organization’s EA strategy:

    1. Call a meeting between the EA strategy creation team and the identified key EA stakeholders. Key stakeholders were defined in activity 2.1.1.
    2. Open the completed EA Function Strategy Template. Use it to help you discuss the merits of the EA strategy with the key stakeholders.
    3. Discuss with the stakeholders any concerns and modifications they wish to make to the strategy. If detailed questions are asked, refer to the other templates created as a part of this blueprint. Record those concerns and address them at a later time.
    4. After presenting the EA strategy, ask the stakeholders for approval. If stakeholders do not approve, refer back to the concerns documented in step 3 and inquire if addressing the concerns will result in approval.
    5. If applicable, address stakeholder concerns with the EA strategy.
    6. Once EA strategy has been approved, publish the EA strategy to ensure there is a mutual understanding of what the EA function will provide to the organization. Move on to Info-Tech’s Define an EA Operating Model blueprint to begin executing upon the EA strategy.

    Use the EA Function Strategy Template to assist with this activity.

    4.2.2 Map the EA contributions to the business goals

    3 hours

    Input: Expertise from EA strategy creation team

    Output: Service details for each EA service in your organization

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Map EA contributions/services to the goals of the organization.

    1. Start from the business goals of the organization.
    2. Determine Business and IT drivers.
    3. Identify EA contributions that help achieve the business goals.

    Download the EA Service Planning Tool to assist with this activity.

    Trace EA drivers to business goals (sample)

    A model connecting 'Enterprise Architecture' with 'Corporate Goals' through 'EA Contributions'.

    4.2.3 Quantify the EA effectiveness

    1 hour

    Input: Expertise from EA strategy creation team

    Output: Defined KPIs (SMART)

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Use SMART key performance indicators (KPIs) to measure EA contributions vis-à-vis business goals.

    Measure the EA strategy effectiveness by tracking the benefits it provides to the corporate business goals

    The success of the EA function spans across three main dimensions:

    • The delivery of EA-enabled business outcomes that are most important to the enterprise.
    • The alignment between the business and IT from a planning perspective.
    • Improvements in the corporate business goals due to EA contributions (standardization, rationalization, reuse, etc.).
    Corporate Business GoalsEA ContributionsMeasurements
    • Reduction in operating costs
    • Decrease in regulatory compliance infractions
    • Increased revenue from existing channels
    • Increased revenue from new channels
    • Faster time to business value
    • Improved business agility
    • Reduction in enterprise risk exposure
    • Alignment of IT investments to business strategy
    • Achievement of business results directly linked to IT involvement
    • Application and platform rationalization
    • Standards in place
    • Flexible architecture
    • Better integration
    • Higher organizational satisfaction with technology-enabled services and solutions
    • Cost reductions based on application and platform rationalization
    • Standard based solutions
    • Time reduction for integration
    • Service reused
    • Stakeholder satisfaction with EA services
    • Increase customer satisfaction
    • Rework minimized
    • Lower cost of integration
    • Risk reduction
    • Faster time to market
    • Better scalability, etc.

    The oil and gas company began the EA strategy creation by crafting an EA value proposition

    CASE STUDY

    Industry: Oil & Gas
    Source: Info-Tech

    Challenge

    The oil and gas corporation faced a great challenge in communicating the role of enterprise architecture to the organization. Although it has the mandate from the CIO to create the EA function, there was no function in existence. Thus, few people in the organization understood EA.

    Because of this lack of understanding, the EA function was often undermined. The EA function was seen as an order taker that provided some services to the organization.

    Solution

    First, Info-Tech worked with the enterprise architecture team to define the EA stakeholders in the organization.

    Second, Info-Tech interviewed those stakeholders to identify their needs. The needs were analyzed and pains that would obstruct addressing those needs were identified.

    Lastly, Info-Tech worked with the team to identify common EA contributions that would solve those pains.

    Results

    Through this process, Info-Tech helped the team at the oil and gas company create a document that could communicate the value of EA. Specifically, the document could articulate the issues obstructing each stakeholder from achieving their needs and how enterprise architecture could solve them.

    With this value proposition, EA was able to demonstrate value to important stakeholders and set itself up for success in its future endeavors.

    The oil and gas company defined EA services to provide and communicate value to the organization

    CASE STUDY

    Industry: Oil & Gas
    Source: Info-Tech

    Challenge

    As a brand new enterprise architecture function, the EA function at the oil and gas corporation did not have a set of defined EA services. Because of this lack of EA services, the organization did not know what contributions EA could provide.

    Further, without the definition of EA services, the EA function did not set out explicit expectations to the business. This caused expectations from the business to be different from those of the EA function, resulting in friction.

    Solution

    Info-Tech worked with the EA function at the oil and gas corporation to define a set of EA services the function could provide.

    The Info-Tech team, along with the organization, assessed the business and technology needs of the stakeholder. Those needs acted as the basis for the EA function to create their initial services.

    Additionally, Info-Tech worked with the team to define the service details (e.g. service benefits, service requestor, service provider) to communicate how to provide services to the business.

    Results

    The defined EA services led the EA function to communicate what it could provide for the business. As well, the defined services clarified the level of expectation for the business.

    The EA team was able to successfully service the business on future projects, adding value through their expertise and knowledge of the organization’s systems. Because of the demonstrated value, EA has been given greater responsibility throughout the organization.

    4.2.4 Determine the role of the architect in the Agile ceremonies of the organization

    1 hour

    Input: Expertise from EA strategy creation team

    Output: Participation in Agile Pre- and Post-PI, Architect Syncs, etc.

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Document the involvement of the enterprise architect in your organization’s Agile ceremonies.

    1. Document the Agile ceremonial used in the organization (based on SAFe or other Agile approaches).
    2. Determine ceremonies the System Architect will participate in.
    3. Determine ceremonies the Solution Architect will participate in
    4. Determine ceremonies the Enterprise Architect will participate in.
    5. Determine Architect Syncs, etc.

    Note: Roles and responsibilities can be further defined as part of the Agile Enterprise Operating Model.

    The EA role relative to agility

    The enterprise architecture role relative to agility specifies the architecture roles as well as the agile protocols they will participate in.
    This statement will guide every architect’s participation in planning meetings, pre- and post-PI, syncs, etc. Use simple and concise terminology; speak loudly and clearly.

    A strong EA role statement relative to agility has the following characteristics:

    • Describes what different architect roles do to achieve the vision of the organization
    • In an agile way
    • Compelling
    • Easy to grasp
    • Sharply focused
    • Specific
    • Concise

    Sample EA mission relative to agility

    • Create strategies that provide guardrails for the organization, provide standards, reusable assets, accelerators, and other decisions at the enterprise level that support agility.
    • Participate in pre-PI and post-PI planning activities, architect syncs, etc.

    A clear statement can include additional details surrounding the Enterprise Architect role relative to agility

    Likewise, below is a sample of connecting keywords together to form an enterprise architect role statement, relative to agility.

    Optimize, transform, and innovate by defining and implementing the [Company]’s target enterprise architecture in an agile way.

    Optimize – We collaborate with the business to analyze and optimize business capabilities and business processes to enable the agile and efficient attainment of [Company name] business objectives.

    Transform – We support IT-enabled business transformation programs by building and maintaining a shared vision of the future-state enterprise and consistently communicating it to stakeholders.

    Innovate – We identify and develop new and creative opportunities for IT to enable the business. We communicate the art of the possible to the business.

    Defining and implementing – We engage with project teams early and guide solution design and selection to ensure alignment to the target-state enterprise architecture and provide guidance as well as accelerators.

    Target enterprise structure in an agile way – We analyze business needs and priorities and assess the current state of the enterprise. We build and maintain the target enterprise architecture blueprints that define:

    • Business capabilities and processes (business architecture)
    • Data, application, and technology assets that enable business capabilities and processes (technology architecture)
    • Architecture principles
    • Standards and reusable assets
    • Continuous exploration, integration, and deployment

    Move to the enterprise architecture operating model blueprint to execute your EA strategy

    Once approved, move on to Info-Tech’s Define an EA Operating Model blueprint to begin executing on the EA strategy.

    Enterprise architecture strategy

    This blueprint focuses on setting up an enterprise architecture function, with the goal of maximizing the likelihood of EA success. The blueprint puts into place the components that will align the EA function with the needs of the stakeholders, guide the decision making of the EA function, and define the services EA can provide to the organization.

    Agile enterprise architecture operating model

    An EA operating model helps you design and organize the EA function, ensuring adherence to architectural standards and delivery of EA services. This blueprint acts on the EA strategy by creating methods to engage, govern, and develop architecture as a part of the larger organization.

    Research contributors and experts

    Photo of Milena Litoiu, Senior Director Research and Advisory, Enterprise Architecture Milena Litoiu
    Senior Director Research and Advisory, Enterprise Architecture
    • Milena Litoiu is a Principal/Senior Manager of Enterprise Architecture. She is Master Certified with The Open Group and she sits on global architecture certification boards.
    • Other certifications include SABSA, CRISC, and Scaled Agile Framework. She started as a certified IT Architect at IBM and has over 25 years experience in this field.
    • Milena teaches enterprise architecture at the University of Toronto and led the development of the Enterprise Architecture Certificate (a course on EA fundamentals, one on EA development and Governance, and one on Trends going forward).
    • She has a Masters in Engineering, an executive MBA, and extensive experience in enterprise architecture as well as methodologies and tools.
    Photo of Lan Nguyen, IT Executive, Mentor, Managing Partner at CIOs Beyond Borders Group Lan Nguyen
    IT Executive, Mentor, Managing Partner at CIOs Beyond Borders Group
    • Lan Nguyen has a wealth of experience driving the EA strategy and the digital transformation success at the City of Toronto.
    • Lan is a university lecturer on topics like strategic leadership in the digital enterprise.
    • Lan is a Managing Partner at CIOs Beyond Borders Group.
    • Lan specializes in Partnership Development; Governance; Strategic Planning, Business Development; Government Relations; Business Relationship Management; Leadership Development; Organizational Agility and Change Management; Talent Management; Managed Services; Digital Transformation; Strategic Management of Enterprise IT; Shared Services; Service Quality Improvement, Portfolio Management; Community Development; and Social Enterprise.


    Photo of Dirk Coetsee, Director Research and Advisory, Enterprise Architecture, Data & Analytics Dirk Coetsee
    Director Research and Advisory, Enterprise Architecture, Data & Analytics
    • Dirk Coetsee is a Research & Advisory Director in the Data & Analytics practice. Dirk has over 25 years of experience in data management and architecture within a wide range of industries, especially Financial Services, Manufacturing, and Retail.
    • Dirk spearheaded data architecture at several organizations and was involved in enterprise data architecture, data governance, and data quality and analytics. He architected many operational data stores of ranging complexity and transaction volumes and was part of major enterprise data warehouse initiatives. Lately, he was part of projects that implemented big data, enterprise service bus, and micro services architectures. Dirk has an in-depth knowledge of industry models within the financial and retail spaces.
    • Dirk holds a BSc (Hons) in Operational Research and an MBA with specialization in Financial Services from the University of Pretoria, South Africa.
    Photo of Andy Neill, AVP, Enterprise Architecture, Data and Analytics Andy Neill
    AVP, Enterprise Architecture, Data and Analytics
    • Andy is AVP Data and Analytics and Chief Enterprise Architect at Info-Tech Research Group. Previous roles include leading the data architecture practice for Loblaw Companies Ltd, Shoppers Drug Mart and 360 Insights in Canada as well as leading architecture practices at Siemens consultancy, BBC, NHS, Ordnance Survey, and Houses of Parliament and Commons in the UK.
    • His responsibilities at Info-Tech include leading the data and analytics and enterprise architecture research practices and guiding the future of research and client engagement in that space.
    • Andy is the Product Owner for the Technical Counselor seat offering at Info-Tech, which gives world-class holistic support to our senior technical members.
    • He is also a instructor and content creator for the University of Toronto in the field of Enterprise Architecture.


    Photo of Wayne Filin-Matthews, Chief Enterprise Architect, ICMG Winner of Global Chief Enterprise Architect of the Year 2019 Wayne Filin-Matthews
    Chief Enterprise Architect, ICMG Winner of Global Chief Enterprise Architect of the Year 2019
    • Wayne is currently the EA Discipline Lead/Chief Enterprise Architect – Global Digital Transformation Office, COE at Dell Technologies.
    • He is a distinguished Motivator & Tech Lead as well as an influencer.
    • Wayne has led multiple Enterprise Architecture practices at the global level and has valuable contributions in this space managing and growing Enterprise Architecture and CTO practices across strategy, execution, and adoption parts of the IT lifecycle.
    Photo of Graham Smith, Experienced lead Enterprise Architect and Independent Consultant Graham Smith
    Experienced lead Enterprise Architect and Independent Consultant
    • Graham is an experienced lead enterprise architect specializing in digital and data transformation, with over 33 years of experience, spanning financial markets, media, information, insurance, and telecommunications sectors. Graham has successfully established and led large teams across India, China, Australia, Americas, Japan, and the UK.
    • He is currently working as an independent consultant in digital and data-led transformation and his work spans established businesses and start-ups alike.

    Thanks also go to all experts who contributed to previous versions of this document:

    • Zachary Curry, Director, Enterprise Architecture and Innovation, FMC Technologies
    • Pam Doucette, Director of Enterprise Architecture, Tufts Health Plan
    • Joe Evers, Consulting Principal, JcEvers Consulting Corp
    • Cameron Fairbairn, Enterprise Architect, Agriculture Financial Services Corporation (AFSC)
    • Michael Fulton, Chief Digital Officer & Senior IT Strategy & Architecture Consultant at CC and C Solutions
    • Tom Graves, Principal Consultant, Tetradian Consulting
    • (JB) Brahmaiah Jarugumilli, Consultant, Federal Aviation Administration – Enterprise Services Center
    • Huw Morgan, IT Research Executive, Enterprise Architect
    • Serge Parisien, Manager, Enterprise Architecture, Canada Mortgage & Housing Corporation

    Additional interviews were conducted but are not listed due to privacy and confidentiality requirements.

    Bibliography

    “Agile Manifesto for Software Development,” Ward Cunningham, 2001. Accessed July 2021.

    “ArchiMate 3.1 Specification.” The Open Group, n.d. Accessed July 2021.

    “Are Your IT Strategy and Business Strategy Aligned?” 5Q Partners, 8 Jan. 2015. Accessed Oct. 2016.

    Bowen, Fillmore. “How agile companies create and sustain high ROI.” IBM. Accessed Oct. 2016.

    Burns, Peter, et al. Building Value through Enterprise Architecture: A Global Study. Booz & Co. 2009. Web. Nov. 2016.

    “Demonstrating the Value of Enterprise Architecture in Delivering Business Capabilities.” Cisco, 2008. Web. Oct. 2016.

    “Disciplined Agile.” Disciplined Agile Consortium, n.d. Web.

    Fowler, Martin. “Building Effective software.” MartinFowler.com. Accessed July 2021.

    Fowler, Martin. “Agile Software Guide.” MartinFowler.com, 1 Aug. 2019.

    Accessed July 2021.

    Haughey, Duncan. “SMART Goals.” Project Smart, 2014. Accessed July 2021.

    Kern, Matthew. “20 Enterprise Architecture Practices.” LinkedIn, 3 March 2016. Accessed Nov. 2016.

    Lahanas, Stephen. “Infrastructure Architecture, Defined.” IT Architecture Journal, Sept. 2014. Accessed July 2021.

    Lean IX website, Accessed July 2021.

    Litoiu, Milena. Course material from Information Technology 2690: Foundations of Enterprise Architecture, 2021, University of Toronto.

    Mocker, M., J.W. Ross, and C.M. Beath. “How Companies Use Digital Technologies to Enhance Customer Findings.” MIT CISR Working Paper No. 434, Feb. 2019. Qtd in Mayor, Tracy. “MIT expert recaps 30-plus years of enterprise architecture.” MIT Sloan, 10 Aug. 2020. Web.

    “Open Agile ArchitectureTM.” The Open Group, 2020. Accessed July 2021.

    “Organizational Design Framework – The Transformation Model.” The Center for Organizational Design, n.d. Accessed 1 Aug. 2020.

    Ross, Jeanne W. et al. Enterprise Architecture as Strategy: Creating a Foundation for Business Execution. Harvard Business School Press, 2006.

    Rouse, Margaret. “Enterprise Architecture (EA).” SearchCIO, June 2007. Accessed Nov. 2016.

    “SAFe 5 for Lean Enterprises.” Scaled Agile Framework, Scaled Agile, Inc. Accessed 2021.

    “Security Architecture.” Technopedia, updated 20 Dec. 2016. Accessed July 2021.

    “Software Engineering Institute.” Carnegie Mellon University, n.d. Web.

    “TOGAF 9.1.” The Open Group, 2011. Accessed Oct. 2016.

    “TOGAF 9.2.” The Open Group, 2018. Accessed July 2021.

    Thompson, Rachel. “Stakeholder Analysis: Winning Support for Your Projects.” MindTools, n.d. Accessed July 2021.

    Wendt, Jerome M. “Redefining ‘SMB’, ‘SME’ and ‘Large Enterprise.’” DCIG, 25 Mar. 2011. Accessed July 2021.

    Wilkinson, Jim. “Business Drivers.” The Strategic CFO, 23 July 2013. Accessed July 2021.

    Zachman, John. “Conceptual, Logical, Physical: It is Simple.” Zachman International, 2011. Accessed July 2021.

    Domino – Maintain, Commit to, or Vacate?

    • Buy Link or Shortcode: {j2store}113|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design

    If you have a Domino/Notes footprint that is embedded within your business units and business processes and is taxing your support organization, you may have met resistance from the business and been asked to help the organization migrate away from the Lotus Notes platform. The Lotus Notes platform was long used by technology and businesses and a multipurpose solution that, over the years, became embedded within core business applications and processes.

    Our Advice

    Critical Insight

    For organizations that are struggling to understand their options for the Domino platform, the depth of business process usage is typically the biggest operational obstacle. Migrating off the Domino platform is a difficult option for most organizations due to business process and application complexity. In addition, migrating clients have to resolve the challenges with more than one replaceable solution.

    Impact and Result

    The most common tactic is for the organization to better understand their Domino migration options and adopt an application rationalization strategy for the Domino applications entrenched within the business. Options include retiring, replatforming, migrating, or staying with your Domino platform.

    Domino – Maintain, Commit to, or Vacate? Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Domino – Maintain, Commit to, or Vacate? – A brief deck that outlines key migration options for HCL Domino platforms.

    This blueprint will help you assess the fit, purpose, and price of Domino options; develop strategies for overcoming potential challenges; and determine the future of Domino for your organization.

    • Domino – Maintain, Commit to, or Vacate? Storyboard

    2. Application Rationalization Tool – A tool to understand your business-developed applications, their importance to business process, and the potential underlying financial impact.

    Use this tool to input the outcomes of your various application assessments.

    • Application Rationalization Tool
    [infographic]

    Further reading

    Domino – Maintain, Commit to, or Vacate?

    Lotus Domino still lives, and you have options for migrating away from or remaining with the platform.

    Executive Summary

    Info-Tech Insight

    “HCL announced that they have somewhere in the region of 15,000 Domino customers worldwide, and also claimed that that number is growing. They also said that 42% of their customers are already on v11 of Domino, and that in the year or so since that version was released, it’s been downloaded 78,000 times. All of which suggests that the Domino platform is, in fact, alive and well.”
    – Nigel Cheshire in Team Studio

    Your Challenge

    You have a Domino/Notes footprint embedded within your business units and business processes. This is taxing your support organization; you are meeting resistance from the business, and you are now asked to help the organization migrate away from the Lotus Notes platform. The Lotus Notes platform was long used by technology and businesses as a multipurpose solution that, over the years, became embedded within core business applications and processes.

    Common Obstacles

    For organizations that are struggling to understand their options for the Domino platform, the depth of business process usage is typically the biggest operational obstacle. Migrating off the Domino platform is a difficult option for most organizations due to business process and application complexity. In addition, migrating clients have to resolve the challenges with more than one replaceable solution.

    Info-Tech Approach

    The most common tactic is for the organization to better understand their Domino migration options and adopt an application rationalization strategy for the Domino applications entrenched within the business. Options include retiring, replatforming, migrating, or staying with your Domino platform.

    Review

    Is “Lotus” Domino still alive?

    Problem statement

    The number of member engagements with customers regarding the Domino platform has, as you might imagine, dwindled in the past couple of years. While many members have exited the platform, there are still many members and organizations that have entered a long exit program, but with how embedded Domino is in business processes, the migration has slowed and been met with resistance. Some organizations had replatformed the applications but found that the replacement target state was inadequate and introduced friction because the new solution was not a low-code/business-user-driven environment. This resulted in returning the Domino platform to production and working through a strategy to maintain the environment.

    This research is designed for:

    • IT strategic direction decision-makers
    • IT managers responsible for an existing Domino platform
    • Organizations evaluating migration options for mission-critical applications running on Domino

    This research will help you:

    1. Evaluate migration options.
    2. Assess the fit and purpose.
    3. Consider strategies for overcoming potential challenges.
    4. Determine the future of this platform for your organization.

    The “everything may work” scenario

    Adopt and expand

    Believe it or not, Domino and Notes are still options to consider when determining a migration strategy. With HCL still committed to the platform, there are options organizations should seek to better understand rather than assuming SharePoint will solve all. In our research, we consider:

    Importance to current business processes

    • Importance of use
    • Complexity in migrations
    • Choosing a new platform

    Available tools to facilitate

    • Talent/access to skills
    • Economies of scale/lower cost at scale
    • Access to technology

    Info-Tech Insight

    With multiple options to consider, take the time to clearly understand the application rationalization process within your decision making.

    • Archive/retire
    • Application migration
    • Application replatform
    • Stay right where you are

    Eliminate your bias – consider the advantages

    “There is a lot of bias toward Domino; decisions are being made by individuals who know very little about Domino and more importantly, they do not know how it impacts business environment.”

    – Rob Salerno, Founder & CTO, Rivet Technology Partners

    Domino advantages include:

    Modern Cloud & Application

    • No-code/low-code technology

    Business-Managed Application

    • Business written and supported
    • Embrace the business support model
    • Enterprise class application

    Leverage the Application Taxonomy & Build

    • A rapid application development platform
    • Develop skill with HCL training

    HCL Domino is a supported and developed platform

    Why consider HCL?

    • Consider scheduling a Roadmap Session with HCL. This is an opportunity to leverage any value in the mission and brand of your organization to gain insights or support from HCL.
    • Existing Domino customers are not the only entities seeking certainty with the platform. Software solution providers that support enterprise IT infrastructure ecosystems (backup, for example) will also be seeking clarity for the future of the platform. HCL will be managing these relationships through the channel/partner management programs, but our observations indicate that Domino integrations are scarce.
    • HCL Domino should be well positioned feature-wise to support low-code/NoSQL demands for enterprises and citizen developers.

    Visualize Your Application Roadmap

    1. Focus on the application portfolio and crafting a roadmap for rationalization.
      • The process is intended to help you determine each application’s functional and technical adequacy for the business process that it supports.
    2. Document your findings on respective application capability heatmaps.
      • This drives your organization to a determination of application dispositions and provides a tool to output various dispositions for you as a roadmap.
    3. Sort the application portfolio into a disposition status (keep, replatform, retire, consolidate, etc.)
      • This information will be an input into any cloud migration or modernization as well as consolidation of the infrastructure, licenses, and support for them.

    Our external support perspective

    by Darin Stahl

    Member Feedback

    • Some members who have remaining Domino applications in production – while the retire, replatform, consolidate, or stay strategy is playing out – have concerns about the challenges with ongoing support and resources required for the platform. In those cases, some have engaged external services providers to augment staff or take over as managed services.
    • While there could be existing support resources (in house or on retainer), the member might consider approaching an external provider who could help backstop the single resource or even provide some help with the exit strategies. At this point, the conversation would be helpful in any case. One of our members engaged an external provider in a Statement of Work for IBM Domino Administration focused on one-time events, Tier 1/Tier 2 support, and custom ad hoc requests.
    • The augmentation with the managed services enabled the member to shift key internal resources to a focus on executing the exit strategies (replatform, retire, consolidate), since the business knowledge was key to that success.
    • The member also very aggressively governed the Domino environment support needs to truly technical issues/maintenance of known and supported functionality rather than coding new features (and increasing risk and cost in a migration down the road) – in short, freezing new features and functionality unless required for legal compliance or health and safety.
    • There obviously are other providers, but at this point Info-Tech no longer maintains a market view or scan of those related to Domino due to low member demand.

    Domino database assessments

    Consider the database.

    • Domino database assessments should be informed through the lens of a multi-value database, like jBase, or an object system.
    • The assessment of the databases, often led by relational database subject matter experts grounded in normalized databases, can be a struggle since Notes databases must be denormalized.
    Key/Value Column

    Use case: Heavily accessed, rarely updated, large amounts of data
    Data Model: Values are stored in a hash table of keys.
    Fast access to small data values, but querying is slow
    Processor friendly
    Based on amazon's Dynamo paper
    Example: Project Voldemort used by LinkedIn

    this is a Key/Value example

    Use case: High availability, multiple data centers
    Data Model: Storage blocks of data are contained in columns
    Handles size well
    Based on Google's BigTable
    Example: Hadoop/Hbase used by Facebook and Yahoo

    This is a Column Example
    Document Graph

    Use case: Rapid development, Web and programmer friendly
    Data Model: Stores documents made up of tagged elements. Uses Key/Value collections
    Better query abilities than Key/Value databases.
    Inspired by Lotus Notes.
    Example: CouchDB used by BBC

    This is a Document Example

    Use case: Best at dealing with complexity and relationships/networks
    Data model: Nodes and relationships.
    Data is processed quickly
    Inspired by Euler and graph theory
    Can easily evolve schemas
    Example: Neo4j

    This is a Graph Example

    Understand your options

    Archive/Retire

    Store the application data in a long-term repository with the means to locate and read it for regulatory and compliance purposes.

    Migrate

    Migrate to a new version of the application, facilitating the process of moving software applications from one computing environment to another.

    Replatform

    Replatforming is an option for transitioning an existing Domino application to a new modern platform (i.e. cloud) to leverage the benefits of a modern deployment model.

    Stay

    Review the current Domino platform roadmap and understand HCL’s support model. Keep the application within the Domino platform.

    Archive/retire

    Retire the application, storing the application data in a long-term repository.

    Abstract

    The most common approach is to build the required functionality in whatever new application/solution is selected, then archive the old data in PDFs and documents.

    Typically this involves archiving the data and leveraging Microsoft SharePoint and the new collaborative solutions, likely in conjunction with other software-as-a-service (SaaS) solutions.

    Advantages

    • Reduce support cost.
    • Consolidate applications.
    • Reduce risk.
    • Reduce compliance and security concerns.
    • Improve business processes.

    Considerations

    • Application transformation
    • eDiscovery costs
    • Legal implications
    • Compliance implications
    • Business process dependencies

    Info-Tech Insights

    Be aware of the costs associated with archiving. The more you archive, the more it will cost you.

    Application migration

    Migrate to a new version of the application

    Abstract

    An application migration is the managed process of migrating or moving applications (software) from one infrastructure environment to another.

    This can include migrating applications from one data center to another data center, from a data center to a cloud provider, or from a company’s on-premises system to a cloud provider’s infrastructure.

    Advantages

    • Reduce hardware costs.
    • Leverage cloud technologies.
    • Improve scalability.
    • Improve disaster recovery.
    • Improve application security.

    Considerations

    • Data extraction, starting from the document databases in NSF format and including security settings about users and groups granted to read and write single documents, which is a powerful feature of Lotus Domino documents.
    • File extraction, starting from the document databases in NSF format, which can contain attachments and RTF documents and embedded files.
    • Design of the final relational database structure; this activity should be carried out without taking into account the original structure of the data in Domino files or the data conversion and loading, from the extracted format to the final model.
    • Design and development of the target-state custom applications based on the new data model and the new selected development platform.

    Application replatform

    Transition an existing Domino application to a new modern platform

    Abstract

    This type of arrangement is typically part of an application migration or transformation. In this model, client can “replatform” the application into an off-premises hosted provider platform. This would yield many benefits of cloud but in a different scaling capacity as experienced with commodity workloads (e.g. Windows, Linux) and the associated application.

    Two challenges are particularly significant when migrating or replatforming Domino applications:

    • The application functionality/value must be reproduced/replaced with not one but many applications, either through custom coding or a commercial-off-the-shelf/SaaS solution.
    • Notes “databases” are not relational databases and will not migrate simply to an SQL database while retaining the same business value. Notes databases are essentially NoSQL repositories and are difficult to normalize.

    Advantages

    • Leverage cloud technologies.
    • Improve scalability.
    • Align to a SharePoint platform.
    • Improve disaster recovery.
    • Improve application security.

    Considerations

    • Application replatform resource effort
    • Network bandwidth
    • New platform terms and conditions
    • Secure connectivity and communication
    • New platform security and compliance
    • Degree of complexity

    Info-Tech Insights

    There is a difference between a migration and a replatform application strategy. Determine which solution aligns to the application requirements.

    Stay with HCL

    Stay with HCL, understanding its future commitment to the platform.

    Abstract

    Following the announced acquisition of IBM Domino and up until around December 2019, HCL had published no future roadmap for the platform. The public-facing information/website at the time stated that HCL acquired “the product family and key lab services to deliver professional services.” Again, there was no mention or emphasis on upcoming new features for the platform. The product offering on their website at the time stated that HCL would leverage its services expertise to advise clients and push applications into four buckets:

    1. Replatform
    2. Retire
    3. Move to cloud
    4. Modernize

    That public-facing messaging changed with release 11.0, which had references to IBM rebranded to HCL for the Notes and Domino product – along with fixes already inflight. More information can be found on HCL’s FAQ page.

    Advantages

    • Known environment
    • Domino is a supported platform
    • Domino is a developed platform
    • No-code/low-code optimization
    • Business developed applications
    • Rapid application framework

    This is the HCL Domino Logo

    Understand your tools

    Many tools are available to help evaluate or migrate your Domino Platform. Here are a few common tools for you to consider.

    Notes Archiving & Notes to SharePoint

    Summary of Vendor

    “SWING Software delivers content transformation and archiving software to over 1,000 organizations worldwide. Our solutions uniquely combine key collaborative platforms and standard document formats, making document production, publishing, and archiving processes more efficient.”*

    Tools

    Lotus Notes Data Migration and Archiving: Preserve historical data outside of Notes and Domino

    Lotus Note Migration: Replacing Lotus Notes. Boost your migration by detaching historical data from Lotus Notes and Domino.

    Headquarters

    Croatia

    Best fit

    • Application archive and retire
    • Migration to SharePoint

    This is an image of the SwingSoftware Logo

    * swingsoftware.com

    Domino Migration to SharePoint

    Summary of Vendor

    “Providing leading solutions, resources, and expertise to help your organization transform its collaborative environment.”*

    Tools

    Notes Domino Migration Solutions: Rivit’s industry-leading solutions and hardened migration practice will help you eliminate Notes Domino once and for all.

    Rivive Me: Migrate Notes Domino applications to an enterprise web application

    Headquarters

    Canada

    Best fit

    • Application Archive & Retire
    • Migration to SharePoint

    This is an image of the RiVit Logo

    * rivit.ca

    Lotus Notes to M365

    Summary of Vendor

    “More than 300 organizations across 40+ countries trust skybow to build no-code/no-compromise business applications & processes, and skybow’s community of customers, partners, and experts grows every day.”*

    Tools

    SkyBow Studio: The low-code platform fully integrated into Microsoft 365

    Headquarters:

    Switzerland

    Best fit

    • Application Archive & Retire
    • Migration to SharePoint

    This is an image of the SkyBow Logo

    * skybow.com | About skybow

    Notes to SharePoint Migration

    Summary of Vendor

    “CIMtrek is a global software company headquartered in the UK. Our mission is to develop user-friendly, cost-effective technology solutions and services to help companies modernize their HCL Domino/Notes® application landscape and support their legacy COBOL applications.”*

    Tools

    CIMtrek SharePoint Migrator: Reduce the time and cost of migrating your IBM® Lotus Notes® applications to Office 365, SharePoint online, and SharePoint on premises.

    Headquarters

    United Kingdom

    Best fit

    • Application replatform
    • Migration to SharePoint

    This is an image of the CIMtrek Logo

    * cimtrek.com | About CIMtrek

    Domino replatform/Rapid application selection framework

    Summary of Vendor

    “4WS.Platform is a rapid application development tool used to quickly create multi-channel applications including web and mobile applications.”*

    Tools

    4WS.Platform is available in two editions: Community and Enterprise.
    The Platform Enterprise Edition, allows access with an optional support pack.

    4WS.Platform’s technical support provides support services to the users through support contracts and agreements.

    The platform is a subscription support services for companies using the product which will allow customers to benefit from the knowledge of 4WS.Platform’s technical experts.

    Headquarters

    Italy

    Best fit

    • Application replatform

    This is an image of the 4WS PLATFORM Logo

    * 4wsplatform.org

    Activity

    Understand your Domino options

    Application Rationalization Exercise

    Info-Tech Insight

    Application rationalization is the perfect exercise to fully understand your business-developed applications, their importance to business process, and the potential underlying financial impact.

    This activity involves the following participants:

    • IT strategic direction decision-makers.
    • IT managers responsible for an existing Domino platform
    • Organizations evaluating platforms for mission-critical applications.

    Outcomes of this step:

    • Completed Application Rationalization Tool

    Application rationalization exercise

    Use this Application Rationalization Tool to input the outcomes of your various application assessments

    In the Application Entry tab:

    • Input your application inventory or subset of apps you intend to rationalize, along with some basic information for your apps.

    In the Business Value & TCO Comparison tab, determine rationalization priorities.

    • Input your business value scores and total cost of ownership (TCO) of applications.
    • Review the results of this analysis to determine which apps should require additional analysis and which dispositions should be prioritized.

    In the Disposition Selection tab:

    • Add to or adapt our list of dispositions as appropriate.

    In the Rationalization Inputs tab:

    • Add or adapt the disposition criteria of your application rationalization framework as appropriate.
    • Input the results of your various assessments for each application.

    In the Disposition Settings tab:

    • Add or adapt settings that generate recommended dispositions based on your rationalization inputs.

    In the Disposition Recommendations tab:

    • Review and compare the rationalization results and confirm if dispositions are appropriate for your strategy.

    In the Timeline Considerations tab:

    • Enter the estimated timeline for when you execute your dispositions.

    In the Portfolio Roadmap tab:

    • Review and present your roadmap and rationalization results.

    Follow the instructions to generate recommended dispositions and populate an application portfolio roadmap.

    This image depicts a scatter plot graph where the X axis is labeled Business Value, and the Y Axis is labeled Cost. On the graph, the following datapoints are displayed: SF; HRIS; ERP; ALM; B; A; C; ODP; SAS

    Info-Tech Insight

    Watch out for misleading scores that result from poorly designed criteria weightings.

    Related Info-Tech Research

    Build an Application Rationalization Framework

    Manage your application portfolio to minimize risk and maximize value.

    Embrace Business-Managed Applications

    Empower the business to implement their own applications with a trusted business-IT relationship.

    Satisfy Digital End Users With Low- and No-Code

    Extend IT, automation, and digital capabilities to the business with the right tools, good governance, and trusted organizational relationships.

    Maximize the Benefits from Enterprise Applications with a Center of Excellence

    Optimize your organization’s enterprise application capabilities with a refined and scalable methodology.

    Drive Successful Sourcing Outcomes With a Robust RFP Process

    Leverage your vendor sourcing process to get better results.

    Research Authors

    Darin Stahl, Principal Research Advisor, Info-Tech Research Group

    Darin Stahl, Principal Research Advisor,
    Info-Tech Research Group

    Darin is a Principal Research Advisor within the Infrastructure practice, leveraging 38+ years of experience. His areas of focus include IT operations management, service desk, infrastructure outsourcing, managed services, cloud infrastructure, DRP/BCP, printer management, managed print services, application performance monitoring, managed FTP, and non-commodity servers (zSeries, mainframe, IBM i, AIX, Power PC).

    Troy Cheeseman, Practice Lead, Info-Tech Research Group

    Troy Cheeseman, Practice Lead,
    Info-Tech Research Group

    Troy has over 24 years of experience and has championed large enterprise-wide technology transformation programs, remote/home office collaboration and remote work strategies, BCP, IT DRP, IT operations and expense management programs, international right placement initiatives, and large technology transformation initiatives (M&A). Additionally, he has deep experience working with IT solution providers and technology (cloud) startups.

    Research Contributors

    Rob Salerno, Founder & CTO, Rivit Technology Partners

    Rob Salerno, Founder & CTO, Rivit Technology Partners

    Rob is the Founder and Chief Technology Strategist for Rivit Technology Partners. Rivit is a system integrator that delivers unique IT solutions. Rivit is known for its REVIVE migration strategy which helps companies leave legacy platforms (such as Domino) or move between versions of software. Rivit is the developer of the DCOM Application Archiving solution.

    Bibliography

    Cheshire, Nigel. “Domino v12 Launch Keeps HCL Product Strategy On Track.” Team Studio, 19 July 2021. Web.

    “Is LowCode/NoCode the best platform for you?” Rivit Technology Partners, 15 July 2021. Web.

    McCracken, Harry. “Lotus: Farewell to a Once-Great Tech Brand.” TIME, 20 Nov. 2012. Web.

    Sharwood, Simon. “Lotus Notes refuses to die, again, as HCL debuts Domino 12.” The Register, 8 June 2021. Web.

    Woodie, Alex. “Domino 12 Comes to IBM i.” IT Jungle, 16 Aug. 2021. Web.

    Identify and Manage Operational Risk Impacts on Your Organization

    • Buy Link or Shortcode: {j2store}230|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management

    More than any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.

    A new threat will impact your organization's operations at some point. Make sure your plans are flexible enough to manage the inevitable consequences and that you understand where those threats may originate.

    Our Advice

    Critical Insight

    • Identifying and managing a vendor’s potential operational impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes may affect operations.
    • Organizational leadership is often taken unaware during crises, and their plans lack the flexibility to adjust to significant market upheavals.

    Impact and Result

    Vendor management practices educate organizations on the different potential risks from vendors in your market and suggest creative and alternative ways to avoid and help manage them.

    • Prioritize and classify your vendors with quantifiable, standardized rankings.
    • Prioritize focus on your high-risk vendors.
    • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts with our Operational Risk Impact Tool.

    Identify and Manage Operational Risk Impacts on Your Organization Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and Manage Operational Risk Impacts to Your Organization Storyboard – Use this research to better understand the negative impacts of vendor actions to your brand reputation.

    Use this research to identify and quantify the potential operational impacts caused by vendors. Utilize Info-Tech's approach to look at the operational impact from various perspectives to better prepare for issues that may arise.

    • Identify and Manage Operational Risk Impacts to Your Organization Storyboard

    2. Operational Risk Impact Tool – Use this tool to help identify and quantify the operational impacts of negative vendor actions.

    By playing the “what if” game and asking probing questions to draw out – or eliminate - possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    • Operational Risk Impact Tool
    [infographic]

    Further reading

    Identify and Manage Operational Risk Impacts on Your Organization

    Understand internal and external vendor risks to avoid potential disaster.

    Analyst perspective

    Organizations need to be aware of the operational damage vendors may cause to plan around those impacts effectively.

    Frank Sewell

    Organizations must be mindful that operational risks come from internal and external vendor sources. Missing either component in the overall risk assessment can significantly impact day-to-day business processes that cost revenue, delay projects, and lead to customer dissatisfaction.

    Frank Sewell,

    Research Director, Vendor Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    More than any other time, our world is changing rapidly. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.

    A new threat will impact your organization's operations at some point. Make sure your plans are flexible enough to manage the inevitable consequences and that you understand where those threats may originate.

    Common Obstacles

    Identifying and managing a vendor’s potential operational impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes may affect operations.

    Organizational leadership is often taken unaware during crises, and their plans lack the flexibility to adjust to significant market upheavals.

    Info-Tech's Approach

    Vendor management practices educate organizations on the different potential risks from vendors in your market and suggest creative and alternative ways to avoid and help manage them.

    Prioritize and classify your vendors with quantifiable, standardized rankings.

    Prioritize focus on your high-risk vendors.

    Standardize your processes for identifying and monitoring vendor risks to manage potential impacts with our Operational Risk Impact Tool.

    Info-Tech Insight

    Organizations must evolve their risk assessments to be more adaptive to respond to threats in the market. Ongoing monitoring of the vendors tied to company operations, and understanding where those vendors impact your operations, is imperative to avoiding disasters.

    Info-Tech’s multi-blueprint series on vendor risk assessment

    There are many individual components of vendor risk beyond cybersecurity.

    There are many components to vendor risk, including: Financial, Reputational, Operational, Strategic, Security, Regulatory & Compliance.

    This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.

    Out of Scope:
    This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.

    Operational risk impacts

    Potential losses to the organization due to incidents that affect operations.

    • In this blueprint we’ll explore operational risks, particularly from third-party vendors, and their impacts.
    • Identify potentially disruptive events to assess the overall impact on organizations and implement adaptive measures to identify, manage, and monitor vendor performance.
    Operational

    The world is constantly changing

    The IT market is constantly reacting to global influences. By anticipating changes, leaders can set expectations and work with their vendors to accommodate them.

    When the unexpected happens, being able to adapt quickly to new priorities ensures continued long-term business success.

    Below are some things no one expected to happen in the last few years:

    27%

    Businesses are changing their internal processes around TPRM in response to the Pandemic.

    70%

    Of organizations attribute a third-party breach to too much privileged access.

    85%

    Of breaches involved human factors (phishing, poor passwords, etc.).

    Assess internal and external operational risk impacts

    Due diligence and consistent monitoring are the keys to safeguarding your organization.

    Two sides of the Same Coin

    Internal

    • Poorly vetted supplemental staff
    • Bad system configurations
    • Lack of relevant skills
    • Poor vendor performance
    • Failure to follow established processes
    • Weak contractual accountability
    • Unsupportable or end-of-life system components

    External

    • Cyberattacks
    • Supply Chain Issues
    • Geopolitical Disruptions
    • Vendor Acquisitions
    • N-Party Non-Compliance
    • Vendor Fraud

    Operational risk is the risk of losses caused by flawed or failed processes, policies, systems, or events that disrupt business operations.

    - Wikipedia

    Internal operational risk

    Vendors operating within your secure perimeter can open your organization to substantial risk.

    Frequently monitor your internal process around vendor management to ensure safe operations.

    • Poorly vetted supplemental staff
    • Bad system configurations
    • Lack of relevant skills
    • Poor vendor performance
    • Failure to follow established processes
    • Weak contractual accountability
    • Unsupportable or end-of-life system components

    Info-Tech Insight

    You may have solid policies, but if your employees and vendors are not following them, they will not protect the organization.

    External operational risks

    • Cyberattacks
    • Supplier issues and geopolitical instability
    • Vendor acquisitions
    • N-party vendor non-compliance

    Identify and manage operational risks

    Poorly configured systems

    Failing to ensure that your vendor-supported systems are properly configured and that your vendors are meeting your IT change control and configuration standards is more commonplace than expected. Proper oversight and management of your support vendors are crucial to ensure they are meeting expectations in this regard.

    Failure to follow processes

    Most companies have policies and procedures around IT change and configuration control, security standards, risk management, vendor performance standards, etc. While having these processes is a good start, failure to perform continuous monitoring and management of these leads to increased risks of incidents.

    Supply chain disruptions

    Awareness of the supply chain's complications, and each organization's dependencies, are increasing for everyone. However, most organizations still do not understand the chain of n-party vendors that support their specific vendors or how interruptions in their supply chains could affect them. The 2022 Toyota shutdown due to Kojima is a perfect example of how one essential parts vendor could shut down your operations.

    What to look for

    Identify operational risk impacts

    • Does the vendor have a business continuity plan they will share for your review?
    • Is the vendor operating on old hardware that may be out of warranty or at end of life?
    • Is the vendor operating on older software or shareware that may lack the necessary patches?
    • Does the vendor self-audit, or do they use a vetted third-party audit firm to issue a SOC report annually?
    • Does the vendor have sufficient personnel in acceptable regions to support your operations?
    • Is the vendor willing to make concessions on contractual protections, or are they only offering “one-sided” agreements with “as-is” warranties?

    Operational risks

    Not knowing where your risks come from creates additional risks to operations.

    • Supply chain disruptions and global shortages.
      • Geopolitical disruptions and natural disasters have caused unprecedented interruptions to business. Do you know where your critical vendors are getting their supplies? Are you aware of their business continuity plans to accommodate for those interruptions?
    • Poor vendor performance.
      • Organizations need to understand where vendors are acting in their operations and manage the impact of replacing that vendor and cutting their losses rather than continuing to throw good money away after a bad performance.
    • Vendor acquisitions.
      • A lot of acquisition is going on in the market today. Large companies are buying competitors, imposing new terms on customers, or removing competing products from the market. Understand your options if a vendor is acquired by a company with which you do not wish to be in a relationship.

    It is important to identify where potential risks to your operations may come from to manage and potentially eliminate them from impacting your organization.

    Info-Tech Insight

    Most organizations realize that their vendors could operationally affect them if an incident occurs. Still, they fail to follow the chain of events that might arise from those incidents to understand the impact fully.

    Prepare your vendor risk management for success

    Due diligence will enable successful outcomes.

    1. Obtain top-level buy-in; it is critical to success.
    2. Build enterprise risk management (ERM) through incremental improvement.
    3. Focus initial efforts on the “big wins” to prove the process works.
    4. Use existing resources.
    5. Build on any risk management activities that already exist in the organization.
    6. Socialize ERM throughout the organization to gain additional buy‑in.
    7. Normalize the process long term with ongoing updates and continuing education for the organization.

    How to assess third-party operational risk

    1. Review Organizational Operations

      Understand the organization’s operational risks to prepare for the “what if” game exercise.
    2. Identify and Understand Potential Operational Risks

      Play the “what if” game with the right people at the table.
    3. Create a Risk Profile Packet for Leadership

      Pull all the information together in a presentation document.
    4. Validate the Risks

      Work with leadership to ensure that the proposed risks are in line with their thoughts.
    5. Plan to Manage the Risks

      Lower the overall risk potential by putting mitigations in place.
    6. Communicate the Plan

      It is important not only to have a plan but also to socialize it in the organization for awareness.
    7. Enact the Plan

      Once the plan is finalized and socialized, put it in place with continued monitoring for success.

    Insight summary

    Operational risk impacts often come from unexpected places and have unforeseen impacts. Knowing where your vendors place in critical business processes and those vendors' business continuity plans concerning your organization should be a priority for those who manage the vendors.

    Insight 1

    Organizations fail to plan for vendor acquisitions appropriately.

    Vendors routinely get acquired in the IT space. Does your organization have appropriate safeguards from inadvertently entering a negative relationship? Do you have plans around replacing critical vendors purchased in such a manner?

    Insight 2

    Organizations often fail to understand how they factor into a vendor’s business continuity plan.

    If one of your critical vendors goes down, do you know how they intend to re-establish business? Do you know how you factor into their priorities?

    Insight 3

    Organizations need to have a comprehensive understanding of how their vendor-managed systems integrate with Operations.

    Do you understand where in the business processes vendor-supported systems lie? Do you have contingencies around disruptions that account for those pieces missing from the process?

    Identifying operational vendor risk

    Who should be included in the discussion

    • While it is true that executive-level leadership defines the strategy for an organization, it is vital for those making decisions to make informed decisions.
    • Getting input from operational experts at your organization will enhance your organization's long-term potential for success.
    • Involving those who not only directly manage vendors but also understand your business processes will aid in determining the forward path for relationships with your current vendors and identifying new emerging potential partners.

    See the blueprint Build an IT Risk Management Program

    Review your operational plans for new risks on a regular basis.

    Keep in mind Risk = Likelihood x Impact (R=L*I).

    Impact (I) tends to remain the same, while Likelihood (L) is becoming closer to 100% as threat actors become more prevalent

    Managing vendor operational risk impacts

    What can we realistically do about the risks?

    • Review vendors’ business continuity plans and disaster recovery testing.
      • Understand your priority in their plans.
    • Institute proper contract lifecycle management.
      • Make sure to follow corporate due diligence and risk assessment policies and procedures.
      • Failure to do so consistently can be a recipe for disaster.
    • Develop IT governance and change control.
    • Introduce continual risk assessment to monitor the relevant vendor markets.
      • Regularly review your operational plans for new risks and evolving likelihoods.
      • Risk = Likelihood x Impact (R=L*I).
        • Impact (I) tends to remain the same and be well understood, while Likelihood (L) may often be considered 100%.
    • Be adaptable and allow for innovations that arise from the current needs.
      • Capture lessons learned from prior incidents to improve over time and adjust your plans accordingly.

    Organizations need to review their organizational risk plans, considering the placement of vendors in their operations.

    Pandemics, extreme weather, and wars that affect global supply chains are current realities, not unlikely scenarios.

    Ongoing improvement

    Incorporating lessons learned

    • Over time, despite everyone’s best observations and plans, incidents will catch us off guard.
    • When it happens, follow your incident response plans and act accordingly.
    • An essential step is to document what worked and what did not – collectively known as the “lessons learned.”
    • Use the lessons learned document to devise, incorporate, and enact a better risk management process.

    Sometimes disasters occur despite our best plans to manage them.

    When this happens, it is important to document the lessons learned and improve our plans going forward.

    The "what if" game

    1-3 hours

    Vendor management professionals are in an excellent position to help senior leadership identify and pull together resources across the organization to determine potential risks. By playing the "what if" game and asking probing questions to draw out – or eliminate – possible adverse outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    • Break into smaller groups (or if too small, continue as a single group).
    • Use the Operational Risk Impact Tool to prompt discussion on potential risks. Keep this discussion flowing organically to explore all potentials but manage the overall process to keep the discussion pertinent and on track.
    • Collect the outputs and ask the subject matter experts (SMEs) for management options for each one in order to present a comprehensive risk strategy. You will use this to educate senior leadership so that they can make an informed decision to accept or reject the solution.

    Download the Operational Risk Impact Tool

    Input

    • List of identified potential risk scenarios scored by likelihood and operational impact
    • List of potential management of the scenarios to reduce the risk

    Output

    • Comprehensive operational risk profile on the specific vendor solution

    Materials

    • Whiteboard/flip charts
    • Operational Risk Impact Tool to help drive discussion

    Participants

    • Vendor Management – Coordinator
    • Organizational Leadership
    • Operations Experts (SMEs)
    • Legal/Compliance/Risk Manager

    High risk example from tool

    Sample Questions to Ask to Identify Impacts. Lists questions impact score, weight, question and comments or notes.

    Being overly reliant on a single talented individual can impose risk to your operations. Make sure you include resiliency in your skill sets for critical business practices.

    Impact score and level. Each score for impacts are unique to the organization.

    Low risk example from tool

    Sample Questions to Ask to Identify Impacts. Lists questions impact score, weight, question and comments or notes. Impact score and level. Each score for impacts are unique to the organization.

    Summary

    Seek to understand all aspects of your operations.

    • Organizations need to understand and map out where vendors are critical to their operations.
    • Those organizations that consistently follow their established risk assessment and due diligence processes will be better positioned to avoid disasters.
    • Bring the right people to the table to outline potential risks in the market and your organization.
    • Understand how your vendors prioritize your organization in their business continuity processes.
    • Incorporate “lessons learned” from prior incidents into your risk management process to build better plans for future issues.

    Organizations must evolve their operational risk assessments considering their vendor portfolio.

    Ongoing monitoring of the market and the vendors tied to company operations is imperative to avoiding disaster.

    Related Info-Tech Research

    Identify and Manage Financial Risk Impacts on Your Organization

    • Vendor management practices educate organizations on the different potential financial impacts that vendors may incur and suggest systems to help manage them.
    • Standardize your processes for identifying and monitoring vendor risks to manage financial impacts with our Financial Risk Impact Tool.

    Identify and Manage Reputational Risk Impacts on Your Organization

    • Vendor management practices educate organizations on the different potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.
    • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your reputation and brand with our Reputational Risk Impact Tool.

    Identify and Manage Strategic Risk Impacts on Your Organization

    • Vendor management practices educate organizations on the different potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.
    • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your strategic plan with our Strategic Risk Impact Tool.

    Bibliography

    “Weak Cybersecurity is taking a toll on Small Businesses.” Tripwire. August 7, 2022.

    SecureLink 2022 White Paper SL_Page_EA+PAM (rocketcdn.me)

    Member Poll March 2021 "Guide: Evolving Work Environments Impact of Covid-19 on Profile and Management of Third Parties.“ Shared Assessments. March 2021.

    “Operational Risk.” Wikipedia.

    Tonello, Matteo. “Strategic Risk Management: A Primer for Directors.” Harvard Law School Forum on Corporate Governance, August 23, 2012.

    Frigo, Mark L., and Richard J. Anderson. “Embracing Enterprise Risk Management: Practical Approaches for Getting Started.” COSO, 2011.

    Create and Implement an IoT Strategy

    • Buy Link or Shortcode: {j2store}57|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Disruptive & Emerging Technologies
    • Parent Category Link: /disruptive-emerging-technologies

    While the Internet of Things (IoT) or smart devices have the potential to transform businesses, they have to be implemented strategically to drive value. The business often engages directly with vendors, and many IoT solutions are implemented as point solutions with IT being brought in very late in the process.

    This leads to challenges with integration, communication, and data aggregation and storage. IT is often also left grappling with many new devices that need to be inventoried, added to lifecycle management practices, and secured.

    Unlock the true potential of IoT with early IT involvement

    As IoT solutions become more common, IT leaders must work closely with business stakeholders early in the process to ensure that IoT solutions make the most of opportunities and mitigate risks.

    1. Ensure that IoT solutions meet business needs: Assess IoT solutions to ensure that they meet business requirements and align with business strategy.
    2. Make integration and management smooth: Build and execute plans so IoT devices integrate with existing infrastructure and multiple devices can be managed efficiently.
    3. Ensure privacy and security: IoT solutions should meet clearly outlined privacy and security requirements and comply with regulations such as GDPR and CCPA.
    4. Collect and store data systematically: Manage what data will be collected and aggregated and how it will be stored so that the business can recognize value from the data with minimal risk.

    Create and Implement an IoT Strategy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create and Implement an IoT Strategy Deck – A framework to assess and onboard IoT devices into your environment.

    The storyboard will help to create a steering committee and a playbook to quickly assess IoT ideas to determine the best way to support these ideas, test them in Proof of concepts, when appropriate, and give the business the confidence they need to get the right solution for the job and to know that IT can support them long term.

    • Create and Implement an IoT Strategy – Phases 1-3

    2. Steering Committee Charter Template – Improve governance starting with a steering committee charter to help you clearly define the role of the steering committee to improve outcomes.

    Create a steering committee to improve success of IoT implementations.

    • IoT Steering Committee Charter Template

    3. IoT Solution Playbook – Create an IoT playbook to define a framework to quickly assess new solutions and determine the best time and method for onboarding into your operational environment.

    Create a framework to quickly evaluate IoT solutions to mitigate risks and increase success.

    • IoT Solution Playbook

    Infographic

    Further reading

    Create and Implement an IoT Strategy

    Gain control of your IoT environment

    Create and Implement an IoT Strategy

    Gain control of your IoT environment

    EXECUTIVE BRIEF

    Table of Contents

    Page Contents Page Contents
    4 Analyst Perspective 27 Phase 2: Define the intake & assessment process
    5 Executive Summary 29 Define requirements for requesting new IoT solutions
    7 Common Obstacles 32 Define procedures for reviewing proposals and projects – BA/BRM
    8 Framework 38 Define criteria for assessing proposals and projects – data specialists
    9 Insight Summary 43 Define criteria for assessing proposals & projects – Privacy & Security
    10 Blueprint deliverables 47 Define criteria for assessing proposals & projects – Infrastructure & Operations
    11 Blueprint benefits 48 Define service objectives & evaluation process
    13 Measure the value of IoT 49 Phase 3: Prepare for a proof of value
    15 Guided Implementation 58 Create a template for designing a proof of value
    16 Phase 1: Define your governance process 59 Communications
    21 Define the committee’s roles & responsibilities 60 Research contributors and experts
    23 Define the IoT steering committee’s vision statement and mandate 61 Related InfoTech Research
    26 Define procedures for reviewing proposals and projects

    Analyst perspective

    IoT is an extremely efficient automated data collection system which produces millions of pieces of data. Many organizations will purchase point solutions to help with their primary business function to increase efficiency, increase profitability, and most importantly provide scalable services that cannot exist without automated data collection and analytical tools.

    Most of the solutions available are designed to perform a specific function within the parameters of the devices and applications designed by vendors. As these specific use cases proliferate within any organization, the data collected can end up housed in many places, owned by each specific business unit and used only for the originally designed purpose. Imagine though, if you could take the health information of many patients, anonymize it, and compare overall health of specific regions, rather than focusing only on the patient record as a correlated point; or many data points within cities to look at pedestrian, bike, and vehicle traffic to better plan infrastructure changes, improve city plans, and monitor pollution, then compared to other cities for additional modeling.

    In order to make these dramatic shifts to using many IoT solutions, it’s time to look at creating an IoT strategy that will ensure all systems meet strategic goals and will enable disparate data to be aggregated for greater insights. The act of aggregation of systems and data will require additional scrutiny to mitigate the potential perils for privacy, management, security, and auditability

    The strategy identifies who stewards use of the data, who manages devices, and how IT enables broader use of this technology. But with the increased volume of devices and data, operational efficiency as part of the strategy will also be critical to success.

    This project takes you through the process of defining vision and governance, creating a process for evaluating proposed solutions for proof of value, and implementing operational effectiveness.

    Photo of Sandi Conrad, Principal Research Director, Info-Tech Research Group.

    Sandi Conrad
    Principal Research Director
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    The business needs to move quickly to adopt new ways to collect and analyze data or automate actions. IoT may be the right answer, but it can be complex and create new challenges for IT teams.

    Many of these solutions are implemented by vendors as point solutions, but more organizations are recognizing they need to bring the data in-house to start driving insights.

    As IoT solutions become more prolific, the need to get more involved in securing and managing these solutions has become evident.

    Common Obstacles

    The business is often engaging directly with the vendors to better understand how they can benefit from these solutions, and IT is often brought in when the solution is ready to go live.

    When IT isn’t involved early, there may be challenges around integrations, communications, and getting access to data.

    Management becomes challenging as many devices are suddenly entering the environment, which need to be inventoried, added to lifecycle management practices, and secured.

    Info-Tech’s Approach

    Info-Tech’s approach starts with assessing the proposed solutions to:

    • Ensure they will meet the business need.
    • Understand data structure for integration to central data store.
    • Ensure privacy and security needs can be met.
    • Determine effort and technical requirements for integration into the infrastructure and appropriate onboarding into operations.

    Early intervention will improve results. IoT is one of the biggest challenges for IT departments to manage today. The large volume of devices and lack of insight into vendor solutions is making it significantly harder to plan for upgrades and contract renewals, and to guarantee security protocols are being met. Create a multistep onboarding process, starting with an initial assessment process to increase success for the business, then look to derive additional benefits to the business and mitigate risks.

    Your challenge

    Scaling up and out from an IoT point solution is complicated and requires collaboration from stakeholders that may not have worked well together before
    • Point solutions may be installed and configured with support outsourced to vendors, where integrations may be light or non-existent.
    • Each point solution will be owned by the business, with data used for a specific purpose, and may only require infrastructure support from the internal IT department.
    • Operational needs must be met to protect the business’ investment, and without involving IT early, agreements may be signed that don’t meet long-term goals of high value at reasonable prices.
    • To fully realize value from multiple disparate systems, a cohesive strategy to bring together data will be required, but with that comes a need to improve technology, determine data ownership, and improve oversight with strengthened security, privacy, and communications.
    • Where IoT is becoming a major source of data, taking a piecemeal approach will no longer be enough to be successful.

    IoT solutions may be chosen by the business, but to be successful and meet their requirements, a partnership with IT will ensure better communications with the service provider for a less stressful implementation with governance over security needs and protection of the organization’s data, and it will ensure that continual value is enabled through effective operations.

    Pie chart titled 'IoT project success' with '12% Fully successful', '30% Mostly successful', '40% Mostly unsuccessful', and 'Not at all successful'.
    (Source: Beecham Research qtd. in Software AG)

    Common obstacles

    These barriers make IoT challenging to implement for many organizations:
    • Solutions managed outside of IT, whether through an operational technology team or an outsourced vender, will require a comprehensive approach that encourages collaboration, common understandings of risk, and the ability to embrace change.
    • Technical expertise required will be broad and deep for a multi-solution implementation. Many types of devices, with varied connections and communications methods, will need to be architected with flexibility to accommodate changing technology and scalability needs.
    • Understanding the myriad options available and where it makes sense to deploy cutting-edge vs. proven technologies, as well as edge computing and digital twins.
    • External consultants specializing in IoT may need to be engaged to make these complex solutions successful, and they also need to be skilled in facilitating discussions within teams to bring them to a common understanding.
    • Analysis skills and a data strategy will be key to successfully correlating data from multiple sources, and AI will be key to making sense of vast amounts of data available and be able to use it for predictive work. According to the Microsoft IoT Signals report of October 2020, “79% of organizations adopt AI as part of their IoT solution, and those who do perceive IoT to be more critical to their company’s success (95% vs. 82%) and are more satisfied with IoT (96% vs. 87%).“
    Pie chart with two tiers titled 'Challenges to using IT'. The inner circle are challenge categories like 'Security', 'Lack of budget/staff', and the outer circle are the more specific challenges within them, such as 'Concerned about consumer privacy' and 'No human resources to implement & manage'.
    (Source: Microsoft IoT Signals, Edition 2, October 2020 n=3,000)

    Internet of Things Framework

    Interoperability of multiple IoT systems and data will be required to maximize value.

    GOVERNANCE

    What should I build? What are my concerns?
    Where should I build it? Why does it need to be built?

    DATA MODEL ——› BUSINESS OPERATING MODEL
    Data quality
    Metadata
    Persistence
    Lifecycle
    Sales, marketing
    Product manufacturing
    Service delivery
    Operations

    |—›

    BUSINESS USE CASE

    ‹—|
    Customer facing Internal facing ROI
    ˆ
    |
    ETHICS
    Deliberate misuse
    Unintentional consequences
    Right to informed consent
    Active vs. passive consent
    Bias
    Profit vs. common good
    Acceptable/fair use
    Responsibility assignment
    Autonomous action
    Transparency
    Vendor ethical implications
    ˆ
    |
    TECHNICAL OPERATIONAL MODEL
    Personal data
    Customer data
    Non-customer data
    Public data
    Third-party business data
    Data rights/proprietary data
    Identification
    Vendor data
    Profiling (Sharing/linkage of data sets)

    CONTROLS

    How do I operate and maintain it?

    1. SECURITY
      • Risk identification and assessment
      • Threat modeling – ineffective because of scale
      • Dumb, cheap endpoints without users
      • Massive attack surface
      • Data/system availability
      • Physical access to devices
      • Response to anonymized individuals
    2. COMPLIANCE
      • Internal
      • External
        NIST, SOC, ISO
        Profession/industry
      • Ethics
      • Regulatory
        PII, GDPR, PIPEDA
        Audit process
    1. OPERATIONAL STANDARDS
      • Industry best practices
      • Open standards vs. proprietary ones
      • Standardization
      • Automation
      • Vendor management
    2. TECHNICAL OPERATIONAL MODEL
      • Platforms
      • Insourcing/outsourcing
      • Acquisition
      • Asset management
      • Patching
      • Data protection
      • Source image control
      • Software development lifecycle
      • Vendor management
      • Disposition/disposal

    BRIDGING THE PHYSICAL WORLD AND THE VIRTUAL WORLD

    How should it be built?

    Diagram with 'Physical World' 'Internet of Things Devices' on the left, connected to 'Virtual World' 'Central Compute (Cloud/Data Center)', 'Edge Computing', and 'Business Systems and Applications' via 'Data - data-verified= Data Normalization' from physical to virtual and 'Instructions' from virtual to physical.">

    Insight summary

    Real value to the business will come from insights derived from data

    Many point solutions will solve many business issues and produce many data sets. Ensure your strategy includes plans on how to leverage data to further your organizational goals. A data specialist will make a significant difference in helping you determine how best to aggregate and analyze data to meet those needs.

    Provide the right level of oversight to help the business adopt IoT

    Regardless of who is initiating the request or installing the solution, it’s critical to have a framework that protects the organization and their data and a plan for managing the devices.

    The business doesn’t always know what questions to ask, so it’s important for IT to enable them if moving to a business-led innovation model, and it’s critical to helping them achieve business value early.

    Do a pre-implementation assessment to engage early and at the right level

    Many IoT solutions are business- and vendor-led and are hosted outside of the organization or managed inside the business unit.

    Having IT engage early allows the business to determine what level of support is appropriate for them, allows IT to ensure data integrity, and allows IT to ensure that security, privacy, and long-term operational needs are managed appropriately.

    Blueprint deliverables

    IoT Steering Committee Charter

    Create a steering committee to improve success of IoT implementations

    Sample of the IoT Steering Committee Charter.

    IoT Solution Playbook

    Create a framework to quickly evaluate IoT solutions to mitigate risks and increase success

    Sample of the IoT Solution Playbook.

    Blueprint benefits

    IT Benefits

    • Aggregation of processes and data may have compelling implications for increasing effectiveness of the business, but this may also increase risk. A framework will help to drive value while putting in appropriate guardrails.
    • IoT use cases may be varied within many industries, and the use of many types of sensors and devices complicates management and maintenance. A common understanding of how devices will be tracked, managed, and maintained is imperative to IT securing their systems and data.
    • A pilot program to evaluate effectiveness and either reject or move forward with a plan to onboard the solution as quickly as possible will ensure quick time to value and enable immediate implementation of controls to meet operational and security requirements.

    Business Benefits

    • Aggregation of many disparate groups of data can provide new insights into the way an organization interacts with its clients and how clients are using products and services.
    • As organizations innovate and new IoT solutions are introduced to the environment, solutions need to be evaluated quickly to determine if they’re going to meet the business case and then determine what needs to be put in place for technology, process, and policy to ensure success.
    • As new solutions are introduced, anyone who may be impacted through this new data-collection process will need to be informed and feel secure in the way information is analyzed and managed. This project will provide the framework to quickly assess the risks and develop a communications plan.

    Evaluate digital transformation opportunities with these guiding principles for smart solutions

    Problem & opportunity focus
    • Search for real problems to solve, with visible improvement possibilities
    • Don’t choose technology for technology’s sake
    • Keep an eye to the future
    • Strategic foresight
    Piece by piece
    • Avoid the “Big Bang” approach
    • Test technologies in multiple conditions
    • Run inexpensive pilots
    • Increase flexibility
    • Technology ecosystem
    User buy-in
    • Collaborate with the community
    • Gain and sustain support
    • Increase uptake of city technology
    • Crowdsource community ideas
    Recommendations:
    Focus on real problems • Be a fast follower • Build a technology ecosystem

    Info-Tech Insight

    When looking for a quick win, consider customer journey mapping exercises to find out what it takes to do the work today, for example, map the journey to apply for a building permit, renew a license, or register a patient.

    Measure the value of IoT

    There is a broad range of solutions for IoT all designed to collect information and execute actions in a way designed to increase profitability and/or improve services. McKinsey estimates value created through interoperability will account for 40% to 60% of the potential value of IoT applications.

    Revenue Generating
    • Production increases and efficiency
    • Reliability as data quality increases
    • New product development opportunities through better understanding of how your products are used
    • New product offerings with automated data collection and analysis of aggregated data
    Improved outcomes
    • Improved wellness programs for employees and patients through proactive health management
      • Reduction in health care/insurance costs
      • Reduction in time off for illness
    • Reduction in human error
    • Improved safety – fewer equipment malfunction incidents
    • Sustainability – reduction in emissions
    Increased access to data, especially if aggregating with other data sources, will increase opportunities for data analysis leading to more informed decision making.
    Cost Avoidance
    • Cost efficiency – lower energy consumption, less waste, improved product consumption
    • Reliability – reduced downtime of equipment due to condition-based maintenance
    • Security – decrease in malware attacks
    Operational Metrics
    • # supported devices
    • % of projects using IoT
    • % of managed systems
    • % of increase in equipment optimization

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 4 to 8 calls over the course of 2 to 4 months.

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3
    Call #1: Determine steering committee members and mandates.

    Call #2: Define process for meeting and assessing requests.

    Call #3: Define the intake process.

    Call #4: Define the role of the BRM & assessment criteria.

    Call #5: Define the process to secure funding.

    Call #6: Define assessment requirements for other IT groups.

    Call #7: Define proof of value process.

    Create and Implement an IoT Strategy

    Phase 1

    Define your governance process

    Steering Committee

    1.1 Define the committee’s roles and responsibilities in the IoT Steering Committee Charter

    1.2 Define the IoT steering committee’s vision statement and mandates

    1.3 Define procedures for reviewing proposals and roles and responsibilities

    Intake Process

    2.1 Define requirements for requesting new IoT solutions

    2.2 Define procedures for reviewing proposals and projects – BA/BRM

    2.3 Define procedures for reviewing proposals and projects – Data specialists

    2.4 Define procedures for reviewing proposals and projects – Privacy & Security

    2.5 Define procedures for reviewing proposals and projects – Infrastructure & Operations

    2.6 Define service objectives and evaluation process

    Proof of Value

    3.1 Determine the criteria for running a proof of value

    3.2 Define the template and process for running a proof of value

    This phase will provide the following activities

    • Create the steering committee project charter
    If a steering committee exists, it may be appropriate to define IoT governance under their mandate. If a committee doesn’t already exist or their mandate will not include IoT, consider creating a committee to set standards and processes and quickly evaluate solutions for feasibility and implementation.

    Create an IoT steering committee to ensure value will be realized and operational needs will be met

    The goals of the steering committee should be:

    • To align IoT initiatives with organizational goals. 
    • To effectively evaluate, approve, and prioritize IoT initiatives.
    • To approve IoT strategy & evaluation criteria.
    • To reinforce and define risk evaluation criteria as they relate to IoT technology.
    • To review pilot results and confirm the value achievement of approved IoT initiatives.
    • To ensure the investment in IoT technology can be integrated and managed using defined parameters.

    Assemble the right team to ensure the success of your IoT ecosystem

    Business stakeholders will provide clarity for their strategy and provide input into how they envision IoT solutions furthering those goals and how they may gain relevant insights from secondary data.

    As IoT solutions move beyond their primary goals, it will be critical to evaluate the continually increasing data to mitigate risks of unintended consequences as new data sets converge. The security team will need to evaluate solutions and enforce standards.

    CDO and analysts will assess opportunities for data convergence to create new insights into how your services are used.

    Lightbulb with the word 'Value' surrounded by categories relative to the adjacent paragraph, 'Data Scientists', 'Security and Privacy', 'Business Leaders', 'IT Executives', 'Operations', and 'Infrastructure & Enterprise Architects'. IT stakeholders will be driving these projects forward and ensuring all necessary resources are available and funded.

    Operational plans will include asset management, monitoring, and support to meet functional goals and manage throughout the asset lifecycle.

    Each solution added to the environment will need to be chosen and architected to meet primary functions and secondary data collection.

    Identify IoT steering committee participants to ensure broad assessment capabilities are available

    • The committee should include team members experienced enough to provide an effective assessment of IoT projects, and to provide input and oversight regarding business value, privacy, security, operational support, infrastructure, and architectural support.
    • A data specialist will be critical for evaluating opportunities to expand use of data and ensure data can be effectively validated and aggregated. Additional oversight will be needed to review aggregated data to protect against the unintended consequences of having data combined and creating personas that will identify individuals.
    • Additional experts may be invited to committee meetings as appropriate, and ideas should be discussed and clarified with the business unit bringing the ideas forward or that may be impacted by solutions.
    • Invite appropriate IT and business leaders to the initial meeting to gain agreement and form the governance model.

    Determine responsibilities of the committee to gain consensus and universal understanding

    Icon of binoculars. STRATEGIC
    ALIGNMENT
    • Define the IoT vision in alignment with the organizational strategy and mission.
    • Define strategy, policies and communication requirements for IoT projects.
    • Assess and bring forward proposals to utilize IoT to further organizational strategy.
    Icon of a person walking up an ascending bar graph. VALUE
    DELIVERY
    • Define criteria for evaluating and prioritizing proposals and projects.
    • Validate the IoT proposals to ensure value drivers are understood and achievable.
    • Identify opportunities to combine data sets for secondary analysis and insights.
    Icon of a lightbulb. RISK
    OPTIMIZATION
    • Evaluate data and combined data sets to avoid unintended consequences.
    • Ensure security standards are adhered to when integrating new solutions.
    • Reinforce privacy regulations, policy, and communications requirements.
    Icon of an arrow in a bullseye. RESOURCE
    OPTIMIZATION
    • Identify and validate investment and resource requirements.
    • Evaluate technical requirements and capabilities.
    • Align IoT management requirements to operations goals within IT.
    Icon of a handshake. PERFORMANCE
    MANAGEMENT
    • Assess validity of pilot project plan, including success criteria.
    • Identify corner cases to assess functionality and potential risks beyond core features.
    • Monitor progress, evaluate results, and ensure organizational needs will be met.
    • Evaluate pilot to determine if it will be moved into full production, reworked, or rejected.

    1.1 Exercise:
    Define the committee’s roles & responsibilities in the IoT steering committee charter

    1-3 hours

    Input: Current policies and assessment tools for security and privacy, Current IT strategy for introducing new solutions and setting standards

    Output: List of roles and responsibilities, High-level discussion points

    Materials: Whiteboard/flip charts, Steering committee workbook

    Participants: IT executive, Privacy & Security senior staff, Infrastructure & Operations senior staff, Senior data specialist, Senior business executive(s)

    1. Identify and document core and auxiliary members of the committee, ensuring all important facets of the IoT environment can be assessed.
    2. Identify and document the committee chair.
    3. Gain consensus on responsibilities of the steering committee.

    Download the IoT Steering Committee Charter

    Define the vision statement for the IoT committee to clarify mandate and communicate to stakeholders

    The vision statement will define what you’re trying to achieve and how. You may have the statement already solidified, but if not, start with brainstorming several outcomes and narrow to less than 5 focus areas.

    A vision statement should be concise and should be in support of the overall IT strategy and organizational mission. The vision statement will be used as a high-level guide for defining and assessing proposed solutions and evaluating potential outcomes. It can be used as a limiter to quickly weed out ideas that don’t fit within the mandate, but it can also inspire new ideas.

    • Support innovation
    • Enable the business
    • Enable operations for continual value

    New York City has a broad plan for implementing IoT to meet several aspects of their overall strategy and subsequently their IT strategy. Their strategic plan includes several focus areas that will benefit from IoT:
    • A vibrant democracy
    • An inclusive economy
    • Thriving neighborhoods
    • Healthy lives
    • Equity and excellence in education
    • A livable climate
    • Efficient mobility
    • Modern infrastructure
    Their overall mission is: “OneNYC 2050 is a strategy to secure our city’s future against the challenges of today and tomorrow. With bold actions to confront our climate crisis, achieve equity, and strengthen our democracy, we are building a strong and fair city. Join us.”

    In order to accomplish this overall mission, they’ve created a specific IT vision statement: “Improve digital infrastructure to meet the needs of the 21st century.”

    This may seem broad, and it includes not just IoT, but also the need to upgrade infrastructure to be able to enable IoT as a tool to meet the needs to collect data, take action, and better understand how people move and live within the city. You can read more of their strategy at this
    link: http://onenyc.cityofnewyork.us/about/

    1.2 Exercise:
    Define the IoT steering committee’s vision statement and mandate

    1 hour

    Input: Organizational vision and IT strategy

    Output: Vision statement

    Materials: Whiteboard/flip charts, Steering committee workbook

    Participants: Steering committee, which may include: IT executive, Privacy & Security senior staff, Infrastructure & Operations senior staff, Senior data specialist, Senior business executive(s)

    1. Starting with the organizational mission statement, brainstorm areas of focus with the steering committee and narrow down the statement.
    2. Make sure it’s broad enough to encompass your goals, but succinct enough to allow you to identify projects that don’t meet the vision.
    3. Test with a few existing ideas.
    4. Document in your steering committee charter.

    Download the IoT Steering Committee Charter

    Use the COPIS methodology to define your project review process

    COPIS is a customer-focused methodology used to focus on the areas around the process, ensuring a holistic view starting with who the customer is and what they need, then building out the process and defining what will be required to be successful and who will be involved in fulfilling the work.

    Customer

    • Executive leadership
    • Business leaders

    Outputs

    • Risk assessment
    • Approvals to proceed
    • Pilot plan
    • Assessment to approve for production or reject

    Process

    • Review proposals
    • Ask questions and discuss with proposer & committee
    • Review pilot & testing plan
    • Engage with IT Team to define requirements

    Inputs

    • Request form including:
    • New idea
    • Business value defined
    • Data collected
    • Initial risk assessment
    • Implementation plan
    • Definition of success

    Suppliers

    • IT operations team
    • Device and software vendors
    • IT leaders
    • Risk committee
    Agenda & process flow



    Determine where people will access request form Ending point
    Sequence of right-facing arrows labelled 'Agenda & process flow'. Text in each arrow from left to right reads 'Confirm attendees required are in attendance', 'Review open action items', 'Assess new items', 'Assess prioritization', 'Review metrics & pilots in progress', 'Decisions & recommendations'.

    Create a committee charter to ensure roles are clarified and mandates can be met

    The purpose of the committee is to quickly assess and protect organizational interests while furthering the needs of the business

    The committee needs to be seen as an enabler to the business, not as a gatekeeper, so it must be thorough but responsive.

    The charter should include:
    • The vision to ensure clarity of purpose.
    • IoT mandates to focus the committee on assessment criteria.
    • Roles, responsibilities, and assignments to engage the right people who will provide the kind of guidance needed to ensure success.
    • Procedures to make the best use of each committee member’s time.
    • Process flow to guide evaluations to avoid unnecessary delays while reducing organizational risks.
    Stock image of someone reading on a tablet.

    1.3 Exercise:
    Define procedures for reviewing proposals and projects

    2-3 hours

    Input: Schedules of committee members, Process documentation for evaluating new technology

    Output: Procedures for reviewing proposals, Reference documentation for evaluating proposals

    Materials: Whiteboard/flip charts, Steering committee workbook

    Participants: Steering committee, which may include: IT executive, Privacy & Security senior staff, Infrastructure & Operations senior staff, Senior data specialist, Senior business executive(s)

    1. Discuss as a group how often you will meet for reviews and project updates. Which roles will have veto rights on project approvals?
    2. Define the intake process and requirements for scheduling based on average lead time to get the group together and preview documentation.
    3. Identify where process documentation already exists to use for evaluation of proposals and projects, and what needs to be created to quickly move from evaluation to action phases.
    4. Define basic rules of engagement.
    5. Define process flow using COPIS methodology as a framework. Note the different stages that may be part of the intake flow. Some business partners may bring solutions to IT, and others may just have an idea that needs to be solutioned.

    Download the IoT Steering Committee Charter

    Create and Implement an IoT Strategy

    Phase 2

    Define the intake and assessment process

    Steering Committee

    1.1 Define the committee’s roles and responsibilities in the IoT Steering Committee Charter

    1.2 Define the IoT steering committee’s vision statement and mandates

    1.3 Define procedures for reviewing proposals and roles and responsibilities

    Intake Process

    2.1 Define requirements for requesting new IoT solutions

    2.2 Define procedures for reviewing proposals and projects – BA/BRM

    2.3 Define procedures for reviewing proposals and projects – Data specialists

    2.4 Define procedures for reviewing proposals and projects – Privacy & Security

    2.5 Define procedures for reviewing proposals and projects – Infrastructure & Operations

    2.6 Define service objectives and evaluation process

    Proof of Value

    3.1 Determine the criteria for running a proof of value

    3.2 Define the template and process for running a proof of value

    This phase will provide the following activities

    • Define requirements for requesting new IoT solutions
    • Define procedures for review proposals and projects
    • Define service objectives and evaluation process for reviewing proposals and projects

    Determine what information is necessary to start the intake process

    To encourage your business leaders to engage IT in evaluating and appropriately supporting the solution, start with an intake process that is simple and easily populated with business information.
    • Review intake forms from the PMO or build your own from the IoT Solution Playbook:
    • Start by asking for a clear picture of the solution. Ensure the requester can clearly articulate the business benefit to the solution, including what issues are being resolved and what success looks like.
    • Requesters may not be expected to seek out all relevant information to make the decision.
      • Consider providing a business analyst (BA) to assist with data gathering for further assessment and to launch the review process.
      • Review may require additional steps if it is not clear the proposed solution will perform as expected and could include conversations with the vendor or a determination that a full requirements-gathering process may need to be done.
    • Typically, a BA will launch the review process to have appropriate experts assess the feasibility of the solution; assess regulatory, privacy, and security concerns; and determine the level of involvement needed by IT and the project managers.
    • Have options for different starting points. Some requesters may be further along in their research as they know exactly what they want, while others will be early in the idea stage. Don’t discourage innovation by creating more work than they’re able to execute.

    Business goals and benefits are important to ensure the completed solution meets the intended purpose and enables appropriate collection, analysis, and use of data in the larger business context.

    Ongoing operational support and service need to be considered to ensure ongoing value, and adherence to security and privacy policies is critical.

    2.1 Exercise:
    Define requirements for requesting new IoT solutions

    1 hour

    Input: Business requirements for requesting IT solutions

    Output: Request form for business users, Section 1 of the IoT Solution Playbook

    Materials: Whiteboard/flip charts, IoT Solution Playbook

    Participants: Steering committee, which may include: IT executive, Privacy & Security senior staff, Infrastructure & Operations senior staff, Senior data specialist, Senior business executive(s)

    1. Review template for the IoT Solution Playbook to ensure it meets your needs; modify as necessary.
    2. Determine requirements for initiating an assessment.
      1. Will a business case be necessary to start, or can the assessment feed into the business case?
      2. How can you best access the work already done by the requester to not start over?
      3. Determine the right questions to understand how they will define success to ensure this solution will do what they need.
      4. Do you need a breakdown of the way they do the job today?
      5. What level of authorization needs to be on the request to move forward?
    3. Try to balance the effort of the requester against their role. Don’t expect them to investigate solutions beyond the business value.
    4. Provide them with a means to provide you any information they have gathered, especially if they have already spoken to vendors.

    Download the IoT Solution Playbook

    Define what role the BA or BRM will play to support the request process

    Identify questions that will need to be answered in order to assess if the solution will be fit for purpose, to help build out business cases, and to enable the appropriate assessments and engagement with project managers and technical teams.
    • Project sponsorship is key to moving the project ahead. Ensure the project sponsor and business owner will be in alignment on the solution and business needs.
    • Note any information that will help to prioritize this project among all other requests. This will feed into implementation timing and the project management needs, resourcing, and vendor engagement required.
    • Determine if a proof of value would be an asset. A proof of value can be time consuming, but it can mitigate the risks of large-scale failures.
    • Ask about data collection and data type, which will be a major part of the assessment for the data team and for security, privacy, infrastructure, and operational assessments.
    • Determine if any actions will need to be taken, which might include data transfer, notifications and alerts, or others. This may require additional discussions on actuators, RPA, data stores, and integrations.
    • Determine if any automation will be part of the solution, as this will help to inform future discussions on power, connectivity, security, and privacy.

    Download the blueprint Embed Business Relationship Management in IT if you need help to support the business in a more strategic manner.

    Info-Tech Insight

    Understanding the business issue more deeply can help the business analyst determine if the solution needs a review of business process as well as helping to build out the requirements well enough to improve chances of success.

    The BA should be able to determine initial workload and involvement of project managers and evaluators.

    Clearly articulate the business benefits to secure funding and resources

    If the business users need to build a business case, the information being collected will help to define the value, estimate costs, and evaluate risk

    IoT point solutions can be straightforward to articulate the business benefits as they will have very specific benefits which will likely fit into one of these categories:
    • Financial – to increase profitability or reduce costs through predictive maintenance and efficiency.
    • Business Development – innovation for new products, services, and methodologies
    • Improve specific outcomes – typically these will be industry specific, such as improved patient health care, reduced traffic congestion or use of city resources, improved billing, or fire prevention for utility companies.

    As you start to look at the bigger picture of how these different systems can bring together disparate data sets, the benefits will be harder to define, and the costs to implement this next level of data analysis can be daunting and expensive.

    This doesn’t necessitate a complete alignment of data collection purposes; there may be benefits to improving operations in secondary areas such as updating HVAC systems to reduce energy costs in a hospital, though the updated systems may also include sensors to monitor air quality and further improve patient outcomes.

    In these cases, there may be future opportunities to use this data in unexpected ways, but even where there aren’t, applying the same standards for security, privacy, and operations should apply.

    Table titled 'Increasing productivity through efficiency and yield are the top benefits organizations expect to see from IoT implementations' with three columns, one for type of benefit (ie efficiency, yield, quality, etc), one for different IoT implementations and one for percent increase.
    (Microsoft IoT Signals Report 2020, n= 3,000 IT Professionals)

    2.2 Exercise – BA/BRM: Define procedures for reviewing proposals and projects

    1 hour

    Input: Process documentation for evaluating new technology, Business case requirements

    Output: Interview questions and assessment criteria for BA/BRM

    Materials: Whiteboard/flip charts, IoT Solution Playbook

    Participants: Steering committee, which may include: Business analyst or business relationship manager, IT executive(s), Senior data specialist, Senior business executive(s)

    1. Review template for the IoT Solution Playbook to ensure it meets your needs; modify as necessary.
    2. Identify the questions that will need to be asked of the business to determine whether the request will be fit for purpose.
    3. Additional questions may help to:
      1. Identify project sponsors to determine if requirements are defined or need to be, and who will champion this project through to implementation.
      2. Identify what additional work will be needed for you to shepherd the project through the various stage gates.
      3. Identify any prioritization criteria including business-specific milestones and outcomes.
    4. Document when a formal business case needs to be created.

    Download the IoT Solution Playbook

    Assess the vendor’s solution for accessibility to ensure data will be available and useable

    Data governance, including stewardship and ownership; lineage; and the ability to scale, deduplicate, normalize, validate, and aggregate disparate data will be critical to being able to analyze data to execute on strategic goals.

    If your organization isn’t poised to manage and make the best use of the data, see Info-Tech’s related blueprints:

    Relevant Research: Diagnostic:
    Data ownership is important to establish early on, as the owner(s) will be accountable for how data is used and accessed. Data needs to be owned by the organization (not the vendor) and needs to be accessible for:
    • Regulatory compliance.
    • Data quality and validation.
    • Data normalization.
    • Data aggregation and analysis.
    Vendor assessments need to investigate how data will be accessed, where data is normalized and how data will be validated.
    Data validation will have different levels of importance depending on the use case. Where data validation is critical, there may be a need to double up sensors in key areas, validate against adjacent sensors, better understand how and where data will be collected.
    • Infrared sensors may include intelligence to count people or objects.
    • Cameras might require manual counts but may provide better images.
    • Good quality images may require technology to distort faces for privacy.
    If data validation will include non-sensor data, such as validation against a security access database or visitor log, access to the data for validation may be required in near real time.

    Determine how often you need to access and download data

    Requirements will vary depending on whether sensors are collecting data for later analysis or if they are actuators that need to process data at the source.

    Determine where the data will reside and how it will be structured. If it will be open and controlled within your own environment, confer with your data team to ensure the solution is integrated into your data systems. If, however, the solution is a point solution which will be hosted by the vendor, understand who will be normalizing the data and how frequently you can export or transfer it into your own data repository. If APIs will need to be installed to enable data transfer, work with the vendor to test them.

    Self-contained or closed solutions may be quick to install and configure and may require minimal technical support from within your own IT team, but they will not provide visibility to the inner workings of the solution. This may create issues around integration and interoperability which could limit the functionality and usability beyond the point solution.

    If the solution chosen is a closed system, determine how you will need to interact with the vendor to gain access to the data. Interoperability may not be an option, so work with the vendor to set up a regular cadence for accessing the data.

    Questions for the vendor could include:

    1. How often can we access the data? Will the vendor push it on a regular basis? Is it on demand?
    2. Or will we need to pull the data? Is there an API?
    3. Will the data be normalized?
    4. Will the data be transferred, or will the vendor keep a historical record?
    5. Are there additional fees for archiving or for data extraction?
    Stock image of a large key inserted into the screen of a laptop.

    Identify whether digital twins are needed

    Create a virtual world to safely test and fail without impacting the real-world applications.

    As actuators are processing information and executing actions, there may be a benefit to assess the effectiveness and impact of various scenarios in a safe environment. Digital twins enable the creation of a virtual world to test these new use cases using real world scenarios.

    These virtual replicas will not be necessary for every IoT application as many solutions will be very straightforward in their application. But for those complex systems, such as smart buildings, smart cities and mechanically complex projects, digital twins can be created to run multiple simulations to aid in business continuity planning, performance assessments, R&D and more.

    Due to the expense and complexity of creating a full digital twin, carefully weighing the benefits, and identifying how it will be used, can help to build the business case to invest in the technology. Without the skills in house, reliance on a vendor to create the model and test scenarios will likely be part of the overall solution.

    The assessment will also include understanding what data will be transferred into the model, how often it will be updated, how it will be protected and who will need to be involved in the modeling process.

    Download the blueprint: Double Your Organization’s Effectiveness With a Digital Twin. if you need more information on how to leverage digital twin technology.

    Stock image of a twin mirroring the original person's action.

    To fully realize value in IoT, think beyond single use case solutions to leverage the data collected

    Expertise in data analysis will be key to moving forward with an enterprise approach to IoT and the data it produces.
    • A single IoT solution can add hundreds of sensors, collecting a wide variety of data for specific purposes. If multiple solutions are in place, there may be divergent data sets that may never be seen by anyone other than their specific data stewards.
    • Many organizations have started out with one or two solutions that support their primary business and may include some more mature offerings such as HVAC systems, which have used sensors for years. However, not all data is used today. In many cases, data is used for anomaly detection to improve operations, and only the non-standard information is used for alerting. McKinsey estimates less than 1% of data is used in these applications, with the remaining data stored or deleted, rather than used for optimization and predictive analysis.
    • Thinking beyond the initial use cases, there may be opportunities to create new services, improve services for existing products, or improve insights through analysis of juxtaposed data.
    • McKinsey reports up to $11.1 trillion a year in economic value may be possible by 2025 through the linking of the physical and digital worlds. Personal devices and all industries are potential growth areas – though factories and anywhere that could use predictive maintenance, cities, retail, and transportation will see the largest probable increases. Interoperability was identified as being required to maximize value, accounting for 40% to 60% of the potential value of IT applications.
    • Where data is used to correct and control anomalies, very little data is retained and used for optimization or predictive analysis. By taking a deliberate approach to normalize, correlate, and analyze data, organizations can gain insight into the way their products are used, benefit from predictive maintenance, improve health care, reduce costs, and more.
    (Source: McKinsey, 2015)

    By 2025 an estimated data volume of 79.4 zettabytes will be attributed to connected IoT devices. (Statistia)

    Build data governance and analysis into your strategy to find new insights from correlating new and existing data

    As a point solution, IoT provides a means to collect large amounts of data quickly and act. When determining the use case for IoT and best fit solutions, it’s important to think about what data needs to be collected and what actions will need to be coordinated. As the need for more than just a few IoT solutions surfaces, the complexity and potential usefulness of data increases. This can lead to significant changes to the scope of data collection, storage, and analysis and may lead to unintended consequences.
    • Some industries, such as governments looking to build smart cities, will have a very broad range of opportunities for IoT devices, as well as high levels of difficulty managing very disparate systems; other industries, such as healthcare, will have very focused prospects for data collection and analysis.
    • In any case, the introduction of new IoT solutions can create very large amounts of data quickly, and if used only for a single purpose, there may be lost opportunity for expanding use of data to better understand your product, customers, or environment.
    • Don’t limit analysis to only IoT-collected data, as this can be consolidated with other sources for validation, enhancement, and insights. For example, fleet transponders can be connected to travel logs and dispatch records for validation and evaluation of fuel and resource consumption.
    • Determine the best time and methods for consolidation and normalization; consider using data consolidation vendors if the expertise is not available in-house.
    • As data combines, there may be unintended consequences of unique anonymous identifiers combining to identify employees or customers, and the potential for privacy breeches will need to be evaluated as all new systems come on-line.

    “We find very little IoT data in real life flows through analytics solutions, regardless of customer size. Even in the large organizations, they tend to build at-purpose applications, rather than creating those analytical scenarios or think of consolidating the IoT data in a data lake like environment.” (Rajesh Parab, Info-Tech Research Group)

    2.3 Exercise – data specialists: Define criteria for assessing proposals and projects

    1-2 hours

    Input: Process documentation for evaluating new technology, Data governance documents

    Output: Interview questions and assessment criteria for data specialists

    Materials: Whiteboard/flip charts, IoT Solution Playbook

    Participants: Steering committee, which may include: Business analyst or business relationship manager, IT executive, Senior data specialist, Senior business executive(s), Privacy & Security senior staff, Infrastructure & Operations senior staff

    1. Review template for the IoT Solution Playbook to ensure it meets your needs; modify as necessary.
    2. Identify the questions that will need to be asked of the solution to ensure data governance and accessibility needs will be met.
    3. Additional questions may help to:
      1. Identify data owners or stewards to determine who will have authority over data and ensure their needs will be met.
      2. Identify what additional work will be needed for the data team to access, validate, normalize, and centralize data.
      3. Identify any concerns that will identify the solution as unviable.
      4. Identify any risks to data accessibility which will require mitigation.

    This initial review is designed to identify risks to data ownership or integrity and ensure data is available for additional uses as deemed appropriate to the organizational goals. This assessment is designed to find major flaws and to mitigate and integrate should the project be approved as viable.

    Download the IoT Solution Playbook

    Security assessments will need to include risk reviews specific to IoT

    The increase of data collectors and actuators creates a large attack surface that could easily provide an entry point for hackers to connect into an organization’s network. Assess existing protocols and risk registry to ensure all IoT systems are reviewed for security threats.

    The significant increase in devices and applications will require a review of security practices related to IoT to understand and mitigate risks. Even if the data collected is not considered integral to the business, such as with automated HVAC systems or an aquarium monitoring system, the devices can provide an entry point to access the network.

    IoT and ICS devices are functionally diverse and may include more mature solutions that have been acquired many times over. There are a wide variety of protocols that may not be recognized by vulnerability scanners as safe to operate in your environment. Many of these solutions will be agentless and may not be picked up by scanners on the network. Without knowing these devices exist or understanding the data traffic patterns, protecting the devices, data, and systems they’re attached to becomes challenging.

    Discovery and vulnerability scanners tuned specifically for IoT to look for and allow unusual protocols and traffic patterns will enable these devices to operate as designed without being shut down by vulnerability scanners protecting more traditional devices and traffic on an IT network. Orphaned devices can be found and removed. Solutions that will provide detailed asset inventories and network topologies will improve vulnerability detection.

    Systems that are air gapped or completely segregated may provide a layer of protection between IoT devices and the corporate network, but this may create additional difficulties in vulnerability assessment, identifying and responding to active threats, or managing the operational side. Additionally, if there are still functional connections between these systems for traffic to flow back to central repositories, operational systems, or remote connections, there are still potential threats.

    If security controls are not yet documented, see Info-Tech’s related blueprints:

    Relevant Research: Diagnostic:

    Align risk assessments to your existing risk registry, to quickly approve low-risk solutions and mitigate high risk

    Work with the business owner to understand how these systems are designed to work. Tracking normal patterns of behavior and traffic flow may be key to fine-tuning security settings to accommodate these solutions and prevent false positive shutdowns, especially if using automated remediation. Is the business owner identified, and will they be accessible throughout the lifecycle of the solution?

    Physical security: Will these systems be accessible to the public, and can they be secured in a way to minimize theft and vandalism? Will they require additional housing or waterproofing? Could access be completely secured? For example, could anyone access and install malware on a disconnected camera’s SD card?

    Security settings: For ease of service and installation, a vendor may use default security settings and passwords. This can create easy access for hackers to access the network and access sensitive data. Is there a possibility of IP theft though access by sensors? Determine who will have remote access to the system, and if the vendor will be supporting the system, will they be using least privilege or zero trust models? Determine their adherence to your security policy.

    Internet and network access and monitoring: Review connectivity and data transmission requirements and whether these can be accommodated in a way that balances security with operational needs. Will there be a need for air gapping, firewalls, or secure tunnelling, and will these solutions allow for discovery and monitoring? Can the vendor guarantee there are no back doors built into the code? Will the system be monitored for unauthorized access and activity, and what is the response process? Can it be integrated into your security operations center?

    Failover state: IoT devices with actuators or that may impact health and safety will need to be examined. Can you ensure actions in event of a failure will not be negatively impactful? For example, a door that locks on failover and cannot be opened from the inside will create safety risks; however, a door that opens on failover could result in theft of property or IP. Who controls and can access these settings?

    Firmware updates: Assess the history of updates released by the vendor and determine how these updates are sent to the devices and validated. Ensure the product has been developed using trusted platforms with security lifecycle models. Many devices will have embedded security solutions. Ensure these can be integrated into organizational security solutions and risk mitigation strategies.

    Enterprise IoT strategy will require a focus on privacy and risk

    Data aggregation creates new privacy concerns as data may be used outside of the original project parameters. The change of scope will need to be evaluated to determine personally identifiable information and what new issues it can create for the program, organization, and your audience.

    As a point solution, IoT provides a means to collect large amounts of data and, if actuators are completing tasks, act quickly. When determining the use case for IoT and best fit solutions, it’s important to think about what data needs to be collected and what actions will need to be coordinated.

    As the need for more than just a few IoT solutions surfaces, the complexity and potential usefulness of data increases. This can lead to significant changes to the scope of data collection, storage, and analysis, and may lead to unintended consequences.

    Questions to ask your vendors:
    1. Where may there be physical access to sensors and a possibility of theft, and can the data be encrypted?
    2. What type of information is captured by sensors and stored in the solution?
    3. Where is personally identifiable information captured, and where is it stored? How will you meet regulatory requirements such as GDPR? Where does the data fit within existing retention policies, and how long should it be kept?
    4. Will there be a need to post signage or update privacy statements in response to the information being collected?

    If data classification, privacy, and security controls are not yet documented, see Info-Tech’s related blueprints:

    Relevant Research:

    Don’t make assumptions about the type of data gathered with devices – ask the vendor to clearly state how and what is collected

    Carefully review how this information can be used by machine learning, in combination with other solutions, and if there is a possibility of unintended consequences that will create issues for your customers and therefore your own data sets.

    Look for ways of capturing information that will meet your business requirements while mitigating risk of capturing personally identifiable information. Examples would be LiDAR to capture movement instead of video, or AI to blur faces or license plate numbers at time of image capture.

    This chart identifies data collected by smartphone accelerometers which could be used to identify and profile an individual and understand their behaviors.

    Mobile device accelerometer data

    Table of Mobile device accelerometer data with columns 'Detection of sound vibrations', 'Body movements', and 'Motion trajectory of the device', and a key for color-coding labelling purple items as 'Health', yellow items as 'Personality traits, moods & emotions', and green items 'Identification'.
    Overview of sensitive inferences that can be drawn from accelerometer data. (Source: Association for Computing Machinery, 2019.)

    2.4 Exercise – Privacy & Security specialists: Define criteria for assessing proposals and projects

    1-2 hours

    Input: Process documentation for evaluating new technology, Data governance documents

    Output: Interview questions and assessment criteria for Privacy & Security specialists

    Materials: Whiteboard/flip charts, IoT Solution Playbook

    Participants: Steering committee, which may include: Business analyst or business relationship manager, IT executive, Senior data specialist, Senior business executive(s), Privacy & Security senior staff, Infrastructure & Operations senior staff

    1. Review template for the IoT Solution Playbook to ensure it meets your needs; modify as necessary.
    2. Identify the questions that will need to be asked of the solution to ensure security and privacy needs will be met.
    3. Additional questions may help to:
      1. Identify biggest risks created by a large influx of sensors and additional vendors.
      2. Identify options for mitigating risks for privacy and regulatory requirements.

    This initial review is designed to identify risks to data ownership or integrity and ensure data is available for additional uses as deemed appropriate to the organizational goals. This assessment is designed to find major flaws and to mitigate and integrate should the project be approved as viable.

    Download the IoT Solution Playbook

    Review infrastructure requirements to proactively engage with vendors

    A modernized architecture will provide needed flexibility for onboarding new IoT solutions as well as providing the structure to collect, transport, and house data; however, not everything will be on the network. Knowing requirements for integrations, communications, and support will eliminate surprises during implementation.

    The supporting applications will be collecting and analyzing data for each of these solutions, with most being hosted on public clouds or privately by the vendor. Access to the applications for data collection may require APIs or other middleware to transfer data outside of their application. Data transfer may be unimportant if the data collected will stand alone and never be integrated to other systems, but it will be critical if IoT plans include retrieving, aggregating, and analyzing data from most systems. If these systems are closed, determine the process to get this information, whether it’s through scheduled exports or batch transfers.

    Determine if data will be backed up by the vendor or if backups are the responsibility of your team. Work with the business owner to better understand business continuity requirements to plan appropriately for data transmission, storage, and archiving.

    Network and communications will vary dramatically depending on where sensors and actuators are located. On-premises solutions may rely on Wi-Fi on your network or may require an air-gapped or segregated network. External sensors may rely on public Wi-Fi, cellular, or satellite, and this may impact reliability and serviceability. If manual data collection is required, such as collecting SD cards on trail cams, who will be responsible, and will they have the tools and data repository they need to upload data manually? Are you able to work with the vendor to estimate traffic on these networks, and how will that impact costs for cellular or satellite service?

    Investigate power requirements. On-premises solutions may require additional wiring, but if using wind or solar, what is the backup? If using batteries, what is the expected lifespan? Who will be monitoring, and who will be changing the batteries?

    Determine monitoring requirements. Who should be responsible for performance monitoring, outages, data transmission, and validation? Is this a vendor premium service or a process to manage in-house? If managed by the vendor, discuss required SLAs and their ability to meet them.

    If your organization is dealing with technical debt and older architecture which could prevent progress, see Info-Tech’s related blueprints to build out the foundation.

    Relevant Research:

    Determine operational readiness to support and secure IoT solutions

    Availability and capacity planning, business continuity planning, and management of all operational and support requirements will need to be put in place. Execution of controls, maintenance plans, and operational support will be required to mitigate risks and reduce value of the solutions.

    One of the biggest challenges organizations that have already adopted IoT face is management of these systems. Without an accurate inventory, it’s impossible to know how secure the IoT systems are. Abandoned sensors, stolen cameras, and old and unpatched firmware all contribute to security risks.

    Existing asset management solutions may provide the right solution, but they are limited in many cases by the discovery tools in place. Many discovery tools are designed to scan the network and may not have access to segregated or air-gapped networks or a means to access anything in the cloud or requiring remote access. Evaluate the effectiveness of current tools, and if they prove to be inadequate, look for solutions that are geared specifically to IoT as they may provide additional useful management capabilities.

    IoT management tools will provide more than just inventory. They can discover IoT devices in a variety of environments, possibly adding micro-agents to access device attributes such as name, type, and date of build, and allowing metadata and tags to be added. Additionally, these solutions will provide the means to deploy firmware updates, change configuration settings, send notifications if devices are taken offline, and run vulnerability assessments. Some may even have diagnostics tools for troubleshooting and remediation.

    If operational processes aren’t in place, see Info-Tech’s related blueprints to build out the foundation.

    Relevant Research: Diagnostic:

    Identify what needs to happen to onboard these solutions into your support portfolio

    Evaluate support options to determine the best way to support the business. Even if support is completely outsourced, a support plan will be critical for holding vendors to account, bringing support in-house if support doesn’t meet your needs, and understanding dependencies while navigating through incidents and problem- and change-enablement processes.

    Regular maintenance for your team may include battery swaps, troubleshooting camera outages or intermittent sensors, or deploying patches. Understand the support requirements for the product lifecycle and who will be responsible for that work. If the vendor will be applying patches and upgrading firmware, get clarity on how often and how they’ll be deployed and validated. Ask the vendor about support documentation and offerings.

    Determine the best ways of collecting inventory on the solution. Determine what the solution offers to help with this process; however, if the project plan requires specific location details to add sensors, the project list may be the best way to initially onboard the sensors into inventory.

    Determine if warranty offerings are an appropriate solution for devices in each project, to schedule and record appropriate maintenance details and plan replacements as sensors reach end of life. Document dependencies for future planning.

    Stock image of an electrical worker fixing a security camera.

    2.5 Exercise – Infrastructure & Operations specialists: Define criteria for assessing proposals and projects

    1-2 hours

    Input: Process documentation for evaluating new technology, Data governance documents

    Output: Interview questions and assessment criteria for Infrastructure & Operations specialists

    Materials: Whiteboard/flip charts, IoT Solution Playbook

    Participants: Steering committee, which may include: Business analyst or business relationship manager, IT executive, Senior data specialist, Senior business executive(s), Privacy & Security senior staff, Infrastructure & Operations senior staff

    1. Review template for the IoT Solution Playbook to ensure it meets your needs; modify as necessary.
    2. Identify the questions that will need to be asked of the solutions to ensure the solutions can be integrated into the existing environment and operational processes.
    3. Additional questions may help to:
      1. Reduce risks and project failures from solutions that will be difficult to integrate or secure.
      2. Improve project planning for projects that are often driven by the vendor and the business.
      3. Reduce operational risks due to lack of integration with asset and operational processes.

    This initial review is designed to identify risks to data ownership or integrity and ensure data is available for additional uses as deemed appropriate to the organizational goals. This assessment is designed to find major flaws and to mitigate and integrate should the project be approved as viable.

    Download the IoT Solution Playbook

    2.6 Exercise: Define service objectives and evaluation process

    1 hour

    Input: List of criteria in the playbook, Understanding of resource availability of solution evaluators

    Output: Steering committee criteria for progressing projects through the process

    Materials: Whiteboard/flip charts, IoT Steering Committee Charter workbook

    Participants: Steering committee, which may include: Business analyst or business relationship manager, IT executive, Senior data specialist, Senior business executive(s), Privacy & Security senior staff, Infrastructure & Operations senior staff

    Now that you’ve defined the initial review requirements, meet as a group once more to finalize the process for reviewing requests. Look for ways to speed the process, including asynchronous communications and reviews. Consider meeting as a group for any solutions that may be deemed high risk or highly complex.

    1. Agree on what can be identified as a reasonable SLA to respond to the business on these requests.
    2. Agree on methods of communication between committee members and the business.
    3. Determine the criteria for determining when a proof of value should be initiated, and who will lead the process.

    Download the IoT Steering Committee Charter

    Create and Implement an IoT Strategy

    Phase 3

    Prepare for a Proof of Value

    Steering Committee

    1.1 Define the committee’s roles and responsibilities in the IoT Steering Committee Charter

    1.2 Define the IoT steering committee’s vision statement and mandates

    1.3 Define procedures for reviewing proposals and roles and responsibilities

    Intake Process

    2.1 Define requirements for requesting new IoT solutions

    2.2 Define procedures for reviewing proposals and projects – BA/BRM

    2.3 Define procedures for reviewing proposals and projects – Data specialists

    2.4 Define procedures for reviewing proposals and projects – Privacy & Security

    2.5 Define procedures for reviewing proposals and projects – Infrastructure & Operations

    2.6 Define service objectives and evaluation process

    Proof of Value

    3.1 Determine the criteria for running a proof of value

    3.2 Define the template and process for running a proof of value

    This phase will provide the following activities

    • Create proof of value criteria
    • Create proof of value template

    A proof of value can quickly help you prove value or fail fast

    Investing a small amount of time and money up front will validate the possibility of your proposed solution.

    A proof of value will require a vision and definition of your criteria for success, which will be necessary to determine if the project should go ahead. It should take no longer than three months and may be as short as a week.

    When should you run a proof of value?

    • When it is difficult to confirm that the solution is fit for purpose.
    • When the value of the solution is indeterminate.
    • When the solution is early in its lifecycle and not widely proven in the marketplace.
    • When scalability is questionable or unproven.
    • When the solution requires customization or configuration.

    Info-Tech Insight
    Where a solution is well known in the market, requires minimal customization, and is proven to be fit for purpose, a shorter evaluation or conversations with reference clients or partners may be all that is necessary.

    Table titled 'Reasons IoT proof of value projects fail'. There is a column for type of project (ie Scaling, Business, etc), one for reasons, and one for percentages.
    (Microsoft IoT Signals Report 2020, n= 3,000 IT Professionals)

    3.1 Exercise: Define the criteria for running a proof of value

    1 hour

    Input: Agreement of steering committee members to create a process to mitigate risk for complex solutions.

    Output: Proof of value template for use as appropriate to evaluate IoT solutions.

    Materials: IoT Solution Playbook

    Participants: Steering committee, which may include: Business analyst or business relationship manager, IT executive, Senior data specialist, Senior business executive(s), Privacy & Security senior staff, Infrastructure & Operations senior staff

    1. As a group, review the circumstances for when to run a proof of value.
    2. Determine who will help to build the proof of value plan.
    3. Determine requirements for participation in the proof of value process. Consider project size, complexity and risk and visibility.

    Download IoT Solution Playbook

    Design your proof of value to test the viability of the solution

    Engage the right stakeholders early to gather feedback and analysis and determine suitability

    Determine the proof of value methodology to ensure plan allows for fast testing
    • Go back to the original request: What are the goals for implementing this solution? Has this been clearly defined with criteria for success?
    • Define the technical team that will configure the solution, including vendors and technicians. Ensure the vendor fully understands your use cases and goals. Identify the level of support you’ll need to be implement and assess the solution.
    • Define the testing team, including technical and business users. Complete a journey map if needed to define the use case(s) at the right level of detail.
    • Ensure the test use case(s) have been defined and they all agree on the definition of success.
    • Make sure the team is available to do the testing and provide feedback, as high adoption will improve feedback which will be critical to successfully implementing the full solution.
    • Determine how to evaluate scalability with process, resources, and capacity.
    • Evaluate the risks and obstacles to reject the solution or mitigate and prevent scope creep.
    • Evaluate the vendor’s roadmap, training materials, and technical support options.

    Info-Tech Insight

    Additional information on building out a process for testing new technology can be found in the blueprint: Exploit Disruptive Infrastructure Technology.

    “Although scope creep is not the only nemesis a project can have, it does tend to have the farthest reach. Without a properly defined project and/or allowing numerous changes along the way, a project can easily go over budget, miss the deadline, and wreak havoc on project success.” (University Alliance, Villanova University)

    Define your objectives for the proof of value

    Referencing documents submitted to the committee, continue to refine the problem statement.

    Objectives are a key first step to show the solution will meet your needs.
    • Every technology is designed to solve a problem faced by somebody somewhere. For each technology that your team has decided to move forward with, identify and clearly state the problem it would solve.
    • A clear problem statement is a crucial part of a new technology’s business case. It is impossible to earn buy-in from the rest of the organization without demonstrating the necessity of a solution.
    • Perfection is impossible to achieve, especially during a proof of value (POV). However, knowing the pain points of the way things are done without this technology, and noting a reduction in pain and increase in efficiency and accuracy of data gathering will help in the initial feedback of the tests. Ensure the proof of value includes data validation to test accuracy.

    Info-Tech Insight

    Know your metrics going into the proof of value. Document performance, quality, and time to do the work and compare to metrics in the proof of value. Agree on what success looks like, to ensure that improvements are substantial enough to justify the expense and effort of implementing the solution.

    Questions to consider:
    • What are the project’s goals?
    • What is the desired future state?
    • What problems must be solved to call the POV a viable solution?
    • Where will the project be rolled out? Are there any concerns about communications and power that may need to be addressed?
    • Are there any risks to watch for?

    Info-Tech Insight

    Be sure to avoid scope creep! Remember: the goal of the proof of value project is to produce a minimum case for viability in a carefully defined area. Reserve a detailed accounting of costs and benefits for after the proof of value stage.

    Define use cases to test against current methods

    Outline the solution to the problem

    Determine how the solution should perform in completing tasks. Be careful not to focus too heavily on how things are done today: You’re looking for dramatic improvements, not going back to existing workarounds.
    • The use case will help to define the scope of the project, define adjacent use cases or tasks that will be out of scope, and to contain the test to a reasonable effort and time frame, while still testing core functionality.
    • Map processes based on expectations of how the solution should work, and compare these to the way things are done today. Identify if there are obvious improvements to the existing processes that if done, would change the existing results significantly. Take this into account when reviewing results. (This will also be useful if the project isn’t approved or is delayed.)
    • Identify where tasks and data collection will be automated and where they will need to stay manual or require additional integrations or solutions such as RPA. These other solutions may not factor into the proof of value but will need to be identified on the solution roadmap if it goes ahead.

    Blocks with arrows in between them, like an example of a step progression.

    Define steps to reach these goals today:
    • Discuss steps to completion
    • Effort to collect data
    • Effort to validate and correct data
    • Effort and ability to use the data for decision making, understanding your customers, and process improvements
    • Quality of data available with current methods compared to quality and volume of data using an IoT solution

    Determine the appropriate project team

    Bring in team members from the business and technical sides to test for those functions that matter most to each team. This effort will enable them to quickly identify risks and mitigate them as part of the product rollout or start the process to look at alternative solutions.
    • Stakeholders: Anyone who is impacted by the new technology and who will end up using, approving, or implementing it. Identify team members who will be willing and able to test the systems for data quality, collection, and workflow improvements.
    • Data analysts: Include someone who can validate the usefulness of data to meet the needs of the organization.
    • Security & Privacy: Include these team members to validate their expectations of how privacy and security needs can be met.
    • Infrastructure & Operations: These team members can test integrations, data collections, traffic flow, etc.
    • Vendor: Discuss what part the vendor can play in setting up the solution for running the proof of value.
    • Other business units: Identify business units that could benefit or be impacted by this solution. Invite them to participate in the roof of value, but remember to contain scope.
    Leverage the insights of the diverse working group
    • Processes are designed to transform inputs into outputs. All business activities can be mapped into processes.
    • A process map illustrates the sequence of actions and decisions that transform an input into an output.
    • Effective mapping gives managers an “aerial” view of the company’s processes, making it easier to identify inefficiencies, reduce waste, and ultimately streamline operations.
    • To identify business processes, have group members familiar with the affected business units identify how jobs are typically accomplished within those units.
    • Ensure they have the time to test the solution and provide valid feedback.

    Estimate the resources required for the pilot

    Time, money, technology, resources

    The benefit of running a proof of value is to make a decision on viability of a solution without the expense of implementing a full solution. This isn’t necessary for low-risk, highly proven solutions, which could be validated with references instead.

    Estimate

    Estimate the number of hours needed to implement the proof of value.

    Estimate

    Estimate the hours needed for business users to test.

    Estimate

    Estimate the costs of technology. If the solution can be run in a vendor sandbox or in a test/dev instance in the cloud, you may be able to keep these costs very low.

    Determine

    Determine the appropriate number of devices to test in multiple locations and environments; work with the vendor to see if they have evaluation devices or discounts for proof of value purposes.

    Conduct a post-proof of value review to finalize the decision to move forward

    Gather evaluators together to ensure the pilot team completed their assessments. A common failure of pilots is making assumptions around the level of participation that has taken place.
    • The core working group is responsible for producing a vision of the future and outlining new technology’s disruptive potential. The actual implementation of the proof of value (purchasing the hardware, negotiating the SLA with the vendor) is beyond the committee’s responsibilities.
    • If the proof of value goes ahead, the facilitator should block some time to evaluate the completed project against the key performance indicators identified in the initial plan.
    • Use the Proof of Value Template section of the IoT Solution Playbook to document POV requirements as well as finalizing the feedback loop.
    • Determine ratings for the proof of value to identify which solutions are not viable and which levels of viability are worth moving forward. Some viable solutions may need a different vendor, and some may need customization or multiple integrations. This is important for the project team to move ahead with the implementation.
    • Encourage everyone to provide enough feedback on the various processes to be confident in their declarations of worthiness and to confirm the proof of value was thorough.
    • Communicate your working group’s findings and success to a wide audience to gain interest in IoT solutions as well as to encourage the business to work with the committee to integrate solutions into the governance and operational structure.

    3.2 Exercise: Create a template for designing a proof of value

    1-3 hours

    Input: Agreement of steering committee members to create a process to mitigate risk for complex solutions

    Output: Proof of value template for use as appropriate to evaluate IoT solutions

    Materials: Whiteboard/flip charts, IoT Solution Playbook

    Participants: Steering committee, which may include: Business analyst or business relationship manager, IT executive, Senior data specialist, Senior business executive(s), Privacy & Security senior staff, Infrastructure & Operations senior staff

    1. As a group, review the Proof of Value Template section of the IoT Solution Playbook to determine if it will meet the needs of your business and technical groups.
    2. Determine who will work with the business to create the proof of value plan.
    3. Modify the template to suit your needs, keeping in mind a need for clarity of purpose, communications throughout the POV, and clearly stated goals and definitions of success.
    4. Set a target timeframe to run the POV, preferably no longer than 90 days.
    5. Determine appropriate steps to take for POVs that do not garner the expected participation to qualify a solution to move forward.
    6. Determine appropriate reporting for the evaluation process.

    Download IoT Solution Playbook

    Communications

    As with any new product, marketing and communications will be an important first step in letting the business know how to engage IT in its assessments of IoT innovations. As these solutions prove themselves, or even as you help the business to find better solutions, share your successes with the rest of the organization.

    Business units are already being courted by the vendors, so it’s up to IT to insert themselves in the process in a way that helps improve the success of the business team while still meeting IT’s objectives.

    Your customers will not willingly engage in highly bureaucratic processes and need to see a reason to engage.

    1. Keep the intake process simple.
    2. Provide support to answer the tough questions.
    3. Be clear on the benefits to the organization and the business unit by engaging with your group, and be clear about how you will help within a reasonable time frame.
      • IT will help navigate the vendor prerequisites, contracts, and product setup.
      • IT will assume some of the responsibility for the solution, especially around security and privacy.
      • The business unit will reap the rewards of the solution with minimal operational effort.

    Info-Tech Insight

    Consider building your playbook into your service catalog to make it easy for business users to start the request process. From there, you can create workflows and notifications, track progress, set and meet SLAs, and enable efficient asynchronous communications.

    Research Contributors and Experts

    Photo of John Burwash, Senior Director, Executive Services, Info-Tech Research Group.

    John Burwash
    Senior Director, Executive Services
    Info-Tech Research Group

    INFO~TECH RESEARCH GROUP

    Info-Tech Research Group is an IT research and advisory firm with over 23 years of experience helping enterprises around the world with managing and improving core IT processes. They write highly relevant and unbiased research to help leaders make strategic, timely, and well-informed decisions.

    External contributors
    4 external contributors have asked to remain anonymous.

    Photo of Jennifer Jones, Senior Research Advisor, Industry, Info-Tech Research Group.

    Jennifer Jones
    Senior Research Advisor, Industry
    Info-Tech Research Group

    Photo of Aaron Shum, Vice President, Security, Privacy & Risk, Info-Tech Research Group.

    Aaron Shum
    Vice President, Security, Privacy & Risk
    Info-Tech Research Group

    Photo of Rajesh Parab, Research Director, Applications, Data & Analytics, Info-Tech Research Group.

    Rajesh Parab
    Research Director, Applications, Data & Analytics
    Info-Tech Research Group

    Photo of Frank Sargent, Senior Director Practice Lead, Security, Privacy & Risk, Info-Tech Research Group.

    Frank Sargent
    Senior Director Practice Lead, Security, Privacy & Risk
    Info-Tech Research Group

    Photo of Scott Young, Principal Research Advisor, Infrastructure, Info-Tech Research Group.

    Scott Young
    Principal Research Advisor, Infrastructure
    Info-Tech Research Group

    Photo of Rocco Rao, Director, Research Advisor, Industry, Info-Tech Research Group.

    Rocco Rao
    Director, Research Advisor, Industry
    Info-Tech Research Group

    Bibliography

    Ayyaswamy, Regu, et al. “IoT Is Enabling Enterprise Strategies for New Beginnings.” Tata Consulting Services, 2020. Web.

    “Data Volume of Internet of Things (IoT) Connections Worldwide in 2019 and 2025.” Statistia, 2020.

    Dos Santos, Daniel, et al. “Cybersecurity in Building Automation Systems (BAS).” Forescout, 2020. Web.

    Earle, Nick. “Overcoming the Barriers to Global IoT Connectivity: How Regional Operators Can Reap Rewards From IoT.” IoTNow, 30 June 2021. Web.

    Faludi, Rob. “How Do IoT Devices Communicate?” Digi, 26 Mar. 2021. Web.

    Halper, Fern, and Philip Russom. “TDWI IoT Data Readiness Guide, Interpreting Your Assessment Score.” Cloudera, 2018. Web.

    Horwitz, Lauren. “IoT Enterprise Deployments Continue Apace, Despite COVID-19.” IoT World Today, 22 Apr. 2021.

    “How Does IoT Data Collection Work?” Digiteum, 13 Feb. 2020. Web.

    “IoT Data: How to Collect, Process, and Analyze Them.” Spiceworks, 26 Mar. 2019. Web.

    IoT Signals Report: Edition 2, Hypothesis Group for Microsoft, Oct. 2020. Web.

    King, Stacey. “4 Key Considerations for Consistent IoT Manageability and Security.” Forescout, 22 Aug. 2019. Web.

    Krämer, Jurgen. “Why IoT Projects Fail and How to Beat the Odds.” Software AG, 2020. Web.

    Kröger, Jacob Leon, et al. “Privacy Implications of Accelerometer Data: A Review of Possible Inferences” ICCSP, Jan. 2019, pp. 81-7. Web.

    Manyika, James, et al. “Unlocking the Potential of the Internet of Things.” McKinsey Global Institute, 1 June 2015. Web.

    Ricco, Emily. “How To Run a Successful Proof of Concept – Lessons From Hubspot.” Filtered. Web.

    Rodela, Jimmy. “The Blueprint, Your Complete Guide to Proof of Concept.” Motley Fool, 2 Jan 2021. Web.

    Sánchez, Julia, et al. “An Integral Pedagogical Strategy for Teaching and Learning IoT Cybersecurity.” Sensors, vol. 20, no. 14, July 2020, p. 3970.

    The IoT Generation of Vulnerabilities. SC Media, 2020. E-book.

    Woods, James P., Jr. “How Consumer IoT Devices Can Break Your Security.” HPE, 2 Nov. 2021.

    Advisory Call Outline: Software Selection Engagement

    • Buy Link or Shortcode: {j2store}609|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Selection & Implementation
    • Parent Category Link: /selection-and-implementation
    • Selection takes forever. Traditional software selection drags on for years, sometimes in perpetuity.
    • IT is viewed as a bottleneck and the business has taken control of software selection.
    • “Gut feel” decisions rule the day. Intuition, not hard data, guides selection, leading to poor outcomes.
    • Negotiations are a losing battle. Money is left on the table by inexperienced negotiators.
    • Overall: Poor selection processes lead to wasted time, wasted effort, and applications that continually disappoint.

    Our Advice

    Critical Insight

    • Adopt a formal methodology to accelerate and improve software selection results.
    • Improve business satisfaction by including the right stakeholders and delivering new applications on a truly timely basis.
    • Kill the “sacred cow” requirements that only exist because “it’s how we’ve always done it.”
    • Forget about “RFP” overload and hone in on the features that matter to your organization.
    • Skip the guesswork and validate decisions with real data.
    • Take control of vendor “dog and pony shows” with single-day, high-value, low-effort, rapid-fire investigative interviews.
    • Master vendor negotiations and never leave money on the table.

    Impact and Result

    • Improving software selection is a critical project that will deliver huge value.
    • Hit a home run with your business stakeholders: use a data-driven approach to select the right application vendor for their needs – fast.
    • Shatter stakeholder expectations with truly rapid application selections.
    • Boost collaboration and crush the broken telephone with concise and effective stakeholder meetings.
    • Lock in hard savings and do not pay list price by using data-driven tactics.

    Advisory Call Outline: Software Selection Engagement Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Advisory Call Outline

    Info-Tech's expert analyst guidance will help you save money, align stakeholders, and speed up the application selection process.

    • Advisory Call Outline: Software Selection Engagement Deck

    2. Workshop Overview

    Info-Tech's workshop will help you implement a repeatable, data-driven approach that accelerates software selection efforts.

    • Rapid Software Selection Workshop Overview
    [infographic]

    Define Your Digital Business Strategy

    • Buy Link or Shortcode: {j2store}55|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $83,641 Average $ Saved
    • member rating average days saved: 26 Average Days Saved
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • Your organizational digital business strategy sits on the shelf because it fails to guide implementation.
    • Your organization has difficulty adapting new technologies or rethinking their existing business models.
    • Your organization lacks a clear vision for the digital customer journey.
    • Your management team lacks a framework to rethink how your organization delivers value today, which causes annual planning to become an ideation session that lacks focus.

    Our Advice

    Critical Insight

    • Pre-pandemic digital strategies have been primarily focused on automation. However, your post-pandemic digital strategy must focus on driving resilience for growth opportunities.

    Impact and Result

    • Design a strategy that applies innovation to your business model, streamline and transform processes, and make use of technologies to enhance interactions with customers and employees.
    • Use digital for transforming non-routine cognitive activities and for derisking key elements of the value chain.
    • Create a balanced roadmap that improves digital maturity and prepares you for long-term success in a digital economy.

    Define Your Digital Business Strategy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Digital Business Strategy Deck – A step-by-step document that walks you through how to identify top value chains and a digitally enabled growth opportunity, transform stakeholder journeys, and build a digital transformation roadmap.

    This blueprint guides you through a value-driven approach to digital transformation that allows you to identify what aspects of the business to transform, what technologies to embrace, what processes to automate, and what new business models to create. This approach to digital transformation unifies digital possibilities with your customer experiences.

    • Define Your Digital Business Strategy – Phases 1-4

    2. Digital Business Strategy Workbook – A tool to guide you in planning and prioritizing projects to build an effective digital business strategy.

    This tool guides you in planning and prioritizing projects to build an effective digital business strategy. Key activities include conducting a horizon scan, conducting a journey mapping exercise, prioritizing opportunities from a journey map, expanding opportunities into projects, and lastly, building the digital transformation roadmap using a Gantt chart visual to showcase project execution timelines.

    • Digital Strategy Workbook

    3. Digital Business Strategy Final Report Template – Use this template to capture the synthesized content from outputs of the activities.

    This deck is a visual presentation template for this blueprint. The intent is to capture the contents of the activities in a presentation PowerPoint. It uses sample data from “City of X” to demonstrate the digital business strategy.

    • Digital Business Strategy Final Report Template
    [infographic]

    Workshop: Define Your Digital Business Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Two Existing Value Chains

    The Purpose

    Understand how your organization creates value today.

    Key Benefits Achieved

    Identify opportunities for digital transformation in how you currently deliver value today.

    Activities

    1.1 Validate business context.

    1.2 Assess business ecosystem.

    1.3 Identify and prioritize value streams.

    1.4 Break down value stream into value chains.

    Outputs

    Business context

    Overview of business ecosystem

    Value streams and value chains

    2 Identify a Digitally Enabled Growth Opportunity

    The Purpose

    Leverage strategic foresight to evaluate how complex trends can evolve over time and identify opportunities to leapfrog competitors.

    Key Benefits Achieved

    Identify a leapfrog idea to sidestep competitors.

    Activities

    2.1 Conduct a horizon scan.

    2.2 Identify leapfrog ideas.

    2.3 Identify impact to existing or new value chains.

    Outputs

    One leapfrog idea

    Corresponding value chain

    3 Transform Stakeholder Journeys

    The Purpose

    Design a journey map to empathize with your customers and identify opportunities to streamline or enhance existing and new experiences.

    Key Benefits Achieved

    Identify a unified view of customer experience.

    Identify opportunities to automate non-routine cognitive tasks.

    Identify gaps in value delivery.

    Improve customer journey.

    Activities

    3.1 Identify stakeholder persona.

    3.2 Identify journey scenario.

    3.3 Conduct one journey mapping exercise.

    3.4 Identify opportunities to improve stakeholder journey.

    3.5 Break down opportunities into projects.

    Outputs

    Stakeholder persona

    Stakeholder scenario

    Journey map

    Journey-based projects

    4 Build a Digital Transformation Roadmap

    The Purpose

    Build a customer-centric digital transformation roadmap.

    Key Benefits Achieved

    Keep your team on the same page with key projects, objectives, and timelines.

    Activities

    4.1 Prioritize and categorize initiatives.

    4.2 Build roadmap.

    Outputs

    Digital goals

    Unified roadmap

    Further reading

    Define Your Digital Business Strategy

    After a major crisis, find your place in the digital economy.

    Info-Tech Research Group

    Info-Tech is a provider of best-practice IT research advisory services that make every IT leader’s job easier.

    35,000 members sharing best practices you can leverage

    Millions spent developing tools and templates annually

    Leverage direct access to over 100 analysts as an extension of your team

    Use our massive database of benchmarks and vendor assessments

    Get up to speed in a fraction of the time

    Analyst Perspective

    Build business resilience and prepare for a digital economy.

    This is a picture of Senior Research Analyst, Dana Daher

    Dana Daher
    Senior Research Analyst

    To survive one of the greatest economic downturns since the Great Depression, organizations had to accelerate their digital transformation by engaging with the Digital Economy. To sustain growth and thrive as the pandemic eases, organizations must focus their attention on building business resilience by transforming how they deliver value today.
    This requires a value-driven approach to digital transformation that is capable of identifying what aspects of the business to transform, what technologies to embrace, what processes to automate, and what new business models to create. And most importantly, it needs to unify digital possibilities with your customer experiences.
    If there was ever a time for an organization to become a digital business, it is today.

    Executive Summary

    Your Challenge

    • Your organization has difficulty adapting new technologies or rethinking the existing business models.
    • Your management lacks a framework to rethink how your organization delivers value today, which causes annual planning to become an ideation session that lacks focus.
    • There is uncertainty on how to meet evolving customer needs and how to compete in a digital economy.

    Common Obstacles

    • Your organization might approach digital transformation as if we were still in 2019, not recognizing that the pandemic resulted in a major shift to an end-to-end digital economy.
    • Your senior-most leadership thinks digital is "IT's problem" because digital is viewed synonymously with technology.
    • On the other hand, your IT team lacks the authority to make decisions without the executives’ involvement in the discussion around digital.

    Info-Tech’s Approach

    • Design a strategy that applies innovation to your business model, streamline and transform processes, and make use of technologies to enhance interactions with customers and employees.
    • Use digital for transforming non-routine cognitive activities and for de-risking key elements of the value chain.
    • Create a balanced roadmap that improves digital maturity and prepares you for long-term success in a digital economy.

    Info-Tech Insight

    After a major crisis, focus on restarting the growth engine and bolstering business resilience.

    Your digital business strategy aims to transform the business

    Digital Business Strategy

    • Looks for ways to transform the business by identifying what technologies to embrace, what processes to automate, and what new business models to create.
    • Unifies digital possibilities with your customer experiences.
    • Accountability lies with the executive leadership.
    • Must involve cross-functional participation from senior management from the different areas of the organization.

    IT Strategy

    • Aims to identify how to change, fix, or improve technology in support of the organization’s business strategy.
    • Accountability lies with the CIO.
    • Must involve IT management and gather strategic input from the business.

    Becoming a digital business

    Automate tasks to free up time for innovation.

    Business activities (tasks, procedures, and processes, etc.) are used to create, sell, buy, and deliver goods and services.

    When we convert information into a readable format used by computers, we call this digitization (e.g. converting paper into digital format). When we convert these activities into a format to be processed by a computer, we have digitalization (e.g. scheduling appointments online).

    These two processes alter how work takes place in an organization and form the foundation of the concept digital transformation.

    We maintain that digital transformation is all about becoming a “digital business” – an organization that performs more than 66% of all work activities via executable code.

    As organizations take a step closer to this optimal state, new avenues are open to identify advances to promote growth, enhance customer experiences, secure sustainability, drive operational efficiencies, and unearth potential future business ventures.

    Key Concepts:

    Digital: The representation of a physical item in a format used by computers

    Digitization: Conversion of information and processes into a digital format

    Digitalization: Conversion of information into a format to be processed by a computer

    Why transform your business?

    COVID-19 has irrefutably changed livelihoods, businesses, and the economy. During the pandemic, digital tools have acted as a lifeline, helping businesses and economies survive, and in the process, have acted as a catalyst for digital transformation.

    As organizations continue to safeguard business continuity and financial recovery, in the long term, recovery won’t be enough.

    Although many pandemic/recession recovery periods have occurred before, this next recovery period will present two first-time challenges no one has faced before. We must find ways to:

    • Recover from the COVID-19 recession.
    • Compete in a digital economy.

    To grow and thrive in this post-pandemic world, organizations must provide meaningful and lasting changes to brace for a future defined by digital technologies. – Dana Daher, Info-Tech Research Group

    We are amid an economic transformation

    What we are facing today is a paradigm shift transforming the ways in which we work, live, and relate to one another.

    In the last 60 years alone, performance and productivity have been vastly improved by IT in virtually all economic activities and sectors. And today, digital technologies continue to advance IT's contribution even further by bringing unprecedented insights into economic activities that have largely been untouched by IT.

    As technological innovation and the digitalization of products and services continue to support economic activities, a fundamental shift is occurring that is redefining how we live, work, shop, and relate to one another.

    These rapid changes are captured in a new 21st century term:

    The Digital Economy.

    90% of CEOs believe the digital economy will impact their industry. But only 25% have a plan in place. – Paul Taylor, Forbes, 2020

    Analyst Perspective

    Become a Digital Business

    this is a picture of Research Fellow, Kenneth McGee

    Kenneth McGee
    Research Fellow

    Today, the world faces two profoundly complex, mega-challenges simultaneously:

    1. Ending the COVID-19 pandemic and recession.
    2. Creating strategies for returning to business growth.

    Within the past year, healthcare professionals have searched for and found solutions that bring real hope to the belief the global pandemic/recession will soon end.

    As progress towards ending COVID-19 continues, business professionals are searching for the most effective near-term and long-term methods of restoring or exceeding the rates of growth they were enjoying prior to 2020.

    We believe developing a digital business strategy can deliver cost savings to help achieve near-term business growth while preparing an enterprise for long-term business growth by effectively competing within the digital economy of the future.

    The Digital Economy

    The digital economy refers to a concept in which all economic activity is facilitated or managed through digital technologies, data, infrastructure, services, and products (OECD, 2020).

    The digital economy captures decades of digital trends including:

    • Declining enterprise computing costs
    • Improvements in computing power and performance; unprecedent analytic capabilities
    • Rapid growth in network speeds, affordability, and geographic reach
    • High adoption rates of PCs, mobile, and other computing devices

    These trends among others have set the stage to permanently alter how buying and selling will take place within and between local, regional, national, and international economies.

    The emerging digital economy concept is so compelling that the world economists, financial experts, and others are currently investigating how they must substantially rewrite the rules governing how taxes, trade, tangible and intangible assets, and countless other financial issues will be assessed and valued in a digital economy.

    Download Info-Tech’s Digital Economy Report

    Signals of Change

    60%
    of People on Earth Use the Internet
    (DataReportal, 2021)
    20%
    of Global Retail Sales Performed via E-commerce
    (eMarketer, 2021)
    6.64T
    Global Business-to-Business
    E-commerce Market
    (Derived from The Business Research Company, 2021)
    9.6%
    of US GDP ($21.4T) accounted for by the digital economy ($2.05T)
    (Bureau of Economic Analysis, 2021)

    The digital economy captures technological developments transforming the way in which we live, work, and socialize

    Technological evolution

    this image contains a timeline of technological advances, from computers and information technology, to the digital economy of the future

    Info-Tech’s approach to digital business strategy

    A path to thrive in a digital economy.

    1. Identify top value chains to be transformed
    2. Identify a digitally enabled growth opportunity
    3. Transform stakeholder journeys
    4. Build a digital transformation roadmap

    Info-Tech Insight

    Pre-pandemic digital strategies have been primarily focused on automation. However, your post-pandemic digital strategy must focus on driving resilience for growth opportunities.

    The Info-Tech difference:

    • Understand how your organization creates value today to identify opportunities for digital transformation.
    • Leverage strategic foresight to evaluate how complex trends can evolve over time and identify opportunities to leapfrog competitors.
    • Design a journey map to empathize with your customers and identify opportunities to streamline or enhance existing and new experiences.
    • Create a balanced roadmap that improves digital maturity and prepares you for long-term success in a digital economy.

    A digital transformation starts by transforming how you deliver value today

    As digital transformation is an effort to transform how you deliver value today, it is important to understand the different value-generating activities that deliver an outcome for and from your customers.

    We do this by looking at value streams –which refer to the specific set of activities an industry player undertakes to create and capture value for and from the end consumer (and so the question to ask is, how do you make money as an organization?).

    Our approach helps you to digitally transform those value streams that generate the most value for your organization.

    Higher Education Value stream

    Recruitment → Admission → Student Enrolment → Instruction & Research → Graduation → Advancement

    Local Government Value Stream

    Sustain Land, Property, and the Environment → Facilitate Civic Engagement → Protect Local Health and Safety → Grow the Economy → Provide Regional Infrastructure

    Manufacturing Value Stream

    Design Product → Produce Product → Sell Product

    Visit Info-Tech’s Industry Coverage Research to identify your industry’s value streams

    Assess your external environment to identify new value generators

    Assessing your external environment allows you to identify trends that will have a high impact on how you deliver value today.

    Traditionally, a PESTLE analysis is used to assess the external environment. While this is a helpful tool, it is often too broad as it identifies macro trends that are not relevant to an organization's addressable market. That is because not every factor that affects the macro environment (for example, the country of operation) affects a specific organization’s industry in the same way.

    And so, instead of simply assessing the macro environment and trying to project its evolution along the PESTLE factors, we recommend to:

    • Conduct a PESTLE first and deduce, from the analysis, what are possible shifts in six characteristics of an organization’s industry, or
    • Proceed immediately with identifying evolutionary trends that impact the organization’s direct market.

    the image depicts the relationship of factors from the Macro Environment, to the Industry/Addressable Market, to the Organization. the macro environmental factors are Political; Economic; Social; Technological; Legal; and Environmental. the Industry/addressable market factors are the Customer; Talent; Regulation; technology and; Supply chain.

    Info-Tech Insight

    While PESTLE is helpful to scan the macro environment, the analysis often lacks relevance to an organization’s industry.

    An analysis of evolutionary shifts in five industry-specific characteristics would be more effective for identifying trends that impact the organization

    A Market Evolution Trend Analysis (META) identifies changes in prevailing market conditions that are directly relevant to an organization’s industry, and thus provides some critical input to the strategy design process, since these trends can bring about strategic risks or opportunities.
    Shifts in these five characteristics directly impact an organization:

    ORGANIZATION

    • Customer Expectations
    • Talent Availability
    • Regulatory System
    • Supply Chain Continuity
    • Technological Landscape

    Capture existing and new value generators through a customer journey map

    As we prioritize value streams, we break them down into value chains – that is the “string” of processes that interrelate that work.

    However, once we identify these value chains and determine what parts we wish to digitally transform, we take on the perspective of the user, as the way they interact with your products and services will be different to the view of those within the organization who implement and provide those services.

    This method allows us to build an empathetic and customer-centric lens, granting the capability to uncover challenges and potential opportunities. Here, we may define new experiences or redesign existing ones.

    This image contains an example of how a school might use a value chain and customer journey map. the value streams listed include: Recruitment; Admission; Student Enrolment; Instruction& Research; Graduation; and Advancement. the Value chain for the Instruction and Research Value stream. The value chain includes: Research; Course Creation, Delivery, and assessment. The Customer journey map for curricula delivery includes: Understanding the needs of students; Construct the course material; Deliver course material; Conduct assessment and; Upload Grades into system

    A digital transformation is not just about customer journeys but also about building business resilience

    Pre-pandemic, a digital transformation was primarily focused around improving customer experiences. Today, we are facing a paradigm shift in the way in which we capture the priorities and strategies for a digital transformation.

    As the world grows increasingly uncertain, organizations need to continue to focus on improving customer experience while simultaneously protecting their enterprise value.

    Ultimately, a digital transformation has two purposes:

    1. The classical model – whereby there is a focus on improving digital experiences.
    2. Value protection or the reduction of enterprise risk by systematically identifying how the organization delivers value and digitally transforming it to protect future cashflows and improve the overall enterprise value.
    Old Paradigm New Paradigm
    Predictable regulatory changes with incremental impact Unpredictable regulatory changes with sweeping impact
    Reluctance to use digital collaboration Wide acceptance of digital collaboration
    Varied landscape of brick-and-mortar channels Last-mile consolidation
    Customers value brand Customers value convenience/speed of fulfilment
    Intensity of talent wars depends on geography Broadened battlefields for the war for talent
    Cloud-first strategies Cloud-only strategies
    Physical assets Aggressive asset decapitalization
    Digitalization of operational processes Robotization of operational processes
    Customer experience design as an ideation mechanism Business resilience for value protection and risk reduction

    Key deliverable:

    Digital Business Strategy Presentation Template

    A highly visual and compelling presentation template that enables easy customization and executive-facing content.

    three images are depicted, which contain slides from the Digital Business Strategy presentation template, which will be available in 2022.

    *Coming in 2022

    Blueprint deliverables

    The Digital Business Strategy Workbook supports each step of this blueprint to help you accomplish your goals:

    Initiative Prioritization

    A screenshot from the Initiative Prioritization blueprint is depicted, no words are legible in the image.

    Use the weighted scorecard approach to evaluate and prioritize your opportunities and initiatives.

    Roadmap Gantt Chart

    A screenshot from the Roadmap Gantt Chart blueprint is depicted, no words are legible in the image.

    Populate your Gantt chart to visually represent your key initiative plan over the next 12 months.

    Journey Mapping Workbook

    A screenshot from the Journey Mapping Workbook blueprint is depicted, no words are legible in the image.

    Populate the journey maps to evaluate a user experience over its end-to-end journey.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 0 Phase 1 Phase 2 Phase 3 Phase 4
    Call #1:
    Discuss business context and customize your organization’s capability map.
    Call #2:
    Assess business ecosystem.
    Call #3:
    Perform horizon scanning and trends identification.
    Call #5:
    Identify stakeholder personas and scenarios.
    Call #7:
    Discuss initiative generation and inputs into roadmap.
    Call #3:
    Identify how your organization creates value.
    Call #4:
    Discuss value chain impact.
    Call #6:
    Complete journey mapping exercise.
    Call #8:
    Summarize results and plan next steps.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
    A typical GI is between 8 to 12 calls over the course of 2 to 4 months.

    Workshop Requirements

    Business Inputs

    Gather business strategy documents and find information on:

    • Business goals
    • Current transformation initiatives
    • Business capabilities to create or enhance
    • Identify top ten revenue and expense generators
    • Identify stakeholders

    Interview the following stakeholders to uncover business context information:

    • CEO
    • CIO

    Download the Business Context Discovery Tool

    Optional Diagnostic

    • Assess your digital maturity (Concierge Service)

    Visit Assess Your Digital Maturity

    Phase 1

    Identify top value chains to be transformed

    • Understand the business
    • Assess your business ecosystem
    • Identify two value chains for transformation

    This phase will walk you through the following activities:

    Understand how your organization delivers value today and identify value chains to be transformed.

    This phase involves the following participants:

    A cross-functional cohort across all levels of the organization.

    Outcomes

    • Business ecosystem
    • Existing value chains to be transformed

    Step 1.1

    Understand the business

    Activities

    • Review business documents.

    Identify top value chains to be transformed

    This step will walk you through the following activities:

    In this section you will gain an understanding of the business context for your strategy.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    Business Context

    Understand the business context

    Understanding the business context is a must for all strategic initiatives. A pre-requisite to all strategic planning should be to elicit the business context from your business stakeholders.

    Inputs Document(s)/ Method Outputs
    Key stakeholders Strategy Document Stakeholders that are actively involved in, affected by or influence outcome of the organization, e.g. employers, customers, vendors.
    Vision and mission of the organization Website Strategy Document What the organization wants to achieve and how it strives to accomplish those goals.
    Business drivers CEO Interview Inputs and activities that drive the operational and financial results of the organization.
    Key targets CEO Interview Quantitative benchmarks to support strategic goals, e.g. double the enterprise EBITD, improve top-of-mind brand awareness by 15%,
    Strategic investment goals CFO Interview
    Digital Strategy
    Financial investments corresponding with strategic objectives of the organization, e.g. geographic expansion, digital investments.
    Top three value-generating lines of business Financial Document Identification of your top three value-generating products and services or lines of business.
    Goals of the organization over the next 12 months Strategy Document
    Corporate Retreat Notes
    Strategic goals to support the vision, e.g. hire 100 new sales reps, improve product management and marketing.
    Top business initiatives over the next 12 months Strategy Document
    CEO Interview
    Internal campaigns to support strategic goals, e.g. invest in sales team development, expand the product innovation team.
    Business model Strategy Document Products or services that the organization plans to sell, the identified market and customer segments, price points, channels and anticipated expenses.
    Competitive landscape Internal Research Analysis Who your typical or atypical competitors are.

    1.1 Understand the business context

    Objective: Elicit the business context with a careful review of business and strategy documents.

    1. Gather the strategy creation team and review your business context documents. This includes business strategy documents, interview notes from executive stakeholders, and other sources for uncovering the business strategy.
    2. Brainstorm in smaller groups answers to the question you were assigned:
      • What are the strengths and weaknesses of the organization?
      • What are some areas of improvement or opportunity?
      • What does it mean to have a digital business strategy?
    3. Discuss the questions above with participants and document key findings. Share with the group and work through the balanced scorecard questions to complete this exercise.
    4. Document your findings.

    Assess your digital readiness with Info-Tech’s Digital Maturity Assessment

    Input

    • Business Strategy Documents
    • Executive Stakeholder Interviews

    Output

    • Business Context Information

    Materials

    • Collaboration/ Brainstorming Tool (whiteboard, flip chart, digital equivalent)

    Participants

    • Executive Team

    Step 1.2

    Assess your business ecosystem

    Activities

    • Identify disruptors and incumbents.

    Info-Tech Insight

    Your digital business strategy cannot be formulated without a clear vision of the evolution of your industry.

    Identify top value chains to be transformed

    This step will walk you through the following activities:

    In this section, we will assess who the incumbents and disruptors are in your ecosystem and identify who your stakeholders are.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    Business Ecosystem

    Assess your business ecosystem

    Understand the nature of your competition.

    Learn what your competitors are doing.

    To survive, grow, or transform in today's digital era, organizations must first have a strong pulse on their business ecosystem. Learning what your competitors are doing to grow their bottom line is key to identifying how to grow your own. Start by understanding who the key incumbents and disruptors in your industry are to identify where your industry is heading.

    Incumbents: These are established leaders in the industry that possess the largest market share. Incumbents often focus their attention to their most demanding or profitable customers and neglect the needs of those down market.

    Disruptors: Disruptors are primarily new entrants (typically startups) that possess the ability to displace the existing market, industry, or technology. Disruptors are often focused on smaller markets that the incumbents aren’t focused on. (Clayton Christenson, 1997)

    An image is shown demonstrating the relationship within an industry between incumbents, disruptors, and the organization. The incumbents are represented by two large purple circles. The disruptors are represented by 9 smaller blue circles, which represent smaller individual customer bases, but overall account for a larger portion of the industry.

    ’Disruption’ specifically refers to what happens when the incumbents are so focused on pleasing their most profitable customers that they neglect or misjudge the needs of their other segments.– Ilan Mochari, Inc., 2015

    Example Business Ecosystem Analysis

    Business Target Market & Customer Product/Service & Key Features Key Differentiators Market Positioning
    University XYZ
    • Local Students
    • Continuous Learner
    • Certificate programs
    • Associate degrees
    • Strong engineering department with access to high-quality labs
    • Strong community impact
    Affordable education with low tuition cost and access to bursaries & scholarships.
    University CDE University CDE
    • Local students
    • International students
    • Continuous learning students
    • Continuous learning offerings (weekend classes)
    • Strong engineering program
    • Strong continuous learning programs
    Outcome focused university with strong co-ops/internship programs and career placements for graduates
    University MNG
    • Local students
    • Non degree, freshman and continuous learning adults
    • Associate degrees
    • Certificate programs (IT programs)
    • Dual credit program
    • More locations/campuses
    • Greater physical presence
    • High web presence
    Nurturing university with small student population and classroom sizes. University attractive to adult learners.
    Disruptors Online Learning Company EFG
    • Full-time employees & executives– (online presence important)
    • Shorter courses
    • Full-time employees & executives– (online presence important)
    Competitive pricing with an open acceptance policy
    University JKL Online Credential Program
    • High school
    • University students
    • Adult learners
    • Micro credentials
    • Ability to acquire specific skills
    Borderless and free (or low cost) education

    1.2 Understand your business ecosystem

    Objective: Identify the incumbents and disruptors in your business ecosystem.

    1. Identify the key incumbents and disruptors in your business ecosystem.
      • Incumbents: These are established leaders in the industry that possess the largest market share.
      • Disruptors: Disruptors are primarily new entrants (startups) that possess the ability to displace the existing market, industry, or technology.
    2. Identify target market and key customers. Who are the primary beneficiaries of your products or service offerings? Your key customers are those who keep you in business, increase profits, and are impacted by your operations.
    3. Identify what their core products or services are. Assess what core problem their products solve for key customers and what key features of their solution support this.
    4. Assess what the competitors' key differentiators are. There are many differentiators that an organization can have, examples include product, brand, price, service, or channel.
    5. Identify what the organization’s value proposition is. Why do customers come to them specifically? Leverage insights from the key differentiators to derive this.
    6. Finally, assess how your organization derives value relative to your competitors.

    Input

    • Market Assessment

    Output

    • Key Incumbents and Disruptors

    Materials

    • Collaboration/ Brainstorming Tool (whiteboard, flip chart, digital equivalent)

    Participants

    • Executive Team

    Step 1.3

    Value-chain prioritization

    Activities

    • Identify and prioritize value chains for innovation.

    Identify top value chains to be transformed

    This step will walk you through the following activities:

    Identify and prioritize how your organization currently delivers value today and identify value chains to be transformed.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    Prioritized Value Chains

    Determine what value the organization creates

    Identify areas for innovation.

    Value streams and value chains connect business goals to the organization’s value realization activities. They enable an organization to create and capture value in the market place by engaging in a set of interconnected activities. Those activities are dependent on the specific industry segment an organization operates within.

    Different types of value your organization creates

    This an example of a value chain which a school would use to analyze how their organization creates value. The value streams listed include: Recruitment; Admission; Student Enrolment; Instruction& Research; Graduation; and Advancement. the Value chain for the Student enrolment stream is displayed. The value chain includes: Matriculation; Enrolment into a Program and; Unit enrolment.

    Value Streams

    A value stream refers to the specific set of activities an industry player undertakes to create and capture value for and from the end consumer.

    Value Chains

    A value chain is a ”string” of processes within a company that interrelate and work together to meet market demand. Examining the value chain of a company will reveal how it achieves competitive advantage.

    Visit Info-Tech’s Industry Coverage Research to identify value streams

    Begin with understanding your industry’s value streams

    Value Streams

    Recruitment

    • The promotion of the institution and the communication with prospective students is accommodated by the recruitment component.
    • Prospective students are categorized as domestic and international, undergraduate and graduate. Each having distinct processes.

    Admission

    • Admission into the university involves processes distinct from recruitment. Student applications are processed and evaluated and the students are informed of the decision.
    • This component is also concerned with transfer students and the approval of transfer credits.

    Student Enrolment

    • Student enrolment is concerned with matriculation when the student first enters the institution, and subsequent enrolment and scheduling of current students.
    • The component is also concerned with financial aid and the ownership of student records.

    Instruction & Research

    • Instruction involves program development, instructional delivery and assessment, and the accreditation of courses of study.
    • The research component begins with establishing policy and degree fundamentals and concerns the research through to publication and impact assessment.

    Graduation

    • Graduation is not only responsible for the ceremony but also the eligibility of the candidate for an award and the subsequent maintenance of transcripts.

    Advancement

    • Alumni relations are the first responsibility of advancement. This involves the continual engagement with former students.
    • Fundraising is the second responsibility. This includes the solicitation and stewardship of gifts from alumni and other benefactors.

    Value stream defined…

    Value streams connect business goals to the organization’s value realization activities in the marketplace. Those activities are dependent on the specific industry segment in which an organization operates.

    There are two types of value streams: core value streams and support value streams.

    • Core value streams are mostly externally facing. They deliver value to either an external or internal customer and they tie to the customer perspective of the strategy map.
    • Support value streams are internally facing and provide the foundational support for an organization to operate.

    An effective method for ensuring all value streams have been considered is to understand that there can be different end-value receivers.

    Leverage your industry’s capability maps to identify value chains

    Business Capability Map Defined

    A business capability defines what a business does to enable value creation, rather than how. Business capabilities:

    • Represent stable business functions.
    • Are unique and independent of each other.
    • Typically, will have a defined business outcome.

    A capability map is a great starting point to identify value chains within an organization as it is a strong indicator of the processes involved to deliver on the value streams.

    this image contains an example of a business capability map using the value streams identified earlier in this blueprint.

    Info-Tech Insight

    Leverage your industry reference architecture to define value streams and value chains.

    Visit Info-Tech’s Industry Coverage Research to identify value streams

    Prioritize value streams to be supported or enhanced

    Use an evaluation criteria that considers both the human and business value generators that these streams provide.

    two identical value streams are depicted. The right most value stream has Student Enrolment and Instruction Research highlighted in green. between the two streams, are two boxes. In these boxes is the following: Business Value: Profit; Enterprise Value; Brand value. Human Value: Faculty satisfaction; Student satisfaction; Community impact.

    Info-Tech Insight

    To produce maximum impact, focus on value streams that provide two-thirds of your enterprise value.

    Business Value

    Assess the value generators to the business, e.g. revenue dollars, enterprise value, cost or differentiation (competitiveness), etc.

    Human Value

    Assess the value generators to people, e.g. student/faculty satisfaction, well-being, and social cohesion.

    Identify value chains for transformation

    Value chains, pioneered by the academic Michael Porter, refer to the ”string” of processes within a company that interrelate and work together to meet market demand. An organization’s value chain is connected to the larger part of the value stream. This perspective of how value is generated encourages leaders to see each activity as a part of a series of steps required deliver value within the value stream and opens avenues to identify new opportunities for value generation.

    this image depicts two sample value chains for the value streams: student enrolment and Instruction & Research. Each value chain has a stakeholder associated with it. This is the primary stakeholder that seeks to gain value from that value chain.

    Prioritize value chains for transformation

    Once we have identified the key value chains within each value stream element, evaluate the individual processes within the value chain to identify opportunities for transformation. Evaluate the value chain processes based on the level of pain experienced by a stakeholder to accomplish that task, and the financial impact that level of the process has on the organization.

    this image depicts the same value chains as the image above, with a legend showing which steps have a financial impact, which steps have a high degree of risk, and which steps are prioritized for transformation. Matriculation and publishing are shown to have a financial impact. Research foundation is shown to have a high degree of risk, and enrollment into a program and conducting research are prioritized for transformation.

    1.3 Value chain analysis

    Objective: Determine how the organization creates value, and prioritize value chains for innovation.

    1. The first step of delivering value is defining how it will happen. Use the organization’s industry segment to start a discussion on how value is created for customers. Working back from the moment value is realized by the customer, consider the sequential steps required to deliver value in your industry segment.
    2. Define and validate the organization’s value stream. Write a short description of the value stream that includes a statement about the value provided and a clear start and end for the value stream.
    3. Prioritize the value streams based on an evaluation criteria that reflects business and human value generators to the organization.
    4. Identify value chains that are associated with each value stream. The value chains refer to a string of processes within the value stream element. Each value chain also captures a particular stakeholder that benefits from the value chain.
    5. Once we have identified the key value chains within each value stream element, evaluate the individual processes within the value chain and identify areas for transformation. Evaluate the value chain processes based on the level of pain or exposure to risk experienced by a stakeholder to accomplish that task and the financial impact that level of the process has on the organization.

    Visit Info-Tech’s Industry Coverage Research to identify value streams and capability maps

    Input

    • Market Assessment

    Output

    • Key Incumbents and Disruptors

    Materials

    • Collaboration/ Brainstorming Tool (whiteboard, flip chart, digital equivalent)

    Participants

    • Executive Team

    Phase 2

    Identify a digitally enabled growth opportunity

    • Conduct horizon scan
    • Identify leapfrog idea
    • Conduct value chain impact analysis

    This phase will walk you through the following activities:

    Assess trends that are impacting your industry and identify strategic growth opportunities.

    This phase involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes

    Identify new growth opportunities and value chains impacted

    Phase 2.1

    Horizon scanning

    Activities

    • Scan the internal and external environment for trends.

    Info-Tech Insight

    Systematically scan your environment to identify avenues or opportunities to skip one or several stages of technological development and stay ahead of disruption.

    Identify a digitally enabled growth opportunity

    This step will walk you through the following activities:

    Scan the environment for external environment for megatrends, trends, and drivers. Prioritize trends and build a trends radar to keep track of trends within your environment.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    Growth opportunity

    Horizon scanning

    Understand how your industry is evolving.

    Horizon scanning is a systematic analysis of detecting early signs of future changes or threats.

    Horizon scanning involves scanning, analyzing, and communicating changes in an organization’s environment to prepare for potential threats and opportunities. Much of what we know about the future is based around the interactions and trajectory of macro trends, trends, and drivers. These form the foundations for future intelligence.

    Macro Trends

    A macro trend captures a large-scale transformative trend that could impact your addressable market.

    Trends

    A trend captures a business use case of the macro trend. Consider trends in relation to competitors in your industry.

    Drivers

    A driver is an underlying force causing the trend to occur. There can be multiple causal forces, or drivers, that influence a trend, and multiple trends can be influenced by the same causal force.

    Identify signals of change in the present and their potential future impacts.

    Identifying macro trends

    A macro trend captures a large-scale transformative trend that could change the addressable market. Here are some examples of macro trends to consider when horizon scanning for your own organization:

    Talent Availability

    • Decentralized workforce
    • Hybrid workforce
    • Diverse workforce
    • Skills gap
    • Digital workforce
    • Multigenerational workforce

    Customer Expectations

    • Personalization
    • Digital experience
    • Data ownership
    • Transparency
    • Accessibility

    Technological Landscape

    • AI & robotics
    • Virtual world
    • Ubiquitous connectivity,
    • Genomics
    • Materials (smart, nano, bio)

    Regulatory System

    • Market control
    • Economic shifts
    • Digital regulation
    • Consumer protection
    • Global green

    Supply Chain Continuity

    • Resource scarcity
    • Sustainability
    • Supply chain digitization
    • Circular supply chains
    • Agility

    Identifying trends and drivers

    A trend captures a business use case of a macro trend. Assessing trends can reduce some uncertainties about the future and highlight potential opportunities for your organization. A driver captures the internal or external forces that lead the trend to occur. Understanding and capturing drivers is important to understanding why these trends are occurring and the potential impacts to your value chains.

    This image contains a flow chart, demonstrating the relationship between Macro trends, Trends, and Drivers. in this example, the macro trend is Accessibility. The Trends, or patterns of change, are an increase in demands for micro-credentials, and Preference for eLearning. The Drivers, or the why, are addressing skill gaps for increase in demand for micro-credentials, and Accommodating adult/working learners- for Preference for eLearning.

    Leverage industry roundtables and trend reports to understand the art of the possible

    Uncover important business and industry trends that can inform possibilities for technology innovation.

    Explore trends in areas such as:

    • Machine Learning
    • Citizen Dev 2.0
    • Venture Architecture
    • Autonomous Organizations
    • Self-Sovereign Cloud
    • Digital Sustainability

    Market research is critical in identifying factors external to your organization and identifying technology innovation that will provide a competitive edge. It’s important to evaluate the impact each trend or opportunity will have in your organization and market.

    Visit Info-Tech’s Trends & Priorities Research Center

    Visit Info-Tech’s Industry Coverage Research to identify your industry’s value streams

    this image contains three screenshots from Rethinking Higher Education Report and 2021 Tech Trends Report

    Images are from Info-Tech’s Rethinking Higher Education Report and 2021 Tech Trends Report

    Example horizon scanning activity

    Macro Trends Trends Drivers
    Talent Availability Diversity Inclusive campus culture Systemic inequities
    Hybrid workforce Online learning staff COVID-19 and access to physical institutions
    Customer Expectations Digital experience eLearning for working learners Accommodate adult learners
    Accessibility Micro-credentials for non-traditional students Addressing skills gap
    Technological Landscape Artificial intelligence and robotics AI for personalized learning Hyper personalization
    IoT IoT for monitoring equipment Asset tracking
    Augmented reality Immersive education AR and VR Personalized experiences
    Regulatory System Regulatory System Alternative funding for research Changes in federal funding
    Global Green Environmental and sustainability education curricula Regulatory and policy changes
    Supply Chain Continuity Circular supply chains Vendors recycling outdated technology Sustainability
    Cloud-based solutions Cloud-based eLearning software Convenience and accessibility

    Visit Info-Tech’s Industry Coverage Research to identify your industry’s value streams

    Prioritize trends

    Develop a cross-industry holistic view of trends.

    Visualize emerging and prioritize action.

    Moving from horizon scanning to action requires an evaluation process to determine which trends can lead to growth opportunities. First, we need to make a short list of trends to analyze. For your digital strategy, consider trends on the time horizon that are under 24 months. Next, we need to evaluate the shortlisted opportunities by a second set of criteria: relevance to your organization and impact on industry.

    Timing

    The estimated time to disruption this trend will have for your industry. Assess whether the trend will require significant developments to support its entry into the ecosystem.

    Relevance

    The relevance of the trend to your organization. Does the trend fulfil the vision or goals of the organization?

    Impact

    The degree of impact the trend will have on your industry. A trend with high impact will drive new business models, products, or services.

    Prioritize trends to adopt into your organization

    Prioritize trends based on timing, impact, and relevance.

    Trend Timing
    (S/M/L)
    Impact
    (1-5)
    Relevance
    ( 1-5)
    1. Micro-credentialing S 5 5
    2. IoT-connected devices for personalized experience S 1 3
    3. International partnerships with educational institutions M
    4. Use of chatbots throughout enrollment process L
    5. IoT for energy management of campus facilities L
    6. Gamification of digital course content M
    7. Flexible learning curricula S 4 3
    Deprioritize trends
    that have a time frame
    to disruption of more
    than 24 months.
    this image contains a graph demonstrating the relationship between relevance (x axis) and Impact (Y axis).

    2.1 Scanning the horizon

    Objective: Generate trends

    60 minutes

    • Start by selecting macro trends that are occurring in your environment using the five categories. These are the large-scale transformative trends that impact your addressable market. Macro trends have three key characteristics:
      • They span over a long period of time.
      • They impact all geographic regions.
      • They impact governments, individuals, and organizations.
    • Begin to break down these macro trends into trends. Trends should reflect the direction of a macro trend and capture the pattern in events. Consider trends that directly impact your organization.
    • Understand the drivers behind these trends. Why are they occurring? What is driving them? Understanding the drivers helps us understand the value they may generate.
    • Deprioritize trends that are expected to happen beyond 24 months.
    • Prioritize trends that have a high impact and relevance to the organization.
    • If you identify more than one trend, discuss with the group which trend you would like to pursue and limit it to one opportunity.

    Input

    • Macro Trends
    • Trends

    Output

    • Trends Prioritization

    Materials

    • Digital Strategy Workbook

    Participants

    • Executive Team

    Step 2.2

    Leapfrogging ideation

    Activities

    • Identify leapfrog ideas.
    • Identify impact to value chain.

    Info-Tech Insight

    A systematic approach to leapfrog ideation is one of the most critical ways in which an organization can build the capacity for resilient innovation.

    This step will walk you through the following activities:

    Evaluate trend opportunities and determine the strategic opportunities they pose. You will also work towards identifying the impact the trend has on your value chain.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    • Strategic growth opportunities
    • Value chain impact

    Leapfrog into the future

    Turn trends into growth opportunities.

    To thrive in the digital age, organizations must innovate big, leverage internal creativity, and prepare for flexibility.

    In this digital era, organizations are often playing catch up to a rapidly evolving technological landscape and following a strict linear approach to innovation. However, this linear catch-up approach does not help companies get ahead of competitors. Instead, organizations must identify avenues to skip one or several stages of technological development to leapfrog ahead of their competitors.

    The best way to predict the future is to invent it. – Alan Kay

    Leapfrogging takes place when an organization introduces disruptive innovation into the market and sidesteps competitors who are unable to mobilize to respond to the opportunities.

    Case Study

    Classroom of the Future

    Higher Education: Barco’s Virtual Classroom at UCL

    University College London (UCL), in the United Kingdom, selected Barco weConnect virtual classroom technology for its continuing professional development medical education offering. UCL uses the platform for synchronous teaching, where remote students can interact with a lecturer.

    One of the main advantages of the system is that it enables direct interaction with students through polls, questions, and whiteboarding. The system also allows you to track student engagement in real time.

    The system has also been leveraged for scientific research and publications. In their “Delphi” process, key opinion leaders were able to collaborate in an effective way to reach consensus on a subject matter. The processes that normally takes months were successfully completed in 48 hours (McCann, 2020).

    Results

    The system has been largely successful and has supported remote, real-time teaching, two-way engagement, engagement with international staff, and an overall enriched teaching experience.

    Funnel trends into leapfrog ideas

    Go from trend insights into ideas.

    Brainstorm ways of generating leapfrog ideas from trend insights.

    Dealing with trends is one of the most important tasks for innovation. It provides the basis of developing the future orientation of the organization. However, being aware of a trend is one thing, to develop strategies for response is another.

    To identify the impact the trend has on the organization, consider the four areas of growth strategies for the organization:

    1. New Customers: Leverage the trend to target new customers for existing products or services.
    2. New Business Models: Adjust the business model to capture a change in how the organization delivers value.
    3. New Markets: Enter or create new markets by applying existing products or services to different problems.
    4. New Product or Service Offerings: Introduce new products or services to the existing market.
    A funnel shaped image is depicted. At the top, at the entrance of the funnel, is the word Trend. At the bottom of the image, at the output of the funnel, is the word Opportunity.

    From trend to leapfrog ideas

    Trend New Customer New Market New Business Model New Product or Service
    What trends pose a high-immediate impact to the organization? Target new customers for existing products or services Enter or create new markets by applying existing products or services to different problems Adjust the business model to capture a change in how the organization delivers value Introduce new products or services to the existing market
    Micro-credentials for non-traditional students Target non-traditional learners/students - Online delivery Introduce mini MBA program

    2.2 Identify and prioritize opportunities

    60 minutes

    1. Gather the prioritized trend identified in the horizon scanning exercise (the trend identified to be “adopted” within the organization).
    2. Analyze each trend identified and assess whether the trend provides an opportunity for a new customers, new markets, new business models, or new products and services.

    Input

    • “Adopt” Trends

    Output

    • Trends to pursue
    • Breakdown of strategic opportunities that the trends pose

    Materials

    • Collaboration/ Brainstorming Tool (whiteboard, flip chart, digital equivalent)

    Participants

    • Executive Team

    Step 2.3

    Value chain impact

    Activities

    • Identify impact to value chain.

    This step will walk you through the following activities:

    Evaluate trend opportunities and determine the strategic opportunities they pose. Prioritize the opportunities and identify impact to your value chain.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    • Strategic growth opportunities

    Value chain analysis

    Identify implications of strategic growth opportunities to the value chains.

    As we identify and prioritize the opportunities available to us, we need to assess their impacts on value chains. Does the opportunity directly impact an existing value chain? Or does it open us to the creation of a new value chain?

    The value chain perspective allows an organization to identify how to best minimize or enhance impacts and generate value.
    As we move from opportunity to impact, it is important to break down opportunities into the relevant pieces so we can see a holistic picture of the sources of differentiation.

    this image depicts the value chain for the value stream, student enrolment.

    2.3 Value chain impact

    Objective: Identify impacts to the value chain from the opportunities identified.
    60 minutes

    1. Once you have identified the opportunity, turn back to the value stream, and with the working group, identify the value stream impacted most by the opportunity. Leverage the human impact/business impact criteria to support the identification of the value stream to be impacted.
    2. Within the value stream, brainstorm what parts of the value chain will be impacted by the new opportunity. Or ask whether this new opportunity provides you with a new value chain to be created.
    3. If this opportunity will require a new value chain, identify what set of new processes or steps will be created to support this new entrant.
    4. Identify any critical value chains that will be impacted by the new opportunity. What areas of the value chain pose the greatest risk? And where can we estimate the financial revenue will be impacted the most?

    Input

    • Opportunity

    Output

    • Value chains impacted

    Materials

    • Collaboration/ Brainstorming Tool (whiteboard, flip chart, digital equivalent)

    Participants

    • Executive Team

    Phase 3

    Transform stakeholder journeys

    • Identify stakeholder personas and scenarios
    • Conduct journey map
    • Identify projects

    This phase will walk you through the following activities:

    Take the prioritized value chains and create a journey map to capture the end-to-end experience of a stakeholder.

    Through a journey mapping exercise, you will identify opportunities to digitize parts of the journey. These opportunities will be broken down into functional initiatives to tackle in your strategy.

    This phase involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes

    1. Stakeholder persona
    2. Stakeholder scenario
    3. Stakeholder journey map
    4. Opportunities

    Step 3.1

    Identify stakeholder persona and journey scenario

    Activities

    • Identify stakeholder persona.
    • Identify stakeholder journey scenario.

    Transform stakeholder journeys

    This step will walk you through the following activities:

    In this step, you with identify stakeholder personas and scenarios relating to the prioritized value chains.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    • A taxonomy of critical stakeholder journeys.

    Identify stakeholder persona and journey scenario

    From value chain to journey scenario.

    Stakeholder personas and scenarios help us build empathy towards our customers. It helps put us into the shoes of a stakeholder and relate to their experience to solve problems or understand how they experience the steps or processes required to accomplish a goal. A user persona is a valuable basis for stakeholder journey mapping.

    A stakeholder scenario describes the situation the journey map addresses. Scenarios can be real (for existing products and services) or anticipated.

    A stakeholder persona is a fictitious profile to represent a customer or a user segment. Creating this persona helps us understand who your customers really are and why they are using your service or product.

    Learn more about applying design thinking methodologies

    Identify stakeholder scenarios to map

    For your digital strategy, leverage the existing and opportunity value chains identified in phase 1 and 2 for journey mapping.

    Identify two existing value chains to be transformed.
    In section 1, we identified existing value chains to be transformed. For example, your stakeholder persona is a member of the faculty (engineering), and the scenario is the curricula design process.
    this image contains the value chains for instruction (engineering) and enrolment of engineering student. the instruction(engineering) value chain includes curricula research, curricula design, curricula delivery, and Assessment for the faculty-instructor. The enrolment of engineering student value chain includes matriculation, enrolment into a program, and unit enrolment for the student. In the instruction(engineering) value chain, curricula design is highlighted in blue. In the enrolment of engineering student value chain, Enrolment into a program is highlighted.
    Identify one new value chain.
    In section 2, we identified a new value chain. However, for a new opportunity, the scenario is more complex as it may capture many different areas of a value chain. Subsequently, a journey map for a new opportunity may require mapping all parts of the value chain.
    this image contains an example of a value chain for micro-credentialing (mini online MBA)

    Identify stakeholder persona

    Who are you transforming for?

    To define a stakeholder scenario, we need to understand who we are mapping for. In each value chain, we identified a stakeholder who gains value from that value chain. We now need to develop a stakeholder persona: a representation of the end user to gain a strong understanding of who they are, what they need, and their pains and gains.

    One of the best ways to flesh out your stakeholder persona is to engage with the stakeholders directly or to gather the input of those who may engage with them within the organization.

    For example, if we want to define a journey map for a student, we might want to gather the input of students or teaching faculty that have firsthand encounters with different student types and are able to define a common student type.

    Info-Tech Insight

    Run a survey to understand your end users and develop a stronger picture of who they are and what they are seeking to gain from your organization.

    Example Stakeholder Persona

    Name: Anne
    Age: 35
    Occupation: Engineering Faculty
    Location: Toronto, Canada

    Pains

    What are their frustrations, fears, and anxieties?

    • Time restraints
    • Using new digital tools
    • Managing a class while incorporating individual learning
    • Varying levels within the same class
    • Unmotivated students

    What do they need to do?

    What do they want to get done? How will they know they are successful?

    • Design curricula in a hybrid mode without loss of quality of experience of in-classroom learning.

    Gains

    What are their wants, needs, hopes, and dreams?

    • Interactive content for students
    • Curriculum alignment
    • Ability to run a classroom lab (in hybrid format)
    • Self-paced and self-directed learning opportunities for students

    (Adapted from Osterwalder, et al., 2014)

    Define a journey statement for mapping

    Now that we understand who we are mapping for, we need to define a journey statement to capture the stakeholder journey.
    Leverage the following format to define the journey statement.
    As a [stakeholder], I need to [prioritized value chain task], so that I can [desired result or overall goal].

    this image contains the instruction(engineering) value chain shown above. next to it is a stakeholder journey statement, which states: As an engineering faculty member, I want to design my curricula in a hybrid mode of delivery so that I can simulate in-classroom experiences.

    3.1 Identify stakeholder persona and journey scenario

    Objective: Identify stakeholder persona and journey scenario statement for journey mapping exercise.

    1. Start by identifying who your stakeholder is. Give your stakeholder a demographic profile – capture a typical stakeholder for this value chain.
    2. Identify what the gains and pains are during this value chain and what the stakeholder is seeking to accomplish.
    3. Looking at the value chain, create a statement that captures the goals and needs of the stakeholder. Use the following format to create a statement:
      As a [stakeholder], I need to [prioritized value chain task], so that I can [desired result or overall goal].

    Input

    • Prioritized Value Chains (existing and opportunity)

    Output

    • Stakeholder Persona
    • Stakeholder Journey Statement

    Materials

    • Collaboration/ Brainstorming Tool (whiteboard, flip chart, digital equivalent)
    • Stakeholder Persona Canvas

    Participants

    • Executive Team
    • Stakeholders (if possible)
    • Individual who works directly with stakeholders

    Step 3.2

    Map stakeholder journeys

    Activities

    • Map stakeholder journeys.

    Transform stakeholder journeys

    This step will walk you through the following activities:

    Prioritize the journeys by focusing on what matters most to the stakeholders and estimating the organizational effort to improve those experiences.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    • Candidate journeys identified for redesign or build.

    Leverage customer journey mapping to capture value chains to be transformed

    Conduct a journey mapping exercise to identify opportunities for innovation or automation.

    A journey-based approach helps an organization understand how a stakeholder moves through a process and interacts with the organization in the form of touch points, channels, and supporting characters. By identifying pain points in the journey and the activity types, we can identify opportunities for innovation and automation along the journey.

    Embrace design thinking methodologies to elevate the stakeholder journey and to build a competitive advantage for your organization.

    this image contains an example of the result of a journey mapping exercise. the main headings are Awareness, Consideration, Acquisition, Service and, Loyalty.

    Internal vs. external stakeholder perspective

    In journey mapping, we always start with the stakeholder's perspective, then eventually transition into what the organization does business-wise to deliver value to each stakeholder. It is important to keep in mind both perspectives while conducting a journey mapping exercise as there are often different roles, processes, and technologies associated with each of the journey steps.

    Stakeholder Journey
    (External Perspective)

    • Awareness
    • Consideration
    • Selecting
    • Negotiating
    • Approving

    Business Processes
    (Internal Perspective)

    • Preparation
    • Prospecting
    • Presentation
    • Closing
    • Follow-Up

    Info-Tech Insight

    Take the perspective of an end user, who interacts with your products and services, as it is different from the view of those inside the organization, who implement and provide those services.

    Build a stakeholder journey map

    A stakeholder journey map is a tool used to illustrate the user’s perceptions, emotions, and needs as they move through a process and interact with the organization in the form of touch points, channels, and supporting characters.

    this image depicts an example of a stakeholder journey map, the headings in the map are: Journey Activity; Touch Points; Metrics; Nature of Activity; Key Moments & Pain Points; Opportunities

    Stakeholder Journey Map: Journey Activity

    The journey activity refers to the steps taken to accomplish a goal.

    The journey activity comprises the steps or sequence of tasks the stakeholder takes to accomplish their goal. These steps reflect the high-level process your candidates perform to complete a task or solve a problem.

    Stakeholder Journey Map: Touch Points

    Touch points are the points of interaction between a stakeholder and the organization.

    A touch point refers to any time a stakeholder interacts with your organization or brand. Consider three main points of interaction with the customer in the journey:

    • Before: How did they find out about you? How did they first contact you to start this journey? What channels or mediums were used?
      • Social media
      • Rating & reviews
      • Word of mouth
      • Advertising
    • During: How was the sale or service accomplished?
      • Website
      • Catalog
      • Promotions
      • Point of sale
      • Phone system
    • After: What happened after the sale or service?
      • Billing
      • Transactional emails
      • Marketing emails
      • Follow-ups
      • Thank-you emails

    Stakeholder Journey Map: Nature of Activity

    The nature of activity refers to the type of task the journey activity captures.

    We categorize the activity type to identify opportunities for automation. There are four main types of task types, which in combination (as seen in the table below) capture a task or job to be automated.

    Routine Non-Routine
    Cognitive Routine Cognitive: repeatable tasks that rely on knowledge work, e.g. sales, administration
    Prioritize for automation (2)
    Non-Routine Cognitive: infrequent tasks that rely on knowledge work, e.g. driving, fraud detection
    Prioritize for automation (3)
    Non-Routine Cognitive: infrequent tasks that rely on knowledge work, e.g. driving, fraud detection Prioritize for automation (3) Routine Manual: repeatable tasks that rely on physical work, e.g. manufacturing, production
    Prioritize for automation (1)
    Non-Routine Manual: infrequent tasks that rely on physical work, e.g. food preparation
    Not mature for automation

    Info-Tech Insight

    Where automation makes sense, routine manual activities should be transformed first, followed by routine cognitive activities. Non-routine cognitive activities are the final frontier.

    Stakeholder Journey Map: Metrics

    Metrics are a quantifiable measurement of a process, activity, or initiative.

    Metrics are crucial to justify expenses and to estimate growth for capacity planning and resourcing. There are multiple benefits to identifying and implementing metrics in a journey map:

    • Metrics provide accurate indicators for accurate IT and business decisions.
    • Metrics help you identify stakeholder touch point efficiencies and problems and solve issues before they become more serious.
    • Active metrics tracking makes root cause analysis of issues much easier.

    Example of journey mapping metrics: Cost, effort, turnaround time, throughput, net promoter score (NPS), satisfaction score

    Stakeholder Journey Map: Key Moments & Pain Points

    Key moments and pain points refer to the emotional status of a stakeholder at each stake of the customer journey.

    The key moments are defining pieces or periods in a stakeholder's experience that create a critical turning point or memory.

    The pain points are the critical problems that the stakeholder is facing during the journey or business continuity risks. Prioritize identifying pain points around key moments.

    Info-Tech Insight

    To identify key moments, look for moments that can dramatically influence the quality of the journey or end the journey prematurely. To improve the experience, analyze the hidden needs and how they are or aren’t being met.

    Stakeholder Journey Map: Opportunities

    An opportunity is an investment into people, process, or technology for the purposes of building or improving a business capability and accomplishing a specific organizational objective.

    An opportunity refers to the initiatives or projects that should address a stakeholder pain. Opportunities should also produce a demonstrable financial impact – whether direct (e.g. cost reduction) or indirect (e.g. risk mitigation) – and be evaluated based on how technically difficult it will be to implement.

    Customer

    Create new or different experiences for customers

    Workforce

    Generate new organizational skills or new ways of working

    Operations

    Improve responsiveness and resilience of operations

    Innovation

    Develop different products or services

    Example of stakeholder journey output: Higher Education

    Stakeholder: A faculty member
    Journey: As an engineering faculty member, I want to design my curricula in a hybrid mode of delivery so that I can simulate in-classroom experiences

    Journey activity Understanding the needs of students Construct the course material Deliver course material Conduct assessments Upload grades into system
    Touch Points
    • Research (primary or secondary)
    • Teaching and learning center
    • Training on tools
    • Office suite
    • Video tools
    • PowerPoint live
    • Chat (live)
    • Forum (FAQ
    • Online assessment tool
    • ERP
    • LMS
    Nature of Activity Non-routine cognitive Non-routine cognitive Non-routine cognitive Routine cognitive Routine Manual
    Metrics
    • Time to completion
    • Time to completion
    • Student satisfaction
    • Student satisfaction
    • Student scores
    Ken Moments & Pain Points Lack of centralized repository for research knowledge
    • Too many tools to use
    • Lack of Wi-Fi connectivity for students
    • Loss of social aspects
    • Adjusting to new forms of assessments
    No existing critical pain points; process already automated
    Opportunities
    • Centralized repository for research knowledge
    • Rationalize course creation tool set
    • Connectivity self-assessment/checklist
    • Forums for students
    • Implement an online proctoring tool

    3.2 Stakeholder journey mapping

    Objective: Conduct journey mapping exercise for existing value chains and for opportunities.

    1. Gather the working group and, with the journey mapping workbook, begin to map out the journey scenario statements identified in the value chain analysis. In total, there should be three journey maps:
      • Two for the existing value chains. Map out the specific point in the value chain that is to be transformed.
      • One for the opportunity value chain. Map out all parts of the value chain to be impacted by the new opportunity.
    2. Start with the journey activity and map out the steps involved to accomplish the goal of the stakeholder.
    3. Identify the touch points involved in the value chain.
    4. Categorize the nature of the activity in the journey activity.
    5. Identify metrics for the journey. How can we measure the success of the journey?
    6. Identify pain points and opportunities in parallel with one another.

    Input

    • Value Chain Analysis
    • Stakeholder Personas
    • Journey Mapping Scenario

    Output

    • Journey Map

    Materials

    • Digital Strategy Workbook, Stakeholder Journey tab

    Participants

    • Executives
    • Individuals in the organization that have a direct interaction with the stakeholders

    Info-Tech Insight

    Aim to build out 90% of the stakeholder journey map with the working team; validate the last 10% with the stakeholder themselves.

    Step 3.3

    Prioritize opportunities

    Activities

    • Prioritize opportunities.

    Transform stakeholder journeys

    This step will walk you through the following activities:

    Prioritize the opportunities that arose from the stakeholder journey mapping exercise.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    Prioritized opportunities

    Prioritization of opportunities

    Leverage design-thinking methods to prioritize opportunities.

    As there may be many opportunities arising from the journey map, we need to prioritize ideas to identify which ones we can tackle first – or at all. Leverage IDEO’s design-thinking “three lenses of innovation” to support prioritization:

    • Feasibility: Do you currently have the capabilities to deliver on this opportunity? Do we have the right partners, resources, or technology?
    • Desirability: Is this a solution the stakeholder needs? Does it solve a known pain point?
    • Viability: Does this initiative have an impact on the financial revenue of the organization? Is it a profitable solution that will support the business model? Will this opportunity require a complex cost structure?
    Opportunities Feasibility
    (L/M/H)
    Desirability
    (L/M/H)
    Viability
    (L/M/H)
    Centralized repository for research knowledge H H H
    Rationalize course creation tool set H H H
    Connectivity self-assessment/ checklist H M H
    Forums for students M H H
    Exam preparation (e.g. education or practice exams) H H H

    3.3 Prioritization of opportunities

    Objective: Prioritize opportunities for creating a roadmap.

    1. Gather the opportunities identified in the journey mapping exercise
    2. Assess the opportunities based on IDEO’s three lenses of innovation:
      • Feasibility: Do you currently have the capabilities to deliver on this opportunity? Do we have the right partners, resources, or technology?
      • Viability: Does this initiative have an impact on the financial revenue of the organization? Is it a profitable solution that will support the business model? Will this opportunity require a complex cost structure?
      • Desirability: Is this a solution the stakeholder needs? Does it solve a known pain point?
    3. Opportunities that score high in all three areas are prioritized for the roadmap.

    Input

    • Opportunities From Journey Map

    Output

    • Prioritized Opportunities

    Materials

    • Digital Strategy Workbook

    Participants

    • Executives

    Step 3.4

    Define digital goals

    Activities

    Transform stakeholder journeys

    This step will walk you through the following activities:

    Define a digital goal as it relates to the prioritized opportunities and the stakeholder journey map.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    Digital goals

    Define digital goals

    What digital goals can be derived from the stakeholder journey?

    With the prioritized set of opportunities for each stakeholder journey, take a step back and assess what the sum of these opportunities mean for the journey. What is the overall goal or objective of these opportunities? How do these opportunities change or facilitate the journey experience? From here, identify a single goal statement for each stakeholder journey.

    Stakeholder Scenario Prioritized Opportunities Goal
    Faculty (Engineering) As a faculty (Engineering), I want to prepare and teach my course in a hybrid mode of delivery Centralized repository for research knowledge
    Rationalized course creation tool set
    Support hybrid course curricula development through value-driven toolsets and centralized knowledge

    3.4 Define digital goals

    Objective: Identify digital goals derived from the journey statements.

    1. With the prioritized set of opportunities for each stakeholder journey (the two existing journeys and one opportunity journey) take a step back and assess what the sum of these opportunities means for each journey.
      • What is the overall goal or objective of these opportunities?
      • How do these opportunities change or facilitate the journey experience?
    2. From here, identify a single goal for each stakeholder journey.

    Input

    • Opportunities From Journey Map
    • Stakeholder Persona

    Output

    • Digital Goals

    Materials

    • Prioritization Matrix

    Participants

    • Executives

    Step 3.5

    Breakdown opportunities into series of initiatives

    Activities

    • Identify initiatives from the opportunities.

    Transform stakeholder journeys

    This step will walk you through the following activities:

    Identify people, process, and technology initiatives for the opportunities identified.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    • People, process, and technology initiatives

    Break down opportunities into a series of initiatives

    Brainstorm initiatives for each high-priority opportunity using the framework below. Describe each initiative as a plan or action to take to solve the problem.

    Opportunity → Initiatives:

    People: What initiatives are required to manage people, data, and other organizational factors that are impacted by this opportunity?

    Process: What processes must be created, changed, or removed based on the data?

    Technology: What systems are required to support this opportunity?

    Break down opportunities into a series of initiatives

    Initiatives
    Centralized repository for research knowledge Technology Acquire and implement knowledge management application
    People Train researchers on functionality
    Process Periodically review and validate data entries into repository
    Initiatives
    Rationalize course creation toolset Technology Retire duplicate or under-used tools
    People Provide training on tool types and align to user needs
    Process Catalog software applications and tools across the organization
    Identify under-used or duplicate tools/applications

    Info-Tech Insight

    Ruthlessly evaluate if a initiative should stand alone or if it can be rolled up with another. Fewer initiatives or opportunities increases focus and alignment, allowing for better communication.

    3.5 Break down opportunities into initiatives

    Objective: Break down opportunities into people, process, and technology initiatives.

    1. Split into groups and identify initiatives required to deliver on each opportunity. Document each initiative on sticky notes.
    2. Have each team answer the following questions to identify initiatives for the prioritized opportunities:
      • People: What initiatives are required to manage people, data, and other organizational factors that are impacted by this opportunity?
      • Process: What processes must be created, changed, or removed based on the data?
      • Technology: What systems are required to support this opportunity?
    3. Document findings in the Digital Strategy Workbook.

    Input

    • Opportunities

    Output

    • Opportunity initiatives categorized by people, process and technology

    Materials

    • Digital Strategy Workbook

    Participants

    • Executive team

    Phase 4

    Build a digital transformation roadmap

    • Detail initiatives
    • Build a unified roadmap roadmap

    This phase will walk you through the following activities:

    Build a digital transformation roadmap that captures people, process, and technology initiatives.

    This phase involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes

    • Digital transformation roadmap

    Step 4.1

    Detail initiatives

    Activities

    • Detail initiatives.

    Build a digital transformation roadmap

    This step will walk you through the following activities:

    Detail initiatives for each priority initiative on your horizon.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    • A roadmap for your digital business strategy.

    Create initiative profiles for each high-priority initiative on your strategy

    this image contains a screenshot of an example initiative profile

    Step 4.2

    Build a roadmap

    Activities

    • Create a roadmap of initiatives.

    Build a digital transformation roadmap

    Info-Tech Insight

    A roadmap that balances growth opportunities with business resilience will transform your organization for long-term success in the digital economy.

    This step will walk you through the following activities:

    Identify timing of initiatives and build a Gantt chart roadmap.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    • A roadmap for your digital transformation and the journey canvases for each of the prioritized journeys.

    Build a roadmap to visualize your key initiative plan

    Visual representations of data are more compelling than text alone.

    Develop a high-level document that travels with the initiative from inception through executive inquiry, project management, and finally execution.

    A initiative needs to be discrete: able to be conceptualized and discussed as an independent item. Each initiative must have three characteristics:

    • Specific outcome: Describe an explicit change in the people, processes, or technology of the enterprise.
    • Target end date: When the described outcome will be in effect.
    • Owner: Who on the IT team is responsible for executing on the initiative.
    this image contains screenshots of a sample roadmap for supporting hybrid course curricula development through value-driven toolsets and centralized knowledge.

    4.2 Build your roadmap (30 minutes)

    1. For the Gantt chart:
      • Input the Roadmap Start Year date.
      • Change the months and year in the Gantt chart to reflect the same roadmap start year.
      • Populate the planned start and planned end date for the pre-populated list of high-priority initiatives in each category (people, process, and technology).

    Input

    • Initiatives
    • Initiative start & end dates
    • Initiative category

    Output

    • Digital strategy roadmap visual

    Materials

    • Digital Strategy Workbook

    Participants

    • Senior Executive

    Learn more about project portfolio management strategy

    Step 4.3

    Create a refresh strategy

    Activities

    • Refresh your strategy.

    Build a digital transformation roadmap

    Info-Tech Insight

    A digital strategy is a design process, it must be revisited to pressure test and account for changes in the external environment.

    This step will walk you through the following activities:

    Detail a refresh strategy.

    This step involves the following participants:

    A cross-functional cohort across levels in the organization.

    Outcomes of this step

    • Refresh strategy

    Create a refresh strategy

    It is important to dedicate time to your strategy throughout the year. Create a refresh plan to assess for the changing business context and its impact on the digital business strategy. Make sure the regular planning cycle is not the primary trigger for strategy review. Put a process in place to review the strategy and make your organization proactive. Start by examining the changes to the business context and how the effect would trickle downwards. It’s typical for organizations to build a refresh strategy around budget season and hold planning and touch points to accommodate budget approval time.
    Example:

    this image contains an example of a refresh strategy.

    4.3 Create a refresh strategy (30 minutes)

    1. Work with the digital strategy creation team to identify the time frequencies the organization should consider to refresh the digital business strategy. Time frequencies can also be events that trigger a review (i.e. changing business goals). Record the different time frequencies in the Refresh of the Digital Business Strategy slide of the section.
    2. Discuss with the team the different audience members for each time frequency and the scope of the refresh. The scope represents what areas of the digital business strategy need to be re-examined and possibly changed.

    Example:

    Frequency Audience Scope Date
    Annually Executive Leadership Resurvey, review/ validate, update schedule Pre-budget
    Touch Point Executive Leadership Status update, risks/ constraints, priorities Oct 2021
    Every Year (Re-build) Executive Leadership Full planning Jan 2022

    Input

    • Digital Business Strategy

    Output

    • Refresh Strategy

    Materials

    • Digital Business Strategy Presentation Template
    • Collaboration/ Brainstorming Tool (whiteboard, flip chart, digital equivalent)

    Participants

    • Executive Leaders

    Related Info-Tech Research

    Design a Customer-Centric Digital Operating Model

    Design a Customer-Centric Digital Operating Model

    Establish a new way of working to deliver value on your digital transformation initiatives.

    Develop a Project Portfolio Management Strategy

    Develop a Project Portfolio Management Strategy

    Drive project throughput by throttling resource capacity.

    Adopt Design Thinking in Your Organization

    Adopt Design Thinking in Your Organization

    Innovation needs design thinking.

    Digital Maturity Improvement Service

    Digital Maturity Improvement Service

    Prepare your organization for digital transformation – or risk falling behind.

    Research Contributors and Experts

    Kenneth McGee

    this is a picture of Research Fellow, Kenneth McGee

    Research Fellow
    Info-Tech Research Group

    Kenneth McGee is a Research Fellow within the CIO practice at Info-Tech Research Group and is focused on IT business and financial management issues, including IT Strategy, IT Budgets and Cost Management, Mergers & Acquisitions (M&A), and Digital Transformation. He also has extensive experience developing radical IT cost reduction and return-to-growth initiatives during and following financial recessions.

    Ken works with CIOs and IT leaders to help establish twenty-first-century IT organizational charters, structures, and responsibilities. Activities include IT organizational design, IT budget creation, chargeback, IT strategy formulation, and determining the business value derived from IT solutions. Ken’s research has specialized in conducting interviews with CEOs of some of the world’s largest corporations. He has also interviewed a US Cabinet member and IT executives at the White

    House. He has been a frequent keynote speaker at industry conventions, client sales kick-off meetings, and IT offsite planning sessions.

    Ken obtained a BA in Cultural Anthropology from Dowling College, Oakdale, NY, and has pursued graduate studies at Polytechnic Institute (now part of NYU University). He has been an adjunct instructor at State University of New York, Westchester Community College.

    Jack Hakimian

    this is a picture of Vice President of the Info-Tech Research Group, Jack Hakimian

    Vice President
    Info-Tech Research Group

    Jack has more than 25 years of technology and management consulting experience. He has served multi-billion dollar organizations in multiple industries including Financial Services and Telecommunications. Jack also served a number of large public sector institutions.

    Prior to joining the Info-Tech Research Group, he worked for leading consulting players such as Accenture, Deloitte, EY, and IBM.

    Jack led digital business strategy engagements as well as corporate strategy and M&A advisory services for clients across North America, Europe, the Middle East, and Africa. He is a seasoned technology consultant who has developed IT strategies and technology roadmaps, led large business transformations, established data governance programs, and managed the deployment of mission-critical CRM and ERP applications.

    He is a frequent speaker and panelist at technology and innovation conferences and events and holds a Master’s degree in Computer Engineering as well as an MBA from the ESCP-EAP European School of Management.

    Bibliography

    Abrams, Karin von. “Global Ecommerce Forecast 2021.” eMarketer, Insider Intelligence, 7 July 2021. Web.

    Christenson, Clayton. The Innovator's Dilemma: When New Technologies Cause Great Firms to Fail. Harvard Business School, 1997. Book.

    Drucker, Peter F., and Joseph A. Maciariello. Innovation and Entrepreneurship. Routledge, 2015.

    Eagar, Rick, David Boulton, and Camille Demyttenaere. “The Trends in Megatrends.” Arthur D Little, Prism, no. 2, 2014. Web.

    Enright, Sara, and Allison Taylor. “The Future of Stakeholder Engagement.” The Business of a Better World, October 2016. Web.

    Hatem, Louise, Daniel Ker, and John Mitchell. “A roadmap toward a common framework for measuring the digital economy.” Report for the G20 Digital Economy Task Force, OECD, 2020. Web.

    Kemp, Simon. “Digital 2021 April Statshot Report.” DataReportal, Global Digital Insights, 21 Apr. 2021. Web.

    Larson, Chris. “Disruptive Innovation Theory: 4 Key Concepts.” Business Insights, Harvard Business School, HBS Online, 15 Nov. 2016. Web.

    McCann, Leah. “Barco's Virtual Classroom at UCL: A Case Study for the Future of All University Classrooms?” rAVe, 2 July 2020. Web.

    Mochari, Ilan. “The Startup Buzzword Almost Everyone Uses Incorrectly.” Inc., 19 Nov. 2015. Web.

    Osterwalder, Alexander, et al. Value Proposition Design. Wiley, 2014.

    Reed, Laura. “Artificial Intelligence: Is Your Job at Risk?” Science Node, 9 August 2017.

    Rodeck, David. “Alphabet Soup: Understanding the Shape of a Covid-19 Recession.” Forbes, 8 June 2020. Web.

    Tapscott, Don. Wikinomics. Atlantic Books, 2014.

    Taylor, Paul. “Don't Be A Dodo: Adapt to the Digital Economy.” Forbes, 27 Aug. 2015. Web.

    The Business Research Company. "Wholesale Global Market Report 2021: COVID-19 Impact and Recovery to 2030." Research and Markets, January 2021. Press Release.

    “Topic 1: Megatrends and Trends.” BeFore, 11 October 2018.

    “Updated Digital Economy Estimates – June 2021.” Bureau of Economic Analysis, June 2021. Web.

    Williamson, J. N. The Leader Manager. John Wiley & Sons, 1984.

    Build a More Effective Brand Architecture

    • Buy Link or Shortcode: {j2store}571|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions

    Neglecting to maintain the brand architecture can have the following consequences:

    • Inconsistent branding across product lines, services, and marketing communications.
    • Employee confusion regarding product lines, services, and brand structure.
    • Difficulties in launching new products or services or integrating acquired brands.
    • Poor customer experience in navigating the website or understanding the offerings.
    • Inability to differentiate from competitors.
    • Weak brand equity and a lack of brand loyalty.

    Our Advice

    Critical Insight

    Brand architecture is the way a company organizes and manages its portfolio of brands to achieve strategic goals. It encompasses the relationships between brands, from sub-brands to endorsed brands to independent brands, and how they interact with each other and with the master brand. With a clear brand architecture, businesses can optimize their portfolio, enhance their competitive position, and achieve sustainable growth and success in the long run.

    Impact and Result

    Establishing and upholding a well-defined brand architecture is critical to achieve:

    • Easy recognition and visibility
    • Consistent branding
    • Operational efficiency
    • Customer loyalty
    • Ability to easily adapt to changes
    • Competitive differentiation
    • Distinctive brand image
    • Business success

    Build a More Effective Brand Architecture Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build a More Effective Brand Architecture Storyboard – Develop a brand architecture that supports your business goals, clarifies your brand portfolio, and enhances your overall brand equity.

    We recommend a two-step approach that involves defining or reimagining the brand architecture. This means choosing the right strategy by analyzing the current brand portfolio, identifying the core brand elements, and determining and developing the structure that fits with the brand and business goals. A well-thought-out brand architecture also facilitates the integration of new brands and new product launches.

    • Build a More Effective Brand Architecture Storyboard

    2. Brand Architecture Strategy Template – The brand architecture template is a tool for creating a coherent brand identity.

    Create a brand identity that helps you launch new products and services, prepare for acquisitions, and modify your brand strategy. Allocate resources more effectively and identify new opportunities for growth. A brand architecture can provide insights into how different brands fit together and contribute to the overall brand strategy.

    • Brand Architecture Strategy Template

    Infographic

    Workshop: Build a More Effective Brand Architecture

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Brand Mind Mapping

    The Purpose

    The brand mind mapping workshop is an exercise that helps with visualizing brand architecture and improving coherence and effectiveness in brand portfolio management.

    Key Benefits Achieved

    This exercise can help businesses:

    Allocate their resources more effectively.

    Identify new opportunities for growth.

    Gain a competitive advantage in their market.

    Activities

    1.1 Brand Mind Mapping

    Outputs

    Visual representation of the brand architecture and its various components

    Further reading

    Build a More Effective Brand Architecture

    Strategically optimize your portfolio to increase brand recognition and value.

    Analyst perspective

    Brand Architecture

    Nathalie Vezina, Marketing Research Director, SoftwareReviews Advisory

    Nathalie Vezina
    Marketing Research Director
    SoftwareReviews Advisory

    This blueprint highlights common brand issues faced by companies, such as inconsistencies in branding and sub-branding due to absent or inadequate planning and documentation or non-compliance with the brand architecture. It emphasizes the importance of aligning or modifying the company's brand strategy with the existing architecture to create a consistent brand when launching new products, services, or divisions or preparing for acquisitions.

    Changing the brand architecture can be challenging, as it often requires significant resources, time, and effort. Additionally, there may be resistance from stakeholders who have become attached to the existing brand architecture and may not see the value in making changes. However, it's important for companies to address suboptimal brand architecture to ensure consistency and clarity in brand messaging and support business growth and success.

    This blueprint guides brand leaders on building and updating their brand architecture for optimal clarity, consistency, adaptability, and efficiency.

    Executive summary

    Your Challenge Common Obstacles SoftwareReviews’ Approach
    A company's brand architecture can help brand managers build a stronger brand that supports the company's goals and increases brand value. Failing to maintain the brand architecture can have the following consequences:
    • Inconsistent branding across product lines, services, and marketing communications
    • Employee confusion regarding product lines, services, and brand structure.
    • Difficulties in launching new products or services or integrating acquired brands.
    • Poor customer experience in navigating the website or understanding the offerings.
    • Inability to differentiate from competitors.
    • Weak brand equity and a lack of brand loyalty.
    Establishing and maintaining a clear brand architecture can pose significant issues for brand leaders. Despite these obstacles, defining the brand architecture can yield substantial benefits for businesses. Common constraints are:
    • Lack of knowledge on the subject, resulting in difficulties securing buy-in from stakeholders.
    • Siloed teams and competing priorities.
    • Limited resources and time constraints.
    • Resistance to change from employees or customers.
    • Inconsistent execution and adherence to brand guidelines.
    • Lack of communication and coordination when acquiring new brands.
    With focused and effective efforts and guidance, brand leaders can define or reimagine their brand architecture. Developing and maintaining a clear and consistent brand architecture involves:
    • Defining the brand architecture strategy.
    • Analyzing the current brand portfolio and identifying the core brand elements.
    • Determining and developing the proper brand structure.
    • Updating brand guidelines and messaging.
    • Rolling out the brand architecture across touchpoints and assets.
    • Facilitating the integration of new brands.
    • Monitoring and adjusting the architecture as needed for relevance to business goals.

    "[B]rand architecture is like a blueprint for a house...the foundation that holds all the pieces together, making sure everything fits and works seamlessly."
    Source: Verge Marketing

    The basics of brand architecture

    The significance of brand hierarchy organization

    Brand architecture is the hierarchical organization and its interrelationships. This includes shaping the brand strategy and structuring the company's product and service portfolio.

    A well-designed brand architecture helps buyers navigate a company's product offerings and creates a strong brand image and loyalty.

    A company's brand architecture typically includes three levels:

    • Master or parent brand
    • Sub-brands
    • Endorsed brands

    Choosing the right architecture depends on business strategy, products and services, and target audience. It should be reviewed periodically as the brand evolves, new products and services are launched, or new brands are acquired.

    "A brand architecture is the logical, strategic, and relational structure for your brands, or put another way, it is the entity's 'family tree' of brands, sub-brands, and named products."
    Source: Branding Strategy Insider

    Enhancing a company's brand hierarchy for better business outcomes

    Maximize brand strategy with a well-defined and managed brand architecture.

    Align brand architecture with business goals
    A well-defined brand architecture aligned with business objectives contributes to building brand recognition, facilitating brand extension, and streamlining brand portfolio management. In addition, it improves marketing effectiveness and customer experience.
    With a clear and consistent brand architecture, companies can strengthen their brand equity, increase awareness and loyalty, and grow in their competitive environment.

    Effectively engage with the desired buyers
    A clear and consistent brand architecture enables companies to align their brand identity and value proposition with the needs and preferences of their target audience, resulting in increased customer loyalty and satisfaction.
    Establishing a unique market position and reinforcing brand messaging and positioning allows companies to create a more personalized and engaging customer experience, driving business growth.

    Maintain a competitive edge
    An effective brand architecture allows companies to differentiate themselves from their competitors by establishing their unique position in the market. It also provides a structured framework for introducing new products or services under the same brand, leveraging the existing one.
    By aligning their brand architecture with their business objectives, companies can achieve sustainable growth and outperform their competitors in the marketplace.

    "A well-defined brand architecture provides clarity and consistency in how a brand is perceived by its audience. It helps to create a logical framework that aligns with a brand's overall vision and objectives."
    Source: LinkedIn

    Pitfalls of neglecting brand guidelines

    Identifying the negative effects on business and brand value.

    Deficient brand architecture can manifest in various ways.

    Here are some common symptoms:

    • Lack of clarity around the brand's personality and values
    • Inconsistent messaging and branding
    • Inability to differentiate from competitors
    • Weak brand identity
    • Confusion among customers and employees
    • Difficulty launching new products/services or integrating acquired brands
    • Lack of recognition and trust from consumers, leading to potential negative impacts on the bottom line

    Brand architecture helps to ensure that your company's brands are aligned with your business goals and objectives, and that they work together to create a cohesive and consistent brand image.

    The most common obstacles in developing and maintaining a clear brand architecture

    Establishing and maintaining a clear brand architecture requires the commitment of the entire organization and a collaborative effort.

    Lack of stakeholder buy-in > Resistance to change

    Siloed teams > Inconsistent execution

    Limited resources > Lack of education and communication

    Types of brand architectures

    Different approaches to structuring brand hierarchy

    Brand architecture is a framework that encompasses three distinct levels, each comprising a different type of branding strategy.

    Types of brand architectures

    Examples of types of brand architectures

    Well-known brands with different brand and sub-brands structures

    Examples of types of brand architectures

    Pros and cons of each architecture types

    Different approaches to organizing a brand portfolio

    The brand architecture impacts the cohesiveness, effectiveness, and market reach. Defining or redefining organization changes is crucial for company performance.

    Branded House Endorsed Brands House of Brands
    Other Designations
    • "Monolithic brands"
    • "Sub-brands"
    • "Freestanding brands"
    Description
    • Single brand name for all products/services
    • Creates a unique and powerful image that can easily be identified
    • The master brand name endorses a range of products/services marketed under different sub-brands
    • Decentralized brands
    • Can target diverse markets with separate brand names for each product/service
    Marketing & Comms
    • Highly efficient
    • Eliminates split branding efforts by product/service
    • Product differentiation and tailoring messages to specific customer segments are limited
    • Each brand has its unique identity
    • Benefit from the support and resources of the master brand
    • Allows for unique branding and messaging per products/services for specific customer segments
    • Can experiment with different offerings and strategies
    Impact on Sales
    • Good cross-selling opportunities by leveraging a strong brand name
    • Benefit from the master brand's credibility, building customer trust and increasing sales
    • Tailored marketing to specific segments can increase market share and profitability
    • Creates competitive advantage and builds loyalty
    Cost Effectiveness
    • Cost-effective
    • No separate branding efforts per product/service
    • Lack of economy of scale
    • Fragmentation of resources and duplication of effort
    • Lack of economy of scale
    • Fragmentation of resources and duplication of effort
    Reputation and Image
    • More control over the brand image, messages, and perception, leading to strong recognition
    • Increased vulnerability to negative events can damage the entire brand, products/services offered
    • Mitigated risk, protecting the master brand's reputation and financial performance
    • Negative events with one brand can damage the master and other brands, causing a loss of credibility
    • Reduced risk, safeguarding the master brand's reputation and financial performance
    • Each brand builds its own equity, enhancing the company's financial performance and value
    Consistency
    • Ensures consistency with the company's brand image, values, and messaging
    • Helps build trust and loyalty
    • Inconsistent branding and messaging can cause confusion and misunderstandings
    • Unclear link between master/endorsed brands
    • Reduces trust and brand loyalty
    • Difficult to establish a clear and consistent corporate identity
    • Can reduce overall brand recognition and loyalty

    Brand naming decision tree

    Create a naming process for brand alignment and resonance with the target audience

    To ensure a chosen name is effective and legally/ethically sound, consider the ease of pronunciation/spelling, the availability for registration of brand/domain name, any negative connotations/associations in any language/culture, and potential legal/ethical issues.

    Brand naming decision tree

    To ensure a chosen name is effective and legally/ethically sound, consider the ease of pronunciation/spelling, the availability for registration of brand/domain name, any negative connotations/associations in any language/culture, and potential legal/ethical issues.

    Advantages of defining brand architecture

    Maximize your brand potential with a clear architecture strategy.

    Clear offering

    Adaptability

    Consistent branding

    Competitive differentiation

    Operational efficiency

    Strong brand identity

    Customer loyalty

    Business success

    "Responding to external influences, all brands must adapt and change over time. A clear system can aid in managing the process, ensuring that necessary changes are implemented effectively and efficiently."
    Source: The Branding Journal

    SoftwareReviews' brand architecture creation methodology

    Develop and Implement a Robust Brand Architecture

    Phase Steps

    Step 1 Research and Analysis
    1.1 Define brand architecture strategy
    1.2 Brand audit
    1.3 Identify brand core elements

    Step 2 Development and Implementation
    2.1 Determine brand hierarchy
    2.2 Develop or update brand guidelines
    2.3 Roll out brand architecture

    Phase Outcomes
    • Brand current performance is assessed
    • Issues are highlighted and can be addressed
    • Brand structure is developed and implemented across touchpoints and assets
    • Adjustments are made on an ongoing basis for consistency and relevance to business goals

    Insight summary

    Brand Architecture: Organize and manage your portfolio of brands
    Brand architecture is the way a company organizes and manages its portfolio of brands to achieve strategic goals. It encompasses the relationships between brands, from sub-brands to endorsed brands to independent brands, and how they interact with each other and with the master brand. With a clear brand architecture, businesses can optimize their portfolio, enhance their competitive position, and achieve sustainable growth and success in the long run.

    Aligning brand architecture to business strategy
    Effective brand architecture aligns with the company's business strategy, marketing objectives, and customer needs. It provides clarity and coherence to the brand portfolio, helps customers navigate product offerings, and maximizes overall equity of the brand.

    Choosing between three types of brand architecture
    A company's choice of brand architecture depends on factors like product range, target markets, and strategic objectives. Each approach, Branded House, Endorsed, or House of Brands, has its own pros and cons, and the proper option relies on the company's goals, resources, and constraints.

    A logical brand hierarchy for more clarity
    The order of importance of brands in the portfolio, including the relationships between the master and sub-brands, and the positioning of each in the market is fundamental. A clear and logical hierarchy helps customers understand the value proposition of each brand and reduces confusion.

    A win-win approach
    Clear brand architecture can help customers easily navigate and understand the product offering, reinforce the brand identity and values, and improve customer loyalty and retention. Additionally, it can help companies optimize their marketing strategies, streamline their product development and production processes, and maximize their revenue and profitability.

    Brand architecture, an ongoing process
    Brand architecture is not a one-time decision but an ongoing process that requires regular review and adjustment. As business conditions change, companies may need to revise their brand portfolio, brand hierarchy, or brand extension and acquisition strategies to remain competitive and meet customer needs.

    Brand architecture creation tools

    This blueprint comes with tools to help you develop your brand architecture.

    Brand Architecture Toolkit

    This kit includes a Brand Architecture Mini-Audit, a Brand Architecture template, and templates for Brand Matrix, Ecosystem, and Development Strategy.

    Use this kit to develop a strong brand architecture that aligns with your business goals, clarifies your brand portfolio, and enhances overall brand equity.

    Brand Architecture Toolkit

    Brand Architecture

    Develop a robust brand architecture that supports your business goals, clarifies your brand portfolio, and enhances your overall brand equity.

    "A brand architecture is the logical, strategic, and relational structure for your brands, or put another way, it is the entity's 'family tree' of brands, sub-brands, and named products."
    Source: Branding Strategy Insider

    Consequences of Neglected Brand Guidelines

    When a company neglects its brand architecture and guidelines, it can result in a number of negative consequences, such as:

    • Lack of clarity around the brand's personality and values
    • Inconsistent messaging and branding
    • Inability to differentiate from competitors
    • Weak brand identity
    • Confusion among customers and employees
    • Difficulty launching new products/services or integrating acquired brands
    • Lack of recognition and trust from consumers, leading to potential negative impacts on the bottom line.

    Benefits of SoftwareReviews' Methodology

    By following SoftwareReviews' methodology to develop and maintain a brand architecture, businesses can:

    • Establish a unique market position and stand out from competitors
    • Ensure that marketing efforts are focused and effective
    • Create personalized and engaging customer experiences
    • Reinforce messaging and positioning
    • Increase customer loyalty and satisfaction
    • Build brand recognition and awareness

    Marq, formerly Lucidpress, surveyed over 400 brand management experts and found that "if the brand was consistent, revenue would increase by 10-20%."

    Methodology for Defining Brand Architecture

    Who benefits from this research?

    This research is designed for:

    • Organizations that value their brand and want to ensure that it is communicated effectively and consistently across all touchpoints.
    • Business owners, marketers, brand managers, creative teams, and anyone involved in the development and implementation of brand strategy.

    This research will also assist:

    • Sales and customer experience teams
    • Channel partners
    • Buyers

    This research will help you:

    • Establish a unique market position and stand out from competitors.
    • Create a more personalized and engaging customer experience.
    • Ensure that marketing efforts are focused and effective.
    • Reinforce brand messaging and positioning.

    This research will help them:

    • Increase customer loyalty and satisfaction
    • Build brand recognition and awareness
    • Drive business growth and profitability.

    SoftwareReviews offers various levels of support to best suit your needs

    DIY Toolkit
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."
    Guided Implementation
    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."
    Workshop
    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."
    Consulting
    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."
    Included Within Advisory Membership Optional Add-Ons

    Guided Implementation

    What does a typical GI on this topic look like?

    Research & Analysis
    Call #1: Discuss brand architecture strategy (define objectives, scope and stakeholders). Call #3: Identify core brand components and ensure they align with the brand strategy. Call #5: Develop or update brand guidelines. Optional Calls:
    • Brand Diagnostic
    • Brand Strategy and Tactics
    • Brand Voice Guidelines
    • Asset Creation and Management
    • Brand Messaging
    Call #2: Conduct a brand audit. Call #4: Define and document the brand hierarchy. Call #6: Roll out the brand architecture and monitoring.

    A Guided Implementation (GI) is a series of calls with a SoftwareReviews Marketing Analyst to help implement our best practices in your organization.

    Your engagement managers will work with you to schedule analyst calls.

    Brand Mind Mapping Workshop Overview

    Total duration: 3-4 hours

    Activities
    Visually map out the different elements of your brand portfolio, including corporate brands, sub-brands, product brands, and their relationships with each other.

    The workshop also aims to explore additional elements, such as brand expansions, acquisitions, and extensions, and brand attributes and positioning.

    Deliverables
    Get a mind map that represents the brand architecture and its various components, which can be used to evaluate and improve the overall coherence and effectiveness of the brand portfolio. The mind map can also provide insights into how different brands fit together and contribute to the overall brand strategy.

    Participants

    • Business owners
    • Head of Branding and anyone involved with the brand strategy

    Tools

    • Brand Architecture Template, slides 7 and 8

    Brand Mind Mapping

    Contact your account representative for more information
    workshops@infotech.com | 1-888-670-8889

    Get started!

    Develop a brand architecture that supports your business goals, clarifies your brand portfolio, and enhances your overall brand equity.

    Develop and Implement a Robust Brand Architecture

    Step 1 Research and Analysis
    1.1 Define architecture strategy
    1.2 Perform brand audit
    1.3 Identify brand core elements

    Step 2 Development and Implementation
    2.1 Determine brand hierarchy
    2.2 Develop or update brand guidelines
    2.3 Roll out brand architecture

    Phase Outcome

    • Brand current performance is assessed
    • Issues are highlighted and can be addressed
    • Brand structure is developed and implemented across touchpoints and assets
    • Adjustments made on an ongoing basis for consistency and relevance to business goals

    Develop and implement a robust brand architecture

    Steps 1.1, 1.2 & 1.3 Define architecture strategy, audit brand, and identify core elements.

    Total duration: 2.5-4.5 hours

    Objective
    Define brand objectives (hierarchy, acquired brand inclusion, product distinction), scope, and stakeholders. Analyze the brand portfolio to identify gaps or inconsistencies. Identify brand components (name, logo, tagline, personality) and align them with the brand and business strategy.

    Output
    By completing these steps, you will assess your current brand portfolio and evaluate its consistency and alignment with the overall brand strategy.

    Participants

    • Business owners
    • Head of Branding and anyone involved with the brand strategy

    Tools

    • Diagnose Brand Health to Improve Business Growth Blueprint (optional)
    • Brand Awareness Strategy Template (optional)

    1.1 Define Brand Architecture Strategy
    (60-120 min.)

    Define

    Define brand objectives (hierarchy, inclusion of an acquired brand, product distinction), scope, and stakeholders.

    1.2 Conduct Brand Audit
    (30-60 min.)

    Assess

    Assess the state of your brand architecture using the "Brand architecture mini-audit checklist," slide 9 of the Brand Architecture Strategy Template. Check the boxes that correspond to the state of your brand architecture. Those left unchecked represent areas for improvement.

    For a more in-depth analysis of your brand performance, follow the instructions and use the tools provided in the Diagnose Brand Health to Improve Business Growth blueprint (optional).

    1.3 Identify Core Brand Elements
    (60-90 min.)

    Identify

    Define brand components (name, logo, tagline, personality). Align usage with strategy. You can develop your brand strategy, if not already existing, using the Brand Awareness Strategy Template (optional).

    Tip!

    Continuously monitor and adjust your brand architecture - it's not static and should evolve over time. You can also adapt your brand strategy as needed to stay relevant and competitive.

    Develop and implement a robust brand architecture

    Steps 2.1. 2.2 & 2.3 Develop brand hierarchy, guidelines, and rollout architecture.

    Total duration: 3.5-5.5 hours

    Objective
    Define your brand structure and clarify the role and market position of each. Create concise brand expression guidelines, implement them across all touchpoints and assets, and adjust as needed to stay aligned with your business goals.

    Output
    This exercise will help you establish and apply your brand structure, with a plan for ongoing updates and adjustments to maintain consistency and relevance.

    Participants

    • Business owners
    • Head of Branding and anyone involved with the brand strategy

    Tools

    • Brand Architecture Template
    • Brand Voice Guidelines
    • Brand Messaging Template
    • Asset Creation and Management List Template

    2.1 Determine Brand Hierarchy
    (30-60 min.)

    Analyze & Document

    In the Brand Architecture Strategy Template, complete the brand matrix, ecosystem, development strategy matrix, mind mapping, and architecture, to develop a strong brand architecture that aligns with your business goals and clarifies your brand portfolio and market position.

    2.2 Develop/Update Brand Guidelines
    (120-180 min.)

    Develop/Update

    Develop (or update existing) clear, concise, and actionable brand expression guidelines using the Brand Voice Guidelines and Brand Messaging Template.

    2.2 Rollout Brand Architecture
    Preparation (60-90 min.)

    Create & Implement

    Use the Asset Creation and Management List Template to implement brand architecture across touchpoints and assets.

    Monitor and Adjust

    Use slide 8, "Brand Strategy Development Matrix," of the Brand Architecture Strategy Template to identify potential and future brand development strategies to build or enhance your brand based on your current brand positioning and business goals. Monitor, and adjust as needed, for relevance to the brand and business strategy.

    Tip!

    Make your brand architecture clear and simple for your target audience, employees, and stakeholders. This will avoid confusion and help your audience understand your brand structure.

    Prioritizing clarity and simplicity will communicate your brand's value proposition effectively and create a strong brand that resonates with your audience and supports your business goals.

    Related SoftwareReviews research

    Diagnose Brand Health to Improve Business Growth

    Have a significant and well-targeted impact on business success and growth by knowing how your brand performs, identifying areas of improvement, and making data-driven decisions to fix them.

    • Increase brand awareness and equity.
    • Build trust and improve customer retention and loyalty.
    • Achieve higher and faster growth.

    Accelerate Business Growth and Valuation by Building Brand Awareness

    Successfully build awareness and help the business grow. Stand out from the competition and continue to grow in a sustainable way.

    • Get a clear understanding of the buyer's needs and your key differentiator.
    • Achieve strategy alignment and readiness.
    • Create and manage assets.

    Bibliography

    "Brand Architecture: Definition, Types, Strategies, and Examples." The Branding Journal, 2022.

    "Brand Architecture: What It Is and How to Build Your Brand's Framework." HubSpot, 2021.

    "Brand Architecture Framework." Verge Marketing, 2021.

    "Brand consistency-the competitive advantage and how to achieve it." Marq/Lucidpress, 2021.

    "Building brands for growth: A fresh perspective." McKinsey & Company. Accessed on 31 March 2023.

    Daye, Derrick. "Brand Architecture Strategy Guide." Branding Strategy Insider, The Blake Project, 13 May 2021.

    Todoran, Adrian. "Choosing the Perfect Brand Architecture Strategy for Your Business." LinkedIn, 2023.

    Develop a Use Case for Smart Contracts

    • Buy Link or Shortcode: {j2store}92|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • Organizations today continue to use traditional and often archaic methods of manual processing with physical paper documents.
    • These error-prone methods introduce cumbersome administrative work, causing businesses to struggle with payments and contract disputes.
    • The increasing scale and complexity of business processes has led to many third parties, middlemen, and paper hand-offs.
    • Companies remain bogged down by expensive and inefficient processes while losing sight of their ultimate stakeholder: the customer. A failure to focus on the customer is a failure to do business.

    Our Advice

    Critical Insight

    • Simplify, automate, secure. Smart contracts enable businesses to simplify, automate, and secure traditionally complex transactions.
    • Focus on the customer. Smart contracts provide a frictionless experience for customers by removing unnecessary middlemen and increasing the speed of transactions.
    • New business models. Smart contracts enable the redesign of your organization and business-to-business relationships and transactions.

    Impact and Result

    • Simplify and optimize your business processes by using Info-Tech’s methodology to select processes with inefficient transactions, unnecessary middlemen, and excessive manual paperwork.
    • Use Info-Tech’s template to generate a smart contract use case customized for your business.
    • Customize Info-Tech’s stakeholder presentation template to articulate the goals and benefits of the project and get buy-in from business executives.

    Develop a Use Case for Smart Contracts Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should leverage smart contracts in your business, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Develop a Use Case for Smart Contracts – Phases 1-2

    1. Understand smart contracts

    Understand the fundamental concepts of smart contract technology and get buy-in from stakeholders.

    • Develop a Use Case for Smart Contracts – Phase 1: Understand Smart Contracts
    • Smart Contracts Executive Buy-in Presentation Template

    2. Develop a smart contract use case

    Select a business process, create a smart contract logic diagram, and complete a smart contract use-case deliverable.

    • Develop a Use Case for Smart Contracts – Phase 2: Develop the Smart Contract Use Case
    • Smart Contracts Use-Case Template

    [infographic]

    Workshop: Develop a Use Case for Smart Contracts

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand Smart Contracts

    The Purpose

    Review blockchain basics.

    Understand the fundamental concepts of smart contracts.

    Develop smart contract use-case executive buy-in presentation.

    Key Benefits Achieved

    Understanding of blockchain basics.

    Understanding the fundamentals of smart contracts.

    Development of an executive buy-in presentation.

    Activities

    1.1 Review blockchain basics.

    1.2 Understand smart contract fundamentals.

    1.3 Identify business challenges and smart contract benefits.

    1.4 Create executive buy-in presentation.

    Outputs

    Executive buy-in presentation

    2 Smart Contract Logic Diagram

    The Purpose

    Brainstorm and select a business process to develop a smart contract use case around.

    Generate a smart contract logic diagram.

    Key Benefits Achieved

    Selected a business process.

    Developed a smart contract logic diagram for the selected business process.

    Activities

    2.1 Brainstorm candidate business processes.

    2.2 Select a business process.

    2.3 Identify phases, actors, events, and transactions.

    2.4 Create the smart contract logic diagram.

    Outputs

    Smart contract logic diagram

    3 Smart Contract Use Case

    The Purpose

    Develop smart contract use-case diagrams for each business process phase.

    Complete a smart contract use-case deliverable.

    Key Benefits Achieved

    Smart contract use-case diagrams.

    Smart contract use-case deliverable.

    Activities

    3.1 Build smart contract use-case diagrams for each phase of the business process.

    3.2 Create a smart contract use-case summary diagram.

    3.3 Complete smart contract use-case deliverable.

    Outputs

    Smart contract use case

    4 Next Steps and Action Plan

    The Purpose

    Review workshop week and lessons learned.

    Develop an action plan to follow through with next steps for the project.

    Key Benefits Achieved

    Reviewed workshop week with common understanding of lessons learned.

    Completed an action plan for the project.

    Activities

    4.1 Review workshop deliverables.

    4.2 Create action plan.

    Outputs

    Smart contract action plan

     

    Create an Agile-Friendly Project Gating and Governance Approach

    • Buy Link or Shortcode: {j2store}162|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $33,499 Average $ Saved
    • member rating average days saved: 57 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Organizations often apply gating and governance to IT projects to ensure resources are being used efficiently and effectively.
    • Agile project teams often complain that traditional project gating and governance interfere with their ability to delivery because traditional gating and governance were designed for Waterfall delivery methods.

    Our Advice

    Critical Insight

    Imposing a traditional gating and governance approach on an Agile project can eliminate the advantages that Agile delivery methods offer. Make sure to rework your traditional project gating and governance approach to be Agile friendly.

    Impact and Result

    • Create a project gating and governance approach that is Agile friendly and helps your organization realize the most benefit from its Agile transformation.
    • Oversee your Agile projects with confidence by adjusting the level of support and oversight they receive based on their Agilometer score.
    • Define a revised set of project gating artifacts that support Agile delivery methods.
    • Adopt a “trust but verify” approach to Agile project gating that will reduce risk and help ensure value delivery.

    Create an Agile-Friendly Project Gating and Governance Approach Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create an Agile-Friendly Project Gating and Governance Approach Deck – A step-by-step guide to creating an Agile-friendly project gating and governance approach that will support Agile delivery methods in your organization.

    This deck is a guide to creating your own Agile-friendly project gating and governance approach using Info-Tech’s Agile Gating Framework.

    • Create an Agile-Friendly Project Gating and Governance Approach – Phases 1-3

    2. Your Gates 3 and 3A Checklists – The Gates 3 and 3A Checklists are used to determine when a project is ready to enter and exit the Risk Reduction & Value Confirmation phase.

    Modify Info-Tech’s Gates 3 and 3A Checklists to meet your organization’s needs, and then use them to determine when Agile projects are ready to enter and exit the RRVC phase.

    • Gates 3 and 3A Checklists

    3. Your Agilometer – The Agilometer is used to determine a project’s readiness to use an Agile delivery method.

    Modify Info-Tech’s Agilometer to meet your organization’s needs, and then use it to determine the level of support and oversight the project will need.

    • Agilometer

    4. Your Agile Project Status Report – An Agile Status Report will be used to monitor project progress.

    Modify Info-Tech’s Agile Project Status Report to meet your organization’s needs, and then use it to monitor in-flight Agile projects.

    • Agile Project Status Report

    5. Project Burndown Chart – A tool to let you monitor project burndown over time.

    Use Info-Tech’s Project Burndown Chart to monitor the progress of your in-flight Agile projects.

    • Project Burndown Chart

    6. Traditional to Agile Gating Artifact Mapping – A tool to help you rework your project gating artifacts to be Agile-friendly.

    Use Info-Tech’s Traditional to Agile Gating Artifact Mapping tool to modify your gating artifacts for Agile projects.

    • Traditional to Agile Gating Artifact Mapping
    [infographic]

    Further reading

    Create an Agile-Friendly Project Gating and Governance Approach

    Use Info-Tech’s Agile Gating Framework as a guide to gating your Agile projects using a “trust but verify” approach.

    Table of Contents

    Analyst Perspective

    Executive Summary

    Phase 1: Establish Your Gating and Governance Purpose

    Phase 2: Understand and Adapt Info-Tech’s Agile Gating Framework

    Phase 3: Complete Your Agile Gating Framework

    Where Do I Go Next?

    Bibliography

    Facilitator Slides

    Analyst Perspective

    Make your gating and governance process Agile friendly by following a “trust but verify” approach

    Most project gating and governance approaches are designed for traditional (Waterfall) delivery methods. However, Agile delivery methods call for a different way of working that doesn’t align well with these approaches.

    Applying traditional project gating and governance to Agile projects is like trying to fit a square peg in a round hole. Not only will it make Agile project delivery less efficient, but in the extreme, it can lead to outright project failure and even derail your organization’s Agile transformation.

    If you want Agile to successfully take root in your organization, be prepared to rethink your current gating and governance practices. This document presents a framework that you can use to rework your approach to provide both effective oversight and support for your Agile projects.

    Photo of Alex Ciraco, Principal Research Director, Application Delivery and Management, Info-Tech Research Group. Alex Ciraco
    Principal Research Director,
    Application Delivery and Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge
    • Many government organizations are adopting Agile project delivery methods because they have proven to be more effective than traditional delivery approaches at responding to today’s fast pace of change.
    • Government organizations have an obligation to govern projects to ensure effective use of public resources, regardless of the delivery method being used.
    Common Obstacles
    • Most government gating and governance frameworks were designed around traditional (often called “Waterfall”) delivery methods.
    • Agile and Waterfall work in completely different ways, so imposing traditional gating and governance frameworks on Agile projects will stifle progress and can even lead to project failure.
    • Government organizations must adjust their gating and governance frameworks to accommodate Agile delivery methods.
    Info-Tech’s Approach
    • Begin by understanding the fundamental purpose of project gating and governance.
    • Next, understand the major differences between Agile and Waterfall delivery methods.
    • Then, armed with this knowledge, use Info-Tech’s Agile Gating Framework to redefine your gating and governance approach to be Agile friendly.
    Info-Tech Insight

    Imposing a traditional governance approach on an Agile project can eliminate the advantages that Agile delivery methods offer. Make sure to rework your project gating and governance approach to be Agile friendly.

    Info-Tech’s methodology for Creating an Agile-Friendly Project Gating and Governance Approach

    1. Establish Your Gating and Governance Purpose 2. Understand and Adapt Info-Tech’s Agile Gating Framework 3. Complete your Agile Gating Framework
    Phase Steps

    1.1 Understand How We Gate and Govern Projects

    1.2 Compare Traditional to Agile Delivery

    1.3 Realize What Traditional Gating Looks Like and Why

    2.1 Understand How Agile Manages Risk and Ensures Value Delivery

    2.2 Introducing Info-Tech’s Agile Gating Framework

    2.3 Create Your Agilometer

    2.4 Create an Agile-Friendly Project Status Report

    2.5 Select Your Agile Health Check Tool

    3.1 Map Your Traditional Gating Artifacts to Agile Delivery

    3.2 Determine Your Now, Next, Later Roadmap for Implementation

    Phase Outcomes
    1. Your gating/governance purpose statement
    2. A fundamental understanding of the difference between traditional and Agile delivery methods.
    1. An understanding of Info-Tech’s Agile Gating Framework
    2. Your Gates 3 and 3A checklists
    3. Your Agilometer tool
    4. Your Agile project status report template
    5. Your Agile health check tool
    1. Artifact map for your Agile gating framework
    2. Roadmap for Agile gating implementation

    Key Deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals, including:

    Agilometer Tool

    Create your customized Agilometer tool to determine project support and oversight needs.
    Sample of the 'Agilometer Tool' deliverable.

    Gates 3 and 3A Checklists

    Create your customized checklists for projects at Gates 3 and 3A.
    Sample of the 'Gates 3 and 3A Checklists' deliverable.

    Agile-Friendly Project Status Report

    Create your Agile-friendly project status report to monitor progress.
    Sample of the 'Agile-Friendly Project Status Report' deliverable.

    Artifact Mapping Tool

    Map your traditional gating artifacts to their Agile replacements.
    Sample of the 'Artifact Mapping Tool' deliverable.

    Create an Agile-Friendly Project Gating and Governance Approach

    Phase 1

    Establish your gating and governance purpose

    Phase 1

    1.1 Understand How We Gate and Govern Projects

    1.2 Compare Traditional to Agile Delivery

    1.3 Realize What Traditional Gating Looks Like And Why

    Phase 2

    2.1 Understand How Agile Manages Risk and Ensures Value Delivery

    2.2 Introducing Info-Tech’s Agile Gating Framework

    2.3 Create Your Agilometer

    2.4 Create Your Agile-Friendly Project Status Report

    2.5 Select Your Agile Health Check Tool

    Phase 3

    3.1 Map Your Traditional Gating Artifacts to Agile Delivery

    3.2 Determine Your Now, Next, Later Roadmap for Implementation

    This phase will walk you through the following activities:

    • Understand why gating and governance are so important to your organization.
    • Compare and contrast traditional to Agile delivery.
    • Identify what form traditional gating takes in your organization.

    This phase involves the following participants:

    • PMO/Gating Body
    • Delivery Managers
    • Delivery Teams
    • Other Interested Parties

    Agile gating–related facts and figures

    73% of organizations created their project gating framework before adopting or considering Agile delivery practices. (Athens Journal of Technology and Engineering)

    71% of survey respondents felt an Agile-friendly gating approach improves both productivity and product quality. (Athens Journal of Technology and Engineering)

    Moving to an Agile-friendly gating approach has many benefits:
    • Faster response to change
    • Improved productivity
    • Higher team morale
    • Better product quality
    • Faster releases
    (Journal of Product Innovation Management)

    Traditional gating approaches can undermine an Agile project

    • Most existing gating and governance frameworks (often referred to as phase-gate) impose requirements on projects that are anti-patterns to an Agile delivery approach
    • For example, any gating approach that requires a project to deliver a detailed requirements document before coding can begin will make it difficult or impossible for the project to use an Agile delivery method.
    • The same can be said for other common phase-gate requirements including:
      • Imposing a formal (and onerous) change control process on project requirements.
      • Requiring a detailed design document and/or detailed user acceptance test plan at the beginning of the project.
      • Asking the project to produce a detailed project plan.
    (DZone)
    Don’t make the mistake of asking an Agile project to follow a traditional phase-gate approach to project delivery!

    Before reworking your gating approach, you need to consider two important questions

    Answering these questions will help guide your new gating process to both be Agile friendly and meet your organization’s needs

    1. What is the fundamental purpose of gating? By examining the fundamental purpose of gating, you will be better able to adjust your approach to achieve the desired outcomes in an Agile context.
    2. How does Agile delivery differ from traditional? By understanding how Agile delivery differs from traditional, you will be better able to adjust your gating approach to support Agile delivery methods.

    Stock image of speech bubbles hanging on string with a question mark and lightbulb drawn on them.

    Build an Extensible Data Warehouse Foundation

    • Buy Link or Shortcode: {j2store}342|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Big Data
    • Parent Category Link: /big-data
    • Data warehouse implementation is a costly and complex undertaking, and can end up not serving the business' needs appropriately.
    • Too heavy a focus on technology creates a data warehouse that isn’t sustainable and ends up with poor adoption.
    • Emerging data sources and technologies add complexity to how the appropriate data is made available to business users.

    Our Advice

    Critical Insight

    • A data warehouse is a project; but successful data warehousing is a program. An effective data warehouse requires planning beyond the technology implementation.
    • Governance, not technology needs to be the core support system for enabling a data warehouse program.
    • Understand business processes at the operational, tactical, and ad hoc levels to ensure a fit-for-purpose DW is built.

    Impact and Result

    • Leverage an approach that focuses on constructing a data warehouse foundation that is able to address a combination of operational, tactical, and ad hoc business needs.
    • Invest time and effort to put together pre-project governance to inform and provide guidance to your data warehouse implementation.
    • Develop “Rosetta Stone” views of your data assets to facilitate data modeling.
    • Select the most suitable architecture pattern to ensure the data warehouse is “built right” at the very beginning.

    Build an Extensible Data Warehouse Foundation Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why the data warehouse is becoming an important tool for driving business value, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prepare for the data warehouse foundation project

    Begin the data warehouse foundation by defining the project and governance teams, as well as reviewing supporting data management practices.

    • Build an Extensible Data Warehouse Foundation – Phase 1: Prepare for the Data Warehouse Foundation Project
    • Data Warehouse Foundation Project Plan Template
    • Data Warehouse Work Breakdown Structure Template
    • Data (Warehouse) Architect
    • Data Integration Specialist
    • Business Intelligence Specialist
    • Director of Data Warehousing/Business Intelligence
    • Data Warehouse Program Charter Template
    • Data Warehouse Steering Committee Charter Template

    2. Establish the business drivers and data warehouse strategy

    Using the business activities as a guide, develop a data model, data architecture, and technology plan for a data warehouse foundation.

    • Build an Extensible Data Warehouse Foundation – Phase 2: Establish the Business Drivers and Data Warehouse Strategy
    • Business Data Catalog
    • Data Classification Inventory Tool
    • Data Warehouse Architecture Planning Tool
    • Master Data Mapping Tool

    3. Plan for data warehouse governance

    Start developing a data warehouse program by defining how users will interact with the new data warehouse environment.

    • Build an Extensible Data Warehouse Foundation – Phase 3: Plan for Data Warehouse Governance
    • Data Warehouse Standard Operating Procedures Template
    • Data Warehouse Service Level Agreement
    [infographic]

    Workshop: Build an Extensible Data Warehouse Foundation

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Prepare for the Data Warehouse Foundation Project

    The Purpose

    Identify the members of the foundation project team.

    Define overarching statements and define success factors/risks.

    Outline basic project governance.

    Key Benefits Achieved

    Defined membership, roles, and responsibilities involved in the foundation project.

    Establishment of a steering committee as a starting point for the data warehouse program.

    Activities

    1.1 Identify foundation project team and create a RACI chart.

    1.2 Understand what a data warehouse can and cannot enable.

    1.3 Define critical success factors, key performance metrics, and project risks.

    1.4 Develop rough timelines for foundation project completion.

    1.5 Define the current and future states for key data management practices.

    Outputs

    Job Descriptions and RACI

    Data Warehouse Steering Committee Charter

    Data Warehouse Foundation Project Plan

    Work Breakdown Structure

    2 Establish the Business Drivers and Data Warehouse Strategy

    The Purpose

    Define the information needs of the business and its key processes.

    Create the components that will inform an appropriate data model.

    Design a data warehouse architecture model.

    Key Benefits Achieved

    Clear definition of business needs that will directly inform the data and architecture models.

    Activities

    2.1 Understand the most fundamental needs of the business.

    2.2 Define the data warehouse vision, mission, purpose, and goals.

    2.3 Detail the most important operational, tactical, and ad hoc activities the data warehouse should support.

    2.4 Link the processes that will be central to the data warehouse foundation.

    2.5 Walk through the four-column model and business entity modeling as a starting point for data modeling.

    2.6 Create data models using the business data glossary and data classification.

    2.7 Identify master data elements to define dimensions.

    2.8 Design lookup tables based on reference data.

    2.9 Create a fit-for-purpose data warehousing model.

    Outputs

    Data Warehouse Program Charter

    Data Warehouse Vision and Mission

    Documentation of Business Processes

    Business Entity Map

    Business Data Glossary

    Data Classification Scheme

    Data Warehouse Architecture Model

    3 Plan for Data Warehouse Governance

    The Purpose

    Create a plan for governing your data warehouse efficiently and effectively.

    Key Benefits Achieved

    Documentation of current standard operating procedures.

    Identified members of a data warehouse center of excellence.

    Activities

    3.1 Develop a technology capability map to visualize your desired state.

    3.2 Establish a data warehouse center of excellence.

    3.3 Create a data warehouse foundation roadmap.

    3.4 Define data warehouse service level agreements.

    3.5 Create standard operating procedures.

    Outputs

    Technology Capability Map

    Project Roadmap

    Service Level Agreement

    Data Warehouse Standard Operating Procedure Workbook

    IT Management and Policies

    • Buy Link or Shortcode: {j2store}23|cart{/j2store}
    • Related Products: {j2store}23|crosssells{/j2store}
    • InfoTech Academy Title: IT management and policies videos
    • InfoTech Academy Excerpt: More videos are available once you join. Contact us for more information.
    • Teaser Video: Visit Website
    • Teaser Video Title: Policies Academy Overview
    • member rating overall impact (scale of 10): 9.5/10
    • member rating average dollars saved: $23101
    • member rating average days saved: 11
    • Parent Category Name: Strategy and Governance
    • InfotechAcademy-Executivebrief: Visit Website
    • Parent Category Link: /strategy-and-governance
    Create policies that matter most to your organization.

    Management, policy, policies

    Select and Prioritize Digital Initiatives

    • Buy Link or Shortcode: {j2store}102|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation

    The business has embarked on its digital transformation journey. As CIO, you are being relied on to help triage what is most important – initiatives that will move the needle to achieve and fulfill the digital goals and ambitions of the organization.

    • If selection criteria are not identified and well defined, then digital initiatives risk being misprioritized or, worse yet, incorrectly labelled as having high ROI.
    • Like any other project, net-new digital initiatives must be triaged according to the value they bring to the organization.
    • Just as importantly, the complexity of each initiative must also be weighed as a critical factor of success.

    Our Advice

    Critical Insight

    Once the scope of the digital strategy and its goals are finalized, the heavy lifting begins. CIOs must prepare for this change by evaluating opportunities and prioritizing which will become digital initiatives.

    Impact and Result

    By using an appropriate selection process, CIOs can prioritize the digital initiatives that will matter most to the organization and drive business value.

    Select and Prioritize Digital Initiatives Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Select and Prioritize Digital Initiatives Storyboard – A step-by-step document that walks you through how to prepare an IT department to embrace innovation and support the organization’s digital initiatives.

    Part of Info-Tech’s seven-phase approach for aligning IT with the business’ digital strategy, this deck focuses the core and enabling initiatives that define IT’s innovation goals. By the end of this deck, the IT leader will have a roadmap of prioritized initiatives that enable the organization’s digital business initiatives.

    • Select and Prioritize Digital Initiatives Storyboard
    [infographic]

    Further reading

    Select and Prioritize Digital Initiatives

    Build your digital investment business case.

    Info-Tech Research Group

    Info-Tech is a provider of best-practice IT research advisory services that make every IT leader’s job easier.
    35,000 members sharing best practices you can leverage. Millions spent annually developing tools and templates. Leverage direct access to over 100 analysts as an extension of your team. Use our massive database of benchmarks and vendor assessments. Get up to speed in a fraction of the time.

    Key Concepts

    Digital initiative

    A project – or a group of interdependent projects – whose primary purpose is to enable digital technologies and/or digital business models. These technologies and models may be net new to the organization, or they may be existing ones that are optimized and improved by the initiative itself.

    The feasibility of any initiative is gauged by answering:

    • What amount of return on investment (ROI) or value does it bring to the organization?
    • What level of complexity does it pose to project execution?
    • To what extent does it solve a problem or leverage an opportunity?
    • To what degree is it aligned with digital business goals?

    Digital strategy

    The plan to deploy existing/emerging technologies to look at developing new products and services, new business models, and operational efficiency to meet or exceed performance targets.

    IT strategy

    The plan for deploying and maintaining applications, hardware, infrastructure, and IT services that support the business goals in a secure/regulatory-compliant manner to ensure reliability.

    Digital transformation

    Digital transformation is an at-scale change program – planned and executed over a finite time period – with the aspiration of creating material and sustainable improvement in the performance of an organization. Techniques include deploying a programmatic approach to innovation along with enabling technologies, capabilities, and practices that drive efficiency and create new products, markets, and business models.

    Your Challenge

    • Once the scope of the digital strategy and its goals are finalized, the heavy lifting begins.
    • The CIO must prepare for this change by evaluating opportunities and prioritizing which will become digital initiatives.
    • But where to start with prioritization? What should the selection criteria be?
    • To answer these all-important questions, the CIO must identify what success actually looks like.

    Common Obstacles

    • If selection criteria are not identified and well-defined, then digital initiatives risk being neglected or worse yet, incorrectly labelled as having high ROI.
    • Like any other project, net-new digital initiatives must be triaged according to the value they bring to the organization.
    • Just as importantly, the complexity of each initiative must also be weighed as a critical factor of success.

    Solution

    • Determine and set your selection criteria by leveraging the matrix provided in this deck.
    • Evaluate each proposed initiative against this repeatable process in order to test your assumptions.
    • Develop a business case for each high priority digital initiative that captures its benefits and business value.
    • Assemble your prioritized list of digital initiatives to present to stakeholders.

    Info-Tech Insight

    The business has embarked on its digital transformation journey. As CIO, you are being relied on to help triage what is most important – initiatives that will move the needle to achieve and fulfill the digital goals and ambitions of the organization.

    Analyst Perspective

    Prioritization follows ideation, and it’s not always easy.

    Ross Armstrong

    Your stakeholders have spent considerable time and effort identifying and articulating a digital business strategy. Now that ideas have turned into opportunities, the CIO must prioritize those opportunities as actual initiatives. Where to begin?

    Your first task is to identify the criteria that will be used to conduct prioritization activities. These criteria should be immutable and rigorously applied.

    Your second task will be to develop business cases for each opportunity that passes muster. But don’t worry, you won’t need an MBA to get the job done properly.

    Ross Armstrong

    Principal Research Director
    Info-Tech Research Group

    Info-Tech’s digital transformation journey

    Info-Tech’s digital transformation journey: 1 - Visualize the art of the digitally possible, 2 - Evolve your digital business strategy, 3 - Execute with confidence

    Info-Tech's digital transformation journey for industry members. Table shows the stakeholders, advisory support and deliverables for each industry members

    By now, you have established your current strategic context

    You have reviewed trends to reimagine the future of your industry and undertaken a digital maturity assessment to validate your business objectives and innovation goals. Now you need to evolve the current scope of your digital vision and opportunities.

    • Phase 1.1: Industry Trends Report

    • Phase 1.2: Digital Maturity Assessment

    • Phase 2.1: Zero In on Business Objectives

    By this point you have leveraged industry roundtables to better understand the art of the possible – exploring global trends, shifts in market forces or industry, customer needs, emerging technologies, and economic forecasts and creating opportunities out of these disruptions.

    In Phase 2.1, you identified your business and innovation goals and documented your current capabilities, prioritized for transformation.

    Business and innovation goals have been established through stakeholder interviews and business document review.

    Current capabilities have been prioritized for transformation and heat mapped.

    You have also formalized your digital strategy

    Throughout the course of Phase 2.2, you identified new digital opportunities, identified the business capabilities required to capitalize those opportunities, and updated the digital goals of your organization, accordingly.

    An example of a formalized digital strategy from Phase 2.2.

    The end result of this exercise is a new goals cascade that aligns digital goals and capabilities with those of the business. Digital initiatives were also identified but not yet selected or prioritized for execution at the project level.

    Now you will select and prioritize digital initiatives

    The goal of this phase is to ensure that initiatives that are green-lit for execution have been successfully assessed against your chosen criteria and that the business case for each initiative is firmly established and documented.

    Info-Tech’s digital transformation journey for industry members.

    There are three key activities outlined here that describe the actions that can be undertaken by industry members to help select and prioritize digital initiatives for the business.

    1. Identify your selection criteria

    2. Evaluate initiatives against criteria

    3. Determine a prioritized list of initiatives

    Info-Tech’s approach

    1

    Identify your selection criteria

    • Define what viability actually looks like.
    • Conduct an evaluation session to test your assumptions
    2

    Evaluate initiatives against criteria

    • Evaluate and validate an initiative to determine its viability.
    • Map the benefits and value proposition for each initiative.
    • Build a business case and profile for each selected initiative.
    3

    Determine a prioritized list of initiatives

    • Finalize your initiatives list and compile all relevant information.
    • Communicate the list to stakeholders.

    Step 1: Identify Your Selection Criteria

    Understand which conditions must be met in order to turn an opportunity into a digital initiative.

    Step 1: Identify Your Selection Criteria

    Step 1

    Identify Your Selection Criteria

    1.1

    Define what "viable" looks like

    Set criteria types and thresholds.

    It is impossible to gauge whether or not an opportunity is worthwhile if you don’t have a yardstick to measure it by. However, what is viable for one organization in a particular industry may not be viable for a company elsewhere.

    Consider:
    • Use the criteria already set forth in this deck.
    • If for any reason you cannot use these criteria, work with stakeholders to establish viability factors that suit both the business and IT.
    Avoid:
    • Vague language when establishing your own criteria.
    • Ambiguity in both measures and their definitions. Be crystal clear.

    1.2

    Conduct an evaluation session

    Test your assumptions by piloting prioritization.

    Select an initiative from one of the opportunity profiles from Phase 2.2 and run it through the selection criteria. From there, determine if your assumptions are sound. If not, tweak the criteria and test again until all stakeholders have confidence in the process.

    Consider:
    • Most if not all projects must go through the IT project management office (PMO) or project management leader, so why not create a “digital-only” track for digital business initiatives?
    • Which digital initiatives also represent a sound strategic fit to the organization?
    • Have we undertaken previous projects that are similar? Were those successful? Why or why not?
    Avoid:
    • Making too many initiatives high priority. IT resources are limited, so be ruthless.
    • Taking on too many initiatives at once. Most IT organizations can only work on a small number at any given time.

    Use these selection criteria to prioritize initiatives

    Ideas matter, but not all ideas are created equal. Now that you have elicited ideas and identified opportunities, discuss the assumptions, risks, and benefits associated with each proposed digital business initiative.

    Complexity versus Impact. Shows initiatives that have a business Must Prioritize (High value/low complexity), Should Plan (High value/high complexity), Could Have (Low Value/ Low complexity), and Don't need (Low value/high complexity)

    Prioritize opportunities into initiatives

    Recall that the opportunities identified in Phase 2.2 also became proposed digital initiatives demonstrated in your goals cascade.

    In your discussion, evaluate each opportunity through a matrix to create tension between value and complexity or other dimensions. Capture the information based on measurable business benefits-realization; risks or considerations; assumptions; and competencies, talent, and assets needed to deliver.

    Prioritize opportunities into Initiatives. For example: new digital products and services, intelligent fleet management via automation, ERP automation etc.

    Leverage opportunity profiles from your digital strategy

    To start, take one of the opportunity profiles you created in Phase 2.2, Build Your Digital Vision and Strategy, and use it throughout the following steps. Once done, repeat with the next opportunity profile until all have been vetted against criteria. If you did not use Info-Tech’s approach, simply use whatever list of digital business opportunities provided to you from stakeholders.

    Robotic process automation Template.

    Prioritization Criteria

    Run each initiative through the following evaluation criteria. When finished, any opportunities that appear in the top left quadrant (high value/low complexity) are now your highest priority digital initiatives.

    Instructions:

    Assign each initiative a letter. As you decide on each one, move a copy of the circled letter to its appropriate place on the 2x2 selection matrix.

    List of digital opportunities.

    Complexity versus Impact. Shows initiatives that have a business Must Prioritize (High value/low complexity), Should Plan (High value/high complexity), Could Have (Low Value/ Low complexity), and Don't need (Low value/high complexity)

    Info-Tech Insight

    Evaluation should be based on the insights from analysis across all criteria. Leverage group discussion to help contextualize and challenge assumptions when validating opportunities.

    Digital initiative ≠ IT project

    Every idea is a good one, unless you need one that works. What “works” as a digital initiative is not the same thing as a straightforward IT project that would be typically managed by a project manager or PMO. These latter projects will be addressed in Phase 3.1 of the digital journey.

    Opportunities and business needs > Business model > Impact > Mandatory > Innovation path forward

    Digital Track

    Focus: Transform the business and operations

    1. Problem may not be well defined.
    2. “Initiative” is not clear.
    3. Based on market research, customer needs, trend analysis, and economic forecast, risk to the business if fit-for-purpose initiative is not identified.
    4. Previous delivery results not as expected, or uncertain how to continue the project.
    5. Highly complex with significant impact to transform the business or operations.
    6. Execution approach is not clear.
    7. Capabilities may not exist within IT.

    IT PMO

    1. Emerging technology trends create opportunities to modernize IT, not transform business.
    2. Problem is well defined and understood.
    3. Initiative is clearly identified.
    4. New IT project.
    5. Can be complex but does not transform the business.
    6. Standard PMP approach is a good fit.
    7. Capabilities exist to execute within IT.
    8. Software vendor or systems integrator is initiative provider.

    Step 2: Evaluate Initiatives Against Criteria

    Ruthlessly prioritize which opportunities will deliver the greatest business value and pose the best chance of success.

    Step 2: Evaluate initiatives against criteria.

    Step 2

    Evaluate Initiatives Against Criteria

    2.1

    Evaluate and validate

    Evaluate and validate (or invalidate) opportunities.

    Now that you have tested and refined the selection criteria, take each opportunity profile from Phase 2.2 and run it through its paces. Once plotted on the 2x2 matrix, you will have a clear and concise view of high priority digital initiatives.

    Consider:
    • What are the timing, relevance, and impact of each initiative being evaluated?
    • What are the merits of each opportunity?
    • What are the extent and reach of their impacts?
    Avoid:
    • Guesswork. Stick with what you know based on the available information and data at hand.

    2.2

    Determine benefits

    Document benefits and value proposition.

    Identify and determine the benefits of each high priority initiative, including the benefit type (e.g. observable, financial, etc.). In addition, discuss and articulate the value proposition for each high priority initiative.

    Consider:
    • Tangible and intangible benefits.
    • Creating a vision statement for each initiative selected as high priority.
    Avoid:
    • Don’t reach too much when identifying benefits. Be realistic.

    2.3

    Make your case

    Build a business case for each initiative.

    Once you have enunciated the value and benefits of each high priority initiative, create a business case and profile for each one that includes known costs, risks, and so on. These materials will be crucial for project execution and IT capability planning in Phase 2.3 of your digital journey.

    Consider:
    • All forms of costs, both in terms of time, labor, and physical assets and resources.
    • Stick with a short-form business case for now to save time. You can always expand it into full-form business case later on, if necessary.
    Avoid:
    • Generalities. Be conservative in your estimates and keep them grounded in what has transpired in past initiatives at the organization.

    Exemplar: Prioritization criteria

    Your prioritization matrix should look something like this. Initiatives B and C will now have short-form business cases developed for them. Initiatives in the “Should Plan” quadrant can be dealt with later.

    List of initiatives for digital opportunities. Complexity versus Impact. Shows initiatives that have a business Must Prioritize (High value/low complexity), Should Plan (High value/high complexity), Could Have (Low Value/ Low complexity), and Don't need (Low value/high complexity)

    Draw information from the opportunity profiles

    You created opportunity profiles in Phase 2.2 to clarify, validate and evaluate specific ideas for digital initiatives. In these profiles, you considered the timing, relevance, and impact of those opportunities.

    Some prioritized initiatives will have an immediate and significant impact on your business. Some may have a significant impact, but on a longer timeline. Understanding this is important context for your overall digital business strategy.

    Above all, you must be able to communicate to stakeholders how the newly prioritized digital initiatives are relevant to driving the strategic growth of the business.

    Start by elucidating further on initiative benefits and business value as outlined in the opportunity profile. This will become crucial for completing your next step – building a short-form business case for each prioritized initiative.

    Robotics Process Automation Template. Benefits and outcomes as well as incremental value are highlighted. The next slide is a template for the short-form business case, while the slides after that contain instructions on how to fill out each section of the business case.

    Short-Form Business Case Template

    Short form business case template. Shows value proposition, initiative benefits and initiative roadmap.

    Prepare your business case for each initiative

    Tasks:

    1. On a whiteboard, draw the visual initiative canvas supplied below.
    2. For each prioritized initiative, leverage its opportunity profile (if used) to list the resulting customer or stakeholder products/services and its pain relievers and gain creators in the associated sections of the canvas.
    3. Ensure that the top pains, gains, and jobs are addressed by products/services, pain relievers, and gain creators.
    4. Use this information as a basis for further exercises in this section, such as defining benefits, articulating value proposition and vision, and cost estimates.
    Initiative canvas example.

    Input

    • The initiative’s opportunity profile from Phase 2.2 of the Digital Journey series (if used)

    Output

    • Short-form initiative business case

    Materials

    • Whiteboard and markers

    Participants

    • Opportunity owner
    • Opportunity group/team

    Expand on the key benefits of each initiative

    Business cases are not just a vehicle with which to acquire resources for investments, they are a mechanism that helps ensure the benefits of an investment are realized. To accomplish this, a business case must have a set of clearly defined benefits, combined with an understanding of how they will be measured and an explicitly stated beneficiary who can corroborate that the benefit has been realized.

    What is a benefit?

    Benefits are the advantages, or outcomes, that specific groups or individuals realize as a result of the proposed initiative’s implementation.

    Initiative inputs

    Initiative inputs are the time, resources, and scope dedicated to the endeavor of implementing an initiative.

    Benefits of initiative and initiative inputs diagram.

    Identify how to measure benefit achievement

    Benefits are realized when an organization either starts doing something new, stops doing something, or improves the way something is already being done. The impact of these changes must be measured in order to determine whether the change is positive and if the case warrants more resources in order to scale.

    Types of benefits

    • Observable: These are measured by opinion or judgement.
    • Measurable: These can be identified when there is an existing measure in place for the benefit (or when one can be easily created).
    • Quantifiable: Similar to measurable benefits; however, these benefits additionally feature size or magnitude (if it can be reliably estimated).
    • Financial: These are benefits that can be communicated in monetary terms. A benefit should only be classified as financial when sufficient evidence is available to show that the stated value is likely to be achieved.

    Benefit owners and responsibilities

    1. Each benefit should have assigned to it an explicit owner who gains an advantage as a result of the initiative’s implementation.
    2. For most benefits, the owner will be the primary beneficiary of the initiative.
    3. These individuals are the ones who must corroborate that a benefit has been realized.
    4. Assigning an owner to each benefit will foster a sense of accountability in terms of benefits realization and will also create a traceable path that helps track the success of the initiative.

    Complete the benefits section of the business case

    Tasks:

    1. Use the Short-Form Business Case Template included in this deck.
    2. Arrange a meeting with the key beneficiary or beneficiaries of your initiative. Refer back to the benefits and outcomes section of the initiative’s opportunity profile (if used) as a starting point.
    3. Clearly define what the key benefits of your initiative will be and list them in the Short-Form Business Case Template.
    4. Assign an owner to each benefit – the individual who will corroborate that the benefit has accrued.
    5. Come to a mutual agreement with the beneficiaries as to whether each benefit is:
      • Financial
      • Quantifiable
      • Measurable
      • Observable
    6. Discuss and list the methods that will be used to measure each benefit and list them in the Short-Form Business Case Template.

    Input

    • Key benefits of the initiative, how they will be measured, and who owns the benefits

    Output

    • Completed benefits section of the Short-Form Business Case Template

    Materials

    • Short-Form Business Case Template

    Participants

    • Opportunity owner
    • Key beneficiary

    Craft value proposition and vision statements

    The way one articulates the value an initiative provides is just as important as the initiative itself. Use the previous exercises as inputs to craft a statement that reflects the value your initiative will provide, but also describes how the initiative will create value. Specifically, a value proposition should answer the following questions:

    1. Who is the initiative for?
    2. What is the initiative?
    3. What does the initiative do?
    4. How is the initiative different from others?

    Complete value prop and vision statement sections of the business case

    Tasks:

    1. Having already completed the benefits section of the Short-Form Business Case Template, turn your attention to the value proposition section.
    2. Using your problem and initiative canvases, in addition to the benefits section, craft a value proposition statement that answers the following questions in one or two sentences:
      • Who is the initiative for?
      • What is the initiative?
      • What does the initiative do?
      • How is the initiative different?
    3. Input the value proposition statement into the value proposition section of the Short-Form Business Case Template.

    Input

    • Initiative canvas
    • Benefits section of the Short-Form Business Case Template

    Output

    • Completed value proposition section of the Short-Form Business Case Template

    Materials

    • Short-Form Business Case Template

    Participants

    • Opportunity owner
    • Opportunity group/team

    Identify initiative steps and add to business case

    Tasks:

    Turn your attention to the roadmap section of the Short-Form Business Case Template and fill it in through the following steps:

    1. Select which scope, resource, and/or time reduction tactics to apply given the context of the project.
    2. Use the test, run, gauge, and collect framework supplied, unless you elect to generate your own project phases. If that is the case, ensure that phases are mutually exclusive and completely exhaustive (MECE).
    3. For each phase, supply a brief description of the activities to be undertaken for that phase.
    4. Map the benefits to be accrued within each phase.
    5. For each phase, supply a set of two to three potential factors that create risk toward the benefits listed.
    6. For each risk, supply a mitigation tactic that could be employed to diffuse the risk or to mitigate it completely.

    Input

    • Project benefits
    • Scope, resource, and time reduction tactics

    Output

    • Roadmap section of the Short-Form Business Case Template

    Materials

    • Short-Form Business Case Template

    Participants

    • Opportunity owner

    Fill out the cost section of the business case

    Tasks:

    1. Having already completed the roadmap part of the Short-Form Business Case Template, turn your attention to the cost section.
    2. Use the scope, resource, and time reduction tactics and roadmap to estimate the cost necessary to execute the project. Remember that costs are a factor of the resources required and the cost type.
      • Resources:
        • Hardware
        • Software
        • Human
        • Network and communications
        • Facilities
      • Cost Types:
        • Acquisition
        • Operation
        • Growth and change
    3. Complete the cost section of the Short-Form Business Case Template with the cost estimate for the project.

    Input

    • Roadmap
    • Scope, resource, and time reduction tactics

    Output

    • Cost section of the Short-Form Business Case Template

    Materials

    • Short-Form Business Case Template

    Participants

    • Opportunity owner
    • Opportunity group/team

    Exemplar: Short-Form Business Case

    Short form business case template. Shows value proposition, initiative benefits and initiative roadmap.

    Step 3: Determine a Prioritized List of Initiatives

    Green-light opportunities for digital investment and create your list of high-priority digital initiatives.

    Step 3: Determine a prioritized list of initiatives.

    Step 3

    Determine a Prioritized List of Initiatives

    3.1

    Compile information

    Finalize your list of high priority initiatives.

    This list should also include the short-form business cases that you completed in the previous step. This compilation of initiative information will be used in the next phase of your digital journey and is critical for its successful completion.

    Consider:
    • Checking your work. Does it ring true? Does it create excitement? People will be working on these initiatives in the near future, so it’s ideal if they feel good about the outcomes.
    • Integrating with your IT strategy, if you have one. These digital initiatives will figure prominently in the fiscal quarters to come.
    Avoid:
    • Dramatic effect. While you want stakeholders and IT staff to be enthusiastic about the work ahead, don’t dress up the initiatives as something they’re not.

    3.2

    Communicate

    It’s time to communicate with stakeholders.

    By now you should have a relatively short yet potent list of digital business initiatives – plus a business case for each – that has been thoroughly vetted and prioritized. Stakeholders are eager to learn more about these initiatives, though the details that matter most may differ from stakeholder to stakeholder.

    Consider:
    • Socializing the business cases before formally presenting to stakeholders for approval.
    • You will want to first elicit feedback and make any recommended changes to messaging.
    • Tailoring your message depending on stakeholder type, their priorities and concerns, and so on.
    Avoid:
    • Sugar coating. Many, if not all, of these stakeholders have the authority to invalidate or disapprove any business case that fails to pass muster. Give it to them straight.

    Compile your prioritized initiatives

    There are two follow-up actions to do with your newly prioritized list of digital initiative business cases: present them to stakeholders for approval and then add them to your IT strategic roadmap.

    Compile prioritized initiatives. Present to stakeholders and then add them to your IT strategic roadmap.

    Present business cases to stakeholders

    For most high-profile digital business initiatives, the short-form business case will not be the first time stakeholders hear about them. By this point, securing approval should only be a formality if the initiative has been effectively socialized beforehand. If this is not the case, one must build an adequate understanding of the stakeholder landscape and then use this understanding to effectively present business cases for digital initiative and receive approval to proceed with them.

    Gauge the importance of various stakeholders and tailor your message according to their concerns and the requirements of their role. Consider the following important questions about each stakeholder:

    • Authority: How much influence does the stakeholder have? Enough to drive the initiative forward?
    • Involvement: How interested is the stakeholder? How involved is the stakeholder in the initiative already?
    • Impact: To what degree will the stakeholder be impacted? Will this significantly change how they do their job?
    • Support: Is the stakeholder a supporter of the initiative? Neutral? A resistor?

    Develop a stakeholder map

    A stakeholder map helps visualize the importance of various stakeholders and their concerns so you can prioritize your time according to those stakeholders who are most impacted by a digital initiative, as well as those who have the authority to green-light them.

    1. Evaluate each stakeholder in terms of authority, involvement, impact, and support, as discussed in the previous slide.
    2. Map each stakeholder to an area on the right template (slide four) based upon the level of their authority and involvement (high or low).
      • Vary the size of the circle to distinguish stakeholders that are highly impacted by the IT strategy from those who are not. Color each circle to show each stakeholder’s estimated or gauged level of support for the project.
    3. Ask yourself if the stakeholder map looks accurate. Is there someone who has no involvement in digital initiatives, but should?
      • A) For example, if a CFO who has the authority to disapprove project funding is heavily impacted and not involved, the success of the business cases will be put at risk.
    4. Draw a dotted circle to show where that stakeholder needs to be located (increased involvement and support), and an arrow with a dotted line to signify the needed change. Some stakeholders may have influence over others.
      • B) For example, a COO who highly values the opinion of the director of operations would be influenced by that director. Draw an arrow from one stakeholder to another to signify this relationship.

    Focus on key players: Relevant stakeholders who have high power are highly impacted and should have high involvement. Engage the stakeholders that are impacted most and have the authority to influence digital initiatives and approve business cases.

    Stakeholder map. Authority versus involvement of key players.

    Summary of key insights

    By now, you should have a firm understanding of the principles and desired actions, behaviors, and outcomes that have been presented in this methodology. Furthermore:

    1. Prioritization of digital opportunities can be a relatively straightforward task as long as the correct stakeholders are involved and use a common and agreed upon set of criteria.
    2. Developing a business case for a digital initiative in an agile manner need not be a grueling exercise provided that a vetted and repeatable process is used.
    3. Above all, remember that this is a journey. Going from an intangible (macro-trend, problem, or opportunity) to a tangible (actual project or initiative) does not happen all at once.

    Related Info-Tech Research

    Understand Industry Trends

    Assess how the external environment presents opportunities or threats to your organization.

    Build a Business-Aligned IT Strategy

    Align with the business by creating an IT strategy that documents the business context, key initiatives, and a strategic roadmap.

    Define Your Digital Business Strategy

    Design a strategy that applies innovation to your business model, streamlines and transforms processes, and makes use of technologies to enhance interactions with customers and employees.

    Research Contributors and Experts

    Ross Armstrong

    Ross Armstrong

    Principal Research Director, CIO Advisory
    Info-Tech Research Group

    Ross Armstrong is a Principal Research Director in the CIO Advisory practice at Info-Tech Research Group, covering the areas of IT strategic planning, digital strategy, digital transformation, and IT innovation.

    Ross has worked in a variety of public and private sector industries including automotive, IT, mobile/telecom, and higher education. All of his roles over the years have centered around data-driven market research – in pursuit of insightful and successful product development and product management – at their core.

    In addition to his long tenure as an Info-Tech Research Group analyst, Ross has worked in research and product innovation positions at Autodata initiatives (J.D. Power), BlackBerry, and Ivey Business School (Western University).

    Ross holds a Master of Arts degree in English Language and Literature from Western University (UWO) and has served as an advisory board member for a number of not-for-profit and educational institutions.

    Joanne Lee

    Joanne Lee

    Principal Research Director, CIO Advisory
    Info-Tech Research Group

    Joanne is an executive with over 25 years of experience providing leadership in digital technology and management consulting across both public and private entities from initiative delivery to organizational redesign across BC, Ontario, and Globally.

    A Director within KPMG’s CIO Advisory Management Consulting services and practice lead for Digital Health in BC, Joanne has led various client engagements from ERP Cloud Strategy, IT Operating Models, Data and Analytics maturity, to process redesign. More recently, Joanne was the Chief Program Officer and Executive Director responsible for leading the implementation of a $450M technology and business transformation initiative across 13 hospitals and community services for one of the largest health authorities in BC.

    A former clinician, Joanne has held progressive leadership roles in healthcare with accountabilities across IT operations and service management, data analytics, project management office (PMO), clinical informatics, and privacy and contract management. Joanne is passionate about connecting people, concepts, and capital.

    Bibliography

    “AI: From Data to ROI.” Cognizant, September 2020. Accessed November 2022.

    Bughin, Jacques, et al. “The Case for Digital Reinvention.” McKinsey Quarterly, February 2017. Accessed November 2022.

    “The Business Case for Digital Transformation.” CPA Canada, June 2021. Accessed November 2022.

    “The Case for Digital Transformation.” The National Center for the Middle Market, Ohio State University, 2020. Accessed October 2022.

    “Digital Transformation in Government Case Study.” Ionology, April 2020. Accessed October 2022.

    Louis, Peter, et al. “Internet of Things – From Buzzword to Business Case.” Siemens, 11 January 2021. Accessed December 2022.

    Miesen, Nick. “Case Studies of Digital Transformations in Process and Aerospace Industries.” Jugaad, 2018. Accessed November 2022.

    Proff, Harald, and Claudia Bittrich. “The Digital Business Case - Done Right!” Deloitte, August 2019. Accessed October 2022.

    “Propelling an Aerospace Innovator.” Accenture, 2021. Accessed October 2022.

    Schmidt-Subramanian, Maxie. “The ROI of CX Transformation.” Forrester, 15 August 2019. Accessed November 2022.

    Ward, John, et al. “Building Better Business Cases for IT Investments.” California Management Review, Sept. 2007. Web.

    Data Architecture

    • Buy Link or Shortcode: {j2store}17|cart{/j2store}
    • Related Products: {j2store}17|crosssells{/j2store}
    • member rating overall impact (scale of 10): 9.5/10
    • member rating average dollars saved: $30,159
    • member rating average days saved: 5
    • Parent Category Name: Data and Business Intelligence
    • Parent Category Link: /data-and-business-intelligence
    Enable the business to achieve operational excellence, client intimacy, and product leadership with an innovative, agile, and fit-for-purpose data architecture practice

    Application Development Throughput

    • Buy Link or Shortcode: {j2store}27|cart{/j2store}
    • Related Products: {j2store}27|crosssells{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Applications
    • Parent Category Link: /applications

    The challenge

    • As we work more and more using agile techniques, teams tend to optimize their areas of responsibility.
    • IT will still release lower-quality applications when there is a lack of clarity around the core SDLC processes.
    • Software development teams continue to struggle with budget and time constraints within their releases.
    • Typically each group claims to be optimized, yet the final deliverable falls short of the expected quality.

    Our advice

    Insight

    • Database administrators know this all too well: Optimizing can you perform worse. The software development lifecycle (SDLC) must be optimized holistically, not per area or team.
    • Separate how you work from your framework. You do not need "agile" or "extreme" or "agifall" or "safe" to optimize your SDLC.
    • SDLC optimization is a continuous effort. Start from your team's current capabilities and improve over time.

    Impact and results 

    • You can assume proper accountability for the implementation and avoid over-reliance on the systems integrator.
    • Leverage the collective knowledge and advice of additional IT professionals
    • Review the pitfalls and lessons learned from failed integrations.
    • Manage risk at every stage.
    • Perform a self-assessment at various stages of the integration path.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started.

    Read our executive brief to understand our approach to SDLC optimization and why we advocate a holistic approach for your company.

    Document your current state

    This phase helps you understand your business goals and priorities. You will document your current SDLC process and find where the challenges are.

    • Create a Horizontally Optimized SDLC to Better Meet Business Demands – Phase 1: Document the Current State of the SDLC (ppt)
    • SDLC Optimization Playbook (xls)

    Find out the root causes, define how to move forward, and set your target state

    • Create a Horizontally Optimized SDLC to Better Meet Business Demands – Phase 2: Define Root Causes, Determine Optimization Initiatives, and Define Target State (ppt)

    Develop the roll-out strategy for SDLC optimization

    Prioritize your initiatives and formalize them in a roll-out strategy and roadmap. Communicate your plan to all your stakeholders.

    • Create a Horizontally Optimized SDLC to Better Meet Business Demands – Phase 3: Develop a Rollout Strategy for SDLC Optimization (ppt)
    • SDLC Communication Template (ppt)

     

    Into the Metaverse

    • Buy Link or Shortcode: {j2store}95|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • Define the metaverse.
    • Understand where Meta and Microsoft are going and what their metaverse looks like today.
    • Learn about other solution providers implementing the enterprise metaverse.
    • Identify risks in deploying metaverse solutions and how to mitigate them.

    Our Advice

    Critical Insight

    • A metaverse experience must combine the three Ps: user presence is represented, the world is persistent, and data is portable.

    Impact and Result

    • Understand how Meta and Microsoft define the Metaverse and the coming challenges that enterprises will need to solve to harness this new digital capability.

    Into the Metaverse Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Into the Metaverse – A deck that examines how IT can prepare for the new digital world

    Push past the hype and understand what the metaverse really means for IT.

    • Into the Metaverse Storyboard

    Infographic

    Further reading

    Into the Metaverse

    How IT can prepare for the new digital world.

    Analyst Perspective

    The metaverse is still a vision of the future.

    Photo of Brian Jackson, Research Director, CIO, Info-Tech Research Group.

    On October 28, 2021, Mark Zuckerberg got up on stage and announced Facebook's rebranding to Meta and its intent to build out a new business line around the metaverse concept. Just a few days later, Microsoft's CEO Satya Nadella put forward his own idea of the metaverse at Microsoft Ignite. Seeing two of Silicon Valley's most influential companies pitch a vision of avatar-driven virtual reality collaboration sparked our collective curiosity. At the heart of it lies the question, "What is the metaverse, anyway?“

    If you strip back the narrative of the companies selling you the solutions, the metaverse can be viewed as technological convergence. Years of development on mixed reality, AI, immersive digital environments, and real-time communication are culminating in a totally new user experience. The metaverse makes the digital as real as the physical. At least, that's the vision.

    It will be years yet before the metaverse visions pitched to us from Silicon Valley stages are realized. In the meantime, understanding the individual technologies contributing to that vision can help CIOs realize business value today. Join me as we delve into the metaverse.

    Brian Jackson
    Research Director, CIO
    Info-Tech Research Group

    From pop culture to Silicon Valley

    Sci-fi visionaries are directly involved in creating the metaverse concept

    The term “metaverse” was coined by author Neal Stephenson in the 1992 novel “Snow Crash.” In the novel, main character Hiro Protagonist interacts with others in a digitally defined space. Twenty-five years after its release, the cult classic is influential among Silicon Valley's elite. Stephenson has played some key roles in Silicon Valley firms. He became the first employee at Blue Origin, the space venture founded by Jeff Bezos, in 2006, and later became chief futurist at augmented reality firm Magic Leap in 2014. Stephenson also popularized the Hindu concept "avatar" in his writing, paving the way for people to embody digitally rendered models to participate in the metaverse (Vanity Fair, 2017).

    Even earlier concepts of the metaverse were examined in the 1980s, with William Gibson’s “Neuromancer” exploring the same idea as cyberspace. Gibson's novel was influenced by his time in Seattle, where friend and Microsoft executive Eileen Gunn took him to hacker bars where he'd eavesdrop on "the poetics of the technological subculture" (Medium, 2022). Other visions of a virtual reality mecca were brought to life in the movies, including the 1982 Disney release “Tron,” the 1999 flick “The Matrix,” and 2018’s “Ready Player One.”

    There's a common set of traits among these sci-fi narratives that help us understand what Silicon Valley tech firms are now set to commercialize: users interact with one another in a digitally rendered virtual world, with a sense of presence provided through the use of a head-mounted display.

    Cover of the book Snow Crash by Neal Stephenson.

    Image courtesy nealstephenson.com

    Meta’s view of the metaverse

    CEO Mark Zuckerberg rebranded Facebook to make his intent clear

    Mark Zuckerberg is all in on the metaverse, announcing October 28, 2021, that Facebook would be rebranded to Meta. The new brand took effect on December 1, and Facebook began trading under the new stock ticker MVRS on certain exchanges. On February 15, 2022, Zuckerberg announced at a company meeting that his employees will be known as Metamates. The company's new values are to live in the future, build awesome things, and focus on long-term impact. Its motto is simply "Meta, Metamates, me" (“Out With the Facebookers. In With the Metamates,” The New York Times, 2022).

    Meta's Reality Labs division will be responsible for developing its metaverse product, using Meta Quest, its virtual reality head-mounted displays. Meta's early metaverse environment, Horizon Worlds, rolled out to Quest users in the US and Canada in early December 2021. This drove a growth in its monthly user base by ten times, to 300,000 people. The product includes Horizon Venues, tailored to attending live events in VR, but not Horizon Workrooms, a VR conferencing experience that remains invite-only. Horizon Worlds provides users tools to construct their own 3D digital environments and had been used to create 10,000 separate worlds by mid-February 2022 (“Meta’s Social VR Platform Horizon Hits 300,000 Users,“ The Verge, 2022).

    In the future, Meta plans to amplify the building tools in its metaverse platform with generative AI. For example, users can give speech commands to create scenes and objects in VR. Project CAIRaoke brings a voice assistant to an augmented reality headset that can help users complete tasks like cooking a stew. Zuckerberg also announced Meta is working on a universal speech translator across all languages (Reuters, 2022).

    Investment in the metaverse:
    $10 billion in 2021

    Key People:
    CEO Mark Zuckerberg
    CTO Andrew Bosworth
    Chief Product Officer Chris Cox

    (Source: “Meta Spent $10 Billion on the Metaverse in 2021, Dragging Down Profit,” The New York Times, 2022)

    Microsoft’s view of the metaverse

    CEO Satya Nadella showcased a mixed reality metaverse at Microsoft Ignite

    In March 2021 Microsoft announced Mesh, an application that allows organizations to build out a metaverse environment. Mesh is being integrated into other Microsoft hardware and software, including its head-mounted display, the HoloLens, a mixed reality device. The Mesh for HoloLens experience allows users to collaborate around digital content projected into the real world. In November, Microsoft announced a Mesh integration with Microsoft Teams. This integration brings users into an immersive experience in a fully virtual world. This VR environment makes use of AltspaceVR, a VR application Microsoft first released in May 2015 (Microsoft Innovation Stories, 2021).

    Last Fall, Microsoft also announced it is rebranding its Dynamics 365 Connected Store solution to Dynamics 365 Connected Spaces, signaling its expansion from retail to all spaces. The solution uses cognitive vision to create a digital twin of an organization’s physical space and generate analytics about people’s behavior (Microsoft Dynamics 365 Blog, 2021).

    In the future, Microsoft wants to make "holoportation" a part of its metaverse experience. Under development at Microsoft Research, the technology captures people and things in photorealistic 3D to be projected into mixed reality environments (Microsoft Research, 2022). It also has plans to offer developers AI-powered tools for avatars, session management, spatial rendering, and synchronization across multiple users. Open standards will allow Mesh to be accessed across a range of devices, from AR and VR headsets, smartphones, tablets, and PCs.

    Microsoft has been developing multi-user experiences in immersive 3D environments though its video game division for more than two decades. Its capabilities here will help advance its efforts to create metaverse environments for the enterprise.

    Investment in the metaverse:
    In January 2022, Microsoft agreed to acquire Activision Blizzard for $68.7 billion. In addition to acquiring several major gaming studios for its own gaming platforms, Microsoft said the acquisition will play a key role in the development of its metaverse.

    Key People:
    CEO Satya Nadella
    CEO of Microsoft Gaming Phil Spencer
    Microsoft Technical Research Fellow Alex Kipman

    Current state of metaverse applications from Meta and Microsoft

    Meta

    • Horizon Worlds (formerly Facebook Horizon). Requires an Oculus Rift S or Quest 2 headset to engage in an immersive 3D world complete with no-code building tools for users to construct their own environments. Users can either interact in the space designed by Meta or travel to other user-designed worlds through the plaza.
    • Horizon Workrooms (beta, invite only). An offshoot of Horizon Worlds but more tailored for business collaboration. Users can bring in their physical desks and keyboards and connect to PC screens from within the virtual setting. Integrates with Facebook’s Workplace solution.

    Microsoft

    • Dynamics 365 Connected Spaces (preview). Cognitive vision combined with surveillance cameras provide analytics on people's movement through a facility.
    • Mesh for Microsoft Teams (not released). Collaborate with your colleagues in a virtual reality space using personalized avatars. Use new 2D and 3D meeting experiences.
    • Mesh App for HoloLens (preview). Interact with colleagues virtually in a persistent digital environment that is overlaid on top of the real world.
    • AltspaceVR. A VR space accessible via headset or desktop computer that's been available since 2015. Interact through use of an avatar to participate in daily events

    Current providers of an “enterprise metaverse”

    Other providers designing mixed reality or digital twin tools may not have used the “metaverse” label but provide the same capabilities via platforms

    Logo for NVIDIA Omniverse. Logo for TeamViewer.
    NVIDIA Omniverse
    “The metaverse for engineers,” Omniverse is a developer toolset to allow organizations to build out their own unique metaverse visions.
    • Omniverse Nucleus is the platform database that allows clients to publish digital assets or subscribe to receive changes to them in real-time.
    • Omniverse Connectors are used to connect to Nucleus and publish or subscribe to individual assets and entire worlds.
    • NVIDIA’s core physics engine provides a scalable and physically accurate world simulation.
    TeamViewer’s Remote as a Service Platform
    Initially focusing on providing workers remote connectivity to work desktops, devices, and robotics, TeamViewer offers a range of software as a service products. Recent acquisitions to this platform see it connecting enterprise workflows to frontline workers using mixed reality headsets and adding more 3D visualization development tools to create digital twins. Clients include Coca-Cola and BMW.

    “The metaverse matters in the future. TeamViewer is already making the metaverse tangible in terms of the value that it brings.” (Dr. Hendrik Witt, Chief Product Officer, TeamViewer)

    The metaverse is a technological convergence

    The metaverse is a platform combining multiple technologies to enable social and economic activity in a digital world that is connected to the physical world.

    A Venn diagram with four circles intersecting and one circle unconnected on the side, 'Blockchain, Emerging'. The four circles, clock-wise from top, are 'Artificial Intelligence', 'Real-Time Communication', 'Immersive Digital Space', and 'Mixed Reality'. The two-circle crossover sections, clock-wise from top-right are AI + RTC: 'Smart Agent-Facilitated Communication', RTC + IDS: 'Avatar-Based Social Interaction', IDS + MR: 'Digital Immersive UX', and MR + AI: 'Perception AI'. There are only two three-circle crossover sections labelled, AI + RTC + MR: 'Generative Sensory Environments' and RTC + IDS + MR: 'Presence'. The main cross-section is 'METAVERSE'.

    Info-Tech Insight

    A metaverse experience must combine the three P’s: user presence is represented, the world is persistent, and data is portable.

    Mixed reality provides the user experience (UX) for the metaverse

    Both virtual and augmented reality will be part of the picture

    Mixed reality encompasses both virtual reality and augmented reality. Both involve allowing users to immerse themselves in digital content using a head-mounted device or with a smartphone for a less immersive effect. Virtual reality is a completely digital world that is constructed as separate from the physical world. VR headsets take up a user's entire field of vision and must also have a mechanism to allow the user to interact in their virtual environment. Augmented reality is a digital overlay mapped on top of the real world. These headsets are transparent, allowing the user to clearly see their real environment, and projects digital content on top of it. These headsets must have a way to map the surrounding environment in 3D in order to project digital content in the right place and at the right scale.

    Meta’s Plans

    Meta acquired virtual reality developer Oculus VR Inc. and its set of head-mounted displays in 2014. It continues to develop new hardware under the Oculus brand, most recently releasing the Oculus Quest 2. Oculus Quest hardware is required to access Meta's early metaverse platform, Horizon Worlds.

    Microsoft’s Plans

    Microsoft's HoloLens hardware is a mixed reality headset. Its visor that can project digital content into the main portion of the user's field of vision and speakers capable of spatial audio. The HoloLens has been deployed at enterprises around the world, particularly in scenarios where workers typically have their hands busy. For example, it can be used to view digital schematics of a machine while a worker is performing maintenance or to allow a remote expert to "see through the eyes" of a worker.

    Microsoft's Mesh metaverse platform, which allows for remote collaboration around digital content, was demonstrated on a HoloLens at Microsoft Ignite in November 2021. Mesh is also being integrated into AltspaceVR, an application that allows companies to hold meetings in VR with “enterprise-grade security features including secure sign-ins, session management and privacy compliance" (Microsoft Innovation Stories, 2021).

    Immersive digital environments provide context in the metaverse

    The interactive environment will be a mix of digital and physical worlds

    If you've played a video game in the past decade, you've experienced an immersive 3D environment, perhaps even in a multiplayer environment with many other users at the same time. The video game industry grew quickly during the pandemic, with users spending more time and money on video games. Massive multiplayer online games like Fortnite provide more than a gaming environment. Users socialize with their friends and attend concerts featuring famous performers. They also spend money on different appearances or gestures to express themselves in the environment. When they are not playing the game, they are often watching other players stream their experience in the game. In many ways, the consumer metaverse already exists on platforms like Fortnite. At the same time, gaming developers are improving the engines for these experiences and getting closer to approximating the real world both visually and in terms of physics.

    In the enterprise space, immersive 3D environments are also becoming more popular. Manufacturing firms are building digital twins to represent entire factories, modeling their real physical environments in digital space. For example, BMW’s “factory of the future” uses NVIDIA Omniverse to create a digital twin of its assembly system, simulated down to the detail of digital workers. BMW uses this simulation to plan reconfiguration of its factory to accommodate new car models and to train robots with synthetic data (“NVIDIA Omniverse,” NVIDIA, 2021).

    Meta’s Plans

    Horizon Workrooms is Meta's business-focused application of Horizon Worlds. It facilitates a VR workspace where colleagues can interact with others’ avatars, access their computer, use videoconferencing, and sketch out ideas on a whiteboard. With the Oculus Quest 2 headset, passthrough mode allows users to add their physical desk to the virtual environment (Oculus, 2022).

    Microsoft’s Plans

    AltspaceVR is Microsoft's early metaverse environment and it can be accessed with Oculus, HTC Vive, Windows Mixed Reality, or in desktop mode. Separately, Microsoft Studios has been developing digital 3D environments for its Xbox video game platform for yeas. In January 2022, Microsoft acquired games studio Activision Blizzard for $68.7 billion, saying the games studio would play a key role in the development of the metaverse.

    Real-time communications allow for synchronous collaboration

    Project your voice to a room full of avatars for a presentation or whisper in someone’s ear

    If the metaverse is going to be a good place to collaborate, then communication must feel as natural as it does in the real world. At the same time, it will need to have a few more controls at the users’ disposal so they can focus in on the conversation they choose. Audio will be a major part of the communication experience, augmented by expressive avatars and text.

    Mixed reality headsets come with integrated microphones and speakers to enable voice communications. Spatial audio will also be an important component of voice exchange in the metaverse. When you are in a videoconference conversation with 50 participants, every one of those people will sound as though they are sitting right next to you. In the metaverse, each person will sound louder or quieter based on how distant their avatar is from you. This will allow large groups of people to get together in one digital space and have multiple conversations happening simultaneously. In some situations, there will also be a need for groups to form a “party” as they navigate the metaverse, meaning they would stay linked through a live audio connection even if their avatars were not in the same digital space. Augmented reality headsets also allow remote users to “see through the eyes” of the person wearing the headset through a front-facing camera. This is useful for hands-on tasks where expert guidance is required.

    People will also need to communicate with people not in the metaverse. More conventional videoconference windows or chat boxes will be imported into these environments as 2D panels, allowing users to integrate them into the context of their digital space.

    Meta’s Plans

    Facebook Messenger is a text chat and video chat application that is already integrated into Facebook’s platform. Facebook also owns WhatsApp, a messaging platform that offers group chat and encrypted messaging.

    Microsoft’s Plans

    Microsoft Teams is Microsoft’s application that combines presence-based text chat and videoconferencing between individuals and groups. Dynamics 365 Remote Assist is its augmented reality application designed for HoloLens wearers or mobile device users to share their real-time view with experts.

    Generative AI will fill the metaverse with content at the command of the user

    No-code and low-code creation tools will be taken to the next level in the metaverse

    Metaverse platforms provide users with no-code and low-code options to build out their own environments. So far this looks like playing a game of Minecraft. Users in the digital environment use native tools to place geometric shapes and add textures. Other metaverse platforms allow users to design models or textures with tools outside the platform, often even programming behaviors for the objects, and then import them into the metaverse. These tools can be used effectively, but it can be a tedious way to create a customized digital space.

    Generative AI will address that by taking direction from users and quickly generating content to provide the desired metaverse setting. Generative AI can create content that’s meaningful based on natural inputs like language or visual information. For example, a user might give voice commands to a smart assistant and have a metaverse environment created or take photos of a real-world object from different angles to have its likeness digitally imported.

    Synthetic data will also play a role in the metaverse. Instead of relying only on people to create a lot of relevant data to train AI, metaverse platform providers will also use simulated data to provide context. NVIDIA’s Omniverse Replicator engine provides this capability and can be used to train self-driving cars and manipulator robots for a factory environment (NVIDIA Newsroom, 2021).

    Meta’s Plans

    Meta is planning to use generative AI to allow users to construct their VR environments. It will allow users to describe a world to a voice assistant and have it created for them. Users could also speak to each other in different languages with the aid of a universal translator. Separately, Project CAIRaoke combines cognitive vision with a voice assistant to help a user cook dinner. It keeps track of where the ingredients are in the kitchen and guides the user through the steps (Reuters, 2022).

    Microsoft’s Plans

    Microsoft Mesh includes AI resources to help create natural interactions through speech and vision learning models. HoloLens 2 already uses AI models to track users’ hands and eye movements as well as map content onto the physical world. This will be reinforced in the cloud through Microsoft Azure’s AI capabilities (Microsoft Innovation Stories, 2021).

    Blockchain will provide a way to manage digital identity and assets across metaverse platforms

    Users will want a way to own their metaverse identity and valued digital possessions

    Blockchain technology provides a decentralized digital ledger that immutably records transactions. A specific blockchain can either be permissioned, with one central party determining who gets access, or permissionless, in which anyone with the means can transact on the blockchain. The permissionless variety emerged in 2008 as the foundation of Bitcoin. It's been a disruptive force in the financial industry, with Bitcoin inspiring a long list of offshoot cryptocurrencies, and now even central banks are examining moving to a digital currency standard.

    In the past couple of years, blockchain has spurred a new economy around digital assets. Smart contracts can be used to create a token on a blockchain and bind it to a specific digital asset. These assets are called non-fungible tokens (NFTs). Owners of NFTs can prove their chain of ownership and sell their tokens to others on a variety of marketplaces.

    Blockchain could be useful in the metaverse to track digital identity, manage digital assets, and enable data portability. Users could register their own avatars as NFTs to prove they are the real person behind their digital representation. They may also want a way to verify they own a virtual plot of land or demonstrate the scarcity of the digital clothing they are wearing in the metaverse. If users want to leave a certain metaverse platform, they could export their avatar and digital assets to a digital wallet and transfer them to another platform that supports the same standards.

    In the past, centralized platforms that create economies in a virtual world were able to create digital currencies and sell specific assets to users without the need for blockchain. Second Life is a good example, with Linden Labs providing a virtual token called Linden Dollars that users can exchange to buy goods and services from each other within the virtual world. Second Life processes 345 million transactions a year for virtual goods and reports a GDP of $650 million, which would put it ahead of some countries (VentureBeat, 2022). However, the value is trapped within Second Life and can't be exported elsewhere.

    Meta’s Plans

    Meta ended its Diem project in early 2022, winding down its plan to offer a digital currency pegged to US dollars. Assets were sold to Silvergate Bank for $182 million. On February 24, blockchain developer Atmos announced it wanted to bring the project back to life. Composed of many of the original developers that created Diem while it was still a Facebook project, the firm plans to raise funds based on the pitch that the new iteration will be "Libra without Facebook“ (CoinDesk, 2022).

    Microsoft’s Plans

    Microsoft expanded its team of blockchain developers after its lead executive in this area stated the firm is closely watching cryptocurrencies and NFTs. Blockchain Director York Rhodes tweeted on November 8, 2021, that he was expanding his team and was interested to connect with candidates "obsessed with Turing complete, scarce programmable objects that you can own & transfer & link to the real world through a social contract.”

    The enterprise metaverse holds implications for IT across several functional areas

    Improve maturity in these four areas first

    • Infrastructure & Operations
      • Lay the foundation
    • Security & Risk
      • Mitigate the risks
    • Apps
      • Deploy the precursors
    • Data & BI
      • Prepare to integrate
    Info-Tech and COBIT5's IT Management & Governance Framework with processes arranged like a periodic table. Highlighted process groups are 'Infrastructure & Operations', 'Security & Risk', 'Apps', and 'Data & BI'.

    Infrastructure & Operations

    Make space for the metaverse

    Risks

    • Network congestion: Connecting more devices that will be delivering highly graphical content will put new pressures on networks. Access points will have more connections to maintain and transit pathways more bandwidth to accommodate.
    • Device fragmentation: Currently many different vendors are selling augmented reality headsets used in the enterprise, including Google, Epson, Vuzix, and RealWear. More may enter soon, creating various types of endpoints that have different capabilities and different points of failure.
    • New workflows: Enterprises will only be able to benefit from deploying mixed reality devices if they're able to make them very useful to workers. Serving up relevant information in the context of a hands-free interface will become a new competency for enterprises to master.

    Mitigations

    • Dedicated network: Some companies are avoiding the congestion issue by creating a separate network for IoT devices on different infrastructure. For example, they might complement the Wi-Fi network with a wireless network on 5G or LoRaWAN standards.
    • Partner with systems integrators: Solutions vendors bringing metaverse solutions to the enterprise are already working with systems integrator partners to overcome integration barriers. These vendors are solving the problems of delivering enterprise content to a variety of new mixed reality touchpoints and determining just the right information to expose to users, at the right time.

    Security & Risk

    Mitigate metaverse risks before they take root

    Risks

    • Broader attack surface: Adding new mixed reality devices to the enterprise network will create more potential points of ingress for a cyberattack. Previous enterprise experiences with IoT in the enterprise have seen them exploited as weak points and used to create botnets or further infiltrate company networks.
    • More data in transit: Enterprise data will be flowing between these new devices and sometimes outside the company firewall to remote connections. Data from industrial IoT could also be integrated into these solutions and exposed.
    • New fraud opportunities: When Web 1.0 was first rolling out, not every company was able to secure the rights to the URL address matching its brand. Those not quick enough on the draw saw "domain squatters" use their brand equity to negotiate for a big pay day or, worse yet, to commit fraud. With blockchain opening up similar new digital real estate in Web3, the same risk arises.

    Mitigations

    • Mobile device management (MDM): New mixed reality headsets can be secured using existing MDM solutions on the market.
    • Encryption: Encrypting data end to end as it flows between IoT devices ensures that even if it does leak, it's not likely to be useful to a hacker.
    • Stake your claim: Claiming your brand's name in new Web3 domains may seems tedious, but it is likely to be cheap and might save you a headache down the line.

    Apps

    Deploy to your existing touchpoints

    Risks

    • Learning curves: Using new metaverse applications to complete tasks and collaborate with colleagues won’t be a natural progression for everyone. New headsets, gesture-based controls, and learning how to navigate the metaverse will present hurdles for users to overcome before they can be productive.
    • Is there a dress code in the metaverse? Avatars in the metaverse won’t necessarily look like the people behind the controls. What new norms will be needed to ensure avatars are appropriate for a work setting?
    • Fragmentation: Metaverse experiences are already creating islands. Users of Horizon Worlds can’t connect with colleagues using AltspaceVR. Similar to the challenges around different videoconferencing software, users could find they are divided by applications.

    Mitigations

    • Introduce concepts over time: Ask users to experiment with meeting in a VR context in a small group before expanding to a companywide conference event. Or have them use a headset for a simple video chat before they use it to complete a task in the field.
    • Administrative controls: Ensure that employees have some boundaries when designing their avatars, enforced either through controls placed on the software or through policies from HR.
    • Explore but don’t commit: It’s early days for these metaverse applications. Explore opportunities that become available through free trials and new releases to existing software suites but maintain flexibility to pivot should the need arise.

    Data & BI

    Deploy to your existing touchpoints

    Risks

    • Interoperability: There is no established standard for digital objects or behaviors in the metaverse. Meta and Microsoft say they are committed to open standards that will ensure portability of data across platforms, but how that will be executed isn’t clear yet.
    • Privacy: Sending data to another platform carries risks that it will be exfiltrated and stored elsewhere, presenting some challenges for companies that need to be compliant with legislation such as GDPR.
    • High-fidelity models: 3D models with photorealistic textures will come with high CPU requirements to render properly. Some head-mounted displays will run into limitations.

    Mitigations

    • Adopt standard interfaces: Using open APIs will be the most common path to integrating enterprise systems to metaverse applications.
    • Maintain compliance: The current approach enterprises take to creating data lakes and presenting them to platforms will extend to the metaverse. Building good controls and anonymizing data that resides in these locations will enable firms to interact in new platforms and remain compliant.
    • Right-sized rendering: Providing enough data to a device to make it useful without overburdening the CPU will be an important consideration. For example, TeamViewer uses polygon reduction to display 3D models on lower-powered head-mounted displays.

    More Info-Tech research to explore

    CIO Priorities 2022
    Priorities to compete in the digital economy.

    Microsoft Teams Cookbook
    Recipes for best practices and use cases for Microsoft Teams.

    Run Better Meetings
    Hybrid, virtual, or in person – set meeting best practices that support your desired meeting norms.

    Double Your Organization’s Effectiveness With a Digital Twin
    Digital twin: A living, breathing reflection.

    Contributing experts

    Photo of Dr. Hendrik Witt, Chief Product Officer, TeamViewer

    Dr. Hendrik Witt
    Chief Product Officer,
    TeamViewer

    Photo of Kevin Tucker, Principal Research Director, Industry Practice, INFO-TECH RESEARCH GROUP

    Kevin Tucker
    Principal Research Director, Industry Practice,
    INFO-TECH RESEARCH GROUP

    Bibliography

    Cannavò, Alberto, and F. Lamberti. “How Blockchain, Virtual Reality and Augmented Reality Are Converging, and Why.” IEEE Consumer Electronics Magazine, vol. 10, no. 5, Sept. 2020, pp. 6-13. IEEE Xplore. Web.

    Culliford, Elizabeth. “Meta’s Zuckerberg Unveils AI Projects Aimed at Building Metaverse Future.” Reuters, 24 Feb. 2022. Web.

    Davies, Nahla. “Cybersecurity and the Metaverse: Pioneering Safely into a New Digital World.” GlobalSign Blog, 10 Dec. 2021. GlobalSign by GMO. Web.

    Doctorow, Cory. “Neuromancer Today.” Medium, 10 Feb. 2022. Web.

    Heath, Alex. “Meta’s Social VR Platform Horizon Hits 300,000 Users.” The Verge, 17 Feb. 2022. Web.

    “Holoportation™.” Microsoft Research, 22 Feb. 2022. Microsoft. Accessed 3 March 2022.

    Isaac, Mike. “Meta Spent $10 Billion on the Metaverse in 2021, Dragging down Profit.” The New York Times, 2 Feb. 2022. Web.

    Isaac, Mike, and Sheera Frenkel. “Out With the Facebookers. In With the Metamates.” The New York Times, 15 Feb. 2022. Web.

    Langston, Jennifer. “‘You Can Actually Feel like You’re in the Same Place’: Microsoft Mesh Powers Shared Experiences in Mixed Reality.” Microsoft Innovation Stories, 2 Mar. 2021. Microsoft. Web.

    “Maple Leaf Sports & Entertainment and AWS Team Up to Transform Experiences for Canadian Sports Fans.” Amazon Press Center, 23 Feb. 2022. Amazon.com. Accessed 24 Feb. 2022. Web.

    Marquez, Reynaldo. “How Microsoft Will Move To The Web 3.0, Blockchain Division To Expand.” Bitcoinist.com, 8 Nov. 2021. Web.

    Metinko, Chris. “Securing The Metaverse—What’s Needed For The Next Chapter Of The Internet.” Crunchbase News, 6 Dec. 2021. Web.

    Metz, Rachel Metz. “Why You Can’t Have Legs in Virtual Reality (Yet).” CNN, 15 Feb. 2022. Accessed 16 Feb. 2022.

    “Microsoft to Acquire Activision Blizzard to Bring the Joy and Community of Gaming to Everyone, across Every Device.” Microsoft News Center, 18 Jan. 2022. Microsoft. Web.

    Nath, Ojasvi. “Big Tech Is Betting Big on Metaverse: Should Enterprises Follow Suit?” Toolbox, 15 Feb. 2022. Accessed 24 Feb. 2022.

    “NVIDIA Announces Omniverse Replicator Synthetic-Data-Generation Engine for Training AIs.” NVIDIA Newsroom, 9 Nov. 2021. NVIDIA. Accessed 9 Mar. 2022.

    “NVIDIA Omniverse - Designing, Optimizing and Operating the Factory of the Future. 2021. YouTube, uploaded by NVIDIA, 13 April 2021. Web.

    Peters, Jay. “Disney Has Appointed a Leader for Its Metaverse Strategy.” The Verge, 15 Feb. 2022. Web.

    Robinson, Joanna. The Sci-Fi Guru Who Predicted Google Earth Explains Silicon Valley’s Latest Obsession.” Vanity Fair, 23 June 2017. Accessed 13 Feb. 2022.

    Scoble, Robert. “New Startup Mixes Reality with Computer Vision and Sets the Stage for an Entire Industry.” Scobleizer, 17 Feb. 2022. Web.

    Seward, Zack. “Ex-Meta Coders Raising $200M to Bring Diem Blockchain to Life: Sources.” CoinDesk, 24 Feb. 2022. Web.

    Shrestha, Rakesh, et al. “A New Type of Blockchain for Secure Message Exchange in VANET.” Digital Communications and Networks, vol. 6, no. 2, May 2020, pp. 177-186. ScienceDirect. Web.

    Sood, Vishal. “Gain a New Perspective with Dynamics 365 Connected Spaces.” Microsoft Dynamics 365 Blog, 2 Nov. 2021. Microsoft. Web.

    Takahashi, Dean. “Philip Rosedale’s High Fidelity Cuts Deal with Second Life Maker Linden Lab.” VentureBeat, 13 Jan. 2022 Web.

    “TeamViewer Capital Markets Day 2021.” TeamViewer, 10 Nov. 2021. Accessed 22 Feb. 2022.

    VR for Work. Oculus.com. Accessed 1 Mar. 2022.

    Wunderman Thompson Intelligence. “New Trend Report: Into the Metaverse.” Wunderman Thompson, 14 Sept. 2021. Accessed 16 Feb. 2022.

    Configuration management

    • Buy Link or Shortcode: {j2store}4|cart{/j2store}
    • Related Products: {j2store}4|crosssells{/j2store}
    • Up-Sell: {j2store}4|upsells{/j2store}
    • Download01-Title: Harness the power of Configuration Management Executive Brief
    • Download-01: Visit Link
    • member rating overall impact (scale of 10): 8.0/10
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Infra and Operations
    • Parent Category Link: /infra-and-operations
    Configuration management is all about being able to manage your assets within the support processes. That means to record what you need. Not less than that, and not more either.

    Asset Management, Configuration Management, Lifecycle Management

    Quality Management

    • Buy Link or Shortcode: {j2store}45|cart{/j2store}
    • Related Products: {j2store}45|crosssells{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Service Planning and Architecture
    • Parent Category Link: /service-planning-and-architecture
    Drive efficiency and agility with right-sized quality management

    Harness Configuration Management Superpowers

    • Buy Link or Shortcode: {j2store}303|cart{/j2store}
    • member rating overall impact (scale of 10): 8.5/10 Overall Impact
    • member rating average dollars saved: $12,999 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Asset Management
    • Parent Category Link: /asset-management
    • Configuration management databases (CMDB) are a lot of work to build and maintain. Starting down this process without the right tools, processes, and buy-in is a lot of work with very little reward.
    • If you decide to just build it and expect they will come, you may find it difficult to articulate the value, and you will be disappointed by the lack of visitors.
    • Relying on manual entry or automated data collection without governance may result in data you can’t trust, and if no one trusts the data, they won’t use it.

    Our Advice

    Critical Insight

    • The right mindset is just as important as the right tools. By involving everyone early, you can ensure the right data is captured and validated and you can make maintenance part of the culture. This is critical to reaching early and continual value with a CMDB.

    Impact and Result

    • Define your use cases: Identify the use cases and prioritize those objectives into phases. Define what information will be needed to meet the use cases and how that information will be populated.
    • Understand and design the CMDB data model: Define services and undiscoverable configuration items (CI) and map them to the discoverable CIs.
    • Operationalize configuration record updates: Define data stewards and governance processes and integrate your configuration management practice with existing practices and lifecycles.

    Harness Configuration Management Superpowers Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Harness Configuration Management Superpowers Deck – A step-by-step document that walks you through creating a configuration management program.

    Use this blueprint to create a configuration management program that provides immediate value.

    • Harness Configuration Management Superpowers – Phases 1-4

    2. Configuration Management Project Charter Template – A project charter template to help you build a concise document for communicating appropriate project details to stakeholders.

    Use this template to create a project charter to launch the configuration management project.

    • Configuration Management Project Charter

    3. Configuration Control Board Charter Template – A board charter template to help you define the roles and responsibilities of the configuration control board.

    Use this template to create your board charter for your configuration control board (CCB). Define roles and responsibilities and mandates for the CCB.

    • Configuration Control Board Charter

    4. Configuration Management Standard Operating Procedures (SOP) Template – An SOP template to describe processes and procedures for ongoing maintenance of the CMDB under the configuration management program.

    Use this template to create and communicate your SOP to ensure ongoing maintenance of the CMDB under the configuration management program.

    • Configuration Management Standard Operation Procedures

    5. Configuration Management Audit and Validation Checklist Template – A template to be used as a starting point to meet audit requirements under NIST and ITIL programs.

    Use this template to assess capability to pass audits, adding to the template as needed to meet internal auditors’ requirements.

    • Configuration Management Audit and Validation Checklist

    6. Configuration Management Policy Template – A template to be used for building out a policy for governance over the configuration management program.

    Use this template to build a policy for your configuration management program.

    • Configuration Management Policy

    7. Use Cases and Data Worksheet – A template to be used for validating data requirements as you work through use cases.

    Use this template to determine data requirements to meet use cases.

    • Use Cases and Data Worksheet

    8. Configuration Management Diagram Template Library – Examples of process workflows and data modeling.

    Use this library to view sample workflows and a data model for the configuration management program.

    • Configuration Management Diagram Template Library (Visio)
    • Configuration Management Diagram Template Library (PDF)

    9. Configuration Manager Job Description – Roles and responsibilities for the job of Configuration Manager.

    Use this template as a starting point to create a job posting, identifying daily activities, responsibilities, and required skills as you create or expand your configuration management program.

    • Configuration Manager

    Infographic

    Workshop: Harness Configuration Management Superpowers

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Configuration Management Strategy

    The Purpose

    Define the scope of your service configuration management project.

    Design the program to meet specific stakeholders needs

    Identify project and operational roles and responsibilities.

    Key Benefits Achieved

    Designed a sustainable approach to building a CMDB.

    Activities

    1.1 Introduction

    1.2 Define challenges and goals.

    1.3 Define and prioritize use cases.

    1.4 Identify data needs to meet these goals.

    1.5 Define roles and responsibilities.

    Outputs

    Data and reporting use cases based on stakeholder requirements

    Roles and responsibility matrix

    2 CMDB Data Structure

    The Purpose

    Build a data model around the desired use cases.

    Identify the data sources for populating the CMDB.

    Key Benefits Achieved

    Identified which CIs and relationships will be captured in the CMDB.

    Activities

    2.1 Define and prioritize your services.

    2.2 Evaluate CMDB default classifications.

    2.3 Test configuration items against existing categories.

    2.4 Build a data model diagram.

    Outputs

    List of CI types and relationships to be added to default settings

    CMDB data model diagram

    3 Processes

    The Purpose

    Key Benefits Achieved

    Built a right-sized approach to configuration record updates and data validation.

    Activities

    3.1 Define processes for onboarding, offboarding, and maintaining data in the CMDB.

    3.2 Define practices for configuration baselines.

    3.3 Build a data validation and auditing plan.

    Outputs

    Documented processes and workflows

    Data validation and auditing plan

    4 Communications & Roadmap

    The Purpose

    Key Benefits Achieved

    Metrics program defined

    Communications designed

    Activities

    4.1 Define key metrics for configuration management.

    4.2 Define metrics for supporting services.

    4.3 Build configuration management policies.

    4.4 Create a communications plan.

    4.5 Build a roadmap

    Outputs

    Policy for configuration management

    Communications documents

    Roadmap for next steps

    Further reading

    Harness Configuration Management Superpowers

    Create a configuration management practice that will provide ongoing value to the organization.

    EXECUTIVE BRIEF

    Analyst Perspective

    A robust configuration management database (CMDB) can provide value to the business and superpowers to IT. It's time to invest smartly to reap the rewards.

    IT environments are becoming more and more complex, and balancing demands for stability and demands for faster change requires visibility to make the right decisions. IT needs to know their environment intimately. They need to understand dependencies and integrations and feel confident they are making decisions with the most current and accurate view.

    Solutions for managing operations rely on the CMDB to bring visibility to issues, calculate impact, and use predictive analytics to fix performance issues before they become major incidents. AIOps solutions need accurate data, but they can also help identify configuration drift and flag changes or anomalies that need investigation.

    The days of relying entirely on manual entry and updates are all but gone, as the functionality of a robust configuration management system requires daily updates to provide value. We used to rely on that one hero to make sure information was up to date, but with the volume of changes we see in most environments today, it's time to improve the process and provide superpowers to the entire IT department.

    This is a picture of Sandi Conrad

    Sandi Conrad, ITIL Managing Professional
    Principal Research Director, IT Infrastructure & Operations, Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Build a configuration management database (CMDB): You need to implement a CMDB, populate it with records and relationships, and integrate it with discovery and management tools.
    • Identify the benefits of a CMDB: Too many CMDB projects fail because IT tries to collect everything. Base your data model on the desired use cases.
    • Define roles and responsibilities: Keeping data accurate and updated is difficult. Identify who will be responsible for helping

    Common Obstacles

    • Significant process maturity is required: Service configuration management (SCM) requires high maturity in change management, IT asset management, and service catalog practices.
    • Large investment: Building a CMDB takes a large amount of effort, process, and expertise.
    • Tough business case: Configuration management doesn't directly provide value to the business, but it requires a lot of investment from IT.

    Info-Tech's Approach

    • Define your scope and objectives: Identify the use cases for SCM and prioritize those objectives into phases.
    • Design the CMDB data model: Align with your existing configuration management system's data model.
    • Operationalize configuration record updates: Integrate your SCM practice with existing practices and lifecycles.

    Start small

    Scope creep is a serial killer of configuration management databases and service configuration management practices.

    Insight summary

    Many vendors are taking a CMDB-first approach to enable IT operations or sometimes asset management. It's important to ensure processes are in place immediately to ensure the data doesn't go stale as additional modules and features are activated.

    Define processes early to ensure success

    The right mindset is just as important as the right tools. By involving everyone early, you can ensure the right data is captured and validated and you can make maintenance part of the culture. This is critical to reaching early and continual value with a CMDB.

    Identify use cases

    The initial use case will be the driving force behind the first assessment of return on investment (ROI). If ROI can be realized early, momentum will increase, and the team can build on the initial successes.

    If you don't see value in the first year, momentum diminishes and it's possible the project will never see value.

    Keep the initial scope small and focused

    Discovery can collect a lot of data quickly, and it's possible to be completely overwhelmed early in the process.

    Build expertise and troubleshoot issues with a smaller scope, then build out the process.

    Minimize customizations

    Most CMDBs have classes and attributes defined as defaults. Use of the defaults will enable easier implementation and faster time to value, especially where automations and integrations depend on standard terms for field mapping.

    Automate as much as possible

    In large, complex environments, the data can quickly become unmanageable. Use automation as much as possible for discovery, dependency mapping, validation, and alerts. Minimize the amount of manual work but ensure everyone is aware of where and how these manual updates need to happen to see continual value.

    Info-Tech's Harness Configuration Management Superpowers.

    Configuration management will improve functionality of all surrounding processes

    A well-functioning CMDB empowers almost all other IT management and governance practices.

    Service configuration management is about:

    • Building a system of record about IT services and the components that support those services.
    • Continuously reconciling and validating information to ensure data accuracy.
    • Ensuring the data lifecycle is defined and well understood and can pass data and process audits.
    • Accessing information in a variety of ways to effectively serve IT and the business.
    An image of Info-Tech's CMDB Configuration Management tree, breaking down aspects into the following six categories: Strategic Partner; Service Provider; Proactive; Stabilize; Core; and Foundational.

    Configuration management most closely impacts these practices

    Info-Tech Research Group sees a clear relationship.

    When an IT department reports they are highly effective at configuration management, they are much more likely to report they are highly effective at these management and governance processes:

    The following management and governance processes are listed: Quality Management; Asset Management; Performance Measurement; Knowledge Management; Release Management; Incident and Problem Management; Service Management; Change Management.

    The data is clear

    Service configuration management is about more than just doing change management more effectively.

    Source: Info-Tech Research Group, IT Management and Governance Diagnostic; N=684 organizations, 2019 to July 2022.

    Make the case to use configuration management to improve IT operations

    Consider the impact of access to data for informing innovations, optimization efforts, and risk assessments.

    75% of Uptime's 2021 survey respondents who had an outage in the past three years said the outage would have been prevented if they'd had better management or processes.(1)

    75%

    75% of Uptime's 2021 survey respondents who had an outage in the past three years said the outage would have been prevented if they'd had better management or processes.(1)

    42%

    of publicly reported outages were due to software or configuration issues. (1)

    58%

    of networking-related IT outages were due to configuration and change management failure.(1)

    It doesn't have to be that way!

    Enterprise-grade IT service management (ITSM) tools require a CMDB for the different modules to work together and to enable IT operations management (ITOM), providing greater visibility.

    Decisions about changes can be made with accurate data, not guesses.

    The CMDB can give the service desk fast access to helpful information about the impacted components, including a history of similar incidents and resolutions and the relationship between the impacted components and other systems and components.

    Turn your team into IT superheroes.

    CMDB data makes it easier for IT Ops groups to:

    • Avoid change collisions.
    • Eliminate poor changes due to lack of visibility into complex systems.
    • Identify problematic equipment.
    • Troubleshoot incidents.
    • Expand the services provided by tier 1 and through automation.

    Benefits of configuration management

    For IT

    • Configuration management will supercharge processes that have relied on inherent knowledge of the IT environment to make decisions.
    • IT will more quickly analyze and understand issues and will be positioned to improve and automate issue identification and resolution.
    • Increase confidence and reduce risks for decisions involving release and change management with access to accurate data, regardless of the complexity of the environment.
    • Reduce or eliminate unplanned work related to poor outcomes due to decisions made with incorrect or incomplete data.

    For the Business

    • Improve strategic planning for business initiatives involving IT solutions, which may include integrations, development, or security concerns.
    • More quickly deploy new solutions or updates due to visibility into complex environments.
    • Enable business outcomes with reliable and stable IT systems.
    • Reduce disruptions caused by planning without accurate data and improve resolution times for service interruptions.
    • Improve access to reporting for budgeting, showbacks, and chargebacks as well as performance metrics.

    Measure the value of this blueprint

    Fast-track your planning and increase the success of a configuration management program with this blueprint

    Workshop feedback
    8.1/10

    $174,000 savings

    30 average days saved

    Guided Implementation feedback

    8.7/10

    $31,496 average savings

    41 average days saved

    "The workshop was well run, with good facilitation, and gained participation from even the most difficult parts of the audience. The best part of the experience was that if I were to find myself in the same position in the future, I would repeat the workshop."

    – University of Exeter

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3 Phase 4

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2: Prioritize services and use cases.

    Call #3: Identify data needed to meet goals.

    Call #4: Define roles and responsibilities.

    Call #5: Define and prioritize your services.

    Call #6: Evaluate and test CMDB default classifications.

    Call #7: Build a data model diagram.

    Call #8: Define processes for onboarding, offboarding, and maintaining data.

    Call #9: Discuss configuration baselines.

    Call #10: Build a data validation and audit plan.

    Call #11: Define key metrics.

    Call #12: Build a configuration management policy and communications plan.

    Call #13: Build a roadmap.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 4 to 9 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4

    Configuration Management Strategy

    CMDB Data Structure

    Process Design

    Communications & Roadmap

    Activities
    • Introduction
    • Define challenges and goals.
    • Define and prioritize use cases.
    • Identify data needed to meet goals.
    • Define roles and responsibilities.
    • Define and prioritize your services.
    • Evaluate CMDB default classifications.
    • Test configuration items against existing categories.
    • Build a data model diagram.
    • Define processes for onboarding, offboarding, and maintaining data in the CMDB.
    • Define practices for configuration baselines.
    • Build a data validation and auditing plan.
    • Define key metrics for configuration management.
    • Define metrics for supporting services.
    • Build configuration management policies.
    • Create a communications plan.
    • Build a roadmap.

    Deliverables

    • Roles and responsibility matrix
    • Data and reporting use cases based on stakeholder requirements
    • List of CI types and relationships to be added to default settings
    • CMDB data model diagram
    • Documented processes and workflows
    • Data validation and auditing plan
    • Policy for configuration management
    • Roadmap for next steps
    • Communications documents

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Configuration Management Project Charter

    Detail your approach to building an SCM practice and a CMDB.

    Screenshot from the Configuration Management Project Charter

    Use Cases and Data Worksheet

    Capture the action items related to your SCM implementation project.

    Screenshot from the Use Cases and Data Worksheet

    Configuration Manager Job Description

    Use our template for a job posting or internal job description.

    Screenshot from the Configuration Manager Job Description

    Configuration Management Diagram Template Library

    Use these diagrams to simplify building your SOP.

    Screenshot from the Configuration Management Diagram Template Library

    Configuration Management Policy

    Set expectations for configuration control.

    screenshot from the Configuration Management Policy

    Configuration Management Audit and Validation Checklist

    Use this framework to validate controls.

    Screenshot from the Configuration Management Audit and Validation Checklist

    Configuration Control Board Charter

    Define the board's responsibilities and meeting protocols.

    Screenshot from the Configuration Management Audit and Validation Checklist

    Key deliverable:

    Configuration Management Standard Operating Procedures Template

    Outlines SCM roles and responsibilities, the CMDB data model, when records are expected to change, and configuration baselines.

    Four Screenshots from the Configuration Management Standard Operating Procedures Template

    Phase 1

    Configuration Management Strategy

    Strategy Data Structure Processes Roadmap
    • Challenges and Goals
    • Use Cases and Data
    • Roles and Responsibilities
    • Services
    • Classifications
    • Data Modeling
    • Lifecycle Processes
    • Baselines
    • Audit and Data Validation
    • Metrics
    • Communications Plan
    • Roadmap

    This phase will walk you through the following aspects of a configuration management system:

    • Scope
    • Use Cases
    • Reports and Analytics

    This phase involves the following participants:

    • IT and business service owners
    • Business/customer relationship managers
    • Enterprise architects
    • Practice owners and managers
    • SCM practice manager
    • SCM project manager
    • SCM project sponsor

    Harness Service Configuration Management Superpowers

    Establish clear definitions

    Ensure everyone is using the same terms.

    Term Definition
    Configuration Management

    The purpose of configuration management is to:

    • "Ensure that accurate and reliable information about the configuration of services, and the CIs that support them, is available when and where it is needed. This includes information on how CIs are configured and the relationships between them" (AXELOS).
    • "Provide sufficient information about service assets to enable the service to be effectively managed. Assess the impact of changes and deal with service incidents" (ISACA, 2018).
    Configuration Management System (CMS) A set of tools and databases used to manage, update, and present data about all configuration items and their relationships. A CMS may maintain multiple federated CMDBs and can include one or many discovery and dependency mapping tools.
    Configuration Management Database (CMDB) A repository of configuration records. It can be as simple as a spreadsheet or as complex as an integrated database populated through multiple autodiscovery tools.
    Configuration Record Detailed information about a configuration item.
    Configuration Item (CI)

    "Any component that needs to be managed in order to deliver an IT service" (AXELOS).

    These components can include everything from IT services and software to user devices, IT infrastructure components, and documents (e.g. maintenance agreements).
    Attributes Characteristics of a CI included in the configuration record. Common attributes include name, version, license expiry date, location, supplier, SLA, and owner.
    Relationships Information about the way CIs are linked. A CI can be part of another CI, connect to another CI, or use another CI. A CMDB is significantly more valuable when relationships are recorded. This information allows CMDB users to identify dependencies between components when investigating incidents, performing root-cause analysis, assessing the impact of changes before deployment, and much more.

    What is a configuration management database (CMDB)?

    The CMDB is a system of record of your services and includes a record for everything you need to track to effectively manage your IT services.

    Anything that is tracked in your CMDB is called a configuration item (CI). Examples of CIs include:

    • User-Facing Services
    • IT-Facing Services
    • Business Capabilities
    • Relationships
    • IT Infrastructure Components
    • Enterprise Software
    • End-User Devices
    • Documents

    Other systems of record can refer to CIs, such as:

    • Ticket database: Tickets can refer to which CI is impacted by an incident or provided as part of a service request.
    • Asset management database (AMDB): An IT asset is often also a CI. By associating asset records with CI records, you can leverage your IT asset data in your reporting.
    • Financial systems: If done well, the CMDB can supercharge your IT financial cost model.

    CMDBs can allow you to:

    • Query multiple databases simultaneously (so long as you have the CI name field in each database).
    • Build automated workflows and chatbots that interact with data across multiple databases.
    • More effectively identify the potential impact of changes and releases.

    Do not confuse asset with configuration

    Asset and configuration management look at the same world through different lenses

    • IT asset management (ITAM) tends to focus on each IT asset in its own right: assignment or ownership, lifecycle, and related financial obligations and entitlements.
    • Configuration management is focused on configuration items (CIs) that must be managed to deliver a service and the relationships and integrations with other CIs.
    • ITAM and configuration management teams and practices should work closely together. Though asset and configuration management focus on different outcomes, they may use overlapping tools and data sets. Each practice, when working effectively, can strengthen the other.
    • Many objects will exist in both the CMDB and AMDB, and the data on those shared objects will need to be kept in sync.

    A comparison between Asset and Configuration Management Databases

    *Discovery, dependency mapping, and data normalization are often features or modules of configuration management, asset management, or IT service management tools.

    Start with ITIL 4 guiding principles to make your configuration management project valuable and realistic

    Focus on where CMDB data will provide value and ensure the cost of bringing that data in will be reasonable for its purpose. Your end goal should be not just to build a CMDB but to use a CMDB to manage workload and workflows and manage services appropriately.

    Focus on value

    Include only the relevant information required by stakeholders.

    Start where you are

    Use available sources of information. Avoid adding new sources and tools unless they are justified.

    Progress iteratively with feedback

    Regularly review information use and confirm its relevance, adjusting the CMDB scope if needed.

    Collaborate and promote visibility

    Explain and promote available sources of configuration information and the best ways to use them, then provide hints and tips for more efficient use.

    Think and work holistically

    Consider other sources of data for decision making. Do not try to put everything in the CMDB.

    Keep it simple and practical

    Provide relevant information in the most convenient way; avoid complex interfaces and reports.

    Optimize and automate

    Continually optimize resource-consuming practice activities. Automate CDMB verification, data collection, relationship discovery, and other activities.

    ITIL 4 guiding principles as described by AXELOS

    Step 1.1

    Identify use cases and desired benefits for service configuration management

    Activities

    1.1.1 Brainstorm data collection challenges

    1.1.2 Define goals and how you plan to meet them

    1.1.3 Brainstorm and prioritize use cases

    1.1.4 Identify the data needed to reach your goals

    1.1.5 Record required data sources

    This step will walk you through the following aspects of a configuration management system:

    • Scope
    • Use cases

    This phase involves the following participants:

    • IT and business service owners
    • Business/customer relationship managers
    • Enterprise architects
    • Practice owners and managers
    • SCM practice manager
    • Project sponsor
    • Project manager

    Identify potential obstacles in your organization to building and maintaining a CMDB

    Often, we see multiple unsuccessful attempts to build out a CMDB, with teams eventually losing faith and going back to spreadsheets. These are common obstacles:

    • Significant manual data collection, which is rarely current and fully accurate.
    • Multiple discovery solutions creating duplicate records, with no clear path to deduplicate records.
    • Manual dependency mapping that isn't accurate because it's not regularly assessed and updated.
    • Hybrid cloud and on-premises environment with discovery solutions only partially collecting as the right discovery and dependency mapping solutions aren't in place.
    • Dynamic environments (virtual, cloud, or containers) that may exist for a very short time, but no one knows how they should be managed.
    • Lack of expertise to maintain and update the CMDB or lack of an assigned owner for the CMDB. If no one owns the process and is assigned as a steward of data, it will not be maintained.
    • Database that was designed with other purposes in mind and is heavily customized, making it difficult to use and maintain.

    Understanding the challenges to accessing and maintaining quality data will help define the risks created through lack of quality data.

    This knowledge can drive buy-in to create a configuration management practice that benefits the organization.

    1.1.1 Brainstorm data collection challenges

    Involve stakeholders.
    Allot 45 minutes for this discussion.

    1. As a group, brainstorm the challenges you have with data:
    2. Accuracy and trustworthiness: What challenges do you have with getting accurate data on IT services and systems?
      1. Access: Where do you have challenges with getting data to people when they need it?
      2. Manually created data: Where are you relying on data that could be automatically collected?
      3. Data integration: Where do you have issues with integrating data from multiple sources?
      4. Impact: What is the result of these challenges?
    3. Group together these challenges into similar issues and identify what goals would help overcome them.
    4. Record these challenges in the Configuration Management Project Charter, section 1.2: Project Purpose.

    Download the Configuration Management Project Charter

    Input

    Output

    • None
    • List of high-level desired benefits for SCM
    Materials Participants
    • Whiteboard/flip charts
    • Sticky notes
    • Markers/pens
    • Configuration Management Project Charter
    • IT and business service owners
    • Business/customer relationship managers
    • Practice owners and managers
    • SCM practice manager
    • SCM project sponsor

    Info-Tech Maturity Ladder

    Identify your current and target state

    INNOVATOR

    • Characteristics of business partner
    • Integration with orchestration tools

    BUSINESS PARTNER

    Data collection and validation is fully automated

    Integrated with several IT processes

    Meets the needs of IT and business use cases

    TRUSTED OPERATOR

    • Data collection and validation is partially or fully automated
    • Trust in data accuracy is high, meets the needs of several IT use cases

    FIREFIGHTER

    • Data collection is partially or fully automated, validation is ad hoc
    • Trust in data accuracy is variable, used for decision making

    UNSTABLE

    INNOVATOR

    • Characteristics of business partner
    • Integration with orchestration tools

    BUSINESS PARTNER

    • Data collection and validation is fully automated
    • Integrated with several IT processes
    • Meets the needs of IT and business use cases

    TRUSTED OPERATOR

    • Data collection and validation is partially or fully automated
    • Trust in data accuracy is high, meets the needs of several IT use cases

    FIREFIGHTER

    • Data collection is partially or fully automated, validation is ad hoc
    • Trust in data accuracy is variable, used for decision making

    UNSTABLE

    A tower is depicted, with arrows pointing to Current (orange) and Target(blue)

    Define goals for your CMDB to ensure alignment with all stakeholders

    • How are business or IT goals being hindered by not having the right data available?
    • If the business isn't currently asking for service-based reporting and accountability, start with IT goals. This will help to develop goals that will be most closely aligned to the IT teams' needs and may help incentivize the right behavior in data maintenance.
    • Configuration management succeeds by enabling its stakeholders to achieve their outcomes. Set goals for configuration management based on the most important outcomes expected from this project. Ask your stakeholders:
      1. What are the business' or IT's planned transformational initiatives?
      2. What are your highest priority goals?
      3. What should the priorities of the configuration management practice be?
    • The answers to these questions will shape your approach to configuration management. Direct input from your leadership and executives, or their delegates, will help ensure you're setting a solid foundation for your practice.
    • Identify which obstacles will need to be overcome to meet these goals.

    "[T]he CMDB System should be viewed as a 'system of relevance,' rather than a 'single source of truth.' The burdens of relevance are at once less onerous and far more meaningful in terms of action, analysis, and automation. While 'truth' implies something everlasting or at least stable, relevance suggests a far more dynamic universe."

    – CMDB Systems, Making Change Work in the Age of Cloud and Agile, Drogseth et al

    Identify stakeholders to discuss what they need from a CMDB; business and IT needs will likely differ

    Define your audience to determine who the CMDB will serve and invite them to these conversations. The CMDB can aid the business and IT and can be structured to provide dashboards and reports for both.

    Nondiscoverable configuration items will need to be created for both audiences to organize CIs in a way that makes sense for all uses.

    Integrations with other systems may be required to meet the needs of your audience. Note integrations for future planning.

    Business Services

    Within the data sets, service configuration models can be used for:

    • Impact analysis
    • Cause and effect analysis
    • Risk analysis
    • Cost allocation
    • Availability analysis and planning

    Technical Services

    Connect to IT Finance for:

    • Service-based consumption and costing
    • Financial awareness through showback
    • Financial recovery through chargeback
    • Support IT strategy through financial transparency
    • Cost optimization
    • Reporting for depreciation, location-related taxation, and capitalization (may also use asset management for these)

    Intersect with IT Processes to:

    • Reduce time to restore services through incident management
    • Improve stability through change management
    • Reduce outages through problem management
    • Optimize assets through IT asset management
    • Provide detailed reporting for audit/governance, risk, and compliance

    1.1.2 Define goals and how you plan to meet them

    Involve stakeholders.

    Allot 45 minutes for this discussion.

    As a group, identify current goals for building and using a CMDB.

    Why are we doing this?

    • How do you hope to use the data within the CMDB?
    • What processes will be improved through use of this data and what are the expected outcomes?

    How will we improve the process?

    • What processes will be put in place to ensure data integrity?
    • What tools will be put in place to improve the methods used to collect and maintain data?

    Record these goals in the Configuration Management Project Charter, section 1.3: Project Objectives.

    Input

    Output

    • None
    • List of high-level desired benefits for SCM
    Materials Participants
    • Whiteboard/flip charts
    • Sticky notes
    • Markers/pens
    • Configuration Management Project Charter
    • IT and business service owners
    • Business/customer relationship managers
    • Practice owners and managers
    • SCM practice manager
    • SCM project sponsor

    It's easy to think that if you build it, they will come, but CMDBs rarely succeed without solid use cases

    Set expectations for your organization that defined and fulfilled use cases will factor into prioritization exercises, functional plans, and project milestones to achieve ROI for your efforts.

    A good use case:

    • Justifies resource allocation
    • Gains funding for the right tools
    • Builds stakeholder support
    • Drives interest and excitement
    • Gains support from anyone in a position to help build out and validate the data
    • Helps to define success

    In the book CMDB Systems, Making Change Work in the Age of Cloud and Agile, authors Drogseth, Sturm, and Twing describe the secrets of success:

    A documented evaluation of CMDB System vendors showed that while most "best case" ROI fell between 6 and 9 months for CMDB deployments, one instance delivered ROI for a significant CMDB investment in as little as 2 weeks!

    If there's a simple formula for quick time to value for a CMDB System, it's the following:

    Mature levels of process awareness
    + Strong executive level support
    + A ready and willing team with strongly supportive stakeholders
    + Clearly defined and ready phase one use case
    + Carefully selected, appropriate technologies

    All this = Powerful early-phase CMDB System results

    Define and prioritize use cases for how the CMDB will be used to drive value

    The CMDB can support several use cases and may require integration with various modules within the ITSM solution and integration with other systems.

    Document the use cases that will drive your CMDB to relevance, including the expected benefits for each use case.

    Identify the dependencies that will need to be implemented to be successful.

    Define "done" so that once data is entered, verified, and mapped, these use cases can be realized.

    "Our consulting experience suggests that more than 75% of all strategic initiatives (CMDB or not) fail to meet at least initial expectations across IT organizations. This is often due more to inflated expectations than categorical failure."

    – CMDB Systems, Making Change Work in the Age of Cloud and Agile, Drogseth et al.

    This image demonstrates how CMBD will be used to drive value.

    After identifying use cases, determine the scope of configuration items required to feed the use cases

    On-premises software and equipment will be critical to many use cases as the IT team and partners work on network and data-center equipment, enterprise software, and integrations through various means, including APIs and middleware. Real-time and near real-time data collection and validation will ensure IT can act with confidence.

    Cloud use can include software as a service (SaaS) solutions as well as infrastructure and platform as a service (IaaS and PaaS), and this may be more challenging for data collection. Tools must be capable of connecting to cloud environments and feeding the information back into the CMDB. Where on-premises and cloud applications show dependencies, you might need to validate data if multiple discovery and dependency mapping solutions are used to get a complete picture. Tagging will be crucial to making sense of the data as it comes into the CMDB.

    In-house developed software would be beneficial to have in the CMDB but may require more manual work to identify and classify once discovered. A combination of discovery and tagging may be beneficial to input and classification.

    Highly dynamic environments may require data collection through integration with a variety of solutions to manage and record continuous deployment models and verifications, or they may rely on tags and activity logs to record historical activity. Work with a partner who specializes in CI/CD to help architect this use case.

    Containers will require an assessment of the level of detail required. Determine if the container is a CI and if the content will be described as attributes. If there is value to your use case to map the contents of each container as separate CIs within the container CI, then you can map to that level of detail, but don't map to that depth unless the use case calls for it.

    Internet of Things (IoT) devices and applications will need to match a use case as well. IoT device asset data will be useful to track within an asset database but may have limited value to add to a CMDB. If there are connections between IoT applications and data warehouses, the dependencies should likely be mapped to ensure continued dataflow.

    Out of scope

    A single source of data is highly beneficial, but don't make it a catchall for items that are not easily stored in a CMDB.

    Source code should be stored in a definitive media library (DML). Code can be linked to the CMDB but is generally too big to store in a CMDB and will reduce performance for data retrieval.

    Knowledge articles and maintenance checklists are better suited to a knowledge base. They can also be linked to the CDMB if needed but this can get messy where many-to-many relationships between articles and CIs exist.

    Fleet (transportation) assets and fixed assets should be in fleet management systems and accounting systems, respectively. Storing these types of data in the CMDB doesn't provide value to the support process.

    1.1.3 Brainstorm and prioritize use cases

    Which IT practices will you supercharge?

    Focus on improving both operations and strategy.

    1. Brainstorm the list of relevant use cases. What do you want to do with the data from the CMDB? Consider:
      1. ITSM management and governance practices
      2. IT operations, vendor orchestration, and service integration and management (SIAM) to improve vendor interactions
      3. IT finance and business service reporting needs
    2. Identify which use cases are part of your two- to three-year plan, including the purpose for adding configuration data into that process. Prioritize one or two of these use cases to accomplish in your first year.
    3. Identify dependencies to manage as part of the solution and define a realistic timeline for implementing integrations, modules, or data sources.
    4. Document this table in the Configuration Management Project Charter, section 2.2: Use Cases.
    Audience Use Case Goal/Purpose Project/Solution Dependencies Proposed Timeline Priority
    • IT
    • Change Management

    Stabilize the process by seeing:

    Change conflict reporting

    Reports of CI changes without change records

    System availability

    RFC mapping requires discovered CIs

    RFC review requires criticality, technical and business owners

    Conflict reporting requires dependency mapping

    • Discovery and manual information entered by October
    • Dependency mapping implemented by December

    High

    Determine what additional data will be needed to achieve your use cases

    Regardless of which use cases you are planning to fulfill with the CMDB, it is critical to not add data and complexity with the plan of resolving every possible inquiry. Ensure the cost and effort of bringing in the data and maintaining it is justified. The complexity of the environment will impact the complexity of data sources and integrations for discovery and dependency mapping.

    Before bringing in new data, consider:

    • Is this information available in other maintained databases now?
    • Will this data be critical for decision making? If it is nice to have or optional, can it be automatically moved into the database and maintained using existing integrations?
    • Is there a cost to bringing the data into the CMDB and maintaining it? Is that cost reasonable for its purpose?
    • How frequently will this information be accessed, and can it be updated in an adequate cadence to meet these needs?
    • When does this information need to be available?

    Info-Tech Insight

    If data will be used only occasionally upon request, determine if it will be more efficient to maintain it or to retrieve it from the CMDB or another data source as needed.

    Remember, within the data sets, service configuration models can be used for:

    • Impact analysis
    • Cause and effect analysis
    • Risk analysis
    • Cost allocation
    • Availability analysis and planning

    1.1.4 Expand your use cases by identifying the data needed to reach your goals

    Involve stakeholders.

    Allot 60 minutes for this discussion.

    Review use cases and their goals.

    Identify what data will be required to meet those goals and determine whether it will be mandatory or optional/nice-to-have information.

    Identify sources of data for each type of data. Color code or sort.

    Italicize data points that can be automatically discovered.

    Gain consensus on what information will be manually entered.

    Record the data in the Use Cases and Data Worksheet.

    Download the Use Cases and Data Worksheet

    Input

    Output

    • None
    • List of data requirements
    MaterialsParticipants
    • Whiteboard/flip charts
    • Sticky notes
    • Markers/pens
    • Use Cases and Data Worksheet
    • IT and business service owners
    • Business/customer relationship managers
    • Practice owners and managers
    • SCM practice manager
    • SCM project sponsor

    Use discovery and dependency mapping tools to automatically update the CMDB

    Avoid manual data entry whenever possible.

    Consider these features when looking at tools:

    • Application dependency mapping: Establishing and tracking the relationships and dependencies between system components, applications, and IT services. The ideal tool will be able to generate maps automatically.
    • Agentless and agent discovery: Scanning systems with both agent and agentless approaches. Agent-based scanning provides comprehensive information on applications used in individual endpoints, which is helpful in minimizing its IT footprint. However, agents require endpoint access. Agentless-based scanning provides a broader and holistic view of deployed applications without the need to install an agent on end devices, which can be good enough for inventory awareness.
    • Data export capability: Easy exporting of application inventory information to be used in reports and other tools.
    • Dashboards and chart visualization: Detailed list of the application inventory, including version number, number of users, licenses, deployment location, and other application details. These details will inform decision makers of each application's health and its candidacy for further rationalization activities.
    • Customizable scanning scripts: Tailor your application discovery approach by modifying the scripts used to scan your systems.
    • Integration with third-party tools: Easy integration with other systems with out-of-the-box plugins or customizable APIs.

    Determine which data collection methods will be used to populate the CMDB

    The effort-to-value ratio is an important factor in populating a CMDB. Manual efforts require a higher process focus, more intensive data validation, and a constant need to remind team members to act on every change.

    Real-Time Data AIOps continual scans Used for event and incident management
    Near Real-Time Data Discovery and dependency mapping run on a regular cycle Used for change and asset management
    Historical Data Activity log imports, manual data entry Used for IT finance, audit trail
    • Determine what amount of effort is appropriate for each data grouping and use case. As decisions are made to expand data within the CMDB, the effort-to-value ratio should always factor in. To be usable, data must be accurate, and every piece of data that needs to be manually entered runs the risk of becoming obsolete.
    • Identify which data sources will bring in each type of data. Where there is a possibility of duplicate records being created, one of the data sources will need to be identified as the primary.
    • If the decision is to manually enter configuration items early in the process, be aware that automation may create duplicates of the CIs that will need to be deduplicated at some point in the process to make the information more usable.
    • Typically, items are discovered, validated, then mapped, but there will be variations depending on the source.
    • Active Directory or LDAP may be used to bring users and technicians into the CMDB. Data may be imported from spreadsheets. Identify efforts where data cleanup may have to happen before transferring into the CMDB.
    • Identify how often manual imports will need to be conducted to make sure data is usable.

    Identify other nondiscoverable data that will need to be added to or accessed by the CMDB

    Foundational data, such as technicians, end users and approvers, roles, location, company, agency, department, building, or cost center, may be added to tables that are within or accessed by the CMDB. Work with your vendor to understand structure and where this information resides.

    • These records can be imported from CSV files manually, but this will require manual removal or edits as information changes.
    • Integration with the HRIS, Active Directory, or LDAP will enable automatic updates through synchronization or scheduled imports.
    • If synchronization is fully enabled, new data can be added and removed from the CMDB automatically.
    • Identify which nondiscoverable attributes will be needed, such as system criticality, support groups, groups it is managed by, location.
    • If partially automating the process, identify where manual updates will need to occur.
    • If fully automating the process, notifications will need to be set up when business owner or product or technical owner fields become empty to prompt defining a replacement within the CMDB.
    • Determine who will manage these updates.
    • Work with your CMDB implementation vendor to determine the best option for bringing this information in.

    1.1.5 Record required data sources

    Allot 15 minutes for this discussion.

    1. Where do you track the work involved in providing services? Typically, your ticket database tracks service requests and incidents. Additional data sources can include:
      • Enterprise resource planning tools for tracking purchase orders
      • Project management information system for tracking tasks
    2. What trusted data sources exist for the technology that supports these services? Examples include:
      • Management tools (e.g. Microsoft Endpoint Configuration Manager)
      • Architectural diagrams and network topology diagrams
      • IT asset management database
      • Spreadsheets
      • Other systems of record
    3. What other data sources can help you gather the data you identified in activity 1.1.4?
    4. Record the relevant data sources for each use case in the Configuration Management Standard Operating Procedures, section 6: Data Collection and Updates.

    Info-Tech Insight

    Improve the trustworthiness of your CMDB as a system of record by relying on data that is already trusted.

    Input

    Output

    • Use cases
    • List of data requirements
    MaterialsParticipants
    • Use Cases and Data Worksheet
    • Configuration Management Standard Operating Procedures
    • IT and business service owners
    • Practice owners and managers
    • SCM practice manager
    • SCM project sponsor

    Step 1.2

    Define roles and responsibilities

    Activities

    1.2.1 Record the project team and stakeholders

    1.2.2 Complete a RACI chart to define who will be accountable and responsible for configuration tasks

    This step will walk you through the following aspects of a configuration management system:

    • Roles and responsibilities

    This phase involves the following participants:

    • IT service owners
    • Enterprise architects
    • Practice owners and managers
    • SCM practice manager
    • Project manager

    Identify the roles you need in your SCM project

    Determine which roles will need to be involved in the initial project and how to source these roles.

    Leadership Roles
    Oversee the SCM implementation

    1. Configuration Manager – The practice owner for SCM. This is a long-term role.
    2. Configuration Control Board (CCB) Chair – An optional role that oversees proposed alterations to configuration plans. If a CCB is implemented, this is a long-term role.
    3. Project Sponsor or Program Sponsor – Provides the necessary resources for building the CMDB and SCM practices.
    4. Architecture Roles
      Plan the program to build strong foundation
      1. Configuration Management Architect – Technical leader who defines the overall CM solution, plans the scope, selects a tool, and leads the technical team that will implement the solution.
      2. Requirements Analyst – Gathers and manages the requirements for CM.
      3. Process Engineer – Defines, documents, and implements the entire process.

    Architecture Roles
    Plan the program to build strong foundation

    1. Configuration Management Architect – Technical leader who defines the overall CM solution, plans the scope, selects a tool, and leads the technical team that will implement the solution.
    2. Requirements Analyst – Gathers and manages the requirements for CM.
    3. Process Engineer – Defines, documents, and implements the entire process.

    Engineer Roles
    Implement the system

    1. Logical Database Analyst (DBA) Designs the structure to hold the configuration management data and oversees implementation.
    2. Communications and Trainer – Communicates the goals and functions of CM and teaches impacted users the how and why of the process and tools.

    Administrative Roles
    Permanent roles involving long-term ownership

    1. Technical Owner – The system administrator responsible for their system's uptime. These roles usually own the data quality for their system.
    2. Configuration Management Integrator – Oversees regular transfer of data into the CMDB.
    3. Configuration Management Tool Support – Selects, installs, and maintains the CM tool.
    4. Impact Manager – Analyzes configuration data to ensure relationships between CIs are accurate; conducts impact analysis.

    1.2.1 Record the project team and stakeholders

    Allocate 25 minutes to this discussion.

    1. Record the project team.
      1. Identify the project manager who will lead this project.
      2. Identify key personnel that will need to be involved in design of the configuration management system and processes.
      3. Identify where vendors/outsourcers may be required to assist with technical aspects.
      4. Document the project team in the Configuration Management Project Charter, section 1.1: Project Team.
    1. Record a list of stakeholders.
      1. Identify stakeholders internal and external to IT.
      2. Build the stakeholder profile. For each stakeholder, identify their role, interest in the project, and influence on project success. You can score these criteria high/medium/low or score them out of ten.
      3. If managed service providers will need to be part of the equation, determine who will be the liaison and how they will provide or access data.
    Input

    Output

    • Project team members
    • Project plan resources
    MaterialsParticipants
    • Configuration Management Project Charter
    • List of project stakeholders and participants
    • IT service owners
    • Practice owners and managers
    • SCM practice manager
    • SCM project sponsor

    Even with full automation, this cannot be a "set it and forget it" project if it is to be successful long-term

    Create a team to manage the process and data updates and to ensure data is always usable.

    • Services may be added and removed.
    • Technology will change as technical debt is reduced.
    • Vendors may change as contract needs develop.
    • Additional use cases may be introduced by IT and the business as approaches to management evolve.
    • AIOps can reduce the level of effort and improve visibility as configuration items change from the baseline and notifications are automated.
    • Changes can be checked against requests for changes through automated reconciliations, but changes will still need to be investigated where they do not meet expectations.
    • Manual data changes will need to be made regularly and verified.

    "We found that everyone wanted information from the CMDB, but no one wanted to pay to maintain it. People pointed to the configuration management team and said, 'It's their responsibility.'

    Configuration managers, however, cannot own the data because they have no way of knowing if the data is accurate. They can own the processes related to checking accuracy, but not the data itself."
    – Tim Mason, founding director at TRM Associates
    (Excerpt from Viewpoint: Focus on CMDB Leadership)

    Include these roles in your CMDB practice to ensure continued success and continual improvement

    These roles can make up the configuration control board (CCB) to make decisions on major changes to services, data models, processes, or policies. A CCB will be necessary in complex environments.

    Configuration Manager

    This role is focused on ensuring everyone works together to build the CMDB and keep it up to date. The configuration manager is responsible to:

    • Plan and manage the standards, processes, and procedures and communicate all updates to appropriate staff. Focused on continual improvement.
    • Plan and manage population of the CMDB and ensure data included meets criteria for cost effectiveness and reasonable effort for the value it brings.
    • Validate scope of services and CIs to be included and controlled within the CMDB and manage exceptions.
    • Audit data quality to ensure it is valid, is current, and meets defined standards.
    • Evaluate and recommend tools to support processes, data collection, and integrations.
    • Ensure configuration management processes interface with all other service and business management functions to meet use cases.
    • Report on configuration management performance and take appropriate action on process adherence and quality issues.

    Configuration Librarian

    This role is most important where manual data entry is prevalent and where many nonstandard configurations are in place. The librarian role is often held by the tool administrator. The librarian focuses specifically on data within the CMDB, including:

    • Manual updates to configuration data.
    • CMDB data verification on a regular schedule.
    • Processing ad hoc requests for data.

    Product/Service/Technical Owners

    The product or technical owner will validate information is correctly updating and reflects the existing data requirements as new systems are provisioned or as existing systems change.

    Interfacing Practice Owners

    All practice owners, such as change manager, incident manager, or problem manager, must work with the configuration team to ensure data is usable for each of the use cases they are responsible for.

    Download the Configuration Manager job description

    Assign configuration management responsibilities and accountabilities

    Align authority and accountability.

    • A RACI exercise will help you discuss and document accountability and responsibility for critical configuration management activities.
    • When responsibility and accountability are not well documented, it's often useful to invite a representative of the roles identified to participate in this alignment exercise. The discussion can uncover contrasting views on responsibility and governance, which can help you build a stronger management and governance model.
    • The RACI chart can help you identify who should be involved when making changes to a given activity. Clarify the variety of responsibilities assigned to each key role.
    • In the future, you may need to define roles in more detail as you change your configuration management procedures.

    Responsible: The person who actually gets the job done.
    Different roles may be responsible for different aspects of the activity relevant to their role.

    Accountable: The one role accountable for the activity (in terms of completion, quality, cost, etc.)
    Must have sufficient authority to be held accountable; responsible roles are often accountable to this role.

    Consulted: Those who need the opportunity to provide meaningful input at certain points in the activity; typically, subject matter experts or stakeholders. The more people you must consult, the more overhead and time you'll add to a process.

    Informed: Those who receive information regarding the task but do not need to provide feedback.
    Information might relate to process execution, changes, or quality.

    Complete a RACI chart to define who will be accountable and responsible for configuration tasks

    Determine what roles will be in place in your organization and who will fulfill them, and create your RACI chart to reflect what makes sense for your organization. Additional roles may be involved where there is complexity.

    R = responsible, A = accountable, C = consulted, I = informed CCB Configuration Manager Configuration Librarian Technical Owner(s) Interfacing Practice Owners Tool Administrator
    Plan and manage the standards, processes, and procedures and communicate all updates to appropriate staff. Focused on continual improvement. A R
    Plan and manage population of the CMDB and ensure data included meets criteria for cost effectiveness and reasonable effort for the value it brings. A R
    Validate scope of services and CIs to be included and controlled within the CMDB and manage exceptions. A R
    Audit data quality to ensure it is valid, is current, and meets defined standards. A,R
    Evaluate and recommend tools to support processes, data collection, and integrations. A,R
    Ensure configuration management processes interface with all other service and business management functions to meet use cases. A
    Report on configuration management performance and take appropriate action on process adherence and quality issues. A
    Make manual updates to configuration data. A
    Conduct CMDB data verification on a regular schedule. A
    Process ad hoc requests for data. A
    Enter new systems into the CMDB. A R
    Update CMDB as systems change. A R
    Identify new use cases for CMDB data. R A
    Validate data meets the needs for use cases and quality. R A
    Design reports to meet use cases. R
    Ensure integrations are configured as designed and are functional. R

    1.2.2 Complete a RACI chart to define who will be accountable and responsible for configuration tasks

    Allot 60 minutes for this discussion.

    1. Open the Configuration Management Standard Operating Procedures, section 4.1: Responsibility Matrix. In the RACI chart, review the top row of roles. Smaller organizations may not need a configuration control board, in which case the configuration manager may have more authority.
    2. Modify or expand the process tasks in the left column as needed.
    3. For each role, identify what that person is responsible for, accountable for, consulted on, or informed of. Fill out each column.
    4. Document in the SOP. Schedule a time to share the results with organization leads.
    5. Distribute the chart among all teams in your organization.
    6. Describe additional roles as needed in the documentation.
    7. Add accountabilities and responsibilities for the CCB into the Configuration Control Board Charter.
    8. If appropriate, add auxiliary roles to the Configuration Management Standard Operating Procedures, section 4.2: Configuration Management Auxiliary Role Definitions.

    Notes:

    1. Assign one Accountable for each task.
    2. Have one or more Responsible for each task.
    3. Avoid generic responsibilities such as "team meetings."
    4. Keep your RACI definitions in your documents for quick reference.

    Refer back to the RACI chart when building out the communications plan to ensure accountable and responsible team members are on board and consulted and informed people are aware of all changes.

    Input

    Output

    • Task assignments
    • RACI chart with roles and responsibilities
    MaterialsParticipants
    • Configuration Management Standard Operating Procedures, RACI chart
    • Configuration Control Board Charter, Responsibilities section
    • IT service owners
    • Practice owners and managers
    • SCM practice manager
    • SCM project sponsor

    Phase 2

    Configuration Management Data Model

    StrategyData StructureProcessesRoadmap
    • Challenges and Goals
    • Use Cases and Data
    • Roles and Responsibilities
    • Services
    • Classifications
    • Data Modeling
    • Lifecycle Processes
    • Baselines
    • Audit and Data Validation
    • Metrics
    • Communications Plan
    • Roadmap

    This phase will walk you through the following aspects of a configuration management system:

    • Data Model
    • Customer-Facing and Supporting Services
    • Business Capabilities
    • Relationships
    • IT Infrastructure Components
    • Enterprise Software
    • End-User Devices
    • Documents

    This phase involves the following participants:

    • IT service owners
    • Enterprise architects
    • Practice owners and managers
    • CM practice manager
    • CM project manager

    Step 2.1

    Build a framework for CIs and relationships

    Activities

    Document services:

    2.1.1 Define and prioritize your services

    2.1.2 Test configuration items against existing categories

    2.1.3 Create a configuration control board charter to define the board's responsibilities and protocols

    This step will walk you through the following aspects of a configuration management system:

    • Data model
    • Configuration items
    • Relationships

    This phase involves the following participants:

    • IT service owners
    • Enterprise architects
    • Practice owners and managers
    • CM practice manager
    • Project manager

    Making sense of data daily will be key to maintaining it, starting with services

    As CIs are discovered and mapped, they will automatically map to each other based on integrations, APIs, queries, and transactions. However, CIs also need to be mapped to a conceptional model or service to present the service and its many layers in an easily consumable way.

    These services will need to be manually created or imported into the CMDB and manually connected to the application services. Services can be mapped to technical or business services or both.

    If business services reporting has been requested, talk to the business to develop a list of services that will be required. Use terms the business will be expecting and identify which applications and instances will be mapped to those services.

    If IT is using the CMDB to support service usage and reporting, develop the list of IT services and identify which applications and instances will be mapped to those services.

    This image show the relationship between Discoverable and Nondiscoverable CIs. The discoverable CIs are coloured in purple, and the nondiscoverables are blue.

    Work with your stakeholders to ensure catalog items make sense to them

    There isn't a definitive right or wrong way to define catalog items. For example, the business and IT could both reference application servers, but only IT may need to see technical services broken down by specific locations or device types.

    Refer back to your goals and use cases to think through how best to meet those objectives and determine how to categorize your services.

    Define the services that will be the top-level, nondiscoverable services, which will group together the CIs that make up the complete service. Identify which application(s) will connect into the technical service.

    When you are ready to start discovery, this list of services will be connected to the discovered data to organize it in a way that makes sense for how your stakeholders need to see the data.

    While working toward meeting the goals of the first few use cases, you will want to keep the structure simple. Once processes are in place and data is regularly validated, complexities of different service types and names can be integrated into the data.

    This image show the relationship between Discoverable and Nondiscoverable CIs. Both Discoverable and nondiscoverable CIs are blue.

    Application Service(blue); Technical Service(Purple); IT Shared Services(Orange); Billable Services(green); Service Portfolio(red)

    Define the service types to manage within the CMDB to logically group CIs

    Determine which method of service groupings will best serve your audience for your prioritized use cases. This will help to name your service categories. Service types can be added as the CMDB evolves and as the audience changes.

    Application Service

    Technical Service

    IT Shared Services

    Billable Services

    Service Portfolio

    A set of interconnected applications and hosts configured to offer a service to the organization.

    Example: Financial application service, which may include email, web server, application server, databases, and middleware.

    A logical grouping of CIs based on common criteria.

    Example: Toronto web services, which may include several servers, web applications, and databases.

    A logical grouping of IT and business services shared and used across the organization.

    Example: VoIP/phone services or networking or security services.

    A group of services that will be billed out to departments or customers and would require logical groupings to enable invoicing.

    A group of business and technical service offerings with specific performance reporting levels. This may include multiple service levels for different customer audiences for the same service.

    2.1.1 Define and prioritize your services

    Prioritize your starting point. If multiple audiences need to be accommodated, work with one group at a time.

    Timing: will vary depending on number of services, and starting point

    1. Create your list of services, referencing an existing service catalog, business continuity or disaster recovery plan, list of applications, or brainstorming sessions. Use the terminology that makes the most sense for the audience and their reporting requirements.
    2. If this list is already in place, assess for relevance and reduce the list to only those services that will be managed through the CMDB.
    3. Determine what data will be relevant for each service based on the exercises done in 1.1.4 and 1.1.5. For example, if priority was a required attribute for use case data, ensure each service lists the priority of that service.
    4. For each of these, identify the supporting services. These items can come from your technical service catalog or list of systems and software.
    5. Document this table in the Use Cases and Data Worksheet, tab 3: Service Catalog.

    Service Record Example

    Service: Email
    Supporting Services: M365, Authentication Services

    Service Attributes

    Availability: 24/7 (99.999%)
    Priority: Critical
    Users: All
    Used for: Collaboration
    Billable: Departmental
    Support: Unified Support Model, Account # 123456789

    The CMDB will be organized by services and will enable data analysis through multiple categorization schemes

    To extract maximum service management benefit from a CMDB, the highest level of CI type should be a service, as demonstrated below. While it is easier to start at the system or single-asset level, taking the service mapping approach will provide you with a useful and dynamic view of your IT environment as it relates to the services you offer, instead of a static inventory of components.

    Level 1: Services

    • Business Service Offering: A business service is an IT service that supports a business process, or a service that is delivered to business customers. Business service offerings typically are bound by service-level agreements.
    • IT Service Offering: An IT service supports the customer's business processes and is made up of people, processes, and technology. IT service offerings typically are bound by service-level agreements.

    Level 2: Infrastructure CIs

    • IT Component Set: An IT service offering consists of one of more sets of IT components. An IT component set allows you to group or bundle IT components with other components or groupings.
    • IT Component: An IT system is composed of one or more supporting components. Many components are shared between multiple IT systems.

    Level 3: Supporting CIs

    • IT Subcomponent: Any IT asset that is uniquely identifiable and a component of an IT system.
    • IT components can have subcomponents, and those components can have subcomponents, etc.

    Two charts, showing Enterprise Architect Model and Configuration Service Model. Each box represents a different CI.

    Assess your CMDB's standard category offerings against your environment, with a plan to minimize customization

    Standard categorization schemes will allow for easier integration with multiple tools and reporting and improve results if using machine learning to automate categorization. If the CMDB chosen includes structured categories, use that as your starting point and focus only on gaps that are not addressed for CIs unique to your environment.

    There is an important distinction between a class and a type. This concept is foundational for your configuration data model, so it is important that you understand it.

    • Types are general groupings, and the things within a type will have similarities. For attributes that you want to collect on a type, all children classes and CIs will have those attribute fields.
    • Classes are a more specific grouping within a type. All objects within a class will have specific similarities. You can also use subclasses to further differentiate between CIs.
    • Individual CIs are individual instances of a class or subclass. All objects in a class will have the same attribute fields and behave the same, although the values of their attributes will likely differ.
    • Attributes may be discovered or nondiscoverable and manually added to CIs. The attributes are properties of the CI such as serial number, version, memory, processor speed, or asset tag.

    Use inheritance structures to simplify your configuration data model.

    An example CM Data Model is depicted.

    Assess the list of classes of configuration items against your requirements

    Types are general groupings, and the things within a type will have similarities. Each type will have its own table within the CMDB. Classes within a type are a more specific grouping of configuration items and may include subclasses.

    Review your vendor's CMDB documentation. Find the list of CI types or classes. Most CMDBs will have a default set of classes, like this standard list. If you need to build your own, use the table below as a starting point. Define anything required for unique classes. Create a list and consult with your installation partner.

    Sample list of classes organized by type

    Types Services Network Hardware Storage Compute App Environment Documents
    Classes
    • Application Service
    • Technical Service
    • IT Shared Service
    • Billable Service
    • Service Portfolio
    • Switch
    • Router
    • Firewall
    • Modem
    • SD-WAN
    • Load Balancer
    • UPS
    • Computer
    • Laptop
    • Server
    • Tablet
    • Database
    • Network-Attached Storage
    • Storage Array Network
    • Blob
    • Operating System
    • Hypervisor
    • Virtual Server
    • Virtual Desktop
    • Appliance
    • Virtual Application
    • Enterprise Application
    • Line of Business Application Software
    • Development
    • Test
    • Production
    • Contract
    • Business Impact Analysis
    • Requirements

    Review relationships to determine which ones will be most appropriate to map your dependencies

    Your CMDB should include multiple relationship types. Determine which ones will be most effective for your environment and ensure everyone is trained on how to use them. As CIs are mapped, verify they are correct and only manually map what is incorrect or not mapping through automation.

    Manually mapping CMDB relationships may be time consuming and prone to error, but where manual mapping needs to take place, ensure the team has a common view of the dependency types available and what is important to map.

    Use automated mapping whenever possible to improve accuracy, provide functional visualizations, and enable dynamic updates as the environment changes.

    Where a dependency maps to external providers, determine where it makes sense to discover and map externally provided CIs.

    • Only connect where there is value in mapping to vendor-owned systems.
    • Only connect where data and connections can be trusted and verified.

    Most common dependency mapping types

    A list of the most common dependency mapping types.

    2.1.2 Test configuration items against existing categories

    Time to complete: 1-2 hours

    1. Select a service to test.
    2. Identify the various components that make up the service, focusing on configuration items, not attributes
    3. Categorize configuration items against types and classes in the default settings of the CMDB.
    4. Using the default relationships within the CMDB, identify the relationships between the configuration items.
    5. Identify types, classes, and relationships that do not fit within the default settings. Determine if there are common terms for these items or determine most appropriate name.
    6. Validate these exceptions with the publisher.
    7. Document exceptions in the Configuration Management Standard Operating Procedures, Appendix 2: Types and Classes of Configuration Items
    Input

    Output

    • List of default settings for classes, types, and relationships
    • Small list of services for testing
    • List of CIs to map to at least one service
    • List of categories to add to the CMDB solution.
    MaterialsParticipants
    • Use Cases and Data Worksheet
    • Configuration Management Standard Operating Procedures
    • IT service owners
    • Practice owners and managers
    • SCM practice manager
    • SCM project sponsor

    2.1.3 Create a configuration control board charter to define the board's responsibilities and protocols

    A charter will set the tone for meetings, ensure purpose is defined and meeting cadence is set for regular reviews.

    1. Open the Configuration Control Board Charter. Review the document and modify as appropriate for your CCB. This will include:
      • Purpose and mandate of the committee – Reference objectives from the project charter.
      • Team composition – Determine the right mix of team members. A team of six to ten people can provide a good balance between having a variety of opinions and getting work done.
      • Voting option – Determine the right quorum to approve changes.
      • Responsibilities – List responsibilities, starting with RACI chart items.
      • Authority – Define the control board's span of control.
      • Governing laws and regulations – List any regulatory requirements that will need to be met to satisfy your auditors.
      • Meeting preparation – Set expectations to ensure meetings are productive.
    2. Distribute the charter to CCB members.
    Input

    Output

    • Project team members
    • Project plan resources
    MaterialsParticipants
    • Configuration Control Board Charter
    • IT service owners
    • Practice owners and managers
    • SCM practice manager
    • SCM project sponsor

    Assess the default list of statuses for each state

    Align this list with your CMDB

    Minimize the number of customizations that will make it difficult to update the platform.

    1. Review the default status list within the tool.
    2. Identify which statuses will be most used. Write a definition for each status.
    3. Update this list as you update process documentation in Step 3.1. After initial implementation, this list should only be modified through change enablement.
    4. Record this list of statuses in the Configuration Management Standard Operating Procedures, Appendix 4: Statuses
    State Status Description
    Preparation Ordered Waiting delivery from the vendor
    In Planning Being created
    Received Vendor has delivered the item, but it is not ready for deployment
    Production In Stock Available to be deployed
    In Use Deployed
    On Loan Deployed to a user on a temporary basis
    For Removal Planning to be phased out but still deployed to an end user
    Offline In Transit Moving to a new location
    Under Maintenance Temporarily offline while a patch or change is applied
    Removed Decommissioned Item has been retired and is no longer in production
    Disposed Item has been destroyed and we are no longer in possession of it
    Lost Item has been lost
    Stolen Item has been stolen

    Step 2.2

    Document statuses, attributes, and data sources

    Activities

    2.2.1 Follow the packet and map out the in-scope services and data centers

    2.2.2 Build data model diagrams

    2.2.3 Determine access rights for your data

    This step will walk you through the following aspects of a configuration management system:

    • Statuses
    • Attributes for each class of CI

    This phase involves the following participants:

    • IT service owners
    • Enterprise architects
    • Practice owners and managers
    • SCM practice manager
    • Project manager

    Outcomes of this step

    • Framework for approaching CI statuses
    • Attributes for each class of CI
    • Data sources for those attributes

    Service mapping approaches

    As you start thinking about dependency mapping, it's important to understand the different methods and how they work, as well as your CMDB's capabilities. These approaches may be all in the same tool, or the tool may only have the top-down options.

    Top down, most common

    Pattern-based

    Most common option, which includes indicators of connections such as code, access rights, scripting, host discovery, and APIs.

    Start with pattern-based, then turn on traffic-based for more detail. This combination will provide the most accuracy.

    Traffic-based

    Map against traffic patterns involving connection rules to get more granular than pattern-based.

    Traffic-based can add a lot of overhead with extraneous data, so you may not want to run it continuously.

    Tag-based

    Primarily used for cloud, containers, and virtual machines and will attach the cloud licenses to their dependent services and any related CIs.

    Tags work well with cloud but will not have the same hierarchical view as on-premises dependency mapping.

    Machine learning

    Machine learning will look for patterns in the traffic-based connections, match CIs to categories and help organize the data.

    Machine learning (ML) may not be in every solution, but if you have it, use it. ML will provide many suggestions to make the life of the data manager easier.

    Model hierarchy

    Automated data mapping will be helpful, but it won't be foolproof. It's critical to understand the data model to validate and map nondiscoverable CIs correctly.

    The framework consists of the business, enterprise, application, and implementation layers.

    The business layer encodes real-world business concepts via the conceptual model.

    The enterprise layer defines all enterprise data assets' details and their relationships.

    The application layer defines the data structures as used by a specific application.

    The implementation layer defines the data models and artifacts for use by software tools.

    An example of Model Hierarchy is depicted.

    Learn how to create data models with Info-Tech's blueprint Create and Manage Enterprise Data Models

    2.2.1 Follow the packet and map out the in-scope services and data centers

    Reference your network topology and architecture diagrams.

    Allot 1 hour for this activity.

    1. Start with a single service that is well understood and documented.
    2. Identify the technical components (hardware and applications) that make up the service.
    3. Determine if there is a need to further break down services into logical service groupings. For example, the email service to the right is broken down into authentication and mail flow.
    4. If you don't have a network diagram to follow, create a simple one to identify workflows within the service and components the service uses.
    5. Record the apps and underlying components in the Configuration Management Standard Operating Procedures, Appendix 1: Configuration Data Model Structure.

    This information will be used for CM project planning and validating the contents of the CMDB.

    an example of a Customer-facing service is shown, for Email sample topology.

    Download the Configuration Management Diagram Template Library to see an example.

    Build your configuration data model

    Rely on out-of-the-box functionality where possible and keep a narrow focus in the early implementation stages.

    1. If you have an enterprise architecture, then your configuration management data model should align with it.
    2. Keep a narrow focus in the early implementation stages. Don't fill up your CMDB until you are ready to validate and fix the data.
    3. Rely on out-of-the-box (OOTB) functionality where possible. If your configuration management database (CMDB) and platform do not have a data model OOTB, then rely on a publicly available data model.
    4. Map your business or IT service offering to the first few layers.

    Once this is built out in the system, you can let the automated dependency mapping take over, but you will still need to validate the accuracy of the automated mapping and investigate anything that is incorrect.

    Sample Configuration Data Model

    Every box represents a CI, and every line represents a relationship

    A sample configuration Data model is shown.

    Example: Data model and CMDB visualization

    Once the data model is entered into the CMDB, it will provide a more dynamic and complex view, including CIs shared with other services.

    An example of a Data Model Exercise

    CMDB View

    An example of a CMDB View of the Data Model Exercise

    2.2.2 Build data model diagrams

    Visualize the expected CI classes and relationships.

    Allot 45 minutes.

    1. Identify the different data model views you need. Use multiple diagrams to keep the information simple to read and understand. Common diagrams include:
      1. Network level: Outline expected CI classes and relationships at the network level.
      2. Application level: Outline the expected components and relationships that make up an application.
      3. Services level: Outline how business capability CIs and service CIs relate to each other and to other types of CIs.
    1. Use boxes to represent CI classes.
    2. Use lines to represent relationships. Include details such as:
      1. Relationship name: Write this name on the arrow.
      2. Direction: Have an arrow point to each child.

    Review samples in Configuration Management Diagram Template Library.
    Record these diagrams in the Configuration Management Standard Operating Procedures, Appendix 1: Configuration Data Model Structure.

    Input

    Output

    • List of default settings for classes, types, and relationships
    • Small list of services for testing
    • List of CIs to map to at least one service
    • List of additions of categories to add to the CMDB solution.
    MaterialsParticipants
    • Configuration Management Standard Operating Procedures
    • Configuration Management Diagram Template Library
    • IT service owners
    • Practice owners and managers
    • SCM practice manager
    • SCM project sponsor

    Download the Configuration Management Diagram Template Library to see examples.

    Determine governance for data security, access, and validation

    Align CMDB access to the organization's access control policy to maintain authorized and secure access for legitimate staff performing their role.

    Data User Type Access Role
    Data consumers
    • View-only access
    • Will need to view and use the data but will not need to make modifications to it
    • Service desk
    • Change manager
    • Major incident manager
    • Finance
    CMDB owner
    • Read/write access with the ability to update and validate data as needed
    • Configuration manager
    Domain owner
    • Read/write access for specific domains
    • Data owner within their domain, which includes validating that data is in the database and that it is correctly categorized.
    • Enterprise architect
    • Application owner
    Data provider
    • Read/write access for specific domains
    • Ensures automated data has been added and adds nondiscoverable assets and attributes as needed
    • Server operations
    • Database management
    • Network teams
    CMDB administrator
    • View-only access for data
    • Will need to have access for modifying the structure of the product, including adding fields, as determined by the CCB
    • ITSM tool administrator

    2.2.3 Determine access rights for your data

    Allot 30 minutes for this discussion.

    1. Open the Configuration Management Standard Operating Procedures, section 5: Access Rights.
    2. Review the various roles from an access perspective.
      1. Who needs read-only access?
      2. Who needs read/write access?
      3. Should there be restrictions on who can delete data?
    1. Fill in the chart and communicate this to your CMDB installation vendor or your CMDB administrator.
    Input

    Output

    • Task assignments
    • Access rights and roles
    MaterialsParticipants
    • Configuration Management Standard Operating Procedures
    • IT service owners
    • Practice owners and managers
    • SCM practice manager
    • SCM project sponsor

    Phase 3

    Configuration Record Updates

    StrategyData StructureProcessesRoadmap
    • Challenges and Goals
    • Use Cases and Data
    • Roles and Responsibilities
    • Services
    • Classifications
    • Data Modeling
    • Lifecycle Processes
    • Baselines
    • Audit and Data Validation
    • Metrics
    • Communications Plan
    • Roadmap

    This phase will walk you through the following aspects of a configuration management system:

    • ITSM Practices and Workflows
    • Discovery and Dependency Mapping Tools
    • Auditing and Data Validation Practices

    This phase involves the following participants:

    • IT service owners
    • Enterprise architects
    • Practice owners and managers
    • SCM practice manager
    • SCM project manager
    • IT audit

    Harness Service Configuration Management Superpowers

    Step 3.1

    Keep CIs and relationships up to date through lifecycle process integrations

    Activities

    3.1.1 Define processes to bring new services into the CMDB

    3.1.2 Determine when each type of CI will be created in the CMDB

    3.1.3 Identify when each type of CI will be retired in the CMDB

    3.1.4 Record when and how attributes will change

    3.1.5 Institute configuration control and configuration baselines

    This step will walk you through the following aspects of a configuration management system:

    1. ITSM Practices and Workflows
    2. Discovery and Dependency Mapping Tools

    This phase involves the following participants:

    1. IT service owners
    2. Enterprise architects
    3. Practice owners and managers
    4. SCM practice manager
    5. Project manager

    Outcomes of this step

    • List of action items for updating interfacing practices and processes
    • Identification of where configuration records will be manually updated

    Incorporate CMDB updates into IT operations

    Determine which processes will prompt changes to the CMDB data

    Onboard new services - Offboard Redundant Services. Onboard new CIs - Offboard Redundant CIs; Maintain CIs - Update Attributes.

    Change enablement

    Identify which process are involved in each stage of data input, maintenance, and removal to build out a process for each scenario.

    Project management

    Change enablement

    Asset management

    Security controls

    Project management

    Incident management

    Deployment management

    Change enablement

    Asset management

    Security controls

    Project management

    Incident management

    Service management

    Formalize the process for adding new services to the CMDB

    As new services and products are introduced into the environment, you can improve your ability to correctly cost the service, design integrations, and ensure all operational capabilities are in place, such as data backup and business continuity plans.
    In addition, attributes such as service-level agreements (SLAs), availability requirements, and product, technical, and business owners should be documented as soon as those new systems are made live.

    • Introduce the technical team and CCB to the product early to ensure the service record is created before deployment and to quickly map the services once they are moved into the production environment.
    • Engage with project managers or business analysts to define the process to include security and technical reviews early.
    • Engage with the security and technical reviewers to start documenting the service as soon as it is approved.
    • Determine which practices will be involved in the creation and approval of new services and formalize the process to streamline entry of the new service, onboarding corresponding CIs and mapping dependencies.

    an example of the review and approval process for new service or products is shown.

    3.1.1 Define processes to bring new services into the CMDB

    Start with the most frequent intake methods, and if needed, use this opportunity to streamline the process.

    1. Discuss the methods for new services to be introduced to the IT environment.
    2. Critique existing methods to assess consistency and identify issues that could prevent the creation of services in the CMDB in a timely manner.
    3. Create a workflow for the existing processes, with an eye to improvement. Identify any changes that will need to be introduced and managed appropriately.
    4. Identify where additional groups may need to be engaged to ensure success. For example, if project managers are not interfacing early with IT, discuss process changes with them.
    5. Discuss the validation process and determine where control points are. Document these on the workflows.
    6. Complete the Configuration Management Standard Operating Procedures, section 8.1: Introduce New Service and Data Model.

    Possible intake opportunities:

    • Business-driven project intake process
    • IT-driven project intake process
    • Change enablement reviews
    • Vendor-driven product changes
    Input

    Output

    • Discussion
    • Intake processes
    MaterialsParticipants
    • Configuration Management Standard Operating Procedures
    • Configuration Management Diagram Template Library
    • Configuration control board
    • Configuration manager
    • Project sponsor
    • IT stakeholders

    Identify scenarios where CIs are added and removed in the configuration management database

    New CIs may be introduced with new services or may be introduced and removed as part of asset refreshes or through service restoration in incident management. Updates may be done by your own services team or a managed services provider.
    Determine the various ways the CIs may be changed and test with various CI types.
    Review attributes such as SLAs, availability requirements, and product, technical, and business owners to determine if changes are required.

    • Identify what will be updated automatically or manually. Automation could include discovery and dependency mapping or synchronization with AMDB or AIOps tools.
    • Engage with relevant program managers to define and validate processes.
    • Identify control points and review audit requirements.

    An example of New or refresh CI from Procurement.

    Info-Tech Insight

    Data deemed no longer current may be archived or deleted. Retained data may be used for tracing lifecycle changes when troubleshooting or meeting audit obligations. Determine what types of CIs and use cases require archived data to meet data retention policies. If none do, deletion of old data may be appropriate.

    3.1.2 Identify when each type of CI will be created in the CMDB

    Allot 45 minutes for discussion.

    1. Discuss the various methods for new CIs to be introduced to the IT environment.
    2. Critique existing methods to assess consistency and identify issues that could prevent the creation of CIs in the CMDB in a timely manner.
    3. Create a workflow for the existing processes, with an eye to improvement. Identify any changes that will need to be introduced and managed appropriately.
    4. Identify where additional groups may need to be engaged to ensure success. For example, if project managers are not interfacing early with IT, discuss process changes with them.
    5. Discuss the validation process and determine where control points are. Document these on the workflows.
    6. Complete Configuration Management Standard Operating Procedures, section 8.2: Introduce New Configuration Items to the CMDB

    Possible intake opportunities:

    • Business-driven project intake process
    • IT-driven project intake process
    • Change enablement reviews
    • Vendor-driven product changes
    • Incident management
    • Asset management, lifecycle refresh
    Input

    Output

    • Discussion
    • Retirement processes
    MaterialsParticipants
    • Configuration Management Standard Operating Procedures
    • Configuration Management Diagram Template Library
    • Configuration control board
    • Configuration manager
    • Project sponsor
    • IT stakeholders

    3.1.3 Identify when each type of CI will be retired in the CMDB

    Allot 45 minutes for discussion.

    1. Discuss the various methods for CIs to be removed from the IT environment.
    2. Critique existing methods to assess consistency and identify issues that could prevent the retirement of CIs in the CMDB in a timely manner.
    3. Create a workflow for the existing processes, with an eye to improvement. Identify any changes that will need to be introduced and managed appropriately.
    4. Identify where additional groups may need to be engaged to ensure success. For example, if project managers are not interfacing early with IT, discuss process changes with them.
    5. Discuss the validation process and determine where control points are. Document these on the workflows.
    6. Discuss data retention. How long will retired information need to be archived? What are the potential scenarios where legacy information may be needed for analysis?
    7. Complete the Configuration Management Standard Operating Procedures, section 8.4: Retire and Archive Configuration Records.

    Possible retirement scenarios:

    • Change enablement reviews
    • Vendor-driven product changes
    • Incident management
    • Asset management, lifecycle refresh
    Input

    Output

    • Discussion
    • Intake processes
    MaterialsParticipants
    • Configuration Management Standard Operating Procedures
    • Configuration Management Diagram Template Library
    • Configuration control board
    • Configuration manager
    • Project sponsor
    • IT stakeholders

    Determine appropriate actions for detecting new or changed CIs through discovery

    Automated detection will provide the most efficient way of recording planned changes to CIs as well as detected unplanned changes. Check with the tool to determine what reports or notifications are available for the configuration management process and define what actions will be appropriate.

    As new CIs are detected, identify the process by which they should have been introduced into configuration management and compare against those records. If your CMDB can automatically check for documentation, this may be easier. Weekly reporting will allow you to catch changes quickly, and alerts on critical CIs could enable faster remediation, if the tool allows for alerting. AIOps could identify, notify of, and process many changes in a highly dynamic environment.

    Type of Change

    Impacted Process

    Validation

    Findings

    Actions

    Configuration change to networking equipment or software

    Change management

    Check for request for change

    No RFC

    Add to CAB agenda, notify technical owner

    Configuration change to end-user device or software

    Asset management

    Check for service ticket

    No ticket

    Escalate to asset agenda, notify service manager

    New assets coming into service

    Security incident and event management

    Check for SIEM integration

    No SIEM integration

    Notify security operations team to investigate

    The configuration manager may not have authority to act but can inform the process owners of unauthorized changes for further action. Once the notifications are forwarded to the appropriate process owner, the configuration manager will note the escalation and follow up on data corrections as deemed appropriate by the associated process owner.

    3.1.4 Record when and how attributes will change

    These lists will help with configuration control plans and your implementation roadmap.

    1. List each attribute that will change in that CI type's life.
    2. Write all the times that each attribute will change. Identify:
      1. The name of the workflow, service request, process, or practice that modifies the attribute.
      2. Whether the update is made automatically or manually.
      3. The role or tool that updates the CMDB.
    1. Update the relevant process or procedure documentation. Explicitly identify when the configuration records are updated.

    Document these tables in Configuration Management Standard Operation Procedures, Section 8.7: Practices That Modify CIs.

    Network Equipment
    Attributes

    Practices That Modify This Attribute

    Status
    • Infra Deployment (updated manually by Network Engineering)
    • Change Enablement (updated manually by CAB or Network Engineering)
    Assigned User
    • IT Employee Offboarding or Role Change (updated manually by Network Engineering)
    Version
    • Patch Deployment (updated automatically by SolarWinds)
    End-User Computers
    Attributes
    Practices That Modify This Attribute
    Status
    • Device Deployment (updated manually by Desktop Support)
    • Device Recovery (updated manually by Desktop Support)
    • Employee Offboarding and Role Change (updated manually by Service Desk)
    Assigned User
    • Device Deployment (updated manually by Desktop Support)
    • Device Recovery (updated manually by Desktop Support)
    • Employee Offboarding and Role Change (updated manually by Service Desk)
    Version
    • Patch Deployment (updated automatically by ConfigMgr)

    Institute configuration control and configuration baselines where appropriate

    A baseline enables an assessment of one or more systems against the desired state and is useful for troubleshooting incidents or problems and validating changes and security settings.

    Baselines may be used by enterprise architects and system engineers for planning purposes, by developers to test their solution against production copies, by technicians to assess configuration drift that may be causing performance issues, and by change managers to assess and verify the configuration meets the target design.

    Configuration baselines are a snapshot of configuration records, displaying attributes and first-level relationships of the CIs. Standard configurations may be integral to the success of automated workflows, deployments, upgrades, and integrations, as well as prevention of security events. Comparing current CIs against their baselines will identify configuration drift, which could cause a variety of incidents. Configuration baselines are updated through change management processes.
    Configuration baselines can be used for a variety of use cases:

    • Version control – Management of software and hardware versions, https://dj5l3kginpy6f.cloudfront.net/blueprints/harness-configuration-management-superpowers-phases-1-4/builds, and releases.
    • Access control – Management of access to facilities, storage areas, and the CMS.
    • Deployment control – Take a baseline of CIs before performing a release so you can use this to check against actual deployment.
    • Identify accidental changes Everyone makes mistakes. If someone installs software on the wrong server or accidentally drops a table in a database, the CMS can alert IT of the unauthorized change (if the CI is included in configuration control).

    Info-Tech Insight

    Determine the appropriate method for evaluating and approving changes to baselines. Delegating this to the CCB every time may reduce agility, depending on volume. Discuss in CCB meetings.

    A decision tree for deploying requested changes.

    3.1.5 Institute configuration control and configuration baselines where appropriate

    Only baseline CIs and relationships that you want to control through change enablement.

    1. Determine criteria for capturing configuration baselines, including CI type, event, or processes.
    2. Identify who will use baselines and how they will use the data. Identify their needs.
    3. Identify CIs that will be out of scope and not have baselines created.
    4. Document requirements in the SOP.
    5. Ensure appropriate team members have training on how to create and capture baselines in the CMDB.
    6. Document in the Configuration Management Standard Operating Procedures, section 8.5: Establish and Maintain Configuration Baselines.
    Process Criteria Systems
    Change Enablement & Deployment All high-risk changes must have the baseline captured with version number to revert to stable version in the event of an unsuccessful change
    • Servers (physical and virtual)
    • Enterprise software
    • IaaS
    • Data centers
    Security Identify when configuration drift may impact risk mitigation strategies
    • Servers (physical and virtual)
    • Enterprise software
    • IaaS
    • Data centers
    Input

    Output

    • Discussion
    • Baseline configuration guidelines
    MaterialsParticipants
    • Configuration Management Standard Operating Procedures
    • Configuration control board
    • Configuration manager
    • Project sponsor
    • IT stakeholders

    Step 3.2

    Validate data within the CMDB

    Activities

    3.2.1 Build an audit plan and checklist

    This step will walk you through the following aspects of a configuration management system:

    • Data validation and audit

    This phase involves the following participants:

    • IT service owners
    • Enterprise architects
    • Practice owners and managers
    • SCM practice manager
    • Project manager
    • IT audit

    Outcomes of this step

    • Updates to processes for data validation
    • Plan for auditing and validating the data in the CMDB

    Audit and validate the CMDB

    Review the performance of the supporting technologies and processes to validate the accuracy of the CMDB.

    A screenshot of the CM Audit Plan.

    CM Audit Plan

    • CM policies
    • CM processes and procedures
    • Interfacing processes
    • Content within the CMDB

    "If the data in your CMDB isn't accurate, then it's worthless. If it's wrong or inaccurate, it's going to drive the wrong decisions. It's going to make IT worse, not better."
    – Valence Howden, Research Director, Info-Tech Research Group

    Ensure the supporting technology is working properly

    Does the information in the database accurately reflect reality?

    Perform functional tests during audits and as part of release management practices.

    Audit results need to have a clear status of "compliant," "noncompliant," or "compliant with conditions," and conditions need to be noted. The conditions will generally offer a quick win to improve a process, but don't use these audit results to quickly check off something as "done." Ensure the fix is useful and meaningful to the process.
    The audit should cover three areas:

    • Process: Are process requirements for the program well documented? Are the processes being followed? If there were updates to the process, were those updates to the process documented and communicated? Has behavior changed to suit those modified processes?
    • Physical: Physical configuration audits (PCAs) are audits conducted to verify that a configuration item, as built, conforms to the technical documentation that defines and describes it.
    • Functional: Functional configuration audits (FCAs) are audits conducted to verify that the development of a configuration item has been completed satisfactorily, the item has achieved the functional attributes specified in the functional or allocated baseline, and its technical documentation is complete and satisfactory.

    Build auditing and validation of processes whenever possible

    When technicians and analysts are working on a system, they should check to make sure the data about that system is correct. When they're working in the CMDB, they should check that the data they're working with is correct.

    More frequent audits, especially in the early days, may help move toward process adoption and resolving data quality issues. If audits are happening more frequently, the audits can include a smaller scope, though it's important to vary each one to ensure many different areas have been audited through the year.

    • Watch for data duplication from multiple discovery tools.
    • Review mapping to ensure all relevant CIs are attached to a product or service.
    • Ensure report data is logical.

    Ensure the supporting technology is working properly

    Does the information in the database accurately reflect reality?

    Perform functional tests during audits and as part of release management practices.

    Audit results need to have a clear status of "compliant," "noncompliant," or "compliant with conditions," and conditions need to be noted. The conditions will generally offer a quick win to improve a process, but don't use these audit results to quickly check off something as "done." Ensure the fix is useful and meaningful to the process.
    The audit should cover three areas:

    • Process: Are process requirements for the program well documented? Are the processes being followed? If there were updates to the process, were those updates to the process documented and communicated? Has behavior changed to suit those modified processes?
    • Physical: Physical configuration audits (PCAs) are audits conducted to verify that a configuration item, as built, conforms to the technical documentation that defines and describes it.
    • Functional: Functional configuration audits (FCAs) are audits conducted to verify that the development of a configuration item has been completed satisfactorily, the item has achieved the functional attributes specified in the functional or allocated baseline, and its technical documentation is complete and satisfactory.

    More frequent audits, especially in the early days, may help move toward process adoption and resolving data quality issues. If audits are happening more frequently, the audits can include a smaller scope, though it's important to vary each one to ensure many different areas have been audited through the year.

    • Watch for data duplication from multiple discovery tools.
    • Review mapping to ensure all relevant CIs are attached to a product or service.
    • Ensure report data is logical.

    Identify where processes break down and data is incorrect

    Once process stops working, data becomes less accurate and people find workarounds to solve their own data needs.

    Data within the CMDB often becomes incorrect or incomplete where human work breaks down

    • Investigate processes that are performed manually, including data entry.
    • Investigate if the process executors are performing these processes uniformly.
    • Determine if there are opportunities to automate or provide additional training.
    • Select a sample of the corresponding data in the CMS. Verify if the data is correct.

    Non-CCB personnel may not be completing processes fully or consistently

    • Identify where data in the CMS needs to be updated.
    • Identify whether the process practitioners are uniformly updating the CMS.
    • Discuss options for improving the process and driving consistency for data that will benefit the whole organization.

    Ensure that the data entered in the CMDB is correct

    • Confirm that there is no data duplication. Data duplication is very common when there are multiple discovery tools in your environment. Confirm that you have set up your tools properly to avoid duplication.
    • Build a process to respond to baseline divergence when people make changes without following change processes and when updates alter settings.
    • Audit the system for accuracy and completeness.

    3.2.1 Build an audit plan and checklist

    Use the audit to identify areas where processes are breaking down.

    Audits present you with the ability to address these pain points before they have greater negative impact.

    1. Identify which regulatory requirements and/or auditing bodies will be relevant to audit processes or findings.
    2. Determine frequency of practice audits and how they relate to internal audits or external audits.
    3. Determine audit scope, including requirements for data spot checks.
    4. Determine who will be responsible for conducting audits and validate this is consistent with the RACI chart.
    5. Record audit procedures in the Configuration Management Standard Operating Procedures section 8.6: Verify and Review the Quality of Information Through Auditing.
    6. Review the Configuration Management Audit and Validation Checklist and modify to suit your needs.

    Download the Configuration Management Audit and Validation Checklist

    Input

    Output

    • Discussion
    • Baseline configuration guidelines
    MaterialsParticipants
    • Configuration Management Standard Operating Procedures
    • Configuration control board
    • Configuration manager
    • Project sponsor
    • IT stakeholders

    Phase 4

    Service Configuration Roadmap

    StrategyData StructureProcessesRoadmap
    • Challenges and Goals
    • Use Cases and Data
    • Roles and Responsibilities
    • Services
    • Classifications
    • Data Modeling
    • Lifecycle Processes
    • Baselines
    • Audit and Data Validation
    • Metrics
    • Communications Plan
    • Roadmap

    This phase will walk you through the following aspect of a configuration management system:
    Roadmap
    This phase involves the following participants:

    • IT service owners
    • Enterprise architects
    • Practice owners and managers
    • SCM practice manager
    • SCM project manager

    Harness Service Configuration Management Superpowers

    Step 4.1

    Define measures of success

    Activities

    4.1.1 Identify key metrics to define configuration management success
    4.1.2 Brainstorm and record desired reports, dashboards, and analytics
    4.1.3 Build a configuration management policy

    This phase will walk you through the following aspects of a configuration management system:

    • Metrics
    • Policy

    This phase involves the following participants:

    • IT service owners
    • Enterprise architects
    • Practice owners and managers
    • SCM practice manager
    • SCM project manager

    The value of metrics can be found in IT efficiency increases

    When determining metrics for configuration management, be sure to separate metrics needed to gauge configuration management success and those that will use data from the CMDB to provide metrics on the success of other practices.

    • Metrics provide accurate indicators for IT and business decisions.
    • Metrics help you identify IT efficiencies and problems and solve issues before they become more serious.
    • Active metrics tracking makes root cause analysis of issues much easier.
    • Proper application of metrics helps IT services identification and prioritization.
    • Operational risks can be prevented by identifying and implementing metrics.
    • Metrics analysis increases the confidence of the executive team and ensures that IT is working well.

    A funnel is shown. The output is IT Performance. The inputs are: Service Desk Metrics; Incident Metrics; Asset Mgmt. Metrics; Release Mgmt. Metrics; Change Mgmt. Metrics; Infra. Metrics

    4.1.1 Identify key metrics to define configuration management success

    Determine what metrics are specifically related to the practice and how and when metrics will be accessed.

    Success factors

    Key metrics

    Source

    Product and service configuration data is relevant

    • Stakeholder satisfaction with data access, accuracy, and usability
    • Stakeholder satisfaction with service configuration management interface, procedures, and reports

    Stakeholder discussions

    • Number of bad decisions made due to incorrect or insufficient data
    • Impact of bad decisions made due to incorrect or insufficient data

    Process owner discussions

    • Number and impact of data identified as incorrect
    • % of CMDB data verified over the period

    CMDB

    Cost and effort are continually optimized

    • Effort devoted to service configuration management
    • Cost of tools directly related to the process

    Resource management or scheduling

    ERP

    Progress reporting

    • Communication execution
    • Process
    • Communications and feedback

    Communications team and stakeholder discussions

    Data – How many products are in the CMDB and are fully and accurately discovered and mapped?

    CMDB

    Ability to meet milestones on time and with appropriate quality

    Project team

    Document metrics in the Configuration Management Standard Operating Procedures, section 7: Success Metrics

    Use performance metrics to identify areas to improve service management processes using CMDB data

    Metrics can indicate a problem with service management processes but cannot provide a clear path to a solution on their own.

    • The biggest challenge is defining and measuring the process and people side of the equation.
    • Expected performance may also need to be compared to actual performance in planning, budgeting, and improvements.
    • The analysis will need to include critical success factors (CSFs), data collection procedures, office routines, engineering practices, and flow diagrams including workflows and key relationships.
    • External benchmarking may also prove useful in identifying how similar organizations are managing aspects of their infrastructure, processing transactions/requests, or staffing. If using external benchmarking for actual process comparisons, clearly defining your internal processes first will make the data collection process smoother and more informative.

    Info-Tech Insight

    Using a service framework such as ITIL, COBIT, or ISO 20000 may make this job easier, and subscribing to benchmarking partners will provide some of the external data needed for comparison.

    4.1.2 Brainstorm and record desired reports, dashboards, and analytics with related practices

    The project team will use this list as a starting point

    Allot 45 minutes for this discussion.

    1. Create a table for each service or business capability.
      1. Have one column for each way of consuming data: reports, dashboards, and ad hoc analytics.
      2. Have one row for each stakeholder group that will consume the information.
    2. Use the challenges and use cases to brainstorm reports, dashboards, and ad hoc analytic capabilities that each stakeholder group will find useful.
    3. Record these results in your Configuration Management Standard Operating Procedures, section 7: Aligned Processes' Desired Analytical Capabilities.
    Stakeholder Groups Reports Dashboards
    Change Management
    • CI changes executed without an RFC
    • RFCs grouped by service
    • Potential collisions in upcoming changes
    Security
    • Configuration changes that no longer match the baseline
    • New configuration items discovered
    Finance
    • Service-based costs
    • Service consumption by department

    Download the blueprint Take Control of Infrastructure and Operations Metrics to create a complete metrics program.

    Create a configuration management policy and communicate it

    Policies are important documents to provide definitive guidelines and clarity around data collection and use, process adherence, and controls.

    • A configuration management policy will apply to IT as the audience, and participants in the program will largely be technical.
    • Business users will benefit from a great configuration management program but will not participate directly.
    • The policy will include objectives and scope, use of data, security and integrity of data, data models and criteria, and baseline configurations.
    • Several governing regulations and practices may intersect with configuration management, such as ITIL, COBIT, and NIST frameworks, as well as change enablement, quality management, asset management, and more.
    • As the policy is written, review processes to ensure policies and processes are aligned. The policy should enable processes, and it may require modifications if it hinders the collection, security, or use of data required to meet proposed use cases.
    • Once the policy is written and approved, ensure all stakeholders understand the importance, context, and repercussions of the policy.

    The approvals process is about appropriate oversight of the drafted policies. For example:

    • Do the policies satisfy compliance and regulatory requirements?
    • Do the policies work with the corporate culture?
    • Do the policies address the underlying need?

    If the draft is approved:

    • Set the effective date and a review date.
    • Begin communication, training, and implementation.

    Employees must know that there are new policies and understand the steps they must take to comply with the policies in their work.

    Employees must be able to interpret, understand, and know how to act upon the information they find in the policies.

    Employees must be informed on where to get help or ask questions and who to request policy exceptions from.

    If the draft is rejected:

    • Acquire feedback and make revisions.
    • Resubmit for approval.

    4.1.3 Build a configuration management policy

    This policy provides the foundation for configuration control.

    Use this template as a starting point.

    The Configuration Management Policy provides the foundation for a configuration control board and the use of configuration baselines.
    Instructions:

    1. Review and modify the policy statements. Ensure that the policy statements reflect your organization and the expectations you wish to set.
    2. If you don't have a CCB: The specified responsibilities can usually be assigned to either the configuration manager or the governing body for change enablement.
    3. Determine if you should apply this policy beyond SCM. As written, this policy may provide a good starting point for practices such as:
      • Secure baseline configuration management
      • Software configuration management

    Two screenshots from the Configuration Management Policy template

    Download the Configuration Management Policy template

    Step 4.2

    Build communications and a roadmap

    Activities

    4.2.1 Build a communications plan
    4.2.2 Identify milestones

    This phase will walk you through the following aspects of a configuration management system:

    • Communications plan
    • Roadmap

    This phase involves the following participants:

    • IT service owners
    • Enterprise architects
    • Practice owners and managers
    • SCM practice manager
    • SCM project manager

    Outcomes of this step

    • Documented expectations around configuration control
    • Roadmap and action items for the SCM project

    Do not discount the benefits of a great communications plan as part of change management

    Many configuration management projects have failed due to lack of organizational commitment and inadequate communications.

    • Start at the top to ensure stakeholder buy-in by verifying alignment and use cases. Without a committed project sponsor who believes in the value of configuration management, it will be difficult to draw the IT team into the vision.
    • Clearly articulate the vision, strategy, and goals to all stakeholders. Ensure the team understands why these changes are happening, why they are happening now, and what outcomes you hope to achieve.
    • Gain support from technical teams by clearly expressing organizational and departmental benefits – they need to know "what's in it for me."
    • Clearly communicate new responsibilities and obligations and put a feedback process in place to hear concerns, mitigate risk, and act on opportunities for improvement. Be prepared to answer questions as this practice is rolled out.
    • Be consistent in your messaging. Mixed messages can easily derail progress.
    • Communicate to the business how these efforts will benefit the organization.
    • Share documents built in this blueprint or workshop with your technical teams to ensure they have a clear picture of the entire configuration management practice.
    • Share your measures and view of success and communicate wins throughout building the practice.

    30%

    When people are truly invested in change, it is 30% more likely to stick.
    McKinsey

    82%

    of CEOs identify organizational change management as a priority.
    D&B Consulting

    6X

    Initiatives with excellent change management are six times more likely to meet objectives than those with poor change management.
    Prosci

    For a more detailed program, see Drive Technology Adoption

    Formulate a communications plan to ensure all stakeholders and impacted staff will be aware of the plan

    Communication is key to success in process adoption and in identifying potential risks and issues with integration with other processes. Engage as often as needed to get the information you need for the project and for adoption.

    Identify Messages

    Distinct information that needs to be sent at various times. Think about:

    • Who will be impacted and how.
    • What the goals are for the project/new process.
    • What the audience needs to know about the new process and how they will interface with each business unit.
    • How people can request configuration data.

    Identify Audiences

    Any person or group who will be the target of the communication. This may include:

    • Project sponsors and stakeholders.
    • IT staff who will be involved in the project.
    • IT staff who will be impacted by the project (i.e. who will benefit from it or have obligations to fulfill because of it).
    • Business sponsors and product owners.

    Document and Track

    Document messaging, medium, and responsibility, working with the communications team to refine messages before executing.

    • Identify where people can send questions and feedback to ensure they have the information they need to make or accept the changes.
    • Document Q&A and share in a central location.

    Determine Timing

    Successful communications plans consider timing of various messages:

    • Advanced high-level notice of improvements for those who need to see action.
    • Advanced detailed notice for those who will be impacted by workload.
    • Advanced notice for who will be impacted (i.e. who will benefit from it or have obligations to fulfill because of it) once the project is ready to be transitioned to daily life.

    Determine Delivery

    Work with your communications team, if you have one, to determine the best medium, such as:

    • Meeting announcement for stakeholders and IT.
    • Newsletter for those less impacted.
    • Intranet announcements: "coming soon!"
    • Demonstrations with vendors or project team.

    4.2.1 Build a communications plan

    The communications team will use this list as a starting point.

    Allot 45 minutes for this discussion.

    Identify stakeholders.

    1. Identify everyone who will be affected by the project and by configuration management.

    Craft key messages tailored to each stakeholder group.

    1. Identify the key messages that must be communicated to each group.

    Finalize the communication plan.

    1. Determine the most appropriate timing for communications with each group to maximize receptivity.
    2. Identify any communication challenges you anticipate and incorporate steps to address them into your communication plan.
    3. Identify multiple methods for getting the messages out (e.g. newsletters, emails, meetings).
    1. Identify how feedback will be collected (i.e. through interviews or surveys) to measure whether the changes were communicated well.
    Audience Message Medium Timing Feedback Mechanism
    Configuration Management Team Communicate all key processes, procedures, policies, roles, and responsibilities In-person meetings and email communications Weekly meetings Informal feedback during weekly meetings
    Input

    Output

    • Discussion
    • Rough draft of messaging for communications team
    MaterialsParticipants
    • Project plan
    • Configuration manager
    • Project sponsor
    • IT director
    • Communications team

    Build a realistic, high-level roadmap including milestones

    Break the work into manageable pieces

    1. Plan to have multiple phases with short-, medium-, and long-term goals/timeframes. Building a CMDB is not easy and should be broken into manageable sections.
    2. Set reasonable milestones. For each phase, document goals to define "done" and ensure they're reasonable for the resources you have available. If working with a vendor, include them in your discussions of what's realistic.
    3. Treat the first phase as a pilot. Focus on items you understand well:
      1. Well-understood user-facing and IT services
      2. High-maturity management and governance practices
      3. Trusted data sources
    4. Capture high-value, high-criticality services early. Depending on the complexity of your systems, you may need to split this phase into multiple phases.

    Document this table in the Configuration Management Project Charter, section 3.0: Milestones

    Timeline/Owner Milestone/Deliverable Details
    First four weeks Milestone: Plan defined and validated with ITSM installation vendor Define processes for intake, maintenance, and retirement.
    Rebecca Roberts Process documentation written, approved, and ready to communicate Review CI categories

    4.2.2 Identify milestones

    Build out a high-level view to inform the project plan

    Open the Configuration Management Project Charter, section 3: Milestones.
    Instructions:

    1. Identify high-level milestones for the implementation of the configuration management program. This may include tool evaluation and implementation, assignment of roles, etc.
    2. Add details to fill out the milestone, keeping to a reasonable level of detail. This may inform vendor discussion or further development of the project plan.
    3. Add target dates to the milestones. Validate they are realistic with the team.
    4. Add notes to the assumptions and constraints section.
    5. Identify risks to the plan.

    Two Screenshots from the Configuration Management Project Charter

    Download the Configuration Management Project Charter

    Workshop Participants

    R = Recommended
    O = Optional

    Participants Day 1 Day 2 Day 3 Day 4
    Configuration Management Strategy CMDB Data Structure Processes Communications & Roadmap
    Morning Afternoon Morning Afternoon Morning Afternoon Morning Afternoon
    Head of IT R O
    Project Sponsor R R O O O O O O
    Infrastructure, Enterprise Apps Leaders R R O O O O O O
    Service Manager R R O O O O O O
    Configuration Manager R R R R R R R R
    Project Manager R R R R R R R R
    Representatives From Network, Compute, Storage, Desktop R R R R R R R R
    Enterprise Architecture R R R R O O O O
    Owner of Change Management/Change Control/Change Enablement R R R R R R R R
    Owner of In-Scope Apps, Use Cases R R R R R R R R
    Asset Manager R R R R R R R R

    Related Info-Tech Research

    Research Contributors and Experts

    Thank you to everyone who contributed to this publication

    Brett Johnson, Senior Consultant, VMware

    Yev Khovrenkov, Senior Consultant, Solvera Solutions

    Larry Marks, Reviewer, ISACA New Jersey

    Darin Ohde, Director of Service Delivery, GreatAmerica Financial Services

    Jim Slick, President/CEO, Slick Cyber Systems

    Emily Walker, Sr. Digital Solution Consultant, ServiceNow

    Valence Howden, Principal Research Director, Info-Tech Research Group

    Allison Kinnaird, Practice Lead, IT Operations, Info-Tech Research Group

    Robert Dang, Principal Research Advisor, Security, Info-Tech Research Group

    Monica Braun, Research Director, IT Finance, Info-Tech Research Group

    Jennifer Perrier, Principal Research Director, IT Finance, Info-Tech Research Group

    Plus 13 anonymous contributors

    Bibliography

    An Introduction to Change Management, Prosci, Nov. 2019.
    BAI10 Manage Configuration Audit Program. ISACA, 2014.
    Bizo, Daniel, et al, "Uptime Institute Global Data Center Survey 2021." Uptime Institute, 1 Sept. 2021.
    Brown, Deborah. "Change Management: Some Statistics." D&B Consulting Inc. May 15, 2014. Accessed June 14, 2016.
    Cabinet Office. ITIL Service Transition. The Stationery Office, 2011.
    "COBIT 2019: Management and Governance Objectives. ISACA, 2018.
    "Configuration Management Assessment." CMStat, n.d. Accessed 5 Oct. 2022.
    "Configuration Management Database Foundation." DMTF, 2018. Accessed 1 Feb. 2021.
    Configuration Management Using COBIT 5. ISACA, 2013.
    "Configuring Service Manager." Product Documentation, Ivanti, 2021. Accessed 9 Feb. 2021.
    "Challenges of Implementing configuration management." CMStat, n.d. Accessed 5 Oct. 2022.
    "Determining if configuration management and change control are under management control, part 1." CMStat, n.d. Accessed 5 Oct. 2022.
    "Determining if configuration management and change control are under management control, part 2." CMStat, n.d. Accessed 5 Oct. 2022.
    "Determining if configuration management and change control are under management control, part 3." CMStat, n.d. Accessed 5 Oct. 2022.
    "CSDM: The Recipe for Success." Data Content Manager, Qualdatrix Ltd. 2022. Web.
    Drogseth, Dennis, et al., 2015, CMDB Systems: Making Change Work in the Age of Cloud and Agile. Morgan Kaufman.
    Ewenstein, B, et al. "Changing Change Management." McKinsey & Company, 1 July 2015. Web.
    Farrell, Karen. "VIEWPOINT: Focus on CMDB Leadership." BMC Software, 1 May 2006. Web.
    "How to Eliminate the No. 1 Cause of Network Downtime." SolarWinds, 4 April 2014. Accessed 9 Feb. 2021.
    "ISO 10007:2017: Quality Management -- Guidelines for Configuration Management." International Organization for Standardization, 2019.
    "IT Operations Management." Product Documentation, ServiceNow, version Quebec, 2021. Accessed 9 Feb. 2021.
    Johnson, Elsbeth. "How to Communicate Clearly During Organizational Change." Harvard Business Review, 13 June 2017. Web.
    Kloeckner, K. et al. Transforming the IT Services Lifecycle with AI Technologies. Springer, 2018.
    Klosterboer, L. Implementing ITIL Configuration Management. IBM Press, 2008.
    Norfolk, D., and S. Lacy. Configuration Management: Expert Guidance for IT Service Managers and Practitioners. BCS Learning & Development Limited, revised ed., Jan. 2014.
    Painarkar, Mandaar. "Overview of the Common Data Model." BMC Documentation, 2015. Accessed 1 Feb. 2021.
    Powers, Larry, and Ketil Been. "The Value of Organizational Change Management." Boxley Group, 2014. Accessed June 14, 2016.
    "Pulse of the Profession: Enabling Organizational Change Throughout Strategic Initiatives." PMI, March 2014. Accessed June 14, 2016.
    "Service Configuration Management, ITIL 4 Practice Guide." AXELOS Global Best Practice, 2020
    "The Guide to Managing Configuration Drift." UpGuard, 2017.

    Enable Omnichannel Commerce That Delights Your Customers

    • Buy Link or Shortcode: {j2store}534|cart{/j2store}
    • member rating overall impact (scale of 10): 9.5/10 Overall Impact
    • member rating average dollars saved: $17,249 Average $ Saved
    • member rating average days saved: 7 Average Days Saved
    • Parent Category Name: Customer Relationship Management
    • Parent Category Link: /customer-relationship-management
    • Today’s customers expect to be able to transact with you in the channels of their choice. The proliferation of e-commerce, innovations in brick-and-mortar retail, and developments in mobile commerce and social media selling mean that IT organizations are managing added complexity in drafting a strategy for commerce enablement.
    • The right technology stack is critical in order to support world-class e-commerce and brick-and-mortar interactions with customers.

    Our Advice

    Critical Insight

    • Support the right transactional channels for the right customers: there is no “one-size-fits-all” approach to commerce enablement – understand your customers to drive selection of the right transactional channels.
    • Don’t assume that “traditional” commerce channels have stagnated: IoT, customer analytics, and blended retail are reinvigorating brick-and-mortar selling.
    • Don’t buy best-of-breed; buy best-for-you. Base commerce vendor selection on your requirements and use cases, not on the vendor’s overall performance.

    Impact and Result

    • Leverage Info-Tech’s proven, road-tested approach to using personas and scenarios to build strong business drivers for your commerce strategy.
    • Before selecting and deploying technology solutions, create a cohesive channel matrix outlining which channels your organization will support with transactional capabilities.
    • Understand evolving trends in the commerce solution space, such as AI-driven product recommendations and integration with other essential enterprise applications (i.e. CRM and marketing automation platforms).
    • Understand and apply operational best practices such as content optimization and dynamic personalization to improve the conversion rate via your e-commerce channels.

    Enable Omnichannel Commerce That Delights Your Customers Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Enable Omnichannel Commerce Deck – A deck outlining the importance of creating a cohesive omnichannel framework to improve your customer experience.

    E-commerce channels have proliferated, and traditional brick-and-mortar commerce is undergoing reinvention. In order to provide your customers with a strong experience, it's imperative to create a strategy – and to deploy the right enabling technologies – that allow for robust multi-channel commerce. This storyboard provides a concise overview of how to do just that.

    • Enable Omnichannel Commerce That Delights Your Customers – Phases 1-2

    2. Create Personas to Drive Omnichannel Requirements Template – A template to identify key customer personas for e-commerce and other channels.

    Customer personas are archetypal representations of your key audience segments. This template (and populated examples) will help you construct personas for your omnichannel commerce project.

    • Create Personas to Drive Omnichannel Requirements Template
    [infographic]

    Further reading

    Enable Omnichannel Commerce That Delights Your Customers

    Create a cohesive, omnichannel framework that supports the right transactions through the right channels for the right customers.

    Analyst Perspective

    A clearly outlined commerce strategy is a necessary component of a broader customer experience strategy.

    This is a picture of Ben Dickie, Research Lead, Research – Applications at Info-Tech Research Group

    Ben Dickie
    Research Lead, Research – Applications
    Info-Tech Research Group

    “Your commerce strategy is where the rubber hits the road, converting your prospects into paying customers. To maximize revenue (and provide a great customer experience), it’s essential to have a clearly defined commerce strategy in place.

    A strong commerce strategy seeks to understand your target customer personas and commerce journey maps and pair these with the right channels and enabling technologies. There is not a “one-size-fits-all” approach to selecting the right commerce channels: while many organizations are making a heavy push into e-commerce and mobile commerce, others are seeking to differentiate themselves by innovating in traditional brick-and-mortar sales. Hybrid channel design now dominates many commerce strategies – using a blend of e-commerce and other channels to deliver the best-possible customer experience.

    IT leaders must work with the business to create a succinct commerce strategy that defines personas and scenarios, outlines the right channel matrix, and puts in place the right enabling technologies (for example, point-of-sale and e-commerce platforms).”

    Stop! Are you ready for this project?

    This Research Is Designed For:

    • IT leaders and business analysts supporting their commercial and marketing organizations in developing and executing a technology enablement strategy for e-commerce or brick-and-mortar commerce.
    • Any organization looking to develop a persona-based approach to identifying the right channels for their commerce strategy.

    This Research Will Help You:

    • Identify key personas and customer journeys for a brick-and-mortar and/or e-commerce strategy.
    • Select the right channels for your commerce strategy and build a commerce channel matrix to codify the results.
    • Review the “art of the possible” and new developments in brick-and-mortar and e-commerce execution.

    This Research Will Also Assist:

    • Sales managers, brand managers, and any marketing professional looking to build a cohesive commerce strategy.
    • E-commerce or POS project teams or working groups tasked with managing an RFP process for vendor selection.

    This Research Will Help Them:

    • Build a persona-centric commerce strategy.
    • Understand key technology trends in the brick-and-mortar and e-commerce space.

    Executive Summary

    Your Challenge

    Today’s customers expect to be able to transact with you in the channels of their choice.

    The proliferation of e-commerce, innovations in brick-and-mortar retail, and developments in mobile commerce and social media selling mean that IT organizations are managing added complexity in drafting a strategy for commerce enablement.

    The right technology stack is critical to support world-class e-commerce and brick-and-mortar interactions with customers.

    Common Obstacles

    Many organizations do not define strong, customer-centric drivers for dictating which channels they should be investing in for transactional capabilities.

    As many retailers look to move shopping experiences online during the pandemic, the impetus for having a strong e-commerce suite has markedly increased. The proliferation of commerce vendors has made it difficult to identify and shortlist the right solution, while the pandemic has also highlighted the importance of adopting new vendors quickly and efficiently: companies need to understand the top players in different commerce market landscapes.

    IT is receiving a growing number of commerce platform requests and must be prepared to speak intelligently about requirements and the “art of the possible.”

    Info-Tech’s Approach

    • Leverage Info-Tech’s proven, road-tested approach to using personas and scenarios to build strong business drivers for your commerce strategy.
    • Before selecting and deploying technology solutions, create a cohesive channel matrix outlining which channels your organization will support with transactional capabilities.
    • Understand evolving trends in the commerce solution space, such as AI-driven product recommendations and integration with other essential enterprise applications (i.e. customer relationship management [CRM] and marketing automation platforms).
    • Understand and apply operational best practices such as content optimization and dynamic personalization to improve the conversion rate via your e-commerce channels.

    Info-Tech Insight

    • Support the right transactional channels for the right customers: there is no “one-size-fits-all” approach to commerce enablement – understand your customers to drive selection of the right transactional channels.
    • Don’t assume that “traditional” commerce channels have stagnated: IoT, customer analytics, and blended retail are reinvigorating brick-and-mortar selling.
    • Don’t buy best-of-breed; buy best-for-you: base commerce vendor selection on your requirements and use cases, not on the vendor’s overall performance.

    A strong commerce strategy is an essential component of a savvy approach to customer experience management

    A commerce strategy outlines an organization’s approach to selling its products and services. A strong commerce strategy identifies target customers’ personas, commerce journeys that the organization wants to support, and the channels that the organization will use to transact with customers.

    Many commerce strategies encompass two distinct but complementary branches: a commerce strategy for transacting through traditional channels and an e-commerce strategy. While the latter often receives more attention from IT, it still falls on IT leaders to provide the appropriate enabling technologies to support traditional brick-and-mortar channels as well. Traditional channels have also undergone a digital renaissance in recent years, with forward-looking companies capitalizing on new technology to enhance customer experiences in their stores.

    Traditional Channels

    • Physical Stores (Brick and Mortar)
    • Kiosks or Pop-Up Stores
    • Telesales
    • Mail Orders
    • EDI Transactions

    E-Commerce Channels

    • E-Commerce Websites
    • Mobile Commerce Apps
    • Embedded Social Shopping
    • Customer Portals
    • Configure Price Quote Tool Sets (CPQ)
    • Hybrid Retail

    Info-Tech Insight

    To better serve their customers, many companies position themselves as “click-and-mortar” shops – allowing customers to transact at a store or online.

    Customers’ expectations are on the rise: meet them!

    Today’s consumers expect speed, convenience, and tailored experiences at every stage of the customer lifecycle. Successful organizations strive to support these expectations.

    58%
    of retail customers admitted that their expectations now are higher than they were a year ago (FinancesOnline).

    70%
    of consumers between the ages of 18 and 34 have increasing customer expectations year after year (FinancesOnline).

    69%
    of consumers now expect store associates to be armed with a mobile device to deliver value-added services, such as looking up product information and checking inventory (V12).

    73%
    of support leaders agree that customer expectations are increasing, but only…

    42%
    of support leaders are confident that they’re actually meeting those expectations.

    How can you be sure that you are meeting your customers’ expectations?

    1. Offer more personalization throughout the entire customer journey
    2. Practice quality customer service – ensure staff have up-to-date knowledge and offer quick resolution time for complaints
    3. Focus on offering low-effort experiences and easy-to-use platforms (i.e. “one-click buying”)
    4. Ensure your products and services perform well and do what they’re meant to do
    5. Ensure omnichannel availability – 9 in 10 consumers want a seamless omnichannel experience

    Info-Tech Insight

    Customers expect to interact with organizations through the channels of their choice. Now more than ever, you must enable your organization to provide tailored commerce and transactional experiences.

    Omnichannel commerce is the way of the future

    Create a strategy that embraces this reality with the right tools!

    Get ahead of the competition by doing omnichannel right! Devise a strategy that allows you to create and maintain a consistent, seamless commerce experience by optimizing operations with an omnichannel framework. Customers want to interact with you on their own terms, and it falls to IT to ensure that applications are in place to support and manage both traditional and e-commerce channels. There must also be consistency of copy, collateral, offers, and pricing between commerce channels.

    71%
    of consumers want a consistent experience across all channels, but only…

    29%
    say that they actually get it.

    (Source: Business 2 Community, 2020)

    Omnichannel is a “multichannel approach that aims to provide customers with a personalized, integrated, and seamless shopping experience across diverse touchpoints and devices.”
    Source: RingCentral, 2021

    IT is responsible for providing technology enablement of the commerce strategy: e-commerce platforms are a cornerstone

    An e-commerce platform is an enterprise application that provides end-to-end capabilities for allowing customers to purchase products or services from your company via an online channel (e.g. a traditional website, a mobile application, or an embedded link in a social media post). Modern e-commerce platforms are essential for delivering a frictionless customer journey when it comes to purchasing online.

    $6.388
    trillion dollars worth of sales will be conducted online by 2024 (eMarketer, 14 Jan. 2021).

    44%
    of all e-commerce transactions are expected to be completed via a mobile device by 2024 (Insider).

    21.8%
    of all sales will be made from online purchases by 2024 (eMarketer, 14 Jan. 2021).

    Strong E-Commerce Platforms Enable a Wide Range of Functional Areas:

    • Product Catalog Management
    • Web Content Delivery
    • Product Search Engine
    • Inventory Management
    • Shopping Cart Management
    • Discount and Coupon Management
    • Return Management and Reverse Logistics
    • Dynamic Personalization
    • Dynamic Promotions
    • Predictive Re-Targeting
    • Predictive Product Recommendations
    • Transaction Processing
    • Compliance Management
    • Commerce Workflow Management
    • Loyalty Program Management
    • Reporting and Analytics

    An e-commerce solution boosts the effectiveness and efficiency of your operations and drives top-line growth

    Take time to learn the capabilities of modern e-commerce applications. Understanding the “art of the possible” will help you to get the most out of your e-commerce platform.

    An e-commerce platform helps marketers and sales staff in three primary ways:

    1. It allows the organization to effectively and efficiently operate e-commerce operations at scale.
    2. It allows commercial staff to have a single system for managing and monitoring all commercial activity through online channels.
    3. It allows the organization to improve the customer-facing e-commerce experience, boosting conversions and top-line sales.

    A dedicated e-commerce platform improves the efficiency of customer-commerce operations

    • Workflow automation reduces the amount of time spent executing dynamic e-commerce campaigns.
    • The use of internal or third-party data increases conversion effectiveness from customer databases across the organization.

    Info-Tech Insight

    A strong e-commerce provides marketers with the data they need to produce actionable insights about their customers.

    Case Study

    INDUSTRY - Retail
    SOURCE - Salesforce (a)

    PetSmart improves customer experience by leveraging a new commerce platform in the Salesforce ecosystem

    PetSmart

    PetSmart is a leading retailer of pet products, with a heavy footprint across North America. Historically, PetSmart was a brick-and-mortar retailer, but it has placed a heavy emphasis on being a true multi-channel “click-and-mortar” retailer to ensure it maintains relevance against competitors like Amazon.

    E-Commerce Overhaul Initiative

    To improve its e-commerce capabilities, PetSmart recognized that it needed to consolidate to a single, unified e-commerce platform to realize a 360-degree view of its customers. A new platform was also required to power dynamic and engaging experiences, with appropriate product recommendations and tailored content. To pursue this initiative, the company settled on Salesforce.com’s Commerce Cloud product after an exhaustive requirements definition effort and rigorous vendor selection approach.

    Results

    After platform implementation, PetSmart was able to effortlessly handle the massive transaction volumes associated with Black Friday and Cyber Monday and deliver 1:1 experiences that boosted conversion rates.

    PetSmart standardized on the Commerce Cloud from Salesforce to great effect.

    This is an image of the journey from Discover & Engage to Retain & Advocate.

    Case Study

    Icebreaker exceeds customer expectations by using AI to power product recommendations

    INDUSTRY - Retail
    SOURCE - Salesforce (b)

    Icebreaker

    Icebreaker is a leading outerwear and lifestyle clothing company, operating six global websites and owning over 5,000 stores across 50 countries. Icebreaker is focused on providing its shoppers with accurate, real-time product suggestions to ensure it remains relevant in an increasingly competitive online market.

    E-Commerce Overhaul Initiative

    To improve its e-commerce capabilities, Icebreaker recognized that it needed to adopt a predictive recommendation engine that would offer its customers a more personalized shopping experience. This new system would need to leverage relevant data to provide both known and anonymous shoppers with product suggestions that are of interest to them. To pursue this initiative, Icebreaker settled on using Salesforce.com’s Commerce Cloud Einstein, a fully integrated AI.

    Results

    After integrating Commerce Cloud Einstein on all its global sites, Icebreaker was able to cross-sell and up-sell its merchandise more effectively by providing its shoppers with accurate product recommendations, ultimately increasing average order value.

    IT must also provide technology enablement for other channels, such as point-of-sale systems for brick-and-mortar

    Point-of-sale systems are the “real world” complement to e-commerce platforms. They provide functional capabilities for selling products in a physical store, including basic inventory management, cash register management, payment processing, and retail analytics. Many firms struggle with legacy POS environments that inhibit a modern customer experience.

    $27.338
    trillion dollars in retail sales are expected to be made globally in 2022 (eMarketer, 2022).

    84%
    of consumers believe that retailers should be doing more to integrate their online and offline channels (Invoca).

    39%
    of consumers are unlikely or very unlikely to visit a retailer’s store if the online store doesn’t provide physical store inventory information (V12).

    Strong Point-of-Sale Platforms Enable a Wide Range of Functional Areas:

    • Product Catalog Management
    • Discount Management
    • Coupon Management and Administration
    • Cash Management
    • Cash Register Reconciliation
    • Product Identification (Barcode Management)
    • Payment Processing
    • Compliance Management
    • Basic Inventory Management
    • Commerce Workflow Management
    • Exception Reporting and Overrides
    • Loyalty Program Management
    • Reporting and Analytics

    E-commerce and POS don’t live in isolation

    They’re key components of a well-oiled customer experience ecosystem!

    Integrate commerce solutions with other customer experience applications – and with ERP or logistics systems – to handoff transactions for order fulfilment.

    Having a customer master database – the central place where all up-to-the-minute data on a customer profile is stored – is essential for traditional and e-commerce success. Typically, the POS or e-commerce platform is not the system of record for the master customer profile: this information lives in a CRM platform or customer data warehouse. Conceptually, this system is at the center of the customer-experience ecosystem.

    Strong POS and e-commerce solutions orchestrate transactions but typically do not do the heavy lifting in terms of order fulfilment, shipping logistics, economic inventory management, and reverse logistics (returns). In an enterprise-grade environment, these activities are executed by an enterprise resource planning (ERP) solution – integrating your commerce systems with a back-end ERP solution is a crucial step from an application architecture point of view.

    This is an example of a customer experience ecosystem.  Core Apps (CRM, ERP): MMS Suite; E-Commerce; POS; Web CMS; Data Marts/BI Tools; Social Media Platforms

    Case Study

    INDUSTRY - Retail
    SOURCES - Amazon, n.d. CNET, 2020

    Amazon is creating a hybrid omnichannel experience for retail by introducing innovative brick-and-mortar stores

    Amazon

    Amazon began as an online retailer of books in the mid-1990s, and rapidly expanded its product portfolio to nearly every category imaginable. Often hailed as the foremost success story in online commerce, the firm has driven customer loyalty via consistently strong product recommendations and a well-designed site.

    Bringing Physical Retail Into the Digital Age

    Beginning in 2016 (and expanding in 2018), Amazon introduced Amazon Go, a next-generation grocery retailer, to the Seattle market. While most firms that pursue an e-commerce strategy traditionally come from a brick-and-mortar background, Amazon upended the usual narrative: the world’s largest online retailer opening physical stores to become a true omnichannel, “click-and-mortar” vendor. From the get-go, Amazon Go focused on innovating the physical retail experience – using cameras, IoT capabilities, and mobile technologies to offer “checkout-free” virtual shopping carts that automatically know what products customers take off the shelves and bill their Amazon accounts accordingly.

    Results

    Amazon received a variety of industry and press accolades for re-inventing the physical store experience and it now owns and operates seven separate store brands, with more still on the horizon.

    Case Study

    INDUSTRY - Retail
    SOURCES - Glossy, 2020

    Old Navy

    Old Navy is a clothing and accessories retail company that owns and operates over 1,200 stores across North America and China. Typically, Old Navy has relied on using traditional marketing approaches, but recently it has shifted to producing more digitally focused campaigns to drive revenue.

    Bringing Physical Retail Into the Digital Age

    To overcome pandemic-related difficulties, including temporary store closures, Old Navy knew that it had to have strong holiday sales in 2020. With the goal of stimulating retail sales growth and maximizing its pre-existing omnichannel capabilities, Old Navy decided to focus more of its holiday campaign efforts online than in years past. With this campaign centered on connected TV platforms, such as Hulu, and social media channels including Facebook, Instagram, and TikTok, Old Navy was able to take a more unique, fun, and good-humored approach to marketing.

    Results

    Old Navy’s digitally focused campaign was a success. When compared with third quarter sales figures from 2019, third quarter net sales for 2020 increased by 15% and comparable sales increased by 17%.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2: Assess current maturity.

    Call #4: Identify relationship between current initiatives and capabilities.

    Call #6: Identify strategy risks.

    Call #8: Identify and prioritize improvements.

    Call #3: Identify target-state capabilities.

    Call #5: Create initiative profiles.

    Call #7: Identify required budget.

    Call #9: Summarize results and plan next steps.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    Enable Omnichannel Commerce That Delights Your Customers – Project Overview

    1. Identify Critical Drivers for Your Omnichannel Commerce Strategy 2. Map Drivers to the Right Channels and Technologies
    Best Practice Toolkit

    1.1 Assess Personas and Scenarios

    1.2 Create Key Drivers and Metrics

    2.1 Build the Commerce Channel Matrix

    2.2 Review Technology and Trends Primer

    Guided Implementations
    • Validate customer personas.
    • Validate commerce scenarios.
    • Review key drivers and metrics.
    • Build the channel matrix.
    • Discuss technology and trends.
    Onsite Workshop

    Module 1:

    Module 2:

    Identify Critical Drivers for Your Omnichannel Commerce Strategy

    Map Drivers to the Right Channels and Technologies

    Phase 1 Outcome:

    Phase 2 Outcome:

    An initial shortlist of customer-centric drivers for your channel strategy and supporting metrics.

    A completed commerce channel matrix tailored to your organization, and a snapshot of enabling technologies and trends.

    Phase 1

    Identify Critical Drivers for Your Omnichannel Commerce Strategy

    1.1 Assess Personas and Scenarios

    1.2 Create Key Drivers and Metrics

    Enable Omnichannel Commerce That Delights Your Customers

    Step 1.1

    Assess Personas and Scenarios

    This step will walk you through the following activities:

    1.1.1 Build key customer personas for your commerce strategy.

    1.1.2 Create commerce scenarios (journey maps) that you need to enable.

    Identify Critical Drivers for Your Omnichannel Commerce Strategy

    This step involves the following participants:

    • Business stakeholders (Sales, Marketing)
    • IT project team

    Outcomes of this step:

    • Critical customer personas
    • Key traditional and e-commerce scenarios

    Use customer personas to picture who will be using your commerce channels and guide scenario design and key drivers

    What Are Personas?

    Personas are detailed descriptions of the targeted audience of your e-commerce presence. Effective personas:

    • Express and focus on the major needs and expectations of the most important user groups.
    • Give a clear picture of the typical user’s behavior.
    • Aid in uncovering universal features and functionality.
    • Describe real people with backgrounds, goals, and values.

    Source: Usability.gov, n.d.

    Why Are Personas Important?

    Personas help:

    • Focus the development of commerce platform features on the immediate needs of the intended audience.
    • Detail the level of customization needed to ensure content is valuable to the user.
    • Describe how users may behave when certain audio and visual stimulus are triggered from the website.
    • Outline the special design considerations required to meet user accessibility needs.

    Key Elements of a Persona:

    • Persona Group (e.g. executives)
    • Demographics (e.g. nationality, age, language spoken)
    • Purpose of Using Commerce Channels (e.g. product search versus ready to transact)
    • Typical Behaviors and Tendencies (e.g. goes to different websites when cannot find products in 20 seconds)
    • Technological Environment of User (e.g. devices, browsers, network connection)
    • Professional and Technical Skills and Experiences (e.g. knowledge of websites, area of expertise)

    Use Info-Tech’s guidelines to assist in the creation of personas

    How many personas should I create?

    The number of personas that should be created is based on the organizational coverage of your commerce strategy. Here are some questions you should ask:

    • Do the personas cover a majority of your revenues or product lines?
    • Is the number manageable for your project team to map out?

    How do I prioritize which personas to create?

    The identified personas should generate the most revenue – or provide a significant opportunity – for your business. Here are some questions that you should ask:

    • Are the personas prioritized based on the revenue they generate for the business?
    • Is the persona prioritization process considering both the present and future revenues the persona is generating?

    Sample: persona for e-commerce platform

    Example

    Persona quote: “After I call the company about the widget, I would usually go onto the company’s website and look at further details about the product. How am I supposed to do so when it is so hard to find the company’s website on everyday search engines, such as Google, Yahoo, or Bing?”

    Michael is a middle-aged manager working in the financial district. He wants to buy the company’s widgets for use in his home, but since he is distrusting of online shopping, he prefers to call the company’s call center first. Afterwards, if Michael is convinced by the call center representative, he will look at the company’s website for further research before making his purchase.

    Michael does not have a lot of free time on his hands, and tries to make his free time as relaxing as possible. Due to most of his work being client-facing, he is not in front of a computer most of the time during his work. As such, Michael does not consider himself to be skilled with technology. Once he makes the decision to purchase, Michael will conduct online transactions and pay most delivery costs due to his shortage of time.

    Needs:

    • Easy-to-find website and widget information.
    • Online purchasing and delivery services.
    • Answer to his questions about the widget.
    • To maintain contact post-purchase for easy future transactions.

    Info-Tech Tip

    The quote attached to a persona should be from actual quotes that your customers have used when you reviewed your voice of the customer (VoC) surveys or focus groups to drive home the impact of their issues with your company.

    1.1.1 Activity: Build personas for your key customers that you’ll need to support via traditional and e-commerce channels

    1 hour

    1. In two to four groups, list all the major, target customer personas that need to be built. In doing so, consider the people who interact with your e-commerce site (or other channels) most often.
    2. Build a demographic profile for each customer persona. Include information such as age, geographic location, occupation, and annual income.
    3. Augment the persona with a psychographic profile. Consider the goals and objectives of each customer persona and how these might inform buyer behaviors.
    4. Introduce your group’s personas to the entire group, in a round-robin fashion, as if you are introducing your persona at a party.
    5. Summarize the personas in a persona map. Rank your personas according to importance and remove any duplicates.
    6. Use Info-Tech’s Create Personas to Drive Omnichannel Requirements Template to assist.

    Info-Tech Insight

    Persona building is typically used for understanding the external customer; however, if you need to gain a better understanding of the organization’s internal customers (those who will be interacting with the e-commerce platform), personas can also be built for this purpose. Examples of useful internal personas are sales managers, brand managers, and customer service directors.

    1.1.1 Activity: Build personas for your key customers that you’ll need to support via traditional and e-commerce channels (continued)

    Input

    • Customer demographics and psychographics

    Output

    • List of prioritized customer personas

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project team

    Build use-case scenarios to model the transactional customer journey and inform drivers for your commerce strategy

    A use-case scenario is a story or narrative that helps explore the set of interactions that a customer has with an organization. Scenario mapping will help identify key business and technology drivers as well as more granular functional requirements for POS or e-commerce platform selection.

    A GOOD SCENARIO…

    • Describes specific task(s) that need to be accomplished.
    • Describes user goals and motivations.
    • Describes interactions with a compelling but not overwhelming amount of detail.
    • Can be rough, as long as it provokes ideas and discussion.

    SCENARIOS ARE USED TO...

    • Provide a shared understanding about what a user might want to do and how they might want to do it.
    • Help construct the sequence of events that are necessary to address in your user interface(s).

    TO CREATE GOOD SCENARIOS…

    • Keep scenarios high level, not granular, in nature.
    • Identify as many scenarios as possible. If you’re time constrained, try to develop two to three key scenarios per persona.
    • Sketch each scenario out so that stakeholders understand the goal of the scenario.

    1.1.2 Exercise: Build commerce user scenarios to understand what you want your customers to do from a transactional viewpoint

    1 hour

    Example

    Simplified E-Commerce Workflow Purchase Products

    This image contains an example of a Simplified E-Commerce Workflow Purchase Products

    Step 1.2

    Create Key Drivers and Metrics

    This step will walk you through the following activities:

    • Create the business drivers you need to enable with your commerce strategy.
    • Enumerate metrics to track the efficacy of your commerce strategy.

    Identify Critical Drivers for Your Omnichannel Commerce Strategy

    This step involves the following participants:

    • Business stakeholders (Sales, Marketing)
    • IT project team

    Outcomes of this step:

    • Business drivers for the commerce strategy
    • Metrics and key performance indicators for the commerce strategy

    1.2 Finish elaboration of your scenarios and map them to your personas: identify core business drivers for commerce

    1.5 hours

    1. List all commerce scenarios required to satisfy the immediate needs of your personas.
      1. Does the use-case scenario address commonly felt user challenges?
      2. Can the scenario be used by those with changing behaviors and tendencies?
    2. Look for recurring themes in use-case scenarios (for example, increasing average transaction cost through better product recommendations) and identify business drivers: drivers are common thematic elements that can be found across multiple scenarios. These are the key principles for your commerce strategy.
    3. Prioritize your use cases by leveraging the priorities of your business drivers.

    Example

    This is an example of how step 1.2 can help you identify business drivers

    1.2 Finish elaboration of your scenarios and map them to your personas: identify core business drivers for commerce (continuation)

    Input

    • User personas

    Output

    • List of use cases
    • Alignment of use cases to business objectives

    Materials

    • Whiteboard
    • Markers

    Participants

    • Business Analyst
    • Developer
    • Designer

    Show the benefits of commerce solution deployment with metrics aimed at both overall efficacy and platform adoption

    The ROI and perceived value of the organization’s e-commerce and POS solutions will be a critical indication of the success of the suite’s selection and implementation.

    Commerce Strategy and Technology Adoption Metrics

    EXAMPLE METRICS

    Commerce Performance Metrics

    Average revenue per unique transaction

    Quantity and quality of commerce insights

    Aggregate revenue by channel

    Unique customers per channel

    Savings from automated processes

    Repeat customers per channel

    User Adoption and Business Feedback Metrics

    User satisfaction feedback

    User satisfaction survey with technology

    Business adoption rates

    Application overhead cost reduction

    Info-Tech Insight

    Even if e-commerce metrics are difficult to track right now, the implementation of a dedicated e-commerce platform brings access to valuable customer intelligence from data that was once kept in silos.

    Phase 2

    Map Drivers to the Right Channels and Technologies

    2.1 Build the Commerce Channel Matrix

    2.2 Review Technology and Trends Primer

    Enable Omnichannel Commerce That Delights Your Customers

    Step 2.1

    Build the Commerce Channel Matrix

    This step will walk you through the following activities:

    • Based on your business drivers, create a blended mix of e-commerce channels that will suit your organization’s and customers’ needs.

    Map Drivers to the Right Channels and Technologies

    This step involves the following participants:

    • Business stakeholders (Sales, Marketing)
    • IT project team

    Outcomes of this step:

    • Commerce channel map

    Pick the transactional channels that align with your customer personas and enable your target scenarios and drivers

    Traditional Channels

    E-Commerce Channels

    Hybrid Channels

    Physical stores (brick and mortar) are the mainstay of retailers selling tangible goods – some now also offer intangible service delivery.

    E-commerce websites as exemplified by services like Amazon are accessible by a browser and deliver both goods and services.

    Online ordering/in-store fulfilment is a model whereby customers can place orders online but pick the product up in store.

    Telesales allows customers to place orders over the phone. This channel has declined in favor of mobile commerce via smartphone apps.

    Mobile commerce allows customers to shop through a dedicated, native mobile application on a smartphone or tablet.

    IoT-enabled smart carts/bags allow customers to shop in store, but check-out payments are handled by a mobile application.

    Mail order allows customers to send (”snail”) mail orders. A related channel is fax orders. Both have diminished in favor of e-commerce.

    Social media embedded shopping allows customers to order products directly through services such as Facebook.

    Info-Tech Insight

    Your channel selections should be driven by customer personas and scenarios. For example, social media may be extensively employed by some persona types (i.e. millennials) but see limited adoption in other demographics or use cases (i.e. B2B).

    2.1 Activity: Build your commerce channel matrix

    30 minutes

    1. Inventory which transactional channels are currently used by your firm (segment by product lines if variation exists).
    2. Interview product leaders, sales leaders, and marketing managers to determine if channels support transactional capabilities or are used for marketing and service delivery.
    3. Review your customer personas, scenarios, and drivers and assess which of the channels you will use in the future to sell products and services. Document below.

    Example: Commerce Channel Map

    Product Line A Product Line B Product Line C
    Currently Used? Future Use? Currently Used? Future Use? Currently Used? Future Use?
    Store Yes Yes No No No No
    Kiosk Yes No No No No No
    E-Commerce Site/Portal No Yes Yes Yes Yes Yes
    Mobile App No No Yes Yes No Yes
    Embedded Social Yes Yes Yes Yes Yes Yes

    Input

    • Personas, scenarios, and driver

    Output

    • Channel map

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project team

    Step 2.2

    Review Technology and Trends Primer

    This step will walk you through the following activities:

    • Review the scope of e-commerce and POS solutions and understand key drivers impacting e-commerce and traditional commerce.

    Map Drivers to the Right Channels and Technologies

    This step involves the following participants:

    • Business stakeholders (Sales, Marketing)
    • IT project team

    Outcomes of this step:

    • Understanding of key technologies
    • Understanding of key trends

    Application spotlight: e-commerce platforms

    How It Enables Your Strategy

    • Modern e-commerce platforms provide capabilities for end-to-end orchestration of online commerce experiences, from product site deployment to payment processing.
    • Some e-commerce platforms are purpose-built for business-to-business (B2B) commerce, emphasizing customer portals and EDI features. Other e-commerce vendors place more emphasis on business-to-consumer (B2C) capabilities, such as product catalog management and executing transactions at scale.
    • There has been an increasing degree of overlap between traditional web experience management solutions and the e-commerce market; for example, in 2018, Adobe acquired Magento to augment its overall web experience offering within Adobe Experience Manager.
    • E-commerce platforms typically fall short when it comes to order fulfilment and logistics; this piece of the puzzle is typically orchestrated via an ERP system or logistics management module.
    • This research provides a starting place for defining e-commerce requirements and selection artefacts.

    Key Trends

    • E-commerce vendors are rapidly supporting a variety of form factors and integration with other channels such as social media. Mobile is sufficiently popular that some vendors and industry commentators refer to it as “m-commerce” to differentiate app-based shopping experiences from those accessed through a traditional browser.
    • Hybrid commerce is driving more interplay between e-commerce solutions and POS.

    E-Commerce KPIs

    Strong e-commerce applications can improve:

    • Bounce Rates
    • Exit Rates
    • Lead Conversion Rates
    • Cart Abandonment Rates
    • Re-Targeting Efficacy
    • Average Cart Size
    • Average Cart Value
    • Customer Lifetime Value
    • Aggregate Reach/Impressions

    Familiarize yourself with the e-commerce market

    How it got here

    Initial Traction as the Dot-Com Era Came to Fruition

    Unlike some enterprise application markets, such as CRM, the e-commerce market appeared almost overnight during the mid-to-late nineties as the dot-com explosion fueled the need to have reliable solutions for executing transactions online.

    Early e-commerce solutions were less full-fledged suites than they were mediums for payment processing and basic product list management. PayPal and other services like Digital River were pioneers in the space, but their functionality was limited vis-à-vis tools such as web content management platforms, and their ability to amalgamate and analyze the data necessary for dynamic personalization and re-targeting was virtually non-existent.

    Rapidly Expanding Scope of Functional Capabilities as the Market Matured

    As marketers became more sophisticated and companies put an increased focus on customer experience and omnichannel interaction, the need arose for platforms that were significantly more feature rich than their early contemporaries. In this context, vendors such as Shopify and Demandware stepped into the limelight, offering far richer functionality and analytics than previous offerings, such as asset management, dynamic personalization, and the ability to re-target customers who abandoned their carts.

    As the market has matured, there has also been a series of acquisitions of some players (for example, Demandware by Salesforce) and IPOs of others (i.e. Shopify). Traditional payment-oriented services like PayPal still fill an important niche, while newer entrants like Square seek to disrupt both the e-commerce market and point-of-sale solutions to boot.

    Familiarize yourself with the e-commerce market

    Where it’s going

    Support for a Proliferation of Form Factors and Channels

    Modern e-commerce solutions are expanding the number of form factors (smartphones, tablets) they support via both responsive design and in-app capabilities. Many platforms now also support embedded purchasing options in non-owned channels (for example, social media). With the pandemic leading to a heightened affinity for online shopping, the importance of fully using these capabilities has been further emphasized.

    AI and Machine Learning

    E-commerce is another customer experience domain ripe for transformation via the potential of artificial intelligence. Machine learning algorithms are being used to enhance the effectiveness of dynamic personalization of product collateral, improve the accuracy of product recommendations, and allow for more effective re-targeting campaigns of customers who did not make a purchase.

    Merger of Online Commerce and Traditional Point-of-Sale

    Many e-commerce vendors – particularly the large players – are now going beyond traditional e-commerce and making plays into brick-and-mortar environments, offering point-of-sale capabilities and the ability to display product assets and customizations via augmented reality – truly blending the physical and virtual shopping experience.

    Emphasis on Integration with the Broader Customer Experience Ecosystem

    The big names in e-commerce recognize they don’t live on an island: out-of-the-box integrations with popular CRM, web experience, and marketing automation platforms have been increasing at a breakneck pace. Support for digital wallets has also become increasingly popular, with many vendors integrating contactless payment technology (i.e. Apple Pay) directly into their applications.

    E-Commerce Vendor Snapshot: Part 1

    Mid-Market E-Commerce Solutions

    This image contains the logos for the following Companies: Magento; Spryker; Bigcommerce; Woo Commerce; Shopify

    E-Commerce Vendor Snapshot: Part 2

    Large Enterprise and Full-Suite E-Commerce Platforms

    This image contains the logos for the following Companies: Salesforce commerce cloud; Oracle Commerce Cloud; Adobe Commerce Cloud; Sitecore; Sap Hybris Commerce

    Speak with category experts to dive deeper into the vendor landscape

    • Fact-based reviews of business software from IT professionals.
    • Product and category reports with state-of-the-art data visualization.
    • Top-tier data quality backed by a rigorous quality assurance process.
    • User-experience insight that reveals the intangibles of working with a vendor.

    Software Reviews is powered by Info-Tech

    Technology coverage is a priority for Info-Tech, and SoftwareReviews provides the most comprehensive unbiased data on today’s technology. The insights of our expert analysts provide unparalleled support to our members at every step of their buying journey.

    CLICK HERE to access SoftwareReviews Comprehensive software reviews to make better IT decisions.

    We collect and analyze the most detailed reviews on enterprise software from real users to give you an unprecedented view into the product and vendor before you buy.

    Evaluate software category leaders through vendor rankings and awards

    SoftwareReviews

    This is an image of the data quarant report

    The Data Quadrant is a thorough evaluation and ranking of all software in an individual category to compare platforms across multiple dimensions.

    This is an image of the data quarant report chart

    Vendors are ranked by their Composite Score, based on individual feature evaluations, user satisfaction rankings, vendor capability comparisons, and likeliness to recommend the platform.

    This is a image of the Emotional Footprint Report

    The Emotional Footprint is a powerful indicator of overall user sentiment toward the relationship with the vendor, capturing data across five dimensions.

    This is a image of the Emotional Footprint Report chart

    Vendors are ranked by their Customer Experience (CX) Score, which combines the overall Emotional Footprint rating with a measure of the value delivered by the solution.

    Leading B2B E-Commerce Platforms

    As of February 2022

    Data Quadrant

    This image contains a screenshot of the Data Quadrant chart for B2B E-commerce

    Emotional Footprint

    This image contains a screenshot of the Emotional Footprint chart for B2B E-commerce

    Leading B2C E-Commerce Platforms

    As of February 2022

    Data Quadrant

    This image contains a screenshot of the Data Quadrant chart for B2C E-commerce

    Emotional Footprint

    This image contains a screenshot of the Emotional Footprint chart for B2C E-commerce

    Application spotlight: point-of-sale solutions

    How It Enables Your Strategy

    • Point-of-sale solutions provide capabilities for cash register/terminal management, transaction processing, and lightweight inventory management.
    • Many POS vendors also offer products that have the ability to create orders from EDI, phone, or fax channels.
    • An increasing emphasis has been placed on retail analytics by POS vendors – providing reporting and analysis tools to help with inventory planning, promotion management, and product recommendations.
    • Integration of POS systems with a central customer data warehouse or other system of record for customer information allows for the ability to build richer customer profiles and compare shopping habits in physical stores against other transactional channels that are offered.
    • POS vendors often offer (or integrate with) loyalty management solutions to track, manage, and redeem loyalty points. See this note on loyalty management systems.
    • Legacy and/or homegrown POS systems tend to be an area of frustration for customer experience management modernization.

    Key Trends

    • POS solutions are moving from “cash-register-only” solutions to encompass mobile POS form factors like smartphones and tablets. Vendors such as Square have experienced tremendous growth in opening up the market via “mPOS” platforms that have lower costs to entry than the traditional hardware needed to support full-fledged POS solutions.
    • This development puts robust POS toolsets in the hands of small and medium businesses that otherwise would be priced out of the market.

    POS KPIs

    Strong POS applications can improve:

    • Customer Data Collection
    • Inventory or Cash Shrinkage
    • Cost per Transaction
    • Loyalty Program Administration Costs
    • Cycle Time for Transaction Execution

    Point-of-Sales Vendor Snapshot: Part 1

    Mid-Market POS Solutions

    This image contains the following company Logos: Square; Shopify; Vend; Heartland|Retail

    Point-of-Sales Vendor Snapshot: Part 2

    Large Enterprise POS Platforms

    This image contains the following Logos: Clover; Oracle Netsuite; RQ Retail Management; Salesforce Commerce Cloud; Korona

    Leading Retail POS Systems

    As of February 2022

    Data Quadrant

    This is an image of the Data Quadrant Chart for the Leading Retail Pos Systems

    Emotional Footprint

    This is an image of the Emotional Footprint chart for the Leading Retail POS Systems

    Summary of Accomplishment

    Knowledge Gained

    • Commerce channel framework
    • Customer affinities
    • Commerce channel overview
    • Commerce-enabling technologies

    Processes Optimized

    • Persona definition for commerce strategy
    • Persona channel shortlist

    Deliverables Completed

    • Customer personas
    • Commerce user scenarios
    • Business drivers for traditional commerce and e-commerce
    • Channel matrix for omnichannel commerce

    Bibliography

    “25 Amazing Omnichannel Statistics Every Marketer Should Know (Updated for 2021).” V12, 29 June 2021. Accessed 12 Jan. 2022.

    “Amazon Go.” Amazon, n.d. Web.

    Andersen, Derek. “33 Statistics Retail Marketers Need to Know in 2021.” Invoca, 19 July 2021. Accessed 12 Jan. 2022.

    Andre, Louie. “115 Critical Customer Support Software Statistics: 2022 Market Share Analysis & Data.” FinancesOnline, 14 Jan. 2022. Accessed 25 Jan. 2022.

    Chuang, Courtney. “The future of support: 5 key trends that will shape customer care in 2022.” Intercom, 10 Jan. 2022. Accessed 11 Jan. 2022.

    Cramer-Flood, Ethan. “Global Ecommerce Update 2021.” eMarketer, 13 Jan. 2021. Accessed 12 Jan. 2022.

    Cramer-Flood, Ethan. “Spotlight on total global retail: Brick-and-mortar returns with a vengeance.” eMarketer, 3 Feb. 2022. Accessed 12 Apr. 2022.

    Fox Rubin, Ben. “Amazon now operates seven different kinds of physical stores. Here's why.” CNET, 28 Feb. 2020. Accessed 12 Jan. 2022.

    Krajewski, Laura. “16 Statistics on Why Omnichannel is the Future of Your Contact Center and the Foundation for a Top-Notch Competitive Customer Experience.” Business 2 Community, 10 July 2020. Accessed 11 Jan. 2022.

    Manoff, Jill. “Fun and convenience: CEO Nany Green on Old Navy’s priorities for holiday.” Glossy, 8 Dec. 2020. Accessed 12 Jan. 2022.

    Meola, Andrew. “Rise of M-Commerce: Mobile Ecommerce Shopping Stats & Trends in 2021.” Insider, 30 Dec. 2020. Accessed 12 Jan. 2022.

    “Outdoor apparel retailer Icebreaker uses AI to exceed shopper expectations.” Salesforce, n.d.(a). Accessed 20 Jan. 2022.

    “Personas.” Usability.gov., n.d. Web. 28 Aug. 2018.

    “PetSmart – Why Commerce Cloud?” Salesforce, n.d.(b). Web. 30 April 2018.

    Toor, Meena. “Customer expectations: 7 Types all exceptional researchers must understand.” Qualtrics, 3 Dec. 2020. Accessed 11 Jan. 2022.

    Westfall, Leigh. “Omnichannel vs. multichannel: What's the difference?” RingCentral, 10 Sept. 2021. Accessed 11 Jan. 2022.

    “Worldwide ecommerce will approach $5 trillion this year.” eMarketer, 14 Jan. 2021. Accessed 12 Jan. 2022.

    Establish Data Governance – APAC Edition

    • Buy Link or Shortcode: {j2store}348|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $172,999 Average $ Saved
    • member rating average days saved: 63 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Organisations are faced with challenges associated with changing data landscapes, evolving business models, industry disruptions, regulatory and compliance obligations, and changing and maturing user landscapes and demands for data.
    • Although the need for a data governance program is often evident, organisations miss the mark when their data governance efforts are not directly aligned to delivering measurable business value by supporting key strategic initiatives, value streams, and their underlying business capabilities.

    Our Advice

    Critical Insight

    • Your organisation’s value streams and the associated business capabilities require effectively governed data. Without this, you face the impact of elevated operational costs, missed opportunities, eroded stakeholder satisfaction, and exposure to increased business risk.
    • Ensure your data governance program delivers measurable business value by aligning the associated data governance initiatives with the business architecture.
    • Data governance must continuously align with the organisation’s enterprise governance function. It should not be perceived as an IT pet project, but rather as a business-driven initiative.

    Impact and Result

    Info-Tech’s approach to establishing and sustaining effective data governance is anchored in the strong alignment of organisational value streams and their business capabilities with key data governance dimensions and initiatives.

    • Align with enterprise governance, business strategy and organizational value streams to ensure the program delivers measurable business value.
    • Understand your current data governance capabilities and build out a future state that is right sized and relevant.
    • Define data governance leadership, accountability, and responsibility, supported by an operating model that effectively manages change and communication and fosters a culture of data excellence.

    Establish Data Governance – APAC Edition Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Data Governance Research – A step-by-step document to ensure that the people handling the data are involved in the decisions surrounding data usage, data quality, business processes, and change implementation.

    Data governance is a strategic program that will help your organisation control data by managing the people, processes, and information technology needed to ensure that accurate and consistent data policies exist across varying lines of the business, enabling data-driven insight. This research will provide an overview of data governance and its importance to your organization, assist in making the case and securing buy-in for data governance, identify data governance best practices and the challenges associated with them, and provide guidance on how to implement data governance best practices for a successful launch.

    • Establish Data Governance – Phases 1-3 – APAC

    2. Data Governance Planning and Roadmapping Workbook – A structured tool to assist with establishing effective data governance practices.

    This workbook will help your organisation understand the business and user context by leveraging your business capability map and value streams, developing data use cases using Info-Tech's framework for building data use cases, and gauging the current state of your organisation's data culture.

    • Data Governance Planning and Roadmapping Workbook – APAC

    3. Data Use Case Framework Template – An exemplar template to highlight and create relevant use cases around the organisation’s data-related problems and opportunities.

    This business needs gathering activity will highlight and create relevant use cases around data-related problems or opportunities that are clear and contained and, if addressed, will deliver value to the organisation. This template provides a framework for data requirements and a mapping methodology for creating use cases.

    • Data Use Case Framework Template – APAC

    4. Data Governance Initiative Planning and Roadmap Tool – A visual roadmapping tool to assist with establishing effective data governance practices.

    This tool will help your organisation plan the sequence of activities, capture start dates and expected completion dates, and create a roadmap that can be effectively communicated to the organisation.

    • Data Governance Initiative Planning and Roadmap Tool – APAC

    5. Business Data Catalogue – A comprehensive template to help you to document the key data assets that are to be governed based on in-depth business unit interviews, data risk/value assessments, and a data flow diagram for the organisation.

    Use this template to document information about key data assets such as data definition, source system, possible values, data sensitivity, data steward, and usage of the data.

    • Business Data Catalogue – APAC

    6. Data Governance Program Charter Template – A program charter template to sell the importance of data governance to senior executives.

    This template will help get the backing required to get a data governance project rolling. The program charter will help communicate the project purpose, define the scope, and identify the project team, roles, and responsibilities.

    • Data Governance Program Charter Template – APAC

    7. Data Policies – A set of policy templates to support the data governance framework for the organisation.

    This set of policies supports the organisation's use and management of data to ensure that it efficiently and effectively serves the needs of the organisation.

    • Data Governance Policy – APAC
    • Data Classification Policy, Standard, and Procedure – APAC
    • Data Quality Policy, Standard, and Procedure – APAC
    • Data Management Definitions – APAC
    • Metadata Management Policy, Standard, and Procedure – APAC
    • Data Retention Policy and Procedure – APAC
    [infographic]

    Workshop: Establish Data Governance – APAC Edition

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish Business Context and Value

    The Purpose

    Identify key business data assets that need to be governed.

    Create a unifying vision for the data governance program.

    Key Benefits Achieved

    Understand the value of data governance and how it can help the organisation better leverage its data.

    Gain knowledge of how data governance can benefit both IT and the business.

    Activities

    1.1 Establish business context, value, and scope of data governance at the organisation.

    1.2 Introduction to Info-Tech’s data governance framework.

    1.3 Discuss vision and mission for data governance.

    1.4 Understand your business architecture, including your business capability map and value streams.

    1.5 Build use cases aligned to core business capabilities.

    Outputs

    Sample use cases (tied to the business capability map) and a repeatable use case framework

    Vision and mission for data governance

    2 Understand Current Data Governance Capabilities and Plot Target-State Levels

    The Purpose

    Assess which data contains value and/or risk and determine metrics that will determine how valuable the data is to the organisation.

    Assess where the organisation currently stands in data governance initiatives.

    Determine gaps between the current and future states of the data governance program.

    Key Benefits Achieved

    Gain a holistic understanding of organisational data and how it flows through business units and systems.

    Identify which data should fall under the governance umbrella.

    Determine a practical starting point for the program.

    Activities

    2.1 Understand your current data governance capabilities and maturity.

    2.2 Set target-state data governance capabilities.

    Outputs

    Current state of data governance maturity

    Definition of target state

    3 Build Data Domain to Data Governance Role Mapping

    The Purpose

    Determine strategic initiatives and create a roadmap outlining key steps required to get the organisation to start enabling data-driven insights.

    Determine timing of the initiatives.

    Key Benefits Achieved

    Establish clear direction for the data governance program.

    Step-by-step outline of how to create effective data governance, with true business-IT collaboration.

    Activities

    3.1 Evaluate and prioritise performance gaps.

    3.2 Develop and consolidate data governance target-state initiatives.

    3.3 Define the role of data governance: data domain to data governance role mapping.

    Outputs

    Target-state data governance initiatives

    Data domain to data governance role mapping

    4 Formulate a Plan to Get to Your Target State

    The Purpose

    Consolidate the roadmap and other strategies to determine the plan of action from day one.

    Create the required policies, procedures, and positions for data governance to be sustainable and effective.

    Key Benefits Achieved

    Prioritised initiatives with dependencies mapped out.

    A clearly communicated plan for data governance that will have full business backing.

    Activities

    4.1 Identify and prioritise next steps.

    4.2 Define roles and responsibilities and complete a high-level RACI.

    4.3 Wrap-up and discuss next steps and post-workshop support.

    Outputs

    Initialised roadmap

    Initialised RACI

    Further reading

    Establish Data Governance

    Deliver measurable business value.

    Analyst Perspective

    Establish a data governance program that brings value to your organisation.

    Picture of analyst

    Data governance does not sit as an island on its own in the organisation – it must align with and be driven by your enterprise governance. As you build out data governance in your organisation, it's important to keep in mind that this program is meant to be an enabling framework of oversight and accountabilities for managing, handling, and protecting your company's data assets. It should never be perceived as bureaucratic or inhibiting to your data users. It should deliver agreed-upon models that are conducive to your organisation's operating culture, offering clarity on who can do what with the data and via what means. Data governance is the key enabler for bringing high-quality, trusted, secure, and discoverable data to the right users across your organisation. Promote and drive the responsible and ethical use of data while helping to build and foster an organisational culture of data excellence.

    Crystal Singh

    Director, Research & Advisory, Data & Analytics Practice

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    The amount of data within organisations is growing at an exponential rate, creating a need to adopt a formal approach to governing data. However, many organisations remain uninformed on how to effectively govern their data. Comprehensive data governance should define leadership, accountability, and responsibility related to data use and handling and be supported by a well-oiled operating model and relevant policies and procedures. This will help ensure the right data gets to the right people at the right time, using the right mechanisms.

    Common Obstacles

    Organisations are faced with challenges associated with changing data landscapes, evolving business models, industry disruptions, regulatory and compliance obligations, and changing and maturing user landscape and demand for data. Although the need for a data governance program is often evident, organisations miss the mark when their data governance efforts are not directly aligned to delivering measurable business value. Initiatives should support key strategic initiatives, as well as value streams and their underlying business capabilities.

    Info-Tech's Approach

    Info-Tech's approach to establishing and sustaining effective data governance is anchored in the strong alignment of organisational value streams and their business capabilities with key data governance dimensions and initiatives. Organisations should:

    • Align their data governance with enterprise governance, business strategy and value streams to ensure the program delivers measurable business value.
    • Understand their current data governance capabilities so as to build out a future state that is right-sized and relevant.
    • Define data leadership, accountability, and responsibility. Support these with an operating model that effectively manages change and communication and fosters a culture of data excellence.

    Info-Tech Insight

    Your organisation's value streams and the associated business capabilities require effectively governed data. Without this, you face elevated operating costs, missed opportunities, eroded stakeholder satisfaction, and increased business risk.

    Your challenge

    This research is designed to help organisations build and sustain an effective data governance program.

    • Your organisation has recognised the need to treat data as a corporate asset for generating business value and/or managing and mitigating risk.
    • This has brought data governance to the forefront and highlighted the need to build a performance-driven enterprise program for delivering quality, trusted, and readily consumable data to users.
    • An effective data governance program is one that defines leadership, accountability. and responsibility related to data use and handling. It's supported by a well-oiled operating model and relevant policies and procedures, all of which help build and foster a culture of data excellence where the right users get access to the right data at the right time via the right mechanisms.

    As you embark on establishing data governance in your organisation, it's vital to ensure from the get-go that you define the drivers and business context for the program. Data governance should never be attempted without direction on how the program will yield measurable business value.

    'Data processing and cleanup can consume more than half of an analytics team's time, including that of highly paid data scientists, which limits scalability and frustrates employees.' – Petzold, et al., 2020

    Image is a circle graph and 30% of it is coloured with the number 30% in the middle of the graph

    'The productivity of employees across the organisation can suffer.' – Petzold, et al., 2020

    Respondents to McKinsey's 2019 Global Data Transformation Survey reported that an average of 30% of their total enterprise time was spent on non-value-added tasks because of poor data quality and availability. – Petzold, et al., 2020

    Common obstacles

    Some of the barriers that make data governance difficult to address for many organisations include:

    • Gaps in communicating the strategic value of data and data governance to the organisation. This is vital for securing senior leadership buy-in and support, which, in turn, is crucial for sustained success of the data governance program.
    • Misinterpretation or a lack of understanding about data governance, including what it means for the organisation and the individual data user.
    • A perception that data governance is inhibiting or an added layer of bureaucracy or complication rather than an enabling and empowering framework for stakeholders in their use and handling of data.
    • Embarking on data governance without firmly substantiating and understanding the organisational drivers for doing so. How is data governance going to support the organisation's value streams and their various business capabilities?
    • Neglecting to define and measure success and performance. Just as in any other enterprise initiative, you have to be able to demonstrate an ROI for time, resources and funding. These metrics must demonstrate the measurable business value that data governance brings to the organisation.
    • Failure to align data governance with enterprise governance.
    Image is a circle graph and 78% of it is coloured with the number 78% in the middle of the graph

    78% of companies (and 92% of top-tier companies) have a corporate initiative to become more data-driven. – Alation, 2020.

    Image is a circle graph and 58% of it is coloured with the number 58% in the middle of the graph

    But despite these ambitions, there appears to be a 'data culture disconnect' – 58% of leaders overestimate the current data culture of their enterprises, giving a grade higher than the one produced by the study. – Fregoni, 2020.

    The strategic value of data

    Power intelligent and transformative organisational performance through leveraging data.

    Respond to industry disruptors

    Optimise the way you serve your stakeholders and customers

    Develop products and services to meet ever-evolving needs

    Manage operations and mitigate risk

    Harness the value of your data

    The journey to being data-driven

    The journey to declaring that you are a data-driven organisation requires a pit stop at data enablement.

    The Data Economy

    Data Disengaged

    You have a low appetite for data and rarely use data for decision making.

    Data Enabled

    Technology, data architecture, and people and processes are optimised and supported by data governance.

    Data Driven

    You are differentiating and competing on data and analytics; described as a 'data first' organisation. You're collaborating through data. Data is an asset.

    Data governance is essential for any organisation that makes decisions about how it uses its data.

    Data governance is an enabling framework of decision rights, responsibilities, and accountabilities for data assets across the enterprise.

    Data governance is:

    • Executed according to agreed-upon models that describe who can take what actions with what information, when, and using what methods (Olavsrud, 2021).
    • True business-IT collaboration that will lead to increased consistency and confidence in data to support decision making. This, in turn, helps fuel innovation and growth.

    If done correctly, data governance is not:

    • An annoying, finger-waving roadblock in the way of getting things done.
    • Meant to solve all data-related business or IT problems in an organisation.
    • An inhibitor or impediment to using and sharing data.

    Info-Tech's Data Governance Framework

    An image of Info-Tech's Data Governance Framework

    Create impactful data governance by embedding it within enterprise governance

    A model is depicted to show the relationship between enterprise governance and data governance.

    Organisational drivers for data governance

    Data governance personas:

    Conformance: Establishing data governance to meet regulations and compliance requirements.

    Performance: Establishing data governance to fuel data-driven decision making for driving business value and managing and mitigating business risk.

    Two images are depicted that show the difference between conformance and performance.

    Data Governance is not a one-person show

    • Data governance needs a leader and a home. Define who is going to be leading, driving, and steering data governance in your organisation.
    • Senior executive leaders play a crucial role in championing and bringing visibility to the value of data and data governance. This is vital for building and fostering a culture of data excellence.
    • Effective data governance comes with business and IT alignment, collaboration, and formally defined roles around data leadership, ownership, and stewardship.
    Four circles are depicted. There is one person in the circle on the left and is labelled: Data Governance Leadership. The circle beside it has two people in it and labelled: Organisational Champions. The circle beside it has three people in it and labelled: Data Owners, Stewards & Custodians. The last circle has four people in it and labelled: The Organisation & Data Storytellers.

    Traditional data governance organisational structure

    A traditional structure includes committees and roles that span across strategic, tactical, and operational duties. There is no one-size-fits-all data governance structure. However, most organisations follow a similar pattern when establishing committees, councils, and cross-functional groups. Most organisations strive to identify roles and responsibilities at a strategic and operational level. Several factors will influence the structure of the program, such as the focus of the data governance project and the maturity and size of the organisation.

    A triangular model is depicted and is split into three tiers to show the traditional data governance organisational structure.

    A healthy data culture is key to amplifying the power of your data.

    'Albert Einstein is said to have remarked, "The world cannot be changed without changing our thinking." What is clear is that the greatest barrier to data success today is business culture, not lagging technology.' – Randy Bean, 2020

    What does it look like?

    • Everybody knows the data.
    • Everybody trusts the data.
    • Everybody talks about the data.

    'It is not enough for companies to embrace modern data architectures, agile methodologies, and integrated business-data teams, or to establish centres of excellence to accelerate data initiatives, when only about 1 in 4 executives reported that their organisation has successfully forged a data culture.'– Randy Bean, 2020

    Data literacy is an essential part of a data-driven culture

    • In a data-driven culture, decisions are made based on data evidence, not on gut instinct.
    • Data often has untapped potential. A data-driven culture builds tools and skills, builds users' trust in the condition and sources of data, and raises the data skills and understanding among their people on the front lines.
    • Building a data culture takes an ongoing investment of time, effort, and money. This investment will not achieve the transformation you want without data literacy at the grassroots level.

    Data-driven culture = 'data matters to our company'

    Despite investments in data initiative, organisations are carrying high levels of data debt

    Data debt is 'the accumulated cost that is associated with the sub-optimal governance of data assets in an enterprise, like technical debt.'

    Data debt is a problem for 78% of organisations.

    40% of organisations say individuals within the business do not trust data insights.

    66% of organisations say a backlog of data debt is impacting new data management initiatives.

    33% of organisations are not able to get value from a new system or technology investment.

    30% of organisations are unable to become data-driven.

    Source: Experian, 2020

    Absent or sub-optimal data governance leads to data debt

    Only 3% of companies' data meets basic quality standards. (Source: Nagle, et al., 2017)

    Organisations suspect 28% of their customer and prospect data is inaccurate in some way. (Source: Experian, 2020)

    Only 51% of organisations consider the current state of their CRM or ERP data to be clean, allowing them to fully leverage it. (Source: Experian, 2020)

    35% of organisations say they're not able to see a ROI for data management initiatives. (Source: Experian, 2020)

    Embrace the technology

    Make the available data governance tools and technology work for you:

    • Data catalogue
    • Business data glossary
    • Data lineage
    • Metadata management

    While data governance tools and technologies are no panacea, leverage their automated and AI-enabled capabilities to augment your data governance program.

    Logos of data governance tools and technology.

    Measure success to demonstrate tangible business value

    Put data governance into the context of the business:

    • Tie the value of data governance and its initiatives back to the business capabilities that are enabled.
    • Leverage the KPIs of those business capabilities to demonstrate tangible and measurable value. Use terms and language that will resonate with senior leadership.

    Don't let measurement be an afterthought:

    Start substantiating early on how you are going to measure success as your data governance program evolves.

    Build a right-sized roadmap

    Formulate an actionable roadmap that is right-sized to deliver value in your organisation.

    Key considerations:

    • When building your data governance roadmap, ensure you do so through an enterprise lens. Be cognizant of other initiatives that might be coming down the pipeline that may require you to align your data governance milestones accordingly.
    • Apart from doing your planning with consideration for other big projects or launches that might be in-flight and require the time and attention of your data governance partners, also be mindful of the more routine yet still demanding initiatives.
    • When doing your roadmapping, consider factors like the organisation's fiscal cycle, typical or potential year-end demands, and monthly/quarterly reporting periods and audits. Initiatives such as these are likely to monopolise the time and focus of personnel key to delivering on your data governance milestones.

    Sample milestones:

    Data Governance Leadership & Org Structure Definition

    Define the home for data governance and other key roles around ownership and stewardship, as approved by senior leadership.

    Data Governance Charter and Policies

    Create a charter for your program and build/refresh associated policies.

    Data Culture Diagnostic

    Understand the organisation's current data culture, perception of data, value of data, and knowledge gaps.

    Use Case Build and Prioritisation

    Build a use case that is tied to business capabilities. Prioritise accordingly.

    Business Data Glossary

    Build and/or refresh the business' glossary for addressing data definitions and standardisation issues.

    Tools & Technology

    Explore the tools and technology offering in the data governance space that would serve as an enabler to the program. (e.g. RFI, RFP).

    Key takeaways for effective business-driven data governance

    Data governance leadership and sponsorship is key.

    Ensure strategic business alignment.

    Build and foster a culture of data excellence.

    Evolve along the data journey.

    Make data governance an enabler, not a hindrance.

    Insight summary

    Overarching insight

    Your organisation's value streams and the associated business capabilities require effectively governed data. Without this, you face the impact of elevated operational costs, missed opportunities, eroded stakeholder satisfaction, and exposure to increased business risk.

    Insight 1

    Data governance should not sit as an island in your organisation. It must continuously align with the organisation's enterprise governance function. It shouldn't be perceived as a pet project of IT, but rather as an enterprise-wide, business-driven initiative.

    Insight 2

    Ensure your data governance program delivers measurable business value by aligning the associated data governance initiatives with the business architecture. Leverage the measures of success or KPIs of the underlying business capabilities to demonstrate the value data governance has yielded for the organisation.

    Insight 3

    Data governance remains the foundation of all forms of reporting and analytics. Advanced capabilities such as AI and machine learning require effectively governed data to fuel their success.

    Tactical insight

    Tailor your data literacy program to meet your organisation's needs, filling your range of knowledge gaps and catering to your different levels of stakeholders. When it comes to rolling out a data literacy program, there is no one-size-fits-all solution. Your data literacy program is intended to fill the knowledge gaps about data, as they exist in your organisation. It should be targeted across the board – from your executive leadership and management through to the subject matter experts across different lines of the business in your organisation.

    Info-Tech's methodology for establishing data governance

    1. Build Business and User Context 2. Understand Your Current Data Governance Capabilities 3. Build a Target State Roadmap and Plan
    Phase Steps
    1. Substantiate Business Drivers
    2. Build High-Value Use Cases for Data Governance
    1. Understand the Key Components of Data Governance
    2. Gauge Your Organisation's Current Data Culture
    1. Formulate an Actionable Roadmap and Right-Sized Plan
    Phase Outcomes
    • Your organisation's business capabilities and value streams
    • A business capability map for your organisation
    • Categorisation of your organisation's key capabilities
    • A strategy map tied to data governance
    • High-value use cases for data governance
    • An understanding of the core components of an effective data governance program
    • An understanding your organisation's current data culture
    • A data governance roadmap and target-state plan comprising of prioritised initiatives

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Screenshot of Info-Tech's Data Governance Planning and Roadmapping Workbook data-verified=

    Data Governance Planning and Roadmapping Workbook

    Use the Data Governance Planning and Roadmapping Workbook as you plan, build, roll out, and scale data governance in your organisation.

    Screenshot of Info-Tech's Data Use Case Framework Template

    Data Use Case Framework Template

    This template takes you through a business needs gathering activity to highlight and create relevant use cases around the organisation's data-related problems and opportunities.

    Screenshot of Info-Tech's Business Data Glossary data-verified=

    Business Data Glossary

    Use this template to document the key data assets that are to be governed and create a data flow diagram for your organisation.

    Screenshot of Info-Tech's Data Culture Diagnostic and Scorecard data-verified=

    Data Culture Diagnostic and Scorecard

    Leverage Info-Tech's Data Culture Diagnostic to understand how your organisation scores across 10 areas relating to data culture.

    Key deliverable:

    Data Governance Planning and Roadmapping Workbook

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Data Governance Initiative Planning and Roadmap Tool

    Leverage this tool to assess your current data governance capabilities and plot your target state accordingly.

    This tool will help you plan the sequence of activities, capture start dates and expected completion dates, and create a roadmap that can be effectively communicated to the organisation.

    Data Governance Program Charter Template

    This template will help get the backing required to get a data governance project rolling. The program charter will help communicate the project purpose, define the scope, and identify the project team, roles, and responsibilities.

    Data Governance Policy

    This policy establishes uniformed data governance standards and identifies the shared responsibilities for assuring the integrity of the data and that it efficiently and effectively serves the needs of your organisation

    Other Deliverables:

    • Data Governance Initiative Planning and Roadmap Tool
    • Data Governance Program Charter Template
    • Data Governance Policy

    Blueprint benefits

    Defined data accountability & responsibility

    Shared knowledge & common understanding of data assets

    Elevated trust & confidence in traceable data

    Improved data ROI & reduced data debt

    Support for ethical use and handling of data in a culture of excellence

    Measure the value of this blueprint

    Leverage this blueprint's approach to ensure your data governance initiatives align and support your key value streams and their business capabilities.

    • Aligning your data governance program and its initiatives to your organisation's business capabilities is vital for tracing and demonstrating measurable business value for the program.
    • This alignment of data governance with value streams and business capabilities enables you to use business-defined KPIs and demonstrate tangible value.
    Screenshot from this blueprint on the Measurable Business Value

    In phases 1 and 2 of this blueprint, we will help you establish the business context, define your business drivers and KPIs, and understand your current data governance capabilities and strengths.

    In phase 3, we will help you develop a plan and a roadmap for addressing any gaps and improving the relevant data governance capabilities so that data is well positioned to deliver on those defined business metrics.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    'Our team, has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.'

    Guided Implementation

    'Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keeps us on track.'

    Workshop

    'We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.'

    Consulting

    'Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.'

    Diagnostics and consistent frameworks are used throughout all four options.

    Establish Data Governance project overview

    Contact your account representative for more information. workshops@infotech.com 1-888-670-8889

    1. Build Business and User context2. Understand Your Current Data Governance Capabilities3. Build a Target State Roadmap and Plan
    Best-Practice Toolkit
    1. Substantiate Business Drivers
    2. Build High-Value Use Cases for Data Governance
    1. Understand the Key Components of Data Governance
    2. Gauge Your Organisation's Current Data Culture
    1. Formulate an Actionable Roadmap and Right-Sized Plan
    Guided Implementation
    • Call 1
    • Call 2
    • Call 3
    • Call 4
    • Call 5
    • Call 6
    • Call 7
    • Call 8
    • Call 9
    Phase Outcomes
    • Your organisation's business capabilities and value streams
    • A business capability map for your organisation
    • Categorisation of your organisation's key capabilities
    • A strategy map tied to data governance
    • High-value use cases for data governance
    • An understanding of the core components of an effective data governance program
    • An understanding your organisation's current data culture
    • A data governance roadmap and target-state plan comprising of prioritised initiatives

    Guided Implementation

    What does a typical GI on this topic look like?

    An outline of what guided implementation looks like.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organisation. A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    Workshop overview

    Contact your account representative for more information. workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4
    Establish Business Context and Value Understand Current Data Governance Capabilities and Plot Target-State Levels Build Data Domain to Data Governance Role Mapping Formulate a Plan to Get to Your Target State
    Activities
    • Establish business context, value, and scope of data governance at the organisation
    • Introduction to Info-Tech's data governance framework
    • Discuss vision and mission for data governance
    • Understand your business architecture, including your business capability map and value streams
    • Build use cases aligned to core business capabilities
    • Understand your current data governance capabilities and maturity
    • Set target state data governance capabilities
    • Evaluate and prioritise performance gaps
    • Develop and consolidate data governance target-state initiatives
    • Define the role of data governance: data domain to data governance role mapping
    • Identify and prioritise next steps
    • Define roles and responsibilities and complete a high-level RACI
    • Wrap-up and discuss next steps and post-workshop support
    Deliverables
    1. Sample use cases (tied to the business capability map) and a repeatable use case framework
    2. Vision and mission for data governance
    1. Current state of data governance maturity
    2. Definition of target state
    1. Target-state data governance initiatives
    2. Data domain to data governance role mapping
    1. Initialised roadmap
    2. Initialised RACI
    3. Completed Business Data Glossary (BDG)

    Phase 1

    Build Business and User Context

    Three circles are in the image that list the three phases and the main steps. Phase 1 is highlighted.

    'When business users are invited to participate in the conversation around data with data users and IT, it adds a fundamental dimension — business context. Without a real understanding of how data ties back to the business, the value of analysis and insights can get lost.' – Jason Lim, Alation

    This phase will guide you through the following activities:

    • Identify Your Business Capabilities
    • Define your Organisation's Key Business Capabilities
    • Develop a Strategy Map that Aligns Business Capabilities to Your Strategic Focus

    This phase involves the following participants:

    • Data Governance Leader/Data Leader (CDO)
    • Senior Business Leaders
    • Business SMEs
    • Data Leadership, Data Owners, Data Stewards and Custodians

    Step 1.1

    Substantiate Business Drivers

    Activities

    1.1.1 Identify Your Business Capabilities

    1.1.2 Categorise Your Organisation's Key Business Capabilities

    1.1.3 Develop a Strategy Map Tied to Data Governance

    This step will guide you through the following activities:

    • Leverage your organisation's existing business capability map or initiate the formulation of a business capability map, guided by Info-Tech's approach
    • Determine which business capabilities are considered high priority by your organisation
    • Map your organisation's strategic objectives to value streams and capabilities to communicate how objectives are realised with the support of data

    Outcomes of this step

    • A foundation for data governance initiative planning that's aligned with the organisation's business architecture: value streams, business capability map, and strategy map

    Info-Tech Insight

    Gaining a sound understanding of your business architecture (value streams and business capabilities) is a critical foundation for establishing and sustaining a data governance program that delivers measurable business value.

    1.1.1 Identify Your Business Capabilities

    Confirm your organisation's existing business capability map or initiate the formulation of a business capability map:

    1. If you have an existing business capability map, meet with the relevant business owners/stakeholders to confirm that the content is accurate and up to date. Confirm the value streams (how your organisation creates and captures value) and their business capabilities are reflective of the organisation's current business environment.
    2. If you do not have an existing business capability map, follow this activity to initiate the formulation of a map (value streams and related business capabilities):
      1. Define the organisation's value streams. Meet with senior leadership and other key business stakeholders to define how your organisation creates and captures value.
      2. Define the relevant business capabilities. Meet with senior leadership and other key business stakeholders to define the business capabilities.

    Note: A business capability defines what a business does to enable value creation. Business capabilities are business terms defined using descriptive nouns such as 'Marketing' or 'Research and Development.' They represent stable business functions, are unique and independent of each other, and typically will have a defined business outcome.

    Input

    • List of confirmed value streams and their related business capabilities

    Output

    • Business capability map with value streams for your organisation

    Materials

    • Your existing business capability map or the template provided in the Data Governance Planning and Roadmapping Workbook accompanying this blueprint

    Participants

    • Key business stakeholders
    • Data stewards
    • Data custodians
    • Data Governance Working Group

    For more information, refer to Info-Tech's Document Your Business Architecture.

    Define or validate the organisation's value streams

    Value streams connect business goals to the organisation's value realisation activities. These value realisation activities, in turn, depend on data.

    If the organisation does not have a business architecture function to conduct and guide Activity 1.1.1, you can leverage the following approach:

    • Meet with key stakeholders regarding this topic, then discuss and document your findings.
    • When trying to identify the right stakeholders, consider: Who are the decision makers and key influencers? Who will impact this piece of business architecture related work? Who has the relevant skills, competencies, experience, and knowledge about the organisation?
    • Engage with these stakeholders to define and validate how the organisation creates value.
    • Consider:
      • Who are your main stakeholders? This will depend on the industry in which you operate. For example, customers, residents, citizens, constituents, students, patients.
      • What are your stakeholders looking to accomplish?
      • How does your organisation's products and/or services help them accomplish that?
      • What are the benefits your organisation delivers to them and how does your organisation deliver those benefits?
      • How do your stakeholders receive those benefits?

    Align data governance to the organisation's value realisation activities.

    Value streams enable the organisation to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

    Info-Tech Insight

    Your organisation's value streams and the associated business capabilities require effectively governed data. Without this, you face the possibilities of elevated operational costs, missed opportunities, eroded stakeholder satisfaction, negative impact to reputation and brand, and/or increased exposure to business risk.

    Example of value streams – Retail Banking

    Value streams connect business goals to the organisation's value realisation activities.

    Example value stream descriptions for: Retail Banking

    Value streams enable the organisation to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

    Model example of value streams for retail banking.

    For this value stream, download Info-Tech's Info-Tech's Industry Reference Architecture for Retail Banking.

    Example of value streams – Higher Education

    Value streams connect business goals to the organisation's value realisation activities.

    Example value stream descriptions for: Higher Education

    Value streams enable the organisation to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

    Model example of value streams for higher education

    For this value stream, download Info-Tech's Industry Reference Architecture for Higher Education.

    Example of value streams – Local Government

    Value streams connect business goals to the organisation's value realisation activities.

    Example value stream descriptions for: Local Government

    Value streams enable the organisation to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

    Model example of value streams for local government

    For this value stream, download Info-Tech's Industry Reference Architecture for Local Government.

    Example of value streams – Manufacturing

    Value streams connect business goals to the organisation's value realisation activities.

    Example value stream descriptions for: Manufacturing

    Value streams enable the organisation to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

    Model example of value streams for manufacturing

    For this value stream, download Info-Tech's Industry Reference Architecture for Manufacturing.

    Example of value streams – Retail

    Value streams connect business goals to the organisation's value realisation activities.

    Example value stream descriptions for: Retail

    Model example of value streams for retail

    Value streams enable the organisation to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

    For this value stream, download Info-Tech's Industry Reference Architecture for Retail.

    Define the organisation's business capabilities in a business capability map

    A business capability defines what a business does to enable value creation. Business capabilities represent stable business functions and typically will have a defined business outcome.

    Business capabilities can be thought of as business terms defined using descriptive nouns such as 'Marketing' or 'Research and Development.'

    If your organisation doesn't already have a business capability map, you can leverage the following approach to build one. This initiative requires a good understanding of the business. By working with the right stakeholders, you can develop a business capability map that speaks a common language and accurately depicts your business.

    Working with the stakeholders as described above:

    • Analyse the value streams to identify and describe the organisation's capabilities that support them.
    • Consider: What is the objective of your value stream? (This can highlight which capabilities support which value stream.)
    • As you initiate your engagement with your stakeholders, don't start a blank page. Leverage the examples on the next slides as a starting point for your business capability map.
    • When using these examples, consider: What are the activities that make up your particular business? Keep the ones that apply to your organisation, remove the ones that don't, and add any needed.

    Align data governance to the organisation's value realisation activities.

    Info-Tech Insight

    A business capability map can be thought of as a visual representation of your organisation's business capabilities and hence represents a view of what your data governance program must support.

    For more information, refer to Info-Tech's Document Your Business Architecture.

    Example business capability map – Retail Banking

    A business capability map can be thought of as a visual representation of your organisation's business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip:

    Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realisation capabilities under discussion. This will help to build awareness and visibility of the data governance program.

    Example business capability map for: Retail Banking

    Model example business capability map for retail banking

    For this business capability map, download Info-Tech's Industry Reference Architecture for Retail Banking.

    Example business capability map – Higher Education

    A business capability map can be thought of as a visual representation of your organisation's business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip:

    Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realisation capabilities under discussion. This will help to build awareness and visibility of the data governance program.

    Example business capability map for: Higher Education

    Model example business capability map for higher education

    For this business capability map, download Info-Tech's Industry Reference Architecture for Higher Education.

    Example business capability map – Local Government

    A business capability map can be thought of as a visual representation of your organisation's business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip:

    Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realisation capabilities under discussion. This will help to build awareness and visibility of the data governance program.

    Example business capability map for: Local Government

    Model example business capability map for local government

    For this business capability map, download Info-Tech's Industry Reference Architecture for Local Government.

    Example business capability map – Manufacturing

    A business capability map can be thought of as a visual representation of your organisation's business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip:

    Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realisation capabilities under discussion. This will help to build awareness and visibility of the data governance program.

    Example business capability map for: Manufacturing

    Model example business capability map for manufacturing

    For this business capability map, download Info-Tech's Industry Reference Architecture for Manufacturing.

    Example business capability map - Retail

    A business capability map can be thought of as a visual representation of your organisation's business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip:

    Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realisation capabilities under discussion. This will help to build awareness and visibility of the data governance program.

    Example business capability map for: Retail

    Model example business capability map for retail

    For this business capability map, download Info-Tech's Industry Reference Architecture for Retail.

    1.1.2 Categorise Your Organisation's Key Capabilities

    Determine which capabilities are considered high priority in your organisation.

    1. Categorise or heatmap the organisation's key capabilities. Consult with senior and other key business stakeholders to categorise and prioritise the business' capabilities. This will aid in ensuring your data governance future state planning is aligned with the mandate of the business. One approach to prioritising capabilities with business stakeholders is to examine them through the lens of cost advantage creators, competitive advantage differentiators, and/or by high value/high risk.
    2. Identify cost advantage creators. Focus on capabilities that drive a cost advantage for your organisation. Highlight these capabilities and prioritise programs that support them.
    3. Identify competitive advantage differentiators. Focus on capabilities that give your organisation an edge over rivals or other players in your industry.

    This categorisation/prioritisation exercise helps highlight prime areas of opportunity for building use cases, determining prioritisation, and the overall optimisation of data and data governance.

    Input

    • Strategic insight from senior business stakeholders on the business capabilities that drive value for the organisation

    Output

    • Business capabilities categorised and prioritised (e.g. cost advantage creators, competitive advantage differentiators, high value/high risk)

    Materials

    • Your existing business capability map or the business capability map derived in the previous activity

    Participants

    • Key business stakeholders
    • Data stewards
    • Data custodians
    • Data Governance Working Group

    For more information, refer to Info-Tech's Document Your Business Architecture.

    Example of business capabilities categorisation or heatmapping – Retail

    This exercise is useful in ensuring the data governance program is focused and aligned to support the priorities and direction of the business.

    • Depending on the mandate from the business, priority may be on developing cost advantage. Hence the capabilities that deliver efficiency gains are the ones considered to be cost advantage creators.
    • The business' priority may be on maintaining or gaining a competitive advantage over its industry counterparts. Differentiation might be achieved in delivering unique or enhanced products, services, and/or experiences, and the focus will tend to be on the capabilities that are more end-stakeholder-facing (e.g. customer-, student-, patient,- and/or constituent-facing). These are the organisation's competitive advantage creators.

    Example: Retail

    Example of business capabilities categorisation or heatmapping – Retail

    For this business capability map, download Info-Tech's Industry Reference Architecture for Retail.

    1.1.3 Develop a Strategy Map Tied to Data Governance

    Identify the strategic objectives for the business. Knowing the key strategic objectives will drive business-data governance alignment. It's important to make sure the right strategic objectives of the organisation have been identified and are well understood.

    1. Meet with senior business leaders and other relevant stakeholders to help identify and document the key strategic objectives for the business.
    2. Leverage their knowledge of the organisation's business strategy and strategic priorities to visually represent how these map to value streams, business capabilities, and, ultimately, to data and data governance needs and initiatives. Tip: Your map is one way to visually communicate and link the business strategy to other levels of the organisation.
    3. Confirm the strategy mapping with other relevant stakeholders.

    Guide to creating your map: Starting with strategic objectives, map the value streams that will ultimately drive them. Next, link the key capabilities that enable each value stream. Then map the data and data governance to initiatives that support those capabilities. This is one approach to help you prioritise the data initiatives that deliver the most value to the organisation.

    Input

    • Strategic objectives as outlined by the organisation's business strategy and confirmed by senior leaders

    Output

    • A strategy map that maps your organisational strategic objectives to value streams, business capabilities, and, ultimately, to data program

    Materials

    Participants

    • Key business stakeholders
    • Data stewards
    • Data custodians
    • Data Governance Working Group

    Download Info-Tech's Data Governance Planning and Roadmapping Workbook

    Example of a strategy map tied to data governance

    • Strategic objectives are the outcomes that the organisation is looking to achieve.
    • Value streams enable an organisation to create and capture value in the market through interconnected activities that support strategic objectives.
    • Business capabilities define what a business does to enable value creation in value streams.
    • Data capabilities and initiatives are descriptions of action items on the data and data governance roadmap and which will enable one or multiple business capabilities in its desired target state.

    Info-Tech Tip:

    Start with the strategic objectives, then map the value streams that will ultimately drive them. Next, link the key capabilities that enable each value stream. Then map the data and data governance initiatives that support those capabilities. This process will help you prioritise the data initiatives that deliver the most value to the organisation.

    Example: Retail

    Example of a strategy map tied to data governance for retail

    For this strategy map, download Info-Tech's Industry Reference Architecture for Retail.

    Step 1.2

    Build High-Value Use Cases for Data Governance

    Activities

    1.2.1 Build High-Value Use Cases

    This step will guide you through the following activities:

    • Leveraging your categorised business capability map to conduct deep-dive sessions with key business stakeholders for creating high-value uses cases
    • Discussing current challenges, risks, and opportunities associated with the use of data across the lines of business
    • Exploring which other business capabilities, stakeholder groups, and business units will be impacted

    Outcomes of this step

    • Relevant use cases that articulate the data-related challenges, needs, or opportunities that are clear and contained and, if addressed ,will deliver value to the organisation

    Info-Tech Tip

    One of the most important aspects when building use cases is to ensure you include KPIs or measures of success. You have to be able to demonstrate how the use case ties back to the organisational priorities or delivers measurable business value. Leverage the KPIs and success factors of the business capabilities tied to each particular use case.

    1.2.1 Build High-Value Use Cases

    This business needs-gathering activity will highlight and create relevant use cases around data-related problems or opportunities that are clear and contained and, if addressed, will deliver value to the organisation.

    1. Bring together key business stakeholders (data owner, stewards, SMEs) from a particular line of business as well as the relevant data custodian(s) to build cases for their units. Leverage the business capability map you created for facilitating this act.
    2. Leverage Info-Tech's framework for data requirements and methodology for creating use cases, as outlined in the Data Use Case Framework Template and seen on the next slide.
    3. Have the stakeholders move through each breakout session outlined in the Use Case Worksheet. Use flip charts or a whiteboard to brainstorm and document their thoughts.
    4. Debrief and document results in the Data Use Case Framework Template.
    5. Repeat this exercise with as many lines of the business as possible, leveraging your business capability map to guide your progress and align with business value.

    Tip: Don't conclude these use case discussions without substantiating what measures of success will be used to demonstrate the business value of the effort to produce the desired future state, as relevant to each particular use case.

    This business needs-gathering activity will highlight and create relevant use cases around data-related problems or opportunities that are clear and contained and, if addressed, will deliver value to the organisation.

    1. Bring together key business stakeholders (data owner, stewards, SMEs) from a particular line of business as well the relevant data custodian(s) to build cases for their units. Leverage the business capability map you created for facilitating this act.
    2. Leverage Info-Tech's framework for data requirements and methodology for creating use cases, as outlined in the Data Use Case Framework Template and seen on the next slide.
    3. Have the stakeholders move through each breakout session outlined in the Use Case Worksheet. Use flip charts or a whiteboard to brainstorm and document their thoughts.
    4. Debrief and document results in the Data Use Case Framework Template
    5. Repeat this exercise with as many lines of the business as possible, leveraging your business capability map to guide your progress and align with business value.

    Tip: Don't conclude these use case discussions without substantiating what measures of success will be used to demonstrate the business value of the effort to produce the desired future state, as relevant to each particular use case.

    Input

    • Value streams and business capabilities as defined by business leaders
    • Business stakeholders' subject area expertise
    • Data custodian systems, integration, and data knowledge

    Output

    • Use cases that articulate data-related challenges, needs or opportunities that are tied to defined business capabilities and hence if addressed will deliver measurable value to the organisation.

    Materials

    • Your business capability map from activity 1.1.1
    • Info-Tech's Data Use Case Framework Template
    • Whiteboard or flip charts (or shared screen if working remotely)
    • Markers/pens

    Participants

    • Key business stakeholders
    • Data stewards and business SMEs
    • Data custodians
    • Data Governance Working Group

    Download Info-Tech's Data Use Case Framework Template

    Info-Tech's Framework for Building Use Cases

    Objective: This business needs-gathering activity will highlight and create relevant use cases around data-related problems or opportunities that are clear and contained and, if addressed, will deliver value to the organisation.

    Leveraging your business capability map, build use cases that align with the organisation's key business capabilities.

    Consider:

    • Is the business capability a cost advantage creator or an industry differentiator?
    • Is the business capability currently underserved by data?
    • Does this need to be addressed? If so, is this risk- or value-driven?

    Info-Tech's Data Requirements and Mapping Methodology for Creating Use Cases

    1. What business capability (or capabilities) is this use case tied to for your business area(s)?
    2. What are your data-related challenges in performing this today?
    3. What are the steps in this process/activity today?
    4. What are the applications/systems used at each step today?
    5. What data domains are involved, created, used, and/or transformed at each step today?
    6. What does an ideal or improved state look like?
    7. What other business units, business capabilities, activities, and/or processes will be impacted or improved if this issue was solved?
    8. Who are the stakeholders impacted by these changes? Who needs to be consulted?
    9. What are the risks to the organisation (business capability, revenue, reputation, customer loyalty, etc.) if this is not addressed?
    10. What compliance, regulatory, and/or policy concerns do we need to consider in any solution?
    11. What measures of success or change should we use to prove the value of the effort (such as KPIs, ROI)? What is the measurable business value of doing this?

    The resulting use cases are to be prioritised and leveraged for informing the business case and the data governance capabilities optimisation plan.

    Taken from Info-Tech's Data Use Case Framework Template

    Phase 2

    Understand Your Current Data Governance Capabilities

    Three circles are in the image that list the three phases and the main steps. Phase 2 is highlighted.

    This phase will guide you through the following activities:

    • Understand the Key Components of Data Governance
    • Gauge Your Organisation's Current Data Culture

    This phase involves the following participants:

    • Data Leadership
    • Data Ownership & Stewardship
    • Policies & Procedures
    • Data Literacy & Culture
    • Operating Model
    • Data Management
    • Data Privacy & Security
    • Enterprise Projects & Services

    Step 2.1

    Understand the Key Components of Data Governance

    This step will guide you through the following activities:

    • Understanding the core components of an effective data governance program and determining your organisation's current capabilities in these areas:
      • Data Leadership
      • Data Ownership & Stewardship
      • Policies & Procedures
      • Data Literacy & Culture
      • Operating Model
      • Data Management
      • Data Privacy & Security
      • Enterprise Projects & Services

    Outcomes of this step

    • An understanding of the core components of an effective data governance program
    • An understanding your organisation's current data governance capabilities

    Leverage Info-Tech's: Data Governance Initiative Planning and Roadmap Tool to assess your current data governance capabilities and plot your target state accordingly.

    This tool will help your organisation plan the sequence of activities, capture start dates and expected completion dates, and create a roadmap that can be effectively communicated to the organisation.

    Review: Info-Tech's Data Governance Framework

    An image of Info-Tech's Data Governance Framework

    Key components of data governance

    A well-defined data governance program will deliver:

    • Defined accountability and responsibility for data.
    • Improved knowledge and common understanding of the organisation's data assets.
    • Elevated trust and confidence in traceable data.
    • Improved data ROI and reduced data debt.
    • An enabling framework for supporting the ethical use and handling of data.
    • A foundation for building and fostering a data-driven and data-literate organisational culture.

    The key components of establishing sustainable enterprise data governance, taken from Info-Tech's Data Governance Framework:

    • Data Leadership
    • Data Ownership & Stewardship
    • Operating Model
    • Policies & Procedures
    • Data Literacy & Culture
    • Data Management
    • Data Privacy & Security
    • Enterprise Projects & Services

    Data Leadership

    • Data governance needs a dedicated head or leader to steer the organisation's data governance program.
    • For organisations that do have a chief data officer (CDO), their office is the ideal and effective home for data governance.
    • Heads of data governance also have titles such as director of data governance, director of data quality, and director of analytics.
    • The head of your data governance program works with all stakeholders and partners to ensure there is continuous enterprise governance alignment and oversight and to drive the program's direction.
    • While key stakeholders from the business and IT will play vital data governance roles, the head of data governance steers the various components, stakeholders, and initiatives, and provides oversight of the overall program.
    • Vital data governance roles include: data owners, data stewards, data custodians, data governance steering committee (or your organisation's equivalent), and any data governance working group(s).

    The role of the CDO: the voice of data

    The office of the chief data officer (CDO):

    • Has a cross-organisational vision and strategy for data.
    • Owns and drives the data strategy; ensures it supports the overall organisational strategic direction and business goals.
    • Leads the organisational data initiatives, including data governance
    • Is accountable for the policy, strategy, data standards, and data literacy necessary for the organisation to operate effectively.
    • Educates users and leaders about what it means to be 'data-driven.'
    • Builds and fosters a culture of data excellence.

    'Compared to most of their C-suite colleagues, the CDO is faced with a unique set of problems. The role is still being defined. The chief data officer is bringing a new dimension and focus to the organisation: "data." '
    – Carruthers and Jackson, 2020

    Who does the CDO report to?

    Example reporting structure.
    • The CDO should be a true C- level executive.
    • Where the organisation places the CDO role in the structure sends an important signal to the business about how much it values data.

    'The title matters. In my opinion, you can't have a CDO without executive authority. Otherwise no one will listen.'

    – Anonymous European CDO

    'The reporting structure depends on who's the 'glue' that ties together all these uniquely skilled individuals.'

    – John Kemp, Senior Director, Executive Services, Info-Tech Research Group

    Data Ownership & Stewardship

    Who are best suited to be data owners?

    • Wherever they may sit in your organisation, data owners will typically have the highest stake in that data.
    • Data owners needs to be suitably senior and have the necessary decision-making power.
    • They have the highest interest in the related business data domain, whether they are the head of a business unit or the head of a line of business that produces data or consumes data (or both).
    • If they are neither of these, it's unlikely they will have the interest in the data (in terms of its quality, protection, ethical use, and handling, for instance) necessary to undertake and adopt the role effectively.

    Data owners are typically senior business leaders with the following characteristics:

    • Positioned to accept accountability for their data domain.
    • Hold authority and influence to affect change, including across business processes and systems, needed to improve data quality, use, handling, integration, etc.
    • Have access to a budget and resources for data initiatives such as resolving data quality issues, data cleansing initiatives, business data catalogue build, related tools and technology, policy management, etc.
    • Hold the influence needed to drive change in behaviour and culture.
    • Act as ambassadors of data and its value as an organisational strategic asset.

    Right-size your data governance organisational structure

    • Most organisations strive to identify roles and responsibilities at a strategic, and operational level. Several factors will influence the structure of the program such as the focus of the data governance project as well as the maturity and size of the organisation.
    • Your data governance structure has to work for your organisation, and it has to evolve as the organisation evolves.
    • Formulate your blend of data governance roles, committees, councils, and cross-functional groups, that make sense for your organisation.
    • Your data governance organisational structure should not add complexity or bureaucracy to your organisation's data landscape; it should support and enable your principle of treating data as an asset.

    There is no one-size-fits-all data governance organisational structure.

    Example of a Data Governance Organisational Structure

    Critical roles and responsibilities for data governance

    Data Governance Working Groups

    Data governance working groups:

    • Are cross-functional teams
    • Deliver on data governance projects, initiatives, and ad hoc review committees.

    Data Stewards

    Traditionally, data stewards:

    • Serve on an operational level addressing issues related to adherence to standards/procedures, monitoring data quality, raising issues identified, etc.
    • Are responsible for managing access, quality, escalating issues, etc.

    Data Custodians

    • Traditionally, data custodians:
    • Serve on an operational level addressing issues related to data and database administration.
    • Support the management of access, data quality, escalating issues, etc.
    • Are SMEs from IT and database administration.

    Example: Business capabilities to data owner and data stewards mapping for a selected data domain

    Info-Tech Insight

    Your organisation's value streams and the associated business capabilities require effectively governed data. Without this, you face elevated operational costs, missed opportunities, eroded stakeholder satisfaction, and exposure to increased business risk.

    Enabling business capabilities with data governance role definitions

    Example: Business capabilities to data owner and data stewards mapping for a selected data domain

    Operating Model

    Your operating model is the key to designing and operationalizing a form of data governance that delivers measurable business value to your organisation.

    'Generate excitement for data: When people are excited and committed to the vision of data enablement, they're more likely to help ensure that data is high quality and safe.' – Petzold, et al., 2020

    Operating Model

    Defining your data governance operating model will help create a well-oiled program that sustainably delivers value to the organisation and manages risks while building and fostering a culture of data excellence along the way. Some organisations are able to establish a formal data governance office, whether independent or attached to the office of the chief data officer. Regardless of how you are organised, data governance requires a home, a leader, and an operating model to ensure its sustainability and evolution.

    Examples of focus areas for your operating model:

    • Delivery: While there are core tenets to every data governance program, there is a level of variability in the implementation of data governance programs across organisations, sectors, and industries. Every organisation has its own particular drivers and mandates, so the level and rigour applied will also vary.
    • The key is to determine what style will work best in your organisation, taking into consideration your organisational culture, executive leadership support (present and ongoing), catalysts such as other enterprise-wide transformative and modernisation initiatives, and/or regulatory and compliances drivers.

    • Communication: Communication is vital across all levels and stakeholder groups. For instance, there needs to be communication from the data governance office up to senior leadership, as well as communication within the data governance organisation, which is typically made up of the data governance steering committee, data governance council, executive sponsor/champion, data stewards, and data custodians and working groups.
    • Furthermore, communication with the wider organisation of data producers, users, and consumers is one of the core elements of the overall data governance communications plan.

    Communication is vital for ensuring acceptance of new processes, rules, guidelines, and technologies by all data producers and users as well as for sharing success stories of the program.

    Operating Model

    Tie the value of data governance and its initiatives back to the business capabilities that are enabled.

    'Leading organisations invest in change management to build data supporters and convert the sceptics. This can be the most difficult part of the program, as it requires motivating employees to use data and encouraging producers to share it (and ideally improve its quality at the source)[.]' – Petzold, et al., 2020

    Operating Model

    Examples of focus areas for your operating model (continued):

    • Change management and issue resolution: Data governance initiatives will very likely bring about a level of organisational disruption, with governance recommendations and future state requiring potentially significant business change. This may include a redesign of a substantial number of data processes affecting various business units, which will require tweaking the organisation's culture, thought processes, and procedures surrounding its data.
    • Preparing people for change well in advance will allow them to take the steps necessary to adapt and reduce potential confrontation. By planning for and efficiently communicating any changes that a data governance initiative may bring, many initial issues can be resolved from the outset.

      Attempting to implement change without an effective communications plan can result in disagreements over data control and stalemates between stakeholder units. The recommendations of the governance group must reflect the needs of all stakeholders or there will be pushback.

    • Performance measuring, monitoring and reporting: Measuring and reporting on performance, successes, and realisation of tangible business value are a must for sustaining, growing, and scaling your data governance program.
    • Aligning your data governance to the organisation's value realisation activities enables you to leverage the KPIs of those business capabilities to demonstrate tangible and measurable value. Use terms and language that will resonate with your senior business leadership.

    Info-Tech Tip:

    Launching a data governance program will bring with it a level of disruption to the culture of the organisation. That disruption doesn't have to be detrimental if you are prepared to manage the change proactively and effectively.

    Policies, Procedures & Standards

    'Data standards are the rules by which data are described and recorded. In order to share, exchange, and understand data, we must standardise the format as well as the meaning.' – U.S. Geological Survey

    Policies, Procedures & Standards

    • When defining, updating, or refreshing your data policies, procedures, and standards, ensure they are relevant, serve a purpose, and/or support the use of data in the organisation.
    • Avoid the common pitfall of building out a host of policies, procedures, and standards that are never used or followed by users and therefore don't bring value or serve to mitigate risk for the organisation.
    • Data policies can be thought of as formal statements and are typically created, approved, and updated by the organisation's data decision-making body (such as a data governance steering committee).
    • Data standards and procedures function as actions, or rules, that support the policies and their statements.
    • Standards and procedures are designed to standardise the processes during the overall data lifecycle. Procedures are instructions to achieve the objectives of the policies. The procedures are iterative and will be updated with approval from your data governance committee as needed.
    • Your organisation's data policies, standards, and procedures should not bog down or inhibit users; rather, they should enable confident data use and handling across the overall data lifecycle. They should support more effective and seamless data capture, integration, aggregation, sharing, and retention of data in the organisation.

    Examples of data policies:

    • Data Classification Policy
    • Data Retention Policy
    • Data Entry Policy
    • Data Backup Policy
    • Data Provenance Policy
    • Data Management Policy

    See Info-Tech's Data Governance Policy Template: This policy establishes uniformed data governance standards and identifies the shared responsibilities for assuring the integrity of the data and that it efficiently and effectively serves the needs of your organisation.

    Data Domain Documentation

    Select the correct granularity for your business need

    Diagram of data domain documentation
    Sources: Dataversity; Atlan; Analytics8

    Data Domain Documentation Examples

    Data Domain Documentation Examples

    Data Culture

    'Organisational culture can accelerate the application of analytics, amplify its power, and steer companies away from risky outcomes.' – Petzold, et al., 2020

    A healthy data culture is key to amplifying the power of your data and to building and sustaining an effective data governance program.

    What does a healthy data culture look like?

    • Everybody knows the data.
    • Everybody trusts the data.
    • Everybody talks about the data.

    Building a culture of data excellence.

    Leverage Info-Tech's Data Culture Diagnostic to understand your organisation's culture around data.

    Screenshot of Data Culture Scorecard

    Contact your Info-Tech Account Representative for more information on the Data Culture Diagnostic

    Cultivating a data-driven culture is not easy

    'People are at the heart of every culture, and one of the biggest challenges to creating a data culture is bringing everyone into the fold.' – Lim, Alation

    It cannot be purchased or manufactured,

    It must be nurtured and developed,

    And it must evolve as the business, user, and data landscapes evolve.

    'Companies that have succeeded in their data-driven efforts understand that forging a data culture is a relentless pursuit, and magic bullets and bromides do not deliver results.' – Randy Bean, 2020

    Hallmarks of a data-driven culture

    There is a trusted, single source of data the whole company can draw from.

    There's a business glossary and data catalogue and users know what the data fields mean.

    Users have access to data and analytics tools. Employees can leverage data immediately to resolve a situation, perform an activity, or make a decision – including frontline workers.

    Data literacy, the ability to collect, manage, evaluate, and apply data in a critical manner, is high.

    Data is used for decision making. The company encourages decisions based on objective data and the intelligent application of it.

    A data-driven culture requires a number of elements:

    • High-quality data
    • Broad access and data literacy
    • Data-driven decision-making processes
    • Effective communication

    Data Literacy

    Data literacy is an essential part of a data-driven culture.

    • Building a data-driven culture takes an ongoing investment of time, effort, and money.
    • This investment will not realise its full return without building up the organisation's data literacy.
    • Data literacy is about filling data knowledge gaps across all levels of the organisation.
    • It's about ensuring all users – senior leadership right through to core users – are equipped with appropriate levels of training, skills, understanding, and awareness around the organisation's data and the use of associated tools and technologies. Data literacy ensures users have the data they need and they know how to interpret and leverage it.
    • Data literacy drives the appetite, demand, and consumption for data.
    • A data-literate culture is one where the users feel confident and skilled in their use of data, leveraging it for making informed or evidence-based decisions and generating insights for the organisation.

    Data Management

    • Data governance serves as an enabler to all of the core components that make up data management:
      • Data quality management
      • Data architecture management
      • Data platform
      • Data integration
      • Data operations management
      • Data risk management
      • Reference and master data management (MDM)
      • Document and content management
      • Metadata management
      • Business intelligence (BI), reporting, analytics and advanced analytics, artificial intelligence (AI), machine learning (ML)
    • Key tools such as the business data glossary and data catalogue are vital for operationalizing data governance and in supporting data management disciplines such as data quality management, metadata management, and MDM as well as BI, reporting, and analytics.

    Enterprise Projects & Services

    • Data governance serves as an enabler to enterprise projects and services that require, use, share, sell, and/or rely on data for their viability and, ultimately, their success.
    • Folding or embedding data governance into the organisation's project management function or project management office (PMO) serves to ensure that, for any initiative, suitable consideration is given to how data is treated.
    • This may include defining parameters, following standards and procedures around bringing in new sources of data, integrating that data into the organisation's data ecosystem, using and sharing that data, and retaining that data post-project completion.
    • The data governance function helps to identify and manage any ethical issues, whether at the start of the project and/or throughout.
    • It provides a foundation for asking relevant questions as it relates to the use or incorporation of data in delivering the specific project or service. Do we know where the data obtained from? Do we have rights to use that data? Are there legislations, policies, or regulations that guide or dictate how that data can be used? What are the positive effects, negative impacts, and/or risks associated with our intended use of that data? Are we positioned to mitigate those risks?
    • Mature data governance creates organisations where the above considerations around data management and the ethical use and handling of data is routinely implemented across the business and in the rollout and delivery of projects and services.

    Data Privacy & Security

    • Data governance supports the organisation's data privacy and security functions.
    • Key tools include the data classification policy and standards and defined roles around data ownership and data stewardship. These are vital for operationalizing data governance and supporting data privacy, security, and the ethical use and handling of data.
    • While some organisations may have a dedicated data security and privacy group, data governance provides an added level of oversight in this regard.
    • Some of the typical checks and balances include ensuring:
      • There are policies and procedures in place to restrict and monitor staff's access to data (one common way this is done is according to job descriptions and responsibilities) and that these comply with relevant laws and regulations.
      • There's a data classification scheme in place where data has been classified on a hierarchy of sensitivity (e.g. top secret, confidential, internal, limited, public).
      • The organisation has a comprehensive data security framework, including administrative, physical, and technical procedures for addressing data security issues (e.g. password management and regular training).
      • Risk assessments are conducted, including an evaluation of risks and vulnerabilities related to intentional and unintentional misuse of data.
      • Policies and procedures are in place to mitigate the risks associated with incidents such as data breaches.
      • The organisation regularly audits and monitors its data security.

    Ethical Use & Handling of Data

    Data governance will support your organisation's ethical use and handling of data by facilitating definition around important factors, such as:

    • What are the various data assets in the organisation and what purpose(s) can they be used for? Are there any limitations?
    • Who is the related data owner? Who holds accountability for that data? Who will be answerable?
    • Where was the data obtained from? What is the intended use of that data? Do you have rights to use that data? Are there legislations, policies, or regulations that guide or dictate how that data can be used?
    • What are the positive effects, negative impacts, and/or risks associated with the use of that data?

    Ethical Use & Handling of Data

    • Data governance serves as an enabler to the ethical use and handling of an organisation's data.
    • The Open Data Institute (ODI) defines data ethics as: 'A branch of ethics that evaluates data practices with the potential to adversely impact on people and society – in data collection, sharing and use.'
    • Data ethics relates to good practice around how data is collected, used and shared. It's especially relevant when data activities have the potential to impact people and society, whether directly or indirectly (Open Data Institute, 2019).
    • A failure to handle and use data ethically can negatively impact an organisation's direct stakeholders and/or the public at large, lead to a loss of trust and confidence in the organisation's products and services, lead to financial loss, and impact the organisation's brand, reputation, and legal standing.
    • Data governance plays a vital role is building and managing your data assets, knowing what data you have, and knowing the limitations of that data. Data ownership, data stewardship, and your data governance decision-making body are key tenets and foundational components of your data governance. They enable an organisation to define, categorise, and confidently make decisions about its data.

    Step 2.2

    Gauge Your Organisation's Current Data Culture

    Activities

    2.2.1 Gauge Your Organisation's Current Data Culture

    This step will guide you through the following activities:

    • Conduct a data culture survey or leverage Info-Tech's Data Culture Diagnostic to increase your understanding of your organisation's data culture

    Outcomes of this step

    • An understanding of your organisational data culture

    2.2.1 Gauge Your Organisation's Current Data Culture

    Conduct a Data Culture Survey or Diagnostic

    The objectives of conducting a data culture survey are to increase the understanding of the organisation's data culture, your users' appetite for data, and their appreciation for data in terms of governance, quality, accessibility, ownership, and stewardship. To perform a data culture survey:

    1. Identify members of the data user base, data consumers, and other key stakeholders for surveying.
    2. Conduct an information session to introduce Info-Tech's Data Culture Diagnostic survey. Explain the objective and importance of the survey and its role in helping to understand the organisation's current data culture and inform the improvement of that culture.
    3. Roll out the Info-Tech Data Culture Diagnostic survey to the identified users and stakeholders.
    4. Debrief and document the results and scorecard in the Data Strategy Stakeholder Interview Guide and Findings document.

    Input

    • Email addresses of participants in your organisation who should receive the survey

    Output

    • Your organisation's Data Culture Scorecard for understanding current data culture as it relates to the use and consumption of data
    • An understanding of whether data is currently perceived to be an asset to the organisation

    Materials

    Screenshot of Data Culture Scorecard

    Participants

    • Participants include those at the senior leadership level through to middle management, as well as other business stakeholders at varying levels across the organisation
    • Data owners, stewards, and custodians
    • Core data users and consumers

    Contact your Info-Tech Account Representative for details on launching a Data Culture Diagnostic.

    Phase 3

    Build a Target State Roadmap and Plan

    Three circles are in the image that list the three phases and the main steps. Phase 3 is highlighted.

    'Achieving data success is a journey, not a sprint. Companies that set a clear course, with reasonable expectations and phased results over a period of time, get to the destination faster.' – Randy Bean, 2020

    This phase will guide you through the following activities:

    • Build your Data Governance Roadmap
    • Develop a target state plan comprising of prioritised initiatives

    This phase involves the following participants:

    • Data Governance Leadership
    • Data Owners/Data Stewards
    • Data Custodians
    • Data Governance Working Group(s)

    Step 3.1

    Formulate an Actionable Roadmap and Right-Sized Plan

    This step will guide you through the following activities:

    • Build your data governance roadmap
    • Develop a target state plan comprising of prioritised initiatives

    Download Info-Tech's Data Governance Planning and Roadmapping Workbook

    See Info-Tech's Data Governance Program Charter Template: A program charter template to sell the importance of data governance to senior executives.

    This template will help get the backing required to get a data governance project rolling. The program charter will help communicate the project purpose, define the scope, and identify the project team, roles, and responsibilities.

    Outcomes of this step

    • A foundation for data governance initiative planning that's aligned with the organisation's business architecture: value streams, business capability map, and strategy map

    Build a right-sized roadmap

    Formulate an actionable roadmap that is right sized to deliver value in your organisation.

    Key considerations:

    • When building your data governance roadmap, ensure you do so through an enterprise lens. Be cognizant of other initiatives that might be coming down the pipeline that may require you to align your data governance milestones accordingly.
    • Apart from doing your planning with consideration for other big projects or launches that might be in-flight and require the time and attention of your data governance partners, also be mindful of the more routine yet still demanding initiatives.
    • When doing your roadmapping, consider factors like the organisation's fiscal cycle, typical or potential year-end demands, and monthly/quarterly reporting periods and audits. Initiatives such as these are likely to monopolise the time and focus of personnel key to delivering on your data governance milestones.

    Sample milestones:

    Data Governance Leadership & Org Structure Definition

    Define the home for data governance and other key roles around ownership and stewardship, as approved by senior leadership.

    Data Governance Charter and Policies

    Create a charter for your program and build/refresh associated policies.

    Data Culture Diagnostic

    Understand the organisation's current data culture, perception of data, value of data, and knowledge gaps.

    Use Case Build and Prioritisation

    Build a use case that is tied to business capabilities. Prioritise accordingly.

    Business Data Glossary/catalogue

    Build and/or refresh the business' glossary for addressing data definitions and standardisation issues.

    Tools & Technology

    Explore the tools and technology offering in the data governance space that would serve as an enabler to the program. (e.g. RFI, RFP).

    Recall: Info-Tech's Data Governance Framework

    An image of Info-Tech's Data Governance Framework

    Build an actionable roadmap

    Data Governance Leadership & Org Structure Division

    Define key roles for getting started.

    Use Case Build & Prioritisation

    Start small and then scale – deliver early wins.

    Literacy Program

    Start understanding data knowledge gaps, building the program, and delivering.

    Tools & Technology

    Make the available data governance tools and technology work for you.

    Key components of your data governance roadmap

    Data Governance Program Charter Template – A program charter template to sell the importance of data governance to senior executives.

    This template will help get the backing required to get a data governance project rolling. The program charter will help communicate the project purpose, define the scope, and identify the project team, roles, and responsibilities.

    By now, you have assessed current data governance environment and capabilities. Use this assessment, coupled with the driving needs of your business, to plot your data Governance roadmap accordingly.

    Sample data governance roadmap milestones:

    • Define data governance leadership.
    • Define and formalise data ownership and stewardship (as well as the role IT/data management will play as data custodians).
    • Build/confirm your business capability map and data domains.
    • Build business data use cases specific to business capabilities.
    • Define business measures/KPIs for the data governance program (i.e. metrics by use case that are relevant to business capabilities).
    • Data management:
      • Build your data glossary or catalogue starting with identified and prioritised terms.
      • Define data domains.
    • Design and define the data governance operating model (oversight model definition, communication plan, internal marketing such as townhalls, formulate change management plan, RFP of data governance tool and technology options for supporting data governance and its administration).
    • Data policies and procedures:
      • Formulate, update, refresh, consolidate, rationalise, and/or retire data policies and procedures.
      • Define policy management and administration framework (i.e. roll-out, maintenance, updates, adherence, system to be used).
    • Conduct Info-Tech's Data Culture Diagnostic or survey (across all levels of the organisation).
    • Define and formalise the data literacy program (build modules, incorporate into LMS, plan lunch and learn sessions).
    • Data privacy and security: build data classification policy, define classification standards.
    • Enterprise projects and services: embed data governance in the organisation's PMO, conduct 'Data Governance 101' for the PMO.

    Defining data governance roles and organisational structure at Organisation

    The approach employed for defining the data governance roles and supporting organisational structure for .

    Key Considerations:

    • The data owner and data steward roles are formally defined and documented within the organisation. Their involvement is clear, well-defined, and repeatable.
    • There are data owners and data stewards for each data domain within the organisation. The data steward role is given to someone with a high degree of subject matter expertise.
    • Data owners and data stewards are effective in their roles by ensuring that their data domain is clean and free of errors and that they protect the organisation against data loss.
    • Data owners and data stewards have the authority to make final decisions on data definitions, formats, and standard processes that apply to their respective data sets. Data owners and data stewards have authority regarding who has access to certain data.
    • Data owners and data stewards are not from the IT side of the organisation. They understand the lifecycle of the data (how it is created, curated, retrieved, used, archived, and destroyed) and they are well-versed in any compliance requirements as it relates to their data.
    • The data custodian role is formally defined and is given to the relevant IT expert. This is an individual with technical administrative and/or operational responsibility over data (e.g. a DBA).
    • A data governance steering committee exists and is comprised of well-defined roles, responsibilities, executive sponsors, business representatives, and IT experts.
    • The data governance steering committee works to provide oversight and enforce policies, procedures, and standards for governing data.
    • The data governance working group has cross-functional representation. This comprises business and IT representation, as well as project management and change management where applicable: data stewards, data custodians, business subject matter experts, PM, etc.).
    • Data governance meetings are coordinated and communicated about. The meeting agenda is always clear and concise, and meetings review pressing data-related issues. Meeting minutes are consistently documented and communicated.

    Sample: Business capabilities to data owner and data stewards mapping for a selected data domain

    Info-Tech Insight

    Your organisation's value streams and the associated business capabilities require effectively governed data. Without this, you face elevated operational costs, missed opportunities, eroded stakeholder satisfaction, and exposure to increased business risk.

    Enable business capabilities with data governance role definitions.

    Sample: Business capabilities to data owner and data stewards mapping for a selected data domain

    Consider your technology options:

    Make the available data governance tools and technology work for you:

    • Data catalogue
    • Business data glossary
    • Data lineage
    • Metadata management

    Logos of data governance tools and technology.

    These are some of the data governance tools and technology players. Check out SoftwareReviews for help making better software decisions.

    Make the data steward the catalyst for organisational change and driving data culture

    The data steward must be empowered and backed politically with decision-making authority, or the role becomes stale and powerless.

    Ensuring compliance can be difficult. Data stewards may experience pushback from stakeholders who must deliver on the policies, procedures, and processes that the data steward enforces.

    Because the data steward must enforce data processes and liaise with so many different people and departments within the organisation, the data steward role should be their primary full-time job function – where possible.

    However, in circumstances where budget doesn't allow a full-time data steward role, develop these skills within the organisation by adding data steward responsibilities to individuals who are already managing data sets for their department or line of business.

    Info-Tech Tip

    A stewardship role is generally more about managing the cultural change that data governance brings. This requires the steward to have exceptional interpersonal skills that will assist in building relationships across departmental boundaries and ensuring that all stakeholders within the organisation believe in the initiative, understand the anticipated outcomes, and take some level of responsibility for its success.

    Changes to organisational data processes are inevitable; have a communication plan in place to manage change

    Create awareness of your data governance program. Use knowledge transfer to get as many people on board as possible.

    Data governance initiatives must contain a strong organisational disruption component. A clear and concise communication strategy that conveys milestones and success stories will address the various concerns that business unit stakeholders may have.

    By planning for and efficiently communicating any changes that a data governance initiative may bring, many initial issues can be resolved from the outset.

    Governance recommendations will require significant business change. The redesign of a substantial number of data processes affecting various business units will require an overhaul of the organisation's culture, thought processes, and procedures surrounding its data. Preparing people for change well in advance will allow them to take the necessary steps to adapt and reduce potential confrontation.

    Because a data governance initiative will involve data-driven business units across the organisation, the governance team must present a compelling case for data governance to ensure acceptance of new processes, rules, guidelines, and technologies by all data producers and users.

    Attempting to implement change without an effective communication plan can result in disagreements over data control and stalemates between stakeholder units. The recommendations of the governance group must reflect the needs of all stakeholders or there will be pushback.

    Info-Tech Insight

    Launching a data governance initiative is guaranteed to disrupt the culture of the organisation. That disruption doesn't have to be detrimental if you are prepared to manage the change proactively and effectively.

    Create a common data governance vision that is consistently communicated to the organisation

    A data governance program should be an enterprise-wide initiative.

    To create a strong vision for data governance, there must be participation from the business and IT. A common vision will articulate the state the organisation wishes to achieve and how it will reach that state. Visioning helps to develop long-term goals and direction.

    Once the vision is established, it must be effectively communicated to everyone, especially those who are involved in creating, managing, disposing, or archiving data.

    The data governance program should be periodically refined. This will ensure the organisation continues to incorporate best methods and practices as the organisation grows and data needs evolve.

    Info-Tech Tips

    • Use information from the stakeholder interviews to derive business goals and objectives.
    • Work to integrate different opinions and perspectives into the overall vision for data governance.
    • Brainstorm guiding principles for data and understand the overall value to the organisation.

    Develop a compelling data governance communications plan to get all departmental lines of business on board

    A data governance program will impact all data-driven business units within the organisation.

    A successful data governance communications plan involves making the initiative visible and promoting staff awareness. Educate the team on how data is collected, distributed, and used, what internal processes use data, and how that data is used across departmental boundaries.

    By demonstrating how data governance will affect staff directly, you create a deeper level of understanding across lines of business, and ultimately, a higher level of acceptance for new processes, rules, and guidelines.

    A clear and concise communications strategy will raise the profile of data governance within the organisation, and staff will understand how the program will benefit them and how they can share in the success of the initiative. This will end up providing support for the initiative across the board.

    A proactive communications plan will:

    • Assist in overcoming issues with data control, stalemates between stakeholder units, and staff resistance.
    • Provide a formalised process for implementing new policies, rules, guidelines, and technologies, and managing organisational data.
    • Detail data ownership and accountability for decision making, and identify and resolve data issues throughout the organisation.
    • Encourage acceptance and support of the initiative.

    Info-Tech Tip

    Focus on literacy and communication: include training in the communication plan. Providing training for data users on the correct procedures for updating and verifying the accuracy of data, data quality, and standardised data policies will help validate how data governance will benefit them and the organisation.

    Leverage the data governance program to communicate and promote the value of data within the organisation

    The data governance program is responsible for continuously promoting the value of data to the organisation. The data governance program should seek a variety of ways to educate the organisation and data stakeholders on the benefit of data management.

    Even if data policies and procedures are created, they will be highly ineffective if they are not properly communicated to the data producers and users alike.

    There needs to be a communication plan that highlights how the data producer and user will be affected, what their new responsibilities are, and the value of that change.

    To learn how to manage organisational change, refer to Info-Tech's Master Organisational Change Management Practices.

    Understand what makes for an effective policy for data governance

    It can be difficult to understand what a policy is, and what it is not. Start by identifying the differences between a policy and standards, guidelines, and procedures.

    Diagram of an effective policy for data governance

    The following are key elements of a good policy:

    Heading Descriptions
    Purpose Describes the factors or circumstances that mandate the existence of the policy. Also states the policy's basic objectives and what the policy is meant to achieve.
    Scope Defines to whom and to what systems this policy applies. Lists the employees required to comply or simply indicates 'all' if all must comply. Also indicates any exclusions or exceptions, i.e. those people, elements, or situations that are not covered by this policy or where special consideration may be made.
    Definitions Define any key terms, acronyms, or concepts that will be used in the policy. A standard glossary approach is sufficient.
    Policy Statements Describe the rules that comprise the policy. This typically takes the form of a series of short prescriptive and proscriptive statements. Sub-dividing this section into sub-sections may be required depending on the length or complexity of the policy.
    Non-Compliance Clearly describe consequences (legal and/or disciplinary) for employee non-compliance with the policy. It may be pertinent to describe the escalation process for repeated non-compliance.
    Agreement Confirms understanding of the policy and provides a designated space to attest to the document.

    Leverage myPolicies, Info-Tech's web-based application for managing your policies and procedures

    Most organisations have problems with policy management. These include:

    1. Policies are absent or out of date
    2. Employees largely unaware of policies in effect
    3. Policies are unmonitored and unenforced
    4. Policies are in multiple locations
    5. Multiple versions of the same policy exist
    6. Policies managed inconsistently across different silos
    7. Policies are written poorly by untrained authors
    8. Inadequate policy training program
    9. Draft policies stall and lose momentum
    10. Weak policy support from senior management

    Technology should be used as a means to solve these problems and effectively monitor, enforce, and communicate policies.

    Product Overview

    myPolicies is a web-based solution to create, distribute, and manage corporate policies, procedures, and forms. Our solution provides policy managers with the tools they need to mitigate the risk of sanctions and reduce the administrative burden of policy management. It also enables employees to find the documents relevant to them and build a culture of compliance.

    Some key success factors for policy management include:

    • Store policies in a central location that is well known and easy to find and access. A key way that technology can help communicate policies is by having them published on a centralised website.
    • Link this repository to other policies' taxonomies of your organisation. E.g. HR policies to provide a single interface for employees to access guidance across the organisation.
    • Reassess policies annually at a minimum. myPolicies can remind you to update the organisation's policies at the appropriate time.
    • Make the repository searchable and easily navigable.
    • myPolicies helps you do all this and more.
    myPolicies logo myPolicies

    Enforce data policies to promote consistency of business processes

    Data policies are short statements that seek to manage the creation, acquisition, integrity, security, compliance, and quality of data. These policies vary amongst organisations, depending on your specific data needs.

    • Policies describe what to do, while standards and procedures describe how to do something.
    • There should be few data policies, and they should be brief and direct. Policies are living documents and should be continuously updated to respond to the organisation's data needs.
    • The data policies should highlight who is responsible for the data under various scenarios and rules around how to manage it effectively.

    Examples of Data Policies

    Trust

    • Data Cleansing and Quality Policy
    • Data Entry Policy

    Availability

    • Acceptable Use Policy
    • Data Backup Policy

    Security

    • Data Security Policy
    • Password Policy Template
    • User Authorisation, Identification, and Authentication Policy Template
    • Data Protection Policy

    Compliance

    • Archiving Policy
    • Data Classification Policy
    • Data Retention Policy

    Leverage data management-related policies to standardise your data management practices

    Info-Tech's Data Management Policy:

    This policy establishes uniform data management standards and identifies the shared responsibilities for assuring the integrity of the data and that it efficiently and effectively serves the needs of the organisation. This policy applies to all critical data and to all staff who may be creators and/or users of such data.

    Info-Tech's Data Entry Policy:

    The integrity and quality of data and evidence used to inform decision making is central to both the short-term and long-term health of an organisation. It is essential that required data be sourced appropriately and entered into databases and applications in an accurate and complete manner to ensure the reliability and validity of the data and decisions made based on the data.

    Info-Tech's Data Provenance Policy:

    Create policies to keep your data's value, such as:

    • Only allow entry of data from reliable sources.
    • Employees entering and accessing data must observe requirements for capturing/maintaining provenance metadata.
    • Provenance metadata will be used to track the lifecycle of data from creation through to disposal.

    Info-Tech's Data Integration and Virtualisation Policy:

    This policy aims to assure the organisation, staff, and other interested parties that data integration, replication, and virtualisation risks are taken seriously. Staff must use the policy (and supporting guidelines) when deciding whether to integrate, replicate, or virtualise data sets.

    Select the right mix of metrics to successfully supervise data policies and processes

    Policies are only as good as your level of compliance. Ensure supervision controls exist to oversee adherence to policies and procedures.

    Although they can be highly subjective, metrics are extremely important to data governance success.

    • Establishing metrics that measure the performance of a specific process or data set will:
      • Create a greater degree of ownership from data stewards and data owners.
      • Help identify underperforming individuals.
      • Allow the steering committee to easily communicate tailored objectives to individual data stewards and owners.
    • Be cautious when establishing metrics. The wrong metrics can have negative repercussions.
      • They will likely draw attention to an aspect of the process that doesn't align with the initial strategy.
      • Employees will work hard and grow frustrated as their successes aren't accurately captured.

    Policies are great to have from a legal perspective, but unless they are followed, they will not benefit the organisation.

    • One of the most useful metrics for policies is currency. This tracks how up to date the policy is and how often employees are informed about the policy. Often, a policy will be introduced and then ignored. Policies must be continuously reviewed by management and employees.
    • Some other metrics include adherence (including performance in tests for adherence) and impacts from non-adherence.

    Review metrics on an ongoing basis with those data owners/stewards who are accountable, the data governance steering committee, and the executive sponsors.

    Establish data standards and procedures for use across all organisational lines of business

    A data governance program will impact all data-driven business units within the organisation.

    • Data management procedures are the methods, techniques, and steps to accomplish a specific data objective. Creating standard data definitions should be one of the first tasks for a data governance steering committee.
    • Data moves across all departmental boundaries and lines of business within the organisation. These definitions must be developed as a common set of standards that can be accepted and used enterprise wide.
    • Consistent data standards and definitions will improve data flow across departmental boundaries and between lines of business.
    • Ensure these standards and definitions are used uniformly throughout the organisation to maintain reliable and useful data.

    Data standards and procedural guidelines will vary from company to company.

    Examples include:

    • Data modelling and architecture standards.
    • Metadata integration and usage procedures.
    • Data security standards and procedures.
    • Business intelligence standards and procedures.

    Info-Tech Tip

    Have a fundamental data definition model for the entire business to adhere to. Those in the positions that generate and produce data must follow the common set of standards developed by the steering committee and be accountable for the creation of valid, clean data.

    Changes to organisational data processes are inevitable; have a communications plan in place to manage change

    Create awareness of your data governance program, using knowledge transfer to get as many people on board as possible.

    By planning for and efficiently communicating any changes that a data governance initiative may bring, many initial issues can be resolved from the outset.

    Governance recommendations will require significant business change. The redesign of a substantial number of data processes affecting various business units will require an overhaul of the organisation's culture, thought processes, and procedures surrounding its data. Preparing people for change well in advance will allow them to take the necessary steps to adapt and reduce potential confrontation.

    Because a data governance initiative will involve data-driven business units across the organisation, the governance team must present a compelling case for data governance to ensure acceptance of new processes, rules, guidelines, and technologies by all data producers and users.

    Attempting to implement change without an effective communications plan can result in disagreements over data control and stalemates between stakeholder units. The recommendations of the governance group must reflect the needs of all stakeholders or there will be pushback.

    Data governance initiatives will very likely bring about a level of organisational disruption. A clear and concise communications strategy that conveys milestones and success stories will address the various concerns that business unit stakeholders may have.

    Info-Tech Tip

    Launching a data governance program will bring with it a level of disruption to the culture of the organisation. That disruption doesn't have to be detrimental if you are prepared to manage the change proactively and effectively.

    Other Deliverables:

    The list of supporting deliverables will help to kick start on some of the Data Governance initiatives

    • Data Classification Policy, Standard, and Procedure
    • Data Quality Policy, Standard, and Procedure
    • Metadata Management Policy, Standard, and Procedure
    • Data Retention Policy and Procurement

    Screenshot from Data Classification Policy, Standard, and Procedure

    Data Classification Policy, Standard, and Procedure

    Screenshot from Data Retention Policy and Procedure

    Data Retention Policy and Procedure

    Screenshot from Metadata Management Policy, Standard, and Procedure

    Metadata Management Policy, Standard, and Procedure

    Screenshot from Data Quality Policy, Standard, and Procedure

    Data Quality Policy, Standard, and Procedure

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

    Picture of analyst

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team. Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Screenshot of example data governance strategy map.

    Build Your Business and User Context

    Work with your core team of stakeholders to build out your data governance strategy map, aligning data governance initiatives with business capabilities, value streams, and, ultimately, your strategic priorities.

    Screenshot of Data governance roadmap

    Formulate a Plan to Get to Your Target State

    Develop a data governance future state roadmap and plan based on an understanding of your current data governance capabilities, your operating environment, and the driving needs of your business.

    Related Info-Tech Research

    Build a Robust and Comprehensive Data Strategy

    Key to building and fostering a data-driven culture.

    Create a Data Management Roadmap

    Streamline your data management program with our simplified framework.

    The First 100 Days as CDO

    Be the voice of data in a time of transformation.

    Research Contributors

    Name Position Company
    David N. Weber Executive Director - Planning, Research and Effectiveness Palm Beach State College
    Izabela Edmunds Information Architect Mott MacDonald
    Andy Neill Practice Lead, Data & Analytics Info-Tech Research Group
    Dirk Coetsee Research Director, Data & Analytics Info-Tech Research Group
    Graham Price Executive Advisor, Advisory Executive Services Info-Tech Research Group
    Igor Ikonnikov Research Director, Data & Analytics Info-Tech Research Group
    Jean Bujold Senior Workshop Delivery Director Info-Tech Research Group
    Rajesh Parab Research Director, Data & Analytics Info-Tech Research Group
    Reddy Doddipalli Senior Workshop Director Info-Tech Research Group
    Valence Howden Principal Research Director, CIO Info-Tech Research Group

    Bibliography

    Alation. “The Alation State of Data Culture Report – Q3 2020.” Alation, 2020. Accessed 25 June 2021.

    Allott, Joseph, et al. “Data: The Next Wave in Forestry Productivity.” McKinsey & Company, 27 Oct. 2020. Accessed 25 June 2021.

    Bean, Randy. “Why Culture Is the Greatest Barrier to Data Success.” MIT Sloan Management Review, 30 Sept. 2020. Accessed 25 June 2021.

    Brence, Thomas. “Overcoming the Operationalization Challenge With Data Governance at New York Life.” Informatica, 18 March 2020. Accessed 25 June 2021.

    Bullmore, Simon, and Stuart Coleman. “ODI Inside Business – A Checklist for Leaders.” Open Data Institute, 19 Oct. 2020. Accessed 25 June 2021.

    Canadian Institute for Health Information. “Developing and Implementing Accurate National Standards for Canadian Health Care Information.” Canadian Institute for Health Information. Accessed 25 June 2021.

    Carruthers, Caroline, and Peter Jackson. “The Secret Ingredients of the Successful CDO.” IRM UK Connects, 23 Feb. 2017.

    Dashboards. “Useful KPIs for Healthy Hospital Quality Management.” Dashboards. Accessed 25 June 2021.

    Dashboards. “Why (and How) You Should Improve Data Literacy in Your Organization Today.” Dashboards. Accessed 25 June 2021.

    Datapine. “Healthcare Key Performance Indicators and Metrics.” Datapine. Accessed 25 June 2021.

    Datapine. “KPI Examples & Templates: Measure what matters the most and really impacts your success.” Datapine. Accessed 25 June 2021.

    Diaz, Alejandro, et al. “Why Data Culture Matters.” McKinsey Quarterly, Sept. 2018. Accessed 25 June 2021.

    Everett, Dan. “Chief Data Officer (CDO): One Job, Four Roles.” Informatica, 9 Sept. 2020. Accessed 25 June 2021.

    Experian. “10 Signs You Are Sitting On A Pile Of Data Debt.” Experian. Accessed 25 June 2021.

    Fregoni, Silvia. “New Research Reveals Why Some Business Leaders Still Ignore the Data.” Silicon Angle, 1 Oct. 2020

    Informatica. Holistic Data Governance: A Framework for Competitive Advantage. Informatica, 2017. Accessed 25 June 2021.

    Knight, Michelle. “What Is a Data Catalog?” Dataversity, 28 Dec. 2017. Web.

    Lim, Jason. “Alation 2020.3: Getting Business Users in the Game.” Alation, 2020. Accessed 25 June 2021.

    McDonagh, Mariann. “Automating Data Governance.” Erwin, 29 Oct. 2020. Accessed 25 June 2021.

    NewVantage Partners. Data-Driven Business Transformation: Connecting Data/AI Investment to Business Outcomes. NewVantage Partners, 2020. Accessed 25 June 2021.

    Olavsrud, Thor. “What Is Data Governance? A Best Practices Framework For Managing Data Assets.” CIO.com, 18 March 2021. Accessed 25 June 2021.

    Open Data Institute. “Introduction to Data Ethics and the Data Ethics Canvas.” Open Data Institute, 2020. Accessed 25 June 2021.

    Open Data Institute. “The UK National Data Strategy 2020: Doing Data Ethically.” Open Data Institute, 17 Nov. 2020. Accessed 25 June 2021.

    Open Data Institute. “What Is the Data Ethics Canvas?” Open Data Institute, 3 July 2019. Accessed 25 June 2021.

    Pathak, Rahul. “Becoming a Data-Driven Enterprise: Meeting the Challenges, Changing the Culture.” MIT Sloan Management Review, 28 Sept. 2020. Accessed 25 June 2021.

    Petzold, Bryan, et al. “Designing Data Governance That Delivers Value.” McKinsey & Company, 26 June 2020. Accessed 25 June 2021.

    Redman, Thomas, et al. “Only 3% of Companies’ Data Meets Basic Quality Standards.” Harvard Business Review. 11 Sept 2017.

    Smaje, Kate. “How Six Companies Are Using Technology and Data To Transform Themselves.” McKinsey & Company, 12 Aug. 2020. Accessed 25 June 2021.

    Talend. “The Definitive Guide to Data Governance.” Talend. Accessed 25 June 2021.

    “The Powerfully Simple Modern Data Catalog.” Atlan, 2021. Web.

    U.S. Geological Survey. “Data Management: Data Standards.” U.S. Geological Survey. Accessed 25 June 2021.

    Waller, David. “10 Steps to Creating a Data-Driven Culture.” Harvard Business Review, 6 Feb. 2020. Accessed 25 June 2021.

    “What Is the Difference Between A Business Glossary, A Data Dictionary, and A Data Catalog, and How Do They Play A Role In Modern Data Management?” Analytics8, 23 June 2021. Web.

    Wikipedia. “RFM (Market Research).” Wikipedia. Accessed 25 June 2021.

    Windheuser, Christoph, and Nina Wainwright. “Data in a Modern Digital Business.” Thoughtworks, 12 May 2020. Accessed 25 June 2021.

    Wright, Tom. “Digital Marketing KPIs - The 12 Key Metrics You Should Be Tracking.” Cascade, 3 March 2021. Accessed 25 June 2021.

    Resilience, It's about your business

    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A

    January 17th, 2025 is when your ability to serve clients without interruption is legislated. At least when you are in the financial services sector, or when you supply such firms.  If you are not active in the financial arena, don’t click away. Many of these requirements can just give you an edge over your competition.

    Many firms underestimated the impact of the legislation, but let’s be honest, so did the European Union. The last pieces of the puzzle are still not delivered only two days before the law comes into effect.

    What is DORA all about again? It is the Digital Operational Resilience Act. In essence, it is about your ability to withstand adverse events that may impact your clients or the financial system.

    Aside from some nasty details, this really is just common sense. You need to be organized so that the right people know what is expected of them, from the accountable top to the staff executing the day to day operations. You need to know what to do when things go wrong. You need to know your suppliers, especially those who supply services to your critical business services. You need to test your defenses and your IT. You may want to share intelligence around cyber-attacks.

    There, all of the 45 business-relevant DORA articles and technical standards in a single paragraph. The remaining articles deal with the competent authorities and make for good reading as they provide some insights into the workings of the regulatory body. The same goes for the preamble of the law. No less than 104 “musings” that elaborate on the operating environment and intent of the law.

    If you’re firm is still in the thick of things trying to become compliant, you are not alone. I have seen at least one regulator indicating that they will be understanding of that situation, but you must have a clear roadmap to compliance in the near future. Your regulator may or may not be in line with that position. In the eastern-most countries of the EU, signals are that the regulator will take a much tougher stance.

    (This kind of negates one of the musings of the law; the need for a single view on what financial services firms must adhere to to be considered compliant and resilient. But I think this is an unavoidable byproduct of having culturally diverse member states.)

    I dare to say that firms typically have the governance in place as well as the IM processes and testing requirements. The biggest open items seem to be in the actual IT hard operational resilience, monitoring and BCM.

    Take a look at your own firm and make an honest assessment in those areas. They key resilience (DORA-related or not) is knowing how your service works and is performing from a client perspective.

    You need to know how a client achieves all their interaction goals with your company. Typically this is mapped in the client journey. Unfortunately, this usually only maps the business flow, not the technical flow. And usually you look at it from the client UX perspective. This is obviously very important, but it does not help you to understand the elements that ensure you that your clients can always complete that journey.

    The other day, I had a customer journey with an online ski-shop. I had bought two ski helmets in size M, the same size my adult son and I had. When the helmets arrived it turned out they were too small. So, ok, no worries, I start the return process online. Once we complete the initial steps, after a few days I notice that the price for only one helmet is shown on the site. This, despite the indicators that both helmets are approved to be returned. Later both helmets are shown as effectively returned. Refund still shows one helmet’s price. What gives? I give it some more time, but after ten days, I decide to enquire. The site still shows refund for one helmet.

    Then I receive an email that both helmets will be refunded as they accepted the state of the helmets (unused) and amount of the refund is now correct. Site still shows the wrong amount.

    This is obviously a small inconvenience, but it does show that the IT team does not have a full view of the entire customer journey and systems interactions. You need to fix this.

    Suppose this is not about two ski helmets, but about ski or home insurance. Or about the sale of a car or a B2B transaction involving tens or hundreds of thousands of dollars or euro, or any other currency? Does your system show the real-time correct status of the transaction? If not, I would, as a consumer, decide to change provider. Why? Because the trust is gone.

    Resilience is about withstanding events that threaten your service to your clients. Events are nit just earthquakes or floods. Events are also wrong or missing information. To protect against that, you need to know what the (value) chain is that leads to you providing that service. Additionally, you need to know if that service chain has any impediments at any moment in time. Aka, you need to know that any service request can be fulfilled at any given time. And to have the right processes and resources in place to fix whatever is not working at that time.

    And that is in my opinion the biggest task still outstanding with many companies to ensure true resilience and customer service.

    Build a Software Quality Assurance Program

    • Buy Link or Shortcode: {j2store}284|cart{/j2store}
    • member rating overall impact (scale of 10): 9.6/10 Overall Impact
    • member rating average dollars saved: $20,972 Average $ Saved
    • member rating average days saved: 14 Average Days Saved
    • Parent Category Name: Testing, Deployment & QA
    • Parent Category Link: /testing-deployment-and-qa
    • Today’s rapidly scaling and increasingly complex products create mounting pressure on delivery teams to release new systems and changes quickly and with sufficient quality.
    • Many organizations lack the critical capabilities and resources needed to satisfy their growing testing backlog, risking product success.

    Our Advice

    Critical Insight

    • Testing is often viewed as a support capability rather than an enabler of business growth. It receives focus and investment only when it becomes a visible problem.
    • The rise in security risks, aggressive performance standards, constantly evolving priorities, and misunderstood quality policies further complicate QA as it drives higher expectations for effective practices.
    • QA starts with good requirements. Tests are only as valuable as the requirements they are validating and verifying. Early QA improves the accuracy of downstream tests and reduces costs of fixing defects late in delivery.
    • Quality is an organization-wide accountability. Upstream work can have extensive ramifications if all roles are not accountable for the decisions they make.
    • Quality must account for both business and technical requirements. Valuable change delivery is cemented in a clear understanding of quality from both business and IT perspectives.

    Impact and Result

    • Standardize your definition of a product. Come to an organizational agreement of what attributes define a high-quality product. Accommodate both business and IT perspectives in your definition.
    • Clarify the role of QA throughout your delivery pipeline. Indicate where and how QA is involved throughout product delivery. Instill quality-first thinking in each stage of your pipeline to catch defects and issues early.
    • Structure your test design, planning, execution, and communication practices to better support your quality definition and business and IT environments and priorities. Adopt QA good practices to ensure your tests satisfy your criteria for a high-quality and successful product.

    Build a Software Quality Assurance Program Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a strong foundation for quality, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define your QA process

    Standardize your product quality definition and your QA roles, processes, and guidelines according to your business and IT priorities.

    • Build a Strong Foundation for Quality – Phase 1: Define Your QA Process
    • Test Strategy Template

    2. Adopt QA good practices

    Build a solid set of good practices to define your defect tolerances, recognize the appropriate test coverage, and communicate your test results.

    • Build a Strong Foundation for Quality – Phase 2: Adopt QA Good Practices
    • Test Plan Template
    • Test Case Template
    [infographic]

    Workshop: Build a Software Quality Assurance Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Your QA Process

    The Purpose

    Discuss your quality definition and how quality is interpreted from both business and IT perspectives.

    Review your case for strengthening your QA practice.

    Review the standardization of QA roles, processes, and guidelines in your organization.

    Key Benefits Achieved

    Grounded understanding of quality that is accepted across IT and between the business and IT.

    Clear QA roles and responsibilities.

    A repeatable QA process that is applicable across the delivery pipeline.

    Activities

    1.1 List your QA objectives and metrics.

    1.2 Adopt your foundational QA process.

    Outputs

    Quality definition and QA objectives and metrics.

    QA guiding principles, process, and roles and responsibilities.

    2 Adopt QA Good Practices

    The Purpose

    Discuss the practices to reveal the sufficient degree of test coverage to meet your acceptance criteria, defect tolerance, and quality definition.

    Review the technologies and tools to support the execution and reporting of your tests.

    Key Benefits Achieved

    QA practices aligned to industry good practices supporting your quality definition.

    Defect tolerance and acceptance criteria defined against stakeholder priorities.

    Identification of test scenarios to meet test coverage expectations.

    Activities

    2.1 Define your defect tolerance.

    2.2 Model and prioritize your tests.

    2.3 Develop and execute your QA activities.

    2.4 Communicate your QA activities.

    Outputs

    Defect tolerance levels and courses of action.

    List of test cases and scenarios that meet test coverage expectations.

    Defined test types, environment and data requirements, and testing toolchain.

    Test dashboard and communication flow.

    Get the Most Out of Your SAP

    • Buy Link or Shortcode: {j2store}240|cart{/j2store}
    • member rating overall impact (scale of 10): 9.7/10 Overall Impact
    • member rating average dollars saved: $6,499 Average $ Saved
    • member rating average days saved: 11 Average Days Saved
    • Parent Category Name: Optimization
    • Parent Category Link: /optimization
    • SAP systems are changed rarely and changing them has significant impact on an organization.
    • Research shows that even newly installed systems often fail to realize their full potential benefit to the organization.
    • Business process improvement is rarely someone’s day job.

    Our Advice

    Critical Insight

    A properly optimized SAP business process will reduce costs and increase productivity.

    Impact and Result

    • Build an ongoing optimization team to conduct application improvements.
    • Assess your SAP application(s) and the environment in which they exist. Take a business first strategy to prioritize optimization efforts.
    • Validate SAP capabilities, user satisfaction, issues around data, vendor management, and costs to build out an optimization strategy.
    • Pull this all together to develop a prioritized optimization roadmap.

    Get the Most Out of Your SAP Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Get the Most Out of Your SAP Storyboard – A guide to optimize your SAP.

    SAP is a core tool that the business leverages to accomplish its goals. Use this blueprint to strategically re-align business goals, identify business application capabilities, complete a process assessment, evaluate user adoption, and create an optimization plan that will drive a cohesive technology strategy that delivers results.

    • Get the Most Out of Your SAP – Phases 1-4

    2. Get the Most Out of Your SAP Workbook – A tool to document and assist with optimizing your SAP.

    The Get the Most out of Your SAP Workbook serves as the holding document for the different elements for the Get the Most out of Your SAP blueprint. Use each assigned tab to input the relevant information for the process of optimizing your SAP.

    • Get the Most Out of Your SAP Workbook

    Infographic

    Workshop: Get the Most Out of Your SAP

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Your SAP Application Vision

    The Purpose

    Get the most out of your SAP.

    Key Benefits Achieved

    Develop an ongoing SAP optimization team.

    Re-align SAP and business goals.

    Understand your current system state capabilities and processes.

    Validate user satisfaction, application fit, and areas of improvement to optimize your SAP.

    Take a 360-degree inventory of your SAP and related systems.

    Realign business and technology drivers. Assess user satisfaction.

    Review the SAP marketplace.

    Complete a thorough examination of capabilities and processes.

    Manage your vendors and data.

    Pull this all together to prioritize optimization efforts and develop a concrete roadmap.

    Activities

    1.1 Determine your SAP optimization team.

    1.2 Align organizational goals.

    1.3 Inventory applications and interactions.

    1.4 Define business capabilities.

    1.5 Explore SAP-related costs.

    Outputs

    SAP optimization team

    SAP business model

    SAP optimization goals

    SAP system inventory and data flow

    SAP process list

    SAP and related costs

    2 Map Current-State Capabilities

    The Purpose

    Map current-state capabilities.

    Key Benefits Achieved

    Complete an SAP process gap analysis to understand where the SAP is underperforming.

    Review the SAP application portfolio assessment to understand user satisfaction and data concerns.

    Undertake a software review survey to understand your satisfaction with the vendor and product.

    Activities

    2.1 Conduct gap analysis for SAP processes.

    2.2 Perform an application portfolio assessment.

    2.3 Review vendor satisfaction.

    Outputs

    SAP process gap analysis

    SAP application portfolio assessment

    ERP software reviews survey

    3 Assess SAP

    The Purpose

    Assess SAP.

    Key Benefits Achieved

    Learn the processes that you need to focus on.

    Uncover underlying user satisfaction issues to address these areas.

    Understand where data issues are occurring so that you can mitigate this.

    Investigate your relationship with the vendor and product, including that relative to others.

    Identify any areas for cost optimization (optional).

    Activities

    3.1 Explore process gaps.

    3.2 Analyze user satisfaction.

    3.3 Assess data quality.

    3.4 Understand product satisfaction and vendor management.

    3.5 Look for SAP cost optimization opportunities (optional).

    Outputs

    SAP process optimization priorities

    SAP vendor optimization opportunities

    SAP cost optimization

    4 Build the Optimization Roadmap

    The Purpose

    Build the optimization roadmap.

    Key Benefits Achieved

    Understanding where you need to improve is the first step, now understand where to focus your optimization efforts.

    Activities

    4.1 SAP process gap analysis

    4.2 SAP application portfolio assessment

    4.3 SAP software reviews survey

    Outputs

    ERP optimization roadmap

    Further reading

    Get the Most Out of Your SAP

    In today’s connected world, the continuous optimization of enterprise applications to realize your digital strategy is key.

    EXECUTIVE BRIEF

    Analyst Perspective

    Focus optimization on organizational value delivery.

    The image contains a picture of Chad Shortridge.

    Chad Shortridge

    Senior Research Director, Enterprise Applications

    Info-Tech Research Group

    The image contains a picture of Lisa Highfield.

    Lisa Highfield

    Research Director, Enterprise Applications

    Info-Tech Research Group

    Enterprise resource planning (ERP) is a core tool that the business leverages to accomplish its goals. An ERP that is doing its job well is invisible to the business. The challenges come when the tool is no longer invisible. It has become a source of friction in the functioning of the business.

    SAP systems are expensive, benefits can be difficult to quantify, and issues with the products can be difficult to understand. Over time, technology evolves, organizational goals change, and the health of these systems is often not monitored. This is complicated in today’s digital landscape with multiple integrations points, siloed data, and competing priorities.

    Too often organizations jump into selecting replacement systems without understanding the health of their systems. We can do better than this.

    IT leaders need to take a proactive approach to continually monitor and optimize their enterprise applications. Strategically re-align business goals, identify business application capabilities, complete a process assessment, evaluate user adoption, and create an optimization plan that will drive a cohesive technology strategy that delivers results.

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    Your SAP ERP systems are critical to supporting the organization’s business processes. They are expensive. Direct benefits and ROI can be hard to measure.

    SAP application portfolios are often behemoths to support. With complex integration points and unique business processes, stabilization is the norm.

    Application optimization is essential to staying competitive and productive in today’s digital environment.

    Balancing optimization with stabilization is one of the most difficult decisions for ERP application leaders.

    Competing priorities and often unclear ERP strategies make it difficult to make decisions about what, how, and when to optimize.

    Enterprise applications involve large numbers of processes, users, and evolving vendor roadmaps.

    Teams do not have a framework to illustrate, communicate, and justify the optimization effort in the language your stakeholders understand.

    In today’s rapidly changing SAP landscape it is imperative to evaluate your applications for optimization, no matter what your strategy is moving forward.

    Assess your SAP applications and the environment in which they exist. Take a business-first strategy to prioritize optimization efforts.

    Validate ERP capabilities, user satisfaction, issues around data, vendor management, and costs to build out an overall roadmap and optimization strategy.

    Pull this all together to prioritize optimization efforts and develop a concrete roadmap.

    Info-Tech Insight

    SAP ERP environments are changing, but we cannot stand still on our optimization efforts. Understand your product(s), processes, user satisfaction, integration points, and the availability of data to business decision makers. Examine these areas to develop a personalized SAP optimization roadmap that fits the needs of your organization. Incorporate these methodologies into an ongoing optimization strategy aimed at enabling the business, increasing productivity, and reducing costs.

    The image contains an Info-Tech Thought model on get the most out of your ERP.

    Insight summary

    Continuous assessment and optimization of your SAP ERP systems is critical to the success of your organization.

    • Applications and the environments in which they live are constantly evolving.
    • This blueprint provides business and application managers with a method to complete a health assessment of their ERP systems to identify areas for improvement and optimization.
    • Put optimization practices into effect by:
      • Aligning and prioritizing key business and technology drivers.
      • Identifying ERP process classification and performing a gap analysis.
      • Measuring user satisfaction across key departments.
      • Evaluating vendor relations.
      • Understanding how data plays into the mix.
      • Pulling it all together into an optimization roadmap.

    SAP enterprise resource planning (ERP) systems facilitate the flow of information across business units. It allows for the seamless integration of systems and creates a holistic view of the enterprise to support decision making. In many organizations, the SAP system is considered the lifeblood of the enterprise. Problems with this key operational system will have a dramatic impact on the ability of the enterprise to survive and grow. ERP implementation should not be a one-and-done exercise. There needs to be ongoing optimization to enable business processes and optimal organizational results.

    SAP enterprise resource planning (ERP)

    The image contains a diagram of the SAP enterprise resource planning. The diagram includes a circle with smaller circles all around it. The inside of the circle contains SAP logos. The circles around the big circle are labelled: Human Resources Management, Sales, Marketing, Customer Service, Asset Management, Logistics, Supply Chain Management, Manufacturing, R&D and Engineering, and Finance.

    What is SAP?

    SAP ERP systems facilitate the flow of information across business units. They allow for the seamless integration of systems and create a holistic view of the enterprise to support decision making.

    In many organizations, the ERP system is considered the lifeblood of the enterprise. Problems with this key operational system will have a dramatic impact on the ability of the enterprise to survive and grow.

    An ERP system:

    • Automates processes, reducing the amount of manual, routine work.
    • Integrates with core modules, eliminating the fragmentation of systems.
    • Centralizes information for reporting from multiple parts of the value chain to a single point.

    SAP use cases:

    Product-Centric

    Suitable for organizations that manufacture, assemble, distribute, or manage material goods.

    Service-Centric

    Suitable for organizations that provide and manage field services and/or professional services.

    SAP Fast Facts

    Product Description

    • SAP has numerous ERP products. Products can be found under ERP, Finance, Customer Relations and Experience, Supply Chain Management, Human Resources, and Technology Platforms.
    • SAP offers on-premises and cloud solutions for its ERP. In 2011, SAP released the HANA in-memory database. SAP ECC 6.0 reaches the end of life in 2027 (2030 extended support).
    • Many organizations are facing mandatory transformation. This is an excellent opportunity to examine ERP portfolios for optimization opportunities.
    • Now is the time to optimize to ensure you are prepared for the journey ahead.
    The image contains a timeline of the evolution of SAP ERP. The timeline is ordered: SAP R1-R3 1972-1992, SAP ECC 2003-2006, ERP Business Suite 2000+, SAP HANA In-Memory Database 2011, S/4 2015.

    Vendor Description

    • SAP SE was founded in 1972 by five former IBM employees.
    • The organization is focused on enterprise software that integrates all business processes and enables data processing in real-time.
    • SAP stands for Systems, Applications, and Products in Data Processing.
    • SAP offers more than 100 solutions covering all business functions.
    • SAP operates 65 data centers at 35 locations in 16 countries.

    Employees

    105,000

    Headquarters

    Walldorf, Baden-Württemberg, Germany

    Website

    sap.com

    Founded

    1972

    Presence

    Global, Publicly Traded

    SAP by the numbers

    Only 72% of SAP S/4HANA clients were satisfied with the product’s business value in 2022. This was 9th out of 10 in the enterprise resource planning category.

    Source: SoftwareReviews

    As of 2022, 65% of SAP customers have not made the move to S/4HANA. These customers will continue to need to optimize the current ERP to meet the demanding needs of the business.

    Source: Statista

    Organizations will need to continue to support and optimize their SAP ERP portfolios. As of 2022, 42% of ASUG members were planning a move to S/4HANA but had not yet started to move.

    Source: ASUG

    Your challenge

    This research is designed to help organizations who need to:

    • Understand the multiple deployment models and the roadmap to successfully navigate a move to S/4HANA.
    • Build a business case to understand the value behind a move.
    • Map functionality to ensure future compatibility.
    • Understand the process required to commercially navigate a move to S/4HANA.
    • Avoid a costly audit due to missed requirements or SAP whiteboarding sessions.

    HANA used to be primarily viewed as a commercial vehicle to realize legacy license model discounts. Now, however, SAP has built a roadmap to migrate all customers over to S/4HANA. While timelines may be delayed, the inevitable move is coming.

    30-35% of SAP customers likely have underutilized assets. This can add up to millions in unused software and maintenance.

    – Upperedge

    SAP challenges and dissatisfaction

    Drivers of Dissatisfaction

    Organizational

    People and teams

    Technology

    Data

    Competing priorities

    Knowledgeable staff/turnover

    Integration issues

    Access to data

    Lack of strategy

    Lack of internal skills

    Selecting tools and technology

    Data hygiene

    Budget challenges

    Ability to manage new products

    Keeping pace with technology changes

    Data literacy

    Lack of training

    Update challenges

    One view of the customer

    Finance, IT, Sales, and other users of the ERP system can only optimize ERP with the full support of each other. The cooperation of the departments is crucial when trying to improve ERP technology capabilities and customer interaction.

    Info-Tech Insight

    While technology is the key enabler of building strong customer experiences, there are many other drivers of dissatisfaction. IT must stand shoulder-to-shoulder with the business to develop a technology framework for ERP.

    Where are applications leaders focusing?

    Big growth numbers

    Year-over-year call topic requests

    Other changes

    Year-over-year call topic requests

    The image contains a graph to demonstrate year-over-year call topic requests. Year 1 has 79%, Year 2 76%, Year 3 65% requests, and Year 4 has 124% requests. The image contains a graph to demonstrate other changes in year-over-year call topic requests. Year 1 has -25%, Year 2 has 4%, and Year 3 has 13%.

    We are seeing applications leaders’ priorities change year over year, driven by a shift in their approach to problem solving. Leaders are moving from a process-centric approach to a collaborative approach that breaks down boundaries and brings teams together.

    Software development lifecycle topics are tactical point solutions. Organizations have been “shifting left” to tackle the strategic issues such as product vision and Agile mindset to optimize the whole organization.

    The S/4HANA journey

    Optimization can play a role in your transition to S/4HANA.

    • The business does not stop. Satisfy ongoing needs for business enablement.
    • Build out a collaborative SAP optimization team across the business and IT.
    • Engage the business to understand requirements.
    • Discover applications and processes.
    • Explore current-state capabilities and future-state needs.
    • Evaluate optimization opportunities. Are there short-term wins? What are the long-term goals?
    • Navigate the path to S/4HANA and develop some timelines and stage gates.
    • Set your course and optimization roadmap.
    • Capitalize on the methodologies for an ongoing optimization effort that can be continued after the S/4HANA go-live date.

    Many organizations may be coming up against changes to their SAP ERP application portfolio.

    Some challenges organizations may be dealing with include:

    • Heavily customized instances
    • Large volumes of data
    • Lack of documentation
    • Outdated business processes
    • Looming end of life

    Application optimization is risky without a plan

    Avoid these common pitfalls:

    • Not pursuing optimization because you are migrating to S/4HANA.
    • Not considering how this plays into the short-, medium-, and long-term ERP strategy.
    • Not considering application optimization as a business and IT partnership, which requires the continuous formal engagement of all participants.
    • Not having a good understanding of your current state, including integration points and data.
    • Not adequately accommodating feedback and changes after digital applications are deployed and employed.
    • Not treating digital applications as a motivator for potential future IT optimization efforts and incorporating digital assets in strategic business planning.
    • Not involving department leads, management, and other subject-matter experts to facilitate the organizational change digital applications bring.

    “[A] successful application [optimization] strategy starts with the business need in mind and not from a technological point of view. No matter from which angle you look at it, modernizing a legacy application is a considerable undertaking that can’t be taken lightly. Your best approach is to begin the journey with baby steps.”

    – Medium

    Info-Tech’s methodology for getting the most out of your ERP

    1. Map Current-State Capabilities

    2. Assess Your Current State

    3. Identify Key Optimization Areas

    4. Build Your Optimization Roadmap

    Phase Steps

    1. Identify stakeholders and build your SAP optimization team.
    2. Build an SAP strategy model.
    3. Inventory current system state.
    4. Define business capabilities.
    1. Conduct a gap analysis for ERP processes.
    2. Assess user satisfaction.
    3. Review your satisfaction with the vendor and product.
    1. Identify key optimization areas.
    2. Evaluate product sustainability over the short, medium, and long term.
    3. Identify any product changes anticipated over short, medium, and long term.
    1. Prioritize optimization opportunities.
    2. Identify key optimization areas.
    3. Compile optimization assessment results.

    Phase Outcomes

    1. Stakeholder map
    2. SAP optimization team
    3. SAP business model
    4. Strategy alignment
    5. Systems inventory and diagram
    6. Business capabilities map
    7. Key SAP processes list
    1. Gap analysis for SAP-related processes
    2. Understanding of user satisfaction across applications and processes
    3. Insight into SAP data quality
    4. Quantified satisfaction with the vendor and product
    5. Understanding SAP costs
    1. List of SAP optimization opportunities
    1. SAP optimization roadmap

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Get the Most Out of Your SAP Workbook

    Identify and prioritize your SAP optimization goals.

    The image contains screenshots of the SAP Workbook.

    Application Portfolio Assessment

    Assess IT-enabled user satisfaction across your SAP portfolio.

    The image contains a screenshot of the Application Portfolio Assessment.

    Key deliverable:

    The image contains a screenshot of the SAP Organization Roadmap.

    SAP Optimization Roadmap

    Complete an assessment of processes, user satisfaction, data quality, and vendor management.

    The image contains screenshots further demonstrating SAP deliverables.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.

    Guided Implementation

    Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.

    Workshop

    We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.

    Consulting

    Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Phase 3 Phase 4

    Call #1: Scope requirements, objectives, and your specific challenge.

    Call #2:

    • Build the SAP team.
    • Align organizational goals.

    Call #3:

    • Map current state.
    • Inventory SAP capabilities and processes.
    • Explore SAP-related costs.

    Call #4: Understand product satisfaction and vendor management.

    Call #5: Review APA results.

    Call #6: Understand SAP optimization opportunities.

    Call #7: Determine the right SAP path for your organization.

    Call #8:

    Build out optimization roadmap and next steps.

    A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is 8 to 12 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com1-888-670-8889

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Define Your SAP Application Vision

    Map Current State

    Assess SAP

    Build Your Optimization Roadmap

    Next Steps and Wrap-Up (offsite)

    Activities

    1.1 Identify Stakeholders and Build Your Optimization Team

    1.2 Build an SAP Strategy Model

    1.3 Inventory Current System State

    1.4 Define Optimization Timeframe

    1.5 Understand SAP Costs

    2.1 Assess SAP Capabilities

    2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

    3.1 Prioritize Optimization Opportunities

    3.2 Discover Optimization Initiatives

    4.1 Build Your Optimization Roadmap

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    1. SAP optimization team
    2. SAP business model
    3. SAP optimization goals
    4. System inventory and data flow
    5. Application and business capabilities list
    6. SAP optimization timeline
    1. SAP capability gap analysis
    2. SAP user satisfaction (application portfolio assessment)
    3. SAP SoftwareReviews survey results
    4. SAP current costs
    1. Product and vendor satisfaction opportunities
    2. Capability and feature optimization opportunities
    3. Process optimization opportunities
    4. Integration optimization opportunities
    5. Data optimization opportunities
    6. SAP cost-saving opportunities
    1. SAP optimization roadmap

    Phase 1

    Map Current-State Capabilities

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    1.1 Identify Stakeholders and Build Your Optimization Team

    1.2 Build an SAP Strategy Model

    1.3 Inventory Current System State

    1.4 Define Optimization Timeframe

    1.5 Understand SAP Costs

    2.1 Assess SAP Capabilities

    2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

    3.1 Prioritize Optimization Opportunities

    3.2 Discover Optimization Initiatives

    4.1 Build Your Optimization Roadmap

    This phase will guide you through the following activities:

    • Align your organizational goals
    • Gain a firm understanding of your current state
    • Inventory ERP and related applications
    • Confirm the organization’s capabilities

    This phase involves the following participants:

    • CFO
    • Department Leads – Finance, Procurement, Asset Management
    • Applications Director
    • Senior Business Analyst
    • Senior Developer
    • Procurement Analysts

    Step 1.1

    Identify Stakeholders and Build Your Optimization Team

    Activities

    1.1.1 Identify stakeholders critical to success

    1.1.2 Map your SAP optimization stakeholders

    1.1.3 Determine your SAP optimization team

    This step will guide you through the following activities:

    • Identify ERP drivers and objectives
    • Explore ERP challenges and pain points
    • Discover ERP benefits and opportunities
    • Align the ERP foundation with the corporate strategy

    This step involves the following participants:

    • Stakeholders
    • Project sponsors and leaders

    Outcomes of this step

    • Stakeholder map
    • SAP Optimization Team

    ERP optimization stakeholders

    • Understand the roles necessary to get the most out of your SAP.
    • Understand the role of each player within your project structure. Look for listed participants on the activities slides to determine when each player should be involved.

    Title

    Role Within the Project Structure

    Organizational Sponsor

    • Owns the project at the management/C-suite level
    • Responsible for breaking down barriers and ensuring alignment with your organizational strategy
    • CIO, CFO, COO, or similar

    Project Manager

    • The IT individual(s) that oversee day-to-day project operations
    • Responsible for preparing and managing the project plan and monitoring the project team’s progress
    • Applications Manager or other IT Manager, Business Analyst, Business Process Owner, or similar

    Business Unit Leaders

    • Works alongside the IT Project Manager to ensure the strategy is aligned with business needs
    • In this case, likely to be a marketing, sales, or customer service lead
    • Sales Director, Marketing Director, Customer Care Director, or similar

    Optimization Team

    • Comprised of individuals whose knowledge and skills are crucial to project success
    • Responsible for driving day-to-day activities, coordinating communication, and making process and design decisions; can assist with persona and scenario development for ERP
    • Project Manager, Business Lead, ERP Manager, Integration Manager, Application SMEs, Developers, Business Process Architects, and/or similar SMEs

    Steering Committee

    • Comprised of the C-suite/management-level individuals that act as the project’s decision makers
    • Responsible for validating goals and priorities, defining the project scope, enabling adequate resourcing, and managing change
    • Project Sponsor, Project Manager, Business Lead, CFO, Business Unit SMEs, or similar

    Info-Tech Insight

    Do not limit project input or participation. Include subject-matter experts and internal stakeholders at stages within the project. Such inputs can be solicited on a one-off basis as needed. This ensures you take a holistic approach to create your ERP optimization strategy.

    1.1.1 Identify SAP optimization stakeholders

    1 hour

    1. Hold a meeting to identify the SAP optimization stakeholders.
    2. Use next slide as a guide.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot from the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    Understand how to navigate the complex web of stakeholders in ERP

    Identify which stakeholders to include and what their level of involvement should be during requirements elicitation based on relevant topic expertise.

    Sponsor

    End User

    IT

    Business

    Description

    An internal stakeholder who has final sign-off on the ERP project.

    Front-line users of the ERP technology.

    Back-end support staff who are tasked with project planning, execution, and eventual system maintenance.

    Additional stakeholders that will be impacted by any ERP technology changes.

    Examples

    • CEO
    • CIO/CTO
    • COO
    • CFO
    • Warehouse personnel
    • Sales teams
    • HR admins
    • Applications manager
    • Vendor relationship manager(s)
    • Director, Procurement
    • VP, Marketing
    • Manager, HR

    Value

    Executive buy-in and support is essential to the success of the project. Often, the sponsor controls funding and resource allocation.

    End users determine the success of the system through user adoption. If the end user does not adopt the system, the system is deemed useless and benefits realization is poor.

    IT is likely to be responsible for more in-depth requirements gathering. IT possesses critical knowledge around system compatibility, integration, and data.

    Involving business stakeholders in the requirements gathering will ensure alignment between HR and organizational objectives.

    Large-scale ERP projects require the involvement of many stakeholders from all corners and levels of the organization, including project sponsors, IT, end users, and business stakeholders. Consider the influence and interest of stakeholders in contributing to the requirements elicitation process and involve them accordingly.

    EXAMPLE: Stakeholder involvement during selection

    The image contains an example of stakeholder involvement during selection. The graph is comparing influence and interest. In the lowest section of both influence and interest, it is labelled Monitor. With low interest but high influence that is labelled Keep Satisfied. In low influence but high interest it is labelled Keep Informed. The section that is high in both interest and influence that is labelled Involve closely.

    Activity 1.1.2 Map your SAP optimization stakeholders

    1 hour

    1. Use the list of SAP optimization stakeholders.
    2. Map each stakeholder on the quadrant based on their expected influence and involvement in the project.
    3. [Optional] Color code the users using the scale below to quickly identify the group that the stakeholder belongs to.

    The image contains an example of a colour scheme. Sponsor is coloured blue, End user is purple, IT is yellow, and Business is light blue.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of an example map on organization's stakeholders.

    Download the Get the Most Out of Your SAP Workbook

    Map the organization’s stakeholders

    The image contains a larger version of the image from the previous slide where there is a graph comparing influence and involvement and has a list of stakeholders in a legend on the side.

    The SAP optimization team

    Consider the core team functions when putting together the project team. Form a cross-functional team (i.e. across IT, Marketing, Sales, Service, Operations) to create a well-aligned ERP optimization strategy. Don’t let your project team become too large when trying to include all relevant stakeholders. Carefully limiting the size of the project team will enable effective decision making while still including functional business units such as Marketing, Sales, Service, and Finance as well as IT.

    Required Skills/Knowledge

    Suggested Project Team Members

    Business

    • Department leads
    • Business process leads
    • Business analysts
    • Subject matter experts
    • SMEs/Business process leads –All functional areas; example: Strategy, Sales, Marketing, Customer Service, Finance, HR

    IT

    • Application development
    • Enterprise integration
    • Business processes
    • Data management
    • Product owner
    • ERP application manager
    • Business process manager
    • Integration manager
    • Application developer
    • Data stewards

    Other

    • Operations
    • Administrative
    • Change management
    • COO
    • CFO
    • Change management officer

    1.1.3 Determine your SAP optimization team

    1 hour

    1. Have the project manager and other key stakeholders discuss and determine who will be involved in the SAP optimization project.
    • The size of the team will depend on the initiative and size of your organization.
    • Key business leaders in key areas and IT representatives should be involved.

    Note: Depending on your initiative and the size of your organization, the size of this team will vary.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of the section ERP Optimization Team in the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    Step 1.2

    Build an SAP Strategy Model

    Activities

    1.2.1 Explore environmental factors and technology drivers

    1.2.2 Consider potential barriers and challenges

    1.2.3 Discuss enablers of success

    1.2.4 Develop your SAP optimization goals

    This step will guide you through the following activities:

    • Identify ERP drivers and objectives
    • Explore ERP challenges and pain points
    • Discover ERP benefits and opportunities
    • Align the ERP foundation with the corporate strategy

    This step involves the following participants:

    • SAP Optimization Team

    Outcomes of this step

    • ERP business model
    • Strategy alignment

    Align your SAP strategy with the corporate strategy

    Corporate Strategy

    Unified ERP Strategy

    IT Strategy

    Your corporate strategy:

    • Conveys the current state of the organization and the path it wants to take.
    • Identifies future goals and business aspirations.
    • Communicates the initiatives that are critical for getting the organization from its current state to the desired future state.
    • The ideal ERP strategy is aligned with overarching organizational business goals and with broader IT initiatives.
    • Include all affected business units and departments in these conversations.
    • The ERP optimization can be and should be linked, with metrics, to the corporate strategy and ultimate business objectives

    Your IT strategy:

    • Communicates the organization’s budget and spending on ERP.
    • Identifies IT initiatives that will support the business and key ERP objectives.
    • Outlines staffing and resourcing for ERP initiatives.

    ERP projects are more successful when the management team understands the strategic importance and the criticality of alignment. Time needs to be spent upfront aligning business strategies with ERP capabilities. Effective alignment between IT and the business should happen daily. Alignment doesn’t just need to occur just at the executive level but at each level of the organization.

    ERP Business Model Template

    The image contains a screenshot of a ERP Business Model Template.

    Conduct interviews to elicit the business context

    Stakeholder Interviews

    Begin by conducting interviews of your executive team. Interview the following leaders:

    1. Chief Information Officer
    2. Chief Executive Officer
    3. Chief Financial Officer
    4. Chief Revenue Officer/Sales Leader
    5. Chief Operating Officer/Supply Chain & Logistics Leader
    6. Chief Technology Officer/Chief Product Officer

    INTERVIEWS MUST UNCOVER

    1. Your organization’s top three business goals
    2. Your organization’s top ten business initiatives
    3. Your organization’s mission and vision

    Understand the ERP drivers and organizational objectives

    Business Needs

    Business Drivers

    Technology Drivers

    Environmental Factors

    Definition

    A business need is a requirement associated with a particular business process.

    Business drivers can be thought of as business-level goals. These are tangible benefits the business can measure such as customer retention, operation excellence, and financial performance.

    Technology drivers are technological changes that have created the need for a new ERP enablement strategy. Many organizations turn to technology systems to help them obtain a competitive edge.

    These external considerations are factors that take place outside of the organization and impact the way business is conducted inside the organization. These are often outside the control of the business.

    Examples

    • Audit tracking
    • Authorization levels
    • Business rules
    • Data quality
    • Customer satisfaction
    • Branding
    • Time-to-resolution
    • Deployment model (i.e. SaaS)
    • Integration
    • Reporting capabilities
    • Fragmented technologies
    • Economic and political factors
    • Competitive influencers
    • Compliance regulations

    Info-Tech Insight

    One of the biggest drivers for ERP adoption is the ability to make quicker decisions from timely information. This driver is a result of external considerations. Many industries today are highly competitive, uncertain, and rapidly changing. To succeed under these pressures, there needs to be timely information and visibility into all components of the organization.

    1.2.1 Explore environmental factors and technology drivers

    30 minutes

    1. Identify business drivers that are contributing to the organization’s need for ERP.
    2. Understand how the company is running today and what the organization’s future will look like. Try to identify the purpose for becoming an integrated organization. Use a whiteboard or flip charts and markers to capture key findings.
    3. Consider external considerations, organizational drivers, technology drivers, and key functional requirements.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a diagram on exploring the environmental factors and technology drivers.

    External Considerations

    Organizational Drivers

    Technology Considerations

    Functional Requirements

    • Funding constraints
    • Regulations
    • Compliance
    • Scalability
    • Operational efficiency
    • Data accuracy
    • Data quality
    • Better reporting
    • Information availability
    • Integration between systems
    • Secure data

    Download the Get the Most Out of Your SAP Workbook

    Create a realistic ERP foundation by identifying the challenges and barriers the project will bestow

    There are several different factors that may stifle the success of an ERP implementation. Organizations that are creating an ERP foundation must scan their current environment to identify internal barriers and challenges.

    Common Internal Barriers

    Management Support

    Organizational Culture

    Organizational Structure

    IT Readiness

    Definition

    The degree of understanding and acceptance toward ERP systems.

    The collective shared values and beliefs.

    The functional relationships between people and departments in an organization.

    The degree to which the organization’s people and processes are prepared for a new ERP system.

    Questions

    • Is an ERP project recognized as a top priority?
    • Will management commit time to the project?
    • Are employees resistant to change?
    • Is the organization highly individualized?
    • Is the organization centralized?
    • Is the organization highly formalized?
    • Is there strong technical expertise?
    • Is there strong infrastructure?

    Impact

    • Funding
    • Resources
    • Knowledge sharing
    • User acceptance
    • Flow of knowledge
    • Quality of implementation
    • Need for reliance on consultants

    ERP Business Model

    Organizational Goals

    Enablers

    Barriers

    • Efficiency
    • Effectiveness
    • Integrity
    • One source of truth for data
    • One team
    • Customer service, external and internal
    • Cross-trained employees
    • Desire to focus on value-add activities
    • Collaborative
    • Top-level executive support
    • Effective change management process
    • Organizational silos
    • Lack of formal process documentation
    • Funding availability
    • What goes first? Organizational priorities

    What does success look like?

    Top 15 critical success factors for ERP system implementation

    The image contains a graph that demonstrates the top 15 critical success factors for ERP system implementation. The top 15 are: Top management support and commitment, Interdepartmental communication and cooperations throughout the institution, Commitment to business process re-engineering to do away with redundant processes, Implementation project management from initiation to closing, Change management program to ensure awareness and readiness for possible changes, Project team competence, Education and training for stakeholders, Project champion to lead implementation, Project mission and goals for the system with clear objectives agreed upon, ERP expert consultant use to guide the implementation process, Minimum level of customization to use ERP functionalities to maximum, Package selection, Understanding the institutional culture, Use involvement and participation throughout implementation, ERP vendor support and partnership.

    Source: Epizitone and Olugbara, 2020; CC BY 4.0

    Info-Tech Insight

    Complement your ability to deliver on your critical success factors with the capabilities of your implementation partner to drive a successful ERP implementation.

    “Implementation partners can play an important role in successful ERP implementations. They can work across the organizational departments and layers creating a synergy and a communications mechanism.” – Ayogeboh Epizitone, Durban University of Technology

    1.2.2 Consider potential barriers and challenges

    1-3 hours

    • Open tab “1.2 Strategy & Goals,” in the Get the Most Out of Your SAP Workbook.
    • Identify barriers to ERP optimization success.
    • Review the ERP critical success factors and how they relate to your optimization efforts.
    • Discuss potential barriers to successful ERP optimization.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains the same diagram as shown previously, where it demonstrated the environmental factors in relation to the ERP strategy. The same diagram is used and highlights the barriers section.

    Functional Gaps

    Technical Gaps

    Process Gaps

    Barriers to Success

    • No online purchase order for requisitions
    • Inconsistent reporting – data quality concerns
    • Duplication of data
    • Lack of system integration
    • Cultural mindset
    • Resistance to change
    • Lack of training
    • Funding

    Download the Get the Most Out of Your SAP Workbook

    1.2.3 Discuss enablers of success

    1-3 hours

    1. Open tab “1.2 Strategy & Goals,” in the Get the Most Out of Your SAP Workbook.
    2. Identify barriers to ERP optimization success.
    3. Review the ERP critical success factors and how they relate to your optimization efforts.
    4. Discuss potential barriers to successful ERP optimization.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains the same diagram as shown previously, where it demonstrated the environmental factors in relation to the ERP strategy. The same diagram is used and highlights the enablers and organizational goals sections.

    Business Benefits

    IT Benefits

    Organizational Benefits

    Enablers of Success

    • Business-IT alignment
    • Compliance
    • Scalability
    • Operational efficiency
    • Data accuracy
    • Data quality
    • Better reporting
    • Change management
    • Training
    • Alignment with strategic objectives

    Download the Get the Most Out of Your SAP Workbook

    The Business Value Matrix

    Rationalizing and quantifying the value of SAP

    Benefits can be realized internally and externally to the organization or department and have different drivers of value.

    • Financial benefits refer to the degree to which the value source can be measured through monetary metrics and are often quite tangible.
    • Human benefits refer to how an application can deliver value through a user’s experience.
    • Inward refers to value sources that have an internal impact and improve your organization’s effectiveness and efficiency in performing its operations.
    • Outward refers to value sources that come from your interaction with external factors, such as the market or your customers.

    Organizational Goals

    • Increased Revenue
    • Application functions that are specifically related to the impact on your organization’s ability to generate revenue and deliver value to your customers.

    • Reduced Costs
    • Reduction of overhead. The ways in which an application limits the operational costs of business functions.

    • Enhanced Services
    • Functions that enable business capabilities that improve the organization’s ability to perform its internal operations.

    • Reach Customers
    • Application functions that enable and improve the interaction with customers or produce market information and insights.

    Business Value Matrix

    The image contains a screenshot of a Business Value Matrix. It includes: Reach Customers, Increase Revenue or Deliver Value, Reduce Costs, and Enhance Services.

    Link SAP capabilities to organizational value

    The image contains screenshots that demonstrate linking SAP capabilities to organizational value.

    1.2.4 Define your SAP optimization goals

    30 minutes

    1. Discuss the ERP business model and ERP critical success factors.
    2. Through the lens of corporate goals and objectives think about supporting ERP technology. How can the ERP system bring value to the organization? What are the top things that will make this initiative a success?
    3. Develop five to ten optimization goals that will form the basis for the success of this initiative.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains an example of the activity describe above on defining your SAP optimization goals.

    Download the Get the Most Out of Your SAP Workbook

    Step 1.3

    Inventory Current System State

    Activities

    1.3.1 Inventory SAP applications and interactions

    1.3.2 Draw your SAP system diagram

    1.3.3 Inventory your SAP modules and business capabilities (or business processes)

    1.3.4 Define your key SAP optimization modules and business capabilities

    This step will guide you through the following activities:

    • Inventory of applications
    • Mapping interactions between systems

    This step involves the following participants:

    • SAP Optimization Team
    • Enterprise Architect
    • Data Architect

    Outcomes of this step

    • Systems inventory
    • Systems diagram

    1.3.1 Inventory SAP applications and interfaces

    1-3+ hours

    1. Enter your SAP systems, SAP extended applications, and integrated applications within scope.
    2. Include any abbreviated names or nicknames.
    3. List the application type or main function.
    4. List the modules the organization has licensed.
    5. List any integrations.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of the SAP application inventory.

    Download the Get the Most Out of Your SAP Workbook

    ERP Data Flow

    The image contains an example ERP Data Flow with a legend.

    Be sure to include enterprise applications that are not included in the ERP application portfolio. Popular systems to consider for POIs include billing, directory services, content management, and collaboration tools.

    ERP – enterprise resource planning

    Email – email system such as Microsoft Exchange

    Calendar – calendar system such as Microsoft Outlook

    WEM – web experience management

    ECM – enterprise content management

    When assessing the current application portfolio that supports your ERP, the tendency will be to focus on the applications under the ERP umbrella. These relate mostly to marketing, sales, and customer service. Be sure to include systems that act as input to, or benefit due to outputs from, ERP or similar applications.

    1.3.2 Draw your SAP system diagram

    1-3+ hours

    1. From the SAP application inventory, diagram your network.
    2. Include:

    • Any internal or external systems
    • Integration points
    • Data flow

    The image contains a screenshot of the example ERP Systems Diagram.

    Download the Get the Most Out of Your SAP Workbook

    Sample SAP and integrations map

    The image contains a screenshot of a sample SAP and integrations map.

    Business capability map (Level 0)

    The image contains a screenshot of the business capability map, level 0. The capability map includes: Products and Services Development, Revenue Generation, Demand Fulfillment, and Enterprise Management and Planning.

    In business architecture, the primary view of an organization is known as a business capability map. A business capability defines what a business does to enable value creation, rather than how.

    Business capabilities:

    • Represent stable business functions.
    • Are unique and independent of each other.
    • Will typically have a defined business outcome.

    A business capability map provides details that help the business architecture practitioner direct attention to a specific area of the business for further assessment.

    ERP process mapping

    The image contains screenshots to demonstrate the ERP process mapping. One of the screenshots is of the business capability map, level 0, the second screenshot contains the objectives , value streams, capabilities, and processes. The third image contains a screenshot of the SAP screenshot with the circles around it as previously shown.

    The operating model

    An operating model is a framework that drives operating decisions. It helps to set the parameters for the scope of ERP and the processes that will be supported. The operating model will serve to group core operational processes. These groupings represent a set of interrelated, consecutive processes aimed at generating a common output. From your developed processes and your SAP license agreements you will be able to pinpoint the scope for investigation including the processes and modules.

    APQC Framework

    Help define your inventory of sales, marketing, and customer services processes.

    Operating Processes

    1. Develop vision and strategy 2. Develop and manage products and services 3. Market and sell products and services 4. Deliver physical products 5. Deliver services

    Management and Support Processes

    6.Manage customer service

    7. Develop and manage human capital

    8. Manage IT

    9. Manage financial resources

    10. Acquire, construct, and manage assets

    11. Manage enterprise risk, compliance, remediation, and resiliency

    12. Manage external relationships

    13. Develop and manage business capabilities

    Source: APQC

    If you do not have a documented process model, you can use the APQC Framework to help define your inventory of sales business processes. APQC’s Process Classification Framework is a taxonomy of cross-functional business processes intended to allow the objective comparison of organizational performance within and among organizations.

    APQC’s Process Classification Framework

    The value stream

    Value stream defined:

    Value Streams

    Design Product

    Produce Product

    Sell Product

    Customer Service

    • Manufacturers work proactively to design products and services that will meet consumer demand.
    • Products are driven by consumer demand and government regulations.
    • Production processes and labor costs are constantly analyzed for efficiencies and accuracies.
    • Quality of product and services are highly regulated through all levels of the supply chain.
    • Sales networks and sales staff deliver the product from the organization to the end consumer.
    • Marketing plays a key role throughout the value stream, connecting consumers’ wants and needs to the products and services offered.
    • Relationships with consumers continue after the sale of products and services.
    • Continued customer support and data mining is important to revenue streams.

    Value streams connect business goals to the organization’s value realization activities in the marketplace. Those activities are dependent on the specific industry segment in which an organization operates.

    There are two types of value streams: core value streams and support value streams.

    • Core value streams are mostly externally facing. They deliver value to either an external or internal customer and they tie to the customer perspective of the strategy map.
    • Support value streams are internally facing and provide the foundational support for an organization to operate.

    An effective method for ensuring all value streams have been considered is to understand that there can be different end-value receivers.

    Process mapping hierarchy

    The image contains a screenshot of the PCF levels explained. The levels are 1-5. The levels are: Category, Process Group, Process, Activity, and Task.

    Source: APQC

    APQC provides a process classification framework. It allows organizations to effectively define their processes and manage them appropriately.

    APQC’s Process Classification Framework

    Cross-industry classification framework

    Level 1 Level 2 Level 3 Level 4

    Market and sell products and services

    Understand markets, customers, and capabilities

    Perform customer and market intelligence analysis

    Conduct customer and market research

    Market and sell products and services

    Develop a sales strategy

    Develop a sales forecast

    Gather current and historic order information

    Deliver services

    Manage service delivery resources

    Manage service delivery resource demand

    Develop baseline forecasts

    ? ? ? ?

    Info-Tech Insight

    Focus your initial assessment on the level 1 processes that matter to your organization. This allows you to target your scant resources on the areas of optimization that matter most to the organization and minimize the effort required from your business partners. You may need to iterate the assessment as challenges are identified. This allows you to be adaptive and deal with emerging issues more readily and become a more responsive partner to the business.

    SAP modules and process enablement

    Cloud/Hardware

    Fiori

    Analytics

    Integrations

    Extended Solutions

    R&D Engineering

    • Enterprise Portfolio and Project Management
    • Product Development Foundation
    • Enterprise Portfolio and Project Management
    • Product Lifecycle Management
    • Product Compliance
    • Enterprise Portfolio and Project Management
    • Product Safety and Stewardship
    • Engineering Record

    Sourcing and Procurement

    • Procurement Analytics
    • Sourcing & Contract Management
    • Operational Procurement
    • Invoice Management
    • Supplier Management

    Supply Chain

    • Inventory
    • Delivery & Transportation
    • Warehousing
    • Order Promising

    Asset Management

    • Maintenance Operations
    • Resource Scheduling
    • Env, Health and Safety
    • Maintenance Management
    The image contains a diagram of the SAP enterprise resource planning. The diagram includes a circle with smaller circles all around it. The inside of the circle contains SAP logos. The circles around the big circle are labelled: Human Resources Management, Sales, Marketing, Customer Service, Asset Management, Logistics, Supply Chain Management, Manufacturing, R&D and Engineering, and Finance.

    Finance

    • Financial Planning and Analysis
    • Accounting and Financial Close
    • Treasury Management
    • Financial Operations
    • Governance, Risk & Compliance
    • Commodity Management

    Human Resources

    • Core HR
    • Payroll
    • Timesheets
    • Organization Management
    • Talent Management

    Sales

    • Sales Support
    • Order and Contract Management
    • Agreement Management
    • Performance Management

    Service

    • Service Operations and Processes
    • Basic Functions
    • Workforce Management
    • Case Management
    • Professional Services
    • Service Master Data Management
    • Service Management

    Beyond the core

    The image contains a screenshot of a diagram to demonstrate beyond the core. In the middle of the image is S/4 Core, and the BTP: Business Technology Platform. Surrounding it are: SAP Fieldglass, SAP Concur, SAP Success Factors, SAP CRM SAO Hybris, SAP Ariba. On the left side of the image are: Business Planning and Consolidations, Transportation Management System, Integrated Business Planning, Extended Warehouse Management.

    1.3.3 Inventory your SAP modules and business capabilities

    1-3+ hours

    1. Look at the major functions or processes within the scope of ERP.
    2. From the inventory of current systems, choose the submodules or processes that you want to investigate and are within scope for this optimization initiative.
    3. Use tab 1.3 “SAP Capabilities” in Get the Most Out of Your SAP Workbook for a list of common SAP Level 1 and Level 2 modules/business capabilities.
    4. List the top modules, capabilities, or processes that will be within the scope of this optimization initiative.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of an example of what to do for the activity 1.3.3.

    Download the Get the Most Out of Your SAP Workbook

    1.3.4 Define your key SAP optimization modules and business capabilities

    1-3+ hours

    1. Look at the major functions or processes within the scope of ERP.
    2. From the inventory of current systems, choose the submodules or processes for this optimization initiative. Base this on those that are most critical to the business, those with the lowest levels of satisfaction, or those that perhaps need more knowledge around them.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of the Key SAP Optimization Capabilities.

    Download the Get the Most Out of Your SAP Workbook

    Step 1.4

    Define Optimization Timeframe

    Activities

    1.4.1 Define SAP key dates and SAP optimization roadmap timeframe and structure

    This step will guide you through the following activities:

    • Defining key dates related to your optimization initiative
    • Identifying key building blocks for your optimization roadmap

    This step involves the following participants:

    • SAP Optimization Team
    • Vendor Management

    Outcomes of this step

    • Optimization Key Dates
    • Optimization Roadmap Timeframe and Structure

    1.4.1 Optimization roadmap timeframe and structure

    1-3+ hours

    1. Record key items and dates relevant to your optimization initiatives, such as any products reaching end of life or end of contract or budget proposal submission deadlines.
    2. Enter the expected Optimization Initiative Start Date.
    3. Enter the Roadmap Length. This is the total amount of time you expect to participate in the SAP optimization initiative.
    4. This includes short-, medium- and long-term initiatives.
    5. Enter your Roadmap Date markers: how you want dates displayed on the roadmap.
    6. Enter Column time values: what level of granularity will be helpful for this initiative?
    7. Enter the sprint or cycle timeframe; use this if following Agile.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of the Optimization Roadmap Timeframe and Structure.

    Download the Get the Most Out of Your SAP Workbook

    Step 1.5

    Understand SAP Costs

    Activities

    1.5.1 Document costs associated with SAP

    This step will walk you through the following activities:

    • Define your SAP direct and indirect costs
    • List your SAP expense line items

    This step involves the following participants:

    • Finance Representatives
    • SAP Optimization Team

    Outcomes of this step

    • Current SAP and related costs

    1.5.1 Document costs associated with SAP

    1-3 hours

    Before you can make changes and optimization decisions, you need to understand the high-level costs associated with your current application architecture. This activity will help you identify the types of technology and people costs associated with your current systems.

    1. Identify the types of technology costs associated with each current system:
      1. System Maintenance
      2. Annual Renewal
      3. Licensing
    2. Identify the cost of people associated with each current system:
      1. Full-Time Employees
      2. Application Support Staff
      3. Help Desk Tickets

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of the activity 1.5.1 on documenting costs associated with SAP.

    Download the Get the Most Out of Your SAP Workbook

    Phase 2

    Assess Your Current State

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    1.1 Identify Stakeholders and Build Your Optimization Team

    1.2 Build an SAP Strategy Model

    1.3 Inventory Current System State

    1.4 Define Optimization Timeframe

    1.5 Understand SAP Costs

    2.1 Assess SAP Capabilities

    2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

    3.1 Prioritize Optimization Opportunities

    3.2 Discover Optimization Initiatives

    4.1 Build Your Optimization Roadmap

    This phase will walk you through the following activities:

    • Determine process relevance
    • Perform a gap analysis
    • Perform a user satisfaction survey
    • Assess software and vendor satisfaction

    This phase involves the following participants:

    • SAP Optimization Team
    • Users across functional areas of your ERP and related technologies

    Step 2.1

    Assess SAP Capabilities

    Activities

    2.1.1 Rate capability relevance to organizational goals

    2.1.2 Complete an SAP application portfolio assessment

    2.1.3 (Optional) Assess SAP process maturity

    This step will guide you through the following activities:

    • Capability relevance
    • Process gap analysis
    • Application Portfolio Assessment

    This step involves the following participants:

    • SAP Users

    Outcomes of this step

    • SAP Capability Assessment

    Benefits of the Application Portfolio Assessment

    The image contains a screenshot of the activity of assessing the health of the application portfolio.

    Assess the health of the application portfolio

    • Get a full 360-degree view of the effectiveness, criticality, and prevalence of all relevant applications to get a comprehensive view of the health of the applications portfolio.
    • Identify opportunities to drive more value from effective applications, retire nonessential applications, and immediately address at-risk applications that are not meeting expectations.
    The image contains a screenshot of the activity on providing targeted department feedback.

    Provide targeted department feedback

    • Share end-user satisfaction and importance ratings for core IT services, IT communications, and business enablement to focus on the right end-user groups or lines of business, and ramp up satisfaction and productivity.
    The image contains a screenshot of the activity on gaining insight into the state of data quality.

    Gain insight into the state of data quality

    • Data quality is one of the key issues causing poor CRM user satisfaction and business results. This can include the relevance, accuracy, timeliness, or usability of the organization’s data.
    • Targeted, open-ended feedback around data quality will provide insight into where optimization efforts should be focused.

    2.1.1 Complete a current-state assessment (via the Application Portfolio Assessment)

    3 hours

    Option 1: Use Info-Tech’s Application Portfolio Assessment to generate your user satisfaction score. This tool not only measures application satisfaction but also elicits great feedback from users regarding the support they receive from the IT team around SAP.

    1. Download the ERP Application Inventory Tool.
    2. Complete the “Demographics” tab (tab 2).
    3. Complete the “Inventory” tab (tab 3).
      1. Complete the inventory by treating each module within your SAP system as an application.
      2. Treat every department as a separate column in the department section. Feel free to add, remove, or modify department names to match your organization.
      3. Include data quality for all applications applicable.

    Option 2: Create a survey manually.

    1. Use tab (Reference) 2.1 “APA Questions” as a guide for creating your survey.
    2. Send out surveys to end users.
    3. Modify tab 2.1, “SAP Assessment,” if required.

    Record Results

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of the Application Portfolio Assessment.

    Download the ERP Application Inventory Tool

    Download the Get the Most Out of Your SAP Workbook

    Sample Report from Application Portfolio Assessment.

    The image contains a screenshot of a sample report from the Application Portfolio Assessment.

    2.1.2 (Optional) Assess SAP process and technical maturity

    1-3 hours

    1. As with any ERP system, the issues encountered may not be related to the system itself but processes that have developed over time.
    2. Use this opportunity to interview key stakeholders to learn about deeper capability processes.
    • Identify key stakeholders.
    • Hold sessions to document deeper processes.
    • Discuss processes and technical enablement in each area.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains an example of the process maturity activity.

    Download the Get the Most Out of Your SAP Workbook

    Process Maturity Assessment

    The image contains a screenshot of the Process Maturity Assessment.

    Step 2.2

    Review Your Satisfaction With the Vendor/Product and Willingness for Change

    Activities

    2.2.1 Rate your vendor and product satisfaction

    2.2.2 Review SAP product scores (if applicable)

    2.2.3 Evaluate your product satisfaction

    2.2.4 Check your business process change tolerance

    This step will guide you through the following activities:

    • Rate your vendor and product satisfaction
    • Compare with survey data from SoftwareReviews

    This step involves the following participants:

    • SAP Product Owner(s)
    • Procurement Representative
    • Vendor Contracts Manager

    Outcomes of this step

    • Quantified satisfaction with vendor and product

    2.2.1 Rate your vendor and product satisfaction

    30 minutes

    Use Info-Tech’s vendor satisfaction survey to identify optimization areas with your ERP product(s) and vendor(s).

    1. Option 1 (recommended): Conduct a satisfaction survey using SoftwareReviews. This option allows you to see your results in the context of the vendor landscape.
    2. Option 2: Use the Get the Most Out of Your SAP Workbook to review your satisfaction with your SAP software.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of the activity Vendor Optimization.

    SoftwareReviews’ Enterprise Resource Planning Category

    Download the Get the Most Out of Your SAP Workbook

    2.2.2 Review SAP product scores (if applicable)

    30 minutes

    1. Download the scorecard for your SAP product from the SoftwareReviews website. (Note: Not all products are represented or have sufficient data, so a scorecard may not be available.)
    2. Use the Get the Most Out of Your SAP Workbook tab 2.2 “Vend. & Prod. Sat” to record the scorecard results.
    3. Use your Get the Most Out of Your SAP Workbook to flag areas where your score may be lower than the product scorecard. Brainstorm ideas for optimization.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of the activity 2.2.2 review SAP product scores.

    Download the Get the Most Out of Your SAP Workbook

    SoftwareReviews’ Enterprise Resource Planning Category

    2.2.3 How does your satisfaction compare with your peers?

    Use SoftwareReviews to explore product features, vendor experience, and capability satisfaction.

    The image contains two screenshots of SoftwareReviews. One is of the ERP Mid-Market, and the second is of the ERP Enterprise.

    Source: SoftwareReviews ERP Mid-Market, April 2022

    Source: SoftwareReviews ERP Enterprise, April 2022

    2.2.4 Check your business process change tolerance

    1 hours

    1. As a group, review the level 0 business capabilities on the previous slide.
    2. Assess the department’s willingness for change and the risk of maintaining the status quo.
    3. Color-code the level 0 business capabilities based on:
    • Green – Willing to follow best practices
    • Yellow – May be challenging or unique business model
    • Red – Low tolerance for change
  • For clarity, move to level 1 if specific areas need to be called out and use the same color code.
  • Input Output
    • Business process capability map
    • Heat map of risk areas that require more attention for validating best practices or minimizing customization
    Materials Participants
    • Whiteboard/flip charts
    • Get the Most Out of Your SAP Workbook
    • Implementation team
    • CIO
    • Key stakeholders

    Download Get the Most Out of Your SAP Workbook for additional process levels

    Heat map representing desire for best practice or those having the least tolerance for change

    The image contains a screenshot of a heat map to demonstrate desire for best practice or those having the least tolerance for change.

    Determine the areas of risk to conform to best practice and minimize customization. These will be areas needing focus from the vendor supporting change and guiding best practice. For example: Must be able to support our unique process manufacturing capabilities and enhance planning and visibility to detailed costing.

    Phase 3

    Identify Key Optimization Opportunities

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    1.1 Identify Stakeholders and Build Your Optimization Team

    1.2 Build an SAP Strategy Model

    1.3 Inventory Current System State

    1.4 Define Optimization Timeframe

    1.5 Understand SAP Costs

    2.1 Assess SAP Capabilities

    2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

    3.1 Prioritize Optimization Opportunities

    3.2 Discover Optimization Initiatives

    4.1 Build Your Optimization Roadmap

    This phase will walk you through the following activities:

    • Identify key optimization areas
    • Create an optimization roadmap

    This phase involves the following participants:

    • SAP Optimization Team

    Assessing application business value

    In this context…business value is

    the value of the business outcome that the application produces. Additionally, it is how effective the application is at producing that outcome.

    Business value is not

    the user’s experience or satisfaction with the application.

    The image contains a screenshot of a Venn Diagram. In the left circle, labelled The Business it contains the following text: Keepers of the organization’s mission, vision, and value statements that define IT success. The business maintains the overall ownership and evaluation of the applications. In the right circle labelled IT, it contains the following text: Technical subject-matter experts of the applications they deliver and maintain. Each IT function works together to ensure quality applications are delivered to stakeholder expectations. The middle space is labelled: Business Value of Applications.

    First, the authorities on business value need to define and weigh their value drivers that describe the priorities of the organization. This will allow the applications team to apply a consistent, objective, and strategically aligned evaluation of applications across the organization.

    Brainstorm IT initiatives to enable high areas of opportunity to support the business

    Brainstorm ERP optimization initiatives in each area. Ensure you are looking for all-encompassing opportunities within the context of IT, the business, and SAP systems.

    Capabilities are what the system and business does that creates value for the organization. Optimization initiatives are projects with a definitive start and end date, and they enhance, create, maintain, or remove capabilities with the goal of increasing value.

    The image contains a Venn Diagram with 3 circles. The circles are labelled as: Process, Technology, and Organization.

    Info-Tech Insight

    Enabling a high-performing organization requires excellent management practices and continuous optimization efforts. Your technology portfolio and architecture are important, but we must go deeper. Taking a holistic view of ERP technologies in the environments in which they operate allows for the inclusion of people and process improvements – this is key to maximizing business results. Using a formal ERP optimization initiative will drive business-IT alignment, identify IT automation priorities, and dig deep into continuous process improvement.

    Address process gaps:

    • ERP and related technologies are invaluable to the goal of organizational enablement, but they must have supported processes driven by business goals.
    • Identify areas where capabilities need to be improved and work toward optimization.

    Support user satisfaction:

    • The best technology in the world won’t deliver business results if it’s not working for the users who need it.
    • Understand concerns, communicate improvements, and support users in all roles.

    Improve data quality:

    • Data quality is unique to each business unit and requires tolerance, not perfection.
    • Implement data quality initiatives that are aligned with overall business objectives and aimed at addressing data practices and the data itself.

    Proactively manage vendors:

    • Vendor management is a critical component of technology enablement and IT satisfaction.
    • Assess your current satisfaction against that of your peers and work toward building a process that is best fit for your organization.

    Step 3.1

    Prioritize Optimization Opportunities

    Activities

    3.1.1 Prioritize optimization capability areas

    This step will guide you through the following activities:

    • Explore existing process gaps
    • Identify the impact of processes on user satisfaction
    • Identify the impact of data quality on user satisfaction
    • Review your overall product satisfaction and vendor management

    This step involves the following participants:

    • SAP Optimization Team

    Outcomes of this step

    • Application optimization plan

    The Business Value Matrix

    Rationalizing and quantifying the value of SAP

    Benefits can be realized internally and externally to the organization or department and have different drivers of value.

    • Financial benefits refer to the degree to which the value source can be measured through monetary metrics and are often quite tangible.
    • Human benefits refer to how an application can deliver value through a user’s experience.
    • Inward refers to value sources that have an internal impact and improve your organization’s effectiveness and efficiency in performing its operations.
    • Outward refers to value sources that come from your interaction with external factors, such as the market or your customers.

    Organizational Goals

    • Increased Revenue
    • Application functions that are specifically related to the impact on your organization’s ability to generate revenue and deliver value to your customers.

    • Reduced Costs
    • Reduction of overhead. The ways in which an application limits the operational costs of business functions.

    • Enhanced Services
    • Functions that enable business capabilities that improve the organization’s ability to perform its internal operations.

    • Reach Customers
    • Application functions that enable and improve the interaction with customers or produce market information and insights.

    Business Value Matrix

    The image contains a screenshot of a Business Value Matrix. It includes: Reach Customers, Increase Revenue or Deliver Value, Reduce Costs, and Enhance Services.

    Prioritize SAP optimization areas that will bring the most value to the organization

    Review your ERP capability areas and rate them according to relevance to organizational goals. This will allow you to eliminate optimization ideas that may not bring value to the organization.

    The image contains a screenshot of a graph that compares satisfaction by relevance to organizational goals to demonstrate high priority.

    3.1.1 Prioritize and rate optimization capability areas

    1-3 hours

    1. From the SAP capabilities, discuss areas of scope for the SAP optimization initiative.
    2. Discuss the four areas of the business value matrix and identify how each module, along with organizational goals, can bring value to the organization.
    3. Rate each of your SAP capabilities for the level of importance to your organization. The levels of importance are:
    • Crucial
    • Important
    • Secondary
    • Unimportant
    • Not applicable

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of activity 3.1.1.

    Download the Get the Most Out of Your SAP Workbook

    Step 3.2

    Discover Optimization Initiatives

    Activities

    3.2.1 Discover product and vendor satisfaction opportunities

    3.2.2 Discover capability and feature optimization opportunities

    3.2.3 Discover process optimization opportunities

    3.2.4 Discover integration optimization opportunities

    3.2.5 Discover data optimization opportunities

    3.2.6 Discover SAP cost-saving opportunities

    This step will guide you through the following activities:

    • Explore existing process gaps
    • Identify the impact of processes on user satisfaction
    • Identify the impact of data quality on user satisfaction
    • Review your overall product satisfaction and vendor management

    This step involves the following participants:

    • SAP Optimization Team

    Outcomes of this step

    • Application optimization plan

    Satisfaction with SAP product

    The image contains three screenshots to demonstrate satisfaction with sap product.

    Improving vendor management

    Create a right-size, right-fit strategy for managing the vendors relevant to your organization.

    The image contains a diagram to demonstrate lower strategic value, higher vendor spend/switching costs, higher strategic value, and lower vendor spend/switching costs.

    Info-Tech Insight

    A vendor management initiative (VMI) is an organization’s formalized process for evaluating, selecting, managing, and optimizing third-party providers of goods and services.

    The amount of resources you assign to managing vendors depends on the number and value of your organization’s relationships. Before optimizing your vendor management program around the best practices presented in Info-Tech’s Jump Start Your Vendor Management Initiative blueprint, assess your current maturity and build the process around a model that reflects the needs of your organization.

    Note: Info-Tech uses VMI interchangeably with the terms “vendor management office (VMO),” “vendor management function,” “vendor management process,” and “vendor management program.”

    Jump Start Your Vendor Management Initiative

    3.2.1 Discover product and vendor satisfaction

    1-2 hours

    1. Use tab 3.1 “Optimization Priorities” and tab 2.2 “Vend. & Prod. Sat” to review the capabilities and features of your SAP system.
    2. Answer the following questions:
      1. Document overall product satisfaction.
      2. How does your satisfaction compare with your peers?
      3. Is the overall system fit for use?
      4. Do you have a proactive vendor management strategy in place?
      5. Is the product dissatisfaction at the point that you need to evaluate if it is time to replace the product?
      6. Could your vendor or Systems Integrator help you achieve better results?
    3. Review the Value Effort Matrix for each initiative.

    Record this information in the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    Examples from Application Portfolio Assessment

    The image contains screenshots from the Application Portfolio Assessment.

    3.2.2 Discover capability and feature optimization opportunities

    1-2 hours

    1. Use tab 3.1 “Optimization Priorities” and tab 2.2 “Vend. & Prod. Sat” to review the capabilities and features of your SAP system.
    2. Answer the following questions:
      1. What capabilities and features are performing the worst?
      2. Do other organizations and users struggle with these areas?
      3. Why is it not performing well?
      4. Is there an opportunity for improvement?
      5. What are some optimization initiatives that could be undertaken?
    3. Review the Value Effort Matrix for each initiative.

    Record this information in the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    Process optimization: the hidden goldmine

    In ~90% of SAP business process analysis reports, SAP identified significant potential for improving the existing SAP implementation, i.e. the large majority of customers are not yet using their SAP Business Suite to the full extent.

    Goals of Process Improvement

    Process Improvement Sample Areas

    Improvement Possibilities

    • Optimize business and improve value drivers
    • Reduce TCO
    • Reduce process complexity
    • Eliminate manual processes
    • Increase efficiencies
    • Support digital transformation and enablement
    • Order to cash
    • Procure to pay
    • Order to replenish
    • Plan to produce
    • Request to settle
    • Make to order
    • Make to stock
    • Purchase to order
    • Increase number of process instances processed successfully end-to-end
    • Increase number of instances processed in time
    • Increase degree of process automation
    • Speed up cycle times of supply chain processes
    • Reduce number of process exceptions
    • Apply internal best practices across organizational units

    3.2.3 Discover process optimization opportunities

    1-2 hours

    1. Use exercise 2.13 and tab 2.1 “SAP Current State Assessment” to assess process optimization opportunities.
    2. List underperforming capabilities around process.
    3. Answer the following:
      1. What is the state of the current processes?
      2. Is there an opportunity for process improvement?
      3. What are some optimization initiatives that could be undertaken in this area?

    Record this information in the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    Integration provides long-term usability

    Balance the need for secure, compliant data availability with organizational agility.

    The Benefits of Integration

    The Challenges of Integration

    • The largest benefit is the extended use of data. The ERP data can be used in the enterprise-level business intelligence suite rather than the application-specific analytics.
    • Enhanced data security. Integrated approaches lend themselves to auditable processes such as sign-on and limiting the email movement of data.
    • Regulatory compliance. Large multi-site organizations have many layers of regulation. A clear understanding of where orders, deliveries, and payments were made streamlines the audit process.
    • Extending a single instance ERP to multiple sites. The challenge for data management is the same as any SaaS application. The connection and data replication present challenges.
    • Combining data from equally high-volume systems. For SAP it is recommended that one instance is set to primary and all other sites are read-only to maintain data integrity.
    • Incorporating data from the separate system(s). The proprietary and locked-in nature of the data collection and definitions for ERP systems often limit the movement of data between separate systems.

    Common integration and consolidation scenarios

    Financial Consolidation

    Data Backup

    Synchronization Across Sites

    Legacy Consolidation

    • Require a holistic view of data format and accounting schedules.
    • Use a data center as the main repository to ensure all geographic locations have equal access to the necessary data.
    • Set up synchronization schedules based on data usage, not site location.
    • Carefully define older transactions. Only active transactions should be brought in the ERP. Send older data to storage.
    • Problem: Controlling financial documentation across geographic regions.
      Most companies are required to report in each region where they maintain a presence. Stakeholders and senior management also need a holistic view. This leads to significant strain on the financial department to consolidate both revenue and budget allocations for cross-site projects across the various geographic locations on a regular basis.
    • Solution: For enterprises with a single vendor, SAP-only portfolios, SAP can offer integration tools. For those needing to integrate with other ERPs, the use of a connector may be required to send financial data to the main system. The format and accounting calendar for transactions should match the primary ERP system to allow consolidation. The local-specific format should be a role-based customization at the level of the site’s specific instance.
    • Problem: ERP systems generate high volumes of data. Most systems have a defined schedule of back-up during off-hours. Multi-instance brings additional issues through lack of defined off-hours, higher volume of data, and the potential for cross-site or instance data relationships. This leads to headaches for both the database administrator and business analysts.
    • Solution: The best solution is an off-site data center with high availability. This may include cloud storage or hosted data centers. Regardless of where the data is stored, centralize the data and replicate to each site. Ensure that the data center can mirror the database and binary large object (BLOB) storage that exists for each site.
    • Problem: Providing access to up-to-date transactions requires copying of both contextual information (permissions, timestamp, location, history) and the transaction itself across multiple sites to allow local copies to be used for analysis and audits. The sheer volume of information makes timely synchronization difficult.
    • Solution: Not all data needs to be synchronized in a timely fashion. In SAP, administrators can use NetWeaver to maintain and alter global data synchronization through the Master Data Management module. Permissions can be given to users to perform on-demand synchronization of data attached to that user.
    • The Problem: Subsidiaries and acquired companies often have a Tier 2 ERP product. Prior to fully consolidating the processes many enterprises will want to migrate data to their ERP system to build compliance and audit trails. Migration of data often breaks historical linkages between transactions.
    • Solution: SAP offers tools to integrate data across applications that can be used as part of a data migration strategy. The process of data migration should be combined with data warehousing to ensure a cost-effective process. For most enterprises, the lack of experience in data migration will necessitate the use of consultants and independent software vendors (ISV).

    For more information: Implement a Multi-site ERP

    3.2.4 Discover integration optimization opportunities

    1-2 hours

    1. Use tab 1.3.1 “SAP Application Inventory” to discuss integrations and how they are related to capability areas that are not performing well.
    2. List capabilities that might be affected by integration issues. Think about exercise 3.2.1 and discuss how integrations could be affecting overall product satisfaction.
    3. Answer the following:
      1. Are there some areas where integration could be improved?
      2. Is there an opportunity for process improvement?
      3. What are some optimization initiatives that could be undertaken in this area?

    Record this information in the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    System and data optimization

    Consolidating your business and technology requires an overall system and data migration plan.

    The image contains a screenshot of a diagram that demonstrates three different integrations: system, organization, and data.

    Info-Tech Insight

    Have an overall data migration plan before beginning your systems consolidation journey to S/4HANA.

    Use a data strategy that fixes the enterprise-wide data management issues

    Your data management must allow for flexibility and scalability for future needs.

    IT has several concerns around ERP data and wide dissemination of that data across sites. Large organizations can benefit from building a data warehouse or at least adopting some of the principles of data warehousing. The optimal way to deal with the issue of integration is to design a metadata-driven data warehouse that acts as a central repository for all ERP data. They serve as the storage facility for millions of transactions, formatted to allow analysis and comparison.

    Key considerations:

    • Technical: At what stage does data move to the warehouse? Can processes be automated to dump data or to do a scheduled data movement?
    • Process: Data integration requires some level of historical context for all data. Ensure that all data has multiple metadata tags to future-proof the data.
    • People: Who will be accessing the data and what are the key items that users will need to adapt to the data warehouse process?

    Info-Tech Insight

    Data warehouse solutions can be expensive. See Info-Tech’s Build a Data Warehouse on a Solid Foundation for guidance on what options are available to meet your budget and data needs.

    Optimizing SAP data, additional considerations

    Data Quality Management

    Effective Data Governance

    Data-Centric Integration Strategy

    Extensible Data Warehousing

    • Prevention is ten times cheaper than remediation. Stop fixing data quality with band-aid solutions and start fixing at the source of the problem.
    • Data quality is unique to each business unit and requires tolerance, not perfection. If the data allows the business to operate at the desired level, don’t waste time fixing data that may not need to be fixed.
    • Implement a set of data quality initiatives that are aligned with overall business objectives and aimed at addressing data practices and the data itself.
    • Develop a prioritized data quality improvement project roadmap and long-term improvement strategy.
    • Build related practices with more confidence and less risk after achieving an appropriate level of data quality.
    • Data governance enables data-driven insight. Think of governance as a structure for making better use of data.
    • Collaboration is critical. The business may own the data, but IT understands the data. Data governance will not work unless the business and IT work together.
    • Data governance powers the organization up the data value chain through policies and procedures, master data management, data quality, and data architecture.
    • Create a roadmap to prioritize initiatives and delineate responsibilities among data stewards, data owners, and the data governance steering committee.
    • Ensure buy-in from business and IT stakeholders. Communicate initiatives to end users and executives to reduce resistance.
    • Every enterprise application involves data integration. Any change in the application and database ecosystem requires you to solve a data integration problem.
    • Data integration is becoming more and more critical for downstream functions of data management and for business operations to be successful. Poor integration holds back these critical functions.
    • Build your data integration practice with a firm foundation in governance and a reference architecture. Ensure that your process is scalable and sustainable.
    • Support the flow of data through the organization and meet the organization’s requirements for data latency, availability, and relevancy.
    • Data availability must be frequently reviewed and repositioned to continue to grow with the business.
    • A data warehouse is a project, but successful data warehousing is a program. An effective data warehouse requires planning beyond the technology implementation.
    • Governance, not technology, needs to be the core support system for enabling a data warehouse program.
    • Leverage an approach that focuses on constructing a data warehouse foundation that can address a combination of operational, tactical, and ad hoc business needs.
    • Invest time and effort to put together pre-project governance to inform and guide your data warehouse implementation.
    • Select the most suitable architecture pattern to ensure the data warehouse is “built right” at the very beginning.

    Restore Trust in Your Data Using a Business-Aligned Data Quality Management Approach

    Establish Data Governance

    Build a Data Integration Strategy

    Build an Extensible Data Warehouse Foundation

    Data Optimization

    Organizations are faced with challenges associated with changing data landscapes.

    Data migrations should not be taken lightly. It requires an overall data governance to assure data integrity for the move to S/4HANA and beyond.

    Have a solid plan before engaging S/4HANA Migration Cockpit.

    Develop a Master Data Management Strategy and Roadmap

    • Master data management (MDM) is complex in practice and requires investments in governance, technology, and planning.
    • Develop a MDM strategy and initiative roadmap using Info-Tech’s MDM framework, which takes data governance, architecture, and other critical data capabilities into consideration.

    Establish Data Governance

    • Ensure your data governance program delivers measurable business value by aligning the associated data governance initiatives with the business architecture.
    • Data governance must continuously align with the organization’s enterprise governance function. It should not be perceived as a pet project of IT but rather as an enterprise-wide, business-driven initiative.
    The image contains a screenshot of the S/4HANA Migration Cockpit.

    3.2.5 Discover data optimization opportunities

    1-2 hours

    1. Use your APA or user satisfaction survey to understand issues related to data.
      Note: Data issues happen for a number of reasons:
    • Poor underlying data in the system
    • More than one source of truth
    • Inability to consolidate data
    • Inability to measure KPIs effectively
    • Reporting that is cumbersome or non-existent
  • List underperforming capabilities related to data.
  • Answer the following:
    1. What are some underlying issues?
    2. Is there an opportunity for data improvement?
    3. What are some optimization initiatives that could be undertaken in this area?

    Record this information in the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    SAP cost savings

    SAP cost savings does not have to be complicated.

    Look for quick wins:

    • Evaluate user licensing:
      • Ensure you are not double paying for employees or paying for employees who are no longer with the organization.
      • Verify user activity – if users are accessing the system very infrequently it does not make sense to license them as full users.
      • Audit your user classifications – ensure title positions and associated licenses are up to date.
    • Curb data sprawl.
    • Consolidate applications.

    30-35% of SAP customers likely have underutilized assets. This can add up to millions in unused software and maintenance.

    -Riley et al.

    20% Only 20 percent of companies manage to capture more than half the projected benefits from ERP systems.

    -McKinsey
    The image contains a screenshot of the Explore the Secrets of SAP Software Contracts to Optimize Spend and Reduce Compliance Risk.

    Explore the Secrets of SAP Software Contracts to Optimize Spend and Reduce Compliance Risk

    The image contains a screenshot of Secrets of SAP S/4HANA Licensing.

    Secrets of SAP S/4HANA Licensing

    License Optimization

    With the relatively slow uptake of the S/4HANA platform, the pressure is immense for SAP to maintain revenue growth.

    SAP’s definitions and licensing rules are complex and vague, making it extremely difficult to purchase with confidence while remaining compliant.

    Without having a holistic negotiation strategy, it is easy to hit a common obstacle and land into SAP’s playbook, requiring further spend.

    Price Benchmarking & Negotiation

    • Use price benchmarking and negotiation intelligence to secure a market-competitive price.
    • Understand negotiation tactics that can be used to better your deal.

    Secrets of SAP S/4HANA Licensing:

    • Build a business case to evaluate S/4HANA.
    • Understand the S/4HANA roadmap and map current functionality to ensure compatibility.

    SAP’s 2025 Support End of Life Date Delayed…As Predicted Here First

    • The math simply did not add up for SAP.
    • Extended support post 2027 is a mixed bag.

    3.2.6 Discover SAP cost-saving opportunities

    1-2 hours

    1. Use tab 1.5 “Current Costs” as an input for this exercise.
    2. Look for opportunities to cut SAP costs, both quick-wins and long-term strategy.
    3. Review Info-Tech’s SAP vendor management resources to understand cost-saving strategies:
    4. List cost-savings initiatives and opportunities.

    Record this information in the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    Other optimization opportunities

    There are many opportunities to improve your SAP portfolio. Choose the ones that are right for your business:

    • Artificial intelligence (AI) (and management of the AI lifecycle)
    • Machine learning (ML)
    • Augment business interactions
    • Automatically execute sales pipelines
    • Process mining
    • SAP application monitoring
    • Be aware of the SAP product roadmap
    • Implement and take advantage of SAP tools and product offerings

    Phase 4

    Build Your Optimization Roadmap

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    1.1 Identify Stakeholders and Build Your Optimization Team

    1.2 Build an SAP Strategy Model

    1.3 Inventory Current System State

    1.4 Define Optimization Timeframe

    1.5 Understand SAP Costs

    2.1 Assess SAP Capabilities

    2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

    3.1 Prioritize Optimization Opportunities

    3.2 Discover Optimization Initiatives

    4.1 Build Your Optimization Roadmap

    This phase will walk you through the following activities:

    • Review the different options to solve the identified pain points
    • Build out a roadmap showing how you will get to those solutions
    • Build a communication plan that includes the stakeholder presentation

    This phase involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP applications support team

    Get the Most Out of Your SAP

    Step 4.1

    4.1 Build Your Optimization Roadmap

    Activities

    4.1.1 Pick your path

    4.1.2 Pick the right SAP migration path

    4.1.3 Build a roadmap

    4.1.4 Build a visual roadmap

    This step will walk you through the following activities:

    • Review the different options to solve the identified pain points then build out a roadmap of how to get to that solution.

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP applications support team

    Outcomes of this step

    • A strategic direction is set
    • An initial roadmap is laid out

    Choose the right path for your organization

    There are several different paths you can take to achieve your ideal future state. Make sure to pick the one that suits your needs as defined by your current state.

    The image contains a diagram to demonstrate the different paths that can be taken. The pathways are: Optimize current system, augment current system, consolidate current systems, upgrade system, and replace system.

    Explore the options for achieving your ideal future state

    CURRENT STATE

    STRATEGY

    There is significant evidence of poor user satisfaction, inefficient processes, lack of data usage, poor integrations, and little vendor management. Look for opportunities to improve the system.

    OPTIMIZE CURRENT SYSTEM

    Your existing application is, for the most part, functionally rich but may need some tweaking. Spend time and effort building and enhancing additional functionalities or consolidating and integrating interfaces.

    AUGMENT CURRENT SYSTEM

    Your ERP application portfolio consists of multiple apps serving the same functions. Consolidating applications with duplicate functionality is more cost efficient and makes integration and data sharing simpler.

    CONSOLIDATE CURRENT SYSTEMS

    The current system is reaching end of life and the software vendor offers a fit-for-use upgrade or system to which you can migrate. Prepare your migration strategy to move forward on the product roadmap.

    UPGRADE SYSTEM

    The current SAP system and future SAP roadmap are not fit for use. Vendor satisfaction is at an all-time low. Revisit your ERP strategy as you move into requirements gathering and selection.

    REPLACE SYSTEM

    Option: Optimize your current system

    Look for process, workflow, data usage, and vendor relation improvements.

    MAINTAIN CURRENT SYSTEM

    Keep the system but look for optimization opportunities.

    Your existing application portfolio satisfies both functionality and integration requirements. The processes surrounding it likely need attention, but the system should be considered for retention.

    Maintaining your current system entails adjusting current processes and/or adding new ones and involves minimal cost, time, and effort.

    INDICATORS

    POTENTIAL SOLUTIONS

    People

    • User satisfaction is in the mid-range
    • There is an opportunity to rectify problems
    • Contact vendor to inquire about employee training opportunities
    • Build a change management strategy

    Process

    • Processes are old and have not been optimized
    • There are many manual processes and workarounds
    • Low process maturity or undocumented inconsistent processes
    • Explore process reengineering and process improvement opportunities
    • Evaluate and standardize processes

    Technology

    • No major capability gaps
    • Supported for 5+ years
    • Explore opportunities outside of the core technology including workflows, integrations, and reporting

    Alternative 1: Optimize your current system

    MAINTAIN CURRENT SYSTEM

    • Keep your SAP system running
    • Invest in resolving current challenges
    • Automate manual processes where appropriate
    • Improve/modify current system
    • Evaluate current system against requirements/processes
    • Reimplement functionality

    Alternative Overview

    Initial Investment ($)

    Medium

    Risk

    Medium

    Change Management Required

    Medium

    Operating Costs ($)

    Low

    Alignment With Organizational Goals and ERP Strategy

    Medium-Low

    Key Considerations

    • Now that I know my needs, where is the current system underused?
    • Do we have specialized needs?
    • Which functions can best enable the business?

    Advantages

    • Less cost investment than upgrading or replacing the system
    • Less technology risk
    • The current system has several optimization initiatives that can be implemented
    • Familiarity with the system; IT and business users know the system well
    • Least amount of changes
    • Integrations will be able to be maintained and will mean less complexity
    • Will allow us to leverage current investments and build on our current confidence in the solution
    • Allow us to review processes and engineer some workflow and process improvements

    Disadvantages

    • The system may need some augmentation to handle some improvement areas
    • Build some items from scratch
    • Less user-friendly
    • Need to reimplement and reconfigure some modules
    • Lots of workarounds – more staff needed to support current processes
    • Increase customization (additional IT development investment)
    • System gaps would remain
    • System feels “hard” to use
    • Workarounds still needed
    • Hard to overcome “negative” experience with the current system
    • Some functional gaps will remain
    • Less system development and support from the vendor as the product ages.
    • May become a liability and risk area in the future

    For what time frame does this make sense?

    Short Term

    Medium Term

    Long Term

    Option: Augment your current system

    Use augmentation to resolve your existing technology and data pain points.

    AUGMENT CURRENT SYSTEM

    Add to the system.

    Your existing application is for the most part functionally rich but may need some tweaking. Spend time and effort enhancing your current system.

    You will be able to add functions by leveraging existing system features. Augmentation requires limited investment and less time and effort than a full system replacement.

    INDICATORS

    POTENTIAL SOLUTIONS

    Technology Pain Points

    • Lack of reporting functions
    • Lacking functional depth in key process areas
    • Add point solutions or enable modules to address missing functionality

    Data Pain Points

    • Poor data quality
    • Lack of data for processing and reporting
    • Single-source data entry
    • Add modules or augment processes to capture data

    Alternative 2: Augment current solution

    AUGMENT CURRENT SYSTEM

    Maintain core system.

    Invest in SAP modules or extended functionality.

    Add functionality with bolt-on targeted “best of breed” solutions.

    Invest in tools to make the SAP portfolio and ecosystem work better.

    Alternative Overview

    Initial Investment ($)

    High

    Risk

    High

    Change Management

    High

    Operating Costs ($)

    High

    Alignment With Organizational Goals and ERP Strategy

    High

    Key Considerations

    • Now that I know my needs, where is the current system underused?
    • Do we have specialized needs?
    • Which functions can best enable the business?

    Advantages

    • Meet specific business needs – right solution for each component
    • Well-aligned to specific business needs
    • Higher morale – best solution with improved user interface
    • Allows you to find the right solution for the unique needs of the organization
    • Allows you to incorporate a light change management strategy that can include training for the end users and IT
    • Incorporate best practice processes
    • Leverage out-of-the-box functionality

    Disadvantages

    • Multiple technological solutions
    • Lots of integrations
    • Out-of-sync upgrades
    • Extra costs – potential less negotiation leverage
    • Multiple solutions to support
    • Multiple vendors
    • Less control over upgrades – including timing (potential out of sync)
    • More training – multiple products, multiple interfaces
    • Confusion – which system to use when
    • Need more HR specialization
    • More complexity in reporting
    • More alignment with JDE E1 information

    For what time frame does this make sense?

    Short Term

    Medium Term

    Long Term

    Option: Consolidate systems

    Consolidate and integrate your current systems to address your technology and data pain points.

    CONSOLIDATE AND INTEGRATE SYSTEMS

    Get rid of one system, combine two, or connect many.

    Your ERP application portfolio consists of multiple apps serving the same functions.

    Consolidating your systems eliminates the need to manage multiple pieces of software that provide duplicate functionality. Reducing the number of ERP applications makes integration and data sharing simpler.

    INDICATORS

    POTENTIAL SOLUTIONS

    Technology Pain Points

    • Disparate and disjointed systems
    • Multiple systems supporting the same function
    • Unused software licenses
    • System consolidation
    • System and module integration
    • Assess usage and consolidate licensing

    Data Pain Points

    • Multiple versions of same data
    • Duplication of data entry in different modules or systems
    • Poor data quality
    • Centralize core records
    • Assign data ownership
    • Single-source data entry

    Alternative 3: Consolidate systems

    AUGMENT CURRENT SYSTEM

    Get rid of old disparate on-premise solutions.

    Consolidate into an up-to-date ERP solution.

    Standardize across the organization.

    Alternative Overview

    Initial Investment ($)

    High

    Risk

    Med

    Change Management

    Med

    Operating Costs ($)

    Med

    Alignment With Organizational Goals and ERP Strategy

    High

    Key Considerations

    • Now that I know my needs, where is the current system underused?
    • Do we have specialized needs?
    • Which functions can best enable the business?

    Advantages

    • Aligns the technology across the organization
    • Streamlining of processes
    • Opportunity for decreased costs
    • Easier to maintain
    • Modernizes the SAP portfolio
    • Easier to facilitate training
    • Incorporate best practice processes
    • Leverage out-of-the-box functionality

    Disadvantages

    • Unique needs of some business units may not be addressed
    • Will require change management and training
    • Deeper investment in SAP

    For what time frame does this make sense?

    Short Term

    Medium Term

    Long Term

    Option: Upgrade System

    Upgrade your system to address gaps in your existing processes and various pain points.

    REPLACE CURRENT SYSTEM

    Move to a new SAP solution

    You’re transitioning from an end-of-life legacy system. Your existing system offers poor functionality and poor integration. It would likely be more cost- and time-efficient to replace the application and its surrounding processes altogether. You are satisfied with SAP overall and want to continue to leverage your SAP relationships and investments.

    INDICATORS

    POTENTIAL SOLUTIONS

    Technology Pain Points

    • Obsolete or end-of-life technology portfolio
    • Lack of functionality and poor integration
    • Not aligned with technology direction or enterprise architecture plans
    • Evaluate the ERP technology landscape
    • Determine if you need to replace the current system with a point solution or an all-in-one solution
    • Align ERP technologies with enterprise architecture

    Data Pain Points

    • Limited capability to store and retrieve data
    • Understand your data requirements

    Process Pains

    • Insufficient tools to manage workflow
    • Review end-to-end processes
    • Assess user satisfaction

    Alternative 4: Upgrade System

    UPGRADE SYSTEM

    Upgrade your current SAP systems with SAP product replacements.

    Invest in SAP with the appropriate migration path for your organization.

    Alternative Overview

    Initial Investment ($)

    High

    Risk

    Med

    Change Management

    Med

    Operating Costs ($)

    Med

    Alignment With Organizational Goals and ERP Strategy

    High

    Key Considerations

    • Now that I know my needs, where is the current system underused?
    • Do we have specialized needs?
    • Which functions can best enable the business?

    Advantages

    • Aligns the technology across the organization
    • Opportunity for business transformation
    • Allows you to leverage your SAP and SI relationships
    • Modernizes your ERP portfolio
    • May offer you advantages around business transformation and process improvement
    • Opportunity for new hosting options
    • May offer additional opportunities for consolidation or business enablement

    Disadvantages

    • Big initiative
    • Costly
    • Adds business risk during ERP upgrade
    • May require a high amount of change management
    • Organization will have to build resources to support the replacement and ongoing support of the new product
    • Training will be required across business and IT
    • Integrations with other applications may need to be rebuilt

    For what time frame does this make sense?

    Short Term

    Medium Term

    Long Term

    Option: Replace your current system

    Replace your system to address gaps in your existing processes and various pain points.

    REPLACE CURRENT SYSTEM

    Start from scratch.

    You’re transitioning from an end-of-life legacy system. Your existing system offers poor functionality and poor integration. It would likely be more cost and time efficient to replace the application and its surrounding processes all together.

    INDICATORS

    POTENTIAL SOLUTIONS

    Technology Pain Points

    • Lack of functionality and poor integration
    • Obsolete technology
    • Not aligned with technology direction or enterprise architecture plans
    • Dissatisfaction with SAP and SI
    • Evaluate the ERP technology landscape
    • Determine if you need to replace the current system with a point solution or an all-in-one solution
    • Align ERP technologies with enterprise architecture

    Data Pain Points

    • Limited capability to store and retrieve data
    • Understand your data requirements

    Process Pains

    • Insufficient tools to manage workflow
    • Review end-to-end processes
    • Assess user satisfaction

    Alternative 5: Replace SAP with another ERP solution

    AUGMENT CURRENT SYSTEM

    Get rid of old disparate on-premises solutions.

    Consolidate into an up-to-date ERP solution.

    Standardize across the organization.

    Alternative Overview

    Initial Investment ($)

    High

    Risk

    Med

    Change Management

    Med

    Operating Costs ($)

    Med

    Alignment With Organizational Goals and ERP Strategy

    High

    Key Considerations

    • Do we have the appetite to walk away from SAP?
    • What opportunities are we looking for?
    • Are other ERP solutions better for our business?

    Advantages

    • Allows you to explore ERP options outside of SAP
    • Aligns the technology across the organization
    • Opportunity for business transformation
    • Allows you to move away from SAP
    • Modernizes your ERP portfolio
    • May offer you advantages around business transformation and process improvement
    • Opportunity for new hosting options
    • May offer additional opportunities for consolidation or business enablement

    Disadvantages

    • Big initiative
    • Costly
    • Adds business risk during ERP replacement
    • Relationships will have to be rebuilt with ERP vendor and SIs
    • May require a high amount of change management
    • Organization will have to build resources to support the replacement and ongoing support of the new product
    • Training will be required across business and IT
    • Integrations with other applications may need to be rebuilt

    For what time frame does this make sense?

    Short Term

    Medium Term

    Long Term

    Activity 4.1.1: Pick your path

    1.5 hours

    For each given path selected, identify:

    • Advantage
    • Disadvantages
    • Initial Investment ($)
    • Risk
    • Change Management
    • Operating Costs ($)
    • Alignment With ERP Objectives
    • Key Considerations
    • Timeframe

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of activity 4.1.1 pick your path.

    Download the Get the Most Out of Your SAP Workbook

    Pick the right SAP migration path for your organization

    There are three S/4HANA paths you can take to achieve your ideal future state. Make sure to pick the one that suits your needs as defined by your current state and meets your overall long-term roadmap.

    The image contains a diagram of the pathways that can be take from current state to future state. The options are: BEST PRACTICE QUICK WIN
(Public Cloud), AUGMENT BEST PRACTICE (Private Cloud), OWN FULL SOLUTION (On Premise)

    SAP S/4 HANA offerings can be confusing

    The image contains a screenshot that demonstrates the SAP S/4 Offerings.

    What is the cloud, how is it deployed, and how is service provided?

    The image contains a screenshot from the National Institute of Standards and Technology that describes the Cloud Characteristics, Service Model, and Delivery Model.

    A workload-first approach will allow you to take full advantage of the cloud’s strengths

    • Under all but the most exceptional circumstances good cloud strategies will incorporate different service models. Very few organizations are “IaaS shops” or “SaaS shops,” even if they lean heavily in a one direction.
    • These different service models (including non-cloud options like colocation and on-premises infrastructure) each have different strengths. Part of your cloud strategy should involve determining which of the services makes the most sense for you.
    • Own the cloud by understanding which cloud (or non-cloud!) offering makes the most sense for you, given your unique context.

    See Info-Tech’s Define Your Cloud Vision for more information.

    Cloud service models

    • This research focuses on five key service models, each of which has its own strengths and weaknesses. Moving right from “on-prem” customers gradually give up more control over their environments to cloud service providers.
    • An entirely premises-based environment means that the customer is responsible for everything ranging from the dirt under the datacenter to application-level configurations. Conversely, in a SaaS environment, the provider is responsible for everything but those top-level application configurations.
    • A managed service provider or other third-party can manage any or of the components of the infrastructure stack. A service provider may, for example, build a SaaS solution on top of another provider’s IaaS or offer configuration assistance with a commercially available SaaS.

    Info-Tech Insight

    Not all workloads fit well in the cloud. Many environments will mix service models (e.g. SaaS for some workloads, some in IaaS, some on-premises) and this can be perfectly effective. It must be consistent and intentional, however.

    The image contains a screenshot of cloud service models: On-prem, CoLo, laaS, PaaS, and SaaS

    Option: Best Practice Quick Win

    S/4HANA Cloud, Essentials

    Updates

    4 times a year

    License Model

    Subscription

    Server Platform

    SAP

    Platform Management

    SAP only

    Pre-Set Templates (industries)

    Not allowed

    Single vs. Multi-Tenant

    Multi-client

    Maintenance ALM Tool

    SAP ALM

    New Implementation

    This is a public cloud solution for new clients adopting SAP that are mostly looking for full functionality within best practice.

    Consider a full greenfield approach. Even for mid-size existing customers looking for a best-practice overhaul.

    Functionality is kept to the core. Any specialties or unique needs would be outside the core.

    Regional localization is still being expanded and must be evaluated early if you are a global company.

    Option: Augment Best Practice

    S/4HANA Cloud, Extended Edition

    Updates

    Every 1-2 years or up to client’s schedule

    License Model

    Subscription

    Server Platform

    AZURE, AWS, Google

    Platform Management

    SAP only

    Pre-Set Templates (industries)

    Coded separately

    Single vs. Multi-Tenant

    Single tenant

    Maintenance ALM Tool

    SAP ALM or SAP Solution Manager

    New Implementation With Client Specifics

    No longer available to new customers from January 25, 2022, though available for renewals.

    Replacement is called SAP Extended Services for SAP S/4HANA Cloud, private edition.

    This offering is a grey area, and the extended offerings are being defined.

    New S/4HANA Cloud extensibility is being offered to early adopters, allowing for customization within a separate system landscape (DTP) and aiming for an SAP Central Business Configuration solution for the cloud. A way of fine-tuning to meet customer-specific needs.

    Option: Augment Best Practice (Cont.)

    S/4HANA Cloud, Private Edition

    Updates

    Every 1-5 years or up to client’s schedule

    License Model

    Subscription

    Server Platform

    AZURE, AWS, Google

    Platform Management

    SAP only

    Pre-Set Templates (industries)

    Allowed

    Single vs. Multi-Tenant

    Single tenant

    Maintenance ALM Tool

    SAP ALM or SAP Solution Manager

    New Implementation With Client Specifics

    This is a private cloud solution for existing or new customers needing more uniqueness, though still looking to adopt best practice.

    Still considered a new implementation with data migration requirements that need close attention.

    This offering is trying to move clients to the S/4HANA Cloud with close competition with the Any Premise product offering. Providing client specific scalability while allowing for standardization in the cloud and growth in the digital strategy. All customizations and ABAP functionality must be revisited or revamped to fit standardization.

    Option: Own Full Solution

    S/4HANA Any Premise

    Updates

    Client decides

    License Model

    Perpetual or subscription

    Server Platform

    AZURE, AWS, Google, partner's or own server room

    Platform Management

    Client and/or partner

    Pre-Set Templates (industries)

    Allowed

    Single vs. Multi-Tenant

    Single tenant

    Maintenance ALM Tool

    SAP Solution Manager

    Status Quo Migration to S/4HANA

    This is for clients looking for a quick transition to S/4HANA with minimal risks and without immediate changes to their operations.

    Though knowing the direction with SAP is toward its cloud solution, this may be a long costly path to getting the that end state.

    The Any Premise version carries over existing critical ABAP functionalities, and the SAP GUI can remain as the user interface.

    Activity 4.1.2 (Optional) Evaluate optimization initiatives

    1 hour

    1. If there is an opportunity to optimize the current SAP environment or prepare for the move to a new platform, continue with this step.
    2. Valuate your optimization initiatives from tab 3.2 “Optimization Initiatives.”

    Consider: relevance to achieving goals, number of users, importance to role, satisfaction with features, usability, data quality

    Value Opportunities: increase revenue, decrease costs, enhanced services, reach customers

    Additional Factors:

    • Current to Future Risk Profile
    • Number of Departments to Benefit
    • Importance to Stakeholder Relations
    • Resources: Do we have resources available and the skillset?
    • Cost
    • Overall Effort Rating
    • "Gut Check: Is it achievable? Have we done it or something similar before? Are we willing to invest in it?"

    Prioritize

    • Relative priority
    • Determine if this will be included in your optimization roadmap
    • Decision to proceed
    • Next steps

    Record this information in the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    Activity 4.1.3 Roadmap building blocks: SAP migration

    1 hour

    Migration paths: Determine your migration path and next steps using the Activity 4.1.1 “SAP System Options.”

    1. Identify initiatives and next steps.
    2. For each item on your roadmap, assign an owner who will be accountable to the completion of the roadmap item.
    3. Wherever possible, assign a start date, month, or quarter. The more specific you can be the better.
    4. Identify completion dates to create a sense of urgency. If you are struggling with start dates, it can help to start with a finish date and “back in” to a start date based on estimated efforts.
    5. Include periphery tasks such as communication strategy.

    Record this information in the Get the Most Out of Your SAP Workbook.

    Note: Your roadmap should be treated as a living document that is updated and shared with the stakeholders on a regular schedule.

    The image contains a diagram of the pathways that can be take from current state to future state. The options are: BEST PRACTICE QUICK WIN
(Public Cloud), AUGMENT BEST PRACTICE (Private Cloud), OWN FULL SOLUTION (On Premise)

    Download the Get the Most Out of Your SAP Workbook

    Activity 4.1.4 Roadmap building blocks: SAP optimization

    1 hour

    Optimization initiatives: Determine which if any to proceed with.

    1. Identify initiatives.
    2. For each item on your roadmap, assign an owner who will be accountable to the completion of the roadmap item.
    3. Wherever possible, assign a start date, month, or quarter. The more specific you can be the better.
    4. Identify completion dates to create a sense of urgency. If you are struggling with start dates, it can help to start with a finish date and “back in” to a start date based on estimated efforts.
    5. Include periphery tasks such as communication strategy.

    Record this information in the Get the Most Out of Your SAP Workbook.

    Note: Your roadmap should be treated as a living document that is updated and shared with the stakeholders on a regular schedule.

    The image contains a screenshot of activity 4.1.4 SAP optimization.

    Download the Get the Most Out of Your SAP Workbook

    SAP optimization roadmap

    Initiative

    Owner

    Start Date

    Completion Date

    Create final workshop deliverable

    Info-Tech

    16 September 2021

    Review final deliverable

    Workshop sponsor

    Present to executive team

    October 2021

    Build business case

    CFO, CIO, Directors

    3 weeks to build

    3-4 weeks process time

    Build an RFI for initial costings

    1-2 weeks

    Stage 1 approval for requirements gathering

    Executive committee

    Milestone

    Determine and acquire BA support for next step

    1 week

    Requirements gathering – level 2 processes

    Project team

    1 week

    Build RFP (based on informal approval)

    CFO, CIO, Directors

    4th calendar quarter 2022

    Possible completion: January 2023

    2-4 weeks

    Data strategy optimization

    The image contains a graph to demonstrate the data strategy optimization.

    Activity 4.1.5 (Optional) Build a visual SAP roadmap

    1 hour

    1. For some, a visual representation of a roadmap is easier to comprehend. Consider taking the roadmap built in 4.1.4 and creating a visual.
    2. Record this information in the Get the Most Out of Your SAP Workbook.

      The image contains a screenshot of activity 4.1.5 build a visual SAP roadmap.

    Download the Get the Most Out of Your SAP Workbook

    SAP strategy roadmap

    The image contains a screenshot of the SAP strategy roadmap.

    Implementations Partners

    • Able to consult, migrate, implement, and manage the SAP S/4HANA business suite across industries.
    • Able to transform the enterprise’s core business system to achieve the desired outcome.
    • Capable in strategic planning, building business cases, developing roadmaps, cost and time analysis, deployment model (on-prem, cloud, hybrid model), database conversion, database and operational support, and maintenance services.

    Info-Tech Insight

    It is becoming a common practice for implementation partners to engage in a two- to three-month Discovery Phase or Phase 0 to prepare an implementation roadmap. It is important to understand how this effort is tied to the overall service agreement.

    The image contains several logos of the implementation partners: Atos, Accenture, Cognizant, EY, Infosys, Tech Mahindra, LTI, Capgemini, Wipro, IBM, tos.

    Summary of Accomplishment

    Get the Most Out of Your SAP

    ERP technology is critical to facilitating an organization’s flow of information across business units. It allows for seamless integration of systems and creates a holistic view of the enterprise to support decision making. ERP implementation should not be a one-and-done exercise. There needs to be an ongoing optimization to enable business processes and optimal organizational results.

    Get the Most Out of Your SAP allows organizations to proactively implement continuous assessment and optimization of their enterprise resource planning system, including:

    • Alignment and prioritization of key business and technology drivers.
    • Identification of processes, including classification and gap analysis.
    • Measurement of user satisfaction across key departments.
    • Improved vendor relations.
    • Data quality initiatives.

    This formal SAP optimization initiative will drive business-IT alignment, identify IT automation priorities, and dig deep into continuous process improvement.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com

    1-888-670-8889

    Research Contributors

    The image contains a picture of Ben Dickie.

    Ben Dickie

    Research Practice Lead

    Info-Tech Research Group

    Ben Dickie is a Research Practice Lead at Info-Tech Research Group. His areas of expertise include customer experience management, CRM platforms, and digital marketing. He has also led projects pertaining to enterprise collaboration and unified communications.

    The image contains a picture of Scott Bickley.

    Scott Bickley

    Practice Lead and Principal Research Director

    Info-Tech Research Group

    Scott Bickley is a Practice Lead and Principal Research Director at Info-Tech Research Group focused on vendor management and contract review. He also has experience in the areas of IT asset management (ITAM), software asset management (SAM), and technology procurement along with a deep background in operations, engineering, and quality systems management.

    The image contains a picture of Andy Neil.

    Andy Neil

    Practice Lead, Applications

    Info-Tech Research Group

    Andy is a Senior Research Director, Data Management and BI, at Info-Tech Research Group. He has over 15 years of experience in managing technical teams, information architecture, data modeling, and enterprise data strategy. He is an expert in enterprise data architecture, data integration, data standards, data strategy, big data, and the development of industry standard data models.

    Bibliography

    Armel, Kate. "New Article: Data-Driven Estimation, Management Lead to High Quality." QSM: Quantitative Software Management, 14 May 2013. Accessed 4 Feb. 2021.

    Enterprise Resource Planning. McKinsey, n.d. Accessed 13 Apr. 2022.

    Epizitone, Ayogeboh. Info-Tech Interview, 10 May 2021.

    Epizitone, Ayogeboh, and Oludayo O. Olugbara. “Principal Component Analysis on Morphological Variability of Critical Success Factors for Enterprise Resource Planning.” International Journal of Advanced Computer Science and Applications (IJACSA), vol. 11, no. 5, 2020. Web.

    Gheorghiu, Gabriel. "The ERP Buyer’s Profile for Growing Companies." Selecthub, 2018. Accessed 21 Feb. 2021.

    Karlsson, Johan. "Product Backlog Grooming Examples and Best Practices." Perforce, 18 May 2018. Accessed 4 Feb. 2021.

    Lichtenwalter, Jim. “A look back at 2021 and a look ahead to 2022.” ASUG, 23 Jan. 2022. Web.

    “Maximizing the Emotional Economy: Behavioral Economics." Gallup, n.d. Accessed 21 Feb. 2021.

    Mell, Peter, and Timothy Grance. “The NIST Definition of Cloud Computing.” National Institute of Standards and Technology. Sept. 2011. Web.

    Norelus, Ernese, Sreeni Pamidala, and Oliver Senti. "An Approach to Application Modernization: Discovery and Assessment Phase," Medium, 24 Feb 2020. Accessed 21 Feb. 2021.

    “Process Frameworks." APQC, n.d. Accessed 21 Feb. 2021.

    “Quarterly number of SAP S/4HANA subscribers worldwide, from 2015 to 2021.” Statista, n.d. Accessed 13 Apr. 2022.

    Riley, L., C.Hanna, and M. Tucciarone. “Rightsizing SAP in these unprecedented times.” Upperedge, 19 May 2020.

    Rubin, Kenneth S. Essential Scrum: A Practical Guide to the Most Popular Agile Process. Pearson Education, 2012.

    “SAP S/4HANA Product Scorecard Report.” SoftwareReviews, n.d. Accessed 18 Apr. 2022.

    Saxena, Deepak, and Joe Mcdonagh. "Evaluating ERP Implementations: The Case for a Lifecycle-based Interpretive Approach." The Electronic Journal of Information Systems Evaluation, vol. 22, no. 1, 2019, pp. 29-37. Accessed 21 Feb. 2021.

    Smith, Anthony. "How To Create A Customer-Obsessed Company Like Netflix." Forbes, 12 Dec. 2017. Accessed 21 Feb. 2021.

    We may not be able to show you this

    We may not be able to show you this just yet.
    Our deeper, more detailed content is reserved for Tymans Group clients. 

    If you are interested in retaining our services or would really like access, please contact us. 

    Integrate Portfolios to Create Exceptional Customer Value

    • Buy Link or Shortcode: {j2store}176|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Through growth, both organic and acquisition, you have a significant footprint of projects and applications.
    • Projects and applications have little in common with one another, all with their own history and pedigree.
    • You need to look across your portfolio of applications and projects to see if they will collectively help the organization achieve its goals.

    Our Advice

    Critical Insight

    • Stakeholders don’t care about the minutia and activities involved in project and application portfolio management.
    • Timely delivery of effective and important applications that deliver value throughout their life are the most important factors driving business satisfaction with IT.

    Impact and Result

    • Define an organizing principle that will structure your projects and applications in a way that matters to your stakeholders.
    • Bridge application and project portfolio data using the organizing principle that matters to communicate with stakeholders across the organization.
    • Create a dashboard that brings together the benefits of both project and application portfolio management to improve visibility and decision making.

    Integrate Portfolios to Create Exceptional Customer Value Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should integrate your application and project portfolios, review Info-Tech’s methodology, and understand the three ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define the principle that organizes your portfolios, objectives, and stakeholders

    To bring your portfolios together, you need to start with learning about your objectives, principles, and stakeholders.

    • Integrate Portfolios to Create Exceptional Customer Value – Phase 1: Define the Principle That Organizes Your Portfolios, Objectives, and Stakeholders
    • Integrated Portfolio Dashboard Tool
    • Integrated Portfolio Dashboard Tool – Example

    2. Take stock of what brings you closer to your goals

    Get a deeper understanding of what makes up your organizing principle before learning about your applications and projects that are aligned with your principles.

    • Integrate Portfolios to Create Exceptional Customer Value – Phase 2: Take Stock of What Brings You Closer to Your Goals

    3. Bring it all together

    Bound by your organizing principles, bring your projects and applications together under a single dashboard. Once defined, determine the rollout and communication plan that suits your organization.

    • Integrate Portfolios to Create Exceptional Customer Value – Phase 3: Bring It All Together
    • Integrated Portfolio Communication and Roadmap Plan
    • Integrated Portfolio Communication and Roadmap Plan Example
    [infographic]

    Workshop: Integrate Portfolios to Create Exceptional Customer Value

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Looking at Your Principles

    The Purpose

    Determine your organizational objectives and organizing principle.

    Key Benefits Achieved

    A clear understanding of where you need to go as an organization.

    A clear way to enable all parts of your portfolio to come together.

    Activities

    1.1 Determine your organization’s objectives.

    1.2 Determine your key stakeholders.

    1.3 Define your organizing principle.

    1.4 Decompose your organizing principle into its core components.

    Outputs

    Determined organizing principle for your applications and projects

    2 Understanding Your Applications

    The Purpose

    Get a clear view of the applications that contribute to your organization’s objectives.

    Key Benefits Achieved

    A key element of IT value delivery is its applications. Gaining awareness allows you to evaluate if the right value is being provided.

    Activities

    2.1 Determine your complete list of applications.

    2.2 Determine the health of your applications.

    2.3 Link your applications to the organization’s core components.

    Outputs

    List of applications

    Application list with health statistics filled in

    List of applications with health metrics bound to the organization’s core components

    3 Understanding Your Projects

    The Purpose

    Get a clear view of your project portfolio and how it relates to your applications and their organizing principle.

    Key Benefits Achieved

    An understanding of your project portfolio.

    Activities

    3.1 List all in-flight projects and vital health statistics.

    3.2 Map out the key programs and projects in your portfolio to the application’s core components.

    Outputs

    List of projects

    List of projects mapped to applications they impact

    4 Rolling Out the New Dashboard

    The Purpose

    Bring together your application and project portfolios in a new, easy-to-use dashboard with a full rollout plan.

    Key Benefits Achieved

    Dashboard available for use

    Roadmap and communication plan to make dashboard implementable and tangible

    Activities

    4.1 Test the dashboard.

    4.2 Define your refresh cadence.

    4.3 Plan your implementation.

    4.4 Develop your communication plan.

    Outputs

    Validated dashboards

    Knowledge Management

    • Buy Link or Shortcode: {j2store}33|cart{/j2store}
    • Related Products: {j2store}33|crosssells{/j2store}
    • member rating overall impact (scale of 10): 9.0/10
    • member rating average dollars saved: $10,000
    • member rating average days saved: 2
    • Parent Category Name: People and Resources
    • Parent Category Link: /people-and-resources
    Mitigate Key IT Employee Knowledge Loss

    Lay the Strategic Foundations of Your Applications Team

    • Buy Link or Shortcode: {j2store}171|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • As an application leader, you are expected to quickly familiarize yourself with the current state of your applications environment.
    • You need to continuously demonstrate effective leadership to your applications team while defining and delivering a strategy for your applications department that will be accepted by stakeholders.

    Our Advice

    Critical Insight

    • The applications department can be viewed as the face of IT. The business often portrays the value of IT through the applications and services they provide and support. IT success can be dominantly driven by the application team’s performance.
    • Conflicting perceptions lead to missed opportunities. Being transparent on how well applications are supporting stakeholders from both business and technical perspectives is critical. This attribute helps validate that technical initiatives are addressing the right business problems or exploiting new value opportunities.

    Impact and Result

    • Get to know what needs to be changed quickly. Use Info-Tech’s advice and tools to perform an assessment of your department’s accountabilities and harvest stakeholder input to ensure that your applications operating model and portfolio meets or exceeds expectations and establishes the right solutions to the right problems.
    • Solidify the applications long-term strategy. Adopt best practices to ensure that you are striving towards the right goals and objectives. Not only do you need to clarify both team and stakeholder expectations, but you will ultimately need buy-in from them as you improve the operating model, applications portfolio, governance, and tactical plans. These items will be needed to develop your strategic model and long-term success.
    • Develop an action plan to show movement for improvements. Hit the ground running with an action plan to achieve realistic goals and milestones within an acceptable timeframe. An expectations-driven roadmap will help establish the critical structures that will continue to feed and grow your applications department.

    Lay the Strategic Foundations of Your Applications Team Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop an applications strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Get to know your team

    Understand your applications team.

    • Lay the Strategic Foundations of Your Applications Team – Phase 1: Get to Know Your Team
    • Applications Strategy Template
    • Applications Diagnostic Tool

    2. Get to know your stakeholders

    Understand your stakeholders.

    • Lay the Strategic Foundations of Your Applications Team – Phase 2: Get to Know Your Stakeholders

    3. Develop your applications strategy

    Design and plan your applications strategy.

    • Lay the Strategic Foundations of Your Applications Team – Phase 3: Develop Your Applications Strategy
    [infographic]

    Workshop: Lay the Strategic Foundations of Your Applications Team

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Get to Know Your Team

    The Purpose

    Understand the expectations, structure, and dynamics of your applications team.

    Review your team’s current capacity.

    Gauge the team’s effectiveness to execute their operating model.

    Key Benefits Achieved

    Clear understanding of the current responsibilities and accountabilities of your teams.

    Identification of improvement opportunities based on your team’s performance.

    Activities

    1.1 Define your team’s role and responsibilities.

    1.2 Understand your team’s application and project portfolios.

    1.3 Understand your team’s values and expectations.

    1.4 Gauge your team’s ability to execute your operating model.

    Outputs

    Current team structure, RACI chart, and operating model

    Application portfolios currently managed by applications team and projects currently committed to

    List of current guiding principles and team expectations

    Team effectiveness of current operating model

    2 Get to Know Your Stakeholders

    The Purpose

    Understand the expectations of stakeholders.

    Review the services stakeholders consume to support their applications.

    Gauge stakeholder satisfaction of the services and applications your team provides and supports.

    Key Benefits Achieved

    Grounded understanding of the drivers and motivators of stakeholders that teams should accommodate.

    Identification of improvement opportunities that will increase the value your team delivers to stakeholders.

    Activities

    2.1 Understand your stakeholders and applications services.

    2.2 Define stakeholder expectations.

    2.3 Gauge stakeholder satisfaction of applications services and portfolio.

    Outputs

    Expectations stakeholders have on the applications team and the applications services they use

    List of applications expectations

    Stakeholder satisfaction of current operating model

    3 Develop Your Applications Strategy

    The Purpose

    Align and consolidate a single set of applications expectations.

    Develop key initiatives to alleviate current pain points and exploit existing opportunities to deliver new value.

    Create an achievable roadmap that is aligned to organizational priorities and accommodate existing constraints.

    Key Benefits Achieved

    Applications team and stakeholders are aligned on the core focus of the applications department.

    Initiatives to address the high priority issues and opportunities.

    Activities

    3.1 Define your applications expectations.

    3.2 Investigate your diagnostic results.

    3.3 Envision your future state.

    3.4 Create a tactical plan to achieve your future state.

    3.5 Finalize your applications strategy.

    Outputs

    List of applications expectations that accommodates the team and stakeholder needs

    Root causes to issues and opportunities revealed in team and stakeholder assessments

    Future-state applications portfolio, operating model, supporting people, process, and technologies, and applications strategic model

    Roadmap that lays out initiatives to achieve the future state

    Completed applications strategy

    Adopt Design Thinking in Your Organization

    • Buy Link or Shortcode: {j2store}327|cart{/j2store}
    • member rating overall impact (scale of 10): 9.6/10 Overall Impact
    • member rating average dollars saved: $23,245 Average $ Saved
    • member rating average days saved: 13 Average Days Saved
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • End users often have a disjointed experience while interacting with your organization in using its products and services.
    • You have been asked by your senior leadership to start a new or revive an existing design or innovation function within your organization. However, your organization has dismissed design thinking as the latest “management fad” and does not buy into the depth and rigor that design thinking brings.
    • The design or innovation function lives on the fringes of your organization due to its apathy towards design thinking or tumultuous internal politics.
    • You, as a CIO, want to improve the user satisfaction with the IT services your team provides to both internal and external users.

    Our Advice

    Critical Insight

    • A user’s perspective while interacting with the products and services is very different from the organization’s internal perspective while implementing and provisioning those. A design-based organization balances the two perspectives to drive user-satisfaction over end-to-end journeys.
    • Top management must have a design thinker – the guardian angel of the balance between exploration (i.e. discovering new business models) and exploitation (i.e. leveraging existing business models).
    • Your approach to adopt design thinking must consider your organization’s specific goals and culture. There’s no one-size-fits-all approach.

    Impact and Result

    • User satisfaction, with the end-to-end journeys orchestrated by your organization, will significantly increase.
    • Design-centric organizations enjoy disproportionate financial rewards.

    Adopt Design Thinking in Your Organization Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should adopt design thinking in your organization, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. What is design thinking?

    The focus of this phase is on revealing what designers do during the activity of designing, and on building an understanding of the nature of design ability. We will formally examine the many definitions of design thinking from experts in this field. At the core of this phase are several case studies that illuminate the various aspects of design thinking.

    • Adopt Design Thinking in Your Organization – Phase 1: What Is Design Thinking?
    • Victor Scheinman's Experiment for Design

    2. How does an organization benefit from design thinking?

    This phase will illustrate the relevance of design in strategy formulation and in service-design. At the core of this phase are several case studies that illuminate these aspects of design thinking. We will also identify the trends impacting your organization and establish a baseline of user-experience with the journeys orchestrated by your organization.

    • Adopt Design Thinking in Your Organization – Phase 2: How Does an Organization Benefit From Design Thinking?
    • Trends Matrix (Sample)

    3. How do you build a design organization?

    The focus of this phase is to:

  • Measure the design-centricity of your organization and subsequently, identify the areas for improvement.
  • Define an approach for a design program that suites your organization’s specific goals and culture.
    • Adopt Design Thinking in Your Organization – Phase 3: How Do You Build a Design Organization?
    • Report on How Design-Centric Is Your Organization (Sample)
    • Approach for the Design Program (Sample)
    • Interview With David Dunne on Design Thinking
    • Interview With David Dunne on Design Thinking (mp3)
    [infographic]

    Workshop: Adopt Design Thinking in Your Organization

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 What Is Design Thinking?

    The Purpose

    The focus of this module is on revealing what designers do during the activity of designing, and on building an understanding of the nature of design ability. We will also review the report on the design-centricity of your organization and subsequently, earmark the areas for improvement.

    Key Benefits Achieved

    An intimate understanding of the design thinking

    An assessment of design-centricity of your organization and identification of areas for improvement

    Activities

    1.1 Discuss case studies on how designers think and work

    1.2 Define design thinking

    1.3 Review report from Info-Tech’s diagnostic: How design-centric is your organization?

    1.4 Earmark areas for improvement to raise the design-centricity of your organization

    Outputs

    Report from Info-Tech’s diagnostic: ‘How design-centric is your organization?’ with identified areas for improvement.

    2 How Does an Organization Benefit From Design Thinking?

    The Purpose

    In this module, we will discuss the relevance of design in strategy formulation and service design. At the core of this module are several case studies that illuminate these aspects of design thinking. We will also identify the trends impacting your organization. We will establish a baseline of user experience with the journeys orchestrated by your organization.

    Key Benefits Achieved

    An in-depth understanding of the relevance of design in strategy formulation and service design

    An understanding of the trends that impact your organization

    A taxonomy of critical customer journeys and a baseline of customers’ satisfaction with those

    Activities

    2.1 Discuss relevance of design in strategy through case studies

    2.2 Articulate trends that impact your organization

    2.3 Discuss service design through case studies

    2.4 Identify critical customer journeys and baseline customers’ satisfaction with those

    2.5 Run a simulation of design in practice

    Outputs

    Trends that impact your organization.

    Taxonomy of critical customer journeys and a baseline of customers’ satisfaction with those.

    3 How to Build a Design Organization

    The Purpose

    The focus of this module is to define an approach for a design program that suits your organization’s specific goals and culture.

    Key Benefits Achieved

    An approach for the design program in your organization. This includes aspects of the design program such as its objectives and measures, its model (one of the five archetypes or a hybrid one), and its governance.

    Activities

    3.1 Identify objectives and key measures for your design thinking program

    3.2 Structure your program after reviewing five main archetypes of a design program

    3.3 Balance between incremental and disruptive innovation

    3.4 Review best practices of a design organization

    Outputs

    An approach for your design thinking program: objectives and key measures; structure of the program, etc.

    Reimagine Learning in the Face of Crisis

    • Buy Link or Shortcode: {j2store}601|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Train & Develop
    • Parent Category Link: /train-and-develop
    • As organizations re-evaluate their priorities and shift to new ways of working, leaders and employees are challenged to navigate unchartered territory and to adjust quickly to ever-evolving priorities.
    • Learning how to perform effectively through the crisis and deliver on new priorities is crucial to the success of all employees and the organization.

    Our Advice

    Critical Insight

    The most successful organizations recognize that learning is critical to adjusting quickly and effectively to their new reality. This requires L&D to reimagine their approach to deliver learning that enables the organization’s immediate and evolving priorities.

    Impact and Result

    • L&D teams should focus on how to support employees and managers to develop the critical competencies they need to successfully perform through the crisis, enabling organizations to survive and thrive during and beyond the crisis.
    • Ensure learning needs align closely with evolving organizational priorities, collaborate cross-functionally, and curate content to provide the learning employees and leaders need most, when they need it.

    Reimagine Learning in the Face of Crisis Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prioritize

    Involve key stakeholders, identify immediate priorities, and conduct high-level triage of L&D.

    • Reimagine Learning in the Face of Crisis Storyboard
    • Reimagine Learning in the Face of Crisis Workbook

    2. Reimagine

    Determine learning needs and ability to realistically deliver learning. Leverage existing or curate learning content that can support learning needs.

    3. Transform

    Identify technical requirements for the chosen delivery method and draft a four- to six-week action plan.

    • How to Curate Guide
    • Tips for Building an Online Learning Community
    • Ten Tips for Adapting In-Person Training During a Crisis
    • Tips for Remote Learning in the Face of Crisis
    [infographic]

    Make the Case for Product Delivery

    • Buy Link or Shortcode: {j2store}184|cart{/j2store}
    • member rating overall impact (scale of 10): 9.5/10 Overall Impact
    • member rating average dollars saved: $41,674 Average $ Saved
    • member rating average days saved: 13 Average Days Saved
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Organizations are traditionally organized to deliver initiatives in specific periods of time. This is in contention with product-centric delivery practices. This form of delivery acknowledges the reality that solutions of all shapes and sizes deliver continual and evolving business value over their lifetime.
    • Delivering multiple products together creates additional challenges because each product has its own pedigree, history, and goals.
    • Product owners struggle to prioritize changes to deliver product value. This creates a gap and conflict between product and enterprise goals.

    Our Advice

    Critical Insight

    • Delivering products doesn’t mean you will stop delivering projects! Product-centric delivery is intended to address the misalignment between the long-term delivery of value that organizations demand and the nature of traditional project-focused environments.

    Impact and Result

    • We will help you build a proposal deck to make the case to your stakeholders for product-centric delivery.
    • You will build this proposal deck by answering key questions about product-centric delivery so you can identify:
      • A common definition of product.
      • How this form of delivery differs from traditional project-centric approaches.
      • Key challenges and benefits.
      • The capabilities needed to effectively own products and deliver value.
      • What you are asking of stakeholders.
      • A roadmap of how to get started.

    Make the Case for Product Delivery Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Make the Case for Product Delivery Deck – A guide to help align your organization on the practices to deliver what matters most.

    This project will help you define “product” for your organization, define your drivers and goals for moving to product delivery, understand the role of product ownership, lay out the case to your stakeholders, and communicate what comes next for your transition to product.

    • Make the Case for Product Delivery Storyboard

    2. Make the Case for Product Delivery Presentation Template – A template to help you capture and detail your case for product delivery.

    Build a proposal deck to help make the case to your stakeholders for product-centric delivery.

    • Make the Case for Product Delivery Presentation Template

    3. Make the Case for Product Delivery Workbook – A tool to capture the results of exercises to build your case to change your product delivery method.

    This workbook is designed to capture the results of the exercises in the Make the Case for Product Delivery Storyboard. Each worksheet corresponds to an exercise in the storyboard. The workbook is also a living artifact that should be updated periodically as the needs of your team and organization change.

    • Make the Case for Product Delivery Workbook
    [infographic]

    Further reading

    Make the Case for Product Delivery

    Align your organization on the practices to deliver what matters most.

    Table of Contents

    Define product

    Define your drivers and goals

    Understand the role of product ownership

    Communicate what comes next

    Make the case to your stakeholders

    Appendix: Additional research

    Appendix: Product delivery strategy communication

    Appendix: Manage stakeholder influence

    Appendix: Product owner capability details

    Executive Summary

    Your Challenge
    • Products are the lifeblood of an organization. They deliver the capabilities needed to deliver value to customers, internal users, and stakeholders.
    • Organizations are under pressure to align the value they provide with the organization’s goals and overall company vision.
    • You need to clearly convey the direction and strategy of your product portfolio to gain alignment, support, and funding from your organization.
    Common Obstacles
    • IT organizations are traditionally organized to deliver initiatives in specific periods of time. This is in contention with product-centric delivery.
    • Product delivery acknowledges the reality that solutions of all shapes and sizes deliver continual and evolving business value over their lifetime.
    • Delivering multiple products together creates additional challenges because each product has its own pedigree, history, and goals.
    • Product owners struggle to prioritize changes to deliver product value. This creates a gap and conflict between product and enterprise goals.
    Info-Tech’s Approach
    • Info-Tech will enable you to build a proposal deck to make the case to your stakeholders for product-centric delivery.
    • You will build this proposal deck by answering key questions about product-centric delivery so you can identify:
      • A common definition of product.
      • How this form of delivery differs from traditional project-centric approaches.
      • Key challenges and benefits.
      • The capabilities needed to effectively own products and deliver value.
      • What you are asking of stakeholders.
      • A roadmap of how to get started.

    Info-Tech Insight

    Delivering products doesn’t mean you will stop delivering projects! Product-centric delivery is intended to address the misalignment between the long-term delivery of value that organizations demand and the nature of traditional project-focused environments.

    Many executives perceive IT as being poorly aligned with business objectives

    Info-Tech’s CIO Business Vision Survey data highlights the importance of IT initiatives in supporting the business in achieving its strategic goals.

    However, Info-Tech’s CEO-CIO Alignment Survey (2021; N=58) data indicates that CEOs perceive IT to be poorly aligned to business’ strategic goals.

    Info-Tech CEO-CIO Alignment Diagnostics, 2021 (N=58)

    40% Of CEOs believe that business goals are going unsupported by IT.

    34% Of business stakeholders are supporters of their IT departments (n=334).

    40% Of CIOs/CEOs are misaligned on the target role for IT.

    Info-Tech Insight

    Great technical solutions are not the primary driver of IT success. Focusing on delivery of digital products that align with organizational goals will produce improved outcomes and will foster an improved relationship between business and IT.

    Increase product success by involving IT, business, and customers in your product roadmaps, planning, and delivery

    Product management and delivery seek to promote improved relationships among IT, business, and customers, a critical driver for business satisfaction.

    IT

    Stock image of an IT professional.

    1

    Collaboration

    IT, business, and customers work together through all stages of the product lifecycle, from market research through the roadmapping and delivery processes and into maintenance and retirement. The goal is to ensure the risks and dependencies are realized before work is committed.

    Stakeholders, Customers, and Business

    Stock image of a business professional.

    2

    Communication

    Prioritize high-value modes of communication to break down existing silos and create common understanding and alignment across functions. This approach increases transparency and visibility across the entire product lifecycle.

    3

    Integration

    Explore methods to integrate the workflows, decision making, and toolsets among the business, IT, and customers. The goal is to become more reactive to changes in business and customer expectations and more proactive about market trends.

    Product does not mean the same thing to everyone

    Do not expect a universal definition of products.
    Every organization and industry has a different definition of what a product is. Organizations structure their people, processes, and technologies according to their definition of the products they manage. Conflicting product definitions between teams increase confusion and misalignment of product roadmaps.

    “A product [is] something (physical or not) that is created through a process and that provides benefits to a market.” (Mike Cohn, Founding Member of Agile Alliance and Scrum Alliance) “A product is something ... that is created and then made available to customers, usually with a distinct name or order number.” (TechTarget) “A product is the physical object ... , software or service from which customer gets direct utility plus a number of other factors, services, and perceptions that make the product useful, desirable [and] convenient.” (Mark Curphey)

    Organizations need a common understanding of what a product is and how it pertains to the business.

    This understanding needs to be accepted across the organization.

    “There is not a lot of guidance in the industry on how to define [products]. This is dangerous because what will happen is that product backlogs will be formed in too many areas. All that does is create dependencies and coordination across teams … and backlogs.” (Chad Beier, “How Do You Define a Product?” Scrum.org)

    Products enable the long-term and continuous delivery of value

    Diagram laying out the lifecycles and roadmaps contributing to the 'Continuous delivery of value'. Beginning with 'Project Lifecycle' in which Projects with features and services end in a Product Release that is disconnected from the continuum. Then the 'Hybrid Lifecycle' and 'Product Lifecycle' which are connected by a 'Product Roadmap' and 'Product Backlog' have Product Releases that connect to the continuum.

    Phase 1

    Build the case for product-centric delivery

    Phase 1
    1.1 Define product
    1.2 Define your drivers and goals
    1.3 Understand the role of product ownership
    1.4 Communicate what comes next
    1.5 Make the case to your stakeholders

    This phase will walk you through the following activities:

    • Define product in your context.
    • Define your drivers and goals for moving to product delivery.
    • Understand the role of product ownership.
    • Communicate what comes next for your transition to product.
    • Lay out the case to your stakeholders.

    This phase involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Step 1.1

    Define product

    Activities
    • 1.1.1 Define “product” in your context
    • 1.1.2 Consider examples of what is (and is not) a product in your organization
    • 1.1.3 Identify the differences between project and product delivery

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Outcomes of this step

    • A clear definition of product in your organization’s context.

    Make the Case for Product Delivery

    Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5

    Exercise 1.1.1 Define “product” in your context

    30-60 minutes

    Output: Your enterprise/organizational definition of products and services

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. Discuss what “product” means in your organization.
    2. Create a common, enterprise-wide definition for “product.”
    “A product [is] something (physical or not) that is created through a process and that provides benefits to a market.” (Mike Cohn, Founding Member of Agile Alliance and Scrum Alliance) “A product is something ... that is created and then made available to customers, usually with a distinct name or order number.” (TechTarget) “A product is the physical object ... , software or service from which customer gets direct utility plus a number of other factors, services, and perceptions that make the product useful, desirable [and] convenient.” (Mark Curphey)

    Record the results in the Make the Case for Product-Centric Delivery Workbook.

    Example: What is a product?

    Not all organizations will define products in the same way. Take this as a general example:

    “A tangible solution, tool, or service (physical or digital) that enables the long-term and evolving delivery of value to customers and stakeholders based on business and user requirements.”

    Info-Tech Insight

    A proper definition of product recognizes three key facts:

    1. Products are long-term endeavors that don’t end after the project finishes.
    2. Products are not just “apps” but can be software or services that drive the delivery of value.
    3. There is more than one stakeholder group that derives value from the product or service.
    Stock image of an open human head with gears and a city for a brain.

    How do we know what is a product?

    What isn’t a product:
    • Features (on their own)
    • Transactions
    • Unstructured data
    • One-time solutions
    • Non-repeatable processes
    • Solutions that have no users or consumers
    • People or teams
    You have a product if the given item...
    • Has end users or consumers
    • Delivers quantifiable value
    • Evolves or changes over time
    • Has predictable delivery
    • Has definable boundaries
    • Has a cost to produce and operate

    Exercise 1.1.2 Consider examples of what is (and is not) a product in your organization

    15 minutes

    Output: Examples of what is and isn’t a product in your specific context.

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. Leverage the definition you created in exercise 1.1.1 and the explanation on the slide What is a product?
    2. Pick examples that effectively show the difference between products and non-products and facilitate a conversation on the ones that seem to be on the line. Specific server instances, or instances of providing a service, are worthwhile examples to consider.
    3. From the list you come up with, take the top three examples and put them into the Make the Case for Product Delivery Presentation Template.
    Example:
    What isn’t a product?
    • Month-end SQL scripts to close the books
    • Support Engineer doing a password reset
    • Latest research project in R&D
    What is a product?
    • Self-service password reset portal
    • Oracle ERP installation
    • Microsoft Office 365

    Record the results in the Make the Case for Product Delivery Workbook.

    Product delivery practices should consider everything required to support it, not just what users see.

    Cross-section of an iceberg above and below water with visible product delivery practices like 'Funding', 'External Relationships', and 'Stakeholder Management' above water and internal product delivery practices like 'Product Governance', 'Business Functionality', and 'R&D' under water. There are far more processes below the water.

    Products and services share the same foundation and best practices

    For the purpose of this blueprint, product/service and product owner/service owner are used interchangeably. Product is used for consistency but would apply to services as well.

    Product = Service

    “Product” and “service” are terms that each organization needs to define to fit its culture and customers (internal and external). The most important aspect is consistent use and understanding of:
    • External products
    • Internal products
    • External services
    • Internal services
    • Products as a service (PaaS)
    • Productizing services (SaaS)

    Exercise 1.1.3 Identify the differences between project and product delivery

    30-60 minutes

    Output: List of differences between project and product delivery

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. Consider project delivery and product delivery.
    2. Discuss what some differences are between the two.
      Note: This exercise is not about identifying the advantages and disadvantages of each style of delivery. This is to identify the variation between the two.
    Theme Project Delivery (Current) Product Delivery (Future)
    Timing Defined start and end Does not end until the product is no longer needed
    Funding Funding projects Funding products and teams
    Prioritization LoB sponsors Product owner
    Capacity Management Project management Managed by product team

    Record the results in the Make the Case for Product Delivery Workbook.

    Identify the differences between a project-centric and a product-centric organization

    Project Product
    Fund projects — Funding –› Fund products or teams
    Line of business sponsor — Prioritization –› Product owner
    Makes specific changes to a product —Product management –› Improves product maturity and support
    Assignment of people to work — Work allocation –› Assignment of work to product teams
    Project manager manages — Capacity management –› Team manages capacity

    Info-Tech Insights

    • Product ownership should be one of your first areas of focus when transitioning from project to product delivery.
    • Product delivery requires significant shifts in the way you complete development work and deliver value to your users. Make the changes that support improving end-user value and enterprise alignment.

    Projects can be a mechanism for funding product changes and improvements

    Diagram laying out the lifecycles and roadmaps contributing to the 'Continuous delivery of value'. Beginning with 'Project Lifecycle' in which Projects with features and services end in a Product Release that is disconnected from the continuum. Then the 'Hybrid Lifecycle' and 'Product Lifecycle' which are connected by a 'Product Roadmap' and 'Product Backlog' have Product Releases that connect to the continuum. Projects within products

    Regardless of whether you recognize yourself as a product-based or project-based shop, the same basic principles should apply.

    The purpose of projects is to deliver the scope of a product release. The shift to product delivery leverages a product roadmap and backlog as the mechanism for defining and managing the scope of the release.

    Eventually, teams progress to continuous integration/continuous delivery (CI/CD) where they can release on demand or as scheduled, requiring org change management.

    Step 1.2

    Define your drivers and goals

    Activities
    • 1.2.1 Understand your drivers for product-centric delivery
    • 1.2.2 Define the goals for your product-centric organization

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Outcomes of this step

    • A clear understanding of your motivations and desired outcomes for moving to product delivery.

    Make the Case for Product Delivery

    Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5

    Exercise 1.2.1 Understand your drivers for product-centric delivery

    30-60 minutes

    Output: Organizational drivers to move to product-centric delivery.

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. Identify your pain points in the current delivery model.
    2. What is the root cause of these pain points?
    3. How will a product-centric delivery model fix the root cause (drivers)?
    Pain Points
    • Lack of ownership
    Root Causes
    • Siloed departments
    Drivers
    • Accountability

    Record the results in the Make the Case for Product Delivery Workbook.

    Exercise 1.2.2 Define the goals for your product-centric organization

    30 minutes

    Output: Goals for product-centric delivery

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. Review the differences between project and product delivery from exercise 1.1.3 and the list of drivers from exercise 1.2.1.
    2. Define your goals for achieving a product-centric organization.
      Note: Your drivers may have already covered the goals. If so, review if you would like to change the drivers based on your renewed understanding of the differences between project and product delivery.
    Pain Points
    • Lack of ownership
    Root Causes
    • Siloed departments
    Drivers
    • Accountability
    Goals
    • End-to-end ownership

    Record the results in the Make the Case for Product Delivery Workbook.

    Step 1.3

    Understand the role of product ownership

    Activities
    • 1.3.1 Identify product ownership capabilities

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Outcomes of this step

    • Product owner capabilities that you agree are critical to start your product transformation.

    Make the Case for Product Delivery

    Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5

    Accountability for the delivery of value through product ownership is not optional

    Tree of 'Enterprise Goals and Priorities' leading to 'Product' through a 'Product Family'.

    Info-Tech Insight

    People treat the assignment of accountability for products (aka product ownership) as optional. Without assigning accountability up front, your transition to product delivery will stall. Accountable individuals will be focused on the core outcome for product delivery, which is the delivery of the right value, at the right time, to the right people.

    Description of the tree levels shown in the diagram on the left. First is 'Enterprise Goals and Priorities', led by 'Executive Leadership' using the 'Enterprise Strategic Roadmap'. Second is 'Product Family', led by 'Product Manager' using the 'Product Family Roadmap'. Last is 'Product', led by the 'Product Owner' using the 'Product Roadmap' and 'Backlog' on the strategic end, and 'Releases' on the Tactical end. In the holistic context, 'Product Family is considered 'Strategic' while 'Product' is 'Tactical'.

    Recognize the different product owner perspectives

    Business
    • Customer facing, revenue generating
    Technical
    • IT systems and tools
    Operations
    • Keep the lights on processes

    Info-Tech Best Practice

    Product owners must translate needs and constraints from their perspective into the language of their audience. Kathy Borneman, Digital Product Owner at SunTrust Bank, noted the challenges of finding a common language between lines of business and IT (e.g. what is a unit?).

    Info-Tech Insight

    Recognize that product owners represent one of three primary perspectives. Although all share the same capabilities, how they approach their responsibilities is influenced by their perspective.

    “A Product Owner in its most beneficial form acts like an Entrepreneur, like a 'mini-CEO'. The Product Owner is someone who really 'owns' the product.” (Robbin Schuurman, “Tips for Starting Product Owners”)

    Implement the Info-Tech product owner capability model

    As discussed in Build a Better Product Owner, most product owners operate with an incomplete knowledge of the skills and capabilities needed to perform the role. Common gaps include focusing only on product backlogs, acting as a proxy for product decisions, and ignoring the need for key performance indicators (KPIs) and analytics in both planning and value realization. 'Product Owner Capabilities': 'Vision', 'Leadership', 'Product Lifecycle Management', 'Value Realization'.
    Vision
    • Market Analysis
    • Business Alignment
    • Product Roadmap
    Leadership
    • Soft Skills
    • Collaboration
    • Decision Making
    Product Lifecycle Management
    • Plan
    • Build
    • Run
    Value Realization
    • KPIs
    • Financial Management
    • Business Model

    Details on product ownership capabilities can be found in the appendix.

    Exercise 1.3.1 Identify product ownership capabilities

    60 minutes

    Output: Product owner capability mapping

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. Write down the capabilities product owners need to perform their duties (one per sticky note) in order to describe product ownership in your organization. Consider people, processes, and tools.
    2. Mark each capability with a plus (current capability), circle (some proficiency), or dash (missing capability).
    3. Discuss each capability and place on the appropriate quadrant.

    'Product Owner Capabilities': 'Vision', 'Leadership', 'Product Lifecycle Management', 'Value Realization'.

    Record the results in the Make the Case for Product Delivery Workbook.

    Differentiate between product owners and product managers

    Product Owner (Tactical Focus)
    • Backlog management and prioritization
    • Epic/story definition, refinement in conjunction with business stakeholders
    • Sprint planning with Scrum Master
    • Working with Scrum Master to minimize disruption to team velocity
    • Ensuring alignment between business and Scrum teams during sprints
    • Profit and loss (P&L) product analysis and monitoring
    Product Manager (Strategic Focus)
    • Product strategy, positioning, and messaging
    • Product vision and product roadmap
    • Competitive analysis and positioning
    • New product innovation/definition
    • Release timing and focus (release themes)
    • Ongoing optimization of product-related marketing and sales activities
    • P&L product analysis and monitoring

    Info-Tech Insight

    “Product owner” and “product manager” are terms that should be adapted to fit your culture and product hierarchy. These are not management relationships but rather a way to structure related products and services that touch the same end users.

    Step 1.4

    Communicate what comes next

    Activities
    • 1.4.1 How do we get started?

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Outcomes of this step

    • A now, next, later roadmap indicating your overall next steps.

    Make the Case for Product Delivery

    Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5

    Make a plan in order to make a plan!

    Consider some of the techniques you can use to validate your strategy.

    Cyclical diagram of the 'Continuous Delivery of Value' within 'Business Value'. Surrounding attributes are 'User Centric', 'Adaptable', 'Accessible', 'Private & Secured', 'Informative & Insightful', 'Seamless Application Connection', 'Relationship & Network Building', 'Fit for Purpose'.

    Go to your backlog and prioritize the elements that need to be answered sooner rather than later.

    Possible areas of focus:

    • Regulatory requirements or questions to answer around accessibility, security, privacy.
    • Stress testing any new processes against situations that may occur.
    Learning Milestones

    The completion of a set of artifacts dedicated to validating business opportunities and hypotheses.

    Possible areas of focus:

    • Align teams on product strategy prior to build
    • Market research and analysis
    • Dedicated feedback sessions
    • Provide information on feature requirements
    Stock image of people learning.
    Sprint Zero (AKA Project-before-the-project)

    The completion of a set of key planning activities, typically the first sprint.

    Possible areas of focus:

    • Focus on technical verification to enable product development alignment
    • Sign off on architectural questions or concerns
    Stock photo of a person writing on a board of sticky notes.

    The “Now, Next, Later” roadmap

    Use this when deadlines and delivery dates are not strict. This is best suited for brainstorming a product plan when dependency mapping is not required.

    • Now
      What are you going to do now?
    • Next
      What are you going to do very soon?
    • Later
      What are you going to do in the future?
    A priority map laid out as a half rainbow with 'Now' as the inner, 'Next' as the middle, and 'Later' as the outer. Various 'Features', 'Releases', and an 'MVP' are mapped into the sections.
    (Source: “Tips for Agile product roadmaps & product roadmap examples,” Scrum.org, 2017)

    Exercise 1.4.1 How do we get started?

    30-60 minutes

    Output: Product transformation critical steps and basic roadmap

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. Identify what the critical steps are for the organization to embrace product-centric delivery.
    2. Group each critical step by how soon you need to address it:
      • Now: Let’s do this ASAP.
      • Next: Sometime very soon, let’s do these things.
      • Later: Much further off in the distance, let’s consider these things.
    A priority map laid out as a half rainbow with 'Now' as the inner, 'Next' as the middle, and 'Later' as the outer. Various 'Features', 'Releases', and an 'MVP' are mapped into the sections.
    (Source: “Tips for Agile product roadmaps & product roadmap examples,” Scrum.org, 2017)

    Record the results in the Make the Case for Product Delivery Workbook.

    Example

    Example table for listing tasks to complete Now, Next, or Later

    Step 1.5

    Make the case to your stakeholders

    Activities
    • 1.5.1 Identify what support you need from your stakeholders
    • 1.5.2 Build your pitch for product delivery

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Outcomes of this step

    • A deliverable that helps make the case for product delivery.

    Make the Case for Product Delivery

    Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5

    Develop a stakeholder strategy to define your product owner landscape

    Stakeholder Influence

    Stakeholders are a critical cornerstone to product ownership. They provide the context, alignment, and constraints that influence or control what a product owner is able to accomplish.

    Product teams operate within this network of stakeholders who represent different perspectives within the organization.

    See the appendix for activities and guidance on how to devise a strategy for managing stakeholders.

    Image of four puzzle pieces being put together, labelled 'Product Lifecycle', 'Project Delivery', 'Operational Support', 'and Stakeholder Management'.

    Exercise 1.5.1 Identify what support you need from your stakeholders

    30 minutes

    Output: Clear understanding of stakeholders, what they need from you, and what you need from them.

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. If you don’t yet know who your stakeholders are, consider completing one or more of the stakeholder management exercises in the appendix.
    2. Identify your key stakeholders who have an interest in solution delivery.
    3. Consider their perspective on product-centric delivery. (For example: For head of support, what does solution delivery mean to them?)
    4. Identify what role each stakeholder would play in the transformation.
      • This role represents what you need from them for this transformation to product-centric delivery.
    Stakeholder
    What does solution delivery mean to them?
    What do you need from them in order to be successful?

    Record the results in the Make the Case for Product Delivery Workbook.

    Exercise 1.5.2 Build your pitch deck

    30 minutes (and up)

    Output: A completed presentation to help you make the case for product delivery.

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. Take the results from the Make the Case for Product Delivery Workbook and transfer them into the presentation template.
    2. Follow the instructions on each page listed in the instruction bubbles to know what results to place where.
    3. This is meant to be a template; you are welcome to add and remove slides as needed to suit your audience!

    Sample of slides from the Make the Case for Product Delivery Workbook with instruction bubbles overlaid.

    Record the results in the Make the Case for Product Delivery Workbook.

    Appendix

    Additional research to start your journey

    Related Info-Tech Research

    Product Delivery

    Deliver on Your Digital Product Vision

    • Build a product vision your organization can take from strategy through execution.

    Build a Better Product Owner

    • Strengthen the product owner role in your organization by focusing on core capabilities and proper alignment.

    Build Your Agile Acceleration Roadmap

    • Quickly assess the state of your Agile readiness and plan your path forward to higher value realization.

    Implement Agile Practices That Work

    • Improve collaboration and transparency with the business to minimize project failure.

    Implement DevOps Practices That Work

    • Streamline business value delivery through the strategic adoption of DevOps practices.

    Deliver Digital Products at Scale

    • Deliver value at the scale of your organization through defining enterprise product families.

    Extend Agile Practices Beyond IT

    • Further the benefits of Agile by extending a scaled Agile framework to the business.

    Build Your BizDevOps Playbook

    • Embrace a team sport culture built around continuous business-IT collaboration to deliver great products.

    Embed Security Into the DevOps Pipeline

    • Shift security left to get into DevSecOps.

    Spread Best Practices With an Agile Center of Excellence

    • Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Related Info-Tech Research

    Application Portfolio Management

    Application Portfolio Management (APM) Research Center

    • See an overview of the APM journey and how we can support the pieces in this journey.

    Application Portfolio Management for Small Enterprises

    • There is no one-size-fits-all rationalization. Tailor your framework to meet your goals.

    Streamline Application Maintenance

    • Effective maintenance ensures the long-term value of your applications.

    Build an Application Rationalization Framework

    • Manage your application portfolio to minimize risk and maximize value.

    Modernize Your Applications

    • Justify modernizing your application portfolio from both business and technical perspectives.

    Review Your Application Strategy

    • Ensure your applications enable your business strategy.

    Application Portfolio Management Foundations

    • Ensure your application portfolio delivers the best possible return on investment.

    Streamline Application Management

    • Move beyond maintenance to ensuring exceptional value from your apps.

    Optimize Applications Release Management

    • Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Embrace Business-Managed Applications

    • Empower the business to implement their own applications with a trusted business-IT relationship.

    Related Info-Tech Research

    Value, Delivery Metrics, Estimation

    Build a Value Measurement Framework

    • Focus product delivery on business value–driven outcomes.

    Select and Use SDLC Metrics Effectively

    • Be careful what you ask for, because you will probably get it.

    Application Portfolio Assessment: End User Feedback

    • Develop data-driven insights to help you decide which applications to retire, upgrade, re-train on, or maintain to meet the demands of the business.

    Create a Holistic IT Dashboard

    • Mature your IT department by measuring what matters.

    Refine Your Estimation Practices With Top-Down Allocations

    • Don’t let bad estimates ruin good work.

    Estimate Software Delivery With Confidence

    • Commit to achievable software releases by grounding realistic expectations

    Reduce Time to Consensus With an Accelerated Business Case

    • Expand on the financial model to give your initiative momentum.

    Optimize IT Project Intake, Approval, and Prioritization

    • Deliver more projects by giving yourself the voice to say “no” or “not yet” to new projects.

    Enhance PPM Dashboards and Reports

    • Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Related Info-Tech Research

    Org Design and Performance

    Redesign Your IT Organizational Structure

    • Focus product delivery on business value–driven outcomes.

    Build a Strategic IT Workforce Plan

    • Have the right people, in the right place, at the right time.

    Implement a New IT Organizational Structure

    • Reorganizations are inherently disruptive. Implement your new structure with minimal pain for staff while maintaining IT performance throughout the change.

    Build an IT Employee Engagement Program

    • Measure employee sentiment to drive IT performance

    Set Meaningful Employee Performance Measures

    • Set holistic measures to inspire employee performance.

    Master Organizational Change Management Practices

    • PMOs, if you don't know who is responsible for org change, it's you.

    Appendix

    Product delivery strategy communication

    Product roadmaps guide delivery and communicate your strategy

    In Deliver on Your Digital Product Vision, we demonstrate how the product roadmap is core to value realization. The product roadmap is your communicated path, and as a product owner, you use it to align teams and changes to your defined goals while aligning your product to enterprise goals and strategy.

    Diagram on how to get from product owner capabilities to 'Business Value Realization' through 'Product Roadmap' with a 'Tiered Backlog', 'Delivery Capacity and Throughput' via a 'Product Delivery Pipeline'.
    (Adapted from: Pichler, “What Is Product Management?”)

    Info-Tech Insight

    The quality of your product backlog – and your ability to realize business value from your delivery pipeline – is directly related to the input, content, and prioritization of items in your product roadmap.

    Define product value by aligning backlog delivery with roadmap goals

    In each product plan, the backlogs show what you will deliver.
    Roadmaps identify when and in what order you will deliver value, capabilities, and goals.

    Two-part diagram showing the 'Product Backlog' segmented into '1. Current: Features/ Stories', '2. Near-term: Capabilities', and '3. Future: Epics', and then the 'Product Roadmap' with the same segments placed into a timeline.

    Multiple roadmap views can communicate differently, yet tell the same truth

    Product managers and product owners have many responsibilities, and a roadmap can be a useful tool to complete those objectives through communication or organization of tasks.

    However, not all roadmaps address the correct audience and achieve those objectives. Care must be taken to align the view to the given audience.

    Pie Chart showing the surveyed most important reason for using a product roadmap. From largest to smallest are 'Communicate a strategy', 'Plan and prioritize', 'Communicate milestones and releases', 'Get consensus on product direction', and 'Manage product backlog'.
    Surveyed most important reason for using a product roadmap (Source: ProductPlan, 2018)

    Audience
    Business/ IT leaders Users/Customers Delivery teams
    Roadmap View
    Portfolio Product Technology
    Objectives
    To provide a snapshot of the portfolio and priority apps To visualize and validate product strategy To coordinate and manage teams and show dev. progress
    Artifacts
    Line items or sections of the roadmap are made up of individual apps, and an artifact represents a disposition at its highest level. Artifacts are generally grouped by various product teams and consist of strategic goals and the features that realize those goals. Artifacts are grouped by the teams who deliver that work and consist of features and technical enablers that support those features.

    Appendix

    Managing stakeholder influence

    From Build a Better Product Owner

    Step 1.3 (from Build a Better Product Owner)

    Manage Stakeholder Influence

    Activities
    • 1.3.1 Visualize interrelationships to identify key influencers
    • 1.3.2 Group your product owners into categories
    • 1.3.3 Prioritize your stakeholders
    • 1.3.4 Delegation Poker: Reach better decisions

    This step will walk you through the following activities:

    To be successful, product owners need to identify and manage all stakeholders for their products. This step will build a stakeholder map and strategy.

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Delivery managers
    • Business analysts

    Outcomes of this step

    • Relationships among stakeholders and influencers
    • Categorization of stakeholders and influencers
    • Stakeholder and influencer prioritization
    • Better understanding of decision-making approaches and delegation
    Product Owner Foundations
    Step 1.1 Step 1.2 Step 1.3

    Develop a product owner stakeholder strategy

    Stakeholder Influence

    Stakeholders are a critical cornerstone to product ownership. They provide the context, alignment, and constraints that influence or control what a product owner is able to accomplish.

    Product owners operate within this network of stakeholders who represent different perspectives within the organization.

    First, product owners must identify members of their stakeholder network. Next, they should devise a strategy for managing stakeholders.

    Without accomplishing these missing pieces, product owners will encounter obstacles, resistance, or unexpected changes.

    Image of four puzzle pieces being put together, labelled 'Product Lifecycle', 'Project Delivery', 'Operational Support', 'and Stakeholder Management'.

    Create a stakeholder network map to product roadmaps and prioritization

    Follow the trail of breadcrumbs from your direct stakeholders to their influencers to uncover hidden stakeholders.

    Legend
    Black arrow with a solid line and single direction. Black arrows indicate the direction of professional influence
    Green arrow with a dashed line and bi-directional. Dashed green arrows indicate bidirectional, informal influence relationships

    Info-Tech Insight

    Your stakeholder map defines the influence landscape your product operates in. It is every bit as important as the teams who enhance, support, and operate your product directly.

    Use “connectors” to determine who may be influencing your direct stakeholders. They may not have any formal authority within the organization, but they may have informal yet substantive relationships with your stakeholders.

    1.3.1 Visualize interrelationships to identify key influencers

    60 minutes

    Input: List of product stakeholders

    Output: Relationships among stakeholders and influencers

    Materials: Whiteboard/flip charts, Markers, Build a Better Product Owner Workbook

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. List direct stakeholders for your product.
    2. Determine the stakeholders of your stakeholders and consider adding each of them to the stakeholder list.
    3. Assess who has either formal or informal influence over your stakeholders; add these influencers to your stakeholder list.
    4. Construct a diagram linking stakeholders and their influencers together.
      1. Use black arrows to indicate the direction of professional influence.
      2. Use dashed green arrows to indicate bidirectional, informal influence relationships.
    5. Record the results in the Build a Better Product Owner Workbook.

    Record the results in the Build a Better Product Owner Workbook.

    Categorize your stakeholders with a prioritization map

    A stakeholder prioritization map helps product owners categorize their stakeholders by their level or influence and ownership in the product and/or teams.

    Stakeholder prioritization map split into four quadrants along two axes, 'Influence', and 'Ownership/Interest': 'Players' (high influence, high interest); 'Mediators' (high influence, low interest); 'Noisemakers' (low influence, high interest); 'Spectators' (low influence, low interest). Source: Info-Tech Research Group

    There are four areas in the map, and the stakeholders within each area should be treated differently.
    • Players – players have a high interest in the initiative and the influence to effect change over the initiative. Their support is critical, and a lack of support can cause significant impediment to the objectives.
    • Mediators – mediators have a low interest but significant influence over the initiative. They can help to provide balance and objective opinions to issues that arise.
    • Noisemakers – noisemakers have low influence but high interest. They tend to be very vocal and engaged, either positively or negatively, but have little ability to enact their wishes.
    • Spectators – generally, spectators are apathetic and have little influence over or interest in the initiative.

    1.3.2 Group your product owners into categories

    30 minutes

    Input: Stakeholder map

    Output: Categorization of stakeholders and influencers

    Materials: Whiteboard/flip charts, Markers, Build a Better Product Owner Workbook

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. Identify your stakeholder’s interest in and influence on your Agile implementation as high, medium, or low by rating the attributes below.
    2. Map your results to the model below to determine each stakeholder’s category.
    3. Record the results in the Build a Better Product Owner Workbook.
    Same stakeholder prioritization map as before but with example positions mapped onto it.
    Level of Influence
    • Power: Ability of a stakeholder to effect change.
    • Urgency: Degree of immediacy demanded.
    • Legitimacy: Perceived validity of stakeholder’s claim.
    • Volume: How loud their “voice” is or could become.
    • Contribution: What they have that is of value to you.
    Level of Interest

    How much are the stakeholder’s individual performance and goals directly tied to the success or failure of the product?

    Record the results in the Build a Better Product Owner Workbook.

    Prioritize your stakeholders

    There may be too many stakeholders to be able to manage them all. Focus your attention on the stakeholders that matter most.

    Stakeholder prioritization table with 'Stakeholder Category' as row headers ('Player', 'Mediator', 'Noisemaker', 'Spectator') and 'Level of Support' as column headers ('Supporter', 'Evangelist', 'Neutral', 'Blocker'). Importance ratings are 'Critical', 'High', 'Medium', 'Low', and 'Irrelevant'.

    Consider the three dimensions for stakeholder prioritization: influence, interest, and support. Support can be determined by rating the following question: how likely is it that your stakeholder would recommend your product? These parameters are used to prioritize which stakeholders are most important and should receive the focus of your attention. The table to the right indicates how stakeholders are ranked.

    1.3.3 Prioritize your stakeholders

    30 minutes

    Input: Stakeholder matrix, Stakeholder prioritization

    Output: Stakeholder and influencer prioritization

    Materials: Whiteboard/flip charts, Markers, Build a Better Product Owner Workbook

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. Identify the level of support of each stakeholder by answering the following question: how likely is it that your stakeholder would endorse your product?
    2. Prioritize your stakeholders using the prioritization scheme on the previous slide.
    3. Record the results in the Build a Better Product Owner Workbook.
    Stakeholder Category Level of Support Prioritization
    CMO Spectator Neutral Irrelevant
    CIO Player Supporter Critical

    Record the results in the Build a Better Product Owner Workbook.

    Define strategies for engaging stakeholders by type

    Stakeholder strategy map assigning stakeholder strategies to stakeholder categories, as described in the adjacent table.

    Info-Tech Insight

    Each group of stakeholders draws attention and resources away from critical tasks. By properly identifying your stakeholder groups, the product owner can develop corresponding actions to manage stakeholders in each group. This can dramatically reduce wasted effort trying to satisfy Spectators and Noisemakers, while ensuring the needs of the Mediators and Players are met.

    Type Quadrant Actions
    Players High influence; high interest – actively engage Keep them updated on the progress of the project. Continuously involve Players in the process and maintain their engagement and interest by demonstrating their value to its success.
    Mediators High influence; low interest – keep satisfied They can be the game changers in groups of stakeholders. Turn them into supporters by gaining their confidence and trust and including them in important decision-making steps. In turn, they can help you influence other stakeholders.
    Noisemakers Low influence; high interest – keep informed Try to increase their influence (or decrease it if they are detractors) by providing them with key information, supporting them in meetings, and using Mediators to help them.
    Spectators Low influence; low interest – monitor They are followers. Keep them in the loop by providing clarity on objectives and status updates.

    Appendix

    Product owner capability details

    From Build a Better Product Owner

    Develop product owner capabilities

    Capability 'Vision' with sub-capabilities 'Market Analysis, 'Business Alignment', and 'Product Roadmap'.

    Each capability has three components needed for successful product ownership.

    Definitions are on the following slides.

    Central diagram title 'Product Owner Capabilities'.

    Define the skills and activities in each component that are directly related to your product and culture.

    Capability 'Leadership' with sub-capabilities 'Soft Skills', 'Collaboration', and 'Decision Making'.
    Capability 'Product Lifecycle Management' with sub- capabilities 'Plan', 'Build', and 'Run'. Capability 'Value Realization' with sub-capabilities 'KPIs', 'Financial Management', and 'Business Model'.

    Capabilities: Vision

    Market Analysis

    • Unique solution: Identify the target users and unique value your product provides that is not currently being met.
    • Market size: Define the size of your user base, segmentation, and potential growth.
    • Competitive analysis: Determine alternative solutions, products, or threats that affect adoption, usage, and retention.

    Business Alignment

    • SWOT analysis: Complete a SWOT analysis for your end-to-end product lifecycle. Use Info-Tech’s Business SWOT Analysis Template.
    • Enterprise alignment: Align product to enterprise goals, strategies, and constraints.
    • Delivery strategy: Develop a delivery strategy to achieve value quickly and adapt to internal and external changes.

    Product Roadmap

    • Roadmap strategy: Determine the duration, detail, and structure of your roadmap to accurately communicate your vision.
    • Value prioritization: Define criteria used to evaluate and sequence demand.
    • Go to market strategy: Create organizational change management, communications, and a user implementation approach.

    Info-Tech Insight

    Data comes from many places and may still not tell the complete story.

    Capability 'Vision' with sub-capabilities 'Market Analysis, 'Business Alignment', and 'Product Roadmap'.

    “Customers are best heard through many ears.” (Thomas K. Connellan, Inside the Magic Kingdom)

    Capabilities: Leadership

    Soft Skills

    • Communication: Maintain consistent, concise, and appropriate communication using SMART guidelines (specific, measurable, attainable, relevant, and timely).
    • Integrity: Stick to your values, principles, and decision criteria for the product to build and maintain trust with your users and teams.
    • Influence: Manage stakeholders using influence and collaboration over contract negotiation.

    Collaboration

    • Stakeholder management: Build a communications strategy for each stakeholder group, tailored to individual stakeholders.
    • Relationship management: Use every interaction point to strengthen relationships, build trust, and empower teams.
    • Team development: Promote development through stretch goals and controlled risks to build team capabilities and performance.

    Decision Making

    • Prioritized criteria: Remove personal bias by basing decisions off data analysis and criteria.
    • Continuous improvement: Balance new features with the need to ensure quality and create an environment of continuous improvement.
    • Team empowerment/negotiation: Push decisions to teams closest to the problem and solution, using Delegation Poker to guide you.

    Info-Tech Insight

    Product owners cannot be just a proxy for stakeholder decisions. The product owner owns product decisions and management of all stakeholders.

    Capability 'Leadership' with sub-capabilities 'Soft Skills', 'Collaboration', and 'Decision Making'.

    “Everything walks the walk. Everything talks the talk.” (Thomas K. Connellan, Inside the Magic Kingdom)

    Capabilities: Product lifecycle management

    Plan

    • Product backlog: Follow a schedule for backlog intake, refinement, updates, and prioritization.
    • Journey map: Create an end-user journey map to guide adoption and loyalty.
    • Fit for purpose: Define expected value and intended use to ensure the product meets your end user’s needs.

    Build

    • Capacity management: Work with operations and delivery teams to ensure consistent and stable outcomes.
    • Release strategy: Build learning, release, and critical milestones into a repeatable release plan.
    • Compliance: Build policy compliance into delivery practices to ensure alignment and reduce avoidable risk (privacy, security).

    Run

    • Adoption: Focus attention on end-user adoption and proficiency to accelerate value and maximize retention.
    • Support: Build operational support and business continuity into every team.
    • Measure: Measure KPIs and validate expected value to ensure product alignment to goals and consistent product quality.

    Info-Tech Insight

    Product owners must actively manage the full lifecycle of the product.

    Capability 'Product Lifecycle Management' with sub- capabilities 'Plan', 'Build', and 'Run'.

    “Pay fantastic attention to detail. Reward, recognize, celebrate.” (Thomas K. Connellan, Inside the Magic Kingdom)

    Capabilities: Value realization

    Key Performance Indicators (KPIs)

    • Usability and user satisfaction: Assess satisfaction through usage monitoring and end-user feedback.
    • Value validation: Directly measure performance against defined value proposition, goals, and predicted ROI.
    • Fit for purpose: Verify the product addresses the intended purpose better than other options.

    Financial Management

    • P&L: Manage each product as if it were its own business with profit and loss statements.
    • Acquisition cost/market growth: Define the cost of acquiring a new consumer, onboarding internal users, and increasing product usage.
    • User retention/market share: Verify product usage continues after adoption and solution reaches new user groups to increase value.

    Business Model

    • Defines value proposition: Dedicate your primary focus to understanding and defining the value your product will deliver.
    • Market strategy and goals: Define your acquisition, adoption, and retention plan for users.
    • Financial model: Build an end-to-end financial model and plan for the product and all related operational support.

    Info-Tech Insight

    Most organizations stop with on-time and on-budget. True financial alignment needs to define and manage the full lifecycle P&L.

    Capability 'Value Realization' with sub-capabilities 'KPIs', 'Financial Management', and 'Business Model'.

    “The competition is anyone the customer compares you with.” (Thomas K. Connellan, Inside the Magic Kingdom)

    Avoid common capability gaps

    Vision

    • Focusing solely on backlog refining (tactical only)
    • Ignoring or failing to align product roadmap to enterprise goals
    • Operational support and execution
    • Basing decisions on opinion rather than market data
    • Ignoring or missing internal and external threats to your product

    Leadership

    • Failing to include feedback from all teams who interact with your product
    • Using a command-and-control approach
    • Viewing product owner as only a delivery role
    • Acting as a proxy for stakeholder decisions
    • Avoiding tough strategic decisions in favor of easier tactical choices

    Product Lifecycle Management

    • Focusing on delivery and not the full product lifecycle
    • Ignoring support, operations, and technical debt
    • Failing to build knowledge management into the lifecycle
    • Underestimating delivery capacity, capabilities, or commitment
    • Assuming delivery stops at implementation

    Value Realization

    • Focusing exclusively on “on time/on budget” metrics
    • Failing to measure a 360-degree end-user view of the product
    • Skipping business plans and financial models
    • Limiting financial management to project/change budgets
    • Ignoring market analysis for growth, penetration, and threats

    Bibliography – Product Ownership

    A, Karen. “20 Mental Models for Product Managers.” Medium, Product Management Insider, 2 Aug. 2018. Web.

    Adams, Paul. “Product Teams: How to Build & Structure Product Teams for Growth.” Inside Intercom, 30 Oct. 2019. Web.

    Agile Alliance. “Product Owner.” Agile Alliance, n.d. Web.

    Banfield, Richard, et al. “On-Demand Webinar: Strategies for Scaling Your (Growing) Enterprise Product Team.” Pluralsight, 31 Jan. 2018. Web.

    Blueprint. “10 Ways Requirements Can Sabotage Your Projects Right From the Start.” Blueprint, 2012. Web.

    Breddels, Dajo, and Paul Kuijten. “Product Owner Value Game.” Agile2015 Conference, 2015. Web.

    Cagan, Martin. “Behind Every Great Product.” Silicon Valley Product Group, 2005. Web.

    Cohn, Mike “What is a product?” Mountain Goat Software, 16 Sept. 2016, Web

    Connellan, Thomas K. Inside the Magic Kingdom. Bard Press, 1997. Print.

    Curphey, Mark, “Product Definition.” slideshare.net, 25 Feb. 2007. Web

    Eringa, Ron. “Evolution of the Product Owner.” RonEringa.com, 12 June 2016. Web.

    Fernandes, Thaisa. “Spotify Squad Framework - Part I.” Medium.com, 6 March 2017. Web.

    Galen, Robert. “Measuring Product Ownership – What Does ‘Good’ Look Like?” RGalen Consulting, 5 Aug. 2015. Web.

    Halisky, Merland, and Luke Lackrone. “The Product Owner’s Universe.” Agile Alliance, Agile2016, 2016. Web.

    Kamer, Jurriaan. “How to Build Your Own ‘Spotify Model’.” Medium.com, 9 Feb. 2018. Web.

    Kendis Team. “Exploring Key Elements of Spotify’s Agile Scaling Model.” Medium.com, 23 July 2018. Web.

    Lindstrom, Lowell. “7 Skills You Need to Be a Great Product Owner.” Scrum Alliance, n.d. Web.

    Lukassen, Chris. “The Five Belts Of The Product Owner.” Xebia.com, 20 Sept. 2016. Web.

    Management 3.0. “Delegation Poker Product Image.” Management 3.0, n.d. Web.

    McCloskey, Heather. “Scaling Product Management: Secrets to Defeating Common Challenges.” ProductPlan, 12 July 2019. Web.

    Bibliography – Product Ownership

    McCloskey, Heather. “When and How to Scale Your Product Team.” UserVoice, 21 Feb. 2017. Web.

    Mironov, Rich. “Scaling Up Product Manager/Owner Teams: Rich Mironov's Product Bytes.” Rich Mironov's Product Bytes, Mironov Consulting, 12 April 2014 . Web.

    Overeem, Barry. “A Product Owner Self-Assessment.” Barry Overeem, 6 March 2017. Web.

    Overeem, Barry. “Retrospective: Using the Team Radar.” Barry Overeem, 27 Feb. 2017. Web.

    Pichler, Roman. “How to Scale the Scrum Product Owner.” Roman Pichler, 28 June 2016 . Web.

    Pichler, Roman. “Product Management Framework.” Pichler Consulting Limited, 2014. Web.

    Pichler, Roman. “Sprint Planning Tips for Product Owners.” LinkedIn, 4 Sept. 2018. Web.

    Pichler, Roman. “What Is Product Management?” Pichler Consulting Limited, 26 Nov. 2014. Web.

    Radigan, Dan. “Putting the ‘Flow' Back in Workflow With WIP Limits.” Atlassian, n.d. Web.

    Schuurman, Robbin. “10 Tips for Product Owners on Agile Product Management.” Scrum.org, 28 Nov. 2017. Web.

    Schuurman, Robbin. “10 Tips for Product Owners on (Business) Value.” Scrum.org, 30 Nov. 2017. Web.

    Schuurman, Robbin. “10 Tips for Product Owners on Product Backlog Management.” Scrum.org, 5 Dec. 2017. Web.

    Schuurman, Robbin. “10 Tips for Product Owners on the Product Vision.” Scrum.org, 29 Nov. 2017. Web.

    Schuurman, Robbin. “Tips for Starting Product Owners.” Scrum.org, 27 Nov. 2017. Web.

    Sharma, Rohit. “Scaling Product Teams the Structured Way.” Monetary Musings, 28 Nov. 2016. Web.

    Bibliography – Product Ownership

    Steiner, Anne. “Start to Scale Your Product Management: Multiple Teams Working on Single Product.” Cprime, 6 Aug. 2019. Web.

    Shirazi, Reza. “Betsy Stockdale of Seilevel: Product Managers Are Not Afraid To Be Wrong.” Austin VOP #50, 2 Oct. 2018. Web.

    “The Standish Group 2015 Chaos Report.” The Standish Group, 2015. Web.

    Theus, Andre. “When Should You Scale the Product Management Team?” ProductPlan, 7 May 2019. Web.

    Tolonen, Arto. “Scaling Product Management in a Single Product Company.” Smartly.io, 26 Apr. 2018. Web.

    Ulrich, Catherine. “The 6 Types of Product Managers. Which One Do You Need?” Medium.com, 19 Dec. 2017. Web.

    VersionOne. “12th Annual State of Agile Report.” VersionOne, 9 April 2018. Web.

    Verwijs, Christiaan. “Retrospective: Do The Team Radar.” Medium.com, 10 Feb. 2017. Web.

    “How do you define a product?” Scrum.org, 4 April 2017, Web.

    “Product Definition.” TechTarget, Sept. 2005. Web

    Bibliography – Product Roadmap

    Ambysoft. “2018 IT Project Success Rates Survey Results.” Ambysoft. 2018. Web.

    Bastow, Janna. “Creating Agile Product roadmaps Everyone Understands.” ProdPad, 22 Mar. 2017. Accessed Sept. 2018.

    Bastow, Janna. “The Product Tree Game: Our Favorite Way To Prioritize Features.” ProdPad, 21 Feb. 2016. Accessed Sept. 2018.

    Chernak, Yuri. “Requirements Reuse: The State of the Practice.” 2012, Herzlia, Israel, 2012 IEEE International Conference on Software Science, Technology and Engineering, 12 June 2012. Web.

    Fowler, Martin. “Application Boundary.” MartinFowler.com, 11 Sept. 2003. Accessed 20 Nov. 2017.

    Harrin, Elizabeth. “Learn What a Project Milestone Is.” The Balance Careers, 10 May 2018. Accessed Sept. 2018.

    “How to create a product roadmap.” Roadmunk, n.d. Accessed Sept. 2018.

    Johnson, Steve. “How to Master the 3 Horizons of Product Strategy.” Aha!, 24 Sept. 2015. Accessed Sept. 2018.

    Johnson, Steve. “The Product Roadmap vs. the Technology Roadmap.” Aha!, 23 June 2016. Accessed Sept. 2018

    Juncal, Shaun. “How Should You Set Your Product Roadmap Timeframes?” ProductPlan, n.d. Accessed Sept. 2018.

    Leffingwell, Dean. “SAFe 4.0.” Scaled Agile, Inc., 2017. Web.

    Maurya, Ash. “What is a Minimum Viable Product (MVP)?” LEANSTACK, 12 June 2017. Accessed Sept. 2018.

    Pichler, Roman. “10 Tips for Creating an Agile Product Roadmap.” Roman Pichler, 20 July 2016. Accessed Sept. 2018.

    Pichler, Roman. Strategize: Product Strategy and Product Roadmap Practices for the Digital Age. Pichler Consulting, 2016.

    “Product Roadmap Contents: What Should You Include?” ProductPlan, n.d. Accessed 20 Nov. 2017.

    Saez, Andrea. “Why Your Roadmap Is Not a Release Plan.” ProdPad, 23 Oct. 2015. Accessed Sept. 2018.

    Schuurman, Robbin. “Tips for Agile product roadmaps & product roadmap examples.” Scrum.org, 7 Dec. 2017. Accessed Sept. 2018

    Research Contributors and Experts

    Photo of Emily Archer, Lead Business Analyst, Enterprise Consulting, authentic digital agency.

    Emily Archer
    Lead Business Analyst,
    Enterprise Consulting, authentic digital agency

    Emily Archer is a consultant currently working with Fortune 500 clients to ensure the delivery of successful projects, products, and processes. She helps increase the business value returned for organizations’ investments in designing and implementing enterprise content hubs and content operations, custom web applications, digital marketing, and e-commerce platforms.

    Photo of David Berg, Founder & CTO, Strainprint Technologies Inc.

    David Berg
    Founder & CTO
    Strainprint Technologies Inc.

    David Berg is a product commercialization expert that has spent the last 20 years of his career delivering product management and business development services across a broad range of industries. Early in his career, David worked with product management and engineering teams to build core network infrastructure products that secure and power the internet we benefit from today. David’s experience also includes working with clean technologies in the area of clean power generation, agritech, and Internet of Things infrastructure. Over the last five years, David has been focused on his latest venture, Strainprint Technologies, a data and analytics company focused on the medical cannabis industry. Strainprint has built the largest longitudinal medical cannabis dataset in the world with the goal to develop an understanding of treatment behavior, interactions, and chemical drivers to guide future product development.

    Research Contributors and Experts

    Blank photo template.

    Kathy Borneman
    Digital Product Owner, SunTrust Bank

    Kathy Borneman is a senior product owner who helps people enjoy their jobs again by engaging others in end-to-end decision making to deliver software and operational solutions that enhance the client experience and allow people to think and act strategically.

    Photo of Charlie Campbell, Product Owner, Merchant e-Solutions.

    Charlie Campbell
    Product Owner, Merchant e-Solutions

    Charlie Campbell is an experienced problem solver with the ability to quickly dissect situations and recommend immediate actions to achieve resolution, liaise between technical and functional personnel to bridge the technology and communication gap, and work with diverse teams and resources to reach a common goal.

    Research Contributors and Experts

    Photo of Yarrow Diamond, Sr. Director, Business Architecture, Financial Services.

    Yarrow Diamond
    Sr. Director, Business Architecture
    Financial Services

    Yarrow Diamond is an experienced professional with expertise in enterprise strategy development, project portfolio management, and business process reengineering across financial services, healthcare and insurance, hospitality, and real estate environments. She has a master’s in Enterprise Architecture from Penn State University, LSSMBB, PMP, CSM, ITILv3.

    Photo of Cari J. Faanes-Blakey, CBAP, PMI-PBA, Enterprise Business Systems Analyst, Vertex, Inc.

    Cari J. Faanes-Blakey, CBAP, PMI-PBA
    Enterprise Business Systems Analyst,
    Vertex, Inc.

    Cari J. Faanes-Blakey has a history in software development and implementation as a Business Analyst and Project Manager for financial and taxation software vendors. Active in the International Institute of Business Analysis (IIBA), Cari participated on the writing team for the BA Body of Knowledge 3.0 and the certification exam.

    Research Contributors and Experts

    Photo of Kieran Gobey, Senior Consultant Professional Services, Blueprint Software Systems.

    Kieran Gobey
    Senior Consultant Professional Services
    Blueprint Software Systems

    Kieran Gobey is an IT professional with 24 years of experience, focused on business, technology, and systems analysis. He has split his career between external and internal customer-facing roles, and this has resulted in a true understanding of what is required to be a Professional Services Consultant. His problem-solving skills and ability to mentor others have resulted in successful software implementations.

    Kieran’s specialties include deep system troubleshooting and analysis skills, facilitating communications to bring together participants effectively, mentoring, leadership, and organizational skills.

    Photo of Rupert Kainzbauer, VP Product, Digital Wallets, Paysafe Group.

    Rupert Kainzbauer
    VP Product, Digital Wallets
    Paysafe Group

    Rupert Kainzbauer is an experienced senior leader with a passion for defining and delivering products that deliver real customer and commercial benefit. Together with a team of highly experienced and motivated product managers, he has successfully led highly complex, multi-stakeholder payments initiatives, from proposition development and solution design through to market delivery. Their domain experience is in building online payment products in high-risk and emerging markets, remittance, prepaid cards, and mobile applications.

    Research Contributors and Experts

    Photo of Saeed Khan, Founder, Transformation Labs.

    Saeed Khan
    Founder,
    Transformation Labs

    Saeed Khan has been working in high tech for 30 years in both Canada and the US and has held a number of leadership roles in Product Management over that time. He speaks regularly at conferences and has been writing publicly about technology product management since 2005.

    Through Transformation Labs, Saeed helps companies accelerate product success by working with product teams to improve their skills, practices, and processes. He is a cofounder of ProductCamp Toronto and currently runs a Meetup group and global Slack community called Product Leaders, the only global community of senior-level product executives.

    Photo of Hoi Kun Lo, Product Owner, Nielsen.

    Hoi Kun Lo
    Product Owner
    Nielsen

    Hoi Kun Lo is an experienced change agent who can be found actively participating within the IIBA and WITI groups in Tampa, FL, and a champion for Agile, architecture, diversity, and inclusion programs at Nielsen. She is currently a Product Owner in the Digital Strategy team within Nielsen Global Watch Technology.

    Research Contributors and Experts

    Photo of Abhishek Mathur, Sr Director, Product Management, Kasisto, Inc.

    Abhishek Mathur
    Sr Director, Product Management
    Kasisto, Inc.

    Abhishek Mathur is a product management leader, an artificial intelligence practitioner, and an educator. He has led product management and engineering teams at Clarifai, IBM, and Kasisto to build a variety of artificial intelligence applications within the space of computer vision, natural language processing, and recommendation systems. Abhishek enjoys having deep conversations about the future of technology and helping aspiring product managers enter and accelerate their careers.

    Photo of Jeff Meister, Technology Advisor and Product Leader.

    Jeff Meister
    Technology Advisor and Product Leader

    Jeff Meister is a technology advisor and product leader. He has more than 20 years of experience building and operating software products and the teams that build them. He has built products across a wide range of industries and has built and led large engineering, design, and product organizations.

    Jeff most recently served as Senior Director of Product Management at Avanade, where he built and led the product management practice. This involved hiring and leading product managers, defining product management processes, solution shaping and engagement execution, and evangelizing the discipline through pitches, presentations, and speaking engagements.

    Jeff holds a Bachelor of Applied Science (Electrical Engineering) and a Bachelor of Arts from the University of Waterloo, an MBA from INSEAD (Strategy), and certifications in product management, project management, and design thinking.

    Research Contributors and Experts

    Photo of Vincent Mirabelli, Principal, Global Project Synergy Group.

    Vincent Mirabelli
    Principal,
    Global Project Synergy Group

    With over 10 years of experience in both the private and public sectors, Vincent Mirabelli possesses an impressive track record of improving, informing, and transforming business strategy and operations through process improvement, design and re-engineering, and the application of quality to business analysis, project management, and process improvement standards.

    Photo of Oz Nazili, VP, Product & Growth, TWG.

    Oz Nazili
    VP, Product & Growth
    TWG

    Oz Nazili is a product leader with a decade of experience in both building products and product teams. Having spent time at funded startups and large enterprises, he thinks often about the most effective way to deliver value to users. His core areas of interest include Lean MVP development and data-driven product growth.

    Research Contributors and Experts

    Photo of Mark Pearson, Principal IT Architect, First Data Corporation.

    Mark Pearson
    Principal IT Architect
    First Data Corporation

    Mark Pearson is an executive business leader grounded in the process, data, technology, and operations of software-driven business. He knows the enterprise software landscape and is skilled in product, technology, and operations design and delivery within information technology organizations, outsourcing firms, and software product companies.

    Photo of Brenda Peshak, Product Owner, Widget Industries, LLC.

    Brenda Peshak
    Product Owner,
    Widget Industries, LLC

    Brenda Peshak is skilled in business process, analytical skills, Microsoft Office Suite, communication, and customer relationship management (CRM). She is a strong product management professional with a Master’s focused in Business Leadership (MBL) from William Penn University.

    Research Contributors and Experts

    Photo of Mike Starkey, Director of Engineering, W.W. Grainger.

    Mike Starkey
    Director of Engineering
    W.W. Grainger

    Mike Starkey is a Director of Engineering at W.W. Grainger, currently focusing on operating model development, digital architecture, and building enterprise software. Prior to joining W.W. Grainger, Mike held a variety of technology consulting roles throughout the system delivery lifecycle spanning multiple industries such as healthcare, retail, manufacturing, and utilities with Fortune 500 companies.

    Photo of Anant Tailor, Cofounder & Head of Product, Dream Payments Corp.

    Anant Tailor
    Cofounder & Head of Product
    Dream Payments Corp.

    Anant Tailor is a cofounder at Dream Payments where he currently serves as the COO and Head of Product, having responsibility for Product Strategy & Development, Client Delivery, Compliance, and Operations. He has 20+ years of experience building and operating organizations that deliver software products and solutions for consumers and businesses of varying sizes.

    Prior to founding Dream Payments, Anant was the COO and Director of Client Services at DonRiver Inc, a technology strategy and software consultancy that he helped to build and scale into a global company with 100+ employees operating in seven countries.

    Anant is a Professional Engineer with a Bachelor’s degree in Electrical Engineering from McMaster University and a certificate in Product Strategy & Management from the Kellogg School of Management at Northwestern University.

    Research Contributors and Experts

    Photo of Angela Weller, Scrum Master, Businessolver.

    Angela Weller
    Scrum Master, Businessolver

    Angela Weller is an experienced Agile business analyst who collaborates with key stakeholders to attain their goals and contributes to the achievement of the company’s strategic objectives to ensure a competitive advantage. She excels when mediating or facilitating teams.

    Get Started With Artificial Intelligence

    • Buy Link or Shortcode: {j2store}345|cart{/j2store}
    • member rating overall impact (scale of 10): 9.4/10 Overall Impact
    • member rating average dollars saved: $24,469 Average $ Saved
    • member rating average days saved: 18 Average Days Saved
    • Parent Category Name: Business Intelligence Strategy
    • Parent Category Link: /business-intelligence-strategy
    • It is hard to not hear about how AI is revolutionizing the world. Across all industries, new applications for AI are changing the way humans work and how we interact with technologies that are used in modern organizations.
    • It can be difficult to see the specific applications of AI for your business. With all of the talk about the AI revolution, it can be hard to tie the rapidly changing and growing field of AI to your industry and organization and to determine which technologies are worth serious time and investment, and which ones are too early and not worth your time.

    Our Advice

    Critical Insight

    • AI is not a magic bullet. Instead, it is a tool for speeding up data-driven decision making. A more appropriate term for current AI technology is data-enabled, automated, adaptive decision support. Use when appropriate.
    • Garbage in, garbage out still applies to AI ‒ and it is even more relevant! AI technology has its foundations in data. Lots of it. Relevant, accurate, and timely data is essential to the effective use of AI.
    • AI is a rapidly evolving field – and this means that you can learn from others more effectively. Using a use case-based approach, you can learn from the successes and failures of others to more rapidly narrow down how AI can show value for you.

    Impact and Result

    • Understand what AI really means in practice.
    • Learn what others are doing in your industry to leverage AI technologies for competitive advantage.
    • Determine the use cases that best apply to your situation for maximum value from AI in your environment.
    • Define your first AI proof-of-concept (PoC) project to start exploring what AI can do for you.
    • Separate the signal from the noise when wading through the masses of marketing material around AI.

    Get Started With Artificial Intelligence Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to get up to speed with the rapid changes in AI technologies taking over the world today, review Info-Tech’s methodology, and understand the four ways we can support you on your AI journey.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Explore the possibilities

    Understand what AI really is in the modern world and how AI technologies impact the business functions.

    • Get Started With Artificial Intelligence – Phase 1: Explore the Possibilities

    2. Learn from your peers and give your AI a purpose

    Develop a good understanding of where AI is delivering value in your industry and other verticals. Determine the top three business goals to get value from your AI and give your AI a purpose.

    • Get Started With Artificial Intelligence – Phase 2: Learn From Your Peers and Give Your AI a Purpose

    3. Select your first AI PoC

    Brainstorm your AI PoC projects, prioritize and sequence your AI ideas, select your first AI PoC, and create a minimum viable business case for this use case.

    • Get Started With Artificial Intelligence – Phase 3: Select Your First AI PoC
    • Idea Reservoir Tool
    • Minimum Viable Business Case Document
    • Prototyping Workbook
    [infographic]

    Improve your core processes

    Improve your core processes


    We have over 45 fully detailed
    and interconnected process guides
    for you to improve your operations

    Managing and improving your processes is key to attaining commercial success

    Our practical guides help you to improve your operations

    We have hundreds of practical guides, grouped in many processes in our model. You may not need all of them. I suggest you browse within the belo top-level categories below and choose where to focus your attention. And with Tymans Group's help, you can go one process area at a time.

    If you want help deciding, please use the contact options below or click here.

    Check out our guides

    Our research and guides are priced from €299,00

    • Gert Taeymans Guidance

      Tymans Group Guidance & Consulting

      Tymans Group guidance and (online) consulting using both established and forward-looking research and field experience in our management domains.

      Contact

    • Tymans Group
      & Info-Tech
      Combo

      Get both inputs, all of the Info-tech research (with cashback rebate), and Tymans Group's guidance.

      Contact

    • Info-Tech Research

      Info-Tech offers a vast knowledge body, workshops, and guided implementations. You can buy Info-Tech memberships here at Tymans Group with cashback, reducing your actual outlay.

      Contact

    Register to read more …

    Social Media Management Software Selection Guide

    • Buy Link or Shortcode: {j2store}570|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • Social media has changed the way businesses interact with their customers. It is essential to engage with your customers regularly and in a timely manner.
    • Businesses must stay on top of the latest news and update the public regarding the status of downtime or any mishaps.
    • Customers are present in multiple social media platforms, and it is important for businesses to engage with all audiences without alienating one group.

    Our Advice

    Critical Insight

    • There are many social media platforms, and any post, image, or other content must be uploaded on all the platforms with minimal delay.
    • It is often difficult to manage replies and responses to all social media platforms promptly.
    • Measuring key performance metrics is crucial to obtain targeted ROI. Calculating ROI across multiple platforms with various audiences is a challenge.

    Impact and Result

    • A business’ social media presence is an extension of the organization, and the social media management strategy must align with the organization's values.
    • Choose a social media management platform that is right for you by aligning your needs without falling for bells and whistles. Vendors offer a lot of features that are not helpful for most day-to-day activities.
    • Ensure the social media management platform has support and integrations for all the platforms that you require.

    Social Media Management Software Selection Guide Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Social Media Management Software Selection Guide – A deck outlining the features of SMMP tools and top vendors in the marketspace.

    This research offers insight into web analytic tools, key trends in the marketspace, and advanced web analytics techniques. It also provides an overview of the ten top vendors in the marketspace.

    • Social Media Management Software Selection Guide Storyboard
    [infographic]

    Further reading

    Social Media Management Software Selection Guide

    Identify the best tools for your social media management needs.

    Analyst Perspective

    Connecting through social media is an essential way to understand and engage with your customers.

    Social media management platforms (SMMP) allow businesses to engage with customers more efficiently. Ten years ago, Facebook and Twitter dominated the social media space, but many alternatives have emerged that attract a wide variety of audiences today. Every social media platform has a unique demographic; for instance, LinkedIn attracts an audience looking to develop their professional career, while Snapchat attracts those who want to share their everyday casual experience.

    It is important for businesses and brands to engage with all kinds of audiences without alienating a certain group. Domino's, for example, can sell pizzas to business professionals and teenagers alike, so connecting with both customer segments via personalized and meaningful posts in their preferred platform is a great way to grow their business.

    To successfully implement a social media management platform, organizations need to ensure they have their requirements and business needs shortlisted and choose vendors that ensure the best return on investment (ROI).

    An image of Sai Krishna Rajaramagopalan
    Sai Krishna Rajaramagopalan
    Research Specialist, Customer Experience & Application Insights
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Social media has changed the way businesses interact with customers. It is essential to engage with your them regularly and in a timely manner.
    • Businesses must stay on top of the latest news and update the public regarding any downtime or mishaps.
    • Customers are present on multiple social media platforms, and businesses need to engage all audiences without neglecting or alienating any one group.

    Common Obstacles

    • There are many social media platforms, and any post, image, or other content must be uploaded on every platform with minimal delay.
    • It is often difficult to manage audience interaction on all social media platforms in a timely manner.
    • Measuring key performance metrics is crucial to obtaining the targeted ROI. Calculating ROI across multiple platforms with varying audiences is a challenge.

    Info-Tech's Approach

    • Social media presence is an extension of the organization, and the social media management strategy must align with organizational values.
    • Understand your feature requirements and don't for bells and whistles. Vendors offer many features that are not helpful during 80% of day-to-day activities. Choose the SMMP that is right for your organization's needs.
    • Ensure the SMMP has support and integrations for all the platforms that you require.

    Info-Tech Insight

    Choosing a good SMMP is only the first step. Having great social media managers who understand their audience is essential in maintaining a healthy relationship with your audience.

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2

    Call #1: Understand what a social media management platform (SMMP) is.
    Call #2: Build the business case to select an SMMP.

    Call #3: Define your key SMMP requirements.
    Call #4: Build procurement items, such as a request for proposal (RFP).
    Call #5: Evaluate the SMMP solution landscape and shortlist viable options.

    A Guided implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    The SMMP selection process should be broken into segments:

    1. SMMP shortlisting with this buyer's guide
    2. Structured approach to selection
    3. Contract review

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    What exactly is an SMMP platform?

    A social media management platform is a software solution that enables businesses and brands to manage multiple social media accounts. It facilitates making posts, monitoring metrics, and engaging with your audience.

    An SMMP platform offers many key features, including but not limited to the following capabilities:

    • Integrate with popular social media platforms
    • Post images, text, videos on multiple platforms at once
    • Schedule posts
    • Track and monitor activity on social media accounts
    • Send replies and view likes and comments across all accounts
    • Reporting and analytics
    • Send alerts and notifications regarding key events
    • Multilingual support and translation

    Info-Tech Insight

    Social media management platforms have continuously expanded their features list. It is, however, essential not to get lost in endless features to remain competitive and ensure the best ROI.

    Key trends – short-form videos drive the most engagement

    Short-form videos

    Short-form videos are defined as videos less than two minutes long. Shorter videos take substantially less time and effort to consume, making them very attractive for marketing brands to end users. According to a study conducted by Vidyard, more than 50% of viewers end up watching an entire video if it's less than one minute. Another study finds that over 93% of the surveyed brands sold their product or service to a customer through a social media video.

    Popular social media platforms such as TikTok, Instagram, YouTube etc. have caught on to this trend and introduced short-form videos, more commonly called "shorts". It's also common for content creators and brands to cut and upload short clips from longer videos to drive more engagement with viewers.

    Key Trends

    Short-form videos have higher viewership and view time compared to long videos.

    58%

    About 58% of viewers watch the video to the end if it’s under one minute long. A two-minute video manages to keep around 50% of its viewers till the end.
    Source: Oberlo, 2020

    30%

    Short-form videos have the highest ROI of any social media marketing at 30%.
    Source: Influencer Marketing Hub, 2023

    Key trends – influencer marketing

    Influencer marketing

    Influencer marketing is the collaboration of brands with online influencers and content creators across various social media platforms to market their products and services. Influencers are not necessarily celebrities; they can be any individual with a dedicated community. This makes influencers abundant. For instance, compare the number of popular football players with the number of YouTubers on the planet.

    Unlike traditional marketing methods, influencer marketing is effective across different budget levels. This is because the engagement level of small influencers with 10,000 followers is higher than the engagement level of large influencers with millions of followers. If a brand is budget conscious, working with smaller influencers still gives a good ROI. For every dollar spent on influencer marketing, the average ROI is $5.78.

    Key Trends

    61%

    A recent study by Matter found that 61% of consumers trust influencers' recommendations over branded social media content.
    Source: Shopify, 2022

    According to data gathered by Statista, the influencer marketing industry has more than doubled since 2019. It was worth $16.4 billion in 2022.
    Source: Statista, 2023

    Executive Brief Case Study

    INDUSTRY: Retail
    SOURCE: "5 Influencer Marketing Case Studies," HubSpot

    H&M

    H&M was looking to build awareness and desirability around the brand to drive clothing sales during the holiday season. They decided to partner with influencers and align content with each celebrity's personality and lifestyle to create authentic content and messaging for H&M. H&M selected four lesser-known celebrities with highly engaged and devoted social media followings: Tyler Posey, Peyton List, Jana Kramer, and Hannah Simone.

    They posted teaser clips across various platforms to create buzz about the campaign a couple of days before the full, one-minute videos were released. Presenting the content two different times enabled H&M to appeal to more viewers and increase the campaign's visibility. Two of the celebrities, List and Kramer, garnered more views and engagement on the short clip than the full video, highlighting that a great short clip can be more effective than long-form content.

    Results

    The campaign achieved 12 million views on YouTube, 1.3 million likes, 14,000 comments, and 19,000 shares. The average engagement with consumers across all four celebrities was 10%.

    A screenshot of Tyler Posey's sponsored video.

    Tyler Posey's sponsored video achieved:

    • 25% engagement rate on Instagram
    • 14% engagement rate across Facebook, Twitter, and Instagram

    Key trends – social commerce is the future of e-commerce

    Social commerce

    Social commerce is the selling of goods and services through social media. This may involve standalone stores on social media platforms or promotions on these platforms which link to traditional e-commerce platforms.

    Social media platforms contain more data about consumers than traditional platforms, which allows more accurate targeting of ads and promotions. Additionally, social commerce can place ads on popular influencer stories and posts, taking advantage of influencer marketing without directly involving the influencers.

    Popular platforms have opened their own built-in stores. Facebook created Marketplace and Facebook Shops. TikTok soon followed with the TikTok Shopping suite. These stores allow platforms to lower third-party costs and have more control over which products are featured. This also creates a transactional call to action without leaving social media.

    Key Trends

    2020 saw a sizable increase in social commerce occurring on social media networks, with users making purchases directly from their social accounts.

    30.8%

    Sales through social commerce are expected to grow about 30.8% per year from 2020 to 2025. The growth rate is expected to increase to 35% in 2026.
    Source: Oberlo, 2020

    46%

    China has the highest social commerce adoption rate in the world, with 46% of all internet users making at least one purchase. The US is second with a 36% adoption rate.
    Source: Influencer Marketing Hub, 2022

    Executive Brief Case Study

    BestBuy

    The Twitter Shop Module allows select brands to showcase products at the top of Twitter business profiles. Users can scroll through a carousel of products on a brand's profile and tap on individual products to read more and make purchases without leaving the platform.

    While the results of Twitter's Shop Module experiment are still pending, brands aren't waiting around to sell on the platform. Best Buy and others continue to link to well-formatted product pages directly in their Tweets.

    Clear, direct calls to action such as "Pick yours up today" encourage interested audiences to click through, learn more, and review options for purchase. In this social commerce example, Best Buy also makes optimal use of a Tweet's character limit. In just a few words, the brand offers significant savings for a high-quality product, then doubles down with a promotional trade-in offer. Strong imagery is the icing on the cake.

    INDUSTRY: Retail
    SOURCE: "5 genius social commerce examples," Sprout Social, 2021

    Image shows a social media post by Best Buy.

    Key trends – social media risk management is crucial

    Crisis management

    Crisis management is the necessary intervention from an organization when negative news spreads across social media platforms. With how interconnected people are due to social media, news can quickly spread across different platforms.

    Organizations must be prepared for difficult situations such as negative feedback for a product or service, site outages, real-world catastrophes or disasters, and negative comments toward the social media handle. There are tools that organizations can use to receive real-time updates and be prepared for extreme situations.

    While the causes are often beyond control, organizations can prepare by setting up a well-constructed crisis management strategy.

    Key Trends

    75%

    75% of respondents to PwC's Global Crisis Survey said technology has facilitated the coordination of their organization's crisis response team.
    Source: PwC, 2021

    69%

    69% of business leaders reported experiencing a crisis over a period of five years, with the average number of crises being three.
    Source: PwC, 2019

    Executive Brief Case Study

    INDUSTRY: Apparel
    SOURCE: “Social Media Crisis Management 3 Examples Done Right,” Synthesio

    Nike

    On February 20, 2019, Zion Williamson, a star player from Duke University, suffered a knee injury when a malfunctioning Nike shoe fell apart. This accident happened less than a minute into a highly anticipated game against North Carolina. Media outlets and social media users quickly began talking. ESPN had broadcast the game nationally. On Twitter, former President Barack Obama, who was watching the game courtside, expressed his well-wishes to Williamson, as did NBA giants like LeBron James.

    This accident was so high profile that Nike stock dropped 1.7% the following day. Nike soon released a statement expressing its concern and well-wishes for Williamson. The footwear megabrand reassured the world that its teams were "working to identify the issue." The following day, Nike sent a team to Durham, North Carolina, where the game took place. This team then visited Nike's manufacturing site in China and returned with numerous suggestions.

    About a month later, Williamson returned to the court with custom shoes, which he told reporters were "incredible." He thanked Nike for creating them.

    An image of a post by Time about Zion Williamson's injury.

    Get to know the key players in the SMMP landscape

    These next slides provide a top-level overview of the popular players you will encounter in the SMMP shortlisting process.

    A collection of the logos for the SMPP key players, discussed later in this blueprint.

    Evaluate software category leaders through vendor rankings and awards

    SoftwareReviews

    An Image of SoftwareReviews data quadrant analysis

    The data quadrant is a thorough evaluation and ranking of all software in an individual category to compare platforms across multiple dimensions.
    Vendors are ranked by their composite score, based on individual feature evaluations, user satisfaction rankings, vendor capability comparisons, and likeliness to recommend the platform.

    An image of SoftwareReviews Emotional Footprint.

    The emotional footprint is a powerful indicator of overall user sentiment toward the relationship with the vendor, capturing data across five dimensions.
    Vendors are ranked by their customer experience (CX) score, which combines the overall emotional footprint rating with a measure of the value delivered by the solution.

    Speak with category experts to dive deeper into the vendor landscape

    SoftwareReviews

    CLICK HERE to ACCESS

    Comprehensive software reviews

    to make better IT decisions

    We collect and analyze the most detailed reviews on enterprise software from real users to give you an unprecedented view into the product and vendor before you buy.

    Fact-based reviews of business software from IT professionals.

    Product and category reports with state-of-the-art data visualization.

    Top-tier data quality backed by a rigorous quality assurance process.

    User-experience insight that reveals the intangibles of working with a vendor.

    SoftwareReviews is powered by Info-Tech

    Technology coverage is a priority for Info-Tech and SoftwareReviews provides the most comprehensive unbiased data on today's technology. Combined with the insight of our expert analysts, our members receive unparalleled support in their buying journey.

    The logo for HubSpot

    Est. 2006 | MA, USA | NYSE: HUBS

    bio

    From attracting visitors to closing customers, HubSpot brings the entire marketing funnel together for less hassle, more control, and an inbound marketing strategy.

    An image of SoftwareReviews analysis for HubSpot

    SoftwareReviews' SMMP Rankings

    Strengths:

    • Extensive functionality
    • Great for midmarket and large enterprises
    • Offers free trial

    Areas to improve:

    • Comparatively expensive
    • Steep price increase between various tiers of offering

    The logo for HubSpot

    *Pricing correct as of November 2022. Listed in USD and absent discounts.
    See pricing on vendor's website for latest information.

    HubSpot offers a robust social media management platform that enables organizations to run all social media campaigns from a central location. HubSpot is suitable for a range of midmarket and enterprise use cases. HubSpot offers a free base version of the platform that freelancers and start-ups can take advantage of. The free version can also be used to trial the product prior to deciding on purchase.

    However, HubSpot is relatively expensive compared to its competitors. The free tools are not sustainable for growing businesses and some essential features are locked behind professional pricing. The price increase from one tier to another – specifically from starter to professional – is steep, which may discourage organizations looking for a "cheap and cheerful" product.

    History

    An image of the timeline for HubSpot

    Starter

    • Starts at $45
    • Per month
    • Small businesses

    Professional

    • Starts at $800
    • Per month
    • Medium/large businesses

    Enterprise

    • Starts at $3600
    • Per month
    • Large enterprises

    The logo for Sprout Social

    Est. 2010 | IL, USA | NASDAQ: SPT

    bio

    People increasingly turn to social media to engage with your business. Sprout Social provides powerful tools to personally connect with customers, solve issues, and create brand advocates.

    An image of SoftwareReviews analysis for Sprout Social

    SoftwareReviews' SMMP Rankings

    Strengths:

    • Automated response feature
    • Great price for base offering

    Areas to improve:

    • Advanced features are very expensive
    • No free trial offered

    The logo for Sprout Social

    *Pricing correct as of November 2022. Listed in USD and absent discounts.
    See pricing on vendor's website for latest information.

    Sprout Social offers strong social feed management and social customer service capabilities. It also provides powerful analytical tools to monitor multiple social media accounts. The listening functionality helps discover trends and identify gaps and opportunities. It is also one of the very few platforms to provide automated responses to incoming communications, easing the process of managing large and popular brands.

    Although the starting price of each tier is competitive, advanced analytics and listening come at a steep additional cost. Adding one additional user to the professional tier costs $299 which is a 75% increase in cost. Sprout Social does not offer a free tier for small businesses to trial.

    History

    An image of the timeline for Sprout Social

    Standard

    • Starts at $249
    • Per month
    • Small businesses
    • Five social profiles

    Professional

    • Starts at $399
    • Per month
    • Medium/large businesses

    Advanced

    • Starts at $499
    • Per month
    • Medium/large businesses

    Enterprise

    • Opaque pricing
    • Request a quote
    • Large enterprises

    The logo for Hootsuite

    Est. 2008 | BC, CANADA |PRIVATE

    bio

    Manage social networks, schedule messages, engage your audiences, and measure ROI right from the dashboard.

    SoftwareReviews' SMMP Rankings

    Strengths:

    • Automatic scheduling functionality
    • Competitor analysis
    • 30-day free trial

    Areas to improve:

    • Advanced functionalities require additional purchase and are expensive

    The logo for Hootsuite

    *Pricing correct as of November 2022. Listed in USD and absent discounts.
    See pricing on vendor's website for latest information.

    Hootsuite is one of the largest players in the social media management space with over 18 million users. The solution has great functionality covering all the popular social media platforms like Facebook, Instagram, Twitter, and Pinterest. One popular and well-received feature is the platform’s ability to schedule posts in bulk. Hootsuite also provides an automatic scheduling feature that uses algorithms to determine the optimal time to post to maximize viewership and engagement. Additionally, the platform can pull analytics for all competitors in the same marketspace as the user to compare performance.

    Hootsuite offers buyers a 30-day free trial to familiarize with the platform and provides unlimited post scheduling across all their plans. Features like social listening, employee advocacy, and ROI reporting, however, are not included in these plans and require additional purchase.

    History

    An image of the timeline for Hootsuite

    Professional

    • Starts at $49*
    • Per month
    • 1 user and 10 social accounts

    Team

    • Starts at $249*
    • Per month
    • 3 users and 20 social accounts

    Business

    • Starts at $739*
    • Per month
    • 5 users and 35 social accounts

    Enterprise

    • Custom built and priced
    • Starts at 5 users and 50 social accounts

    The logo for Sprinklr

    Est. 2009 | NY, USA | NYSE: CXM

    bio

    With social engagement & sales, you can deliver a positive experience that's true to your brand - no matter where your customers are digitally - from a single, unified platform.

    An image of SoftwareReviews analysis for Sprinklr

    SoftwareReviews' SMMP Rankings

    Strengths

    • Extensive social analytics functionality
    • Advertising and sales capabilities

    Areas to improve:

    • Not suitable for small to medium businesses
    • Opaque pricing

    The logo for Sprinklr

    Sprinklr is a vendor focused on enterprise-grade capabilities that offers a comprehensive unified customer experience management (CXM) platform.

    Their product portfolio offers an all-in-one solution set with an extensive list of features to accommodate all marketing and communication needs. Sprinklr comes integrated with products consisting of advertising, marketing, engagement, and sales capabilities. Some of the key functionality specific to social media includes sentiment analysis, social reporting, advanced data filtering, alerts and notifications, competitor analysis, post performance, and hashtag analysis.

    History

    An image of the timeline for Sprinklr

    Sprinklr – Opaque Pricing:
    "Request a Demo"

    The logo for Zoho Social

    Est. 1996 | TN, INDIA | PRIVATE

    bio

    Zoho Social is a complete social media management tool for growing businesses & agencies. It helps schedule posts, monitor mentions, create unlimited reports, and more. Zoho Social is from Zoho.com—a suite of 40+ products trusted by 30+ million users.

    An image of SoftwareReviews analysis for Zoho Social” data-verified=

    SoftwareReviews' SMMP Rankings

    Strengths:

    • Provides integration capabilities with other Zoho products
    • Competitive pricing

    Areas to improve:

    • Base functionality is limited
    • The two starting tiers are limited to one user

    The logo for Zoho Social

    *Pricing correct as of August 2021. Listed in USD and absent discounts.
    See pricing on vendor's website for latest information.

    Zoho differentiates itself from competitors by highlighting integration with other products under the Zoho umbrella – their adjacent tool sets allow organizations to manage emails, projects, accounts, and webinars. Zoho also offers the choice of purchasing their social media management tool without any of the augmented CRM capabilities, which is priced quite competitively.

    The social media management tools are offered in three plans. Each plan allows the ability to publish and schedule posts across nine platforms, access summary reports and analytics, and access a Bit.ly integration & URL shortener. The standard and professional plans are limited to one brand and one team member, with the option to add team members or social channels for an additional cost.

    YouTube support is exclusive to the premium offering.

    History

    An image of the timeline for Zoho Social

    Standard

    • Starts at $10*
    • Per month, billed annually
    • 9 channels and 1 team member

    Professional

    • Starts at $30*
    • Per month, billed annually
    • Option to add team members for additional cost

    Premium

    • Starts at $40*
    • Per month, billed annually
    • Starts at 10 channels and 3 team members

    The logo for MavSocial

    Est. 2012 | CA, USA | PRIVATE

    bio

    MavSocial is a multi-award-winning, fully integrated social media management & advertising solution for brands and agencies.

    An image of SoftwareReviews analysis for MavSocial

    SoftwareReviews' SMMP Rankings

    Strengths

    • Content management capabilities
    • Offers millions of stock free images

    Areas to improve:

    • Limited market footprint compared to competitors
    • Not ideal for large enterprises

    The logo for MavSocial

    *Pricing correct as of November 2022. Listed in USD and absent discounts.
    See pricing on vendor's website for latest information.

    In addition to social media management, MavSocial is also an excellent content management tool. A centralized platform is offered that can store many photos, videos, infographics, and more, which can be accessed anytime. The solution comes with millions of free stock images to use. MavSocial is a great hybrid social media and content management solution for small and mid-sized businesses and larger brands that have dedicated teams to manage their social media. MavSocial also offers campaign planning and management, scheduling, and social inbox functionality. The entry-level plan starts at $78 per month for three users and 30 profiles. The enterprise plan offers fully configurable and state-of-the-art social media management tools, including the ability to manage Facebook ads.

    History

    An image of the timeline for MavSocial

    Pro

    • Starts at $78*
    • Per month
    • Max. 3 users and 30 Profiles

    Business

    • Starts at $249*
    • Per month
    • 5 users, 40 profiles
    • Ability to expand users and profiles

    Enterprise

    • Starts at $499*
    • Per month
    • Fully customized

    The logo for Khoros

    Est. 2019 | TX, USA | PRIVATE

    bio

    Use the Khoros platform (formerly Spredfast + Lithium) to deliver an all-ways connected experience your customers deserve.

    An image of SoftwareReviews analysis for Khoros

    SoftwareReviews' SMMP Rankings

    Strengths

    • Offers a dedicated social strategic service team
    • Extensive functionality

    Areas to improve:

    • Opaque pricing
    • Not suitable for small or medium businesses

    The logo for Khoros

    Khoros is the result of the merger between two social marketing platforms - Spredfast and Lithium. The parent companies have over a decade of experience offering social management tools. Khoros is widely used among many large brands such as StarHub and Randstad. Khoros is another vendor that is primarily focused on large enterprises and does not offer plans for small/medium businesses. Khoros offers a broad range of functionality such as social media marketing, customer engagement, and brand protection with visibility and controls over social media presence. Khoros also offers a social strategic services team to manage content strategy, brand love, reporting, trend tracking, moderation, crisis and community management; this team can be full service or a special ops extension of your in-house crew.

    History

    An image of the timeline for Khoros

    Khoros – Opaque Pricing:
    "Request a Demo"

    The logo for Sendible

    Est. 2009 | UK | PRIVATE

    bio

    Sendible allows you to manage social networks, schedule messages, engage your audiences, and measure ROI right from one easy-to-use dashboard.

    An image of SoftwareReviews analysis for Sendible

    SoftwareReviews' SMMP Rankings

    Strengths

    • Great integration capabilities
    • Competitive pricing
    • Scheduling functionality

    Areas to improve:

    • Limited footprint compared to competitors
    • Better suited for agencies

    The logo for Sendible

    *Pricing correct as of November 2022. Listed in USD and absent discounts.
    See pricing on vendor's website for latest information.

    Sendible primarily markets itself to agencies rather than individual brands or businesses. Sendible's key value proposition is its integration capabilities. It can integrate with 17 different tools including Meta, Twitter, Instagram, LinkedIn, Google My Business (GMB), YouTube, WordPress, Canva, Google Analytics, and Google Drive. In addition to normal reporting functionality, the Google Analytics integration allows customers to track clickthrough and user behavior for traffic coming from social media channels.

    All plans include the functionality to schedule at least ten posts. Sendible offers excellent collaboration tools, allowing teams to work on assigned tasks and have content approved before they are scheduled to ensure quality control. Sendible offers four plans, with the option to save an additional 15% by signing up for annual payments.

    History

    An image of the timeline for Sendible

    Creator

    • Starts at $29
    • Price per month
    • For freelancers
    • One brand

    Traction

    • Starts at $89
    • Price per month
    • Start-up agencies & brands. 4+ brands

    Scale

    • Starts at $199
    • Price per month
    • For growing agencies & brands

    Custom

    • Opaque pricing
    • Request a quote
    • For large teams & agencies

    The logo for Agorapulse

    Est. 2010 | FRANCE | PRIVATE

    bio

    Agorapulse is an affordable social media dashboard that helps businesses and agencies easily publish content and manage their most important conversations on their social networks.

    An image of SoftwareReviews analysis for Agorapulse

    SoftwareReviews' SMMP Rankings

    Strengths

    • ROI calculation for Facebook
    • Competitor analysis
    • Social inbox functionality

    Areas to improve:

    • Targeted toward agencies
    • Advanced features can't be purchased under lower tier plans

    The logo for Agorapulse

    *Pricing correct as of November 2022. Listed in USD and absent discounts.
    See pricing on vendor's website for latest information.

    Although Agorapulse offers the solution for both agencies and business, they primarily focus on agencies. In addition to the standard social media management functionality, Agorapulse also offers features such as competitor analysis and Facebook contest apps at an affordable price point. They also offer social inbox functionality, allowing the ability to manage the inbox and reply to any message or comment across all social profiles through a single platform.

    The solution is offered in three plans. The pro plan allows ten social profiles and two users. Additional social profiles and users can only be purchased under the premium plan. All plans include ROI calculation for Facebook, but if you want this functionality for other platforms, that's exclusive to the enterprise plan.

    History

    An image of the timeline for Agorapulse

    Pro

    • Starts at $79
    • Price per month
    • 10 social profiles and 2 users

    Premium

    • Starts at $199
    • Price per month
    • 20 social profiles and 2 brands

    Enterprise

    • Opaque pricing
    • 40+ social profiles and 8+ users

    The logo for Buffer

    Est. 2010 | CA, USA | PRIVATE

    bio

    A better way to manage social media for your business. Buffer makes it easy to manage your business' social media accounts. Schedule posts, analyze performance, and collaborate with your team — all in one place.

    An image of SoftwareReviews analysis for Buffer

    SoftwareReviews' SMMP Rankings

    Strengths

    • Competitive pricing
    • Scheduling functionality
    • Mobile app

    Areas to improve:

    • Not suited for medium to large enterprises
    • Limited functionality

    The logo for Buffer

    *Pricing correct as of November 2022. Listed in USD and absent discounts.
    See pricing on vendor's website for latest information.

    Buffer is a social media platform targeted toward small businesses. It is a great cost-effective option for those who want to manage a few social media profiles, with a free plan that lets one user access three social channels. At $5 per month, it's a great entry point for smaller companies to invest in social media management tools, offering functionality like post scheduling and link shortening and optimization tools for hashtags, tags, and mentions across platforms. All plans provide a browser extension, access to a mobile app, two-factor authentication, social media and email support, and access to the Buffer community. Customers can also trial any of the plans for 14 days before purchasing.

    history

    An image of the timeline for Buffer

    Essentials

    • Starts at $5
    • Per month per channel
    • Basic functionality

    Team

    • Starts at $10
    • Per month per channel
    • Adds reporting capabilities

    Agency

    • Starts at $100
    • Per month per channel

    Leverage Info-Tech's research to plan and execute your SMMP implementation

    Use Info-Tech Research Group's three-phase implementation process to guide your own planning.

    • Assess
    • Prepare
    • Govern & Course Correct

    An image of the title page for Info-Tech's governance and management of enterprise software implementation

    Establish and execute an end-to-end, Agile framework to succeed with the implementation of a major enterprise application.

    Visit this link

    Ensure your implementation team has a high degree of trust and communication

    If external partners are needed, dedicate an internal resource to managing vendor and partner relationships.

    Communication

    Teams must have a communication strategy. This can be broken into:

    • Regularity: Having a set time each day to communicate progress and a set day to conduct retrospectives.
    • Ceremonies: Introducing awards and continually emphasizing delivery of value can encourage relationship building and constructive motivation.
    • Escalation: Voicing any concerns and having someone responsible for addressing those concerns.

    Proximity

    Distributed teams create complexity as communication can break down. This can be mitigated by:

    • Location: Placing teams in proximity can close the barrier of geographical distance and time zone differences.
    • Inclusion: Making a deliberate attempt to pull remote team members into discussions and ceremonies.
    • Communication tools: Having the right technology (e.g. video conference) can help bring teams closer together virtually.

    Trust

    Members should trust other members to contribute to the project and complete required tasks on time. Trust can be developed and maintained by:

    • Accountability: Having frequent quality reviews and feedback sessions. As work becomes more transparent, people become more accountable.
    • Role clarity: Having a clear definition of everyone's role.

    Summary of Accomplishment

    Knowledge Gained

    • What a social media management platform (SMMP) is
    • The history of SMMP
    • The future of SMMP
    • Key trends in SMMP

    Processes Optimized

    • Requirements gathering
    • Requests for proposal (RFPs) and contract reviews
    • SMMP vendor selection
    • SMMP implementation

    SMMP Vendors Analyzed

    • Sprout Social
    • HubSpot
    • Zoho Social
    • Khoros
    • Agorapulse
    • Hootsuite
    • Sprinklr
    • MavSocial
    • Sendible
    • Buffer

    Related Info-Tech Research

    Select and Implement a Social Media Management Platform

    • SMMPs reduce complexity and increase the results of enterprise social media initiatives.

    Social Media

    • The Social Media workshop provides clear, measurable improvements to your social media strategy.

    Improve Requirements Gathering

    • An improvement in requirements analysis will strengthen the relationship between business and IT, as more and more applications satisfy stakeholder needs. More importantly, the applications delivered by IT will meet all the must-have and at least some of the nice-to-have requirements, allowing end users to successfully execute their day-to-day responsibilities.

    Bibliography

    "30+ Influencer Marketing Statistics You Should Know (2022)." Shopify, www.shopify.com/blog/influencer-marketing-statistics.
    "A Brief History of Hootsuite." BrainStation®, 2015, https://brainstation.io/magazine/a-brief-history-of-hootsuite#:~:text=In%202008%2C%20Vancouver%2Dbased%20digital,accounts%20from%20a%20single%20interface.&text=In%202009%2C%20BrightKit's%20name%20changed,a%20capital%20%E2%80%9CS%E2%80%9D).
    "About Us." Sprout Social, https://sproutsocial.com/about/#history
    "About Zoho - Our Story, List of Products." Zoho, www.zoho.com/aboutus.html.
    Adam Rowe, et al. "Sprout Social vs Hootsuite - Which Is Best?: Tech.co 2022." Tech.co, 15 Nov. 2022, https://tech.co/digital-marketing/sprout-social-vs-hootsuite
    "Agorapulse Customer Story: Twilio Segment." Segment, https://segment.com/customers/agorapulse/
    "Agorapulse - Funding, Financials, Valuation & Investors." Crunchbase, www.crunchbase.com/organization/agorapulse/company_financials.
    "Agorapulse Release Notes." Agorapulse Release Notes, https://agorapulse.releasenotes.io/
    "Buffer - Funding, Financials, Valuation & Investors." Crunchbase, www.crunchbase.com/organization/buffer/company_financials.
    Burton, Shannon. "5 Genius Social Commerce Examples You Can Learn From." Sprout Social, 28 Oct. 2021, https://sproutsocial.com/insights/social-commerce-examples/ .
    Chris Gillespie. "How Long Should a Video Be." Vidyard, 17 May 2022, www.vidyard.com/blog/video-length/.
    "Consumers Continue to Seek Influencers Who Keep It Real." Matter Communications, 22 Feb 2023. https://www.matternow.com/blog/consumers-seek-influencers-who-keep-it-real/
    "Contact Center, Communities, & Social Media Software." Khoros, https://khoros.com/about.
    Fennell, Kylie, et al. "Blog." MavSocial, https://mavsocial.com/blog/.
    Fuchs, Jay. "24 Stats That Prove Why You Need a Crisis Management Strategy in 2022." HubSpot Blog, HubSpot, 16 Mar. 2022, https://blog.hubspot.com/service/crisis-management-stats
    Geyser, Werner. "Key Social Commerce Statistics You Should Know in 2022." Influencer Marketing Hub, http://influencermarketinghub.com/social-commerce-stats/
    "Global Crisis Survey 2021: Building resilience for the next normal." PwC, 2021. https://www.pwc.com/ia/es/prensa/pdfs/Global-Crisis-Survey-FINAL-March-18.pdf
    "Global Influencer Marketing Value 2016-2022." Statista, 6 Jan 2023, www.statista.com/statistics/1092819/global-influencer-market-size/.
    "Key Social Commerce Statistics You Should Know in 2023." Influencer Marketing Hub, December 29, 2022. https://influencermarketinghub.com/social-commerce-stats/
    "Khoros - Funding, Financials, Valuation & Investors." Crunchbase, www.crunchbase.com/organization/spredfast/company_financials.
    Lin, Ying. "Social Commerce Market Size (2020–2026) ", Oberlo, Oberlo, www.oberlo.com/statistics/social-commerce-market-size#:~:text=Social%20commerce%20statistics%20show%20that,fastest%20and%20slowest%20growth%20rates.
    Mediakix, "5 Influencer Marketing Case Studies." HubSpot, n.d. https://cdn2.hubspot.net/hubfs/505330/Influencer-Marketing-5-Case-Studies-Ebook.pdf.
    "Our Story: HubSpot - Internet Marketing Company." HubSpot, www.hubspot.com/our-story .
    PricewaterhouseCoopers. "69% Of Business Leaders Have Experienced a Corporate Crisis in the Last Five Years Yet 29% of Companies Have No Staff Dedicated to Crisis Preparedness." PwC, 2019. www.pwc.com/gx/en/news-room/press-releases/2019/global-crisis-survey.html.
    Ferris, Robert. "Duke Player Zion Williamson Injured When Nike Shoe Blows Apart during Game." CNBC, CNBC, 21 Feb. 2019, www.cnbc.com/2019/02/21/duke-player-zion-williamson-injured-when-nike-shoe-blows-apart-in-game.html.
    "Social Engagement & Sales Platform." Sprinklr, www.sprinklr.com/social-engagement/.
    "Social Media Analytics & Reporting for Growing Brands." Buffer, https://buffer.com/analyze
    "Social Media Management and Advertising Tool." MavSocial, 30 July 2022, https://mavsocial.com/
    "Social Media Management Software." HubSpot, www.hubspot.com/products/marketing/social-inbox.
    "Social Media Management Software - Zoho Social." Zoho, www.zoho.com/social/
    "Social Media Management Tool for Agencies & Brands." Sendible, www.sendible.com/.
    "Social Media Management Tools." Sprout Social, 6 Sept. 2022, https://sproutsocial.com/social-media-management/
    "Social Media Marketing & Management Platform For Enterprises." Khoros, khoros.com/platform/social-media-management.
    "Social Media Monitoring Tool." Agorapulse, www.agorapulse.com/features/social-media-monitoring/.
    "Top 12 Moments in SPRINKLR's History." Sprinklr, www.sprinklr.com/blog/12-moments-sprinklr-history/.
    Twitter, BestBuy, https://twitter.com/BestBuyCanada
    "The Ultimate Guide to Hootsuite." Backlinko, 10 Oct. 2022, https://backlinko.com/hub/content/hootsuite
    Widrich, Leo. "From 0 to 1,000,000 Users: The Journey and Statistics of Buffer." Buffer Resources, Buffer Resources, 8 Dec. 2022, buffer.com/resources/from-0-to-1000000-users-the-journey-and-statistics-of-buffer/.
    Yeung, Carmen. "Social Media Crisis Management 3 Examples Done Right." Synthesio, 19 Nov. 2021, www.synthesio.com/blog/social-media-crisis-management/.

    Next-Generation InfraOps

    • Buy Link or Shortcode: {j2store}457|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management
    • Traditional IT capabilities, activities, organizational structures, and culture need to adjust to leverage the value of cloud, optimize spend, and manage risk.
    • Different stakeholders across previously separate teams rely on one another more than ever, but rules of engagement do not yet exist.

    Our Advice

    Critical Insight

    • By defining your end goals and framing solutions based on the type of visibility and features you need, you can enable speed and reliability without losing control of the work.

    Impact and Result

    • Understand the xOps spectrum and what approaches benefit your organization.
    • Make sense of the architectural approaches and enablement tools available to you.
    • Evolve from just improving your current operations to a continuous virtuous cycle of development and deployment.

    Next-Generation InfraOps Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Next-Generation InfraOps Storyboard – A deck that will help you use Ops methodologies to build a virtuous cycle.

    This storyboard will help you understand the spectrum of different Agile xOps working modes and how best to leverage them and build an architecture and toolset that support rapid continuous IT operations

    • Next-Generation InfraOps Storyboard
    [infographic]

    Further reading

    Next-Generation InfraOps

    Embrace the spectrum of Ops methodologies to build a virtuous cycle.

    Executive summary

    Your Challenge

    IT Operations continue to be challenged by increasing needs for scale and speed, often in the face of constrained resources and time. For most, Agile methodologies have become a foundational part of tackling this problem. Since then, we've seen Agile evolve into DevOps, which started a trend into different categories of "xOps" that are too many to count. How does one make sense of the xOps spectrum? What is InfraOps and where does it fit in?

    Common Obstacles

    Ultimately, all these methodologies and approaches are there to serve the same purpose: increase effectiveness through automation and improve governance through visibility. The key is to understand what tools and methodologies will deliver actual benefits to your IT operation and to the organization as a whole.

    Info-Tech's Approach

    By defining your end goals and framing solutions based on the type of visibility and features you need, you can enable speed and reliability without losing control of the work.

    1. Understand the xOps spectrum and what approaches will benefit your organization.
    2. Make sense of the architectural approaches and enablement tools available to you.
    3. Evolve from just improving your current operations to a continuous virtuous cycle of development and deployment.

    Info-Tech Insight

    InfraOps, when applied well, should be the embodiment of the governance policies as expressed by standards in architecture and automation.

    Project overview

    Understand the xOps spectrum

    There are as many different types of "xOps" as there are business models and IT teams. To pick the approaches that deliver the best value to your organization and that align to your way of operating, it's important to understand the different major categories in the spectrum and how they do or don't apply to your IT approach.

    How to optimize the Ops in DevOps

    InfraOps is one of the major methodologies to address a key problem in IT at cloud scale: eliminating friction and error from your deliveries and outputs. The good news is there are architectures, tools, and frameworks you can easily leverage to make adopting this approach easier.

    Evolve to integration and build a virtuous cycle

    Ultimately your DevOps and InfraOps approaches should embody your governance needs via architecture and process. As time goes on, however, both your IT footprint and your business environment will shift. Build your tools, telemetry, and governance to anticipate and adapt to change and build a virtuous cycle between development needs and IT Operations tools and governance.

    The xOps spectrum

    This is an image of the xOps spectrum. The three main parts are: Code Acceleration (left), Governance(middle), and Infrastructure Acceleration (right)

    xOps categories

    There is no definitive list of x's in the xOps spectrum. Different organizations and teams will divide and define these in different ways. In many cases, the definitions and domains of various xOps will overlap.

    Some of the commonly adopted and defined xOps models are listed here.

    Shift left? Shift right?

    Cutting through the jargon

    • Shifting left is about focusing on the code and development aspects of a delivery cycle.
    • Shifting right is about remembering that infrastructure and tools still do matter.

    Info-Tech Insight

    Shifting left or right isn't an either/or choice. They're more like opposite sides of the same coin. Like the different xOps approaches, usually more than one shift approach will apply to your IT Operations.

    IT Operations in the left-right spectrum

    Shifting from executing and deploying to defining the guardrails and standards

    This is an image of the left-right spectrum for your XOps position

    Take a middle-out approach

    InfraOps and DevOps aren't enemies; they're opposite sides of the same coin.

    • InfraOps is about the automation and standardization of execution. It's an essential element in any fully automated CI/CD pipeline.
    • Like DevOps, InfraOps is built on similar values (the pillars of DevOps).
    • It builds on the principle of Lean to focus on removing friction, or turn-and-type activities, from the pipeline/process.
    • In InfraOps, one of the key methods for removing friction is through automation of the interstitia between different phases of a DevOps or CI/CD cycle.

    Optimize the Ops in DevOps

    Focus on eliminating friction

    This is an image of an approach to optimizing the ops in DevOps.

    With the shift from execution to governing and validating, the role of deployment falls downstream of IT Operations.

    IT Operations needs to move to a mindset that focuses on creating the guardrails, enforced standards, and compliance rules that need to be used downstream, then apply those standards using automation and tooling to remove friction and error from the interstitia (the white spaces between chevrons) of the various phases.

    InfraOps tools

    Four quadrants in the shape of a human head, in the boxes are the following: Hyperconverged Infrastructure; Composable Infrastructure; Infrastructure as code and; Automation and Orchestration

    Info-Tech Insight

    Your tools can be broken into two categories:

    • Infrastructure Architecture
      • HCI vs. CI
    • Automation Tooling
      • IaC and A&O

    Keep in mind that while your infrastructure architecture is usually an either/or choice, your automation approach should use any and all tooling that helps.

    Infrastructure approach

    • Hyperconverged

    • Composable

    Hyperconverged Infrastructure (HCI)

    Hyperconvergence is the next phase of convergence, virtualizing servers, networks, and storage on a single server/storage appliance. Capacity scales as more appliances are added to a cluster or stack.
    The disruptive departure:

    • Even though servers, networks, and storage were each on their own convergence paths, the three remained separate management domains (or silos). Even single-SKU converged infrastructures like VCE Vblocks are still composed of distinct server, network, and storage devices.
    • In hyperconvergence, the silos collapse into single-software managed devices. This has been disruptive for both the vendors of technology solutions (especially storage) and for infrastructure management.
    • Large storage array vendors are challenged by hyperconvergence alternatives. IT departments need to adapt IT skills and roles away from individual management silos and to more holistic service management.

    A comparison between converged and hyperconverged systems.

    Info-Tech Insight

    HCI follows convergence trends of the past ten years but is also a departure from how IT infrastructure has traditionally been provisioned and managed.

    HCI is at the same time a logical progression of infrastructure convergence and a disruptive departure.

    Hyperconverged (HCI) – SWOT

    HCI can be the foundation block for a fully software defined data center, a prerequisite for private cloud.

    Strengths

    • Potentially lower TCO through further infrastructure consolidation, reducing CapEx and OpEx expenditures through facilities optimization and cost consolidation.
    • Operations in particular can be streamlined, since storage, network connections, and processors/memory are all managed as abstractions via a single control pane.
    • HCI comes with built-in automation and analytics that lead to quicker issue resolution.

    Opportunities

    • Increased business agility by paving the way for a fully software defined infrastructure stack and cloud automation.
    • Shift IT human assets from hardware asset maintainers and controllers to service delivery managers.
    • Better able to compete with external IT service alternatives.
    • Move toward a hybrid cloud service offering where the service catalog contains both internal and external offerings.

    Key attributes of a cloud are automation, resource elasticity, and self-service. This kind of agility is impossible if physical infrastructure needs intervention.

    Info-Tech Insight

    Virtualization alone does not a private cloud make, but complete stack virtualization (software defined) running on a hands-off preconfigured HCI appliance (or group of appliances) provides a solid foundation for building cloud services.

    Hyperconverged (HCI) – SWOT

    Silo-busting and private cloud sound great, but are your people and processes able to manage the change?

    Weaknesses

    • HCI typically scales out linearly (CPU & storage). This does not suit traditional scale-up applications such as high-performance databases and large-capacity data warehouses.
    • Infrastructure stacks are perceived as more flexible for variable growth across segments. For example, if storage is growing but processing is not, storage can scale separately from processing.

    Threats

    • HCI will be disruptive to roles within IT. Internal pushback is a real threat if necessary changes in skills and roles are not addressed.
    • HCI is not a simple component replacement but an adoption of a different kind of infrastructure. Different places in the lifecycles for each of storage, network, and processing devices could make HCI a solution where there is no immediate problem.

    In traditional infrastructure, performance and capacity are managed as distinct though complementary jobs. An all-in-one approach may not work.

    Composable Infrastructure (CI)

    • Composable infrastructure in many ways represents the opposite of an HCI approach. Its focus is on further disaggregating resources and components used to build systems.
      • Unlike traditional cloud virtual systems, composable infrastructure provides virtual bare metal resources, allowing tightly coupled resources like CPU, RAM, and GPU – or any device/card/module – to be released back and forth into the resource pool as required by a given workload.
      • This is enabled by the use of high-speed, low-latency PCI Express (PCI-e) and Compute Express Link (CXL) fabrics that allow these resources to be decoupled.
      • It also supports the ability to present other fabric types critical for building out enterprise systems (e.g. Ethernet, InfiniBand).
    • Accordingly, CI systems are also based on next-generation network architecture that supports moving critical functions to the network layer, which enables more efficient use of the application-layer resources.

    Composable Infrastructure (CI)

    • CI may also leverage network-resident data/infrastructure processing units (DPUs/IPUs), which offload many network, security, and storage functions.
      • As new devices and functions become available, they can be added into the catalog of resources/functions available in a CI pool.

    Use Case Example: Composable AI flow

    Data Ingestion > Data Cleaning/Tagging > Training > Conclusion

    • At each phase of the process, resources, including specialized hardware like memory and GPU cores, can be dynamically allocated and reallocated to the workload on demand

    Composable Infrastructure (CI)

    Use cases and considerations

    Where it's useful

    • Enable even more efficient allocation/utilization of resources for workloads.
    • Very large memory or shared memory requirements can benefit greatly.
    • Decouple purchasing decisions for underlying resources.
    • Leverage the fabric to make it easier to incrementally upgrade underlying resources as required.
    • Build "the Impossible Server."

    Considerations

    • Requires significant footprint/scale to justify in many cases
    • Not necessarily good value for environments that aren't very volatile and heterogeneous in terms of deployment requirements
    • May not be best value for environments where resource-stranding is not a significant issue

    Info-Tech Insight

    Many organizations using a traditional approach report resource stranding as having an impact of 20% or more on efficiency. When focusing specifically on the stranding of memory in workloads, the number can often approach 40%.

    The CI ecosystem

    This is an image of the CI ecosystem.

    • The CI ecosystem has many players, large and small!
    • Note that the CI ecosystem is dependent on a large ecosystem of underlying enablers and component builders to support the required technologies.

    Understanding the differences

    This image shows the similarities and differences between traditional, cloud, hyperconverged, and composable.

    Automation approach

    • Infrastructure as Code
    • Automation & Orchestration
    • Metaorchestration

    Infrastructure as Code (IaC)

    Infrastructure as code (IaC) is the process of managing and provisioning computer data centers through machine-readable definition files rather than physical hardware configuration or interactive configuration tools.

    Before IaC, IT personnel would have to manually change configurations to manage their infrastructure. Maybe they would use throwaway scripts to automate some tasks, but that was the extent of it.

    With IaC, your infrastructure's configuration takes the form of a code file, making it easy to edit, copy, and distribute.

    Info-Tech Insight
    IaC is a critical tool in enabling key benefits!

    • Reduced costs
    • Increased scalability, flexibility, and speed
    • Better consistency and version control
    • Reduced deployment errors

    Infrastructure as Code (IaC)

    1. IaC uses a high-level descriptive coding language to automate the provisioning of IT infrastructure. This eliminates the need to manually provision and manage servers, OS, database connections, storage, and other elements every time we want to develop, test, or deploy an application.
    2. IaC allows us to define the computer systems on which code needs to run. Most commonly, we use a framework like Chef, Ansible, Puppet, etc., to define their infrastructure. These automation and orchestration tools focus on the provisioning and configuring of base compute infrastructure.
    3. IaC is also an essential DevOps practice. It enables teams to rapidly create and version infrastructure in the same way they version source code and to track these versions so as to avoid inconsistency among IT environments that can lead to serious issues during deployment.
    • Idempotence is a principle of IaC. This means a deployment command always sets the target environment into the same configuration, regardless of the environment's starting state.
      • Idempotency is achieved by either automatically configuring an existing target or discarding the existing target and recreating a fresh environment.

    Automation/Orchestration

    Orchestration describes the automated arrangement, coordination, and management of complex computer systems, middleware, and services.

    This usage of orchestration is often discussed in the context of service-oriented architecture, virtualization, provisioning, converged infrastructure, and dynamic data center topics. Orchestration in this sense is about aligning the business request with the applications, data, and infrastructure.

    It defines the policies and service levels through automated workflows,
    provisioning, and change management. This creates an application-aligned infrastructure that can be scaled up or down based on the needs of each application.

    As the requirement for more resources or a new application is triggered, automated tools now can perform tasks that previously could only be done by multiple administrators operating on their individual pieces of the physical stack.

    Orchestration also provides centralized management of the resource pool, including billing, metering, and chargeback for consumption. For example, orchestration reduces the time and effort for deploying multiple instances of a single application.

    Info-Tech Insight

    Automation and orchestration tools can be key components of an effective governance toolkit too! Remember to understand what data can be pulled from your various tools and leveraged for other purposes such as cost management and portfolio roadmapping.

    Automation/Orchestration

    There are a wide variety of orchestration and automation tools and technologies.

    Configuration Management

    Configuration Management

    The logos for companies which fall in each of the categories in the column to the left of the image.

    CI/CD
    Orchestration

    Container
    Orchestration

    Cloud-Specific
    Orchestration

    PaaS
    Orchestration

    Info-Tech Insight

    Automation and orchestration tools and software offerings are plentiful, and many of them have a different focus on where in the application delivery ecosystem they provide automation functionality.

    Often there are different tools for different deployment and service models as well as for different functional phases for each service model.

    Automation/Orchestration

    Every tool focuses on different aspects or functions of the deployment of resources and applications.

    • Resources
      • Compute
      • Storage
      • Network
    • Extended Services
      • Platforms
      • Infrastructure Services
      • Web Services
    • Application Assets
      • Images
      • Templates
      • Containers
      • Code

    Info-Tech Insight

    Let the large ecosystem of tools be your ally. Leverage the right tools where needed and then address the complexity of tools using a master orchestration scheme.

    Metaorchestration

    A Flow chart for the approach to metaorchestration.

    Additionally, most tools do not cover all aspects required for most automation implementations, especially in hybrid cloud scenarios.

    As such, often multiple tools must be deployed, which can lead to fragmentation and loss of unified controls.

    Many enterprises address this fragmentation using a cloud management platform approach.

    One method of achieving this is to establish a higher layer of orchestration – an "orchestrator of orchestrators," or metaorchestration.

    In complex scenarios, this can be a challenge that requires customization and development.

    InfraOps tools ecosystem

    Toolkit Pros Cons Tips
    HCI Easy scale out Shift in skills required Good for enabling automation and hybridization with current-gen public cloud services
    CI Maximal workload resource efficiency Investment in new fabrics and technologies Useful for very dynamic or highly scalable workloads like AI
    IaC Error reduction and standardization Managing drift in standards and requirements Leverage a standards and exception process to keep track of drift
    A&O Key enabler of DevOps automation within phases Usually requires multiple toolsets/frameworks Use the right tools and stitch together at the metaorchestration layer
    Metaorchestration Reduces the complexity of a diverse A&O and IaC toolkit Requires understanding of the entire ecosystems of tools used Key layer of visibility and control for governance

    Build a virtuous cycle

    Remember, the goal is to increase speed AND reliability. That's why we focus on removing friction from our delivery pipelines.

    • The first step is to identify the points of friction in your cycle and understand the intensity and frequency of these friction points.
    • Depending on your delivery and project management methodology, you'll have a different posture of the different tools that make sense for your pipeline.
    • For example, if you are focused on delivering raw resources for sysadmins and/or you're in a Waterfall methodology where the friction points are large but infrequent, hyperconverged is likely to delivery good value, whereas tools like IaC and orchestration may not be as necessary.

    Info-Tech Insight

    Remember that, especially in modern and rapid methodologies, your IT footprint can drift unexpectedly. This means you need a real feedback mechanism on where the friction moves to next.

    This is particularly important in more Agile methodologies.

    Activity: Map your IT operations delivery

    Identify your high-friction interstitial points

    • Using the table below, or a table modified to your delivery phases, map out the activities and tasks that are not standardized and automated.
    • For the incoming and outgoing sections, think about what resources and activities need to be (or could be) created, destroyed, or repurposed to efficiently manage each cycle and the spaces between cycles.
    Plan Code Test Deploy Monitor
    Incoming Friction
    In-Cycle Friction
    Outgoing Friction

    Info-Tech Insight

    Map your ops groups to the delivery cycles in your pipeline. How many delivery cycles do you have or need?

    Good InfraOps is a reflection of governance policies, expressed by standards in architecture and automation.

    Related Info-Tech Research

    Evaluate Hyperconverged Infrastructure for Your Infrastructure Roadmap

    • This Info-Tech note covers evaluation of HCI platforms.

    Design Your Cloud Operations

    • This Info-Tech blueprint covers organization of operations teams for various deployment and Agile modes.

    Bibliography

    Banks, Ethan, host. "Choosing Your Next Infrastructure." Datanauts, episode 094, Packet Pushers, 26 July 2017. Podcast.
    "Composable Infrastructure Solutions." Hewlett Packard Canada, n.d. Web.
    "Composable Infrastructure Technology." Liqid Inc., n.d. Web.
    "DataOps architecture design." Azure Architecture Center, Microsoft Learn, n.d. Web.
    Tan, Pei Send. "Differences: DevOps, ITOps, MLOps, DataOps, ModelOps, AIOps, SecOps, DevSecOps." Medium, 5 July 2021. Web.

    Build a Platform-Based Organization

    • Buy Link or Shortcode: {j2store}98|cart{/j2store}
    • member rating overall impact (scale of 10): 8.0/10 Overall Impact
    • member rating average dollars saved: $3,420 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • The organization is riddled with bureaucracy. Some even believe that bureaucracy is inevitable and is an outcome of a complex business operating in a complex market and regulatory environment.
    • Time to market for new products and services is excruciatingly long.
    • Digital natives like Facebook, Netflix, and Spotify do not compare well with the organization and cannot be looked to for inspiration.

    Our Advice

    Critical Insight

    • Large corporations often consist of a few operating units, each with its own idiosyncracies about strategies, culture, and capabilities. These tightly integrated operating units make a company prone to bureaucracy.
    • The antidote to this bureaucracy is a platform structure: small, autonomous teams operating as startups within the organization.

    Impact and Result

    • Platforms consist of related activities and associated technologies that deliver on a specific organizational goal. A platform can therefore be run as a business or as a service. This structure of small autonomous teams that are loosely joined will make your employees directly accountable to the customers. In a way, they become entrepreneurs and do not remain just employees.

    Build a Platform-Based Organization Research & Tools

    Build a platform-based organization

    Download our guide to learn how you can get started with a platform structure.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Build a Platform-Based Organization Storyboard
    [infographic]

    Further reading

    Build a Platform-Based Organization

    Use a platform structure to overcome bureaucracy.

    Analyst Perspective

    Build a platform-based organization.

    Bureaucracy saps innovation out of large corporations. Some even believe that bureaucracy is inevitable and is an outcome of a complex business operating in a complex market and regulatory environment.

    So, what is the antidote to bureaucracy? Some look to startups like Uber, Airbnb, Netflix, and Spotify, but they are digital native and don’t compare well to a large monolithic corporation.

    However, all is not lost for large corporations. Inspiration can be drawn from a company in China – Haier, which is not a typical poster child of the digital age like Spotify. In fact, three decades ago, it was a state-owned company with a shoddy product quality.

    Haier uses an intriguing organization structure based on microenterprises and platforms that has proven to be an antidote to bureaucracy.

    Vivek Mehta
    Research Director, Digital & Innovation
    Info-Tech Research Group

    Executive Summary

    The Challenge

    Large corporations are prone to bureaucracies, which sap their organizations of creativity and make them blind to new opportunities. Though many executives express the desire to get rid of it, bureaucracy is thriving in their organizations.

    Why It Happens

    As organizations grow and become more complex over time, they yearn for efficiency and control. Some believe bureaucracy is the natural outcome of running a complex organization in a complex business and regulatory environment.

    Info-Tech’s Approach

    A new organizational form – the platform structure – is challenging the bureaucratic model. The platform structure makes employees directly accountable to customers and organizes them in an ecosystem of autonomous units.

    As a starting point, sketch out a platform structure that works for your organization. Then, establish a governance model and identify and nurture key capabilities for the platform structure.

    Info-Tech Insight

    The antidote to bureaucracy is a platform structure: small, autonomous teams operating as startups within the organization.

    Executive Brief Case Study

    Small pieces, loosely joined

    Haier

    Industry: Manufacturing
    Source: Harvard Business Review November-December 2018

    Haier, based in China, is currently the world’s largest appliance maker. Zhang Ruimin, Haier’s CEO, has built an intriguing organizing structure where every employee is directly accountable to customers – internal and/or external. A large corporation often consists of a few operating units, each with its own idiosyncrasies, which makes it slow to innovate. To avoid that, Haier has divided itself into 4,000 microenterprises (MEs), most of which have ten to 15 employees. There are three types of microenterprises in Haier:

    1. Approximately 200 “transforming” MEs: market-facing units like Zhisheng, which manufactures refrigerators, a legacy Haier product, for today’s young urbanites.
    2. Approximately 50 “incubating” MEs: entirely new businesses like Xinchu that wrap existing products into entirely new business models.
    3. Approximately 3,800 “node” MEs: units that sell component products and services such as design, manufacturing, and human resources support to Haier’s market-facing MEs.

    Each ME operates as an autonomous unit with its own targets – an organizing structure that enables innovation at Haier.

    (Harvard Business Review, 2018)

    The image is a rectangular graphic with the words Refrigeration Platform in the centre. There are six text boxes around the centre, reading (clockwise from top left): Zhisheng Young urbanites; Langdu Premium; Jinchu Mid-priced; Xinchu Internet-connected; Overseas Export markets; Leader Value-priced. There are a series of white boxes bordering the graphic, with the following labels: at top--Sales nodes; at right--Support nodes (R&D, HR, supply chain, etc.); at bottom left---Design nodes; at bottom right--Production nodes.

    Markets disproportionately reward platform structure

    Tech companies like Facebook, Netflix, and Spotify are organized around a set of modular platforms run by accountable platform teams. This modular org structure enables them to experiment, learn, and scale quickly – a key attribute of innovative organizations.

    Facebook ~2,603 million monthly active users

    India ~1,353 million population

    Netflix ~183 million monthly paid subscribers

    Spotify ~130 million premium subscribers

    Canada ~37 million population

    (“Facebook Users Worldwide 2020,” “Number of Netflix Subscribers 2019,” “Spotify Users - Subscribers in 2020,” Statista.)

    1. Sketch Out the Platform Structure

    What is a platform anyway?

    A modular component of an org structure

    Platforms consist of a logical cluster of activities and associated technology that delivers on a specific business goal and can therefore be run as a business, or ‘as a service’ … Platforms focus on business solutions to serve clients (internal or external) and to supply other platforms.” – McKinsey, 2019

    Platforms operate as independent units with their own business, technology, governance, processes, and people management. As an instance, a bank could have payments platform under a joint business and IT leadership. This payments-as-a-service platform could provide know-how, processes, and technology to the bank’s internal customers such as retail and commercial business units.

    Many leading IT organizations are set up in a platform-based structure that allows them to rapidly innovate. It’s an imperative for organizations in other industries that they must pilot and then scale with a platform play.

    What a platform-based org looks like

    It looks like a multicellular organism, where each cell is akin to a platform

    An organism consists of multiple cells of different types, sizes, and shapes. Each cell is independent in its working. Regardless of the type, a cell would have three features –the nucleus, the cell membrane, and, between the two, the cytoplasm.

    Similarly, an organization could be imagined as one consisting of several platforms of different types and sizes. Each platform must be autonomous, but they all share a few common features – have a platform leader, set up and monitor targets, and enable interoperability amongst platforms. Platforms could be of three types (McKinsey, 2019):

    1. Customer-journey platforms enable customer proposition and experience built on reusable code. They provide “journey as a service”; for example, Account Opening in a bank.
    2. Business-solution platforms are modular and run as a business or as a service. They provide “company as a service”; for example, Payments or Fraud Detection in a bank.
    3. Core IT provisioning platforms provide core IT services for the organization, for example, cloud, data, automation.

    There are two images: in the lower part of the graphic shows a multicellular organism, and has text pointing to a single cell. At the top, there is a zoomed in image of that single cell, with its component parts labelled: Cell Membrane, Nucleus, and Cytoplasm.

    Case study: Payments platform in a bank

    Payments as a service to internal business units

    The payments platform is led by an SVP – the platform leader. Business and IT teams are colocated and have joint leadership. The platform team works with a mindset of a startup, serving internal customers of the bank – retail and commercial lines of business.

    A diagram showing Advisory Council in a large grey box on the left. To the right are smaller dark blue boxes labeled 'Real-time peer-to-peer payments,' Wire transfers,' 'Batch payments,' 'Mobile wallets,' and 'International payments (VISA, WU, etc.),' and one light blue box labeled 'Payments innovation.'


    Advisory Council: An Advisory Council is responsible for strategy, business, and IT architecture and for overseeing the work within the team. The Advisory Council prioritizes the work, earmarks project budgets, sets standards such as for APIs and ISO 20022, and leads vendor evaluation.

    International payments (VISA, WU, etc.): Project execution teams are structured around payment modes. Teams collaborate with each other whenever a common functionality is to be developed, like fraud check on a payment or account posting for debits and credits.

    Payments innovation: A think tank keeping track of trends in payments and conducting proof of concepts (POCs) with prospective fintech partners and with new technologies.

    Use a capability map to sketch out a platform-based structure

    Corral your organization’s activities and associated tech into a set of 20 to 40 platforms that cover customer journeys, business capabilities, and core IT. Business and IT teams must jointly work on this activity and could use a capability map as an aid to facilitate the discussion.

    The image is an example of a capability map, shown in more detail in the following section.

    An example of sketching a platform-based org structure for an insurance provider (partial)

    Design Policy Create Policy Issue Policy Service Customers Process Claims Manage Investments
    Defining Market Research & Analysis Underwriting Criteria Selection Customer Targeting Interaction Management First Notice of Loss (FNOL) Investment Strategy
    Actuarial Analysis Product Reserving Needs Assessment & Quotes Payments Claims Investigation Portfolio Management
    Catastrophe Risk Modeling Reinsurance Strategy Contract Issuance Adjustments Claims Adjudication Deposits & Disbursements
    Product Portfolio Strategy Product Prototyping Application Management Renewals Claims Recovery (Subrogation) Cash & Liquidity Management
    Rate Making Product Testing Sales Execution Offboarding Dispute Resolution Capital Allocation
    Policy Definition Product Marketing Contract Change Management

    Customer Retention

    [Servicing a customer request is a customer-journey platform.]

    Claims Inquiry

    [Filing a claim is a customer-journey platform.]

    Credit Bureau Reporting
    Shared Customer Management

    Account Management

    [Customer and account management is a business-capability platform to enable journeys.]

    Channel Management Risk Management Regulatory & Compliance Knowledge Management
    Partner Management

    Access and Identity Management

    [Access and identity management is a core IT platform.]

    Change Management Enterprise Data Management Fraud Detection [Fraud detection is a business-capability platform to enable journeys.] Product Innovation
    Enabling Corporate Governance Strategic Planning Reporting Accounting Enterprise Architecture Human Resources
    Legal Corporate Finance IT Facilities Management

    2. Establish Governance and Nurture Key Capabilities

    Two ingredients of the platform structure

    Establish a governance

    Advisory Council (AC) operates like a conductor at an orchestra, looking across all the activities to understand and manage the individual components.

    Nurture key capabilities

    Team structure, processes and technologies must be thoughtfully orchestrated and nurtured.

    Establish strong governance

    Empowerment does not mean anarchy

    While platforms are distinct units, they must be in sync with each other, like individual musicians in an orchestra. The Advisory Council (AC) must act like a conductor of the orchestra and lead and manage across platforms in three ways.

    1. Prioritize spend and effort. The AC team makes allocation decisions and prioritizes spend and effort on those platforms that can best support organizational goals and/or are in most urgent technical need. The best AC teams have enterprise architects who can understand business and dive deep enough into IT to manage critical interdependencies.
    2. Set and enforce standards. The AC team establishes both business and technology standards for interoperability. For example, the AC team can set the platform and application interfaces standards and the industry standards like ISO 20022 for payments. The AC team can also provide guidance on common apps and tools to use, for example, a reconciliation system for payments.
    3. Facilitate cross-platform work. The AC team has a unique vantage point where it can view and manage interdependencies among programs. As these complexities emerge, the AC team can step in and facilitate the interaction among the involved platform teams. In cases when a common capability is required by multiple platforms, the AC team can facilitate the dialogue to have it built out.

    Nurture the following capabilities:

    Design thinking

    “Zero distance from the customer” is the focus of platform structure. Each platform must operate with a mindset of a startup serving internal and/or external users.

    Agile delivery model

    Platform teams iteratively develop their offerings. With guidance from Advisory Council, they can avoid bottlenecks of formal alignment and approvals.

    Enterprise architecture

    The raison d'être of enterprise architecture discipline is to enable modularity in the architecture, encourage reusability of assets, and simplify design.

    Microservices

    Microservices allow systems to grow with strong cohesion and weak coupling and enable teams to scale components independently.

    APIs

    With their ability to link systems and data, APIs play a crucial role in making IT systems more responsive and adaptable.

    Machine learning

    With the drop in its cost, predictability is becoming the new electricity for business. Platforms use machine learning capability for better predictions.

    Related Info-Tech Research

    Drive Digital Transformation With Platform Strategies
    Innovate and transform your business models with digital platforms.

    Implement Agile Practices That Work
    Guide your organization through its Agile transformation journey.

    Design a Customer-Centric Digital Operating Model
    Putting the customer at the center of digital transformation.

    Bibliography

    Bossert, Oliver, and Jürgen Laartz. “Perpetual Evolution—the Management Approach Required for Digital Transformation.” McKinsey, 5 June 2017. Accessed 21 May 2020.

    Bossert, Oliver, and Driek Desmet. “The Platform Play: How to Operate like a Tech Company.” McKinsey, 28 Feb. 2019. Accessed 21 May 2020.

    “Facebook Users Worldwide 2020.” Statista. Accessed 21 May 2020.

    Hamel, Gary, and Michele Zanini. “The End of Bureaucracy.” Harvard Business Review. Nov.-Dec. 2018. Accessed 21 May 2020.

    “Number of Netflix Subscribers 2019.” Statista. Accessed 21 May 2020.

    “Spotify Users - Subscribers in 2020.” Statista. Accessed 21 May 2020.

    What is resilience?

    Aside from the fact that operational resilience is mandated by law as of January 2025 (yes, next year), having your systems and applications available to your customers whenever they need your services is always a good idea. Customers, both existing and new ones, typically prefer smooth operations over new functionality. If you have any roadblocks in your current customer journey, then solving those is also part of operational resilience (and excellence).

    Does this mean you should not market new products or services? Of course not! Solving a customer journey roadblock is ensuring that your company is resilient. The Happy Meal is a prime example: it solved a product roadblock for small children and a profits roadblock for the company. For more info, just google it. But before you bring a new service online, be sure that it can withstand the punches that will be thrown at it. 

    What is resilience? 

    Resilience is the art of making sure your services are available to your customers whenever they can use them. Note I did not say 24/7/365. Your business may require that, but perhaps your systems need "only" to be available during "normal" business hours.

    Resilient systems can withstand adverse events that impair their ability to perform normal functions, and, like in the case the Happy Meals, increased peak demands. Events can include simple breakdowns (like a storage device, an internet connection that fails, or a file that fails to load) or something worse, like a cyber attack or a larger failure in your data center.

    Your client does not care what the cause is; what counts for the client is, "Can I access your service? (or buy that meal for my kid.)"

    Resilience entails several aspects:

    • availability
    • performance
    • right-sizing
    • hardening
    • restore-ability
    • testing
    • monitoring
    • management and governance

    It is now tempting to apply these aspects only to your organization's IT or technical parts. That is insufficient. Your operations, management, and even e.g. sales must ensure that services rendered result in happy clients and happy shareholders/owners. The reason is that resilient operations are a symphony. Not one single department or set of actions will achieve this. When you have product development working with the technical teams to develop a resilient flow at the right level for its earning potential, then you maximize profits.

    This synergy ensures that you invest exactly the right level of resources. There are no exaggerated technical or operational elements for ancillary services. That frees resources to ensure your main services receive the full attention they deserve.

    Resilience, in other words, is the result of a mindset and a way of operating that helps your business remain at the top of its game and provides a top service to clients while keeping the bottom line in the black. 

    Why do we need to spend on this?

    I mean, if it ain't broke, don't fix it. That old adage is true, and yet not. Services can remain up and running for a long time with single points of failure. But can you afford to have them break at any time? If yes, and your customers don't mind waiting for you to patch things up, then you can "risk-accept" that situation. But how realistic is that these days? If I cannot buy it at your shop today, I'll more than likely get it from another. If I'm in a contract with you, yet you cannot deliver, we will have a conversation, or at the very least, a moment of disappointment. If you have enough "disappointments," you will lose the customer. Lose enough customers, and you will have a reputational problem or worse.

    We don't like to spend resources on something that "may"go wrong. We do risk assessments to determine the true cost of non-delivery and the likelihood of that happening. And there are different ways to deal with that assessment's outcome. Not everything needs to have double the number of people working on it, just in case one resignes. Not every system needs an availability of 99,999%.

    But sometimes, we do not have a choice. When lives are at stake, like in medical or aviation services, being sorry is not a good starting point. The same goes for financial services. the DORA and NIS2 legislation in the EU, the CEA, FISMA, and GLBA in the US, and ESPA in Japan, to name a few, are legislations that require your company, if active in the relevant regulated sectors, to comply and ensure that your services continue to perform.

    Most of these elements have one thing in common: we need to know what is important for our service delivery and what is not.

    Business service

    That brings us to the core subject of what needs to be resilient. The answer is very short and very complex at the same time. It is the service that you offer to your customers which must meet reliance levels.

    Take the example of a hospital. When there is a power outage, the most critical systems must continue operating for a given period. That also means that sufficient capable staff must be present to operate said equipment; it even means that the paths leading to said hospital should remain available; if not by road, then, e.g., by helicopter. If these inroads are unavailable, an alternate hospital should be able to take on the workload. 

    Not everything here in this example is the responsibility of the hospital administrators! This is why the management and governance parts of the resilience ecosystem are so important in the bigger picture. 

    If we look at the financial sector, the EU DORA (Digital Operational Resilience Act) specifically states that you must start with your business services. Like many others, the financial sector can no longer function without its digital landscape. If a bank is unexpectedly disconnected from its payment network, especially SWIFT, it will not be long before there are existential issues. A trading department stands to lose millions if the trading system fails. 

    Look in your own environment; you will see many such points. What if your internet connection goes down, and you rely on it for most of your business? How long can you afford to be out? How long before your clients notice and take action? Do you supply a small but critical service to an institution? Then, you may fall under the aforementioned laws (it's called third-party requirements, and your client may be liable to follow them.)

    But also, outside of the technology, we see points in the supply chain that require resilience. Do you still rely on a single person or provider for a critical function? Do you have backup procedures if the tech stops working, yet your clients require you to continue to service them? 

    In all these and other cases, you must know what your critical services are so that you can analyze the requirements and put the right measures in place.

    Once you have defined your critical business services and have analyzed their operational requirements, you can start to look at what you need to implement the aforementioned areas of availability, monitoring, hardening, and others. Remember we're still at the level of business service. The tech comes later and will require a deeper analysis. 

    In conclusion.

    Resilient operations ensure that you continue to function, at the right price, in the face of adverse events. If you can, resilience starts at the business level from the moment of product conception. If the products have long been developed, look at how they are delivered to the client and upgrade operations, resources, and tech where needed.

    In some cases, you are legally required to undertake this exercise. But in all cases, it is important that you understand your business services and the needs of your clients and put sufficient resources in the right places of your delivery chain. 

    If you want to discuss this further, please contact me for a free talk.

     

    Automate Testing to Get More Done

    • Buy Link or Shortcode: {j2store}285|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $29,139 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Testing, Deployment & QA
    • Parent Category Link: /testing-deployment-and-qa
    • Today’s rapidly changing software products and operational processes create mounting pressure on software delivery teams to release new features and changes quickly while meeting high and demanding quality standards.
    • Most organizations see automated testing as a solution to meet this demand alongside their continuous delivery pipeline. However, they often lack the critical foundations, skills, and practices that are imperative for success.
    • The technology is available to enable automated testing for many scenarios and systems, but industry noise and an expansive tooling marketplace create confusion for those interested in adopting this technology.

    Our Advice

    Critical Insight

    • Good automated testing improves development throughput. No matter how quickly you put changes into production, end users will not accept them if they do not meet quality standards. Escaped defects, refactoring, and technical debt can significantly hinder your team’s ability to deliver software on time and on budget. In fact, 65% of organizations saw a reduction of test cycle time and 62% saw reductions in test costs with automated testing (Sogeti, World Quality Report 2020–21).
    • Start automation with unit and functional tests. Automated testing has a sharp learning curve, due to either the technical skills to implement and operate it or the test cases you are asked to automate. Unit tests and functional tests are ideal starting points in your automation journey because of the available tools and knowledge in the industry, the contained nature of the tests you are asked to execute, and the repeated use of the artifacts in more complicated tests (such as performance and integration tests). After all, you want to make sure the application works before stressing it.
    • Automated testing is a cross-functional practice, not a silo. A core component of successful software delivery throughput is recognizing and addressing defects, bugs, and other system issues early and throughout the software development lifecycle (SDLC). This involves having all software delivery roles collaborate on and participate in automated test case design, configure and orchestrate testing tools with other delivery tools, and proactively prepare the necessary test data and environments for test types.

    Impact and Result

    • Bring the right people to the table. Automated testing involves significant people, process and technology changes across multiple software delivery roles. These roles will help guide how automated testing will compliment and enhance their responsibilities.
    • Build a foundation. Review your current circumstances to understand the challenges blocking automated testing. Establish a strong base of good practices to support the gradually adoption of automated testing across all test types.
    • Start with one application. Verify and validate the automated testing practices used in one application and their fit for other applications and systems. Develop a reference guide to assist new teams.

    Automate Testing to Get More Done Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should automate testing, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    2. Adopt good automated testing practices

    Develop and implement practices that mature your automated testing capabilities.

    • Automated Testing Quick Reference Template

    Infographic

    Workshop: Automate Testing to Get More Done

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Adopt Good Automated Testing Practices

    The Purpose

    Understand the goals of and your vision for your automated testing practice.

    Develop your automated testing foundational practices.

    Adopt good practices for each test type.

    Key Benefits Achieved

    Level set automated testing expectations and objectives.

    Learn the key practices needed to mature and streamline your automated testing across all test types.

    Activities

    1.1 Build a foundation.

    1.2 Automate your test types.

    Outputs

    Automated testing vision, expectations, and metrics

    Current state of your automated testing practice

    Ownership of the implementation and execution of automated testing foundations

    List of practices to introduce automation to for each test type

    Develop a Business Continuity Plan

    • Buy Link or Shortcode: {j2store}411|cart{/j2store}
    • member rating overall impact (scale of 10): 9.1/10 Overall Impact
    • member rating average dollars saved: $37,093 Average $ Saved
    • member rating average days saved: 30 Average Days Saved
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity
    • Recent crises have increased executive awareness and internal pressure to create a business continuity plan (BCP).
    • Industry and government-driven regulations require evidence of sound business continuity practices.
    • Customers demand their vendors provide evidence of a workable BCP prior to signing a contract.
    • IT leaders, because of their cross-functional view and experience with incident management and DR, are often asked to lead BCP efforts.

    Our Advice

    Critical Insight

    • BCP requires input from multiple departments with different and sometimes conflicting objectives. There are typically few, if any, dedicated resources for BCP, so it can't be a full-time, resource-intensive project.
    • As an IT leader you have the skill set and organizational knowledge to lead a BCP project, but ultimately business leaders need to own the BCP – they know their processes, and therefore, their requirements to resume business operations better than anyone else.
    • The traditional approach to BCP is a massive project that most organizations can’t execute without hiring a consultant. To execute BCP in-house, carve up the task into manageable pieces as outlined in this blueprint.

    Impact and Result

    • Implement a structured and repeatable process that you apply to one business unit at a time to keep BCP planning efforts manageable.
    • Use the results of the pilot to identify gaps in your recovery plans and reduce overall continuity risk while continuing to assess specific risks as you repeat the process with additional business units.
    • Enable business leaders to own the BCP going forward. Develop a template that the rest of the organization can use.
    • Leverage BCP outcomes to refine IT DRP recovery objectives and achieve DRP-BCP alignment.

    Develop a Business Continuity Plan Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop a business continuity plan, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify BCP maturity and document process dependencies

    Assess current maturity, establish a team, and choose a pilot business unit. Identify business processes, dependencies, and alternatives.

    • BCP Maturity Scorecard
    • BCP Pilot Project Charter Template
    • BCP Business Process Workflows Example (Visio)
    • BCP Business Process Workflows Example (PDF)

    2. Conduct a BIA to determine acceptable RTOs and RPOs

    Define an objective impact scoring scale, estimate the impact of downtime, and set recovery targets.

    • BCP Business Impact Analysis Tool

    3. Document the recovery workflow and projects to close gaps

    Build a workflow of the current steps for business recovery. Identify gaps and risks to recovery. Brainstorm and prioritize solutions to address gaps and mitigate risks.

    • BCP Tabletop Planning Template (Visio)
    • BCP Tabletop Planning Template (PDF)
    • BCP Project Roadmap Tool
    • BCP Relocation Checklists

    4. Extend the results of the pilot BCP and implement governance

    Present pilot project results and next steps. Create BCMS teams. Update and maintain BCMS documentation.

    • BCP Pilot Results Presentation
    • BCP Summary
    • Business Continuity Teams and Roles Tool

    5. Appendix: Additional BCP tools and templates

    Use these tools and templates to assist in the creation of your BCP.

    • BCP Recovery Workflow Example (Visio)
    • BCP Recovery Workflow Example (PDF)
    • BCP Notification, Assessment, and Disaster Declaration Plan
    • BCP Business Process Workarounds and Recovery Checklists
    • Business Continuity Management Policy
    • Business Unit BCP Prioritization Tool
    • Industry-Specific BIA Guidelines
    • BCP-DRP Maintenance Checklist
    • Develop a COVID-19 Pandemic Response Plan Storyboard
    [infographic]

    Workshop: Develop a Business Continuity Plan

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define BCP Scope, Objectives, and Stakeholders

    The Purpose

    Define BCP scope, objectives, and stakeholders.

    Key Benefits Achieved

    Prioritize BCP efforts and level-set scope with key stakeholders.

    Activities

    1.1 Assess current BCP maturity.

    1.2 Identify key business processes to include in scope.

    1.3 Flowchart key business processes to identify business processes, dependencies, and alternatives.

    Outputs

    BCP Maturity Scorecard: measure progress and identify gaps.

    Business process flowcharts: review, optimize, and allow for knowledge transfer of processes.

    Identify workarounds for common disruptions to day-to-day continuity.

    2 Define RTOs and RPOs Based on Your BIA

    The Purpose

    Define RTOs and RPOs based on your BIA.

    Key Benefits Achieved

    Set recovery targets based business impact, and illustrate the importance of BCP efforts via the impact of downtime.

    Activities

    2.1 Define an objective scoring scale to indicate different levels of impact.

    2.2 Estimate the impact of downtime.

    2.3 Determine acceptable RTO/RPO targets for business processes based on business impact.

    Outputs

    BCP Business Impact Analysis: objective scoring scale to assess cost, goodwill, compliance, and safety impacts.

    Apply the scoring scale to estimate the impact of downtime on business processes.

    Acceptable RTOs/RPOs to dictate recovery strategy.

    3 Create a Recovery Workflow

    The Purpose

    Create a recovery workflow.

    Key Benefits Achieved

    Build an actionable, high-level, recovery workflow that can be adapted to a variety of different scenarios.

    Activities

    3.1 Conduct a tabletop exercise to determine current recovery procedures.

    3.2 Identify and prioritize projects to close gaps and mitigate recovery risks.

    3.3 Evaluate options for command centers and alternate business locations (i.e. BC site).

    Outputs

    Recovery flow diagram – current and future state

    Identify gaps and recovery risks.

    Create a project roadmap to close gaps.

    Evaluate requirements for alternate business sites.

    4 Extend the Results of the Pilot BCP and Implement Governance

    The Purpose

    Extend the results of the pilot BCP and implement governance.

    Key Benefits Achieved

    Outline the actions required for the rest of your BCMS, and the required effort to complete those actions, based on the results of the pilot.

    Activities

    4.1 Summarize the accomplishments and required next steps to create an overall BCP.

    4.2 Identify required BCM roles.

    4.3 Create a plan to update and maintain your overall BCP.

    Outputs

    Pilot BCP Executive Presentation

    Business Continuity Team Roles & Responsibilities

    3. Maintenance plan and BCP templates to complete the relevant documentation (BC Policy, BCP Action Items, Recovery Workflow, etc.)

    Further reading

    Develop a Business Continuity Plan

    Streamline the traditional approach to make BCP development manageable and repeatable.

    Analyst Perspective

    A BCP touches every aspect of your organization, making it potentially the most complex project you’ll take on. Streamline this effort or you won’t get far.

    None of us needs to look very far to find a reason to have an effective business continuity plan.

    From pandemics to natural disasters to supply chain disruptions to IT outages, there’s no shortage of events that can disrupt your complex and interconnected business processes. How in the world can anyone build a plan to address all these threats?

    Don’t try to boil the ocean. Use these tactics to streamline your BCP project and stay on track:

    • Focus on one business unit at a time. Keep the effort manageable, establish a repeatable process, and produce deliverables that provide a starting point for the rest of the organization.
    • Don’t start with an extensive risk analysis. It takes too long and at the end you’ll still need a plan to resume business operations following a disruption. Rather than trying to predict what could cause a disruption, focus on how to recover.
    • Keep your BCP documentation concise. Use flowcharts, checklists, and diagrams instead of traditional manuals.

    No one can predict every possible disruption, but by following the guidance in this blueprint, you can build a flexible continuity plan that allows you to withstand the threats your organization may face.

    Frank Trovato

    Research Director,
    IT Infrastructure & Operations Practice
    Info-Tech Research Group

    Andrew Sharp

    Senior Research Analyst,
    IT Infrastructure & Operations Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Recent crises have increased executive awareness and internal pressure to create a BCP.
    • Industry- and government-driven regulations require evidence of sound business continuity practices.
    • Customers demand their vendors provide evidence of a workable BCP prior to signing a contract.

    IT leaders, because of their cross-functional view and experience with incident management and DR, are often asked to lead BCP efforts.

    Common Obstacles

    • IT managers asked to lead BCP efforts are dealing with processes and requirements beyond IT and outside of their control.
    • BCP requires input from multiple departments with different and sometimes conflicting objectives.
    • Typically there are few, if any, dedicated resources for BCP, so it can't be a full-time, resource-intensive project.

    Info-Tech’s Approach

    • Focus on implementing a structured and repeatable process that can be applied to one business unit at a time to avoid BCP from becoming an overwhelming project.
    • Enable business leaders to own the BCP going forward by establishing a template that the rest of the organization can follow.
    • Leverage BCP outcomes to refine IT DRP recovery objectives and achieve DRP-BCP alignment.

    Info-Tech Insight

    As an IT leader you have the skill set and organizational knowledge to lead a BCP project, but you must enable business leaders to own their department’s BCP practices and outputs. They know their processes and, therefore, their requirements to resume business operations better than anyone else.

    Use this research to create business unit BCPs and structure your overall BCP

    A business continuity plan (BCP) consists of separate but related sub-plans, as illustrated below. This blueprint enables you to:

    • Develop a BCP for a selected business unit (as a pilot project), and thereby establish a methodology that can be repeated for remaining business units.
    • Through the BCP process, clarify requirements for an IT disaster recovery plan (DRP). Refer to Info-Tech’s Disaster Recovery Planning workshop for instructions on how to create an IT DRP.
    • Implement ongoing business continuity management to govern BCP, DRP, and crisis management.

    Overall Business Continuity Plan

    IT Disaster Recovery Plan

    A plan to restore IT application and infrastructure services following a disruption.

    Info-Tech’s disaster recovery planning blueprint provides a methodology for creating the IT DRP. Leverage this blueprint to validate and provide inputs for your IT DRP.

    BCP for Each Business Unit

    A set of plans to resume business processes for each business unit. This includes:

    • Identifying business processes and dependencies.
    • Defining an acceptable recovery timeline based on a business impact analysis.
    • Creating a step-by-step recovery workflow.

    Crisis Management Plan

    A plan to manage a wide range of crises, from health and safety incidents to business disruptions to reputational damage.

    Info-Tech’s Implement Crisis Management Best Practices blueprint provides a framework for planning a response to any crisis, from health and safety incidents to reputational damage.

    IT leaders asked to develop a BCP should start with an IT Disaster Recovery Plan

    It’s a business continuity plan. Why should you start continuity planning with IT?

    1. IT services are a critical dependency for most business processes. Creating an IT DRP helps you mitigate a key risk to continuity quicker than it takes to complete your overall BCP, and you can then focus on other dependencies such as people, facilities, and suppliers.
    2. A BCP requires workarounds for IT failures. But it’s difficult to plan workarounds without a clear understanding of the potential IT downtime and data loss. Your DRP will answer those questions, and without a DRP, BCP discussions can get bogged down in IT discussions. Think of payroll as an example: if downtime might be 24 hours, the business might simply wait for recovery; if downtime might be a week, waiting it out is not an option.
    3. As an IT manager, you can develop an IT DRP primarily with resources within your control. That makes it an easier starting point and puts IT in a better position to shift responsibility for BCP to business leaders (where it should reside) since essentially the IT portion is done.

    Create a Right-Sized Disaster Recovery Plan today.

    Modernize the BCP

    If your BCP relies heavily on paper-based processes as workarounds, it’s time to update your plan.

    Back when transactions were recorded on paper and then keyed into the mainframe system later, it was easier to revert to deskside processes. There is very little in the way of paper-based processes anymore, and as a result, it is increasingly difficult to resume business processes without IT.

    Think about your own organization. What IT system(s) are absolutely critical to business operations? While you might be able to continue doing business without IT, this requires regular preparation and training. It’s likely a completely offline process and won’t be a viable workaround for long even if staff know how to do the work. If your data center and core systems are down, technology-enabled workarounds (such as collaboration via mobile technologies or cloud-based solutions) could help you weather the outage, and may be more flexible and adaptable for day-to-day work.

    The bottom line:

    Technology is a critical dependency for business processes. Consider the role IT systems play as process dependencies and as workarounds as part of continuity planning.

    Info-Tech’s approach

    The traditional approach to BCP takes too long and produces a plan that is difficult to use and maintain.

    The Problem: You need to create a BCP, but don’t know where to start.

    • BCP is being demanded more and more to comply with regulations, mitigate business risk, meet customer demands, and obtain insurance.
    • IT leaders are often asked to lead BCP.

    The Complication: A traditional BCP process takes longer to show value.

    • Traditional consultants don’t usually have an incentive to accelerate the process.
    • At the same time, self-directed projects with no defined process go months without producing useful deliverables.
    • The result is a dense manual that checks boxes but isn’t maintainable or usable in a crisis.

    A pie chart is separated into three segments, Internal Mandates 43%, Customer Demands 23%, and Regulatory Requirements 34%. The bottom of the image reads Source: Info-Tech Research Group.

    The Info-Tech difference:

    Use Info-Tech’s methodology to right-size and streamline the process.

    • Reduce required effort. Keep the work manageable and maintain momentum by focusing on one business unit at a time; allow that unit to own their BCP.
    • Prioritize your effort. Evaluate the current state of your BCP to identify the steps that are most in need of attention.
    • Get valuable results faster. Functional deliverables and insights from the first business unit’s BCP can be leveraged by the entire organization (e.g. communication, assessment, and BC site strategies).

    Expedite BCP development

    Info-Tech’s Approach to BCP:

    • Start with one critical business unit to manage scope, establish a repeatable process, and generate deliverables that become a template for remaining business units.
    • Resolve critical gaps as you identify them, generating early value and risk mitigation.
    • Create concise, practical documentation to support recovery.

    Embed training and awareness throughout the planning process.

    BCP for Business Unit A:

    Scope → Pilot BIA → Response Plan → Gap Analysis

    → Lessons Learned:

    • Leverage early results to establish a BCM framework.
    • Take action to resolve critical gaps as they are identified.
    • BCP for Business Units B through N.
    • Scope→BIA→Response Plan→Gap Analysis

    = Ongoing governance, testing, maintenance, improvement, awareness, and training.

    By comparison, a traditional BCP approach takes much longer to mitigate risk:

    • An extensive, upfront commitment of time and resources before defining incident response plans and mitigating risk.
    • A “big bang” approach that makes it difficult to predict the required resourcing and timelines for the project.

    Organizational Risk Assessment and Business Impact Analysis → Solution Design to Achieve Recovery Objectives → Create and Validate Response Plans

    Case Study

    Continuity Planning Supports COVID-19 Response

    Industry: Non-Profit
    Source: Info-Tech Advisory Services

    A charitable foundation for a major state university engaged Info-Tech to support the creation of their business continuity plan.

    With support from Info-Tech analysts and the tools in this blueprint, they worked with their business unit stakeholders to identify recovery objectives, confirm recovery capabilities and business process workarounds, and address gaps in their continuity plans.

    Results

    The outcome wasn’t a pandemic plan – it was a continuity plan that was applicable to pandemics. And it worked. Business processes were prioritized, gaps in work-from-home and business process workarounds had been identified and addressed, business leaders owned their plan and understood their role in it, and IT had clear requirements that they were able and ready to support.

    “The work you did here with us was beyond valuable! I wish I could actually explain how ready we really were for this…while not necessarily for a pandemic, we were ready to spring into action, set things up, the priorities were established, and most importantly some of the changes we’ve made over the past few years helped beyond words! The fact that the groups had talked about this previously almost made what we had to do easy.“ -- VP IT Infrastructure

    Download the BCP Case Study

    Project Overview: BCP

    Phases Phase 1: Identify BCP Maturity and Document Process Dependencies Phase 2: Conduct a BIA to Determine Acceptable RTOs and RPOs Phase 3: Document the Recovery Workflow and Projects to Close Gaps Phase 4: Extend the Results of the Pilot BCP and Implement Governance
    Steps 1.1 Assess current BCP maturity 2.1 Define an objective impact scoring scale 3.1 Determine current recovery procedures 4.1 Consolidate BCP pilot insights to support an overall BCP project plan
    1.2 Establish the pilot BCP team 2.2 Estimate the impact of downtime 3.2 Identify and prioritize projects to close gaps 4.2 Outline a business continuity management (BCM) program
    1.3 Identify business processes, dependencies, and alternatives 2.3 Determine acceptable RTO/RPO targets 3.3 Evaluate BC site and command center options 4.3 Test and maintain your BCP
    Tools and Templates

    BCP Business Impact Analysis Tool

    Results Presentation

    BCP Maturity Scorecard

    Tabletop Planning Template

    BCP Summary

    Pilot Project Charter

    Recovery Workflow Examples

    Business Continuity Teams and Roles

    Business Process Workflows Examples

    BCP Project Roadmap

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    BCP Business Impact Analysis Tool: Conduct and document a business impact analysis using this document.

    BCP Recovery Workflows Example: Model your own recovery workflows on this example.

    BCP Project Roadmap: Use this tool to prioritize projects that can improve BCP capabilities and mitigate gaps and risks.

    BCP Relocation Checklists: Plan for and manage a site relocation – whether to an alternate site or work from home.

    Key deliverable:

    BCP Summary Document

    Summarize your organization's continuity capabilities and objectives in a 15-page, easy-to-consume template.

    This document consolidates data from the supporting documentation and tools to the right.

    Download Info-Tech’s BCP Summary Document

    Insight summary

    Focus less on risk, and more on recovery

    Avoid focusing on risk and probability analysis to drive your continuity strategy. You never know what might disrupt your business, so develop a flexible plan to enable business resumption regardless of the event.

    Small teams = good pilots

    Choose a small team for your BCP pilot. Small teams are better at trialing new techniques and finding new ways to think about problems.

    Calculate downtime impact

    Develop and apply a scoring scale to develop a more-objective assessment of downtime impact for the organization. This will help you prioritize recovery.

    It’s not no, but rather not now…

    You can’t address all the organization’s continuity challenges at once. Prioritize high value, low effort initiatives and create a long-term roadmap for the rest.

    Show Value Now

    Get to value quickly. Start with one business unit with continuity challenges, and a small, focused project team who can rapidly learn the methodology, identify continuity gaps, and define solutions that can also be leveraged by other departments right away.

    Lightweight Testing Exercises

    Outline recovery capabilities using lightweight, low risk tabletop planning exercises. Our research shows tabletop exercises increase confidence in recovery capabilities almost as much as live exercises, which carry much higher costs and risks.

    Blueprint benefits

    Demonstrate compliance with demands from regulators and customers

    • Develop a plan that satisfies auditors, customers, and insurance providers who demand proof of a continuity plan.
    • Demonstrate commitment to resilience by identifying gaps in current capabilities and projects to overcome those gaps.
    • Empower business users to develop their plans and perform regular maintenance to ensure plans don’t go stale.
    • Establish a culture of business readiness and resilience.

    Leverage your BCP to drive value (Business Benefits)

    • Enable flexible, mobile, and adaptable business operations that can overcome disruptions large and small. This includes making it easier to work remotely in response to pandemics or facility disruptions.
    • Clarify the risk of the status quo to business leaders so they can make informed decisions on where to invest in business continuity.
    • Demonstrate to customers your ability to overcome disruptions and continue to deliver your services.

    Info-Tech Advisory Services lead to Measurable Value

    Info-Tech members told us they save an average of $44,522 and 23 days by working with an Info-Tech analyst on BCP (source: client response data from Info-Tech's Measured Value Survey).

    Why do members report value from analyst engagement?

    1. Expert advice on your specific situation to overcome obstacles and speed bumps.
    2. Structure the project and stay on track.
    3. Review project deliverables and ensure the process is applied properly.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostic and consistent frameworks are used throughout all four options.

    Guided Implementation

    Your Trusted Advisor is a call away.

    A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between eight to twelve calls over the course of four to six months.

    Scoping

    Call 1: Scope requirements, objectives, and stakeholders. Identify a pilot BCP project.

    Business Processes and Dependencies

    Calls 2 - 4: Assess current BCP maturity. Create business process workflows, dependencies, alternates, and workarounds.

    Conduct a BIA

    Calls 5 – 7: Create an impact scoring scale and conduct a BIA. Identify acceptable RTO and RPO.

    Recovery Workflow

    Calls 8 – 9: Create a recovery workflow based on tabletop planning.

    Documentation & BCP Framework

    Call 10: Summarize the pilot results and plan next steps. Define roles and responsibilities. Make the case for a wider BCP program.

    Workshop Overview

    Contact your account representative for more information.

    workshops@infotech.com | 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5
    Identify BCP Maturity, Key Processes, and Dependencies Conduct a BIA to Determine Acceptable RTOs and RPOs Document the Current Recovery Workflow and Projects to Close Gaps Identify Remaining BCP Documentation and Next Steps Next Steps and Wrap-Up (offsite)
    Activities

    1.1 Assess current BCP maturity.

    1.2 Identify key business processes to include in scope.

    1.3 Create a flowchart for key business processes to identify business processes, dependencies, and alternatives.

    2.1 Define an objective scoring scale to indicate different levels of impact.

    2.2 Estimate the impact of a business disruption on cost, goodwill, compliance, and health & safety.

    2.3 Determine acceptable RTOs/RPOs for selected business processes based on business impact.

    3.1 Review tabletop planning – what is it, how is it done?

    3.2 Walk through a business disruption scenario to determine your current recovery timeline, RTO/RPO gaps, and risks to your ability to resume business operations.

    3.3 Identify and prioritize projects to close RTO/RPO gaps and mitigate recovery risks.

    4.1 Assign business continuity management (BCM) roles to govern BCP development and maintenance, as well as roles required to execute recovery.

    4.2 Identify remaining documentation required for the pilot business unit and how to leverage the results to repeat the methodology for remaining business units.

    4.3 Workshop review and wrap-up.

    5.1 Finalize deliverables for the workshop.

    5.2 Set up review time for workshop outputs and to discuss next steps.

    Deliverables
    1. Baseline BCP maturity status
    2. Business process flowcharts
    3. Business process dependencies and alternatives recorded in the BIA tool
    1. Potential impact of a business disruption quantified for selected business processes.
    2. Business processes criticality and recovery priority defined
    3. Acceptable RTOs/RPOs defined based on business impact
    1. Current-state recovery workflow and timeline.
    2. RTO/RPO gaps identified.
    3. BCP project roadmap to close gaps
    1. BCM roles and responsibilities defined
    2. Workshop results deck; use this to communicate pilot results and next steps
    1. Finalized deliverables

    Phase 1

    Identify BCP Maturity and Document Process Dependencies

    Phase 1

    1.1 Assess Current BCP Maturity

    1.2 Establish the pilot BCP team

    1.3 Identify business processes, dependencies, and alternatives

    Insights & Outcomes

    Define the scope for the BCP project: assess the current state of the plan, create a pilot project team and pilot project charter, and map the business processes that will be the focus of the pilot.

    Participants

    • BCP Coordinator
    • BCP Executive Sponsor
    • Pilot Business Unit Manager & Process SMEs

    Step 1.1

    Assess current BCP Maturity

    This step will walk you through the following activities:

    • Complete Info-Tech’s BCP Maturity Scorecard

    This step involves the following participants:

    • Executive Sponsor
    • BCP Coordinator

    You'll use the following tools & templates:

    Outcomes & Insights

    Establish current BCP maturity using Info-Tech’s ISO 22301-aligned BCP Maturity Scorecard.

    Evaluate the current state of your continuity plan

    Use Info-Tech’s Maturity Scorecard to structure and accelerate a BCP maturity assessment.

    Conduct a maturity assessment to:

    • Create a baseline metric so you can measure progress over time. This metric can also drive buy-in from senior management to invest time and effort into your BCP.
    • Understand the scope of work to create a complete business continuity plan.
    • Measure your progress and remaining gaps by updating your assessment once you’ve completed the activities in this blueprint.

    This blueprint primarily addresses the first four sections in the scorecard, which align with the creation of the core components of your business continuity plan.

    Info-Tech’s BCP Maturity Scorecard

    Info-Tech’s maturity scorecard is aligned with ISO 22301, the international standard that describes the key elements of a functioning business continuity management system or program – the overarching set of documents, practices, and controls that support the ongoing creation and maintenance of your BCP. A fully functional BCMS goes beyond business continuity planning to include crisis management, BCP testing, and documentation management.

    Audit tools tend to treat every bullet point in ISO 22301 as a separate requirement – which means there’s almost 400 lines to assess. Info-Tech’s BCP Maturity Scorecard has synthesized key requirements, minimizing repetition to create a high-level self-assessment aligned with the standard.

    A high score is a good indicator of likely success with an audit.

    Download Info-Tech's BCP Maturity Scorecard

    Tool: BCP Maturity Scorecard

    Assess your organization’s BCP capabilities.

    Use Info-Tech’s BCP Maturity Scorecard to:

    • Assess the overall completeness of your existing BCP.
    • Track and demonstrate progress towards completion as you work through successive planning iterations with additional business units.
    1. Download a copy of the BCP Maturity Scorecard. On tab 1, indicate the percent completeness for each item using a 0-10 scale (0 = 0% complete, 10 = 100% complete).
    2. If you anticipate improvements in a certain area, make note of it in the “Comments” column.
    3. Review a visual representation of your overall scores on tab 2.

    Download Info-Tech's BCP Maturity Scorecard

    "The fact that this aligns with ISO is huge." - Dr. Bernard Jones MBCI, CBCP

    Step 1.2

    Establish the pilot BCP team

    This step will walk you through the following activities:

    • Assign accountability, responsibility, and roles.
    • Develop a project charter.
    • Identify dependencies and alternates for those dependencies.

    This step involves the following participants:

    • Executive Sponsor
    • BCP Coordinator

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Assign roles and responsibilities for the BCP pilot project. Set milestones and timelines for the pilot.

    Take a pilot approach for BCP

    Limit the scope of an initial BCP project to get to value faster.

    Pilot Project Goals

    • Establish a repeatable methodology that fits your organization and will accelerate BCP development, with tangible deliverables that provide a template for the rest of the business.
    • Identify high-priority business continuity gaps for the pilot business unit, many of which will also apply to the overall organization.
    • Identify initiatives to start addressing gaps now.
    • Enable business users to learn the BCP methodology and toolset so they can own and maintain their business unit BCPs.

    Accomplishments expected:

    • Define key business processes and process dependencies, and alternatives if dependencies are not available.
    • Classify key business processes by criticality for one business unit, using an objective impact scoring scale.
    • Set recovery objectives for these key processes.
    • Document workarounds and recovery plans.
    • Identify gaps in recovery plans and list action items to mitigate risks.
    • Develop a project plan to structure a larger continuity project.

    What not to expect from a pilot project:

    • A complete organizational BCP (the pilot is a strong starting point).
    • Implemented solutions to all BCP gaps (proposed solutions will need to be evaluated first).

    Structure IT’s role in continuity planning

    Clearly define IT’s role in the pilot BCP project to deliver a successful result that enables business units to own BCP in the future.

    Though IT is a critical dependency for most processes, IT shouldn’t own the business continuity plan. IT should be an internal BCP process consultant, and each business unit must own their plan.

    IT should be an internal BCP consultant.

    • IT departments interact with all business units, which gives IT leaders at least a high-level understanding of business operations across the organization.
    • IT leaders typically also have at least some knowledge of disaster recovery, which provides a foundation for tackling BCP.
    • By contrast, business leaders often have little or no experience with disaster recovery, and don’t have the same level of experience as IT when it comes to working with other business units.

    Why shouldn’t IT own the plan?

    • Business unit managers have the authority to direct resources in their department to participate in the BCP process.
    • Business users are the experts in their processes, and are in the best position to identify dependencies, downtime impacts, recovery objectives, and viable solutions (e.g., acceptable alternate sites or process workarounds).
    • Ultimately, business unit managers and executives must decide whether to mitigate, accept, or transfer risks.

    Info-Tech Insight

    A goal of the pilot is to seed success for further planning exercises. This is as much about demonstrating the value of continuity planning to the business unit, and enabling them to own it, as it is about implementing the methodology successfully.

    Create a RACI matrix for the pilot

    Assemble a small, focused team for the pilot project empowered to discover, report, and present possible solutions to continuity planning challenges in your organization.

    Outline roles and responsibilities on the pilot team using a “RACI” exercise. Remember, only one party can be ultimately accountable for the work being completed.

    Example Pilot BCP Project RACI

    Board Executive Team BCP Executive Sponsor BCP Team Leader BCP Coordinator Pilot Bus. Unit Manager Expert Bus. Unit Staff IT Manager
    Communicate BCP project status I I I A R C C I
    Assign resources to pilot BCP project A R C R C R
    Conduct continuity planning activities I A/R R R R R
    Create pilot BCP deliverables I A R R C C C
    Manage BCP documentation I A C R I C C
    Integrate results into BCMS I I A R R I C C
    Create overall BCP project plan I I A R C C

    R: Responsible for doing the work.

    A: Accountable to ensure the activity/work happens.

    C: Consulted prior to decision or action.

    I: Informed of the decision/action once it’s made.

    "Large teams excel at solving problems, but it is small teams that are more likely to come up with new problems for their more sizable counterparts to solve." – Wang & Evans, 2019

    Info-Tech Insight

    Small teams tend to be better at trialing new techniques and finding new ways to think about problems, both of which are needed for a BCP pilot project.

    Choose one business unit for the pilot

    Many organizations begin their BCP project with a target business unit in mind. It’s still worth establishing whether this business unit meets the criteria below.

    Good candidates for a pilot project:

    • Business processes are standardized and documented.
    • Management and staff are motivated to improve business continuity.
    • The business unit is sufficiently well resourced to spare time (e.g. a few hours a week) to dedicate to the BCP process.
    • If the business unit doesn’t meet these criteria, consider addressing shortfalls before the pilot (e.g. via stakeholder management or business process analysis) or selecting another unit.
    • Many of the decisions will ultimately require input and support from the business unit’s manager(s). It is critical that they are bought into and engaged with the project.
    • The leader of the first business unit will be a champion for BCP within the executive team.
    • Sometimes, there’s no clear place to start. If this is the case for you, consider using Info-Tech’s Business Unit BCP Prioritization Tool to determine the order in which business units should undergo BCP development.

    Create role descriptions for the pilot project

    Use these role descriptions and your RACI chart to define roles for the pilot.

    These short descriptions establish the functions, expectations, and responsibilities of each role at a more granular level.

    The Board and executives have an outsized influence on the speed at which the project can be completed. Ensure that communication with these stakeholders is clear and concise. Avoid involving them directly in activities and deliverable creation, unless it’s required by their role (e.g. as a business unit manager).

    Project Role Description
    Board & Executive Team
    • Will receive project status updates but are not directly involved in deliverable creation.
    Executive Sponsor
    • Liaison with the executive team.
    • Accountable to ensure the pilot BCP is completed.
    • Set project goals and approve resource allocation and funding.
    Pilot Business Unit Manager
    • Drive the project and assign required resources.
    • Delegate day-to-day project management tasks to the BCP Coordinator.
    BCP Coordinator
    • Function as the project manager. This includes scheduling activities, coordinating resources, reporting progress, and managing deliverables.
    • Learn and apply the BCP methodology to achieve project goals.
    Expert Business Unit Staff
    • Pilot business unit process experts to assist with BCP development for that business unit.
    IT Manager
    • Provide guidance on IT capabilities and recovery options.
    Other Business Unit Managers
    • Consulted to validate or provide input to the business impact analysis and RTOs/RPOs.

    Identify a suitable BCP Coordinator

    A skilled and committed coordinator is critical to building an effective and durable BCP.

    • Coordinating the BC planning effort requires a perspective that’s informed by IT, but goes beyond IT.
    • For example, many IT professionals only see business processes where they intersect with IT. The BCP Coordinator needs to be able to ask the right questions to help the business units think through dependencies for critical processes.
    • Business analysts can thrive in this role, which requires someone effective at dissecting business processes, working with business users, identifying requirements, and managing large projects.

    Structure the role of the BCP Coordinator

    The BCP Coordinator works with the pilot business unit as well as remaining business units to provide continuity and resolve discrepancies as they come up between business units.

    Specifically, this role includes:

    • Project management tasks (e.g. scheduling, assigning tasks, coordinating resources, and reporting progress).
    • Learning the BCP methodology (through the pilot) so that this person can lead remaining business units through their BCP process. This enables the IT leader who had been assigned to guide BCP development to step back into a more appropriate consulting role.
    • Managing the BCP workflow.

    "We found it necessary to have the same person work with each business unit to pass along lessons learned and resolve contingency planning conflicts for common dependencies." – Michelle Swessel, PM and IT Bus. Analyst, Wisconsin Compensation Rating Bureau (WCRB)

    Template: Pilot Project Charter

    Formalize participants, roles, milestones, risks for the pilot project.

    Your charter should:

    1. Define project parameters, including drivers, objectives, deliverables, and scope.
    2. Identify the pilot business unit.
    3. Assign a BCP pilot team, including a BCP Coordinator, to execute the methodology.
    4. Define before-and-after metrics to enable the team to measure pilot success.
    5. Set achievable, realistic target dates for specific project milestones.
    6. Document risks, assumptions, and constraints.

    Download Info-Tech’s BCP Pilot Project Charter Template

    Step 1.3

    Identify business processes, dependencies, and alternatives

    This step will walk you through the following activities:

    • Identify key business processes.
    • Document the process workflow.
    • Identify dependencies and alternates for those dependencies.

    This step involves the following participants:

    • BCP Coordinator
    • Pilot Business Unit Manager
    • Expert Business Unit Staff

    You'll use the following tools & templates:

    Outcomes & Insights

    Documented workflows, process dependencies, and workarounds when dependencies are unavailable.

    Flowchart business processes

    Workflows help you visually identify process dependencies and optimization opportunities.

    • Business continuity planning is business process focused. You need to document business processes, dependencies, and downtime workarounds.
    • Process documentation is a basic BCP audit requirement, but it will also:
      • Keep discussions about business processes well-scoped and focused – by documenting the process, you also clarify for everyone what you’re actually talking about.
      • Remind participants of process dependencies and workarounds.
      • Make it easier to spot possible process breakdowns or improvements.
      • Capture your work, which can be used to create or update SOP documentation.
    • Use flowcharts to capture process workflows. Flowcharts are often quicker to create, take less time to update, and are ultimately more usable than a dense manual.

    Info-Tech Insight

    Process review often results in discovering informal processes, previously unknown workarounds or breakdowns, shadow IT, or process improvement opportunities.

    1.3.1 Prioritize pilot business unit processes

    Input

    • List of key business unit processes.

    Output

    • List of key business unit processes, now prioritized (at a high-level)

    Materials

    • Whiteboard/flip charts
    • BCP Business Impact Analysis Tool

    Participants

    • BCP Coordinator (leads the discussion)
    • Pilot Business Unit Manager

    30 minutes

    1. Create a list of all formal and informal business processes executed by the pilot business unit.
    2. Discuss the impact of process downtime, and do a quick assessment whether impact of downtime for each process would be high, medium, or low across each of these criteria:
      • Revenue or costs (e.g. supports sales, billing, or productivity)
      • Goodwill (e.g. affects internal or external reputation)
      • Compliance (e.g. affects legal or industry requirements)
      • Health or safety (e.g. affects employee/public health & safety)

    Note: A more in-depth analysis will be conducted later to refine priorities. The goal here is a high-level order of priority for the next steps in the planning methodology (identify business processes and dependencies).

    1. In the BCP Business Impact Analysis Tool, Processes and Dependencies tab, record the following:
      • The business processes in rough order of criticality.
      • For each process, provide a brief description that focuses on purpose and impact.
      • For each process, name a process owner (i.e. accountable for process completion – could be a manager or senior staff, not necessarily those executing the process).

    1.3.2 Review process flows & identify dependencies

    Input

    • List of key business unit processes (prioritized at a high level in Activity 1.3.1).
    • Business process flowcharts.

    Output

    • Business process flowcharts

    Materials

    • Whiteboard/flip charts
    • Microsoft Visio, or other flowcharting software
    • BCP Business Impact Analysis Tool

    Download Info-Tech’s Business Process Workflows Example

    1.5 hours

    1. Use a whiteboard to flowchart process steps. Collaborate to clarify process steps and dependencies. If processes are not documented, use this as an opportunity to create standard operating procedures (SOPs) to drive consistency and process optimization, as described in the Info-Tech blueprint, Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind.
    2. Record the dependencies in tab 1 of the BCP Business Impact Analysis Tool in the appropriate columns:
      • People – Anyone involved in the process, from providing guidance to executing the steps.
      • IT Applications – Core IT services (e.g. ERP, CRM) required for this process.
      • End-user devices & equipment – End-user devices, locally-installed apps, IoT, etc.
      • Facility – Any special requirements beyond general office space.
      • Suppliers & Service Providers – Third-parties who support this process.

    Info-Tech Insight

    Policies and procedures manuals, if they exist, are often out of date or incomplete. Use these as a starting point, but don’t stop there. Identify the go-to staff members who are well versed in how a process works.

    1.3.3 Document workarounds

    Input

    • Business process flowcharts.
    • List of process dependencies.

    Output

    • Workarounds and alternatives in the event dependencies aren’t available.

    Materials

    • BCP Business Impact Analysis Tool

    Participants

    • BCP Coordinator (facilitates the activity)
    • Pilot Business Unit Manager
    • Business Process Subject Matter Experts (SMEs)

    1.5 hours

    Identify alternatives to critical dependencies to help you create contingency plans.

    1. For each business process, identify known alternatives for each primary dependency. Ignore for the moment how long the workaround or alternate would be feasible.
    2. Record alternatives in the Business Continuity Business Impact Analysis Tool, Processes and Dependencies tab, Alternatives columns (a separate column for each category of dependency):
      • People – Can other staff execute the process steps? (Example: managers can step in if needed.)
      • IT Applications – Is there a manual workaround or other alternative while enterprise technology services are unavailable? (Example: database is down, but data is stored on physical forms.)
      • End-User Devices and Equipment – What alternatives exist to the usual end-user technologies, such as workstations and desk phones? (Example: some staff have cell phones.)
      • Facility Location and Requirements – Is there an alternate location where this work can be conducted? (Example: work from home, or from another building on the campus.)
      • Suppliers and External Services – Is there an alternative source for key suppliers or other external inputs? (Example: find alternate suppliers for key inputs.)
      • Additional Inputs or Requirements – What workarounds exist for additional artifacts that enable process steps (e.g. physical inventory records, control lists)? (Example: if hourly pay information is missing, run the same payroll as the previous run and reconcile once that information is available.)

    Phase 2

    Conduct a BIA to Determine Acceptable RTOs and RPOs

    Phase 2

    2.1 Define an objective impact scoring scale

    2.2 Estimate the impact of downtime

    2.3 Determine acceptable RTO/RPO targets

    Insights & Outcomes

    Assess the impact of business process downtime using objective, customized impact scoring scales. Sort business processes by criticality and by assigning criticality tiers, recovery time, and recovery point objectives.

    Participants

    • BCP Coordinator
    • Pilot Business Unit Manager
    • Business Process SMEs

    Step 2.1

    Define an objective scoring scale

    This step will walk you through the following activities:

    • Identify impact criteria that are relevant to your business.
    • Create a scale that defines a range of impact for relevant criteria.

    This step involves the following participants:

    • BCP Coordinator
    • Pilot Business Unit Manager
    • Expert Business Unit Staff

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Define an impact scoring scale relevant to your business, which allows you to more-objectively assess the impact of business process downtime.

    Set appropriate recovery objectives

    Recovery time and recovery point objectives should align with business impact.

    The activities in Phase 2 will help you set appropriate, acceptable recovery objectives based on the business impact of process downtime.

    • The recovery time objective (RTO) and recovery point objective (RPO) are the recovery goals set for individual processes and dependencies to ensure your business unit meets its overall acceptable recovery timeline.

    For example:

    • An RTO of four hours means staff and other required resources must be available to support the business processes within four hours of an incident (e.g. relocate to an alternate worksite if necessary, access needed equipment, log-in to needed systems, get support for completing the process from alternate staff, etc.)
    • An RPO of four hours for a customer database means the most recent secondary copy of the data must never be more than four hours old – e.g. running a backup every four hours or less.

    Conduct a Business Impact Analysis (BIA)

    Create Impact Scoring Scales→Assess the impact of process downtime→Review overall impact of process downtime→Set Criticality Tiers→Set Recovery Time and Recovery Point Objectives

    Create financial impact scales

    Identify maximum cost and revenue impacts to build financial impact scales to measure the financial impact of process downtime.

    Work with the Business Unit Manager and Executive Sponsor to identify the maximum impact in each category to the entire business. Use a worst-case scenario to estimate the maximum for each scale. In the future, you can use this scoring scale to estimate the impact of downtime for other business units.

    • Loss of Revenue: Estimate the upper bound for this figure from the previous year, and divide that by the number of business days in the year. Note: Some organizations may choose to exclude revenue as a category where it won’t be lost (e.g. public-sector organizations).
    • Loss of Productivity: Proxy for lost workforce productivity using payroll numbers. Use the fully loaded payroll for the company, divided by the number of working days in the year as the maximum.
    • Increased Operating Costs: Isolate this to known additional costs resulting from a disruption. Does the interruption itself increase operating costs (e.g. if using timesheets for hourly/contract employees and that information is lost or unavailable, do you assume a full work week)?
    • Financial Penalties: If there are known financial penalties (e.g. due to failure to meet SLAs or other contractual obligations), include those values in your cost estimates.

    Info-Tech Insight

    Cost estimates are like hand grenades and horseshoes: you don’t need to be exact. It’s much easier to get input and validation from other stakeholders when you have estimates. Even weak estimates are far better than a blank sheet.

    Create goodwill, compliance, and safety impact scales

    Create a quantitative, more-objective scoring scale for goodwill, compliance and safety by following the guidance below.

    • Impact on Customers: By default, the customer impact scale is based on the percent of your total customer base impacted. You can also modify this scale to include severity of impact or alter it to identify the maximum number of customers that would be impacted.
    • Impact on Staff: Consider staff that are directly employed by the organization or its subsidiaries.
    • Impact on Business Partners: Which business partners would be affected by a business disruption?
    • Impact on Health & Safety: Consider the extent to which process downtime could increase the risk of the health & safety of staff, customers, and the general public. In addition, degradation of health & safety services should be noted.
    • Impact on Compliance: Set up the scale so that you can capture the impact of any critical regulatory requirements that might not be met if a particular process was down for 24 hours. Consider whether you expect to receive leeway or a grace period from the governance body that requires evidence of compliance.

    Info-Tech Best Practice

    Use just the impact scales that are relevant to your organization.

    Tool: Impact Scoring Scales

    • Define 4-point scoring scales in the BCP business impact analysis tool for a more objective assessment than gut-feel rankings.
    • You don’t need to include every category, if they aren’t relevant to your organization.
    • Refine the scoring scale as needed through the pilot project.
    • Use the same scoring scale for impact analyses with additional business units in the future.

    An image depicting the Business Impact Analysis Tool. A note pointing to the Level of Impact and Direct Cost Impact Scales columns states: Add the maximum cost impacts across each of the four impact scales to the tool. The rest of the scale will auto-populate based on the criteria outlined in the “Level of Impact” column. A note pointing to the column headers states: Change the names of the column headers in this tab. The changes to column headers will populate across the rest of the tool. Indicate exclusions from the scale here. A note pointing to the Goodwill Impact Scales columns reads: Update the Goodwill impact scales. For example, perhaps a critical impact on customers could be defined as “a significant impact on all customers using the organization’s services in a 24-hour period.” A note pointing to the Compliance, Heath and Safety Impact Scales columns reads: Review the compliance and safety impact scales, and update as required.

    Step 2.2

    Estimate the impact of downtime

    This step will walk you through the following activities:

    • Apply the scoring scale developed in step 2.1 to assess the impact of downtime for specific business processes.

    This step involves the following participants:

    • BCP Coordinator
    • Pilot Business Unit Manager
    • Expert Business Unit Staff

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Develop an objective view of the impact of downtime for key business processes.

    2.2.1 Estimate the impact of downtime

    1.5 hours

    Input

    • List of business processes, dependencies, and workarounds, all documented in the BIA tool.

    Output

    • Impact of downtime scores for key business unit processes.

    Materials

    • BCP Business Impact Analysis Tool

    Participants

    • BCP Coordinator (facilitates the discussion)
    • Business Process Subject Matter Experts (SMEs)
    • Pilot Business Unit Manager
    1. Print a copy of the Scoring Criteria tab to use as a reference, or have it open on another screen. In tab 3 of the BCP Business Impact Analysis Tool use the drop-down menu to assign a score of 0 to 4 based on levels of impact defined in the Scoring Criteria tab.
    2. Work horizontally across all categories for a single process. This will set a benchmark, familiarize you with the scoring system, and allow you to modify any scoring scales if needed. In general, begin with the process that you know to be most critical.
      • For example, if call center sales operations are down:
        • Loss of Revenue would be the portion of sales revenue generated through the call center. This might score a 2 or 3 depending on the proportion of sales generated through the call center.
        • The Impact on Customers might be a 1 or 2 depending on the extent that existing customers might be using the call center to purchase new products or services.
        • The Legal/Regulatory Compliance and Health or Safety Risk might be a 0.
    3. Next, work vertically across all processes within a single category. This will allow you to compare scores within the category as you create them.

    Tool: Impact Analysis

    • The goal of the exercise is to arrive at a defensible ranking of process criticality, based on the impact of downtime.
    • Make sure participants can see the scores you’re assigning during the exercise (e.g. by writing out the scores on a whiteboard, or displaying the tool on a projector or screen) and can reference the scoring scales tab to understand what the scores mean.
    • Take notes to record the rationale behind the impact scores. Consider assigning note-taking duties to one of the participants.

    An image of the Impact Analysis Tool. A note pointing to the column headings states: Any customized column headings from tab 2, Scoring Criteria are automatically ported to this tab. A note pointing to the Impact on Goodwill columns reads: Score each application across each scoring scale from 0 to 4. Be sure to refer back to the scoring scale defined in tab 2. Have the scoring scale printed out, written on a whiteboard, or displayed on a separate screen. A note pointing to the tool's dropdown boxes states: Score categories using the drop-down boxes. A note pointing to the centre columns reads: Ignore scoring for categories you choose to exclude. You can hide these columns to clean up the tool if needed.

    2.2.2 Sort processes into Criticality Tiers

    30 minutes

    Input

    • Processes, with assigned impact scores (financial impact, goodwill impact, compliance and safety impact).

    Output

    • Business processes sorted into criticality tiers, based on the impact of downtime.

    Materials

    • BCP Business Impact Analysis Tool

    Participants

    • BCP Coordinator (facilitates the discussion)
    • Business Process Subject Matter Experts (SMEs)
    • Pilot Business Unit Manager
    1. In general, consider the Total Impact on Goodwill, Compliance, and Safety first.
      • An effective tactic to start the process is to assign a tier 1 rating to all processes with a Goodwill, Compliance, and Safety score that’s 50% or more of the highest total score, tier 2 where scores are between 25% and 50%, and tier 3 where scores are below 25% (see table below for an example).
      • In step 2.3, you’ll align recovery time objectives with the criticality tiers. So, Tier 1 processes will target recovery before Tier 2 processes, and Tier 2 processes will target recovery before Tier 3 processes.
    2. Next, consider the Total Cost of Downtime.
    • The Total Cost is calculated by the tool based on the Scoring Criteria in tab 2 and the estimates in the BIA.
    • Consider whether the total cost impact justifies changing the criticality rating. “Smoke test” categorization with participants. Are there any surprises (processes more or less critical than expected)?
  • If the categorization doesn’t seem right, check that the scoring scale was applied consistently.
  • Example: Highest total Goodwill, Compliance, and Safety impact score is 18.

    Tier Score Range % of high score
    Tier 1 - Gold 9-18 50-100%
    Tier 2 - Silver 5 to 9 25-50%
    Tier 3 - Bronze 0 to 5 0-25%

    Step 2.3

    Determine acceptable RTO and RPO targets

    This step will walk you through the following activities:

    • Identify acceptable Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) for business processes.

    This step involves the following participants:

    • BCP Coordinator
    • Pilot Business Unit Manager
    • Expert Business Unit Staff

    In this step, you’ll use these tools and templates:

    Outcomes and Insights

    Right-size recovery objectives based on business impact.

    Right-size recovery objectives

    Acceptable RTOs and RPOs must be right-sized to the impact of downtime.

    Rapid recovery typically requires more investment.

    The impact of downtime for most business processes tends to look something like the increasing impact curve in the image to the right.

    In the moments after a disruption, impact tends to be minimal. Imagine, for example, that your organization was suddenly unable to pay its suppliers (don’t worry about the reason for the disruption, for the moment). Chances are, this disruption wouldn’t affect many payees if it lasted just a few minutes, or even a few hours. But if the disruption were to continue for days, or weeks, the impact of downtime would start to spiral out of control.

    In general, we want to target recovery somewhere between the point where impact begins, and the point where impact is intolerable. We want to balance the impact of downtime with the investment required to make processes more resilient.

    Info-Tech Insight

    Account for hard copy files as well as electronic data. If that information is lost, is there a backup? BCP can be the driver to remove the last resistance to paperless processes, allowing IT to apply appropriate data protection.

    Set recovery time objectives and recovery point objectives in the “Debate Space”

    A graph with the X axis labelled as: Increasing downtime/data loss and the Y-axis labelled Increasing Impact. The graph shows a line rising as impact and downtime/data loss increase, with the lowest end of the line (on the left) labelled as minimal impact, and the highest point of the line (on the right) labelled maximum tolerance. The middle section of the line is labelled as the Debate Space, and a note reads: Acceptable RTO/RPO must be between Low Impact and Maximum Tolerance

    2.3.1 Define process-level recovery objectives

    1 hour

    Input

    • Processes, ranked by criticality.

    Output

    • Initial business-defined recovery objectives for each process.

    Materials

    • BCP Business Impact Analysis Tool

    Participants

    • BCP Coordinator (facilitates the discussion)
    • Business Process Subject Matter Experts (SMEs)
    • Pilot Business Unit Manager
    1. Review the “Debate Space” diagram (shown in previous section) with all participants.
    2. Ask business participants for each process: how much downtime is tolerable, acceptable, or appropriate? How much data loss is tolerable?
      • If participants aren’t yet comfortable setting recovery objectives, identify the point at which downtime and data loss first becomes noticeable and the point at which downtime and data loss becomes intolerable.
      • Choose an RTO and RPO for each process that falls within the range set by these two extremes.

    RTOs and RPOs are business-defined, impact-aligned objectives that you may not be able to achieve today. It may require significant investments of time and capital to enable the organization to meet RTO and RPO.

    2.3.2 Align RTOs within and across criticality tiers

    1 hour

    Input

    • Results from pilot BCP impact analysis.

    Output

    • Initial business-defined recovery objectives for each process.

    Materials

    • BCP Business Impact Analysis Tool
    • Whiteboard/ flipchart

    Participants

    • BCP Coordinator
    • BCP Project Sponsor
    • Business Process Subject Matter Experts (SMEs)
    • Pilot Business Unit Manager (optional)

    Set a range for RTO for each Tier.

    1. Start with your least critical/Tier 3 processes. Use the filter in the “Criticality Rating” column in the Impact Analysis tab of the BIA tool to show only Tier 3 processes.
      • What range of RTOs did the group assign for processes in this Tier? Does the group agree that these targets are appropriate for these processes?
      • Record the range of RTOs on the whiteboard or flipchart.
    2. Next, look at Tier 2 processes. Use the same filter to show just Tier 2 processes.
      • Record the range of RTOs, confirm the range with the group, and ensure there’s no overlap with the Tier 3 range.
      • If the RTOs in one Tier overlap with RTOs in another, you’ll need to adjust RTOs or move processes between Tiers (if the impact analysis justifies it).
    Tier RTO
    Tier 1 4 hrs- 24 hrs
    Tier 2 24 hrs - 72 hrs
    Tier 3 72 hrs - 120 hrs

    Phase 3

    Document the Recovery Workflow and Projects to Close Gaps

    3.1 Determine current recovery procedures

    3.2 Identify and prioritize projects to close gaps

    3.3 Evaluate business continuity site and command center options

    Insights & Outcomes

    Outline business recovery processes. Highlight gaps and risks that could hinder business recovery. Brainstorm ideas to address gaps and risks. Review alternate site and business relocation options.

    Participants

    • BCP Coordinator
    • Pilot Business Unit Manager
    • Business Process SMEs

    Step 3.1

    Determine current recovery procedures

    This step will walk you through the following activities:

    • Create a step-by-step, high-level recovery workflow.
    • Highlight gaps and risks in the recovery workflow.
    • Test the workflow against multiple scenarios.

    This step involves the following participants:

    • BCP Coordinator
    • Crisis Management Team
    • Pilot Business Unit Manager
    • Expert Business Unit Staff

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Establish steps required for business recovery and current recovery timelines.

    Identify risks & gaps that could delay or obstruct an effective recovery.

    Conduct a tabletop planning exercise to draft business recovery plans

    Tabletop exercises are the most effective way to test and increase business confidence in business recovery capabilities.

    Why is tabletop planning so effective?

    • It enables you play out a wider range of scenarios than technology-based testing (e.g. full-scale, parallel) due to cost and complexity factors.
    • It is non-intrusive, so it can be executed more frequently than other testing methodologies.
    • It provides a thorough test of your recovery workflow since the exercise is, essentially, paper-based.
    • After you have a BCP in place, this exercise can continue to be a valuable testing exercise for BCP to capture changes in your recovery process.

    A graph titled: Tabletop planning had the greatest impact on respondent confidence in meeting recovery objectives. The graph shows that the relative importance of Tabletop Planning is 57%, compared to 33% for Unit Testing, 3% for Simulation Testing, 6% for Parallel Testing, and 2% for Full-Scale Testing. The source for the graph is Info-Tech Research Group.

    Step 2 - 2 hours
    Establish command center.

    Step 2: Risks

    • Command center is just 15 miles away from primary site.

    Step 2: Gaps

    • Confirm what’s required to set up the command center.
    • Who has access to the EOC?
    • Does the center have sufficient bandwidth, workstations, phones, telephone lines?

    3.1.1 Choose a scenario for your first tabletop exercise

    30 minutes

    Input

    • List of past incidents.
    • Risks to business continuity that are of high concern.

    Output

    • Scenario for the tabletop exercise.

    Materials

    • N/A

    Participant

    • BCP Coordinator (facilitates the exercise)
    • Business Process Subject Matter Experts (SMEs)
    • Pilot business unit manager

    At the business unit level, the goal is to define a plan to resume business processes after an incident.

    A good scenario is one that helps the group focus on the goal of tabletop planning – to discuss and document the steps required to recover business processes. We suggest choosing a scenario for your first exercise that:

    • Disrupts many process dependencies (i.e. facilities, staff, IT services, suppliers).
    • Does not result in major property damage, harm, or loss of life. Business resumption is the focus of this exercise, not emergency response.
    • Has happened in the past, or is of concern to the business.

    An example: a gas leak at company HQ that requires the area to be cordoned off and power to be shut down. The business must resume processes from another location without access to materials, equipment, or IT services at the primary location.

    A plan that satisfies the gas leak scenario should meet the needs of other scenarios that affect your normal workspace. Then use BCP testing to validate that the plan meets a wider range of incidents.

    3.1.2 Define the BCP activation process

    1 hour

    Input

    • Any existing crisis management, incident response or emergency response plans.
    • BC Scenario.

    Output

    • High level incident notification, assessment, and declaration workflow.

    Materials

    • Cue cards, sticky notes, whiteboard and markers, or Visio template.

    Participants

    • BCP Coordinator
    • Crisis Management Team (if one exists)
    • Business Process SMEs
    • Pilot Business Unit Manager

    Answer the questions below to structure your notification, assessment, and BCP activation procedures.

    Notification

    How will you be notified of a disaster event? How will this be escalated to leadership? How will the team responsible for making decisions coordinate (if they can’t meet on-site)? What emergency response plans are in place to protect health and safety? What additional steps are involved if there’s a risk to health and safety?

    Assessment

    Who’s in charge of the initial assessment? Who may need to be involved in the assessment? Who will coordinate if multiple teams are required to investigate and assess the situation? Who needs to review the results of the assessment, and how will the results of the assessment be communicated (e.g. phone bridge, written memo)? What happens if your primary mode of communication is unavailable (e.g. phone service is down)?

    Declaration

    Who is responsible today for declaring a disaster and activating business continuity plans? What are the organization’s criteria for activating continuity plans, and how will BCP activation be communicated? Establish a crisis management team to guide the organization through a wide range of crises by Implementing Crisis Management Best Practices.

    3.1.3 Document the business recovery workflow

    1 hour

    Input

    • Pilot BIA.
    • Any existing crisis management, incident response, or emergency response plans.
    • BC Scenario

    Output

    • Outline of your BCP declaration and business recovery plan.

    Materials

    • Cue cards, sticky notes, whiteboard and markers, or Visio template.

    Participants

    • BCP Coordinator (facilitates the exercise)
    • Business Process Subject Matter Experts (SMEs)
    • Pilot Business Unit Manager

    Do the following:

    1. Create separate flows for facility, IT, and staff disruptions. Include additional workflows as needed.
      • We suggest you outline the recovery process at least to the point where business processes are restored to a minimum viable functional level.
    2. On white cue cards:
      1. Record the step.
      2. Indicate the task owner.
      3. Estimate how long the step will take.
    3. On yellow cue cards, document gaps in people, process, and technology requirements to complete the step.
    4. On red cue cards, indicate risks (e.g. no backup person for a key staff member).

    Info-Tech Best Practice

    Tabletop planning is most effective when you keep it simple.

    • Be focused; stay on task and on time.
    • Revisit each step and record risks and mitigation strategies.
    • Discuss each step from start to finish.
    • Revise the plan with key task owners.
    • Don’t get weighed down by tools.
    • Simple tools, like cue cards or whiteboards, can be very effective.

    Tool: BCP Recovery Workflow

    Document the steps you identified in the tabletop to create your draft recovery workflow.

    Why use a flowchart?

    • Flowcharts provide an at-a-glance view, are ideal for crisis scenarios where pressure is high and effective, and where timely communication is necessary.
    • For experienced managers and staff, a high-level reminder of process flows or key steps is sufficient.
    • Where more detail is required, include links to supporting documentation (which could include checklists, vendor documentation/contracts, other flowcharts, etc.)

    Create one recovery workflow for all scenarios.

    Traditional planning calls for separate plans for different “what-if” scenarios. This is challenging not just because it’s a lot more documentation – and maintenance – but because it’s impossible to predict every possible incident. Use the template, aligned to recovery of process dependencies, to create one recovery workflow for each business unit that can be used in and tested against different scenarios.

    Download Info-Tech’s BCP Recovery Workflow Example

    "We use flowcharts for our declaration procedures. Flowcharts are more effective when you have to explain status and next steps to upper management." – Assistant Director-IT Operations, Healthcare Industry

    "Very few business interruptions are actually major disasters. It’s usually a power outage or hardware failure, so I ensure my plans address ‘minor’ incidents as well as major disasters."- BCP Consultant

    3.1.4 Document achievable recovery metrics (RTA/RPA)

    30 minutes

    Input

    • Pilot BCP BIA.
    • Draft recovery workflow.

    Output

    • RTA and RPA for each business process.

    Materials

    • Pilot BCP BIA.

    Participants

    • BCP Coordinator (facilitates the exercise)
    • Business Process Subject Matter Experts (SMEs)
    • Pilot Business Unit Manager

    Add the following data to your copy of the BCP Business Impact Analysis Tool.

    1. Estimate the recovery time achievable (RTA) for each process based on the required time for the process to be restored to a minimum acceptable functional level. Review your recovery workflow to identify this timeline. For example, if the full process from notification, assessment, and declaration to recovery and relocation would take a full day, set the RTA to 24 hours.
    2. Estimate the recovery point achievable (RPA) for each process based on the maximum amount of data that could be lost. For example, if data on a particular system is backed up offsite once per day, and the onsite system was destroyed just before that backup began, the entire day’s data could be lost and the achievable RPO is 24 hours. Note: Enter a value of 9999 to indicate that data is unrecoverable.

    Info-Tech Insight

    Operating at a minimum acceptable functional level may not be feasible for more than a few days or weeks. Develop plans for immediate continuity first, then develop further plans for long-term continuity processes as required. Recognize that for longer term outages, you will evolve your plans in the crisis to meet the needs of the situation.

    3.1.5 Test the workflow of other scenarios

    1 hour

    Input

    • Draft recovery workflow.

    Output

    • Updated draft recovery workflow.

    Materials

    • Draft recovery workflow.
    • Projector or screen.

    Participants

    • BCP Coordinator (facilitates the exercise)
    • Business Process Subject Matter Experts (SMEs)
    • Pilot Business Unit Manager

    Work from and update the soft copy of your recovery workflow.

    1. Would any steps change if the scenario changes? If yes, capture the different flow with a decision diamond. See the example Recovery Workflow for a workflow that uses decision diamonds. Identify any new gaps or risks you encounter with red and yellow cards.
    2. Make sure the decision diamonds are as generalized as possible. For example, instead of creating a separate response plan for each scenario that would require you to relocate from your existing building, create one response plan for relocation and one response plan for remaining in place.
    3. See the next section for some examples of different types of scenarios that you may include in your recovery workflow.

    Info-Tech Insight

    Remember that health and safety risks must be dealt with first in a crisis. The business unit recovery workflow will focus on restoring business operations after employees are no longer at risk (e.g. the risk has been resolved or employees have been safely relocated). See Implement Crisis Management Best Practices for ideas on how to respond to and assess a wide range of crises.

    Not all scenarios will have full continuity plans

    Risk management is a business decision. Business continuity planning can help decision makers understand and decide on whether to accept or mitigate high impact, low probability risks.

    For some organizations, it’s not practical or possible to invest in the redundancy that would be necessary to recover in a timely manner from certain major events.

    Leverage existing risk management practices to identify key high impact events that could present major business continuity challenges that could cause catastrophic disruptions to facility, IT, staffing, suppliers, or equipment. If you don’t have a risk register, review the scenarios on the next slide and brainstorm risks with the working group.

    Work through tabletop planning to identify how you might work through an event like this, at a high level. In step 3.2, you can estimate the effort, cost, and benefit for different ideas that can help mitigate the damage to the business to help decision makers choose between investment in mitigation or accepting the risk.

    Document any scenarios that you identify as outside the scope of your continuity plans in the “Scope” section of your BCP Summary document.

    For example:

    A single location manufacturing company is creating a BCP.

    The factory is large and contains expensive equipment; it’s not possible to build a second factory for redundancy. If the factory is destroyed, operations can’t be resumed until the factory is rebuilt. In this case, the BCP outlines how to conduct an orderly business shutdown while the factory is rebuilt.

    Contingency planning to resume factory operations after less destructive events, as well as a BCP for corporate services, is still practical and necessary.

    Considerations for other BCP scenarios

    Scenario Type Considerations
    Local hazard (gas leak, chemical leak, criminal incident, etc.)
    • Systems might be accessible remotely, but hands-on maintenance will be required eventually. “Work from home” won’t be a long-term solution.
    • An alternate site is required for service continuity. Can be within normal commuting distance.
    Equipment/building damage (fire, roof collapse, etc.)
    • Equipment will need repair or replacement (vendor involvement).
    • An alternate site is required for service continuity. Can be nearby.
    Regional natural disasters
    • Utilities may be affected (power, running water, etc.).
    • Expect staff to take care of their families first before work.
    • A geographically distant alternate site is required for service continuity.
    Supplier failure (IT provider outage, disaster at supplier, etc.)
    • Service-level agreements are important to establish recovery timelines. Review contracts and master services agreements.
    Staff (lottery win, work stoppage, pandemic/quarantine)
    • Staff are suddenly unavailable. Expect that no warm handoff to alternates is possible and that time to ramp up on the process is accounted for.
    • In a pandemic scenario, work from home, remote toolsets, and digital/contactless workflows become critical.

    Step 3.2

    Identify and prioritize projects to close gaps

    This step will walk you through the following activities:

    • Brainstorm solutions to identified gaps and risks.
    • Prioritize projects and action items to close gaps and risks.
    • Assess the impact of proposed projects on the recovery workflow.

    This step involves the following participants:

    • BCP Coordinator
    • Pilot Business Unit Manager
    • Expert Business Unit Staff

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Identify and prioritize projects and action items that can improve business continuity capabilities.

    3.2.1 Brainstorm solutions to address risks and gaps

    1 hour

    Input

    • Draft recovery workflow.
    • Known continuity risks and gaps.

    Output

    • Ideas for action items and projects to improve business continuity.

    Materials

    • Flipchart

    Participants

    • BCP Coordinator (facilitates the exercise)
    • Business Process Subject Matter Experts (SMEs)
    • Pilot Business Unit Manager
    1. Review each of the risk and gap cards from the tabletop exercise.
    2. As a group, brainstorm ideas to address gaps, mitigate risks, and improve resiliency. Write the list of ideas on a whiteboard or flip chart paper. The solutions can range from quick-wins and action items to major capital investments. The following slides can help you seed ideas to support brainstorming and idea generation.

    Info-Tech Best Practice

    Try to avoid debates about feasibility at this point. The goal is to get ideas on the board.

    When you’re brainstorming solutions to problems, don’t stop with the first idea, even if the solution seems obvious. The first idea isn’t always the best or only solution – other ideas can expand on it and improve it.

    Step 4: No formal process to declare a disaster and invoke business continuity.

    Step 7: Alternate site could be affected by the same regional event as the main office.

    Step 12: Need to confirm supplier service-level agreements (SLAs).

    1. Continue to create BCP documentation.
    2. Identify a third location for regional disasters.
    3. Contact suppliers to confirm SLAs and validate alignment with RTOs/RPOs.
    4. Add BCP requirements collection to service procurement process?

    Discuss your remote work capabilities

    With COVID-19, most organizations have experience with mass work-from-home.

    Review the following case studies. Do they reflect your experience during the COVID-19 pandemic?

    Unacceptable risk

    • A small insurance company provided laptops to staff so they could work remotely.
    • Complication: Cheque and print stock is a dependency and no plan was made to store check stock offsite in a secure fashion.

    Key dependencies missing

    • A local government provided laptops to key staff so they could work remotely.
    • Complication: The organization didn’t currently own enough Citrix licenses for every user to be online concurrently.

    Unable to serve customers

    • The attestation and land services department of a local government agency provided staff with remote access to key apps.
    • Complication: Their most critical business processes were designed to be in-person – they had no plan to execute these processes from home.

    Consider where your own work-from-home plans fell short.

    • Were your collaboration and communication solutions too difficult for users to use effectively?
    • Did legacy infrastructure affect performance or limit capabilities? Were security concerns appropriately addressed?
    • What challenges did IT face supporting business users on break-fix and new requests?
    • Were there logistical needs (shipping/receiving, etc.) that weren’t met?
    • Develop an updated plan to support work-from-home using Info-Tech’s BCP Relocation Checklists and Home Office Survey template, and integrate these into your overall BCP documentation. Stakeholders can easily appreciate the value of this plan since it’s relevant to recent experience.

    Identify opportunities to improve continuity plans

    What gaps in your continuity response could be addressed with better planning?

    People

    • Alternates are not identified
    • Roles in a disaster are not formalized
    • No internal/external crisis comm. strategy

    Site & Facilities

    • No alternate place of business or command center identified
    • No formal planning or exercises to test alternate site viability

    • Identify a viable secondary site and/or work-from-home plan, and develop a schedule for testing activities. Review in Step 3.3 of the Develop a Business Continuity Plan blueprint.

    External Services & Suppliers

    • Contingency plans for a disruption not planned or formalized
    • No formal review of service-level agreements (SLAs)

    • Contact key suppliers and vendors to establish SLAs, and ensure they meet requirements.
    • Review supplier continuity plans.

    Technology & Physical Assets

    • No secondary site or redundancy for critical IT systems
    • No documented end-to-end IT DR plan

    Tool: BCP Project Roadmap

    Prioritize and visualize BCP projects to present options to decision makers.

    Not all BCP projects can be tackled at once. Enable decision makers to defer, rather than outright reject, projects that aren’t feasible at this time.

    1. Configure the tool in Tab 1. Setup. Adjust criteria and definitions for criteria. Note that shaded columns are required for reporting purposes and can’t be modified.
    2. Add projects and action items in Tab 2. Data Entry. Fields highlighted in red are all required for the dashboard to populate. All other fields are optional but will provide opportunities to track more detailed data on project ideas.
    3. To generate the dashboard in Tab 3. Roadmap, open the Data ribbon and under Queries and Connections click Refresh All. You can now use the slicers on the right of the sheet.

    Download Info-Tech’s BCP Project Roadmap Tool

    Demonstrate BCP project impacts

    Illustrate the benefits of proposed projects.

    1. Review your recovery workflow.
    2. Make updates to a second copy of the high-level outline to illustrate how the business response to a disaster scenario will change once proposed projects are complete.
    • Remove steps that have been made unnecessary.
    • Remove any risks or gaps that have been mitigated or addressed.
    • Verify that proposed projects close gaps between acceptable and achievable recovery capabilities in the BIA tool.
  • The visual impact of a shorter, less-risky recovery workflow can help communicate the benefits of proposed projects to decision makers.
  • Step 3.3

    Evaluate business continuity site and command center options

    This step will walk you through the following activities:

    • Take a deep dive on the requirements for working from an alternate location.
    • Assess different options for an alternate location.

    This step involves the following participants:

    • BCP Coordinator
    • Pilot Business Unit Manager
    • Expert Business Unit Staff

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Identify requirements for an alternate business site.

    Tool: Relocation Checklists

    An alternate site could be another company building, a dedicated emergency operations center, or work-from-home. Use this tool to guide and prepare for any relocation exercise.

    • Coordinate your response with the pre-populated checklists in Tabs 1 & 2, identify who’s responsible for items on the checklists, and update your recovery workflows to reflect new steps. When reviewing the checklist, consider what can be done to prepare ahead of a crisis.
      • For example, you may wish to create crisis communication templates to streamline crisis communications during a disaster.
    • Calculate the effort required to provision equipment for relocated users in Tabs 3 & 4.
    • Evaluate your options for alternate sites with the requirements matrix in Tab 5. Use your evaluation to identify how the organization could address shortcomings of viable options either ahead of time or at the time of an incident.

    Download Info-Tech’s BCP Relocation Checklists

    Create a checklist of requirements for an alternate site

    Leverage the roll-up view, in tab 3, of dependencies required to create a list of requirements for an alternate site in tab 4.

    1. The table on Tab 5 of the relocation checklists is pre-populated with some common requirements. Modify or replace requirements to suit your needs for an alternate business/office site. Be sure to consider distance, transportation, needed services, accessibility, IT infrastructure, security, and seating capacity at a minimum.
    2. Don’t assume. Verify. Confirm anything that requires permissions from the site owner. What network providers have a presence in the building? Can you access the site 24/7 and conduct training exercises? What facilities and services are available? Are you guaranteed the space if needed?

    "There are horror stories about organizations that assumed things about their alternate site that they later found out they weren’t true in practice." – Dr. Bernard Jones, MBCI CBCP

    Info-Tech Insight

    If you choose a shared location as a BCP site, a regional disaster may put you in competition with other tenants for space.

    Identify a command center

    For command center and alternate worksite selection, remember that most incidents are local and short term. Identify an onsite and an offsite command center.

    1. For events where the building is not compromised, identify an onsite location, ideally with remote conferencing capabilities and planning and collaboration tools (projectors, whiteboards, flipcharts). The onsite location can also be used for BCM and crisis management meetings. Remember, most business continuity events are not regional or massively destructive.
    2. For the offsite command center, select a location that is sufficiently far away from your normal business location to maintain separation from local incidents while minimizing commute time. However, consider a geographically distant option (e.g. more than 50 miles away) identified for those scenarios where it is a regional disaster, or plan to leverage online tools to create a virtual command center (see the Insight box below).
    3. The first members of the Emergency Response Team to be notified of the incident will determine which location to use or whether a third alternative is required.

    Info-Tech Insight

    For many organizations, a dedicated command center (TVs on the wall, maps and charts in filing cabinets) isn’t necessary. A conference bridge and collaboration tools allowing everyone to work remotely can be an acceptable offsite command center as long as digital options can meet your command center requirements.

    Create a plan for a return to normal

    Operating in continuity mode for an extended period of time tends to result in higher costs and reduced business capabilities. It’s important to restore normal operations as soon as possible.

    Advance planning can minimize risks and delays in returning to normal operations.

    Leverage the methodology and tools in this blueprint to define your return to normal (repatriation) procedures:

    1. Repeat the tabletop planning exercise to determine the repatriation steps and potential gaps. How will you return to the primary site from your alternate site? Does data need to be re-entered into core systems if IT services are down? Do you need to transfer job duties back to primary staff?
    2. What needs to be done to address the gaps in the return to normal workflow? Are there projects or action items that could make return to normal easier?

    For more on supporting a business move back to the office from the IT perspective, see Responsibly Resume IT Operations in the Office

    Potential business impacts of ongoing operations at a failover site

    • The cost of leasing alternate business worksites.
    • Inability to deliver on strategic initiatives while in emergency/interim operations mode, resulting in lost business opportunities.
    • A growing backlog of work that falls outside of emergency operations mode.
    • Travel and accommodation costs if the alternate site is geographically remote.
    • Additional vendor licensing and contract costs.

    Phase 4

    Extend the Results of the Pilot BCP and Implement Governance

    Phase 4

    4.1 Consolidate BCP pilot insights to support an overall BCP project plan

    4.2 Outline a business continuity management (BCM) program

    4.3 Test and maintain your BCP

    Insights & Outcomes

    Summarize and consolidate your initial insights and documentation. Create a project plan for overall BCP. Identify teams, responsibilities, and accountabilities, and assign documentation ownership. Integrate BCP findings in DR and crisis management practices. Set guidelines for testing, plan maintenance, training, and awareness.

    Participants

    • BCP Coordinator
    • Pilot Business Unit Manager
    • BCP Executive Sponsor

    Step 4.1

    Consolidate BCP pilot insights to support an overall BCP project plan

    This step will walk you through the following activities:

    • Summarize and consolidate outputs and key insights from the BCP pilot.
    • Identify outputs from the pilot that can be re-used for the overall BCP.
    • Create a project charter for an overall BCP.

    This step involves the following participants:

    • BCP Coordinator
    • Pilot Business Unit Manager
    • BCP Executive Sponsor

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Present results from the pilot BCP, and outline how you’ll use the pilot process with other business units to create an overall continuity program.

    Structure the overall BCP program.

    Template: BCP Pilot Results Presentation

    Highlight key findings from the BCP pilot to make the case for next steps.

    • Highlight critical gaps or risks identified, any potential process improvements, and progress made toward improving overall BCP maturity through the pilot project. Summarize the benefits of the pilot project for an executive audience.
    • Review process recovery objectives (RTO/RPO). Provide an overview of recovery capabilities (RTA/RPA). Highlight any significant gaps between objectives and capabilities.
    • Propose next steps, including an overall BCP project and program, and projects and action items to remediate gaps and risks.
    • Develop a project plan to estimate resource requirements for an overall BCP project prior to delivering this presentation. Quantifying required time and resources is a key outcome as it enables the remaining business units to properly scope and resource their BCP development activities and can help managers overcome the fear of the unknown.

    Download Info-Tech’s BCP Pilot Results Presentation

    Tool: BCP Summary

    Sum up information from completed BCP documents to create a high-level BCP overview for auditors and executives.

    The BCP Summary document is the capstone to business unit continuity planning exercises. It consolidates your findings in a short overview of your business continuity requirements, capabilities, and maintenance procedures.

    Info-Tech recommends embedding hyperlinks within the Summary to the rest of your BCP documentation to allow the reader to drill down further as needed. Leverage the following documents:

    • Business Impact Analysis
    • BCP Recovery Workflows
    • Business Process Workflows
    • BCP Project Roadmap
    • BCP Relocation Checklists
    • Business Continuity Policy

    Download Info-Tech’s BCP Summary Document

    Reuse templates for additional exercises

    The same methodology described in this blueprint can be repeated for each business unit. Also, many of the artifacts from the BCP pilot can be reused or built upon to give the remaining business units a head start. For example:

    • BCP Pilot Project Charter Template. Make a copy to use as a base for the next business unit’s BCP project charter, and update the stakeholders/roles and milestone dates. The rest of the content can remain the same in most cases.
    • BCP Reference Workbook. This tool contains information common to all business units and can be updated as needed.
    • BCP Business Impact Analysis Tool. You may need to start a separate copy for each business unit to allow enough space to capture all business processes. However, use the same scoring scale to drive consistent assessments. In addition, the scoring completed by the pilot business unit provides an example and benchmark for assessing other business processes.
    • BCP Recovery Workflow. The notification, assessment, and declaration steps can be standardized so remaining business units can focus primarily on recovery after a disaster is declared. Similarly, many of the steps related to alternate sites and IT workarounds will also apply to other business units.
    • BCP Project Roadmap Tool. Many of the projects identified by the pilot business unit will also apply to other business units – update the list as needed.
    • The Business Unit BCP Prioritization Tool, BCP Executive Presentation, and Business Continuity Policy Template do not need to be updated for each business unit.

    Info-Tech Best Practice

    You may need to create some artifacts that are site specific. For example, relocation plans or emergency plans may not be reusable from one site to another. Use your judgement to reuse as much of the templates as you can – similar templates simplify audit, oversight, and plan management.

    Create an Overall BCP Project Charter

    Modify the pilot project charter to encompass the larger BCP project.

    Adjust the pilot charter to answer the following questions:

    • How much time and effort should the rest of the project take, based on findings from the pilot? When do you expect to meet certain milestones? What outputs and outcomes are expected?
    • In what order should additional business units complete their BCP? Who needs to be involved?
    • What projects to address continuity gaps were identified during the pilot? What investments will likely be required?
    • What additional documentation is required? This section and the appendix include templates to document your BCM Policy, Teams & Contacts, your notification procedures, and more.
    • How does this integrate with the other areas of business resilience and continuity (IT disaster recovery planning and crisis management planning)?
    • What additional activities, such as testing, are required?

    Prioritize business units for further BCP activities.

    As with the pilot, choose a business unit, or business units, where BCP will have the greatest impact and where further BCP activities will have the greatest likelihood of success. Prioritize business units that are critical to many areas of the business to get key results sooner.

    Work with one business unit at a time if:

    • Required resources from the business unit are available to focus on BCP full-time over a short period (one to two weeks).
    • More hands-on guidance (less delegation) is needed.
    • The business unit is large or has complex processes.

    Work with several business units at the same time if:

    • Required resources are only available sporadically over a longer period of time.
    • Less guidance (more delegation) is possible.
    • All business units are small and have well-documented processes.

    Download Info-Tech’s Business Unit BCP Prioritization Tool

    Step 4.2

    Outline a Business Continuity Management (BCM) Program

    This step will walk you through the following activities:

    • Identify teams and roles for BCP and business continuity management.
    • Identify individuals to fill key roles.

    This step involves the following participants:

    • BCP Coordinator
    • Executive Sponsor

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Document BCP teams, roles, and responsibilities.

    Document contact information, alternates, and succession rules.

    Outline a Business Continuity Management Program

    A BCM program, also known as a BCM system, helps structure business continuity activities and practices to deliver long-term benefits to your business.

    A BCM program should:

    • Establish who is responsible and accountable for BCP practices, activities, and documentation, and set documentation management practices.
    • Define a process to improve plans. Review and update continuity requirements, suggest enhancements to recovery capabilities, and measure progress and improvements to the plan over time.
    • Coordinate disaster recovery, business continuity, and crisis management planning outputs and practices.
    • Communicate the value of the continuity program to the organization.

    Develop a Business Continuity Management Program

    Phase 4 of this blueprint will focus on the following elements of a business continuity management program:

    • BCM Roles, Responsibilities, and Accountabilities
    • BCM Document Management Practices
    • Integrate BC, IT DR, Crisis Management, and Emergency Management
    • Business Continuity Plan maintenance and testing
    • Training and awareness

    Schedule a call with an Info-Tech Analyst for help building out these core elements, and for advice on developing the rest of your BCM program.

    Create BCM teams

    Include a mix of strong leaders and strong planners on your BC management teams.

    BC management teams (including the secondary teams such as the emergency response team) have two primary roles:

    1. Preparation, Planning, and Governance: Conduct and consolidate business impact analyses. Review, and support the development of recovery workflows, including emergency response plans and business unit recovery workflows. Organize testing and training. Report on the state of the continuity plan.
    2. Leadership During a Crisis: Coordinate and support the execution of business recovery processes. To meet these goals, each team needs a mix of skill sets.

    Crisis leaders require strong crisis management skills:

    • Ability to make quick decisions under pressure with incomplete information.
    • Excellent verbal communication skills.
    • Strong leadership skills. Calm in stressful situations.
    • Team leaders are ideally, but not necessarily, those with the most senior title on each team. It’s more important that the team leader has the appropriate skill set.

    Collectively, the team must include a broad range of expertise as well as strong planning skills:

    • Diverse expertise to be able to plan for and respond to a wide range of potential incidents, from health and safety to reputational damage.
    • Excellent organizational skills and attention to detail.
    • Excellent written communication skills.

    Note: For specific BC team roles and responsibilities, including key resources such as Legal, HR, and IT SMEs required to prepare for and execute crisis management plans, see Implement Crisis Management Best Practices.

    Structure the BCM Team

    Create a hierarchy of teams to govern and coordinate business continuity planning and crisis management.

    BCM Team: Govern business continuity, DR, and crisis management planning. Support the organization’s response to a crisis, including the decision to declare a disaster or emergency.

    Emergency Response Teams: Assist staff and BC teams during a crisis, with a focus first on health and safety. There’s usually one team per location. Develop and maintain emergency response plans.

    Emergency Response Teams: Assist staff and BC teams during a crisis, with a focus first on health and safety. There’s usually one team per location. Develop and maintain emergency response plans.

    IT Disaster Recovery Team: Manage the recovery of IT services and data following an incident. Develop and maintain the IT DRP.

    Business Unit BCP Teams: Coordinate business process recovery at the business unit level. Develop and maintain business unit BCPs.

    “Planning Mode”

    Executive Team → BC Management Team ↓

    • Emergency Response Teams (ERT)
    • Crisis Management Team
    • IT DR Management Team
    • Business Unit BCP Teams

    “Crisis Mode”

    Executive Team ↔Crisis Management Team↓ ↔ Emergency Response Teams (ERT)

    • BC Management Team
    • IT DR Management Team
    • Business Unit BCP Teams

    For more details on specific roles to include on these teams, as well as more information on crisis management, review Info-Tech’s blueprint, Implement Crisis Management Best Practices.

    Tool: BCM Teams, Roles, Contacts, and Vendors

    Track teams, roles, and contacts in this template. It is pre-populated with roles and responsibilities for business continuity, crisis management, IT disaster recovery, emergency response, and vendors and suppliers critical to business operations.

    • Expect overlap across teams. For example, the BC Management Team will include representation from each secondary team to ensure plans are in sync. Similarly, both the Crisis Communication Team and BC Management Team should include a representative from your legal team to ensure legal issues are considered in communications as well as overall crisis management.
    • Clarify spending and decision authority for key members of each team during a crisis.

    Track contact information in this template only if you don’t have a more streamlined way of tracking it elsewhere.

    Download Info-Tech’s Business Continuity Teams and Roles Tool

    Manage key vendors

    Review supplier capabilities and contracts to ensure they meet your requirements.

    Suppliers and vendors might include:

    • Material shipments
    • IT/telecoms service providers
    • Integrators and business process outsourcing providers
    • Independent contractors
    • Utilities (power, water, etc.)

    Supplier RTOs and RPOs should align with the acceptable RTOs and RPOs defined in the BIA. Where they do not, explore options for improvement.

    Confirm the following:

    1. The supplier’s own BC/DR capabilities – how they would recover their own operations in a disaster scenario.
    2. Any continuity services the supplier provides – how they can help you recover your operations in a disaster scenario.
    3. Their existing contractual obligations for service availability (e.g. SLAs).

    Download Info-Tech’s BCP Supplier Evaluation Questionnaire

    Organize your BCMS documentation

    Your BCP isn’t any one document. It’s multiple documents that work together.

    Continue to work through any additional required documentation. Build a repository where master copies of each document will reside and can be updated as required. Assign ownership of document management to someone with an understanding of the process (e.g. the BCP Coordinator).

    Governance Recovery
    BCMS Policy BCP Summary Core BCP Recovery Workflows
    Business Process Workflows Action Items & Project Roadmap BCP Recovery Checklists
    BIA Teams, Roles, Contact Information BCP Business Process Workarounds and Recovery Checklists
    BCP Maturity Scorecard BCP Project Charter Additional Recovery Workflows
    Business Unit Prioritization Tool BCP Presentation

    Info-Tech Best Practice

    Recovery documentation has a different audience, purpose, and lifecycle than governance documentation, and keeping the documents separate can help with content management. Disciplined document management keeps the plan current and accessible.

    Align your IT DRP with your BCP

    Use the following BCP outputs to inform your DRP:

    • Business process technology dependencies. This includes technology not controlled by IT (e.g. cloud-based services).
    • RTOs and RPOs for business processes.
    • Technology projects identified by the business to improve resilience (e.g. improved mobility support).
    PCP Outputs DRP Activities
    Business processes defined Identify critical applications

    Dependencies identified:

    • People
    • Enterprise tech
    • Personal devices
    • Workspace and facilities
    • Services and other inputs

    Identify IT dependencies:

    • Infrastructure
    • Secondary applications

    Recovery objectives defined:

    • BIA and RTOs/RPOs
    • Recovery workflows

    Identify recovery objectives:

    • BIA and RTOs/RPOs
    • IT Recovery workflows

    Projects identified to close gaps:

    • Resourcing changes (e.g. training secondary staff)
    • Process changes (e.g. optimize processes and define interim processes)
    • Technology changes (e.g. improving mobility)

    Identify projects to close gaps:

    • Projects to improve DR capability (e.g. data replication, standby systems).
    • Projects to improve resiliency (e.g. redundant components)

    Info-Tech Insight

    Don’t think of inconsistencies between your DRP and BCP as a problem. Discrepancies between the plans are part of the discovery process, and they’re an opportunity to have a conversation that can improve alignment between IT service capabilities and business needs. You should expect that there will be discrepancies – managing discrepancies is part of the ongoing process to refine and improve both plans.

    Schedule activities to keep BC and DR in sync

    BC/DR Planning Workflow

    1. Collect BCP outputs that impact IT DRP (e.g. technology RTOs/RPOs).

    2. As BCPs are done, BCP Coordinator reviews outputs with IT DRP Management Team.

    3. Use the RTOs/RPOs from the BCPs as a starting point to determine IT recovery plans.

    4. Identify investments required to meet business-defined RTOs/RPOs, and validate with the business.

    5. Create a DR technology roadmap to meet validated RTOs/RPOs.

    6. Review and update business unit BCPs to reflect updated RTOs/RPOs.

    Find and address shadow IT

    Reviewing business processes and dependencies can identify workarounds or shadow IT solutions that weren’t visible to IT and haven’t been included in IT’s DR plan.

    • If you identify technology process dependencies that IT didn’t know about, it can be an opportunity to start a conversation about service support. This can be a “teachable moment” to highlight the risks of adopting and implementing technology solutions without consulting IT.
    • Highlight the possible impact of using technology services that aren’t supported by IT. For example:
      • RTOs and RPOs may not be in line with business requirements.
      • Costs could be higher than supported solutions.
      • Security controls may not be in line with compliance requirements.
      • IT may not be able to offer support when the service breaks or build new features or functionality that might be required in the future.
    • Make sure that if IT is expected to support shadow IT solutions, these systems are included in the IT DRP and that the risks and costs of supporting the non-core solution are clear to all parties and are compared to an alternative, IT-recommended solutions.

    Shadow IT can be a symptom of larger service support issues. There should be a process for requesting and tracking non-standard services from IT with appropriate technical, security, and management oversight.

    Review and reprioritize BC projects to create an overall BC project roadmap

    Assign the BCP Coordinator the task of creating a master list of BC projects, and then work with the BC management team to review and reprioritize this list, as described below:

    1. Build a list of BC projects as you work with each business unit.
      1. Add proposed projects to a master copy of the BCP Project Roadmap Tool
      2. For each subsequent business unit, copy project names, scoring, and timelines into the master roadmap tool.
    2. Work with the Executive Sponsor, the IT BCM representative, and the BCM team to review and reprioritize projects.
      1. In the master BCP Project Roadmap Tool, review and update project scoring, taking into account the relative importance of each project within the overall list. Rationalize the list (e.g. eliminate duplicate projects).
    3. The project roadmap is a suggested list of projects at this stage. Assign a project sponsor and project manager (from the BC management team or appropriate delegates) to each project to take it through your organization’s normal project scoping and approval process.

    Improving business continuity capabilities is a marathon, not a sprint. Change for the better is still change and introduces risk – massive changes introduce massive risk. Incremental changes help minimize disruption. Use Info-Tech research to deliver organizational change.

    "Developing a BCP can be like solving a Rubik’s Cube. It’s a complex, interdepartmental concern with multiple and sometimes conflicting objectives. When you have one side in place, another gets pushed out of alignment." – Ray Mach, BCP Expert

    Step 4.3

    Test and maintain your BCP

    This step will walk you through the following activities:

    • Create additional documentation to support your business continuity plan.
    • Create a repository for documentation, and assign ownership for BCP documentation.

    This step involves the following participants:

    • BCP Coordinator

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Create a plan to maintain the BCP.

    Iterate on your plan

    Tend your garden, and pull the weeds.

    Mastery comes through practice and iteration. Iterating on and testing your plan will help you keep up to date with business changes, identify plan improvements, and help your organization’s employees develop a mindset of continuity readiness. Maintenance drives continued success; don’t let your plan become stagnant, messy, and unusable.

    Your BCM program should structure BCP reviews and updates by answering the following:

    1. When do we review the plan?
    2. What are the goals of a review?
    3. Who must lead reviews and update BCP documents?
    4. How do we track reviews, tests, and updates?

    Structure plan reviews

    There are more opportunities for improvements than just planned reviews.

    At a minimum, review goals should include:

    1. Identify and document changes to BCP requirements.
    2. Identify and document changes to BCP capabilities.
    3. Identify gaps and risks and ways to remediate risks and close gaps.

    Who leads reviews and updates documents?

    The BCP Coordinator is likely heavily involved in facilitating reviews and updating documentation, at least at first. Look for opportunities to hand off document ownership to the business units over time.

    How do we track reviews, tests, and updates?

    Keep track of your good work by keeping a log of document changes. If you don’t have one, you can use the last tab on the BCP-DRP Maintenance Checklist.

    When do we review the plan?

    1. Scheduled reviews: At a minimum, plan reviews once a year. Plan owners should review the documents, identify needed updates, and notify the coordinator of any changes to their plan.
    2. As-needed reviews: Project launches, major IT upgrades, office openings or moves, organizational restructuring – all of these should trigger a BCP review.
    3. Testing exercises: Schedule controlled exercises to test and improve different aspects of your continuity plan, and ensure that lessons learned become part of plan documentation.
    4. Retrospectives: Take the opportunity to learn from actual continuity events and crises by conducting retrospectives to evaluate your response and brainstorm improvements.

    Conduct a retrospective after major incidents

    Use a retrospective on your COVID-19 response as a starting point. Build on the questions below to guide the conversation.

    • If needed, how did we set up remote work for our users? What worked, and what didn’t?
    • Did we discover any long-term opportunities to improve business processes?
    • Did we use any continuity plans we have documented?
    • Did we effectively prioritize business processes for recovery?
    • Were expectations from our business users in line with our plans?
    • What parts of our plan worked, and where can we improve the plan?
    1. Gather stakeholders and team members
    2. Ask:
      1. What happened?
      2. What did we learn?
      3. What did we do well?
      4. What should we have done differently?
      5. What gaps should we take action to address?
    3. Prepare a plan to take action

    Outcomes and benefits

    • Confirm business priorities.
    • Validate that business recovery solutions and procedures are effective in meeting business requirements (i.e. RTOs and RPOs).
    • Identify gaps in continuity resources, procedures, or documentation, and options to close gaps.
    • Build confidence in the response team and recovery capabilities.

    Tool: Testing and Maintenance Schedule

    Build a light-weight maintenance schedule for your BCP and DRP plans.

    This tool helps you set a schedule for plan update activities, identify document and exercise owners, and log updates for audit and governance purposes.

    • Add the names of your documents and brainstorm update activities.
    • Activities (document updates, testing, etc.) might be scheduled regularly, as-needed, or both. If they happen “as needed,” identify the trigger for the activity.
    • Start tracking past activities and resulting changes in Tab 3. You can also track crises that tested your continuity capabilities on this tab.

    Info-Tech Insight

    Everyone gets busy. If there’s a meeting you can schedule months in advance, schedule it months in advance! Then send reminders closer to the date. As soon as you’re done the pilot BCP, set aside time in everyone’s calendar for your first review session, whether that’s three months, six months, or a year from now.

    Appendix

    Additional BCP Tools and Templates

    Template Library: Business Continuity Policy

    Create a high-level policy to govern BCP and clarify BCP requirements.

    Use this template to:

    • Outline the organizational commitment to BCM.
    • Clarify the mandate to prepare, validate, and maintain continuity plans that align with business requirements.
    • Define specific policy statements that signatories to the policy are expected to uphold.
    • Require key stakeholders to review and sign off on the template.

    Download Info-Tech’s Business Continuity Policy template

    Template Library: Workarounds & Recovery Checklists

    Capture the step-by-step details to execute workarounds and steps in the business recovery process.

    If you require more detail to support your recovery procedures, you can use this template to:

    • Record specific steps or checklists to support specific workarounds or recovery procedures.
    • Identify prerequisites for workarounds or recovery procedures.

    Download Info-Tech’s BCP Process Workarounds & Recovery Checklists Template

    Template Library: Notification, Assessment, Declaration

    Create a procedure that outlines the conditions for assessing a disaster situation and invoking the business continuity plan.

    Use this template to:

    • Guide the process whereby the business is notified of an incident, assesses the situation, and declares a disaster.
    • Set criteria for activating business continuity plans.
    • Review examples of possible events, and suggest options on how the business might proceed or react.

    Download Info-Tech’s BCP Notification, Assessment, and Disaster Declaration Plan template

    Template Library: BCP Recovery Workflow Example

    Review an example of BCP recovery workflows.

    Use this template to:

    • Generate ideas for your own recovery processes.
    • See real examples of recovery processes for warehousing, supply, and distribution operations.
    • Review an example of working BCP documentation.

    Download Info-Tech’s BCP Recovery Workflows Example

    Create a Pandemic Response Plan

    If you’ve been asked to build a pandemic-specific response plan, use your core BCP findings to complete these pandemic planning documents.

    • At the onset of the COVID-19 crisis, IT departments were asked to rapidly ramp up work-from-home capabilities and support other process workarounds.
    • IT managers already knew that obstacles to working from home would go beyond internet speed and needing a laptop. Business input is critical to uncover unexpected obstacles.
    • IT needed to address a range of issues from security risk to increased service desk demand from users who don’t normally work from home.
    • Workarounds to speed the process up had to be balanced with good IT practices and governance (Asset Management, Security, etc.)
    • If you’ve been asked to update your Pandemic Response Plan, use this template and your core BCP deliverables to deliver a set of streamlined documentation that draws on lessons learned from the COVID-19 pandemic.

    Structure HR’s role in the pandemic plan

    Leverage the following materials from Info-Tech’s HR-focused sister company, McLean & Company.

    These HR research resources live on the website of Info-Tech’s sister company, McLean & Company. Contact your Account Manager to gain access to these resources.

    Summary of Accomplishment

    Knowledge Gained

    This blueprint outlined:

    • The streamlined approach to BCP development.
    • A BIA process to identify acceptable, appropriate recovery objectives.
    • Tabletop planning exercises to document and validate business recovery procedures.

    Processes Optimized

    • Business continuity development processes were optimized, from business impact analysis to incident response planning.
    • In addition, pilot business unit processes were identified and clarified to support BCP development, which also provided the opportunity to review and optimize those processes.

    Key Deliverables Completed

    • Core BCP deliverables for the pilot business unit, including a business impact analysis, recovery workflows, and a project roadmap.
    • BCP Executive Presentation to communicate pilot results as well as a summary of the methodology to the executive team.
    • BCP Summary to provide a high-level view of BCP scope, objectives, capabilities, and requirements.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com

    1-888-670-8889

    Research Contributors and Experts

    Dr. Bernard A. Jones, MBCI, CBCP

    Professor and Continuity Consultant Berkeley College

    Dr. Jones is a professor at Berkeley College within the School of Professional Studies teaching courses in Homeland Security and Emergency Management. He is a member of the National Board of Directors for the Association of Continuity Professionals (ACP) as well as the Information & Publications Committee Chair for the Garden State Chapter of the ACP. Dr. Jones earned a doctorate degree in Civil Security Leadership, Management & Policy from New Jersey City University where his research focus was on organizational resilience.

    Kris L. Roberson

    Disaster Recovery Analyst Veterans United Home Loans

    Kris Roberson is the Disaster Recovery Analyst for Veterans United Home Loans, the #1 VA mortgage lender in the US. Kris oversees the development and maintenance of the Veterans United Home Loans DR program and leads the business continuity program. She is responsible for determining the broader strategies for DR testing and continuity planning, as well as the implementation of disaster recovery and business continuity technologies, vendors, and services. Kris holds a Masters of Strategic Leadership with a focus on organizational change management and a Bachelors in Music. She is a member of Infragard, the National Association of Professional Women, and Sigma Alpha Iota, and holds a Project+ certification.

    Trevor Butler

    General Manager of Information Technology City of Lethbridge

    As the General Manager of Information Technology with the City of Lethbridge, Trevor is accountable for providing strategic management and advancement of the city’s information technology and communications systems consistent with the goals and priorities of the corporation while ensuring that corporate risks are appropriately managed. He has 15+ years of progressive IT leadership experience, including 10+ years with public sector organizations. He holds a B.Mgt. and PMP certification along with masters certificates in both Project Management and Business Analysis.

    Robert Miller

    Information Services Director Witt/Kieffer

    Bob Miller is the Information Services Director at Witt/Kieffer. His department provides end-user support for all company-owned devices and software for Oak Brook, the regional offices, home offices, and traveling employees. The department purchases, implements, manages, and monitors the infrastructure, which includes web hosting, networks, wireless solutions, cell phones, servers, and file storage. Bob is also responsible for the firm’s security planning, capacity planning, and business continuity and disaster preparedness planning to ensure that the firm has functional technology to conduct business and continue business growth.

    Related Info-Tech Research

    Create a Right-Sized Disaster Recovery Plan

    Close the gap between your DR capabilities and service continuity requirements.

    Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind

    Go beyond satisfying auditors to drive process improvement, consistent IT operations, and effective knowledge transfer.

    Select the Optimal Disaster Recovery Deployment Model

    Determine which deployment models, including hybrid solutions, best meet your DR requirements.

    Bibliography

    “Business Continuity Planning.” IT Examination HandBook. The Federal Financial Institution Examination Council (FFIEC), February 2015. Web.

    “Business Continuity Plans and Emergency Contact Information.” FINRA, 12 February 2015. Web.

    “COBIT 5: A Business Framework for the Governance and Management of Enterprise IT.” ISACA, n.d. Web.

    Disaster Resource GUIDE. Emergency Lifeline Corporation, n.d. Web.

    “DR Rules & Regulations.” Disaster Recovery Journal, March 2017. Web.

    “Federal Information Security Management Act (FISMA).” Homeland Security, 2014. Web.

    FEMA. “Planning & Templates.” FEMA, n.d. Web.

    “FINRA-SEC-CFTC Joint Advisory (Regulatory Notice 13-25).” FINRA, August 2013. Web.

    Gosling, Mel and Andrew Hiles. “Business Continuity Statistics: Where Myth Meets Fact.” Continuity Central, 24 April 2009. Web.

    Hanwacker, Linda. “COOP Templates for Success Workbook.” The LSH Group, 2016. Web.

    Potter, Patrick. “BCM Regulatory Alphabet Soup – Part Two.” RSA Link, 28 August 2012. Web.

    The Good Practice Guidelines. Business Continuity Institute, 2013. Web.

    Wang, Dashun and James A. Evans. “When Small Teams are Better than Big Ones.” Harvard Business Review, 21 February 2019. Web.

    Responsibly Resume IT Operations in the Office

    • Buy Link or Shortcode: {j2store}423|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity

    Having shifted operations almost overnight to a remote work environment, and with the crisis management phase of the COVID-19 pandemic winding down, IT leaders and organizations are faced with the following issues:

    • A reduced degree of control with respect to the organization’s assets.
    • Increased presence of unapproved workaround methods, including applications and devices not secured by the organization.
    • Pressure to resume operations at pre-pandemic cadence while still operating in recovery mode.
    • An anticipated game plan for restarting the organization’s project activities.

    Our Advice

    Critical Insight

    An organization’s shift back toward the pre-pandemic state cannot be carried out in isolation. Things have changed. Budgets, resource availability, priorities, etc., will not be the same as they were in early March. Organizations must ensure that all departments work collaboratively to support office repatriation. IT must quickly identify the must-dos to allow safe return to the office, while prioritizing tasks relating to the repopulation of employees, technical assets, and operational workloads via an informed and streamlined roadmap.

    As employees return to the office, PMO and portfolio leaders must sift through unclear requirements and come up with a game plan to resume project activities mid-pandemic. You need to develop an approach, and fast.

    Impact and Result

    Responsibly resume IT operations in the office:

    • Evaluate risk tolerance
    • Prepare to repatriate people to the office
    • Prepare to repatriate assets to the office
    • Prepare to repatriate workloads to the office
    • Prioritize your tasks and build your roadmap

    Quickly restart the engine of your PPM:

    • Restarting the engine of the project portfolio won’t be as simple as turning a key and hitting the gas. The right path forward will differ for every project portfolio practice.
    • Therefore, in this publication we put forth a multi-pass approach that PMO and portfolio managers can follow depending on their unique situations and needs.
    • Each approach is accompanied by a checklist and recommendations for next steps to get you on right path fast.

    Responsibly Resume IT Operations in the Office Research & Tools

    Start here – read the Executive Brief

    As the post-pandemic landscape begins to take shape, ensure that IT can effectively prepare and support your employees as they move back to the office.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Evaluate your new risk tolerance

    Identify the new risk landscape and risk tolerance for your organization post-pandemic. Determine how this may impact the second wave of pandemic transition tasks.

    • Responsibly Resume IT Operations in the Office – Phase 1: Evaluate Your New Risk Tolerance
    • Resume Operations Information Security Pressure Analysis Tool

    2. Repatriate people to the office

    Prepare to return your employees to the office. Ensure that IT takes into account the health and safety of employees, while creating an efficient and sustainable working environment

    • Responsibly Resume IT Operations in the Office – Phase 2: Repatriate People to the Office
    • Mid-Pandemic IT Prioritization Tool

    3. Repatriate assets to the office

    Prepare the organization's assets for return to the office. Ensure that IT takes into account the off-license purchases and new additions to the hardware family that took place during the pandemic response and facilitates a secure reintegration to the workplace.

    • Responsibly Resume IT Operations in the Office – Phase 3: Repatriate Assets to the Office

    4. Repatriate workloads to the office

    Prepare and position IT to support workloads in order to streamline office reintegration. This may include leveraging pre-existing solutions in different ways and providing additional workstreams to support employee processes.

    • Responsibly Resume IT Operations in the Office – Phase 4: Repatriate Workloads to the Office

    5. Prioritize your tasks and build the roadmap

    Once you've identified IT's supporting tasks, it's time to prioritize. This phase walks through the activity of prioritizing based on cost/effort, alignment to business, and security risk reduction weightings. The result is an operational action plan for resuming office life.

    • Responsibly Resume IT Operations in the Office – Phase 5: Prioritize Your Tasks and Build the Roadmap

    6. Restart the engine of your project portfolio

    Restarting the engine of the project portfolio mid-pandemic won’t be as simple as turning a key and hitting the gas. Use this concise research to find the right path forward for your organization.

    • Restart the Engine of Your Project Portfolio
    [infographic]

    Estimate Software Delivery With Confidence

    • Buy Link or Shortcode: {j2store}147|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $50,000 Average $ Saved
    • member rating average days saved: 20 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Estimation and planning practices set and reinforce the expectations of product delivery, which is a key driver of IT satisfaction.
    • However, today’s rapidly scaling and increasingly complex products and business needs create mounting pressure for teams to make accurate estimates with little knowledge of the problem or solution to it, risking poor-quality products.
    • Many organizations lack the critical foundations involved in making acceptable estimates in collaboration with the various perspectives and estimation stakeholders.

    Our Advice

    Critical Insight

    • Estimation reflects your culture and operating model. The accuracy of your estimates is dependent on the roles involved, which is not encouraged in traditional and top-down methodologies. Stakeholders must respect and support the team’s estimates.
    • Estimates support value delivery. IT satisfaction is driven by the delivery of valuable products and services. Estimates set the appropriate stakeholder expectations to ensure successful delivery and make the right decisions.
    • Estimates are more than just guesses. They are tools used to make critical business, product, and technical decisions and inform how to best utilize resources and funding.

    Impact and Result

    • Establish the right expectations. Gain a grounded understanding of estimation value and limitations. Discuss estimation challenges to determine if poor practices and tactics are the root causes or symptoms.
    • Strengthen analysis and estimation practices. Obtain a thorough view of the product backlog item (PBI) through good analysis tactics. Incorporate multiple analysis and estimation tactics to verify and validate assumptions.
    • Incorporate estimates into your delivery lifecycle. Review and benchmark estimates, and update expectations as more is learned.

    Estimate Software Delivery With Confidence Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should optimize your estimation practice, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Justify estimation optimization

    Set the right stakeholder expectations for your delivery estimates and plans.

    • Estimate Software Delivery With Confidence – Phase 1: Justify Estimation Optimization
    • Estimation Quick Reference Template

    2. Commit to achievable delivery

    Adopt the analysis, estimation, commitment, and communication tactics to successfully develop your delivery plan.

    • Estimate Software Delivery With Confidence – Phase 2: Commit to Achievable Delivery

    3. Mature your estimation practice

    Build your estimation optimization roadmap.

    • Estimate Software Delivery With Confidence – Phase 3: Mature Your Estimation Practice
    [infographic]

    Workshop: Estimate Software Delivery With Confidence

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Set the Context

    The Purpose

    Discuss the decisions that estimates will help make.

    Level set estimation expectations by clarifying what they can and cannot do.

    Review the current state of your estimation practice.

    Key Benefits Achieved

    Grounded understanding of estimation that is accepted by all audiences and stakeholders.

    Identification of whether estimation practices are the root cause of estimation challenges or a symptom of a different issue.

    Activities

    1.1 Define estimation expectations.

    1.2 Reveal your root cause challenges.

    Outputs

    Estimation expectations

    Root causes of estimation challenges

    2 Build Your Estimation Practice

    The Purpose

    Discuss the estimation and planning practices used in the industry.

    Define the appropriate tactics to use to make key business and delivery decisions.

    Simulate the tactics to verify and validate their fit with your teams.

    Key Benefits Achieved

    Knowledge of good practices that can improve the effectiveness of your estimates and plans.

    Practice using new tactics.

    Activities

    2.1 Ground estimation fundamentals.

    2.2 Strengthen your analysis tactics.

    2.3 Strengthen your estimation tactics.

    2.4 Commit and communicate delivery.

    2.5 Simulate your target state planning and estimation tactics.

    Outputs

    Estimation glossary and guiding principles

    Defined analysis tactics

    Defined estimation and consensus-building tactics

    Defined commitment and communication tactics

    Lessons learned

    3 Define Your Optimization Roadmap

    The Purpose

    Review the scope and achievability of your improved estimation and planning practice.

    Key Benefits Achieved

    Realistic and achievable estimation optimization roadmap.

    Activities

    3.1 Mature your estimation practice.

    Outputs

    Estimation optimization roadmap

    Data Quality

    • Buy Link or Shortcode: {j2store}19|cart{/j2store}
    • Related Products: {j2store}19|crosssells{/j2store}
    • Teaser Video: Visit Website
    • Teaser Video Title: Big data after pandemic
    • member rating overall impact (scale of 10): 8.3/10
    • member rating average dollars saved: $5,100
    • member rating average days saved: 8
    • Parent Category Name: Data and Business Intelligence
    • Parent Category Link: /data-and-business-intelligence
    Restore trust in your data by aligning your data management approach to the business strategy

    Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind

    • Buy Link or Shortcode: {j2store}416|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $38,999 Average $ Saved
    • member rating average days saved: 17 Average Days Saved
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity
    • Writing SOPs is the last thing most people want to do, so the work gets pushed down the priority list and the documents become dated.
    • Most organizations know it is good practice to have SOPs as it improves consistency, facilitates process improvement, and contributes to efficient operations.
    • Though the benefits are understood, many organizations don't have SOPs and those that do don't maintain them.

    Our Advice

    Critical Insight

    • Create visual documents, not dense SOP manuals.
    • Start with high-impact SOPs, and identify the most critical undocumented SOPs and address them first.
    • Integrate SOP creation into project requirements and create SOP approval steps to ensure documentation is reviewed and completed in a timely fashion.

    Impact and Result

    • Create visual documents that can be scanned. Flowcharts, checklists, and diagrams are quicker to create, take less time to update, and are ultimately more usable than a dense manual.
    • Use simple but effective document management practices.
    • Make SOPs part of your project deliverables rather than an afterthought. That includes checking documentation status as part of your change management process.

    Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind – Make SOPs work for you with visual documents that are easier to create and more effective for process management and optimization.

    Learn best practices for creating, maintaining, publishing, and managing effective SOP documentation.

    • Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind – Phases 1-3

    2. Standard Operating Procedures Workbook and Document Management Checklist – Prioritize, optimize, and document critical SOPs.

    Identify required documentation and prioritize them according to urgency and impact.

    • Standard Operating Procedures Workbook
    • Document Management Checklist

    3. Process Templates and Examples – Review and assess templates to find samples that are fit for purpose.

    Review the wide variety of samples to see what works best for your needs.

    • Standard Operating Procedures Project Roadmap Tool
    • System Recovery Procedures Template
    • Application Development Process – AppDev Example (Visio)
    • Application Development Process – AppDev Example (PDF)
    • Network Backup for Atlanta Data Center – Backups Example
    • DRP Recovery Workflow Template (PDF)
    • DRP Recovery Workflow Template (Visio)
    • Employee Termination Process Checklist – IT Security Example
    • Sales Process for New Clients – Sales Example (Visio)
    • Sales Process for New Clients – Sales Example (PDF)
    • Incident and Service Management Procedures – Service Desk Example (Visio)
    • Incident and Service Management Procedures – Service Desk Example (PDF)
    [infographic]

    Further reading

    Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind

    Change your focus from satisfying auditors to driving process optimization, consistent IT operations, and effective knowledge transfer.

    Project Outline

    Two flowcharts are depicted. The first is labelled 'Executive Brief' and the second is labelled 'Tools and Templates Roadmap'. Both outline the following project.

    ANALYST PERSPECTIVE

    Do your SOPs drive process optimization?

    "Most organizations struggle to document and maintain SOPs as required, leading to process inconsistencies and inefficiencies. These breakdowns directly impact the performance of IT operations. Effective SOPs streamline training and knowledge transfer, improve transparency and compliance, enable automation, and ultimately decrease costs as processes improve and expensive breakdowns are avoided. Documenting SOPs is not just good practice; it directly impacts IT efficiency and your bottom line."

    Frank Trovato, Senior Manager, Infrastructure Research Info-Tech Research Group

    Our understanding of the problem

    This Research Is Designed For:

    • IT Process Owners
    • IT Infrastructure Managers
    • IT Service Managers
    • System Administrators
    • And more…

    This Research Will Help You:

    • Identify, prioritize, and document SOPs for critical business processes.
    • Discover opportunities for overall process optimization by documenting SOPs.
    • Develop documentation best practices that support ongoing maintenance and review.

    This Research Will Also Assist:

    • CTOs
    • Business unit leaders

    This Research Will Help Them:

    • Understand the need for and value of documenting SOPs in a usable format.
    • Help set expectations around documentation best practices.
    • Extend IT best practices to other parts of the business.

    Executive summary

    Situation

    • Most organizations know it is good practice to have SOPs as it improves consistency, facilitates process improvement, and contributes to efficient operations.
    • Though the benefits are understood, many organizations don't have SOPs and those that do don't maintain them.

    Complication

    • Writing SOPs is the last thing most people want to do, so the work gets pushed down the priority list and the documents become dated.
    • Promoting the use of SOPs can also face staff resistance as the documentation is seen as time consuming to develop and maintain, too convoluted to be useful, and generally out of date.

    Resolution

    • Overcome staff resistance while implementing a sustainable SOP documentation approach by doing the following:
      • Create visual documents that can be scanned. Flowcharts, checklists, and diagrams are quicker to create, take less time to update, and are ultimately more usable than a dense manual.
      • Use simple, but effective document management practices.
      • Make SOPs part of your project deliverables rather than an afterthought. That includes checking documentation status as part of your change management process.
    • Extend these principles to other areas of IT and business processes. The survey data and examples in this report include application development and business processes as well as IT operations.

    Info-Tech Insight

    1. Create visual documents, not dense SOP manuals.
    2. Start with high-impact SOPs. Identify the most critical undocumented SOPs and document them first.
    3. Integrate SOP creation into project requirements and create SOP approval steps to ensure documentation is reviewed and completed in a timely fashion.

    Most organizations struggle to create and maintain SOP documents, especially in North America, despite the benefits

    North American companies are traditionally more technology focused than process focused, and that is reflected in the approach to documenting SOPs.

    • An ad hoc approach to SOPs almost certainly means documents will be out of date and ineffective. The same is also true when updating SOPs as part of periodic concerted efforts to prepare for an audit, annual review, or certification process, and this makes the task more imposing.
    • Incorporating SOP updates as part of regular change management processes ensures documents are up to date and usable. This can also make reviews and audits much more manageable.

    'It isn’t unusual for us to see infrastructure or operations documentation that is wildly out of date. We’re talking months, even years. Often it was produced as one big effort and then not reliably maintained.'

    – Gary Patterson, Consultant, Quorum Resources

    Organizations are most likely to update documents on an ad hoc basis or via periodic formal reviews. Less than 25% keep SOPs updated as needed.

    Graph depicting North America versus Asia and Europe practices of document updates

    Source: Info-Tech Research Group; N=104

    Document SOPs to improve knowledge transfer, optimize processes, and ultimately save money

    Benefits of documented SOPs Impact of undocumented/undefined SOPs
    Improved training and knowledge transfer: Routine tasks can be delegated to junior staff (freeing senior staff to work on higher priority tasks). Without documented SOPs: Tasks will be difficult to delegate, key staff become a bottleneck, knowledge transfer is inconsistent, and there is a longer onboarding process for new staff.
    IT automation, process optimization, and consistent operations: Defining, documenting, and then optimizing processes enables IT automation to be built on sound processes, so consistent positive results can be achieved. Without documented SOPs: IT automation built on poorly defined, unoptimized processes leads to inconsistent results.
    Compliance: Compliance audits are more manageable because the documentation is already in place. Without documented SOPs: Documenting SOPs to prepare for an audit becomes a major time-intensive project.
    Transparency: Visually documented processes answer the common business question of “why does that take so long?” Without documented SOPs: Other areas of the organization may not understand how IT operates, which can lead to confusion and unrealistic expectations.
    Cost savings: Work can be assigned to the lowest level of support cost, IT operations achieve greater efficiency, and expensive breakdowns are avoided. Without documented SOPs: Work may be distributed uneconomically, money may be wasted through inefficient processes, and the organization is vulnerable to costly disruptions.

    COBIT, ISO, and ITIL aren’t a complete solution

    "Being ITIL and ISO compliant hasn’t solved our documentation problem. We’re still struggling."

    – Vendor Relationship Manager, Financial Services Industry

    • Adopting a framework such as ITIL, COBIT, or ISO doesn’t always mean that SOP documents are accurate, effective, or up to date.
    • Although these frameworks emphasize the importance of documenting processes, they tend to focus more on process development and requirements than on actual documentation. In other words, they deal more with what needs to be done than with how to do it.
    • This research will focus more on the documentation process itself – so how to go about creating, updating, optimizing, managing, and distributing SOP documents.

    Inadequate SOPs lead to major data loss and over $99,000 in recovery costs

    CASE STUDY 1

    Company A mid-sized US organization with over 1,000 employees

    Source Info-Tech Interview

    Situation

    • IT supports storage nodes replicated across two data centers. SOPs for backup procedures did not include an escalation procedure for failed backups or a step to communicate successful backups. Management was not aware of the issue and therefore could not address it before a failure occurred.

    Incident

    • Primary storage had a catastrophic failure, and that put pressure on the secondary storage, which then also failed. All active storage failed and the data corrupted. Daily backups were failing due to lack of disk space on the backup device. The organization had to resort to monthly tape backups.

    Impact

    • Lost 1 month of data (had to go back to the last tape backup).
    • Recovery also took much longer because recovery procedures were also not documented.
    • Key steps such as notifying impacted customers were overlooked. Customers were left unhappy not only with the outage and data loss but also the lack of communication.
    Hard dollar recovery costs
    Backup specialist (vendor) to assist with restoring data from tape $12,000
    Temps to re-enter 1 month of data $5,000
    Weekend OT for 4 people (approximately 24 hours per person) $5,538
    Productivity cost for affected employees for 1 day of downtime $76,923
    Total $99,462

    Intangible costs

    High “goodwill” impact for internal staff and customers.

    "The data loss pointed out a glaring hole in our processes – the lack of an escalation procedure. If I knew backups weren’t being completed, I would have done something about that immediately."

    – Senior Division Manager, Information Technology Division

    IT services company optimizes its SOPs using “Lean” approach

    CASE STUDY 2

    Company Atrion

    SourceInfo-Tech Interview

    Lean and SOPs

    • Standardized work is important to Lean’s philosophy of continuous improvement. SOPs allow for replication of the current best practices and become the baseline standard for member collaboration toward further improvements.
    • For more on Lean’s approach to SOPs, see “Lean Six Sigma Quality Transformation Toolkit (LSSQTT) Tool #17.”

    Atrion’s approach

    • Atrion is focused on documenting high-level processes that improve the client and employee experience or which can be used for training.
    • Cross-functional teams collaborate to document a process and find ways to optimize that SOP.
    • Atrion leverages visual documentation as much as possible: flowcharts, illustrations, video screen captures, etc.

    Outcomes

    • Large increase in usable, up-to-date documentation.
    • Process and efficiency improvements realized and made repeatable.
    • Success has been so significant that Atrion is planning to offer SOP optimization training and support as a service for its clients in the future.

    Atrion

    • Atrion provides IT services, solutions, and leadership to clients in the 250+ user range.
    • After adopting the Lean framework for its organization, it has deliberately focussed on optimizing its documentation.

    When we initiated a formal process efficiency program a little over a year ago and began striving towards a culture of continuous improvement, documenting our SOPs became key. We capture how we do things today and how to make that process more efficient. We call it current state and future state mapping of any process.

    – Michelle Pope, COO, Atrion Networking Corp.

    Strategies to overcome common documentation challenges

    Use Info-Tech’s methodology to streamline the SOP documentation process.

    Common documentation challenges Info-Tech’s methodology
    Where to start. For organizations with very few (if any) documented SOPs, the challenge is where to start. Apply a client focus to prioritize SOPs. Start with mission-critical operations, service management, and disaster recovery.
    Lack of time. Writing SOPs is viewed as an onerous task, and IT staff typically do not like to write documentation or lack the time. Use flowcharts, checklists, and diagrams over traditional dense manuals. Flowcharts, checklists, and diagrams take less time to create and maintain, and the output is far more usable than traditional manuals.
    Inconsistent document management. Documents are unorganized, e.g. hard to find documents, or you don’t know if you have the correct, latest version. Keep it simple. You don’t need a full-time SOP librarian if you stick to a simple, but consistent approach to documentation management. Simple is easier to follow (therefore, be consistent).
    Documentation is not maintained. More urgent tasks displace documentation efforts. There is little real motivation for staff to keep documents current. Ensure accountability at the individual and project level. Incorporate documentation requirements into performance evaluations, project planning, and change control procedures.

    Use this blueprint as a building block to complete these other Info-Tech projects

    Improve IT-Business Alignment Through an Internal SLA

    Understand business requirements, clarify capabilities, and close gaps.

    Standardize the Service Desk – Module 2 & 3

    Improve reporting and management of incidents and build service request workflows.

    Create a Right-Sized Disaster Recovery Plan

    Define appropriate objectives for DR, build a roadmap to close gaps, and document your incident response plan.

    Extend the Service Desk to the Enterprise

    Position IT as an innovator.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Create Visual SOP Documents – project overview

    1. Prioritize, optimize, and document critical SOPs 2. Establish a sustainable documentation process 3. Identify a content management solution
    Best-Practice Toolkit

    1.1 Identify and prioritize undocumented/outdated critical processes

    1.2 Reduce effort and improve usability with visual documentation

    1.3 Optimize and document critical processes

    2.1 Establish guidelines for identifying and organizing SOPs

    2.2 Write an SOP for creating and maintaining SOPs

    2.3 Plan SOP working sessions to put a dent into your documentation backlog

    3.1 Understand the options when it comes to content management solutions

    3.2 Use Info-Tech’s evaluation tool to determine the right approach for you

    Guided Implementations
    • Identify undocumented critical SOPs.
    • Understand the benefits of a visual approach.
    • Work through a tabletop exercise to document two visual SOP documents.
    • Establish documentation information guidelines.
    • Identify opportunities to create a culture that fosters SOP creation.
    • Address outstanding undocumented SOPs by working through process issues together.
    • Review your current approach to content management and discuss possible alternatives.
    • Evaluate options for a content management strategy, in the context of your own environment.
    Onsite Workshop Module 1:

    Identify undocumented critical processes and review the SOP mapping process.

    Module 2:

    Review and improve your documentation process and address your documentation backlog.

    Module 3:

    Evaluate strategies for publishing and managing SOP documentation.

    Phase 1 Outcome:
      Review and implement the process for creating usable SOPs.
    Phase 2 Outcome:
      Optimize your SOP maintenance processes.
    Phase 3 Outcome:
      Choose a content management solution that meets your needs.

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Prep Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4
    Activities Scope the SOP pilot and secure resources
    • Identify the scope of the pilot project.
    • Develop a list of processes to document.
    • Ensure required resources are available.
    Prioritize SOPs and review methodology

    1.1 Prioritize undocumented SOPs.

    1.2 Review the visual approach to SOP planning.

    1.3 Conduct a tabletop planning exercise.

    Review SOPs and identify process gaps

    2.1 Continue the tabletop planning exercise with other critical processes.

    2.2 Conduct a gap analysis to identify solutions to issues discovered during SOP mapping.

    Identify projects to meet process gaps

    3.1 Develop a prioritized project roadmap to address gaps.

    3.2 Define a process for documenting and maintaining SOPs.

    3.3 Identify and assign actions to improve SOP management and maintenance.

    Set next steps and put a dent in your backlog

    4.1 Run an SOP working session with experts and process owners to put a dent in the documentation backlog.

    4.2 Identify an appropriate content management solution.

    Deliverables
    1. Defined scope for the workshop.
    2. A longlist of key processes.
    1. Undocumented SOPs prioritized according to business criticality and current state.
    2. One or more documented SOPs.
    1. One or more documented SOPs.
    2. Gap analysis.
    1. SOP Project Roadmap.
    2. Publishing and Document Management Solution Evaluation Tool.
    1. Multiple documented SOPs.
    2. Action steps to improve SOP management and maintenance.

    Measured value for Guided Implementations (GIs)

    Engaging in GIs doesn’t just offer valuable project advice, it also results in significant cost savings.

    GI Measured Value
    Phase 1: Prioritize, optimize, and document critical SOPs
    • Time, value, and resources saved using Info-Tech’s methodology to prioritize and document SOPs in the ideal visual format.
    • For example, 4 FTEs*4 days*$80,000/year = $5,120
    Phase 2: Establish a sustainable documentation process
    • Time, value, and resources saved using our tools and methodology to implement a process to ensure SOPs are maintained, accessible, and up to date.
    • For example: 4 FTEs*5 days*$80,000/year = $6,400
    Phase 3: Identify a content management solution
    • Time, value, and resources saved using our best-practice guidance and tools to select an approach and solution to manage your organization’s SOPs.
    • For example: 2 FTEs*5 days*$80,000/year = $3,200
    Total Savings $14,720

    Note: Documenting SOPs provides additional benefits that are more difficult to quantify: reducing the time spent by staff to find or execute processes, improving transparency and accountability, presenting opportunities for automation, etc.

    Phase 1

    Prioritize, Optimize, and Document Critical SOPs

    Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Prioritize, optimize, and document critical SOPs

    Proposed Time to Completion (in weeks): 2 weeks

    Step 1.1: Prioritize SOPs

    Start with an analyst kick off call:

    • Apply a client focus to critical IT services.
    • Identify undocumented, critical SOPs.

    Then complete these activities…

    • Rank and prioritize your SOP documentation needs.

    With this template:

    Standard Operating Procedures Workbook

    Step 1.2: Develop visual documentation

    Review findings with analyst:

    • Understand the benefits of a visual approach.
    • Review possibilities for visual documentation.

    Then complete these activities…

    • Identify formats that can improve your SOP documentation.

    With these templates:

    • Example DRP Process Flows
    • Example App Dev Process And more…

    Step 1.3: Optimize and document critical processes

    Finalize phase deliverable:

    • Two visual SOP documents, mapped using a tabletop exercise.

    Then complete these activities…

    • Create the visual SOP.
    • Review and optimize the process.

    With this tool:

    SOP Project Roadmap Tool

    Phase 1 Results & Insights:

    Identify opportunities to deploy visual documentation, and follow Info-Tech’s process to capture steps, gaps, and opportunities to improve IT processes.

    Focus first on client-facing and high-impact SOPs

    IT’s number one obligation to internal and external customers is to keep critical services running – that points to mission-critical operations, service management, and disaster recovery.

    Topic Description
    Mission-critical operations
    • Maintenance processes for mission-critical systems (e.g. upgrade procedures, batch processing, etc.).
    • Client-facing services with either formal or informal SLAs.
    • Change management – especially for mission-critical systems, change management is more about minimizing risk of downtime than expediting change.
    Service management
    • Service desk procedures (e.g. ticket assignment and issue response).
    • Escalation procedures for critical outages.
    • System monitoring.
    Disaster recovery procedures
    • Management-level incident response plans, notification procedures, and high-level failover procedures (e.g. which systems must come up first, second, third).
    • Recovery or failover procedures for individual systems.
    • Backup and restore procedures – to ensure backups are available if needed.

    Understand what makes an application or service mission critical

    When email or a shared drive goes down, it may impact productivity, but may not be a significant impact to the business. Ask these questions when assessing whether an application or service is mission critical.

    Criteria Description
    Is there a hard-dollar impact from downtime?
    • For example, when an online catalog system goes down, it impacts sales and therefore revenue. Without determining the actual financial impact, you can make an immediate assessment that this is a Gold system.
    • By contrast, loss of email may impact productivity but may not affect revenue streams, depending on your business. A classification of Silver is most likely appropriate.
    Impact on goodwill/customer trust?
    • If downtime means delays in service delivery or otherwise impacts goodwill, there is an intangible impact on revenue that may make the associated systems Gold status.
    Is regulatory compliance a factor?
    • If a system requires redundancy and/or high availability due to legal or regulatory compliance requirements, it may need to be classified as a Gold system.
    Is there a health or safety risk?
    • For example, police and medical organizations have systems that are mission critical due to their impact on health and safety rather than revenue or cost, and therefore are classified as Gold systems. Are there similar considerations in your organization?

    "Email and other Windows-based applications are important for our day-to-day operations, but they aren’t critical. We can still manufacture and ship clothing without them. However, our manufacturing systems, those are absolutely critical"

    – Bob James, Technical Architect, Carhartt, Inc.

    Create a high-level risk and benefit scale

    1.1a

    15 minutes

    Define criteria for high, medium, and low risks and benefits, as shown in the example below. These criteria will be used in the upcoming exercises to rank SOPs.

    Note: The goal in this section is to provide high-level indicators of which SOPs should be documented first, so a high-level set of criteria is used. To conduct a detailed business impact analysis, see Info-Tech’s Create a Right-Sized Disaster Recovery Plan.

    Materials

    • Whiteboard

    Participants

    • Process Owners
    • SMEs
    Risk to the business Score
    Low: Affects ad hoc activities or non-critical data. 1
    Moderate: Impacts productivity and internal goodwill. 2
    High: Impacts revenue, safety, and external goodwill. 3
    Benefit (e.g. productivity improvement) Score
    Low: Minimal impact. 1
    Moderate: Items with short-term or occasional applicability, so limited benefit. 2
    High: Save time for common or ongoing processes, and extensive improvement to training/knowledge transfer. 3

    Identify and prioritize undocumented mission-critical operations

    1.1b

    15 minutes

    1. To navigate to this exercise, open Info-Tech’s Standard Operating Procedures Workbook.
    2. List your top three–five mission critical applications or services.
    3. Identify relevant SOPs that support those applications or services.
    4. Indicate SOP status: Green = up to date and complete, Yellow = out-of-date or incomplete, Red = undocumented.
    5. Assign risk and benefit scores (3=high, 1=low) to Yellow and Red SOPs based on potential impact if those processes failed (risk) and opportunity for process improvement (benefit).

    OUTPUT

    • Analysis of SOPs supporting mission-critical operations

    Materials

    • Whiteboard

    Participants

    • Process Owners
    • SMEs
    Application SOPs Status Risk Benefit
    Enterprise Resource Planning (ERP)
    • System administration (user administration, adding projects, etc.).
    Red 1 2
    • System upgrades (including OS upgrades and patches).
    Red 2 2
    • Report generation.
    Green n/a n/a
    Network services
    • Network monitoring (including fault detection).
    Yellow 3 2
    • Network upgrades.
    Red 2 1
    • Backup procedures.
    Yellow 3 1

    Identify and prioritize undocumented service management procedures

    1.1c

    15 minutes

    1. To navigate to this exercise, open Info-Tech’s Standard Operating Procedures Workbook.
    2. Identify service management SOPs.
    3. Indicate SOP status: Green = up to date and complete, Yellow = out-of-date or incomplete, Red = undocumented.
    4. Assign risk and benefit scores (3=high, 1=low) to Yellow and Red SOPs based on potential impact if those processes failed (risk) and opportunity for process improvement (benefit).

    OUTPUT

    • Analysis of SOPs supporting service management

    Materials

    • Whiteboard

    Participants

    • Process Owners
    • SMEs
    Service Type SOPs Status Risk Benefit
    Service Request
    • Software install
    Red 3 1
    • Software update
    Yellow 3 1
    • New hardware
    Green n/a n/a
    Incident Management
    • Ticket entry and triage
    Yellow 3 2
    • Ticket escalation
    Red 2 1
    • Notification for critical issues
    Yellow 3 1

    Identify and prioritize undocumented DR procedures

    1.1d

    20 minutes

    1. To navigate to this exercise, open Info-Tech’s Standard Operating Procedures Workbook.
    2. Identify DR SOPs.
    3. Indicate SOP status: Green = up to date and complete, Yellow = out-of-date or incomplete, Red = undocumented.
    4. Assign risk and benefit scores (3=high, 1=low) to Yellow and Red SOPs based on potential impact if those processes failed (risk) and opportunity for process improvement (benefit).

    OUTPUT

    • Analysis of SOPs supporting DR

    Materials

    • Whiteboard

    Participants

    • Process Owners
    • SMEs
    DR Phase SOPs Status Risk Benefit
    Discovery and Declaration
    • Initial detection and escalation
    Red 3 1
    • Notification procedures to Emergency Response Team (ERT)
    Yellow 3 1
    • Notification procedures to staff
    Green n/a n/a
    Recover Gold Systems
    • ERP recovery procedures
    Red 2 2
    • Corporate website recovery procedures
    Yellow 3 2
    Recover Silver Systems
    • MS Exchange recovery procedures
    Red 2 1

    Select the SOPs to focus on for the first round of documentation

    1.1e

    20 minutes

    1. Identify two significantly different priority 1 SOPs to document during this workshop. It’s important to get a sense of how the Info-Tech templates and methodology can be applied to different types of SOPs.
    2. Rank the remaining SOPs that you still need to address post-workshop by priority level within each topic area.

    INPUT

    • SOP analysis from activities 1.1 and 1.2

    OUTPUT

    • A shortlist of critical, undocumented SOPs to review later in this phase

    Materials

    • Whiteboard

    Participants

    • Process Owners
    • SMEs
    Category Area SOPs Status Risk Benefit
    Disaster Recovery Procedures Discovery and Declaration
    • Initial detection and escalation
    Red 3 1
    • Notification procedures to ERT
    Yellow 3 1
    Mission-Critical Operations Network Services
    • Network monitoring (including fault detection)
    Yellow 3 2
    Service Management Procedures Incident Management
    • Ticket entry and triage
    Yellow 3 2

    Change the format of your documentation

    Which document is more effective? Which is more likely to be used?

    "The end result for most SOPs is a 100-page document that makes anyone but the author want to stab themselves rather than read it. Even worse is when you finally decide to waste an hour of your life reading it only to be told afterwards that it might not be quite right because Bob or Stan needed to make some changes last year but never got around to it."

    – Peter Church, Solutions Architect

    Create visual-based documentation to improve usability and effectiveness

    "Without question, 300-page DRPs are not effective. I mean, auditors love them because of the detail, but give me a 10-page DRP with contact lists, process flows, diagrams, and recovery checklists that are easy to follow."

    – Bernard Jones, MBCI, CBCP, CORP, Manager Disaster Recovery/BCP, ActiveHealth Management

    SOPs, including those that support your disaster recovery plan (DRP), are often created to meet certification requirements. However, this often leads to lengthy overly detailed documentation that is geared to auditors and business leaders, not IT staff trying to execute a procedure in a high-pressure, time-sensitive scenario.

    Staff don’t have time to flip through a 300-page manual, let alone read lengthy instructions, so organizations are transforming monster manuals into shorter, visual-based documentation. Benefits include:

    • Quicker to create than lengthy manuals.
    • Easier to be absorb, so they are more usable.
    • More likely to stay up to date because they are easier to maintain.

    Example: DRPs that include visual SOPs are easier to use — that leads to shorter recovery times and fewer mistakes.

    Chart is depicted showing the success rates of traditional manuals versus visual documentation.

    Use flowcharts for process flows or a high-level view of more detailed procedures

    • Flowcharts depict who does what and when; they provide an at-a-glance view that is easy to follow and makes task ownership clear.
    • Use swim lanes, as in this example, to indicate process stages and task ownership.
    • For experienced staff, a high-level reminder of process flows or key steps is sufficient.
    • Where more detail is required, include links to supporting documentation (which could include checklists, vendor documentation, other flowcharts, etc.).

    See Info-Tech’s Incident and Service Management Procedures – Service Desk Example.

    "Flowcharts are more effective when you have to explain status and next steps to upper management."

    – Assistant Director-IT Operations, Healthcare Industry

    Example: SOP in flowchart format

    A flowchart is depicted as an example flowchart. This one is an SOP flowchart labelled 'Triage Process - Incidents'

    Review your options for diagramming software

    Many organizations look for an option that easily integrates with the MS Office suite. The default option is often Microsoft Visio.

    Pros:

    • Easy to learn and use.
    • Has a wide range of features and capabilities.
    • Comes equipped with a large collection of stencils and templates.
    • Offers the convenience of fluid integration with the MS Office Suite.

    Cons:

    • Isn’t included in any version of the MS Office Suite and can be quite expensive to license.
    • Not available for Mac or Linux environments.

    Consider the options below if you’re looking for an alternative to Microsoft Visio:

    Desktop Solutions

    • Dia Diagram Editor
    • Diagram Designer
    • LibreOffice Draw
    • Pencil Project
    • yEd Graph Editor

    • Draw.io
    • Creately
    • Gliffy
    • LucidChart

    Note: No preference or recommendation is implied from the ordering of the options above.

    This list is not intended to be comprehensive.

    Evaluate different solutions to identify one that works for you

    Use the criteria below to identify a flowchart software that fits your needs.

    Criteria Description
    Platform What platform(s) can run the software?
    Description What use cases are identified by the vendor – and do these cover your needs for documenting your SOPs? Is the software open source?
    Features What are the noteworthy features and characteristics?
    Usability How easy is the program to use? What’s the learning curve like? How intuitive is the design?
    Templates and Stencils Availability of templates and stencils.
    Portability Can the solution integrate with other pieces of software? Consider whether other tools can view, open, and/or edit documents; what file formats can be published, etc.
    Cost Cost of the software to purchase or license.

    Use checklists to streamline step-by-step procedures

    • Checklists are ideal when staff just need a reminder of what to do, not how to do it.
    • Remember your audience. You aren’t pulling in a novice to run a complex procedure, so all you really need here are a series of reminders.
    • Where more detail is required, include links to supporting documentation.
    • Note that a flowchart can often be used instead of a checklist, depending on preference.

    For two different examples of a checklist template, see:

    Image depicting an example checklist. This checklist depicts an employee termination checklist

    Use topology diagrams to capture network layout, integrations, and system information

    • Organizations commonly have network topology diagrams for reference purposes, so this is just a re-use of existing resources.
    • Physically label real world equipment to correspond to topology diagrams. While these labels will be redundant for most IT employees, they help give clarity and confidence when changes are being made.
    • If your topology diagrams are housed in a tool such as a systems management product, then export the diagrams so they can be included in your SOP documentation suite.

    "Our network engineers came to me and said our standard SOP template didn't work for them. They're now using a lot of diagrams and flowcharts, and that has worked out better for them."

    The image shows a topology organization diagram as an example network layout

    Use screen captures and tutorials to facilitate training for applications and SOPs

    • Screen capture tutorials or videos are effective for training staff on applications. For example, create a screen capture tutorial to train staff on the use of a help desk application and your company’s specific process for using that tool.
    • Similarly, create tutorials to train end users on straightforward “technical” tasks (e.g. setting up their VPN connection) to reduce the demand on IT staff.
    • Tutorials can be created quickly and easily with affordable software such as Snag-It, ScreenHunter Pro, HyperSnap, PicPick, FastStone, Ashampoo Snap 6, and many others.

    "When contractors come onboard, they usually don't have a lot of time to learn about the organization, and we have a lot of unique requirements. Creating SOP documents with screenshots has made the process quicker and more accurate."

    – Susan Bellamore, Business Analyst, Public Guardian and Trustee of British Columbia

    The image is an example of a screen caption tutorial, depicting desktop icons and a password login

    Example: Disaster recovery notification and declaration procedure

    1. Swim lanes indicate task ownership and process stages.
    2. Links to supporting documentation (which could include checklists, vendor documentation, other flowcharts, etc.) are included where necessary.
    3. Additional DR SOPs are captured within the same spreadsheet for convenient, centralized access.

    Review Info-Tech’s Incident Response and Recovery Process Flows – DRP Example.

    Example: DRP flowchart with links to supporting documents

    The image is an example of an DRP flowchart labelled 'Initial Discovery/Notification and Declaration Procedures'

    Establish flowcharting standards

    If you don’t have existing flowchart standards, then keep it simple and stick to basic flowcharting conventions as described below.

    Start, End, and Connector. Traditional flowcharting standards reserve this shape for connectors to other flowcharts or other points in the existing flowchart. Unified Modeling Language (UML) also uses the circle for start and end points.

    Start, End. Traditional flowcharting standards use this for start and end. However, Info-Tech recommends using the circle shape to reduce the number of shapes and avoid confusion with other similar shapes.

    Process Step. Individual process steps or activities (e.g. create ticket or escalate ticket). If it’s a series of steps, then use the sub-process symbol and flowchart the sub-process separately.

    Sub-Process. A series of steps. For example, a critical incident SOP might reference a recovery process as one of the possible actions. Marking it as a sub-process, rather than listing each step within the critical incident SOP, streamlines the flowchart and avoids overlap with other flowcharts (e.g. the recovery process).

    Decision. Represents decision points, typically with Yes/No branches, but you could have other branches depending on the question (e.g. a “Priority?” question could branch into separate streams for Priority 1, 2, 3, 4, and 5 issues).

    Document/Report Output. For example, the output from a backup process might include an error log.

    Conduct a tabletop planning exercise to build an SOP

    1.3a

    20 minutes

    Tabletop planning is a paper-based exercise where your team walks through a particular process and maps out what happens at each stage.

    1. For this exercise, choose one particular process to document.
    2. Document each step of the process using cue cards, which can be arranged on the table in sequence.
    3. Be sure to include task ownership in your steps.
    4. Map out the process as it currently happens – we’ll think about how to improve it later.
    5. Keep focused. Stay on task and on time.

    OUTPUT

    • Steps in the current process for one SOP

    Materials

    • Tabletop, pen, and cue cards

    Participants

    • Process Owners
    • SMEs

    Info-Tech Insight

    Don’t get weighed down by tools. Relying on software or other technological tools can detract from the exercise. Use simple tools such as cue cards to record steps so that you can easily rearrange steps or insert steps based on input from the group.

    The image depicts three cue cards labelled steps 3 to 5. The cue cards are examples of the tabletop planning exercise.

    Collaborate to optimize the SOP

    1.3b

    20 minutes

    Review the tabletop exercise. What gaps exist in current processes?

    How can the process be made better? What are the outputs and checkpoints?

    The image depicts five cue cards, two of which are examples on how to improve the process. This is an example of the tabletop exercise.

    OUTPUT

    • Identify steps to optimize the SOP

    Materials

    • Tabletop, pen, and cue cards

    Participants

    • Process Owners
    • SMEs

    A note on colors: Use white cards to record steps. Record gaps on yellow cards (e.g. a process step not documented) and risks on red cards (e.g. only one person knows how to execute a step) to highlight your gaps/to-dos and risks to be mitigated or accepted.

    If it’s necessary to clarify complex process flows during the exercise, also use green cards for decision diamonds, purple for document/report outputs, and blue for sub-processes.

    Capture opportunities to improve processes in the Standard Operating Procedures Project Roadmap Tool

    1.3

    Rank and track projects to close gaps you discover in your processes.

    1. As a group, identify potential solutions to close the gaps in your processes that you’ve uncovered through the tabletop mapping exercise.
    2. Add these project names to the Standard Operating Procedures Project Roadmap Tool on the “Project Scoring” tab.
    3. Review and adjust the criteria for evaluating the benefits and costs of different projects on the “Scoring Criteria” tab.
    4. Return to the “Project Scoring” tab, and assign weights at the top of each scoring column. Use the drop-down menus to adjust the scores for each project category. The tool will automatically rank the projects based on your input, but you can adjust the ranks as needed.
    5. Assign dates and descriptions to the projects on the “Implementation Schedule” tab, below.
    The image depicts a graph showing an example of ranked and tracked projects.

    Identify gaps to improve process performance and make SOP documentation a priority

    CASE STUDY

    Industry Government (700+ FTEs)
    Source Info-Tech Workshop

    Challenge

    • Tabletop planning revealed a 77-hour gap between current and desired RTO for critical systems.
    • Similarly, the current achievable RPO gap was up to one week, but the desired RPO was one hour.
    • A DR site was available but not yet set up with the necessary equipment.
    • Lack of documented standard operating procedures (SOPs) was identified as a risk since that increased the dependence on two or three key SMEs.

    Solution

    • Potential projects to close RTO/RPO gaps were identified, including:
      • Deploy servers that were decommissioned (as a result of a server refresh) to the DR site as warm standby servers.
      • Implement site-to-site data replication.
      • Document SOPs to enable tasks to be delegated and minimize resourcing risks.

    Results

    • A DR project implementation schedule was defined.
    • Many of the projects required no further investment, but rather deployment of existing equipment that could function as standby equipment at the DR site.
    • The DR risk from a lack of SOPs enabled SOPs to be made a priority. An expected side benefit is the ability to review and optimize processes and improve consistency in IT operations.

    Document the SOPs from the tabletop exercise

    1.3c

    20 minutes

    Document the results from the tabletop exercise in the appropriate format.

    1. Identify an appropriate visual format for the high-level SOP as well as for any sub-processes or supporting documentation.
    2. Break into groups of two or three.
    3. Each group will be responsible for creating part of the SOP. Include both the high-level SOP itself and any supporting documentation such as checklists, sign-off forms, sub-processes, etc.
    4. Once your document is complete, exchange it with that of another group. Review each other’s documents to check for clarity and completeness.

    OUTPUT

    • Output from activities 1.4 and 1.5

    Materials

    • Flowcharting software, laptops

    Participants

    • Process Owners
    • SMEs

    This image has four cue cards, and an arrow pointing to a flowchart, depicting the transfer of the information on the cue cards into a flowchart software

    Repeat the tabletop exercise for the second process

    Come back together as a large group. Choose a process that is significantly different from the one you’ve just documented, and repeat the tabletop exercise.

    As a reminder, the steps are:

    1. Use the tabletop exercise to map out a current SOP.
    2. Collaborate to optimize the SOP.
    3. Decide on appropriate formats for the SOP and its supporting documents.
    4. Divide into small groups to create the SOP and its supporting documents.
    5. Repeat the steps above as needed for your initial review of critical processes.

    Info-Tech Insight

    If you plan to document more than two or three SOPs at once, consider making it an SOP “party” to add momentum and levity to an otherwise dry process. Review section 2.3 to find out how.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1a-e

    Get started by prioritizing SOPs

    Ensure the SOP project remains business focused, and kick off the project by analyzing critical business services. Identify key IT services that support the relevant business services. Conduct a benefit/risk analysis to prioritize which SOPs should become the focus of the workshop.

    1.3a-c

    Document the SOPs from the tabletop exercise

    Leverage a tabletop planning exercise to walk the team through the SOP. During the exercise, focus on identifying timelines, current gaps, and potential risks. Document the steps via que cards first and transpose the hard copies to an electronic version.

    Phase 2

    Establish a Sustainable Documentation Process

    Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind

    Phase 2 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Establish a sustainable SOP documentation process

    Proposed Time to Completion (in weeks): 4 weeks

    Step 2.1: Establish guidelines for identifying and organizing SOPs

    Start with an analyst call:

    • Establish documentation information guidelines.
    • Review version control best practices.

    Then complete these activities…

    • Implement best practices to identify and organize your SOPs.

    With these tools & templates:

    • SOP Workbook

    Step 2.2: Define a process to document and maintain SOPs

    Review findings with analyst:

    • Identify opportunities to create a culture that fosters SOP creation.

    Then complete these activities…

    • Create a plan to address SOP documentation gaps.

    With these tools & templates:

    • Document Management Checklist

    Step 2.3: Plan time with experts to put a dent in your documentation backlog

    Finalize phase deliverable:

    • Address outstanding undocumented SOPs by working through process issues together.

    Then complete these activities…

    • Organize and run a working session to document and optimize processes.

    With these tools & templates:

    • SOP Workbook
    • SOP Project Roadmap Tool

    Phase 2 Results & Insights:

    Improve the process for documenting and maintaining your SOPs, while putting a dent in your documentation backlog and gaining buy-in with staff.

    Identify current content management practices and opportunities for improvement

    DISCUSS

    What is the current state of your content management practices?

    Are you using a content management system? If not, where are documents kept?

    Are your organizational or departmental SOPs easy to find?

    Is version control a problem? What about file naming standards?

    Get everyone on the same page on the current state of your SOP document management system, using the questions above as the starting point.

    Keep document management simple for better adoption and consistency

    If there is too much complexity and staff can’t easily find what they need, you won’t get buy-in and you won’t get consistency.

    Whether you store SOPs in a sophisticated content management system (CMS) or on a shared network drive, keep it simple and focus on these primary goals:

    • Enable staff to find the right document.
    • Know if a document is the latest, approved version.
    • Minimize document management effort to encourage buy-in and consistency.

    If users can’t easily find what they need, it leads to bad practices. For example:

    • Users maintain their own local copies of commonly used documents to avoid searching for them. The risk is that local copies will not be automatically updated when the SOP changes.
    • Separate teams will implement their own document management system and repository. Now you have duplication of effort and company resources, multiple copies of documents (where each group needs their own version), and no centralized control over potentially sensitive documents.
    • Users will ignore documented SOPs or ask a colleague who might also be following the above bad practices.

    Insert a document information block on the first page of every document to identify key attributes

    Include a document information block on the first page of every document to identify key attributes. This strategy is as much about minimizing resistance as it is ensuring key attributes are captured.

    • A consistent document information block saves time (e.g. vs. customized approaches per document). If some fields don’t apply, enter “n/a.”
    • It provides key information about the document without having to check soft copy metadata, especially if you work with hard copies.
    • It’s a built-in reminder of what to capture and easier than updating document properties or header/footer information or entering metadata into a CMS.

    Note: The Info-Tech templates in this blueprint include a copy of the document information block shown in this example. Add more fields if necessary for your organization’s needs.

    For an example of a completed document information block, see Network Backup for Atlanta Data Center – Backups Example

    Info-Tech Insight

    For organizations with more advanced document management requirements, consider more sophisticated strategies (e.g. using metadata) as described in Info-Tech’s Use SharePoint for Enterprise Content Management and Reintroduce the Information Lifecycle to the Content Management Strategy. However, the basic concepts above still apply: establish standard attributes you need to capture and do so in a consistent manner.

    Modify the Info-Tech document information block to meet your requirements

    2.1a

    15 minutes

    1. Review “Guidelines and Template for the Document Information Block” in the Standard Operating Procedures Workbook. Determine if any changes are required, such as additional fields.
    2. Identify which fields you want to standardize and then establish standard terms. Balance the needs for simplicity and consistency – don’t force consistency where it isn’t a good fit.
    3. Pre-fill the document information block with standard terms and examples and add it to an SOP template that’s stored in your content management system.

    Educate staff by pre-filling the document

    • Providing examples built into the templates provides in-context, just-in-time training which is far more effective and easier than formal education efforts.
    • Focus your training on communicating when the template or standard terms change so that staff know to obtain the new version. Otherwise, the tendency for many staff will be to use one of their existing documents as their template.

    OUTPUT

    • Completed document information block

    Materials

    • Laptop
    • Projector

    Participants

    • Process Owners
    • SMEs

    Leverage the document information block to create consistent filenames that facilitate searching

    Use the following filename format to create consistent, searchable, and descriptive filenames:

    Topic – Document Title – Document Type – Version Date

    Filename Component Purpose
    Topic
    • Functions as a filename prefix to group related documents but is also a probable search term. For project work, use a project name/number.
    Document Title
    • The title should be fairly descriptive of the content (if it isn’t, it’s not a good title) so it will help make the file easily identifiable and will include more probable search terms.
    Document Type Further distinguishes similar files (e.g. Maintenance SOP vs. a Maintenance Checklist).
    Version Date (for local files or if not using a CMS)
    • If it’s necessary to work on a file locally, include the version date at the end of the filename. The date is a more recognizable indicator of whether it’s the latest version or an old copy.
    • Establish a standard date format. Although MM-DD-YY is common in the US, the format YYYY-MM-DD reduces confusion between the month and day.

    For example:

    • ERP – System Administration Monthly Maintenance Tasks – Checklist – 2016-01-15.docx
    • ERP – System Administration Monthly Maintenance Tasks – SOP – 2017-01-10.docx
    • Backups – Network Backup Procedure for Atlanta Data Center – SOP – 2017-03-06.docx
    • PROJ437 – CRM Business Requirements – BRD – 2017-02-01.xlsx
    • DRP – Notification Procedures – SOP – 2016-09-14.docx
    • DRP – Emergency Response Team Roles and Responsibilities – Reference – 2018-03-10.xlsx

    Apply filename and document information block guidelines to existing SOPs

    2.1b

    15 minutes

    1. Review the SOPs created during the earlier exercises.
    2. Update the filenames and document information block based on guidelines in this section.
    3. Apply these guidelines to other select existing SOPs to see if additional modifications are required (e.g. additional standard terms).

    INPUT

    • Document Information Block

    OUTPUT

    • Updated filenames and document information blocks

    Materials

    • Laptop and projector

    Participants

    • Process Owners
    • SMEs

    Implement version control policies for local files as well as those in your content management system (CMS)

    1. Version Control in Your CMS

    2. Always keep one master version of a document:

    • When uploading a new copy of an existing SOP (or any other document), ensure the filenames are identical so that you are just adding a new version rather than a separate new file.
    • Do not include version information in the filename (which would create a new separate file in your CMS). Allow your CMS to handle version numbering.
  • Version Control for Local Files

  • Ideally, staff would never keep local copies of files. However, there are times when it is practical or preferable to work from a local copy: for example, when creating or updating an SOP, or when working remotely if the CMS is not easily accessible.

    Implement the following policies to govern these circumstances:

    • Add the version date to the end of the filename while the document is local, as shown in the slide on filenames.
    • Remove the date when uploading it to a CMS that tracks date and version. If you leave the date in the filename, you will end up with multiple copies in your CMS.
    • When distributing copies for review, upload a copy to the CMS and send the link. Do not attach a physical file.
  • Minimize the Need for Version Updates

  • Reduce the need for version updates by isolating volatile information in a separate, linked document. For example:

    • Use Policy documents to establish high-level expectations and goals, and use SOPs to capture workflow, but put volatile details in a separate reference document. For example, for Backup procedures, put offsite storage vendor details such as contact information, pick up times, and approved couriers in a separate document.
    • Similarly, for DRP Notification procedures, reference a separate contacts list.

    Modify the Info-Tech Document Management Checklist to meet your requirements

    2.1c

    15 minutes

    1. Review the Info-Tech Document Management Checklist.
    2. Add or remove checklist items.
    3. Update the document information block.

    OUTPUT

    • Completed document management checklist

    Materials

    • Laptop, projector

    Participants

    • Process Owners
    • SMEs

    See Info-Tech’s Document Management Checklist.

    If you aren’t going to keep your SOPs current, then you’re potentially doing more harm than good

    An outdated SOP can be just as dangerous as having no SOP at all. When a process is documented, it’s trusted to be accurate.

    • Disaster recovery depends as much on supporting SOPs – such as backup and restore procedures – as it does on a master incident response plan.
    • For disaster scenarios, the ability to meet recovery point objectives (i.e. minimize data loss) and recovery time objectives (i.e. minimize downtime) depends on smoothly executed recovery procedures and on having well-defined and up-to-date DR documentation and supporting SOPs. For example:
      • Recovery point (data loss) objectives are directly impacted by your backup procedures.
      • Recovery time is minimized by a well-defined restore procedure that reduces the risk of human error during recovery which could lead to data loss or a delay in the recovery.
      • Similarly, a clearly documented configuration procedure will reduce the time to bring a standby system online.
    A graph depicting the much faster recovery time of up-to-date SOPs versus out-of-date SOPs.

    Follow Info-Tech best practices to keep SOPs current and drive consistent, efficient IT operations

    The following best practices were measured in this chart, and will be discussed further in this section:

    1. Identify documentation requirements as part of project planning.
    2. Require a manager or supervisor to review and approve SOPs.
    3. Check documentation status as part of change management.
    4. Hold staff accountable.
    Higher adoption of Info-Tech best practices leads to more effective SOPs and greater benefits in areas such as training and process improvement.

    Graph depicting the efficiency of adopting Info-Tech practices regarding SOPs. Four categories of 'Training', 'process improvement', 'IT automation', and 'consistent IT operations' are shown increasing in efficiency with a high adoption of Info-Tech strategies.

    Info-Tech Insight

    Audits for compliance requirements have little impact on getting SOPs done in a timely manner or the actual usefulness of those SOPs, because the focus is on passing the audit instead of creating SOPs that improve operations. The frantic annual push to complete SOPs in time for an audit is also typically a much greater effort than maintaining documents as part of ongoing change management.

    Identify documentation requirements as part of project planning

    DISCUSS

    When are documentation requirements captured, including required changes to SOPs?

    Make documentation requirements a clearly defined deliverable. As with any other task, this should include:

    • Owner: The person ultimately responsible for the documentation.
    • Assigned resource: The person who will actually put pen to paper. This could be the same person as the owner, or the owner could be a reviewer.
    • Deadlines: Include documentation deliverables in project milestones.
    • Verification process: Validate completion and accuracy. This could be a peer review or management review.
    Example: Implement a new service desk application.
    • Service desk SOP documentation requirements: SOP for monitoring and managing tickets will require changes to leverage new automation features.
    • Owner: Service Desk Lead.
    • Assigned resource: John Smith (service desk technician).
    • Deadline: Align with “ready for QA testing.”
    • Verification process: Service Desk Lead document review and signoff.

    Info-Tech Insight

    Realistically, documentation will typically be a far less urgent task than the actual application or system changes. However, if you want the necessary documentation to be ultimately completed, even if it’s done after more urgent tasks, it must be tracked.

    Implement document approval steps at the individual and project level

    DISCUSS

    How do you currently review and validate SOP documents?

    Require a manager or supervisor to review and approve SOPs.

    • Avoid a bureaucratic review process involving multiple parties. The goal is to ensure accuracy and not just provide administrative protection.
    • A review by the immediate supervisor or manager is often sufficient. Their feedback and the implied accountability improve the quality and usefulness of the SOPs.

    Check documentation status as part of change management.

    • Including a documentation status check holds the project leaders and management accountable.
    • If SOPs are not critical to the project deliverable, then realistically the deliverable is not held back. However, keep the project open until relevant documents are updated so those tasks can’t be swept under the rug until the next audit.

    SOP reviews, change management, and identifying requirements led to benefits such as training and process improvement.

    A chart depicting the impact and benefits of SOP reviews, change management and identifying requirements. The chart is accompanied by a key for the grey to blue colours depicted

    "Our directors and our CIO have tied SOP work to performance evaluations and SOP status is reviewed during management meetings. People have now found time to get this work done."

    – Assistant Director-IT Operations, Healthcare Industry

    Review SOPs regularly and assign a process owner to avoid reinforcing silos

    CASE STUDY

    Industry

    Public service organization

    Source

    Info-Tech client engagement

    Situation

    • The organization’s IT department consists of five heavily siloed units.
    • Without communication or workflow accountability across units, each had developed incompatible workflows, making estimates of “time to resolution” for service requests difficult.
    • The IT service manager purchases a new service desk tool, attempting to standardize requests across IT to improve efficiency, accountability, and transparency.

    Complication

    • The IT service manager implements the tool and creates standardized workflows without consulting stakeholders in the different service units.
    • The separate units immediately rebel against the service manager and try to undermine the implementation of the new tool.

    Results

    • Info-Tech analysts helped to facilitate a solution between experts in the different units.
    • In order to develop a common workflow and ticket categorization scheme, Info-Tech recommended that each service process should have a single approver.

    The bottom line: ensure that there’s one approver per process to drive process efficiency and accountability and avoid problems down the road.

    Hold staff accountable to encourage SOP work to be completed in a timely manner

    DISCUSS

    Are SOP updates treated as optional or “when I have time” work?

    Hold staff directly accountable for SOP work.

    Holding staff accountable is really about emphasizing the importance of ensuring SOPs stay current. If management doesn’t treat SOPs as a priority, then neither will your staff. Strategies include:

    • Include SOP work in performance appraisals.
    • Keep relevant tickets open until documentation is completed.
    • Ensure documents are reviewed, as discussed earlier.
    • Identify and assign documentation tasks as part of project planning efforts, as discussed earlier.

    Holding staff accountable minimizes procrastination and therefore maintenance effort.

    Chart depicting the impact on reducing SOP maintenance effort followed by a key defining the colours on the chart

    Info-Tech Insight

    Holding staff accountable does not by itself make a significant impact on SOP quality (and therefore the typical benefits of SOPs), but it minimizes procrastination, so the work is ultimately done in a more timely manner. This ensures SOPs are current and usable, so they can drive benefits such as consistent operations, improved training, and so on.

    Assign action items to address SOP documentation process challenges

    2.2

    1. Discuss the challenges mentioned at the start of this section, and other challenges highlighted by the strategies discussed in this section. For example:
    • Are documentation requirements included in project planning?
    • Are SOPs and other documentation deliverables reviewed?
    • Are staff held accountable for documentation?
  • Document the challenges in your copy of the Standard Operating Procedures Workbook and assign action items to address those challenges.
  • Challenge Action Items Action Item Owner
    Documentation requirements are identified at the end of a project.
    • Modify project planning templates and checklists to include “identify documentation requirements.”
    Bob Ryan
    SOPs are not reviewed.
    • When assigning documentation tasks, also assign an owner who will be responsible for reviewing and approving the deliverable.
    • Create a mechanism for officially signing off on the document (e.g. email approval or create a signoff form).
    Susan Jones

    An “SOP party” fosters a collaborative approach and can add some levity to an otherwise dry exercise

    What is an SOP party?

    • An SOP party is a working session, bringing together process owners and key staff to define current SOPs and collaborate to identify optimization opportunities.
    • The party aspect is really just about how you market the event. Order in food or build in a cooking contest (e.g. a chilli cook-off or dessert bake-off) to add some fun to what can be a dry activity.

    Why does this work?

    • Process owners become so familiar with their tasks that many of the steps essentially live in their heads. Questions from colleagues draw out those unwritten steps and get them down on paper so another sufficiently qualified employee could carry out the same steps.
    • Once the processes are defined (e.g. via a tabletop exercise), input from colleagues can help identify risks and optimization opportunities, and process questions can be quickly answered because the key people are all present.
    • The group approach also promotes consistency and enables you to set expectations (e.g. visual-based approach, standards, level of detail, etc.).

    When is collaboration necessary (e.g. via tabletop planning)?

    • Tabletop planning is ideal for complex processes as well as processes that span multiple tasks, people, and/or systems.
    • For processes with a narrow focus (e.g. recovery steps for a specific server), assign these to the SME to document. Then ensure the SOP is reviewed to draw out the unwritten steps as described above.
    • For example, if you use tabletop planning to document a high-level DR plan, sub-processes might include recovery procedures for individual systems; those SOPs can then be assigned to individual SMEs.

    Schedule SOP working sessions until critical processes are documented

    Ultimately, it’s more efficient to create and update SOPs as needed but dedicated working sessions will help address immediate critical needs.

    Organize the working session:
    1. Book a full-day meeting in an out of the way meeting room, invite key staff (system and process owners who ultimately need to be SOP owners), and order in lunch so no one has to leave.
    2. Prioritize SOPs (see Phase 1) and set goals (e.g. complete the top 6 SOPs during this session).
    3. Alternate between collaborative efforts and documenting the SOPs. For example:
      1. Tabletop or flowchart the current SOP. Take a picture of the current state for reference purposes.
      2. Look for process improvements. If you have the authority in the room to enable process changes, then modify the tabletop/flowchart accordingly and capture this desired future state (e.g. take a picture). Otherwise, identify action items to follow up on proposed changes.
      3. Identify all related documentation deliverables (e.g. sub-processes, checklists, approval forms, etc.).
      4. Create the identified documentation deliverables (divide the work among the team). Then repeat the above.
    4. Repeat these working sessions on a monthly or quarterly basis, depending on your requirements, until critical SOPs are completed.
    5. When the SOP backlog is cleared, conduct quarterly or semi-annual refreshers for ongoing review and optimization of key processes.

    Assign action items to capture next steps after SOP working sessions

    2.3

    1. Review the SOPs documented during this workshop. Identify action items to complete and validate those SOPs and related documents. For example, do the SOPs require further approval or testing?
    2. Similarly, review the document management checklist and identify action items to complete, expand, and/or validate proposed standards.
    3. For SOP working sessions, decide on a date, time, and who should be there based on the guidelines in this section. If the SOP party approach does not meet your requirements, then at the very least assign owners for the identified critical SOPs and set deadlines for completing those SOPs. Document these extra action items in your copy of the Standard Operating Procedures Workbook.
    SOP or Task Action Items Action Item Owner
    Ticket escalation SOP
    • Debrief the rest of the Service Desk team on the new process.
    • Modify the SOP further based on feedback, if warranted.
    • Implement the new SOP. This includes communicating visible changes to business users and other IT staff.
    Jeff Sutter
    SOP party
    • Contact prospective attendees to communicate the purpose of the SOP party.
    • Schedule the SOP party.
    Bob Smith

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with out Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1

    Identify current content management practices

    As a group, identify current pain points and opportunities for improvement in your current content management practices.

    2.2

    Assign action items to address documentation process challenges

    Develop a list of action items to address gaps in the SOP documentation and maintenance process.

    Phase 3

    Identify a Content Management Solution

    Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Decide on a content management solution for your SOPs

    Proposed Time to Completion (in weeks): 1 week

    Step 3.1: Understand the options for CM solutions

    Start with an analyst kick off call:

    • Review your current approach to content management and discuss possible alternatives.

    Then complete these activities…

    • Evaluate the pros and cons of different approaches to content management.
    • Discuss approaches for fit with your team.

    Step 3.2: Identify the right solution for you

    Review findings with analyst:

    • Identify 2–3 possible options for a content management strategy.

    Then complete these activities…

    • Identify the best solution based on portability, maintainability, cost, and implementation effort.

    With these tools & templates:

    • Publishing and Document Management Solution Evaluation Tool
    • SOP Project Roadmap
    • SOP Workbook

    Phase 3 Results & Insights:

    Choose an approach to content management that will best support your organization’s SOP documentation and maintenance process.

    Decide on an appropriate publishing and document management strategy for your organization

    Publishing and document management considerations:

    • Portability/External Access: At the best of times, portability is nice because it enables flexibility, but at the worst of times (such as in a disaster recovery situation) it is absolutely essential. If your primary site is down, can you still access your documentation? As shown in this chart, traditional storage strategies still dominate DRP documentation, but these aren’t necessarily the best options.
    • Maintainability/Usability: How easy is it to create, update, and use the documentation? Is it easy to link to other documents? Is there version control? The easier the system is to use, the easier it is to get employees to use it.
    • Cost/Effort: Is the cost and effort appropriate? For example, a large enterprise may need a formal solution like SharePoint or a Content Management System. For smaller organizations, the cost of these tools might be harder to justify.

    Consider these approaches:

    This section reviews the following approaches, their pros and cons, and how they meet publishing and document management requirements:

    • SOP tools.
    • Cloud-based content management software.
    • In-house solutions combining SharePoint and MS Office (or equivalent).
    • Wiki site.
    • “Manual” approaches such as storing documents on a USB drive.
    Chart depicting the portable strategy popularity, followed by a key defining the colours on the graph

    Source: Info-Tech Research Group; N=118

    Note: Percentages total more than 100% due to respondents using more than one portability strategy.

    Develop a content management strategy and process to reduce organizational risk

    CASE STUDY

    Segment

    Mid-market company

    Source

    Info-Tech Interview

    Situation

    • A mid-sized company hired a technical consultancy to manage its network.
    • As part of this move, the company’s network administrator was fired.
    • Over time, this administrator had become a “go-to” person for several other IT functions.

    Complication

    • The consulting team realizes that the network administrator kept critical documentation on his local hard drive.
    • This includes configs, IP addresses, passwords, logins to vendor accounts, and more.
    • It becomes clear the administrator was able to delete some of this information before leaving, which the consultants are required to retrieve and re-document.

    Result

    • Failing to implement effective SOPs for document management and terminating key IT staff exposed the organization to unnecessary risk and additional costs.
    • Allowing a local content management system to develop created a serious security risk.
    • The bottom line: create a secure, centralized, and backed-up location and establish SOPs around using it to help keep the company’s data safe.

    Info-Tech offers a web-based policy management solution with process management capabilities

    Role How myPolicies helps you
    Policy Sponsors
    • CEO
    • Board of Directors

    Reduced Corporate Risk

    Avoid being issued a regulatory fine or sanction that could jeopardize operations or hurt brand image.

    Policy Reviewers
    • Internal Audit
    • Compliance
    • Risk
    • Legal

    A Culture of Compliance

    Adherence with regulatory requirements as well as documented audit trail of all critical policy activities.

    Policy Owners
    • HR
    • IT
    • Finance
    • Operations

    Less Administrative Burden

    Automation and simplification of policy creation, distribution, and tracking.

    Policy Users
    • Employees
    • Vendors
    • Contractors

    Policy Clarity

    Well-written policies are stored in one reliable, easy to navigate location.

    About this Approach:

    myPolicies is a web-based solution to create, distribute, and manage corporate policies, procedures, and forms, built around best practices identified by our research.

    Contact your Account Manager today to find out if myPolicies is right for you.

    SOP software and DR planning tools can help, but they aren’t a silver bullet

    Portability/External Access:
    • Pros: Typically have a SaaS option, providing built-in external access with appropriate security and user administration to vary access rights.
    • Cons: Dependent on the vendor to ensure external access, but this is typically not an issue.
    Maintainability/Usability:
    • Pros: Built-in templates encourage consistency as well as guide initial content development by indicating what details need to be captured.
    • Pros: Built-in document management (e.g. version control, metadata support, etc.), centralized access/navigation to required documents, and some automation (e.g. update contacts throughout the system).
    • Cons: Not a silver bullet. You still have to do the work to define and capture your processes.
    • Cons: Requires end-user and administrator training.
    • Cons: Often modules of larger software suites. If you use the entire suite, it may make sense to use the SOP tool, but otherwise probably not.
    Cost/Effort:
    • Pros: For large enterprises, the convenience of built-in document management and templates can outweigh the cost.
    • Cons: SOP tools can be costly. Expect to pay at least $3,000-7,000 for software licensing, plus additional per user and hosting fees.
    About this Approach:

    SOP tools such as Princeton Center’s SOP ExpressTM and SOP Tracks or MasterControl’s SOP Management and eSOP allow organizations to create, manage, and access SOPs. These programs typically offer a range of SOP templates and formats, electronic signatures, version control, and review options and training features such as quizzes and monitoring.

    Similarly, DR planning solutions (e.g. eBRP, Recovery Planner, LDRPS, etc.) provide templates, tools, and document management to create DR documentation including SOPs.

    Consider leveraging SharePoint to provide document management capabilities

    Portability/External Access:
    • Pros: SharePoint is commonly web-enabled and supports external access with appropriate security and user administration.
    • Cons: Must be installed at redundant sites or be cloud-based to be effective in the event of a worst-case scenario disaster recovery situation in which the primary data center is down.
    Maintainability/Usability:
    • Pros: Built-in document management (e.g. version control, metadata support, etc.) as well as centralized access to required documents.
    • Pros: No tool learning curve – SharePoint and MS Office would be existing solutions already used on a daily basis.
    • Cons: No built-in automated updates (e.g. automated updates to contacts throughout the system).
    • Cons: Consistency depends on creating templates and implementing processes for document updates, review, and approval.
    Cost/Effort:
    • Pros: Using existing tools, so this is a sunk cost in terms of capex.
    • Cons: Additional effort required to create templates and manage the documentation library.

    For more information on SharePoint as a content management solution, see Info-Tech’s Use SharePoint for Enterprise Content Management.

    About this Approach:

    Most SOP documents start as MS Office documents, even if there is an SOP tool available (some SOP tools actually run within MS Office on the desktop). For organizations that decide to bypass a formal SOP tool, the biggest gap they have to overcome is document management.

    Many organizations are turning to SharePoint to meet this need. For those that already have SharePoint in place, it makes sense to further leverage SharePoint for SOP documentation.

    For SharePoint to be a practical solution, the documentation must still be accessible if the primary data center is down, e.g. by having redundant SharePoint instance at multiple in-house locations or using a cloud-based SharePoint solution.

    As an alternative to SharePoint, SaaS tools such as Power DMS, NetDocuments, Xythos on Demand, Knowledge Tree, Spring CM, and Zoho Docs offer cloud-based document management, authoring, and distribution services that can work well for SOPs. Some of these, such as Power DMS and Spring CM, are geared specifically toward workflows.

    A wiki may be all you need

    Portability/External Access:
    • Pros: Wiki sites can support external access as with any web solution.
    • Cons: May lack more sophisticated content management features.
    Maintainability/Usability:
    • Pros: Built-in document management (e.g. version control, metadata support, etc.) as well as centralized access to required information.
    • Pros: Authorized users can make updates dynamically, depending on how much restriction you have on the site.
    • Cons: No built-in automation (e.g. automated updates to contacts throughout the system).
    • Cons: Consistency depends on creating templates and implementing processes for document updates, review, and approval.
    Cost/Effort:
    • Pros: An inexpensive option compared to traditional content management solutions such as SharePoint.
    • Cons: Learning curve if wikis are new to your organization.
    About this Approach:

    Wiki sites are websites where users collaborate to create and edit the content. Wikipedia is an example.

    While wiki sites are typically used for collaboration and dynamic content development, the traditional collaborative authoring model can be restricted to provide structure and an approval process.

    Several tools are available to create and manage wiki sites (and other collaboration solutions), as outlined in the following research:

    An approach that I’ve seen work well is to consult the wiki for any task, activity, job, etc. Is it documented? If not, then document it there and then. Sure, this led to 6-8 weeks of huge effort, but the documentation grew in terms of volume and quality at an alarming but pleasantly surprising rate. Providing an environment to create the documentation is important and a wiki is ideal. Fast, lightweight, in-browser editing leads to little resistance in creating documents.

    - Lee Blackwell, Global IT Operation Services Manager, Avid Technology

    Managing SOPs on a shared network drive involves major challenges and limitations

    Portability/External Access:
    • Cons: Must be hosted at redundant sites in order to be effective in a worst-case scenario that takes down your data center.
    Maintainability/Usability:
    • Pros: Easy to implement and no learning curve.
    • Pros: Access can be easily managed.
    • Cons: Version control, standardization, and document management can be significant challenges.
    Cost/Effort:
    • Pros: Little to no cost and no tool management required.
    • Cons: Managing documents on a shared network drive requires strict attention to process for version control, updates, approvals, and distribution.
    About this Approach:

    With this strategy, SOP documents are stored and managed locally on a shared network drive. Only process owners and administrators have read-write permissions on documents on the shared drive.

    The administrator grants access and manages security permissions.

    Info-Tech Insight

    For small organizations, the shared network drive approach can work, but this is ultimately a short-term solution. Move to an online library by creating a wiki site. Start slow by beginning with a particular department or project, then evaluate how well your staff adapt to this technology as well as its potential effectiveness in your organization. Refer to the Info-Tech collaboration strategy research cited on the previous slide for additional guidance.

    Avoid extensive use of paper copies of SOP documentation

    SOP documents need to be easy to update, accessible from anywhere, and searchable. Paper doesn’t meet these needs.

    Portability/External Access:
    • Pros: Does not rely on technology or power.
    • Cons: Not adequate for disaster recovery situations; would require all staff to have a copy and to have it with them at all times.
    Maintainability/Usability:
    • Pros: In terms of usability, again there is no dependence on technology.
    • Cons: Updates need to be printed and distributed to all relevant staff every time there is a change to ensure staff have access to the latest most accurate documentation.
    • Cons: Navigation to other information is manual – flipping through pages etc. No searching or hyperlinks.
    Cost/Effort:
    • Pros: No technology system to maintain, aside from what you use for printing.
    • Cons: Printing expenses are actually among the highest incurred by organizations and this adds to it.
    • Cons: Labor-intensive due to need to print and physically distribute documentation updates.
    About this Approach

    Traditionally, SOPs were printed and kept somewhere in a large binder (or several large binders). This isn’t adequate to the needs of most organizations and typically results in documents that aren’t up to date or effective.

    Use Info-Tech’s solution evaluation tool to decide on a publishing and document management strategy

    All organizations have existing document management methodologies, even if it’s simply storing documents on a network drive.

    Use Info-Tech’s solution evaluation tool to decide whether your existing solution meets the portability/external access, maintainability/usability, and cost/effort criteria, or whether you need to explore a different option.

    Note: This tool was originally built to evaluate DRP publishing options, so the tool name and terminology refers to DR. However, the same tool can be used to evaluate general SOP publishing and document management solutions.

    The image is a screenshot of Info-Tech's evaluation tool
    Consider using Info-Tech’s DRP Publishing and Document Management Solution Evaluation Tool.

    Info-Tech Insight

    There is no absolute ranking for possible solutions. The right choice will depend on factors such as current in-house tools, maturity around document management, the size of your IT department, and so on. For example, a small shop may do very well with the USB drive strategy, whereas a multi-national company will need a more formal strategy to ensure consistent application of corporate guidelines.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1

    Decide on a publishing and document management strategy

    Review the pros and cons of different strategies for publishing and document management. Identify needs, priorities, and limitations of your environment. Create a shortlist of options that can meet your organization’s needs and priorities.

    3.2

    Complete the solution evaluation tool

    Evaluate solutions on the shortlist to identify the strongest option for your organization, based on the criteria of maintainability, affordability, effort to implement, and accessibility/portability.

    Insight breakdown

    Create visual documents, not dense SOP manuals.

    • Visual documents that can be scanned are more usable and easier to update.
    • Flowcharts, checklists, and diagrams all have their place in visual documentation.

    Start with high-impact SOPs.

    • It can be difficult to decide where to start when faced with a major documentation backlog.
    • Focus first on client facing and high-impact SOPs, i.e. mission-critical operations, service management, and disaster recovery procedures.

    Integrate SOP creation into project requirements and hold staff accountable.

    • Holding staff accountable does not provide all the benefits of a well documented and maintained SOP, but it minimizes procrastination, so the work is ultimately done in a more timely manner.

    Summary of accomplishment

    Knowledge Gained

    SOPs may not be exciting, but they’re very important to organizational consistency, efficiency, and improvement.

    This blueprint outlined how to:

    • Prioritize and execute SOP documentation work.
    • Establish a sustainable process for creating and maintaining SOP documentation.
    • Choose a content management solution for best fit.

    Processes Optimized

    • Multiple processes supporting mission-critical operations, service management, and disaster recovery were documented. Gaps in those processes were uncovered and addressed.
    • In addition, your process for maintaining process documents was improved, including adding documentation requirements and steps requiring documentation approval.

    Deliverables Completed

    As part of completing this project, the following deliverables were completed:

    • Standard Operating Procedures Workbook
    • Standard Operating Procedures Project Roadmap Tool
    • Document Management Checklist
    • Publishing and Document Management Solution Evaluation Tool

    Project step summary

    Client Project: Create and maintain visual SOP documentation.

    1. Prioritize undocumented SOPs.
    2. Develop visual SOP documentation.
    3. Optimize and document critical processes.
    4. Establish guidelines for identifying and organizing SOPs.
    5. Define a process for documenting and maintaining SOPs.
    6. Plan time with experts to put a dent in your documentation backlog.
    7. Understand the options for content management solutions.
    8. Identify the right content management solution for your organization.

    Info-Tech Insight

    This project has the ability to fit the following formats:

    • Onsite workshop by Info-Tech Research Group consulting analysts.
    • Do-it-yourself with your team.
    • Remote delivery (Info-Tech Guided Implementation).

    Bibliography

    Anderson, Chris. “What is a Standard Operating Procedure (SOP)?” Bizmanualz, Inc. No date. Web. 25 Jan. 2016. https://www.bizmanualz.com/save-time-writing-procedures/what-are-policies-and-procedures-sop.html

    Grusenmeyer, David. “Developing Effective Standard Operating Procedures.” Dairy Business Management. 1 Feb. 2003. Web. 25 Jan. 2016. https://ecommons.cornell.edu/handle/1813/36910

    Mosaic. “The Value of Standard Operating Procedures.” 22 Oct. 2012. Web. 25 Jan. 2016. ttp://www.mosaicprojects.com.au/WhitePapers/WP1086_Standard_Operating_Procedures.pdf

    Sinn, John W. “Lean, Six Sigma, Quality Transformation Toolkit (LSSQTT) Tool #17 Courseware Content – Standard Operating Procedures (SOP) For Lean and Six Sigma: Infrastructure for Understanding Process.” Summer 2006. Web. 25 Jan. 2016. https://www.bgsu.edu/content/dam/BGSU/college-of-technology/documents/LSSQTT/LSSQTT%20Toolkit/toolkit3/LSSQTT-Tool-17.pdf

    United States Environmental Protection Agency. “Guidance for Preparing Standard Operating Procedures (SOPs).” April 2007. Web. 25 Jan. 2016. http://www.epa.gov/sites/production/files/2015-06/documents/g6-final.pdf

    Develop and Deploy Security Policies

    • Buy Link or Shortcode: {j2store}256|cart{/j2store}
    • member rating overall impact (scale of 10): 9.5/10 Overall Impact
    • member rating average dollars saved: $19,953 Average $ Saved
    • member rating average days saved: 19 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • Employees are not paying attention to policies. Awareness and understanding of what the security policy’s purpose is, how it benefits the organization, and the importance of compliance are overlooked when policies are distributed.
    • Informal, un-rationalized, ad hoc policies do not explicitly outline responsibilities, are rarely comprehensive, and are difficult to implement, revise, and maintain.
    • Data breaches are still on the rise and security policies are not shaping good employee behavior or security-conscious practices.
    • Adhering to security policies is rarely a priority to users as compliance often feels like an interference to daily workflow. For a lot of organizations, security policies are not having the desired effect.

    Our Advice

    Critical Insight

    • Creating good policies is only half the solution. Having a great policy management lifecycle will keep your policies current, effective, and compliant.
    • Policies must be reasonable, auditable, enforceable, and measurable. If the policy items don’t meet these requirements, users can’t be expected to adhere to them. Focus on developing policies to be quantified and qualified for them to be relevant.

    Impact and Result

    • Save time and money using the templates provided to create your own customized security policies mapped to the Info-Tech framework, which incorporates multiple industry best-practice frameworks (NIST, ISO, SOC2SEC, CIS, PCI, HIPAA).

    Develop and Deploy Security Policies Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Develop and Deploy Security Policies Deck – A step-by-step guide to help you build, implement, and assess your security policy program.

    Our systematic approach will ensure that all identified areas of security have an associated policy.

  • Develop the security policy program.
  • Develop and implement the policy suite.
  • Communicate the security policy program.
  • Measure the security policy program.
    • Develop and Deploy Security Policies – Phases 1-4

    2. Security Policy Prioritization Tool – A structured tool to help your organization prioritize your policy suite to ensure that you are addressing the most important policies first.

    The Security Policy Prioritization Tool assesses the policy suite on policy importance, ease to implement, and ease to enforce. The output of this tool is your prioritized list of policies based on our policy framework.

    • Security Policy Prioritization Tool

    3. Security Policy Assessment Tool – A structured tool to assess the effectiveness of policies within your organization and determine recommended actions for remediation.

    The Security Policy Assessment Tool assesses the policy suite on policy coverage, communication, adherence, alignment, and overlap. The output of this tool is a checklist of remediation actions for each individual policy.

    • Security Policy Assessment Tool

    4. Security Policy Lifecycle Template – A customizable lifecycle template to manage your security policy initiatives.

    The Lifecycle Template includes sections on security vision, security mission, strategic security and policy objectives, policy design, roles and responsibilities for developing security policies, and organizational responsibilities.

    • Security Policy Lifecycle Template

    5. Policy Suite Templates – A best-of-breed templates suite mapped to the Info-Tech framework you can customize to reflect your organizational requirements and acquire approval.

    Use Info-Tech's security policy templates, which incorporate multiple industry best-practice frameworks (NIST, ISO, SOC2SEC, CIS, PCI, HIPAA), to ensure that your policies are clear, concise, and consistent.

    • Acceptable Use of Technology Policy Template
    • Application Security Policy Template
    • Asset Management Policy Template
    • Backup and Recovery Policy Template
    • Cloud Security Policy Template
    • Compliance and Audit Management Policy Template
    • Data Security Policy Template
    • Endpoint Security Policy Template
    • Human Resource Security Policy Template
    • Identity and Access Management Policy Template
    • Information Security Policy Template
    • Network and Communications Security Policy Template
    • Physical and Environmental Security Policy Template
    • Security Awareness and Training Policy Template
    • Security Incident Management Policy Template
    • Security Risk Management Policy Template
    • Security Threat Detection Policy Template
    • System Configuration and Change Management Policy Template
    • Vulnerability Management Policy Template

    6. Policy Communication Plan Template – A template to help you plan your approach for publishing and communicating your policy updates across the entire organization.

    This template helps you consider the budget time for communications, identify all stakeholders, and avoid scheduling communications in competition with one another.

    • Policy Communication Plan Template

    7. Security Awareness and Training Program Development Tool – A tool to help you identify initiatives to develop your security awareness and training program.

    Use this tool to first identify the initiatives that can grow your program, then as a roadmap tool for tracking progress of completion for those initiatives.

    • Security Awareness and Training Program Development Tool

    Infographic

    Workshop: Develop and Deploy Security Policies

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define the Security Policy Program

    The Purpose

    Define the security policy development program.

    Formalize a governing security policy lifecycle.

    Key Benefits Achieved

    Understanding the current state of policies within your organization.

    Prioritizing list of security policies for your organization.

    Being able to defend policies written based on business requirements and overarching security needs.

    Leveraging an executive champion to help policy adoption across the organization.

    Formalizing the roles, responsibilities, and overall mission of the program.

    Activities

    1.1 Understand the current state of policies.

    1.2 Align your security policies to the Info-Tech framework for compliance.

    1.3 Understand the relationship between policies and other documents.

    1.4 Prioritize the development of security policies.

    1.5 Discuss strategies to leverage stakeholder support.

    1.6 Plan to communicate with all stakeholders.

    1.7 Develop the security policy lifecycle.

    Outputs

    Security Policy Prioritization Tool

    Security Policy Prioritization Tool

    Security Policy Lifecycle Template

    2 Develop the Security Policy Suite

    The Purpose

    Develop a comprehensive suite of security policies that are relevant to the needs of the organization.

    Key Benefits Achieved

    Time, effort, and money saved by developing formally documented security policies with input from Info-Tech’s subject-matter experts.

    Activities

    2.1 Discuss the risks and drivers your organization faces that must be addressed by policies.

    2.2 Develop and customize security policies.

    2.3 Develop a plan to gather feedback from users.

    2.4 Discuss a plan to submit policies for approval.

    Outputs

    Understanding of the risks and drivers that will influence policy development.

    Up to 14 customized security policies (dependent on need and time).

    3 Implement Security Policy Program

    The Purpose

    Ensure policies and requirements are communicated with end users, along with steps to comply with the new security policies.

    Improve compliance and accountability with security policies.

    Plan for regular review and maintenance of the security policy program.

    Key Benefits Achieved

    Streamlined communication of the policies to users.

    Improved end user compliance with policy guidelines and be better prepared for audits.

    Incorporate security policies into daily schedule, eliminating disturbances to productivity and efficiency.

    Activities

    3.1 Plan the communication strategy of new policies.

    3.2 Discuss myPolicies to automate management and implementation.

    3.3 Incorporate policies and processes into your security awareness and training program.

    3.4 Assess the effectiveness of security policies.

    3.5 Understand the need for regular review and update.

    Outputs

    Policy Communication Plan Template

    Understanding of how myPolicies can help policy management and implementation.

    Security Awareness and Training Program Development Tool

    Security Policy Assessment Tool

    Action plan to regularly review and update the policies.

    Further reading

    Develop and Deploy Security Policies

    Enhance your overall security posture with a defensible and prescriptive policy suite.

    Analyst Perspective

    A policy lifecycle can be the secret sauce to managing your policies.

    A policy for policy’s sake is useless if it isn’t being used to ensure proper processes are followed. A policy should exist for more than just checking a requirement box. Policies need to be quantified, qualified, and enforced for them to be relevant.

    Policies should be developed based on the use cases that enable the business to run securely and smoothly. Ensure they are aligned with the corporate culture. Rather than introducing hindrances to daily operations, policies should reflect security practices that support business goals and protection.

    No published framework is going to be a perfect fit for any organization, so take the time to compare business operations and culture with security requirements to determine which ones apply to keep your organization secure.

    Photo of Danny Hammond, Research Analyst, Security, Risk, Privacy & Compliance Practice, Info-Tech Research Group. Danny Hammond
    Research Analyst
    Security, Risk, Privacy & Compliance Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge
    • Security breaches are damaging and costly. Trying to prevent and respond to them without robust, enforceable policies makes a difficult situation even harder to handle.
    • Informal, un-rationalized, ad hoc policies are ineffective because they do not explicitly outline responsibilities and compliance requirements, and they are rarely comprehensive.
    • Without a strong lifecycle to keep policies up to date and easy to use, end users will ignore or work around poorly understood policies.
    • Time and money is wasted dealing with preventable security issues that should be pre-emptively addressed in a comprehensive corporate security policy program.
    Common Obstacles

    InfoSec leaders will struggle to craft the right set of policies without knowing what the organization actually needs, such as:

    • The security policies needed to safeguard infrastructure and resources.
    • The scope the security policies will cover within the organization.
    • The current compliance and regulatory obligations based on location and industry.
    InfoSec leaders must understand the business environment and end-user needs before they can select security policies that fit.
    Info-Tech’s Approach

    Info-Tech’s Develop and Deploy Security Policies takes a multi-faceted approach to the problem that incorporates foundational technical elements, compliance considerations, and supporting processes:

    • Assess what security policies currently exist within the organization and consider additional secure policies.
    • Develop a policy lifecycle that will define the needs, develop required documentation, and implement, communicate, and measure your policy program.
    • Draft a set of security policies mapped to the Info-Tech framework, which incorporates multiple industry best-practice frameworks (NIST, ISO, SOC2SEC, CIS, PCI, HIPAA).

    Info-Tech Insight

    Creating good policies is only half the solution. Having a great policy management lifecycle will keep your policies current, effective, and compliant.

    Your Challenge

    This research is designed to help organizations design a program to develop and deploy security policies

    • A security policy is a formal document that outlines the required behavior and security controls in place to protect corporate assets.
    • The development of policy documents is an ambitious task, but the real challenge comes with communication and enforcement.
    • A good security policy allows employees to know what is required of them and allows management to monitor and audit security practices against a standard policy.
    • Unless the policies are effectively communicated, enforced, and updated, employees won’t know what’s required of them and will not comply with essential standards, making the policies powerless.
    • Without a good policy lifecycle in place, it can be challenging to illustrate the key steps and decisions involved in creating and managing a policy.

    The problem with security policies

    29% Of IT workers say it's just too hard and time consuming to track and enforce.

    25% Of IT workers say they don’t enforce security policies universally.

    20% Of workers don’t follow company security policies all the time.

    (Source: Security Magazine, 2020)

    Common obstacles

    The problem with security policies isn’t development; rather, it’s the communication, enforcement, and maintenance of them.

    • Employees are not paying attention to policies. Awareness and understanding of what the security policy’s purpose is, how it benefits the organization, and the importance of compliance are overlooked when policies are distributed.
    • Informal, un-rationalized, ad hoc policies do not explicitly outline responsibilities, are rarely comprehensive, and are difficult to implement, revise, and maintain.
    • Date breaches are still on the rise and security policies are not shaping good employee behavior or security-conscious practices.
    • Adhering to security policies is rarely a priority to users as compliance often feels like an interference to daily workflow. For a lot of organizations, security policies are not having the desired effect.
    Bar chart of the 'Average cost of a data breach' in years '2019-20', '20-21', and '21-22'.
    (Source: IBM, 2022 Cost of a Data Breach; n=537)

    Reaching an all-time high, the cost of a data breach averaged US$4.35 million in 2022. This figure represents a 2.6% increase from last year, when the average cost of a breach was US$4.24 million. The average cost has climbed 12.7% since 2020.

    Info-Tech’s approach

    The right policy for the right audience. Generate a roadmap to guide the order of policy development based on organizational policy requirements and the target audience.

    Actions

    1. Develop policy lifecycle
    2. Identify compliance requirements
    3. Understand which policies need to be developed, maintained, or decommissioned
    I. Define Security Policy Program

    a) Security policy program lifecycle template

    b) Policy prioritization tool
    Clockwise cycle arrows at the centre of the table. II. Develop & Implement Policy Suite

    a) Policy template set

    Policies must be reasonable, auditable, enforceable, and measurable. Policy items that meet these requirements will have a higher level of adherence. Focus on efficiently creating policies using pre-developed templates that are mapped to multiple compliance frameworks.

    Actions

    1. Differentiate between policies, procedures, standards, and guidelines
    2. Draft policies from templates
    3. Review policies, including completeness
    4. Approve policies
    Gaining feedback on policy compliance is important for updates and adaptation, where necessary, as well as monitoring policy alignment to business objectives.

    Actions

    1. Enforce policies
    2. Measure policy effectiveness
    IV. Measure Policy Program

    a) Security policy tracking tool

    III. Communicate Policy Program

    a) Security policy awareness & training tool

    b) Policy communication plan template
    Awareness and training on security policies should be targeted and must be relevant to the employees’ jobs. Employees will be more attentive and willing to incorporate what they learn if they feel that awareness and training material was specifically designed to help them.

    Actions

    1. Identify any changes in the regulatory and compliance environment
    2. Include policy awareness in awareness and training programs
    3. Disseminate policies
    Build trust in your policy program by involving stakeholder participation through the entire policy lifecycle.

    Blueprint benefits

    IT/InfoSec Benefits

    • Reduces complexity within the policy creation process by using a single framework to align multiple compliance regimes.
    • Introduces a roadmap to clearly educate employees on the do’s and don’ts of IT usage within the organization.
    • Reduces costs and efforts related to managing IT security and other IT-related threats.

    Business Benefits

    • Identifies and develops security policies that are essential to your organization’s objectives.
    • Integrates security into corporate culture while maximizing compliance and effectiveness of security policies.
    • Reduces security policy compliance risk.

    Key deliverable:

    Security Policy Templates

    Templates for policies that can be used to map policy statements to multiple compliance frameworks.

    Sample of Security Policy Templates.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Security Policy Prioritization Tool

    The Info-Tech Security Policy Prioritization Tool will help you determine which security policies to work on first.
    Sample of the Security Policy Prioritization Tool.
    Sample of the Security Policy Assessment Tool.

    Security Policy Assessment Tool

    Info-Tech's Security Policy Assessment Tool helps ensure that your policies provide adequate coverage for your organization's security requirements.

    Measure the value of this blueprint

    Phase

    Purpose

    Measured Value

    Define Security Policy Program Understand the value in formal security policies and determine which policies to prepare to update, eliminate, or add to your current suite. Time, value, and resources saved with guidance and templates:
    1 FTE*3 days*$80,000/year = $1,152
    Time, value, and resources saved using our recommendations and tools:
    1 FTE*2 days*$80,000/year = $768
    Develop and Implement the Policy Suite Select from an extensive policy template offering and customize the policies you need to optimize or add to your own policy program. Time, value, and resources saved using our templates:
    1 consultant*15 days*$150/hour = $21,600 (if starting from scratch)
    Communicate Security Policy Program Use Info-Tech’s methodology and best practices to ensure proper communication, training, and awareness. Time, value, and resources saved using our training and awareness resources:
    1 FTE*1.5 days*$80,000/year = $408
    Measure Security Policy Program Use Info-Tech’s custom toolkits for continuous tracking and review of your policy suite. Time, value, and resources saved by using our enforcement recommendations:
    2 FTEs*5 days*$160,000/year combined = $3,840
    Time, value, and resources saved by using our recommendations rather than an external consultant:
    1 consultant*5 days*$150/hour = $7,200

    After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

    Overall Impact

    9.5 /10

    Overall Average $ Saved

    $29,015

    Overall Average Days Saved

    25

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is six to ten calls over the course of two to four months.

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    Call #1: Scope security policy requirements, objectives, and any specific challenges.

    Call #2: Review policy lifecycle; prioritize policy development.

    Call #3: Customize the policy templates.

    Call #4: Gather feedback on policies and get approval.

    Call #5: Communicate the security policy program.

    Call #6: Develop policy training and awareness programs.

    Call #7: Track policies and exceptions.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889
    Day 1 Day 2 Day 3 Day 4 Day 5
    Define the security policy program
    Develop the security policy suite
    Develop the security policy suite
    Implement security policy program
    Finalize deliverables and next steps
    Activities

    1.1 Understand the current state of policies.

    1.2 Align your security policies to the Info-Tech framework for compliance.

    1.3 Understand the relationship between policies and other documents.

    1.4 Prioritize the development of security policies.

    1.5 Discuss strategies to leverage stakeholder support.

    1.6 Plan to communicate with all stakeholders.

    1.7 Develop the security policy lifecycle.

    2.1 Discuss the risks and drivers your organization faces that must be addressed by policies.

    2.2 Develop and customize security policies.

    2.1 Discuss the risks and drivers your organization faces that must be addressed by policies (continued).

    2.2 Develop and customize security policies (continued).

    2.3 Develop a plan to gather feedback from users.

    2.4 Discuss a plan to submit policies for approval.

    3.1 Plan the communication strategy for new policies.

    3.2 Discuss myPolicies to automate management and implementation.

    3.3 Incorporate policies into your security awareness and training program.

    3.4 Assess the effectiveness of policies.

    3.5 Understand the need for regular review and update.

    4.1 Review customized lifecycle and policy templates.

    4.2 Discuss the plan for policy roll out.

    4.3 Schedule follow-up Guided Implementation calls.

    Deliverables
    1. Security Policy Prioritization Tool
    2. Security Policy Lifecycle
    1. Security Policies (approx. 9)
    1. Security Policies (approx. 9)
    1. Policy Communication Plan
    2. Security Awareness and Training Program Development Tool
    3. Security Policy Assessment Tool
    1. All deliverables finalized

    Develop and Deploy Security Policies

    Phase 1

    Define the Security Policy Program

    Phase 1

    1.1 Understand the current state

    1.2 Align your security policies to the Info-Tech framework

    1.3 Document your policy hierarchy

    1.4 Prioritize development of security policies

    1.5 Leverage stakeholders

    1.6 Develop the policy lifecycle

    Phase 2

    2.1 Customize policy templates

    2.2 Gather feedback from users on policy feasibility

    2.3 Submit policies to upper management for approval

    Phase 3

    3.1 Understand the need for communicating policies

    3.2 Use myPolicies to automate the management of your security policies

    3.3 Design, build, and implement your communications plan

    3.4 Incorporate policies and processes into your training and awareness programs

    Phase 4

    4.1 Assess the state of security policies

    4.2 Identify triggers for regular policy review and update

    4.3 Develop an action plan to update policies

    This phase will walk you through the following activities:

    • Understand the current state of your organization’s security policies.
    • Align your security policies to the Info-Tech framework for compliance.
    • Prioritize the development of your security policies.
    • Leverage key stakeholders to champion the policy initiative.
    • Inform all relevant stakeholders of the upcoming policy program.
    • Develop the security policy lifecycle.

    1.1 Understand the current state of policies

    Scenario 1: You have existing policies

    1. Use the Security Policy Prioritization Tool to identify any gaps between the policies you already have and those recommended based on your changing business needs.
    2. As your organization undergoes changes, be sure to incorporate new requirements in the existing policies.
    3. Sometimes, you may have more specific procedures for a domain’s individual security aspects instead of high-level policies.
    4. Group current policies into the domains and use the policy templates to create overarching policies where there are none and improve upon existing high-level policies.

    Scenario 2: You are starting from scratch

    1. To get started on new policies, use the Security Policy Prioritization Tool to identify the policies Info-Tech recommends based on your business needs. See the full list of templates in the Appendix to ensure that all relevant topics are addressed.
    2. Whether you’re starting from scratch or have incomplete/ad hoc policies, use Info-Tech’s policy templates to formalize and standardize security requirements for end users.
    Info-Tech Insight

    Policies are living, evolving documents that require regular review and update, so even if you have policies already written, you’re not done with them.

    1.2 Align your security policies to the Info-Tech framework for compliance

    You have an opportunity to improve your employee alignment and satisfaction, improve organizational agility, and obtain high policy adherence. This is achieved by translating your corporate culture into a policy-based compliance culture.

    Align your security policies to the Info-Tech Security Framework by using Info-Tech’s policy templates.

    Info-Tech’s security framework uses a best-of-breed approach to leverage and align with most major security standards, including:
    • ISO 27001/27002
    • COBIT
    • Center for Internet Security (CIS) Critical Controls
    • NIST Cybersecurity Framework
    • NIST SP 800-53
    • NIST SP 800-171

    Info-Tech Security Framework

    Info-Tech Security Framework with policies grouped into categories which are then grouped into 'Governance' and 'Management'.

    1.3 Document your policy hierarchy

    Structuring policy components at different levels allows for efficient changes and direct communication depending on what information is needed.

    Policy hierarchy pyramid with 'Security Policy Lifecycle' on top, then 'Security Policies', then 'IT and/or Supporting Documentation'.

    Defines the cycle for the security policy program and what must be done but not how to do it. Aligns the business, security program, and policies.
    Addresses the “what,” “who,” “when,” and “where.”

    Defines high-level overarching concepts of security within the organization, including the scope, purpose, and objectives of policies.
    Addresses the high-level “what” and “why.”
    Changes when business objectives change.

    Defines enterprise/technology – specific, detailed guidelines on how to adhere to policies.
    Addresses the “how.”
    Changes when technology and processes change.

    Info-Tech Insight

    Design separate policies for different areas of focus. Policies that are written as single, monolithic documents are resistant to change. A hierarchical top-level document supported by subordinate policies and/or procedures can be more rapidly revised as circumstances change.

    1.3.1 Understand the relationship between policies and other documents

    Policy:
    • Provides emphasis and sets direction.
    • Standards, guidelines, and procedures must be developed to support an overarching policy.
    Arrows stemming from the above list, connecting to the three lists below.

    Standard:

    • Specifies uniform method of support for policy.
    • Compliance is mandatory.
    • Includes process, frameworks, methodologies, and technology.
    Two-way horizontal arrow.

    Procedure:

    • Step-by-step instructions to perform desired actions.
    Two-way horizontal arrow.

    Guideline:

    Recommended actions to consider in absence of an applicable standard, to support a policy.
    This model is adapted from a framework developed by CISA (Certified Information Systems Auditor).

    Supporting Documentation

    Considerations for standards

    Standards. These support policies by being much more specific and outlining key steps or processes that are necessary to meet certain requirements within a policy document. Ideally standards should be based on policy statements with a target of detailing the requirements that show how the organization will implement developed policies.

    If policies describe what needs to happen, then standards explain how it will happen.

    A good example is an email policy that states that emails must be encrypted; this policy can be supported by a standard such as Transport Layer Security (TLS) encryption that specifically ensures that all email communication is encrypted for messages “in transit” from one secure email server that has TLS enabled to another.

    There are numerous security standards available that support security policies/programs based on the kind of systems and controls that an organization would like to put in place. A good selection of supporting standards can go a long way to further protect users, data, and other organizational assets
    Key Policies Example Associated Standards
    Access Control Policy
    • Password Management User Standard
    • Account Auditing Standard
    Data Security Policy
    • Cryptography Standard
    • Data Classification Standard
    • Data Handling Standard
    • Data Retention Standard
    Incident Response Policy
    • Incident Response Plan
    Network Security Policy
    • Wireless Connectivity Standard
    • Firewall Configuration Standard
    • Network Monitoring Standard
    Vendor Management Policy
    • Vendor Risk Management Standard
    • Third-Party Access Control Standard
    Application Security Policy
    • Application Security Standard

    1.4 Prioritize development of security policies

    The Info-Tech Security Policy Prioritization Tool will help you determine which security policies to work on first.
    • The tool allows you to prioritize your policies based on:
      • Importance: How relevant is this policy to organizational security?
      • Ease to implement: What is the effort, time, and resources required to write, review, approve, and distribute the policy?
      • Ease to enforce: How much effort, time, and resources are required to enforce the policy?
    • Additionally, the weighting or priority of each variable of prioritization can be adjusted.

    Align policies to recent security concerns. If your organization has recently experienced a breach, it may be crucial to highlight corresponding policies as immediately necessary.

    Info-Tech Insight

    If you have an existing policy that aligns with one of the Info-Tech recommended templates weight Ease to Implement and Ease to Enforce as HIGH (4-5). This will decrease the priority of these policies.

    Sample of the Security Policy Prioritization Tool.

    Download the Security Policy Prioritization Tool

    1.5 Leverage stakeholders to champion policies

    Info-Tech Insight

    While management support is essential to initiating a strong security posture, allow employees to provide input on the development of security policies. This cooperation will lead to easier incorporation of the policies into the daily routines of workers, with less resistance. The security team will be less of a police force and more of a partner.

    Executive champion

    Identify an executive champion who will ensure that the security program and the security policies are supported.

    Focus on risk and protection

    Security can be viewed as an interference, but the business is likely more responsive to the concepts of risk and protection because it can apply to overall business operations and a revenue-generating mandate.

    Communicate policy initiatives

    Inform stakeholders of the policy initiative as security policies are only effective if they support the business requirements and user input is crucial for developing a strong security culture.

    Current security landscape

    Leveraging the current security landscape can be a useful mechanism to drive policy buy-in from stakeholders.

    Management buy-in

    This is key to policy acceptance; it indicates that policies are accurate, align with the business, and are to be upheld, that funds will be made available, and that all employees will be equally accountable.

    Define Your Virtual and Hybrid Event Requirements

    • Buy Link or Shortcode: {j2store}64|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: End-User Computing Applications
    • Parent Category Link: /end-user-computing-applications

    Your organization is considering holding an event online, or has been, but:

    • The organization (both on the business and IT sides) may not have extensive experience hosting events online.
    • It is not immediately clear how your formerly in-person event’s activities translate to a virtual environment.
    • Like the work-from-home transformation, bringing events online instantly expands IT’s role and responsibilities.

    Our Advice

    Critical Insight

    If you don't begin with strategy, you will fit your event to technology, instead of the other way around.

    Impact and Result

    To determine your requirements:

    • Determine the scope of the event.
    • Narrow down your list of technical requirements.
    • Use Info-Tech’s Rapid Application Selection Framework to select the right software solution.

    Define Your Virtual and Hybrid Event Requirements Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define Your Virtual and Hybrid Event Requirements Storyboard – Use this storyboard to work through key decision points involved in creating digital events.

    This deck walks you through key decision points in creating virtual or hybrid events. Then, begin the process of selecting the right software by putting together the first draft of your requirements for a virtual event software solution.

    • Define Your Virtual and Hybrid Event Requirements Storyboard

    2. Virtual Events Requirements Tool – Use this tool to begin selecting your requirements for a digital event solution.

    The business should review the list of features and select which ones are mandatory and which are nice to have or optional. Add any features not included.

    • Virtual/Hybrid Event Software Feature Analysis Tool
    [infographic]

    Further reading

    Define Your Virtual and Hybrid Event Requirements

    Accelerate your event scoping and software selection process.

    Analyst Perspective

    When events go virtual, IT needs to cover its bases.

    The COVID-19 pandemic imposed a dramatic digital transformation on the events industry. Though event ticket and registration software, mobile event apps, and onsite audio/visual technology were already important pieces of live events, the total transformation of events into online experiences presented major challenges to organizations whose regular business operations involve at least one annual mid-sized to large event (association meetings, conferences, trade shows, and more).

    Many organizations worked to shift to online, or virtual events, in order to maintain business continuity. As time went on, and public gatherings began to restart, a shift to “hybrid” events began to emerge—events that accommodate both in-person and virtual attendance. Regardless of event type, this pivot to using virtual event software, or digital event technology, brings events more closely into IT’s areas of responsibility. If you don't begin with strategy, you risk fitting your event to technology, instead of the other way around.

    If virtual and hybrid events are becoming standard forms of delivering content in your organization, use Info-Tech’s material to help define the scope of the event and your requirements, and to support your software selection process.

    Photo of Emily Sugerman
    Emily Sugerman
    Research Analyst, Infrastructure & Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    The organization (both on the business and IT sides) may not have extensive experience hosting events online.

    It is not immediately clear how a formerly in-person event’s activities translate to a virtual environment.

    Like the work-from-home transformation, bringing events online expands IT’s role and responsibilities.

    Common Obstacles

    It is not clear what technological capabilities are needed for the event, which capabilities you already own, and what you may need to purchase.

    Though virtual events remove some barriers to attendance (distance, travel), it introduces new complications and considerations for planners.

    Hybrid events introduce another level of complexity.

    Info-Tech’s Approach

    In order to determine your requirements:

    Determine the scope of the event.

    Narrow down your list of technical requirements.

    Use Info-Tech’s Rapid Application Selection Framework to select the right software solution.

    Info-Tech Insight

    If you don't begin with strategy, you will fit your event to technology, instead of the other way around.

    Your challenge

    The solution you have been using for online events does not meet your needs.

    Though you do have some tools that support large meetings, it is not clear if you require a larger and more comprehensive virtual event solution. There is a need to determine what type of technology you might need to purchase versus leveraging what you already have.

    It is difficult to quickly and practically identify core event requirements and how they translate into technical capabilities.

    Maintaining or improving audience engagement is a perpetual challenge for virtual events.

    38%
    of event professionals consider virtual event technology “a tool for reaching a wider audience as part of a hybrid strategy.”

    21%
    consider it “a necessary platform for virtual events, which remain my go-to event strategy.”

    40%
    prioritize “mid-budget all-in-one event tech solution that will prevent remote attendees from feeling like second-class participants.”

    Source: Virtual Event Tech Guide, 2022

    Common obstacles

    These barriers make this challenge difficult to address for many organizations.

    Events with networking objectives are not always well served by webinars, which are traditionally more limited in their interactive elements.

    Events that include the conducting of organizational/association business (like voting) may have bylaws that make selecting a virtual solution more challenging.

    Maintaining attendee engagement is more challenging in a virtual environment.

    Prior to the pandemic, your organization may not have been as experienced in putting on fully virtual events, putting more responsibility in your corner as IT. Navigating virtual events can also require technological competencies that your attendee userbase may not universally possess.

    Technological limitations and barriers to access can exclude potential attendees just as much as bringing events online can open up attendance to new audiences.

    Opportunity: Virtual events can significantly increase an event’s reach

    Events held virtually during the pandemic noted significant increases in attendees.

    “We had 19,000 registrations from all over the world, almost 50 times the number of people we had expected to host in Amsterdam. . . . Most of this year’s [2020] attendees would not have been able to participate in a physical GrafanaCon in Amsterdam. That was a huge win.” – Raj Dutt, Grafana Labs CEO[5]

    Event In-person Online 2022
    Microsoft Build 2019: 6,000 attendees 2020: 230,000+ registrants[1] The 2022 conference was also held virtually[3]
    Stanford Institute for Human-Centered Artificial Intelligence A few hundred attendees expected for the original (cancelled) 2020 in-person conference 2020: 30,000 attendees attended the “COVID-19 and AI” virtual conference[2] The 2022 Spring Conference was a hybrid event[4]

    [1] Kelly, 2020; [2] Price, 2020; [3] Stanford Digital Economy Lab, 2022; [4] Warren, 2022; [5] Fast Company, 2020

    Info-Tech’s methodology for defining virtual/hybrid event requirements

    A diagram that shows defining event scope, creating list of requirements, and selecting software.

    Event planning phases

    Apply project management principles to your virtual/hybrid event planning process.

    Online event planning should follow the same established principles as in-person event planning.
    Align the event’s concept and objectives with organizational goals.

    A diagram of event planning phases
    Source: Adapted from Event Management Body of Knowledge, CC BY 4.0

    Gather inputs to the planning processes

    Acquire as much of this information as possible before you being the planning process.

    Budget: Determine your organization’s budget for this event to help decide the scope of the event and the purchasing decisions you make as you plan.

    Internal human resources: Identify who in your organization is usually involved in the organization of this event and if they are available to organize this one.

    List of communication and collaboration tools: Acquire the list of the existing communication and collaboration tools you are currently licensed for. Ensure you know the following information about each tool:

    • Type of license
    • License limitations (maximum number of users)
    • Internal or external-facing tool (or capable of both)
    • Level of internal training and competency on the tool

    Decision point: Relate event goals to organizational goals

    What is driving the event?

    Your organization may hold a variety of in-person events that you now wish, for various reasons, to hold fully or partially online. Each event likely has a slightly different set of goals.

    Before getting into the details of how to transition your event online, return to the business/organizational goals the event is serving.

    Ensure each event (and each component of each event) maps back to an organizational goal.

    If a component of the event does not align to an organizational goal, assess whether it should remain as part of the event.

    Common organizational goals

    • Increase revenue
    • Increase productivity
    • Attract and retain talent
    • Improve change management
    • Carry out organizational mission
    • Identify new markets
    • Increase market share
    • Improve customer service
    • Launch new product/service

    Common event goals

    • Education/training
    • Knowledge transfer
    • Decision making
    • Professional development
    • Sales/lead generation
    • Fundraising
    • Entertainment
    • Morale boosting
    • Recognition of achievement

    Decision point: Identify your organization’s digital event vision

    What do you want the outcome of this event to be?

    Attendee goals: Who are your attendees? Why do they attend this event? What attendee needs does your event serve? What is your event’s value proposition? Are they intrinsically or extrinsically motivated to attend?

    Event goals: From the organizer perspective, why do you usually hold this event? Who are your stakeholders?

    Organizational goals: How do the event goals map to your organizational goals? Is there a clear understanding of what the event’s larger strategic purpose is.

    Common attendee goals

    Education: our attendees need to learn something new that they cannot learn on their own.
    Networking: our attendees need to meet people and make new professional connections.
    Professional development: our attendees have certain obligations to keep credentials updated or to present their work publicly to advance their careers.
    Entertainment: our attendees need to have fun.
    Commerce: our attendees need to buy and sell things.

    Decision point: Level of external event production

    Will you be completely self-managed, reliant on external event production services, or somewhere in the middle?

    You can review this after working through the other decision points and the scope becomes clearer.

    A diagram that shows Level of external event production, comparing Completely self-managed vs Fully externally-managed.

    Decision point: Assign event planning roles

    Who will be involved in planning the event? Fill/combine these roles as needed.

    Planning roles Description
    Project manager Shepherd event planning until completion while ensuring project remains on schedule and on budget.
    Event manager Correspond with presenters during leadup to event, communicate how to use online event tools/platform, perform tests with presenters/exhibitors, coordinate digital event staff/volunteers.
    Program planner Select the topics, speakers, activity types, content, streams.
    Designer and copywriter Design the event graphics; compose copy for event website.
    Digital event technologist Determine event technology requirements; determine how event technology fits together; prepare RFP, if necessary, for new hardware/software.
    Platform administrator Set up registration system/integrate registrations into platform(s) of choice; upload video files and collateral; add livestream links; add/delete staff roles and set controls and permissions; collect statistics and recordings after event.
    Commercial partner liaison Recruit sponsors and exhibitors (offer sponsorship packages); facilitate agreement/contract between commercial partners and organization; train commercial partners on how to use event technology; retrieve lead data.
    Marketing/social media Plan and execute promotional campaigns (email, social media) in the lead up to, and during, the event. Post-event, send follow-up communications, recording files, and surveys.

    Decision point: Assign event production roles

    Who will be involved in running the event?

    Event production roles Description
    Hosts/MCs Address attendees at beginning and end of event, and in-between sessions
    Provide continuity throughout event
    Introduce sessions
    Producers Prepare presenters for performance
    Begin and end sessions
    Use controls to share screens, switch between feeds
    Send backchannel messages to presenters (e.g., "Up next," "Look into webcam")
    Moderators Admit attendees from waiting room
    Moderate incoming questions from attendees
    Manage slides
    Pass questions to host/panelists to answer
    Moderate chat
    IT support Manage event technology stack
    Respond to attendee technical issues
    Troubleshoot network connectivity problems
    Ensure audio and video operational
    Start and stop session recording
    Save session recordings and files (chat, Q&As)

    Decision point: Map attendee goals to event goals to organizational goals

    Input: List of attendee benefits, List of event goals, List of organizational goals
    Output: Ranked list of event goals as they relate to attendee needs and organizational goals
    Materials: Whiteboard/flip charts
    Participants: Planning team

    1. Define attendee benefits:
      1. List the attendee benefits derived from your event (as many as possible).
      2. Rank attendee benefits from most to least important.
    2. Define event goals:
      1. List your event goals (as many as possible).
      2. Draw a connecting line to your ranked list of attendee benefits.
      3. Identify if any event goals exist with no clear relationship to attendee benefits. Discuss whether this event goal needs to be re-envisioned. If it connects to no discernible attendee benefits, consider removing it. Otherwise, figure out what attendee benefits the event goal provides.
    3. Define organizational goals:
      1. Acquire a list of your organization’s main strategic goals.
      2. Draw a connecting line from each event goal to the organizational goal it supports.
      3. If most of your event goals do not immediately seem to support an organizational goal, discuss why this is. Try to find the connection. If you cannot, discuss whether the event should proceed or be rethought.

    Decision point: Break down your event into its constituent components

    Identify your event archetype

    Decompose the event into its component parts

    Identify technical requirements that help meet event goals

    Benefits:

    • Clarify how formerly in-person events map to virtual archetypes.
    • Ensure your virtual event planning is anchored to organizational goals from the outset.
    • Streamline your virtual event tech stack planning later.

    Decision point: Determine your event archetype

    Analyze your event’s:

    • Main goals.
    • The components and activities that support those goals.
    • How these components and activities fall into people- vs. content-centric activities, and real-time vs. asynchronous activities.
    1. Conference
    2. Trade show
    3. Annual general meeting
    4. Department meeting
    5. Town hall
    6. Workshop

    A diagram that shows people- vs. content-centric activities, and real-time vs. asynchronous activities

    Info-Tech Insight

    Begin the digital event planning process by understanding how your event’s content is typically consumed. This will help you make decisions later about how best to deliver the content virtually.

    Conference

    Goals: Education/knowledge transfer; professional advancement; networking.

    Major content

    • Call for proposals/circulation of abstracts
    • Keynotes or plenary address: key talk addressed to large audience
    • Panel sessions: multiple panelists deliver address on common theme
    • Poster sessions: staffed/unstaffed booths demonstrate visualization of major research on a poster
    • Association meetings (see also AGM archetype): professional associations hold AGM as one part of a larger conference agenda

    Community

    • Formal networking (happy hours, social outings)
    • Informal networking (hallway track, peer introductions)
    • Business card exchange
    • Pre- and post-event correspondence

    Commercial Partners

    • Booth reps: Publishing or industry representatives exhibit products/discuss collaboration

    A quadrants matrix of conference

    Trade show

    Objectives: Information transfer; sales; lead generation.

    Major content

    • Live booth reps answer questions
    • Product information displayed
    • Promotional/information material distributed
    • Product demonstrations at booths or onstage
    • Product samples distributed to attendees

    Community interactions

    • Statements of intent to buy
    • Lead generation (badge scanning) of booth visitors
    • Business card exchange
    • Pre- and post-event correspondence

    A quadrants matrix of Trade show

    Annual general meeting

    Objectives: Transparently update members; establish governance and alignment.

    Meeting events

    • Updates provided to members on organization’s activities/finances
    • Decisions made regarding organization’s direction
    • Governance over organization established (elections)
    • Speakers addressing large audience from stage
    • In-camera sessions
    • Translation of proceedings
    • Real-time weighted voting
    • Minutes taken during meeting

    Administration

    • Notice given of meeting within mandated time period
    • Agenda circulated prior to meeting
    • Distribution of proxy material
    • Minutes distributed

    A quadrants matrix of Annual general meeting

    Department meeting

    Objectives: Information transfer of company agenda/initiatives; group decision making.

    Major content

    • Agenda circulated prior to meeting
    • Updates provided from senior management/leadership to employees on organization’s initiatives and direction
    • Employee questions and feedback addressed
    • Group decision making
    • Minutes taken during meeting
    • Minutes or follow-up circulated

    A quadrants matrix of department meeting

    Town hall meeting

    Objectives: Update public; answer questions; solicit feedback.

    Major content

    • Public notice of meeting announced
    • Agenda circulated prior to meeting
    • Speakers addressing large audience from stage
    • Presentation of information pertinent to public interest
    • Audience members line up to ask questions/provide feedback
    • Translation of proceedings
    • Recording of meeting archived

    A quadrants matrix of Town hall meeting

    Workshop

    Objectives: Make progress on objective; achieve consensus; knowledge transfer.

    Major content

    • Scheduling of workshop
    • Agenda circulated prior to meeting
    • Facilitator leads group activities
    • Participants develop alignment on project
    • Progress achieved on workshop project
    • Feedback on workshop shared with facilitator

    A quadrants matrix of Workshop

    Decision point: Analyze your event’s purpose and value

    Use the event archetypes to help you identify your event’s core components and value proposition.

    1. Attendee types: Who typically attends your event? Exclusively internal participants? External participants? A mix of the two?
    2. Communication: How do participants usually communicate with each other during this event? How do they communicate with the event organizers? Include both formal types of communication (listening to panel sessions) and informal (serendipitous conversations in the hallway).
    3. Connection: What types of connections do your attendees need to experience? (networking with peers; interactions with booth reps; consensus building with colleagues).
    4. Exchange of material: What kind of material is usually exchanged at this event and between whom? (Pamphlets, brochures, business cards, booth swag).
    5. Engagement: How do you usually retain attendees' attention and make sure they remain engaged throughout the event?
    6. Length: How long does the event typically last?
    7. Location and setup: Where does the event usually take place and who is involved in its setup?
    8. Success metrics: How do you usually measure your event's success?

    Info-Tech Insight

    Avoid trying to exactly reproduce the formerly in-person event online. Instead, identify the value proposition of each event component, then determine what its virtual expression could be.

    Example: Trade show

    Goals: Information transfer; sales; lead generation.

    1. Identify event component(s)
    2. Document its face-to-face expression(s)
    3. Identify the expression’s value proposition
    4. Translate the value proposition to a virtual component that facilitates overall event goal

    Event component

    Face-to-face expression

    Value proposition of component

    Virtual expression

    Attendee types Paying attendees Revenue for event organizer; sales and lead generation for booth rep Access to virtual event space
    Attendee types Booth rep Revenue for event organizer; information source for paying attendees Access to virtual event space
    Communication/connection Conversation between booth rep and attendee Lead generation for booth rep; information to inform decision making for attendee Ability to enter open video breakout session staffed by booth reps OR

    Ability to schedule meeting times with booth rep

    Multiple booth reps on hand to monitor different elements of the booth (one person to facilitate the discussion over video, another to monitor chat and Q&A)
    Communication/connection Serendipitous conversation between attendees Increased attendee contacts; fun Multiple attendees can attend the booth’s breakout session simultaneously and participate in web conferencing, meeting chat, or submit questions to Q&A
    Communication/connection Badges scanned at booth/email sign-up sheets filled out at table Lead generation for exhibitors List of visitors to booth shared with exhibitor (if consent given by attendees)

    Ability for attendees to request to be contacted for more information
    Exchange of material Catering (complimentary coffee, pastries) Obviate the need for attendees to leave the event for refreshments N/A: not included in virtual event
    Exchange of material Pamphlets, product literature, swag Portable information for attendee decision making Downloadable files (pdf)
    Location Responsibility of both the organizers (tables, chairs, venue) and booth reps (posters, handouts) Booth reps need a dedicated space where they can be easily found by attendees and advertise themselves Booth reps need access to virtual platform to upload files, images, provide booth description
    Engagement Attendees able to visit all booths by strolling through space Event organizers have a captive audience who is present in the immediacy of the event site Attendees motivated to stay in the event space and attend booths through gamification strategies (points awarded for number of booths visited or appointments booked)
    Length of event 2 full days Attendees travel to event site and spend the entire 2 days at the event, allowing them to be immersed in the event and absorb as much information in as little time as possible Exhibitors’ visiting hours will be scheduled so they work for both attendees attending in Eastern Standard Time and Pacific Time
    Metrics for success -Positive word of mouth
    -Number of registrations
    These metrics can be used to advertise to future exhibitors and attendees Number of virtual booths visited

    Number of file downloads

    Survey sent to attendees after event (favorite booths, preferred way to interact with exhibitors, suggestions for improvement, most valuable part of experience)

    Plan your metrics

    Use the analytics and reporting features available in your event technology toolset to capture the data you want to measure. Decide how each metric will impact your planning process for the next event.

    Examples of metrics:

    • Number of overall participants/registrants: Did you have more or fewer registrants/attendees than previous iterations of the event? What is the difference between number of registrants and number of real attendees?
    • Locations of participants: Where are people participating from? How many are attending for the first time? Are there new audiences you can pursue next time?
    • Most/least popular sessions: How long did people stay in the sessions and the event overall?
    • Most/least popular breakout rooms and discussion boards: Which topics should be repeated/skipped next time?
    • Social media mentions: Which topics received the most engagement on social media?
    • Surveys: What do participants report enjoying most? Least?
    • Technical failures: Can your software report on failures? Identify what technical problems arose and prepare a plan to mitigate them next time.

    Ensure the data you capture feeds into better planning for the next event

    Determine compliance requirements

    A greater event reach also means new data privacy considerations, depending on the location of your guests.

    General Data Protection Regulation (GDPR)

    Concerns over the collection of personal electronic data may not have previously been a part of your event planning considerations. However, now that your event is online, it’s wise to explore which data protection regulations apply to you. Remember, even if your organization is not located in the EU, if any of your attendees are European data subjects you may still be required to comply with GDPR, which involves the notification of data collected, allowing for opt-out options and the right to have data purged. The data must be collected for a specific purpose; if that purpose is expired, it can no longer be retained. You also have an obligation to report any breaches.

    Accessibility requirements

    What kind of accessibility laws are you subject to (AODA, WCAG2)? Regardless of compliance requirements, it is a good idea to ensure the online event follows accessibility best practices.

    Decision point: Set event policies

    What event policies need to be documented?
    How will you communicate them to attendees?

    Code of conduct

    One trend in the large event and conference space in recent years has been the development of codes of conduct that attendees are required to abide by to continue participating in the event.
    Now that your event is online, consider whether your code of conduct requires updating. Are there new types of appropriate/inappropriate online behavior that you need to define for your attendees?

    Harassment reporting

    If your organization has an event harassment reporting process, determine how this process will transfer over to the digital event.
    Ensure the reporting process has an owner and a clear methodology to follow to deal with complaints, as well as a digital reporting channel (a dedicated email or form) that is only accessed by approved staff to protect sensitive information.

    Develop a risk management plan

    Plan for how you will mitigate technical risks during your virtual event
    Provide presenters with a process to follow if technical problems arise.

    • Presenter’s internet connection cuts out
    • Attendees cannot log in to event platform
    • Attendees cannot hear/see video feed
    • What process will be followed when technical problems occur: ticketing system; chatbot; generic email accessible by all IT support assigned

    Testing/Rehearsal

    Test audio hardware: Ensure speakers use headphones/earbuds and mics (they do not have to be fancy/expensive). Relying on the computer/laptop mic can lead to more ambient noise and potential feedback problems.

    Check lighting: Avoid backlighting. Reposition speakers so they are not behind windows. Ask them to open/close shades. Add lamps as needed.

    Prevent interruptions: Before the event, ask panelists to turn phone and computer notifications to silent. Put a sign on the door saying Do not Disturb.

    Control audience view of screenshare: If your presenters will be sharing their screens, teach them how this works on the platform they are using. Advise them to exit out of any other application that is not part of their presentation, so they do not share the wrong screen unintentionally. Advise them to remove anything from the desktop that they do not want the audience to see, in case their desktop becomes visible at any point.

    Control audience view of physical environment: Before the event, advise participants to turn their cameras on and examine their backgrounds. Remove anything the audience should not be able to see.

    Test network connectivity: Send the presenters a link to a speed test and check their internet speed.

    Emergency contact: Exchange cell phone numbers for emergency backchannel conversations if problems arise on the day of the event.

    Set expectations: Presenting to an online audience feels very different to a live crowd. Prepare presenters for a lack of applause and lack of ability to see their audience, and that this does not mean the presentation was unsuccessful.

    Identify requirements

    To determine what kind of technical requirements you need to build the virtual expression of your event, consult the Virtual Event Platform Requirements Tool.

    1. If you have determined that the requirements you wish to use for the event exceed the capabilities of your existing communication and collaboration toolset, identify whether these gaps tip the scale toward purchasing a new tool. Use the requirement gaps to make the business case for purchasing a new tool.
    2. Use the Virtual Event Platform Requirements Tool to create a list of requirements.
    3. Consult the Software Reviews category for Virtual Event Platform Data Quadrant and Emotional Footprint reports.
    4. Assemble your documentation for approvals and the Rapid Application Selection Process.

    A photo of Detailed Feature Analysis Worksheet.

    Download the Virtual/Hybrid Event Software Feature Analysis Tool

    Rapid Application Selection Framework and Contract Review

    A photo of Rapid Application Selection Framework
    Launch Info-Tech’s Rapid Application Selection Framework.

    Using the requirements you’ve just gathered as a base, use Info-Tech’s complete framework to improve the efficiency and effectiveness of software selection.

    Once you’ve selected a vendor(s), review the contract. Does it define an exit strategy? Does it define when your data will be deleted? Does it set service-level agreements that you find acceptable? Leverage Info-Tech’s contract review service once you have selected the virtual event solution and have received a contract from the vendor.

    Further research

    Photo of Run Better Meetings
    Run Better Meetings

    Bibliography

    Dutt, Raj. “7 Lessons from This Company’s First-Ever Virtual Conference.” Fast Company, 29 Jul 2020. Web.

    Kelly, Samantha Murphy. “Microsoft Build Proves Splashy Tech Events Can Thrive Online.” CNN, 21 May 2020. Web.

    “Phases.” Event Management Body of Knowledge (EMBOK), n.d. Web.

    Price, Michael. “As COVID-19 Forces Conferences Online, Scientists Discover Upsides of Virtual Format.” Science, 28 Apr 2020. Web.

    “Stanford HAI Spring Conference - Key Advances in Artificial Intelligence.” Stanford Digital Economy Lab, 2022. Web.

    “Virtual Event Tech Guide 2022.” Skift Meetings, April 2022. Web.

    Warren, Tom. “Microsoft Build 2022 Will Take Place May 24th–26th.” The Verge, 30 March 2022. Web.

    Contributors

    6 anonymous contributors

    Initiate Your Service Management Program

    • Buy Link or Shortcode: {j2store}398|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Service Management
    • Parent Category Link: /service-management
    • IT organizations continue attempting to implement service management, often based on ITIL, with limited success and without visible value.
    • More than half of service management implementations have failed beyond simply implementing the service desk and the incident, change, and request management processes.
    • Organizational structure, goals, and cultural factors are not considered during service management implementation and improvement.
    • The business lacks engagement and understanding of service management.

    Our Advice

    Critical Insight

    • Service management is an organizational approach. Focus on producing successful and valuable services and service outcomes for the customers.
    • All areas of the organization are accountable for governing and executing service management. Ensure that you create a service management strategy that improves business outcomes and provides the value and quality expected.

    Impact and Result

    • Identified structure for how your service management model should be run and governed.
    • Identified forces that impact your ability to oversee and drive service management success.
    • Mitigation approach to restraining forces.

    Initiate Your Service Management Program Research & Tools

    Start here – read the Executive Brief

    Read this Executive Brief to understand why service management implementations often fail and why you should establish governance for service management.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify the level of oversight you need

    Use Info-Tech’s methodology to establish an effective service management program with proper oversight.

    • Service Management Program Initiation Plan
    [infographic]

    Secure Your Hybrid Workforce

    • Buy Link or Shortcode: {j2store}271|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Secure Cloud & Network Architecture
    • Parent Category Link: /secure-cloud-network-architecture
    • Many IT and security leaders struggle to cope with the challenges associated with an hybrid workforce and how best to secure it.
    • Understanding the main principles of zero trust: never trust, always verify, assume breach, and verify explicitly.
    • How to go about achieving a zero trust framework.
    • Understanding the premise of SASE as it pertains to a hybrid workforce.

    Our Advice

    Critical Insight

    Securing your hybrid workforce should be an opportunity to get started on the zero trust journey. Realizing the core features needed to achieve this will assist you determine which of the options is a good fit for your organization.

    Impact and Result

    Every organization's strategy to secure their hybrid workforce should include introducing zero trust principles in certain areas. Our unique approach:

    • Assess the suitability of SASE/SSE and zero trust.
    • Present capabilities and feature benefits.
    • Procure SASE product and/or build a zero trust roadmap.

    Secure Your Hybrid Workforce Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Secure Your Hybrid Workforce Deck – The purpose of the storyboard is to provide a detailed description of the steps involved in securing your hybrid workforce with zero trust.

    The storyboard contains two easy-to-follow steps on securing your hybrid workforce with zero trust, from assessing the suitability of SASE/SSE to taking a step in building a zero trust roadmap.

    • Secure Your Hybrid Workforce – Phases 1-2

    2. Suitability Assessment Tool – A tool to identify whether SASE/SSE or a zero trust roadmap is a better fit for your organization.

    Use this tool to identify your next line of action in securing your hybrid workforce by assessing key components that conforms to the ideals and principles of Zero Trust.

    • Zero Trust - SASE Suitability Assessment Tool

    3. RFP Template – A document to guide you through requesting proposals from vendors.

    Use this document to request proposals from select vendors.

    • Request for Proposal (RFP) Template
    [infographic]

    Further reading

    Secure Your Hybrid Workforce

    SASE as a driver to zero trust.

    Analyst Perspective

    Consolidate your security and network.

    Remote connections like VPNs were not designed to be security tools or to have the capacity to handle a large hybrid workforce; hence, organizations are burdened with implementing controls that are perceived to be "security solutions." The COVID-19 pandemic forced a wave of remote work for employees that were not taken into consideration for most VPN implementations, and as a result, the understanding of the traditional network perimeter as we always knew it has shifted to include devices, applications, edges, and the internet. Additionally, remote work is here to stay as recruiting talent in the current market means you must make yourself attractive to potential hires.

    The shift in the network perimeter increases the risks associated with traditional VPN solutions as well as exposing the limitations of the solution. This is where zero trust as a principle introduces a more security-focused strategy that not only mitigates most (if not all) of the risks, but also eliminates limitations, which would enhance the business and improve customer/employee experience.

    There are several ways of achieving zero trust maturity, and one of those is SASE, which consolidates security and networking to better secure your hybrid workforce as implied trust is thrown out of the window and verification of everything becomes the new normal to defend the business.

    This is a picture of Victor Okorie

    Victor Okorie
    Senior Research Analyst, Security and Privacy
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    CISOs are looking to zero trust to fill the gaps associated with their traditional remote setup as well as to build an adaptable security strategy. Some challenges faced include:

    • Understanding the main principles of zero trust: never trust, always verify, assume breach, and verify explicitly.
    • Understanding how to achieve a zero trust framework.
    • Understanding the premise of SASE as it pertains to a hybrid workforce.

    Common Obstacles

    The zero trust journey may seem tedious because of a few obstacles like:

    • Knowing what the principle is all about and the components that align with it.
    • Knowing where to start. Due to the lack of a standardized path for the zero trust journey, going about the journey can be confusing.
    • Not having a uniform definition of what makes up a SASE solution as it is heavily dependent on vendors.

    Info-Tech's Approach

    Info-Tech provides a three-service approach to helping organizations better secure their hybrid workforce.

    • Understand your current, existing technological capabilities and challenges with your hybrid infrastructure, and prioritize those challenges.
    • Gain insight into zero trust and SASE as a mitigation/control/tool to those challenges.
    • Identify the SASE features that are relevant to your needs and a source guide for a SASE vendor.

    Info-Tech Insight

    Securing your hybrid workforce should be an opportunity to get started on the zero trust journey. Realizing the core features needed to achieve this will assist you in determining which of the options is a good fit for your organization.

    Turn your challenges into opportunities

    Hybrid workforce is the new normal

    The pandemic has shown there is no going back to full on-prem work, and as such, security should be looked at differently with various considerations in mind.

    Understand that current hybrid solutions are susceptible to various forms of attack as the threat attack surface area has now expanded with users, devices, applications, locations, and data. The traditional perimeter as we know it has expanded beyond just the corporate network, and as such, it needs a more mature security strategy.

    Onboarding and offboarding have been done remotely, and with some growth recorded, the size of companies has also increased, leading to a scaling issue.

    Employees are now demanding remote work capabilities as part of contract negotiation before accepting a job.

    Attacks have increased far more quickly during the pandemic, and all indications point to them increasing even more.

    Scarce available security personnel in the job market for hire.

    Reality Today

    This image is a circle graph and 67% of it is coloured with the number 67% in the middle of the graph

    The number of breach incidents by identity theft.
    Source: Security Magazine, 2022.

    This image is a circle graph and 78% of it is coloured with the number 78% in the middle of the graph

    IT security teams want to adopt zero trust.
    Source: Cybersecurity Insiders, 2019.

    Reduce the risks of remote work by using zero trust

    $1.07m

    $1.76m

    235

    Increase in breaches related to remote work

    Cost difference in a breach where zero trust is deployed

    Days to identify a breach

    The average cost of a data breach where remote work was a factor rose by $1.07 million in 2021. COVID-19 brought about rapid changes in organizations, and digital transformation changes curbed some of its excesses. Organizations that did not make any digital transformation changes reported a $750,000 higher costs compared to global average.

    The average cost of a breach in an organization with no zero trust deployed was $5.04 million in 2021 compared to the average cost of a breach in an organization with zero trust deployed of $3.28 million. With a difference of $1.76 million, zero trust makes a significant difference.

    Organizations with a remote work adoption rate of 50% took 235 days to identify a breach and 81 days to contain that breach – this is in comparison to the average of 212 days to identify a breach and 75 days to contain that breach.

    Source: IBM, 2021.

    Network + Security = SASE

    What exactly is a SASE product?

    The convergence and consolidation of security and network brought about the formation of secure access service edge (SASE – pronounced like "sassy"). Digital transformation, hybrid workforce, high demand of availability, uninterrupted access for employees, and a host of other factors influenced the need for this convergence that is delivered as a cloud service.

    The capabilities of a SASE solution being delivered are based on certain criteria, such as the identity of the entity (users, devices, applications, data, services, location), real-time context, continuous assessment and verification of risk and "trust" throughout the lifetime of a session, and the security and compliance policies of the organization.

    SASE continuously identifies users and devices, applies security based on policy, and provides secure access to the appropriate and requested application or data regardless of location.

    image contains a list of the SASE Network Features and Security Features. the network Features are: WAN optimization; SD WAN; CDN; Network-as-a-service. The Security Features are: CASB; IDPS; ZTNA/VPN; FWaaS; Browser isolation; DLP; UEBA; Secure web gateway; Sandboxing

    Current Approach

    The traditional perimeter security using the castle and moat approach is depicted in the image here. The security shields valuable resources from external attack; however, it isn't foolproof for all kinds of external attacks. Furthermore, it does not protect those valuable resources from insider threat.

    This security perimeter also allows for lateral movement when it has been breached. Access to these resources is now considered "trusted" solely because it is now behind the wall/perimeter.

    This approach is no longer feasible in our world today where both external and internal threats pose continuous risk and need to be contained.

    Determine the suitability of SASE and zero trust

    The Challenge:

    Complications facing traditional infrastructure

    • Increased hybrid workforce
    • Regulatory compliance
    • Limited Infosec personnel
    • Poor threat detection
    • Increased attack surface

    Common vulnerabilities in traditional infrastructure

    • MITM attack
    • XSS attack
    • Session hijacking
    • Trust-based model
    • IP spoofing
    • Brute force attack
    • Distributed denial of service
    • DNS hijacking
    • Latency issues
    • Lateral movement once connection is established

    TRADITIONAL INFRASTRUCTURE

    NETWORK

    SECURITY

    AUTHENTICATION

    IDENTITY

    ACCESS

    • MPLS
    • Corporate Network
    • Antivirus installed
    • Traditional Firewall
    • Intrusion Detection and Prevention System
    • Allow and Deny rules
    • Businesses must respond to consumer requests to:
    • LDAP
    • AAA
    • Immature password complexity
    • Trusted device with improperly managed endpoint protection.
    • Little or no DNS security
    • Web portal (captive)
    • VPN client

    Candidate Solutions

    Proposed benefits of SASE

    • Access is only granted to the requested resource
    • Consolidated network and security as a service
    • Micro-segmentation on application and gateway
    • Adopts a zero trust security posture for all access
    • Managed detection and response
    • Uniform enforcement of policy
    • Distributed denial of service shield

    SASE

    NETWORK

    SECURITY

    AUTHENTICATION

    IDENTITY

    ACCESS

    • Software defined – WAN
    • Content delivery network
    • WAN optimization
    • Network-as-a-service
    • Firewall-as-a-service/NGFW
    • Zero trust network access
    • Endpoint detection & response
    • Secure web gateway
    • Cloud access security broker
    • Data loss prevention
    • Remote browser isolation
    • Multifactor authentication
    • Context-based security policy for authentication
    • Authorization managed with situational awareness and real-time risk analytics
    • Continuous verification throughout an access request lifecycle
    • Zero trust identity on users, devices, applications, and data.
    • Strong password complexity enforced
    • Privilege access management
    • Secure internet access
    • SASE client

    ZERO TRUST

    TENETS OF ZERO TRUST

    ZERO TRUST PILLARS

    • Continuous, dynamic authentication and verification
    • Principle of least privilege
    • Always assume a breach
    • Implement the tenets of zero trust across the following domains of your environment:
      • IDENTITY
      • APPLICATION
      • NETWORK
      • DEVICES
      • DATA

    Proposed benefits of zero trust

    • Identify and protect critical and non-critical resources in accordance with business objectives.
    • Produce initiatives that conform to the ideals of zero trust and are aligned with the corresponding pillars above.
    • Formulate policies to protect resources and aid segmentation.

    Info-Tech Insight

    Securing your hybrid workforce should be an opportunity to get started on the zero trust journey. Realizing the core features needed to achieve this will help you determine which of the options is a good fit for your organization.

    Measure the value of using Info-Tech's approach

    IT and business value

    PHASE 1

    PHASE 2

    Assess the benefits of adopting SASE or zero trust

    Vendors will try to control the narrative in terms of what they can do for you, but it's time for you to control the narrative and identify pain points to IT and the business, and with that, to understand and define what the vendor solution can do for you.

    PHASE 2

    Assess the benefits of adopting SASE or zero trust

    Vendors will try to control the narrative in terms of what they can do for you, but it's time for you to control the narrative and identify pain points to IT and the business, and with that, to understand and define what the vendor solution can do for you.

    Short-term benefits

    • Gain awareness of your zero trust readiness.
    • Embed a zero trust mindset across your architecture.
    • Control the narrative of what SASE brings to your organization.

    Long-term benefits

    • Identified controls to mitigate risks with current architecture while on a zero trust journey.
    • Improved security posture that reduces risk by increasing visibility into threats and user connections.
    • Reduced CapEx and OpEx due to the scalability, low staffing requirements, and improved time to respond to threats using a SASE or SSE solution.

    Determine SASE cost factors

    IT and business value

    Info-Tech Insight

    IT leaders need to examine different areas of their budget and determine how the adoption of a SASE solution could influence several areas of their budget breakdown.

    Determining the SASE cost factors early could accelerate the justification the business needs to move forward in making an informed decision.

    01- Infrastructure

    • Physical security
    • Cabling
    • Power supply and HVAC
    • Hosting

    02- Administration

    • Human hours to analyze logs and threats
    • Human hours to secure infrastructure
    • Fees associated with maintenance

    03- Inbound

    • DPI
    • DDoS
    • Web application firewall
    • VPN concentrators

    04- Outbound

    • IDPS
    • DLP on-prem
    • QoS
    • Sandbox & URL filtering

    04- Data Protection

    • Real-time URL
      insights
    • Threat hunting
    • Data loss prevention

    06- Monitoring

    • Log storage
    • Logging engine
    • Dashboards
    • Managed detection
      and response

    Info-Tech's methodology for securing your hybrid workforce

    1. Current state and future mitigation

    2. Assess the benefits of moving to SASE/zero trust

    Phase Steps

    1.1 Limitations of legacy infrastructure

    1.2 Zero trust principle as a control

    1.3 SASE as a driver of zero trust

    2.1 Sourcing out a SASE/SSE vendor

    2.2 Build a zero trust roadmap

    Phase Outcomes

    Identify and prioritize risks of current infrastructure and several ways to mitigate them.

    RFP template and build a zero trust roadmap.

    Consider several factors needed to protect your growing hybrid workforce and assess your current resource capabilities, solutions, and desire for a more mature security program. The outcome should either address a quick pain point or a long-term roadmap.

    The internet is the new corporate network

    The internet is the new corporate network, which opens the organization up to more risks not protected by the current security stack. Using Info-Tech's methodology of zero trust adoption is a sure way to reduce the attack surface, and SASE is one useful tool to take you on the zero trust journey.

    Current-state risks and future mitigation

    Securing your hybrid workforce via zero trust will inevitably include (but is not limited to) technological products/solutions.

    SASE and SSE features sit as an overlay here as technological solutions that will help on the zero trust journey by aggregating all the disparate solutions required for you to meet zero trust requirements into a single interface. The knowledge and implementation of this helps put things into perspective of where and what our target state is.

    The right solution for the right problem

    It is critical to choose a solution that addresses the security problems you are actually trying to solve.

    Don't allow the solution provider to tell you what you need – rather, start by understanding your capability gaps and then go to market to find the right partner.

    Take advantage of the RFP template to source a SASE or SSE vendor. Additionally, build a zero trust roadmap to develop and strategize initiatives and tasks.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Zero Trust and SASE Suitability Tool
    Identify critical and vulnerable DAAS elements to protect and align them to business goals.

    Zero Trust Program Gap Analysis Tool
    Perform a gap analysis between current and target states to build a zero trust roadmap.

    Key deliverable:

    Secure Your Hybrid Workforce With Zero Trust Communication deck
    Present your zero trust strategy in a prepopulated document that summarizes the work you have completed as a part of this blueprint.

    Phase 1

    Current state and future mitigation

    Phase 1

    Phase 2

    1.1 Limitations of legacy infrastructure

    1.2 Zero trust principle as a control

    1.3 SASE as a driver of zero trust

    2.1 Sourcing out a SASE/SSE vendor

    2.2 Build a zero trust roadmap

    This phase will walk you through the following activities:

    • Introduction to the tool, how to use the input tabs to identify current challenges, technologies being used, and to prioritize the challenges. The prioritized list will highlight existing gaps and eventually be mapped to recommended mitigations in the following phase.

    This phase involves the following participants:

    • CIO
    • CISO
    • CSO
    • IT security team
    • IT network team

    Secure Your Hybrid Workforce

    1.1 Limitations of legacy infrastructure

    Traditional security & remote access solutions must be modernized

    Info-Tech Insight
    Traditional security is architected with a perimeter in mind and is poorly suited to the threats in hybrid or distributed environments.

    Ensure you minimize or eliminate weak points on all layers.

    • SECURITY
      • DDoS
      • DNS hijacking
      • Weak VPN protocols
    • IDENTITY
      • One-time verification allowing lateral movement
    • NETWORK
      • Risk perimeter stops at corporate network edge
      • Split tunneling
    • AUTHENTICATION
      • Weak authentication
      • Weak passwords
    • ACCESS
      • Man-in-the-middle attack
      • Cross-site scripting
      • Session hijacking

    1.1.1 For example: traditional VPNs are poorly suited to a hybrid workforce

    There are many limitations that make it difficult for traditional VPNs to adapt to an ever-growing hybrid workforce.

    The listed limitations are tied to associated risks of legacy infrastructure as well as security components that are almost non-existent in a VPN implementation today.

    Scaling

    VPNs were designed for small-scale remote access to corporate network. An increase in the remote workforce will require expensive hardware investment.

    Visibility

    Users and attackers are not restricted to specific network resources, and with an absence of activity logs, they can go undetected.

    Managed detection & response

    Due to the reduction in or lack of visibility, threat detections are poorly managed, and responses are already too late.

    Hardware

    Limited number of locations for VPN hardware to be situated as it can be expensive.

    Hybrid workforce

    The increase in the hybrid workforce requires the risk perimeter to be expanded from the corporate network to devices and applications. VPNs are built for privacy, not security.

    Info-Tech Insight

    Hybrid workforces are here to stay, and adopting a strategy that is adaptable, flexible, simple, and cost-effective is a recommended road to take on the journey to bettering your security and network.

    1.1 Identify risk from legacy infrastructure

    Estimated Time: 1-2 hours

    1. Ensure all vulnerabilities described on slide 17 are removed.
    2. Note any forecasted challenge you think you might have down the line with your current hybrid setup.
    3. Identify any trend that may be of interest to you with regards to your hybrid setup.

    This is a screenshot of the organizational profile table found in the Zero Trust - SASE Suitability Assessment Tool

    Download the Zero Trust - SASE Suitability Assessment Tool

    Input

    • List of key pain points and challenges
    • List of forecasted challenges and trends of interest

    Output

    • Prioritized list of pain points and/or challenges

    Materials

    • Excel tool
    • Whiteboard

    Participants

    • CISO
    • InfoSec team
    • IT manager
    • CIO
    • Infrastructure team

    1.2 Zero trust principle as a control

    A zero trust implementation comes with benefits/initiatives that mitigate the challenges identified in earlier activities.

    Info-Tech Insight

    Zero trust/"always verify" is applied to identity, workloads, devices, networks, and data to provide a greater control for risks associated with traditional network architecture.

    Improve IAM maturity

    Zero trust identity and access will lead to a mature IAM process in an organization with the removal of implicit trust.

    Secure your remote access

    With a zero trust network architecture (ZTNA), both the remote and on-prem network access are more secure than the traditional network deployment. The software-defined parameter ensures security on each network access.

    Reduce threat surface area

    With zero trust principle applied on identity, workload, devices, network, and data, the threat surface area which births some of the risks identified earlier will be significantly reduced.

    Improve hybrid workforce

    Scaling, visibility, network throughput, secure connection from anywhere, micro-segmentation, and a host of other benefits to improve your hybrid workforce.

    1.2 SASE as an overlay to zero trust

    Security and network initiatives of a zero trust roadmap converged into a single pane of glass.

    Info-Tech Insight

    Security and network converged into a single pane of glass giving you some of the benefits and initiatives of a zero trust implemented architecture in one package.

    Improve IAM maturity

    The identity-centric nature of SASE solutions helps to improve your IAM maturity as it applies the principle of least privilege. The removal of implicit trust and continuous verification helps foster this more.

    Secure your remote access

    With ZTNA, both the remote and on-prem network access are more secure than the traditional network deployment. The software defined parameter ensures security on each network access.

    Reduce threat surface area

    Secure web gateway, cloud access security broker, domain name system, next-generation firewall, data loss prevention, and ZTNA protect against data leaks, prevent lateral movement, and prevent malicious actors from coming in.

    Improve hybrid workforce

    Reduced costs and complexity of IT, faster user experience, and reduced risk as a result of the scalability, visibility, ease of IT administration, network throughput, secure connection from anywhere, micro-segmentation, and a host of other benefits will surely improve your hybrid workforce.

    Align SASE features to zero trust core capabilities

    Verify Identity

    • Authentication & verification are enforced for each app request or session.
    • Use of multifactor authentication.
    • RBAC/ABAC and principle of least privilege are applied on the identity regardless of user, device, or location.

    Verify Device

    • Device health is checked to ensure device is not compromised or vulnerable.
    • No admin permissions on user devices.
    • Device-based risk assessment is enforced as part of UEBA.

    Verify Access

    • Micro-segmentation built around network, user, device, location and roles.
    • Use of context and content-based policy enforced to the user, application, and device identity.
    • Network access only granted to specified application request and not to the entire network.

    Verify Services

    • Applications and services are checked before access is granted.
    • Connections to the application and services are inspected with the security controls built into the SASE solution.

    Info-Tech Insight

    These features of SASE and zero trust mitigate the risks associated with a traditional VPN and reduce the threat surface area. With security at the core, network optimization is not compromised.

    Security components of SASE

    Otherwise known as security service edge (SSE)

    Security service edge is the convergence of all security services typically found in SASE. At its core, SSE consists of three services which include:

    • Secure web gateway – secure access to the internet and web.
    • Cloud access security broker – secure access to SaaS and cloud applications.
    • Zero trust network access – secure remote access to private applications.

    SSE components are also mitigations or initiatives that make up a zero trust roadmap as they comply with the zero trust principle, and as a result, they sit up there with SASE as an overlay/driver of a zero trust implementation. SSE's benefits are identical to SASE's in that it provides zero trust access, risk reduction, low costs and complexity, and a better user experience. The difference is SSE's sole focus on security services and not the network component.

    SASE

    NETWORK FEATURES

    SECURITY FEATURES

    • WAN optimization
    • SD WAN
    • CDN
    • Network-as-a-service
    • CASB
    • IDPS
    • ZTNA/VPN
    • FWaaS
    • Browser isolation
    • DLP
    • UEBA
    • Secure web gateway
    • Sandboxing

    1.3 Pros & cons of zero trust and SASE

    Zero Trust

    SASE

    Pros

    Cons

    Pros

    Cons

    • Robust IAM process and technologies with role-based access control.
    • Strong and continuous verification of identity of user accounts, devices, data, location, and principle of least privilege applied.
    • Micro-segmentation applied around users, network, devices, roles, and applications to prevent lateral movement.
    • Threat attack surface eliminated, which reduces organizational risks.
    • Protection of data strengthened based on sensitivity and micro-segmentation.
    • Difficult to identify the scope of the zero trust initiative.
    • Requires continuous and ongoing update of access controls.
    • Zero trust journey/process could take years and is prone to being abandoned without commitment from executives.
    • Legacy systems can be hard to replace, which would require all stakeholders to prioritize resource allocation.
    • Can be expensive to implement.
    • Adopts a zero trust security posture for all access requests.
    • Converged and consolidated network and security delivered as a cloud service to the user rather than a single point of enforcement.
    • Centralized visibility of devices, data in transit and at rest, user activities, and threats.
    • Cheaper than a zero trust roadmap implementation.
    • Managed detection and response.
    • The limited knowledge of SASE.
    • No universally agreed upon SASE definition.
    • SASE products are still being developed and are open to vendors' interpretation.
    • Existing vendor relationships could be a hinderance to deployment.
    • Hard to manage MSSPs.

    Understand SASE and zero trust suitability for your needs

    Estimated Time: 1 hour

    Use the dashboard to understand the value assessment of adopting a SASE product or building a zero trust roadmap.

    This is an image of the SASE Suitability Assessment

    This is the image of the Zero Trust Suitability Assessment

    Info-Tech Insight

    This tool will help steer you on a path to take as a form of mitigation/control to some or all the identified challenges.

    Phase 2

    Make a decision and next steps

    Phase 1

    Phase 2

    1.1 Limitations of legacy infrastructure

    1.2 Zero trust principle as a control

    1.3 SASE as a driver of zero trust

    2.1 Sourcing out a SASE/SSE vendor

    2.2 Build a zero trust roadmap

    This phase will walk you through the following activities:

    • Introduction to the tool activity, how to use the input tabs and considerations to generate an output that could help understand the current state of your hybrid infrastructure and what direction is to be followed next to improve.

    This phase involves the following participants:

    • CIO
    • CISO
    • CSO
    • IT security
    • IT network team

    Secure Your Hybrid Workforce

    Step 2.1

    Sourcing out a SASE/SSE vendor

    Activities

    2.1.1 Use the RFP template to request proposal from vendors

    2.1.2 Use SoftwareReviews to compare vendors

    This step involves the following participants:

    • CIO, CISO, IT manager, Infosec team, executives.

    Outcomes of this step

    • Zero Trust Roadmap

    2.1.1 Use the RFP template to request proposal from vendors

    Estimated Time: 1-3 hours

    1. As a group, use the RFP Template to include technical capabilities of your desired SASE product and to request proposals from vendors.
    2. The features that are most important to your organization generated from phase one should be highlighted in the RFP.

    Input

    • List of SASE features
    • Technical capabilities

    Output

    • RFP

    Materials

    • RFP Template

    Participants

    • Security team
    • IT leadership

    Download the RFP Template

    2.1.2 Use SoftwareReviews to compare vendors

    SoftwareReviews

    • The Data Quadrant is a thorough evaluation and ranking of all software in an individual category to compare platforms across multiple dimensions.
    • Vendors are ranked by their Composite Score, based on individual feature evaluations, user satisfaction rankings, vendor capability comparisons, and likeliness to recommend the platform.
    • The Emotional Footprint is a powerful indicator of overall user sentiment toward the relationship with the vendor, capturing data across five dimensions.
    • Vendors are ranked by their Customer Experience (CX) Score, which combines the overall Emotional Footprint rating with a measure of the value delivered by the solution.

    Step 2.2

    Zero trust readiness and roadmap

    Activities

    2.2.1 Assess the maturity of your current zero trust implementation

    2.2.2 Understand business needs and current security projects

    2.2.3 Set target maturity state with timeframe

    This step involves the following participants:

    CIO, CISO, IT manager, Infosec team, executives.

    Outcomes of this step

    Zero Trust Roadmap

    2.2.1 Assess the maturity of your current zero trust implementation

    Estimated Time: 1-3 hours

    • Realizing that zero trust is a journey helps create a better roadmap and implementation. Identify the current controls or solutions in your organization that align with the principle of zero trust.
    • Break down these controls or solutions into different silos (e.g. identity, security, network, data, device, applications, etc.).
    • Determine your zero trust readiness.

    Input

    • List of zero trust controls/solutions
    • Siloed list of zero trust controls/solutions
    • Current state of zero trust maturity

    Output

    • Zero trust readiness and current maturity state

    Materials

    • Zero Trust Security Benefit Assessment tool

    Participants

    • Security team
    • IT leadership

    Download the Zero Trust Security Benefit Assessment tool

    2.2.2 Understand business needs and current security projects

    Estimated Time: 1-3 hours

    1. Identify the business and IT executives, application owners, and board members whose vision aligns with the zero trust journey.
    2. Identify existing projects within security, IT, and the business and highlight interdependencies or how they fit with the zero trust journey.
    3. Build a rough sketch of the roadmap that fits the business needs, current projects and the zero trust journey.

    Input

    • Meetings with stakeholders
    • List of current and future projects

    Output

    • Sketch of zero trust roadmap

    Materials

    • Whiteboard activity

    Participants

    • Security team
    • IT leadership
    • IT ops team
    • Business executives
    • Board members

    Download Zero Trust Protect Surface Mapping Tool

    2.2.3 Set target maturity state with a given timeframe

    Estimated Time: 1-3 hours

    1. With the zero trust readiness, current business, IT and security projects, current maturity state, and sketch of the roadmap, setting a target maturity state within some timeframe is at the top of the list. The target maturity state will include a list of initiatives that could be siloed and confined to a timeframe.
    2. A Gantt chart or graph could be used to complete this task.

    Input

    • Results from previous activity slides

    Output

    • Current state and target state assessment for gap analysis
    • List of initiatives and timeframe

    Materials

    • Zero Trust Program Gap Analysis Tool

    Participants

    • Security team
    • IT leadership
    • IT ops team
    • Business executives
    • Board members

    Download the Zero Trust Program Gap Analysis Tool

    Summary of Accomplishment

    Insights Gained

    • Difference between zero trust as a principle and SASE as a framework
    • Difference between SASE and SSE platforms.
    • Assessment of which path to take in securing your hybrid workforce

    Deliverables Completed

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop

    Contact your account representative for more information

    workshops@infotech.com

    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    This is a screenshot from the Zero Trust - SASE Suitability Assessment Tool

    Zero Trust - SASE Suitability Assessment Tool

    Assess current security capabilities and build a roadmap of tasks and initiatives that close maturity gaps.

    Research Contributors

    • Aaron Shum, Vice President, Security & Privacy
    • Cameron Smith, Research Lead, Security & Privacy
    • Brad Mateski, Zones, Solutions Architect for CyberSecurity
    • Bob Smock, Info-Tech Research Group, Vice President of Consulting
    • Dr. Chase Cunningham, Ericom Software, Chief Strategy Officer
    • John Kindervag, ON2IT Cybersecurity, Senior Vice President, Cybersecurity Strategy and ON2IT Group Fellow
    • John Zhao, Fonterra, Enterprise Security Architect
    • Rongxing Lu, University of New Brunswick, Associate Professor
    • Sumanta Sarkar, University of Warwick, Assistant Professor
    • Tim Malone, J.B. Hunt Transport, Senior Director Information Security
    • Vana Matte, J.B. Hunt Transport, Senior Vice President of Technology Services

    Related Info-Tech Research

    This is a screenshot from Info-Tech's Security Strategy Model

    Build an Information Security Strategy

    Info-Tech has developed a highly effective approach to building an information security strategy – an approach that has been successfully tested and refined for over seven years with hundreds of organizations. This unique approach includes tools for ensuring alignment with business objectives, assessing organizational risk and stakeholder expectations, enabling a comprehensive current state assessment, prioritizing initiatives, and building out a security roadmap.

    This is a screenshot from Info-Tech's research: Determine Your Zero Trust Readiness

    Determine Your Zero Trust Readiness

    IT security was typified by perimeter security. However, the way the world does business has mandated a change to IT security. In response, zero trust is a set of principles that can add flexibility to planning your IT security strategy.

    Use this blueprint to determine your zero trust readiness and understand how zero trust can benefit both security and the business.

    This is a screenshot from Info-Tech's research: Mature Your Identity and Access Management Program

    Mature Your Identity and Access Management Program

    Many organizations are looking to improve their identity and access management (IAM) practices but struggle with where to start and whether all areas of IAM have been considered. This blueprint will help you improve the organization's IAM practices by following our three-phase methodology:

    • Assess identity and access requirements.
    • Identify initiatives using the identity lifecycle.
    • Prioritize initiatives and build a roadmap.

    Bibliography

    "2021 Data Breach Investigations Report." Verizon, 2021. Web.
    "Fortinet Brings Networking and Security to the Cloud" Fortinet, 2 Mar. 2021. Web.
    "A Zero Trust Strategy Has 3 Needs – Identify, Authenticate, and Monitor Users and Devices on and off the Network." Fortinet, 15 July 2021. Web.
    "Applying Zero Trust Principles to Enterprise Mobility." CISA, Mar. 2022. Web.
    "CISA Zero Trust Maturity Model." CISA, Cybersecurity Division, June 2021. Web.
    "Continuous Diagnostics and Mitigation Program Overview." CISA, Jan. 2022. Web.
    "Cost of a Data Breach Report 2021 | IBM." IBM, July 2021. Web.
    English, Melanie. "5 Stats That Show The Cost Saving Effect of Zero Trust." Teramind, 29 Sept. 2021. Web.
    Hunter, Steve. "The Five Business Benefits of a Zero Trust Approach to Security." Security Brief - Australia, 19 Aug. 2020. Web.
    "Improve Application Access and Security With Fortinet Zero Trust Network Access." Fortinet, 2 Mar. 2021. Web.
    "Incorporating zero trust Strategies for Secure Network and Application Access." Fortinet, 21 Jul. 2021. Web.
    Jakkal, Vasu. "Zero Trust Adoption Report: How Does Your Organization Compare?" Microsoft, 28 July 2021. Web.
    "Jericho Forum™ Commandments." The Open Group, Jericho Forum, May 2007. Web.
    Schulze, Holger. "2019 Zero Trust Adoption Report." Cybersecurity Insiders, 2019. Web.
    "67% of Organizations Had Identity-Related Data Breaches Last Year." Security Magazine, 22 Aug. 2022. Web.
    United States, Executive Office of the President Joseph R. Biden, Jr. "Executive Order on Improving the Nation's Cybersecurity." The White House, 12 May 2021. Web.

    Establish High-Value IT Performance Dashboards and Metrics

    • Buy Link or Shortcode: {j2store}58|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $8,599 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Performance Measurement
    • Parent Category Link: /performance-measurement

    While most CIOs understand the importance of using metrics to measure IT’s accomplishments, needs, and progress, when it comes to creating dashboards to communicate these metrics, they:

    • Concentrate on the data instead of the audience.
    • Display information specific to IT activities instead of showing how IT addresses business goals and problems.
    • Use overly complicated, out of context graphs that crowd the dashboard and confuse the viewer.

    Our Advice

    Critical Insight

    While most CIOs understand the importance of using metrics to measure IT’s accomplishments, needs, and progress, when it comes to creating dashboards to communicate these metrics, they:

    • Concentrate on the data instead of the audience.
    • Display information specific to IT activities instead of showing how IT addresses business goals and problems.
    • Use overly complicated, out of context graphs that crowd the dashboard and confuse the viewer.

    Impact and Result

    Use Info-Tech’s ready-made dashboards for executives to ensure you:

    • Speak to the right audience
    • About the right things
    • In the right quantity
    • Using the right measures
    • At the right time.

    Establish High-Value IT Performance Dashboards and Metrics Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish High-Value IT Performance Metrics and Dashboards – a document that walks you through Info-Tech’s ready-made IT dashboards.

    This blueprint guides you through reviewing Info-Tech’s IT dashboards for your audience and organization, then walks you through practical exercises to customize the dashboards to your audience and organization. The blueprint also gives practical guidance for delivering your dashboards and actioning your metrics.

    • Establish High-Value IT Performance Metrics and Dashboards Storyboard

    2. Info-Tech IT Dashboards and Guide – Ready-made IT dashboards for the CIO to communicate to the CXO.

    IT dashboards with visuals and metrics that are aligned and organized by CIO priority and that allow you to customize with your own data, eliminating 80% of the dashboard design work.

    • Info-Tech IT Dashboards and Guide

    3. IT Dashboard Workbook – A step-by-step tool to identify audience needs, translate needs into metrics, design your dashboard, and track/action your metrics.

    The IT Dashboard Workbook accompanies the Establish High Value IT Metrics and Dashboards blueprint and guides you through customizing the Info-Tech IT Dashboards to your audience, crafting your messages, delivering your dashboards to your audience, actioning metrics results, and addressing audience feedback.

    • Info-Tech IT Dashboards Workbook

    4. IT Metrics Library

    Reference the IT Metrics Library for ideas on metrics to use and how to measure them.

    • IT Metrics Library

    5. HR Metrics Library

    Reference the HR Metrics Library for ideas on metrics to use and how to measure them.

    • HR Metrics Library

    Infographic

    Workshop: Establish High-Value IT Performance Dashboards and Metrics

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Test Info-tech’s IT Dashboards Against Your Audience’s Needs and Translate Audience Needs Into Metrics

    The Purpose

    Introduce the Info-Tech IT Dashboards to give the participants an idea of how they can be used in their organization.

    Understand the importance of starting with the audience and understanding audience needs before thinking about data and metrics.

    Explain how audience needs translate into metrics.

    Key Benefits Achieved

    Understanding of where to begin when it comes to considering dashboards and metrics (the audience).

    Identified audience and needs and derived metrics from those identified needs.

    Activities

    1.1 Review the info-Tech IT Dashboards and document impressions for your organization.

    1.2 Identify your audience and their attributes.

    1.3 Identify timeline and deadlines for dashboards.

    1.4 Identify and prioritize audience needs and desired outcomes.

    1.5 Associate metrics to each need.

    1.6 Identify a dashboard for each metric.

    Outputs

    Initial impressions of Info-Tech IT Dashboards.

    Completed Tabs 2 and 3 of the IT Dashboard Workbook.

    2 Inventory Your Data and Assess Data Quality and Readiness

    The Purpose

    Provide guidance on how to derive metrics and assess data.

    Key Benefits Achieved

    Understand the importance of considering how you will measure each metric and get the data.

    Understand that measuring data can be costly and that sometimes you just can’t afford to get the measure or you can’t get the data period because the data isn’t there.

    Understand how to assess data quality and readiness.

    Activities

    2.1 Complete a data inventory for each metric on each dashboard: determine how you will measure the metric, the KPI, any observation biases, the location of the data, the type of source, the owner, and the security/compliance requirements.

    2.2 Assess data quality for availability, accuracy, and standardization.

    2.3 Assess data readiness and the frequency of measurement and reporting.

    Outputs

    Completed Tab 4 of the IT Dashboard Workbook.

    3 Design and Build Your Dashboards

    The Purpose

    Guide participants in customizing the Info-Tech IT Dashboards with the data identified in previous steps.

    This step may vary as some participants may not need to alter the Info-Tech IT Dashboards other than to add their own data.

    Key Benefits Achieved

    Understanding of how to customize the dashboards to the participants’ organization.

    Activities

    3.1 Revisit the Info-Tech IT Dashboards and use the identified metrics to determine what should change in them.

    3.2 Build your dashboards by editing the Info-Tech IT Dashboards with your changes as planned in Step 3.1.

    Outputs

    Assessed Info-Tech IT Dashboards for your audience’s needs.

    Completed Tab 5 of the IT Dashboard Workbook.

    Finalized dashboards.

    4 Deliver Your Dashboard and Plan to Action Metrics

    The Purpose

    Guide participants in learning how to create a story around the dashboards.

    Guide participants in planning to action metrics and where to record results.

    Guide participants in how to address results of metrics and feedback from audience about dashboards.

    Key Benefits Achieved

    Participants understand how to speak to their dashboards.

    Participants understand how to action metrics results and feedback about dashboards.

    Activities

    4.1 Craft your story.

    4.2 Practice delivering your story.

    4.3 Plan to action your metrics.

    4.4 Understand how to record and address your results.

    Outputs

    Completed Tabs 6 and 7 of the IT Dashboard Workbook.

    5 Next Steps and Wrap-Up

    The Purpose

    Finalize work outstanding from previous steps and answer any questions.

    Key Benefits Achieved

    Participants have thought about and documented how to customize the Info-Tech IT Dashboards to use in their organization, and they have everything they need to customize the dashboards with their own metrics and visuals (if necessary).

    Activities

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Outputs

    Completed IT Dashboards tailored to your organization.

    Completed IT Dashboard Workbook

    Further reading

    Establish High-Value IT Performance Dashboards and Metrics

    Spend less time struggling with visuals and more time communicating about what matters to your executives.

    Analyst Perspective

    A dashboard is a communication tool that helps executives make data-driven decisions

    CIOs naturally gravitate toward data and data analysis. This is their strength. They lean into this strength, using data to drive decisions, track performance, and set targets because they know good data drives good decisions.

    However, when it comes to interpreting and communicating this complex information to executives who may be less familiar with data, CIOs struggle, often falling back on showing IT activity level data instead of what the executives care about. This results in missed opportunities to tell IT’s unique story, secure funding, reveal important trends, or highlight key opportunities for the organization.

    Break through these traditional barriers by using Info-Tech’s ready-made IT dashboards. Spend less time agonizing over visuals and layout and more time concentrating on delivering IT information that moves the organization forward.

    Photo of Diana MacPherson
    Diana MacPherson
    Senior Research Analyst, CIO
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    While most CIOs understand the importance of using metrics to measure IT’s accomplishments, needs, and progress, when it comes to creating dashboards to communicate these metrics, they:

    • Concentrate on the data instead of the audience.
    • Display information specific to IT activities instead of showing how IT addresses business goals and problems.
    • Use overly complicated, out of context graphs that crowd the dashboard and confuse the viewer.

    Common Obstacles

    CIOs often experience these challenges because they:

    • Have a natural bias toward data and see it as the whole story instead of a supporting character in a larger narrative.
    • Assume that the IT activity metrics that are easy to get and useful to them are equally interesting to all their stakeholders.
    • Do not have experience communicating visually to an audience unfamiliar with IT operations or lingo.

    Info-Tech’s Approach

    Use Info-Tech’s ready-made dashboards for executives to ensure you:

    • Speak to the right audience
    • About the right things
    • In the right quantity
    • Using the right measures
    • At the right time

    Info-Tech Insight

    The purpose of a dashboard is to drive decision making. A well designed dashboard presents relevant, clear, concise insights that help executives make data-driven decisions.

    Your challenge

    CIOs struggle to select the right metrics and dashboards to communicate IT’s accomplishments, needs, and progress to their executives. CIOs:

    • Fail to tailor metrics to their audience, often presenting graphs that are familiar and useful to them, but not their executives. This results in dashboards full of IT activities that executives neither understand nor find valuable.
    • Do not consider the timeliness of their metrics, which has the same effect as not tailoring their metrics: the executives do not care about the metrics they are shown.
    • Present too many metrics, which not only clutters the board but also dilutes the message the CIO needs to communicate.
    • Do not act on the results of their metrics and show progress, which makes metrics meaningless. Why measure something if you won’t act on the results?

    The bottom line: CIOs often communicate to the wrong audience, about the wrong things, in the wrong amount, using the wrong metrics, at the wrong time.

    In a survey of 500 executives, organizations that struggled with dashboards identified the reasons as:
    61% Inadequate context
    54% Information overload

    — Source: Exasol

    CXOs and CIOs agree that IT performance metrics need improvement

    When asked which performance indicators should be implemented in your business, CXOs and CIOs both agree that IT needs to improve its metrics across several activity areas: technology performance, cost and salary, and risk.

    A diagram that shows performance indicators and metrics from cxo and cio.

    The Info-Tech IT Dashboards center key metrics around these activities ensuring you align your metrics to the needs of your CXO audience.

    Info-Tech CEO/CIO Alignment Survey Benchmark Report n=666

    The Info-Tech IT Dashboards are organized by the top CIO priorities

    The top six areas that a CIO needs to prioritize and measure outcomes, no matter your organization or industry, are:

    • Managing to a budget: Reducing operational costs and increasing strategic IT spend
    • Customer/constituent satisfaction: Directly and indirectly impacting customer experience.
    • Risk management: Actively knowing and mitigating threats to the organization.
    • Delivering on business objectives: Aligning IT initiatives to the vision of the organization.
    • Employee engagement: Creating an IT workforce of engaged and purpose-driven people.
    • Business leadership relations: Establishing a network of influential business leaders.

    Deliver High-Value IT Dashboards to Your Executives

    A diagram that shows Delivering High-Value IT Dashboards to Your Executives

    Info-Tech’s approach

    Deliver High-Value Dashboards to Your Executives

    A diagram that shows High-Value Dashboard Process.

    Executives recognize the benefits of dashboards:
    87% of respondents to an Exasol study agreed that their organization’s leadership team would make more data-driven decisions if insights were presented in a simpler and more understandable way
    (Source: Exasol)

    The Info-Tech difference:

    We created dashboards for you so you don’t have to!

    1. Eliminate 80% of the dashboard design work by selecting from our ready-made Info-Tech IT Dashboards.
    2. Use our IT Dashboard Workbook to adjust the dashboards to your audience and organization.
    3. Follow our blueprint and IT Dashboard Workbook tool to craft, and deliver your dashboard to your CXO team, then action feedback from your audience to continuously improve.

    Info-Tech’s methodology for establishing high-value dashboards

    1. Test Info-Tech’s IT Dashboards Against Your Audience’s Needs

    Phase Steps

    1. Validate Info-Tech’s IT Dashboards for Your Audience
    2. Identify and Document Your Audience’s Needs

    Phase Outcomes

    1. Initial impressions of Info-Tech IT Dashboards
    2. Completed Tabs 2 of the IT Dashboard Workbook

    2. Translate Audience Needs into Metrics

    Phase Steps

    1. Review Info-Tech’s IT Dashboards for Your Audience
    2. Derive Metrics from Audience Needs
    3. Associate metrics to Dashboards

    Phase Outcomes

    1. Completed IT Tab 3 of IT Dashboard Workbook

    3. Ready Your Data for Dashboards

    Phase Steps

    1. Assess Data Inventory
    2. Assess Data Quality
    3. Assess Data Readiness
    4. Assess Data Frequency

    Phase Outcomes

    1. Assessed Info-Tech IT Dashboards for your audience’s needs
    2. Completed Tab 5 of the IT Dashboard Workbook
    3. Finalized dashboards

    4. Build and Deliver Your Dashboards

    Phase Steps

    1. Design Your Dashboard
    2. Update Your Dashboards
    3. Craft Your Story and Deliver Your Dashboards

    Phase Outcomes

    1. Completed IT Tab 5 and 6 of IT Dashboard Workbook and finalized dashboards

    5. Plan, Record, and Action Your Metrics

    Phase Steps

    1. Plan How to Record Metrics
    2. Record and Action Metrics

    Phase Outcomes

    1. Completed IT Dashboards tailored to your organization
    2. Completed IT Dashboard Workbook

    How to Use This Blueprint

    Choose the path that works for you

    A diagram that shows path of using this blueprint.

    The Info-Tech IT Dashboards address several needs:

    1. New to dashboards and metrics and not sure where to begin? Let the phases in the blueprint guide you in using Info-Tech’s IT Dashboards to create your own dashboards.
    2. Already know who your audience is and what you want to show? Augment the Info-Tech’s IT Dashboards framework with your own data and visuals.
    3. Already have a tool you would like to use? Use the Info-Tech’s IT Dashboards as a design document to customize your tool.

    Insight Summary

    The need for easy-to-consume data is on the rise making dashboards a vital data communication tool.

    70%: Of employees will be expected to use data heavily by 2025, an increase from 40% in 2018.
    — Source: Tableau

    Overarching insight

    A dashboard’s primary purpose is to drive action. It may also serve secondary purposes to update, educate, and communicate, but if a dashboard does not drive action, it is not serving its purpose.

    Insight 1

    Start with the audience. Resist the urge to start with the data. Think about who your audience is, what internal and external environmental factors influence them, what problems they need to solve, what goals they need to achieve, then tailor the metrics and dashboards to suit.

    Insight 2

    Avoid showing IT activity-level metrics. Instead use CIO priority-based metrics to report on what matters to the organization. The Info-Tech IT Dashboards are organized by the CIO priorities: risks, financials, talent, and strategic initiatives.

    Insight 3

    Dashboards show the what not the why. Do not assume your audience will draw the same conclusions from your graphs and charts as you do. Provide the why by interpreting the results, adding insights and calls to action, and marking key areas for discussion.

    Insight 4

    A dashboard is a communication tool and should reflect the characteristics of good communication. Be clear, concise, consistent, and relevant.

    Insight 5

    Action your data. Act and report progress on your metrics. Gathering metrics has a cost, so if you do not plan to action a metric, do not measure it.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Photo of Dashboards

    Key deliverable: Dashboards

    Ready-made risk, financials, talent, and strategic initiatives dashboards that organize your data in a visually appealing way so you can concentrate on the metrics and communication.

    Photo of IT Dashboard Workbook

    IT Dashboard Workbook

    The IT Dashboard Workbook keeps all your metrics, data, and dashboard work in one handy file!

    Photo of IT Dashboard Guide

    IT Dashboard Guide

    The IT Dashboard Guide provides the Info-Tech IT Dashboards and information about how to use them.

    Blueprint benefits

    CIO Benefits

    • Reduces the burden of figuring out what metrics to show executives and how to categorize and arrange the visuals.
    • Increases audience engagement through tools and methods that guide CIOs through tailoring metrics and dashboards to audience needs.
    • Simplifies CIO messages so executives better understand IT needs and value.
    • Provides CIOs with the tools to demonstrate transparency and competency to executive leaders.
    • Provides tools and techniques for regular review and action planning of metrics results, which leads to improved performance, efficiency, and effectiveness.

    Business Benefits

    • Provides a richer understanding of the IT landscape and a clearer connection of how IT needs and issues impact the organization.
    • Increases understanding of the IT team’s contribution to achieving business outcomes.
    • Provides visibility into IT and business trends.
    • Speeds up decision making by providing insights and interpretations to complex situations.

    Measure the value of this blueprint

    Realize measurable benefits after using Info-Tech’s approach:

    Determining what you should measure, what visuals you should use, and how you should organize your visuals, is time consuming. Calculate the time it has taken you to research what metrics you should show, create the visuals, figure out how to categorize the visuals, and layout your visuals. Typically, this takes about 480 hours of time. Use the ready-made Info-Tech IT Dashboards and the IT Dashboard Workbook to quickly put together a set of dashboards to present your CXO. Using these tools will save approximately 480 hours.

    A study at the University of Minnesota shows that visual presentations are 43% more effective at persuading their audiences (Bonsignore). Estimate how persuasive you are now by averaging how often you have convinced your audience to take a specific course of action. After using the Info-Tech IT Dashboards and visual story telling techniques described in this blueprint, average again. You should be 43% more persuasive.

    Further value comes from making decisions faster. Baseline how long it takes, on average, for your executive team to make a decision before using Info-Tech’s IT Dashboards then time how long decisions take when you use your Info-Tech’s IT Dashboards. Your audience should reach decisions 21% faster according to studies at Stanford University and the Wharton School if business (Bonsignore).

    Case Study

    Visuals don’t have to be fancy to communicate clear messages.

    • Industry: Construction
    • Source: Anonymous interview participant

    Challenge

    Year after year, the CIO of a construction company attended business planning with the Board to secure funding for the year. One year, the CEO interrupted and said, “You're asking me for £17 million. You asked me for £14 million last year and you asked me for £12 million the year before that. I don't quite understand what we get for our money.”

    The CEO could not understand how fixing laptops would cost £17 million and for years no one had been able to justify the IT spend.

    Solutions

    The CIO worked with his team to produce a simple one-page bubble diagram representing each IT department. Each bubble included the total costs to deliver the service, along with the number of employees. The larger the bubble, the higher the cost. The CIO brought each bubble to life as he explained to the Board what each department did.

    The Board saw, for example, that IT had architects who thought about the design of a service, where it was going, the life cycle of that service, and the new products that were coming out. They understood what those services cost and knew how many architects IT had to provide for those services.

    Recommendations

    The CEO remarked that he finally understood why the CIO needed £17 million. He even saw that the costs for some IT departments were low for the amount of people and offered to pay IT staff more (something the CIO had requested for years).

    Each year the CIO used the same slide to justify IT costs and when the CIO needed further investment for things like security or new products, an upgrade, or end of life support, the sign-offs came very quickly because the Board understood what IT was doing and that IT wasn't a bottomless pit.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation
    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop
    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting
    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 8 to 12 calls over the course of 4 to 6 months.

    What does a typical GI on this topic look like?

    A diagram that shows Guided Implementation in 5 phases.

    Workshop overview

    Day 1: Test Info-tech’s IT Dashboards Against Your Audience’s Needs and Translate Audience Needs Into Metrics

    Activities
    1.1 Review the info-Tech IT Dashboards and document impressions for your organization.
    1.2 Identify your audience’s attributes.
    1.3 Identify timeline and deadlines for dashboards.
    1.4 Identify and prioritize audience needs and desired outcomes.
    1.5 Associate metrics to each need.
    1.6 Identify a dashboard for each metric.

    Deliverables
    1. Initial impressions of Info-Tech IT Dashboards.
    2. Completed Tabs 2 and 3 of the IT Dashboard Workbook.

    Day 2: Inventory Your Data; Assess Data Quality and Readiness

    Activities
    2.1 Complete a data inventory for each metric on each dashboard: determine how you will measure the metric, the KPI, any observation biases, the location of the data, the type of source, and the owner and security/compliance requirements.
    2.2 Assess data quality for availability, accuracy, and standardization.
    2.3 Assess data readiness and frequency of measurement and reporting.

    Deliverables
    1. Completed Tab 4 of the IT Dashboard Workbook.

    Day 3: Design and Build Your Dashboards

    Activities
    3.1 Revisit the Info-Tech IT Dashboards and use the identified metrics to determine what should change on the dashboards.
    3.2 Build your dashboards by editing the Info-Tech IT Dashboards with your changes as planned in Step 3.1.

    Deliverables
    1. Assessed Info-Tech IT Dashboards for your audience’s needs.
    2. Completed Tab 5 of the IT Dashboard Workbook.
    3. Finalized dashboards.

    Day 4: Deliver Your Dashboard and Plan to Action Metrics

    Activities
    4.1 Craft your story.
    4.2 Practice delivering your story.
    4.3 Plan to action your metrics.
    4.4 Understand how to record and address your results.

    Deliverables
    1. Completed Tabs 6 and 7 of the IT Dashboard Workbook.

    Day 5: Next Steps and Wrap-Up (offsite)

    Activities
    5.1 Complete in-progress deliverables from previous four days
    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables
    1. Completed IT Dashboards tailored to your organization.
    2. Completed IT Dashboard Workbook.

    Contact your account representative for more information.

    workshops@infotech.com
    1-888-670-8889

    What is an IT dashboard?

    A photo of Risks - Protect the Organization. A photo of Financials: Transparent, fiscal responsibility
    A photo of talent attrat and retain top talent A photo of Strategic Initiatives: Deliver Value to Customers.

    An IT dashboard is…
    a visual representation of data, and its main purpose is to drive actions. Well-designed dashboards use an easy to consume presentation style free of clutter. They present their audience with a curated set of visuals that present meaningful metrics to their audience.

    Dashboards can be both automatically or manually updated and can show information that is dynamic or a snapshot in time.

    Info-Tech IT Dashboards

    Review the Info-Tech IT Dashboards

    We created dashboards so you don’t have to.

    A photo of Risks - Protect the Organization. A photo of Financials: Transparent, fiscal responsibility A photo of talent attrat and retain top talent A photo of Strategic Initiatives: Deliver Value to Customers.

    Use the link below to download the Info-Tech IT Dashboards and consider the following:

    1. What are your initial reactions to the dashboards?
    2. Are the visuals appealing? If so, what makes them appealing?
    3. Can you use these dashboards in your organization? What makes them usable?
    4. How would you use these dashboards to speak your own IT information to your audience?

    Download the Info-Tech IT Dashboards

    Why Use Dashboards When We Have Data?

    How graphics affect us

    Cognitively

    • Engage our imagination
    • Stimulate the brain
    • Heighten creative thinking
    • Enhance or affect emotions

    Emotionally

    • Enhance comprehension
    • Increase recollection
    • Elevate communication
    • Improve retention

    Visual clues

    • Help decode text
    • Attract attention
    • Increase memory

    Persuasion

    • 43% more effective than text alone

    — Source: (Vogel et al.)

    Phase 1

    Test Info-Tech’s IT Dashboards Against Your Audience’s Needs

    A diagram that shows phase 1 to 5.

    This phase will walk you through the following:

    • Documenting impressions for using Info-Tech’s IT Dashboards for your audience.
    • Documenting your audience and their needs and metrics for your IT dashboards

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Info-Tech IT Dashboard organization and audience

    We created a compelling way to organize IT dashboards so you don’t have to. The Info-Tech IT Dashboards are organized by CIO Priorities, and these are consistent irrespective of industry or organization. This is a constant that you can organize your metrics around.

    A photo of Info-Tech IT Dashboards

    Dashboard Customization

    The categories represent a constant around which you can change the order; for example, if your CXO is more focused on Financials, you can switch the Financials dashboard to appear first.

    The Info-Tech IT Dashboards are aimed at a CXO audience so if your audience is the CXO, then you may decide to change very little, but you can customize any visual to appeal to your audience.

    Phase 1 will get you started with your audience.

    Always start with the audience

    …and not the data!

    Reliable, accurate data plays a critical role in dashboards, but data is only worthwhile if it is relevant to the audience who consumes it, and dashboards are only as meaningful as the data and metrics they represent.

    Instead of starting with the data, start with the audience. The more IT understands about the audience, the more relevant the metrics will be to their audience and the more aligned leadership will be with IT.

    Don’t forget yourself and who you are. Your audience will have certain preconceived notions about who you are and what you do. Consider these when you think about what you want your audience to know.

    46% executives identify lack of customization to individual user needs as a reason they struggle with dashboards.
    — Source: (Exasol)

    Resist the Data-First Temptation

    If you find yourself thinking about data and you haven’t thought about your audience, pull yourself back to the audience.

    Ask first Ask later
    Who is this dashboard for? What data should I show?
    How will the audience use the dashboard to make decisions? Where do I get the data?
    How can I show what matters to the audience? How much effort is required to get the data?

    Meaningful measures rely on understanding your audience and their needs

    It is crucial to think about who your audience is so that you can translate their needs into metrics and create meaningful visuals for your dashboards.

    A diagram that highlights step 1-3 of understanding your audience in the high-value dashboard process.

    Step 1.1

    Review and Validate Info-Tech’s IT Dashboards for Your Audience

    Activities:
    1.1.1 Examine Info-Tech’s IT Dashboards.

    • Note, the Info-Tech IT Dashboards are organized by CIO priorities – Risk, Financials, Talent, and Strategic Initiatives – and address the needs of the CXO audience. The IT Dashboard Workbook is pre-populated with this information.
    • If this meets your audience’s needs, you do not have to edit this content and can instead use the pre-populated information. You may wish to review the information to ensure it is still valid for your audience.

    A diagram that shows step 1.1 & 1.2 to Test Info-Tech’s IT Dashboards Against Your Audience’s Needs.

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Outcomes of this step:

    • Info-Tech dashboards reviewed for your organization’s audience.

    1.1.1 Examine the Info-Tech IT Dashboards

    30 minutes

    1. If you haven’t already downloaded the Info-Tech IT Dashboards, click the link below to download.
    2. Complete a quick review of the dashboards and consider how your audience would receive them.
    3. Document your thoughts, with special emphasis on your audience in the Info-Tech Dashboard Impressions slide.

    A diagram that shows Info-Tech IT Dashboards

    Download Info-Tech IT Dashboards

    Reviewing visuals can help you think about how your audience will respond to them

    Jot down your thoughts below. You can refer to this later as you consider your audience.

    Consider:

    • Who is your dashboard audience?
    • Are their needs different from the Info-Tech IT Dashboard audience’s? If so, how?
    • Will the visuals work for your audience on each dashboard?
    • Will the order of the dashboards work for your audience?
    • What is missing?

    Step 1.2

    Identify and Document Your Audience’s Needs

    Activities:
    1.2.1 Document your audience’s needs in the IT Dashboard Workbook.

    • Note, the Info-Tech IT Dashboards are organized by CIO priorities – Risk, Financials, Talent, and Strategic Initiatives – and address the needs of the CXO audience. The IT Dashboard Workbook is pre-populated with this information.
    • If this meets your audience’s needs, you do not have to edit this content and can instead use the pre-populated information. You may wish to review the information to ensure it is still valid for your audience.

    A diagram that shows step 1.1 & 1.2 to Test Info-Tech’s IT Dashboards Against Your Audience’s Needs.

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Outcomes of this step:

    • Audience details documented in IT Dashboard Workbook

    Identify Your Audience and dig deeper to understand their needs

    Connect with your audience

    • Who is your audience?
    • What does your audience care about? What matters to them?
    • How is their individual success measured? What are their key performance indicators (KPIs)?
    • Connect the challenges and pain points of your audience to how IT can help alleviate those pain points:
      • For example, poor financial performance could be due to a lack of digitization. Identify areas where IT can help alleviate this issue.
      • Try to uncover the root cause behind the need. Root causes are often tied to broad organizational objectives, so think about how IT can impact those objectives.

    Validate the needs you’ve uncovered with the audience to ensure you have not misinterpreted them and clarify the desired timeline and deadline for the dashboard.

    Document audiences and needs on Tab 2 of the IT Dashboard Workbook

    Typical Audience Needs
    Senior Leadership
    • Inform strategic planning and track progress toward objectives.
    • Understand critical challenges.
    • Ensure risks are managed.
    • Ensure budgets are managed.
    Board of Directors
    • Understand organizational risks.
    • Ensure organization is fiscally healthy.
    Business Partners
    • Support strategic workforce planning.
    • Surface upcoming risks to workforce.
    CFO
    • IT Spend
    • Budget Health and Risks

    Prioritize and select audience needs that your dashboard will address

    Prioritize needs by asking:

    • Which needs represent the largest value to the entire organization (i.e. needs that impact more of the organization than just the audience)?
    • Which needs will have the largest impact on the audience’s success?
    • Which needs are likely to drive action (e.g. if supporting a decision, is the audience likely to be amenable to changing the way they make that decision based on the data)?

    Select three to five of the highest priority needs for each audience to include on a dashboard.

    Prioritize needs on Tab 2 of the IT Dashboard Workbook

    A diagram that shows 3 tiers of high priority, medium priority, and low priority.

    1.2.1 Document Your Audience Needs in the IT Dashboard Workbook

    1 hour

    Click the link below to download the IT Dashboard Workbook and open the file. Select Tab 2. The workbook contains pre-populated text that reflects information about Info-Tech’s IT Dashboards. You may want to keep the pre-populated text as reference as you identify your own audience then remove after you have completed your updates.

    A table of documenting audience, including key attributes, desired timeline, deadline, needs, and priority.

    Download Info-Tech IT Dashboard Workbook

    Phase 2

    Translate Audience Needs Into Metrics

    A diagram that shows phase 1 to 5.

    This phase will walk you through the following:

    • Revisiting the Info-Tech IT Dashboards for your audience.
    • Documenting your prioritized audience’s needs and the desired outcome of each in the IT Dashboard Workbook.

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Linking audience needs to metrics has positive outcomes

    When you present metrics that your audience cares about, you:

    • Deliver real value and demonstrate IT’s value as a trusted partner.
    • Improve the relationship between the business and IT.
    • Enlighten the business about what IT does and how it is connected to the organization.

    29% of respondents to The Economist Intelligence Unit survey cited inadequate collaboration between IT and the business as one of the top barriers to the organization’s digital objectives.
    — Source: Watson, Morag W., et al.

    Dashboard Customization

    The Info-Tech IT Dashboards use measures for each dashboard that correspond with what the audience (CXO) cares about. You can find these measures in the IT Dashboard Workbook. If your audience is the CXO, you may have to change a little but you should still validate the needs and metrics in the IT Dashboard Workbook.

    Phase 2 covers the process of translating needs into metrics.

    Once you know what your audience needs, you know what to measure

    A diagram that highlights step 4-5 of knowing your audience needs in the high-value dashboard process.

    Step 2.1

    Document Desired Outcomes for Each Prioritized Audience Need

    Activities:
    2.1.1 Compare the Info-Tech IT Dashboards with your audience’s needs.
    2.1.2 Document prioritized audience needs and the desired outcome of each in the IT Dashboard Workbook.

    • Note, the Info-Tech IT Dashboards are organized by CIO priorities – Risk, Financials, Talent, and Strategic Initiatives – and address the needs of the CXO audience. The IT Dashboard Workbook is pre-populated with this information.
    • If this meets your audience’s needs, you do not have to edit this content and can instead use the pre-populated information. You may wish to review the information to ensure it is still valid for your audience.

    A diagram that shows step 2.1 to 2.3 to translate audience needs into metrics.

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Outcomes of this step:

    • Understanding of how well Info-Tech IT Dashboards address audience needs.
    • Documented desired outcomes for each audience need.

    2.1.1 Revisit Info-Tech’s IT Dashboards and Review for Your Audience

    30 minutes

    1. If you haven’t already downloaded the Info-Tech IT Dashboards, click the link below to download.
    2. Click the link below to download the Info-Tech IT Dashboard Workbook.
    3. Recall your first impressions of the dashboards that you recorded on earlier in Phase 1 and open up the audience and needs information you documented in Tab 2 of the IT Dashboard Workbook.
    4. Compare the dashboards with your audience’s needs that you documented on Tab 2.
    5. Record any updates to your thoughts or impressions on the next slide. Think about any changes to the dashboards that you would make so that you can reference it when you build the dashboards.

    Download Info-Tech IT Dashboard Workbook

    A photo of Info-Tech IT Dashboards
    The Info-Tech IT Dashboards contain a set of monthly metrics tailored toward a CXO audience.

    Download Info-Tech IT Dashboards

    Knowing what your audience needs, do the metrics the visuals reflect address them?

    Any changes to the Info-Tech IT Dashboards?

    Consider:

    • Are your audience’s needs already reflected in the visuals in each of the dashboards? If so, validate this in the next activity by reviewing the prioritized needs, desired outcomes, and associated metrics already documented in the IT Dashboard Workbook.
    • Are there any visuals your audience would need that you don’t see reflected in the dashboards? Write them here to use in the next exercise.

    Desired outcomes make identifying metrics easier

    When it’s not immediately apparent what the link between needs and metrics is, brainstorm desired outcomes.

    A diagram that shows an example of desired outcomes

    2.1.2 Document your audience’s desired outcome per prioritized need

    Now that you’ve examined the Info-Tech IT Dashboards and considered the needs of your audience, it is time to understand the outcomes and goals of each need so that you can translate your audience’s needs into metrics.

    1 hour

    Click the link below to download the IT Dashboard Workbook and open the file. Select Tab 3. The workbook contains pre-populated text that reflects information about Info-Tech’s IT Dashboards. You may want to keep the pre-populated text as reference as you identify your own audience then remove it after you have completed your updates.

    A diagram that shows desired outcome per prioritized need

    Download Info-Tech IT Dashboard Workbook

    Deriving Meaningful Metrics

    Once you know the desired outcomes, you can identify meaningful metrics

    A diagram of an example of meaningful metrics.

    Common Metrics Mistakes

    Avoid the following oversights when selecting your metrics.

    A diagram that shows 7 metrics mistakes

    Step 2.2

    Derive Metrics From Audience Needs

    Activities:
    2.2.1 Derive metrics using the Info-Tech IT Dashboards and the IT Dashboard Workbook.

    • Note, the Info-Tech IT Dashboards are organized by CIO priorities – Risk, Financials, Talent, and Strategic Initiatives – and address the needs of the CXO audience. The IT Dashboard Workbook is pre-populated with this information.
    • If this meets your audience’s needs, you do not have to edit this content and can instead use the pre-populated information. You may wish to review the information to ensure it is still valid for your audience.

    A diagram that shows step 2.1 to 2.3 to translate audience needs into metrics.

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Outcomes of this step:

    • Documented metrics for audience needs.

    2.2.1 Derive metrics from desired outcomes

    Now that you have completed the desired outcomes, you can determine if you are meeting those desired outcomes. If you struggle with the metrics, revisit the desired outcomes. It could be that they are not measurable or are not specific enough.

    2 hours

    Click the link below to download the IT Dashboard Workbook and open the file. Select Tab 3. The workbook contains pre-populated text that reflects information about Info-Tech’s IT Dashboards. You may want to keep the pre-populated text as reference as you identify your own audience then remove it after you have completed your updates.

    A diagram that shows derive metrics from desired outcomes

    Download Info-Tech IT Dashboard Workbook

    Download IT Metrics Library

    Download HR Metrics Library

    Step 2.3

    Associate Metrics to Dashboards

    Activities:
    2.3.1 Review the metrics and identify which dashboard they should appear on.

    • Note, the Info-Tech IT Dashboards are organized by CIO priorities – Risk, Financials, Talent, and Strategic Initiatives – and address the needs of the CXO audience. The IT Dashboard Workbook is pre-populated with this information.
    • If this meets your audience’s needs, you do not have to edit this content and can instead use the pre-populated information. You may wish to review the information to ensure it is still valid for your audience.

    A diagram that shows step 2.1 to 2.3 to translate audience needs into metrics.

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Outcomes of this step:

    • Metrics associated to each dashboard.

    2.3.1 Associate metrics to dashboards

    30 minutes

    Once you have identified all your metrics from Step 2.2, identify which dashboard they should appear on. As with all activities, if the Info-Tech IT Dashboard meets your audience’s needs, you do not have to edit this content and can instead use the pre-populated information.

    A diagram that shows associate metrics to dashboards

    Phase 3

    Ready Your Data for Dashboards

    A diagram that shows phase 1 to 5.

    This phase will walk you through the following:

    • Inventorying your data
    • Assessing your data quality
    • Determining data readiness
    • Determining data measurement frequency

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Can you measure your metrics?

    Once appropriate service metrics are derived from business objectives, the next step is to determine how easily you can get your metric.

    A diagram that highlights step 5 of measuring your metrics in the high-value dashboard process.

    Make sure you select data that your audience trusts

    40% of organizations say individuals within the business do not trust data insights.
    — Source: Experian, 2020

    Phase 3 covers the process of identifying data for each metric, creating a data inventory, assessing the readiness of your data, and documenting the frequency of measuring your data. Once complete, you will have a guide to help you add data to your dashboards.

    Step 3.1

    Assess Data Inventory

    Activities:
    3.1.1 Download the IT Dashboard Workbook and complete the data inventory section on Tab 4.

    • Note, the Info-Tech IT Dashboards are organized by CIO priorities – Risk, Financials, Talent, and Strategic Initiatives – and address the needs of the CXO audience. The IT Dashboard Workbook is pre-populated with this information.
    • If this meets your audience’s needs, you do not have to edit this content and can instead use the pre-populated information. You may wish to review the information to ensure it is still valid for your audience.

    A diagram that shows step 3.1 to 3.4 to ready your data for dashboards.

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Outcomes of this step:

    • Documented data inventory for each metric.

    3.1.1 Data Inventory

    1 hour

    Click the link below to download the IT Dashboard Workbook and open the file. Select Tab 4. The pre-populated text is arranged into the tables according to the dashboard they appear on; you may need to scroll down to see all the dashboard tables.

    Create a data inventory by placing each metric identified on Tab 3 into the corresponding dashboard table. Complete each column as described below.

    A diagram that shows 9 columns of data inventory.

    Metrics Libraries: Use the IT Metrics Library and HR Metrics Library for ideas for metrics to use and how to measure them.

    Download Info-Tech IT Dashboard Workbook

    Step 3.2

    Assess Data Quality

    Activities:
    3.2.1 Use the IT Dashboard Workbook to complete an assessment of data quality on Tab 4.

    • Note, the Info-Tech IT Dashboards are organized by CIO priorities – Risk, Financials, Talent, and Strategic Initiatives – and address the needs of the CXO audience. The IT Dashboard Workbook is pre-populated with this information.
    • If this meets your audience’s needs, you do not have to edit this content and can instead use the pre-populated information. You may wish to review the information to ensure it is still valid for your audience.

    A diagram that shows step 3.1 to 3.4 to ready your data for dashboards.

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Outcomes of this step:

    • Documented data quality assessment for each metric.

    3.2.1 Assess Data Quality

    1 hour

    Document the data quality on Tab 4 of the IT Dashboard Workbook by filling in the data availability, data accuracy, and data standardization columns as described below.

    A diagram that shows data availability, data accuracy, and data standardization columns.

    Data quality is a struggle for many organizations. Consider how much uncertainty you can tolerate and what would be required to improve your data quality to an acceptable level. Consider cost, technological resources, people resources, and time required.

    Download Info-Tech IT Dashboard Workbook

    Step 3.3

    Assess Data Readiness

    Activities:
    3.3.1 Use the IT Dashboard Workbook to determine the readiness of your data.

    • Note, the Info-Tech IT Dashboards are organized by CIO priorities – Risk, Financials, Talent, and Strategic Initiatives – and address the needs of the CXO audience. The IT Dashboard Workbook is pre-populated with this information.
    • If this meets your audience’s needs, you do not have to edit this content and can instead use the pre-populated information. You may wish to review the information to ensure it is still valid for your audience.

    A diagram that shows step 3.1 to 3.4 to ready your data for dashboards.

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Outcomes of this step:

    • Documented data readiness for each metric

    3.3.1 Determine Data Readiness

    1 hour

    Once the data quality has been documented and examined, complete the Data Readiness section of Tab 4 in the Info-Tech IT Dashboard Workbook. Select a readiness classification using the definitions below. Use the readiness of your data to determine the level of effort required to obtain the data and consider the constraints and cost/ROI to implement new technology or revise processes and data gathering to produce the data.

    A diagram that shows data readiness section

    Remember: Although in most cases, simple formulas that can be easily understood are the best approach, both because effort is lower and data that is not manipulated is more trustworthy, do not abandon data because it is not perfect but instead plan to make it easier to obtain.

    Download Info-Tech IT Dashboard Workbook

    Step 3.4

    Assess Data Frequency

    Activities:
    3.4.1 Use the IT Dashboard Workbook to determine the readiness of your data and how frequently you will measure your data.

    • Note, the Info-Tech IT Dashboards are organized by CIO priorities – Risk, Financials, Talent, and Strategic Initiatives – and address the needs of the CXO audience. The IT Dashboard Workbook is pre-populated with this information.
    • If this meets your audience’s needs, you do not have to edit this content and can instead use the pre-populated information. You may wish to review the information to ensure it is still valid for your audience.

    A diagram that shows step 3.1 to 3.4 to assess data inventory, quality, and readiness.

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Outcomes of this step:

    • Documented frequency of measurement for each metric.

    3.4.1 Document Planned Frequency of measurement

    10 minutes

    Document the planned frequency of measurement for all your metrics on Tab 4 of the IT Dashboard Workbook.

    For each metric, determine how often you will need to refresh it on the dashboard and select a frequency from the drop down. The Info-tech IT Dashboards assume a monthly refresh.

    Download Info-Tech IT Dashboard Workbook

    Phase 4

    Build and Deliver Your Dashboards

    A diagram that shows phase 1 to 5.

    This phase will walk you through the following:

    • Designing your dashboards
    • Updating your dashboards
    • Crafting your story
    • Delivering your dashboards

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Using your dashboard to tell your story with visuals

    Now that you have linked metrics to the needs of your audience and you understand how to get your data, it is time to start building your dashboards.

    A diagram that highlights step 6 of creating meaningful visuals in the high-value dashboard process.

    Using visual language

    • Shortens meetings by 24%
    • Increases the ability to reach consensus by 21%
    • Strengthens persuasiveness by 43%

    — Source: American Management Association

    Phase 4 guides you through using the Info-Tech IT Dashboard visuals for your audience’s needs and your story.

    Step 4.1

    Design Your Dashboard

    Activities:
    4.1.1 Plan and validate dashboard metrics, data, level of effort and visuals.

    • Note, the Info-Tech IT Dashboards are organized by CIO priorities – Risk, Financials, Talent, and Strategic Initiatives – and address the needs of the CXO audience. The IT Dashboard Workbook is pre-populated with this information.
    • If this meets your audience’s needs, you do not have to edit this content and can instead use the pre-populated information. You may wish to review the information to ensure it is still valid for your audience.

    A diagram that shows step 4.1 to 4.3 to build and deliver your dashboards.

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Outcomes of this step:

    • Identified and validated metrics, data, and visuals for your IT dashboards.

    Use clear visuals that avoid distracting the audience

    Which visual is better to present?

    Sample A:
    A photo of Sample A visuals

    Sample B:
    A diagram Sample B visuals

    Select the appropriate visuals

    Identify the purpose of the visualization. Determine which of the four categories below aligns with the story and choose the appropriate visual to display the data.

    Relationship

    A photo of Scatterplots
    Scatterplots

    • Used to show relationships between two variables.
    • Can be difficult to interpret for audiences that are not familiar with them.

    Distribution

    A photo of Histogram
    Histogram

    • Use a histogram to show spread of a given numeric variable.
    • Can be used to organize groups of data points.
    • Requires continuous data.
    • Can make comparisons difficult.

    A photo of Scatterplot
    Scatterplot

    • Can show correlation between variables.
    • Show each data plot, making it easier to compare.

    Composition

    A photo of Pie chart
    Pie chart

    • Use pie charts to show different categories.
    • Avoid pie charts with numerous slices.
    • Provide numbers alongside slices, as it can be difficult to compare slices based on size alone.

    A photo of Table
    Table

    • Use tables when there are a large number of categories.
    • Presents information in a simple way.

    Comparison

    A photo of Bar graph
    Bar graph

    • Use to compare categories.
    • Easy to understand, familiar format.

    A photo of Line chart
    Line chart

    • Use to show trends or changes over time.
    • Clear and easy to analyze.

    (Calzon)

    Examples of data visualization

    To compare categories, use a bar chart:
    2 examples of bar chart
    Conclusion: Visualizing the spend in various areas helps prioritize.


    To show trends, use a line graph:
    An example of line graph.
    Conclusion: Overlaying a trend line on revenue per employee helps justify headcount costs.


    To show simple results, text is sometimes more clear:
    A diagram that shows examples of text and graphics.
    Conclusion: Text with meaningful graphics conveys messages quickly.


    To display relative percentages of values, use a pie chart:
    An example of pie chart.
    Conclusion: Displaying proportions in a pie chart gives an at-a-glance understanding of the amount any area uses.

    Choose effective colors and design

    Select colors that will enhance the story

    • Use color strategically to help draw the audience’s attention and highlight key information.
    • Choose two to three colors to use consistently throughout the dashboard, as too many colors will be distracting to the audience.
    • Use colors that connect with the audience (e.g., organization or department colors).
    • Don’t use colors that are too similar in shade or brightness level, as those with colorblindness might have difficulty discerning them.

    Keep the design simple and clear

    • Leave white space to separate sections and keep the dashboard simple.
    • Don’t measure everything; show just enough to address the audience’s needs.
    • Use blank space between data points to provide natural contrast (e.g., leaving space between each bar on a bar graph). Don’t rely on contrast between colors to separate data (Miller).
    • Label each data point directly instead of using a separate key, so anyone who has difficulty discerning color can still interpret the data (Miller).

    Example

    A example that shows colours and design of a chart.

    Checklist to build compelling visuals in your presentation

    Leverage this checklist to ensure you are creating the perfect visuals and graphs for your presentation.

    Checklist:

    • Do the visuals grab the audience’s attention?
    • Will the visuals mislead the audience/confuse them?
    • Do the visuals facilitate data comparison or highlight trends and differences in a more effective manner than words?
    • Do the visuals present information simply, cleanly, and accurately?
    • Do the visuals illustrate messages and themes from the accompanying text?

    4.1.1 Plan and validate your dashboard visuals

    1 hour

    Click the links below to download the Info-Tech IT Dashboards and the IT Dashboard Workbook. Open the IT Dashboard Workbook and select Tab 5. For each dashboard, represented by its own table, open the corresponding Info-Tech IT Dashboard as reference.

    A diagram of dashboard and its considerations when selecting visuals.

    Download Info-Tech IT Dashboards

    Download Info-Tech IT Dashboard Workbook

    Step 4.2

    Update Your Dashboards

    Activities:
    4.2.1 Update the visuals on the Info-Tech IT Dashboards with data and visuals identified in the IT Dashboard Workbook.

    • Note, the Info-Tech IT Dashboards are organized by CIO priorities – Risk, Financials, Talent, and Strategic Initiatives – and address the needs of the CXO audience. The IT Dashboard Workbook is pre-populated with this information.
    • If this meets your audience’s needs, you do not have to edit this content and can instead use the pre-populated information. You may wish to review the information to ensure it is still valid for your audience.

    A diagram that shows step 4.1 to 4.3 to build and deliver your dashboards.

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Outcomes of this step:

    • Dashboards updated with your visuals, metrics, and data identified in the IT Dashboard Workbook.

    4.2.1 Update visuals with your own data

    2 hours

    1. Get the data that you identified in Tab 4 and Tab 5 of the IT Dashboard Workbook.
    2. Click the link below to go to the Info-Tech IT Dashboards and follow the instructions to update the visuals.

    Do not worry about the Key Insights or Calls to Action; you will create this in the next step when you plan your story.

    Download Info-Tech IT Dashboards

    Step 4.3

    Craft Your Story and Deliver Your Dashboards

    Activities:
    4.3.1 Craft Your Story
    4.3.2 Finalize Your Dashboards
    4.3.3 Practice Delivering Your Story With Your Dashboards

    • Note, the Info-Tech IT Dashboards are organized by CIO priorities – Risk, Financials, Talent, and Strategic Initiatives – and address the needs of the CXO audience. The IT Dashboard Workbook is pre-populated with this information.
    • If this meets your audience’s needs, you do not have to edit this content and can instead use the pre-populated information. You may wish to review the information to ensure it is still valid for your audience.

    A diagram that shows step 4.1 to 4.3 to build and deliver your dashboards.

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Outcomes of this step:

    • Documented situations, key insights, and calls to action for each dashboard/visual.
    • A story to tell for each dashboard.
    • Understanding of how to practice delivering the dashboards using stories.

    Stories are more easily understood and more likely to drive decisions

    IT dashboards are valuable tools to provide insights that drive decision making.

    • Monitor: Track and report on strategic areas IT supports.
    • Provide insights: sPresent important data and information to audiences in a clear and efficient way.

    “Data storytelling is a universal language that everyone can understand – from people in STEM to arts and psychology.” — Peter Jackson, Chief Data and Analytics Officer at Exasol

    Storytelling provides context, helping the audience understand and connect with data and metrics.

    • 93% of respondents (business leaders and data professionals) agreed that decisions made as a result of successful data storytelling have the potential to help increase revenue.
    • 92% of respondents agreed that data storytelling was critical to communicate insights effectively.
    • 87% percent of respondents agreed that leadership teams would make more data-driven decisions if insights gathered from data were presented more simply.

    — Exasol

    For more visual guidance, download the IT Dashboard Guide

    Include all the following pieces in your message for an effective communication

    A diagram of an effective message, including consistent, clearn, relevant, and concise.

    Info-Tech Insight

    Time is a non-renewable resource. The message crafted must be considered a value-adding communication to your audience.

    Enable good communication with these components

    Be Consistent

    • The core message must be consistent regardless of audience, channel, or medium.
    • Test your communication with your team or colleagues to obtain feedback before delivering to a broader audience.
    • A lack of consistency can be interpreted as an attempt at deception. This can hurt credibility and trust.

    Be Clear

    • Say what you mean and mean what you say.
    • Choice of language is important: “Do you think this is a good idea? I think we could really benefit from your insights and experience here.” Or do you mean: “I think we should do this. I need you to do this to make it happen.”
    • Avoid jargon.

    Be Relevant

    • Talk about what matters to the audience.
    • Tailor the details of the message to the audience’s specific concerns.
    • IT thinks in processes but wider audiences focus mostly on results; talk in terms of results.
    • IT wants to be understood, but this does not matter to stakeholders. Think: “What’s in it for them?”
    • Communicate truthfully; do not make false promises or hide bad news.

    Be Concise

    • Keep communication short and to the point so key messages are not lost in the noise.
    • There is a risk of diluting your key message if you include too many other details.
    • If you provide more information than necessary, the clarity and consistency of the message can be lost.

    Draft the core messages to communicate

    1. Hook your audience: Use a compelling introduction that ensures your target audience cares about the message. Start with a story or metaphor and then support with the data on your dashboard. Avoid rushing in with data first.
    2. Demonstrate you can help: Let the audience know that based on the unique problem, you can help. There is value in engaging and working with you further.
    3. Write for the ear: Use concise and clear sentences, avoid technological language, and when you read it aloud ensure it sounds like how you would normally speak.
    4. Interpret visuals for your audience: Do not assume they will reach the same conclusions as you. For example, walk them through what a chart shows even if the axes are labeled, tell them what a trend line indicates or what the comparison between two data points means.
    5. Identify a couple of key insights: Think about one or two key takeaways you want your audience to leave with.
    6. Finish with a call to action: Your concluding statement should not be a thank-you but a call to action that ignites how your audience will behave after the communication. Dashboards exist to drive decisions, so if you have no call to action, you should ask if you need to include the visual.

    4.3.1 Craft Your Story

    1 hour

    Click the link below to download the IT Dashboard Workbook and open the file. Select Tab 6. The workbook contains grey text that reflects a sample story about the Info-Tech IT Dashboards. You may want to keep the sample text as reference, then remove after you have entered your information.

    A diagram of dashboard to craft your story.

    Download Info-Tech IT Dashboard Workbook

    4.3.2 Finalize Your Dashboards

    30 minutes

    1. Take the Key Insights and Calls to Action that you documented in Tab 6 of the IT Dashboard Workbook and place them in their corresponding dashboard.
    2. Add any text to your dashboard as necessary but only if the visual requires more information. You can add explanations more effectively during the presentation.

    A diagram that shows strategic initiatives: deliver value to customers.

    Tip: Aim to be brief and concise with any text. Dashboards simplify information and too much text can clutter the visuals and obscure the message.

    Download Info-Tech IT Dashboard Workbook

    4.3.3 Practice Delivering Your Story With Your Dashboards

    1 hour

    Ideally you can present your dashboard to your audience so that you are available to clarify questions and add a layer of interpretation that would crowd out boards if added as text.

    1. To prepare to tell your story, consult the Situation, Key Insights, and Call to Action sections that you documented for each dashboard in Tab 6 of the Info-Tech IT Dashboard Workbook.
    2. Practice your messages as you walk through your dashboards. The next two slides provide delivery guidance.
    3. Once you deliver your dashboards, update Tab 6 with audience feedback. Often dashboards are iterative and when your audience sees them, they are usually inspired to think about what else they would like to see. This is good and shows your audience is engaged!

    Don’t overwhelm your audience with information and data. You spent time to craft your dashboards so that they are clear and concise, so spend time practicing delivering a message that matches your clear, concise dashboards

    Download Info-Tech IT Dashboard Workbook

    Hone presentation skills before meeting with key stakeholders

    Using voice and body

    Think about the message you are trying to convey and how your body can support that delivery. Hands, stance, and frame all have an impact on what might be conveyed.

    If you want your audience to lean in and be eager about your next point, consider using a pause or softer voice and volume.

    Be professional and confident

    State the main points of your dashboard confidently. While this should be obvious, it needs to be stated explicitly. Your audience should be able to clearly see that you believe the points you are stating.

    Present in a way that is genuine to you and your voice. Whether you have an energetic personality or a calm and composed personality, the presentation should be authentic to you.

    Connect with your audience

    Look each member of the audience in the eye at least once during your presentation or if you are presenting remotely, look into the camera. Avoid looking at the ceiling, the back wall, or the floor. Your audience should feel engaged – this is essential to keeping their attention.

    Avoid reading the text from your dashboard, and instead paraphrase it while maintaining eye/camera contact.

    Info-Tech Insight

    You are responsible for the response of your audience. If they aren’t engaged, it is on you as the communicator.

    Communication Delivery Checklist

    • Have you practiced delivering the communication to team members or coaches?
    • Have you practiced delivering the communication to someone with little to no technology background?
    • Are you making yourself open to feedback and improvement opportunities?
    • If the communication is derailed from your plan, are you prepared to handle that change?
    • Can you deliver the communication without reading your notes word for word?
    • Have you adapted your voice throughout the communication to highlight specific components you want the audience to focus on?
    • Are you presenting in a way that is genuine to you and your personality?
    • Can you communicate the message within the time allotted?
    • Are you moving in an appropriate manner based on your communication (e.g., toward the screen, across the stage, hand gestures)
    • Do you have room for feedback on the dashboards? Solicit feedback with your audience after the meeting and record it in Tab 6 of the IT Dashboard Workbook.

    Phase 5

    Plan, record, and action your metrics

    A diagram that shows phase 1 to 5.

    This phase will walk you through the following:

    • Planning to track your metrics
    • Recording your metrics
    • Actioning your metrics

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Actioning your metrics to drive results

    To deliver real value from your dashboards, you need to do something with the results.

    Don’t fail on execution! The whole reason you labor to create inviting visuals and meaningful metrics is to action those metrics. The metrics results inform your entire story! It’s important to plan and do, but everything is lost if you fail to check and act.

    70%: of survey respondents say that managers do not get insights from performance metrics to improve strategic decision making.
    60%: of survey respondents say that operational teams do not get insights to improve operation decision making.

    (Bernard Marr)

    “Metrics aren’t a passive measure of progress but an active part of an organization’s everyday management….Applying the “plan–do–check–act” feedback loop…helps teams learn from their mistakes and identify good ideas that can be applied elsewhere”

    (McKinsey)

    Step 5.1

    Plan How to Record Metrics

    Activities:
    5.1.1 For each dashboard, add a baseline and target to existing metrics and KPIs.

    • Note, the Info-Tech IT Dashboards are organized by CIO priorities – Risk, Financials, Talent, and Strategic Initiatives – and address the needs of the CXO audience. The IT Dashboard Workbook is pre-populated with this information.
    • If this meets your audience’s needs, you do not have to edit this content and can instead use the pre-populated information. You may wish to review the information to ensure it is still valid for your audience.

    A diagram that shows step 5.1 to 5.2 to plan, record, and action your metrics.

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Outcomes of this step:

    • Baselines and targets identified and recorded for each metric.

    5.1.1 Identify Baselines and Targets

    1 hour

    To action your metrics, you must first establish what your baselines and targets are so that you can determine if you are on track.

    To establish baselines:
    If you do not have a baseline. Run your metric to establish one.

    To establish targets:

    • Use historical data and trends of performance.
    • If you do not have historical data, establish an initial target based on stakeholder-identified requirements and expectations.
    • You can also run the metrics report over a defined period of time and use the baseline level of achievement to establish an initial target.
    • The target may not always be a number – it could be a trend. The initial target may be changed after review with stakeholders.

    Actions for Success:
    How will you ensure you can get this metric? For example, if you would like to measure delivered value, to make sure the metric is measurable, you will need to ensure that measures of success are documented for an imitative and then measured once complete.

    • If you need help with Action plans, the IT Metrics Library includes action plans for all of its metrics that may help

    A diagram of identify metrics and to identify baselines and targets.

    Download Info-Tech IT Dashboard Workbook

    Step 5.2

    Record and Action Metrics

    Activities:
    5.2.1 Record and Action Results

    • Note, the Info-Tech IT Dashboards are organized by CIO priorities – Risk, Financials, Talent, and Strategic Initiatives – and address the needs of the CXO audience. The IT Dashboard Workbook is pre-populated with this information.
    • If this meets your audience’s needs, you do not have to edit this content and can instead use the pre-populated information. You may wish to review the information to ensure it is still valid for your audience.

    A diagram that shows step 5.1 to 5.2 to plan, record, and action your metrics.

    This phase involves the following participants:

    • Senior IT leadership
    • Dashboard SMEs

    Outcomes of this step:

    • Understanding of what and where to record metrics once run.

    5.2.1 Record and Action Results

    1 hour

    After analyzing your results, use this information to update your dashboards. Revisit Tab 6 of the IT Dashboard Workbook to update your story. Remember to record any audience feedback about the dashboards in the Audience Feedback section.

    Action your measures as well as your metrics

    What should be measured can change over time as your organization matures and the business environment changes. Understanding what creates business value for your organization is critical. If metrics need to be changed, record metrics actions under Identified Actions on Tab 7. A metric will need to be addressed in one of the following ways:

    • Added: A new metric is required or an existing metric needs large-scale changes (example: calculation method or scope).
    • Changed: A minor change is required to the presentation format or data. Note: a major change in a metric would be performed through the Add option.
    • Removed: The metric is no longer required, and it needs to be removed from reporting and data gathering. A final report date for that metric should be determined.
    • Maintained: The metric is still useful and no changes are required to the metric, its measurement, or how it’s reported.

    A diagram of record results and identify how to address results.

    Don’t be discouraged if you need to update your metrics a few times before you get it right. It can take some trial and error to find the measures that best indicate the health of what you are measuring.

    Download Info-Tech IT Dashboard Workbook

    Tips for actioning results

    Sometimes actioning your metrics results requires more analysis

    If a metric deviates from your target, you may need to analyze how to correct the issue then run the metric again to see if the results have improved.

    Identify Root Cause
    Root Cause Analysis can include problem exploration techniques like The 5 Whys, fishbone diagrams, or affinity mapping.

    Select a Solution
    Once you have identified a possible root cause, use the same technique to brainstorm and select a solution then re-run your metrics.

    Consider Tension Metrics
    Consider tension metrics when selecting a solution. Will improving one area affect another? A car can go faster but it will consume more fuel – a project can be delivered faster but it may affect the quality.

    Summary of Accomplishment

    Problem Solved

    1. Using this blueprint and the IT Dashboard Workbook, you validated and customized the dashboards for your audience and organization, which reduced or eliminated time spent searching for and organizing your own visuals.
    2. You documented your dashboards’ story so you are ready to present them to your audience.
    3. You assessed the data for your dashboards and you built a metrics action-tracking plan to maintain your dashboards’ metrics.

    If you would like additional support, have our analysts guide you through an Info-Tech workshop or Guided Implementation.

    Contact your account representative for more information.
    workshops@infotech.com
    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    Contact your account representative for more information.

    workshops@infotech.com
    1-888-670-8889

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    A photo of Info-Tech IT Dashboards
    Review the Info-Tech IT Dashboards
    Determine how you can use the Info-Tech IT Dashboards in your organization and the anticipated level of customization.

    A photo of the IT Dashboard Workbook
    Plan your dashboards
    Complete the IT Dashboard Workbook to help plan your dashboards using Info-Tech’s IT Dashboards.

    Research Contributors and Experts

    Photo of John Corrado
    John Corrado
    Head of IT
    X4 Pharmaceuticals

    As head of IT, John is charged with the creation of strategic IT initiatives that align with X4s vision, mission, culture, and long-term goals and is responsible for the organization’s systems, security, and infrastructure. He works closely developing partnerships with X4tizens across the organization to deliver value through innovative programs and services.

    Photo of Grant Frost
    Grant Frost
    Chief Information & Security Officer
    Niagara Catholic School Board

    Grant Frost is an experienced executive, information technologist and security strategist with extensive experience in both the public and private sector. Grant is known for, and has extensive experience in, IT transformation and the ability to increase capability while decreasing cost in IT services.

    Photo of Nick Scozzaro
    Nick Scozzaro
    CEO and Co-Founder of MobiStream and ShadowHQ
    ShadowHQ

    Nick got his start in software development and mobility working at BlackBerry where he developed a deep understanding of the technology landscape and of what is involved in both modernizing legacy systems and integrating new ones. Working with experts across multiple industries, he innovated, learned, strategized, and ultimately helped push the boundaries of what was possible.

    Photo of Joseph Sanders
    Joseph Sanders
    Managing Director of Technology/Cyber Security Services
    Kentucky Housing Corporation

    In his current role Joe oversees all IT Operations/Applications Services that are used to provide services and support to the citizens of Kentucky. Joe has 30+ years of leadership experience and has held several executive roles in the public and private sector. He has been a keynote speaker for various companies including HP, IBM, and Oracle.

    Photo of Jochen Sievert
    Jochen Sievert
    Director Performance Excellence & IT
    Zeon Chemicals

    Jochen moved to the USA from Duesseldorf, Germany in 2010 to join Zeon Chemicals as their IT Manager. Prior to Zeon, Jochen has held various technical positions at Novell, Microsoft, IBM, and Metro Management Systems.

    Info-Tech Contributors

    Ibrahim Abdel-Kader, Research Analyst
    Donna Bales, Principal Research Director
    Shashi Bellamkonda, Principal Research Director
    John Burwash, Executive Counselor
    Tony Denford, Research Lead
    Jody Gunderman, Senior Executive Advisor
    Tom Hawley, Managing Partner
    Mike Higginbotham, Executive Counselor
    Valence Howden, Principal Research Director
    Dave Kish, Practice Lead
    Carlene McCubbin, Practice Lead
    Jennifer Perrier, Principal Research Director
    Gary Rietz, Executive Counselor
    Steve Schmidt, Senior Managing Partner
    Aaron Shum, Vice President, Security & Privacy
    Ian Tyler-Clarke, Executive Counselor

    Plus, an additional four contributors who wish to remain anonymous.

    Related Info-Tech Research

    Photo of Build an IT Risk Taxonomy

    Build an IT Risk Taxonomy

    Use this blueprint as a baseline to build a customized IT risk taxonomy suitable for your organization.

    Photo of Create a Holistic IT Dashboard

    Create a Holistic IT Dashboard

    This blueprint will help you identify the KPIs that matter to your organization.

    Photo of Develop Meaningful Service Metrics

    Develop Meaningful Service Metrics

    This blueprint will help you Identify the appropriate service metrics based on stakeholder needs.

    Photo of IT Spend & Staffing Benchmarking

    IT Spend & Staffing Benchmarking

    Use this benchmarking service to capture, analyze, and communicate your IT spending and staffing.

    Photo of Key Metrics for Every CIO

    Key Metrics for Every CIO

    This short research piece highlights the top metrics for every CIO, how those align to your CIO priorities, and action steps against those metrics.

    Photo of Present Security to Executive Stakeholders

    Present Security to Executive Stakeholders

    This blueprint helps you identify communication drivers and goals and collect data to support your presentation. It provides checklists for building and delivering a captivating security presentation.

    Bibliography

    “10 Signs You Are Sitting on a Pile of Data Debt.” Experian, n.d. Web.

    “From the What to the Why: How Data Storytelling Is Key to Success.” Exasol, 2021. Web.

    Bonsignore, Marian. “Using Visual Language to Create the Case for Change.” Amarican Management Association. Accessed 19 Apr. 2023.

    Calzon, Bernardita. “Top 25 Dashboard Design Principles, Best Practices & How To’s.” Datapine, 5 Apr. 2023.

    “Data Literacy.” Tableau, n.d. Accessed 3 May 2023.

    “KPIs Don’t Improve Decision-Making In Most Organizations.” LinkedIn, n.d. Accessed 2 May 2023.

    Miller, Amanda. “A Comprehensive Guide to Accessible Data Visualization.” Betterment, 2020. Accessed May 2022.

    “Performance Management: Why Keeping Score Is so Important, and so Hard.” McKinsey. Accessed 2 May 2023.

    Vogel, Douglas, et al. Persuasion and the Role of Visual Presentation Support: The UM/3M Study. Management Information Systems Research Center School of Management University of Minnesota, 1986.

    Watson, Morag W., et al. ”IT’s Changing Mandate in an Age of Disruption.” The Economist Intelligence Unit Limited, 2021.

    Take Action on Service Desk Customer Feedback

    • Buy Link or Shortcode: {j2store}494|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $27,500 Average $ Saved
    • member rating average days saved: 110 Average Days Saved
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk
    • IT leaders lack information to help inform and prioritize where improvements are most needed.
    • The service desk relies only on traditional metrics such as time to respond or percentage of SLAs met, but no measures of customer satisfaction with the service they receive.
    • There are signs of dissatisfied users, but no mechanism in place to formally capture those perceptions in order to address them.
    • Even if transactional (ticket) surveys are in use, often nothing is done with the data collected or there is a low response rate, and no broader satisfaction survey is in place.

    Our Advice

    Critical Insight

    • If customer satisfaction is not being measured, it’s often because service desk leaders don’t know how to design customer satisfaction surveys, don’t have a mechanism in place to collect feedback, or lack the resources to take accountability for a customer feedback program.
    • If customer satisfaction surveys are in place, it can be difficult to get full value out of them if there is a low response rate due to poor survey design or administration, or if leadership doesn’t understand the value of / know how to analyze the data.
    • It can actually be worse to ask your customers for feedback and do nothing with it than not asking for feedback at all. Customers may end up more dissatisfied if they take the time to provide value then see nothing done with it.

    Impact and Result

    • Understand how to ask the right questions to avoid survey fatigue.
    • Design and implement two complementary satisfaction surveys: a transactional survey to capture satisfaction with individual ticket experiences and inform immediate improvements, and a relationship survey to capture broader satisfaction among the entire user base and inform longer-term improvements.
    • Build a plan and assign accountability for customer feedback management, including analyzing feedback, prioritizing customer satisfaction insights and using them to improve performance, and communicating the results back to your users and stakeholders.

    Take Action on Service Desk Customer Feedback Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Take Action on Service Desk Customer Feedback Deck – A step-by-step document that walks you through how to measure customer satisfaction, design and implement transactional and relationship surveys, and analyze and act on user feedback.

    Whether you have no Service Desk customer feedback program in place or you need to improve your existing process for gathering and responding to feedback, this deck will help you design your surveys and act on their results to improve CSAT scores.

    • Take Action on Service Desk Customer Feedback Storyboard

    2. Transactional Service Desk Survey Template – A template to design a ticket satisfaction survey.

    This template provides a sample transactional (ticket) satisfaction survey. If your ITSM tool or other survey mechanism allows you to design or write your own survey, use this template as a starting point.

    • Transactional Service Desk Survey Template

    3. Sample Size Calculator – A tool to calculate the sample size needed for your survey.

    Use the Sample Size Calculator to calculate your ideal sample size for your relationship surveys.

  • Desired confidence level
  • Acceptable margin of error
  • Company population size
  • Ideal sample size
    • Sample Size Calculator

    4. End-User Satisfaction Survey Review Workflows – Visio templates to map your review process for both transactional and relationship surveys

    This template will help you map out the step-by-step process to review collected feedback from your end-user satisfaction surveys, analyze the data, and act on it.

    • End-User Satisfaction Survey Review Workflows

    Infographic

    Further reading

    Take Action on Service Desk Customer Feedback

    Drive up CSAT scores by asking the right questions and effectively responding to user feedback.

    EXECUTIVE BRIEF

    Analyst Perspective

    Collecting feedback is only half the equation.

    The image contains a picture of Natalie Sansone.

    Natalie Sansone, PhD


    Research Director, Infrastructure & Operations

    Info-Tech Research Group

    Often when we ask service desk leaders where they need to improve and if they’re measuring customer satisfaction, they either aren’t measuring it at all, or their ticket surveys are turned on but they get very few responses (or only positive responses). They fail to see the value of collecting feedback when this is their experience with it.

    Feedback is important because traditional service desk metrics can only tell us so much. We often see what’s called the “watermelon effect”: metrics appear “green”, but under the surface they’re “red” because customers are in fact dissatisfied for reasons unmeasured by standard internal IT metrics. Customer satisfaction should always be the goal of service delivery, and directly measuring satisfaction in addition to traditional metrics will help you get a clearer picture of your strengths and weaknesses, and where to prioritize improvements.

    It’s not as simple as asking customers if they were satisfied with their ticket, however. There are two steps necessary for success. The first is collecting feedback, which should be done purposefully, with clear goals in mind in order to maximize the response rate and value of responses received. The second – and most critical – is acting on that feedback. Use it to inform improvements and communicate those improvements. Doing so will not only make your service desk better, increasing satisfaction through better service delivery, but also will make your customers feel heard and valued, which alone increases satisfaction.

    The image contains a picture of Emily Sugerman.

    Emily Sugerman, PhD


    Research Analyst, Infrastructure & Operations

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    • The service desk relies only on traditional metrics such as time to respond, or percentage of SLAs met, but not on measures of customer satisfaction with the service they receive.
    • There are signs of dissatisfied users (e.g. shadow IT, users avoid the service desk, go only to their favorite technician) but no mechanism in place to formally capture those perceptions.
    • Transactional ticket surveys were turned on when the ITSM tool was implemented, but either nobody responds to them, or nobody does anything with the data received.
    • IT leaders lack information to help inform and prioritize where improvements are most needed.
    • Service desk leaders don’t know how to design survey questions to ask their users for feedback and/or they don’t have a mechanism in place to survey users.
    • If customer satisfaction surveys are in place, nothing is done with the results because service desk leaders either don’t understand the value of analyzing the data or don’t know how to analyze the data.
    • Executives only want a single satisfaction number to track and don’t understand the value of collecting more detailed feedback.
    • IT lacks the resources to take accountability for the feedback program, or existing resources don’t have time to do anything with the feedback they receive.
    • Understand how to ask the right questions to avoid survey fatigue (where users get overwhelmed and stop responding).
    • Design and implement a transactional survey to capture satisfaction with individual ticket experiences and use the results to inform immediate improvements.
    • Design and implement a relationship survey to capture broader satisfaction among the entire user base and use the results to inform longer-term improvements.
    • Build a plan and assign accountability for analyzing feedback, using it to prioritize and make actionable improvements to address feedback, and communicating the results back to your users and stakeholders.

    Info-Tech Insight

    Asking your customers for feedback then doing nothing with it is worse than not asking for feedback at all. Your customers may end up more dissatisfied than they were before, if their opinion is sought out and then ignored. It’s valuable to collect feedback, but the true value for both IT and its customers comes from acting on that feedback and communicating those actions back to your users.

    Traditional service desk metrics can be misleading

    The watermelon effect

    When a service desk appears to hit all its targets according to the metrics it tracks, but service delivery is poor and customer satisfaction is low, this is known as the “watermelon effect”. Service metrics appear green on the outside, but under the surface (unmeasured), they’re red because customers are dissatisfied.

    Traditional SLAs and service desk metrics (such as time to respond, average resolution time, percentage of SLAs met) can help you understand service desk performance internally to prioritize your work and identify process improvements. However, they don’t tell you how customers perceive the service or how satisfied they are.

    Providing good service to your customers should be your end goal. Failing to measure, monitor, and act on customer feedback means you don’t have the whole picture of how your service desk is performing and whether or where improvements are needed to maximize satisfaction.

    There is a shift in ITSM to focus more on customer experience metrics over traditional ones

    The Service Desk Institute (SDI) suggests that customer satisfaction is the most important indicator of service desk success, and that traditional metrics around SLA targets – currently the most common way to measure service desk performance – may become less valuable or even obsolete in the future as customer experience-focused targets become more popular. (Service Desk Institute, 2021)

    SDI conducted a Customer Experience survey of service desk professionals from a range of organizations, both public and private, from January to March 2018. The majority of respondents said that customer experience is more important than other metrics such as speed of service or adherence to SLAs, and that customer satisfaction is more valuable than traditional metrics. (SDI, 2018).

    The image contains a screenshot of two pie graphs. The graph on the left is labelled: which of these is most important to your service desk? Customer experience is first with 54%. The graph on the right is labelled: Which measures do you find more value in? Customer satisfaction is first with 65%.

    However, many service desk leaders aren’t effectively measuring customer feedback

    Not only is it important to measure customer experience and satisfaction levels, but it’s equally important to act on that data and feed it into a service improvement program. However, many IT leaders are neglecting either one or both of those components.

    Obstacles to collecting feedback

    Obstacles to acting on collected feedback

    • Don’t understand the value of measuring customer feedback.
    • Don’t have a good mechanism in place to collect feedback.
    • Don’t think that users would respond to a survey (either generally unresponsive or already inundated with surveys).
    • Worried that results would be negative or misleading.
    • Don’t know what questions to ask or how to design a survey.
    • Don’t understand the importance of analyzing and acting on feedback collected.
    • Don’t know how to analyze survey data.
    • Lack of resources to take accountability over customer feedback (including analyzing data, monitoring trends, communicating results).
    • Executives or stakeholders only want a satisfaction score.

    A strong customer feedback program brings many benefits to IT and the business

    Insight into customer experience

    Gather insight into both the overall customer relationship with the service desk and individual transactions to get a holistic picture of the customer experience.

    Data to inform decisions

    Collect data to inform decisions about where to spend limited resources or time on improvement, rather than guessing or wasting effort on the wrong thing.

    Identification of areas for improvement

    Better understand your strengths and weaknesses from the customer’s point of view to help you identify gaps and priorities for improvement.

    Customers feel valued

    Make customers feel heard and valued; this will improve your relationship and their satisfaction.

    Ability to monitor trends over time

    Use the same annual relationship survey to be able to monitor trends and progress in making improvements by comparing data year over year.

    Foresight to prevent problems from occurring

    Understand where potential problems may occur so you can address and prevent them, or who is at risk of becoming a detractor so you can repair the relationship.

    IT staff coaching and engagement opportunities

    Turn negative survey feedback into coaching and improvement opportunities and use positive feedback to boost morale and engagement.

    Take Action on Service Desk Customer Feedback

    The image contains a screenshot of a Thought Model titled: Take Action on Service Desk Customer Feedback.

    Info-Tech’s methodology for measuring and acting on service desk customer feedback

    Phase

    1. Understand how to measure customer satisfaction

    2. Design and implement transactional surveys

    3. Design and implement relationship surveys

    4. Analyze and act on feedback

    Phase outcomes

    Understand the main types of customer satisfaction surveys, principles for survey design, and best practices for surveying your users.

    Learn why and how to design a simple survey to assess satisfaction with individual service desk transactions (tickets) and a methodology for survey delivery that will improve response rates.

    Understand why and how to design a survey to assess overall satisfaction with the service desk across your organization, or use Info-Tech’s diagnostic.

    Measure and analyze the results of both surveys and build a plan to act on both positive and negative feedback and communicate the results with the organization.

    Insight Summary

    Key Insight:

    Asking your customers for feedback then doing nothing with it is worse than not asking for feedback at all. Your customers may end up more dissatisfied than they were before if they’re asked for their opinion then see nothing done with it. It’s valuable to collect feedback, but the true value for both IT and its customers comes from acting on that feedback and communicating those actions back to your users.

    Additional insights:

    Insight 1

    Take the time to define the goals of your transactional survey program before launching it – it’s not as simple as just deploying the default survey of your ITSM tool out of the box. The objectives of the survey – including whether you want to keep a pulse on average satisfaction or immediately act on any negative experiences – will influence a range of key decisions about the survey configuration.

    Insight 2

    While transactional surveys provide useful indicators of customer satisfaction with specific tickets and interactions, they tend to have low response rates and can leave out many users who may rarely or never contact the service desk, but still have helpful feedback. Include a relationship survey in your customer feedback program to capture a more holistic picture of what your overall user base thinks about the service desk and where you most need to improve.

    Insight 3

    Satisfaction scores provide valuable data about how your customers feel, but don’t tell you why they feel that way. Don’t neglect the qualitative data you can gather from open-ended comments and questions in both types of satisfaction surveys. Take the time to read through these responses and categorize them in at least a basic way to gain deeper insight and determine where to prioritize your efforts.

    Understand how to measure customer satisfaction

    Phase 1

    Understand the main types of customer satisfaction surveys, principles for survey design, and best practices for surveying your users.

    Phase 1:

    Phase 2:

    Phase 3:

    Phase 4:

    Understand how to measure customer satisfaction

    Design and implement transactional surveys

    Design and implement relationship surveys

    Analyze and act on feedback

    Three methods of surveying your customers

    Transactional

    Relationship

    One-off

    Also known as

    Ticket surveys, incident follow-up surveys, on-going surveys

    Annual, semi-annual, periodic, comprehensive, relational

    One-time, single, targeted

    Definition

    • Survey that is tied to a specific customer interaction with the service desk (i.e. a ticket).
    • Assesses how satisfied customers are with how the ticket was handled and resolved.
    • Sent immediately after ticket is closed.
    • Short – usually 1 to 3 questions.
    • Survey that is sent periodically (i.e. semi-annually or annually) to the entire customer base to measure overall relationship with the service desk.
    • Assesses customer satisfaction with their overall service experience over a longer time period.
    • Longer – around 15-20 questions.
    • One-time survey sent at a specific, targeted point in time to either all customers or a subset.
    • Often event-driven or project-related.
    • Assesses satisfaction at one time point, or about a specific change that was implemented, or to inform a specific initiative that will be implemented.

    Pros and cons of the three methods

    Transactional

    Relationship

    One-off

    Pros

    • Immediate feedback
    • Actionable insights to immediately improve service or experience
    • Feeds into team coaching
    • Multiple touchpoints allow for trending and monitoring
    • Comprehensive insight from broad user base to improve overall satisfaction
    • Reach users who don’t contact the service desk often or respond to ticket surveys
    • Identify unhappy customers and reasons for dissatisfaction
    • Monitor broader trends over time
    • Targeted insights to measure the impact of a specific change or perception at a specific point of time

    Cons

    • Customer may become frustrated being asked to fill out too many surveys
    • Can lead to survey fatigue and low response rates
    • Tend to only see responses for very positive or negative experiences
    • High volume of data to analyze
    • Feedback is at a high-level
    • Covers the entire customer journey, not a specific interaction
    • Users may not remember past interactions accurately
    • A lot of detailed data to analyze and more difficult to turn into immediate action
    • Not as valuable without multiple surveys to see trends or change

    Which survey method should you choose?

    Only relying on one type of survey will leave gaps in your understanding of customer satisfaction. Include both transactional and relationship surveys to provide a holistic picture of customer satisfaction with the service desk.

    If you can only start with one type, choose the type that best aligns with your goals and priorities:

    If your priority is to identify larger improvement initiatives the service desk can take to improve overall customer satisfaction and trust in the service desk:

    If your priority is to provide customers with the opportunity to let you know when transactions do not go well so you can take immediate action to make improvements:

    Start with a relationship survey

    Start with a transactional survey

    The image contains a screenshot of a bar graph on SDI's 2018 Customer Experience in ITSM report.

    Info-Tech Insight

    One-off surveys can be useful to assess whether a specific change has impacted satisfaction, or to inform a planned change/initiative. However, as they aren’t typically part of an on-going customer feedback program, the focus of this research will be on transactional and relationship surveys.

    3 common customer satisfaction measures

    The three most utilized measures of customer satisfaction include CSAT, CES, and NPS.

    CSAT CES NPS
    Name Customer Satisfaction Customer Effort Score Net Promoter score
    What it measures Customer happiness Customer effort Customer loyalty
    Description Measures satisfaction with a company overall, or a specific offering or interaction Measures how much effort a customer feels they need to put forth in order to accomplish what they wanted Single question that asks consumers how likely they are to recommend your product, service, or company to other people
    Survey question How satisfied are/were you with [company/service/interaction/product]? How easy was it to [solve your problem/interact with company/handle my issue]? Or: The [company] made it easy for me to handle my issue How likely are you to recommend [company/service/product] to a friend?
    Scale 5, 7, or 10 pt scale, or using images/emojis 5, 7, or 10 pt scale 10-pt scale from highly unlikely to highly likely
    Scoring Result is usually expressed as a percentage of satisfaction Result usually expressed as an average Responses are divided into 3 groups where 0-6 are detractors, 7-8 are passives, 9-10 are promoters
    Pros
    • Well-suited for specific transactions
    • Simple and able to compare scores
    • Simple number, easy to analyze
    • Effort tends to predict future behavior
    • Actionable data
    • Simple to run and analyze
    • Widely used and can compare to other organizations
    • Allows for targeting customer segments
    Cons
    • Need high response rate to have representative numberEasy to ask the wrong questions
    • Not as useful without qualitative questions
    • Only measures a small aspect of the interaction
    • Only useful for transactions
    • Not useful for improvement without qualitative follow-up questions
    • Not as applicable to a service desk as it measures brand loyalty

    When to use each satisfaction measure

    The image contains a screenshot of a diagram that demonstrates which measure to use based off of what you would like to access, and which surveys it aligns with.

    How to choose which measure(s) to incorporate in your surveys

    The best measures are the ones that align with your specific goals for collecting feedback.

    • Most companies will use multiple satisfaction measures. For example, NPS can be tracked to monitor the overall customer sentiment, and CSAT used for more targeted feedback.
    • For internal-facing IT departments, CSAT is the most popular of the three methods, and NPS may not be as useful.
    • Choose your measure and survey types based on what you are trying to achieve and what kind of information you need to make improvements.
    • Remember that one measure alone isn’t going to give you actionable feedback; you’ll need to follow up with additional measures (especially for NPS and CES).
    • For CSAT surveys, customize the satisfaction measures in as many ways as you need to target the questions toward the areas you’re most interested in.
    • Don’t stick to just these three measures or types of surveys – there are other ways to collect feedback. Experiment to find what works for you.
    • If you’re designing your own survey, keep in mind the principles on the next slide.

    Info-Tech Insight

    While we focus mainly on traditional survey-based approaches to measuring customer satisfaction in this blueprint, there’s no need to limit yourselves to surveys as your only method. Consider multiple techniques to capture a wider audience, including:

    • Customer journey mapping
    • Focus groups with stakeholders
    • Lunch and learns or workshop sessions
    • Interviews – phone, chat, in-person
    • Kiosks

    Principles for survey design

    As you design your satisfaction survey – whether transactional or relational – follow these guidelines to ensure the survey delivers value and gets responses.

    1. Focus on your goal
    2. Don’t include unnecessary questions that won’t give you actionable information; it will only waste respondents’ time.

    3. Be brief
    4. Keep each question as short as possible and limit the total number of survey questions to avoid survey fatigue.

    5. Include open-ended questions
    6. Most of your measures will be close-ended, but include at least one comment box to allow for qualitative feedback.

    7. Keep questions clear and concise
    8. Ensure that question wording is clear and specific so that all respondents interpret it the same way.

    9. Avoid biased or leading questions
    10. You won’t get accurate results if your question leads respondents into thinking or answering a certain way.

    11. Avoid double-barreled questions
    12. Don’t ask about two different things in the same question – it will confuse respondents and make your data hard to interpret.

    13. Don’t restrict responses
    14. Response options should include all possible opinions (including “don’t know”) to avoid frustrating respondents.

    15. Make the survey easy to complete
    16. Pre-populate information where possible (e.g. name, department) and ensure the survey is responsive on mobile devices.

    17. Keep questions optional
    18. If every question is mandatory, respondents may leave the survey altogether if they can’t or don’t want to answer one question.

    19. Test your survey
    20. Test your survey with your target audience before launching, and incorporate feedback - they may catch issues you didn’t notice.

    Prevent survey fatigue to increase response rates

    If it takes too much time or effort to complete your survey – whether transactional or relational – your respondents won’t bother. Balance your need to collect relevant data with users’ needs for a simple and worthwhile task in order to get the most value out of your surveys.

    There are two types of survey fatigue:

    1. Survey response fatigue
    2. Occurs when users are overwhelmed by too many requests for feedback and stop responding.

    3. Survey taking fatigue
    4. Occurs when the survey is too long or irrelevant to users, so they grow tired and abandon the survey.

    Fight survey fatigue:

    • Make it as easy as possible to answer your survey:
      • Keep the survey as short as possible.
      • For transactional surveys, allow respondents to answer directly from email without having to click a separate link if possible.
      • Don’t make all questions mandatory or users may abandon it if they get to a difficult or unapplicable question.
      • Test the survey experience across devices for mobile users.
    • Communicate the survey’s value so users will be more likely to donate their time.
    • Act on feedback: follow up on both positive and negative responses so users see the value in responding.
    • Consider attaching an incentive to responding (e.g. name entered in a monthly draw).

    Design and implement transactional surveys

    Phase 2

    Learn why and how to design a simple survey to assess satisfaction with individual service desk transactions (tickets) and a methodology for survey delivery that will improve response rates.

    Phase 1:

    Phase 2:

    Phase 3:

    Phase 4:

    Understand how to measure customer satisfaction

    Design and implement transactional surveys

    Design and implement relationship surveys

    Analyze and act on feedback

    Use transactional surveys to collect immediate and actionable feedback

    Recall the definition of a transactional survey:

    • Survey that is tied to a specific customer interaction with the service desk (i.e. a ticket).
    • Assesses how satisfied customers are with how the ticket was handled and resolved.
    • Sent immediately after ticket is closed.
    • Short – usually 1 to 3 questions.

    Info-Tech Insight

    While feedback on transactional surveys is specific to a single transaction, even one negative experience can impact the overall perception of the service desk. Pair your transactional surveys with an annual relationship survey to capture broader sentiment toward the service desk.

    Transactional surveys serve several purposes:

    • Gives end users a mechanism to provide feedback when they want to.
    • Provides continual insight into customer satisfaction throughout the year to monitor for trends or issues in between broader surveys.
    • Provides IT leaders with actionable insights into areas for improvement in their processes, knowledge and skills, or customer service.
    • Gives the service desk the opportunity to address any negative experiences or perceptions with customers, to repair the relationship.
    • Feeds into individual or team coaching for service desk staff.

    Make key decisions ahead of launching your transactional surveys

    If you want to get the most of your surveys, you need to do more than just click a button to enable out-of-the-box surveys through your ITSM tool. Make these decisions ahead of time:

    Decision Considerations For more guidance, see
    What are the goals of your survey? Are you hoping to get an accurate pulse of customer sentiment (if so, you may want to randomly send surveys) or give customers the ability to provide feedback any time they have some (if so, send a survey after every ticket)? Slide 25
    How many questions will you ask? Keep the survey as short as possible – ideally only one mandatory question. Slide 26
    What questions will you ask? Do you want a measure of NPS, CES, or CSAT? Do you want to measure overall satisfaction with the interaction or something more specific about the interaction? Slide 27
    What will be the response options/scale? Keep it simple and think about how you will use the data after. Slide 28
    How often will you send the survey? Will it be sent after every ticket, every third ticket, or randomly to a select percentage of tickets, etc.? Slide 29
    What conditions would apply? For example, is there a subset of users who you never want to receive a survey or who you always want to receive a survey? Slide 30
    What mechanism/tool will you use to send the survey? Will your ITSM tool allow you to make all the configurations you need, or will you need to use a separate survey tool? If so, can it integrate to your ITSM solution? Slide 30

    Key decisions, continued

    Decision Considerations For more guidance, see
    What will trigger the survey? Typically, marking the ticket as either ‘resolved’ or ‘closed’ will trigger the survey. Slide 31
    How long after the ticket is closed will you send the survey? You’ll want to leave enough time for the user to respond if the ticket wasn’t resolved properly before completing a survey, but not so much time that they don’t remember the ticket. Slide 31
    Will the survey be sent in a separate email or as part of the ticket resolution email? A separate email might feel like too many emails for the user, but a link within the ticket closure email may be less noticeable. Slide 32
    Will the survey be embedded in email or accessed through a link? If the survey can be embedded into the email, users will be more likely to respond. Slide 32
    How long will the survey link remain active, and will you send any reminders? Leave enough time for the user to respond if they are busy or away, but not so much time that the data would be irrelevant. Balance the need to remind busy end users with the possibility of overwhelming them with survey fatigue. Slide 32
    What other text will be in the main body of the survey email and/or thank you page? Keep messaging short and straightforward and remind users of the benefit to them. Slide 33
    Where will completed surveys be sent/who will have access? Will the technician assigned to the ticket have access or only the manager? What email address/DL will surveys be sent to? Slide 33

    Define the goals of your transactional survey program

    Every survey should have a goal in mind to ensure only relevant and useful data is collected.

    • Your survey program must be backed by clear and actionable goals that will inform all decisions about the survey.
    • Survey questions should be structured around that goal, with every question serving a distinct purpose.
    • If you don’t have a clear plan for how you will action the data from a particular question, exclude it.
    • Don’t run a survey just for the sake of it; wait until you have a clear plan. If customers respond and then see nothing is done with the data, they will learn to avoid your surveys.

    Your survey objectives will also determine how often to send the survey:

    If your objective is:

    Keep a continual pulse on average customer satisfaction

    Gain the opportunity to act on negative feedback for any poor experience

    Then:

    Send survey randomly

    Send survey after every ticket

    Rationale:

    Sending a survey less often will help avoid survey fatigue and increase the chances of users responding whether they have good, bad, or neutral feedback

    Always having a survey available means users can provide feedback every time they want to, including for any poor experience – giving you the chance to act on it.

    Info-Tech Insight

    Service Managers often get caught up in running a transactional survey program because they think it’s standard practice, or they need to report a satisfaction metric. If that’s your only objective, you will fail to derive value from the data and will only turn customers away from responding.

    Design survey content and length

    As you design your survey, keep in mind the following principles:

    1. Keep it short. Your customers won’t bother responding if they see a survey with multiple questions or long questions that require a lot of reading, effort, or time.
    2. Make it simple. This not only makes it easier for your customers to complete, but easier for you to track and monitor.
    3. Tie your survey to your goals. Remember that every question should have a clear and actionable purpose.
    4. Don’t measure anything you can’t control. If you won’t be able to make changes based on the feedback, there’s no value asking about it.
    5. Include an (optional) open-ended question. This will allow customers to provide more detailed feedback or suggestions.

    Q: How many questions should the survey contain?

    A: Ideally, your survey will have only one mandatory question that captures overall satisfaction with the interaction.

    This question can be followed up with an optional open-ended question prompting the respondent for more details. This will provide a lot more context to the overall rating.

    If there are additional questions you need to ask based on your goals, clearly make these questions optional so they don’t deter respondents from completing the survey. For example, they can appear only after the respondent has submitted their overall satisfaction response (i.e. on a separate, thank you page).

    Additional (optional) measures may include:

    • Customer effort score (how easy or difficult was it to get your issue resolved?)
    • Customer service skills of the service desk
    • Technical skills/knowledge of the agents
    • Speed or response or resolution

    Design question wording

    Tips for writing survey questions:

    • Be clear and concise
    • Keep questions as short as possible
    • Cut out any unnecessary words or phrasing
    • Avoid biasing, or leading respondents to select a certain answer
    • Don’t attempt to measure multiple constructs in a single question.

    Sample question wording:

    How satisfied are you with this support experience?

    How would you rate your support experience?

    Please rate your overall satisfaction with the way your issue was handled.

    Instead of this….

    Ask this….

    “We strive to provide excellent service with every interaction. Please rate how satisfied you are with this interaction.”

    “How satisfied were you with this interaction?”

    “How satisfied were you with the customer service skills, knowledge, and responsiveness of the technicians?”

    Choose only one to ask about.

    “How much do you agree that the service you received was excellent?”

    “Please rate the service you received.”

    “On a scale of 1-10, thinking about your most recent experience, how satisfied would you say that you were overall with the way that your ticket was resolved?”

    “How satisfied were you with your ticket resolution?”

    Choose response options

    Once you’ve written your survey question, you need to design the response options for the question. Put careful thought into balancing ease of responding for the user with what will give you the actionable data you need to meet your goals. Keep the following in mind:

    When planning your response options, remember to keep the survey as easy to respond to as possible – this means allowing a one-click response and a scale that’s intuitive and simple to interpret.

    Think about how you will use the responses and interpret the data. If you choose a 10-point scale, for example, what would you classify as a negative vs positive response? Would a 5-point scale suffice to get the same data?

    Again, use your goals to inform your response options. If you need a satisfaction metric, you may need a numerical scale. If your goal is just to capture negative responses, you may only need two response options: good vs bad.

    Common response options:

    • Numerical scale (e.g. very dissatisfied to very satisfied on a 5-point scale)
    • Star rating (E.g. rate the experience out of 5 stars)
    • Smiley face scale
    • 2 response options: Good vs Bad (or Satisfied vs Dissatisfied)

    Investigate the capabilities of your ITSM tool. It may only allow one built-in response option style. But if you have the choice, choose the simplest option that aligns with your goals.

    Decide how often to send surveys

    There are two common choices for when to send ticket satisfaction surveys:

    After random tickets

    After every ticket

    Pros

    • May increase response rate by avoiding survey fatigue.
    • May be more likely to capture a range of responses that more accurately reflect sentiment (versus only negative).
    • Gives you the opportunity to receive feedback whenever users have it.
    • If your goal is to act on negative feedback whenever it arises, that’s only possible if you send a survey after every ticket.

    Cons

    • Overrepresents frequent service desk users and underrepresents infrequent users.
    • Users who have feedback to give may not get the chance to give it/service desk can’t act on it.
    • Customers who frequently contact the service desk will be overwhelmed by surveys and may stop responding.
    • Customers may only reply if they have very negative or positive feedback.

    SDI’s 2018 Customer Experience in ITSM survey of service desk professionals found:

    Almost two-thirds (65%) send surveys after every ticket.

    One-third (33%) send surveys after randomly selected tickets are closed.

    Info-Tech Recommendation:

    Send a survey after every ticket so that anyone who has feedback gets the opportunity to provide it – and you always get the chance to act on negative feedback. But, limit how often any one customer receives a ticket to avoid over-surveying them – restrict to anywhere between one survey a week to one per month per customer.

    Plan detailed survey logistics

    Decision #1

    Decision #2

    What tool will you use to deliver the survey?

    What (if any) conditions apply to your survey?

    Considerations

    • How much configuration does your ITSM tool allow? Will it allow you to configure the survey according to your decisions? Many ITSM tools, especially mid-market, do not allow you to change the response options or how often the survey is sent.
    • How does the survey look and act on mobile devices? If a customer receives the survey on their phone, they need to be able to easily respond from there or they won’t bother at all.
    • If you wish to use a different survey tool, does it integrate with your ITSM solution? Would agents have to manually send the survey? If so, how would they choose who to send the survey to, and when?

    Considerations

    Is there a subset of users who you never want to receive a survey (e.g. a specific department, location, role, or title)?

    Is there a subset of users who you always want to receive a survey, no matter how often they contact the service desk (e.g. VIP users, a department that scored low on the annual satisfaction survey, etc.)?

    Are there certain times of the year that you don’t want surveys to go out (e.g. fiscal year end, holidays)?

    Are there times of the day that you don’t want surveys to be sent (e.g. only during business hours; not at the end of the day)?

    Recommendations

    The built-in functionality of your ITSM tool’s surveys will be easiest to send and track; use it if possible. However, if your tool’s survey module is limited and won’t give you the value you need, consider a third-party solution or survey tool that integrates with your ITSM solution and won’t require significant manual effort to send or review the surveys.

    Recommendations

    If your survey module allows you to apply conditions, think about whether any are necessary to apply to either maximize your response rate (e.g. don’t send a survey on a holiday), avoid annoying certain users, or seek extra feedback from dissatisfied users.

    Plan detailed survey logistics

    Decision #2

    Decision #1

    What will trigger the survey?

    When will the survey be sent?

    Considerations

    • Usually a change of ticket status triggers the survey, but you may have the option to send it after the ticket is marked ‘resolved’ or ‘closed’. The risk of sending the survey after the ticket is ‘resolved’ is the issue may not actually be resolved yet, but waiting until it’s ‘closed’ means the user may be less likely to respond as more time has passed.
    • Some tools allow for a survey to be sent after every agent reply.
    • Some have the option to manually generate a survey, which may be useful in some cases; those cases would need to be well defined.

    Considerations

    • Once you’ve decided the trigger for the survey, decide how much time should pass after that trigger before the survey is sent.
    • The amount of time you choose will be highly dependent on the trigger you choose. For example, if you want the ‘resolved’ status to send a survey, you may want to wait 24h to send the survey in case the user responds that their issue hasn’t been properly resolved.
    • If you choose ‘closed’ as your trigger, you may want the survey to be sent immediately, as waiting any longer could further reduce the response rate.
    • Your average resolution time may also impact the survey wait time.

    Recommendations

    Only send the survey once you’re sure the issue has actually been resolved; you could further upset the customer if you ask them how happy they are with the resolution if resolution wasn’t achieved. This means sending the survey once the user confirms resolution (which closes ticket) or the agent closes the ticket.

    Recommendations

    If you are sending the survey upon ticket status moving to ‘resolved’, wait at least 24 hours before sending the survey in case the user responds that their issue wasn’t actually resolved. However, if you are sending the survey after the ticket has been verified resolved and closed, you can send the survey immediately while the experience is still fresh in their memory.

    Plan detailed survey logistics

    Decision #1

    Decision #2

    How will the survey appear in email?

    How long will the survey remain active?

    Considerations

    • If the survey link is included within the ticket resolution email, it’s one less email to fatigue users, but users may not notice there is a survey in the email.
    • If the survey link is included in its own separate email, it will be more noticeable to users, but could risk overwhelming users with too many emails.
    • Can users view the entire survey in the email and respond directly within the email, or do they need to click on a link and respond to the survey elsewhere?

    Considerations

    • Leaving the survey open at least a week will give users who are out of office or busy more time to respond.
    • However, if users respond to the survey too long after their ticket was resolved, they may not remember the interaction well enough to give any meaningful response.
    • Will you send any reminders to users to complete the survey? It may improve response rate, or may lead to survey fatigue from reaching out too often.

    Recommendations

    Send the survey separately from the ticket resolution email or users will never notice it. However, if possible, have the entire survey embedded within the email so users can click to respond directly from their email without having to open a separate link. Reduce effort, to make users more likely to respond.

    Recommendations

    Leave enough time for the user to respond if they are busy or away, but not so much time that the data will be irrelevant. Balance the need to remind busy end users, with the possibility of overwhelming them with survey fatigue. About a week is typical.

    Plan detailed survey logistics

    Decision #1

    Decision #2

    What will the body of the email/messaging say?

    Where will completed surveys be sent?

    Considerations

    • Communicate the value of responding to the survey.
    • Remember, the survey should be as short and concise as possible. A lengthy body of text before the actual survey can deter respondents.
    • Depending on your survey configuration, you may have a ‘thank you’ page that appears after respondents complete the survey. Think about what messaging you can save for that page and what needs to be up front.
    • Ensure there is a clear reference to which ticket the survey is referencing (with the subject of the ticket, not just ticket number).

    Considerations

    • Depending on the complexity of your ITSM tool, you may designate email addresses to receive completed surveys, or configure entire dashboards to display results.
    • Decide who needs to receive all completed surveys in order to take action.
    • Decide whether the agent who resolved the ticket will have access to the full survey response. Note that if they see negative feedback, it may affect morale.
    • Are there any other stakeholders who should receive the immediate completed surveys, or can they view summary reports and dashboards of the results?

    Recommendations

    Most users won’t read a long message, especially if they see it multiple times, so keep the email short and simple. Tell users you value their feedback, indicate which interaction you’re asking about, and say how long the survey should take. Thank them after they submit and tell them you will act on their feedback.

    Recommendations

    Survey results should be sent to the Service Manager, Customer Experience Lead, or whoever is the person responsible for managing the survey feedback. They can choose how to share feedback with specific agents and the service desk team.

    Response rates for transactional surveys are typically low…

    Most IT organizations see transactional survey response rates of less than 20%.

    The image contains a screenshot of a SDI survey taken to demonstrate customer satisfaction respond rate.

    Source: SDI, 2018

    SDI’s 2018 Customer Experience in ITSM survey of service desk professionals found that 69% of respondents had survey response rates of 20% or less. However, they did not distinguish between transactional and relationship surveys.

    Reasons for low response rates:

    • Users tend to only respond if they had a very positive or very negative experience worth writing about, but don’t typically respond for interactions that go as expected or were average.
    • Survey is too long or complicated.
    • Users receive too many requests for feedback.
    • Too much time has passed since the ticket was submitted/resolved and the user doesn’t remember the interaction.
    • Users think their responses disappear into a black hole or aren’t acted upon so they don’t see the value in taking the time to respond. Or, they don’t trust the confidentiality of their responses.

    “In my experience, single digits are a sign of a problem. And a downward trend in response rate is also a sign of a problem. World-class survey response rates for brands with highly engaged customers can be as high as 60%. But I’ve never seen it that high for internal support teams. In my experience, if you get a response rate of 15-20% from your internal customers then you’re doing okay. That’s not to say you should be content with the status quo, you should always be looking for ways to increase it.”

    – David O’Reardon, Founder & CEO of Silversix

    … but there are steps you can take to maximize your response rate

    It is still difficult to achieve high response rates to transactional surveys, but you can at least increase your response rate with these strategies:

    1. Reduce frequency
    2. Don’t over-survey any one user or they will start to ignore the surveys.

    3. Send immediately
    4. Ask for feedback soon after the ticket was resolved so it’s fresh in the user’s memory.

    5. Make it short and simple
    6. Keep the survey short, concise, and simple to respond to.

    7. Make it easy to complete
    8. Minimize effort involved as much as possible. Allow users to respond directly from email and from any device.

    9. Change email messaging
    10. Experiment with your subject line or email messaging to draw more attention.

    11. Respond to feedback
    12. Respond to customers who provide feedback – especially negative – so they know you’re listening.

    13. Act on feedback
    14. Demonstrate that you are acting on feedback so users see the value in responding.

    Use Info-Tech’s survey template as a starting point

    Once you’ve worked through all the decisions in this step, you’re ready to configure your transactional survey in your ITSM solution or survey tool.

    As a starting point, you can leverage Info-Tech’s Transactional Service Desk Survey Templatee to design your templates and wording.

    Make adjustments to match your decisions or your configuration limitations as needed.

    Refer to the key decisions tables on slides 24 and 25 to ensure you’ve made all the configurations necessary as you set up your survey.

    The image contains a screenshot of Info-Tech's survey templates.

    Design and implement relationship surveys

    Phase 3

    Understand why and how to design a survey to assess overall satisfaction with the service desk across your organization, or use Info-Tech’s diagnostic.

    Phase 1:

    Phase 2:

    Phase 3:

    Phase 4:

    Understand how to measure customer satisfaction

    Design and implement transactional surveys

    Design and implement relationship surveys

    Analyze and act on feedback

    How can we evaluate overall Service Desk service quality?

    Evaluating service quality in any industry is challenging for both those seeking feedback and those consuming the service: “service quality is more difficult for the consumer to evaluate than goods quality.”

    You are in the position of trying to measure something intangible: customer perception, which “result[s] from a comparison of consumer expectations with actual service performance,” which includes both the service outcome and also “the process of service delivery”

    (Source: Parasuraman et al, 1985, 42).

    Your mission is to design a relationship survey that is:

    • Comprehensive but not too long.
    • Easy to understand but complex enough to capture enough detail.
    • Able to capture satisfaction with both the outcome and the experience of receiving the service.

    Use relationship surveys to measure overall service desk service quality

    Recall the definition of a relationship survey:

    • Survey that is sent periodically (i.e. semi-annually or annually) to the entire customer base to measure the overall relationship with the service desk.
    • Shows you where your customer experience is doing well and where it needs improving.
    • Asks customers to rate you based on their overall experience rather than on a specific product or interaction.
    • Longer and more comprehensive than transactional surveys, covering multiple dimensions/ topics.

    Relationship surveys serve several purposes:

    • Gives end users an opportunity to provide overall feedback on a wider range of experiences with IT.
    • Gives IT the opportunity to respond to feedback and show users their voices are heard.
    • Provides insight into year-over-year trends and customer satisfaction.
    • Provides IT leaders the opportunity to segment the results by demographic (e.g. by department, location, or seniority) and target improvements where needed most.
    • Feeds into strategic planning and annual reports on user experience and satisfaction

    Info-Tech Insight

    Annual relationship surveys provide great value in the form of year-over-year internal benchmarking data, which you can use to track improvements and validate the impact of your service improvement efforts.

    Understand the gaps that decrease service quality

    The Service Quality Model (Parasuraman, Zeithaml and Berry, 1985) shows how perceived service quality is negatively impacted by the gap between expectations for quality service and the perceptions of actual service delivery:

    Gap 1: Consumer expectation – Management perception gap:

    Are there differences between your assumptions about what users want from a service and what those users expect?

    Gap 2: Management perception – Service quality specification gap:

    Do you have challenges translating user expectations for service into standardized processes and guidelines that can meet those expectations?

    Gap 3: Service quality specifications – Service delivery gap:

    Do staff members struggle to carry out the service quality processes when delivering service?

    Gap 4: Service delivery – External communications gap:

    Have users been led to expect more than you can deliver? Alternatively, are users unaware of how the organization ensures quality service, and therefore unable to appreciate the quality of service they receive?

    Gap 5: Expected service – Perceived service gap:

    Is there a discrepancy between users’ expectations and their perception of the service they received (regardless of any user misunderstanding)?

    The image contains a screenshot of the Service Quality Model to demonstrate the consumer and consumers.

    Your survey questions about service and support should provide insight into where these gaps exist in your organization

    Make key decisions ahead of launch

    Decision/step Considerations
    Align the relationship survey with your goals Align what is motivating you to launch the survey at this time and the outcomes it is intended to feed into.
    Identify what you’re measuring Clarify the purpose of the questions. Are you measuring feedback on your service desk, specifically? On all of IT? Are you trying to capture user effort? User satisfaction? These decisions will affect how you word your questions.
    Determine a framework for your survey Reporting on results and tracking year-over-year changes will be easier if you design a basic framework that your survey questions fall into. Consider drawing on an existing service quality framework to match best practices in other industries.
    Cover logistical details Designing a relationship survey requires attention to many details that may initially be overlooked: the survey’s length and timing, who it should be sent to and how, what demographic info you need to collect to slice and dice the results, and if it will be possible to conduct the survey anonymously.
    Design question wording It is important to keep questions clear and concise and to avoid overly lengthy surveys.
    Select answer scales The answer scales you select will depend on how you have worded the questions. There is a wide range of answer scales available to you; decide which ones will produce the most meaningful data.
    Test the survey Testing the survey before widely distributing it is key. When collecting feedback, conduct at least a few in person observations of someone taking the survey to get their unvarnished first impressions.
    Monitor and maximize your response rate Ensure success by staying on top of the survey during the period it is open.

    Align the relationship survey with your goals

    What is motivating you to launch the survey at this time?

    Is there a renewed focus on customer service satisfaction? If so, this survey will track the initiative’s success, so its questions must align with the sponsors’ expectations.

    Are you surveying customer satisfaction in order to comply with legislation, or directives to measure customer service quality?

    What objectives/outcomes will this survey feed into?

    What do you need to report on to your stakeholders? Have they communicated any expectations regarding the data they expect to see?

    Does the CIO want the annual survey to measure end-user satisfaction with all of IT?

    • Or do you only want to measure satisfaction with one set of processes (e.g. Service Desk)?
    • Are you seeking feedback on a project (e.g. implementation of new ERP)?
    • Are you seeking feedback on the application portfolio?

    In 1993 the U.S. president issued an Executive Order requiring executive agencies to “survey customers to determine the kind and quality of services they want and their level of satisfaction with existing services” and “post service standards and measure results against them.” (Clinton, 1993)

    Identify what you’re measuring

    Examples of Measures

    Clarify the purpose of the questions

    Each question should measure something specific you want to track and be phrased accordingly.

    Are you measuring feedback on the service desk?

    Service desk professionalism

    Are you measuring user satisfaction?

    Service desk timeliness

    Your customers’ happiness with aspects of IT’s service offerings and customer service

    Trust in agents’ knowledge

    Users’ preferred ticket intake channel (e.g. portal vs phone)

    Satisfaction with self-serve features

    Are you measuring user effort?

    Are you measuring feedback on IT overall?

    Satisfaction with IT’s ability to enable the business

    How much effort your customer needs to put forth to accomplish what they wanted/how much friction your service causes or alleviates

    Satisfaction with company-issued devices

    Satisfaction with network/Wi-Fi

    Satisfaction with applications

    Info-Tech Insight

    As you compose survey questions, decide whether they are intended to capture user satisfaction or effort: this will influence how the question is worded. Include a mix of both.

    Determine a framework for your survey

    If your relationship survey covers satisfaction with service support, ensure the questions cover the major aspects of service quality. You may wish to align your questions on support with existing frameworks: for example, the SERVQUAL service quality measurement instrument identifies 5 dimensions of service quality: Reliability, Assurance, Tangibles, Empathy, and Responsiveness (see below). As you design the survey, consider if the questions relate to these five dimensions. If you have overlooked any of the dimensions, consider if you need to revise or add questions.

    Service dimension

    Definition

    Sample questions

    Reliability

    “Ability to perform the promised service dependably and accurately”1

    • How satisfied are you with the effectiveness of Service Desk’s ability to resolve reported issues?

    Assurance

    “Knowledge and courtesy of employees and their ability to convey trust and confidence”2

    • How satisfied are you with the technical knowledge of the Service Desk staff?
    • When you have an IT issue, how likely are you to contact Service Desk by phone?

    Tangibles

    “Appearance of physical facilities, equipment, personnel, and communication materials”3

    • How satisfied are you that employees in your department have all the necessary technology to ensure optimal job performance?
    • How satisfied are you with IT’s ability to communicate to you regarding the information you need to perform your job effectively?

    Empathy

    “Caring, individualized attention the firm provides its customers”4

    • How satisfied are you that IT staff interact with end users in a respectful and professional manner?

    Responsiveness

    “Willingness to help customers and provide prompt service”5

    • How satisfied are you with the timeliness of Service Desk’s resolution to reported issues?
    1-5. Arlen, Chris,2022. Paraphrasing Zeithaml, Parasuraman, and Berry, 1990.

    Cover logistical details of the survey

    Identify who you will send it to

    Will you survey your entire user base or a specific subsection? For example, a higher education institution may choose to survey students separately from staff and faculty. If you are gathering data on customer satisfaction with a specific implementation, only survey the affected stakeholders.

    Determine timing

    Avoid sending out the survey during known periods of time pressure or absence (e.g. financial year-end, summer vacation).

    Decide upon its length

    Consider what survey length your users can tolerate. Configure the survey to show the respondents’ progression or their percentage complete.

    Clearly introduce the survey

    The survey should begin with an introduction that thanks users for completing the survey, indicates its length and anonymity status, and conveys how the data will be used, along with who the participants should contact with any questions about the survey.

    Decide upon incentives

    Will you incentivize participation (e.g. by entering the participants in a draw or rewarding highest-participating department)?

    Collect demographic information

    Ensure your data can be “sliced and diced” to give you more granular insights into the results. Ask respondents for information such as department, location, seniority, and tenure to help with your trend analysis later.

    Clarify if anonymous

    Users may be more comfortable participating if they can do so anonymously (Quantisoft, n.d.). If you promise anonymity, ensure your survey software/ partner can support this claim. Note the difference between anonymity (identity of participant is not collected) and confidentiality (identifying data is collected but removed from the reported results).

    Decide how to deliver the survey

    Will you be distributing the survey yourself through your own licensed software (e.g. through Microsoft Forms if you are an MS shop)? Or, will you be partnering with a third-party provider? Is the survey optimized for mobile? Some find up to 1/3 of participants use mobile devices for their surveys (O’Reardon, 2018).

    Use the Sample Size Calculator to determine your ideal sample size

    Use Info-Tech’s Sample Size Calculator to calculate the number of people you need to complete your survey to have statistically representative results.

    The image contains a screenshot of the Sample Size Calculator.

    In the example above, the service desk supports 1000 total users (and sent the survey to each one). To be 95% confident that the survey results fall within 5% of the true value (if every user responded), they would need 278 respondents to complete their survey. In other words, to have a sample that is representative of the whole population, they would need 278 completed surveys.

    Explanation of terms:

    Confidence Level: A measure of how reliable your survey is. It represents the probability that your sample accurately reflects the true population (e.g. your entire user base). The industry standard is typically 95%. This means that 95 times out of 100, the true data value that you would get if you surveyed the entire population would fall within the margin of error.

    Margin of Error: A measure of how accurate the data is, also known as the confidence interval. It represents the degree of error around the data point, or the range of values above and below the actual results from a survey. A typical margin of error is 5%. This means that if your survey sample had a score of 70%, the true value if you sampled the entire population would be between 65% and 75%. To narrow the margin of error, you would need a bigger sample size.

    Population Size: The total set of people you want to study with your survey. For example, the total number of users you support.

    Sample Size: The number of people who participate in your survey (i.e. complete the survey) out of the total population.

    Info-Tech’s End-User Satisfaction Diagnostics

    If you choose to leverage a third-party partner, an Info-Tech satisfaction survey may already be part of your membership. There are two options, depending on your needs:

    I need to measure and report customer satisfaction with all of IT:

    • IT’s ability to enable the organization to meet its existing goals, innovate, adapt to business needs, and provide the necessary technology.
    • IT’s ability to provide training, respond to feedback, and behave professionally.
    • Satisfaction with IT services and applications.

    Both products measure end-user satisfaction

    One is more general to IT

    One is more specific to service desk

    I need to measure and report more granularly on Service Desk customer satisfaction:

    • Efficacy and timeliness of resolutions
    • Technical and communication skills
    • Ease of contacting the service desk
    • Effectiveness of portal/ website
    • Ability to collect and apply user feedback

    Choose Info-Tech's End User Satisfaction Survey

    Choose Info-Tech’s Service Desk Satisfaction Survey

    Design question wording

    Write accessible questions:

    Instead of this….

    Ask this….

    48% of US adults meet or exceed PIACC literacy level 3 and thus able to deal with texts that are “often dense or lengthy.”

    52% of US adults meet level 2 or lower.

    Keep questions clear and concise. Avoid overly lengthy surveys.

    Source: Highlights of the 2017 U.S. PIAAC Results Web Report
    1. How satisfied are you with the response times of the service desk?
    2. How satisfied are you with the timeliness of the service desk?

    Users will have difficulty perceiving the difference between these two questions.

    1. How satisfied are you with the time we take to acknowledge receipt of your ticket?
    2. How satisfied are you with the time we take to completely resolve your ticket?

    Tips for writing survey questions:

    “How satisfied are you with the customer service skills, knowledge, and responsiveness of the technicians?”

    This question measures too many things and the data will not be useful.

    Choose only one to ask about.

    • Cut out any unnecessary words or phrasing. Highlight/bold key words or phrases.
    • Avoid biasing or leading respondents to select a certain answer.
    • Don’t attempt to measure multiple constructs in a single question.

    “On a scale of 1-10, thinking about the past year, how satisfied would you say that you were overall with the way that your tickets were resolved?”

    This question is too wordy.

    “How satisfied were you with your ticket resolution?”

    Choose answer scales that best fit your questions and reporting needs

    Likert scale

    Respondents select from a range of statements the position with which they most agree:

    E.g. How satisfied are you with how long it generally takes to resolve your issue completely?

    E.g. Very dissatisfied/Somewhat dissatisfied/ Neutral/ Somewhat satisfied/ Very satisfied/ NA

    Frequency scale

    How often does the respondent have to do something, or how often do they encounter something?

    E.g. How frequently do you need to re-open tickets that have been closed without being satisfactorily resolved?

    E.g. Never/ Rarely/ Sometimes/ Often/ Always/ NA

    Numeric scale

    By asking users to rate their satisfaction on a numeric scale (e.g., 1-5, 1-10), you can facilitate reporting on averages:

    E.g. How satisfied are you with IS’s ability to provide services to allow the organization to meet its goals?

    E.g. 1 – Not at all Satisfied to 10 – Fully Satisfied / NA

    Forced ranking

    Learn more about your users’ priorities by asking them to rank answers from most to least important, or selecting their top choices (Sauro, 2018):

    E.g. From the following list, drag and drop the 3 aspects of our service that are most important to you into the box on the right.

    Info-Tech Insight

    Always include an optional open-ended question, which allows customers to provide more feedback or suggestions.

    Test the survey before launching

    Review your questions for repetition and ask for feedback on your survey draft to discover if readers interpret the questions differently than you intended.

    Test the survey with different stakeholder groups:

    • IT staff: To discover overlooked topics.
    • Representatives of your end-user population: To discover whether they understand the intention of the questions.
    • Executives: To validate whether you are capturing the data they are interested in reporting on.

    Testing methodology:

    • Ask your test subjects to take the survey in your presence so you can monitor their experience as they take it.
    • Ask them to narrate their experience as they take the survey.
    • Watch for:
      • The time it takes to complete the survey.
      • Moments when they struggle or are uncertain with the survey’s wording.
      • Questions they find repetitive or pointless.

    Info-Tech Insight

    In the survey testing phase, try to capture at least a few real-time responses to the survey. If you collect survey feedback only once the test is over, you may miss some key insights into the user experience of navigating the survey.

    “Follow the golden rule: think of your audience and what they may or may not know. Think about what kinds of outside pressures they may bring to the work you’re giving them. What time constraints do they have?”

    – Sally Colwell, Project Officer, Government of Canada Pension Centre

    Monitor and maximize your response rate

    Ensure success by staying on top of the survey during the period it is open.

    • When will your users complete the survey? You know your own organization’s culture best, but SurveyMonkey found that weekday survey responses peaked at mid-morning and mid-afternoon (Wronski). Ensure you send the communication at a time it will not be overlooked. For example, some studies found Mondays to have higher response rates; however, the data is not consistent (Amaresan, 2021). Send the survey at a time you believe your users are least likely to be inundated with other notifications.
    • Have a trusted leader send out the first communication informing the end-user base of the survey. Ensure the recipient understands your motivation and how their responses will be used to benefit them (O’Reardon, 2016). Remind them that participating in the survey benefits them: since IT is taking actions based on their feedback, it’s their chance to improve their employee experience of the IT services and tools they use to do their job.
    • In the introductory communication, test different email subject lines and email body content to learn which versions increase respondents’ rates of opening the survey link, and “keep it short and clear” (O’Reardon, 2016).
    • If your users tend to mistrust emailed links due to security training, tell them how to confirm the legitimacy of the survey.

    “[Send] one reminder to those who haven’t completed the survey after a few days. Don’t use the word ‘reminder’ because that’ll go straight in the bin, better to say something like, ‘Another chance to provide your feedback’”

    – David O’Reardon, Founder & CEO of Silversix

    Analyze and act on feedback

    Phase 4

    Measure and analyze the results of both surveys and build a plan to act on both positive and negative feedback and communicate the results with the organization.

    Phase 1:

    Phase 2:

    Phase 3:

    Phase 4:

    Understand how to measure customer satisfaction

    Design and implement transactional surveys

    Design and implement relationship surveys

    Analyze and act on feedback

    Leverage the service recovery paradox to improve customer satisfaction

    The image contains a screenshot of a graph to demonstrate the service recovery paradox.

    A service failure or a poor experience isn’t what determines customer satisfaction – it’s how you respond to the issue and take steps to fix it that really matters.

    This means one poor experience with the service desk doesn’t necessarily lead to an unhappy user; if you quickly and effectively respond to negative feedback to repair the relationship, the customer may be even happier afterwards because you demonstrated that you value them.

    “Every complaint becomes an opportunity to turn a bad IT customer experience into a great one.”

    – David O’Reardon, Founder & CEO of Silversix

    Collecting feedback is only the first step in the customer feedback loop

    Closing the feedback loop is one of the most important yet forgotten steps in the process.

    1. Collect Feedback
    • Send transactional surveys after every ticket is resolved.
    • Send a broader annual relationship survey to all users.
  • Analyze Feedback
    • Calculate satisfaction scores.
    • Read open-ended comments.
    • Analyze for trends, categories, common issues and priorities.
  • Act on Feedback
    • Respond to users who provided feedback.
    • Make improvements based on feedback.
  • Communicate Results
    • Communicate feedback results and improvements made to respondents and to service desk staff.
    • Summarize results and actions to key stakeholders and business leaders.

    Act on feedback to get the true value of your satisfaction program

    • SDI (2018) survey data shows that the majority of service desk professionals are using their customer satisfaction data to feed into service improvements. However, 30% still aren’t doing anything with the feedback they collect.
    • Collecting feedback is only one half of a good customer feedback program. Acting on that feedback is critical to the success of the program.
    • Using feedback to make improvements not only benefits the service desk but shows users the value of responding and will increase future response rates.
    The image contains a screenshot of a bar graph that demonstrates SDI: What do service desk professionals do with customer satisfaction data?

    “Your IT service desk’s CSAT survey should be the means of improving your service (and the employee experience), and something that encourages people to provide even more feedback, not just the means for understanding how well it’s doing”

    – Joe the IT Guy, SysAid

    Assign responsibility for acting on feedback

    If collecting and analyzing customer feedback is something that happens off the side of your desk, it either won’t get done or won’t get done well.

    • Formalize the customer satisfaction program. It’s not a one-time task, but an ongoing initiative that requires significant time and dedication.
    • Be clear on who is accountable for the program and who is responsible for all the tasks involved for both transactional and relationship survey data collection, analysis, and communication.

    Assign accountability for the customer feedback program to one person (i.e. Service Desk Manager, Service Manager, Infrastructure & Operations Lead, IT Director), who may take on or assign responsibilities such as:

    • Designing surveys, including survey questions and response options.
    • Configuring survey(s) in ITSM or survey tool.
    • Sending relationship surveys and subsequent reminders to the organization.
    • Communicating results of both surveys to internal staff, business leaders, and end users.
    • Analyzing results.
    • Feeding results into improvement plans, coaching, and training.
    • Creating reports and dashboards to monitor scores and trends.

    Info-Tech Insight

    While feedback can feed into internal coaching and training, the goal should never be to place blame or use metrics to punish agents with poor results. The focus should always be on improving the experience for end users.

    Determine how and how often to analyze feedback data

    • Analyze and report scores from both transactional and relationship surveys to get a more holistic picture of satisfaction across the organization.
    • Determine how you will calculate and present satisfaction ratings/scores, both overall and for individual questions. See tips on the right for calculating and presenting NPS and CSAT scores.
    • A single satisfaction score doesn’t tell the full story; calculate satisfaction scores at multiple levels to determine where improvements are most needed.
      • For example, satisfaction by service desk tier, team or location, by business department or location, by customer group, etc.
    • Analyze survey data regularly to ensure you communicate and act on feedback promptly and avoid further alienating dissatisfied users. Transactional survey feedback should be reviewed at least weekly, but ideally in real time, as resources allow.

    Calculating NPS Scores

    Categorize respondents into 3 groups:

    • 9-10 = Promoters, 7-8 = Neutral, 1-6 = Detractors

    Calculate overall NPS score:

    • % Promoters - % Detractors

    Calculating CSAT Scores

    • CSAT is usually presented as a percentage representing the average score.
    • To calculate, take the total of all scores, divide by the maximum possible score, then multiply by 100. For example, a satisfaction rating of 80% means on average, users gave a rating of 4/5 or 8/10.
    • Note that some organizations present CSAT as the percentage of “satisfied” users, with satisfied being defined as either “yes” on a two-point scale or a score of 4 or 5 on a 5-point scale. Be clear how you are defining your satisfaction rating.

    Don’t neglect qualitative feedback

    While it may be more difficult and time-consuming to analyze, the reward is also greater in terms of value derived from the data.

    Why analyze qualitative data

    How to analyze qualitative data

    • Quantitative data (i.e. numerical satisfaction scores) tells you how many people are satisfied vs dissatisfied, but it doesn’t tell you why they feel that way.
    • If you limit your data analysis to only reporting numerical scores, you will miss out on key insights that can be derived from open-ended feedback.
    • Qualitative data from open-ended survey questions provides:
      • Explanations for the numbers
      • More detailed insight into why respondents feel a certain way
      • More honest and open feedback
      • Insight into areas you may not have thought to ask about
      • New ideas and recommendations

    Methods range in sophistication; choose a technique depending on your tools available and goals of your program.

    1. Manual 2. Semi-automated 3. AI & Analysis Tools
    • Read all comments.
    • Sort into positive vs negative groups.
    • Add tags to categorize comments (e.g. by theme, keyword, service).
    • Look for trends and priorities, differences across groups.
    • Run a script to search for specific keywords.
    • Use a word cloud generator to visualize the most commonly mentioned words (e.g. laptop, email).
    • Due to limitations, manual analysis will still be necessary.
    • Use a feedback analysis/text analysis tool to mine feedback.
    • Software will present reports and data visualizations of common themes.
    • AI-powered tools can automatically detect sentiment or emotion in comments or run a topic analysis.

    Define a process to respond to both negative and positive feedback

    Successful customer satisfaction programs respond effectively to both positive and negative outcomes. Late or lack of responses to negative comments may increase customer frustration, while not responding at all to the positive comments may give the perception of indifference.

    1. Define what qualifies as a positive vs negative score
    2. E.g. Scores of 1 to 2 out of 5 are negative, scores of 4 to 5 out of 5 are positive.

    3. Define process to respond to negative feedback
    • Negative responses should go directly to the Service Desk Manager or whoever is accountable for feedback.
    • Set an SLO for when the user will be contacted. It should be within 24h but ideally much sooner.
    • Investigate the issue to understand exactly what happened and get to the root cause.
    • Identify remediation steps to ensure the issue does not occur again.
    • Communicate to the customer the action you have taken to improve.
  • Define process to respond to positive feedback
    • Positive responses should also be reviewed by the person accountable for feedback, but the timeline to respond may be longer.
    • Show respondents that you value their time by thanking them for responding. Showing appreciate helps to build a long-term relationship with the user.
    • Share positive results with the team to improve morale, and as a coaching/training mechanism.
    • Consider how to use positive feedback as an incentive or reward.

    Build a plan to communicate results to various stakeholders

    Regular communication about your feedback results and action plan tied to those results is critical to the success of your feedback program. Build your communication plan around these questions:

    1. Who should receive communication?

    Each audience will require different messaging, so start by identifying who those audiences are. At a minimum, you should communicate to your end users who provided feedback, your service desk/IT team, and business leaders or stakeholders.

    2. What information do they need?

    End users: Thank them for providing feedback. Demonstrate what you will do with that feedback.

    IT team: Share results and what you need them to do differently as a result.

    Business leaders: Share results, highlight successes, share action plan for improvement.

    3. Who is responsible for communication?

    Typically, this will be the person who is accountable for the customer feedback program, but you may have different people responsible for communicating to different audiences.

    4. When will you communicate?

    Frequency of communication will depend on the survey type – relationship or transactional – as well as the audience, with internal communication being much more frequent than end-user communication.

    5. How will you communicate?

    Again, cater your approach to the audience and choose a method that will resonate with them. End users may view an email, an update on the portal, a video, or update in a company meeting; your internal IT team can view results on a dashboard and have regular meetings.

    Communication to your users impacts both response rates and satisfaction

    Based on the Customer Communication Cycle by David O’Reardon, 2018
    1. Ask users to provide feedback through transactional and relationship surveys.
    2. Thank them for completing the survey – show that you value their time, regardless of the type of feedback they submitted.
    3. Be transparent and summarize the results of the survey(s). Make it easy to digest with simple satisfaction scores and a summary of the main insights or priorities revealed.
    4. Before asking for feedback, explain how you will use feedback to improve the service. After collecting feedback, share your plan for making improvements based on what the data told you.
    5. After you’ve made changes, communicate again to share the results with respondents. Make it clear that their feedback had a direct result on the service they receive. Communicating this before running another survey will also increase the likelihood of respondents providing feedback again.

    Info-Tech Insight

    Focus your communications to users around them, not you. Demonstrate that you need feedback to improve their experience, not just for you to collect data.

    Translate feedback into actionable improvements

    Taking action on feedback is arguably the most important step of the whole customer feedback program.

    Prioritize improvements

    Prioritize improvements based on low scores and most commonly received feedback, then build into an action plan.

    Take immediate action on negative feedback

    Investigate the issue, diagnose the root cause, and repair both the relationship and issue – just like you would an incident.

    Apply lessons learned from positive feedback

    Don’t neglect actions you can take from positive feedback – identify how you can expand upon or leverage the things you’re doing well.

    Use feedback in coaching and training

    Share positive experiences with the team as lessons learned, and use negative feedback as an input to coaching and training.

    Make the change stick

    After making a change, train and communicate it to your team to ensure the change sticks and any negative experiences don’t happen again.

    “Without converting feedback into actions, surveys can become just a pointless exercise in number watching.”

    – David O’Reardon, Founder & CEO of Silversix

    Info-Tech Insight

    Outline exactly what you plan to do to address customer feedback in an action plan, and regularly review that action plan to select and prioritize initiatives and monitor progress.

    For more guidance on tracking and prioritizing ongoing improvement initiatives, see the blueprints Optimize the Service Desk with a Shift Left Strategy and Build a Continual Improvement Plan for the Service Desk.

    Leverage Info-Tech resources to guide your improvement efforts

    Map your identified improvements to the relevant resource that can help:

    Improve service desk processes:

    Improve end-user self-service options:

    Assess and optimize service desk staffing:

    Improve ease of contacting the service desk:

    Standardize the Service Desk Optimize the Service Desk With a Shift-Left Strategy Staff the Service Desk to Meet Demand Improve Service Desk Ticket Intake

    Improve service desk processes:

    Improve end-user self-service options:

    Assess and optimize service desk staffing:

    Improve ease of contacting the service desk::

    Improve Incident and Problem Management Improve Incident and Problem Management Deliver a Customer Service Training Program to Your IT Department Modernize and Transform Your End-User Computing Strategy

    Map process for acting on relationship survey feedback

    Use Info-Tech’s Relationship Satisfaction Survey Review Process workflow as a template to define your own process.

    The image contains a screenshot of the Relationship Satisfaction Survey Review Process.

    Map process for acting on transactional survey feedback

    Use Info-Tech’s Transactional Satisfaction Survey Review Process workflow as a template to define your own process.

    The image contains a screenshot of the Transactional Satisfaction Survey Review Process.

    Related Info-Tech Research

    Standardize the Service Desk

    This project will help you build and improve essential service desk processes, including incident management, request fulfillment, and knowledge management to create a sustainable service desk.

    Optimize the Service Desk With a Shift-Left Strategy

    This project will help you build a strategy to shift service support left to optimize your service desk operations and increase end-user satisfaction.

    Build a Continual Improvement Plan

    This project will help you build a continual improvement plan for the service desk to review key processes and services and manage the progress of improvement initiatives.

    Deliver a Customer Service Training Program to Your IT Department

    This project will help you deliver a targeted customer service training program to your IT team to enhance their customer service skills when dealing with end users, improve overall service delivery and increase customer satisfaction.

    Sources Cited

    Amaresan, Swetha. “The best time to send a survey, according to 5 studies.” Hubspot. 15 Jun 2021. Accessed October 2022.
    Arlen, Chris. “The 5 Service Dimensions All Customers Care About.” Service Performance Inc. n.d. Accessed October 2022.
    Clinton, William Jefferson. “Setting Customer Service Standards.” (1993). Federal Register, 58(176).
    “Understanding Confidentiality and Anonymity.” The Evergreen State College. 2022. Accessed October 2022.
    "Highlights of the 2017 U.S. PIAAC Results Web Report" (NCES 2020-777). U.S. Department of Education. Institute of Education Sciences, National Center for Education Statistics.
    Joe the IT Guy. “Are IT Support’s Customer Satisfaction Surveys Their Own Worst Enemy?” Joe the IT Guy. 29 August 2018. Accessed October 2022.
    O’Reardon, David. “10 Ways to Get the Most out of your ITSM Ticket Surveys.” LinkedIn. 2 July 2019. Accessed October 2022.
    O'Reardon, David. "13 Ways to increase the response rate of your Service Desk surveys".LinkedIn. 8 June 2016. Accessed October 2022.
    O’Reardon, David. “IT Customer Feedback Management – A Why & How Q&A with an Expert.” LinkedIn. 13 March 2018. Accessed October 2022.
    Parasuraman, A., Zeithaml, V. A., & Berry, L. L. (1985). "A Conceptual Model of Service Quality and Its Implications for Future Research." Journal of Marketing, 49(4), 41–50.
    Quantisoft. "How to Increase IT Help Desk Customer Satisfaction and IT Help Desk Performance.“ Quantisoft. n.d. Accessed November 2022.
    Rumberg, Jeff. “Metric of the Month: Customer Effort.” HDI. 26 Mar 2020. Accessed September 2022.
    Sauro, Jeff. “15 Common Rating Scales Explained.” MeasuringU. 15 August 2018. Accessed October 2022.
    SDI. “Customer Experience in ITSM.” SDI. 2018. Accessed October 2022.
    SDI. “CX: Delivering Happiness – The Series, Part 1.” SDI. 12 January 2021. Accessed October 2022.
    Wronski, Laura. “Who responds to online surveys at each hour of the day?” SurveyMonkey. n.d. Accessed October 2022.

    Research contributors

    Sally Colwell

    Project Officer

    Government of Canada Pension Centre

    Application Portfolio Management Foundations

    • Buy Link or Shortcode: {j2store}172|cart{/j2store}
    • member rating overall impact (scale of 10): 9.4/10 Overall Impact
    • member rating average dollars saved: $54,542 Average $ Saved
    • member rating average days saved: 21 Average Days Saved
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy

    Organizations consider application oversight a low priority and app portfolio knowledge is poor:

    • No dedicated or centralized effort to manage the app portfolio means no single source of truth is available to support informed decision making.
    • Organizations acquire more applications over time, creating redundancy, waste, and the need for additional support.
    • Organizations are more vulnerable to changing markets. Flexibility and growth are compromised when applications are unadaptable or cannot scale.

    Our Advice

    Critical Insight

    • You cannot outsource application strategy.
    • Modern software options have lessened the need for organizations to have robust in-house application management capabilities. But your applications’ future and governance of the portfolio still require centralized oversight to ensure the best overall return on investment.
    • Application portfolio management is the mechanism to ensure that the applications in your enterprise are delivering value and support for your value streams and business capabilities. Understanding value, satisfaction, technical health, and total cost of ownership are critical to digital transformation, modernization, and roadmaps.

    Impact and Result

    Build an APM program that is actionable and fit for size:

    • Understand your current state, needs, and goals for your application portfolio management.
    • Create an application and platform inventory that is built for better decision making.
    • Rationalize your apps with business priorities and communicate risk in operational terms.
    • Create a roadmap that improves communication between those who own, manage, and support your applications.

    Application Portfolio Management Foundations Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Application Portfolio Management Foundations Deck – A guide that helps you establish your core application inventory, simplified rationalization, redundancy comparison, and modernization roadmap.

    Enterprises have more applications than they need and rarely apply oversight to monitor the health, cost, and relative value of applications to ensure efficiency and minimal risk. This blueprint will help you build a streamlined application portfolio management process.

    • Application Portfolio Management Foundations – Phases 1-4

    2. Application Portfolio Management Diagnostic Tool – A tool that assesses your current application portfolio.

    Visibility into your application portfolio and APM practices will help inform and guide your next steps.

    • Application Portfolio Management Diagnostic Tool

    3. Application Portfolio Management Foundations Playbook – A template that builds your application portfolio management playbook.

    Capture your APM roles and responsibilities and build a repeatable process.

    • Application Portfolio Management Foundations Playbook

    4. Application Portfolio Management Snapshot and Foundations Tool – A tool that stores application information and allows you to execute rationalization and build a portfolio roadmap.

    This tool is the central hub for the activities within Application Portfolio Management Foundations.

    • Application Portfolio Management Snapshot and Foundations Tool
    [infographic]

    Workshop: Application Portfolio Management Foundations

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Lay Your Foundations

    The Purpose

    Work with key corporate stakeholders to come to a shared understanding of the benefits and aspects of application portfolio management.

    Key Benefits Achieved

    Establish the goals of APM.

    Set the scope of APM responsibilities.

    Establish business priorities for the application portfolio.

    Activities

    1.1 Define goals and metrics.

    1.2 Define application categories.

    1.3 Determine steps and roles.

    1.4 Weight value drivers.

    Outputs

    Set short- and long-term goals and metrics.

    Set the scope for applications.

    Set the scope for the APM process.

    Defined business value drivers.

    2 Improve Your Inventory

    The Purpose

    Gather information on your applications to build a detailed inventory and identify areas of redundancy.

    Key Benefits Achieved

    Populated inventory based on your and your team’s current knowledge.

    Understanding of outstanding data and a plan to collect it.

    Activities

    2.1 Populate inventory.

    2.2 Assign business capabilities.

    2.3 Review outstanding data.

    Outputs

    Initial application inventory

    List of areas of redundancy

    Plan to collect outstanding data

    3 Gather Application Information

    The Purpose

    Work with the application subject matter experts to collect and compile data points and determine the appropriate disposition for your apps.

    Key Benefits Achieved

    Dispositions for individual applications

    Application rationalization framework

    Activities

    3.1 Assess business value.

    3.2 Assess end-user perspective.

    3.3 Assess TCO.

    3.4 Assess technical health.

    3.5 Assess redundancies.

    3.6 Determine dispositions.

    Outputs

    Business value score for individual applications

    End-user satisfaction scores for individual applications

    TCO score for individual applications

    Technical health scores for individual applications

    Feature-level assessment of redundant applications

    Assigned dispositions for individual applications

    4 Gather, Assess, and Select Dispositions

    The Purpose

    Work with application delivery specialists to determine the strategic plans for your apps and place these in your portfolio roadmap.

    Key Benefits Achieved

    Prioritized initiatives

    Initial application portfolio roadmap

    Ongoing structure of APM

    Activities

    4.1 Prioritize initiatives

    4.2 Populate roadmap.

    4.3 Determine ongoing APM cadence.

    4.4 Build APM action plan.

    Outputs

    Prioritized new potential initiatives.

    Built an initial portfolio roadmap.

    Established an ongoing cadence of APM activities.

    Built an action plan to complete APM activities.

    Further reading

    Application Portfolio Management Foundations

    Ensure your application portfolio delivers the best possible return on investment.

    Analyst Perspective

    You can’t outsource accountability.

    Many lack visibility into their overall application portfolio, focusing instead on individual projects or application development. Inevitably, application sprawl creates process and data disparities, redundant applications, and duplication of resources and stands as a significant barrier to business agility and responsiveness. The shift from strategic investment to application maintenance creates an unnecessary constraint on innovation and value delivery.

    With the rise and convenience of SAAS solutions, IT has an increasing need to discover and support all applications in the organization. Unmanaged and unsanctioned applications can lead to increased reputational risk. What you don’t know WILL hurt you.

    You can outsource development, you can even outsource maintenance, but you cannot outsource accountability for the portfolio. Organizations need a holistic dashboard of application performance and dispositions to help guide and inform planning and investment discussions. Application portfolio management (APM) can’t tell you why something is broken or how to fix it, but it is an important tool to determine if an application’s value and performance are up to your standards and can help meet your future goals.

    The image contains a picture of Hans Eckman.

    Hans Eckman
    Principal Research Director
    Info-Tech Research Group


    Is this research right for you?

    Research Navigation

    Managing your application portfolio is essential regardless of its size or whether your software is purchased or developed in house. Each organization must have some degree of application portfolio management to ensure that applications deliver value efficiently and that their risk or gradual decline in technical health is appropriately limited.

    Your APM goals

    If this describes your primary goal(s)

    • We are building a business case to determine where and if APM is needed now.
    • We want to understand how well supported are our business capabilities, departments, or core functions by our current applications.
    • We want to start our APM program with our core or critical applications.
    • We want to build our APM inventory for less than 150 applications (division, department, operating unit, government, small enterprise, etc.).
    • We want to start simple with a quick win for our 150 most important applications.
    • We want to start with an APM pilot before committing to an enterprise APM program.
    • We need to rationalize potentially redundant and underperforming applications to determine which to keep, replace, or retire.
    • We want to start enterprise APM, with up to 150 critical applications.
    • We want to collect and analyze detailed information about our applications.
    • We need tools to help us calculate total cost of ownership (TCO) and value.
    • We want to customize our APM journey and rationalization.
    • We want to build a formal communication strategy for our APM program.

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    • Organizations consider application oversight a low priority and app portfolio knowledge is poor.
    • No dedicated or centralized effort to manage the app portfolio means no single source of truth is available to support informed decision making.
    • Organizations acquire more applications over time, creating redundancy, waste, and the need for additional support.
    • Organizations are more vulnerable to changing markets. Flexibility and growth are compromised when applications are unadaptable or cannot scale.
    • APM implies taking a holistic approach and compiling multiple priorities and perspectives.
    • Organizations have limited time to act strategically or proactively and need to be succinct.
    • Uncertainties on business value prevent IT from successfully advising software decision making.
    • IT knows its technical debt but struggles to get the business to act on technical risks.
    • Attempts at exposing these problems rarely gain buy-in and discourage the push for improvement.
    • Think low priority over no priority.
    • Integrate these tasks into your mixed workload.
    • Create an inventory built for better decision making.
    • Rationalize your apps in accordance with business priorities and communicate risks on their terms.
    • Create a roadmap that improves communication between those who own, manage, and support an application.
    • Build your APM process fit for size.

    Info-Tech Insight: You can’t outsource strategy.

    Modern software options have decreased the need for organizations to have robust in-house application management capabilities. Your applications’ future and governance of the portfolio still require a centralized IT oversight to ensure the best return on investment.

    The top IT challenges for SE come from app management

    #1 challenge small enterprise owners face in their use of technology:

    Taking appropriate security precautions

    24%

    The costs of needed upgrades to technology

    17%

    The time it takes to fix problems

    17%

    The cost of maintaining technology

    14%

    Lack of expertise

    9%

    Breaks in service

    7%
    Source: National Small Business Association, 2019

    Having more applications than an organization needs means unnecessarily high costs and additional burden on the teams who support the applications. Especially in the case of small enterprises, this is added pressure the IT team cannot afford.

    A poorly maintained portfolio will eventually hurt the business more than it hurts IT.

    Legacy systems, complex environments, or anything that leads to a portfolio that can’t adapt to changing business needs will eventually become a barrier to business growth and accomplishing objectives. Often the blame is put on the IT department.

    56%

    of small businesses cited inflexible technology as a barrier to growth

    Source: Salesforce as quoted by Tech Republic, 2019

    A hidden and inefficient application portfolio is the root cause of so many pains experienced by both IT and the business.

    • Demand/Capacity Imbalance
    • Overspending
    • Security and Business Continuity Risk
    • Delays in Delivery
    • Barriers to Growth

    APM comes at a justified cost

    The image contains a screenshot of a graph to demonstrate APM and the costs.

    The benefits of APM

    APM identifies areas where you can reduce core spending and reinvest in innovation initiatives.

    Other benefits can include:

    • Fewer redundancies
    • Less risk
    • Less complexity
    • Improved processes
    • Flexibility
    • Scalability

    APM allows you to better understand and set the direction of your portfolio

    Application Inventory

    The artifact that documents and informs the business of your application portfolio.

    Application Rationalization

    The process of collecting information and assessing your applications to determine recommended dispositions.

    Application Alignment

    The process of revealing application information through interviewing stakeholders and aligning to business capabilities.

    Application Roadmap

    The artifact that showcases the strategic directions for your applications over a given timeline.

    Application Portfolio Management (APM):

    The ongoing practice of:

    • Providing visibility into applications across the organization.
    • Recommending corrections or enhancements to decision makers.
    • Aligning delivery teams on priority.
    • Showcasing the direction of applications to stakeholders.

    Create a balanced approach to value delivery

    Enterprise Agility and Value Realization

    Product Lifecycle Management

    Align your product and service improvement and execution to enterprise strategy and value realization in three key areas: defining your products and services, aligning product/service owners, and developing your product vision.

    Product Delivery Lifecycle (Agile DevOps)

    Enhance business agility by leveraging an Agile mindset and continuously improving your delivery throughput, quality, value realization, and adaptive governance.

    Application Portfolio Management

    Transform your application portfolio into a cohesive service catalog aligned to your business capabilities by discovering, rationalizing, and modernizing your applications while improving application maintenance, management, and reuse.

    The image contains a screenshot of a Thought Model on the Application Department Strategy.


    The image contains a screenshot of a Thought Model on Accelerate Your Transition to Product Delivery.

    Every organization experiences some degree of application sprawl

    The image contains a screenshot of images to demonstrate application sprawl.

    Causes of Sprawl

    • Poor Lifecycle Management
    • Turnover & Lack of Knowledge Transfer
    • Siloed Business Units & Decentralized IT
    • Business-Managed IT
    • (Shadow IT)
    • Mergers & Acquisitions

    Problems With Sprawl

    • Redundancy and Inefficient Spending
    • Disparate Apps & Data
    • Obsolescence
    • Difficulties in Prioritizing Support
    • Barriers to Change & Growth

    Application Sprawl:

    Inefficiencies within your application portfolio are created by the gradual and non-strategic accumulation of applications.

    You have more apps than you need.

    Only 34% of software is rated as both IMPORTANT and EFFECTIVE by users.

    Source: Info-Tech’s CIO Business Vision

    Build your APM journey map

    The image contains screenshots of diagrams that reviews building your APM journey map.

    Application rationalization provides insight

    Directionless portfolio of applications

    Info-Tech’s Five Lens Model

    Assigned dispositions for individual apps

    The image contains a screenshot of an example of directionless portfolio of applications.

    Application Alignment

    Business Value

    Technical Health

    End-User Perspective

    Total Cost of Ownership (TCO)

    Maintain: Keep the application but adjust its support structure.

    Modernize: Create a new initiative to address an inadequacy.

    Consolidate: Create a new initiative to reduce duplicate functionality.

    Retire: Phase out the application.

    Disposition: The intended strategic direction or implied course of action for an application.

    How well do your apps support your core functions and teams?

    How well are your apps aligned to value delivery?

    Do your apps meet all IT quality standards and policies?

    How well do your apps meet your end users’ needs?

    What is the relative cost of ownership and operation of your apps?

    Application rationalization requires the collection of several data points that represent these perspectives and act as the criteria for determining a disposition for each of your applications.

    APM is an iterative and evergreen process

    APM provides oversight and awareness of your application portfolio’s performance and support for your business operations and value delivery to all users and customers.

    Determine Scope and categories Build your list of applications and capabilities Score each application based on your values Determine outcomes based on app scoring and support for capabilities

    1. Lay Your Foundations

    1.1 Assess the state of your current application portfolio.

    1.2 Determine narrative.

    1.3 Define goals and metrics.

    1.4 Define application categories.

    1.5 Determine APM steps and roles (SIPOC).

    2. Improve Your Inventory

    2.1 Populate your inventory.

    2.2 Align to business capabilities.

    *Repeat

    3. Rationalize Your Apps

    3.1 Assess business value.

    3.2 Assess technical health.

    3.3 Assess end-user perspective.

    3.4 Assess total cost of ownership.

    *Repeat

    4. Populate Your Roadmap

    4.1 Review APM Snapshot results.

    4.2 Review APM Foundations results.

    4.3 Determine dispositions.

    4.4 Assess redundancies (optional).

    4.5 Determine dispositions for redundant applications (optional).

    4.6 Prioritize initiatives.

    4.7 Determine ongoing cadence.

    *Repeat

    Repeat according to APM cadence and application changes

    Executive Brief Case Study

    INDUSTRY: Retail

    SOURCE: Deloitte, 2017

    Supermarket Company

    The grocer was a smaller organization for the supermarket industry with a relatively low IT budget. While its portfolio consisted of a dozen applications, the organization still found it difficult to react to an evolving industry due to inflexible and overly complex legacy systems.

    The IT manager found himself in a scenario where he knew the applications well but had little awareness of the business processes they supported. Application maintenance was purely in keeping things operational, with little consideration for a future business strategy.

    As the business demanded more responsiveness to changes, the IT team needed to be able to react more efficiently and effectively while still securing the continuity of the business.

    The IT manager found success by introducing APM and gaining a better understanding of the business use and future needs for the applications. The organization started small but then increased the scope over time to produce and develop techniques to aid the business in meeting strategic goals with applications.

    Results

    The IT manager gained credibility and trust within the organization. The organization was able to build a plan to move away from the legacy systems and create a portfolio more responsive to the dynamic needs of an evolving marketplace.

    The application portfolio management initiative included the following components:

    Train teams and stakeholders on APM

    Model the core business processes

    Collect application inventory

    Assign APM responsibilities

    Start small, then grow

    Info-Tech’s application portfolio management methodology

    1. Lay Your Foundations

    2. Improve Your Inventory

    3. Rationalize Your Apps

    4. Populate Your Roadmap

    Phase Activities

    1.1 Assess your current application portfolio

    1.2 Determine narrative

    1.3 Define goals and metrics

    1.4 Define application categories

    1.5 Determine APM steps and roles

    2.1 Populate your inventory

    2.2 Align to business capabilities

    3.1 Assess business value

    3.2 Assess technical health

    3.3 Assess end-user perspective

    3.4 Assess total cost of ownership

    4.1 Review APM Snapshot results

    4.2 Review APM Foundations results

    4.3 Determine dispositions

    4.4 Assess redundancies (optional)

    4.5 Determine dispositions for redundant applications (optional)

    4.6 Prioritize initiatives

    4.7 Determine ongoing APM cadence

    Phase Outcomes

    Work with the appropriate management stakeholders to:

    • Extract key business priorities.
    • Set your goals.
    • Define scope of APM effort.

    Gather information on your own understanding of your applications to build a detailed inventory and identify areas of redundancy.

    Work with application subject matter experts to collect and compile data points and determine the appropriate disposition for your apps.

    Work with application delivery specialists to determine the strategic plans for your apps and place these in your portfolio roadmap.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals.

    Application Portfolio Management Foundations Playbook

    Application Portfolio Management Snapshot and Foundations Tool

    This template allows you to capture your APM roles and responsibilities and build a repeatable process.

    This tool stores all relevant application information and allows you to assess your capability support, execute rationalization, and build a portfolio roadmap.

    The image contains screenshots of the Application Portfolio Management Foundations Playbook. The image contains screenshots of the Application Portfolio Management Snapshot and Foundations Tool.

    Key deliverable:

    Blueprint Storyboard

    This is the PowerPoint document you are viewing now. Follow this guide to understand APM, learn how to use the tools, and build a repeatable APM process that will be captured in your playbook.

    The image contains a screenshot of the blueprint storyboard.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.” “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.” “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.” “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI for on this topic look like?

    Phase 1 Phase 2 Phase 3 Phase 4

    Call #1: Establish goals and foundations for your APM practice.

    Call #2:

    Initiate inventory and determine data requirements.

    Call #3:

    Initiate rationalization with group of applications.

    Call #4:

    Review result of first iteration and perform retrospective.

    Call #5:

    Initiate your roadmap and determine your ongoing APM practice.

    Note: The Guided Implementation will focus on a subset or group of applications depending on the state of your current APM inventory and available time. The goal is to use this first group to build your APM process and models to support your ongoing discovery, rationalization, and modernization efforts.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our right-sized best practices in your organization. A typical GI, using our materials, is 3 to 6 calls over the course of 1 to 3 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    1. Lay Your Foundations

    2. Improve Your Inventory

    3. Rationalize Your Apps

    4. Populate Your Roadmap

    Post Workshop Steps

    Activities

    1.1 Assess your current
    application portfolio

    1.2 Determine narrative

    1.3 Define goals and metrics

    1.4 Define application categories

    1.5 Determine APM steps and roles

    2.1 Populate your inventory

    2.2 Align to business capabilities

    3.1 Assess business value

    3.2 Assess technical health

    3.3 Assess end-user perspective

    3.4 Assess total cost of ownership

    4.1 Review APM Snapshot results

    4.2 Review APM Foundations results

    4.3 Determine dispositions

    4.4 Assess redundancies (optional)

    4.5 Determine dispositions for redundant applications (optional)

    4.6 Prioritize initiatives

    4.7 Determine ongoing APM cadence

    • Complete in-progress deliverables from the previous four days.
    • Set up review time for workshop deliverables and to discuss the next steps.

    Outcomes

    Work with the appropriate management stakeholders to:

    1. Extract key business priorities
    2. Set your goals
    3. Agree on key terms and set the scope for your APM effort

    Work with your applications team to:

    1. Build a detailed inventory
    2. Identify areas of redundancy

    Work with the SMEs for a subset of applications to:

    1. Define your rationalization criteria, descriptions, and scoring
    2. Evaluate each application using rationalization criteria

    Work with application delivery specialists to:

    1. Determine the appropriate disposition for your apps
    2. Build an initial application portfolio roadmap
    3. Establish an ongoing cadence of APM activities

    Info-Tech analysts complete:

    1. Workshop report
    2. APM Snapshot and Foundations Toolset
    3. Action plan

    Note: The workshop will focus on a subset or group of applications depending on the state of your current APM inventory and available time. The goal is to use this first group to build your APM process and models to support your ongoing discovery, rationalization, and modernization efforts.

    Workshop Options

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Outcomes

    1-Day Snapshot

    3-Day Snapshot and Foundations (Key Apps)

    4-Day Snapshot and Foundations (Pilot Area)

    APM Snapshot

    • Align applications to business capabilities
    • Evaluate application support for business capabilities

    APM Foundations

    • Define your APM program and cadence
    • Rationalize applications using weighted criteria
    • Define application dispositions
    • Build an application roadmap aligned to initiatives

    Establish APM practice with a small sample set of apps and capabilities.

    Establish APM practice with a pilot group of apps and capabilities.

    Blueprint Pre-Step: Get the right stakeholders to the right exercises

    The image contains four steps and demonstrates who should be handling each exercise. 1. Lay Your Foundations, is to be handled by the APM Lead/Owner and the Key Corporate Stakeholders. 2. Improve Your Inventory, is to be handled by the APM Lead/Owner and the Applications Subject Matter Experts. 3. Rationalize Your Apps, is to be handled by the APM Lead/Owner, the Applications Subject Matter Experts, and the Delivery Leads. 4. Populate Your Roadmap, is to be handled by the APM Lead/Owner, the Key Corporate Stakeholders, and the Delivery Leads.

    APM Lead/Owner (Recommended)

    ☐ Applications Lead or the individual responsible for application portfolio management, along with any applications team members, if available

    Key Corporate Stakeholders

    Depending on size and structure, participants could include:

    ☐ Head of IT (CIO, CTO, IT Director, or IT Manager)

    ☐ Head of shared services (CFO, COO, VP HR, etc.)

    ☐ Compliance Officer, Steering Committee

    ☐ Company owner or CEO

    Application Subject Matter Experts

    Individuals who have familiarity with a specific subset of applications

    ☐ Business owners (product owners, Head of Business Function, power users)

    ☐ Support owners (Operations Manager, IT Technician)

    Delivery Leads

    ☐ Development Managers

    ☐ Solution Architects

    ☐ Project Managers

    Understand your APM tools and outcomes

    1.Diagnostic The image contains a screenshot of the diagnostic APM tool.

    5. Foundations: Chart

    The image contains a screenshot of the Foundations: Chart APM tool.

    2. Data Journey

    The image contains a screenshot of the data journey APM tool.

    6. App Comparison

    The image contains a screenshot of the App Comparison APM tool.

    3. Snapshot

    The image contains a screenshot of the snapshot APM tool.

    7. Roadmap

    The image contains a screenshot of the Roadmap APM tool.

    4. Foundations: Results

    The image contains a screenshot of the Foundations: Results APM Tool.

    Examples and explanations of these tools are located on the following slides and within the phases where they occur.

    Assess your current application portfolio with Info-Tech’s APM Diagnostic Tool

    The image contains a screenshot of the APM Diagnostic Tool.

    One of the primary purposes of application portfolio management is to get what we know and need to know on paper so we can share a common vision and understanding of our portfolio. This enables better discussions and decisions with your application owners and stakeholders.

    APM worksheet data journey map

    The image contains a screenshot of the APM worksheet data journey map.

    Interpreting your APM Snapshot results

    The image contains a screenshot of the APM snapshots results.

    Interpreting your APM Foundations results

    The image contains a screenshot of the APM Foundations results.

    Interpreting your APM Foundations chart

    The image contains a screenshot of the APM Foundations chart.

    Compare application groups

    Group comparison can be used for more than just redundant/overlapping applications.

    The image contains a screenshot of images that demonstrate comparing application groups.

    Apply Info-Tech’s 6 R’s Rationalization Disposition Model

    The image contains a screenshot of Info-Tech's 6 R's Rationalization Disposition Model.

    Disposition

    Description

    Reward

    Prioritize new features or enhancement requests and openly welcome the expansion of these applications as new requests are presented.

    Refresh

    Address the poor end-user satisfaction with a prioritized project. Consult with users to determine if UX issues require improvement to address satisfaction.

    Refocus

    Determine the root cause of the low value. Refocus, retrain, or refresh the UX to improve value. If there is no value found, aim to "keep the lights on" until the app can be decommissioned.

    Replace

    Replace or rebuild the application as technical and user issues are putting important business capabilities at risk. Decommission application alongside replacement.

    Remediate

    Address the poor technical health or risk with a prioritized project. Further consult with development and technical teams to determine if migration or refactoring is suited to address the technical issue.

    Retire

    Cancel any requested features and enhancements. Schedule the proper decommission and transfer end users to a new or alternative system if necessary.

    TCO, compared relatively to business value, helps determine the practicality of a disposition and the urgency of any call to action. Application alignment is factored in when assessing redundancies and has a separate set of dispositions.

    Populate roadmap example

    The image contains an example of the populate roadmap.

    ARE YOU READY TO GET STARTED?

    Phase 1

    Lay Your Foundations

    Phase 1

    1.1 Assess Your Current Application Portfolio

    1.2 Determine Narrative

    1.3 Define Goals and Metrics

    1.4 Define Application Categories

    1.5 Determine APM Steps and Roles

    Phase 2

    2.1 Populate Your Inventory

    2.2 Align to Business Capabilities

    Phase 3

    3.1 Assess Business Value

    3.2 Assess Technical Health

    3.3 Assess End-User Perspective

    3.4 Assess Total Cost of Ownership

    Phase 4

    4.1 Review APM Snapshot Results

    4.2 Review APM Foundations Results

    4.3 Determine Dispositions

    4.4 Assess Redundancies (Optional)

    4.5 Determine Dispositions for Redundant Applications (Optional)

    4.6 Prioritize Initiatives

    4.7 Determine Ongoing APM Cadence

    This phase involves the following participants:

    Applications Lead

    Key Corporate Stakeholders

    Additional Resources

    APM supports many goals

    Building an APM process requires a proper understanding of the underlying business goals and objectives of your organization’s strategy. Effectively identifying these drivers is paramount to gaining buy-in and the approval for any changes you plan to make to your application portfolio.

    After identifying these goals, you will need to ensure they are built into the foundations of your APM process.

    “What is most critical?” but also “What must come first?”

    Discover

    Improve

    Transform

    Collect Inventory

    Uncover Shadow IT

    Uncover Redundancies

    Anticipate Upgrades

    Predict Retirement

    Reduce Cost

    Increase Efficiency

    Reduce Applications

    Eliminate Redundancy

    Limit Risk

    Improve Architecture

    Modernize

    Enable Scalability

    Drive Business Growth

    Improve UX

    Assess your current application portfolio with Info-Tech’s APM Diagnostic Tool

    The image contains a screenshot of the APM Diagnostic Tool.

    One of the primary purposes of application portfolio management is to get what we know and need to know on paper so we can share a common vision and understanding of our portfolio. This enables better discussions and decisions with your application owners and stakeholders.

    1.1 Assess your current application portfolio with Info-Tech’s diagnostic tool

    Estimated time: 1 hour

    1. This tool provides visibility into your application portfolio and APM practices.
    2. Based on your assessment, you should gain a better understanding of whether the appropriate next steps are in application discovery, rationalization, or roadmapping.
    3. Complete the “Data Entry” worksheet in the Application Portfolio Management Diagnostic Tool (Excel).
    4. Review the “Results” worksheet to help inform and guide your next steps.

    Download the Application Portfolio Management Diagnostic Tool

    Input Output
    • Current APM program
    • Application landscape
    • APM current-state assessment
    Materials Participants
    • Application Portfolio Management Diagnostic Tool
    • Applications Lead

    1.1 Understanding the diagnostic results

    • Managed Apps are your known knowns and most of your portfolio.
    • Unmanaged and Unsanctioned Apps are known but have unknown risks and compliance. Bring these under IT support.
    • Unknown Apps are high risk and noncompliant. Prioritize these based on risk, cost, and use.
    The image contains a screenshot of the diagnostic APM tool.
    • APM is more than an inventory and assessment. A strong APM program provides ongoing visibility and insights to drive application improvement and value delivery.
    • Use your Sprawl Factors to identify process and organizational gaps that may need to be addressed.
    • Your APM inventory is only as good as the information in it. Use this chart to identify gaps and develop a path to define missing information.
    • APM is an iterative process. Use this state assessment to determine where to focus most of your current effort.

    Understand potential motivations for APM

    The value of APM is defined by how the information will be used to drive better decisions.

    Portfolio Governance

    Transformative Initiatives

    Event-Driven Rationalization

    Improves:

    • Spending efficiency
    • Risk
    • Retirement of aged and low-value applications
    • Business enablement

    Impact on your rationalization framework:

    • Less urgent
    • As rigorous as appropriate
    • Apply in-depth analysis as needed

    Enables:

    • Data migration or harmonization
    • Legacy modernization
    • Infrastructure/cloud migration
    • Standardizing platforms
    • Shift to cloud and SAAS

    Impact on your rationalization framework:

    • Time sensitive
    • Scope on impacted areas
    • Need to determine specific dispositions
    • Outcomes need to include detailed and actionable steps

    Responds to:

    • Mergers and acquisitions
    • Regulatory and compliance change
    • New applications
    • Application retirement by vendors
    • Changes in business operations
    • Security risks and BC/DR

    Impact on your rationalization framework:

    • Time constrained
    • Lots of discovery work
    • Primary focus on duplication
    • Increased process and system understanding

    Different motivations will influence the appropriate approach to and urgency of APM or, specifically, rationalizing the portfolio. When rationalizing is directly related to enabling or in response to a broader initiative, you will need to create a more structured approach with a formal budget and resources.

    1.2 Determine narrative

    Estimated time: 30 minutes-2 hours

    1. Open the “Narrative” tab in the APM Snapshot and Foundations Tool.
    2. Start by listing your prevailing IT pain points with the application portfolio. These will be the issues experienced predominantly by the IT team and not necessarily by the stakeholders. Be sure to distinguish pain points from their root causes.
    3. Determine an equivalent business pain point for each IT pain point. This should be how the problem manifests itself to business stakeholders and should include potential risks to the organization is exposed to.
    4. Determine the business goal for each business pain point. Ideally, these are established organizational goals that key decision-makers will recognize. These goals should address the business pain points you have documented.
    5. Determine the technical objective for each business goal. These speak to the general corrections or enhancements to the portfolio required to accomplish the business goals.
    6. Use the “Narrative - Matrix” worksheet to group items into themes if needed.

    Record the results in the APM Snapshot and Foundations Tool

    Input Output
    • Familiarity with application landscape
    • Organizational context and strategic artifacts
    • Narrative for application portfolio transformation
    Materials Participants
    • APM Snapshot and Foundations Tool
    • Application Portfolio Manager

    Connect your pains to what the business cares about to find the most effective narrative

    Root Cause

    IT Pain Points

    Business Pain Points

    Business Goals

    Narrative

    Technical Objectives

    Sprawl

    Shadow IT/decentralized oversight

    Neglect over time

    Poor delivery processes

    Back-End Complexity

    Disparate Data/Apps

    Poor Architectural Fit

    Redundancy

    Maintenance Demand/
    Resource Drain

    Low Maintainability

    Technical Debt

    Legacy, Aging, or Expiring Apps

    Security Vulnerabilities

    Unsatisfied Customers

    Hurdles to Growth/Change

    Poor Business Analytics

    Process Inefficiency

    Software Costs

    Business Continuity Risk

    Data Privacy Risk

    Data/IP Theft Risk

    Poor User Experience

    Low-Value Apps

    Scalability

    Flexibility/Agility

    Data-Driven Insights

    M&A Transition

    Business Unit Consolidation/ Centralization

    Process Improvement

    Process Modernization

    Cost Reduction

    Stability

    Customer Protection

    Security

    Employee Enablement

    Business Enablement

    Innovation

    Create Strategic Alignment

    Identify specific business capabilities that are incompatible with strategic initiatives.

    Reduce Application Intensity

    Highlight the capabilities that are encumbered due to functional overlaps and complexity.

    Reduce Software Costs

    Specific business capabilities come at an unnecessarily or disproportionately high cost.

    Mitigate Business Continuity Risk

    Specific business capabilities are at risk of interruption or stoppages due to unresolved back-end issues.

    Mitigate Security Risk

    Specific business capabilities are at risk due to unmitigated security vulnerabilities or breaches.

    Increase Satisfaction Applications

    Specific business capabilities are not achieving their optimal business value.

    Platform Standardization

    Platform Standardization Consolidation

    Data Harmonization

    Removal/Consolidation of Redundant Applications

    Legacy Modernization

    Application Upgrades

    Removal of Low-Value Applications

    1.3 Define goals and metrics

    Estimated time: 1 hour

    1. Determine the motivations behind APM. You may want to collect and review any of the organization’s strategic documents that provide additional context on previously established goals.
    2. With the appropriate stakeholders, discuss the goals of APM. Try to label your goals as either:
      1. Short term: Refers to immediate goals used to represent the progress of APM activities. Likely these goals are more IT-oriented
      2. Long term: Refers to broader and more distant goals more related to the impact of APM. These goals tend to be more business-oriented.
    3. To help clearly define your goals, discuss appropriate metrics for each goal. Often these metrics can be expressed as:
      1. Leading indicators: Metrics used to gauge the success of your short-term goals and the progress of APM activities.
      2. Lagging indicators: Metrics used to gauge the success of your long-term goals.

    Record the results in the APM Snapshot and Foundations Tool

    Input Output
    • Overarching organizational strategy
    • IT strategy
    • Defined goals and metrics for APM
    Materials Participants
    • Whiteboard
    • Markers
    • APM Snapshot and Foundations Tool
    • Applications Lead
    • Key Corporate Stakeholders

    1.3 Define goals and metrics: Example

    Goals

    Metric

    Target

    Short Term

    Improve ability to inform the business

    Leading Indicators

    • Application inventory with all data fields completed
    • Applications with recommended dispositions
    • 80% of portfolio

    Improve ownership of applications

    • Applications with an assigned business and technical owner
    • 80% of portfolio

    Reduce costs of portfolio

    • TCO of full application portfolio
    • The number of recovered/avoided software licenses from retired apps
    • Reduce by 5%
    • $50,000

    Long Term

    Migrate platform

    Lagging Indicators

    • Migrate all applications
    • Total value change in on-premises apps switched to SaaS
    • 100% of applications
    • Increase 50%

    Improve overall satisfaction with portfolio

    • End-user satisfaction rating
    • Increase 25%

    Become more customer-centric

    • Increased sales
    • Increased customer experience
    • Increase 35%

    “Application” doesn’t have the same meaning to everyone

    The image contains a picture of Martin Fowler.

    Code: A body of code that's seen by developers as a single unit.

    Functionality: A group of functionality that business customers see as a single unit.

    Funding: An initiative that those with the money see as a single budget.

    ?: What else?

    “Essentially applications are social constructions.

    Source: Martin Fowler

    APM focuses on business applications.

    “Software used by business users to perform a business function.”

    – ServiceNow, 2020

    Unfortunately, that definition is still quite vague.

    You must set boundaries and scope for “application”

    1. Many individual items can be considered applications on their own or components within or associated with an application.

    2. Different categories of applications may be out of scope or handled differently within the activities and artifacts of APM.

    Different categories of applications may be out of scope or handled differently within the activities and artifacts of APM.

    • Interface
    • Software Component
    • Supporting Software
    • Platform
    • Presentation Layer
    • Middleware
    • Micro Service
    • Database
    • UI
    • API
    • Data Access/ Transfer/Load
    • Operating System

    Apps can be categorized by generic categories

    • Enterprise Applications
    • Unique Function-Specific Applications
    • Productivity Tools
    • Customer-Facing Applications
    • Mobile Applications

    Apps can be categorized by bought vs. built or install types

    • Custom
    • On-Prem
    • Off the Shelf
    • SaaS
    • Hybrid
    • End-User-Built Tools

    Apps can be categorized by the application family

    • Parent Application
    • Child Application
    • Package
    • Module
    • Suite
    • Component (Functional)

    Apps can be categorized by the group managing them

    • IT-Managed Applications
    • Business-Managed Applications (Shadow IT)
    • Partner/External Applications

    Apps can be categorized by tiers

    • Mission Critical
    • Tier 2
    • Tier 3

    Set boundaries on what is an application or the individual unit that you’re making business decisions on. Also, determine which categories of applications are in scope and how they will be included in the activities and artifacts of APM. Use your product families defined in Deliver Digital Products at Scale to help define your application categories, groups, and boundaries.

    1.4 Define application categories

    Estimated time: 1 hour

    1. Review the items listed on the previous slide and consider what categories provide the best initial grouping to help organize your rationalization and dispositions. Update the category list to match your application groupings.
    2. Identify the additional categories you need to manage in your application portfolio.
    3. For each category, establish or modify a description or definition and provide examples that exist in your current portfolio.
    4. For each category, answer:
      1. Will these be documented in the application inventory?
      2. Will these be included in application rationalization? Think about if this item will be assigned a TCO, value score, and, ultimately, a disposition.
      3. Will these be listed in the application portfolio roadmap?
    5. If you completed Deliver Digital Products at Scale, use your product families to help define your application categories.

    Record the results in the APM Snapshot and Foundations Tool

    InputOutput
    • Working list of applications
    • Definitions and guidelines for which application categories are in scope for APM
    MaterialsParticipants
    • Whiteboard and markers
    • APM Snapshot and Foundations Tool
    • Applications Lead
    • Key Corporate Stakeholders

    1.4 APM worksheet data journey map

    The image contains a screenshot of the APM worksheet data journey map.

    1.4 Define application categories: Example

    Category

    Definition/Description

    Examples

    Documented in your application inventory?

    Included in application rationalization?

    Listed in your application portfolio roadmap?

    Business Application

    End-user facing applications that directly enable specific business functions. This includes enterprise-wide and business-function-specific applications. Separate modules will be considered a business application when appropriate.

    ERP system, CRM software, accounting software

    Yes

    Yes. Unless currently in dev. TCO of the parent application will be divided among child apps.

    Yes

    Software Components

    Back-end solutions are self-contained units that support business functions.

    ETL, middleware, operating systems

    No. Documentation in CMDB. These will be listed as a dependency in the application inventory.

    No. These will be linked to a business app and included in TCO estimates and tech health assessments.

    No

    Productivity Tools

    End-user-facing applications that enable standard communication of general document creation.

    MS Word, MS Excel, corporate email

    Yes

    No

    Yes

    End-User- Built Microsoft Tools

    Single instances of a Microsoft tool that the business has grown dependent on.

    Payroll Excel tool, Access databases

    No. Documentation in Business Tool Glossary.

    No No

    Partner Applications

    Partners or third-party applications that the business has grown dependent on but are internally owned or managed.

    Supplier’s ERP portal, government portal

    No No

    Yes

    Shadow IT

    Business-managed applications.

    Downloaded tools

    Yes

    Yes. However, just from a redundancy perspective.

    Yes

    The roles in APM rarely exist; you need to adapt

    Application Portfolio Manager

    • Responsible for the health and evolution of the application portfolio.
    • Facilitates the rationalization process.
    • Compiles and assesses application information and recommends and supports key decisions regarding the direction of the applications.
    • This is rarely a dedicated role even in large enterprises. For small enterprises, this should be an IT employee at a manager level – an IT manager or operations manager.

    Business Owner

    • Responsible for managing individual applications on a functional level and approves and prioritizes projects.
    • Provides business process or functional subject matter expertise for the assessment of applications.
    • For small enterprises, this role is rarely defined, but the responsibility should exist. Consider the head of a business unit or a process owner as the owner of the application.

    Support Owner

    • Responsible for the maintenance and management of individual applications.
    • Provides technical information and subject matter expertise for the assessment of an application.
    • For small enterprises, this would be those responsible for maintaining the application and those responsible for its initial implementation. Often support responsibilities are external, and this role will be more of a vendor manager.

    Project Portfolio Manager

    • Responsible for intake, planning, and coordinating the resources that deliver any changes.
    • The body that consumes the results of rationalization and begins planning any required action or project.
    • For small enterprises, the approval process can come from a steering committee but it is often less formal. Often a smaller group of project managers facilitates planning and coordination and works closely with the delivery leads.

    Corner-of-the-Desk Approach

    • No one is explicitly dedicated to building a strategy or APM practices.
    • Information is collected whenever the applications team has time available.
    • Benefits are pushed out and the value is lost.

    Dedicated Approach

    • The initiative is given a budget and formal agenda.
    • Roles and responsibilities are assigned to team members.

    The high-level steps of APM present some questions you need to answer

    Build Inventory

    Create the full list of applications and capture all necessary attributes.

    • Who will build the inventory?
    • Do you know all your applications (Shadow IT)?
    • Do you know your applications’ functionality?
    • Do you know where your applications overlap?
    • Who do you need to consult with to fill in the gaps?
    • Who will provide specific application information?

    Collect & Compile

    Engage with appropriate SMEs and collect necessary data points for rationalization.

    • Who will collect and compile the data points for rationalization?
    • What are the specific data points?
    • Are some of the data points currently documented?
    • Who will provide specific data points on technical health, cost, performance, and business value?
    • Who will determine what business value is?

    Assess & Recommend

    Apply rationalization framework and toolset to determine dispositions.

    • Who will apply a rationalization tool or decision-making framework to generate dispositions for the applications?
    • Who will modify the tool or framework to ensure results align to the goals of the organization?
    • Who will define any actions or projects that result from the rationalization? And who needs to be consulted to assess the feasibility of any potential project?

    Validate & Roadmap

    Present dispositions for validation and communicate any decisions or direction for applications.

    • Who will present the recommended disposition, corrective action, or new project to the appropriate decision maker?
    • Who is the appropriate decision maker for application changes or project approval?
    • What format is recommended (idea, proposal, business case) and what extra analysis is required?
    • Who needs to be consulted regarding the potential changes?

    1.5 Determine APM steps and roles (SIPOC)

    Estimated time: 1-2 hours

    1. Begin by comparing Info-Tech’s list of common APM roles to the roles that exist in your organization with respect to application management and ownership.
    2. There are four high-level steps for APM: build inventory, collect & compile, assess & recommend, and validate & roadmap. Apply the SIPOC (Supplier, Input, Process, Output, Customer) model by completing the following for each step:
      1. In the Process column, modify the description, if necessary. Identify who is responsible for performing the step.
      2. In the Inputs column, modify the list of inputs.
      3. In the Suppliers column, identify who must be included to provide the inputs.
      4. In the Outputs column, modify the list of outputs.
      5. In the Customers column, identify who consumes the outputs.
    3. (Optional) Outline how the results of APM will be consumed. For example, project intake or execution, data or platform migration, application or product management, or whichever is appropriate.

    Record the results in the APM Snapshot and Foundations Tool

    Input Output
    • Existing function and roles regarding application delivery, management, and ownership
    • Scope of APM
    • Responsibilities assigned to your roles
    Materials Participants
    • Whiteboard and markers
    • “Supporting Activities – SIPOC” worksheet in the APM Snapshot and Foundations Tool
    • Applications Lead
    • Key Corporate Stakeholders

    1.5 Determine steps and roles

    Suppliers

    Inputs

    Process

    Outputs

    Customers

    • Applications Manager
    • Operations Manager
    • Business Owners
    • IT Team
    • List of applications
    • Application attributes
    • Business capabilities

    Build Inventory

    Create the full list of applications and capture all necessary attributes.

    Resp: Applications Manager & IT team member

    • Application inventory
    • Identified redundancies
    • Whole organization
    • Applications SMEs
    • Business Owners
    • Support Owners & Team
    • End Users
    • Application inventory
    • Existing documentation
    • Additional collection methods
    • Knowledge of business value, cost, and performance for each application

    Collect & Compile

    Engage with appropriate SMEs and collect necessary data points for rationalization.

    Resp: IT team member

    • Data points of business value, cost, and performance for each application
    • Applications Manager
    • Applications Manager
    • Defined application rationalization framework and toolset
    • Data points of business value, cost, and performance for each application

    Assess & Recommend

    Apply rationalization framework and toolset to determine dispositions.

    Resp: Applications Manager

    • Assigned disposition for each application
    • New project ideas for applications
    • Business Owners
    • Steering Committee
    • Business Owners
    • Steering Committee
    • Assigned disposition for each application
    • New project ideas for applications
    • Awareness of goals and priorities
    • Awareness of existing projects and resources capacity

    Validate & Roadmap

    Present dispositions for validation and communicate any decisions or direction for applications.

    Resp: Applications Manager

    • Application portfolio roadmap
    • Confirmed disposition for each application
    • Project request submission
    • Whole organization
    • Applications Manager
    • Solutions Engineer
    • Business Owner
    • Project request submission
    • Estimated cost
    • Estimated value or ROI

    Project Intake

    Build business case for project request.

    Resp: Project Manager

    • Approved project
    • Steering Committee

    Planning your APM modernization journey steps

    Discovery Rationalization Disposition Roadmap

    Enter your pilot inventory.

    • Optional Snapshot: Populate your desired snapshot grouping lists (departments, functions, groups, capabilities, etc.).

    Score your pilot apps to refine your rationalization criteria and scoring.

    • Score 3 to 9 apps to adjust and get comfortable with the scoring.
    • Validate scoring with the remaining apps in your pilot group. Refine and finalize the criteria and scoring descriptions.
    • Optional Snapshot: Use the Group Alignment Matrix to match your grouping list to select which apps support each grouping item.

    Determine recommended disposition for each application.

    • Review and adjust the disposition recommendations on the “Disposition Options” worksheet and set your pass/fail threshold.
    • Review your apps on the “App Rationalization Results” worksheet. Update (override) the recommended disposition and priority if needed.

    Populate your application roadmap.

    • Indicate programs, projects, initiatives, or releases that are planned for each app.
    • Update the priority based on the initiative.
    • Use the visual roadmap to show high-level delivery phases.

    Phase 2

    Improve Your Inventory

    Phase 1

    1.1 Assess Your Current Application Portfolio

    1.2 Determine Narrative

    1.3 Define Goals and Metrics

    1.4 Define Application Categories

    1.5 Determine APM Steps and Roles

    Phase 2

    2.1 Populate Your Inventory

    2.2 Align to Business Capabilities

    Phase 3

    3.1 Assess Business Value

    3.2 Assess Technical Health

    3.3 Assess End-User Perspective

    3.4 Assess Total Cost of Ownership

    Phase 4

    4.1 Review APM Snapshot Results

    4.2 Review APM Foundations Results

    4.3 Determine Dispositions

    4.4 Assess Redundancies (Optional)

    4.5 Determine Dispositions for Redundant Applications (Optional)

    4.6 Prioritize Initiatives

    4.7 Determine Ongoing APM Cadence

    This phase involves the following participants:

    • Applications Lead
    • Applications Team

    Additional Resources

    Document Your Business Architecture

    Industry Reference Architectures

    Application Capability Template

    Pre-step: Collect your applications

    1. Consult with your IT team and leverage any existing documentation to gather an initial list of your applications.
    2. Build an initial working list of applications. This is just meant to be a starting point. Aim to include any new applications in procurement, implementation, or development.
    3. The rationalization and roadmapping phases are best completed when iteratively focusing on manageable groups of applications. Group your applications into subsets based on shared subject matter experts. Likely this will mean grouping applications by business units.
    4. Select a subset to be the first group of applications that will undergo the activities of rationalization and roadmapping to refine your APM processes, scoring, and disposition selection.

    Info-Tech Best Practice

    The more information you plan to capture, the larger the time and effort, especially as you move along toward advanced and strategic items. Capture the information most aligned to your objectives to make the most of your investment.

    If you completed Deliver Digital Products at Scale, use your product families and products to help define your applications.

    Learn more about automated application discovery:
    High Application Satisfaction Starts With Discovering Your Application Inventory

    Discover your applications

    The image contains a screenshot of examples of applications that support APM.

    2.1 Populate your inventory

    Estimated time: 1-4 hours per group

    1. Review Info-Tech’s list of application inventory attributes.
    2. Open the “Application Inventory Details” tab of the APM Snapshot and Foundations Tool. Modify, add, or omit attributes.
    3. For each application, populate your prioritized data fields or any fields you know at the time of discovery. You will complete all the fields in future iterations.
    4. Complete this the best you can based on your team’s familiarity and any readily available documentation related to these applications.
    5. Use the drop-down list to select Enabling, Redundant/Overlapping, and Dependent apps. This will be used to help determine dispositions and comparisons.
    6. Highlight missing information or placeholder values that need to be verified.

    Record the results in the APM Snapshot and Foundations Tool

    Input Output
    • Working list of applications
    • Determined attributes for inventory
    • Populated inventory
    Materials Participants
    • APM Snapshot and Foundations Tool
    • Applications Lead
    • Any Applications Team Members

    2.1 APM worksheet data journey map

    The image contains a screenshot of the APM worksheet data journey map.

    Why is the business capability so important?

    For the purposes of an inventory, business capabilities help all stakeholders gain a sense of the functionality the application provides.

    However, the true value of business capability comes with rationalization.

    Upon linking all the organization’s applications to a standardized and consistent set of business capabilities, you can then group your applications based on similar, complementary, or overlapping functionality. In other words, find your redundancies and consolidation opportunities.

    Important Consideration

    Defining business capabilities and determining the full extent of redundancy is a challenging undertaking and often is a larger effort than APM all together.

    Business capabilities should be defined according to the unique functions and language of your organization, at varying levels of granularity, and ideally including target-state capabilities that identify gaps in the future strategy.

    This blueprint provides a simplified and generic list for the purpose of categorizing similar functionality. We strongly encourage exploring Document Your Business Architecture to help in the business capability defining process, especially when visibility into your portfolio and knowledge of redundancies is poor.

    The image contains a screenshot of the business capability scenarios.

    For a more detailed capability mapping, use the Application Portfolio Snapshot and the worksheets in your current workbook.

    What is a business capability map?

    The image contains a screenshot of a business capability map.

    A business capability map (BCM) is an abstraction of business operations that helps describe what the enterprise does to achieve its vision, mission, and goals. Business capabilities are the building blocks of the enterprise. They are typically defined at varying levels of granularity and include target-state capabilities that identify gaps in the future strategy. These are the people, process, and tool units that deliver value to your teams and customers.

    Info-Tech’s Industry Coverage and Reference Architectures give you a head start on producing a BCM fit for your organization. The visual to the left is an example of a reference architecture for the retail industry.

    These are the foundational piece for our Application Portfolio Snapshot. By linking capabilities to your supporting applications, you can better visualize how the portfolio supports the organization at a single glance. More specifically, you can highlight how issues with the portfolio are impacting capability delivery.

    Reminder: Best practices imply that business capabilities are methodologically defined by business stakeholders and business architects to capture the unique functions and language of your organization.

    The approach laid out in this service is about applying minimal time and effort to make the case for proper investment into the best practices, which can include creating a tailored BCM. Start with a good enough example to produce a useful visual and generate a positive conversation toward resourcing and analyses.

    We strongly encourage exploring Document Your Business Architecture and the Application Portfolio Snapshot to understand the thorough methods and tactics for BCM.

    Why perform a high-level application alignment before rationalization?

    Having to address redundancy complicates the application rationalization process. There is no doubt that assessing applications in isolation is much easier and allows you to arrive at dispositions for your applications in a timelier manner.

    Rationalization has two basic steps: first, collect and compile information, and second, analyze that information and determine a disposition for each application. When you don’t have redundancy, you can analyze an application and determine a disposition in isolation. When you do have redundancies, you need to collect information for multiple applications, likely across departments or lines of business, then perform a comparative analysis.

    Most likely your approach will fall somewhere between the examples below and require a hybrid approach.

    Benefits of a high-level application alignment:

    • Review the degree of redundancy across your portfolio.
    • Understand the priority areas for rationalization and the sequence of information collection.

    The image contains a screenshot of a timeline of rationalization effort.

    2.2 Align apps to capabilities and functions

    Estimated time: 1-4 hours per grouping

    The APM tool provides up to three different grouping comparisons to assess how well your applications are supporting your enterprise. Although business capabilities are important, identify your organizational perspectives to determine how well your portfolio supports these functions, departments, or value streams. Each grouping should be a consistent category, type, or arrangement of applications.

    1. Enter the business capabilities, from either your own BCM or the Info-Tech reference architectures, into the Business Capability column under Grouping 1.
    2. Open the “Group 1 Alignment Matrix” worksheet in the APM Snapshot and Foundations Tool.
    3. For each application’s row, enter an “X” in the column of a capability that the application supports.
    4. Optionally, repeat these steps under Grouping 2 and 3 for each value stream, department, function, or business unit where you’d like to assess application support. Note: To use Grouping 3, unhide the columns on the “Application and Group Lists” worksheet and unhide the worksheet “Grouping 3 Alignment Matrix.”

    Record the results in the APM Snapshot and Foundations Tool

    InputOutput
    • Application inventory
    • List of business capabilities, Info-Tech Reference Architecture capabilities, departments, functions, divisions, or value streams for grouping comparison
    • Assigned business capabilities to applications
    MaterialsParticipants
    • Whiteboard and markers
    • APM Snapshot and Foundations Tool
    • Applications Lead
    • Any Applications Team Members

    2.2 APM worksheet data journey map

    The image contains a screenshot of the APM worksheet data journey map.

    2.2 Aligning applications to groups example

    Alignment Matrix: Identify applications supporting each capability or function.

    Capability, Department, or Function 1

    Capability, Department, or Function 2

    Capability, Department, or Function 3

    Capability, Department, or Function 4

    Capability, Department, or Function 5

    Capability, Department, or Function 6

    Application A

    x

    Application B

    x

    Application C

    x

    Application D

    x

    Application E

    x x

    Application F

    x

    Application G

    x

    Application H

    x

    Application I

    x

    Application J

    x

    In this example:

    BC 1 is supported by App A

    BC 2 is supported by App B

    BC 3 is supported by Apps C & D

    BCs 4 & 5 are supported by App E

    BC 6 is supported by Apps F-G. BC 6 shows an example of potential redundancy and portfolio complexity.

    The APM tool supports three different Snapshot groupings. Repeat this exercise for each grouping.

    Align application to capabilities – tool view

    The image contains screenshots of the align application to capabilities - tool view

    Phase 3

    Rationalize Your Applications

    Phase 1

    1.1 Assess Your Current Application Portfolio

    1.2 Determine Narrative

    1.3 Define Goals and Metrics

    1.4 Define Application Categories

    1.5 Determine APM Steps and Roles

    Phase 2

    2.1 Populate Your Inventory

    2.2 Align to Business Capabilities

    Phase 3

    3.1 Assess Business Value

    3.2 Assess Technical Health

    3.3 Assess End-User Perspective

    3.4 Assess Total Cost of Ownership

    Phase 4

    4.1 Review APM Snapshot Results

    4.2 Review APM Foundations Results

    4.3 Determine Dispositions

    4.4 Assess Redundancies (Optional)

    4.5 Determine Dispositions for Redundant Applications (Optional)

    4.6 Prioritize Initiatives

    4.7 Determine Ongoing APM Cadence

    This phase involves the following participants:

    • Applications Lead
    • Application SMEs

    Additional Resources

    Phase pre-step: Sequence rationalization assessments appropriately

    Use the APM Snapshot results to determine APM iterations

    • Application rationalization requires an iterative approach.
    • Review your application types and alignment from Phase 2 to begin to identify areas of overlapping or redundant applications.
    • Sequence the activities of Phase 3 based on whether you have a:
      • Redundant Portfolio
        • Use the APM Snapshot to prioritize analysis by grouping.
        • Complete the application functional analysis.
        • Use the “Application Comparison” worksheet to aid your comparison of application subsets.
        • Update application dispositions and roadmap initiatives.
      • Non-Redundant Portfolio
        • Use the APM Snapshot to prioritize analysis by grouping.
        • Update application dispositions and roadmap initiatives.

    The image contains a screenshot of a timeline of rationalization effort.

    Phase pre-step: Are the right stakeholders present?

    Make sure you have the right people at the table from the beginning.

    • Application rationalization requires specific stakeholders to provide specific data points.
    • Ensure your application subsets are grouped by shared subject matter experts. Ideally, these are grouped by business units.
    • For each subset, identify the appropriate SMEs for the five areas of rationalization criteria.
    • Communicate and schedule interviews with groups of stakeholders. Inform them of additional information sources to have readily available.
    • (Optional) This phase’s activities follow the clockwise sequence of the diagram to the right. Reorder the sequence of activities based on overlaps of availability in subject matter expertise.

    Application

    Rationalization

    Additional Information Sources

    Ideal Stakeholders

    • KPIs

    Business Value

    • Business Application/Product Owners
    • Business Unit/ Process Owners
    • Survey Results

    End User

    • Business Application/ Product Owners
    • Key/Power Users
    • End Users
    • General Ledger
    • Service Desk
    • Vendor Contracts

    TCO

    • Operations/Maintenance Manager
    • Vendor Managers
    • Finance & Acct.
    • Service Desk
    • ALM Tools

    Technical Health

    • Operations/ Maintenance Manager
    • Solution Architect
    • Security Manager
    • Dev. Manager
    • Capability Maps
    • Process Maps

    Application Alignment

    • Business Unit/ Process Owners

    Rationalize your applications

    The image contains screenshots of diagrams that reviews building your APM journey map.

    One of the principal goals of application rationalization is determining dispositions

    Disposition: The intended strategic direction or course of action for an application.

    Directionless portfolio of applications

    Assigned dispositions for individual apps

    High-level examples:

    The image contains a screenshot of an image that demonstrates a directionless portfolio of applications.

    Maintain: Keep the application but adjust its support structure.

    The image contains screenshots of a few images taken from the directionless application to demonstrate the text above.

    Modernize: Create a new project to address an inadequacy.

    The image contains screenshots of a few images taken from the directionless application to demonstrate the text above.

    Consolidate: Create a new project to reduce duplicate functionality.

    The image contains screenshots of a few images taken from the directionless application to demonstrate the text above.

    Retire: Phase out the application.

    The image contains screenshots of a few images taken from the directionless application to demonstrate the text above.

    Application rationalization provides insight

    Directionless portfolio of applications

    Info-Tech’s Five Lens Model

    Assigned dispositions for individual apps

    The image contains a screenshot of an example of directionless portfolio of applications.

    Application Alignment

    Business Value

    Technical Health

    End-User Perspective

    Total Cost of Ownership (TCO)

    Maintain: Keep the application but adjust its support structure.

    Modernize: Create a new initiative to address an inadequacy.

    Consolidate: Create a new initiative to reduce duplicate functionality.

    Retire: Phase out the application.

    Disposition: The intended strategic direction or implied course of action for an application.

    How well do your apps support your core functions and teams?

    How well are your apps aligned to value delivery?

    Do your apps meet all IT quality standards and policies?

    How well do your apps meet your end users’ needs?

    What is the relative cost of ownership and operation of your apps?

    Application rationalization requires the collection of several data points that represent these perspectives and act as the criteria for determining a disposition for each of your applications.

    Disposition: The intended strategic direction or implied course of action for an application.

    3.1-3.4 APM worksheet data journey map

    The image contains a screenshot of the APM worksheet data journey map.

    Assessing application business value

    The Business Business Value of Applications IT
    Keepers of the organization’s mission, vision, and value statements that define IT success. The business maintains the overall ownership and evaluation of the applications. Technical subject matter experts of the applications they deliver and maintain. Each IT function works together to ensure quality applications are delivered to stakeholder expectations.

    First, the authorities on business value need to define and weigh their value drivers that describe the priorities of the organization.

    This will then allow the applications team to apply a consistent, objective, and strategically aligned evaluation of applications across the organization.

    In this context…business value is the value of the business outcome that the application produces and how effective the application is at producing that outcome.

    Business value IS NOT the user’s experience or satisfaction with the application.

    Review the value drivers of your applications

    The image contains a screenshot of a the business value matrix.

    Financial vs. Human Benefits

    Financial benefits refer to the degree to which the value source can be measured through monetary metrics and are often quite tangible.

    Human benefits refer to how an application can deliver value through a user’s experience.

    Inward vs. Outward Orientation

    Inward orientation refers to value sources that have an internal impact and improve your organization’s effectiveness and efficiency in performing its operations.

    Outward orientation refers to value sources that come from your interaction with external factors, such as the market or your customers.

    Increased Revenue

    Reduced Costs

    Enhanced Services

    Reach Customers

    Application functions that are specifically related to the impact on your organization’s ability to generate revenue and deliver value to your customers.

    Reduction of overhead. The ways in which an application limits the operational costs of business functions.

    Functions that enable business capabilities that improve the organization’s ability to perform its internal operations.

    Application functions that enable and improve the interaction with customers or produce market information and insights.

    3.1 Assess business value

    Estimated time: 1 -4 hours

    1. Review Info-Tech’s four quadrants of business value: increase revenue/value, reduce costs, enhance services, and reach customers. Edit your value drivers, description, and scoring on the “Rationalization Inputs” worksheet. For each value driver, update the key indicators specific to your organization’s priorities. When editing the scoring descriptions, keep only the one you are using.
    2. (Optional) Add an additional value driver if your organization has distinct value drivers (e.g. compliance, sustainability, innovation, and growth).
    3. For each application, score on a scale of 0 to 5 how impactful the application is for each value driver. Use the indicators set in Phase 1 to guide your scoring.
    4. For each value driver, adjust the criteria weighting to match its relative importance to the organization. Start with a balanced or low weighting. Adjust the weights to ensure that the category score matches your relative values and priorities.

    Record the results in the APM Snapshot and Foundations Tool

    InputOutput
    • Knowledge of organizational priorities
    • (Optional) Existing mission, vision, and value statements
    • Scoring scheme for assessing business value
    MaterialsParticipants
    • Whiteboard and markers
    • APM Snapshot and Foundations Tool
    • Applications Lead
    • Key Corporate Stakeholders

    3.1 Weigh value drivers: Example

    The image contains a screenshot example of the weigh value drivers.

    For additional support in implementing a balanced value framework, refer to Build a Value Measurement Framework.

    Understand the back end and technical health of your applications

    Technical health identifies the extent of technology risk to the organization.

    MAINTAINABILITY (RAS)

    RAS refers to an app’s reliability, availability, and serviceability. How often, how long, and how difficult is it for your resources to keep an app functioning, and what are the resulting continuity risks? This can include root causes of maintenance challenges.

    SECURITY

    Applications should be aligned and compliant with ALL security policies. Are there vulnerabilities or is there a history of security incidents? Remember that threats are often internal and non-malicious.

    ADAPTABILITY

    How easily can the app be enhanced or scaled to meet changes in business needs? Does the app fit within the business strategy?

    INTEROPERABILITY

    The degree to which an app is integrated with current systems. Apps require comprehensive technical planning and oversight to ensure they connect within the greater application architecture. Does the app fit within your enterprise architecture strategy?

    BUSINESS CONTINUITY/DISASTER RECOVERY

    The degree to which the application is compatible with business continuity/disaster recovery (BC/DR) policies and plans that are routinely tested and verified.

    Unfortunately, the business only cares about what they can see or experience. Rationalization is your opportunity to get risk on the business’ radar and gain buy-in for the necessary action.

    3.2 Assess technical health

    Estimated time: 1-4 hours

    1. Review Info-Tech’s suggested technical health criteria. Edit your criteria, descriptions, and scoring on the “Rationalization Inputs” worksheet. For each criterion, update the key indicators specific to your organization’s priorities.
    2. For each application, score on a scale of 1 to 5 on how impactful the application is for each criterion.
    3. For each criterion, adjust the weighting to match its relative importance to the organization. Start with a balanced or low weighting. Adjust the weights to ensure that the category score matches your relative values and priorities.
    InputOutput
    • Familiarity of technical health perspective for applications within this subset
    • Maintenance history, architectural models
    • Technical health scores for each application
    MaterialsParticipants
    • APM Snapshot and Foundations Tool
    • Technical SMEs
    • Applications Lead
    • Any Applications Team Members

    Record the results in the APM Snapshot and Foundations Tool

    End users provide valuable perspective

    Your end users are your best means of determining front-end issues.

    Data Quality

    To what degree do the end users find the data quality sufficient to perform their role and achieve their desired outcome?

    Effectiveness

    To what degree do the end users find the application effective for performing their role and desired outcome?

    Usability

    To what degree do the end users find the application reliable and easy to use to achieve their desired outcome?

    Satisfaction

    To what degree are end users satisfied with the features of this application?

    What else matters to you?

    Tune your criteria to match your values and priorities.

    Info-Tech Best Practice

    When facing large user groups, do not make assumptions or use lengthy methods of collecting information. Use Info-Tech’s Application Portfolio Assessment to collect data by surveying your end users’ perspectives.

    3.3 Assess end-user perspective

    Estimated time: 1-4 hours

    1. Review Info-Tech’s suggested end-user perspective criteria. Edit your criteria, descriptions and scoring on the “Rationalization Inputs” worksheet. For each criterion, update the key indicators specific to your organization’s priorities.
    2. For each application, score on a scale of 1 to 5 on how impactful the application is for each criterion.
    3. For each criterion, adjust the weighting to match its relative importance to the organization. Start with a balanced or low weighting. Adjust the weights to ensure that the category score matches your relative values and priorities.
    InputOutput
    • Familiarity of end user’s perspective for applications within this subset
    • User satisfaction scores for each application
    MaterialsParticipants
    • APM Snapshot and Foundations Tool
    • Business Owners, Key Users
    • Applications Lead
    • Any Applications Team Members

    Record the results in the APM Snapshot and Foundations Tool

    Consider the spectrum of application cost

    An application’s cost extends past a vendor’s fee and even the application itself.

    LICENSING AND SUBSCRIPTIONS: Your recurring payments to a vendor.

    Many commercial off-the-shelf applications require a license on a per-user basis. Review contracts and determine costs by looking at per-user or fixed rates charged by the vendor.

    MAINTENANCE COSTS: Your internal spending to maintain an app.

    These are the additional costs to maintain an application such as support agreements, annual maintenance fees, or additional software or hosting expenses.

    INDIRECT COSTS: Miscellaneous expenses necessary for an app’s continued use.

    Expenses like end-user training, developer education, and admin are often neglected, but they are very real costs organizations pay regularly.

    RETURN ON INVESTMENT: Perceived value of the application related to its TCO.

    Some of our most valuable applications are the most expensive. ROI is an optional criterion to account for the value and importance of the application.

    Info-Tech Best Practice

    The TCO assessment is one area where what you are considering the ”application” matters quite a bit. An application’s peripherals or software components need to be considered in your estimates. For additional help calculating TCO, use the Application TCO Calculator from Build a Rationalization Framework.

    3.4 Assess total cost of ownership

    Estimated time: 1-4 hours

    1. Review Info-Tech’s suggested TCO criteria. Edit your criteria, descriptions, and scoring on the “Rationalization Inputs” worksheet. For each criterion, update the key indicators specific to your organization’s priorities.
    2. For each application, score on a scale of 1 to 5 on how impactful the application is for each criterion.
    3. For each criterion, adjust the weighting to match its relative importance to the organization. Start with a balanced or low weighting. Adjust the weights to ensure that the category score matches your relative values and priorities.
    InputOutput
    • Familiarity with the TCO for applications within this subset
    • Vendor contracts, maintenance history
    • TCO scores for each application
    MaterialsParticipants
    • APM Snapshot and Foundations Tool
    • Business Owners, Vendor Managers, Operations Managers
    • Applications Lead
    • Any Applications Team Members

    Record the results in the APM Snapshot and Foundations Tool

    Phase 4

    Populate Your Roadmap

    Phase 1

    1.1 Assess Your Current Application Portfolio

    1.2 Determine Narrative

    1.3 Define Goals and Metrics

    1.4 Define Application Categories

    1.5 Determine APM Steps and Roles

    Phase 2

    2.1 Populate Your Inventory

    2.2 Align to Business Capabilities

    Phase 3

    3.1 Assess Business Value

    3.2 Assess Technical Health

    3.3 Assess End-User Perspective

    3.4 Assess Total Cost of Ownership

    Phase 4

    4.1 Review APM Snapshot Results

    4.2 Review APM Foundations Results

    4.3 Determine Dispositions

    4.4 Assess Redundancies (Optional)

    4.5 Determine Dispositions for Redundant Applications (Optional)

    4.6 Prioritize Initiatives

    4.7 Determine Ongoing APM Cadence

    his phase involves the following participants:

    • Applications Lead
    • Delivery Leads

    Additional Resources

    Review your APM Snapshot

    The image contains a screenshot of examples of applications that support APM.

    4.1 Review your APM Snapshot results

    Estimated time: 1-2 hours

    1. The APM Snapshot provides a dashboard to support your APM program’s focus and as an input to demand planning. Unhide the “Group 3” worksheet if you completed the alignment matrix.
    2. For each grouping area, review the results to determine underperforming areas. Use this information to prioritize your application root cause analysis and demand planning. Use the key on the following slide to guide your analysis.
    3. Analysis guidance:
      1. Start with the quartile grouping to find areas scoring in Remediate or Critical Need and focus follow-up actions on these areas.
      2. Use the lens/category heat map to determine which lenses are underperforming. Use this to then look up the individual app scores supporting that group to identify application issues.
      3. Use the “Application Comparison” worksheet to select and compare applications for the group to make your review and comparison easier.
      4. Work with teams in the group to provide root cause analysis for low scores.
      5. Build a plan to address any apps not supported by IT.
    InputOutput
    • Application list
    • Application to Group mapping
    • Rationalization scores
    • Awareness of application support for each grouping

    Materials

    Participants
    • APM Snapshot and Foundations Tool
    • Business Owners
    • Applications Lead
    • Any Applications Team Members

    Record the results in the APM Snapshot and Foundations Tool

    Interpreting your APM Snapshot

    The image contains a screenshot of the APM Snapshot with guides on how to interpret it.

    4.1 APM worksheet data journey map

    The image contains a screenshot of the AMP worksheet data journey map.

    Review your APM rationalization results

    The image contains a screenshot of examples of applications that support APM.

    4.2 Review your APM Foundations results

    Estimated time: 1-2 hours

    The APM Foundations Results dashboard (“App Rationalization Results” worksheet) provides a detailed summary of your relative app scoring to serve as input to demand planning.

    1. For each grouping, review the results to determine underperforming app support. Use this information to prioritize your application root cause analysis using the individual criteria scores on the “Rationalization Inputs” worksheet.
    2. Use guidance on the following example slides to understand each area of the results.
    3. Any applications marked as N/A for evaluation will display N/A on the results worksheet and will not be displayed in the chart. You can still enter dispositions.
    4. Use the column filters to compare a subset of applications or use the “App Comparison” worksheet to maintain an ongoing view by grouping, redundancy, or category.
    5. Any applications marked as N/A for evaluation will display N/A on the results worksheet and will not be displayed in the chart. You can still enter dispositions.
    InputOutput
    • Application list
    • Rationalization scores
    • Application awareness
    MaterialsParticipants
    • APM Snapshot and Foundations Tool
    • Business Owners
    • Applications Lead
    • Any Applications Team Members

    Record the results in the APM Snapshot and Foundations Tool

    4.2 APM worksheet data journey map

    The image contains a screenshot of the AMP worksheet data journey map.

    Interpreting your APM Foundations results

    The image contains a screenshot of the APM Foundations results.

    Interpreting your APM Foundations chart

    The image contains a screenshot of the APM Foundations chart.

    Modernize your applications

    The image contains a screenshot of examples of applications that support APM.

    Apply Info-Tech’s 6 R’s Rationalization Disposition Model

    The image contains a screenshot of Info-Tech's 6 R's Rationalization Disposition Model.

    Disposition

    Description

    Reward

    Prioritize new features or enhancement requests and openly welcome the expansion of these applications as new requests are presented.

    Refresh

    Address the poor end-user satisfaction with a prioritized project. Consult with users to determine if UX issues require improvement to address satisfaction.

    Refocus

    Determine the root cause of the low value. Refocus, retrain, or refresh the UX to improve value. If there is no value found, aim to "keep the lights on" until the app can be decommissioned.

    Replace

    Replace or rebuild the application as technical and user issues are putting important business capabilities at risk. Decommission application alongside replacement.

    Remediate

    Address the poor technical health or risk with a prioritized project. Further consult with development and technical teams to determine if migration or refactoring is suited to address the technical issue.

    Retire

    Cancel any requested features and enhancements. Schedule the proper decommission and transfer end users to a new or alternative system if necessary.

    TCO, compared relatively to business value, helps determine the practicality of a disposition and the urgency of any call to action. Application alignment is factored in when assessing redundancies and has a separate set of dispositions.

    4.3 Determine dispositions

    Estimated time: 1-4 hours

    1. The Recommended Disposition and Priority fields are prepopulated from your scoring thresholds and options on the “Disposition Options” worksheet. You can update any individual application disposition or priority using the drop-down menu and it will populate your selection on the “Roadmap” worksheet.
    2. Question if that disposition is appropriate. Be sure to consider:
      1. TCO – cost should come into play for any decisions.
      2. Alignment to strategic goals set for the overarching organizational, IT, technology (infrastructure), or application portfolio.
      3. Existing organizational priorities or funded initiatives impacting the app.
    3. Some dispositions may imply a call to action, new project, or initiative. Ideate and/or discuss with the team any potential initiatives. You can use different dispositions and priorities on the “App Rationalization Results” and “Roadmap” worksheets.
    4. Note: Modify the list of dispositions on the “Disposition Options” worksheet as appropriate for your rationalization initiative. Any modifications to the Disposition column will be automatically updated in the “App Rationalization Results” and “Roadmap” worksheets.
    InputOutput
    • Rationalization results
    • Assigned dispositions for applications
    MaterialsParticipants
    • APM Snapshot and Foundations Tool
    • Business Owners
    • Applications Lead
    • Any Applications Team Members

    Record the results in the APM Snapshot and Foundations Tool

    4.3 APM worksheet data journey map

    The image contains a screenshot of the worksheet data journey map.

    Redundancies require a different analysis and set of dispositions

    Solving application redundancy is a lot more complicated than simply keeping one application and eliminating the others.

    First, you need to understand the extent of the redundancy. The applications may support the same capability, but do they offer the same functions? Determine which apps offer which functions within a capability. This means you cannot accurately arrive at a disposition until you have evaluated all applications.

    Next, you need to isolate the preferred system. This is completed by comparing the same data points collected for rationalization and the application alignment analysis. Cost and coverage of all necessary functions become the more important factors in this decision-making process.

    Lastly, for the non-preferred redundant applications you need to determine: What will you do with the users? What will you do with the data? And what can you do with the functionality (can the actual coding be merged onto a common platform)?

    Disposition

    Description & Additional Analysis

    Call to Action (Priority)

    Keep & Absorb

    Higher value, health satisfaction, and cost than alternatives

    These are the preferred apps to be kept. However, additional efforts are still required to migrate new users and data and potentially configure the app to new processes.

    Application or Process Initiative

    (Moderate)

    Shift & Retire

    Lower value, health satisfaction, and cost than alternatives

    These apps will be decommissioned alongside efforts to migrate users and data to the preferred system.

    *Confirm there are no unique and necessary features.

    Process Initiative & Decommission

    (Moderate)

    Merge

    Lower value, health satisfaction, and cost than alternatives but still has some necessary unique features

    These apps will be merged with the preferred system onto a common platform.

    *Determine the unique and necessary features.

    *Determine if the multiple applications are compatible for consolidation.

    Application Initiative

    (Moderate)

    Compare groups of applications

    The image contains a screenshot of examples of applications that support APM.

    4.4 Assess redundancies (optional)

    Estimated rime: 1 hour per group

    This exercise is best performed after aligning business capabilities to applications across the portfolio and identifying your areas of redundancy. At this stage, this is still an information collection exercise, and it will not yield a consolidation-based disposition until applied to all relevant applications. Lastly, this exercise may still be at too high a level to outline the full details of redundancy, but it is still vital information to collect and a starting point to determine which areas require more concentrated analysis.

    1. Determine which areas of redundancy or comparisons are desired. Duplicate the “App Comparison” worksheet for each grouping or comparison.
    2. Extend the comparison to better identify redundancy.
      1. For each area of redundancy, identify the high-level features. Aim to limit the features to ten, grouping smaller features if necessary. SoftwareReviews can be a resource for identifying common features.
      2. Label features using the MoSCoW model: must have, should have, could have, will not have.
      3. For each application, identify which features they support. You can use the grouping alignment matrix as a template for feature alignment comparison. Duplicate the worksheet, unlock it, and replace the grouping cell references with your list of features.
    Input Output
    • Areas of redundancy
    • Familiarity with features for applications within this subset
    • Feature-level review of application redundancy
    Materials Participants
    • Whiteboard and markers
    • APM Snapshot and Foundations Tool
    • Business Owners
    • Applications Lead
    • Any Applications Team Members

    Record the results in the APM Snapshot and Foundations Tool

    4.4 Assess redundancies (optional)

    Account Management

    Call Management

    Order/Transaction Processing

    Contract Management

    Lead/Opportunity Management

    Forecasting/Planning

    Customer Surveying

    Email Synchronization

    M M M M S S C W

    CRM 1

    CRM 2

    CRM 3

    4.5 Determine dispositions for redundant applications (optional)

    Estimated time: 1 hour per group

    1. Based on the feature-level assessment, determine if you can omit applications if they don’t truly overlap with other applications.
    2. Make a copy of the “App Comparison” worksheet and select the applications you want to compare based on your functional analysis.
    3. Determine the preferred application(s). Use the diagram to inform your decision. This may be the application closest to the top right (strong health and value). However, less expensive options or any options that provide a more complete set of features may be preferable.
    4. Open the “App Rationalization Results” worksheet. Update your disposition for each application.
    5. Use these updated dispositions to determine a call to action, new project, or initiative. Ideate and/or discuss with the team any potential initiatives. Update your roadmap with these initiatives in the next step.
    InputOutput
    • Feature-level review of application redundancy
    • Redundancy comparison
    • Assigned dispositions for redundant applications
    MaterialsParticipants
    • APM Snapshot and Foundations Tool
    • Business Owners
    • Applications Lead
    • Any Applications Team Members

    Record the results in the APM Snapshot and Foundations Tool

    Compare application groups

    Group comparison can be used for more than just redundant/overlapping applications.

    The image contains a screenshot of images that demonstrate comparing application groups.

    Roadmaps are used for different purposes

    Roadmaps are used for different communication purposes and at varying points in your application delivery practice. Some use a roadmap to showcase strategy and act as a feedback mechanism that allows stakeholders to validate any changes (process 1). Others may use it to illustrate and communicate approved and granular elements of a change to an application to inform appropriate stakeholders of what to anticipate (process 2).

    Select Dispositions & Identify New Initiatives

    Add to Roadmap

    Validate Direction

    Plan Project

    Execute Project

    Select Dispositions & Identify New Initiatives

    • Project Proposal
    • Feasibility/ Estimation
    • Impact Assessment
    • Business Case
    • Initial Design

    Approve Project

    Add to Roadmap

    Execute Project

    The steps between selecting a disposition and executing on any resulting project will vary based on the organization’s project intake standards (or lack thereof).

    This blueprint focuses on building a strategic portfolio roadmap prior to any in-depth assessments related to initiative/project intake, approval, and prioritization. For in-depth support related to intake, approval, prioritization, or planning, review the following resources.

    The image contains a screenshot of the Deliver on your Digital Product Vision blueprint. The image contains a screenshot of the Deliver Digital Products at Scale blueprint.

    Determine what makes it onto the roadmap

    A roadmap should not be limited to what is approved or committed to. A roadmap should be used to present the items that need to happen and begin the discussion of how or if this can be put into place. However, not every idea should make the cut and end up in front of key stakeholders.

    The image contains a screenshot of steps to be taken to determine what makes it onto the roadmap.

    4.6 Prioritize initiatives

    Estimated time: 1-4 hours

    1. This is a high-level assessment to provide a sense of feasibility, practicality, and priority as well as an estimated timeline of a given initiative. Do not get lost in granular estimations. Use this as an input to your demand planning process.
    2. Enter the specific name or type of initiative.
      1. Process Initiative: Any project or effort focused on process improvements without technical modification to an app (e.g. user migration, change in SLA, new training program). Write the application and initiative name on a blue sticky note.
      2. App Initiative: Any project or effort involving technical modification to an app (e.g. refactoring, platform migration, feature addition or upgrade). Write the application and initiative name on a yellow sticky note.
      3. Decommission Initiative: Any project and related efforts to remove an app (e.g. migrating data, removal from server). Write the application and initiative name on a red sticky note.
    3. Prioritize the initiative to aid in demand planning. This is prepopulated from your selected application disposition, but you can set a different priority for the initiative here.
    4. Select the Initiative Phase in the timeline to show the intended schedule and sequencing of the initiative.
    Input Output
    • Assigned dispositions
    • Rationalization results
    • Prioritized initiatives
    Materials Participants
    • Whiteboard and markers
    • APM Snapshot and Foundations Tool
    • Delivery Leads
    • Applications Lead
    • Any Applications Team Members

    Record the results in the APM Snapshot and Foundations Tool

    4.6 APM worksheet data journey map

    The image contains a screenshot of the worksheet data journey map.

    Populate roadmap example

    The image contains an example of the populate roadmap.

    Create a recurring update plan

    • Application inventories become stale before you know it. Build steps in your procurement process to capture the appropriate information on new applications. Also, build in checkpoints to revisit your inventory regularly to assess the accuracy of inventory data.
    • Rationalization is not one and done; it must occur with an appropriate cadence.
      • Business priorities change, which will impact the current and future value of your apps.
      • Now more than ever, user expectations evolve rapidly.
      • Application sprawl likely won’t stop, so neither will shadow IT and redundancies.
      • Obsolescence, growing technical debt, changing security threats, or shifting technology strategies are all inevitable, as is the gradual decline of an app’s health or technical fit.
    • An application’s disposition changes quicker than you think, and rationalization requires a structured cadence. You need to plan to minimize the need for repeated efforts. Conversely, many use preceding iterations to increase the analysis (e.g. more thorough TCO projections or more granular capability-application alignment).
    • Portfolio roadmaps require a cadence for both updates and presentations to stakeholders. Updates are often completed semiannually or quarterly to gauge the business adjustments that affect the timeline of the domain-specific applications. The presentation of a roadmap should be completed alongside meetings or gatherings of key decision makers.
    • M&A or other restructuring events will prompt the need to address all the above.

    The image contains a screenshot of chart to help determine frequency of updating your roadmap.

    Build your APM maturity by taking the right steps at the right time

    The image contains a diagram to demonstrate the steps taken to build APM maturity.

    Info-Tech’s Build an Application Rationalization Framework provides additional TCO and value tools to help build out your portfolio strategy.

    APM is an iterative and evergreen process

    APM provides oversight and awareness of your application portfolio’s performance and support for your business operations and value delivery to all users and customers.

    Determine scope and categories Build your list of applications and capabilities Score each application based on your values Determine outcomes based on app scoring and support for capabilities

    1. Lay Your Foundations

    • 1.1 Assess the state of your current application portfolio
    • 1.2 Determine narrative
    • 1.3 Define goals and metrics
    • 1.4 Define application categories
    • 1.5 Determine APM steps and roles (SIPOC)

    2. Improve Your Inventory

    • 2.1 Populate your inventory
    • 2.2 Align to business capabilities

    3. Rationalize Your Apps

    • 3.1 Assess business value
    • 3.2 Assess technical health
    • 3.3 Assess end-user perspective
    • 3.4 Assess total cost of ownership

    4. Populate Your Roadmap

    • 4.1 Review APM Snapshot results
    • 4.2 Review APM Foundations results
    • 4.3 Determine dispositions
    • 4.4 Assess redundancies (Optional)
    • 4.5 Determine dispositions for redundant applications (Optional)
    • 4.6 Prioritize initiatives
    • 4.7 Ongoing APM cadence

    Repeat according to APM cadence and application changes

    4.7 Ongoing APM cadence

    Estimated time: 1-2 hours

    1. Determine how frequently you will update or present the artifacts of your APM practice: Application Inventory, Rationalization, Disposition, and Roadmap.
    2. For each artifact, determine the:
      1. Owner: Who is accountable for the artifact and the data or information within the artifact and will be responsible for or delegate the responsibility of updating or presenting the artifact to the appropriate audience?
      2. Update Cadence: How frequently will you update the artifact? Include what regularly scheduled meetings this activity will be within.
      3. Update Scope: Describe what activities will be performed to keep the artifact up to date. The goal here is to minimize the need for a full set of activities laid out within the blueprint. Optional: How will you expand the thoroughness of your analysis?
      4. Audience: Who is the audience for the artifact or assessment results?
      5. Presentation Cadence: How frequently and when will you review the artifact with the audience?
    InputOutput
    • Initial experience with APM
    • Strategic meetings schedule
    • Ongoing cadence for APM activities
    MaterialsParticipants
    • Whiteboard and markers
    • APM Snapshot and Foundations Tool
    • Applications Lead
    • Any Applications Team Members

    Record the results in the APM Snapshot and Foundations Tool

    4.7 Ongoing APM cadence

    Artifact

    Owner

    Update Cadence

    Update Scope

    Audience

    Presentation Cadence

    Inventory

    Greg Dawson

    • As new applications are acquired
    • Annual review
    • Add new application data points (this is added to implementation standards)
    • Review inventory and perform a data health check
    • Validate with app’s SME
    • Whole organization
    • Always available on team site

    Rationalization Tool

    Judy Ng

    • Annual update
    • Revisit value driver weights
    • Survey end users
    • Interview support owners
    • Interview business owners
    • Update TCO based on change in operational costs; expand thoroughness of cost estimates
    • Rescore applications
    • Business owners of applications
    • IT leaders
    • Annually alongside yearly strategy meeting

    Portfolio Roadmap

    Judy Ng

    • Monthly update alongside project updates
    • Shift the timeline of the roadmap to current day 1
    • Carry over project updates and timeline changes
    • Validate with PMs and business owners
    • Steering Committee
    • Business owners of applications
    • IT leaders
    • Quarterly alongside Steering Committee meetings
    • Upon request

    Appendices

    • Additional support slides
    • Bibliography

    The APM tool provides a single source of truth and global data sharing

    The table shows where source data is used to support different aspects of APM discovery, rationalization, and modernization.

    Worksheet Data Mapping

    Application and Capability List

    Group Alignment Matrix (1-3)

    Rationalization Inputs

    Group 1-3 Results

    Application Inventory Details

    App Rationalization Results

    Roadmap

    App Redundancy Comparison

    Application and Capability List

    App list, Groupings

    App list

    App list, Groupings

    App list, Categories

    App list, Categories

    App list

    App list

    Groups 1-3 Alignment Matrix

    App to Group Tracing

    Application Categories

    Category
    drop-down

    Category

    Category

    Rationalization Inputs

    Lens Scores (weighted input to Group score)

    Lens Scores (weighted input)

    Disposition Options

    Disposition list, Priorities list, Recommended Disposition and Priority

    Lens Scores (weighted input)

    App Rationalization Results

    Disposition

    Common application inventory attributes

    Attribute Description Common Collection Method
    Name Organization’s terminology used for the application. Auto-discovery tools will provide names for the applications they reveal. However, this may not be the organizational nomenclature. You may adapt the names by leveraging pre-existing documentation and internal knowledge or by consulting business users.
    ID Unique identifiers assigned to the application (e.g. app number). Typically an identification system developed by the application portfolio manager.
    Description A brief description of the application, often referencing core capabilities. Typically completed by leveraging pre-existing documentation and internal knowledge or by consulting business users.
    Business Units A list of all business units, departments, or user groups. Consultation, surveys, or interviews with business unit representatives. However, this doesn’t always expose hidden applications. Application-capability mapping is the most effective way to determine all the business units/user groups of an app.
    Business Capabilities A list of business capabilities the application is intended to enable. Application capability mapping completed via interviews with business unit representatives.
    Criticality A high-level grading of the importance of the application to the business, typically used for support prioritization purposes (i.e. critical, high, medium, low). Typically the criticality rating is determined by a committee representing IT and business leaders.
    Ownership The individual accountable for various aspect of the application (e.g. product owner, product manager, application support, data owner); typically includes contact information and alternatives. If application ownership is an established accountability in your organization, typically consulting appropriate business stakeholders will reveal this information. Otherwise, application capability mapping can be an effective means of identifying who that owner should be.
    Application SMEs Any relevant subject matter experts who can speak to various aspects of the application (e.g. business process owners, development managers, data architects, data stewards, application architects, enterprise architects). Technical SMEs should be known within an IT department, but shadow IT apps may require interviews with the business unit. Application capability mapping will determine the identity of those key users/business process SMEs.
    Type An indication of whether the application was developed in-house, commercial off-the-shelf, or a hybrid option. Consultation, surveys, or interviews with product owners or development managers.
    Active Status An indication of whether the application is currently active, out of commission, in repair, etc. Consultation, surveys, or interviews with product owners or operation managers.

    Common application inventory attributes

    Attribute Description Common Collection Method
    Vendor Information Identification of the vendor from whom the software was procured. May include additional items such as the vendor’s contact information. Consultation with business SMEs, end users, or procurement teams, or review of vendor contracts or license agreements.
    Links to Other Documentation Pertinent information regarding the other relevant documentation of the application (e.g. SLA, vendor contracts, data use policies, disaster recovery plan). Typically includes links to documents. Consultation with product owners, service providers, or SMEs, or review of vendor contracts or license agreements.
    Number of Users The current number of users for the application. This can be based on license information but will often require some estimation. Can include additional items of quantities at different levels of access (e.g. admin, key users, power users). Consultation, surveys, or interviews with product owners or appropriate business SMEs or review of vendor contracts or license agreements. Auto-discovery tools can reveal this information.
    Software Dependencies List of other applications or operating components required to run the application. Consultation with application architects and any architectural tools or documentation. This information can begin to reveal itself through application capability mapping.
    Hardware Dependencies Identification of any hardware or infrastructure components required to run the application (i.e. databases, platform). Consultation with infrastructure or enterprise architects and any architectural tools or documentation. This information can begin to reveal itself through application capability mapping.
    Development Language Coding language used for the application. Consultation, surveys, or interviews with development managers or appropriate technical SMEs.
    Platform A framework of services that application programs rely on for standard operations. Consultation, surveys, or interviews with infrastructure or development managers.
    Lifecycle Stage Where an application is within the birth, growth, mature, end-of-life lifecycle. Consultation with business owners and technical SMEs.
    Scheduled Updates Any major or minor updates related to the application, including the release date. Consultation with business owners and vendor managers.
    Planned or In-Flight Projects Any projects related to the application, including estimated project timeline. Consultation with business owners and project managers.

    Bibliography

    ”2019 Technology & Small Business Survey.” National Small Business Association (NSBA), n.d. Accessed 1 April 2020.
    “Application Rationalization – Essential Part of the Process for Modernization and Operational Efficiency.” Flexera, 2015. Web.
    “Applications Rationalization during M&A: Standardize, Streamline, Simplify.” Deloitte Consulting, 2016. Web.
    Bowling, Alan. “Clearer Visibility of Product Roadmaps Improves IT Planning.” ComputerWeekly.com, 1 Nov. 2010. Web.
    Brown, Alex. “Calculating Business Value.” Agile 2014 Orlando, 13 July 2014. Scrum Inc. 2014. Web.
    Brown, Roger. “Defining Business Value.” Scrum Gathering San Diego 2017. Agile Coach Journal. Web.
    “Business Application Definition.” Microsoft Docs, 18 July 2012. Web.
    “Connecting Small Businesses in the US.” Deloitte Consulting, 2017. Accessed 1 April. 2020.
    Craveiro, João. “Marty meets Martin: connecting the two triads of Product Management.” Product Coalition, 18 Nov. 2017. Web.
    Curtis, Bill. “The Business Value of Application Internal Quality.” CAST, 6 April 2009. Web.
    Fleet, Neville, Joan Lasselle, and Paul Zimmerman. “Using a Balance Scorecard to Measure the Productivity and Value of Technical Documentation Organizations.” CIDM, April 2008. Web.
    Fowler, Martin. “Application Boundary.” MartinFowler.com, 11 Sept. 2003. Web.
    Harris, Michael. “Measuring the Business Value of IT.” David Consulting Group, 2007. Web.
    “How Application Rationalization Contributes to the Bottom Line.” LeanIX, 2017. Web.
    Jayanthi, Aruna. “Application Landscape Report 2014.” Capgemini, 4 March 2014. Web.
    Lankhorst, Marc., et al. “Architecture-Based IT Valuation.” Via Nova Architectura, 31 March 2010. Web.
    “Management of business application.” ServiceNow, Jan.2020. Accessed 1 April 2020.
    Mauboussin, Michael J. “The True Measures of Success.” HBR, Oct. 2012. Web.
    Neogi, Sombit., et al. “Next Generation Application Portfolio Rationalization.” TATA, 2011. Web.
    Riverbed. “Measuring the Business Impact of IT Through Application Performance.” CIO Summits, 2015. Web.
    Rouse, Margaret. “Application Rationalization.” TechTarget, March 2016. Web.
    Van Ramshorst, E.A. “Application Portfolio Management from an Enterprise Architecture Perspective.” Universiteit Utrecht, July 2013.
    “What is a Balanced Scorecard?” Intrafocus, n.d. Web.
    Whitney, Lance. “SMBs share their biggest constraints and great challenges.” Tech Republic, 6 May 2019. Web.

    Prepare for the Upgrade to Windows 11

    • Buy Link or Shortcode: {j2store}166|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: End-User Computing Devices
    • Parent Category Link: /end-user-computing-devices
    • Windows 10 is going EOL in 2025.That is closer than you think.
    • Many of your endpoints are not eligible for the Windows 11 upgrade. You can’t afford to replace all your endpoints this year. How do you manage this Microsoft initiated catastrophe?
    • You want to stay close to the leading edge of technology and services, but how do you do that while keeping your spending in check and within budget?

    Our Advice

    Critical Insight

    Windows 11 is a step forward in security, which is one of the primary reasons for the release of the new operating system. Windows 11 comes with a list of hardware requirements that enable the use of tools and features that, when combined, will reduce malware infections.

    Impact and Result

    Windows 11 hardware requirements will result in devices that are not eligible for the upgrade. Companies will be left to spend money on replacement devices. Following the Info-Tech guidance will help clients properly budget for hardware replacements before Windows 10 is no longer supported by Microsoft. Eligible devices can be upgraded, but Info-Tech guidance can help clients properly plan the upgrade using the upgrade ring approach.

    Prepare for the Upgrade to Windows 11 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prepare for the Upgrade to Windows 11 Deck – A look into some of the pros and cons of Microsoft’s latest desktop operating system, along with guidance on moving forward with this inevitable upgrade.

    Discover the reason for the release of Windows 11, what you require to be eligible for the upgrade, what features were added or updated, and what features were removed. Our guidance will assist you with a planned and controlled rollout of the Windows 11 upgrade. We also provide guidance on how to approach a device refresh plan if some devices are not eligible for Windows 11. The upgrade is inevitable, but you have time, and you have options.

    • Prepare for the Upgrade to Windows 11 Storyboard

    2. What Are My Options If My Devices Cannot Upgrade to Windows 11? – Build a Windows 11 Device Replacement budget with our Hardware Asset Management Budgeting Tool.

    This tool will help you budget for a hardware asset refresh and to adjust the budget as necessary to accommodate any unexpected changes. The tool can easily be modified to assist in developing and justifying the budget for hardware assets for a Windows 11 project. Follow the instructions on each tab and feel free to play with the HAM budgeting tool to fit your needs.

    • HAM Budgeting Tool
    [infographic]

    Further reading

    Prepare for the Upgrade to Windows 11

    The upgrade is inevitable, but you have time, and you have options.

    Analyst Perspective

    Upgrading to Windows 11 is easy, and while it should be properly investigated and planned, it should absolutely be an activity you undertake.

    “You hear that Mr. Anderson? That is the sound of inevitability.” ("The Matrix Quotes" )

    The fictitious Agent Smith uttered those words to Keanu Reeves’ character, Neo, in The Matrix in 1999, and while Agent Smith was using them in a very sinister and figurative context, the words could just as easily be applied to the concept of upgrading to the Windows 11 operating system from Microsoft in 2022.

    There have been two common, recurring themes in the media since late 2019. One is the global pandemic and the other is cyber-related crime. Microsoft is not in a position to make an impact on a novel coronavirus, but it does have the global market reach to influence end-user technology and it appears that it has done just that. Windows 11 is a step forward in endpoint security and functionality. It also solidifies the foundation for future innovations in end-user operating systems and how they are delivered. Windows-as-a-Service (WAAS) is the way forward for Microsoft. Windows 10 is living on borrowed time, with a defined end of support date of October 14, 2025. Upgrading to Windows 11 is easy, and while it should be properly investigated and planned, it should absolutely be an activity you undertake.

    It is inevitable!

    P.J. Ryan

    Research Director, Infrastructure & Operations

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Windows 10 is going EOL in 2025. That is closer than you think.
    • Many of your endpoints are not eligible for the Windows 11 upgrade. You can’t afford to replace all your endpoints this year. How do you manage this Microsoft-initiated catastrophe?
    • You want to stay close to the leading edge of technology and services, but how do you do that while keeping your spending in check and within budget?

    Common Obstacles

    • The difference between Windows 10 and Windows 11 is not clear. Windows 11 looks like Windows 10 with some minor changes, mostly cosmetic. Many online users don’t see the need. Why upgrade? What are the benefits?
    • The cost of upgrading devices just to be eligible for Windows 11 is high.
    • Your end users don’t like change. This is not going to go over well!

    Info-Tech's Approach

    • Spend wisely. Space out your endpoint replacements and upgrades over several years. You do not have to upgrade everything right away.
    • Be patient. Windows 11 contained some bugs when it was initially released. Microsoft fixed most of the issues through monthly quality updates, but you should ensure that you are comfortable with the current level of functionality before you upgrade.
    • Use the upgrade ring approach. Test your applications with a small group first, and then stage the rollout to increasingly larger groups over time.

    Info-Tech Insight

    There is a lot of talk about Windows 11, but this is only an operating system upgrade, and it is not a major one. Understand what is new, what is added, and what is missing. Check your devices to determine how many are eligible and ineligible. Many organizations will have to spend capital on endpoint upgrades. Solid asset management practices will help.

    Insight summary

    Windows 11 is a step forward in security, which is one of the primary reasons for the release of the new operating system.

    Windows 11 comes with a list of hardware requirements that enable the use of tools and features that, when combined, will reduce malware infections.

    The hardware requirements for Windows 11 enable security features such as password-less logon, disk encryption, increased startup protection with secure boot, and virtualization-based security.

    Many organizations will have to spend capital on endpoint upgrades.

    Microsoft now insists that modern hardware is required for Windows 11 for not only security but also for improved stability. That same hardware requirement will mean that many devices that are only three or four years old (as well as older ones) may not be eligible for Windows 11.

    Windows 11 is a virtualization challenge for some providers.

    The hardware requirements for physical devices are also required for virtual devices. The TPM module appears to be the biggest challenge. Oracle VirtualBox and Citrix Hypervisor as well as AWS and Google are unable to support Windows 11 virtual devices as of the time of writing.

    Windows 10 will be supported by Microsoft until October 2025.

    That will remove some of the pressure felt due to the ineligibility of many devices and the need to refresh them. Take your time and plan it out, keeping within budget constraints. Use the upgrade ring approach for systems that are eligible for the Windows 11 upgrade.

    New look and feel, and a center screen taskbar.

    Corners are rounded, some controls look a little different, but overall Windows 11 is not a dramatic shift from Windows 10. It is easier to navigate and find features. Oh, and yes, the taskbar (and start button) is shifted to the center of the screen, but you can move them back to the left if desired.

    The education industry gets extra attention with the release of Windows 11.

    Windows 11 comes with multiple subscription-based education offerings, but it also now includes a new lightweight SE edition that is intended for the K-8 age group. Microsoft also released a Windows 11 Education SE specific laptop, at a very attractive price point. Other manufacturers also offer Windows 11 SE focused devices.

    Why Windows 11?

    Windows 10 was supposed to be the final desktop OS from Microsoft, wasn’t it?

    Maybe. It depends who you ask.

    Jerry Nixon, a Microsoft developer evangelist, gained notoriety when he uttered these words while at a Microsoft presentation as part of Microsoft Ignite in 2015: “Right now we’re releasing Windows 10, and because Windows 10 is the last version of Windows, we’re all still working on Windows 10,” (Hachman). Microsoft never officially made that statement. Interestingly enough, it never denied the comments made by Jerry Nixon either.

    Perhaps Microsoft released a new operating system as a financial grab, a way to make significant revenue?

    Nope.

    Windows 11 is a free upgrade or is included with any new computer purchase.

    Market share challenges?

    Doubtful.

    It’s true that Microsoft's market share of desktop operating systems is dropping while Apple OS X and Google Chrome OS are rising.

    In fact, Microsoft has relinquished over 13% of the market share since 2012 and Apple has almost doubled its market share. BUT:

    Microsoft is still holding 75.12% of the market while Apple is in the number 2 spot with 14.93% (gs.statcounter.com).

    The market share is worth noting for Microsoft but it hardly warrants a new operating system.

    New look and feel?

    Unlikely

    New start button and taskbar orientation, new search window, rounded corners, new visual look on some controls like the volume bar, new startup sound, new Windows logo, – all minor changes. Updates could achieve the same result.

    Security?

    Likely the main reason.

    Windows 11 comes with a list of hardware requirements that enable the use of tools and features that, when combined, will reduce malware infections.

    The hardware requirements for Windows 11 enable security features such as password-less logon, disk encryption, increased startup protection with secure boot, and virtualization-based security.

    The features are available on all Windows 11 physical devices, due to the common hardware requirements.

    Windows 11 hardware-based security

    These hardware options and features were available in Windows 10 but not enforced. With Windows 11, they are no longer optional. Below is a description and explanation of the main features.

    Feature What it is How it works
    TPM 2.0 (Trusted Platform Module) Chip TPM is a chip on the motherboard of the computer. It is used to store encryption keys, certificates, and passwords. TPM does this securely with tamper-proof prevention. It can also generate encryption keys and it includes its own unique encryption key that cannot be altered (helpdeskgeek.com). You do not need to enter your password once you setup Windows Hello, so the password is no longer easy to capture and steal. It is set up on a device per device basis, meaning if you go to a different device to sign in, your Windows Hello authentication will not follow you and you must set up your Hello pin or facial recognition again on that particular device. TPM (Trusted Platform Module) can store the credentials used by Windows Hello and encrypt them on the module.
    Windows Hello Windows Hello is an alternative to using a password for authentication. Users can use a pin, a fingerprint, or facial recognition to authenticate.
    Device Encryption Device encryption is only on when your device is off. It scrambles the data on your disk to make it unreadable unless you have the key to unscramble it. If your endpoint is stolen, the contents of the hard drive will remain encrypted and cannot be accessed by anyone unless they can properly authenticate on the device and allow the system to unscramble the encrypted data.
    UEFI Secure Boot Capable UEFI is an acronym for Unified Extensible Firmware Interface. It is an interface between the operating system and the computer firmware. Secure Boot, as part of the firmware interface, ensures that only unchangeable and approved software and drivers are loaded at startup and not any malware that may have infiltrated the system (Lumunge). UEFI, with Secure Boot, references a database containing keys and signatures of drivers and runtime code that is approved as well as forbidden. It will not let the system boot up unless the signature of the driver or run-time code that is trying to execute is approved. This UEFI Secure boot recognition process continues until control is handed over to the operating system.
    Virtualization Based Security (VBS) and Hypervisor-Protected Code Integrity (HVCI) VBS is security based on virtualization capabilities. It uses the virtualization features of the Windows operating system, specifically the Hyper-V hypervisor, to create and isolate a small chunk of memory that is isolated from the operating system. HVCI checks the integrity of code for violations. The Code Integrity check happens in the isolated virtual area of memory protected by the hypervisor, hence the acronym HVCI (Hypervisor Protected Code Integrity) (Murtaza). In the secure, isolated region of memory created by VBS with the hypervisor, Windows will run checks on the integrity of the code that runs various processes. The isolation protects the stored item from tampering by malware and similar threats. If they run incident free, they are released to the operating system and can run in the standard memory space. If issues are detected, the code will not be released, nor will it run in the standard memory space of the operating system, and damage or compromise will be prevented.

    How do all the hardware-based security features work?

    This scenario explains how a standard boot up and login should happen.

    You turn on your computer. Secure Boot authorizes the processes and UEFI hands over control to the operating system. Windows Hello works with TPM and uses a pin to authenticate the user and the operating systems gives you access to the Windows environment.

    Now imagine the same process with various compromised scenarios.

    You turn on your computer. Secure Boot does not recognize the signature presented to it by the second process in the boot sequence. You will be presented with a “Secure Boot Violation” message and an option to reboot. Your computer remains protected.

    You boot up and get past the secure boot process and UEFI passes control over to the Windows 11 operating system. Windows Hello asks for your pin, but you cannot remember the pin and incorrectly enter it three times before admitting temporary defeat. Windows Hello did not find a matching pin on the TPM and will not let you proceed. You cannot log in but in the eyes of the operating system, it has prevented an unauthorized login attempt.

    You power up your computer, log in without issue, and go about your morning routine of checking email, etc. You are not aware that malware has infiltrated your system and modified a page in system memory to run code and access the operating system kernel. VBS and HVCI check the integrity of that code and detect that it is malicious. The code remains isolated and prevented from running, protecting your system.

    TPM, Hello, UEFI with Secure Boot, VBS and HVCI all work together like a well-oiled machine.

    “Microsoft's rationale for Windows 11's strict official support requirements – including Secure Boot, a TPM 2.0 module, and virtualization support – has always been centered on security rather than raw performance.” – Andrew Cunningham, arstechnica.com

    “Windows 11 raises the bar for security by requiring hardware that can enable protections like Windows Hello, Device Encryption, virtualization-based security (VBS), hypervisor-protected code integrity (HVCI), and Secure Boot. These features in combination have been shown to reduce malware by 60% on tested devices.” – Steven J. Vaughan-Nichols, Computerworld

    Can any device upgrade to Windows 11?

    In addition to the security-related hardware requirements listed previously, which may exclude some devices from Windows 11 eligibility, Windows 11 also has a minimum requirement for other hardware components.

    Windows 7 and Windows 10 were publicized as being backward compatible and almost any hardware would be able to run those operating systems. That changed with Windows 11. Microsoft now insists that modern hardware is required for Windows 11 for not only security but also improved stability.

    Software Requirement

    You must be running Windows 10 version 2004 or greater to be eligible for a Windows 11 upgrade (“Windows 11 Requirements”).

    Complete hardware requirements for Windows 11

    • 1 GHz (or faster) compatible 64-bit processor with two or more cores
    • 4 GB RAM
    • 64 GB or more of storage space
    • Compatible with DirectX 12 or later with WDDM 2.0 driver
      • DirectX connects the hardware in your computer with Windows. It allows software to display graphics using the video card or play audio, as long as that software is DirectX compatible. Windows 11 requires version 12 (“What are DirectX 12 compatible graphics”).
      • WDDM is an acronym for Windows Display Driver Model. WDDM is the architecture for the graphics driver for Windows (“Windows Display Driver Model”).
      • Version 2.0 of WDDM is required for Windows 11.
    • 720p display greater than 9" diagonally with 8 bits per color channel
    • UEFI Secure Boot capable
    • TPM 2.0 chip
    • (“Windows 11 Requirements”)

    Windows 11 may challenge your virtual environment

    When Windows 11 was initially released, some IT administrators experienced issues when trying to install or upgrade to Windows 11 in the virtual world.

    The Challenge

    The issues appeared to be centered around the Windows 11 hardware requirements, which must be detected by the Windows 11 pre-install check before the operating system will install.

    The TPM 2.0 chip requirement was indeed a challenge and not offered as a configuration option with Citrix Hypervisor, the free VMware Workstation Player or Oracle VM VirtualBox when Windows 11 was released in October 2021, although it is on the roadmap for Oracle and Citrix Hypervisor. VMware provides alternative products to the free Workstation Player that do support a virtual TPM. Oracle and Citrix reported that the feature would be available in the future and Windows 11 would work on their platforms.

    Short-Term Solutions

    VMware and Microsoft users can add a vTPM hardware type when configuring a virtual Windows 11 machine. Microsoft Azure does offer Windows 11 as an option as a virtual desktop. Citrix Desktop-As-A-Service (DAAS) will connect to Azure, AWS, or Google Cloud and is only limited by the features of the hosting cloud service provider.

    Additional Insight

    According to Microsoft, any VM running Windows 11 must meet the following requirements (“Virtual Machine Support”):

    • It must be a generation 2 VM, and upgrading a generation 1 VM to Windows 11 (in-place) is not possible
    • 64 GB of storage or greater
    • Secure Boot capable with the virtual TPM enabled
    • 4 GB of memory or greater
    • 2 or more virtual processors
    • The CPU of the physical computer that is hosting the VM must meet the Windows 11 (“Windows Processor Requirements”)

    What’s new or updated in Windows 11?

    The following two slides highlight some of the new and updated features in Windows 11.

    Security

    The most important change with Windows 11 is what you cannot see – the security. Windows 11 adds requirements and controls to make the user and device more secure, as described in previous slides.

    Taskbar

    The most prominent change in relation to the look and feel of Windows 11 is the shifting of the taskbar (and Start button) to the center of the screen. Some users may find this more convenient but if you do not and prefer the taskbar and start button back on the left of your screen, you can change it in taskbar settings.

    Updated Apps

    Paint, Photos, Notepad, Media Player, Mail, and other standard Windows apps have been updated with a new look and in some cases minor enhancements.

    User Interface

    The first change users will notice after logging in to Windows 11 is the new user interface – the look and feel. You may not notice the additional colors added to the Windows palette, but you may have thought that the startup sound was different, and the logo also looks different. You would be correct. Other look-and-feel items that changed include the rounded corners on windows, slightly different icons, new wallpapers, and controls for volume and brightness are now a slide bar. File explorer and the settings app also have a new look.

    Microsoft Teams

    Microsoft Teams is now installed on the taskbar by default. Note that this is for a personal Microsoft account only. Teams for Work or School will have to be installed separately if you are using a work or school account.

    What’s new or updated in Windows 11?

    Snap Layouts

    Snap layouts have been enhanced and snap group functionality has been added. This will allow you to quickly snap one window to the side of the screen and open other Windows in the other side. This feature can be accessed by dragging the window you wish to snap to the left or right edge of the screen. The window should then automatically resize to occupy that half of the screen and allow you to select other Windows that are already open to occupy the remaining space on the screen. You can also hover your mouse over the maximize button in the upper right-hand corner of the window. A small screen with multiple snap layouts will appear for your selection. Multiple snapped Windows can be saved as a “Snap Group” that will open together if one of the group windows are snapped in the future.

    Widgets

    Widgets are expanding. Microsoft started the re-introduction of widgets in Windows 10, specifically focusing on the weather. Widgets now include other services such as news, sports, stock prices, and others.

    Android Apps

    Android apps can now run in Windows 11. You will have to use the Amazon store to access and install Android apps, but if it is available in the Amazon store, you can install it on Windows 11.

    Docking

    Docking has improved with Windows 11. Windows knows when you are docked and will minimize apps when you undock so they are not lost. They will appear automatically when you dock again.

    This is not intended to be an inclusive list but does cover some of the more prominent features.

    What’s missing from Windows 11?

    The following features are no longer found in Windows 11:

    • Backward compatibility
      • The introduction of the hardware requirements for Windows 11 removed the backward compatibility (from a hardware perspective) that made the transition from previous versions of Windows to their successor less of a hardware concern. If a computer could run Windows 7, then it could also run Windows 10. That does not automatically mean it can also run Windows 11.
    • Internet Explorer
      • Internet Explorer is no longer installed by default in Windows 11. Microsoft Edge is now the default browser for Windows. Other browsers can also be installed if preferred.
    • Tablet mode
      • Windows 11 does not have a "tablet" mode, but the operating system will maximize the active window and add more space between icons to make selecting them easier if the 2-in-1 hardware detects that you wish to use the device as a tablet (keyboard detached or device opened up beyond 180 degrees, etc.).
    • Semi-annual updates
      • It may take six months or more to realize that semi-annual feature updates are missing. Microsoft moved to an annual feature update schema but continued with monthly quality updates with Windows 11.
    • Specific apps
      • Several applications have been removed (but can be manually added from the Microsoft Store by the user). They include:
        • OneNote for Windows 10
        • 3D Viewer
        • Paint 3D
        • Skype
    • Cortana (by default)
      • Cortana is missing from Windows 11. It is installed but not enabled by default. Users can turn it on if desired.

    Microsoft included a complete list of features that have been removed or deprecated with Windows 11, which can be found here Windows 11 Specs and System Requirements.

    Windows 11 editions

    • Windows 11 is offered in several editions:
      • Windows 11 Home
      • Windows 11 Pro
      • Windows 11 Pro for Workstations
      • Windows 11 Enterprise Windows 11 for Education
      • Windows 11 SE for Education
    • Windows 11 hardware requirements and security features are common throughout all editions.
    • The new look and feel along with all the features mentioned previously are common to all editions as well.
    • Windows Home
      • Standard offering for home users
    • Pro versus Pro for Workstations
      • Windows 11 Pro and Pro for Workstations are both well suited for the business environment with available features such as support for Active Directory or Azure Active Directory, Windows Autopilot, OneDrive for Business, etc.
      • Windows Pro for Workstations is designed for increased demands on the hardware with the higher memory limits (2 TB vs. 6 TB) and processor count (2 CPU vs. 4 CPU).
      • Windows Pro for Workstations also features Resilient File System, Persistent Memory, and SMB Direct. Neither of these features are available in the Windows 11 Pro edition.
      • Windows 11 Pro and Pro for Workstations are both very business focused, although Pro may also be a common choice for non-business users (Home and Education).
    • Enterprise Offerings
      • Enterprise licenses are subscription based and are part of the Microsoft 365 suite of offerings.
      • Windows 11 Enterprise is Windows 11 Pro with some additional addons and functionality in areas such as device management, collaboration, and security services.
      • The level of the Microsoft 365 Enterprise subscription (E3 or E5) would dictate the additional features and functionality, such as the complete Microsoft Defender for Endpoint suite or the Microsoft phone system and Audio Conferencing, which are only available with the E5 subscription.

    Windows 11 Education Editions

    With the release of a laptop targeted specifically at the education market, Microsoft must be taking notice of the Google Chrome educational market penetration, especially with headlines like these.

    “40 Million Chromebooks in Use in Education” (Thurrott)

    “The Unprecedented Growth of the Chromebook Education Market Share” (Carklin)

    “Chromebooks Gain Market Share as Education Goes Online” (Hruska)

    “Chromebooks Gain Share of Education Market Despite Shortages” (Mandaro)

    “Chromebook sales skyrocketed in Q3 2020 with online education fueling demand” (Duke)

    • Education licenses are subscription based and are part of the Microsoft 365 suite of offerings. Educational pricing is one benefit of the Microsoft 365 Education model.
    • Windows 11 Education is Windows 11 Pro with some additional addons and functionality similar to the Enterprise offerings for Windows 11 in areas such as device management, collaboration, and security services. Windows 11 Education also adds some education specific settings such as Classroom Tools, which allow institutions to add new students and their devices to their own environment with fewer issues, and includes OneNote Class Notebook, Set Up School PCs app, and Take a Test app.
    • The level of the Microsoft 365 Education subscription (A3 or A5) would dictate the additional features and functionality, such as the complete Microsoft Defender for Endpoint suite or the Microsoft phone system and Audio Conferencing, which are only available with the A5 subscription.
    • Windows 11 SE for Education:
      • A cloud-first edition of Windows 11 specifically designed for the K-8 education market.
      • Windows 11 SE is a light version of Windows 11 that is designed to run on entry-level devices with better performance and security on that hardware.
      • Windows 11 SE requires Intune for Education and only IT admins can install applications.
    • Microsoft and others have come out with Windows SE specific devices at a low price point.
      • The Microsoft Surface Laptop SE comes pre-loaded with Windows 11 SE and can be purchased for US$249.00.
      • Dell, Asus, Acer, Lenovo, and others also offer Windows 11 SE specific devices (“Devices for Education”).

    Initial Reactions

    Below you can find some actual initial reactions to Windows 11.

    Initial reactions are mixed, as is to be expected with any new release of an operating system. The look and feel is new, but it is not a huge departure from the Windows 10 look and feel. Some new features are well received such as the snap feature.

    The shift of the taskbar (and start button) is the most popular topic of discussion online when it comes to Windows 11 reactions. Some love it and some do not. The best part about the shift of the taskbar is that you can adjust it in settings and move it back to its original location.

    The best thing about reactions is that they garner attention, and thanks in part to all the online reactions and comments, Microsoft is continually improving Windows 11 through quality updates and annual feature releases.

    “My 91-year-old Mum has found it easy!” Binns, Paul ITRG

    “It mostly looks quite nice and runs well.” Jmbpiano, Reddit user

    “It makes me feel more like a Mac user.” Chang, Ben Info-Tech

    “At its core, Windows 11 appears to be just Windows 10 with a fresh coat of paint splashed all over it.” Rouse, Rick RicksDailyTips.com

    “Love that I can snap between different page orientations.” Roberts, Jeremy Info-Tech

    “I finally feel like Microsoft is back on track again.” Jawed, Usama Neowin

    “A few of the things that seemed like issues at first have either turned out not to be or have been fixed with patches.” Jmbpiano, Reddit user

    “The new interface is genuinely intuitive, well-designed, and colorful.” House, Brett AnandTech

    “No issues. Have it out on about 50 stations.” Sandrews1313, Reddit User

    “The most striking change is to the Start menu.” Grabham, Dan pocket-lint.com

    How do I upgrade to Windows 11?

    The process is very similar to applying updates in Windows 10.

    • Windows 11 is offered as an upgrade through the standard Windows 10 update procedure. Windows Update will notify you when the Windows 11 upgrade is ready (assuming your device is eligible for Windows 11).
      • Allow the update (upgrade in this case) to proceed, reboot, and your endpoint will come back to life with Windows 11 installed and ready for you.
    • A fresh install can be delivered by downloading the required Windows 11 installation media from the Microsoft Software Download site for Windows 11.
    • Business users can control the timing and schedule of the Windows 11 rollout to corporate endpoints using Microsoft solutions such as WSUS, Configuration Manager, Intune and Endpoint Manager, or by using other endpoint management solutions.
    • WSUS and Configuration Manager will have to sync the product category for Windows 11 to manage the deployment.
    • Windows Update for Business policies will have to use the target version capability rather than using the feature update referrals alone.
    • Organizations using Intune and a Microsoft 365 E3 license will be able to use the Feature Update Deployments page to select Windows 11.
    • Other modern endpoint management solutions may also allow for a controlled deployment.

    Info-Tech Insight

    The upgrade itself may be a simple process but be prepared for the end-user reactions that will follow. Some will love it but others will despise it. It is not an optional upgrade in the long run, so everyone will have to learn to accept it.

    When can I upgrade to Windows 11?

    You can upgrade right now BUT there is no need to rush. Windows 11 was released in October 2021 but that doesn’t mean you have to upgrade everyone right away. Plan this out.

    • Build deployment rings into your Windows 11 upgrade approach: This approach, also referred to as Canary Releases or deployment rings, allows you to ensure that IT can support users if there's a major problem with the upgrade. Instead of disrupting all end users, you are only disrupting a portion of end users.
      • Deploy the initial update to your test environment.
      • After testing is successful or changes have been made, deploy Windows 11 to your pilot group of users.
      • After the pilot group gives you the thumbs up, deploy to the rest of production in phases. Phases are sometimes by office/location, sometimes by department, sometimes by persona (i.e. defer people that don't handle updates well), and usually by a combination of these factors.
      • Increase the size of each ring as you progress.
    • Always back up your data before any upgrade.

    Deployment Ring Example

    Pilot Ring - Individuals from all departments - 10 users

    Ring #1 - Dev, Finance - 20 Users

    Ring #2 - Research - 100 Users

    Ring #3 - Sales, IT, Marketing - 500 Users

    Upgrade your eligible devices and users to Windows 11

    Build Windows 11 Deployment Rings

    Instructions:

    1. Identify who will be in the pilot group. Use individuals instead of user groups.
    2. Identify how many standard rings you need. This number will be based on the total number of employees per office.
    3. Map groups to rings. Define which user groups will be in each ring.
    4. Allow some time to elapse between upgrades. Allow the first group to work with Windows 11 and identify any potential issues that may arise before upgrading the next group.
    5. Track and communicate. Record all information into a spreadsheet like the one on the right. This will aid in communication and tracking.
    Ring Department or Group Total Users Delay Time Before Next Group
    Pilot Ring Individuals from all departments 10 Three weeks
    Ring 1 Dev Finance 20 Two weeks
    Ring 2 Research 100 One week
    Ring 3 Sales, IT Marketing 500 N/A

    What are my options if my devices cannot upgrade to Windows 11?

    Don’t rush out to replace all the ineligible endpoint devices. You have some time to plan this out. Windows 10 will be available and supported by Microsoft until October 2025.

    Use asset management strategies and budget techniques in your Windows 11 upgrade approach:

    • Start with current inventory and determine which devices will not be eligible for upgrade to Windows 11.
    • Prioritize the devices for replacement, taking device age, the role of the user the device supports, and delivery times for remote users into consideration.
    • Take this opportunity to review overall device offerings and end-user compute strategy. This will help decide which devices to offer going forward while improving end-user satisfaction.
    • Determine the cost for replacement devices:
      • Compare vendor offerings using an RFP process.
    • Use the hardware asset management planning spreadsheet on the next slide to budget for the replacements over the coming months leading up to October 2025.

    Leverage Info-Tech research to improve your end-user computing strategy and hardware asset management processes:

    New to End User Computing Strategies? Start with Modernize and Transform Your End-User Computing Strategy.

    New to IT asset management? Use Info-Tech’s Implement Hardware Asset Management blueprint.

    Use Info-Tech’s HAM Budgeting Tool to plan your hardware asset budget

    Build a Windows 11 Device Replacement Budget

    The link below will open up a hardware asset management (HAM) budgeting tool. This tool can easily be modified to assist in developing and justifying the budget for hardware assets for the Windows 11 project. The tool will allow you to budget for hardware asset refresh and to adjust the budget as needed to accommodate any changes. Follow the instructions on each tab to complete the tool.

    A sample of a possible Windows 11 budgeting spreadsheet is shown on the right, but feel free to play with the HAM budgeting tool to fit your needs.

    HAM Budgeting Tool

    Windows 11 Replacement Schedule
    2022 2023 2024 2025
    Department Total to replace Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Left to allocate
    Finance 120 20 20 20 10 10 20 20 0
    HR 28 15 13 0
    IT 30 15 15 0
    Research 58 8 15 5 20 5 5 0
    Planning 80 10 15 15 10 15 15 0
    Other 160 5 30 5 15 15 30 30 30 0
    Totals 476 35 38 35 35 35 35 38 35 50 35 35 35 35 0

    Related Info-Tech Research

    Modernize and Transform Your End-User Computing Strategy

    This project helps support the workforce of the future by answering the following questions: What types of computing devices, provisioning models, and operating systems should be offered to end users? How will IT support devices? What are the policies and governance surrounding how devices are used? What actions are we taking and when? How do end-user devices support larger corporate priorities and strategies?

    Implement Hardware Asset Management

    This project will help you analyze the current state of your HAM program, define assets that will need to be managed, and build and involve the ITAM team from the beginning to help embed the change. It will also help you define standard policies, processes, and procedures for each stage of the hardware asset lifecycle, from procurement through to disposal.

    Bibliography

    aczechowski, et al. “Windows 11 Requirements.” Microsoft, 3 June 2022. Accessed 13 June 2022.

    Binns, Paul. Personal interview. 07 June 2022.

    Butler, Sydney. “What Is Trusted Platform Module (TPM) and How Does It Work?” Help Desk Geek, 5 August 2021. Accessed 18 May 2022.

    Carklin, Nicolette. “The Unprecedented Growth of the Chromebook Education Market Share.” Parallels International GmbH, 26 October 2021. Accessed 19 May 2022.

    Chang, Ben. Personal interview. 26 May 2022.

    Cunningham, Andrew. “Why Windows 11 has such strict hardware requirements, according to Microsoft.” Ars Technica, 27 August 2021. Accessed 19 May 2022.

    Dealnd-Han, et al. “Windows Processor Requirements.” Microsoft, 9 May 2022. Accessed 18 May 2022.

    “Desktop Operating Systems Market Share Worldwide.” Statcounter Globalstats, June 2021–June 2022. Accessed 17 May 2022.

    “Devices for education.” Microsoft, 2022. Accessed 13 June 2022.

    Duke, Kent. “Chromebook sales skyrocketed in Q3 2020 with online education fueling demand.” Android Police, 16 November 2020. Accessed 18 May 2022.

    Grabham, Dan. “Windows 11 first impressions: Our initial thoughts on using Microsoft's new OS.” Pocket-Lint, 24 June 2021. Accessed 3 June 2022.

    Hachman, Mark. “Why is there a Windows 11 if Windows 10 is the last Windows?” PCWorld, 18 June 2021. Accessed 17 May 2022.

    Howse, Brett. “What to Expect with Windows 11: A Day One Hands-On.” Anandtech, 16 November 2020. Accessed 3 June 2022.

    Hruska, Joel. “Chromebooks Gain Market Share as Education Goes Online.” Extremetech, 26 October 2020. Accessed 19 May 2022.

    Jawed, Usama. “I am finally excited about Windows 11 again.” Neowin, 26 February 2022. Accessed 3 June 2022.

    Jmbpiano. “Windows 11 - What are our initial thoughts and feelings?” Reddit, 22 November 2021. Accessed 3 June 2022.

    Lumunge, Erick. “UEFI and Legacy boot.” OpenGenus, n.d. Accessed 18 May 2022.

    Bibliography

    Mandaro, Laura. “Chromebooks Gain Share of Education Market Despite Shortages.” The Information, 9 September 2020. Accessed 19 May 2022.

    Murtaza, Fawad. “What Is Virtualization Based Security in Windows?” Valnet Inc, 24 October 2021. Accessed 17 May 2022.

    Roberts, Jeremy. Personal interview. 27 May 2022.

    Rouse, Rick. “My initial thoughts about Windows 11 (likes and dislikes).” RicksDailyTips.com, 5 September 2021. Accessed 3 June 2022.

    Sandrews1313. “Windows 11 - What are our initial thoughts and feelings?” Reddit, 22 November 2021. Accessed 3 June 2022.

    “The Matrix Quotes." Quotes.net, n.d. Accessed 18 May 2022.

    Thurrott, Paul.” Google: 40 Million Chromebooks in Use in Education.” Thurrott, 21 January 2020. Accessed 18 May 2022.

    Vaughan-Nichols, Steven J. “The real reason for Windows 11.” Computerworld, 6 July 2021, Accessed 19 May 2022.

    “Virtual Machine Support.” Microsoft,3 June 2022. Accessed 13 June 2022.

    “What are DirectX 12 compatible graphics and WDDM 2.x.” Wisecleaner, 20 August 2021. Accessed 19 May 2022.

    “Windows 11 Specs and System Requirements.” Microsoft, 2022. Accessed 13 June 2022.

    “Windows Display Driver Model.” MiniTool, n.d. Accessed 13 June 2022.

    Implement an IT Chargeback System

    • Buy Link or Shortcode: {j2store}71|cart{/j2store}
    • member rating overall impact (scale of 10): 8.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Cost & Budget Management
    • Parent Category Link: /cost-and-budget-management
    • Business units voraciously consume IT services and don’t understand the actual costs of IT. This is due to lack of IT cost transparency and business stakeholder accountability for consumption of IT services.
    • Business units perceive IT costs as uncompetitive, resulting in shadow IT and a negative perception of IT.
    • Business executives have decided to implement an IT chargeback program and IT must ensure the program succeeds.

    Our Advice

    Critical Insight

    Price IT services so that business consumers find them meaningful, measurable, and manageable:

    • The business must understand what they are being charged for. If they can’t understand the value, you’ve chosen the wrong basis for charge.
    • Business units must be able to control and track their consumption levels, or they will feel powerless to control costs and you’ll never attain real buy-in.

    Impact and Result

    • Explain IT costs in ways that matter to the business. Instead of focusing on what IT pays for, discuss the value that IT brings to the business by defining IT services and how they serve business users.
    • Develop a chargeback model that brings transparency to the flow of IT costs through to business value. Demonstrate how a good chargeback model can bring about fair “pay-for-value” and “pay-for-what-you-use” pricing.
    • Communicate IT chargeback openly and manage change effectively. Business owners will want to know how their profit and loss statements will be affected by the new pricing model.

    Implement an IT Chargeback System Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement an IT chargeback program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Launch

    Make the case for IT chargeback, then assess the financial maturity of the organization and identify a pathway to success. Create a chargeback governance model.

    • Implement IT Chargeback – Phase 1: Launch
    • IT Chargeback Kick-Off Presentation

    2. Define

    Develop a chargeback model, including identifying user-facing IT services, allocating IT costs to services, and setting up the chargeback program.

    • Implement IT Chargeback – Phase 2: Define
    • IT Chargeback Program Development & Management Tool

    3. Implement

    Communicate the rollout of the IT chargeback model and establish a process for recovering IT services costs from business units.

    • Implement IT Chargeback – Phase 3: Implement
    • IT Chargeback Communication Plan
    • IT Chargeback Rollout Presentation
    • IT Chargeback Financial Presentation

    4. Revise

    Gather and analyze feedback from business owners, making necessary modifications to the chargeback model and communicating the implications.

    • Implement IT Chargeback – Phase 4: Revise
    • IT Chargeback Change Communication Template
    [infographic]

    Workshop: Implement an IT Chargeback System

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Kick-Off IT Chargeback

    The Purpose

    Make the case for IT chargeback.

    Identify the current and target state of chargeback maturity.

    Establish a chargeback governance model.

    Key Benefits Achieved

    Investigated the benefits and challenges of implementing IT chargeback.

    Understanding of the reasons why traditional chargeback approaches fail.

    Identified the specific pathway to chargeback success.

    Activities

    1.1 Investigate the benefits and challenges of implementing IT chargeback

    1.2 Educate business owners and executives on IT chargeback

    1.3 Identify the current and target state of chargeback maturity

    1.4 Establish chargeback governance

    Outputs

    Defined IT chargeback mandate

    IT chargeback kick-off presentation

    Chargeback maturity assessment

    IT chargeback governance model

    2 Develop the Chargeback Model

    The Purpose

    Develop a chargeback model.

    Identify the customers and user-facing services.

    Allocate IT costs.

    Determine chargeable service units.

    Key Benefits Achieved

    Identified IT customers.

    Identified user-facing services and generated descriptions for them.

    Allocated IT costs to IT services.

    Identified meaningful, measurable, and manageable chargeback service units.

    Activities

    2.1 Identify user-facing services and generate descriptions

    2.2 Allocate costs to user-facing services

    2.3 Determine chargeable service units and pricing

    2.4 Track consumption

    2.5 Determine service charges

    Outputs

    High-level service catalog

    Chargeback model

    3 Communicate IT Chargeback

    The Purpose

    Communicate the implementation of IT chargeback.

    Establish a process for recovering the costs of IT services from business units.

    Share the financial results of the charge cycle with business owners.

    Key Benefits Achieved

    Managed the transition to charging and recovering the costs of IT services from business units.

    Communicated the implementation of IT chargeback and shared the financial results with business owners.

    Activities

    3.1 Create a communication plan

    3.2 Deliver a chargeback rollout presentation

    3.3 Establish a process for recovering IT costs from business units

    3.4 Share the financial results from the charge cycle with business owners

    Outputs

    IT chargeback communication plan

    IT chargeback rollout presentation

    IT service cost recovery process

    IT chargeback financial presentation

    4 Review the Chargeback Model

    The Purpose

    Gather and analyze feedback from business owners on the chargeback model.

    Make necessary modifications to the chargeback model and communicate implications.

    Key Benefits Achieved

    Gathered business stakeholder feedback on the chargeback model.

    Made necessary modifications to the chargeback model to increase satisfaction and accuracy.

    Managed changes by communicating the implications to business owners in a structured manner.

    Activities

    4.1 Address stakeholder pain points and highly disputed costs

    4.2 Update the chargeback model

    4.3 Communicate the chargeback model changes and implications to business units

    Outputs

    Revised chargeback model with business feedback, change log, and modifications

    Chargeback change communication

    Build an Application Integration Strategy

    • Buy Link or Shortcode: {j2store}198|cart{/j2store}
    • member rating overall impact (scale of 10): 8.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Enterprise Integration
    • Parent Category Link: /enterprise-integration
    • Even though organizations are now planning for Application Integration (AI) in their projects, very few have developed a holistic approach to their integration problems resulting in each project deploying different tactical solutions.
    • Point-to-point and ad hoc integration solutions won’t cut it anymore: the cloud, big data, mobile, social, and new regulations require more sophisticated integration tooling.
    • Loosely defined AI strategies result in point solutions, overlaps in technology capabilities, and increased maintenance costs; the correlation between business drivers and technical solutions is lost.

    Our Advice

    Critical Insight

    • Involving the business in strategy development will keep them engaged and align business drivers with technical initiatives.
    • An architectural approach to AI strategy is critical to making appropriate technology decisions and promoting consistency across AI solutions through the use of common patterns.
    • Get control of your AI environment with an appropriate architecture, including policies and procedures, before end users start adding bring-your-own-integration (BYOI) capabilities to the office.

    Impact and Result

    • Engage in a formal AI strategy and involve the business when aligning business goals with AI value; each double the AI success rate.
    • Benefits from a formal AI strategy largely depend on how gaps will be filled.
    • Create an Integration Center of Competency for maintaining architectural standards and guidelines.
    • AI strategies are continuously updated as new business drivers emerge from changing business environments and/or essential technologies.

    Build an Application Integration Strategy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Make the Case for AI Strategy

    Obtain organizational buy-in and build a standardized and formal AI blueprint.

    • Storyboard: Build an Application Integration Strategy

    2. Assess the organization's readiness for AI

    Assess your people, process, and technology for AI readiness and realize areas for improvement.

    • Application Integration Readiness Assessment Tool

    3. Develop a Vision

    Fill the required AI-related roles to meet business requirements

    • Application Integration Architect
    • Application Integration Specialist

    4. Perform a Gap Analysis

    Assess the appropriateness of AI in your organization and identify gaps in people, processes, and technology as it relates to AI.

    • Application Integration Appropriateness Assessment Tool

    5. Build an AI Roadmap

    Compile the important information and artifacts to include in the AI blueprint.

    • Application Integration Strategy Template

    6. Build the Integration Blueprint

    Keep a record of services and interfaces to reduce waste.

    • Integration Service Catalog Template

    Infographic

    Workshop: Build an Application Integration Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Make the Case for AI Strategy

    The Purpose

    Uncover current and future AI business drivers, and assess current capabilities.

    Key Benefits Achieved

    Perform a current state assessment and create a future vision.

    Activities

    1.1 Identify Current and Future Business Drivers

    1.2 AI Readiness Assessment

    1.3 Integration Service Catalog Template

    Outputs

    High-level groupings of AI strategy business drivers.

    Determine the organization’s readiness for AI, and identify areas for improvement.

    Create a record of services and interfaces to reduce waste.

    2 Know Current Environment

    The Purpose

    Identify building blocks, common patterns, and decompose them.

    Key Benefits Achieved

    Develop an AI Architecture.

    Activities

    2.1 Integration Principles

    2.2 High-level Patterns

    2.3 Pattern decomposition and recomposition

    Outputs

    Set general AI architecture principles.

    Categorize future and existing interactions by pattern to establish your integration framework.

    Identification of common functional components across patterns.

    3 Perform a Gap Analysis

    The Purpose

    Analyze the gaps between the current and future environment in people, process, and technology.

    Key Benefits Achieved

    Uncover gaps between current and future capabilities and determine if your ideal environment is feasible.

    Activities

    3.1 Gap Analysis

    Outputs

    Identify gaps between the current environment and future AI vision.

    4 Build a Roadmap for Application Integration

    The Purpose

    Define strategic initiatives, know your resource constraints, and use a timeline for planning AI.

    Key Benefits Achieved

    Create a plan of strategic initiatives required to close gaps.

    Activities

    4.1 Identify and prioritize strategic initiatives

    4.2 Distribute initiatives on a timeline

    Outputs

    Use strategic initiatives to build the AI strategy roadmap.

    Establish when initiatives are going to take place.

    Cost and Budget Management

    • Buy Link or Shortcode: {j2store}8|cart{/j2store}
    • Related Products: {j2store}8|crosssells{/j2store}
    • Up-Sell: {j2store}8|upsells{/j2store}
    • member rating overall impact (scale of 10): 9.5/10
    • member rating average dollars saved: $2,000
    • member rating average days saved: 5
    • Parent Category Name: Financial Management
    • Parent Category Link: /financial-management

    The challenge

    • IT is seen as a cost center in most organizations. Your IT spend is fuelled by negative sentiment instead of contributing to business value.

    • Budgetary approval is difficult, and in many cases, the starting point is lowering the cost-income ratio without looking at the benefits.
    • Provide the right amount of detail in your budgets to tell your investment and spending story. Align it with the business story. Too much detail only increases confusion, too little suspicion.

    Our advice

    Insight

    An effective IT budget complements the business story with how you will achieve the expected business targets.

    • Partner with the business to understand the strategic direction of the company and its future needs.
    • Know your costs and the value you will deliver.
    • Present your numbers and story clearly and credibly. Excellent delivery is part of good communication.
    • Guide your company by clearly explaining the implications of different choices they can make.

    Impact and results 

    • Get a head-start on your IT forecasting exercise by knowing the business strategy and what initiatives they will launch.
    • The coffee corner works! Pre-sell your ideas in quick chats.
    • Do not make innovation budgets bigger than they need to be. It undermines your credibility.
    • You must know your history to accurately forecast your IT operations cost and how it will evolve based on expected business changes.
    • Anticipate questions. IT discretionary proposals are often challenged. Think ahead of time about what areas your business partners will focus on and be ready with researched and credible responses.
    • When you have an optimized budget, tie further cost reductions to consequences in service delivery or deferred projects, or a changed operating model.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started

    Our concise executive brief shows you why you should develop a budget based on value delivery. We'll show you our methodology and the ways we can help you in completing this.

    Plan for budget success

    • Build an IT Budget That Demonstrates Value Delivery – Phase 1: Plan (ppt)
    • IT Budget Interview Guide (doc)

    Build your budget.

    • Build an IT Budget That Demonstrates Value Delivery – Phase 2: Build (ppt)
    • IT Cost Forecasting Tool (xls)

    Sell your budget

    • Build an IT Budget That Demonstrates Value Delivery – Phase 3: Sell (ppt)
    • IT Budget Presentation (ppt)

     

    Increase Grant Application Success

    • Buy Link or Shortcode: {j2store}314|cart{/j2store}
    • member rating overall impact (scale of 10): 9.5/10 Overall Impact
    • member rating average dollars saved: $7,799 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Cost & Budget Management
    • Parent Category Link: /cost-and-budget-management
    • Writing grants has not been prioritized by the organization.
    • Your organization is unable to start, finish, and/or continue priority projects or initiatives as it does not have sufficient funds.
    • Grants are applied to in an ad hoc manner by employees who do not have sufficient time and resources to dedicate to the process.

    Our Advice

    Critical Insight

    There are three critical components to the grant application process:

    • Being strategic about the grant opportunities your organization chooses to pursue.
    • Dedicating sufficient time and resources to writing a competitive grant application.
    • Ensuring your organization will be able to adhere to the grant parameters if awarded the funding.

    Impact and Result

    • By leveraging Info-Tech’s methodology, your organization will strategically select, write, and submit competitive grant applications, securing additional funding sources to support the organization and the communities you serve.
    • This research can enhance the grant writing capabilities of the organization and ensure that every grant chosen aligns with your organizational priorities.
    • This blueprint will drive consensus on which grant applications should be prioritized by the organization, ensuring resourcing, feasibility, and significance are considered.

    Increase Grant Application Success Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should enhance your organization's grant application lifecycle and how you can increase the number of grants your organization is awarded. Review Info-Tech’s methodology and understand the four ways Info-Tech can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify Opportunities

    Identify grant funding opportunities that align with your organization's priorities. Ensure the programs, services, projects, and initiatives that align with these priorities can be financially supported by grant funding.

    • Increase Grant Application Success – Phase 1: Identify Opportunities
    • Grant Identification and Prioritization Tool for Organizations

    2. Grant Prioritization

    Prioritize applying for the grant opportunities that your organization identified. Be sure to consider the feasibility of implementing the project or initiative if your organization is awarded the grant.

    • Increase Grant Application Success – Phase 2: Grant Prioritization

    3. Write the Grant Application

    Write a competitive grant application that has been strategically developed and actively critiqued by various internal and external reviewers.

    • Increase Grant Application Success – Phase 3: Write the Grant Application
    • Grant Writing Checklist

    4. Submit the Grant Application

    Submit an exemplary grant application that meets the guidelines and expectations of the granting agency prior to the due date.

    • Increase Grant Application Success – Phase 4: Submit the Grant Application
    • Grant Follow-up Email Template

    Infographic

    Workshop: Increase Grant Application Success

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Determine Your Organization's Priorities

    The Purpose

    Determine the key priorities of your organization and identify grant funding opportunities that align with those priorities.

    Key Benefits Achieved

    Prevents duplicate grant applications from being submitted

    Ensures the grant and the organization's priorities are aligned

    Increases the success rate of grant applications

    Activities

    1.1 Discuss grant funding opportunities and their importance to the organization.

    1.2 Identify organizational priorities.

    Outputs

    An understanding of why grants are important to your organization

    A list of priorities being pursued by your organization

    2 Prioritize Grant Funding Opportunities

    The Purpose

    Identify potential grant funding opportunities that align with the projects/initiatives the organization would like to pursue. Prioritize these funding opportunities and identify which should take precedent based on resourcing, importance, likelihood of success, and feasibility.

    Key Benefits Achieved

    Generate a list of potential funding opportunities that can be revisited when resources allow

    Obtain consensus from your working group on which grants should be pursued based on how they have been prioritized

    Activities

    2.1 Develop a list of potential grant funding opportunities.

    2.2 Define the resource capacity your organization has to support the granting writing process.

    2.3 Discuss and prioritize grant opportunities

    Outputs

    A list of potential grant funding opportunities

    Realistic expectations of your organization's capacity to undertake the grant writing lifecycle

    Notes and priorities from your discussion on grant opportunities

    3 Sketch a Grant Application

    The Purpose

    Take the grant that was given top priority in the last section and sketch out a draft of what that application will look like. Think critically about the sketch and determine if there are opportunities to further clarify and demonstrate the goals of the grant application.

    Key Benefits Achieved

    A sketch ready to be developed into a grant application

    A critique of the sketch to ensure that the application will be well understood by the reviewers of your submission

    Activities

    3.1 Sketch the grant application.

    3.2 Perform a SWOT analysis of the grant sketch.

    Outputs

    A sketched version of the grant application ready to be drafted

    A SWOT analysis that critically examines the sketch and offers opportunities to enhance the application

    4 Prepare to Submit the Grant Application

    The Purpose

    Have the grant application actively critiqued by various internal and external individuals. This will increase the grant application's quality and generate understanding of the application submission and post-submission process.

    Key Benefits Achieved

    A list of individuals (internal and external) that can potentially review the application prior to submission

    Preparation for the submission process

    An understanding of why the opportunity to learn how to improve future grant applications is so important

    Activities

    4.1 Identify potential individuals who will review the draft of your grant application.

    4.2 Discuss next steps around the grant submission.

    4.3 Review grant writing best practices.

    Outputs

    A list of potential individuals who can be asked to review and critique the grant application

    An understanding of what the next steps in the process will be

    Knowledge of grant writing best practices

    The challenge of corporate security management

    • Buy Link or Shortcode: {j2store}41|cart{/j2store}
    • Related Products: {j2store}41|crosssells{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security and Risk
    • Parent Category Link: /security-and-risk

    Corporate security management is a vital aspect in every modern business, regardless of business area or size. At Tymans Group we offer expert security management consulting to help your business set up proper protocols and security programs. More elaborate information about our security management consulting services and solutions can be found below.

    Corporate security management components

    You may be experiencing one or more of the following:

    • The risk goals should support business goals. Your business cannot operate without security, and security is there to conduct business safely. 
    • Security governance supports security strategy and security management. These three components form a protective arch around your business. 
    • Governance and management are like the legislative branch and the executive branch. Governance tells people what to do, and management's job is to verify that they do it.

    Our advice with regards to corporate security management

    Insight

    To have a successful information security strategy, take these three factors into account:

    • Holistic: your view must include people, processes, and technology.
    • Risk awareness: Base your strategy on the actual risk profile of your company and then add the appropriate best practices.
    • Business-aligned: When your strategic security plan demonstrates alignment with the business goals and supports it, embedding will be much more straightforward.

    Impact and results of our corporate security management approach

    • The approach of our security management consulting company helps to provide a starting point for realistic governance and realistic corporate security management.
    • We help you by implementing security governance and managing it, taking into account your company's priorities, and keeping costs to a minimum.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within the corporate security management domain have access to:

    Get up to speed

    Read up on why you should build your customized corporate information security governance and management system. Review our methodology and understand the four ways we can support you.

    Align your security objectives with your business goals

    Determine the company's risk tolerance.

    • Implement a Security Governance and Management Program – Phase 1: Align Business Goals With Security Objectives (ppt)
    • Information Security Governance and Management Business Case (ppt)
    • Information Security Steering Committee Charter (doc)
    • Information Security Steering Committee RACI Chart (doc)
    • Security Risk Register Tool (xls)

    Build a practical governance framework for your company

    Our best-of-breed security framework makes you perform a gap analysis between where you are and where you want to be (your target state). Once you know that, you can define your goals and duties.

    • Implement a Security Governance and Management Program – Phase 2: Develop an Effective Governance Framework (ppt)
    • Information Security Charter (doc)
    • Security Governance Organizational Structure Template (doc)
    • Security Policy Hierarchy Diagram (ppt)
    • Security Governance Model Facilitation Questions (ppt)
    • Information Security Policy Charter Template (doc)
    • Information Security Governance Model Tool (Visio)
    • Pdf icon 20x20
    • Information Security Governance Model Tool (PDF)

    Now that you have built it, manage your governance framework.

    There are several essential management activities that we as a security management consulting company suggest you employ.

    • Implement a Security Governance and Management Program – Phase 3: Manage Your Governance Framework (ppt)
    • Security Metrics Assessment Tool (xls)
    • Information Security Service Catalog (xls)
    • Policy Exception Tracker (xls)
    • Information Security Policy Exception Request Form (doc)
    • Security Policy Exception Approval Workflow (Visio)
    • Security Policy Exception Approval Workflow (PDF)
    • Business Goal Metrics Tracking Tool (xls)

    Book an online appointment for more advice

    We are happy to tell you more about our corporate security management solutions and help you set up fitting security objectives. As a security management consulting firm we offer solutions and advice, based on our own extensive experience, which are practical and people-orientated. Discover our services, which include data security management and incident management and book an online appointment with CEO Gert Taeymans to discuss any issues you may be facing regarding risk management or IT governance.

    cybersecurity

    Portfolio Management

    • Buy Link or Shortcode: {j2store}47|cart{/j2store}
    • Related Products: {j2store}47|crosssells{/j2store}
    • member rating overall impact (scale of 10): 9.6/10
    • member rating average dollars saved: $40,234
    • member rating average days saved: 30
    • Parent Category Name: Applications
    • Parent Category Link: /applications

    The challenge

    • Typically your business wants much more than your IT development organization can deliver with the available resources at the requested quality levels.
    • Over-damnd has a negative influence on delivery throughput. IT starts many projects (or features) but has trouble delivering most of them within the set parameters of scope, time, budget, and quality. Some requested deliverables may even be of questionable value to the business.
    • You may not have the right project portfolio management (PPM) strategy to bring order in IT's delivery activities and to maximize business value.

    Our advice

    Insight

    • Many in IT mix PPM and project management. Your project management playbook does not equate to the holistic view a real PPM practice gives you.
    • Some organizations also mistake PPM for a set of processes. Processes are needed, but a real strategy works towards tangible goals.
    • PPM works at the strategic level of the company; hence executive buy-in is critical. Without executive support, any effort to reconcile supply and demand will be tough to achieve.

    Impact and results 

    • PPM is a coherent business-aligned strategy that maximizes business value creation across the entire portfolio, rather than in each project.
    • Our methodology tackles the most pressing challenge upfront: get executive buy-in before you start defining your goals. With senior management behind the plan, implementation will become easier.
    • Create PPM processes that are a cultural fit for your company. Define your short and long-term goals for your strategy and support them with fully embedded portfolio management processes.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started.

    Read our executive brief to understand why you should develop a PPM strategy and understand how our methodology can help you. We show you how we can support you.

    Obtain executive buy-in for your strategy

    Ensure your strategy is a cultural fit or cultural-add for your company.

    • Develop a Project Portfolio Management Strategy – Phase 1: Get Executive Buy-In for Your PPM Strategy (ppt)
    • PPM High-Level Supply-Demand Calculator (xls)
    • PPM Strategic Plan Template (ppt)
    • PPM Strategy-Process Goals Translation Matrix Template (xls)

    Align the PPM processes to your company's strategic goals

    Use the advice and tools in this stage to align the PPM processes.

    • Develop a Project Portfolio Management Strategy – Phase 2: Align PPM Processes to Your Strategic Goals (ppt)
    • PPM Strategy Development Tool (xls)

    Refine and complete your plan

    Use the inputs from the previous stages and add a cost-benefit analysis and tool recommendation.

    • Streamline Application Maintenance – Phase 3: Optimize Maintenance Capabilities (ppt)

    Streamline your maintenance delivery

    Define quality standards in maintenance practices. Enforce these in alignment with the governance you have set up. Show a high degree of transparency and open discussions on development challenges.

    • Develop a Project Portfolio Management Strategy – Phase 3: Complete Your PPM Strategic Plan (ppt)
    • Project Portfolio Analyst / PMO Analyst (doc)

     

     

    Define Your Cloud Vision

    • Buy Link or Shortcode: {j2store}448|cart{/j2store}
    • member rating overall impact (scale of 10): 9.5/10 Overall Impact
    • member rating average dollars saved: $182,333 Average $ Saved
    • member rating average days saved: 28 Average Days Saved
    • Parent Category Name: Cloud Strategy
    • Parent Category Link: /cloud-strategy

    The cloud permeates the enterprise technology discussion. It can be difficult to separate the hype from the value. Should everything go to the cloud, or is that sentiment stoked by vendors looking to boost their bottom lines? Not everything should go to the cloud, but coming up with a systematic way to determine what belongs where is increasingly difficult as offerings get more complex.

    Our Advice

    Critical Insight

    Don’t think about the cloud as an inevitable next step for all workloads. The cloud is merely another tool in the toolbox, ready to be used when appropriate and put away when it’s not needed. Cloud-first isn’t always the way to go.

    Impact and Result

    • Evaluate workloads’ suitability for the cloud using Info-Tech’s methodology to select the optimal migration (or non-migration) path based on the value of cloud characteristics.
    • Codify risks tied to workloads’ cloud suitability and plan mitigations.
    • Build a roadmap of initiatives for actions by workload and risk mitigation.
    • Define a cloud vision to share with stakeholders.

    Define Your Cloud Vision Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define Your Cloud Vision – A step-by-step guide to generating, validating, and formalizing your cloud vision.

    The cloud vision storyboard walks readers through the process of generating, validating and formalizing a cloud vision, providing a framework and tools to assess workloads for their cloud suitability and risk.

    • Define Your Cloud Vision – Phases 1-4

    2. Cloud Vision Executive Presentation – A document that captures the results of the exercises, articulating use cases for cloud/non-cloud, risks, challenges, and high-level initiative items.

    The executive summary captures the results of the vision exercise, including decision criteria for moving to the cloud, risks, roadblocks, and mitigations.

    • Cloud Vision Executive Presentation

    3. Cloud Vision Workbook – A tool that facilitates the assessment of workloads for appropriate service model, delivery model, support model, and risks and roadblocks.

    The cloud vision workbook comprises several assessments that will help you understand what service model, delivery model, support model, and risks and roadblocks you can expect to encounter at the workload level.

    • Cloud Vision Workbook
    [infographic]

    Workshop: Define Your Cloud Vision

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand the Cloud

    The Purpose

    Align organizational goals to cloud characteristics.

    Key Benefits Achieved

    An understanding of how the characteristics particular to cloud can support organizational goals.

    Activities

    1.1 Generate corporate goals and cloud drivers.

    1.2 Identify success indicators.

    1.3 Explore cloud characteristics.

    1.4 Explore cloud service and delivery models.

    1.5 Define cloud support models and strategy components.

    1.6 Create state summaries for the different service and delivery models.

    1.7 Select workloads for further analysis.

    Outputs

    Corporate cloud goals and drivers

    Success indicators

    Current state summaries

    List of workloads for further analysis

    2 Assess Workloads

    The Purpose

    Evaluate workloads for cloud value and action plan.

    Key Benefits Achieved

    Action plan for each workload.

    Activities

    2.1 Conduct workload assessment using the Cloud Strategy Workbook tool.

    2.2 Discuss assessments and make preliminary determinations about the workloads.

    Outputs

    Completed workload assessments

    Workload summary statements

    3 Identify and Mitigate Risks

    The Purpose

    Identify and plan to mitigate potential risks in the cloud project.

    Key Benefits Achieved

    A list of potential risks and plans to mitigate them.

    Activities

    3.1 Generate a list of risks and potential roadblocks associated with the cloud.

    3.2 Sort risks and roadblocks and define categories.

    3.3 Identify mitigations for each identified risk and roadblock

    3.4 Generate initiatives from the mitigations.

    Outputs

    List of risks and roadblocks, categorized

    List of mitigations

    List of initiatives

    4 Bridge the Gap and Create the Strategy

    The Purpose

    Clarify your vision of how the organization can best make use of cloud and build a project roadmap.

    Key Benefits Achieved

    A clear vision and a concrete action plan to move forward with the project.

    Activities

    4.1 Review and assign work items.

    4.2 Finalize the decision framework for each of the following areas: service model, delivery model, and support model.

    4.3 Create a cloud vision statement

    Outputs

    Cloud roadmap

    Finalized task list

    Formal cloud decision rubric

    Cloud vision statement

    5 Next Steps and Wrap-Up

    The Purpose

    Complete your cloud vision by building a compelling executive-facing presentation.

    Key Benefits Achieved

    Simple, straightforward communication of your cloud vision to key stakeholders.

    Activities

    5.1 Build the Cloud Vision Executive Presentation

    Outputs

    Completed cloud strategy executive presentation

    Completed Cloud Vision Workbook.

    Further reading

    Define Your Cloud Vision

    Define your cloud vision before it defines you

    Analyst perspective

    Use the cloud’s strengths. Mitigate its weaknesses.

    The cloud isn’t magic. It’s not necessarily cheaper, better, or even available for the thing you want it to do. It’s not mysterious or a cure-all, and it does take a bit of effort to systematize your approach and make consistent, defensible decisions about your cloud services. That’s where this blueprint comes in.

    Your cloud vision is the culmination of this effort all boiled down into a single statement: “This is how we want to use the cloud.” That simple statement should, of course, be representative of – and built from – a broader, contextual strategy discussion that answers the following questions: What should go to the cloud? What kind of cloud makes sense? Should the cloud deployment be public, private, or hybrid? What does a migration look like? What risks and roadblocks need to be considered when exploring your cloud migration options? What are the “day 2” activities that you will need to undertake after you’ve gotten the ball rolling?

    Taken as a whole, answering these questions is difficult task. But with the framework provided here, it’s as easy as – well, let’s just say it’s easier.

    Jeremy Roberts

    Research Director, Infrastructure and Operations

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • You are both extrinsically motivated to move to the cloud (e.g. by vendors) and intrinsically motivated by internal digital transformation initiatives.
    • You need to define the cloud’s true value proposition for your organization without assuming it is an outsourcing opportunity or will save you money.
    • Your industry, once cloud-averse, is now normalizing the use of cloud services, but you have not established a basic cloud vision from which to develop a strategy at a later point.

    Common Obstacles

    • Organizations jump to the cloud before defining their cloud vision and without any clear plan for realizing the cloud’s benefits.
    • Many organizations have a foot in the cloud already, but these decisions have been made in an ad hoc rather than systematic fashion.
    • You lack a consistent framework to assess your workloads’ suitability for the cloud.

    Info-Tech's Approach

    • Evaluate workloads’ suitability for the cloud using Info-Tech’s methodology to select the optimal migration (or non-migration) path based on the value of cloud characteristics.
    • Codify risks tied to workloads’ cloud suitability and plan mitigations.
    • Build a roadmap of initiatives for actions by workload and risk mitigation.
    • Define a cloud vision to share with stakeholders.

    Info-Tech Insight: 1) Base migration decisions on cloud characteristics. If your justification for the migration is simply getting your workload out of the data center, think again. 2) Address the risks up front in your migration plan. 3) The cloud changes roles and calls for different skill sets, but Ops is here to stay.

    Your challenge

    This research is designed to help organizations who need to:

    • Identify workloads that are good candidates for the cloud.
    • Develop a consistent, cost-effective approach to cloud services.
    • Outline and mitigate risks.
    • Define your organization’s cloud archetype.
    • Map initiatives on a roadmap.
    • Communicate your cloud vision to stakeholders so they can understand the reasons behind a cloud decision and differentiate between different cloud service and deployment models.
    • Understand the risks, roadblocks, and limitations of the cloud.

    “We’re moving from a world where companies like Oracle and Microsoft and HP and Dell were all critically important to a world where Microsoft is still important, but Amazon is now really important, and Google also matters. The technology has changed, but most of the major vendors they’re betting their business on have also changed. And that’s super hard for people..” –David Chappell, Author and Speaker

    Common obstacles

    These barriers make this challenge difficult to address for many organizations:

    • Organizations jump to the cloud before defining their cloud vision and without any clear plan for realizing the cloud’s benefits.
    • Many organizations already have a foot in the cloud, but the choice to explore these solutions was made in an ad hoc rather than systematic fashion. The cloud just sort of happened.
    • The lack of a consistent assessment framework means that some workloads that probably belong in the cloud are kept on premises or with hosted services providers – and vice versa.
    • Securing cloud expertise is remarkably difficult – especially in a labor market roiled by the global pandemic and the increasing importance of cloud services.

    Standard cloud challenges

    30% of all cloud spend is self-reported as waste. Many workloads that end up in the cloud don’t belong there. Many workloads that do belong in the cloud aren’t properly migrated. (Flexera, 2021)

    44% of respondents report themselves as under-skilled in the cloud management space. (Pluralsight, 2021)

    Info-Tech’s approach

    Goals and drivers

    • Service model
      • What type of cloud makes the most sense for workload archetypes? When does it make sense to pick SaaS over IaaS, for example?
    • Delivery model
      • Will services be delivered over the public cloud, a private cloud, or a hybrid cloud? What challenges accompany this decision?
    • Migration Path
      • What does the migration path look like? What does the transition to the cloud look like, and how much effort will be required? Amazon’s 6Rs framework captures migration options: rehosting, repurchasing, replatforming, and refactoring, along with retaining and retiring. Each workload should be assessed for its suitability for one or more of these paths.
    • Support model
      • How will services be provided? Will staff be trained, new staff hired, a service provider retained for ongoing operations, or will a consultant with cloud expertise be brought on board for a defined period? The appropriate support model is highly dependent on goals along with expected outcomes for different workloads.

    Highlight risks and roadblocks

    Formalize cloud vision

    Document your cloud strategy

    The Info-Tech difference:

    1. Determine the hypothesized value of cloud for your organization.
    2. Evaluate workloads with 6Rs framework.
    3. Identify and mitigate risks.
    4. Identify cloud archetype.
    5. Plot initiatives on a roadmap.
    6. Write action plan statement and goal statement.

    What is the cloud, how is it deployed, and how is service provided?

    Cloud Characteristics

    1. On-demand self-service: the ability to access reosurces instantly without vendor interaction
    2. Broad network access: all services delivered over the network
    3. Resource pooling: multi-tenant environment (shared)
    4. Rapid elasticity: the ability to expand and retract capabilities as needed
    5. Measured service: transparent metering

    Service Model:

    1. Software-as-a-Service: all but the most minor configuration is done by the vendor
    2. Platform-as-a-Service: customer builds the application using tools provided by the provider
    3. Infrastructure-as-a-Service: the customer manages OS, storage, and the application

    Delivery Model

    1. Public cloud: accessible to anyone over the internet; multi-tenant environment
    2. Private cloud: provisioned for a single organization with multiple units
    3. Hybrid cloud: two or more connected clouds; data is portage across them
    4. Community cloud: provisioned for a specific group of organizations

    (National Institute of Standards and Technology)

    A workload-first approach will allow you to take full advantage of the cloud’s strengths

    • Under all but the most exceptional circumstances, good cloud strategies will incorporate different service models. Very few organizations are “IaaS shops” or “SaaS shops,” even if they lean heavily in one direction.
    • These different service models (including non-cloud options like colocation and on-premises infrastructure) each have different strengths. Part of your cloud strategy should involve determining which of the services makes the most sense for you.
    • Own the cloud by understanding which cloud (or non-cloud!) offering makes the most sense for you given your unique context.

    Migration paths

    In a 2016 blog post, Amazon introduced a framework for understanding cloud migration strategies. The framework presented here is slightly modified – including a “relocate” component rather than a “retire” component – but otherwise hews close to the standard.

    These migration paths reflect organizational capabilities and desired outcomes in terms of service models – cloud or otherwise. Retention means keeping the workload where it is, in a datacenter or a colocation service, or relocating to a colocation or hosted software environment. These represent the “non-cloud” migration paths.

    In the graphic on the right, the paths within the red box lead to the cloud. Rehosting means lifting and shifting to an infrastructure environment. Migrating a virtual machine from your VMware environment on premises to Azure Virtual machines is a quick way to realize some benefits from the cloud. Migrating from SQL Server on premises to a cloud-based SQL solution looks a bit more like changing platforms (replatforming). It involves basic infrastructure modification without a substantial architectural component.

    Refactoring is the most expensive of the options and involves engaging the software development lifecycle to build a custom solution, fundamentally rewriting the solution to be cloud native and take advantage of cloud-native architectures. This can result in a PaaS or an IaaS solution.

    Finally, repurchasing means simply going to market and procuring a new solution. This may involve migrating data, but it does not require the migration of components.

    Migration Paths

    Retain (Revisit)

    • Keep the application in its current form, at least for now. This doesn’t preclude revisiting it in the future.

    Relocate

    • Move the workload between datacenters or to a hosted software/colocation provider.

    Rehost

    • Move the application to the cloud (IaaS) and continue to run it in more or less the same form as it currently runs.

    Replatform

    • Move the application to the cloud and perform a few changes for cloud optimizations.

    Refactor

    • Rewrite the application, taking advantage of cloud-native architectures.

    Repurchase

    • Replace with an alternative, cloud-native application and migrate the data.

    Support model

    Support models by characteristic

    Duration of engagement Specialization Flexibility
    Internal IT Indefinite Varies based on nature of business Fixed, permanent staff
    Managed Service Provider Contractually defined General, some specialization Standard offering
    Consultant Project-based Specific, domain-based Entirely negotiable

    IT services, including cloud services, can be delivered and managed in multiple ways depending on the nature of the workload and the organization’s intended path forward. Three high-level options are presented here and may be more or less valuable based on the duration of the expected engagement with the service (temporary or permanent), the skills specialization required, and the flexibility necessary to complete the job.

    By way of example, a highly technical, short-term project with significant flexibility requirements might be a good fit for an expensive consultant, whereas post-implementation maintenance of a cloud email system requires relatively little specialization and flexibility and would therefore be a better fit for internal management.

    There is no universally applicable rule here, but there are some workloads that are generally a good fit for the cloud and others that are not as effective, with that fit being conditional on the appropriate support model being employed.

    Risks, roadblocks, and strategy components

    No two cloud strategies are exactly alike, but all should address 14 key areas. A key step in defining your cloud vision is an assessment of these strategy components. Lower maturity does not preclude an aggressive cloud strategy, but it does indicate that higher effort will be required to make the transition.

    Component Description Component Description
    Monitoring What will system owners/administrators need visibility into? How will they achieve this? Vendor Management What practices must change to ensure effective management of cloud vendors?
    Provisioning Who will be responsible for deploying cloud workloads? What governance will this process be subject to? Finance Management How will costs be managed with the transition away from capital expenditure?
    Migration How will cloud migrations be conducted? What best practices/standards must be employed? Security What steps must be taken to ensure that cloud services meet security requirements?
    Operations management What is the process for managing operations as they change in the cloud? Data Controls How will data residency, compliance, and protection requirements be met in the cloud?
    Architecture What general principles must apply in the cloud environment? Skills and roles What skills become necessary in the cloud? What steps must be taken to acquire those skills?
    Integration and interoperability How will services be integrated? What standards must apply? Culture and adoption Is there a cultural aversion to the cloud? What steps must be taken to ensure broad cloud acceptance?
    Portfolio Management Who will be responsible for managing the growth of the cloud portfolio? Governing bodies What formal governance must be put in place? Who will be responsible for setting standards?

    Cloud archetypes – a cloud vision component

    Once you understand the value of the cloud, your workloads’ general suitability for cloud, and your proposed risks and mitigations, the next step is to define your cloud archetype.

    Your organization’s cloud archetype is the strategic posture that IT adopts to best support the organization’s goals. Info-Tech’s model recognizes seven archetypes, divided into three high-level archetypes.

    After consultation with your stakeholders, and based on the results of the suitability and risk assessment activities, define your archetype. The archetype feeds into the overall cloud vision and provides simple insight into the cloud future state for all stakeholders.

    The cloud vision itself is captured in a “vision statement,” a short summary of the overall approach that includes the overall cloud archetype.

    We can best support the organization's goals by:

    More Cloud

    Less Cloud

    Cloud Focused Cloud-Centric Providing all workloads through cloud delivery.
    Cloud-First Using the cloud as our default deployment model. For each workload, we should ask “why NOT cloud?”
    Cloud Opportunistic Hybrid Enabling the ability to transition seamlessly between on-premises and cloud resources for many workloads.
    Integrated Combining cloud and traditional infrastructure resources, integrating data and applications through APIs or middleware.
    Split Using the cloud for some workloads and traditional infrastructure resources for others.
    Cloud Averse Cloud-Light Using traditional infrastructure resources and limiting our use of the cloud to when it is absolutely necessary.
    Anti-Cloud Using traditional infrastructure resources and avoiding use of the cloud wherever possible.

    Info-Tech’s methodology for defining your cloud vision

    1. Understand the Cloud 2. Assess Workloads 3. Identify and Mitigate Risks 4. Bridge the Gap and Create the Vision
    Phase Steps
    1. Generate goals and drivers
    2. Explore cloud characteristics
    3. Create a current state summary
    4. Select workloads for analysis
    1. Conduct workload assessments
    2. Determine workload future state
    1. Generate risks and roadblocks
    2. Mitigate risks and roadblocks
    3. Define roadmap initiatives
    1. Review and assign work items
    2. Finalize cloud decision framework
    3. Create cloud vision
    Phase Outcomes
    1. List of goals and drivers
    2. Shared understanding of cloud terms
    3. Current state of cloud in the organization
    4. List of workloads to be assessed
    1. Completed workload assessments
    2. Defined workload future state
    1. List of risks and roadblocks
    2. List of mitigations
    3. Defined roadmap initiatives
    1. Cloud roadmap
    2. Cloud decision framework
    3. Completed Cloud Vision Executive Presentation

    Insight summary

    The cloud may not be right for you – and that’s okay!

    Don’t think about the cloud as an inevitable next step for all workloads. The cloud is merely another tool in the toolbox, ready to be used when appropriate and put away when it’s not needed. Cloud first isn’t always the way to go.

    Not all clouds are equal

    It’s not “should I go to the cloud?” but “what service and delivery models make sense based on my needs and risk tolerance?” Thinking about the cloud as a binary can force workloads into the cloud that don’t belong (and vice versa).

    Bottom-up is best

    A workload assessment is the only way to truly understand the cloud’s value. Work from the bottom up, not the top down, understand what characteristics make a workload cloud suitable, and strategize on that basis.

    Your accountability doesn’t change

    You are still accountable for maintaining available, secure, functional applications and services. Cloud providers share some responsibility, but the buck stops where it always has: with you.

    Don’t customize for the sake of customization

    SaaS providers make money selling the same thing to everyone. When migrating a workload to SaaS, work with stakeholders to pursue standardization around a selected platform and avoid customization where possible.

    Best of both worlds, worst of both worlds

    Hybrid clouds are in fashion, but true hybridity comes with additional cost, administration, and other constraints. A convoy moves at the speed of its slowest member.

    The journey matters as much as the destination

    How you get there is as important as what “there” actually is. Any strategy that focuses solely on the destination misses out on a key part of the value conversation: the migration strategy.

    Blueprint benefits

    Cloud Vision Executive Presentation

    This presentation captures the results of the exercises and presents a complete vision to stakeholders including a desired target state, a rubric for decision making, the results of the workload assessments, and an overall risk profile.

    Cloud Vision Workbook

    This workbook includes the standard cloud workload assessment questionnaire along with the results of the assessment. It also includes the milestone timeline for the implementation of the cloud vision.

    Blueprint benefits

    IT Benefits

    • A consistent approach to the cloud takes the guesswork out of deployment decisions and makes it easier for IT to move on to the execution stage.
    • When properly incorporated, cloud services come with many benefits, including automation, elasticity, and alternative architectures (micro-services, containers). The cloud vision project will help IT readers articulate expected benefits and work towards achieving them.
    • A clear framework for incorporating organizational goals into cloud plans.

    Business benefits

    • Simple, well-governed access to high-quality IT resources.
    • Access to the latest and greatest in technology to facilitate remote work.
    • Framework for cost management in the cloud that incorporates OpEx and chargebacks/showbacks. A clear understanding of expected changes to cost modeling is also a benefit of a cloud vision.
    • Clarity for stakeholders about IT’s response (and contribution to) IT strategic initiatives.

    Measure the value of this blueprint

    Don’t take our word for it:

    • The cloud vision material in various forms has been offered for several years, and members have generally benefited substantially, both from cloud vision workshops and from guided implementations led by analysts.
    • After each engagement, we send a survey that asks members how they benefited from the experience. Of 30 responses, the cloud vision research has received an average score of 9.8/10. Real members have found significant value in the process.
    • Additionally, members reported saving between 2 and 120 days (for an average of 17), and financial savings ranged from $1,920 all the way up to $1.27 million, for an average of $170,577.90! If we drop outliers on both ends, the average reported value of a cloud vision engagement is $37, 613.
    • Measure the value by calculating the time saved from using Info-Tech’s framework vs. a home-brewed cloud strategy alternative and by comparing the overall cost of a guided implementation or workshop with the equivalent offering from another firm. We’re confident you’ll come out ahead.

    9.8/10 Average reported satisfaction

    17 Days Average reported time savings

    $37, 613 Average cost savings (adj.)

    Executive Brief Case Study

    Industry: Financial

    Source: Info-Tech workshop

    Anonymous financial institution

    A small East Coast financial institution was required to develop a cloud strategy. This strategy had to meet several important requirements, including alignment with strategic priorities and best practices, along with regulatory compliance, including with the Office of the Comptroller of the Currency.

    The bank already had a significant cloud footprint and was looking to organize and formalize the strategy going forward.

    Leadership needed a comprehensive strategy that touched on key areas including the delivery model, service models, individual workload assessments, cost management, risk management and governance. The output had to be consumable by a variety of audiences with varying levels of technical expertise and had to speak to IT’s role in the broader strategic goals articulated earlier in the year.

    Results

    The bank engaged Info-Tech for a cloud vision workshop and worked through four days of exercises with various IT team members. The bank ultimately decided on a multi-cloud strategy that prioritized SaaS while also allowing for PaaS and IaaS solutions, along with some non-cloud hosted solutions, based on organizational circumstances.

    Bank cloud vision

    [Bank] will provide innovative financial and related services by taking advantage of the multiplicity of best-of-breed solutions available in the cloud. These solutions make it possible to benefit from industry-level innovations, while ensuring efficiency, redundancy, and enhanced security.

    Bank cloud decision workflow

    • SaaS
      • Platform?
        • Yes
          • PaaS
        • No
          • Hosted
        • IaaS
          • Other

    Non-cloud

    Cloud

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this crticial project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off imediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge the take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    Phase 1

    • Call #1: Discuss current state, challenges, etc.
    • Call #2: Goals, drivers, and current state.

    Phase 2

    • Call #3: Conduct cloud suitability assessment for selected workloads.

    Phase 3

    • Call #4: Generate and categorize risks.
    • Call #5: Begin the risk mitigation conversation.

    Phase 4

    • Call #6: Complete the risk mitigation process
    • Call #7: Finalize vision statement and cloud decision framework.

    Workshop Overview

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Offsite day
    Understand the cloud Assess workloads Identify and mitigate risks Bridge the gap and create the strategy Next steps and wrap-up (offsite)
    Activities

    1.1 Introduction

    1.2 Generate corporate goals and cloud drivers

    1.3 Identify success indicators

    1.4 Explore cloud characteristics

    1.5 Explore cloud service and delivery models

    1.6 Define cloud support models and strategy components

    1.7 Create current state summaries for the different service and delivery models

    1.8 Select workloads for further analysis

    2.1 Conduct workload assessments using the cloud strategy workbook tool

    2.2 Discuss assessments and make preliminary determinations about workloads

    3.1 Generate a list of risks and potential roadblocks associated with the cloud

    3.2 Sort risks and roadblocks and define categories

    3.3 Identify mitigations for each identified risk and roadblock

    3.4 Generate initiatives from the mitigations

    4.1 Review and assign work items

    4.2 Finalize the decision framework for each of the following areas:

    • Service model
    • Delivery model
    • Support model

    4.3 Create a cloud vision statement

    5.1 Build the Cloud Vision Executive Presentation
    Deliverables
    1. Corporate goals and cloud drivers
    2. Success indicators
    3. Current state summaries
    4. List of workloads for further analysis
    1. Completed workload assessments
    2. Workload summary statements
    1. List of risks and roadblocks, categorized
    2. List of mitigations
    3. List of initiatives
    1. Finalized task list
    2. Formal cloud decision rubric
    3. Cloud vision statement
    1. Completed cloud strategy executive presentation
    2. Completed cloud vision workbook

    Understand the cloud

    Build the foundations of your cloud vision

    Phase 1

    Phase 1

    Understand the Cloud

    Phase 1

    1.1 Generate goals and drivers

    1.2 Explore cloud characteristics

    1.3 Create a current state summary

    1.4 Select workloads for analysis

    Phase 2

    2.1 Conduct workload assessments

    2.2 Determine workload future states

    Phase 3

    3.1 Generate risks and roadblocks

    3.2 Mitigate risks and roadblocks

    3.3 Define roadmap initiatives

    Phase 4

    4.1 Review and assign work items

    4.2 Finalize cloud decision framework

    4.3 Create cloud vision

    This phase will walk you through the following activities:

    1.1.1 Generate organizational goals

    1.1.2 Define cloud drivers

    1.1.3 Define success indicators

    1.3.1 Record your current state

    1.4.1 Select workloads for further assessment

    This phase involves the following participants:

    IT management, the core working group, security, infrastructure, operations, architecture, engineering, applications, non-IT stakeholders.

    It starts with shared understanding

    Stakeholders must agree on overall goals and what “cloud” means

    The cloud is a nebulous term that can reasonably describe services ranging from infrastructure as a service as delivered by providers like Amazon Web Services and Microsoft through its Azure platform, right up to software as a service solutions like Jira or Salesforce. These solutions solve different problems – just because your CRM would be a good fit for a migration to Salesforce doesn’t mean the same system would make sense in Azure or AWS.

    This is important because the language we use to talk about the cloud can color our approach to cloud services. A “cloud-first” strategy will mean something different to a CEO with a concept of the cloud rooted in Salesforce than it will to a system administrator who interprets it to mean a transition to cloud-hosted virtual machines.

    Add to this the fact that not all cloud services are hosted externally by providers (public clouds) and the fact that multiple delivery models can be engaged at once through hybrid or multi-cloud approaches, and it’s apparent that a shared understanding of the cloud is necessary for a coherent strategy to take form.

    This phase proceeds in four steps, each governed by the principle of shared understanding. The first requires a shared understanding of corporate goals and drivers. Step 2 involves coming to a shared understanding of the cloud’s unique characteristics. Step 3 requires a review of the current state. Finally, in Step 4, participants will identify workloads that are suitable for analysis as candidates for the cloud.

    Step 1.1

    Generate goals and drivers

    Activities

    1.1.1 Define organizational goals

    1.1.2 Define cloud drivers

    1.1.3 Define success indicators

    Generate goals and drivers

    Explore cloud characteristics

    Create a current state summary

    Select workloads for analysis

    This step involves the following participants:

    • IT management
    • Core working group
    • Security
    • Applications
    • Infrastructure
    • Service management
    • Leadership

    Outcomes of this step

    • List of organizational goals
    • List of cloud drivers
    • Defined success indicators

    What can the cloud do for you?

    The cloud is not valuable for its own sake, and not all users derive the same value

    • The cloud is characterized by on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. Any or all of those characteristics might be enough to make the cloud appealing, but in most cases, there is an overriding driver.
    • Multiple paths may lead to the cloud. Consider an organization with a need to control costs by showing back to business units, or perhaps by reducing capital expenditure – the cloud may be the most appropriate way to effect these changes. Conversely, an organization expanding rapidly and with a need to access the latest and greatest technology might benefit from the elasticity and pooled resources that major cloud providers can offer.
    • In these cases, the destination might be the same (a cloud solution) but the delivery model – public, private, or hybrid – and the decisions made around the key strategy components, including architecture, provisioning, and cost management, will almost certainly be different.
    • Defining goals, understanding cloud drivers, and – crucially – understanding what success means, are all therefore essential elements of the cloud vision process.

    1.1.1 Generate organizational goals

    1-3 hours

    Input

    • Strategy documentation

    Output

    • Organizational goals

    Materials

    • Whiteboard (digital/physical)

    Participants

    • IT leadership
    • Infrastructure
    • Applications
    • Security
    1. As a group, brainstorm organizational goals, ideally based on existing documentation
      • Review relevant corporate and IT strategies.
      • If you do not have access to internal documentation, review the standard goals on the next slide and select those that are most relevant for you.
    2. Record the most important business goals in the Cloud Vision Executive Presentation. Include descriptions where possible to ensure wide readability.
    3. Make note of these goals. They should inform the answers to prompts offered in the Cloud Vision Workbook and should be a consistent presence in the remainder of the visioning exercise. If you’re conducting the session in person, leave the goals up on a whiteboard and make reference to them throughout the workshop.

    Cloud Vision Executive Presentation

    Standard COBIT 19 enterprise goals

    1. Portfolio of competitive products and services
    2. Managed business risk
    3. Compliance with external laws and regulations
    4. Quality of financial information
    5. Customer-oriented service culture
    6. Business service continuity and availability
    7. Quality of management information
    8. Optimization of internal business process functionality
    9. Optimization of business process costs
    10. Staff skills, motivation, and productivity
    11. Compliance with internal policies
    12. Managed digital transformation programs
    13. Product and business innovation

    1.1.2 Define cloud drivers

    30-60 minutes

    Input

    • Organizational goals
    • Strategy documentation
    • Management/staff perspective

    Output

    • List of cloud drivers

    Materials

    • Sticky notes
    • Whiteboard
    • Markers

    Participants

    • IT leadership
    • Infrastructure
    • Applications
    • Security
    1. Cloud drivers sit at a level of abstraction below organizational goals. Keeping your organizational goals in mind, have each participant in the session write down how they expect to benefit from the cloud on a sticky note.
    2. Solicit input one at a time and group similar responses. Encourage participants to bring forward their cloud goals even if similar goals have been mentioned previously. The number of mentions is a useful way to gauge the relative weight of the drivers.
    3. Once this is done, you should have a few groups of similar drivers. Work with the group to name each category. This name will be the driver reported in the documentation.
    4. Input the results of the exercise into the Cloud Vision Executive Presentation, and include descriptions based on the constituent drivers. For example, if a driver is titled “do more valuable work,” the constituent drivers might be “build cloud skills,” “focus on core products,” and “avoid administration work where possible.” The description would be based on these components.

    Cloud Vision Executive Presentation

    1.1.3 Define success indicators

    1 hour

    Input

    • Cloud drivers
    • Organizational goals

    Output

    • List of cloud driver success indicators

    Materials

    • Whiteboard
    • Markers

    Participants

    • IT leadership
    • Infrastructure
    • Applications
    • Security
    1. On a whiteboard, draw a table with each of the cloud drivers (identified in 1.1.2) across the top.
    2. Work collectively to generate success indicators for each cloud driver. In this case, a success indicator is some way you can report your progress with the stated driver. It is a real-world proxy for the sometimes abstract phenomena that make up your drivers. Think about what would be true if your driver was realized.
      1. For example, if your driver is “faster access to resources,” you might consider indicators like developer satisfaction, project completion time, average time to provision, etc.
    3. Once you are satisfied with your list of indicators, populate the slide in the Cloud Vision Executive Presentation for validation from stakeholders.

    Cloud Vision Executive Presentation

    Step 1.2

    Explore cloud characteristics

    Activities

    Understand the value of the cloud:

    • Review delivery models
    • Review support models
    • Review service models
    • Review migration paths

    Understand the Cloud

    Generate goals and drivers

    Explore cloud characteristics

    Create a current state summary

    Select workloads for analysis

    This step involves the following participants:

    • Core working group
    • Architecture
    • Engineering
    • Security

    Outcomes of this step

    • Understanding of cloud service models and value

    Defining the cloud

    Per NIST, the cloud has five fundamental characteristics. All clouds have these characteristics, even if they are executed in somewhat different ways between delivery models, service models, and even individual providers.

    Cloud characteristics

    On-demand self-service

    Cloud customers are capable of provisioning cloud resources without human interaction (e.g. contacting sales), generally through a web console.

    Broad network access

    Capabilities are designed to be delivered over a network and are generally intended for access by a wide variety of platform types (cloud services are generally device-agnostic).

    Resource pooling

    Multiple customers (internal, in the case of private clouds) make use of a highly abstracted shared infrastructure managed by the cloud provider.

    Rapid elasticity

    Customers are capable of provisioning additional resources as required, pulling from a functionally infinite pool of capacity. Cloud resources can be spun-down when no longer needed.

    Measured service

    Consumption is metered based on an appropriate unit of analysis (number of licenses, storage used, compute cycles, etc.) and billing is transparent and granular.

    Cloud delivery models

    The NIST definition of cloud computing outlines four cloud delivery models: public, private, hybrid, and community clouds. A community cloud is like a private cloud, but it is provisioned for the exclusive use of a like-minded group of organizations, usually in a mutually beneficial, non-competitive arrangement. Universities and hospitals are examples of organizations that can pool their resources in this way without impacting competitiveness. The Info-Tech model covers three key delivery models – public, private, and hybrid, and an overarching model (multi-cloud) that can comprise more than one of the other models – public + public, public + hybrid, etc.

    Public

    The cloud service is provisioned for access by the general public (customers).

    Private

    A private cloud has the five key characteristics, but is provisioned for use by a single entity, like a company or organization.

    Hybrid

    Hybridity essentially refers to interoperability between multiple cloud delivery models (public +private).

    Multi

    A multi-cloud deployment requires only that multiple clouds are used without any necessary interoperability (Nutanix, 2019).

    Public cloud

    This is what people generally think about when they talk about cloud

    • The public cloud is, well, public! Anyone can make use of its resources, and in the case of the major providers, capacity is functionally unlimited. Need to store exabytes of data in the cloud? No problem! Amazon will drive a modified shipping container to your datacenter, load it up, and “migrate” it to a datacenter.
    • Public clouds offer significant variety on the infrastructure side. Major IaaS providers, like Microsoft and Amazon, offer dozens of services across many different categories including compute, networking, and storage, but also identity, containers, machine learning, virtual desktops, and much, much more. (See a list from Microsoft here, and Amazon here)
    • There are undoubtedly strengths to the public cloud model. Providers offer the “latest and greatest” and customers need not worry about the details, including managing infrastructure and physical locations. Providers offer built-in redundancy, multi-regional deployments, automation tools, management and governance solutions, and a variety of leading-edge technologies that would not be feasible for organizations to run in-house, like high performance compute, blockchain, or quantum computing.
    • Of course, the public cloud is not all sunshine and rainbows – there are downsides as well. It can be expensive; it can introduce regulatory complications to have to trust another entity with your key information. Additionally, there can be performance hiccups, and with SaaS products, it can be difficult to monitor at the appropriate (per-transaction) level.

    Prominent examples include:

    AWS

    Microsoft

    Azure

    Salesforce.com

    Workday

    SAP

    Private cloud

    A lower-risk cloud for cloud-averse customers?

    • A cloud is a cloud, no matter how small. Some IT shops deploy private clouds that make use of the five key cloud characteristics but provisioned for the exclusive use of a single entity, like a corporation.
    • Private clouds have numerous benefits. Some potential cloud customers might be uncomfortable with the shared responsibility that is inherent in the public cloud. Private clouds allow customers to deliver flexible, measured services without having to surrender control, but they require significant overhead, capital expenditure, administrative effort, and technical expertise.
    • According to the 2021 State of the Cloud Report, private cloud use is common, and the most frequently cited toolset is VMware vSphere, followed by Azure Stack, OpenStack, and AWS Outposts. Private cloud deployments are more common in larger organizations, which makes sense given the overhead required to manage such an environment.

    Private cloud adoption

    The images shows a graph titled Private Cloud Adoption for Enterprises. It is a horizontal bar graph, with three segments in each bar: dark blue marking currently use; mid blue marking experimenting; and light blue marking plan to use.

    VMware and Microsoft lead the pack among private cloud customers, with Amazon and Red Hat also substantially present across private cloud environments.

    Hybrid cloud

    The best of both worlds?

    Hybrid cloud architectures combine multiple cloud delivery models and facilitate some level of interoperability. NIST suggests bursting and load balancing as examples of hybrid cloud use cases. Note: it is not sufficient to simply have multiple clouds running in parallel – there must be a toolset that allows for an element of cross-cloud functionality.

    This delivery model is attractive because it allows users to take advantage of the strengths of multiple service models using a single management pane. Bursting across clouds to take advantage of additional capacity or disaster recovery capabilities are two obvious use cases that appeal to hybrid cloud users.

    But while hybridity is all the rage (especially given the impact Covid-19 has had on the workplace), the reality is that any hybrid cloud user must take the good with the bad. Multiple clouds and a management layer can be technically complex, expensive, and require maintaining a physical infrastructure that is not especially valuable (“I thought we were moving to the cloud to get out of the datacenter!”).

    Before selecting a hybrid approach through services like VMware Cloud on AWS or Microsoft’s Azure Stack, consider the cost, complexity, and actual expected benefit.

    Amazon, Microsoft, and Google dominate public cloud IaaS, but IBM is betting big on hybrid cloud:

    The image is a screencap of a tweet from IBM News. The tweet reads: IBM CEO Ginni Rometty: Hybrid cloud is a trillion dollar market and we'll be number one #Think2019.

    With its acquisition of Red Hat in 2019 for $34 billion, Big Blue put its money where its mouth is and acquired a substantial hybrid cloud business. At the time of the acquisition, Red Hat’s CEO, Jim Whitehurst, spoke about the benefit IBM expected to receive:

    “Joining forces with IBM gives Red Hat the opportunity to bring more open source innovation to an even broader range of organizations and will enable us to scale to meet the need for hybrid cloud solutions that deliver true choice and agility” (Red Hat, 2019).

    Multi-cloud

    For most organizations, the multi-cloud is the most realistic option.

    Multi-cloud is popular!

    The image shows a graph titled Multi-Cloud Architectures Used, % of all Respondents. The largest percentage is Apps siloed on different clouds, followed by DAta integration between clouds.

    Multi-cloud solutions exist at a different layer of abstraction from public, private, and even hybrid cloud delivery models. A multi-cloud architecture, as the name suggests, requires the user to be a customer of more than one cloud provider, and it can certainly include a hybrid cloud deployment, but it is not bound by the same rules of interoperability.

    Many organizations – especially those with fewer resources or a lack of a use case for a private cloud – rely on a multi-cloud architecture to build applications where they belong, and they manage each environment separately (or occasionally with the help of cloud management platforms).

    If your data team wants to work in AWS and your enterprise services run on basic virtual machines in Azure, that might be the most effective architecture. As the Flexera 2021 State of the Cloud Report suggests, this architecture is far more common than the more complicated bursting or brokering architectures characteristic of hybrid clouds.

    NIST cloud service models

    Software as a service

    SaaS has exploded in popularity with consumers who wish to avail themselves of the cloud’s benefits without having to manage underlying infrastructure components. SaaS is simple, generally billed per-user per-month, and is almost entirely provider-managed.

    Platform as a service

    PaaS providers offer a toolset for their customers to run custom applications and services without the requirement to manage underlying infrastructure components. This service model is ideal for custom applications/services that don’t benefit from highly granular infrastructure control.

    Infrastructure as a service

    IaaS represents the sale of components. Instead of a service, IaaS providers sell access to components, like compute, storage, and networking, allowing for customers to build anything they want on top of the providers’ infrastructure.

    Cloud service models

    • This research focuses on five key service models, each of which has its own strengths and weaknesses. Moving right from “on-prem,” customers gradually give up more control over their environments to cloud service providers.
    • An entirely premises-based environment means that the customer is responsible for everything ranging from the dirt under the datacenter to application-level configurations. Conversely, in a SaaS environment, the provider is responsible for everything but those top-level application configurations.
    • A managed service provider or other third party can manage any or of the components of the infrastructure stack. A service provider may, for example, build a SaaS solution on top of another provider’s IaaS, or might offer configuration assistance with a commercially available SaaS.

    Info-Tech Insight

    Not all workloads fit well in the cloud. Many environments will mix service models (e.g. SaaS for some workloads, some in IaaS, some on-premises), and this can be perfectly effective. It must be consistent and intentional, however.

    On-prem Co-Lo IaaS PaaS SaaS
    Application Application Application Application Application
    Database Database Database Database Database
    Runtime/ Middleware Runtime/ Middleware Runtime/ Middleware Runtime/ Middleware Runtime/ Middleware
    OS OS OS OS OS
    Hypervisor Hypervisor Hypervisor Hypervisor Hypervisor
    Server Network Storage Server Network Storage Server Network Storage Server Network Storage Server Network Storage
    Facilities Facilities Facilities Facilities Facilities

    Organization has control

    Organization or vendor may control

    Vendor has control

    Analytics folly

    SaaS is good, but it’s not a panacea

    Industry: Healthcare

    Source: Info-Tech workshop

    Situation

    A healthcare analytics provider had already moved a significant number of “non-core workloads” to the cloud, including email, HRIS, and related services.

    The company CEO was satisfied with the reduced effort required by IT to manage SaaS-based workloads and sought to extend the same benefits to the core analytics platform where there was an opportunity to reduce overhead.

    Complication

    Many components of the health analytics service were designed to run specifically in a datacenter and were not ready to be migrated to the cloud without significant effort/refactoring. SaaS was not an option because this was a core platform – a SaaS provider would have been the competition.

    That left IaaS, which was expensive and would not bring the expected benefits (reduced overhead).

    Results

    The organization determined that there were no short-term gains from migrating to the cloud. Due to the nature of the application (its extensive customization, the fact that it was a core product sold by the company) any steps to reduce operational overhead were not feasible.

    The CEO recognized that the analytics platform was not a good candidate for the cloud and what distinguished the analytics platform from more suitable workloads.

    Migration paths

    In a 2016 blog post, Amazon Web Services articulated a framework for cloud migration that incorporates elements of the journey as well as the destination. If workload owners do not choose to retain or retire their workloads, there are four alternatives. These alternatives all stack up differently along five key dimensions:

    1. Value: does the workload stand to benefit from unique cloud characteristics? To what degree?
    2. Effort: how much work would be required to make the transition?
    3. Cost: how much money is the migration expected to cost?
    4. Time: how long will the migration take?
    5. Skills: what skills must be brought to bear to complete the migration?

    Not all migration paths can lead to all destinations. Rehosting generally means IaaS, while repurchasing leads to SaaS. Refactoring and replatforming have some variety of outcomes, and it becomes possible to take advantage of new IaaS architectures or migrate workloads over fully to SaaS.

    As part of the workload assessment process, use the five dimensions (expanded upon on the next slide) to determine what migration path makes sense. Preferred migration paths form an important part of the overall cloud vision process.

    Retain (Revisit)

    • Keep the application in its current form, at least for now. This doesn’t preclude revisiting it in the future.

    Retire

    • Get rid of the application completely.

    Rehost

    • Move the application to the cloud (IaaS) and continue to run it in more or less the same form as it currently runs.

    Replatform

    • Move the application to the cloud and perform a few changes for cloud optimizations.

    Refactor

    • Rewrite the application, taking advantage of cloud native architectures.

    Repurchase

    • Replace with an alternative, cloud-native application and migrate the data.

    Migration paths – relative value

    Migration path Value Effort Cost Time Skills
    Retain No real change in the absolute value of the workload if it is retained. No effort beyond ongoing workload maintenance. No immediate hard dollar costs, but opportunity costs and technical debt abound. No time required! (At least not right away…) Retaining requires the same skills it has always required (which may be more difficult to acquire in the future).
    Rehire A retired workload can provide no value, but it is not a drain! Spinning a service down requires engaging that part of the lifecycle. N/A Retiring the service may be simple or complicated depending on its current role. N/A
    Rehost Some value comes with rehosting, but generally components stay the same (VM here vs. a VM there). Minimal effort required, especially with automated tools. The effort will depend on the environment being migrated. Relatively cheap compared to other options. Rehosting infrastructure is the simplest cloud migration path and is useful for anyone in a hurry. Rehosting is the simplest cloud migration path for most workloads, but it does require basic familiarity with cloud IaaS.

    Replatform

    Replatformed workloads can take advantage of cloud-native services (SQL vs. SQLaaS). Replatforming is more effortful than rehosting, but less effortful than refactoring. Moderate cost – does not require fundamental rearchitecture, just some tweaking. Relatively more complicated than a simple rehost, but less demanding than a refactor. Platform and workload expertise is required; more substantial than a simple rehost.
    Refactor A fully formed, customized cloud-based workload that can take advantage of cloud-native architectures is generally quite valuable. Significant effort required based on the requirement to engage the full SDLC. Significant cost required to engage SDLC and rebuild the application/service. The most complicated and time-consuming. The most complicated and time-consuming.
    Repurchase Repurchasing is the quickest way to achieve cloud-native value. There are compromises, however (high cost, vendor-lock-in). Repurchasing is the quickest way to achieve cloud-native value. There are compromises, however (high cost, vendor-lock-in). Repurchasing is the quickest way to achieve cloud-native value. There are compromises, however (high cost, vendor-lock-in). Configuration – especially for massive projects – can be time consuming, but in general repurchasing can be quite fast. Buying software does require knowledge of requirements and integrations, but is otherwise quite simple.

    Where should you get your cloud skills?

    Cloud skills are certainly top of mind right now. With the great upheaval in both work patterns and in the labor market more generally, expertise in cloud-related areas is simultaneously more valuable and more difficult to procure. According to Pluralsight’s 2021 “State of Upskilling” report, 44% of respondents report themselves under-skilled in the cloud management area, making cloud management the most significant skill gap reported on the survey.

    Everyone left the office. Work as we know it is fundamentally altered for a generation or more. Cloud services shot up in popularity by enabling the transition. And yet there is a gap – a prominent gap – in skilling up for this critically important future. What is the cloud manager to do?

    Per the framework presented here, that manager has three essential options. They may take somewhat different forms depending on specific requirements and the quirks of the local market, but the options are:

    1. Train or hire internal resources: This might be easier said than done, especially for more niche skills, but makes sense for workloads that are critical to operations for the long term.
    2. Engage a managed service provider: MSPs are often engaged to manage services where internal IT lacks bandwidth or expertise.
    3. Hire a consultant: Consultants are great for time-bound implementation projects where highly specific expertise is required, such as a migration or implementation project.

    Each model makes sense to some degree. When evaluating individual workloads for cloud suitability, it is critical to consider the support model – both immediate and long term. What makes sense from a value perspective?

    Cloud decisions – summary

    A key component of the Info-Tech cloud vision model is that it is multi-layered. Not every decision must be made at every level. At the workload level, it makes sense to select service models that make sense, but each workload does not need its own defined vision. Workload-level decisions should be guided by an overall strategy but applied tactically, based on individual workload characteristics and circumstances.

    Conversely, some decisions will inevitably be applied at the environment level. With some exceptions, it is unlikely that cloud customers will build an entire private/hybrid cloud environment around a single solution; instead, they will define a broader strategy and fit individual workloads into that strategy.

    Some considerations exist at both the workload and environment levels. Risks and roadblocks, as well as the preferred support model, are concerns that exist at both the environment level and at the workload level.

    The image is a Venn diagram, with the left side titled Workload level, and the right side titled Environment Level. In the left section are: service model and migration path. On the right section are: Overall vision and Delivery model. In the centre section are: support model and Risks and roadblocks.

    Step 1.3

    Create a current state summary

    Activities

    1.3.1 Record your current state

    Understand the Cloud

    Generate goals and drivers

    Explore cloud characteristics

    Create a current state summary

    Select workloads for analysis

    This step involves the following participants: Core working group

    Outcomes of this step

    • Current state summary of cloud solutions

    1.3.1 Record your current state

    30 minutes

    Input

    • Knowledge of existing cloud workloads

    Output

    • Current state cloud summary for service, delivery, and support models

    Materials

    • Whiteboard

    Participants

    • Core working group
    • Infrastructure team
    • Service owners
    1. On a whiteboard (real or virtual) draw a table with each of the cloud service models across the top. Leave a cell below each to list examples.
    2. Under each service model, record examples present in your environment. The purpose of the exercise is to illustrate the existence of cloud services in your environment or the lack thereof, so there is no need to be exhaustive. Complete this in turn for each service model until you are satisfied that you have created an effective picture of your current cloud SaaS state, IaaS state, etc.
    3. Input the results into their own slide titled “current state summary” in the Cloud Vision Executive Presentation.
    4. Repeat for the cloud delivery models and support models and include the results of those exercises as well.
    5. Create a short summary statement (“We are primarily a public cloud consumer with a large SaaS footprint and minimal presence in PaaS and IaaS. We retain an MSP to manage our hosted telephony solution; otherwise, everything is handled in house.”

    Cloud Vision Executive Presentation

    Step 1.4

    Select workloads for current analysis

    Activities

    1.4.1 Select workloads for assessment

    This step involves the following participants:

    • Core working group

    Outcomes of this step

    • List of workloads for assessment

    Understand the cloud

    Generate goals and drivers

    Explore cloud characteristics

    Create a current state summary

    Select workloads for analysis

    1.4.1 Select workloads for assessment

    30 minutes

    Input

    • Knowledge of existing cloud workloads

    Output

    • List of workloads to be assessed

    Materials

    • Whiteboard
    • Cloud Vision Workbook

    Participants

    • Core working group
    • IT management
    1. In many cases, the cloud project is inspired by a desire to move a particular workload or set of workloads. Solicit feedback from the core working group about what these workloads might be. Ask everyone in the meeting to suggest a workload and record each one on a sticky note or white board (virtual or physical).
    2. Discuss the results with the group and begin grouping similar workloads together. They will be subject to the assessments in the Cloud Vision Workbook, so try to avoid selecting too many workloads that will produce similar answers. It might not be obvious, but try to think about workloads that have similar usage patterns, risk levels, and performance requirements, and select a representative group.
    3. You should embrace counterintuition by selecting a workload that you think is unlikely to be a good fit for the cloud if you can and subjecting it to the assessment as well for validation purposes.
    4. When you have a list of 4-6 workloads, record them on tab 2 of the Cloud Vision Workbook.

    Cloud Vision Workbook

    Assess your cloud workloads

    Build the foundations of your cloud vision

    Phase 2

    Phase 2

    Evaluate Cloud Workloads

    Phase 1

    1.1 Generate goals and drivers

    1.2 Explore cloud characteristics

    1.3 Create a current state summary

    1.4 Select workloads for analysis

    Phase 2

    2.1 Conduct workload assessments

    2.2 Determine workload future states

    Phase 3

    3.1 Generate risks and roadblocks

    3.2 Mitigate risks and roadblocks

    3.3 Define roadmap initiatives

    Phase 4

    4.1 Review and assign work items

    4.2 Finalize cloud decision framework

    4.3 Create cloud vision

    This phase will walk you through the following activities:

    • Conduct workload assessments
    • Determine workload future state

    This phase involves the following participants:

    • Subject matter experts
    • Core working group
    • IT management

    Define Your Cloud Vision

    Work from the bottom up and assess your workloads

    A workload-first approach will help you create a realistic vision.

    The concept of a cloud vision should unquestionably be informed by the nature of the workloads that IT is expected to provide for the wider organization. The overall cloud vision is no greater than the sum of its parts. You cannot migrate to the cloud in the abstract. Workloads need to go – and not all workloads are equally suitable for the transition.

    It is therefore imperative to understand which workloads are a good fit for the cloud, which cloud service models make the most sense, how to execute the migration, what support should look like, and what risks and roadblocks you are likely to encounter as part of the process.

    That’s where the Cloud Vision Workbook comes into play. You can use this tool to assess as many workloads as you’d like – most people get the idea after about four – and by the end of the exercise, you should have a pretty good idea about where your workloads belong, and you’ll have a tool to assess any net new or previously unconsidered workloads.

    It’s not so much about the results of the assessment – though these are undeniably important – but about the learnings gleaned from the collaborative assessment exercise. While you can certainly fill out the assessment without any additional input, this exercise is most effective when completed as part of a group.

    Introducing the Cloud Vision Workbook

    • The Cloud Vision Workbook is an Excel tool that answers the age old question: “What should I do with my workloads?”
    • It is divided into eight tabs, each of which offers unique value. Start by reading the introduction and inputting your list of workloads. Work your way through tabs 3-6, completing the suitability, migration, management, and risk and roadblock assessments, and review the results on tab 7.
    • If you choose to go through the full battery of assessments for each workload, expect to answer and weight 111 unique questions across the four assessments. This is an intensive exercise, so carefully consider which assessments are valuable to you, and what workloads you have time to assess.
    • Tab 8 hosts the milestone timeline and captures the results of the phase 3 risk and mitigation exercise.

    Understand Cloud Vision Workbook outputs

    The image shows a graphic with several graphs and lists on it, with sections highlighted with notes. At the top, there's the title Database with the note Workload title (populated from tab 2). Below that, there is a graph with the note Relative suitability of the five service models. The Risks and roadblocks section includes the note: The strategy components – the risks and roadblocks – are captured relative to one another to highlight key focus areas. To the left of that, there is a Notes section with the note Notes populated based on post-assessment discussion. At the bottom, there is a section titled Where should skills be procured?, with the note The radar diagram captures the recommended support model relative to the others (MSP, consultant, internal IT). To the right of that, there is a section titled Migration path, with the note that Ordered list of migration paths. Note: a disconnect here with the suggested service model may indicate an unrealistic goal state.

    Step 2.1

    Conduct workload assessments

    Activities

    2.1.1 Conduct workload assessments

    2.1.2 Interpret your results

    Phase Title

    Conduct workload assessments

    Determine workload future state

    This step involves the following participants:

    • Core working group
    • Workload subject matter experts

    Outcomes of this step

    • Completed workload assessments

    2.1.1 Conduct workload assessments

    2 hours per workload

    Input

    • List of workloads to be assessed

    Output

    • Completed cloud vision assessments

    Materials

    • Cloud Vision Workbook

    Participants

    • Core working group
    • Service owners/workload SMEs
    1. The Cloud Vision Workbook is your one stop shop for all things workload assessment. Open the tool to tab 2 and review the workloads you identified at the end of phase 1. Ensure that these are correct. Once satisfied, project the tool (virtually, if necessary) so that all participants can see the assessment questions.
    2. Work through tabs 3-6, answering the questions and assigning a multiplier for each one. A higher multiplier increases the relative weight of the question, giving it a greater impact on the overall outcome.
    3. Do your best to induce participants to offer opinions. Consensus is not absolutely necessary, but it is a good goal. Ask your participants if they agree with initial responses and occasionally take the opposite position (“I’m surprised you said agree – I would have thought we didn’t care about CapEx vs. OpEx”). Stimulate discussion.
    4. Highlight any questions that you will need to return to or run by someone not present. Include a placeholder answer, as the tool requires all cells to be filled for computation.

    Cloud Vision Workbook

    2.1.2 Interpret your results

    10 minutes

    Input

    • Completed cloud vision assessments

    Output

    • Shared understanding of implications

    Materials

    • Cloud Vision Workbook

    Participants

    • Core working group
    • Service owners/workload SMEs
    1. Once you’ve completed all 111 questions for each workload, you can review your results on tab 7. On tab 7, you will see four populated graphics: cloud suitability, migration path, “where should skills be procured?”, and risks and roadblocks. These represent the components of the overall cloud vision that you will present to stakeholders.
    2. The “cloud suitability” chart captures the service model that the assessment judges to be most suitable for the workload. Ask those present if any are surprised by the output. If there is any disagreement, discuss the source of the surprise and what a more realistic outcome would be. Revisit the assessment if necessary.
    3. Conduct a similar exercise with each of the other outputs. Does it make sense to refactor the workload based on its cloud suitability? Does the fact that we scored so highly on the “consultant” support model indicate something about how we handle upskilling internally? Does the profile of risks and roadblocks identified here align with expectations? What should be ranked higher? What about lower?
    4. Once everyone is generally satisfied with the results, close the tool and take a break! You’ve earned it.

    Cloud Vision Workbook

    Understand the cloud strategy components

    Each cloud strategy will take a slightly different form, but all should contain echoes of each of these components. This process will help you define your vision and direction, but you will need to take steps to execute on that vision. The remainder of the cloud strategy, covered in the related blueprint Document Your Cloud Strategy comprises these fourteen topics divided across three categories: people, governance, and technology. The workload assessment covers these under risks and roadblocks and highlights areas that may require specific additional attention. When interpreting the results, think of these areas as comprising things that you will need to do to make your vision a reality.

    People

    • Skills and roles
    • Culture and adoption
    • Governing bodies

    Governance

    • Architecture
    • Integration and interoperability
    • Operations management
    • Cloud portfolio management
    • Cloud vendor management
    • Finance management
    • Security
    • Data controls

    Technology

    • Monitoring
    • Provisioning
    • Migration

    Strategy component: People

    People form the core of any good strategy. As part of your cloud vision, you will need to understand the implications a cloud transition will have on your staff and users, whether those users are internal or external.

    Component Description Challenges
    Skills and roles The move to the cloud will require staff to learn how to handle new technology and new operational processes. The cloud is a different way of procuring IT resources and may require the definition of new roles to handle things like cost management and provisioning. Staff may not have the necessary experience to migrate to a cloud environment or to effectively manage resources once the cloud transition is made. Cloud skills are difficult to hire for, and with the ever-changing nature of the platforms themselves, this shows no sign of abating. Redefining roles can also be politically challenging and should be done with due care and consideration.
    Culture and adoption If you build it, they will come…right? It is not always the case that a new service immediately attracts users. Ensuring that organizational culture aligns with the cloud vision is a critical success factor. Equally important is ensuring that cloud resources are used as intended. Those unfamiliar with cloud resources may be less willing to learn to use them. If alternatives exist (e.g. a legacy service that has not been shut down), or if those detractors are influential, this resistance may impede your cloud execution. Also, if the cloud transition involves significant effort or a fundamental rework (e.g. a DevOps transition) this role redefinition could cause some internal turmoil.
    Governing bodies A large-scale cloud deployment requires formal governance. Formal governance requires a governing body that is ultimately responsible for designing the said governance. This could take the form of a “center of excellence” or may rest with a single cloud architect in a smaller, less complicated environment. Governance is difficult. Defining responsibilities in a way that includes all relevant stakeholders without paralyzing the decision-making process is difficult. Implementing suggestions is a challenge. Navigating the changing nature of service provision (who can provision their own instances or assign licenses?) can be difficult as well. All these concerns must be addressed in a cloud strategy.

    Strategy component: Governance

    Without guardrails, the cloud deployment will grow organically. This has strengths (people tend to adopt solutions that they select and deploy themselves), but these are more than balanced out by the drawbacks that come with inconsistency, poor administration, duplication of services, suboptimal costing, and any number of other unique challenges. The solution is to develop and deploy governance. The following list captures some of the necessary governance-related components of a cloud strategy.

    Component Description Challenges
    Architecture Enterprise architecture is an important function in any environment with more than one interacting workload component (read: any environment). The cloud strategy should include an approach to defining and implementing a standard cloud architecture and should assign responsibility to an individual or group. Sometimes the cloud transition is inspired by the desire to rearchitect. The necessary skills and knowledge may not be readily available to design and transition to a microservices-based environment, for example, vs. a traditional monolithic application architecture. The appropriateness of a serverless environment may not be well understood, and it may be the case that architects are unfamiliar with cloud best practices and reference architectures.
    Integration and interoperability Many services are only highly functional when integrated with other services. What is a database without its front-end? What is an analytics platform without its data lake? For the cloud vision to be properly implemented, a strategy for handling integration and interoperability must be developed. It may be as simple as “all SaaS apps must be compatible with Okta” but it must be there. Migration to the cloud may require a fundamentally new approach to integration, moving away from a point-to-point integrations and towards an ESB or data lake. In many cases, this is easier said than done. Centralization of management may be appealing, but legacy applications – or those acquired informally in a one-off fashion – might not be so easy to integrate into a central management platform.
    Operations management Service management (ITIL processes) must be aligned with your overall cloud strategy. Migrating to the cloud (where applicable) will require refining these processes, including incident, problem, request, change, and configuration management, to make them more suitable for the cloud environment. Operations management doesn’t go away in the cloud, but it does change in line with the transition to shared responsibility. Responding to incidents may be more difficult on the cloud when troubleshooting is a vendor’s responsibility. Change management in a SaaS environment may be more receptive than staff are used to as cloud providers push changes out that cannot be rolled back.

    Strategy component: Governance (cont.)

    Component Description Challenges
    Cloud portfolio management This component refers to the act of managing the portfolio of cloud services that is available to IT and to business users. What requirements must a SaaS service meet to be onboarded into the environment? How do we account for exceptions to our IaaS policy? What about services that are only available from a certain provider? Rationalizing services offers administrative benefits, but may make some tasks more difficult for end users who have learned things a certain way or rely on niche toolsets. Managing access through a service catalog can also be challenging based on buy-in and ongoing administration. It is necessary to develop and implement policy.
    Cloud vendor management Who owns the vendor management function, and what do their duties entail? What contract language must be standard? What does due diligence look like? How should negotiations be conducted? What does a severing of the relationship look like? Cloud service models are generally different from traditional hosted software and even from each other (e.g. SaaS vs. PaaS). There is a bit of a learning curve when it comes to dealing with vendors. Also relevant: the skills that it takes to build and maintain a system are not necessarily the same as those required to coherently interact with a cloud vendor.
    Finance management Cloud services are, by definition, subject to a kind of granular, operational billing that many shops might not be used to. Someone will need to accurately project and allocate costs, while ensuring that services are monitored for cost abnormalities. Cloud cost challenges often relate to overall expense (“the cloud is more expensive than an alternative solution”), expense variability (“I don’t know what my budget needs to be this quarter”), and cost complexity (“I don’t understand what I’m paying for – what’s an Elastic Beanstalk?”).
    Security The cloud is not inherently more or less secure than a premises-based alternative, though the risk profile can be different. Applying appropriate security governance to ensure workloads are compliant with security requirements is an essential component of the strategy.

    Technical security architecture can be a challenge, as well as navigating the shared responsibility that comes with a cloud transition. There are also a plethora of cloud-specific security tools like cloud access security brokers (CASBs), cloud security posture management (CSPM) solutions, and even secure access services edge (SASE) technology.

    Data controls Data residency, classification, quality, and protection are important considerations for any cloud strategy. With cloud providers taking on outsized responsibility, understanding and governing data is essential. Cloud providers like to abstract away from the end user, and while some may be able to guarantee residency, others may not. Additionally, regulations may prevent some data from going to the cloud, and you may need to develop a new organizational backup strategy to account for the cloud.

    Strategy component: Technology

    Good technology will never replace good people and effective process, but it remains important in its own right. A migration that neglects the undeniable technical components of a solid cloud strategy is doomed to mediocrity at best and failure at worst. Understanding the technical implications of the cloud vision – particularly in terms of monitoring, provisioning, and migration – makes all the difference. You can interpret the results of the cloud workload assessments by reviewing the details presented here.

    Component Description Challenges
    Monitoring The cloud must be monitored in line with performance requirements. Staff must ensure that appropriate tools are in place to properly monitor cloud workloads and that they are capturing adequate and relevant data. Defining requirements for monitoring a potentially unfamiliar environment can be difficult, as can consolidating on a monitoring solution that both meets requirements and covers all relevant areas. There may be some upskilling and integration work required to ensure that monitoring works as required.
    Provisioning How will provisioning be done? Who will be responsible for ensuring the right people have access to the right resources? What tooling must be deployed to support provisioning goals? What technical steps must be taken to ensure that the provisioning is as seamless as possible? There is the inevitable challenge of assigning responsibility and accountability in a changing infrastructure and operations environment, especially if the changes are substantial (e.g. a fundamental operating model shift, reoriented around the cloud). Staff may also need to familiarize themselves with cloud-based provisioning tools like Ansible, Terraform, or even CloudFormation.
    Migration The act of migrating is important as well. In some cases, the migration is as simple as configuring the new environment and turning it up (e.g. with a net new SaaS service). In other cases, the migration itself can be a substantial undertaking, involving large amounts of data, a complicated replatforming/refactoring, and/or a significant configuration exercise.

    Not all migration journeys are created equal, and challenges include a general lack of understanding of the requirements of a migration, the techniques that might be necessary to migrate to a particular cloud (there are many) and the disruption/risk associated with moving large amounts of data. All of these challenges must be considered as part of the overall cloud strategy, whether in terms of architectural principles or skill acquisition (or both!).

    Step 2.2

    Determine workload future state

    Activities

    2.2.1 Determine workload future state

    Conduct workload assessments

    Determine workload future state

    This step involves the following participants:

    • IT management
    • Core working group

    Outcomes of this step

    • Completed workload assessments
    • Defined workload future state

    2.2.1 Determine workload future state

    1-3 hours

    Input

    • Completed workload assessments

    Output

    • Preliminary future state outputs

    Materials

    • Cloud Vision Workbook
    • Cloud Vision Executive Presentation

    Participants

    • Core working group
    • Service owners
    • IT management
    1. After you’ve had a chance to validate your results, refer to tab 7 of the tool, where you will find a blank notes section.
    2. With the working group, capture your answers to each of the following questions:
      1. What service model is the most suitable for the workload? Why?
      2. How will we conduct the migration? Which of the six models makes the most sense? Do we have a backup plan if our primary plan doesn’t work out?
      3. What should the support model look like?
      4. What are some workload-specific risks and considerations that must be taken into account for the workload?
    3. Once you’ve got answers to each of these questions for each of the workloads, include your summary in the “notes” section of tab 7.

    Cloud Vision Executive Presentation

    Paste the output into the Cloud Vision Executive Presentation

    • The Cloud Vision Workbook output is a compact, consumable summary of each workload’s planned future state. Paste each assessment in as necessary.
    • There is no absolutely correct way to present the information, but the output is a good place to start. Do note that, while the presentation is designed to lead with the vision statement, because the process is workload-first, the assessments are populated prior to the overall vision in a bottom-up manner.
    • Be sure to anticipate the questions you are likely to receive from any stakeholders. You may consider preparing for questions like: “What other workloads fit this profile?” “What do we expect the impact on the budget to be?” “How long will this take?” Keep these and other questions in mind as you progress through the vision definition process.

    The image shows the Cloud Vision Workbook output, which was described in an annotated version in an earlier section.

    Info-Tech Insight

    Keep your audience in mind. You may want to include some additional context in the presentation if the results are going to be presented to non-technical stakeholders or those who are not familiar with the terms or how to interpret the outputs.

    Identify and Mitigate Risks

    Build the foundations of your cloud vision

    PHASE 3

    Phase 3

    Identify and Mitigate Risks

    Phase 1

    1.1 Generate goals and drivers

    1.2 Explore cloud characteristics

    1.3 Create a current state summary

    1.4 Select workloads for analysis

    Phase 2

    2.1 Conduct workload assessments

    2.2 Determine workload future states

    Phase 3

    3.1 Generate risks and roadblocks

    3.2 Mitigate risks and roadblocks

    3.3 Define roadmap initiatives

    Phase 4

    4.1 Review and assign work items

    4.2 Finalize cloud decision framework

    4.3 Create cloud vision

    This phase will walk you through the following activities:

    • Generate risks and roadblocks
    • Mitigate risks and roadblocks
    • Define roadmap initiatives

    This phase involves the following participants:

    • Core working group
    • Workload subject matter experts

    You know what you want to do, but what do you have to do?

    What questions remain unanswered?

    There are workload-level risks and roadblocks, and there are environment-level risks. This phase is focused primarily on environment-level risks and roadblocks, or those that are likely to span multiple workloads (but this is not hard and fast rule – anything that you deem worth discussing is worth discussing). The framework here calls for an open forum where all stakeholders – technical and non-technical, pro-cloud and anti-cloud, management and individual contributor – have an opportunity to articulate their concerns, however specific or general, and receive feedback and possible mitigation.

    Start by soliciting feedback. You can do this over time or in a single session. Encourage anyone with an opinion to share it. Focus on those who are likely to have a perspective that will become relevant at some point during the creation of the cloud strategy and the execution of any migration. Explain the preliminary direction; highlight any major changes that you foresee. Remind participants that you are not looking for solutions (yet), but that you want to make sure you hear any and every concern as early as possible. You will get feedback and it will all be valuable.

    Before cutting your participants loose, remind them that, as with all business decisions, the cloud comes with trade-offs. Not everyone will have every wish fulfilled, and in some cases, significant effort may be needed to get around a roadblock, risks may need to be accepted, and workloads that looked like promising candidates for one service model or another may not be able to realize that potential. This is a normal and expected part of the cloud vision process.

    Once the risks and roadblocks conversation is complete, it is the core working group’s job to propose and validate mitigations. Not every risk can be completely resolved, but the cloud has been around for decades – chances are someone else has faced a similar challenge and made it through relatively unscathed. That work will inevitably result in initiatives for immediate execution. Those initiatives will form the core of the initiative roadmap that accompanies the completed Cloud Vision Executive Presentation.

    Step 3.1

    Generate risks and roadblocks

    Activities

    3.1.1 Generate risks and roadblocks

    3.1.2 Generate mitigations

    Identify and mitigate risks

    Generate risks and roadblocks

    Mitigate risks and roadblocks

    Define roadmap initiatives

    This step involves the following participants:

    • Core working group
    • IT management
    • Infrastructure
    • Applications
    • Security
    • Architecture

    Outcomes of this step

    • List of risks and roadblocks

    Understand risks and roadblocks

    Risk

    • Something that could potentially go wrong.
    • You can respond to risks by mitigating them:
      • Eliminate: take action to prevent the risk from causing issues.
      • Reduce: take action to minimize the likelihood/severity of the risk.
      • Transfer: shift responsibility for the risk away from IT, towards another division of the company.
      • Accept: where the likelihood or severity is low, it may be prudent to accept that the risk could come to fruition.

    Roadblock

    • There are things that aren’t “risks” that we care about when migrating to the cloud.
    • We know, for example, that a complicated integration situation will create work items for any migration – this is not an “unknown.”
    • We respond to roadblocks by generating work items.

    3.1.1 Generate risks and roadblocks

    1.5 hours

    Input

    • Completed cloud vision assessments

    Output

    • List of risks and roadblocks

    Materials

    • Whiteboard
    • Sticky notes

    Participants

    • Core working group
    • Service owners/workload SMEs
    • Anyone with concerns about the cloud
    1. Gather your core working group – and really anyone with an intelligent opinion on the cloud – into a single meeting space. Give the group 5-10 minutes to list anything they think could present a difficulty in transitioning workloads to the cloud. Write each risk/roadblock on its own sticky note. You will never be 100% exhaustive, but don’t let anything your users care about go unaddressed.
    2. Once everyone has had time to write down their risks and roadblocks, have everyone share one by one. Make sure you get them all. Overlap in risks and roadblocks is okay! Group similar concerns together to give a sort of heat map of what your participants are concerned about. (This is called “affinity diagramming.”)
    3. Assign names to these categories. Many of these categories will align with the strategy components discussed in the previous phase (governance, security, etc.) but some will be specific whether by nature or by degree.
    4. Sort each of the individual risks into its respective category, collapsing any exact duplicates, and leaving room for notes and mitigations (see the next slide for a visual).

    Understand risks and roadblocks

    The image is two columns--on the left, the column is titled Affinity Diagramming. Below the title, there are many colored blocks, randomly arranged. There is an arrow pointing right, to the same coloured blocks, now sorted by colour. In the right column--titled Categorization--each colour has been assigned a category, with subcategories.

    Step 3.2

    Mitigate risks and roadblocks

    Activities

    3.2.1 Generate mitigations

    Identify and mitigate risks

    Generate risks and roadblocks

    Mitigate risks and roadblocks

    Define roadmap initiatives

    This step involves the following participants:

    • Core working group

    Outcomes of this step

    • List of mitigations

    Is the public cloud less secure?

    This is the key risk-related question that most cloud customers will have to answer at some point: does migrating to the cloud for some services increase their exposure and create a security problem?

    As with all good questions, the answer is “it depends.” But what does it depend on? Consider these cloud risks and potential mitigations:

    1. Misconfiguration: An error grants access to unauthorized parties (as happened to Capital One in 2019). This can be mitigated by careful configuration management and third-party tooling.
    2. Unauthorized access by cloud provider/partner employees: Though rare, it is possible that a cloud provider or partner can be a vector for a breach. Careful contract language, choosing to own your own encryption keys, and a hybrid approach (storing data on-premises) are some possible ways to address this problem.
    3. Unauthorized access to systems: Cloud services are designed to be accessed from anywhere and may be accessed by malicious actors. Possible mitigations include risk-based conditional access, careful identity access management, and logging and detection.

    “The cloud is definitely more secure in that you have much more control, you have much more security tooling, much more visibility, and much more automation. So it is more secure. The caveat is that there is more risk. It is easier to accidentally expose data in the cloud than it is on-premises, but, especially for security, the amount of tooling and visibility you get in cloud is much more than anything we’ve had in our careers on-premises, and that’s why I think cloud in general is more secure.” –Abdul Kittana, Founder, ASecureCloud

    Breach bests bank

    No cloud provider can protect against every misconfiguration

    Industry: Finance

    Source: The New York Times, CNET

    Background

    Capital One is a major Amazon Web Services customer and is even featured on Amazon’s site as a case study. That case study emphasizes the bank’s commitment to the cloud and highlights how central security and compliance were. From the CTO: “Before we moved a single workload, we engaged groups from across the company to build a risk framework for the cloud that met the same high bar for security and compliance that we meet in our on-premises environments. AWS worked with us every step of the way.”

    Complication

    The cloud migration was humming along until July 2019, when the bank suffered a serious breach at the hands of a hacker. That hacker was able to steal millions of credit card applications and hundreds of thousands of Social Security numbers, bank account numbers, and Canadian social insurance numbers.

    According to investigators and to AWS, the breach was caused by an open reverse proxy attack against a misconfigured web app firewall, not by an underlying vulnerability in the cloud infrastructure.

    Results

    Capital One reported that the breach was expected to cost it $150 million, and AWS fervently denied any blame. The US Senate got involved, as did national media, and Capital One’s CEO issued a public apology, writing, “I sincerely apologize for the understandable worry this incident must be causing those affected, and I am committed to making it right.”

    It was a bad few months for IT at Capital One.

    3.2.1 Generate mitigations

    3-4.5 hours

    Input

    • Completed cloud vision assessments

    Output

    • List of risks and roadblocks

    Materials

    • Whiteboard
    • Sticky notes

    Participants

    • Core working group
    • Service owners/workload SMEs
    • Anyone with concerns about the cloud
    1. Recall the four mitigation strategies: eliminate, reduce, transfer, or accept. Keep these in mind as you work through the list of risks and roadblocks with the core working group. For every individual risk or roadblock raised in the initial generation session, suggest a specific mitigation. If the concern is “SaaS providers having access to confidential information,” a mitigation might be encryption, specific contract language, or proof of certifications (or all the above).
    2. Work through this for each of the risks and roadblocks, identifying the steps you need to take that would satisfy your requirements as you understand them.
    3. Once you have gone through the whole list – ideally with input from SMEs in particular areas like security, engineering, and compliance/legal – populate the Cloud Vision Workbook (tab 8) with the risks, roadblocks, and mitigations (sorted by category). Review tab 8 for an example of the output of this exercise.

    Cloud Vision Workbook

    Cloud Vision Workbook – mitigations

    The image shows a large chart titled Risks, roadblocks, and mitigations, which has been annotated with notes.

    Step 3.3

    Define roadmap initiatives

    Activities

    3.3.1 Generate roadmap initiatives

    Identify and mitigate risks

    Generate risks and roadblocks

    Mitigate risks and roadblocks

    Define roadmap initiatives

    This step involves the following participants:

    • Core working group

    Outcomes of this step

    • Defined roadmap initiatives

    3.3.1 Generate roadmap initiatives

    1 hour

    Input

    • List of risk and roadblock mitigations

    Output

    • List of cloud initiatives

    Materials

    • Cloud Vision Workbook

    Participants

    • Core working group
    1. Executing on your cloud vision will likely require you to undertake some key initiatives, many of which have already been identified as part of your mitigation exercise. On tab 8 of the Cloud Vision Workbook, review the mitigations you created in response to the risks and roadblocks identified. Initiatives should generally be assignable to a party and should have a defined scope/duration. For example, “assess all net new applications for cloud suitability” might not be counted as an initiative, but “design a cloud application assessment” would likely be.
    2. Design a timeline appropriate for your specific needs. Generally short-term (less than 3 months), medium-term (3-6 months), and long-term (greater than 6 months) will work, but this is entirely based on preference.
    3. Review and validate the parameters with the working group. Consider creating additional color-coding (highlighting certain tasks that might be dependent on a decision or have ongoing components).

    Cloud Vision Workbook

    Bridge the gap and create the vision

    Build the foundations of your cloud vision

    Phase 4

    Phase 4

    Bridge the Gap and Create the Vision

    Phase 1

    1.1 Generate goals and drivers

    1.2 Explore cloud characteristics

    1.3 Create a current state summary

    1.4 Select workloads for analysis

    Phase 2

    2.1 Conduct workload assessments

    2.2 Determine workload future states

    Phase 3

    3.1 Generate risks and roadblocks

    3.2 Mitigate risks and roadblocks

    3.3 Define roadmap initiatives

    Phase 4

    4.1 Review and assign work items

    4.2 Finalize cloud decision framework

    4.3 Create cloud vision

    This phase will walk you through the following activities:

    • Assign initiatives and propose timelines
    • Build a delivery model rubric
    • Build a service model rubric
    • Built a support model rubric
    • Create a cloud vision statement
    • Map cloud workloads
    • Complete the Cloud Vision presentation

    This phase involves the following participants:

    • IT management, the core working group, security, infrastructure, operations, architecture, engineering, applications, non-IT stakeholders

    Step 4.1

    Review and assign work items

    Activities

    4.1.1 Assign initiatives and propose timelines

    Bridge the gap and create the vision

    Review and assign work items

    Finalize cloud decision framework

    Create cloud vision

    This step involves the following participants:

    • Core working group
    • IT management

    Outcomes of this step

    • Populated cloud vision roadmap

    4.1.1 Assign initiatives and propose timelines

    1 hour

    Input

    • List of cloud initiatives

    Output

    • Initiatives assigned by responsibility and timeline

    Materials

    • Cloud Vision Workbook

    Participants

    • Core working group
    1. Once the list is populated, begin assigning responsibility for execution. This is not a RACI exercise, so focus on the functional responsibility. Once you have determined who is responsible, assign a timeline and include any notes. This will form the basis of a more formal project plan.
    2. To assign the initiative to a party, consider 1) who will be responsible for execution and 2) if that responsibility will be shared. Be as specific as possible, but be sure to be consistent to make it easier for you to sort responsibility later on.
    3. When assigning timelines, we suggest including the end date (when you expect the project to be complete) rather than the start date, though whatever you choose, be sure to be consistent. Make use of the notes column to record anything that you think any other readers will need to be aware of in the future, or details that may not be possible to commit to memory.

    Cloud Vision Workbook

    Step 4.2

    Finalize cloud decision framework

    Activities

    4.2.1 Build a delivery model rubric

    4.2.2 Build a service model rubric

    4.2.3 Build a support model rubric

    Bridge the gap and create the vision

    Review and assign work items

    Finalize cloud decision framework

    Create cloud vision

    This step involves the following participants:

    • Core working group

    Outcomes of this step

    • Cloud decision framework

    4.2.1 Build a delivery model rubric

    1 hour

    Input

    • List of cloud initiatives

    Output

    • Initiatives assigned by responsibility and timeline

    Materials

    Participants

    • Core working group
    1. Now that we have a good understanding of the cloud’s key characteristics, the relative suitability of different workloads for the cloud, and a good understanding of some of the risks and roadblocks that may need to be overcome if a cloud transition is to take place, it is time to formalize a delivery model rubric. Start by listing the delivery models on a white board vertically – public, private, hybrid, and multi-cloud. Include a community cloud option as well if that is feasible for you. Strike any models that do not figure into your vision.
    2. Create a table style rubric for each delivery model. Confer with the working group to determine what characteristics best define workloads suitable for each model. If you have a hybrid cloud option, you may consider workloads that are highly dynamic; a private cloud hosted on-premises may be more suitable for workloads that have extensive regulatory requirements.
    3. Once the table is complete, include it in the Cloud Vision Executive Presentation.

    Cloud Vision Executive Presentation

    Vision for the cloud future state (example)

    Delivery model Decision criteria
    Public cloud
    • Public cloud is the primary destination for all workloads as the goal is to eliminate facilities and infrastructure management
    • Offers features, broad accessibility, and managed updates along with provider-managed facilities and hardware
    Legacy datacenter
    • Any workload that is not a good fit for the public cloud
    • Dependency (like a USB key for license validation)
    • Performance requirements (e.g. workloads highly sensitive to transaction thresholds)
    • Local infrastructure components (firewall, switches, NVR)

    Summary statement: Everything must go! Public cloud is a top priority. Anything that is not compatible (for whatever reason) with a public cloud deployment will be retained in a premises-based server closet (downgraded from a full datacenter). The private cloud does not align with the overall organizational vision, nor does a hybrid solution.

    4.2.2 Build a service model rubric

    1 hour

    Input

    • Output of workload assessments
    • Output of risk and mitigation exercise

    Output

    • Service model rubric

    Materials

    • Whiteboard
    • Cloud Vision Executive Presentation

    Participants

    • Core working group
    1. This next activity is like the delivery model activity, but covers the relevant cloud service models. On a whiteboard, make a vertical list of the cloud service models (SaaS, PaaS, IaaS, etc.) that will be considered for workloads. If you have an order of preference, place your most preferred at the top, your least preferred at the bottom.
    2. Describe the circumstances under which you would select each service model. Do your best to focus on differentiators. If a decision criterion appears for multiple service models, consider refining or excluding it. (For additional information, check out Info-Tech’s Reimagine IT Operations for a Cloud-First World blueprint.)
    3. Create a summary statement to capture your overall service model position. See the next slide for an example. Note: this can be incorporated into your cloud vision statement, so be sure that it reflects your genuine cloud preferences.
    4. Record the results in the Cloud Vision Executive Presentation.

    Cloud Vision Executive Presentation

    Vision for the cloud future state (example)

    Service model Decision criteria
    SaaS

    SaaS first; opt for SaaS when:

    • A SaaS option exists that meets all key business requirements
    • There is a strong desire to have someone else (the vendor) manage infrastructure components/the platform
    • Not particularly sensitive to performance thresholds
    • The goal is to transition management of the workload outside of IT
    • SaaS is the only feasible way to consume the desired service
    PaaS
    • Highly customized service/workload – SaaS not feasible
    • Still preferable to offload as much management as possible to third parties
    • Customization required, but not at the platform level
    • The workload is built using a standard framework
    • We have the time/resources to replatform
    IaaS
    • Service needs to be lifted and shifted out of the datacenter quickly
    • Customization is required at the platform level/there is value in managing components
    • There is no need to manage facilities
    • Performance is not impacted by hosting the workload offsite
    • There is value in right-sizing the workload over time
    On-premises Anything that does not fit in the cloud for performance or other reasons (e.g. licensing key)

    Summary statement: SaaS will be the primary service model. All workloads will migrate to the public cloud where possible. Anything that cannot be migrated to SaaS will be migrated to PaaS. IaaS is a transitory step.

    4.2.3 Build a support model rubric

    1 hour

    Input

    • Results of the cloud workload assessments

    Output

    • Support model rubric

    Materials

    • Whiteboard
    • Cloud Vision Executive Presentation

    Participants

    • Core working group
    1. The final rubric covered here is that for the support model. Where will you procure the skills necessary to ensure the vision’s proper execution? Much like the other rubric activities, write the three support models vertically (in order of preference, if you have one) on a whiteboard.
    2. Next to each model, describe the circumstances under which you would select each support model. Focus on the dimensions: the duration of the engagement, specialization required, and flexibility required. If you have existing rules/practices around hiring consultants/MSPs, consider those as well.
    3. Once you have a good list of decision criteria, form a summary statement. This should encapsulate your position on support models and should mention any notable criteria that will contribute to most decisions.
    4. Record the results in the Cloud Vision Executive Presentation.

    Cloud Vision Executive Presentation

    Vision for the cloud future state (example)

    Support model Decision criteria
    Internal IT

    The primary support model will be internal IT going forward

    • Chosen where the primary work required is administrative
    • Where existing staff can manage the service in the cloud easily and effectively
    • Where the chosen solution fits the SaaS service model
    Consultant
    • Where the work required is time-bound (e.g. a migration/refactoring exercise)
    • Where the skills do not exist in house, and where the skills cannot easily be procured (specific technical expertise required in areas of the cloud unfamiliar to staff)
    • Where opportunities for staff to learn from consultant SMEs are valuable
    • Where ongoing management and maintenance can be handled in house
    MSP
    • Where an ongoing relationship is valued
    • Where ongoing administration and maintenance are disproportionately burdensome on IT staff (or where this administration and maintenance is likely to be burdensome)
    • Where the managed services model has already been proven out
    • Where specific expertise in an area of technology is required but this does not rise to the need to hire an FTE (e.g. telephony)

    Summary statement: Most workloads will be managed in house. A consultant will be employed to facilitate the transition to micro-services in a cloud container environment, but this will be transitioned to in-house staff. An MSP will continue to manage backups and telephony.

    Step 4.3

    Create cloud vision

    Activities

    4.3.1 Create a cloud vision statement

    4.3.2 Map cloud workloads

    4.3.3 Complete the Cloud Vision Presentation

    Review and assign work items

    Finalize cloud decision framework

    Create cloud vision

    This step involves the following participants:

    • Core working group
    • IT management

    Outcomes of this step

    Completed Cloud Vision Executive Presentation

    4.3.1 Create a cloud vision statement

    1 hour

    Input

    • List of cloud initiatives

    Output

    • Initiatives assigned by responsibility and timeline

    Materials

    • Cloud Vision Workbook

    Participants

    • Core working group
    1. Now that you know what service models are appropriate, it’s time to summarize your cloud vision in a succinct, consumable way. A good vision statement should have three components:
      • Scope: Which parts of the organization will the strategy impact?
      • Goal: What is the strategy intended to accomplish?
      • Key differentiator: What makes the new strategy special?
    2. On a whiteboard, make a chart with three columns (one column for each of the features of a good mission statement). Have the group generate a list of words to describe each of the categories. Ideally, the group will produce multiple answers for each category.
    3. Once you’ve gathered a few different responses for each category, have the team put their heads down and generate pithy mission statements that capture the sentiments underlying each category.
    4. Have participants read their vision statements in front of the group. Use the rest of the session to produce a final statement. Record the results in the Cloud Strategy Executive Presentation.

    Example vision statement outputs

    “IT at ACME Corp. hereby commits to providing clients and end users with an unparalleled, productivity-enabling technology experience, leveraging, insofar as it is possible and practical, cloud-based services.”

    “At ACME Corp. our employees and customers are our first priority. Using new, agile cloud services, IT is devoted to eliminating inefficiency, providing cutting-edge solutions for a fast-paced world, and making a positive difference in the lives of our colleagues and the people we serve.”

    As a global leader in technology, ACME Corp. is committed to taking full advantage of new cloud services, looking first to agile cloud options to optimize internal processes wherever efficiency gaps exist. Improved efficiency will allow associates to spend more time on ACME’s core mission: providing an unrivalled customer experience.”

    Scope

    Goal

    Key differentiator

    4.3.2 Map cloud workloads

    1 hour

    Input

    • List of workloads
    • List of acceptable service models
    • List of acceptable migration paths

    Output

    • Workloads mapped by service model/migration path

    Materials

    • Whiteboard
    • Sticky notes

    Participants

    • Core working group
    1. Now that you have defined your overall cloud vision as well as your service model options, consider aligning your service model preferences with your migration path preferences. Draw a table with your expected migration strategies across the top (retain, retire, rehost, replatform, refactor, repurchase, or some of these) and your expected service models across the side.
    2. On individual sticky notes, write a list of workloads in your environment. In a smaller environment, this list can be exhaustive. Otherwise take advantage of the list you created as part of phase 1 along with any additional workloads that warrant discussion.
    3. As a group, go through the list, placing the sticky notes first in the appropriate row based on their characteristics and the decision criteria that have already been defined, and then in the appropriate column based on the appropriate migration path. (See the next slide for an example of what this looks like.)
    4. Record the results in the Cloud Vision Executive Presentation. Note: not every cell will be filled; some migration path/service model combinations are impossible or otherwise undesirable.

    Cloud Vision Executive Presentation

    Example cloud workload map

    Repurchase Replatform Rehost Retain
    SaaS

    Office suite

    AD

    PaaS SQL Database
    IaaS File Storage DR environment
    Other

    CCTV

    Door access

    4.3.3 Complete the Cloud Vision Presentation

    1 hour

    Input

    • List of cloud initiatives

    Output

    • Initiatives assigned by responsibility and timeline

    Materials

    • Cloud Vision Workbook

    Participants

    • Core working group
    1. Open the Cloud Vision Executive Presentation to the second slide and review the templated executive brief. This comprises several sections (see the next slide). Populate each one:
      • Summary of the exercise
      • The cloud vision statement
      • Key cloud drivers
      • Risks and roadblocks
      • Top initiatives and next steps
    2. Review the remainder of the presentation. Be sure to elaborate on any significant initiatives and changes (where applicable) and to delete any slides that you no longer require.

    Cloud Vision Workbook

    Sample cloud vision executive summary

    • From [date to date], a cross-functional group representing IT and its constituents met to discuss the cloud.
    • Over the course of the week, the group identified drivers for cloud computing and developed a shared vision, evaluated several workloads through an assessment framework, identified risks, roadblocks, and mitigations, and finally generated initiatives and next steps.
    • From the process, the group produced a summary and a cloud suitability assessment framework that can be applied at the level of the workload.

    Cloud Vision Statement

    [Organization] will leverage public cloud solutions and retire existing datacenter and colocation facilities. This transition will simplify infrastructure administration, support, and security, while modernizing legacy infrastructure and reducing the need for additional capital expenditure.

    Cloud Drivers Retire the datacenter Do more valuable work
    Right-size the environment Reduce CapEx
    Facilitate ease of mgmt. Work from anywhere
    Reduce capital expenditure Take advantage of elasticity
    Performance and availability Governance Risks and roadblocks
    Security Rationalization
    Cost Skills
    Migration Remaining premises resources
    BC, backup, and DR Control

    Initiatives and next steps

    • Close the datacenter and colocation site in favor of a SaaS-first cloud approach.
    • Some workloads will migrate to infrastructure-as-a-service in the short term with the assistance of third-party consultants.

    Document your cloud strategy

    You did it!

    Congratulations! If you’ve made it this far, you’ve successfully articulated a cloud vision, assessed workloads, developed an understanding (shared with your team and stakeholders) of cloud concepts, and mitigated risks and roadblocks that you may encounter along your cloud journey. From this exercise, you should understand your mission and vision, how your cloud plans will interact with any other relevant strategic plans, and what successful execution looks like, as well as developing a good understanding of overall guiding principles. These are several components of your overall strategy, but they do not comprise the strategy in its entirety.

    How do you fix this?

    First, validate the results of the vision exercise with your stakeholders. Socialize it and collect feedback. Make changes where you think changes should be made. This will become a key foundational piece. The next step is to formally document your cloud strategy. This is a separate project and is covered in the Info-Tech blueprint Document Your Cloud Strategy.

    The vision exercise tells you where you want to go and offers some clues as to how to get there. The formal strategy exercise is a formal documentation of the target state, but also captures in detail the steps you’ll need to take, the processes you’ll need to refine, and the people you’ll need to hire.

    A cloud strategy should comprise your organizational stance on how the cloud will change your approach to people and human resources, technology, and governance. Once you are confident that you can make and enforce decisions in these areas, you should consider moving on to Document Your Cloud Strategy. This blueprint, Define Your Cloud Vision, often serves as a prerequisite for the strategy documentation conversation(s).

    Appendix

    Summary of Accomplishment

    Additional Support

    Research Contributors

    Related Info-Tech Research

    Vendor Resources

    Bibliography

    Summary of Accomplishment

    Problem Solved

    You have now documented what you want from the cloud, what you mean when you say “cloud,” and some preliminary steps you can take to make your vision a reality.

    You now have at your disposal a framework for identifying and evaluating candidates for their cloud suitability, as well as a series of techniques for generating risks and mitigations associated with your cloud journey. The next step is to formalize your cloud strategy using the takeaways from this exercise. You’re well on your way to a completed cloud strategy!

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com

    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Generate drivers for cloud adoption

    Work with stakeholders to understand the expected benefits of the cloud migration and how these drivers will impact the overall vision.

    Conduct workload assessments

    Assess your individual cloud workloads for their suitability as candidates for the cloud migration.

    Bibliography

    “2021 State of the Cloud Report.” Flexera, 2021. Web.

    “2021 State of Upskilling Report.” Pluralsight, 2021. Web.

    “AWS Snowmobile.” Amazon Web Services, n.d. Web.

    “Azure products.” Microsoft, n.d. Web.

    “Azure Migrate Documentation.” Microsoft, n.d. Web.

    Bell, Harold. “Multi-Cloud vs. Hybrid Cloud: What’s the Difference?” Nutanix, 2019. Web.

    “Cloud Products.” Amazon Web Services, n.d. Web.

    “COBIT 2019 Framework: Introduction and Methodology.” ISACA, 2019. Web.

    Edmead, Mark T. “Using COBIT 2019 to Plan and Execute an Organization’s Transformation Strategy.” ISACA, 2020. Web.

    Flitter, Emily, and Karen Weise. “Capital One Data Breach Compromises Data of Over 100 Million.” The New York Times, 29 July 2019. Web.

    Gillis, Alexander S. “Cloud Security Posture Management (CSPM).” TechTarget, 2021. Web.

    “’How to Cloud’ with Capital One.” Amazon Web Services, n.d. Web.

    “IBM Closes Landmark Acquisition of Red Hat for $34 Billion; Defines Open, Hybrid Cloud Future.” Red Hat, 9 July 2019. Web.

    Mell, Peter, and Timothy Grance. “The NIST Definition of Cloud Computing.” National Institute of Standards and Technology, Sept. 2011. Web.

    Ng, Alfred. “Amazon Tells Senators it Isn't to Blame for Capital One Breach.” CNET, 2019. Web.

    Orban, Stephen. “6 Strategies for Migrating Applications to the Cloud.” Amazon Web Services, 2016. Web.

    Sullivan, Dan. “Cloud Access Security Broker (CASB).” TechTarget, 2021. Web.

    “What Is Secure Access Service Edge (SASE)?” Cisco, n.d. Web.

    Exploit Disruptive Infrastructure Technology

    • Buy Link or Shortcode: {j2store}298|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Disruptive & Emerging Technologies
    • Parent Category Link: /disruptive-emerging-technologies
    • New technology can hit like a meteor. Not only disruptive to IT, technology provides opportunities for organization-wide advantage.
    • Your role is endangered. If you don’t prepare for the most disruptive technologies, you could be overshadowed. Don’t let the Chief Marketing Officer (CMO) set the technological innovation agenda
    • Predicting the future isn’t easy. Most IT leaders fail to realize how quickly technology increases in capability. Even for the tech savvy, predicting which specific technologies will become disruptive is difficult.
    • Communication is difficult when the sky is falling. Even forward-looking IT leaders struggle with convincing others to devote time and resources to monitoring technologies with a formal process.

    Our Advice

    Critical Insight

    • Establish the core working group, select a leader, and select a group of visionaries to help brainstorm emerging technologies.
    • Brainstorm about creating a better future, begin brainstorming an initial longlist.
    • Train the group to think like futurists.
    • Evaluate the shortlist.
    • Define your PoC list and schedule.
    • Finalize, present the plan to stakeholders and repeat.

    Impact and Result

    • Create a disruptive technology working group.
    • Produce a longlist of disruptive technologies.
    • Evaluate the longlist to produce a shortlist of disruptive technologies.
    • Develop a plan for a proof-of-concept project for each shortlisted technology.

    Exploit Disruptive Infrastructure Technology Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Exploit Disruptive Infrastructure Technology – A guide to help IT leaders make the most of disruptive impacts.

    As a CIO, there is a need to move beyond day-to-day technology management with an ever-increasing need to forecast technology impacts. Not just from a technical perspective but to map out the technical understandings aligned to potential business impacts and improvements. Technology transformation and innovation is moving more quickly than ever before and as an innovation champion, the CIO or CTO should have foresight in specific technologies with the understanding of how the company could be disrupted in the near future.

    • Exploit Disruptive Infrastructure Technology – Phases 1-3

    2. Disruptive Technology Exploitation Plan Template – A guide to develop the plan for exploiting disruptive technology.

    The Disruptive Technology Exploitation Plan Template acts as an implementation plan for developing a long-term strategy for monitoring and implementing disruptive technologies.

    • Disruptive Technology Exploitation Plan Template

    3. Disruptive Technology Look to the Past Tool – A tool to keep track of the missed technology disruption from previous opportunities.

    The Disruptive Technology Look to the Past Tool will assist you to collect reasonability test notes when evaluating potential disruptive technologies.

    • Disruptive Technology Look to the Past Tool

    4. Disruptive Technology Research Database Tool – A tool to keep track of the research conducted by members of the working group.

    The Disruptive Technology Research Database Tool will help you to keep track of the independent research that is conducted by members of the disruptive technology exploitation working group.

    • Disruptive Technology Research Database Tool

    5. Disruptive Technology Shortlisting Tool

    The Disruptive Technology Shortlisting Tool will help you to codify the results of the disruptive technology working group's longlist winnowing process.

    • Disruptive Technology Shortlisting Tool

    6. Disruptive Technology Value-Readiness and SWOT Analysis Tool – A tool to systematize notional evaluations of the value and readiness of potential disruptive technologies.

    The Disruptive Technology Value Readiness & SWOT Analysis Tool will assist you to systematize notional evaluations of the value and readiness of potential disruptive technologies.

    • Disruptive Technology Value-Readiness and SWOT Analysis Tool

    7. Proof of Concept Template – A handbook to serve as a reference when deciding how to proceed with your proposed solution.

    The Proof of Concept Template will guide you through the creation of a minimum-viable proof-of-concept project.

    • Proof of Concept Template

    8. Disruptive Technology Executive Presentation Template – A template to help you create a brief progress report presentation summarizing your project and program progress.

    The Disruptive Technology Executive Presentation Template will assist you to present an overview of the disruptive technology process, outlining the value to your company.

    • Disruptive Technology Executive Presentation Template

    Infographic

    Workshop: Exploit Disruptive Infrastructure Technology

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Pre-work: Establish the Disruptive Tech Process

    The Purpose

    Discuss the general overview of the disruptive technology exploitation process.

    Develop an initial disruptive technology exploitation plan.

    Key Benefits Achieved

    Stakeholders are on board, the project’s goals are outlined, and the working group is selected.

    Activities

    1.1 Get execs and stakeholders on board.

    1.2 Review the process of analyzing disruptive tech.

    1.3 Select members for the working group.

    1.4 Choose a schedule and time commitment.

    1.5 Select a group of visionaries.

    Outputs

    Initialized disruptive tech exploitation plan

    Meeting agenda, schedule, and participants

    2 Hold the Initial Meeting

    The Purpose

    Understand how disruption will affect the organization, and develop an initial list of technologies to explore.

    Key Benefits Achieved

    Knowledge of how to think like a futurist.

    Understanding of organizational processes vulnerable to disruption.

    Outline of potentially disruptive technologies.

    Activities

    2.1 Start the meeting with introductions.

    2.2 Train the group to think like futurists.

    2.3 Brainstorm about disruptive processes.

    2.4 Brainstorm a longlist.

    2.5 Research and brainstorm separate longlists.

    Outputs

    List of disruptive organizational processes

    Initial longlist of disruptive tech

    3 Create a Longlist and Assess Shortlist

    The Purpose

    Evaluate the specific value of longlisted technologies to the organization.

    Key Benefits Achieved

    Defined list of the disruptive technologies worth escalating to the proof of concept stage.

    Activities

    3.1 Converge the longlists developed by the team.

    3.2 Narrow the longlist to a shortlist.

    3.3 Assess readiness and value.

    3.4 Perform a SWOT analysis.

    Outputs

    Finalized longlist of disruptive tech

    Shortlist of disruptive tech

    Value-readiness analysis

    SWOT analysis

    Candidate(s) for proof of concept charter

    4 Create an Action Plan

    The Purpose

    Understand how the technologies in question will impact the organization.

    Key Benefits Achieved

    Understanding of the specific effects of the new technology on the business processes it is intended to disrupt.

    Business case for the proof-of-concept project.

    Activities

    4.1 Build a problem canvas.

    4.2 Identify affected business units.

    4.3 Outline and map the business processes likely to be disrupted.

    4.4 Map disrupted business processes.

    4.5 Recognize how the new technology will impact business processes.

    4.6 Make the case.

    Outputs

    Problem canvas

    Map of business processes: current state

    Map of disrupted business processes

    Business case for each technology

    Further reading

    Analyst Perspective

    The key is in anticipation.

    “We all encounter unexpected changes and our responses are often determined by how we perceive and understand those changes. We react according to the unexpected occurrence. Business organizations are no different.

    When a company faces a major technology disruption in its markets – one that could fundamentally change the business or impact its processes and technology – the way its management perceive and understand the disruption influences how they describe and plan for it. In other words, the way management sets the context of a disruption – the way they frame it – shapes the strategy they adopt. Technology leaders can vastly influence business strategy by adopting a proactive approach to understanding disruptive and innovative technologies by simply adopting a process to review and evaluate technology impacts to the company’s lines of business.”

    This is a picture of Troy Cheeseman

    Troy Cheeseman
    Practice Lead, Infrastructure & Operations Research
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • New technology can hit like a meteor. Not only disruptive to IT, technology provides opportunities for organization-wide advantage.
    • Your role is endangered. If you don’t prepare for the most disruptive technologies, you could be overshadowed. Don’t let the chief marketing officer (CMO) set the technological innovation agenda.

    Common Obstacles

    • Predicting the future isn’t easy. Most IT leaders fail to realize how quickly technology increases in capability. Even for the tech savvy, predicting which specific technologies will become disruptive is difficult.
    • Communication is difficult when the sky is falling. Even forward-looking IT leaders struggle with convincing others to devote time and resources to monitoring technologies with a formal process.

    Info-Tech’s Approach

    • Identify, resolve, and evaluate. Use an annual process as described in this blueprint: a formal evaluation of new technology that turns analysis into action.
    • Lead the analysis from IT. Establish a team to carry out the annual process as a cure for the causes of “airline magazine syndrome” and to prevent it from happening in the future.
    • Train your team on the patterns of progress, track technology over time in a central database, and read Info-Tech’s analysis of upcoming technology.
    • Create your KPIs. Establish your success indicators to create measurable value when presenting to your executive.
    • Produce a comprehensive proof-of-concept plan that will allow your company to minimize risk and maximize reward when engaging with new technology.

    Info-Tech Insight

    Proactively monitoring, evaluating, and exploiting disruptive tech isn’t optional.
    This will protect your role, IT’s role, and the future of the organization.

    A diverse working group maximizes the insight brought to bear.
    An IT background is not a prerequisite.

    The best technology is only the best when it brings immediate value.
    Good technology might not be ready; ready technology might not be good.

    Review

    We help IT leaders make the most of disruptive impacts.

    This research is designed for:

    Target Audience: CIO, CTO, Head of Infrastructure

    This research will help you:

    • Develop a process for anticipating, analyzing, and exploiting disruptive technology.
    • Communicate the business case for investing in disruptive technology.
    • Categorize emerging technologies to decide what to do with them.
    • Develop a plan for taking action to exploit the technology that will most affect your organization.

    Problem statement:

    As a CIO, there is a need to move beyond day-to-day technology management with an ever-increasing need to forecast technology impacts. Not just from a technical perspective but to map out the technical understandings aligned to potential business impacts and improvements. Technology transformation and innovation is moving more quickly than ever before and as an innovation champion, the CIO or CTO should have foresight in specific technologies with the understanding of how the company could be disrupted in the near future. Foresight + Current Technology + Business Understanding = Understanding the Business Disruption. This should be a repeatable process, not an exception or reactionary response.

    Insight Summary

    Establish the core working group, select a leader, and select a group of visionaries to help brainstorm emerging technologies.

    The right team matters. A core working group will keep focus through the process and a leader will keep everyone accountable. Visionaries are out-of-the-box thinkers and once they understand how to think like a "futurists," they will drive the longlist and shortlist actions.

    Train the group to think like futurists

    To keep up with exponential technology growth you need to take a multi-threaded approach.

    Brainstorm about creating a better future; begin brainstorming an initial longlist

    Establish the longlist. The longlist helps create a holistic view of most technologies that could impact the business. Assigning values and quadrant scoring will shortlist the options and focus your PoC option.

    Converge everyone’s longlists

    Long to short...that's the short of it. Using SWOT, value readiness, and quadrant mapping review sessions will focus the longlist, creating a shortlist of potential POC candidates to review and consider.

    Evaluate the shortlist

    There is no such thing as a risk-free endeavor. Use a systematic process to ensure that the risks your organization takes have the potential to produce significant rewards.

    Define your PoC list and schedule

    Don’t be afraid to fail! Inevitably, some proof-of-concept projects will not benefit the organization. The projects that are successful will more than cover the costs of the failed projects. Roll out small scale and minimize losses.

    Finalize, present the plan to stakeholders, and repeat!

    Don't forget the C-suite. Effectively communicate and present the working group’s finding with a well-defined and succinct presentation. Start the process again!

    This is a screenshot of the Thought map for Exploit disruptive infrastructure Technology.
    1. Identify
      • Establish the core working group and select a leader; select a group of visionaries
      • Train the group to think like futurists
      • Hold your initial meeting
    2. Resolve
    • Create and winnow a longlist
    • Assess and create the shortlist
  • Evaluate
    • Create process maps
    • Develop proof of concept charter
  • The Key Is in Anticipation!

    Use Info-Tech’s approach for analyzing disruptive technology in your own disruptive tech working group

    Phase 1: Identify Phase 2: Resolve Phase 3: Evaluate

    Phase Steps

    1. Establish the disruptive technology working group
    2. Think like a futurist (Training)
    3. Hold initial meeting or create an agenda for the meeting
    1. Create and winnow a longlist
    2. Assess shortlist
    1. Create process maps
    2. Develop proof of concept charter

    Phase Outcomes

    • Establish a team of subject matter experts that will evaluate new, emerging, and potentially disruptive technologies.
    • Establish a process for including visionaries from outside of the working group who will provide insight and direction.
    • Introduce the core working group members.
    • Gain a better understanding of how technology advances.
    • Brainstorm a list of organizational processes.
    • Brainstorm an initial longlist.
    • Finalized longlist
    • Finalized shortlist
    • Initial analysis of each technology on the shortlist
    • Finalized shortlist
    • Initial analysis of each technology on the shortlist
    • Business process maps before and after disruption
    • Proof of concept charter
    • Key performance indicators
    • Estimation of required resources
    • Executive presentation

    Four key challenges make it essential for you to become a champion for exploiting disruptive technology

    1. New technology can hit like a meteor. It doesn’t only disrupt IT; technology provides opportunities for organization-wide advantage.
    2. Your role is endangered. If you don’t prepare for the most disruptive technologies, you could be overshadowed. Don’t let the CMO rule technological innovation.
    3. Predicting the future isn’t easy. Most IT leaders fail to realize how quickly technology increases in capability. Even for the tech savvy, predicting which specific technologies will become disruptive is difficult.
    4. Communication is difficult when the sky is falling. Even forward-looking IT leaders struggle with convincing others to devote time and resources to monitoring emerging technologies with a formal process.

    “Look, you have never had this amount of opportunity for innovation. Don’t forget to capitalize on it. If you do not capitalize on it, you will go the way of the dinosaur.”
    – Dave Evans, Co-Founder and CTO, Stringify

    Technology can hit like a meteor

    “ By 2025:

    • 38.6 billion smart devices will be collecting, analyzing, and sharing data.
    • The web hosting services market is to reach $77.8 billion in 2025.
    • 70% of all tech spending is expected to go for cloud solutions.
    • There are 1.35 million tech startups.
    • Global AI market is expected to reach $89.8 billion.”

    – Nick Gabov

    IT Disruption

    Technology disrupts IT by:

    • Affecting the infrastructure and applications that IT needs to use internally.
    • Affecting the technology of end users that IT needs to support and deploy, especially for technologies with a consumer focus.
    • Allowing IT to run more efficiently and to increase the efficiency of other business units.
    • Example: The rise of the smartphone required many organizations to rethink endpoint devices.

    Business Disruption

    Technology disrupts the business by:

    • Affecting the viability of the business.
    • Affecting the business’ standing in relation to competitors that better deal with disruptive technology.
    • Affecting efficiency and business strategy. IT should have a role in technology-related business decisions.
    • Example: BlackBerry failed to anticipate the rise of the apps ecosystem. The company struggled as it was unable to react with competitive products.

    Senior IT leaders are expected to predict disruptions to IT and the business, while tending to today’s needs

    You are expected to be both a firefighter and a forecaster

    • Anticipating upcoming disruptions is part of your job, and you will be blamed if you fail to anticipate future business disruptions because you are focusing on the present.
    • However, keeping IT running smoothly is also part of your job, and you will be blamed if today’s IT environment breaks down because you are focusing on the future.

    You’re caught between the present and the future

    • You don’t have a process that anticipates future disruptions but runs alongside and integrates with operations in the present.
    • You can’t do it alone. Tending to both the present and the future will require a team that can help you keep the process running.

    Info-Tech Insight

    Be prepared when disruptions start coming down, even though it isn’t easy. Use this research to reduce the effort to a simple process that can be performed alongside everyday firefighting.

    Make disruptive tech analysis and exploitation part of your innovation agenda

    A scatter plot graph is depicted, plotting IT Innovative Leadership (X axis), and Satisfaction with IT(Y axis). IT innovative leadership explains 75% of variation in satisfaction with IT

    Organizations without high satisfaction with IT innovation leadership are only 20% likely to be highly satisfied with IT

    “You rarely see a real-world correlation of .86!”
    – Mike Battista, Staff Scientist, Cambridge Brain Sciences, PhD in Measurement

    There is a clear relationship between satisfaction with IT and the IT department’s innovation leadership.

    Prevent “airline magazine syndrome” by proactively analyzing disruptive technologies

    “The last thing the CIO needs is an executive saying ‘I don’t what it is or what it does…but I want two of them!”
    – Tim Lalonde

    Airline magazine syndrome happens to IT leaders caught between the business and IT. It usually occurs in this manner:

    1. While on a flight, a senior executive reads about an emerging technology that has exciting implications for the business in an airline magazine.
    2. The executive returns and approaches IT, demanding that action be taken to address the disruptive technology – and that it should have been (ideally) completed already.

    Without a Disruptive Technology Exploitation Plan:

    “I don’t know”

    With a Disruptive Technology Exploitation Plan:

    “Here in IT, we have already considered that technology and decided it was overhyped. Let me show you our analysis and invite you to join our working group.”

    OR

    “We have already considered that technology and have started testing it. Let me show you our testing lab and invite you to join our working group.”

    Info-Tech Insight

    Airline magazine syndrome is a symptom of a wider problem: poor CEO-CIO alignment. Solve this problem with improved communication and documentation. Info-Tech’s disruptive tech iterative process will make airline magazine syndrome a thing of the past!

    IT leaders who do not keep up with disruptive technology will find their roles diminished

    “Today’s CIO dominion is in a decaying orbit with CIOs in existential threat mode.”
    – Ken Magee

    Protect your role within IT

    • IT is threatened by disruptive technology:
      • Trends like cloud services, increased automation, and consumerization reduce the need for IT to be involved in every aspect of deploying and using technology.
      • In the long term, machines will replace even intellectually demanding IT jobs, such as infrastructure admin and high-level planning.
    • Protect your role in IT by:
      • Anticipating new technology that will disrupt the IT department and your place within it.
      • Defining new IT roles and responsibilities that accurately reflect the reality of technology today.
      • Having a process for the above that does not diminish your ability to keep up with everyday operations that remain a priority today.

    Protect your role against other departments

    • Your role in the business is threatened by disruptive technology:
      • The trends that make IT less involved with technology allow other executives – such as the CMO – to make IT investments.
      • As the CMO gains the power and data necessary to embrace new trends, the CIO and IT managers have less pull.
    • Protect your role in the business by:
      • Being the individual to consult about new technology. It isn’t just a power play; IT leaders should be the ones who know technology thoroughly.
      • Becoming an indispensable part of the entire business’ innovation strategy through proposing and executing a process for exploiting disruptive technology.

    IT leaders who do keep up have an opportunity to solidify their roles as experts and aggregators

    “The IT department plays a critical role in [innovation]. What they can do is identify a technology that potentially might introduce improvements to the organization, whether it be through efficiency, or through additional services to constituents.”
    – Michael Maguire, Management Consultant

    The contemporary CIO is a conductor, ensuring that IT works in harmony with the rest of the business.

    The new CIO is a conductor, not a musician. The CIO is taking on the role of a business engineer, working with other executives to enable business innovation.

    The new CIO is an expert and an aggregator. Conductor CIOs increasingly need to keep up on the latest technologies. They will rely on experts in each area and provide strategic synthesis to decide if, and how, developments are relevant in order to tune their IT infrastructure.

    The pace of technological advances makes progress difficult to predict

    “An analysis of the history of technology shows that technological change is exponential, contrary to the common-sense ‘intuitive linear’ view. So we won’t experience 100 years of progress in the 21st century – it will be more like 20,000 years of progress (at today’s rate).”
    – Ray Kurzweil

    Technology advances exponentially. Rather than improving by the same amount of capability each year, it multiplies in capability each year.

    Think like a futurist to anticipate technology before it goes mainstream.

    Exponential growth happens much faster than linear growth, especially when it hits the knee of the curve. Even those who acknowledge exponential growth underestimate how capabilities can improve.

    To predict new advances, turn innovation into a process

    “We spend 70 percent of our time on core search and ads. We spend 20 percent on adjacent businesses, ones related to the core businesses in some interesting way. Examples of that would be Google News, Google Earth, and Google Local. And then 10 percent of our time should be on things that are truly new.”
    – Eric Schmidt, Google

    • Don’t get caught in the trap of refining your core processes to the exclusion of innovation. You should always be looking for new processes to improve, new technology to pilot, and where possible, new businesses to get into.
    • Devote about 10% of your time and resources to exploring new technology: the potential rewards are huge.

    You and your team need to analyze technology every year to predict where it’s going.

    A bar graph is shown which depicts the proportion of technology use from 2018-2022. the included devices are: Tablets; PCs; TVs; Non-smartphones; Smartphones; M2M
    • Foundational technologies, such as computing power, storage, and networks, are improving exponentially.
    • Disruptive technologies are specific manifestations of foundational advancements. Advancements of greater magnitude give rise to more manifestations; therefore, there will be more disruptive technologies every year.
    • There is a lot of noise to cut through. Remember Google Glasses? As technology becomes ubiquitous and consumerization reigns, everybody is a technology expert. How do you decide which technologies to focus on?

    Protect IT and the business from disruption by implementing a simple, repeatable disruptive technology exploitation process

    “One of the most consistent patterns in business is the failure of leading companies to stay at the top of their industries when technologies or markets change […] Managers must beware of ignoring new technologies that can’t initially meet the needs of their mainstream customers.”
    – Joseph L. Bower and Clayton M. Christensen

    Challenge

    Solution

    New technology can hit like a meteor, but it doesn’t have to leave a crater:

    Use the annual process described in this blueprint to create a formal evaluation of new technology that turns analysis into action.

    Predicting the future isn’t easy, but it can be done:

    Lead the analysis from the office of the CIO. Establish a team to carry out the annual process as a cure for airline magazine syndrome.

    Your role is endangered, but you can survive:

    Train your team on the patterns of progress, track technology over time in a central database, and read Info-Tech’s analysis of upcoming technology.

    Communication is difficult when the sky is falling, so have a simple way to get the message across:

    Track metrics that communicate your progress, and summarize the results in a single, easy-to-read exploitation plan.

    Info-Tech Insight

    Use Info-Tech’s tools and templates, along with this storyboard, to walk you through creating and executing an exploitation process in six steps.

    Create measurable value by using Info-Tech’s process for evaluating the disruptive potential of technology

    This image contains a bar graph with the following Title: Which are the primary benefits you've either realized or expect to realize by deploying hyperconverged infrastructure in the near term.

    No business process is perfect.

    • Use Info-Tech’s Proof of Concept Template to create a disruptive technology proof of concept implementation plan.
    • Harness your company’s internal wisdom to systematically vet new technology. Engage only in calculated risk and maximize potential benefit.

    Info-Tech Insight

    Inevitably, some proof of concept projects will not benefit the organization. The projects that are successful will more than cover the costs of the failed projects. Roll out small scale and minimize losses.

    Establish your key performance indicators (KPIs)

    Key performance indicators allow for rigorous analysis, which generates insight into utilization by platform and consumption by business activity.

    • Brainstorm metrics that indicate when process improvement is actually taking place.
    • Have members of the group pitch KPIs; the facilitator should record each suggestion on a whiteboard.
    • Make sure to have everyone justify the inclusion of each metric: how does it relate to the improvement that the proof of concept project is intended to drive? How does it relate to the overall goals of the business?
    • Include a list of KPIs, along with a description and a target (ensuring that it aligns with SMART metrics).
    Key Performance Indicator Description Target Result

    Number of Longlist technologies

    Establish a range of Longlist technologies to evaluate 10-15
    Number of Shortlist technologies Establish a range of Shortlist technologies to evaluate 5-10
    number of "look to the past" likes/dislikes Minimum number of testing characteristics 6
    Number of POCs Total number of POCs Approved 3-5

    Communicate your plan with the Disruptive Technology Exploitation Plan Template

    Use the Disruptive Technology Exploitation Plan Template to summarize everything that the group does. Update the report continuously and use it to show others what is happening in the world of disruptive technology.

    Section Title Description
    1 Rationale and Summary of Exploitation Plan A summary of the current efforts that exist for exploring disruptive technology. A summary of the process for exploiting disruptive technology, the resources required, the team members, meeting schedules, and executive approval.
    2 Longlist of Potentially Disruptive Technologies A summary of the longlist of identified disruptive technologies that could affect the organization, shortened to six or less that have the largest potential impact based on Info-Tech’s Disruptive Technology Shortlisting Tool.
    3 Analysis of Shortlist Individually analyze each technology placed on the shortlist using Info-Tech’s Disruptive Technology Value-Readiness and SWOT Analysis Tool.
    4 Proof of Concept Plan Use the results from Section 3 to establish a plan for moving forward with the technologies on the shortlist. Determine the tasks required to implement the technologies and decide who will complete them and when.
    5 Hand-off Pass the project along to identified stakeholders with significant interest in its success. Continue to track metrics and prepare to repeat the disruptive technology exploitation process annually.

    Whether you need a process for exploiting disruptive technology, or an analysis of current trends, Info-Tech can help

    Two sets of research make up Info-Tech’s disruptive technology coverage:

    This image contains four screenshots from each of the following Info-Tech Blueprints: Exploit disruptive Infrastructure Technology; Infrastructure & operations priorities 2022

    This storyboard, and the associated tools and templates, will walk you through creating a disruptive technology working group of your own.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverable:

    Disruptive Technology Exploitation Plan Template

    The Disruptive Technology Exploitation Plan Template acts as an implementation plan for developing a long-term strategy for monitoring and implementing disruptive technologies.

    Proof of Concept Template

    The Proof of Concept Template will guide you through the creation of a minimum-viable proof-of-concept project.

    Executive Presentation

    The Disruptive Technology Executive Presentation Template will assist you to present an overview of the disruptive technology process, outlining the value to your company.

    Disruptive Technology Value Readiness & SWOT Analysis Tool

    The Disruptive Technology Value Readiness & SWOT Analysis Tool will assist you to systematize notional evaluations of the value and readiness of potential disruptive technologies.

    Disruptive Technology Research Database Tool

    The Disruptive Technology Research Database Tool will help you to keep track of the independent research that is conducted by members of the disruptive technology exploitation working group.

    Disruptive Technology Shortlisting Tool

    The Disruptive Technology Shortlisting Tool will help you to codify the results of the disruptive technology working group's longlist winnowing process.

    Disruptive Technology Look to the Past Tool

    The Disruptive Technology Look to the Past Tool will assist you to collect reasonability test notes when evaluating potential disruptive technologies.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3

    Call #1: Explore the need for a disruptive technology working group.

    Call #3: Review the agenda for the initial meeting.

    Call #5: Review how you’re brainstorming and your sources of information.

    Call #7: Review the final shortlist and assessment.

    Call #9: Review the progress of your team.

    Call #2: Review the team name, participants, and timeline.

    Call #4: Assess the results of the initial meeting.

    Call #6: Review the final longlist and begin narrowing it down.

    Call #8: Review the next steps.

    Call #10: Review the communication plan.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 8 to 12 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Pre-Work Day 1 Day 2 Day 3 Day 4
    Establish the Disruptive Tech Process Hold Your Initial Meeting Create a Longlist and Assess Shortlist Create Process Maps Develop a Proof of Concept Charter

    Activities

    1.1.a Get executives and stakeholders on board.

    1.1.b Review the process of analyzing disruptive tech.

    1.1.c Select members for the working group.

    1.1.d Choose a schedule and time commitment.

    1.1.e Select a group of visionaries.

    1.2.a Start the meeting with introductions.

    1.2.b Train the group to think like futurists.

    1.2.c Brainstorm about disruptable processes.

    1.2.d Brainstorm a longlist.

    1.2.e Research and brainstorm separate longlists.

    2.1.a Converge the longlists developed by the team.

    2.2.b Narrow the longlist to a shortlist.

    2.2.c Assess readiness and value.

    2.2.d Perform a SWOT analysis.

    3.1.a Build a problem canvas.

    3.1.b Identify affected business units.

    3.1.c Outline and map the business processes likely to be disrupted.

    3.1.d Map disrupted business processes.

    3.1.e Recognize how the new technology will impact business processes.

    3.1.f Make the case.

    3.2.a Develop key performance indicators (KPIs).

    3.2.b Identify key success factors.

    3.2.c Outline project scope.

    3.2.d Identify responsible team.

    3.2.e Complete resource estimation.

    Deliverables

    1. Initialized Disruptive Tech Exploitation Plan
    1. List of Disruptable Organizational Processes
    2. Initial Longlist of Disruptive Tech
    1. Finalized Longlist of Disruptive Tech
    2. Shortlist of Disruptive Tech
    3. Value-Readiness Analysis
    4. SWOT Analysis
    5. Candidate(s) for Proof of Concept Charter
    1. Problem Canvas
    2. Map of Business Processes: Current State
    3. Map of Disrupted Business Processes
    4. Business Case for Each Technology
    1. Completed Proof of Concept Charter

    Exploit Disruptive Infrastructure Technology

    Disrupt or be disrupted.

    Identify

    Create your working group.

    PHASE 1

    Use Info-Tech’s approach for analyzing disruptive technology in your own disruptive tech working group

    1. Identify
      1. Establish the core working group and select a leader; select a group of visionaries
      2. Train the group to think like futurists
      3. Hold your initial meeting
    2. Resolve
      1. Create and winnow a longlist
      2. Assess and create the shortlist
    3. Evaluate
      1. Create process maps
      2. Develop proof of concept charter

    The Key Is in Anticipation!

    Phase 1: Identify

    Create your working group.

    Activities:

    Step 1.1: Establish the core working group and select a leader; select a group of visionaries
    Step 1.2: Train the group to think like futurists
    Step 1.3: Hold the initial meeting

    This step involves the following participants:

    IT Infrastructure Manager

    CIO or CTO

    Potential members and visionaries of the working group

    Outcomes of this step:

    • Establish a team of subject matter experts that will evaluate new, emerging, and potentially disruptive technologies.
    • Establish a process for including visionaries from outside of the working group who will provide insight and direction.
    • Introduce the core working group members.
    • Gain a better understanding of how technology advances.
    • Brainstorm a list of organizational processes.
    • Brainstorm an initial longlist.

    Step 1.1

    Establish the core working group and select a leader; select a group of visionaries.

    Activities:

    • Articulate the long- and short-term benefits and costs to the entire organization
    • Gain support by articulating the long- and short-term benefits and costs to the IT department
    • Gain commitment from key stakeholders and executives
    • Help stakeholders understand what goes into formally exploiting disruptive tech by reviewing this process
    • Establish the core working group and select a leader
    • Create a schedule with a time commitment appropriate to your organization’s size; it doesn’t need to take long
    • Select a group of visionaries external to IT to help the working group brainstorm disruptive technologies

    This step involves the following participants:

    • IT Infrastructure Manager
    • CIO or CTO
    • Potential members and visionaries of the working group

    Outcomes of this step

    • Establish a team of subject matter experts that will evaluate new, emerging, and potentially disruptive technologies.
    • Establish a process for including visionaries from outside of the working group that will provide insight and direction.

    1.1.A Articulate the long- and short-term benefits and costs to the entire organization

    A cost/benefit analysis will give stakeholders a picture of how disruptive technology could affect the business. Use the chart as a starting point and customize it based on your organization.

    Disruptive Technology Affects the Organization

    Benefits Costs

    Short Term

    • First-mover advantage from implementing new technology in the business before competitors – and before start-ups.
    • Better brand image as an organization focused on innovation.
    • Increased overall employee satisfaction by implementing new technology that increases employee capabilities or lowers effort.
    • Possibility of increased IT budget for integrating new technology.
    • Potential for employees to reject wide-scale use of unfamiliar technology.
    • Potential for technology to fail in the organization if it is not sufficiently tested.
    • Executive time required for making decisions about technology recommended by the team.

    Long Term

    • Increased internal business efficiencies from the integration of new technology (e.g. energy efficiency, fewer employees needed due to automation).
    • Better services or products for customers, resulting in increased long-term revenue.
    • Lowered costs of services or products and potential to grow market share.
    • Continued relevance of established organizations in a world changed by disruptive technologies.
    • Technology may not reach the capabilities initially expected, requiring waiting for increased value or readiness.
    • Potential for customers to reject new products resulting from technology.
    • Lack of focus on current core capabilities if technology is massively disruptive.

    1.1.B Gain support by articulating the long- and short-term benefits and costs to the IT department

    A cost/benefit analysis will give stakeholders a picture of how disruptive technology could affect the business. Use the chart as a starting point and customize it based on your organization.

    Disruptive Technology Affects IT

    BenefitsCosts

    Short Term

    • Perception of IT as a core component of business practices.
    • Increase IT’s capabilities to better serve employees (e.g. faster network speeds, better uptime, and storage and compute capacity that meet demands).
    • Cost for acquiring or implementing new technology and updating infrastructure to integrate with it.
    • Cost for training IT staff and end users on new IT technology and processes.
    • Minor costs for initial setup of disruptive technology exploitation process and time taken by members.

    Long Term

    • More efficient and powerful IT infrastructure that capitalizes on emerging trends at the right time.
    • Lower help desk load due to self-service and automation technology.
    • Increased satisfaction with IT due to implementation of improved enterprise technology and visible IT influence on improvements.
    • Increased end-user satisfaction with IT due to understanding and support of consumer technology that affects their lives.
    • New technology may result in lower need for specific IT roles. Cultural disruptions due to changing role of IT.
    • Perception of failure if technology is tested and never implemented.
    • Expectation that IT will continue to implement the newest technology available, even when it has been dismissed as not having value.

    1.1.C Gain commitment from key stakeholders and executives

    Gaining approval from executives and key stakeholders is the final obstacle. Ensure that you cover the following items to have the best chance for project approval.

    • Use a sample deck similar to this section for gaining buy-in, ensuring that you add/remove information to make it specific to your organization. Cover this section, including:
      • Who: Who will lead the team and who will be on it (working group)?
      • What: What resources will be required by the team (costs)?
      • Where/When: How often and where will the team meet (meeting schedule)?
      • Why: Why is there a need to exploit disruptive technology (benefits and examples)?
      • How: How is the team going to exploit disruptive technology (the process)?
    • Go through this blueprint prior to presenting the plan to stakeholders so that you have a strong understanding of the details behind each process and tool.
    • Frame the first iteration of the cycle as a pilot program. Use the completed results of the pilot to establish exploiting disruptive technology as a necessary company initiative.

    Insert the resources required by the disruptive tech exploitation team into Section 1.5 of the Disruptive Technology Exploitation Plan Template. Have executives sign-off on the project in Section 1.6.

    Disruption has undermined some of the most successful tech companies

    “The IT department plays a critical role in [innovation]. What they can do is identify a technology that potentially might introduce improvements to the organization, whether it be through efficiency or through additional services to constituents.”
    - Michael Maguire, Management Consultant

    VoIP’s transformative effects

    Disruptive technology:
    Voice over Internet Protocol (VoIP) is a modern means of making phone calls through the internet by sending voice packets using data, as opposed to the traditional circuit transmissions of the PSTN.

    Who won:
    Organizations that realized the cost savings that VoIP provided for businesses with a steady internet connection saved as much as 60% on telephony expenses. Even in the early stages, with a few more limitations, organizations were able to save a significant amount of money and the technology has continued to improve.

    Who lost?
    Telecom-related companies that failed to realize VoIP was a potential threat to their market, and organizations that lacked the ability to explore and implement the disruptive technology early.

    Digital photography — the new norm

    Disruptive technology:
    Digital photography refers to the storing of photographs in a digital format, as opposed to traditional photography, which exposes light to sensitive photographic film.

    Who won:
    Photography companies and new players that exploited the evolution of data storage and applied it to photography succeeded. Those that were able to balance providing traditional photography and exploiting and introducing digital photography, such as Nikon, left competitors behind. Smartphone manufacturers also benefited by integrating digital cameras.

    Who lost?
    Photography companies, such as Kodak, that failed to respond to the digital revolution found themselves outcompeted and insolvent.

    1.1.D Help stakeholders understand what goes into formally exploiting disruptive tech by reviewing this process

    There are five steps to formally exploiting disruptive technology, each with its own individual outputs and tools to take analysis to the next level.

    Step 1.2:
    Hold Initial Meeting

    Output:

    • Initial list of disruptable processes;
    • Initial longlist

    Step 2.1:

    Brainstorm Longlist

    Output:

    • Finalized longlist;
    • Shortlist

    Step 2.2:

    Assess Shortlist

    Output:

    • Final shortlist;
    • SWOT analysis;
    • Tech categorization

    Step 3.1:
    Create Process Maps

    Output:

    • Completed process maps

    Step 3.2:
    Develop a proof of concept charter

    Output:

    • Proof-of-concept template with KPIs

    Info-Tech Insight

    Before going to stakeholders, complete the entire blueprint to better understand the tools and outputs of the process.

    1.1.E Establish the core working group and select a leader

    • Selecting your core membership for the working group is a critical step to the group’s success. Ensure that you satisfy the following criteria:
      • This is a team of subject matter experts. They will be overseeing the learning and piloting of disruptive technologies. Their input will also be valuable for senior executives and for implementing these technologies.
      • Choose members that can take time away from firefighting tasks to dedicate time to meetings.
      • It may be necessary to reach outside of the organization now or in the future for expertise on certain technologies. Use Info-Tech as a source of information.
    Organization Size Working Group Size
    Small 02-Jan
    Medium 05-Mar
    Large 10-May
    • Once the team is established, you must decide who will lead the group. Ensure that you satisfy the following criteria:
      • A leader should be credible, creative, and savvy in both technology and business.
      • The leader should facilitate, acting as both an expert and an aggregator of the information gathered by the team.

    Choose a compelling name

    The working group needs a name. Be sure to select one with a positive connotation within your organization.

    Section 1.3 of the Disruptive Technology Exploitation Plan Template

    1.1.F Create a schedule with a time commitment appropriate to your organization’s size; it doesn’t need to take long

    Time the disruptive technology working group’s meetings to coincide and integrate with your organization’s strategic planning — at least annually.

    Size Meeting Frequency Time per Meeting Example Meeting Activities
    Small Annually One day A one-day meeting to run through phase 2 of the project (SWOT analysis and shortlist analysis).
    Medium Two days A two-day meeting to run through the project. The additional meeting involves phase 3 of this deck, developing a proof-of-concept plan.
    Large Two+ days Two meetings, each two days. Two days to create and winnow the longlist (phase 2), and two further days to develop a proof of concept plan.

    “Regardless of size, it’s incumbent upon every organization to have some familiarity of what’s happening over the next few years, [and to try] to anticipate what some of those trends may be. […] These trends are going to accelerate IT’s importance in terms of driving business strategy.”
    – Vern Brownell, CEO, D-Wave

    Section 1.4 of the Disruptive Technology Exploitation Plan Template

    1.1.G Select a group of visionaries external to IT to help the working group brainstorm disruptive technologies

    Selecting advisors for your group is an ongoing step, and the roster can change.

    Ensure that you satisfy the following criteria:

    • Look beyond IT to select a team representing several business units.
    • Check for self-professed “geeks” and fans of science fiction that may be happy to join.
    • Membership can be a reward for good performance.

    This group does not have to meet as regularly as the core working group. Input from external advisors can occur between meetings. You can also include them on every second or third iteration of the entire process.

    However, the more input you can get into the group, the more innovative it can become.

    “It is … important to develop design fictions based on engagement with directly or indirectly implicated publics and not to be designed by experts alone.”
    – Emmanuel Tsekleves, Senior Lecturer in Design Interactions, University of Lancaster

    Section 1.3 of the Disruptive Technology Exploitation Plan Template

    The following case study illustrates the innovative potential that is created when you include a diverse group of people

    INDUSTRY - Chip Manufacturing
    SOURCE - Clayton Christensen, Intel

    To achieve insight, you need to collaborate with people from outside of your department.

    Challenge

    • Headquartered in California, through the 1990s, Intel was the largest microprocessor chip manufacturer in the world, with revenue of $25 billion in 1997.
    • All was not perfect, however. Intel faced a challenge from Cyrix, a manufacturer of low-end chips. In 18 months, Cyrix’s share of the low-margin entry-level chip manufacturing business mushroomed from 10% to 70%.

    Solution

    • Troubled by the potential for significant disruption of the microprocessor market, Intel brought in external consultants to hold workshops to educate managers about disruptive innovation.
    • Managers would break into groups and discuss ways Intel could facilitate the disruption of its competitors. In one year, Intel hosted 18 workshops, and 2,000 managers went through the process.

    Results

    • Intel launched the Celeron chip to serve the lower end of the PC market and win market share back from Cyrix (which no longer exists as an independent company) and other competitors like AMD.
    • Within one year, Intel had captured 35% of the market.

    “[The models presented in the workshops] gave us a common language and a common way to frame the problem so that we could reach a consensus around a counterintuitive course of action.” – Andy Grove, then-CEO, Intel Corporation

    Phase 1: Identify

    Create your working group.

    Activities:

    Step 1.1: Establish the core working group and select a leader; select a group of visionaries
    Step 1.2: Train the group to think like futurists
    Step 1.3: Hold the initial meeting

    This step involves the following participants:

    • IT Infrastructure Manager
    • CIO or CTO
    • Potential members and visionaries of the working group

    Outcomes of this phase:

    • Establish a team of subject matter experts that will evaluate new, emerging, and potentially disruptive technologies.
    • Establish a process for including visionaries from outside of the working group who will provide insight and direction.
    • Introduce the core working group members.
    • Gain a better understanding of how technology advances.
    • Brainstorm a list of organizational processes.
    • Brainstorm an initial longlist.

    Step 1.2

    Train the group to think like futurists

    Activities:

    1. Look to the past to predict the future:
      • Step 1: Review the technology opportunities you missed
      • Step 2: Review and record what you liked about the tech
      • Step 3: Review and record your dislikes
      • Step 4: Record and test the reasonability
    2. Crash course on futurology principles
    3. Peek into the future

    This step involves the following participants:

    • IT Infrastructure Manager
    • CIO or CTO
    • Core working group members
    • Visionaries

    Outcomes of this step

    • Team members thinking like futurists
    • Better understanding of how technology advances
    • List of past examples and characteristics

    Info-Tech Insight

    Business buy-in is essential. Manage your business partners by providing a summary of the EDIT methodology and process. Validate the process value, which will allow you create a team of IT and business representatives.

    1.2 Train the group to think like futurists

    1 hour

    Ensure the team understands how technology advances and how they can identify patterns in upcoming technologies.

    1. Lead the group through a brainstorming session.
    2. Follow the next phases and steps.
    3. This session should be led by someone who can facilitate a thought-provoking discussion.
    4. This training deck finishes with a video.

    Input

    • Facilitated creativity
    • Training deck [following slides]

    Output

    • Inspiration
    • Anonymous ideas

    Materials

    • Futurist training “steps”
    • Pen and paper

    Participants

    • Core working group
    • Visionaries
    • Facilitator

    1.2.A Look to the past to predict the future

    30 minutes

    Step 1

    Step 2 Step 3 Step 4

    Review what you missed.

    What did you like?

    What did you dislike?

    Test the reasonability.

    Think about a time you missed a technical disruptive opportunity.

    Start with a list of technologies that changed your business and processes.

    Consider those specifically you could have identified with a repeatable process.

    What were the most impactful points about the technology?

    Define a list of “characteristics” you liked.

    Create a shortlist of items.

    Itemize the impact to process, people, and technology.

    Why did you pass on the tech?

    Define a list of “characteristics” you did not like.

    Create a shortlist of items.

    Itemize the impact to process, people, and technology.

    Avoid the “arm chair quarterback” view.

    Refer to the six positive and negative points.

    Check against your data points at the end of each phase.

    Record the list of missed opportunities

    Record 6 characteristics

    Record 6 characteristics

    Completed “Think like a Futurists” tool

    Use the Disruptive Technology Research Look to the Past Tool to record your output.

    Input

    • Facilitated creativity
    • Speaker’s notes

    Output

    • Inspiration
    • Anonymous ideas
    • Recorded missed opportunities
    • Recorded positive points
    • Recorded dislikes
    • Reasonability test list

    Materials

    • Futurist training “steps”
    • Pen and paper
    • “Look to the Past” tool

    Participants

    • Core working group
    • Visionaries
    • Facilitator

    Understand how the difference between linear and exponential growth will completely transform many organizations in the next decade

    “The last ten years have seen exponential growth in research on disruptive technologies and their impact on industries, supply chains, resources, training, education and employment markets … The debate is still open on who will be the winners and losers of future industries, but what is certain is that change has picked up pace and we are now in a new technology revolution whose impact is potentially greater than the industrial revolution.”
    – Gary L. Evans

    Exponential advancement will ensure that life in the next decade will be very different from life today.

    • Linear growth happens one step at a time.
    • The difference between linear and exponential is hard to notice, at first.
    • We are now at the knee of the curve.

    What about email?

    • Consider the amount of email you get daily
    • Double it
    • Triple it

    Exponential growth happens much faster than linear growth, especially when it hits the knee of the curve. Technology grows exponentially, and we are approaching the knee of the curve.

    This graph is adapted from research by Ray Kurzweil.

    Growth: Linear vs. Exponential

    This image contains a graph demonstrating examples of exponential and linear trends.

    1.2.B Crash course on futurology principles

    1 hour

    “An analysis of the history of technology shows that technological change is exponential, contrary to the common-sense ‘intuitive linear’ view. So we won’t experience 100 years of progress in the 21st century — it will be more like 20,000 years of progress (at today’s rate).”
    - Ray Kurzweil

    Review the differences between exponential and linear growth

    The pace of technological advances makes progress difficult to predict.

    Technology advances exponentially. Rather than improving by the same amount of capability each year, it multiplies in capability each year.

    Think like a futurist to anticipate technology before it goes mainstream.

    Exponential growth happens much faster than linear growth, especially when it hits the knee of the curve. Even those who acknowledge exponential growth underestimate how capabilities can improve.

    The following case study illustrates the rise of social media providers

    “There are 7.7 billion people in the world, with at least 3.5 billion of us online. This means social media platforms are used by one in three people in the world and more than two-thirds of all internet users.”
    – Esteban Ortiz-Ospina

    This graph depicts the trend of the number of people using social media platforms between 2005 and 2019

    The following case study illustrates the rapid growth of Machine to Machine (M2M) connections

    A bar graph is shown which depicts the proportion of technology use from 2018-2022. the included devices are: Tablets; PCs; TVs; Non-smartphones; Smartphones; M2M

    Ray Kurzweil’s Law of Accelerating Returns

    “Ray Kurzweil has been described as ‘the restless genius’ by The Wall Street Journal, and ‘the ultimate thinking machine’ by Forbes. He was ranked #8 among entrepreneurs in the United States by Inc Magazine, calling him the ‘rightful heir to Thomas Edison,’ and PBS included Ray as one of 16 ‘revolutionaries who made America,’ along with other inventors of the past two centuries.”
    Source: KurzweilAI.net

    Growth is linear?

    “Information technology is growing exponentially. That’s really my main thesis, and our intuition about the future is not exponential, it’s really linear. People think things will go at the current pace …1, 2, 3, 4, 5, and 30 steps later, you’re at 30.”

    Better IT strategy enables future business innovation

    “The reality of information technology like computers, like biological technologies now, is it goes exponentially … 2, 4, 8, 16. At step 30, you’re at a billion, and this is not an idle speculation about the future.” [emphasis added]

    “When I was a student at MIT, we all shared a computer that cost tens of millions of dollars. This computer [pulling his smartphone out of his pocket] is a million times cheaper, a thousand times more powerful — that’s a billion-fold increase in MIPS per dollar, bits per dollar… and we’ll do it again in 25 years.”
    Source: “IT growth and global change: A conversation with Ray Kurzweil,” McKinsey & Company

    1.2.C Peak into the future

    1 hour

    Leverage industry roundtables and trend reports to understand the art of the possible

    • Uncover important business and industry trends that can inform possibilities for technology disruption.
    • Market research is critical in identifying factors external to your organization and identifying technology innovation that will provide a competitive edge. It’s important to evaluate the impact each trend or opportunity will have in your organization and market.

    Visit Info-Tech’s Trends & Priorities Research Center

    Visit Info-Tech’s Industry Coverage Research to get started.

    Phase 1: Identify

    Create your working group

    Activities:

    Step 1.1: Establish the core working group and select a leader; select a group of visionaries
    Step 1.2: Train the group to think like futurists
    Step 1.3: Hold the initial meeting

    This step involves the following participants:

    • IT Infrastructure Manager
    • CIO or CTO
    • Potential members and visionaries of the working group

    Outcomes of this phase:

    • Establish a team of subject matter experts that will evaluate new, emerging, and potentially disruptive technologies.
    • Establish a process for including visionaries from outside of the working group who will provide insight and direction.
    • Introduce the core working group members.
    • Gain a better understanding of how technology advances.
    • Brainstorm a list of organizational processes.
    • Brainstorm an initial longlist.

    Info-Tech Insight

    Establish the longlist. The longlist help create a holistic view of most technologies that could impact the business. Assigning values and quadrant scoring will shortlist the options and focus your PoC option.

    Step 1.3

    Hold the initial meeting

    Activities:

    1. Create an agenda for the meeting
    2. Start the kick-off meeting with introductions and a recap
    3. Brainstorm about creating a better future
    4. Begin brainstorming an initial longlist
    5. Have team members develop separate longlists for their next meeting

    This step involves the following participants:

    • IT Infrastructure Manager
    • CIO or CTO
    • Core working group members
    • Visionaries

    Outcomes of this step

    • Introduce the core working group members
    • Gain a better understanding of how technology advances
    • Brainstorm a list of organizational processes
    • Brainstorm an initial longlist

    1.3.A Create an agenda for the meeting

    1 hour

    Kick-off this cycle of the disruptive technology process by welcoming your visionaries and introducing your core working group.

    The purpose of the initial meeting is to brainstorm where new technology will be the most disruptive within the organization. You’ll develop two longlists: one of business processes and one of disruptive technology. These longlists are in addition to the independent research your core working group will perform before Phase 2.

    • Find an outgoing facilitator. Sitting back will let you focus more on ideating, and an engaging presenter will help bring out ideas from your visionaries.
    • The training deck (see step 1.2c) includes presenting a video. We’ve included some of our top choices for you to choose from.
      • Feel free to find your own video or bring in a keynote speaker.
      • The object of the video is to get the group thinking about the future.
      • Customize the training deck as needed.
    • If a cycle has been completed, present your findings and all of the group’s completed deliverables in the first section.
    • This session is the only time you have with your visionaries. Get their ideas on what technologies will be disruptive to start forming a longlist.

    Info-Tech Insight

    The disruptive tech team is prestigious. If your organization is large enough or has the resources, consider having this meeting in an offsite location. This will drive excitement to join the working group if the opportunity arises and incentivize good work.

    Meeting Agenda (Sample)

    Time

    Activity

    8:00am-8:30am Introductions and previous meeting recap
    8:30am-9:30am Training deck
    9:30 AM-10:00am Brainstorming
    10:00am-10:15am Break
    10:15am-10:45am Develop good research techniques
    10:45am-12:00pm Begin compiling your longlist

    Info-Tech Insight

    The disruptive tech team is prestigious. If your organization is large enough or has the resources, consider having this meeting in an offsite location. This will drive excitement to join the working group if the opportunity arises and incentivize good work.

    1.3.B Start the kick-off meeting with introductions and a summary of what work has been done so far

    30 minutes

    1. Start the meeting off with an icebreaker activity. This isn’t an ordinary business meeting – or even group – so we recommend starting off with an activity that will emphasize this unique nature. To get the group in the right mindset, try this activity:
      1. Go around the group and have people present:
      2. Their names and roles
      3. Pose some or all of the following questions/prompts to the group:
        • “Tell me about something you have created.”
        • “Tell me about a time you created a process or program considered risky.”
        • “Tell me about a situation in which you had to come up with several new ideas in a hurry. Were they accepted? Were they successful?”
        • “Tell me about a time you took a risk.”
        • “Tell me about one of your greatest failures and what you learned from it.”
    2. Once everyone has been introduced, present any work that has already been completed.
      1. If you have already completed a cycle, give a summary of each technology that you investigated and the results from any piloting.
      2. If this is the first cycle for the working group, present the information decided in Step 1.1.

    Input

    • Disruptive technology exploitation plan

    Output

    • Networking
    • Brainstorming

    Materials

    • Meeting agenda

    Participants

    • Core working group
    • Visionaries
    • Facilitator

    1.3.C Brainstorm about creating a better future for the company, the stakeholders, and the employees

    30 minutes

    Three sticky notes are depicted, at the top of each note are the following titles: What can we do better; How can we make a better future; How can we continue being successful

    1. Have everyone put up at least two ideas for each chart paper.
    2. Go around the room and discuss their ideas. You may generate some new ideas here.

    These generated ideas are organizational processes that can be improved or disrupted with emerging technologies. This list will be referenced throughout Phases 2 and 3.

    Input

    • Inspiration
    • Anonymous ideas

    Output

    • List of processes

    Materials

    • Chart paper and markers
    • Pen and paper

    Participants

    • Core working group
    • Visionaries

    1.3.D Begin brainstorming a longlist of future technology, and discuss how these technologies will impact the business

    30 minutes

    • Use the Disruptive Technology Research Database Tool to organize technologies and ideas. Longstanding working groups can track technologies here over the course of several years, updating the tool between meetings.
    • Guide the discussion with the following questions, and make sure to focus on the processes generated from Step 1.2.d.

    Focus on

    The Technology

    • What is the technology and what does it do?
    • What processes can it support?

    Experts and Other Organizations

    • What are the vendors saying about the technology?
    • Are similar organizations implementing the technology?

    Your Organization

    • Is the technology ready for wide-scale distribution?
    • Can the technology be tested and implemented now?

    The Technology’s Value

    • Is there any indication of the cost of the technology?
    • How much value will the technology bring?

    Download the Disruptive Technology Database Tool

    Input

    • Inspiration
    • List of processes

    Output

    • Initial longlist

    Materials

    • Chart paper and markers
    • Pen and paper
    • Disruptive Technology Research Database Tool

    Participants

    • Core working group
    • Visionaries

    1.3.E Explore these sources to generate your disruptive technology longlist for the next meeting

    30 Minutes

    There are many sources of information on new and emerging technology. Explore as many sources as you can.

    Science fiction is a valid source of learning. It drives and is influenced by disruptive technology.

    “…the inventor of the first liquid-fuelled rocket … was inspired by H.G. Wells’ science fiction novel War of the Worlds (1898). More recent examples include the 3D gesture-based user interface used by Tom Cruise’s character in Minority Report (2002), which is found today in most touch screens and the motion sensing capability of Microsoft’s Kinect. Similarly, the tablet computer actually first appeared in Stanley Kubrick’s 2001: A Space Odyssey (1968) and the communicator – which we’ve come to refer today as the mobile phone – was first used by Captain Kirk in Star Trek (1966).”
    – Emmanuel Tsekleves, senior lecturer, University of Lancaster

    Right sources: blogs, tech news sites, tech magazines, the tech section of business sites, popular science books about technology, conferences, trade publications, and vendor announcements

    Quantity over quality: early research is not the time to dismiss ideas.

    Discuss with your peers: spark new and innovative ideas

    Insert a brief summary of how independent research is conducted in Section 2.1 of the Disruptive Technology Exploitation Plan Template.

    1.3.E (Cont.) Explore these sources to generate your disruptive technology longlist for the next meeting

    30 Minutes

    There are many sources of information on new and emerging technology. Use this list to kick-start your search.

    Connect with practitioners that are worth their weight in Reddit gold. Check out topic-based LinkedIn groups and subreddits such as r/sysadmin and r/tech. People experienced with technology frequent these groups.

    YouTube is for more than cat videos. Many vendors use YouTube for distributing their previous webinars. There are also videos showcasing various technologies that are uploaded by lecturers, geeks, researchers, and other technology enthusiasts.

    Test your reasonability. Check your “Think Like a Futurist” Tool

    Resolve

    Evaluate Disruptive Technologies

    PHASE 2

    Phase 2: Resolve

    Evaluate disrupted technologies

    Activities:

    Step 2.1: Create and Winnow a Longlist
    Step 2.2: Assess Shortlist

    Info-Tech Insight

    Long to short … that’s the short of it. Using SWOT, value readiness, and quadrant mapping review sessions will focus the longlist, creating a shortlist of potential PoC candidates to review and consider.

    This step involves the following participants:

    • Core working group
    • Infrastructure Management

    Outcomes of this step:

    • Finalized longlist
    • Finalized shortlist
    • Initial analysis of each technology on the shortlist

    Step 2.1

    Create and winnow a longlist

    Activities:

    1. Converge everyone’s longlists
    2. Narrow technologies from the longlist down to a shortlist using Info-Tech’s Disruptive Technology Shortlisting Tool
    3. Use the shortlisting tool to help participants visualize the potential
    4. Input the technologies on your longlist into the Disruptive Technology Shortlisting Tool to produce a shortlist

    This step involves the following participants:

    • Core working group members

    Outcomes of this step:

    • Finalized longlist
    • Finalized shortlist
    • Initial analysis of each technology on the shortlist

    2.1 Organize a meeting with the core working group to combine your longlists and create a shortlist

    1 hour

    Plan enough time to talk about each technology on the list. Each technology was included for a reason.

    • Start with the longlist. Review the longlist compiled at the initial meeting, and then have everyone present the lists that they independently researched.
    • Focus on the company’s context. Make sure that the working group analyzes these disruptive technologies in the context of the organization.
    • Start to compile the shortlist. Begin narrowing down the longlist by excluding technologies that are not relevant.

    Meeting Agenda (Sample)

    TimeActivity
    8:00am-9:30amConverge longlists
    9:30am-10:00amBreak
    10:00am-10:45amDiscuss tech in organizational context
    10:45am-11:15amBegin compiling the shortlist

    Disruptive Technology Exploitation Plan Template

    2.1.A Converge the longlists developed by your team

    90 minutes

    • Start with the longlist developed at the initial meeting. Write this list on the whiteboard.
    • If applicable, have a member present the longlist that was created in the last cycle. Remove technologies that:
      • Are no longer disruptive (e.g. have been implemented or rejected).
      • Have become foundational.
    • Eliminate redundancy: remove items that are very similar.
    • Have members “pitch” items on their lists:
      • Explain why their technologies will be disruptive (2-5 minutes maximum)
      • Add new technologies to the whiteboard
    • Record the following for metrics:
      • Each presented technology
      • Reasons the technology could be disruptive
      • Source of the information
    • Use Info-Tech’s Disruptive Technology Research Database Tool as a starting point.

    Insert the final longlist into Section 2.2 of your Disruptive Technology Exploitation Plan Template.

    Input

    • Longlist developed at first meeting
    • Independent research
    • Previous longlist

    Output

    • Finalized longlist

    Materials

    • Disruptive Technology Research Database Tool
    • Whiteboard and markers
    • Virtual whiteboard

    Participants

    • Core working group

    Review the list of processes that were brainstormed by the visionary group, and ask for input from others

    • IT innovation is most highly valued by the C-suite when it improves business processes, reduces costs, and improves core products and services.
    • By incorporating this insight into your working group’s analysis, you help to attract the attention of senior management and reinforce the group’s necessity.
    • Any input you can get from outside of IT will help your group understand how technology can be disruptive.
      • Visionaries consulted in Phase 1 are a great source for this insight.
    • The list of processes that they helped to brainstorm in Step 1.2 reflects processes that can be impacted by technology.
    • Info-Tech’s research has shown time and again that both CEOs and CIOs want IT to innovate around:
      • Improving business processes
      • Improving core products and services
      • Reducing costs

    Improved business processes

    80%

    Core product and service improvement

    48%

    Reduced costs

    48%

    Increased revenues

    23%

    Penetration into new markets

    21%

    N=364 CXOs & CIOs from the CEO-CIO Alignment Diagnostic Questions were asked on a 7-point scale of 1 = Not at all to 7 = Very strongly. Results are displayed as percentage of respondents selecting 6 or 7.

    Info-Tech Insight

    The disruptive tech team is prestigious. If your organization is large enough or has the resources, consider having this meeting in an offsite location. This will drive excitement to join the working group if the opportunity arises and incentivize good work.

    2.1.B Narrow technologies from the longlist down to a shortlist using Info-Tech’s Disruptive Technology Shortlisting Tool

    90 minutes

    To decide which technology has potential for your organization, have the working group or workshop participants evaluate each technology:

    1. Record each potentially disruptive technology in the longlist on a whiteboard.
    2. Making sure to carefully consider the meaning of the terms, have each member of the group evaluate each technology as “high” or “low” along each of the axes, innovation and transformation, on a piece of paper.
    3. The facilitator collects each piece of paper and inputs the results by technology into the Disruptive Technology Shortlisting Tool.
    Technology Innovation Transformation
    Conversational Commerce High High

    Insert the final shortlist into Section 2.2 of your Disruptive Technology Exploitation Plan Template.

    Input

    • Longlist
    • Futurist brainstorming

    Output

    • Shortlist

    Materials

    • Disruptive Technology Research Database Tool
    • Whiteboard and markers
    • Virtual whiteboard

    Participants

    • Core working group

    Disruptive technologies are innovative and transformational

    Innovation

    Transformation

    • Elements:
      • Creative solution to a problem that is relatively new on the scene.
      • It is different, counterintuitive, or insightful or has any combination of these qualities.
    • Questions to Ask:
      • How new is the technology?
      • How different is the technology?
      • Have you seen anything like it before? Is it counterintuitive?
      • Does it offer an insightful solution to a persistent problem?
    • Example:
      • The sharing economy: Today, simple platforms allow people to share rides and lodgings cheaply and have disrupted traditional services.
    • Elements:
      • Positive change to the business process.
      • Highly impactful: impacts a wide variety of roles in a company in a nontrivial way or impacts a smaller number of roles more significantly.
    • Questions to Ask:
      • Will this technology have a big impact on business operations?
      • Will it add substantial value? Will it change the structure of the company?
      • Will it impact a significant number of employees in the organization?
    • Example:
      • Flash memory improved storage technology incrementally by building on an existing foundation.

    Info-Tech Insight

    Technology can be transformational but not innovative. Not every new technology is disruptive. Even where technology has improved the efficiency of the business, if it does this in an incremental way, it might not be worth exploring using this storyboard.

    2.1.C Use the shortlisting tool to help participants visualize the potential

    1 hour

    Use the Disruptive Technology Shortlisting Tool, tabs 2 and 3.

    Assign quadrants

    • Input group members’ names and the entire longlist (up to 30 technologies) into tab 2 of the Disruptive Technology Shortlisting Tool.
    • On tab 3 of the Disruptive Technology Shortlisting Tool, input the quadrant number that corresponds to the innovation and transformation scores each participant has assigned to each technology.

    Note

    This is an assessment meant to serve as a guide. Use discretion when moving forward with a proof-of-concept project for any potentially disruptive technology.

    Participant Evaluation Quadrant
    High Innovation, High Transformation 1
    High Innovation, Low Transformation 2
    Low Innovation, Low Transformation 3
    Low Innovation, High Transformation 4

    four quadrants are depicted, labeled 1-4. The quadrants are coloured as follows: 1- green; 2- yellow; 3; red; 4; yellow

    2.1.D Use the Disruptive Technology Shortlisting Tool to produce a shortlist

    1 hour

    Use the Disruptive Technology Shortlisting Tool, tabs 3 and 4.

    Use the populated matrix and the discussion list to arrive at a shortlist of four to six potentially disruptive technologies.

    • The tool populates each quadrant based on how many votes it received in the voting exercise.
    • Technologies selected for a particular quadrant by a majority of participants are placed in the quadrant on the graph. Where there was no consensus, the technology is placed in the discussion list.
    • Technologies in the upper right quadrant – high transformation and high innovation – are more likely to be good candidates for a proof-of-concept project. Those in the bottom left are likely to be poor candidates, while those in the remaining quadrants are strong on one of the axes and are unlikely candidates for further systematic evaluation.

    This image contains a screenshot from tab 3 of the Disruptive Technology Shortlisting Tool.

    Input the results of the vote into tab 3 of the Disruptive Technology Shortlisting Tool.

    This image contains a screenshot from tab 4 of the Disruptive Technology Shortlisting Tool.

    View the results on tab 4.

    Phase 2: Resolve

    Evaluate disrupted technologies

    Activities:

    Step 2.1: Create and Winnow a Longlist
    Step 2.2:- Assess Shortlist

    This step involves the following participants:

    • Core working group
    • Infrastructure Management

    Outcomes of this step:

    • Finalized longlist
    • Finalized shortlist
    • Initial analysis of each technology on the shortlist

    Assess Shortlist

    Activities:

    1. Assess the value of each technology to your organization by breaking it down into quality and cost
    2. Investigate the overall readiness of the technologies on the shortlist
    3. Interpret each technology’s value score
    4. Conduct a SWOT analysis for each technology on the shortlist
    5. Use Info-Tech’s disruptive technology shortlist analysis to visualize the tool’s outputs
    6. Select the shortlisted technologies you would like to move forward with

    This step involves the following participants:

    • Core working group members
    • IT Management

    Outcomes of this step:

    • Finalized shortlist
    • Initial analysis of each technology on the shortlist

    2.2 Evaluate technologies based on their value and readiness, and conduct a SWOT analysis for each one

    Use the Disruptive Technology Value-Readiness and SWOT Analysis Tool

    • A technology monitor diagram prioritizes investment in technology by analyzing its readiness and value.
      • Readiness: how close the technology is to being practical and implementable in your industry and organization.
      • Value: how worthwhile the technology is, in terms of its quality and its cost.
    • Value and readiness questionnaires are included in the tool to help determine current and future values for each, and the next four slides explain the ratings further.
    • Categorize technology by its value-readiness score, and evaluate how much potential value each technology has and how soon your company can realize that value.
    • Use a SWOT analysis to qualitatively evaluate the potential that each technology has for your organization in each of the four categories (strengths, weaknesses, opportunities, and threats).

    The technology monitor diagram appears in tab 9 of the Disruptive Technology Value-Readiness and SWOT Analysis Tool

    This image depicts tab 9 of the Disruptive Technology Value-Readiness and SWOT Analysis Tool

    2.2.A Assess the value of each technology to your organization by breaking it down into quality and cost

    1 hour

    Update the Disruptive Technology Value-Readiness and SWOT Analysis Tool, tab 4.

    Populate the chart to produce a score for each technology’s overall value to the company conceptualized as the interaction of quality and cost.

    Overall Value

    Quality Cost

    Each technology, if it has a product associated with it, can be evaluated along eight dimensions of quality. Consider how well the product performs, its features, its reliability, its conformance, its durability, its serviceability, its aesthetics, and its perceived quality.

    IT budgets are broken down into capital and operating expenditures. A technology that requires a significant investment along either of these lines is unlikely to produce a positive return. Also consider how much time it will take to implement and operate each technology.

    The value assessment is part of the Disruptive Technology Value-Readiness and SWOT Analysis Tool

    This image contains a screenshot from tab 4 of the Disruptive Technology Value-Readiness and SWOT Analysis Tool.

    Info-Tech Insight

    Watch your costs: Technology that seems cheap at first can actually be expensive over time. Be sure to account for operational and opportunity costs as well.

    2.2.B Investigate the overall readiness of the technologies on the shortlist

    1 hour

    Update the Disruptive Technology Value-Readiness and SWOT Analysis Tool, tab 4.

    Overall Readiness

    Age

    How much time has the technology had to mature? Older technology is more likely to be ready for adoption.

    Venture Capital

    The amount of venture capital gathered by important firms in the space is an indicator of market faith.

    Market Size

    How big is the market for the technology? It is more difficult to break into a giant market than a niche market.

    Market Players

    Have any established vendors (Microsoft, Facebook, Google, etc.) thrown their weight behind the technology?

    Fragmentation

    A large number of small companies in the space indicates that the market has yet to reach equilibrium.

    The readiness assessment is part of the Disruptive Technology Value-Readiness and SWOT Analysis Tool

    This image contains a screenshot of the Readiness Scoring tab of the Disruptive Technology Value-Readiness and SWOT Analysis Tool.

    Use a variety of sources to populate the chart

    Google is your friend: search each shortlisted technology to find details about its development and important vendors.

    Websites like Crunchbase, VentureBeat, and Mashable are useful sources for information on the companies involved in a space and the amount of money they have each raised.

    2.2.C Interpret each technology’s value score

    1 hour

    Insert the result of the SWOT analysis into tab 7 of Info-Tech’s Disruptive Technology Value-Readiness and SWOT Analysis Tool.

    Visualize the results of the quality-cost analysis

    • Quality and cost are independently significant; it is essential to understand how each technology stacks up on the axes.
    • Use tab 6 of the Disruptive Technology Value-Readiness and SWOT Analysis Tool for an illustration of how quality and cost interact to produce each technology’s final position on the tech monitor graph.
    • Remember: the score is notional and reflects the values that you have assigned. Be sure to treat it accordingly.

    This image contains a screenshot of the Value Analysis tab of the Disruptive Technology Value-Readiness and SWOT Analysis Tool

    Green represents a technology that scores extremely high on one axis or the other, or quite high on both. These technologies are the best candidates for proof-of-concept projects from a value perspective.

    Red represents a technology that has scored very low on both axes. These technologies will be expensive, time consuming, and of poor quality.

    Yellow represents the fuzzy middle ground. These technologies score moderately on both axes. Be especially careful when considering the SWOT analysis of these technologies.

    2.2.D Conduct a SWOT analysis for each technology on the shortlist

    1 hour

    Use tab 6 of the Disruptive Technology Value-Readiness and SWOT Analysis Tool.

    A formal process for analyzing disruptive technology is the only way to ensure that it is taken seriously.

    Write each technology as a heading on a whiteboard. Spend 10-15 minutes on each technology conducting a SWOT analysis together.

    Consider four categories for each technology:

    • Strengths: Current uses of the technology or supporting technology and ways in which it helps your organization.
    • Weaknesses: Current limitations of the technology and challenges or barriers to adopting it in your organization.
    • Opportunities: Potential uses of the technology, especially as it advances or improves.
    • Threats: Potential negative disruptions resulting from the technology, especially as it advances or improves.

    The list of processes generated at the cycle’s initial meeting is a great source for opportunities and threats.

    Disruptive Technology Value-Readiness and SWOT Analysis Tool

    This image contains screenshots of the technology tab of the Disruptive Technology Value-Readiness and SWOT Analysis Tool.

    2.2.E Use Info-Tech’s disruptive technology shortlist analysis to visualize the tool’s outputs

    1 hour

    Disruptive Technology Value-Readiness and SWOT Analysis Tool, tab 9

    The tool’s final tab displays the results of the value-readiness analysis and the SWOT analysis in a single location.

    This image contains a screenshot from tab 9 of the Disruptive Technology Value-Readiness and SWOT Analysis Tool

    Insert the shortlist analysis report into Section 3 of your Disruptive Technology Exploitation Plan Template.

    2.2.F Select the shortlisted technologies you would like to move forward with

    1 hour

    Present your findings to the working group.

    • The Disruptive Technology Value-Readiness and SWOT Analysis Tool aggregates your inputs in an easy-to-read, consistent way.
    • Present the tool’s outputs to members of the core working group.
    • Explain the scoring and present the graphic to the group. Go over each technology’s strengths and weaknesses as well as the opportunities and threats it presents/poses to the organization.
    • Go through the proof-of-concept planning phase before striking any technologies from the list.

    This image contains a screenshot of the disruptive technology shortlist analysis from the Disruptive Technology Value-Readiness and SWOT Analysis Tool

    Info-Tech Insight

    A technology’s exceptional value and immediate usability make it the best. A technology can be promising and compelling, but it is unsuitable unless it can bring immediate and exceptional value to your organization. Don’t get caught up in the hype.

    Evaluate

    Create an Action Plan to Exploit Disruptive Technologies

    PHASE 3

    Phase 3: Evaluate

    Create an Action Plan to Exploit Disruptive Technologies

    Activities:

    Step 3.1: Create Process Maps
    Step 3.2: Develop Proof of Concept Charter

    This step involves the following participants:

    • Core working group
    • Infrastructure Management
    • Working group leader
    • CIO

    Outcomes of this step:

    • Business process maps before and after disruption
    • Proof of concept charter
    • Key performance indicators
    • Estimation of required resources

    Step 3.1

    Create Process Maps

    Activities:

    1. Creating a problem canvas by identifying stakeholders, jobs, pains, and gains
    2. Clarify the problem the proof-of-concept project will solve
    3. Identify jobs and stakeholders
    4. Outline how disruptive technology will solve the problem
    5. Map business processes
    6. Identify affected business units
    7. Outline and map the business processes likely to be disrupted
    8. Recognize how the new technology will impact business processes
    9. Make the case: Outline why the new business process is superior to the old

    This step involves the following participants:

    • Working group leader
    • CIO

    Outcomes of this step:

    • Business process maps before and after disruption

    3.1 Create an action plan to exploit disruptive technologies

    Clarify the problem in order to make the case. Fill in section 1.1 of Info-Tech’s Proof of Concept Template to clearly outline the problem each proof of concept is designed to solve.

    Establish roles and responsibilities. Use section 1.2 of the template to outline the roles and responsibilities that fall to each member of the team. Ensure that clear lines of authority are delineated and that the list of stakeholders is exhaustive: include the executives whose input will be required for project approval, all the way to the technicians on the frontline responsible for implementing it.

    Outline the solution to the problem. Demonstrate how each proof-of-concept project provides a solution to the problem outlined in section 1.1. Be sure to clarify what makes the particular technology under investigation a potential solution and record the results in section 1.3.

    This image contains a screenshot of the Proof of concept project template

    Use the Proof of Concept Project Template to track the information you gather throughout Phase 3.

    3.1.A Creating a problem canvas by identifying stakeholders, jobs, pains, and gains

    2 hours

    Instructions:

    1. On a whiteboard, draw the visual canvas supplied below.
    2. Select your issue area, and list jobs, pains, and gains in the associated sections.
    3. Record the pains, jobs, and gains in sections 1.1-1.3 of the Proof of Concept Template.

    Gains

    1. More revenue

    2. Job security

    3. ……

    Jobs

    1. Moving product

    2. Per sale value

    3. ……

    Pains

    1. Clunky website

    2. Bad site navigation

    3. ……

    Input

    • Inspiration
    • Anonymous ideas

    Output

    • List of processes

    Materials

    • Chart paper and markers
    • Pen and paper

    Participants

    • Core working group
    • Visionaries

    3.1.B Clarify the problem the proof-of-concept project will solve

    2 hours

    What is the problem?

    • Every technology is designed to solve a problem faced by somebody somewhere. For each technology that your team has decided to move forward with, identify and clearly state the problem it would solve.
    • A clear problem statement is a crucial part of a new technology’s business case. It is impossible to earn buy-in from the rest of the organization without demonstrating the necessity of a solution.
    • Perfection is impossible to achieve: during the course of their work, everyone encounters pain points. Identify those pain points to arrive at the problem that needs to be solved.

    Example:

    List of pains addressed by conversational commerce:

    • Search functions can be clunky and unresponsive.
    • Corporate websites can be difficult to navigate.
    • Customers are uncomfortable in unfamiliar internet environments.
    • Customers do not like waiting in a long queue to engage with customer service representatives when they have concerns.

    “If I were given one hour to solve a problem, I would spend 59 minutes defining the problem and one minute resolving it.”
    – Albert Einstein

    Input the results of this exercise into Section 1.1 of the Proof of Concept Template.

    3.1.C Identify jobs and stakeholders

    1 hour

    Jobs

    Job: Anything that the “customer” (the target of the solution) needs to get done but that is complicated by a pain.

    Examples:
    The job of the conversational commerce interface is to make selling products easier for the company.
    From the customer perspective, the job of the conversational interface is to make the act of purchasing a product simpler and easier.

    Stakeholders

    Stakeholder: Anyone who is impacted by the new technology and who will end up using, approving, or implementing it.

    Examples:
    The executive is responsible for changing the company’s direction and approving investment in a new sales platform.
    The IT team is responsible for implementing the new technology.
    Marketing will be responsible for selling the change to customers.
    Customers, the end users, will be the ones using the conversational commerce user interface.

    Input the results of this exercise into Section 1.2 of the Proof of Concept Template.

    Info-Tech Insight

    Process deconstruction reveals strengths and weaknesses. Promising technology should improve stakeholders’ abilities to do jobs.

    3.1.D Outline how disruptive technology will solve the problem

    1 hour

    How will the technology in question make jobs easier?

    • How will the disruptive technology you have elected to move forward with create gains for the organization?
    • First, identify the gains that are supposed to come with the project. Consider the benefits that the various stakeholders expect to derive from the jobs identified.
    • Second, make note of how the technology in question facilitates the gains you have noted. Be sure to articulate the exclusive features of the new technology that make it an improvement over the current state.

    Note: The goal of this exercise is to make the case for a particular technology. Sell it!

    Expected Gain: Increase in sales.

    Conversational Commerce’s Contribution: Customers are more likely to purchase products using interfaces they are comfortable with.

    Expected Gain: Decrease in costs.

    Conversational Commerce’s Contribution: Customers who are satisfied with the conversational interface are less likely to interact with live agents, saving labor costs.

    Input the results of this exercise into Section 1.3 of the Proof of Concept Template.

    3.1.E Map business processes

    1 hour

    Map the specific business processes the new technology will impact.

    • Disruptive technologies will impact a wide variety of business processes.
    • Map business processes to visualize what parts of your organization (departments, silos, divisions) will be impacted by the new technology, should it be adopted after the proof of concept.
    • Identify how the disruption will take place.
    • Demonstrate the value of each technology by including the results of the Disruptive Technology Value-Readiness and SWOT Analysis Tool with your process map.

    This image contains a screenshot of the Proof of concept project template

    Use the Proof of Concept Project Template to track the information you gather throughout Phase 3.

    3.1.F Identify affected business units

    30 minutes per technology

    Disruptive technology will impact business units.

    • Using the stakeholders identified earlier in the project, map each technology to the business units that will be affected.
    • Make your list exhaustive. While some technologies will have a limited impact on the business as a whole, others will have ripple effects throughout the organization.
    • Examine affected units at all scales: How will the technology impact operations at the team level? The department level? The division level?

    “The disruption is not just in the technology. Sometimes a good business model can be the disruptor.”
    – Jason Hong, Associate Professor, Carnegie Mellon

    Example:

    • Customer service teams: Conversational commerce will replace some of the duties of the customer service representative. They will have to reorganize to account for this development.
    • IT department: The IT department will be responsible for building/maintaining the conversational interface (or, more likely, they will be responsible for managing the contract with the vendor).
    • Sales analytics: New data from customers in natural language might provide a unique opportunity for the analytics team to develop new initiatives to drive sales growth.

    Input the results of this exercise into Section 2.1 of the Proof of Concept Template.

    3.1.G Outline and map the business processes likely to be disrupted

    15 minutes per technology

    Leverage the insights of the diverse working group.

    • Processes are designed to transform inputs into outputs. All business activities can be mapped into processes.
    • A process map illustrates the sequence of actions and decisions that transform an input into an output.
    • Effective mapping gives managers an “aerial” view of the company’s processes, making it easier to identify inefficiencies, reduce waste, and ultimately, streamline operations.
    • To identify business processes, have group members familiar with the affected business units identify how jobs are typically accomplished within those units.

    “To truly understand a business process, we need information from both the top-down and bottom-up points of view. Informants higher in the organizational hierarchy with a strategic focus are less likely to know process details or problems. But they might advocate and clearly articulate an end-to-end, customer-oriented philosophy that describes the process in an idealized form. Conversely, the salespeople, customer service representatives, order processors, shipping clerks, and others who actually carry out the processes will be experts about the processes, their associated documents, and problems or exception cases they encounter.”
    – Robert J. Glushko, Professor at UC Berkeley and Tim McGrath, Business Consultant

    Info-Tech Insight

    Opinions gathered from a group that reflect the process in question are far more likely to align with your organization’s reality. If you have any questions about a particular process, do not be afraid to go outside of the working group to ask someone who might know.

    3.1.G Outline and map the business processes likely to be disrupted (continued)

    15 minutes per technology

    Create a simple diagram of identified processes.

    • Use different shapes to identify different points in the process.
    • Rectangles represent actions, diamonds represent decisions.
    • On a whiteboard, map out the actions and decisions that take place to transform an input into an output.
    • Input the result into section 2.2 of the Proof of Concept Template.

    This image contains a screenshot of the Software Service Cross-Function Process tab from Edraw Visualization Solutions.

    Source: Edraw Visualization Solutions

    Example: simplified process map

    1. User: visits company website
    2. User: engages search function or browses links
    3. User: selects and purchases product from a menu
    4. Company: ships product to customer

    3.1.H Recognize how the new technology will impact business processes

    15 minutes per technology

    Using the information gleaned from the previous activities, develop a new process map that takes the new technology into account.

    Identify the new actions or decisions that the new technology will affect.

    User: visits company website; User: engages conversational; commerce platform; User: engages search function or browses links; User: makes a natural language query; User: selects and purchases product from a menu</p data-verified=

    User: selects and purchases product from a menu; Company: ships product to customer; Company: ships product to customer">

    Info-Tech Insight

    It’s ok to fail! The only way to know you’re getting close to the “knee of curve" is from multiple failed PoC tests. The more PoC options you have, the more likely it will be that you will have two to three successful results.

    3.1.I Make the case: Outline why the new business process is superior to the old

    15 minutes per technology

    Articulate the main benefits of the new process.

    • Using the revised process map, make the case for each new action.
    • Questions to consider: How does the new technology relieve end-user/customer pains? How does the new technology contribute to the streamlining of the business process? Who will benefit from the new action? What are the implications of those benefits?
    • Record the results of this exercise in section 2.4 of the Proof of Concept Template.

    This image contains an example of an outline comparing the benefits of new and the old business processes.

    Info-Tech Insight

    If you cannot articulate how a new technology will benefit a business process, reconsider moving forward with the proof-of-concept project.

    Phase 3: Evaluate

    Create an Action Plan to Exploit Disruptive Technologies

    Activities:

    Step 3.1: Create Process Maps
    Step 3.2: Develop Proof of Concept Charter

    Develop Proof of Concept Charter

    This step involves the following participants:

    • Core working group
    • Infrastructure Management
    • Working group leader
    • CIO

    Outcomes of this step:

    • Business process maps before and after disruption
    • Proof of concept charter
    • Key performance indicators
    • Estimation of required resources

    Step 3.2

    Develop Proof of Concept Charter

    Activities:

    1. Use SMART success metrics to define your objectives
    2. Develop key performance indicators (KPIs)
    3. Identify key success factors for the project
    4. Outline the project’s scope
    5. Identify the structure of the team responsible for the proof-of-concept project
    6. Estimate the resources required by the project
    7. Be aware of common IT project concerns
    8. Communicate your working group’s findings and successes to a wide audience
    9. Hand off the completed proof-of-concept project plan
    10. Disruption is constant: Repeat the evaluation process regularly to protect the business

    This step involves the following participants:

    • Working group leader
    • CIO

    Outcomes of this step:

    • Proof of concept charter
    • Key performance indicators
    • Estimation of required resources

    3.2 Develop a proof of concept charter

    Keep your proof of concept on track by defining five key dimensions.

    1. Objective: Giving an overview of the planned proof of concept will help to focus and clarify the rest of this section. What must the proof of concept achieve? Objectives should be: specific, measurable, attainable, relevant, and time bound. Outline and track key performance indicators.
    2. Key Success Factors: These are conditions that will positively impact the proof of concept’s success.
    3. Scope: High-level statement of scope. More specifically, state what is in scope and what is out of scope.
    4. Project Team: Identify the team’s structure, e.g. sponsors, subject-matter experts.
    5. Resource Estimation: Identify what resources (time, materials, space, tools, expertise, etc.) will be needed to build and socialize your prototype. How will they be secured?

    Input the results of this exercise into Section 3.0 of the Proof of Concept Template.

    3.2.A Use SMART success metrics to define your objectives

    Specific

    Measurable

    Actionable

    Realistic

    Time Bound

    Make sure the objective is clear and detailed.

    Objectives are measurable if there are specific metrics assigned to measure success. Metrics should be objective.

    Objectives become actionable when specific initiatives designed to achieve the objective are identified.

    Objectives must be achievable given your current resources or known available resources.

    An objective without a timeline can be put off indefinitely. Furthermore, measuring success is challenging without a timeline.

    Who, what, where, why?

    How will you measure the extent to which the goal is met?

    What is the action-oriented verb?

    Is this within my capabilities?

    By when: deadline, frequency?

    Examples:

    1. Increase in sales by $40,000 per month by the end of next quarter.
    2. Immediate increase in web traffic by 600 unique page views per day.
    3. Number of pilots approved per year.
    4. Number of successfully deployed solutions per year.

    Input the results of this exercise into Section 3.0 of the Proof of Concept Template.

    3.2.B Develop key performance indicators (KPIs)

    30 minutes per technology

    Key performance indicators allow for rigorous analysis, which generates insight into utilization by platform and consumption by business activity.

    • Use the process improvements identified in step 3.1 to brainstorm metrics that indicate when process improvement is actually taking place.
    • Have members of the group pitch KPIs; the facilitator should record each suggestion on a whiteboard.
    • Make sure to have everyone justify the inclusion of each metric: How does it relate to the improvement that the proof of concept project is intended to drive? How does it relate to the overall goals of the business?
    • Include a list of KPIs, along with a description and a target (ensuring that it aligns with SMART metrics) in section 3.1 of the Proof of Concept Template.

    “An estimated 70% of performance measurement systems fail after implementation. Carefully select your KPIs and avoid this trap!”
    Source: Collins et al. 2016

    Key Performance Indicator Description Target

    Result

    Conversion rate What percentage of customers who visit the site/open the conversational interface continue on to make a purchase? 40%
    Average order value

    How much does each customer spend per visit to the website?

    $212
    Repeat customer rate What percentage of customers have made more than one purchase over time? 65%
    Lifetime customer value Over the course of their interaction with the company, what is the typical value each customer brings? $1566

    Input the results of this exercise into Section 3.1 of the Proof of Concept Template.

    3.2.C Identify key success factors for the project

    30 minutes per technology

    Effective project management involves optimizing four key success factors (Clarke, 1999)

    • Communication: Communicate the expected changes to stakeholders, making sure that everyone who needs to know does know. Example: Make sure customer service representatives know their duties will be impacted by the conversational UI well before the proof-of-concept project begins.
    • Clarity: All involved in the project should be apprised of what the project is intended to accomplish and what the project is not intended to accomplish. Example: The conversational commerce project is not intended to be rolled out to the entire customer base all at once; it is not intended to disrupt normal online sales.
    • Compartmentalization: The working group should suggest some ways that the project can be broken down to facilitate its effective implementation. Example: Sales provides details of customers who might be amenable to a trial, IT secures a vendor, customer service writes a script.
    • Flexibility: The working group’s final output should not be treated as gospel. Ensure that the document can be altered to account for unexpected events. Example: The conversational commerce platform might drive sales of a particular product more than others, necessitating adjustments at the warehouse and shipping level.

    Input the results of this exercise into Section 3.0 of the Proof of Concept Template.

    3.2.D Outline the project’s scope

    10 minutes per technology

    Create a high-level outline of the project’s scope.

    • Questions to consider: Broadly speaking, what are the project’s goals? What is the desired future state? Where in the company will the project be rolled out? What are some of the company’s goals that the project is not designed to cover?
    • Be sure to avoid scope creep! Remember: The goal of the proof-of-concept project is to produce a minimum case for viability in a carefully defined area. Reserve a detailed accounting of costs and benefits for the post-proof-of-concept stage.
    • Example: The conversational user interface will only be rolled out in an e-commerce setting. Other business units (HR, for example) are beyond the scope of this particular project.

    “Although scope creep is not the only nemesis a project can have, it does tend to have the farthest reach. Without a properly defined project and/or allowing numerous changes along the way, a project can easily go over budget, miss the deadline, and wreak havoc on project success.”
    – University Alliance, Villanova University

    Input the results of this exercise into Section 3.0 of the Proof of Concept Template.

    3.2.E Identify the structure of the team responsible for the proof-of-concept project

    10 minutes per technology

    Brainstorm who will be involved in project implementation.

    • Refer back to the list of stakeholders identified in 3.1.a. Which stakeholders should be involved in implementing the proof-of-concept plan?
    • What business units do they represent?
    • Who should be accountable for the project? At a high level, sketch the roles of each of the participants. Who will be responsible for doing the work? Who will approve it? Who needs to be informed at every stage? Who are the company’s internal subject matter experts?

    Example

    Name/Title Role
    IT Manager Negotiate the contract for the software with vendor
    CMO Promote the conversational interface to customers

    Input the results of this exercise into Section 3.0 of the Proof of Concept Template.

    3.2.F Estimate the resources required by the project

    10 minutes per technology

    Time and Money

    • Recall: Costs can be operational, capital, or opportunity.
    • Revisit the Disruptive Technology Value-Readiness and SWOT Analysis Tool. Record the capital and operational expenses expected to be associated with each technology, and add detail where possible (use exact figures from particular vendors instead of percentages).
    • Write the names and titles of each expected participant in the project on a whiteboard. Next to each name, write the number of hours they are expected to devote to the project and include a rough estimate of the cost of their participation to the company. Use full-time employee equivalent (FTE measures) as a base.
    • Outline how other necessary resources (space, tools, expertise, etc.) will be secured.

    Example: Conversational Commerce

    • OpEx: $149/month + 2.9¢/transaction* (2,000 estimated transactions)
    • CapEx: $0!
    • IT Manager: 5 hours at $100/hour
    • IT Technician: 40 hours at $45/hour
    • CMO: 1 hour at $300/hour
    • Customer Service Representative: 10 hours at $35/hour
    • *Estimated total cost for a one-month proof-of-concept project: $3,157

    *This number is a sample taken from the vendor Rhombus

    Input the results of this exercise into Section 3.0 of the Proof of Concept Template.

    3.2.G Be aware of common IT project concerns

    Of projects that did not meet business expectations or were cancelled, how significant were the following issues?

    A bar graph is depicted, comparing small, medium, and large businesses for the following datasets: Over budget; Project failed to be delivered on time; Breach of scope; Low quality; Failed to deliver expected benefit or value

    This survey data did not specifically address innovation projects.

    • Disruptive technology projects will be under increased scrutiny in comparison to other projects.
    • Be sure to meet deadlines and stay within budget.
    • Be cognizant that your projects can go out of scope, and there will be projects that may have to be cancelled due to low quality. Remember: Even a failed test is a learning opportunity!

    Info-Tech’s CIO-CEO Alignment Survey, N=225

    Organization size was determined by the number of IT employees within the organization

    Small = 10 or fewer IT staff, medium = 11 to 25 IT staff, and large/enterprise = 26 or greater IT staff

    3.2.H Communicate your working group’s findings and successes to a wide audience

    Advertise the group’s successes and help prevent airline magazine syndrome from occurring.

    • Share your group’s results internally:
      • Run your own analysis by senior management and then share it across the organization.
      • Maintain a list of technologies that the working group has analyzed and solicit feedback from the wider organization.
      • Post summaries of the technologies in a publicly available repository. The C-suite may not read it right away, but it will be easy to provide when they ask.
      • If senior management has declined to proceed with a certain technology, avoid wasting time and resources on it. However, include notes about why the technology was rejected.
    • These postings will also act as an advertisement for the group. Use the garnered interest to attract visionaries for the next cycle.
    • These postings will help to reiterate the innovative value of the IT department and help bring you to the decision-making table.

    “Some CIOs will have to battle the bias that they belong in the back office and shouldn’t be included in product architecture planning. CIOs must ‘sell’ IT’s strength in information architecture.”
    – Chris Curran, Chief Technologist, PwC (Curran, 2014)

    Info-Tech Insight

    Cast a wide net. By sharing your results with as many people as possible within your organization, you’ll not only attract more attention to your working group, but you will also get more feedback and ideas.

    3.2.I Hand off the completed proof-of-concept project plan

    The proof of concept template is filled out – now what?

    • The core working group is responsible for producing a vision of the future and outlining new technology’s disruptive potential. The actual implementation of the proof of concept (purchasing the hardware, negotiating the SLA with the vendor) is beyond the working group’s responsibilities.
    • If the proof of concept goes ahead, the facilitator should block some time to evaluate the completed project against the key performance indicators identified in the initial plan.
    • A cure for airline magazine syndrome: Be prepared when executives ask about new technology. Present them with the results of the shortlist analysis and the proof-of-concept plan. A clear accounting of the value, readiness, strengths, weaknesses, opportunities, and threats posed by each technology, along with its impact on business processes, is an invaluable weapon against poor technology choices.

    Use section 3.2.b to identify the decision-making stakeholder who has the most to gain from a successful proof-of-concept project. Self-interest is a powerful motivator – the project is more likely to succeed in the hands of a passionate champion.

    Info-Tech Insight

    Set a date for the first meeting of the new iteration of the disruptive technology working group before the last meeting is done. Don’t risk pushing it back indefinitely.

    3.2.J Hand off the completed proof-of-concept project plan

    Record the results of the proof of concept. Keep track of what worked and what didn’t.

    Repeat the process regularly.

    • Finalize the proof of concept template, but don’t stop there: Keep your ear to the ground; follow tech developments using the sources identified in step 1.2.
    • Continue expanding the potential longlist with independent research: Be prepared to expand your longlist. Remember, the more technologies you have on the longlist, the more potential airline magazine syndrome cures you have access to.
    • Have the results of the previous session’s proof of concept plan on hand: At the start of each new iteration, conduct a review. What technologies were successful beyond the proof of concept phase? Which parts of the process worked? Which parts did not? How could they be improved?

    Info-Tech Insight

    The key is in anticipation. This is not a one-and-done exercise. Technology innovation operates at a faster pace than ever before, well below the Moores Law "18 month" timeline as an example. Success is in making EDIT a repeatable process.

    Related Info-Tech Research

    Define Your Digital Business Strategy
    After a major crisis, find your place in the digital economy.

    Develop a Project Portfolio Management Strategy
    Drive project throughput by throttling resource capacity.

    Adopt Design Thinking in Your Organization
    Innovation needs design thinking.

    Digital Maturity Improvement Service
    Prepare your organization for digital transformation – or risk falling behind.

    Research contributors and experts

    Nitin Babel

    Nitin Babel, Co-Founder, niki.ai

    Nitin Babel, MSc, co-created conversational commerce platform niki.ai in early 2015. Since then, the technology has been featured on the front page of the Economic Times, and has secured the backing of Ratan Tata, former chairman of the Tata Group, one of the largest companies in the world.

    Mark Hubbard

    Mark Hubbard, Senior Vice President, FirstOnSite

    Mark is the SVP for Information Technology in Canada with FirstOnSite, a full service disaster recovery and property restoration company. Mark has over 25 years of technology leadership guiding global organizations through the development of strategic and tactical plans to strengthen their technology platforms and implement business aligned technology strategies.

    Chris Green

    Chris Green, Enterprise Architect, Boston Private
    Chris is an IT architect with over 15 years’ experience designing, building, and implementing solutions. He is a results-driven leader and contributor, skilled in a broad set of methods, tools, and platforms. He is experienced with mobile, web, enterprise application integration, business process, and data design.

    Andrew Kope

    Andrew Kope, Head of Data Analytics
    Big Blue Bubble
    Andrew Kope, MSc, oversees a team that develops and maintains a user acquisition tracking solution and a real-time metrics dashboard. He also provides actionable recommendations to the executive leadership of Big Blue Bubble – one of Canada’s largest independent mobile game development studios.

    Jason Hong

    Jason Hong, Associate Professor, School of Computer Science, Human-Computer Interaction Institute, Carnegie Mellon University

    Jason Hong is a member of the faculty at Carnegie Mellon’s School of Computer Science. His research focus lies at the intersection of human-computer interaction, privacy and security, and systems. He is a New America National Cyber Security Fellow (2015-2017) and is widely published in academic and industry journals.

    Tim Lalonde

    Tim Lalonde, Vice President, Mid-Range

    Tim Lalonde is the VP of Technical Operations at Mid-Range. He works with leading-edge companies to be more competitive and effective in their industries. He specializes in developing business roadmaps leveraging technology that create and support change from within — with a focus on business process re-engineering, architecture and design, business case development and problem-solving. With over 30 years of experience in IT, Tim’s guiding principle remains simple: See a problem, fix a problem.

    Jon Mavor

    Jon Mavor, Co-Founder and CTO, Envelop VR
    Jon Mavor is a programmer and entrepreneur, whose past work includes writing the graphics engine for the PC game Total Annihilation. As Chief Technology Officer of Envelop VR, a virtual reality start-up focused on software for the enterprise, Jon has overseen the launch of Envelop for Windows’s first public beta.

    Dan Pitt

    Dan Pitt, President, Palo Alto Innovation Advisors
    Dan Pitt is a network architect who has extensive experience in both the academy and industry. Over the course of his career, Dan has served as Executive Director of the Open Networking Foundation, Dean of Engineering at Santa Clara University, Vice President of Technology and Academic Partnerships at Nortel, Vice President of the Architecture Lab at Bay Networks, and, currently, as President of Palo Alto Innovation Advisors, where he advises and serves as an executive for technology start-ups in the Palo Alto area and around the world.

    Courtney Smith

    Courtney Smith, Co-Founder, Executive Creative Director
    PureMatter

    Courtney Smith is an accomplished creative strategist, storyteller, writer, and designer. Under her leadership, PureMatter has earned hundreds of creative awards and been featured in the PRINT International Design Annual. Courtney has juried over 30 creative competitions, including Creativity International. She is an invited member of the Academy of Interactive and Visual Arts.

    Emmanuel Tsekleves

    Emmanuel Tsekleves, Senior Lecturer in Design Interactions, University of Lancaster
    Dr. Emmanuel Tsekleves is a senior lecturer and writer based out of the United Kingdom. Emmanuel designs interactions between people, places, and products by forging creative design methods along with digital technology. His design-led research in the areas of health, ageing, well-being, and defence has generated public interest and attracted media attention by the national press, such as the Daily Mail, Daily Mirror, The Times, the Daily Mail, Discovery News, and several other international online media outlets.

    Bibliography

    Airini Ab Rahman. “Emerging Technologies with Emerging Effects; A Review”. Universiti Teknologi Malaysia. PERINTIS eJournal, June 2017. Web.

    Anthony, Scott. “Kodak’s Downfall Wasn’t About Technology.” Harvard Business Review, 15 July 2016. Web.

    ARM. The Intelligent Flexible Cloud. 26 Feb. 2015. Web.

    Association of Computing Machinery. Communications of the ACM, n.d. Web.

    Barnett, Thomas. “Three Mobile Trends to Watch.” Cisco Blogs, 3 Feb. 2015. Web.

    Batelle, John. “The 70 Percent Solution.” CNN, 1 Dec 2005. Web.

    Booz Allen Hamilton. Managing Technological Change: 7 Ways to Talk Tech with Management, n.d. Web.

    Brynjolfsson, Erik, and Andrew McAfee. The Second Machine Age: Work, Progress, and Prosperity in a Time of Brilliant Technologies. W. W. Norton, 2014. Print.

    Christensen, Clayton M. “What is Disruptive Innovation?” Harvard Business Review, Dec 2015. Web.

    Christensen, Clayton M. and James Euchner. “Managing Disruption: An Interview With Clayton Christensen.” Research-Technology Management, 22 Dec 2015. vol. 54, no. 1. Web.

    Christensen, Clayton M., Rory McDonald, and Elizabeth J. Altman. “Disruptive Innovation: An Intellectual History and Directions for Future Research”. Wiley Online Library. Web.

    Christensen, Clayton M., Taddy Hall, Karen Dillon, and David S. Duncan. “Know Your Customers’ Jobs to be Done.” Harvard Business Review, Sept. 2016. Web.

    Cisco. “Cisco Annual Internet Report.” n.d. Web.

    Cisco. Cisco Visual Networking Index: Forecast and Methodology, 2014-2019, 27 May 2015. Web.

    Clark, Steven. “Elon Musk hopes SpaceX will send humans to Mars in 2024.” Spaceflight Now, 2 June 2016. Web.

    Clarke, Angela. “A practical use of key success factors to improve the effectiveness of project management,” International Journal of Project Management, June 1999 (17): 139-145.

    Collins, Andrew L., Patrick Hester, Barry Ezell, and John Horst. “An improvement selection methodology for key performance indicators.” Environmental Systems and Decisions, June 2016, 36 (2): 196-208.

    Computer Sciences Corporation. CSC Global CIO Survey: 2014-2015: CIOs Emerge as Disruptive Innovators: An Annual Barometer of Global CIOs’ Plans, Priorities, Threats, and Opportunities, 2014. Web.

    Constine, John. “Voice is Chat’s Next Battleground.” TechCrunch, 19 Sept. 2016. Web.

    Cressman, Daryl. “Disruptive Innovation and the Idea of Technology”. Maastricht University, June 2019. Web.

    Crown Prosecution Service. A Guide to Process Mapping and Improvement. n.d. Web.

    Curran, Chris. “The CIO’s Role in the Internet of Things.” PwC, 13 Mar. 2014. Web.

    Darbha, Sheta, Mike Shevenell, and Jason Normandin. “Impact of Software-Defined Networking on Infrastructure Management.” CA Technology Exchange, 4.3, Nov. 2013, pp. 33-43. Web.

    Denecken, Sven. Conquering Disruption Through Digital Transformation: Technologies, Leadership Strategies, and Best Practices to Create Opportunities for Innovation. SAP, 2014. Web.

    DHL Trend Research and Cisco Consulting Services. Internet of Things in Logistics: A Collaborative Report by DHL and Cisco on Implications and Use Cases for the Logistics Industry, 2015. Web.

    Dirican, Cüneyt. “The Impacts of Robotics, Artificial Intelligence on Business and Economics.” Procedia: Social and Behavioral Sciences, vol. 195, 2015, pp. 564-573. Web.

    Edraw Visualization Solutions. Examples of Flowcharts, Org Charts and More. “Cross-Function Flowchart Examples – Service Flowchart.”

    Emerson. Data Center 2025: Exploring the Possibilities, 2014. Web.

    Ericsson. Next-Generation Data Center Infrastructure, Feb. 2015. Web.

    Eurotech. Connecting M2M Applications to the Cloud to Bolster Hardware Sales, 2014. Web.

    Evans Gary, Llewellyn. “Disruptive Technology and the Board: The Tip of the Iceberg”. Economics and Business Review, n.d. Web.

    Evans Gary, Llewellyn. “Disruptive Technology and the Board: The Tip of the Iceberg”. Economics and Business Review, n.d. Web.

    Gage, Deborah. “The Venture Capital Secret: 3 Out of 4 Start-Ups Fail.” Wall Street Journal, 20 Sept. 2012. Web.

    Garvin, David A. “Competing on the Eight Dimensions of Quality.” Harvard Business Review, November 1987. Web.

    Gibbs, Colin. Augmented Reality in the Enterprise: Opportunities and Challenges. Gigaom Research, 26 Jan. 2015. Web.

    Glushko, Robert J. and Tim McGrath. Document Engineering: Analyzing and Designing Documents for Business Informatics and Web Services. MIT Press, 2005.

    Hadfield, Tom. “Facebook’s Messenger Bot Store could be the most important launch since the App Store.” TechCrunch, 17 March 2016. Web.

    Healey, Nic. “Microsoft's mixed reality vision: 80 million devices by 2020.” CNET, 1 June 2016. Web.

    Hewlett-Packard. Go Beyond Cost Reduction: Use Robotic Process Automation, Oct. 2015. Web.

    Hewlett-Packard. HP Composable Infrastructure: Bridging Traditional IT with the New Style of Business, June 2015. Web.

    Hewlett-Packard. HP Labs, n.d. Web.

    Hong, Jason. “Inside the Great Wall.” Communications of the ACM, 25 May 2016. Web.

    IBM Institute for Value. Your Cognitive Future: How Next-Gen Computing Changes the Way We Live and Work, 2015. Web.

    IBM. A New Way to Work: Futurist Insights to 2025 and Beyond, Jan. 2015. Web.

    Infinity. The Evolution of the Data Centre [sic], 2015. Web.

    Intel Corporation. Intel Annual Report, 1997. Web.

    Isaac, Mike. “Facebook Bets on Bots for its Messenger App.” New York Times, 12 April 2016. Web.

    ISACA. COBIT 5: Enabling Processes. ISACA, 2012. Print.

    K-12 Blueprint. “Planning a Proof of Concept.” 2014. Web.

    Kaushik Rukmini, Meenakshi. “The Impact of Pandemic COVID -19 in Workplace.” European Journal of Business Management and Research, May 2020. Web.

    Knight, Will. “Conversational Interfaces Powerful speech technology from China’s leading Internet company makes it much easier to use a smartphone.” MIT Technology Review, n.d. Web.

    Kostoff, Ronald N., Robert Boylan, and Gene R. Simons. “Disruptive Technology Roadmaps.” Technological Forecasting and Social Change, 2004. Vol. 71. Web.

    Kurzweil, Ray. “The Accelerating Power of Technology.” TED, Feb. 2005. Web.

    Kurzweil, Ray. Kurzweil: Accelerating Intelligence, 2015. Web.

    MacFarquhar, Larissa. “When Giants Fall: What Business Has Learned From Clayton Christensen,” New Yorker, 14 May 2012. Web.

    McClintock, Cat. “2016: The Year for Augmented Reality in the Enterprise.” PTC, n.d. Web.

    McKinsey & Company. IT Growth and Global Change: A Conversation with Ray Kurzweil. 29 Feb. 2012, YouTube. Web.

    Messina, Chris. “2016 Will be the Year of Conversational Commerce.” Medium, 19 Jan 2016. Web.

    Microsoft. Microsoft Research, n.d. Web.

    Miller, Ron. “Forget the Apple Watch, Think Drones in the Enterprise.” TechCrunch, 10 Sep. 2015. Web.

    Nokia Networks. FutureWorks [sic]: Teaching Networks to be Self-Aware: Technology Vision 2020. 2014. Web.

    Nokia Networks. Internet of Things. n.d. Web.

    O’Reilly, Charles, and Andrew J. M. Binns, “The Three Stages of Disruptive Innovation: Idea Generation, Incubation, and Scaling”. Sage Journals, n.d. Web.

    Pew Research Center. AI, Robotics, and the Future of Jobs: Experts Envision Automation and Intelligent Digital Agents Permeating Vast Areas of Our Work and Personal Lives by 2025, but they are Divided on Whether these Advances will Displace More Jobs than they Create. Aug. 2014. Web.

    Ramiller, Neil. “Airline Magazine Syndrome: Reading a Myth of Mismanagement.” Information Technology & People, Sept 2001. Print.

    Raymond James & Associates. The Internet of Things: A Study in Hype, Reality, Disruption, and Growth. 2014. Web.

    Richter, Felix. “No Growth in Sight for Global PC Market.” Statista, 14 March 2016. Web.

    Roy, Mekhala. “4 Examples of Digital Transformation Success in Business”. TechTarget, n.d. Web.

    Simon Weinreich, “How to Manage Disruptive Innovation - a conceptional methodology for value-oriented portfolio planning,” Sciencedirect. 31st CIRP Design Conference 2021.

    Spice Works. The Devices are Coming! How the “Internet of Things” will affect IT… and why resistance is futile. May 2014. Web.

    Spradlin, Dwayne. “Are You Solving the Right Problem?” Harvard Business Review, Sept. 2012. Web.

    Statista. “Number of smartphones sold to end users worldwide from 2007 to 2015 (in million units).” N.d. Web.

    Statista. “Worldwide tablet shipments from 2nd quarter 2010 to 2nd quarter 2016 (in million units).” N.d. Web.

    Sven Schimpf, “Disruptive Field Study; How Companies Identify, Evaluate, Develop and Implement Disruptive Technologies.” Fraunhofer Group for Innovation Research, 2020. Web.

    Tsekleves, Emmanuel. “Science fiction as fact: how desires drive discoveries.” The Guardian. 13 Aug. 2015. Web.

    Tsekleves, Emmanuel. “Science fiction as fact: how desires drive discoveries.” The Guardian, 13 Aug. 2015. Web.

    United States Department of Transportation. “National Motor Vehicle Crash Causation Survey: Report to Congress.” National Highway Traffic Safety Administration, July 2008. Web.

    United States Department of Transportation. “National Motor Vehicle Crash Causation Survey: Report to Congress.” National Highway Traffic Safety Administration, July 2008. Web.

    University Alliance (Villanova U). Managing Scope Creep in Project Management. N.d. Web.

    Vavoula, Giasemi N., and Mike Sharples. “Future Technology Workshop: A Collaborative Method for the Design of New Learning Technologies and Activities.” International Journal of Computer Supported Collaborative Learning, Dec 2007. Vol. 2 no. 4. Web.

    Walraven Pieter. “It’s Operating Systems Vs. Messaging Apps In The Battle For Tech’s Next Frontier.” TechCrunch, 11 Aug 2015. Web.

    Webb, Amy. “The Tech Trends You Can’t Ignore in 2015.” Harvard Business Review, 5 Jan. 2015. Web.

    Wenger, Albert. “The Great Bot Rush of 2015-16.” Continuations, 16 Dec 2015. Web.

    White, Chris. “IoT Tipping Point Propels Digital Experience Era.” Cisco Blogs, 12 Nov. 2014. Web.

    World Economic Forum and Accenture. Industrial Internet of Things: Unleashing the Potential of Connected Products and Services. 2015. Web.

    Yu Dan and Hang Chang Chieh, "A reflective review of disruptive innovation theory," PICMET '08 - 2008 Portland International Conference on Management of Engineering & Technology, 2008, pp. 402-414, doi: 10.1109/PICMET.2008.4599648.

    Cookie Notice

    Gert Taeymans BV wants to inform you about our cookie notice on the Gert Taeymans BV websites via this document. Please also see the privacy policy which you can find here.

    This website is owned by Gert Taeymans BV

    Contact details:
    Gert Taeymans BV
    Koning Albertstraat 136
    2070 Burcht
    Belgium
    Company number: 0685974694
    Phone: +32 3 289 41 09
    email: gtbvba@gerttaeymans.com

    Site Scope

    The websites in scope of this notice are:

    • tymansgroup.com
    • gerttaeymans.consulting
    • gerttaeymans.site
    • gerttaeymans.audio

    Cookie Types

    We differentiate 4 types of cookies

    • Necessary cookies
      Necessary cookies help make our website usable by enabling basic functions like page navigation and access to secure areas of the website. While you can decline them, The website cannot function properly without these cookies.
    • Preferences cookies
      Preference cookies enable our website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in. They may include cookies from 3rd party providers whose content we show or reference on our site. Those cookies are outside of our control and these providers may change their terms and policies at any time.
    • Statistics cookies
      Statistic cookies help our company to understand how visitors interact with our website by collecting and reporting statistical information pseudonymously. That means that eg. your IP address is scrambled in such a way that it will always be the same upon each subsequent visit to our site, so that Google can process the visit as a return visit. This helps with basic statistics, but also is a factor in how well we rank in future searches. Many returning visitors means that you like our site and that is a ranking element.
      Due to the ECJ striking down the  EU-US Privacy Shield agreement, this leaves us with a open gap. The resulting implications and actions to take are not yet clear. However, when agreeing to statistics cookies, you agree that your data may be processed in the United States under less strict privacy laws and that your data will be exposed to all associated risks. Such risks include the US government being able to investigate you, simply for being a non-US citizen due to provision 702 of the FISA act, which they are able to do anyway, with or without the cookie. Also, the laws in the United States are less strict with regards to selling information to third parties.
    • Marketing cookies
      Marketing cookies are used to track you across websites. The intention is to display ads that are relevant and engaging for you and thereby more valuable for publishers and third party advertisers. At this point we do not allow ads to display on our site, so no third-party trackers are defined on our site. We may add a 1st party (us) tracker to our site at any time.

    Actual cookies used

    Necessary cookies (all sites in site scope)

    Name     Contents Expiration Reason for the cookie
    Session cookie (displayed as a long series of numbers and letters) The active session ID When you close your broser, clear your cookie's cache in your browser or after 60 minutes of inactivity on the site. The cookie may remain in your machine but is no longer valid after the mentioned tile of inactivity    

    The browser cookie is simply a random string of characters to identify the visitor. There are no personally identifable details in the cookie and no real data of use at all. The cookie is marked as a 'session' type of cookie, which means it will expire (be deleted automatically) when the browser is closed or cleaned by the browser after a set period of non-use; for instance, you haven't visited a page on the site that has used the cookie for 1 week. This latter case is useful for people that leave their computer running and never close their browser.

    The use of a cookie is what gives your website a short-term memory. By providing it with each request, Joomla can look up the history of the current viewing session in the database record below.

    cookieconsent_status allow 1 year This cookie stores that you have consented to the use of cookies on our site. It is there to avoid that you have to give your consent again at every page load.

    Preferences cookies

    Site Name     Contents Expiration Reason for the cookie
    gerttaeymans.consulting None at this stage N/A N/A   N/A
    tymansgroup.com None at this stage N/A N/A N/A
             
             

    Statistical cookies

    Site Name     Contents Expiration Reason for the cookie
    All Scope _ga Google Analytics type and account identifier 2 years This cookie identifies our domain (gerttaeymans.consulting) and sends visit information to Google. information may include, but not limited to: browser identifiable information, page visited, visit duration, etc. This information does not contain user identifiable information
    All Scope _gat_gtag_UA_140807308_3 Google Analytics type and account identifier 2 years This cookie also identifies our domain (gerttaeymans.consulting) and sends visit information to Google. information may include, but not limited to: browser identifiable information, page visited, visit duration, etc. This information does not contain user identifiable information
    All Scope _gid Google Analytics type and account identifier 1 day This cookie also identifies our domain (gerttaeymans.consulting) and sends visit information to Google. information may include, but not limited to: browser identifiable information, page visited, visit duration, etc. This information does not contain user identifiable information
             
             

    Marketing cookies

    Name     Contents Expiration Reason for the cookie
    None at this stage N/A N/A N/A
           
           

     

    Managing cookies

    You are not required to accept any cookies . Our cookies toolbar allows you to fine tune which cookies you accespt or want to revoke consent for. The resulting experience may however be affected by your decision not to accept cookies.

    Eg. not accepting or revoking consent for the “Necessary” category cookies will result in your inability to log into the site, even if you have previously accepted the cookies and paid for service.

    Not accepting or revoking consent for “Preference” category cookies may impede on your ability to watch instructional videos on our site, even if you have previously accepted the cookies and paid for service.

    Not accepting or revoking consent for ‘Statistical” category cookies will result in us not seeing where visitors stay longer or shorter on our site. While the immediate experience will not degrade for you, it may impede us in better understanding where we need to improve our service, thereby denying you a potentially improved experience in the future.

    Not accepting or revoking consent for “Marketing” category cookies may result in you seeing irrelevant ads, if we make the decision to allow carefully selected partners to offer their services through our site.

    Removing cookies from your device

    You can delete all cookies that are already on your device by clearing the browsing history of your browser. This will remove all cookies from all websites you have visited.

    Be aware though that you may also lose some saved information (e.g. saved login details, site preferences).

    Managing site-specific cookies

    For more detailed control over site-specific cookies, check the privacy and cookie settings in your preferred browser

    Blocking cookies

    You can set most modern browsers to prevent any cookies being placed on your device, but you may then have to manually adjust some preferences every time you visit a site/page. And some services and functionalities may not work properly at all (e.g. profile logging-in).

    Maximize the Benefits from Enterprise Applications with a Center of Excellence

    • Buy Link or Shortcode: {j2store}367|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $129,465 Average $ Saved
    • member rating average days saved: 12 Average Days Saved
    • Parent Category Name: Optimization
    • Parent Category Link: /optimization
    • Processes pertaining to managing the application are inconsistent and do not drive excellence.
    • There is a lack of interdepartmental collaboration between different teams pertaining to the application.
    • There are no formalized roles and responsibilities for governance and support around enterprise applications.

    Our Advice

    Critical Insight

    • Scale the Center of Excellence (CoE) based on business needs. There is flexibility in how extensively the CoE methodology is applied and rigidity in how consistently it should be used.
    • The CoE is a refinery. It takes raw inputs from the business and produces an enhanced product, removing waste and isolating it from re-entering day-to-day operations.
    • Excellence is about people as much as it is about process. Documented best practices should include competencies, key resources, and identified champions to advocate the CoE practice.

    Impact and Result

    • Formalize roles and responsibilities for all application initiatives.
    • Develop a standard process of governance and oversight surrounding the application.
    • Develop a comprehensive support network that consists of IT, the business, and external stakeholders to address issues and problem areas surrounding the application.

    Maximize the Benefits from Enterprise Applications with a Center of Excellence Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should establish a Center of Excellence for your enterprise application, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create a vision for the CoE

    Understand the importance of developing an enterprise application CoE, define its scope, and identify key stakeholders.

    • Maximize the Benefits from Enterprise Applications with a Center of Excellence – Phase 1: Create a Vision for the Center of Excellence
    • Enterprise Application Center of Excellence Project Charter

    2. Design the CoE future state

    Gather high-level requirements to determine the ideal future state.

    • Maximize the Benefits from Enterprise Applications with a Center of Excellence – Phase 2: Design the Center of Excellence Future State
    • Center of Excellence Refinery Model Template

    3. Develop a CoE roadmap

    Assess the required capabilities to reach the ideal state CoE.

    • Maximize the Benefits from Enterprise Applications with a Center of Excellence – Phase 3: Develop a Center of Excellence Roadmap
    • Center of Excellence Exceptions Report
    • Track and Measure Benefits Tool
    • Enterprise Application Center of Excellence Stakeholder Presentation Template
    [infographic]

    Workshop: Maximize the Benefits from Enterprise Applications with a Center of Excellence

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Create a Vision for the CoE

    The Purpose

    Understand the importance of developing a CoE for enterprise applications.

    Determine how to best align the CoE mandate with business objectives.

    Complete a CoE project charter to gain buy-in, build a project team, and track project success. 

    Key Benefits Achieved

    Key stakeholders identified.

    Project team created with defined roles and responsibilities.

    Project charter finalized to gain buy-in.

    Activities

    1.1 Evaluate business needs and priorities.

    1.2 Identify key stakeholders and the project team.

    1.3 Align CoE with business priorities.

    1.4 Map current state CoE.

    Outputs

    Project vision

    Defined roles and responsibilities

    Strategic alignment of CoE and the business

    CoE current state schematic

    2 Design the CoE Future State

    The Purpose

    Gain a thorough understanding of pains related to the lack of application governance.

    Identify and recycle existing CoE practices.

    Visualize the CoE enhancement process.

    Visualize your ideal state CoE. 

    Key Benefits Achieved

    Requirements to strengthen the case for the enterprise application CoE.

    CoE value-add refinery.

    Future potential of the CoE.

    Activities

    2.1 Gather requirements.

    2.2 Map the CoE enhancement process.

    2.3 Sketch future state CoE.

    Outputs

    Classified pains, opportunities, and existing practices

    CoE refinery model

    Future state CoE sketch

    3 Develop a CoE Roadmap

    The Purpose

    Assess required capabilities and resourcing.

    List and prioritize CoE initiatives.

    Track and monitor CoE performance. 

    Key Benefits Achieved

    Next steps for the enterprise application CoE.

    CoE resourcing plan.

    CoE benefits realization tracking.

    Activities

    3.1 Build CoE capabilities.

    3.2 Identify risks and mitigation efforts.

    3.3 Prioritize and track CoE initiatives.

    3.4 Finalize stakeholder presentation.

    Outputs

    CoE potential capabilities

    Risk management plan

    CoE initiatives roadmap

    CoE stakeholder presentation

    Lead Strategic Decision Making With Service Portfolio Management

    • Buy Link or Shortcode: {j2store}397|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Service Management
    • Parent Category Link: /service-management
    • There are no standardized processes for the intake of new ideas and no consistent view of the drivers needed to assess the value of these ideas.
    • IT is spending money on low-value services and doesn’t have the ability to understand and track value in order to prioritize IT investment.
    • CIOs are not trusted to drive innovation.

    Our Advice

    Critical Insight

    • The service portfolio empowers IT to be a catalyst in business strategy, change, and growth.
    • IT must drive value-based investment by understanding value of all services in the portfolio.
    • Organizations must assess the value of their services throughout their lifecycle to optimize business outcomes and IT spend.

    Impact and Result

    • Optimize IT investments by prioritizing services that provide more value to the business, ensuring that you do not waste money on low-value or out-of-date IT services.
    • Ensure that services are directly linked to business objectives, goals, and needs, keeping IT embedded in the strategic vision of the organization.
    • Enable the business to understand the impact of IT capabilities on business strategy.
    • Ensure that IT maintains a strategic and tactical view of the services and their value.
    • Drive agility and innovation by having a streamlined view of your business value context and a consistent intake of ideas.
    • Provide strategic leadership and create new revenue by understanding the relative value of new ideas vs. existing services.

    Lead Strategic Decision Making With Service Portfolio Management Research & Tools

    Start here – read the Executive Brief

    Service portfolio management enables organizations to become strategic value creators by establishing a dynamic view of service value. Understand the driving forces behind the need to manage services through their lifecycles.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish the service portfolio

    Establish and understand the service portfolio process by setting up the Service Portfolio Worksheet.

    • Lead Strategic Decision Making With Service Portfolio Management – Phase 1: Establish the Service Portfolio
    • Service Portfolio Worksheet

    2. Develop a value assessment framework

    Use the value assessment tool to assess services based on the organization’s context of value.

    • Lead Strategic Decision Making With Service Portfolio Management – Phase 2: Develop a Value Assessment Framework
    • Value Assessment Tool
    • Value Assessment Example Tool

    3. Manage intake and assessment of initiatives

    Create a centralized intake process to manage all new service ideas.

    • Lead Strategic Decision Making With Service Portfolio Management – Phase 3: Manage Intake and Assessment of Initiatives
    • Service Intake Form

    4. Assess active services

    Continuously validate the value of the existing service and determine the future of service based on the value and usage of the service.

    • Lead Strategic Decision Making With Service Portfolio Management – Phase 4: Assess Active Services

    5. Manage and communicate the service portfolio

    Communicate and implement the service portfolio within the organization, and create a mechanism to seek out continuous improvement opportunities.

    • Lead Strategic Decision Making With Service Portfolio Management – Phase 5: Manage and Communicate the Service Portfolio
    [infographic]

    Workshop: Lead Strategic Decision Making With Service Portfolio Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish the Service Portfolio

    The Purpose

    Establish and understand the service portfolio process by setting up the Service Portfolio Worksheet.

    Understand at a high level the steps involved in managing the service portfolio.

    Key Benefits Achieved

    Adapt the Service Portfolio Worksheet to organizational needs and create a plan to begin documenting services in the worksheet.

    Activities

    1.1 Review the Service Portfolio Worksheet.

    1.2 Adapt the Service Portfolio Worksheet.

    Outputs

    Knowledge about the use of the Service Portfolio Worksheet.

    Adapt the worksheet to reflect organizational needs and structure.

    2 Develop a Value Assessment Framework

    The Purpose

    Understand the need for a value assessment framework.

    Key Benefits Achieved

    Identify the organizational context of value through a holistic look at business objectives.

    Leverage Info-Tech’s Value Assessment Tool to validate and determine service value.

    Activities

    2.1 Understand value from business context.

    2.2 Determine the governing body.

    2.3 Assess culture and organizational structure.

    2.4 Complete the value assessment.

    2.5 Discuss value assessment score.

    Outputs

    Alignment on value context.

    Clear roles and responsibilities established.

    Ensure there is a supportive organizational structure and culture in place.

    Understand how to complete the value assessment and obtain a value score for selected services.

    Understand how to interpret the service value score.

    3 Manage Intake and Assessment of Initiatives

    The Purpose

    Create a centralized intake process to manage all new service ideas.

    Key Benefits Achieved

    Encourage collaboration and innovation through a transparent, formal, and centralized service intake process.

    Activities

    3.1 Review or design the service intake process.

    3.2 Review the Service Intake Form.

    3.3 Design a process to assess and transfer service ideas.

    3.4 Design a process to transfer completed services to the service catalog.

    Outputs

    Create a centralized process for service intake.

    Complete the Service Intake Form for a specific initiative.

    Have a process designed to transfer approved projects to the PMO.

    Have a process designed for transferring of completed services to the service catalog.

    4 Assess Active Services

    The Purpose

    Continuously validate the value of existing services.

    Key Benefits Achieved

    Ensure services are still providing the expected outcome.

    Clear next steps for services based on value.

    Activities

    4.1 Discuss/review management of active services.

    4.2 Complete value assessment for an active service.

    4.3 Determine service value and usage.

    4.4 Determine the next step for the service.

    4.5 Document the decision regarding the service outcome.

    Outputs

    Understand how active services must be assessed throughout their lifecycles.

    Understand how to assess an existing service.

    Place the service on the 2x2 matrix based on value and usage.

    Understand the appropriate next steps for services based on value.

    Formally document the steps for each of the IRMR options.

    5 Manage and Communicate Your Service Portfolio

    The Purpose

    Communicate and implement the service portfolio within the organization.

    Key Benefits Achieved

    Obtain buy-ins for the process.

    Create a mechanism to identify changes within the organization and to seek out continuous improvement opportunities for the service portfolio management process and procedures.

    Activities

    5.1 Create a communication plan for service portfolio and value assessment.

    5.2 Create a communication plan for service intake.

    5.3 Create a procedure to continuously validate the process.

    Outputs

    Document the target audience, the message, and how the message should be communicated.

    Document techniques to encourage participation and promote participation from the organization.

    Document the formal review process, including cycle, roles, and responsibilities.

    Recruit and Retain More Women in IT

    • Buy Link or Shortcode: {j2store}575|cart{/j2store}
    • member rating overall impact (scale of 10): 9.3/10 Overall Impact
    • member rating average dollars saved: $14,532 Average $ Saved
    • member rating average days saved: 4 Average Days Saved
    • Parent Category Name: Attract & Select
    • Parent Category Link: /attract-and-select
    • While the number of jobs in IT has increased dramatically, the percentage of women in IT has progressed disproportionately, with only 25% of IT jobs being held by women (CIO from IDG, 2021).
    • The challenge is not a lack of talented women with the competencies to excel within IT, but rather organizations lack an effective strategy to recruit and retain women in IT.

    Our Advice

    Critical Insight

    • Retaining and attracting top women is good business, not personal. As per McKinsey Global Institute, “$4.3 trillion of additional annual GDP in 2025 could be added to the U.S. by fully bridging the gender gap.”
    • In the war on talent, having a strategy around how you will recruit & retain of women in IT is Marketing 101. What influences whether women apply for roles and stay at organizations is different than men; traditional models won’t cut it.

    Impact and Result

    To stay competitive, IT leaders need to radically change the way they recruit and retain talent, and women in IT represent one of the largest untapped markets for IT talent. CIOs need a targeted strategy to attract and retain the best, and this requires a shift in how leaders currently manage the talent lifecycle. Info-Tech offers a targeted solution that will help IT leaders:

    1. Build a Recruitment Playbook: Leverage Info-Tech tools to effectively sell to, search for, and secure top talent.
    2. Build a Retention Strategy: Follow Info-Tech’s step-by-step process to identify initiatives and opportunities to retain your top talent.

    Recruit and Retain More Women in IT Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Recruit and Retain More Women in IT Deck – A step-by-step document that walks you through how to build a recruitment and retention plan for women in IT.

    Create a targeted recruitment and retention strategy for women. Increase the number of viable candidates by leveraging best practices to sell to, search for, and secure top women in IT. Take a data-driven approach to improving retention of women by using best practices to measure and improve employee engagement.

    • Recruit and Retain More Women in IT – Phases 1-2

    2. Employee Value Proposition Tools – Build and road-test your employee value proposition to ensure that it is aligned, clear, compelling, and differentiated.

    These tools tap into best practices to help you collect the information you need to build, assess, test, and adopt an employee value proposition.

    • Employee Value Proposition (EVP) Interview Guide
    • Employee Value Proposition (EVP) Scorecard
    • Employee Value Proposition (EVP) Internal Scorecard Handout

    3. IT Behavioral Interview Question Library – A complete list of sample questions aligned with core, leadership, and IT competencies.

    Don’t hire by intuition, consider leveraging behavioral interview questions to reduce bias and uncover candidates that will be able to execute on the job.

    • IT Behavioral Interview Question Library

    4. Stay Interview Guide – Use this tool to guide one-on-one conversations with your team members to monitor employee engagement between surveys.

    Stay interviews are an effective method for monitoring employee engagement. Have these informal conversations to gain insight into what your employees really think about their jobs, what causes them to stay, and what may lead them to leave.

    • Stay Interview Guide

    Infographic

    Workshop: Recruit and Retain More Women in IT

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Make the Case for Strategically Recruiting and Retaining Women in IT

    The Purpose

    Identify the need for a targeted strategy to recruit and retain women in IT and pinpoint your largest opportunities to drive diversity in your IT team.

    Key Benefits Achieved

    Establish goals and targets for the changes to be made to your IT recruitment and retention strategies.

    Activities

    1.1 Understand trends in IT staffing.

    1.2 Assess your talent lifecycle challenges and opportunities.

    1.3 Make the case for changes to recruitment and retention strategies.

    Outputs

    Recruitment & Retention Metrics Report

    Business Case for Recruitment and Retention Changes

    2 Develop Strategies to Sell Your Organization to Wider Candidate Pool

    The Purpose

    The way you position the organization impacts who is likely to apply to posted positions. Ensure you are putting a competitive foot forward by developing a unique, meaningful, and aspirational employee value proposition and clear job descriptions.

    Key Benefits Achieved

    Implement effective strategies to drive more applications to your job postings.

    Activities

    2.1 Develop an IT employee value proposition.

    2.2 Adopt your employee value proposition.

    2.3 Write meaningful job postings.

    Outputs

    Employee Value Proposition

    EVP Marketing Plan

    Revised Job Ads

    3 Expand Your Talent Sourcing Strategy

    The Purpose

    Sourcing shouldn’t start with an open position, it should start with identifying an anticipated need and then building and nurturing a talent pipeline.

    IT participation in this is critical to effectively promote the employee experience and foster relationships before candidates even apply.

    Key Benefits Achieved

    Develop a modern job requisition form though role analysis.

    Increase your candidate pool by expanding sourcing programs.

    Activities

    3.1 Build realistic job requisition forms.

    3.2 Identify new alternative sourcing approaches for talent.

    3.3 Build a sourcing strategy.

    Outputs

    Job requisition form for key roles

    Sourcing strategy for key roles

    4 Secure Top Talent

    The Purpose

    Work with your HR department to influence the recruitment process by taking a data-driven approach to understanding the root cause of applicant drop-off and success and take corrective actions.

    Key Benefits Achieved

    Optimize your selection process.

    Implement non-bias interview techniques in your selection process.

    Activities

    4.1 Assess key selection challenges.

    4.2 Implement behavioral interview techniques.

    Outputs

    Root-Cause Analysis of Section Challenges

    Behavioral Interview Guide

    5 Retain Top Women in IT

    The Purpose

    Employee engagement is one of the greatest predictors of intention to stay.

    To retain employees you need to understand not only engagement, but also your employee experience and the moments that matter, and actively work to create positive experience.

    Key Benefits Achieved

    Identify opportunities to drive engagement across your IT organization.

    Implement tactical programs to reduce turnover in IT.

    Activities

    5.1 Measure employee engagement and review results.

    5.2 Identify new alternative sourcing approaches for talent.

    5.3 Train managers to conduct stay interviews and drive employee engagement.

    Outputs

    Identified Employee Engagement Action Plan

    Action Plan to Execute Stay Interviews

    Further reading

    Recruit and Retain More Women in IT

    Gender diversity is directly correlated to IT performance.

    EXECUTIVE BRIEF

    Executive Summary

    Your Challenge

    Technology has never been more important to organizations, and as a result, recruiting and retaining quality IT employees is increasingly difficult.

    • IT unemployment rates continue to hover below 2% in the US.
    • The IT talent market has evolved into one where the employer is the seller and the employee is the buyer.

    Common Obstacles

    • While the number of jobs in IT has increased dramatically, the percentage of women in IT has progressed disproportionately, with only 25% of IT jobs being held by women.*
    • The challenge is not a lack of talented women with the competencies to excel within IT, but rather organizations lack an effective strategy to recruit and retain women in IT.

    Info-Tech’s Approach

    To stay competitive, IT leaders need to radically change the way they recruit and retain talent, and women in IT represent one of the largest untapped markets. CIOs need a targeted strategy to attract and retain the best, and this requires a shift in how leaders currently manage the talent lifecycle. Info-Tech offers a targeted solution to help:

    • Build a Recruitment Playbook: Leverage Info-Tech tools to effectively sell to, search for, and secure top talent.
    • Build a Retention Strategy: Follow Info-Tech’s step-by-step process to identify initiatives and opportunities to retain your top talent.

    Info-Tech Insight

    Retaining and attracting top women is good business, not personal. Companies with greater gender diversity on executive teams were 25% more likely to have above-average profitability.1 In the war on talent, having a strategy around how you will recruit and retain women in IT is Marketing 101. What influences whether women apply for roles and stay at organizations is different than men; traditional models won’t cut it.

    *– McKinsey & Company, 2020; 2 – CIO From IDG, 2021
    The image contains a screenshot of a thought model titled: Recruit and Retain More Women in IT. Its subheading is: Gender Diversity is Directly Correlated to IT Performance. The thought model lists critical methods to recruit and retain, and also a traditional method to compare.

    Diversity & inclusion – it’s good business, not personal

    Why should organizations care about diversity?

    1. The war for talent is real. Every CIO needs a plan of attack. Unemployment rates are dropping and 54% of CIOs report that the skills shortage is holding them up from meeting their strategic objectives.
    2. Source: Harvey Nash and KPMG, 2020
    3. Diversity has clear ROI – both in terms of recruitment and retention. Eighty percent of technology managers experienced increased turnover in 2021. Not only are employee tenures decreasing, the competition for talent is fierce and the average cost of turnover is 150% of an IT worker’s salary.
    4. Source: Robert Half, 2021
    5. Inability to recruit and retain talent will reduce business satisfaction. Organizations who are continuously losing talent will be unable to meet corporate objectives due to lost productivity, keeping them in firefighting mode. An engaged workforce is a requirement for driving innovation and project success.

    ISACA’s 2020 study shows a disconnect between what men and women think is being done to recruit and retain female employees

    Key findings from ISACA’s 2020 Tech Workforce survey

    65% of men think their employers have a program to encourage hiring women. But only 51% of women agree.

    71% of men believe their employers have a program to encourage the promotion or advancement of women. But only 59% of women agree.

    49% of women compared to 44% of men in the survey feel they must work harder than their peers.

    22% of women compared to 14% of men feel they are underpaid.

    66% of women compared to 72% of men feel they are receiving sufficient resources to sustain their career.

    30% of women compared to 23% of men feel they have unequal growth opportunities.

    74% of women compared to 64% of men feel they lack confidence to negotiate their salaries.

    To see ISACA’s full report click here.
    The image contains a screenshot of a multi bar graph to demonstrate the percentage of female employees in the workforce of major tech companies. The major tech companies include: Amazon, Facebook, Apple, Google, and Microsoft.
    Image: Statista, 2021, CC BY-ND 4.0

    The chart to the left, compiled by Statista, (based on self-reported company figures) shows that women held between 23% to 25% of the tech jobs at major tech companies.

    Women are also underrepresented in leadership positions: 34% at Facebook, 31% at Apple, 29% at Amazon, 28% at Google, and 26% at Microsoft.

    (Statista, 2021)

    To help support women in tech, 78% of women say companies should promote more women into leadership positions. Other solutions include:

    • Providing mentorship opportunities (72%)
    • Offering flexible scheduling (64%)
    • Conducting unconscious bias training (57%)
    • Offering equal maternity and paternity leave (55%)
    • (HRD America, 2021)

    Traditional retention initiatives target the majority – the drivers that impact the retention of women in IT are different

    Ranked correlation of impact of engagement drivers on retention

    The image contains a screenshot that demonstrates the differences in retaining men and women in IT.

    * Recent data stays consistent, but, the importance of compensation and recognition in retaining women in IT is increasing.

    Info-Tech Research Group Employee Engagement Diagnostic; N=1,856 IT employees

    The majority of organizations take a one-size-fits-all approach to retaining and engaging employees.

    However, studies show that women are leaving IT in significantly higher proportions than men and that the drivers impacting men’s and women’s retention are different. Knowing how men and women react differently to engagement drivers will help you create a targeted retention strategy.

    In particular, to increase the retention and engagement of women, organizations should develop targeted initiatives that focus on:

    • Organizational culture
    • Employee empowerment
    • Manager relationships

    Why organizations need to focus on the recruitment and retention of women in IT

    1. Women expand the talent pool. Women represent a vast, untapped talent pool that can bolster the technical workforce. Unfortunately, traditional IT recruitment processes are targeted toward a limited IT profile – the key to closing the IT skills gap is to look for agile learners and expand your search criteria to cast a larger net.
    2. Diversity increases innovation opportunities. Groups with greater diversity solve complex problems better and faster than homogenous groups, and the presence of women is more likely to increase the problem-solving and creative abilities of the group.
    3. Women increase your ROI. Research shows that companies with the highest representation of women in their management teams have a 34% higher return on investment than those with few or no women. Further, organizations who are unable to retain top women in their organization are at risk for not being able to deliver to SLAs or project expectations and lose the institutional knowledge needed for continuous improvement.
    4. Source: Bureau of Labour Statistics; Info-Tech Research Group/McLean & Company Analysis

    Improving the representation of women in your organization requires rethinking recruitment and retention strategies

    SIGNS YOU MAY NEED A TARGETED RECRUITMENT STRATEGY…

    SIGNS YOU MAY NEED A TARGETED RETENTION STRATEGY…

    • “It takes longer than 8 weeks to fill a posted IT position.”
    • “Less than 35% of applicants to posted positions are women.”
    • “In the last year the number of applicants to posted positions has decreased.”
    • “The number of female employees who have referred employees in the last year is significantly lower than men in the department.”
    • “Less than 35% of your IT workforce is made up of women.”
    • “Proportionally women decline IT roles in higher rates than men in IT.”
    • “Voluntary turnover of high performers and high potentials is above 5%.”
    • “Turnover of women in IT is disproportionate to the percentage of IT staff.”
    • “Employee rankings of the IT department on social networking sites (e.g. Glassdoor) are low.”
    • “Employees are frequently absent from their jobs.”
    • “Less than 25% of management roles in IT are filled by women.”
    • “Employee engagement scores are lower among women than men.”

    Info-Tech’s approach to improving gender diversity at your organization

    Info-Tech takes a practical, tactical approach to improving gender diversity at organizations, which starts with straightforward tactics that will help you improve the recruitment and retention of women in your organization.

    How we can help

    1. Leverage Info-Tech’s tools to define your current challenges and opportunities for gender diversity to improve your recruitment and retention issues.
    2. Employ straightforward and tested tactics to increase talent acquisition of women in IT by optimizing how you sell to, search for, and secure top female talent.
    3. Take a data-driven approach to measure and increase the retention and engagement of women within your IT organization, and know how and when to involve your staff for optimal results.

    Leverage Info-Tech’s customizable deliverables to improve the recruitment and retention of women in your organization

    RECRUIT Top Women in IT

    If you don’t have a targeted recruitment strategy for women, you are missing out on 50% of the candidate pool. Increase the number of viable candidates by leveraging best practices to sell to, search for, and secure top women in IT.

    Key metrics to track:

    • Average number of female candidates per posting
    • Average time to fill position
    • Percentage of new hires still at the organization one year later

    RETAIN Top Women in IT

    The drivers that impact the retention of men and women are different. Take a data-driven approach to improving retention of women in your organization by using best practices to measure and improve employee engagement.

    Key metrics to track:

    • Voluntary turnover rates of men and women
    • Average tenure of men and women
    • Percentage of internal promotions going to men and women
    • Employee engagement scores

    Info-Tech’s methodology for Recruit and Retain More Women in IT

    1. Enhance Your Recruitment Strategies

    2. Enhance Your Retention Strategies

    Phase Steps

    1. Sell:
    • Develop an attractive employee value proposition.
    • Understand the impact of language on applicants.
  • Search:
    • Define meaningful job requirements
    • Evaluate various sourcing pools.
  • Secure:
    • Improve the interview experience.
    • Leverage behavioral interview questions to limit bias.
    1. Drive engagement in key areas correlated with driving higher retention of women in IT.
    2. Train managers to understand key moments that matter in the employee experience.
    3. Understand what motivates key performers to stay at your organization.

    Phase Outcomes

    Recruitment Optimization Plan

    Retention Optimization Plan

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our teams knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is 6 calls over the course of 1 to 2 months.

    1. Tactics to Recruit More Women in IT

    Call #1: Develop a strategy to better sell your organization to diverse candidates.

    Call #2: Evaluate your candidate search practices to reach a wider audience.

    Call #3: Introduce best practices in your interviews to improve the candidate experience and limit bias.

    2. Tactics to Retain More Women in IT

    Call #4: Launch focus groups to improve performance of key retention drivers.

    Call #5: Measure the employee experience and identify key moments that matter to staff.

    Call #6: Conduct stay interviews and establish actions to improve retention.

    Workshop Overview

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Make the Case

    Develop Strategies to Sell to a Wider Candidate Pool

    Expand Your Talent Sourcing Strategy

    Secure & Retain Top Talent

    Next Steps and Wrap-Up (offsite)

    Activities

    1.1 Understand trends in IT staffing.

    1.2 Assess your talent lifecycle.

    1.3 Make the case for changes to recruitment and retention strategies.

    2.1 Develop an IT employee value proposition (EVP).

    2.2 Adopt your employee value proposition.

    2.3 Write meaningful job postings.

    3.1 Build realistic job requisition forms.

    3.2 Identify new alternative sourcing approaches for talent.

    3.3 Build a sourcing strategy.

    4.1 Assess key selection challenges.

    4.2 Implement behavioral interview techniques.

    4.3 Measure employee engagement and review results.

    4.4 Develop programs to improve employee engagement.

    4.5 Train managers to conduct stay interviews and drive employee engagement.

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    1. Recruitment & retention metrics report
    2. Business case for recruitment and retention changes
    1. Employee Value Proposition
    2. EVP marketing plan
    3. Revised job ads
    1. Job requisition form for key roles
    2. Sourcing strategy for key roles
    1. Root-cause analysis of section challenges
    2. Behavioral interview guide
    3. Identified employee engagement action plan
    4. Action plan to execute stay interviews
    1. Completed recruitment optimization plan
    2. Completed retention optimization plan

    Phase 1

    Enhance Your Recruitment Strategies

    Phase 1

    • 1.1 Sell
    • 1.2 Search
    • 1.3 Secure

    Phase 2

    • 2.1 Engagement
    • 2.2 Employee Experience
    • 2.3 Stay Interviews

    Consider key factors within the recruitment process

    Key Talent Pipeline Opportunities:

    • In today’s talent landscape IT leaders need to be highly strategic about how they recruit new talent to the organization.
    • IT professionals have a huge number of options to choose from when considering their next career.
    • IT leaders need to actively market and expand their search to attract top talent. The “where” and “how” to recruit men and women in IT are different and your strategy should reflect this.
    • Partnering with your HR department to help you improve the number of applicants, expand your search criteria, and optimize the interview experience will all directly impact your talent pipeline.
    1. Sell
    2. How do you position the value of working for your organization and roles in a meaningful way?

    3. Search
    4. How can you expand your key search criteria and sourcing strategies to reach more candidates?

    5. Secure
    6. How can you reduce bias in your interview process and create positive candidate experiences?

    Info-Tech’s Sell-Search-Secure recruitment model

    Follow these steps to increase your pool of female candidates.

    1. Sell Tactics:
    2. 1. Develop an employee value proposition that will attract female candidates.

      2. Understand how your job postings may be deterring female candidates.

    3. Search Tactics:
    4. 3. Identify opportunities to expand your role analysis for job requisitions.

      4. Increase your candidate pool by expanding sourcing programs.

    5. Secure Tactics:
    6. 5. Identify tactics to improve women’s interview experience.

      6. Leverage behavioral interview questions to limit bias in interviews.

    Please note, this section is not a replacement or a full talent strategy. Rather, this blueprint will highlight key tactics within talent acquisition practices that the IT leadership team can help to influence to drive greater diversity in recruitment.

    Understand where leaks exist in your talent pipeline

    Start your recruitment enhancement here.

    Work with your HR department to track critical metrics around where you need to make improvements and where you can partner with your recruitment team to improve your recruitment process and build a more diverse pipeline. Identify where you have significant drops or variation in diversity or overall need and select where you’d like to focus your recruitment improvement efforts.

    Selection Process Step

    Sample Metrics to Track

    Sell

    Average time to fill a vacant position

    Average number of applicants for posted positions

    Total # of Candidates; # of Male Candidates (% of total);

    # of Female Candidates (% of total); % Difference Male & Female

    Number of page visits vs. applications for posted positions

    Total # of Candidates

    # of Male Candidates

    % of total

    # of Female Candidates

    % of total

    % Difference Male & Female

    Search

    Number of applicants coming from your different sourcing channels (one line per sourcing channel: LinkedIn Group A, website, job boards, specific events, etc.)

    Number of applicants coming from referrals

    Secure

    Number of applicants meeting qualifications

    Number of applicants selected for second interview

    Number of applicants rejecting an offer

    Number of applicants accepting an offer

    Number of employees retained for one year

    Enhance your recruitment strategies

    The way you position the organization impacts who is likely to apply to posted positions. Ensure you are putting a competitive foot forward by developing a unique, meaningful, and aspirational employee value proposition and clear job descriptions.

    Sell the organization

    What is an employee value proposition?

    An employee value proposition (EVP) is a unique and clearly defined set of attributes and benefits that capture an employee’s overall work experience within an organization. An EVP is your opportunity to showcase the unique benefits and opportunities of working at your organization, allowing you to attract a wider pool of candidates.

    How is an employee value proposition used?

    Your EVP should be used internally and externally to promote the unique benefits of working within the department. As a recruiting tool, you can use it to attract candidates, highlighting the benefits of working for your organization. The EVP is often highlighted where you are most likely to reach your target audience, whether that is through social media, in-person events, or in other advertising activities.

    Why tailor this to multiple audiences?

    While your employee value proposition should remain constant in terms of the unique benefits of working for your organization, you want to ensure that the EVP appeals to multiple audiences and that it is backed up by relevant stories that support how your organization lives your EVP every day. Candidates need to be able to relate to the EVP and see it as desirable, so ensuring that it is relatable to a diverse audience is key.

    Develop a strong employee value proposition

    Three key steps

    The image contains a cycle to demonstrate the three key steps. The steps are: Build and Assess the EVP, Test the EVP, and Adopt the EVP.

    1. Build and Assess the EVP

    Assess your existing employee value proposition and/or build a forward-looking, meaningful, authentic, aspirational EVP.

    2. Test the EVP

    Gather feedback from staff to ensure the EVP is meaningful internally and externally.

    3. Adopt the EVP

    Identify how and where you will leverage the EVP internally and externally, and integrate the EVP into your candidate experience, job ads, and employee engagement initiatives.

    As you build your EVP, keep in mind that while it’s important to brand your IT organization as an inclusive workplace to help you attract diverse candidates, be honest about your current level of diversity and your intentions to improve. Otherwise, new recruits will be disappointed and leave.

    What is an employee value proposition?

    And what are the key components?

    The employee value proposition is your opportunity to showcase the unique benefits and opportunities of working at your organization, allowing you to attract a wider pool of candidates.

    AN EMPLOYEE VALUE PROPOSITION IS:

    AN EMPLOYEE VALUE PROPOSITION IS NOT:

    • An authentic representation of the employee experience
    • Aligned with organizational culture
    • Fundamental to all stages of the employee lifecycle
    • A guide to help investment in programs and policies
    • Short and succinct
    • What the employee can do for you
    • A list of programs and policies
    • An annual project

    THE FOUR KEY COMPONENTS OF AN EMPLOYEE VALUE PROPOSITION

    Rewards

    Organizational Elements

    Working Conditions

    Day-to-Day Job Elements

    • Compensation
    • Health Benefits
    • Retirement Benefits
    • Vacation
    • Culture
    • Customer Focus
    • Organization Potential
    • Department Relationships
    • Senior Management Relationships
    • Work/Life Balance
    • Working Environment
    • Employee Empowerment
    • Development
    • Rewards & Recognition
    • Co-Worker Relationships
    • Manager Relationships

    Creating a compelling EVP that presents a picture of your employee experience, with a focus on diversity, will attract females to your team. This can lead to many internal and external benefits for your organization.

    Collect relevant information

    Existing Employee Value Proposition: If your organization or IT department has an existing employee value proposition, rather than starting from scratch, we recommend leveraging that and moving to the testing phase to see if the EVP still resonates with staff and external parties.

    Employee Engagement Results: If your organization does an employee engagement survey, review the results to identify the areas in which the IT organization is performing well. Identify and document any key comment themes in the report around why employees enjoy working for the organization or what makes your IT department a great place to work.

    Social Media Sites. Prepare for the good, the bad, and the ugly. Social media websites like Glassdoor and Indeed make it easier for employees to share their experiences at an organization honestly and candidly. While postings on these sites won’t relate exclusively to the IT department, they do invite participants to identify their department in the organization. You can search these to identify any positive things people are saying about working for the organization and potentially opportunities for improvement (which you can use as a starting point in the retention section of this report).

    Step 1.1

    Sell – Assess the current state and develop your employee value proposition

    Activities

    1.1.1 Gather feedback on unique benefits

    1.1.2 Build key messages

    1.1.3 Test your EVP

    1.1.4 Adopt your EVP

    1.1.5 Review job postings for gender bias

    1.1.1 Gather feedback

    1. Hold a series of focus groups with employees to understand what about the organization attracted them to join and to stay at the organization.
    2. Start by identifying if you will interview all employees or a subset. If you are going to use a subset, ensure you have at least one male and one female participating from each team and representation of all levels within the department.
    3. Print the EVP Interview Guide to focus your conversation, and ask each individual to take 15 minutes and respond to questions 1-3 in the Guide:
    4. Draw a quadrant on the board and mark each quadrant with four categories: Day-to-Day Elements, Organizational Elements, Compensation & Benefits, and Working Conditions. Provide each participant with sticky notes and ask them to brainstorm the top five things they value most about working at the organization. Ask them to place each sticky in the appropriate category and identify any key themes.
    5. Ask participants to hand in their EVP Interview Guides and document all of the key findings.

    Input

    Output

    • Employee opinions
    • Employee responses to four EVP components
    • Content for EVP

    Materials

    Participants

    • EVP Interview Guide handout
    • Pen and paper for documenting responses
    • Male and female employees
    • Different departments
    • Different role levels

    Download the EVP Interview Guide

    1.1.2 Build key messages

    1. Collect all of the information from the various focus groups and begin to build out the employee value proposition statements.
    2. Identify the key elements that staff felt were unique and highly valued by employees and group these into common themes.
    3. Identify categories that related to one of the five key drivers* of women’s retention in IT and highlight any key elements related to these:
    • Culture: The degree to which an employee identifies with the beliefs, values, and attitudes of the organization.
    • Company Potential: An employee’s understanding, commitment, and excitement about the organization’s mission and future.
    • Employee Empowerment: The degree to which employees have accountability and control over their work within a supported environment.
    • Learning and Development: A cooperative and continuous effort to enhance an employee’s skill set and expertise and meet an employee’s career objectives.
    • Manager Relationships: The professional and personal relationship an employee has with their manager, including trust, support, and development.
  • Identify up to four key statements to focus on for the EVP, ensuring that your EVP speaks to at least one of the five categories above.
  • Integrate these into one overall statement.
  • *See Engagement Driver Handout slides for more details on these five drivers.

    Input

    Output

    • Feedback from focus groups
    • EVP and supporting statements

    Materials

    Participants

    • EVP Interview Guide handout
    • Pen and paper for documenting responses
    • IT leadership team

    Quality test your revised EVP

    Use Info-Tech’s EVP Scorecard.

    Internally and Externally

    Use the EVP Scorecard and EVP Scorecard Handout throughout this step to assess your EVP against:

    Internal Criteria:

    • Accuracy
    • Alignment
    • Aspirational
    • Differentiation

    External Criteria:

    • Clear
    • Compelling
    • Concise
    • Differentiation
    The image contains screenshots of Info-Tech's EVP Scorecard.

    Ensure your EVP resonates with employees and prospects

    Test your EVP with internal and external audiences.

    INTERNAL TEST REVOLVES AROUND THE 3A’s

    EXTERNAL TEST REVOLVES AROUND THE 3C’s

    ALIGNED: The EVP is in line with the organization’s purpose, vision, values, and processes. Ensure policies and programs are aligned with the organization’s EVP.

    CLEAR: The EVP is straightforward, simple, and easy to understand. Without a clear message in the market, even the best intentioned EVPs can be lost in confusion.

    ACCURATE: The EVP is clear and compelling, supported by proof points. It captures the true employee experience, which matches the organization’s communication and message in the market.

    COMPELLING: The EVP emphasizes the value created for employees and is a strong motivator to join this organization. A strong EVP will be effective in drawing in external candidates. The message will resonate with them and attract them to your organization.

    ASPIRATIONAL: The EVP inspires both individuals and the IT organization as a whole. Identify and invest in the areas that are sure to generate the highest returns for employees.

    COMPREHENSIVE: The EVP provides enough information for the potential employee to understand the true employee experience and to self-assess whether they are a good fit for your organization. If the EVP lacks depth, the potential employee may have a hard time understanding the benefits and rewards of working for your organization.

    1.1.3 Test your EVP

    1. Identify the internal and external individuals who you want to gather feedback from about the EVP.
    2. For internal candidates, send a copy of the EVP and ask them to complete the Internal Assessment (ensure that you have at least 50% representation of women).
    3. For external candidates, identify first how you will reach out to them; popular options are to have team members in key roles reach out to members of their LinkedIn network who are in similar roles to themselves. Request that they look for a diverse group to gather feedback from.
    4. Have the external candidates complete the External Assessment.
    5. Collect the feedback around the EVP and enter the findings into the EVP Scorecard Tool.
    6. If you are dissatisfied with the scorecard results, go back to the employees you interviewed to ask for additional feedback, focusing on the areas that scored low.
    7. Incorporate the feedback and present the revised EVP to see if the changes resonate with stakeholders.
    8. If you are satisfied with the results, present to the leadership and HR teams for agreement and proceed to adopting the EVP in your organization.

    Input

    Output

    • Internal assessment
    • External assessment
    • Finalized EVP

    Materials

    Participants

    • EVP Internal Assessmentt
    • EVP External Assessment
    • Internal staff members
    • External IT professionals

    1.1.4 Adopt your EVP

    Identify your target audience and marketing channels.

    1. Identify the internal and external individuals who you want to gather feedback from about the EVP.
    • The target audience for your employee value proposition
    • Internal and/or external
    • Local, national, international
    • Experience
    • Applicant pool (e.g. new graduates, professionals, internship)
  • For each target audience, identify where you want to reach them with your employee value proposition.
    • Internal: Town hall meetings, fireside chats
    • External: Social media, advertising, job postings
    • Global: Professional affiliations, head hunters
  • For each target audience, build the communication strategy and identify messaging, mediums, timeline, and task ownership.
  • Input

    Output

    • Employee value proposition
    • EVP plan

    Materials

    Participants

    • Pen and paper
    • EVP participants

    Case Study

    INDUSTRY: Restaurant

    SOURCE: McDonald’s Careers, Canadian Business via McLean & Company

    McDonald’s saw a divide between employee experience and its vision. McDonald’s set out to reinvent its employer image and create the reputation it wanted.

    Challenge

    • Historically, McDonald’s has had a challenging employer brand. Founded on the goal of cost effectiveness, a “McJob” was often associated with lower pay and a poor reputation.
    • McDonald’s reached out to employees using a global survey and asked, “What is it you love most about working at McDonald’s?”

    Solution

    • McDonald’s revaluated its employer brand by creating an EVP focused on the three F’s.
    1. Future – career growth and development opportunities
    2. Flexibility – flexible working hours and job variety
    3. Family & Friends – a people-centric work culture

    Results

    • As a result of developing and promoting its EVP internally, McDonald’s has experienced higher engagement and a steady decrease in turnover.
    • Externally, McDonald’s has been recognized numerous times by the Great Place to Work Institute and has been classified by Maclean’s magazine as one of Canada’s top 50 employers for 13 years running.

    Make your job descriptions more attractive to female applicants

    10 WAYS TO REMOVE GENDER BIAS FROM JOB DESCRIPTIONS – GLASSDOOR – AN EXCERPT

    1. USE GENDER-NEUTRAL TITLES: Male-oriented titles can inadvertently prevent women from clicking on your job in a list of search results. Avoid including words in your titles like “hacker,” “rockstar,” “superhero,” “guru,” and “ninja,” and use neutral, descriptive titles like “engineer,” “project manager,” or “developer.
    2. CHECK PRONOUNS: When describing the tasks of the ideal candidate, use “they” or “you.” Example: “As Product Manager for XYZ, you will be responsible for setting the product vision and strategy.
    3. AVOID (OR BALANCE) YOUR USE OF GENDER-CHARGED WORDS: Analysis from language tool Textio found that the gender language bias in your job posting predicts the gender of the person you’re going to hire. Use a tool like Textio tool or the free Gender Decoder to identify problem spots in your word choices. Examples: “Analyze” and “determine” are typically associated with male traits, while “collaborate” and “support” are considered female. Avoid aggressive language like “crush it.
    4. AVOID SUPERLATIVES: Excessive use of superlatives such as “expert,” “superior,” and “world class” can turn off female candidates who are more collaborative than competitive in nature. Research also shows that women are less likely than men to brag about their accomplishments. In addition, superlatives related to a candidate’s background can limit the pool of female applicants because there may be very few females currently in leading positions at “world-class” firms
    5. LIMIT THE NUMBER OF REQUIREMENTS: Identify which requirements are “nice to have” versus “must have,” and eliminate the “nice to haves.” Research shows that women are unlikely to apply for a position unless they meet 100 percent of the requirements, while men will apply if they meet 60 percent of the requirements.

    For the full article please click here.

    1.1.5 Review job postings

    To understand potential gender bias

    1. Select a job posting that you are looking to fill, review the descriptions, and identify if any of the following apply:
    • Are the titles gender neutral? This doesn’t mean you can’t be creative in your naming, but consider if the name really represents the role you are looking to fill.
    • Do you use pronouns? If there are instances where the posting says “he” OR “she” change this to “they” or “you.”
    • Are you overusing superlatives? Review the posting and ensure that when words like “expert” or “world class” are used that you genuinely need someone who is at that level.
    • Are all of the tasks/responsibilities listed the ones that are absolutely essential to the job? Women are less likely to apply if they don’t have direct experience with 100% of the criteria – if it’s a non-essential, consider whether it’s needed in the posting.
    • Is there any organization-specific jargon used? Where possible, avoid using organization-specific jargon in order to create an inclusive posting. Avoid using terms/acronyms that are only known to your organization.
  • Select four to six members of your staff, both male and female, and have them highlight within the job posting what elements appeal to them and what elements do not appeal to them or would concern them about the job.
  • Review the feedback from staff, and identify potential opportunities to reduce bias within the posting.
  • Input

    Output

    • Job posting
    • Updated job posting

    Materials

    Participants

    • Pen and paper
    • IT staff members

    Case Study

    INDUSTRY: Social Media

    SOURCE: Buffer Open blog

    When the social media platform Buffer replaced one word in a job posting, it noticed an increase in female candidates.

    Challenge

    For the social media platform Buffer, all employees were called “hackers.” It had front-end hackers, back-end hackers, Android hackers, iOS hackers, and traction hackers.

    As the company began to grow and ramp up hiring, the Chief Technology Officer, Sunil Sadasivan, noticed that Buffer was seeing a very low percentage of female candidates for these “hacker” jobs.

    In researching the challenge in lack of female candidates, the Buffer team discovered that the word “hacker” may be just the reason why.

    Solution

    Understanding that wording has a strong impact on the type of candidates applying to work for Buffer started a great and important conversation on the Buffer team.

    Buffer wanted to be as inviting as possible in job listings, especially because it hires for culture fit over technical skill.

    Buffer went through a number of wording choices that could replace “hacker,” and ended on the term “developer.” All external roles were updated to reflect this wording change.

    Results

    By making this slight change to the wording used in their jobs, Buffer went from seeing a less than 2% female representation of applicants for developer jobs to around 12% female representation for the same job.

    Step 1.2

    Search – Reach more candidates by expanding key search criteria and sourcing strategies

    Activities

    1.2.1 Complete role analysis

    1.2.2 Expand your sourcing pools

    Enhance your recruitment strategies

    Sourcing shouldn’t start with an open position; it should start with identifying an anticipated need and building and nurturing a talent pipeline. IT participation in this is critical to effectively promote the employee experience and foster relationships before candidates even apply.

    Expand your search

    What is a candidate sourcing program?

    A candidate sourcing program is one element of the overall HR sourcing approach, which consists of the overall process (steps to source talent), the people responsible for sourcing, and the programs (internal talent mobility, social media, employee referral, alumni network, campus recruitment, etc.).

    What is a sourcing role analysis?

    Part of the sourcing plan will outline how to identify talent for a role, which includes both the role analysis and the market assessment. The market assessment is normally completed by the HR department and consists of analyzing the market conditions as they relate to specific talent needs. The role analysis looks at what is necessary to be successful in a role, including competencies, education, background experience, etc.

    How will this enable you to attract female candidates?

    Expanding your sourcing programs and supporting deeper role analysis will allow your HR department to reach a larger candidate pool and better understand the type of talent that will be successful in roles within your organization. By expanding from traditional pools and criteria you will open the organization up to a wider variety of talent options.

    Minimize bias in sourcing to hire the right talent and protect against risk

    Failure to take an inclusive approach to sourcing will limit your talent pool by sidelining entire groups or discouraging applicants from diverse backgrounds. Address bias in sourcing so that diverse candidates are not excluded from the start. Solutions such as removing biographical data from CVs prior to interviews may reduce bias, but they may come too late to impact diversity.

    Potential areas of bias in sourcing:

    Modifications to reduce bias:

    Intake Session

    • Describing a specific employee when identifying what it takes to be successful in the role. This may include attributes that do not actually promote success (e.g. school or program) but will decrease diversity of thought.
    • Hiring managers display a “like me” bias where they describe a successful candidate as similar to themselves.
    • Focus on competencies for the role rather than attributes of current employees or skills. Technology is changing rapidly – look for people who have demonstrated a capability over a specific skill.

    Sourcing Pools

    • Blindly hunting or sourcing individuals from a few sources, assuming that these sources are always better than others (e.g. Ivy League schools always produce the best candidates).
    • Expand sources. Don’t exclude diverse sources because they’re not popular.
    • Objectively measure source effectiveness to address underlying assumptions.

    1.2.1 Role analysis

    Customize a sourcing plan for key roles to guide talent pipeline creation.

    1. Complete a role analysis to understand key role requirements. If you are hiring for an existing role, start by taking an inventory of who your top and low performers are within the role today.
    2. Consider your top performers and identify what a successful employee can do better than a less successful one. Start by considering their alignment with job requirements, and identify the education, designations/certifications, and experiences that are necessary for this job. Do not limit yourself; carefully consider if the requirements you are including are actually necessary or just nice to have.
    3. Required Entry Criteria

      Preferred Entry Criteria

      Education

      • University Degree – Bachelors
      • University Degree – Masters

      Experience

      • 5+) years design, or related, experience
      • Experience leading a team
      • External consulting experience
      • Healthcare industry experience

      Designations/Certifications

      • ITIL Foundations
    4. Review Info-Tech’s Job Competency Library in the Workforce Planning Workbook, identify the key competencies that are ideal for this anticipated role, and write a description of how this would manifest in your organization.
    5. Competency

      Level of Proficiency

      Behavioral Descriptions

      Business Analysis

      Level 2: Capable

      • Demonstrates a basic understanding of business roles, processes, planning, and requirements in the organization.
      • Demonstrates a basic understanding of how technologies assist in business processes.
      • Develop basic business cases using internal environment analysis for the business unit level.
    6. Hold a meeting with your HR team or recruiter to highlight the types of experience and competencies you are looking for in a hire to expand the search criteria.

    Target diverse talent pools through different sources

    When looking to diversify your workforce, it’s critical that you look to attract and recruit talent from a variety of different talent pools.

    SOURCING APPROACH

    INTERNAL MOBILITY PROGRAM

    Positioning the right talent in the right place, at the right time, for the right reasons, and supporting them appropriately. Often tied to succession or workforce planning, mentorship, and learning and development.

    SOCIAL MEDIA PROGRAM

    The widely accessible electronic tools that enable anyone to publish and access information, collaborate on common efforts, and build relationships. Think beyond the traditional and consider niche social media platforms.

    EMPLOYEE REFERRAL PROGRAM

    Employees recommend qualified candidates. If the referral is hired, the referring employee typically receives some sort of reward.

    ALUMNI PROGRAM

    An alumni referral program is a formalized way to maintain ongoing relationships with former employees of the organization.

    CAMPUS RECRUITING PROGRAM

    A formalized means of attracting and hiring individuals who are about to graduate from schools, colleges, or universities.

    EVENTS & ASSOCIATION PROGRAM

    A targeted approach for participation in non-profit associations and industry events to build brand awareness of your organization and create a forward-looking talent pipeline.

    1.2.2 Expand your sourcing pools

    Increase the number of female applicants.

    1. Identify where your employees are currently being sourced from and identify how many female candidates you have gotten from each channel as a percentage of applicants.
    2. # of Candidates From Approach

      % of Female Candidates From Approach

      Target # of Female Candidates

      Internal Talent Mobility

      Social Media Program

      Employee Referral Program

      Alumni Program

      Campus Recruiting Program

      Events & Non-Profit Affiliations

      Other (job databases, corporate website, etc.)

    3. Work with your HR partner or organization’s recruiter to identify three recruitment channels from the list that you will work on expanding.
    4. Review the following two slides and identify key success factors for the implementation. Identify what role IT will play and what role HR will play in implementing the approach.
    5. Following implementation, monitor the impact of the tactics on the number of women candidates and determine whether to add additional tactics.

    Different talent sources

    Benefits and success factors of using different talent sources

    Benefits

    Keys to Success

    Internal Mobility Program

    • Drives retention by providing opportunities to develop professionally
    • Provides a ready pipeline for rapid changes
    • Reduces time and cost of recruitment
    • Identify career pathing opportunities
    • Identify potential successors for succession planning
    • Build learning and development and mentorship

    Social Media Program

    • Access to candidates
    • Taps extended networks
    • Facilitates consistent communication with candidates and talent in pipelines
    • Personalizes the candidate experience
    • Identify platforms – common and niche
    • Talk to your top performers and IT network and identify which sites they use
    • Identify how people use that platform – nature of posts and engagement
    • Define what content to share and who from IT should be engaging
    • Be timely with participation and responses

    Employee Referral Program

    • Higher applicant-to-hire rate
    • Decreased time to fill positions
    • Decreased turner
    • Increased quality of hire
    • Expands your network – women in IT often know other qualified women in IT and in project delivery
    • Educate employees (particularly female employees) to participate
    • Send reminders, incorporate into onboarding, and ask leaders to share job openings
    • Make it easy to share jobs by providing templates and shortened URLs
    • Where possible, simplify the process by avoiding paper forms, reaching out quickly
    • Select metrics that will identify areas of strength and gaps in the referral program

    Alumni Program

    • A formalized way to maintain ongoing relationship with former employees
    • Positive branding as alumni are regarded as a credible source of information
    • Source of talent – boomerang employees are doubly as valuable as they understand the organization
    • Increased referral potential provides access to a larger network and alumni know what is required to be successful in the organization
    • Identify the purpose of the network and set clear goals
    • Identify what the network will do: Will the network be virtual or in person? Who will chair? Who should participate? etc.
    • Create a simple process for alumni to share information about vacancies and refer people
    • Measure progress

    Campus Recruiting Program

    • Increases employer brand awareness among talent entering the workforce
    • Provides the opportunity to interact with large groups of potential candidates at one time
    • Offers access to a highly diverse audience
    • Identify key competencies and select programs based on relevant curriculum for building those competencies
    • Select targeted schools keeping in mind programs and existing relationships
    • Work with HR to get involved

    Events & Non-Profit Affiliations

    • Create a strong talent pipeline for future positions
    • Build relationships based on shared values in a comfortable environment for participants
    • Ability to expand diversity by targeting different types of events or by leveraging women-focused, specifically women in technology, groups
    • Look for events that attract similar participants to the skills or roles you are looking to attract, e.g. Women Who Code if you’re looking for developers
    • Actively engage and participate in the event
    • Couple this with learning and development activities, and invite female top performers to participate

    Enhance your recruitment strategies

    Work with your HR department to influence the recruitment process by taking a data-driven approach to understand the root cause of applicant drop-off and success and take corrective actions.

    Secure top candidates

    Why does the candidate experience matter?

    Until recently it was an employer’s market, so recruiters and hiring managers were able to get good talent without courting top candidates. Today, that’s not the case. You need to treat your IT candidates like customers and be mindful that this is often one of the first experiences future staff will have with the organization. It will give them their first real sense of the culture of the organization and whether they want to work for the organization.

    What can IT leaders do if they have limited influence over the interview process?

    Work with your HR department to evaluate the existing recruitment process, share challenges you’ve experienced, and offer additional support in the process. Identify where you can influence the process and if there are opportunities to build service-level agreements around the candidate experience.

    Take a data-driven approach

    Understand opportunities to enhance the talent selection process.

    While your HR department likely owns the candidate experience and processes, if you have identified challenges in diversity we recommend partnering with your HR department or recruitment team to identify opportunities for improvement within the process. If you are attracting a good amount of candidates through your sell and search tactics but aren’t finding that this is translating into more women selected, it’s time to take a look at your selection processes.

    SIMPLIFIED CANDIDATE SELECTION PROCESS STEPS

    1. Application Received
    2. Candidate Selected for Interview
    3. Offer Extended
    4. Offer Accepted
    5. Onboarding of Staff

    To understand the challenges within your selection process, start by baselining your drop-off rates throughout selection and comparing the differences in male and female candidates. Use this to pin point the issues within the process and complete a root-cause analysis to identify where to improve.

    Step 1.3

    Secure – reduce bias in your interview process and create positive candidate experiences

    Activities

    1.3.1 Identify selection challenges

    1.3.1 Identify your selection challenges

    Review your candidate data.

    1. Hold a meeting with your HR partner to identify trends in your selection data. If you have an applicant tracking system, pull all relevant information for analysis.
    2. Start by identifying the total number of candidates that move forward in each stage of the process. Record the overall number of applicants for positions (should have this number from your sourcing analysis), overall number of candidates selected for interviews, overall number of offers extended, overall number of offers rejected, and overall number of employees still employed after one year.
    3. Identify the number of female and male candidates in each of those categories and as a percentage of the total number of applicants.
    4. Selection Process Step

      Total # of Candidates

      Male Candidates

      Female Candidates

      % Difference Male & Female

      #

      #

      % of total

      #

      % of total

      Applicants for Posted Position

      150

      115

      76.7%

      35

      23.3%

      70% fewer females

      Selected for Interview

      (Selected for Second Interview)

      (Selected for Final Interview)

      Offer Extended

      Offer Rejected

      Employees Retained for One Year

    5. Identify where there are differences in the percentages of male and female candidates and where there are significant drop-off rates between steps in the process.

    Note: For larger organizations, we highly recommend analyzing differences in specific teams/roles and/or at different seniority levels. If you have that data available, repeat the analysis, controlling for those factors.

    Root-cause analysis can be conducted in a variety of ways

    Align your root-cause analysis technique with the problem that needs to be solved and leverage the skills of the root-cause analysis team.

    Brainstorming/Process of Elimination

    After brainstorming, identify which possible causes are not the issue’s root cause by removing unlikely causes.

    The Five Whys

    Use reverse engineering to delve deeper into a recruitment issue to identify the root cause.

    Ishikawa/Fishbone Diagram

    Use an Ishikawa/fishbone diagram to identify and narrow down possible causes by categories.

    Process of elimination

    Leveraging root-cause analysis techniques.

    Using the process of elimination can be a powerful tool to determine root causes.

    • To use the process of elimination to determine root cause, gather the participants from within your hiring team together once you have identified where your issues are within the recruitment process and brainstorm a list of potential causes.
    • Like all brainstorming exercises, remember that the purpose is to gather the widest possible variety of perspectives, so be sure not to eliminate any suggested causes out of hand.
    • Once you have an exhaustive list of potential causes, you can begin the process of eliminating unlikely causes to arrive at a list of likely potential causes.

    Example

    Problem: Women candidates are rejecting job offers more consistently

    Potential Causes

    • The process took too long to complete
    • Lack of information about the team and culture
    • Candidates aren’t finding benefits/salary compelling
    • Lack of clarity on role expectations
    • Lack of fit between candidate and interviewers
    • Candidates offered other positions
    • Interview tactics were negatively perceived

    As you brainstorm, ensure that you are identifying differentiators between male and female candidate experiences and rationale. If you ask candidates their rationale for turning down roles, ensure that these are included in the discussion.

    The five whys

    Leveraging root-cause analysis techniques

    Repeatedly asking “why” might seem overly simplistic, but it has the potential to be useful.

    • It can be useful, when confronting a problem, to start with the end result and work backwards.
    • According to Olivier Serrat, a knowledge management specialist at the Asian Development Bank, there are three key components that define successful use of the five whys: “(i) accurate and complete statements of problems, (ii) complete honesty in answering the questions, and (iii) the determination to get to the bottom of problems and resolve them.”
    • As a group, develop a consensus around the problem statement. Go around the room and have each person suggest a potential reason for its occurrence. Repeat the process for each potential reason (ask “why?”) until there are no more potential causes to explore.
    • Note: The total number of “whys” may be more or less than five.

    Example

    The image contains an example of the five whys activity as described in the text above.

    Ishikawa/fishbone diagram

    Leveraging root-cause analysis techniques.

    Use this technique to sort potential causes by category and match them to the problem.

    • The first step in creating a fishbone diagram is agreeing on a problem statement and populating a box on the right side of a whiteboard or a piece of chart paper.
    • Draw a horizontal line left from the box and draw several ribs on either side that will represent the categories of causes you will explore.
    • Label each rib with relevant categories. In the recruitment context, consider cause categories like technology, interview, process, etc. Go around the room and ask, “What causes this problem to happen?” Every result produced should fit into one of the identified categories. Place it there, and continue to brainstorm sub-causes.

    The image contains a screenshot example of the Ishikawa/fishbone diagram.

    Info-Tech Best Practice

    Avoid naming individuals in the fishbone diagram. The goal of the root-cause exercise is not to lay blame or zero in on a guilty party but rather to identify how you can rectify any challenges.

    Leverage behavioral interviews

    Use Info-Tech’s Behavioral Interview Questions Library.

    Reduce bias in your interviews.

    In the past, companies were pushing the boundaries of the conventional interview, using unconventional questions to find top talent, e.g. “what color is your personality?” The logic was that the best people are the ones who don’t necessarily show perfectly on a resume, and they were intent on finding the best.

    However, many companies have stopped using these questions after extensive statistical analysis revealed there was no correlation between candidates’ ability to answer them and their future performance on the job. Hiring by intuition – or “gut” – is usually dependent on an interpersonal connection being developed over a very short period of time. This means that people who were naturally likeable would be given preferential treatment in hiring decisions whether they were capable of doing the job.

    Asking behavioral interview questions based on the competency needs of the role is the best way to uncover if the candidates will be able to execute on the job.

    For more information see Info-Tech’s Behavioral Interview Question Library.

    The image contains screenshots of Info-Tech's Behavioral Interview Questions Library.

    Improve the level of diversity in your organization by considering inclusive candidate selection practices

    Key action items to create inclusivity in your candidate selection practices:

    1. Managers must be aware of how bias can influence hiring. Encourage your HR department to provide diversity training for recruiters and hiring managers. Ensure those responsible for recruitment are using best practices, are aware of the impact of unconscious bias, and are making decisions in alignment with your DEI strategy.
    2. Use a variety of interviewers to leverage multiple/diverse perspectives. Hiring decisions made by a group can offer a more balanced perspective. Include interviewers from multiple levels in the organization and both men and women.
    3. Hire for distinguished excellence. Be careful not to simply choose the same kind of people over and over, in the name of cultural fit (Source: Recruiter.com, 2015).
    4. Broaden the notion of fit:

    • Hire for skill fit: you might still hire certain types for a specific job (e.g. analytical types for analysis positions), but these candidates can still be diverse.
    • Hire for fit with your organization’s DEI values, regardless of whether the candidate is from a diverse background or not.
    • It can be tempting for hiring managers to hire individuals who are similar to themselves. However, doing so limits the amount of diversity entering your organization, and as a result, limits your organization’s ability to innovate.
  • Deliberately hire for cognitive diversity. Diverse thought processes, perspectives, and problem-solving abilities are positively correlated with firm performance (Source: Journal of Diversity Management, 2014).
  • Leverage a third-party tool

    Ensure recruiting and onboarding programs are effective by surveying your new hires.

    For a deeper analysis of your new hire processes Info-Tech’s sister company, McLean & Company, is an HR research and advisory firm that offers powerful diagnostics to measure HR processes effectiveness. If you are finding diversity issues to be systemic within the organization, leveraging a diagnostic can greatly improve your processes.

    Use this diagnostic to get vital feedback on:

    • Recruiting efforts. Find out if your job marketing efforts are successful, which paths your candidates took to find you, and whether your company is maintaining an attractive profile.
    • Interviewing process. Ensure candidates experience an organized, professional, and ethical process that accurately sets their expectations for the job.
    • Onboarding process. Make sure your new hires are being trained and integrated into their team effectively.
    • Organizational culture. Is your culture welcoming and inclusive? You need to know if top talent enjoy the environment you have to offer.
    The image contains a screenshot of the New Hire Survey.

    For more information on the New Hire Survey click here. If you are interested in referring your HR partner please contact your account manager.

    Phase 2

    Enhance Your Retention Strategies

    Phase 1

    • 1.1 Sell
    • 1.2 Search
    • 1.3 Secure

    Phase 2

    • 2.1 Engagement
    • 2.2 Employee Experience
    • 2.3 Stay Interviews

    Actively engage female staff to retain them

    Employee engagement: the measurement of effective management practices that create a positive emotional connection between the employee and the organization.

    Engaged employees do what’s best for the organization: they come up with product/service improvements, provide exceptional service to customers, consistently exceed performance expectations, and make efficient use of their time and resources. The result is happy customers, better products/services, and saved costs.

    Today, what we find is that 54% of women in IT are not engaged,* but…

    …engaged employees are: 39% more likely to stay at an organization than employees who are not engaged.*

    Additionally, engaging your female staff also has the additional benefit of increasing willingness to innovate by 30% and performance by 28%. The good news is that increasing employee engagement is not difficult, it just requires dedication and an effective toolkit to monitor, analyze, and implement tactics.*

    * Info-Tech and McLean & Company Diagnostics; N=1,308 IT employees

    Don’t seek to satisfy; drive IT success through engagement

    The image contains a screenshot of a diagram that highlights the differences between satisfied and engaged employees.

    Engagement drivers that impact retention for men and women are different – tailor your strategy to your audience

    Ranked correlation of impact of engagement drivers on retention

    The image contains a screenshot that demonstrates the differences in retaining men and women in IT.

    * Recent data stays consistent, but the importance of compensation and recognition in retaining women in IT is increasing.

    Info-Tech Research Group Employee Engagement Diagnostic; N=1,856 IT employees.

    An analysis of the differences between men and women in IT’s drivers indicates that women in IT are significantly less likely than men in IT to agree with the following statements:

    Culture:

    • They identify well with the organization’s values.
    • The organization has a very friendly atmosphere.

    Employee Empowerment:

    • They are given the chance to fully leverage their talents through their job.

    Manager Relationships:

    • They can trust their manager.
    • Their manager cares about them as a person

    Working Environment:

    • They have not seen incidents of discrimination at their organization based on age, gender, sexual orientation, religion, or ethnicity.

    Enhance your retention strategies

    Employee engagement is one of the greatest predictors of intention to stay. To retain you need to understand not only engagement but also your employee experience – the moments that matter – and actively work to create a positive experience.

    Improve employee engagement

    What differentiates an engaged employee?

    Engaged employees do what’s best for the organization: they come up with product/service improvements, provide exceptional service to customers, consistently exceed performance expectations, and make efficient use of their time and resources. The result is happy customers, better products/services, and saved costs.

    Why measure engagement when looking at retention?

    Engaged employees report 39%1 higher intention to stay at the organization than disengaged employees. The cost of losing an employee is estimated to be 150% to 200% of their annual salary.2 Can you afford to not engage your staff?

    Why should IT leadership be responsible for their staff engagement?

    Engagement happens every day, through every interaction, and needs to be tailored to individual team members to be successful. When engagement is owned by IT leadership, engagement initiatives are incorporated into daily experiences and personalized to their employees based on what is happening in real time. It is this active, dynamic leadership that inspires ongoing employee engagement and differentiates those who talk about engagement from those who succeed in engaging their teams.

    Sources: 1 - McLean & Company Employee Engagement Survey, 2 - Gallup, 2019

    Step 2.1

    Improve employee engagement

    Activities

    2.1.1 Review employee engagement results and trends

    2.1.2 Focus on areas that impact retention of women

    Take a data-driven approach

    Info-Tech’s employee engagement diagnostics are low-effort, high-impact programs that will give you detailed report cards on the organization’s engagement levels. Use these insights to understand your employees’ engagement levels by a variety of core demographics.

    FULL ENGAGEMENT DIAGNOSTIC

    EMPLOYEE EXPERIENCE MONITOR

    The full engagement diagnostic provides a comprehensive view of your organization’s engagement levels, informing you of what motivates employees and providing a detailed view of what engagement drivers to focus on for optimal results.

    Info-Tech & McLean & Company’s Full Engagement Diagnostic Survey has 81 questions in total.

    The survey should be completed annually and typically takes 15-20 minutes to complete.

    The EXM Dashboard is designed to give organizations a real-time view of employee engagement while being minimally intrusive.

    This monthly one-question survey allows organizations to track the impact of events and initiatives on employee engagement as they happen, creating a culture of engagement.

    The survey takes less than 30 seconds to complete and is fully automated.

    For the purpose of improving retention of women in IT, we encourage you to leverage the EXM tool, which will allow you to track how this demographic group’s engagement changes as you implement new initiatives.

    Engagement survey

    For a detailed breakdown of staff overall engagement priorities.

    Overall Engagement Results

    • A clear breakdown of employee engagement results by demographic, gender, and team.
    • Detailed engagement breakdown and benchmarking.
    The image contains a screenshot of the overall engagement results.

    Priority Matrix and Driver Scores

    • A priority matrix specific to your organization.
    • A breakdown of question scores by priority matrix quadrant.
    • Know what not to focus your effort on – not all engagement drivers will have a high impact on engagement.
    The image contains a screenshot of the priority matrix and driver scores.

    EXM dashboard

    Reporting to track engagement in real time.

    EXM Dashboard

    • Leverage Info-Tech’s real-time Employee Experience Monitor dashboard to track your team’s engagement levels over time.
    • Track changes in the number of supporters and detractors and slice the data by roles, teams, and gender.
    The image contains a screenshot of the EXM dashboard.

    Time Series Trends

    • As you implement new initiatives to improve the engagement and retention of staff, track their impact and continuously course correct.
    • Empower your leaders to actively manage their team culture to drive innovation, retention, and productivity.
    The image contains a screenshot of the time series trends.

    Start your diagnostic now

    Leverage your Info-Tech membership to seamlessly launch your employee engagement survey.

    Info-Tech’s dedicated team of program managers will facilitate this diagnostic program remotely, providing you with a convenient, low-effort, high-impact experience.

    We will guide you through the process with your goals in mind to deliver deep insight into your successes and areas to improve.

    What You Need to Do:

    Info-Tech’s Program Manager Will:

    1. Contact Info-Tech to launch the program.
    2. Review the two survey options to select the right survey for your organization.
    3. Work with an Info-Tech analyst to set up your personal diagnostic.
    4. Identify who you would like to take the survey.
    5. Customize Info-Tech’s email templates.
    6. Participate in a one-hour results call with an Info-Tech executive advisor.
    1. Work with you to define your engagement strategy and goals.
    2. Launch, maintain, and support the diagnostic in the field.
    3. Provide you with response rates throughout the process.
    4. Explore your results in a one-hour call with an executive advisor to fully understand key insights from the data.
    5. Provide quarterly updates and training materials for your leadership team.

    Start Now

    2.1.1 Review employee engagement results

    Identify trends

    1. In a call with one of Info-Tech’s executive advisors, review the results of your employee engagement survey.
    2. Identify which departments are most and least engaged and brainstorm some high-level reasons.
    3. Review the demographic information and highlight any inconsistencies or areas with high levels of variance. Document which demographics have the most and least engaged, disengaged, and indifferent employees.
    4. With help from the Info-Tech executive advisor, identify and document any dramatic differences in the demographic data, particularly around gender.
    5. Identify if the majority of issues effecting engagement are at an organization or department level and which stakeholders you need to engage to support the process moving forward.
    6. Identify next steps.
    Input
    • Employee engagement results
    Participants
    • CIO
    • Info-Tech Advisor

    2.1.2 Focus on areas that impact retention of women

    Hold focus groups with IT staff and focus on the five areas with the greatest impact on women’s retention.

    1. Review the handout slides on the following pages to get a better understanding of the definition of each of the top five drivers impacting women’s retention. Depending on your team’s size, pick one to three drivers to focus on for your first focus group.
    2. Divide the participants into teams and on flip chart paper or using sticky notes have the teams brainstorm what you can stop/start/continue doing to help you improve on your assigned driver.
    • Continue: actions that work for the team related to this driver and should proceed.
    • Start: actions/initiatives that the team would like to begin.
    • Stop: actions/initiatives that the team would like to stop.
  • Prioritize the initiatives by considering: Is this initiative something you feel will make an impact on the engagement driver? Eliminate any initiatives that would not make an impact.
  • Have the groups present back and vote on two to three initiatives to implement to drive improvements within that area.
  • Culture

    Engagement driver handout

    Culture: The degree to which an employee identifies with the beliefs, values, and attitudes of the organization.

    Questions:

    • I identify well with the organization’s values.
    • This organization has a collaborative work environment.
    • This organization has a very friendly atmosphere.
    • I am a fit for the organizational culture.

    Ranked Correlation of Impact of Engagement Driver on Retention:

    • Women in IT: #1
    • Men in IT: #2

    Company Potential

    Engagement driver handout

    Company Potential: An employee’s understanding of and commitment to the organization’s mission, and the employee’s excitement about the organization’s mission and future.

    Questions:

    • This organization has a bright future.
    • I am impressed with the quality of people at this organization.
    • People in this organization are committed to doing high-quality work.
    • I believe in the organization’s overall business strategy.
    • This organization encourages innovation.

    Ranked Correlation of Impact of Engagement Driver on Retention:

    • Women in IT: #2
    • Men in IT: #1

    Employee Empowerment

    Engagement driver handout

    Employee Empowerment: The degree to which employees have accountability and control over their work within a supported environment.

    Questions:

    • I am not afraid of trying out new ideas in my job.
    • If I make a suggestion to improve something in my department I believe it will be taken seriously.
    • I am empowered to make decisions about how I do my work.
    • I clearly understand what is expected of me on the job.
    • I have all the tools I need to do a great job.
    • I am given the chance to fully leverage my talents through my job.

    Ranked Correlation of Impact of Engagement Driver on Retention:

    • Women in IT: #3
    • Men in IT: #6

    Learning and Development

    Engagement driver handout

    Learning and Development: A cooperative and continuous effort between an employee and the organization to enhance an employee’s skill set and expertise and meet an employee’s career objectives and the organization’s needs.

    Questions:

    • I can advance my career in this organization.
    • I am encouraged to pursue career development activities.
    • In the last year, I have received an adequate amount of training.
    • In the last year, the training I have received has helped me do my job better.

    Ranked Correlation of Impact of Engagement Driver on Retention:

    • Women in IT: #4
    • Men in IT: #5

    Manager Relationships

    Engagement driver handout

    Manager Relationships: The professional and personal relationship an employee has with their manager. Manager relationships depend on the trust that exists between these two individuals and the extent that a manager supports and develops the employee.

    Questions:

    • My manager inspires me to improve.
    • My manager provides me with high-quality feedback.
    • My manager helps me achieve better results.
    • I trust my manager.
    • My manager cares about me as a person.
    • My manager keeps me well informed about decisions that affect me.

    Ranked Correlation of Impact of Engagement Driver on Retention:

    • Women in IT: #5
    • Men in IT: #11

    Step 2.2

    Examine employee experience

    Activities

    2.2.1 Identify moments that matter

    Understand why and when employees plan to depart

    Leverage “psychology of quitting” expertise.

    Train your managers to provide them with the skills and expertise to recognize the warning signs of an employee’s departure and know how to re-engage and retain them.

    • The majority of resignations are not spur of the moment. They are the result of a compilation of events over a period of time. Normally, these instances are magnified by a stimulant. The final straw or the breaking point drives the employee to make a change. In fact, it has been estimated that a shock jumpstarts 65% of departures.*
      • These shocks could be a lack of promotion, loss of privilege or development opportunity, or a quarrel with a manager.
    • Employees rarely leave right away. Most wait until they have confirmed a new job opportunity before leaving. This creates a window in which you can reengage and retain them.
    • The majority of employees show signs that they are beginning to think of leaving. Whether that is leaving immediately, putting in the bare minimum of effort, or job searching online at work. Train your managers to know the signs and to keep an eye out for potentially dissatisfied and searching employees.*
    • It is easier and less costly to reengage an employee than to start the hiring process from the beginning.
    *Source: The Career Café, 2017

    Examine employee experience (EX)

    Look beyond engagement drivers to drive retention.

    Employee experience (EX) is the employee’s perception of their cumulative lived experiences with the organization. It is gauged by how well the employee’s expectations are met within the parameters of the workplace, especially by the “moments that matter” to them. Individual employee engagement is the outcome of a strong overall EX.

    The image contains a diagram as an example of examining employee experience.

    Drive a positive employee experience

    Identify moments that matter.

    Moments that matter are defining pieces or periods in an employee’s experience that create a critical turning point or memory that is of significant importance to them.

    These are moments that dramatically change the path of the emotional journey, influence the quality of the final outcome, or end the journey prematurely.

    To identify the moment that matters look for significant drops in the emotional journey that your organization needs to improve or significant bumps that your organization can capitalize on. Look for these drops or bumps in the journey and take stock of everything you have recorded at that point in the process. To improve the experience, analyze the hidden needs and how they are or aren’t being met.

    The image contains a screenshot of an example graph to demonstrate opportunities and issues to help drive a positive employee experience.

    Info-Tech Insight

    The moment that matters is key and it could be completely separate from organizational life, like the death of a family member. Leaders can more proactively address these moments that matter by identifying them and determining how to make the touchpoint at that moment more impactful.

    2.2.1 Identify moments that matter

    1. Review your Employee Experience Monitor weekly trends by logging into your dashboard and clicking on “Time Series Trends.”
    2. With your management team, identify any weekly trends where your Employee Experience Score has seen changes in the number of detractor, passive, or promoter responses.
    3. For each significant change identify:
    • Increase in promoters or decrease in detractors:
      • What can we do to duplicate positive moments that occurred this week?
      • What did I do as a leader to create positive employee experiences?
      • What happened in the organization that created a positive employee experience?
    • Increase in detractors or decrease in promoters:
      • What difficult change was delivered this week?
      • What about this change was negatively perceived?
      • During the difficult situation how did we as a leadership team support our staff?
      • Who did we engage and recognize during the difficult situation?
      • Was this situation a one-off issue or is this likely to occur again?
  • Consider your interactions with employees and identify how you made moments matter during those times related to four key engagement drivers impacting women in IT:
    • How did you promote a positive culture and friendly atmosphere?
    • How did you empower female staff to leverage their talents?
    • How did you interact with staff?
    • How did you promote a positive work environment? Where did you see bias in decisions?
  • Independently as manager, document three to five lessons learned from the changes in your detractors and promoters, and determine what action you will take.
  • Measured benefits of positive employee experience

    Positive employee experiences lead to engaged employees, and engaged employees are eight times more likely to recommend the organization (McLean & Company Employee Engagement Database, 2017; N=74,671).

    Retention

    Employees who indicate they are having a positive experience at work have a 52% higher level of intent to stay (Great Place To Work Institute, 2021)

    The bottom line

    Organizations that make employee experience a focus have: 23% higher profitability 10% higher customer loyalty (Achievers, 2021)

    Case Study

    INDUSTRY: Post-Secondary Education

    SOURCE: Adam Grant, “Impact and the Art of Motivation Maintenance: The Effects of Contact with Beneficiaries on Persistence Behavior”

    The future is here! Is your data architecture practice ready?

    Challenge

    A university call center, tasked with raising scholarship money from potential donors, had high employee turnover and low morale.

    Solution

    A study led by Grant arranged for a test group of employees to meet and interact with a scholarship recipient. In the five-minute meeting, employees learned what the student was studying.

    Results

    Demonstrating the purpose behind their work had significant returns. Employees who had met with the student demonstrated:

    More than two times longer “talk time” with potential donors.

    A productivity increase of 400%: the weekly average in donations went from $185.94 to $503.22 for test-group employees.

    Enhance your retention strategies

    Do not wait until employees leave to find out what they were unhappy with or why they liked the organization. Instead, perform stay interviews with top and core talent to create a holistic understanding of what they are perceiving and feeling.

    Conduct stay interviews

    What is a stay interview?

    A stay interview is a conversation with current employees. It should be performed on a yearly basis and is an informal discussion to generate deeper insight into the employee’s opinions, perspectives, concerns, and complaints. Stay interviews can have a multitude of uses. In this project they will be used to understand why top and core talent chose to stay with the organization to ensure that organizations understand and build upon their current strengths.

    When should you do stay interviews?

    We recommend completing stay interviews at least on an annual, if not quarterly, basis to truly understand how staff are feeling about the organization and their job, why they stay at the organization, and what would cause them to leave. Couple the outcomes of these interviews with employee engagement action planning to ensure that you are able to address talent needs.

    Step 2.3

    Conduct stay interviews and learn why employees stay

    Activities

    2.3.1 Conduct stay interviews

    Conduct regular “stay” or “retention” interviews

    Build stay interviews into the regular routine. By incorporating stay interviews into your schedule, they are more likely to stick. This regularity provides several advantages:

    1. Ensures that retention issues do not take you by surprise. With a finger on the pulse of the organization you will be aware of potential issues.
    2. Acts as a supplement to the engagement survey by providing additional information and context for the current level of emotion within the organization.
    3. Begins to build a wealth of information that can be analyzed to identify themes and trends. This can be used to track whether the reasons why individuals stay are consistent or if are they changing. This will ensure that the retention strategy remains up to date.

    Stay interview best practices:

    • Ideally is performed by managers, but can be performed by HR.
      • Ideally completed by managers as they are more familiar with their employees, have a greater reach, can hold meetings in a more informal setting, and will receive information first hand.
      • If conducted by managers, it’s a best practice to ensure that there is a central repository of themes so that you can identify if there are any trends in the responses, that consistent questions are asked, and that all of the information is in one place
    • Should be an informal conversation.
    • Should be conducted in a non-critical time in the business year.
    • Ask three types of questions:
      • What do you enjoy about working here?
      • What would you change about your working environment?
      • What would encourage or force you to leave the organization?
    • Interview a diverse employee base:
      • Demographics
      • Role
      • Performance level
      • Location
    Source: Talent Management & HT, 2013

    Leverage stay interviews

    Use Info-Tech’s Stay Interview Guide.

    Proactively identify opportunities to drive retention.

    The Stay Interview Guide helps managers conduct interviews with current employees, enabling the manager to understand:

    • The employee's current engagement level.
    • The employee's satisfaction with current role and responsibilities.
    • Suggestions for potential improvements.
    • An employee's intent to stay with the organization.

    Use this template to help you understand how you can best engage your employees and identify any challenges, in terms of moments that mattered, that negatively impacted their intention to stay at the organization.

    The image contains a screenshot of Info-Tech's Stay Interview Guide.

    2.3.1 Conduct stay interviews

    1. If you are using the Employee Experience Monitor, prepare for your stay interviews by reviewing your results and identifying if there have been any changes in the results over the previous six weeks. Identify which demographics have the highest and lowest engagement levels – and identify any changes in experience between different demographics.
    2. Identify a meeting schedule and cadence that seems appropriate for your stay interviews. For example, you likely will not do all staff at the same time and it may be beneficial to space out your meetings throughout the year. Select a candidate for your first stay interview and invite them for a one-on-one meeting. If it’s unusual for you to meet with this employee, we recommend providing some light context around the rationale, such as that you are looking for opportunities to strengthen the organizational culture and better understand how you can improve retention and engagement at the organization.
    3. Download the Stay Interview Template, review all of the questions beforehand, and identify the key questions that you want to ask in the meeting.
    • TIP: Even though this is called a “stay interview,” really it should be more of a conversation, and certainly not an interrogation. Know the questions you want to ask, and ask your staff member if it’s ok if you jot down some notes. It may even be beneficial to have the meeting outside of the office, over lunch, or out for coffee.
  • Hold your meeting with the employee and thank them for their time.
  • Following the meeting, send them a thank-you email to thank them for providing feedback, summarize your top three to five key takeaways from the meeting, verify with them that this aligns with their perspective, and see if they have anything else to add to the conversation. Identify any initiatives or changes that you will make as a result of the information – set a date for execution and follow-up.
  • If you are in the process of recruiting new employees to the organization, don’t forget to remind them of your referral program and ask if they might know of any candidates that would be a good fit for the organization.
  • Download the Stay Interview Guide

    Ten tips for best managing stay interviews

    Although stay interviews are meant to be informal, you should schedule them as you would any other meeting. Simply invite the employee for a chat.

    1. Step out of the office if possible. Opt for your local coffee shop, a casual lunch destination, or another public but informal location.
    2. Keep the conversation short, no more than 15 to 20 minutes. If there are any areas of concern that you think warrant action, ask the employee if they would like to discuss them another time. Suggest another meeting to delve deeper into specific issues.
    3. Be clear about the purpose of the conversation. Stay interviews are not performance reviews.
    4. Focus on what you can do for them. Ask about the employee’s preferences when it comes to feedback and communication (frequency, method, etc.) as well as development (preferences around methods, e.g. coaching or rotations, and personal goals).
    5. Be positive. Ask your employee what they like about their job and use positively framed questions.
    6. Ask about what they like doing. People enjoy talking about what they like to do. Ask employees about the talents and skills they would like to incorporate into their work duties.
    7. Show that you’re listening – paraphrase, ask for clarification, and use appropriate gestures.
    8. Refrain from taking notes during the meeting to preserve a conversational atmosphere.
    9. Pay attention to the employee’s body language and tone. If it appears that they are uncomfortable talking to you, stop the interview or pause to let them collect themselves.
    10. Be open to suggestions, but remember that you can’t control everything. If the employee brings up issues that are beyond your control, tell them that you will do all you can to improve the situation but can’t guarantee anything.

    Related Info-Tech Research

    Recruit and Retain People of Color in IT

    • To stay competitive, IT leaders need to be more involved and commit to a plan to recruit and retain people of color in their departments and organizations. A diverse team is an answer to innovation that can differentiate your company.
    • Treat recruiting and retaining a diverse team as a business challenge that requires full engagement. Info-Tech offers a targeted solution that will help IT leaders build a plan to attract, recruit, engage, and retain people of color.

    Recruit Top IT Talent

    • Changing workforce dynamics and increased transparency have shifted the power from employers to job seekers, stiffening the competition for talent.
    • Candidate expectations match high consumer expectations and affect the employer brand, the consumer brand, and overall organizational reputation. Delivering a positive candidate experience (CX2) is no longer optional.

    Acquire the Right Hires with Effective Interviewing

    • Talk is cheap. Hiring isn’t.
    • Gain insight into and understand the need for a strong interview process.
    • Strategize and plan your interview process.
    • Understand various hiring scenarios and how an interview process may be modified to reflect your organization’s scenario.

    Bibliography

    “4 Hiring Trends Technology Managers Need to Know.” Robert Half Talent Solutions, 4 Oct. 2021. Accessed 4 Feb. 2022.

    “89% of CIOs are concerned about Talent Retention: SOTD CIO.” 2016 Harvey Nash/KPMG CIO Survey, CIO From IDG, 12 Aug. 2016. Web.

    Angier, Michelle, and Beth Axelrod. “Realizing the power of talented women.” McKinsey Insights, Sept. 2014. Web.

    Beansontoast23. “Not being trained on my first dev job.” Reddit, 29 July 2016. Web.

    Birt, Martin. “How to develop a successful mentorship program: 8 steps.” Financial Post, 5 Dec. 2014. Web.

    Bort, Julie. “The 25 Best Tech Employers For Women [Ranked].” Business Insider, 18 Nov. 2014. Web.

    Bradford, Laurence. “15 of the Most Powerful Women in Tech.” The Balance Careers, Updated 4 Feb. 2018. Web.

    “Building A Stronger, Better, More Diverse eBay.” eBay Inc., 31 July 2014. Web.

    “Canada’s Best Employers 2015: The Top 50 Large Companies.” Canadian Business, 2014. Article.

    Cao, Jing, and Wei Xue. “What are the Best practices to Promote High-Ranking Female Employees Within Organizations?” Cornell University ILR School, Spring 2013. Web.

    Cheng, Roger. “Women in Tech: The Numbers Don't Add Up.” CNET, 6 May 2015. Web.

    “CIO Survey 2020: Everything Changed. Or Did It?” Harvey Nash and KPMG, 2020. Accessed 24 Feb. 2022.

    Daley, Sam. “Women in Tech Statistics Show the Industry Has a Long Way to Go.” Built In, 5 May 2021. Accessed 1 March 2022.

    Dixon-Fyle, Sundiatu, et al. “Diversity wins: How inclusion matters.” McKinsey & Company, 19 May 2020. Accessed 24 Feb. 2022.

    Donovan, Julia. “How to Quantify the Benefits of Enhancing Your Employee Experience.” Achievers Solution Inc., 21 Sept. 2021. Web.

    “Engage Me! Employee Engagement Explored.” SoftSolutions, 12 Jan. 2016. Web.

    Erb, Marcus. Global Employee Engagement Benchmark Study. Great Place to Work Institute, 29 Nov. 2021. Accessed 15 Feb. 2022.

    Garner, Mandy. “How to attract and recruit a more gender diverse team.” Working Mums, 4 March 2016. Web.

    Gaur, Shubhra. “Women in IT: Their path to the top is like a maze.” Firstpost, 28 Aug. 2015. Web.

    “Girls Gone Wired Subreddit.” Reddit, n.d. Web.

    Glassdoor Team. “10 Ways to Remove Gender Bias from Job Descriptions.” Glassdoor for Employers Blog, 9 May 2017. Web.

    Grant, Adam. “Impact and the Art of Motivation Maintenance: The Effects of Contact with Beneficiaries on Persistence Behavior.” Organizational Behavior and Human Decision Processes, vol. 103, no. 1, 2007, pp. 53-67. Accessed on ScienceDirect.

    IBM Smarter Workforce Institute. The Employee Experience Index. IBM Corporation, 2016. Web.

    ISACA. “Tech Workforce 2020: The Age and Gender Perception Gap.” An ISACA Global Survey Report, 2019. Accessed 17 Feb. 2022.

    Johnson, Stephanie K., David R. Hekman, and Elsa T. Chan. “If There’s Only One Woman in Your Candidate Pool, There’s Statistically No Chance She’ll Be Hired.” Harvard Business Review, 26 April 2016. Web.

    Kessler, Sarah. “Tech's Big Gender Diversity Push One Year In.” Fast Company, 19 Nov. 2015. Web.

    Kosinski, M. “Why You Might Want to Focus a Little Less on Hiring for Cultural Fit.” Recruiter.com, 11 Aug. 2015. Web.

    Krome, M. A. “Knowledge Transformation: A Case for Workforce Diversity.” Journal of Diversity Management (JDM), vol. 9, no. 2, Nov. 2014, pp. 103-110.

    Ladimeij, Kazim. “Why Staff Resign; the Psychology of Quitting.” The Career Café, 31 March 2017. Updated 9 Jan. 2018. Web.

    Loehr, Anne. “Why You Need a New Strategy For Retaining Female Talent.” ReWork, 10 Aug. 2015. Web.

    Lucas, Suzanne. “How Much Employee Turnover Really Costs You.” Inc., 30 Aug. 2013. Web.

    Marttila, Paula. “5 Step Action Plan To Attract Women Join Tech Startups.” LinkedIn, 10 March 2016. Web.

    Mayor, Tracy. “Women in IT: How deep is the bench?” Computerworld, 19 Nov. 2012. Web.

    McCracken, Douglas M. “Winning the Talent War for Women: Sometimes It Takes a Revolution.” Harvard Business Review, Nov.-Dec. 2000. Web.

    McDonald’s Careers. McDonald’s, n.d. Web.

    McFeely, Shane, and Ben Wigert. “This Fixable Problem Costs U.S. Businesses $1 Trillion.” Gallup, Inc., 31 March 2019. Accessed 4 March 2022.

    Morgan, Jacob. The Employee Experience Advantage: How to Win the War for Talent by Giving Employees the Workspaces they Want, the Tools they Need, and a Culture They Can Celebrate. John Wiley & Sons, Inc., 2017. Print.

    Napolitano, Amy. “How to Build a Successful Mentoring Program.” Training Industry, 20 April 2015. Web.

    Peck, Emily. “The Stats On Women In Tech Are Actually Getting Worse.” Huffington Post. 27 March 2015. Updated 6 Dec. 2017. Web. 20

    Porter, Jane. “Why Are Women Leaving Science, Engineering, And Tech Jobs?” Fast Company, 15 Oct. 2014. Web.

    Pratt, Siofra. “Emma Watson: Your New Recruitment Guru - How to: Attract, Source and Recruit Women.” SocialTalent, 25 Sept. 2014. Web.

    “RBC Diversity Blueprint 2012-2015.” 2012-2015 Report Card, RBC, 2015. Web.

    Richter, Felix. “Infographic: Women’s Representation in Big Tech.” Statista Infographics, 1 July 2021. Web.

    Rogers, Rikki. “5 Ways Companies Can Attract More Women (Aside From Offering to Freeze Their Eggs).” The Muse, n.d. Web.

    Sazzoid. “HOWTO recruit and retain women in tech workplaces.” Geek Feminism Wiki, 10 Jan. 2012. Updated 18 Aug. 2016. Web.

    Seiter, Courtney. “Why We Removed the Word ‘Hacker’ From Buffer Job Descriptions.” Buffer Open blog, 13 March 2015. Updated 31 Aug. 2018. Web.

    Serebrin, Jacob. “With tech giants like Google going after female talent, how can startups compete?” The Globe and Mail, 18 Jan. 2016. Updated 16 May 2018. Web.

    Snyder, Kieran. “Why women leave tech: It's the culture, not because 'math is hard'.” Fortune, 2 Oct. 2014. Web.

    Stackpole, Beth. “5 ways to attract and retain female technologists.” Computerworld, 7 March 2016. Web.

    Sullivan, John. “4 Stay Interview Formats You Really Should Consider.” Talent Management & HT, 5 Dec. 2013. Web.

    Syed, Nurhuda. “IWD 2021: Why Are Women Underrepresented in the C-Suite?” HRD America, 5 March 2021. Web.

    Sylvester, Cheryl. “How to empower women in IT (and beyond) on #InternationalWomenDay.” ITBUSINESS.CA, 31 March 2016. Web.

    “The Power of Parity: Advancing Women’s Equality in the United States.” McKinsey Global Institute, April 2016. Web.

    White, Cindy. “How to Promote Gender Equality in the Workplace.” Chron, 8 Aug. 2018. Web.

    White, Sarah. “Women in Tech Statistics: The Hard Truths of an Uphill Battle.” CIO From IDG Communication, Inc., 8 March 2021. Accessed 24 Feb. 2022.

    Reduce Risk With Rock-Solid Service-Level Agreements

    • Buy Link or Shortcode: {j2store}365|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management

    Organizations can struggle to understand what service-level agreements (SLAs) are required and how they can differ depending on the service type. In addition, these other challenges can also cloud an organization’s knowledge of SLAs:

    • No standardized SLAs documents, service levels, or metrics
    • Dealing with lost productivity and revenue due to persistent downtime
    • Not understanding SLAs components and what service levels are required for a particular service
    • How to manage the SLA and hold the vendor accountable

    Our Advice

    Critical Insight

    SLAs need to have clear, easy-to-measure objectives, to meet expectations and service level requirements, including meaningful reporting and remedies to hold the provider accountable to its obligations.

    Impact and Result

    This project will provide several benefits and learnings for almost all IT workers:

    • Better understanding of an SLA framework and required SLA elements
    • Standardized service levels and metrics aligned to the organization’s requirements
    • Reduced time in reviewing, evaluating, and managing service provider SLAs

    Reduce Risk With Rock-Solid Service-Level Agreements Research & Tools

    Start here – Read our Executive Brief

    Understand how to resolve your challenges with SLAs and their components and ensuring adequate metrics. Learn how to create meaningful SLAs that meet your requirements and manage them effectively.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand SLA elements – Understand the elements of SLAs, service types, service levels, metrics/KPIs, monitoring, and reporting

    • SLA Checklist
    • SLA Evaluation Tool

    2. Create requirements – Create your own SLA criteria and templates that meet your organization’s requirements

    • SLA Template & Metrics Reference Guide

    3. Manage obligations – Learn the SLA Management Framework to track providers’ performance and adherence to their commitments.

    • SLO Tracker & Trending Tool

    Infographic

    Workshop: Reduce Risk With Rock-Solid Service-Level Agreements

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand the Elements of SLAs

    The Purpose

    Understand key components and elements of an SLA.

    Key Benefits Achieved

    Properly evaluate an SLA for required elements.

    Activities

    1.1 SLA overview, objectives, SLA types, service levels

    1.2 SLA elements and objectives

    1.3 SLA components: monitoring, reporting, and remedies

    1.4 SLA checklist review

    Outputs

    SLA Checklist 

    Evaluation Process

    SLA Checklist

    Evaluation Process

    SLA Checklist

    Evaluation Process

    SLA Checklist

    Evaluation Process

    2 Create SLA Criteria and Management Framework

    The Purpose

    Apply knowledge of SLA elements to create internal SLA requirements.

    Key Benefits Achieved

    Templated SLAs that meet requirements.

    Framework to manage SLOs.

    Activities

    2.1 Creating SLA criteria and requirements

    2.2 SLA templates and policy

    2.3 SLA evaluation activity

    2.4 SLA Management Framework

    2.5 SLA monitoring, tracking, and remedy reconciliation

    Outputs

    Internal SLA Management Framework

    Evaluation of current SLAs

    SLA tracking and trending

    Internal SLA Management Framework

    Evaluation of current SLAs

    SLA tracking and trending

    Internal SLA Management Framework

    Evaluation of current SLAs

    SLA tracking and trending

    Internal SLA Management Framework

    Evaluation of current SLAs

    SLA tracking and trending

    Internal SLA Management Framework

    Evaluation of current SLAs

    SLA tracking and trending

    Further reading

    Reduce Risk With Rock-Solid Service-Level Agreements

    Hold Service Providers more accountable to their contractual obligations with meaningful SLA components & remedies

    EXECUTIVE BRIEF

    Analyst Perspective

    Reduce Risk With Rock-Solid Service-Level Agreements

    Every year organizations outsource more and more IT infrastructure to the cloud, and IT operations to managed service providers. This increase in outsourcing presents an increase in risk to the CIO to save on IT spend through outsourcing while maintaining required and expected service levels to internal customers and the organization. Ensuring that the service provider constantly meets their obligations so that the CIO can meet their obligation to the organization can be a constant challenge. This brings forth the importance of the Service Level Agreement.

    Research clearly indicates that there is a general lack of knowledge when comes to understanding the key elements of a Service Level Agreement (SLA). Even less understanding of the importance of the components of Service Levels and the Service Level Objectives (SLO) that service provider needs to meet so that the outsourced service consistently meets requirements of the organization. Most service providers are very good at providing the contracted service and they all are very good at presenting SLOs that are easy to meet with very few or no ramifications if they don’t meet their objectives. IT leaders need to be more resolute in only accepting SLOs that are meaningful to their requirements and have meaningful, proactive reporting and associated remedies to hold service providers accountable to their obligations.

    Ted Walker

    Principal Research Director, Vendor Practice

    Info-Tech Research Group

    Executive Brief

    Vendors provide service level commitments to customers in contracts to show a level of trust, performance, availability, security, and responsiveness in an effort create a sense of confidence that their service or platform will meet your organization’s requirements and expectations. Sifting through these promises can be challenging for many IT Leaders. Customers struggle to understand and evaluate what’s in the SLA – are they meaningful and protect your investment? Not understanding the details of SLAs applicable to various types of Service (SaaS, MSP, Service Desk, DR, ISP) can lead to financial and compliance risk for the organization as well as poor customer satisfaction.

    This project will provide IT leadership the knowledge & tools that will allow them to:

    • Understand what SLAs are and why they need them.
    • Develop standard SLAs that meet the organization’s requirements.
    • Negotiate meaningful remedies aligned to Service Levels metrics or KPIs.
    • Create SLA monitoring & reporting and remedies requirements to hold the provider accountable.

    This research:

    1. Is designed for:
    • The CIO or CFO who needs to better understand their provider’s SLAs.
    • The CIO or BU that could benefit from improved service levels.
    • Vendor management who needs to standardize SLAs for the organization IT leadership that needs consistent service levels to the business
    • The contract manager who needs a better understanding of contact SLAs
  • Will help you:
    • Understand what a Service Level Agreement is and what it’s for
    • Learn what the components are of an SLA and why you need them
    • Create a checklist of required SLA elements for your organization
    • Develop standard SLA template requirements for various service types
    • Learn the importance of SLA management to hold providers accountable
  • Will also assist:
    • Vendor management
    • Procurement and sourcing
    • Organizations that need to understand SLAs within contract language
    • With creating standardized monitoring & reporting requirements
    • Organizations get better position remedies & credits to hold vendors accountable to their commitments
  • Reduce Risk With Rock-Solid Service-Level Agreements (SLAs)

    Hold service providers more accountable to their contractual obligations with meaningful SLA components and remedies

    The Problem

    IT Leadership doesn't know how to evaluate an SLA.

    Misunderstanding of obligations given the type of service provided (SAAS, IAAS, DR/BCP, Service Desk)

    Expectations not being met, leading to poor service from the provider.

    No way to hold provider accountable.

    Why it matters

    SLAS are designed to ensure that outsourced IT services meet the requirements and expectations of the organization. Well-written SLAs with all the required elements, metrics, and remedies will allow IT departments to provide the service levels to their customer and avoid financial and contractual risk to the organization.

    The Solution

    1. Understand the key service elements within an SLA
    • Develop a solid understanding of the key elements within an SLA and why they're important.
  • Establish requirements to create SLA criteria
    • Prioritize contractual services and establish concise SLA checklists and performance metrics.
  • Manage SLA obligations to ensure commitments are met
    • Review the five steps for effective SLA management to track provider performance and deal with chronic issues.
  • Service types

    • Availability/Uptime
    • Response Times
    • Resolution Time
    • Accuracy
    • First-Call Resolution

    Agreement Types

    • SaaS/IaaS
    • Service Desk
    • MSP
    • Co-Location
    • DR/BCP
    • Security Ops

    Performance Metrics

    • Reporting
    • Remedies & Credits
    • Monitoring
    • Exclusion

    Example SaaS Provider

    • Response Times ✓
    • Availability/Uptime ✓
    • Resolution Time ✓
    • Update Times ✓
    • Coverage Time ✓
    • Monitoring ✓
    • Reporting ✓
    • Remedies/Credits ✓

    SLA Management Framework

    1. SLO Monitoring
    • SLOs must be monitored by the provider, otherwise they can't be measured.
  • Concise Reporting
    • This is the key element for the provider to validate their performance.
  • Attainment Tracking
    • Capturing SLO metric attainment provides performance trending for each provider.
  • Score carding
    • Tracking details provide input into overall vendor performance ratings.
  • Remedy Reconciliation
    • From SLO tracking, missed SLOs and associated credits needs to be actioned and consumed.
  • Executive Summary

    Your Challenge

    To understand which SLAs are required for your organization and how they can differ depending on the service type. In addition, these other challenges can also cloud your knowledge of SLAs

    • No standardized SLA documents, Service levels, or metrics
    • Dealing with lost productivity & revenue due to persistent downtime
    • Understanding SLA components and what service levels are requires for a particular service
    • How to manage the SLA and hold the vendor accountable

    Common Obstacles

    There are several unknowns that SLA can present to different departments within the organization:

    • Little knowledge of what service levels are required
    • Not knowing SLO standards for a service type
    • Lack of resources to manage vendor obligations
    • Negotiating required metrics/KPIs with the provider
    • Low understanding of the risk that poor SLAs can present to the organization

    Info-Tech's Approach

    Info-Tech has a three-step approach to effective SLAs

    • Understand the elements of an SLA
    • Create Requirements for your organization
    • Manage the SLA obligations

    There are some basic components that every SLA should have – most don’t have half of what is required

    Info-Tech Insight

    SLAs need to have clear, easy to measure objectives to meet your expectations and service level requirements, including meaningful reporting and remedies to hold the provider accountable to their obligations.

    Your challenge

    This research is designed to help organizations gain a better understanding of what an SLA is, understand the importance of SLAs in IT contracts, and ensure organizations are provided with rock-solid SLAs that meet their requirements and not just what the vendor wants to provide.

    • Vendors can make SLAs weak and difficult to understand; sometimes the metrics are meaningless. Not fully understanding what makes up a good SLA can bring unknown risks to the organization.
    • Managing vendor SLA obligations effectively is important. Are adequate resources available? Does the vendor provide manual vs. automated processes and which do you need? Is the process proactive from the vendor or reactive from the customer?

    SLAs come in many variations and for many service types. Understanding what needs to be in them is one of the keys to reducing risk to your organization.

    “One of the biggest mistakes an IT leader can make is ignoring the ‘A’ in SLA,” adds Wendy M. Pfeiffer, CIO at Nutanix. “

    An agreement isn’t a one-sided declaration of IT capabilities, nor is it a one-sided demand of business requirements,” she says. “An agreement involves creating a shared understanding of desired service delivery and quality, calculating costs related to expectations, and then agreeing to outcomes in exchange for investment.” (15 SLA mistakes IT leaders still make | CIO)

    Common obstacles

    There are typically a lot of unknowns when it comes to SLAs and how to manage them.

    Most organizations don’t have a full understanding of what SLAs they require and how to ensure they are met by the vendor. Other obstacles that SLAs can present are:

    • Inadequate resources to create and manage SLAs
    • Poor awareness of standard or required SLA metrics/KPIs
    • Lack of knowledge about each provider’s commitment as well as your obligations
    • Low vendor willingness to provide or negotiate meaningful SLAs and credits
    • The know-how or resources to effectively monitor and manage the SLA’s performance

    SLAs need to address your requirements

    55% of businesses do not find all of their service desk metrics useful or valuable (Freshservice.com)

    27% of businesses spend four to seven hours a month collating metric reports (Freshservice.com)

    Executive Summary

    Info-Tech’s Approach

    • Understand the elements of an SLA
      • Availability
      • Monitoring
      • Response Times
      • SLO Calculation
      • Resolution Time
      • Reporting
      • Milestones
      • Exclusions
      • Accuracy
      • Remedies & Credits
    • Create standard SLA requirements and criteria
      • SLA Element Checklist
      • Corporate Requirements and Standards
      • SLA Templates and Policy
    • Effectively Manage the SLA Obligations
      • SLA Management Framework
        • SLO Monitoring
        • Concise Reporting
        • Attainment Tracking
        • Score Carding
        • Remedy Reconciliation

    Info-Tech’s three phase approach

    Reduce Risk With Rock-Solid Service-Level Agreements

    Phase 1

    Understand SLA Elements

    Phase Content:

    • 1.1 What are SLAs, types of SLAs, and why are they needed?
    • 1.2 Elements of an SLA
    • 1.3 Obligation management monitoring, Reporting requirements
    • 1.4 Exclusions
    • 1.5 SLAs vs. SLOs vs. SLIs

    Outcome:

    This phase will present you with an understanding of the elements of an SLA: What they are, why you need them, and how to validate them.

    Phase 2

    Create Requirements

    Phase Content:

    • 2.1 Create a list of your SLA criteria
    • 2.2 Develop SLA policy & templates
    • 2.3 Create a negotiation strategy
    • 2.4 SLA Overachieving discussion

    Outcome:

    This phase will leverage knowledge gained in Phase 1 and guide you through the creation of SLA requirements, criteria, and templates to ensure that providers meet the service level obligations needed for various service types to meet your organization’s service expectations.

    Phase 3

    Manage Obligations

    Phase Content:

    • 3.1 SLA Monitoring, Tracking
    • 3.2 Reporting
    • 3.3 Vendor SLA Reviews & Optimizing
    • 3.4 Performance management

    Outcome:

    This phase will provide you with an SLA management framework and the best practices that will allow you to effectively manage service providers and their SLA obligations.

    Insight summary

    Overarching insight

    SLAs need to have clear, easy-to-measure objectives to meet your expectations and service level requirements, including meaningful reporting and remedies to hold the provider accountable to their obligations.

    Phase 1 insight

    Not understanding the required elements of an SLA and not having meaningful remedies to hold service providers accountable to their obligations can present several risk factors to your organization.

    Phase 2 insight

    Creating standard SLA criteria for your organization’s service providers will ensure consistent service levels for your business units and customers.

    Phase 3 insight

    SLAs can have appropriate SLOs and remedies but without effective management processes they could become meaningless.

    Tactical insight

    Be sure to set SLAs that are easily measurable from regularly accessible data and that are straight forward to interpret.

    Tactical insight

    Beware of low, easy to attain service levels and metrics/KPIs. Service levels need to meet your expectations and needs not the vendor’s.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    SLA Tracker & Trending Tool

    Track the provider’s SLO attainment and see how their performance is trending over time

    SLA Evaluation Tool

    Evaluate SLA service levels, metrics, credit values, reporting, and other elements

    SLA Template & Metrics Reference Guide

    Reference guide for typical SLA metrics with a generic SLA Template

    Service-Level Agreement Checklist

    Complete SLA component checklist for core SLA and contractual elements.

    Key deliverable:

    Service-Level Agreement Evaluation Tool

    Evaluate each component of the SLA , including service levels, metrics, credit values, reporting, and processes to meet your requirements

    Blueprint objectives

    Understand the components of an SLA and effectively manage their obligations

    • To provide an understanding of different types of SLAs, their required elements, and what they mean to your organization. How to identify meaningful service levels based on service types. We will break down the elements of the SLA such as service types and define service levels such as response times, availability, accuracy, and associated metrics or KPIs to ensure they are concise and easy to measure.
    • To show how important it is that all metrics have remedies to hold the service provider accountable to their SLA obligations.

    Once you have this knowledge you will be able to create and negotiate SLA requirements to meet your organization’s needs and then manage them effectively throughout the term of the agreement.

    InfoTech Insight:

    Right-size your requirements and create your SLO criteria based on risk mitigation and create measurements that motivate the desired behavior from the SLA.

    Blueprint benefits

    IT Benefits

    • An understanding of standard SLA service levels and metrics
    • Reduced financial risk through clear and concise easy-to-measure metrics and KPIs
    • Improved SLA commitments from the service provider
    • Meaningful reporting and remedies to hold the provider accountable
    • Service levels and metrics that meet your requirements to support your customers

    Business Benefits

    • Better understanding of an SLA framework and required SLA elements
    • Improved vendor performance
    • Standardized service levels and metrics aligned to your organization’s requirements
    • Reduced time in reviewing and comprehending vendor SLAs
    • Consistent performance from your service providers

    Measure the value of this blueprint

    1. Dollars Saved
    • Improved performance from your service provider
    • Reduced financial risk through meaningful service levels & remedies
    • Dollars gained through:
      • Reconciled credits from obligation tracking and management
      • Savings due to automated processes
  • Time Saved
    • Reduced time in creating effective SLAs through requirement templates
    • Time spent tracking and managing SLA obligations
    • Reduced negotiation time
    • Time spent tracking and reconciling credits
  • Knowledge Gained
    • Understanding of SLA elements, service levels, service types, reporting, and remedies
    • Standard metrics and KPIs required for various service types and levels
    • How to effectively manage the service provider obligations
    • Tactics to negotiate appropriate service levels to meet your requirements
  • Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way wound help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between three to six calls over the course of two to three months.

    Phase 1 - Understand

    • Call #1: Scope requirements, objectives, and your specific SLA challenges

    Phase 2 - Create Requirements

    • Call #2: Review key SLA and how to identify them
    • Call #3: Deep dive into SLA elements and why you need them
    • Call #4: Review your service types and SLA criteria
    • Call #5: Create internal SLA requirements and templates

    Phase 3 - Management

    • Call #6: Review SLA Management Framework
    • Call #7: Review and create SLA Reporting and Tracking

    Workshop Overview

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Day 1 Day 2
    Understanding SLAs SLA Templating & Management
    Activities

    1.1 SLA overview, objectives, SLA types, service levels

    1.2 SLA elements and objectives

    1.3 SLA components – monitoring, reporting, remedies

    1.4 SLA Checklist review

    2.1 Creating SLA criteria and requirements

    2.2 SLA policy & template

    2.3 SLA evaluation activity

    2.4 SLA management framework

    2.5 SLA monitoring, tracking, remedy reconciliation

    Deliverables
    1. SLA Checklist
    2. SLA policy & template creation
    3. SLA management gap analysis
    1. Evaluation of current SLAs
    2. SLA tracking and trending
    3. Create internal SLA management framework

    Reduce Risk With Rock-Solid Service-Level Agreements

    Phase 1

    Phase 1

    Understand SLA Elements

    Phase Steps

    • 1.1 What are SLAs, the types of SLAs, and why are they needed?
    • 1.2 Elements of an SLA
    • 1.3 Obligation management monitoring, Reporting requirements
    • 1.4 Exclusions and exceptions
    • 1.5 SLAs vs. SLOs vs. SLIs

    Create Requirements

    Manage Obligations

    1.1 What are SLAs, the types of SLAs, and why are they needed?

    SLA Overview

    What is a Service Level Agreement?

    An SLA is an overarching contractual agreement between a service provider and a customer (can be external or internal) that describes the services that will be delivered by the provider. It describes the service levels and associated performance metrics and expectations, how the provider will show it has attained the SLAs, and defines any remedies or credits that would apply if the provider fails to meet its commitments. Some SLAs also include a change or revision process.

    SLAs come in a few forms. Some are unique, separate, standalone documents that define the service types and levels in more detail and is customized to your needs. Some are separate documents that apply to a service and are web posted or linked to an MSA or SSA. The most common is to have them embedded in, or as an appendix to an MSA or SSA. When negotiating an MSA it’s generally more effective to negotiate better service levels and metrics at the same time.

    Objectives of an SLA

    To be effective, SLAs need to have clearly described objectives that define the service type(s) that the service provider will perform, along with commitment to associated measurable metrics or KPIs that are sufficient to meet your expectations. The goal of these service levels and metrics is to ensure that the service provider is committed to providing the service that you require, and to allow you to maintain service levels to your customers whether internal or external.

    1.1 What are SLAs, the types of SLAs, and why are they needed?

    Key Elements of an SLA

    Principle service elements of an SLA

    There are several more common service-related elements of an SLA. These generally include:

    • The Agreement – the document that defines service levels and commitments.
    • The service types – the type of service being provided by the vendor. These can include SaaS, MSP, Service Desk, Telecom/network, PaaS, Co-Lo, BCP, etc.
    • The service levels – these are the measurable performance objectives of the SLA. They include availability (uptime), response times, restore times, priority level, accuracy level, resolution times, event prevention, completion time, etc.
    • Metrics/KPIs – These are the targets or commitments associated to the service level that the service provider is obligated to meet.
    • Other elements – Reporting requirements, monitoring, remedies/credit values and process.

    Contractual Construct Elements

    These are construct components of an SLA that outline their roles and responsibilities, T&Cs, escalation process, etc.

    In addition, there are several contractual-type elements including, but not limited to:

    • A statement regarding the purpose of the SLA.
    • A list of services being supplied (service types).
    • An in-depth description of how services will be provided and when.
    • Vendor and customer requirements.
    • Vendor and customer obligations.
    • Acknowledgment/acceptance of the SLA.
    • They also list each party’s responsibilities and how issues will be escalated and resolved.

    Common types of SLAs explained

    Service-level SLA

    • This service-level agreement construct is the Service-based SLA. This SLA covers an identified service for all customers in general (for example, if an IT service provider offers customer response times for a service to several customers). In a service-based agreement, the response times would be the same and apply to all customers using the service. Any customer using the service would be provided the same SLA – in this case the same defined response time.

    Customer-based SLA

    • A customer-based SLA is a unique agreement with one customer. The entire agreement is defined for one or all service levels provided to a particular customer (for example, you may use several services from one telecom vendor). The SLAs for these services would be covered in one contract between you and the vendor, creating a unique customer-based vendor agreement. Another scenario could be where a vendor offers general SLAs for its services but you negotiate a specific SLA for a particular service that is unique or exclusive to you. This would be a customer-based SLA as well.

    Multi-level SLA

    • This service-level agreement construct is the multi-level SLA. In a multi-level SLA, components are defined to the organizational levels of the customer with cascading coverage to sublevels of the organization. The SLA typically entails all services and is designed to the cover each sub-level or department within the organization. Sometimes the multi-level SLA is known as a master organization SLA as it cascades to several levels of the organization.

    InfoTech Insight: Beware of low, easy to attain Service levels and metrics/KPIs. Service levels need to meet your requirements, expectations, and needs not the vendor’s.

    1.2 Elements of SLA-objectives, service types, and service levels

    Objectives of Service Levels

    The objective of the service levels and service credits are to:

    • Ensure that the services are of a consistently high quality and meet the requirements of the customer
    • Provide a mechanism whereby the customer can attain meaningful recognition of the vendors failure to deliver the level of service for which it was contracted to deliver
    • Incentivize the vendor or service provider to comply with and to expeditiously provide a remedy for any failure to attain the service levels committed to in the SLA
    • To ensure that the service provider fulfills the defined objectives of the outsourced service

    Service types

    There are several service types that can be part of an SLA. Service types are the different nature of services associated with the SLA that the provider is performing and being measured against. These can include:

    Service Desk, SaaS, PaaS, IaaS, ISP/Telecom/Network MSP, DR & BCP, Co-location security ops, SOW.

    Each service type should have standard service level targets or obligations that can vary depending on your requirements and reliance on the service being provided.

    Service levels

    Service levels are measurable targets, metrics, or KPIs that the service provider has committed to for the particular service type. Service levels are the key element of SLAs – they are the performance expectations set between you and the provider. The service performance of the provider is measured against the service level commitments. The ability of the provider to consistently meet these metrics will allow your organization to fully benefit from the objectives of the service and associated SLAs. Most service levels are time related but not all are.

    Common service levels are:

    Response times, resolution times per percent, restore/recovery times, accuracy, availability/uptime, completion/milestones, updating/communication, latency.

    Each service level has standard or minimum metrics for the provider. The metrics, or KPIs, should be relatively easy to measure and report against on a regular basis. Service levels are generally negotiable to meet your requirements.

    1.2.1 Activity SLA Checklist Tool

    1-2 hours

    Input

    • SLA content, Service elements
    • Contract terms & exclusions
    • Service metrices/KPIs

    Output

    • A concise list of SLA components
    • A list of missing SLA elements
    • Evaluation of the SLA

    Materials

    • Comprehensive checklist
    • Service provider SLA
    • Internal templates or policies

    Participants

    • Vendor or contract manager
    • IT or business unit manager
    • Legal
    • Finance

    Using this checklist will help you review a provider’s SLA to ensure it contains adequate service levels and remedies as well as contract-type elements.

    Instructions:

    Use the checklist to identify the principal service level elements as well as the contractual-type elements within the SLA.

    Review the SLA and use the dropdowns in the checklist to verify if the element is in the SLA and whether it is within acceptable parameters as well the page or section for reference.

    The checklist contains a list of service types that can be used for reference of what SLA elements you should expect to see in that service type SLA.

    Download the SLA Checklist Tool

    1.3 Monitoring, reporting requirements, remedies/credit process

    Monitoring & Reporting

    As mentioned, well-defined service levels are key to the success of the SLA. Validating that the metrics/KPIs are being met on a consistent basis requires regular monitoring and reporting. These elements of the SLA are how you hold the provider accountable to the SLA commitments and obligations. To achieve the service level, the service must be monitored to validate that timelines are met and accuracy is achieved.

    • Data or details from monitoring must then be presented in a report and delivered to the customer in an agreed-upon format. These formats can be in a dashboard, portal, spreadsheet, or csv file, and they must have sufficient criteria to validate the service-level metric. Reports should be kept for future review and to create historical trending.
    • Monitoring and reporting should be the responsibility of the service provider. This is the only way that they can validate to the customer that a service level has been achieved.
    • Reporting criteria and delivery timelines should be defined in the SLA and can even have a service level associated with it, such as a scheduled report delivery on the fifth day of the following month.
    • Reports need to be checked and balanced. When defining report criteria, be sure to define data source(s) that can be easily validated by both parties.
    • Report criteria should include compliance requirements, target metric/KPIs, and whether they were attained.
    • The report should identify any attainment shortfall or missed KPIs.

    Too many SLAs do not have these elements as often the provider tries to put the onus on the customer to monitor their performance of the service levels. .

    1.3.1 Monitoring, reporting requirements, remedies/credit process

    Remedies and Credits

    Service-level reports validate the performance of the service provider to the SLA metrics or KPIs. If the metrics are met, then by rights, the service provider is doing its job and performing up to expectations of the SLA and your organization.

    • What if the metrics are not being met either periodically or consistently? Solving this is the goal of remedies. Remedies are typically monetary costs (in some form) to the provider that they must pay for not meeting a service-level commitment. Credits can vary significantly and should be aligned to the severity of the missed service level. Sometimes there no credits offered by the vendor. This is a red flag in an SLA.
    • Typically expressed as a monetary credit, the SLA will have service levels and associated credits if the service-level metric/KPI is not met during the reporting period. Credits can be expressed in a dollar format, often defined as a percentage of a monthly fee or prorated annual fee. Although less common, some SLAs offer non-financial credits. These could include: an extension to service term, additional modules, training credits, access to a higher support level, etc.
    • Regardless of how the credit is presented, this is typically the only way to hold your provider accountable to their commitments and to ensure they perform consistently to expectations. You must do a rough calculation to validate the potential monetary value and if the credit is meaningful enough to the provider.

    Research shows that credit values that equate to just a few dollars, when you are paying the provider tens of thousands of dollars a month for a service or product, the credit is insignificant and therefore doesn’t incent the provider to achieve or maintain a service level.

    1.3.2 Monitoring, reporting requirements, remedies/credit process

    Credit Process

    Along with meaningful credit values, there must be a defined credit calculation method and credit redemption process in the SLA.

    Credit calculation. The credit calculation should be simple and straight forward. Many times, we see providers define complicated methods of calculating the credit value. In some cases complicated service levels require higher effort to monitor and report on, but this shouldn’t mean that the credit for missing the service level needs to require the same effort to calculate. Do a sample credit calculation to validate if the potential credit value is meaningful enough or meets your requirements.

    Credit redemption process. The SLA should define the process of how a credit is provided to the customer. Ideally the process should be fairly automated by the service provider. If the report shows a missed service level, that should trigger a credit calculation and credit value posted to account followed by notification. In many SLAs that we review, the credit process is either poorly defined or not defined at all. When it is defined, the process typically requires the customer to follow an onerous process and submit a credit request that must then be validated by the provider and then, if approved, posted to your account to be applied at year end as long as you are in complete compliance with the agreement and up-to-date on your account etc. This is what we need to avoid in provider-written SLAs. You need a proactive process where the service provider takes responsibility for missing an SLA and automatically assigns an accurate credit to your account with an email notice.

    Secondary level remedies. These are remedies for partial performance. For example, the platform is accessible but some major modules are not working (i.e.: the payroll platform is up and running and accessible but the tax table is not working properly so you can’t complete your payroll run on-time). Consider the requirement of a service level, metric, and remedy for critical components of a service and not just the platform availability.

    Info-Tech Insight SLA’s without adequate remedies to hold the vendor accountable to their commitments make the SLAs essentially meaningless.

    1.4 Exclusions indemnification, force majeure, scheduled maintenance

    Contract-Related Exclusions

    Attaining service-level commitments by the provider within an SLA can depend on other factors that could greatly influence their performance to service levels. Most of these other factors are common and should be defined in the SLA as exclusions or exceptions. Exceptions/exclusions can typically apply to credit calculations as well. Typical exceptions to attaining service levels are:

    • Denial of Service (DoS) attacks
    • Communication/ISP outage
    • Outages of third-party hosting
    • Actions or inactions of the client or third parties
    • Scheduled maintenance but not emergency maintenance
    • Force majeure events which can cover several different scenarios

    Attention should be taken to review the exceptions to ensure they are in fact not within the reasonable control of the provider. Many times the provider will list several exclusions. Often these are not reasonable or can be avoided, and in most cases, they allow the service provider the opportunity to show unjustified service-level achievements. These should be negotiated out of the SLA.

    1.5 Activity SLA Evaluation Tool

    1-2 hours

    Input

    • SLA content
    • SLA elements
    • SLA objectives
    • SLO calculation methods

    Output

    • Rating of the SLA service levels and objectives
    • Overall rating of the SLA content
    • Targeted list of required improvements

    Materials

    • SLA comprehensive checklist
    • Service provider SLA

    Participants

    • Vendor or contract manager
    • IT manager or leadership
    • Application or business unit manager

    The SLA Evaluation Tool will allow you evaluate an SLA for content. Enter details into the tool and evaluate the service levels and SLA elements and components to ensure the agreement contains adequate SLOs to meet your organization’s service requirements.

    Instructions:

    Review and identify SLA elements within the service provider’s SLA.

    Enter service-level details into the tool and rate the SLOs.

    Enter service elements details, validate that all required elements are in the SLA, and rate them accordingly.

    Capture and evaluate service-level SLO calculations.

    Review the overall rating for the SLA and create a targeted list for improvements with the service provider.

    Download the SLA Evaluation Tool

    1.5 Clarification: SLAs vs. SLOs vs. SLIs

    SLA – Service-Level Agreement The promise or commitment

    • This is the formal agreement between you and your service provider that contains their service levels and obligations with measurable metrics/KPIs and associated remedies. SLAs can be a separate or unique document, but are most commonly embedded within an MSA, SOW, SaaS, etc. as an addendum or exhibit.

    SLO – Service-Level Objective The goals or targets

    • This service-level agreement construct is the customer-based SLA. A Customer-based SLA is a unique agreement with one customer. The entire agreement is defined for one or all service levels provided to a particular customer. For example, you may use several services from one telecom vendor. The SLAs for these services would be covered in one contract between you and the Telco vendor, creating a unique customer-based to vendor agreement. Another scenario: a vendor offers general SLAs for its services and you negotiate a specific SLA for a particular service that is unique or exclusive to you. This would be a customer-based SLA as well.

    Other common names are Metrics and Key Performance Indicators (KPIs )

    SLI – Service-Level Indicator How did we do? Did we achieve the objectives?

    • An SLI is the actual metric attained after the measurement period. SLI measures compliance with an SLO (service level objective). So, for example, if your SLA specifies that your systems will be available 99.95% of the time, your SLO is 99.95% uptime and your SLI is the actual measurement of your uptime. Maybe it’s 99.96%. maybe 99.99% or even 99.75% For the vendor to be compliant to the SLA, the SLI(s) must meet or exceed the SLOs within the SLA document.

    Other common names: attainment, results, actual

    Info-Tech Insight:

    Web-posted SLAs that are not embedded within a signed MSA, can present uncertainty and risk as they can change at any time and typically without direct notice to the customer

    Reduce Risk With Rock-Solid Service-Level Agreements

    Phase 2

    Understand SLA Elements

    Phase 2

    Create Requirements

    Phase Steps

    • 2.1 Create a list of your SLA criteria
    • 2.2 Develop SLA policy & templates
    • 2.3 Create a negotiation strategy
    • 2.4 SLA overachieving discussion

    Manage Obligations

    2.1 Create a list of your SLA criteria

    Principle Service Elements

    With your understanding of the types of SLAs and the elements that comprise a well-written agreement

    • The next step is to start to create a set of SLA criteria for service types that your organization outsources or may require in the future.
    • This criteria should define the elements of the SLA with tolerance levels that will require the provider to meet your service expectations.
    • Service levels, metrics/KPIs, associated remedies and reporting criteria. This criteria could be captured into table-like templates that can be referenced or inserted into service provider SLAs.
    • Once you have defined minimum service-level criteria, we recommend that you do a deeper review of the various service provider types that your organization has in place. The goal of the review is to understand the objective of the service type and associated service levels and then compare them to your requirements for the service to meet your expectations. Service levels and KPIs should be no less than if your IT department was providing the service with its own resources and infrastructure.
    • Most IT departments have service levels that they are required to meet with their infrastructure to the business units or organization, whether it’s App delivery, issue or problem resolution, availability etc. When any of these services are outsourced to an external service provider, you need to make all efforts to ensure that the service levels are equal to or better than the previous or existing internal expectations.
    • Additionally, the goal is to identify service levels and metrics that don’t meet your requirements or expectations and/or service levels that are missing.

    2.2 Develop SLA policies and templates

    Contract-type Elements

    After creating templates for minimum-service metrics & KPIs, reporting criteria templates, process, and timing, the next step should be to work on contract-type elements and additional service-level components. These elements should include:

    • Reporting format, criteria, and timelines
    • Monitoring requirements
    • Minimum acceptable remedy or credits process; proactive by provider vs. reactive by customer
    • Roles & responsibilities
    • Acceptable exclusion details
    • Termination language for persistent failure to meet SLOs

    These templates or criteria minimums can be used as guidelines or policy when creating or negotiating SLAs with a service provider.

    Start your initial element templates for your strategic vendors and most common service types: SaaS, IaaS, Service Desk, SecOps, etc. The goal of SLA templates is to create simple minimum guidelines for service levels that will allow you to meet your internal SLAs and expectations. Having SLA templates will show the service provider that you understand your requirements and may put you in a better negotiating position when reviewing with the provider.

    When considering SLO metrics or KPIs consider the SMART guidance:

    Simple: A KPI should be easy to measure. It should not be complicated, and the purpose behind recording it must be documented and communicated.

    Measurable: A KPI that cannot be measured will not help in the decision-making process. The selected KPIs must be measurable, whether qualitatively or quantitatively. The procedure for measuring the KPIs must be consistent and well-defined.

    Actionable: KPIs should contribute to the decision-making process of your organization. A KPI that does not make any such contributions serves no purpose.

    Relevant: KPIs must be related to operations or functions that a security team seeks to assess.

    Time-based: KPIs should be flexible enough to demonstrate changes over time. In a practical sense, an ideal KPI can be grouped together by different time intervals.

    (Guide for Security Operations Metrics)

    2.2.1 Activity: Review SLA Template & Metrics Reference Guide

    1-2 hours

    Input

    • Service level metrics
    • List of who is accountable for PPM decisions

    Output

    • SLO templates for service types
    • SLA criteria that meets your organization’s requirements

    Materials

    • SLA Checklist
    • SLA criteria list with SLO & credit values
    • PPM Decision Review Workbook

    Participants

    • Vendor manager
    • IT leadership
    • Procurement or contract manager
    1. Review the SLA Template and Metrics Reference Guide for common metrics & KPIs for the various service types. Each Service Type tab has SLA elements and SLO metrics typically associated with the type of service.
    2. Some service levels have common or standard credits* that are typically associated with the service level or metric.
    3. Use the SLA Template to enter service levels, metrics, and credits that meet your organization’s criteria or requirements for a given service type.

    Download the SLA Template & Metrics Reference Guide

    *Credit values are not standard values, rather general ranges that our research shows to be the typical ranges that credit values should be for a given missed service level

    2.3 Create a negotiation strategy

    Once you have created service-level element criteria templates for your organization’s requirements, it’s time to document a negotiation position or strategy to use when negotiating with service providers. Not all providers are flexible with their SLA commitments, in fact most are reluctant to change or create “unique” SLOs for individual customers. Particularly cloud vendors providing IaaS, SaaS, or PaaS, SLAs. ISP/Telcom, Co-Lo and DR/BU providers also have standard SLOs that they don’t like to stray far from. On the other hand, security ops (SIEM), service desk, hardware, and SOW/PS providers who are generally contracted to provide variable services are somewhat more flexible with their SLAs and more willing to meet your requirements.

    • Service providers want to avoid being held accountable to SLOs, and their SLAs are typically written to reflect that.

    The goal of creating internal SLA templates and policies is to set a minimum baseline of service levels that your organization is willing to accept, and that will meet their requirements and expectations for the outsourced service. Using these templated SLOs will set the basis for negotiating the entire SLA with the provider. You can set the SLA purpose, objectives, roles, and responsibilities and then achieve these from the service provider with solid SLOs and associated reporting and remedies.

    Info-Tech Insight

    Web-posted SLAs that are not embedded within a signed MSA can present uncertainty and risk as they can change at any time and typically without direct notice to the customer

    2.3.1 Negotiating strategy guidance

    • Be prepared. Create a negotiating plan and put together a team that understands your organization’s requirements for SLA.
    • Stay informed. Request provider’s recent performance data and negotiate SLOs to the provider’s average performance.
    • Know what you need. Corporate SLA templates or policies should be positioned to service providers as baseline minimums.
    • Show some flexibility. Be willing to give up some ground on one SLO in exchange for acceptance of SLOs that may be more important to your organization.
    • Re-group. Have a fallback position or Plan B. What if the provider can’t or won’t meet your key SLOs? Do you walk?
    • Do your homework. Understand what the typical standard SLOs are for the type of service level.

    2.4 SLO overachieving incentive discussion

    Monitoring & Reporting

    • SLO overachieving metrics are seen in some SLAs where there is a high priority for a service provider to meet and or exceed the SLOs within the SLA. These are not common terms but can be used to improve the overall service levels of a provider. In these scenarios the provider is sometimes rewarded for overachieving on the SLOs, either consistently or on a monthly or quarterly basis. In some cases, it can make financial sense to incent the service provider to overachieve on their commitments. Incentives can drive behaviors and improved performance by the provider that can intern improve the benefits to your organization and therefore justify an incent of some type.
    • Example: You could have an SLO for invoice accuracy. If not achieved, it could cost the vendor if they don’t meet the accuracy metric, however if they were to consistently overachieve the metric it could save accounts payable hours of time in validation and therefore you could pass on some of these measurable savings to the provider.
    • Overachieving incentives can add complexity to the SLA so they need to be easily measurable and simple to manage.
    • Overachieving incentives can also be used in provider performance improvement plans, where a provider might have poor trending attainment and you need to have them improve their performance in a short period of time. Incentives typically will motivate provider improvement and generally will cost much less than replacing the provider.
    • There is another school of thought that you shouldn’t have to pay a provider for doing their job; however, others are of the opinion that incentives or bonuses improve the overall performance of individuals or teams and are therefore worth consideration if both parties benefit from the over performance.

    Reduce Risk With Rock-Solid Service-Level Agreements

    Phase 3

    Understand SLA Elements

    Create Requirements

    Phase 3

    Manage Obligations

    Phase Steps

    • 3.1 SLA monitoring and tracking
    • 3.2 Reporting
    • 3.3 Vendor SLA reviews & optimizing
    • 3.4 Performance management

    3.1 SLA monitoring, tracking, and remedy reconciliation

    The next step to effective SLAs is the management component. It could be fruitless if you were to spend your time and efforts negotiating your required service levels and metrics and don’t have some level of managing the SLA. In that situation you would have no way of knowing if the service provider is attaining their SLOs.

    There are several key elements to effective SLA management:

    • SLO monitoring
    • Simple, concise reporting
    • SLO attainment tracking
    • Score carding & trending
    • Remedy reconciliation

    SLA Management framework

    SLA Monitoring → Concise Reporting → Attainment Tracking → Score Carding →Remedy Reconciliation

    “A shift we’re beginning to see is an increased use of data and process discovery tools to measure SLAs,” says Borowski of West Monroe. “While not pervasive yet, these tools represent an opportunity to identify the most meaningful metrics and objectively measure performance (e.g., cycle time, quality, compliance). When provided by the client, it also eliminates the dependency on provider tools as the source-of-truth for performance data.” – Stephanie Overby

    3.1 SLA management framework

    SLA Performance Management

    • SLA monitoring provides data for SLO reports or dashboards. Reports provide attainment data for tacking over time. Attainment data feeds scorecards and allows for trending analysis. Missed attainment data triggers remedies.
    • All service providers monitor their systems, platforms, tickets, agents, sensors etc. to be able to do their jobs. Therefore, monitoring is readily available from your service provider in some form.
    • One of the key purposes of monitoring is to generate data into internal reports or dashboards that capture the performance metrics of the various services. Therefore, service-level and metric reports are readily available for all of the service levels that a service provider is contracted or engaged to provide.
    • Monitoring and reporting are the key elements that validate how your service provider is meeting its SLA obligations and thus are very important elements of an SLA. SLO report data becomes attainment data once the metric or KPI has been captured.
    • As a component of effective SLA management, this attainment data needs to be tracked/recorded in an easy-to-read format or table over a period of time. Attainment data can then be used to generate scorecards and trending reports for your review both internally and with the provider as required.
    • If attainment data shows that the service provider is meeting their SLA obligations, then the SLA is meeting your requirements and expectations. If on the other hand, attainment data shows that obligations are not being met, then actions must be taken to hold the service provider accountable. The most common method is through remedies that are typically in the form of a credit through a defined process (see Sec. 1.3). Any credits due for missed SLOs should also be tracked and reported to stakeholders and accounting for validation, reconciliation, and collection.

    3.2 Reporting

    Monitoring & Reporting

    • Many SLAs are silent on monitoring and reporting elements and require that the customer, if aware or able, to monitor the providers service levels and attainment and create their own KPI and reports. Then if SLOs are not met there is an arduous process that the customer must go through to request their rightful credit. This manual and reactive method creates all kinds of risk and cost to the customer and they should make all attempts to ensure that the service provider proactively provides SLO/KPI attainment reports on a regular basis.
    • Automated monitoring and reporting is a common task for many IT departments. There is no reason that a service provider can’t send reports proactively in a format that can be easily interpreted by the customer. The ideal state would be to capture KPI report data into a customer’s internal service provider scorecard.
    • Automated or automatic credit posting is another key element that service providers tend to ignore, primarily in hopes that the customer won’t request or go through the trouble of the process. This needs to change. Some large cloud vendors already have automated processes that automatically post a credit to your account if they miss an SLO. This proactive credit process should be at the top of your negotiation checklist. Service providers are avoiding thousands of credit dollars every year based on the design of their credit process. As more customers push back and negotiate more efficient credit processes, vendors will soon start to change and may use it as a differentiator with their service.

    3.2.1 Performance tracking and trending

    What gets measured gets done

    SLO Attainment Tracking

    A primary goal of proactive and automated reporting and credit process is to capture the provider’s attainment data into a tracker or vendor scorecard. These tracking scorecards can easily create status reports and performance trending of service providers, to IT leadership as well as feed QBR agenda content.

    Remedy Reconciliation

    Regardless of how a credit is processed it should be tracked and reconciled with internal stakeholders and accounting to ensure credits are duly applied or received from the provider and in a timely manner. Tracking and reconciliation must also align with your payment terms, whether monthly or annually.

    “While the adage, ‘You can't manage what you don't measure,’ continues to be true, the downside for organizations using metrics is that the provider will change their behavior to maximize their scores on performance benchmarks.” – Rob Lemos

    3.2.1 Activity SLA Tracker and Trending Tool

    1-2 hours setup

    Input

    • SLO metrics/KPIs from the SLA
    • Credit values associated with SLO

    Output

    • Monthly SLO attainment data
    • Credit tracking
    • SLO trending graphs

    Materials

    • Service provider SLO reports
    • Service provider SLA
    • SLO Tracker & Trending Tool

    Participants

    • Contract or vendor managers
    • Application or service managers
    • Service provider

    An important activity in the SLA management framework is to track the provider’s SLO attainment on a monthly or quarterly basis. In addition, if an SLO is missed, an associated credit needs to be tracked and captured. This activity allows you to capture the SLOs from the SLA and track them continually and provide data for trending and review at vendor performance meetings and executive updates.

    Instructions: Enter SLOs from the SLA as applicable.

    Each month, from the provider’s reports or dashboards, enter the SLO metric attainment.

    When an SLO is met, the cell will turn green. If the SLO is missed, the cell will turn red and a corresponding cell in the Credit Tracker will turn green, meaning that a credit needs to be reconciled.

    Use the Trending tab to view trending graphs of key service levels and SLOs.

    Download the SLO Tracker and Trending Tool

    3.3 Vendor SLA reviews and optimizing

    Regular reviews should be done with providers

    Collecting attainment data with scorecards or tracking tools provides summary information on the performance of the service provider to their SLA obligations. This information should be used for regular reviews both internally and with the provider.

    Regular attainment reviews should be used for:

    • Performance trending upward or downward
    • Identifying opportunities to revise or improve SLOs
    • Optimizing SLO and processes
    • Creating a Performance Improvement Plan (PIP) for the service provider

    Some organizations choose to review SLA performance with providers at regular QBRs or at specific SLA review meetings

    This should be determined based on the criticality, risk, and strategic importance of the provider’s service. Providers that provide essential services like ERP, payroll, CRM, HRIS, IaaS etc. should be reviewed much more regularly to ensure that any decline in service is identified early and addressed properly in accordance with the service provider. Negative trending performance should also be documented for consideration at renewal time.

    3.4 Performance management

    Dealing with persistent poor performance and termination

    Service providers that consistently miss key service level metrics or KPIs present financial and security risk to the organization. Poor performance of a service provider reflects directly on the IT leadership and will affect many other business aspects of the organization including:

    • Ability to conduct day-to-day business activities
    • Meet internal obligations and expectations
    • Employee productivity and satisfaction
    • Maintain corporate policies or industry compliance
    • Meet security requirements

    Communication is key. Poor performance of a service provider needs to be dealt with in a timely manner in order to avoid more critical impact of the poor performance. Actions taken with the provider can also vary depending again on the criticality, risk, and strategic importance of the provider’s service.

    Performance reviews should provide the actions required with the goal of:

    • Making the performance problems into opportunities
    • Working with the provider to create a PIP with aggressive timelines and ramifications if not attained
    • Non-renewal or termination consideration, if feasible including provider replacement options, risk, costs, etc.
    • SLA renegotiation or revisions
    • Warning notifications to the service provider with concise issues and ramifications

    To avoid the issues and challenges of dealing with chronic poor performance, consider a Persistent or Chronic Failure clause into the SLA contract language. These clauses can define chronic failure, scenarios, ramifications there of, and defined options for the client including increased credit values, non-monetary remedies, and termination options without liability.

    Info-Tech Insight

    It’s difficult to prevent chronic poor performance but you can certainly track it and deal with it in a way that reduces risk and cost to your organization.

    SLA Hall of Shame

    Crazy service provider SLA content collection

    • Excessive list of unreasonable exclusions
    • Subcontractors’ behavior could be excluded
    • Downtime credit, equal to downtime percent x the MRC
    • Controllable FM events (internal labor issues, health events)
    • Difficult downtime or credit calculations that don’t make sense
    • Credits are not valid if agreement is terminated early or not renewed
    • Customer is not current on their account, SLA or credits do not count/apply
    • Total downtime = to prorated credit value (down 3 hrs = 3/720hrs = 0.4% credit)
    • SLOs don’t apply if customer fails to report the issue or request a trouble ticket
    • Downtime during off hours (overnight) do not count towards availability metrics
    • Different availability commitments based on different support-levels packages
    • Extending the agreement term by the length of downtime as a form of a remedy

    SLA Dos and Don’ts

    Dos

    • Do negotiate SLOs to vendor’s average performance
    • Do strive for automated reporting and credit processes
    • Do right-size and create your SLO criteria based on risk mitigation
    • Do review SLA attainment results with strategic service providers on a regular basis
    • Do ensure that all key elements and components of an SLA are present in the document or appendix

    Don'ts

    • Don’t accept the providers response that “we can’t change the SLOs for you because then we’d have to change them for everyone”
    • Don’t leave SLA preparation to the last minute. Give it priority as you negotiate with the provider
    • Don’t create complex SLAs with numerous service levels and SLOs that need to be reported and managed
    • Don’t aim for absolute perfection. Rather, prioritize which service levels are most important to you for the service

    Summary of Accomplishment

    Problem Solved

    Knowledge Gained

    • Understanding of the elements and components of an SLA
    • A list of SLO metrics aligned to service types that meet your organization’s criteria
    • SLA metric/KPI templates
    • SLA Management process for your provider’s service objectives
    • Reporting and tracking process for performance trending

    Deliverables Completed

    • SLA component and contract element checklist
    • Evaluation or service provider SLAs
    • SLA templates for strategic service types
    • SLA tracker for strategic service providers

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com

    1-888-670-8889

    Related Info-Tech Research

    Improve IT-Business Alignment Through an Internal SLA

    • Understand business requirements, clarify current capabilities, and enable strategies to close service-level gaps.

    Data center Co-location SLA & Service Definition Template

    • In essence, the SLA defines the “product” that is being purchased, permitting the provider to rationalize resources to best meet the needs of varied clients, and permits the buyer to ensure that business requirements are being met.

    Ensure Cloud Security in IaaS, PaaS, and SaaS Environments

    • Keep your information security risks manageable when leveraging the benefits of cloud computing.

    Bibliography

    Henderson, George. “3 Most Common Types of Service Level Agreement (SLA).” Master of Project Academy. N.d. Web.

    “Guide to Security Operations Metrics.” Logsign. Oct 5, 2020. Web.

    Lemos, Rob. “4 lessons from SOC metrics: What your SpecOps team needs to know.” TechBeacon. N.d. Web.

    “Measuring and Making the Most of Service Desk Metrics.” Freshworks. N.d. Web.

    Overby, Stephanie. “15 SLA Mistakes IT Leaders Still Make.” CIO. Jan 21, 2021.

    Build a Strategic IT Workforce Plan

    • Buy Link or Shortcode: {j2store}390|cart{/j2store}
    • member rating overall impact (scale of 10): 9.6/10 Overall Impact
    • member rating average dollars saved: $180,171 Average $ Saved
    • member rating average days saved: 19 Average Days Saved
    • Parent Category Name: Organizational Design
    • Parent Category Link: /organizational-design
    • Talent has become a competitive differentiator. To 46% of business leaders, workforce planning is a top priority – yet only 13% do it effectively.
    • CIOs aren’t sure what they need to give the organization a competitive edge or how current staffing line-ups fall short.

    Our Advice

    Critical Insight

    • A well defined strategic workforce plan (SWP) isn’t just a nice-to-have, it’s a must-have.
    • Integrate as much data as possible into your workforce plan to best prepare you for the future. Without knowledge of your future initiatives, you are filling hypothetical holes.
    • To be successful, you need to understand your strategic initiatives, workforce landscape, and external and internal trends.

    Impact and Result

    The workforce planning process does not need to be onerous, especially with help from Info-Tech’s solid planning tools. With the right people involved and enough time invested, developing an SWP will be easier than first thought and time well spent. Leverage Info-Tech’s client-tested 5-step process to build a strategic workforce plan:

    1. Build a project charter
    2. Assess workforce competency needs
    3. Identify impact of internal and external trends
    4. Identify the impact of strategic initiatives on roles
    5. Build and monitor the workforce plan

    Build a Strategic IT Workforce Plan Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a strategic workforce plan for IT, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Initiate the project

    Assess the value of a strategic workforce plan and the IT department’s fit for developing one, and then structure the workforce planning project.

    • Build a Strategic Workforce Plan – Phase 1: Initiate the Project
    • IT Strategic Workforce Planning Project Charter Template
    • IT Strategic Workforce Planning Project Plan Template

    2. Analyze workforce needs

    Gather and analyze workforce needs based on an understanding of the relevant internal and external trends, and then produce a prioritized plan of action.

    • Build a Strategic Workforce Plan – Phase 2: Analyze Workforce Needs
    • Workforce Planning Workbook

    3. Build the workforce plan

    Evaluate workforce priorities, plan specific projects to address them, and formalize and integrate strategic workforce planning into regular planning processes.

    • Build a Strategic Workforce Plan – Phase 3: Build and Monitor the SWP
    [infographic]

    Workshop: Build a Strategic IT Workforce Plan

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Project Goals, Metrics, and Current State

    The Purpose

    Develop a shared understanding of the challenges your organization is facing with regards to talent and workforce planning.

    Key Benefits Achieved

    An informed understanding of whether or not you need to develop a strategic workforce plan for IT.

    Activities

    1.1 Identify goals, metrics, and opportunities

    1.2 Segment current roles

    1.3 Identify organizational culture

    1.4 Assign job competencies

    1.5 Assess current talent

    Outputs

    Identified goals, metrics, and opportunities

    Documented organizational culture

    Aligned competencies to roles

    Identified current talent competency levels

    2 Assess Workforce and Analyze Trends

    The Purpose

    Perform an in-depth analysis of how internal and external trends are impacting the workforce.

    Key Benefits Achieved

    An enhanced understanding of the current talent occupying the workforce.

    Activities

    2.1 Assess environmental trends

    2.2 Identify impact on workforce requirements

    2.3 Identify how trends are impacting critical roles

    2.4 Explore viable options

    Outputs

    Complete internal trends analysis

    Complete external trends analysis

    Identified internal and external trends on specific IT roles

    3 Perform Gap Analysis

    The Purpose

    Identify the changing competencies and workforce needs of the future IT organization, including shortages and surpluses.

    Key Benefits Achieved

    Determined impact of strategic initiatives on workforce needs.

    Identification of roles required in the future organization, including surpluses and shortages.

    Identified projects to fill workforce gaps.

    Activities

    3.1 Identify strategic initiatives

    3.2 Identify impact of strategic initiatives on roles

    3.3 Determine workforce estimates

    3.4 Determine projects to address gaps

    Outputs

    Identified workforce estimates for the future

    List of potential projects to address workforce gaps

    4 Prioritize and Plan

    The Purpose

    Prepare an action plan to address the critical gaps identified.

    Key Benefits Achieved

    A prioritized plan of action that will fill gaps and secure better workforce outcomes for the organization.

    Activities

    4.1 Determine and prioritize action items

    4.2 Determine a schedule for review of initiatives

    4.3 Integrate workforce planning into regular planning processes

    Outputs

    Prioritized list of projects

    Completed workforce plan

    Identified opportunities for integration

    Manage Exponential Value Relationships

    • Buy Link or Shortcode: {j2store}210|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management

    Implementing exponential IT will require businesses to work with external vendors to facilitate the rapid adoption of cutting-edge technologies such as generative artificial intelligence. IT leaders must:

    These challenges require new skills which build trust and collaboration among vendors.

    Our Advice

    Critical Insight

    Outcome-based relationships require a higher degree of trust than traditional vendor relationships. Build trust by sharing risks and rewards.

    Impact and Result

    • Assess your readiness to take on the new types of vendor relationships that will help you succeed.
    • Identify where you need to build your capabilities in order to successfully manage relationships.
    • Successfully manage outcomes, financials, risk, and relationships in complex vendor relationships.

    Manage Exponential Value Relationships Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Manage Exponential Value Relationships Storyboard – Learn about the new era of exponential vendor relationships and the capabilities needed to succeed.

    This research walks you through how to assess your capabilities to undertake a new model of vendor relationships and drive exponential IT.

    • Manage Exponential Value Relationships Storyboard

    2. Exponential Relationships Readiness Assessment – Assess your readiness to engage in exponential vendor partnerships.

    This tool will facilitate your readiness assessment.

    • Exponential Relationships Readiness Assessment
    [infographic]

    Further reading

    Manage Exponential Value Relationships

    Are you ready to manage outcome-based agreements?

    Analyst Perspective

    Outcome-based agreements require a higher degree of mutual trust.

    Kim Osborne Rodriguez

    Exponential IT brings with it an exciting new world of cutting-edge technology and increasingly accelerated growth of business and IT. But adopting and driving change through this paradigm requires new capabilities to grow impactful and meaningful partnerships with external vendors who can help implement technologies like artificial intelligence and virtual reality.

    Building outcome-based partnerships involves working very closely with vendors who, in many cases, will have just as much to lose as the organizations implementing these new technologies. This requires a greater degree of trust between parties than a standard vendor relationship. It also drastically increases the risks to both organizations; as each loses some control over data and outcomes, they must trust that the other organization will follow through on commitments and obligations.

    Outcome-based partnerships build upon traditional vendor management practices and create the potential for organizations to embrace emerging technology in new ways.

    Kim Osborne Rodriguez
    Research Director, CIO Advisory
    Info-Tech Research Group

    Executive Summary

    Exponential IT drives change

    Vendor relationships must evolve

    To deliver exponential value

    Implementing exponential IT will require businesses to work with external vendors to facilitate the rapid adoption of cutting-edge technologies such as generative artificial intelligence. IT leaders must:

    • Build strategic relationships with external entities to support the autonomization of the enterprise.
    • Procure, operate, and manage contracts and performance in outcome-based relationships.
    • Build relationships with new vendors.

    These challenges require new skills which build trust and collaboration with vendors.

    Traditional vendor management approaches are still important for organizations to develop and maintain. But exponential relationships bring new challenges:

    • A shift from managing technology service agreements to managing business capability agreements
    • Increased vendor access to intellectual property, confidential information, and customers

    IT leaders must adapt traditional vendor management capabilities to successfully lead this change.

    Outcome-based relationships should not be undertaken lightly as they can significantly impact the risk profile of the organization. Use this research to:

    • Assess your foundational vendor management capabilities as well as the transformative capabilities you need to manage outcome-based relationships.
    • Identify where you need to build your capabilities in order to successfully manage relationships.
    • Successfully manage outcomes, financials, risk, and relationships in complex vendor partnerships.

    Exponential value relationships will help drive exponential IT and autonomization of the enterprise.

    Info-Tech Insight

    Outcome-based partnerships require a higher degree of trust than traditional vendor relationships. Build trust by sharing risks and rewards.

    Vendor relationships can be worth billions of dollars

    Positive vendor relationships directly impact the bottom line, sometimes to the tune of billions of dollars annually.

    • Organizations typically spend 40% to 80% of their total budget on external suppliers.
    • Greater supplier trust translates directly to greater business profits, even in traditional vendor relationships.1
    • Based on over a decade of data from vehicle manufacturers, greater supplier relationships nearly doubled the unit profit margin on vehicles, contributing over $20 billion to Toyota’s annual profits based on typical sales volume.2
    • Having positive vendor relationships can be instrumental in times of crisis – when scarcity looms, vendors often choose to support their best customers.3,4 For example, Toyota protected itself from the losses many original equipment manufacturers (OEMs) faced in 2020 and showed improved profitability that year due to increased demand for vehicles which it was able to supply as a result of top-ranked vendor relationships.
    1 PR Newswire, 2022.
    2 Based on 10 years of data comparing Toyota and Nissan, every 1-point increase in the company’s Working Relations Index was correlated with a $15.77 net profit increase per unit. Impact on Toyota annual profits is based on 10.5 million units sold in 2021 and 2022.
    3 Interview with Renee Stanley, University of Texas at Arlington. Conducted 17 May 2023.
    4 Plante Moran, 2020.

    Supplier Trust Impacts OEM Profitability

    Sources: Macrotrends, Plante Moran 2022, Nissan 2022 and 2023, and Toyota 2022. Profit per car is based on total annual profit divided by total annual sales volume.

    Outcome-based relationships are a new paradigm

    In a new model where organizations are procuring autonomous capabilities, outcomes will govern vendor relationships.

    An outcome-based relationship requires a higher level of mutual trust than traditional vendor relationships. This requires shared reward and shared risk.

    Don’t forget about traditional vendor management relationships! Not all vendor relationships can (or should) be outcome-based.

    Managing Exponential Value Relationships.

    Case study

    INDUSTRY: Technology

    SOURCE: Press Release

    Microsoft and OpenAI partner on Azure, Teams, and Microsoft Office suite

    In January 2023, Microsoft announced a $10 billion investment in OpenAI, allowing OpenAI to continue scaling its flagship large language model, ChatGPT, and giving Microsoft first access to deploy OpenAI’s products in services like GitHub, Microsoft Office, and Microsoft Teams.

    Shared risk

    Issues with OpenAI’s platforms could have a debilitating effect on Microsoft’s own reputation – much like Google’s $100 billion stock loss following a blunder by its AI platform Bard – not to mention the financial loss if the platform does not live up to the hype.

    Shared reward

    This was a particularly important strategic move by Microsoft, as its main competitors develop their own AI models in a race to the top. This investment also gave OpenAI the resources to continue scaling and evolving its services much faster than it would be capable of on its own. If OpenAI’s products succeed, there is a significant upside for both companies.

    The image contains a graph that demonstrates time to reach 1 million users.

    Adapt your approach to vendor relationships

    Both traditional vendors and exponential relationships are important.

    Traditional

    procurement

    Vendor

    management

    Exponential vendor relationships

    • Ideal for procuring a product or service
    • Typically evaluates vendors based on their capabilities and track record of success
    • Focuses on metrics, KPIs, and contracts to deliver success to the organization purchasing the product or service
    • Vendors typically only have access to company data showing what is required to deliver their product or service
    • Ideal for managing vendors supplying products or services
    • Typically evaluates vendors based on the value and the criticality of a vendor to drive VM-resource allocation
    • External vendors do not generally participate in sharing of risks or rewards outside of payment for services or incentives/penalties
    • Vendors typically have limited access to company data
    • Ideal for procuring an autonomous capability
    • Typically evaluated based on the total possible value creation for both parties
    • External vendors share in substantial portions of the risks and rewards of the relationship
    • Vendors typically have significant access to company data, including proprietary methods, intellectual property, and customer lists

    Use this research to successfully
    manage outcome-based relationships.

    Use Info-Tech’s research to Jump Start Your Vendor Management Initiative.

    Common obstacles

    Exponential relationships require new approaches to vendor management as businesses autonomize:

    • Autonomization refers to the shift toward autonomous business capabilities which leverage technologies such as AI and quantum computing to operate independently of human interaction.
    • The speed and complexity of technology advancement requires that businesses move quickly and confidently to develop strong relationships and deliver value.
    • We are seeing businesses shift from procuring products and services to procuring autonomous business capabilities (sometimes called “as a service,” or aaS). This shift can drive exponential value but also increases complexity and risk.
    • Exponential IT requires a shift in emphasis toward more mature relationship and risk management strategies, compared to traditional vendor management.

    The shift from technology service agreements to business capability agreements needs a new approach

    Eighty-seven percent of organizations are currently experiencing talent shortages or expect to within a few years.

    Source: McKinsey, “Mind the [skills] gap”, 2021.

    Sixty-three percent of IT leaders plan to implement AI in their organizations by the end of 2023.

    Source: Info-Tech Research Group survey, 2022

    Insight summary

    Build trust

    Successfully managing exponential relationships requires increased trust and the ability to share both risks and rewards. Outcome-based vendors typically have greater access to intellectual property, customer data, and proprietary methods, which can pose a risk to the organization if this information is used to benefit competitors. Build mutual trust by sharing both risks and rewards.

    Manage risk

    Outcome-based relationships with external vendors can drastically affect an organization’s risk profile. Carefully consider third-party risk and shared risk, including ESG risk, as well as the business risk of losing control over capabilities and assets. Qualified risk specialists (such as legal, regulatory, contract, intellectual property law) should be consulted before entering outcome-based relationships.

    Drive outcomes

    Fostering strategic relationships can be instrumental in times of crisis, when being the customer of choice for key vendors can push your organization up the line from the vendor’s side – but be careful about relying on this too much. Vendor objectives may not align with yours, and in the end, everyone needs to protect themselves.

    Assess your readiness for exponential value relationships

    Key deliverable:

    Exponential Relationships Readiness Assessment

    Determine your readiness to build exponential value relationships.

    Measure the value of this blueprint

    Save thousands of dollars by leveraging this research to assess your readiness, before you lose millions from a relationship gone bad.

    Our research indicates that most organizations would take months to prepare this type of assessment without using our research. That’s over 80 person-hours spent researching and gathering data to support due diligence, for a total cost of thousands of dollars. Doesn’t your staff have better things to do?

    Start by answering a few brief questions, then return to this slide at the end to see how much your answers have changed.

    Establish Baseline Metrics

    Use Info-Tech’s research to Exponential Relationships Readiness Assessment.

    Estimated time commitment without Info-Tech’s research (person-hours)

    Establish a baseline

    Gauge the effectiveness of this research by asking yourself the following questions before and after completing your readiness assessment:

    Questions

    Before

    After

    To what extent are you satisfied with your current vendor management approach?

    How many of your current vendors would you describe as being of strategic importance?

    How much do you spend on vendors annually?

    How much value do you derive from your vendor relationships annually?

    Do you have a vendor management strategy?

    What outcomes are you looking to achieve through your vendor relationships?

    How well do you understand the core capabilities needed to drive successful vendor management?

    How well do you understand your current readiness to engage in outcome-based vendor relationships?

    Do you feel comfortable managing the risks when working with organizations to implement artificial intelligence and other autonomous capabilities?

    How to use this research

    Five tips to get the most out of your readiness assessment.

    1. Each category consists of five competencies, with a maximum of five points each. The maximum score on this assessment is 100 points.
    2. Effectiveness levels range from basic (level 1) to advanced (level 5). Level 1 is generally considered the baseline for most effectively operating organizations. If your organization is struggling with level 1 competencies, it is recommended to improve maturity in those areas before pursuing exponential relationships.
    3. This assessment is qualitative; complete the assessment to the best of your ability, based on the scoring rubric provided. If you fall between levels, use the lower one in your assessment.
    4. The scoring rubric may not perfectly fit the processes and practices within every organization. Consider the spirit of the description and score accordingly.
    5. Other industry- and region-specific competencies may be required to succeed at exponential relationships. The competencies in this assessment are a starting point, and internal validation and assessments should be conducted to uncover additional competencies and skills.

    Financial management

    Manage your budget and spending to stay on track throughout your relationship.

    “Most organizations underestimate the amount of time, money, and skill required to build and maintain a successful relationship with another organization. The investment in exponential relationships is exponential in itself – as are the returns.”

    – Jennifer Perrier, Principal Research Director,
    Info-Tech Research Group

    This step involves the following participants:

    • Executive leadership team, including CIO
    • CFO
    • Vendor management leader
    • Other internal stakeholders of vendor relationships

    Activities:

    • Assess your ability to manage scope and budget in exponential IT relationships.

    Successfully manage complex finances

    Stay on track and keep your relationship running smoothly.

    Why is this important?

    • Finance is at the core of most business – it drives decision making, acts as a constraint for innovation and optimization, and plays a key role in assessing options (such as return on investment or payback period).
    • Effectively managing finances is a critical success factor in developing strong relationships. Each organization must be able to manage their own budget and spending in order to balance the risk and reward in the relationship. Often, these risks and rewards will come in the form of profit and loss or revenue and spend.

    Build it into your practice:

    1. Ensure your financial decision-making practices are aligned with the organizational and relationship strategy. Do metrics and criteria reflect the organization’s goals?
    2. Develop strong accounting and financial analysis practices – this includes the ability to conduct financial due diligence on potential vendors.
    3. Develop consistent methodology to track and report on the desired outcomes on a regular basis.

    Build your ability to manage finances

    The five competencies needed to manage finances in exponential value relationships are:

    Budget procedures

    Financial alignment

    Adaptability

    Financial analysis

    Reporting & compliance

    Clearly articulate and communicate budgets, with proactive analysis and reporting.

    There is a strong, direct alignment between financial outcomes and organizational strategy and goals.

    Financial structures can manage many different types of relationships and structures without major overhaul.

    Proactive financial analysis is conducted regularly, with actionable insights.

    This exceeds legal requirements and includes proactive and actionable reporting.

    Relationship management

    Drive exponential value by becoming a customer of choice.

    “The more complex the business environment becomes — for instance, as new technologies emerge or as innovation cycles get faster — the more such relationships make sense. And the better companies get at managing individual relationships, the more likely it is that they will become “partners of choice” and be able to build entire portfolios of practical and value-creating partnerships.”

    (“Improving the management of complex business partnerships.” McKinsey, 2019)

    This step involves the following participants:

    • Executive leadership team, including CIO
    • Vendor management leader
    • Other internal stakeholders of vendor relationships

    Activities:

    • Assess your ability to manage relationships in exponential IT relationships.

    Take your relationships to the next level

    Maintaining positive relationships is key to building trust.

    Why is this important?

    • All relationships will experience challenges, and the ability to resolve these issues will rely heavily on the relationship management skills and soft skills of the leadership within each organization.
    • Based on a 20-year study of vendor relationships in the automotive sector, business-to-business trust is a function of reasonable demands, follow-through, and information sharing.
    (Source: Plante Moran, 2020)

    Build it into your practice:

    1. Develop the soft skills necessary to promote psychological safety, growth mindset, and strong and open communication channels.
    2. Be smart about sharing information – you don’t need to share everything, but being open about relevant information will enhance trust.
    3. Both parties need to work hard to develop trust necessary to build a true relationship. This will require increased access to decision-makers, clearly defined guardrails, and the ability for unsatisfied parties to leave.

    Build your ability to manage relationships

    The five competencies needed to manage relationships in exponential partnerships are:

    Strategic alignment

    Follow-through

    Information sharing

    Shared risk & rewards

    Communication

    Work with vendors to create roadmaps and strategies to drive mutual success.

    Ensure demands are reasonable and consistently follow through on commitments.

    Proactively and freely share relevant information between parties.

    Equitably share responsibility for outcomes and benefits from success.

    Ensure clear, proactive, and frequent communication occurs between parties.

    Performance management

    Outcomes management focuses on results, not methods.

    According to Jennifer Robinson, senior editor at Gallup, “This approach focuses people and teams on a concrete result, not the process required to achieve it. Leaders define outcomes and, along with managers, set parameters and guidelines. Employees, then, have a high degree of autonomy to use their own unique talents to reach goals their own way.” (Forbes, 2023)

    In the context of exponential relationships, vendors can be given a high degree of autonomy provided they meet their objectives.

    This step involves the following participants:

    • Executive leadership team, including CIO
    • Vendor management leader
    • Other internal stakeholders of vendor relationships

    Activities:

    • Assess your ability to manage outcomes in exponential IT relationships.

    Manage outcomes to drive mutual success

    Build trust by achieving shared objectives.

    Why is this important?

    • Relationships are based on shared risk and shared reward for all parties. In order to effectively communicate the shared rewards, you must first understand and communicate your objectives for the relationship, then measure outcomes to ensure all parties are benefiting.
    • Effectively managing outcomes reduces the risk that one party will choose to leave based on a perception of benefits not being achieved. Parties may still leave the agreement, but decisions should be based on shared facts and issues should be communicated and addressed early.

    Build it into your practice:

    1. Clearly articulate what you hope to achieve by entering an outcome-based relationship. Each party should outline and agree to the goals, objectives, and desired outcomes from the relationship.
    2. Document how rewards will be shared among parties. What type of rewards are anticipated? Who will benefit and how?
    3. Develop consistent methodology to track and report on the desired outcomes on a regular basis. This might consist of a vendor scorecard or a monthly meeting.

    Build your ability to manage outcomes

    The five competencies needed to manage outcomes in exponential value relationships are:

    Goal setting

    Negotiation

    Performance tracking

    Issue
    resolution

    Scope management

    Set specific, measurable and actionable goals, and communicate them with stakeholders.

    Clearly articulate and agree upon measurable outcomes between all parties.

    Proactively track progress toward goals/outcomes and discuss results with vendors regularly.

    Openly discuss potential issues and challenges on a regular basis. Find collaborative solutions to problems.

    Proactively manage scope and discuss with vendors on a regular basis.

    Risk management

    Exponential IT means exponential risk – and exponential rewards.

    One of the key differentiators between traditional vendor relationships and exponential relationships is the degree to which risk is shared between parties. This is not possible in all industries, which may limit companies’ ability to participate in this type of exponential relationship.

    This step involves the following participants:

    • Executive leadership team, including CIO
    • Vendor management leader
    • Risk management leader
    • Other internal stakeholders of vendor relationships

    Activities:

    • Assess your ability to manage risk in exponential IT relationships.

    Relationships come with a lot of hidden risks

    Successfully managing complex risks can be the difference between a spectacular success and company-ending failure.

    Why is this important?

    • Relationships inherently involve a loss of control. You are relying on another party to fulfill their part of the agreement, and you depend on the success of the outcome. Loss of control comes with significant risks.
    • Sharing in risk is what differentiates an outcome-based relationship from a traditional vendor relationship; vendors must have skin in the game.
    • Organizations must consider many different types of risk when considering a relationship with a vendor: fraud, security, human rights, labor relations, ESG, and operational risks. Remember that risk is not inherently bad; some risk is necessary.

    Build it into your practice:

    1. Build or hire the necessary risk expertise needed to properly assess and evaluate the risks of potential vendor relationships. This includes intellectual property, ESG, legal/regulatory, cybersecurity, data security, and more.
    2. Develop processes and procedures which clearly communicate and report on risk on a regular basis.

    Info-Tech Insight

    Some highly regulated industries (such as finance) are prevented from transferring certain types of risk. In these industries, it may be much more difficult to form vendor relationships.

    Don’t forget about third-party ESG risk

    Customers care about ESG. You should too.

    Protect yourself against third-party ESG risks by considering the environmental and social impacts of your vendors.

    Third-party ESG risks can include the following:

    • Environmental risk: Vendors with unsustainable practices such as carbon emissions or waste generation of natural resource depletion can negatively impact the organization’s environmental goals.
    • Social risk: Unsafe or illegal labor practices, human rights violations, and supply chain management issues can reflect negatively on organizations that choose to work with vendors who engage in such practices.
    • Governance risk: Vendors who engage in illegal or unethical behaviors, including bribery and corruption or data and privacy breaches can impact downstream customers.

    Working with vendors that have a poor record of ESG carries a very real reputational risk for organizations who do not undertake appropriate due diligence.

    A global survey of nearly 14,000 customers revealed that…

    Source: EY Future Consumer Index, 2021

    Seventy-seven percent of customers believe companies have a responsibility to manufacture sustainably.

    Sixty-eight percent of customers believe businesses should ensure their suppliers meet high social and environmental standards.

    Fifty-five percent of customers consider the environmental impact of production in their purchasing decisions.

    Build your ability to manage risk

    The five competencies needed to manage risk in exponential value relationships are:

    Third-party risk

    Value chain

    Data management

    Regulatory & compliance

    Monitoring & reporting

    Understand and assess third-party risk, including ESG risk, in potential relationships.

    Assess risk throughout the value chain for all parties and balance risk among parties.

    Proactively assess and manage potential data risks, including intellectual property and strategic data.

    Manage regulatory and compliance risks, including understanding risk transfer and ultimate risk holder.

    Proactive and open monitoring and reporting of risks, including regular communication among stakeholders.

    Contract management

    Contract management is a critical part of vendor management.

    Well-managed contracts include clearly defined pricing, performance-based outcomes, clear roles and responsibilities, and appropriate remedies for failure to meet requirements. In outcome-based relationships, contracts are generally used as a secondary method of enforcing performance, with relationship management being the primary method of addressing challenges and ensuring performance.

    This step involves the following participants:

    • Executive leadership team, including CIO
    • Vendor management leader
    • Risk management leader
    • Other internal stakeholders of vendor relationships

    Activities:

    • Assess your ability to manage risk in exponential IT relationships.

    Build your ability to manage contracts

    The five competencies needed to manage contracts in exponential value relationships are:

    Pricing

    Performance outcomes

    Roles and responsibilities

    Remedies

    Payment

    Pricing is clearly defined in contracts so that the total cost is understood including all fees, optional pricing, and set caps on increases.

    Contracts are performance-based whenever possible, including deliverables, milestones, service levels, due dates, and outcomes.

    Each party's roles and responsibilities are clearly defined in the contract documents with adequate detail.

    Contracts contain appropriate remedies for a vendor's failure to meet SLAs, due dates, and other obligations.

    Payment is made after performance targets are met, approved, or accepted.

    Activity 1: Assess your readiness for exponential relationships

    1-3 hours

    1. Gather key stakeholders from across your organization to participate in the readiness assessment exercise.
    2. As a group, review the core competencies from the previous four sections and determine where your organization’s effectiveness lies for each competency. Record your responses in the Exponential Relationships Readiness Assessment tool.

    Download the Exponential Relationships Readiness Assessment tool.

    Input Output
    • Core competencies
    • Knowledge of internal processes and capabilities
    • Readiness assessment
    Materials Participants
    • Exponential
      Relationships Readiness Assessment
      tool
    • Whiteboard/flip charts
    • Executive leadership team, including CIO
    • Vendor management leader
    • Other internal stakeholders of vendor relationships

    Understand your assessment

    This step involves the following participants:

    • Executive leadership team, including CIO
    • Vendor management leader
    • Other internal stakeholders of vendor relationships

    Activities:

    • Create an action plan.

    Understand the results of your assessment

    Consider the following recommendations based on your readiness assessment scores:

    • The chart to the right shows sample results. The bars indicate the recommended scores, and the line indicates the readiness score.
    • Three or more categories below the recommended scores, or any categories more than five points below the recommendation: outcome-based relationships are not recommended at this time.
    • Two or more categories below the recommended scores: Proceed with caution and limit outcome-based relationships to low-risk areas. Continue to mature capabilities.
    • One category below the recommended scores: Evaluate the risks and benefits before engaging in higher-risk vendor relationships. Continue to mature capabilities.
    • All categories at or above the recommended scores: You have many of the core capabilities needed to succeed at exponential relationships! Continue to evaluate and refine your vendor relationships strategy, and identify any additional competencies needed based on your industry or region.

    Acme Corp Exponential Relationships Readiness.

    Activity 2: Create an action plan

    1 hour

    1. Gather the stakeholders who participated in the readiness assessment exercise.
    2. As a group, review the results of the readiness assessment. Where there any surprise? Do the results reflect your understanding of the organization’s maturity?
    3. Determine which areas are likely to limit the organization’s relationship capability, based on lowest scoring areas and relative importance to the organization.
    4. Break out into groups and have each group identify three actions the organization could take to mature the lowest scoring areas.
    5. Bring the group back together and prioritize the actions. Note who will be accountable for each next step.
    InputOutput
    • Readiness assessment
    • Action plan to improve maturity of capabilities
    MaterialsParticipants
    • Exponential
      Relationship Readiness Assessment
      tool
    • Whiteboard/flip charts
    • Executive leadership team, including CIO
    • Vendor management leader
    • Other internal stakeholders of vendor relationships

    Related Info-Tech Research

    Jump Start Your Vendor Management Initiative
    Create and implement a vendor management framework to begin obtaining measurable results in 90 days.

    Elevate Your Vendor Management Initiative
    Transform your VMI from tactical to strategic to maximize its impact and value

    Evaluate Your Vendor Account Team to Optimize Vendor Relations
    Understand the value of knowing your account team’s influence in the organization, and your influence, to drive results.

    Related Info-Tech Research

    Build an IT Risk Management Program
    Mitigate the IT risks that could negatively impact your organization.

    Build an IT Budget
    Effective IT budgets are more than a spreadsheet. They tell a story.

    Adopt an Exponential IT Mindset
    Thrive through the next paradigm shift..

    Author

    Kim Osborne Rodriguez

    Kim Osborne Rodriguez
    Research Director, CIO Advisory
    Info-Tech Research Group

    Kim is a professional engineer and Registered Communications Distribution Designer (RCDD) with over a decade of experience in management and engineering consulting spanning healthcare, higher education, and commercial sectors. She has worked on some of the largest hospital construction projects in Canada, from early visioning and IT strategy through to design, specifications, and construction administration. She brings a practical and evidence-based approach, with a track record of supporting successful projects.

    Kim holds a Bachelor’s degree in Honours Mechatronics Engineering and an option in Management Sciences from the University of Waterloo.

    Research Contributors and Experts

    Jack Hakimian

    Jack Hakimian
    Senior Vice President
    Info-Tech Research Group

    Jack has more than 25 years of technology and management consulting experience. He has served multibillion-dollar organizations in multiple industries including financial services and telecommunications. Jack also served several large public sector institutions.

    He is a frequent speaker and panelist at technology and innovation conferences and events and holds a Master’s degree in Computer Engineering as well as an MBA from the ESCP-EAP European School of Management.

    Michael Tweedie

    Michael Tweedie
    Practice Lead, CIO Strategy
    Info-Tech Research Group

    Mike Tweedie brings over 25 years as a technology executive. He’s led several large transformation projects across core infrastructure, application and IT services as the head of Technology at ADP Canada. He was also the Head of Engineering and Service Offerings for a large French IT services firm, focused on cloud adoption and complex ERP deployment and management.

    Mike holds a Bachelor’s degree in Architecture from Ryerson University.

    Scott Bickley

    Scott Bickley
    Practice Lead, VCCO
    Info-Tech Research Group

    Scott Bickley is a Practice Lead & Principal Research Director at Info-Tech Research Group, focused on Vendor Management and Contract Review. He also has experience in the areas of IT Asset Management (ITAM), Software Asset Management (SAM), and technology procurement along with a deep background in operations, engineering, and quality systems management.

    Scott holds a B.S. in Justice Studies from Frostburg State University. He also holds active IAITAM certification designations of CSAM and CMAM and is a Certified Scrum Master (SCM).

    Donna Bales

    Donna Bales
    Principal Research Director
    Info-Tech Research Group

    Donna Bales is a Principal Research Director in the CIO Practice at Info-Tech Research Group, specializing in research and advisory services in IT risk, governance, and compliance. She brings over 25 years of experience in strategic consulting and product development and has a history of success in leading complex, multistakeholder industry initiatives.

    Donna has a bachelor’s degree in economics from the University of Western Ontario.

    Research Contributors and Experts

    Jennifer Perrier

    Jennifer Perrier
    Principal Research Director
    Info-Tech Research Group

    Jennifer has 25 years of experience in the information technology and human resources research space, joining Info-Tech in 1998 as the first research analyst with the company. Over the years, she has served as a research analyst and research manager, as well as in a range of roles leading the development and delivery of offerings across Info-Tech’s product and service portfolio, including workshops and the launch of industry roundtables and benchmarking. She was also Research Lead for McLean & Company, the HR advisory division of Info-Tech, during its start-up years.

    Jennifer’s research expertise spans the areas of IT strategic planning, governance, policy and process management, people management, leadership, organizational change management, performance benchmarking, and cross-industry IT comparative analysis. She has produced and overseen the development of hundreds of publications across the full breadth of both the IT and HR domains in multiple industries. In 2022, Jennifer joined Info-Tech’s IT Financial Management Practice with a focus on developing financial transparency to foster meaningful dialogue between IT and its stakeholders and drive better technology investment decisions.

    Phil Bode

    Phil Bode
    Principal Research Director
    Info-Tech Research Group

    Phil has 30+ years of experience with IT procurement-related topics: contract drafting and review, negotiations, RFXs, procurement processes, and vendor management. Phil has been a frequent speaker at conferences, a contributor to magazine articles in CIO Magazine and ComputerWorld, and quoted in many other magazines. He is a co-author of the book The Art of Creating a Quality RFP.

    Phil has a Bachelor of Science in Business Administration with a double major of Finance and Entrepreneurship and a Bachelor of Science in Business Administration with a major of Accounting, both from the University of Arizona.

    Research Contributors

    Erin Morgan

    Erin Morgan
    Assistant Vice President, IT Administration
    University of Texas at Arlington

    Renee Stanley

    Renee Stanley
    Assistant Director IT Procurement and Vendor Management
    University of Texas at Arlington

    Note: Additional contributors did not wish to be identified.

    Bibliography

    Andrea, Dave. “Plante Moran’s 2022 Working Relations Index® (WRI) Study shows supplier relations can improve amid industry crisis.” Plante Moran, 25 Aug 2022. Accessed 18 May 2023.
    Andrea, Dave. “Trust between suppliers and OEMs can better prepare you for the next crisis.” Plante Moran, 9 Sept 2020. Accessed 17 May 2023.
    Cleary, Shannon, and Carolan McLarney. “Organizational Benefits of an Effective Vendor Management Strategy.” IUP Journal of Supply Chain Management, Vol. 16, Issue 4, Dec 2019.
    De Backer, Ruth, and Eileen Kelly Rinaudo. “Improving the management of complex business partnerships.” McKinsey, 21 March 2019. Accessed 9 May 2023 .
    Dennean, Kevin et al. “Let's chat about ChatGPT.” UBS, 22 Feb 2023. Accessed 26 May 2023.
    F&I Tools. “Nissan Worldwide Vehicle Sales Report.” Factory Warranty List, 2022. Accessed 18 May 2023.
    Gomez, Robin. “Adopting ChatGPT and Generative AI in Retail Customer Service.” Radial, 235, April 2023. Accessed 10 May 2023.
    Harms, Thomas and Kristina Rogers. “How collaboration can drive value for you, your partners and the planet.” EY, 26 Oct 2021. Accessed 10 May 2023.
    Hedge & Co. “Toyota, Honda finish 1-2; General Motors finishes at 3rd in annual Supplier Working Relations Study.” PR Newswire, 23 May 2022. Accessed 17 May 2023.
    Henke Jr, John W., and T. Thomas. "Lost supplier trust, lost profits." Supply Chain Management Review, May 2014. Accessed 17 May 2023.
    Information Services Group, Inc. “Global Demand for IT and Business Services Continues Upward Surge in Q2, ISG Index™ Finds.” BusinessWire, 7 July 2021. Accessed 8 May 2023.
    Kasanoff, Bruce. “New Study Reveals Costs Of Bad Supplier Relationships.” Forbes, 6 Aug 2014. Accessed 17 May 2023.
    Macrotrends. “Nissan Motor Gross Profit 2010-2022.” Macrotrends. Accessed 18 May 2023.
    Macrotrends. “Toyota Gross Profit 2010-2022.” Macrotrends. Accessed 18 May 2023.
    McKinsey. “Mind the [skills] gap.” McKinsey, 27 Jan 2021. Accessed 18 May 2023.
    Morgan, Blake. “7 Examples of How Digital Transformation Impacted Business Performance.” Forbes, 21 Jul 2019. Accessed 10 May 2023.
    Nissan Motor Corporation. “Nissan reports strong financial results for fiscal year 2022.” Nissan Global Newsroom, 11 May 2023. Accessed 18 May 2023.

    Bibliography

    “OpenAI and Microsoft extend partnership.” Open AI, 23 Jan 2023. Accessed 26 May 2023.
    Pearson, Bryan. “The Apple Of Its Aisles: How Best Buy Lured One Of The Biggest Brands.“ Forbes, 23 Apr 2015. Accessed 23 May 2023.
    Perifanis, Nikolaos-Alexandros and Fotis Kitsios. “Investigating the Influence of Artificial Intelligence on Business Value in the Digital Era of Strategy: A Literature Review.” Information, 2 Feb 2023. Accessed 10 May 2023.
    Scott, Tim and Nathan Spitse. “Third-party risk is becoming a first priority challenge.” Deloitte. Accessed 18 May 2023.
    Stanley, Renee. Interview by Kim Osborne Rodriguez, 17 May 2023.
    Statista. “Toyota's retail vehicle sales from 2017 to 2021.” Statista, 27 Jul 2022. Accessed 18 May 2023.
    Tlili, Ahmed, et al. “What if the devil is my guardian angel: ChatGPT as a case study of using chatbots in education.” Smart Learning Environments, 22 Feb 2023. Accessed 9 May 2023.
    Vitasek, Kate. “Outcome-Based Management: What It Is, Why It Matters And How To Make It Happen.” Forbes, 12 Jan 2023. Accessed 9 May 2023.

    Identify Opportunities to Mature the Security Architecture

    • Buy Link or Shortcode: {j2store}385|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Secure Cloud & Network Architecture
    • Parent Category Link: /secure-cloud-network-architecture
    • Organizations do not have a solid grasp on the complexity of their infrastructure and are unaware of the overall risk to their infrastructure posed by inadequate security.
    • Organizations do not understand how to properly create and deliver value propositions of technical security solutions.

    Our Advice

    Critical Insight

    • The security architecture is a living, breathing thing based on the risk profile of your organization.
    • Compliance and risk mitigation create an intertwined relationship between the business and your security architecture. The security architecture roadmap must be regularly assessed and continuously maintained to ensure security controls align with organizational objectives.

    Impact and Result

    • A right-sized security architecture can be created by assessing the complexity of the IT department, the operations currently underway for security, and the perceived value of a security architecture within the organization. This will bring about a deeper understanding of the organizational infrastructure.
    • Developing a security architecture should also result in a list of opportunities (i.e. initiatives) that an organization can integrate into a roadmap. These initiatives will seek to improve security operations and strengthen the IT department’s understanding of security’s role within the organization.
    • A better understanding of the infrastructure will help to save time on determining the correct technologies required from vendors and therefore cut down on the amount of vendor noise.
    • Creating a defensible roadmap will assist with justifying future security spend.

    Identify Opportunities to Mature the Security Architecture Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop a right-sized security architecture, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify the organization’s ideal security architecture

    Complete three unique assessments to define the ideal security architecture maturity for your organization.

    • Identify Opportunities to Mature the Security Architecture – Phase 1: Identify the Organization's Ideal Security Architecture
    • Security Architecture Recommendation Tool
    • None

    2. Create a security program roadmap

    Use the results of the assessments from Phase 1 of this research to create a roadmap for improving the security program.

    • Identify Opportunities to Mature the Security Architecture – Phase 2: Create a Security Program Roadmap
    [infographic]

    Implement DevOps Practices That Work

    • Buy Link or Shortcode: {j2store}155|cart{/j2store}
    • member rating overall impact (scale of 10): 9.1/10 Overall Impact
    • member rating average dollars saved: $42,916 Average $ Saved
    • member rating average days saved: 20 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • In today’s world, business agility is essential to stay competitive. Quick responses to business needs through efficient development and deployment practices are critical for business value delivery.
    • Organizations are looking to DevOps as an approach to rapidly deliver changes, but they often lack the foundations to use DevOps effectively.

    Our Advice

    Critical Insight

    Even in a highly tool-centric view, it is the appreciation of DevOps core principles that will determine your success in implementing its practices.

    Impact and Result

    • Understand the basics of DevOps-related improvements.
    • Assess the health and conduciveness of software delivery process through Info-Tech Research Group’s MATURE framework.

    Implement DevOps Practices That Work Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement DevOps, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Examine your current state

    Understand the current state of your software delivery process and categorize existing challenges in it.

    • DevOps Readiness Survey

    2. MATURE your delivery lifecycle

    Brainstorm solutions using Info-Tech Research Group’s MATURE framework.

    • DevOps Roadmap Template

    3. Choose the right metrics and tools for your needs

    Identify metrics that are insightful and valuable. Determine tools that can help with DevOps practices implementation.

    • DevOps Pipeline Maturity Assessment

    4. Select horizons for improvement

    Lay out a schedule for enhancements for your software process to make it ready for DevOps.

    [infographic]

    Workshop: Implement DevOps Practices That Work

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Examine Your Current State

    The Purpose

    Set the context for improvement.

    Key Benefits Achieved

    Provide a great foundation for an actionable vision and goals that people can align to.

    Activities

    1.1 Review the outcome of the DevOps Readiness Survey.

    1.2 Articulate the current-state delivery process.

    1.3 Categorize existing challenges using PEAS.

    Outputs

    Baseline assessment of the organization’s readiness for introducing DevOps principles in its delivery process

    A categorized list of challenges currently evident in the delivery process

    2 MATURE Your Delivery Lifecycle

    The Purpose

    Brainstorm solutions using the MATURE framework.

    Key Benefits Achieved

    Collaborative list of solutions to challenges that are restricting/may restrict adoption of DevOps in your organization.

    Activities

    2.1 Brainstorm solutions for identified challenges.

    2.2 Understand different DevOps topologies within the context of strong communication and collaboration.

    Outputs

    A list of solutions that will enhance the current delivery process into one which is influenced by DevOps principles

    (Optional) Identify a team topology that works for your organization.

    3 Choose the Right Metrics and Tools for Your Needs

    The Purpose

    Select metrics and tools for your DevOps-inspired delivery pipeline.

    Key Benefits Achieved

    Enable your team to select the right metrics and tool chain that support the implementation of DevOps practices.

    Activities

    3.1 Identify metrics that are sensible and provide meaningful insights into your organization’s DevOps transition.

    3.2 Determine the set of tools that satisfy enterprise standards and can be used to implement DevOps practices.

    3.3 (Optional) Assess DevOps pipeline maturity.

    Outputs

    A list of metrics that will assist in measuring the progress of your organization’s DevOps transition

    A list of tools that meet enterprise standards and enhance delivery processes

    4 Define Your Release, Communication, and Next Steps

    The Purpose

    Build a plan laying out the work needed to be done for implementing the necessary changes to your organization.

    Key Benefits Achieved

    Roadmap of steps to take in the coming future.

    Activities

    4.1 Create a roadmap for future-state delivery process.

    Outputs

    Roadmap for future-state delivery process

    Embrace the Inevitability of Multicloud

    • Buy Link or Shortcode: {j2store}115|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design

    It used to be easy: pick your cloud, build out your IT footprint, and get back to business. But the explosion of cloud adoption has also led to an explosion of options for cloud providers, platforms, and deployment options. And that’s just when talking about infrastructure as a service!

    Our Advice

    Critical Insight

    • Multicloud isn’t good or bad; it’s inevitable.
    • Embracing multicloud in your organization is an opportunity to gain control while enabling choice. Although it increases complexity for both IT operations and governance, with the right tools and principles in place you can reduce the IT burden and increase business agility at the same time.

    Impact and Result

    • Understand what multicloud is, what it isn’t, and why you need to accept it in your organization.
    • Keep your cloud strategy but adapt your approach and tools.
    • Leverage best practices and principles that will help you keep control of the volatility and complexity that comes with multicloud.

    Embrace the Inevitability of Multicloud Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Embrace the Inevitability of Multicloud Storyboard – A deck that helps you implement best practices for your multicloud strategy.

    Use this research to understand the risks and benefits that come with a multicloud posture.

    • Embrace the Inevitability of Multicloud Storyboard

    Infographic

    Further reading

    Embrace the Inevitability of Multicloud

    The heterogeneous ecosystem is worth it; you just need a cohesive strategy.

    Executive summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    It used to be easy: pick your cloud, build out your IT footprint, and get back to business. But the explosion of cloud adoption has also led to an explosion of options for cloud providers, platforms, and deployment. And that’s just when talking about infrastructure as a service!

    For many businesses, one of the key benefits of the cloud ecosystem is enabling choice for different users, groups, and projects in the organization. But this means embracing multiple cloud platforms. Is it worth it?

    The reality is that multicloud is inevitable for most organizations, and if it’s not yet a reality for your IT team, it soon will be. This brings new challenges:

    1. How do I decide what platforms and offerings to use where? Is my old cloud strategy obsolete?
    2. How do I identify what I want out of multicloud, and what tools and best practices need to be in place to keep control?

    By defining your end goals, framing solutions based on the type of visibility and features your multicloud footprint needs to deliver, you can enable choice and improve performance, flexibility, and availability.

    1. Understand what multicloud is, what it isn’t, and why you need to accept it in your organization.
    2. Keep your cloud strategy but adapt your approach and tools.
    3. Leverage best practices and principles that will help you keep control of the volatility and complexity that comes with multicloud.

    Info-Tech Insight

    Embracing multicloud in your organization is an opportunity to gain control while enabling choice. Although it increases complexity for both IT operations and governance, with the right tools and principles in place you can reduce the IT burden and increase business agility at the same time.

    Project overview

    Multicloud isn’t good or bad; it’s inevitable

    The reality is multicloud is usually not a choice. For most organizations, the requirement to integrate with partners, subsidiaries, and parent organizations, as well as the need to access key applications in the software-as-a-service ecosystem, means that going multicloud is a matter of when, not if.

    The real question most businesses should ask is not whether to go multicloud, but rather how to land in multicloud with intent and use it to their best advantage.

    Your workloads will guide the way

    One piece of good news is that multicloud doesn’t change the basic principles of a good cloud strategy. In fact, a well-laid-out multicloud approach can make it even easier to put the right workloads in the right place – and then even move them around as needed.

    This flexibility isn’t entirely free, though. It’s important to know how and when to apply this type of portability and balance its benefits against the cost and complexity that come with it.

    Don’t fall in reactively; land on your feet

    Despite the risks that come with the increased scale and complexity of multicloud, it is possible to maintain control, realize the benefits, and even use multicloud as a springboard for leveraging cloud benefits in your business. By adopting best practices and forethought in key areas of multicloud risk, you can hit the ground running.

    Aligning the terms

    Modern organizations have multiple IT footprints. How do we classify different stances?

    01 Hybrid Cloud
    Private cloud and public cloud infrastructure managed as one entity

    02 Multicloud
    Includes multiple distinct public cloud services, or “footprints”

    03 Hybrid IT
    Putting the right workloads in the right places with an overall management framework

    Info-Tech Insight

    • Hybrid cloud is about applying the same service model across multiple deployment models (most commonly public and private clouds).
    • Multicloud is about using multiple cloud offerings irrespective of differences in service model or deployment model.

    Multicloud

    • An approach that includes multiple distinct public cloud services (e.g. AWS EC2 but also Salesforce and M365)
    • Usually defined around a steady state for each workload and footprint
    • Everything in its right place (with portability for events and disasters)
    • NOT everything everywhere all at once
    The image contains the Info-Tech thought model for multicloud.

    Multicloud is inevitable

    The SaaS ecosystem has led organizations to encourage business units to exercise the IT choices that are best for them.

    The multicloud maturity journey

    1. Move a workload to the cloud
    2. Move more workloads to the same cloud
    3. Move the right workloads to the right clouds
    4. Hybrid cloud & multicloud
    5. Integrate cloud and traditional/ on-premises footprints

    Hybrid IT: Aggregate Management, Monitoring, Optimization, Continuous Improvement

    Multicloud is about enabling choice while maintaining oversight

    The broader your footprint, the harder it becomes to manage risks across each environment.

    The image contains a screenshot of a diagram of maintaining oversight with multicloud.

    Managing multicloud risks

    The risks in multicloud are the same as in traditional cloud but amplified by the differences across footprints and providers in your ecosystem.

    • Variations across platforms include:
      • Rules
      • Security
      • Mapping corresponding products and services
    • Training and certifications by platform/provider
    • Managing cost across footprints
    • Complexity of integration
    • Managing compliance across platforms
    • Loss of standardization due to multicloud fragmentation

    Info-Tech Insight

    Don’t be afraid to ask for help! Each cloud platform you adopt in your multicloud posture requires training, knowledge, and execution. If you’re already leveraging an ecosystem of cloud providers, leverage the ecosystem of cloud enablers as needed to help you on your way.

    Despite the risks, multicloud is a springboard

    Increasing flexibility & accelerating integration

    Because multicloud increases the number of platforms and environments available to us, we can
    use it as a way to increase our agility (from both a DevOps and a resource deployment perspective) as well as to provide an answer to the problem of vendor lock-in.

    Multicloud also can be a catalyst for integrating and stitching together resources and services that were previously isolated from each other. Because of the modular design and API architecture prevalent in cloud services, they can be easily consumed and integrated from your various footprints.

    Modernizing data strategy

    While it may seem counterintuitive, a proactive multicloud approach will allow you to regain visibility and control of your entire data ecosystem. Defining your data architecture and policies with an eye to the inevitability of multicloud means you can go beyond just regaining control of data stranded in SaaS and other platforms; you can start to really understand the flows of data and how they affect your business processes for better or worse.

    Move to cloud-native IT & design

    Embracing multicloud is also a great opportunity to embrace the refactoring and digital transformation you’ve been blocked on. Instead of treading water with respect to keeping control of fragmented applications, services, and workloads, a proactive approach to multicloud allows you to embrace open standards built to deliver cloud-native power and portability and to build automations that increase reliability, performance, and cost effectiveness while reducing your total in-house work burden.

    Info-Tech Insight

    Don’t bite off more than you can chew! Especially with IaaS and PaaS services, it’s important to ensure you have the skills and bandwidth to manage and deploy services effectively. It’s better to start with one IaaS platform, master it, and then expand.

    Let your workloads guide the way

    Multicloud is a road to best-of-breed everything


    A screenshot of multiclouds.

    Stick with a workload-level approach

    The principles of cloud strategy don’t change with multicloud! The image contains a screenshot of a workload-level approach.
    If anything, a multicloud approach increases your ability to put the right workloads in the right places, wherever that may be.
    It can also (with some work and tooling) provide even broader options for portability and resilience.

    Multicloud = multiple right places

    Put everything in its right place.

    Just like with any cloud strategy, start with a workload-level approach and figure out the right migration path and landing point for your workload in cloud.

    Understand the other right places!

    Multicloud means for many workloads, especially IaaS- and PaaS-focused ones, you will have multiple footprints you can use for secondary locations as desired for portability, resilience, and high availability (with the right tooling and design).

    Info-Tech Insight

    Portability is always a matter of balancing increased flexibility, availability, and resilience against increased complexity, maintenance effort, and cost. Make sure to understand the requirement for your workloads and apply portability efforts where they make the most sense

    Your management will need to evolve

    Don’t manage multicloud with off-the-rack tools.

    The default dashboards and management tools from most cloud vendors are a great starting point when managing a single cloud. Unfortunately, most of these tools do not extend well to other platforms, which can lead to multiple dashboards for multiple footprints.

    These ultimately lead to an inability to view your multicloud portfolio in aggregate and fragmentation of metrics and management practices across your various platforms. In such a situation maintaining compliance and control of IT can become difficult, if not impossible!

    Unified standards and tools that work across your entire cloud portfolio will help keep you on track, and the best way to realize these is by applying repeatable, open standards across your various environments and usually adopting new software and tools from the ecosystem of multicloud management software platforms available in the market.

    Info-Tech Insight

    Even in multicloud, don’t forget that the raw data available from the vendor’s default dashboards is a critical source of information for optimizing performance, efficiency, and costs.

    Multicloud management tool selection

    The ecosystem is heterogeneous.

    The explosion of cloud platforms and stacks means no single multicloud management tool can provide support for every stack in the private and public cloud ecosystem. This challenge becomes even greater when moving from IaaS/PaaS to addressing the near-infinite number of offerings available in the SaaS market.

    When it comes to selecting the right multicloud management tool, it’s important to keep a few things in mind:

    1. Mapping your requirements to the feature sets for your multicloud management platform is critical.
    2. Depending on your goals and metrics, and the underlying platforms and data you need to collect from them, you may need more than one tool.
    3. Especially when it comes to integrating SaaS into your multicloud tool(s), development or partners may be required.

    Key Features

    • Portability
    • Cost management
    • Automation across vendors
    • Standardization of configuration
    • Security alignment across vendors
    • Unified provisioning and self-service

    Info-Tech Insight

    SaaS always presents a unique challenge for gathering necessary cloud management data. It’s important to understand what data is and isn’t available and how it can be accessed and made available to your multicloud management tools.

    Understand your vendors

    Define what you are looking for as a first step.

    • To best understand your options, you need to understand the focus, features, and support services for each vendor. Depending on your requirements, you may need to adopt more than one tool.
    • Remember that SaaS presents unique challenges in terms of accessing and ingesting data into your management tools. This will generally require development to leverage the provider’s API.
    • Within the following slides, you will find a defined activity with a working template that will create a vendor profile for each vendor.

    As a working example, you can review these vendors on the following slides:

    • VMware CloudHealth
    • ServiceNow ITOM
    • CloudCheckr

    Info-Tech Insight

    Creating vendor profiles will help quickly identify the management tools that meet your multicloud needs.

    Vendor Profile #1

    VMware CloudHealth

    Vendor Summary

    CloudHealth is a VMware management suite that provides visibility into VMware-based as well as public cloud platforms. CloudHealth focuses on providing visibility to costs and governance as well as applying automation and standardization of configuration and performance across cloud platforms.

    URL: cloudhealth.vmware.com

    Supported Platforms

    Supports AWS, Azure, GCP, OCI, VMware

    Feature Sets

    • Portability
    • Cost management
    • Automation across platforms
    • Standardization of configuration
    • Security alignment across platforms
    • Unified provisioning and self-service

    Vendor Profile #2

    ServiceNow ITOM

    Vendor Summary

    ServiceNow IT Operations Management (ITOM) is a module for the ServiceNow platform that allows deep visibility and automated intervention/remediation for resources across multiple public and private cloud platforms. In addition to providing a platform for managing workload portability and costs across multiple cloud platforms, ServiceNow ITOM offers features focused on delivering “proactive digital operations with AIOps.”

    URL: servicenow.com/products/it-operations-management.html

    Supported Platforms

    Supports CloudFormation, ARM, GDM, and Terraform templates. Also provisions virtualized VMware environments.

    Feature Sets

    • Portability
    • Cost management
    • Automation across platforms
    • Standardization of configuration
    • Security alignment across platforms
    • Unified provisioning and self-service

    Vendor Profile #3

    CloudCheckr

    Vendor Summary

    CloudCheckr is a SaaS platform that provides end-to-end cloud management to control cost, ensure security, optimize resources, and enable services. Primarily focused on enabling management of public cloud services, CloudCheckr’s broad platform support and APIs can be used to deliver unified visibility across many multicloud postures.

    URL: cloudcheckr.com

    Supported Platforms

    Supports AWS, Azure, GCP, SAP Hana

    Feature Sets

    • Portability
    • Cost management
    • Automation across platforms
    • Standardization of configuration
    • Security alignment across platforms
    • Unified provisioning and self-service

    Activity

    Understand your vendor options

    This activity involves the following participants:

    • IT strategic direction decision makers
    • Cloud governance team
    • Cloud deployment team
    • Vendor and portfolio management

    Outcomes of this step:

    • Vendor profile template (ppt)

    Info-Tech Insight

    This checkpoint process creates transparency around agreement costs with the business and gives the business an opportunity to reevaluate its requirements for a potentially leaner agreement.

    Create your vendor profiles

    Define what you are looking for and score vendors accordingly.

    1. Create a vendor profile for every vendor of interest.
    2. Leverage our starting list and template to track and record the advantages of each vendor.

    Vendor Profile Template

    The image contains a screenshot of a Vendor Profile Template.

    Land on your feet

    Best practices to hit the ground running in multicloud

    Focus your multicloud posture on SaaS (to start)

    SaaS

    While every service model and deployment model has its place in multicloud, depending on the requirements of the workload and the business, most organizations end up in multicloud because of the wide ecosystem of options available at the SaaS level.

    Enabling the ability to adopt SaaS offerings into your multicloud footprint should be an area of focus for most IT organizations, as it’s the easiest way to deliver business impact (without taking on additional infrastructure work).

    IaaS and PaaS

    Although IaaS and PaaS also have their place in multicloud, the benefits are usually focused more on increased portability and availability rather than on enabling business-led IT.

    Additionally, multicloud at these levels can often be complex and/or costly to implement and maintain. Make sure you understand the cost-benefit for implementing multicloud at this level!

    Where the data sits matters

    With multiple SaaS workloads as well as IaaS and PaaS footprints, one of the biggest challenges to effective multicloud is understanding where any given data is, what needs access to it, and how to stitch it all together.

    In short, you need a strategy to understand how to collect and consolidate data from your multiple footprints.

    Relying solely on the built-in tools and dashboards provided by each provider inevitably leads to data fragmentation – disparate data sets that make it difficult to gain clear, unified visibility into your cloud’s data.

    To address the challenge of fragmented data, many organizations will require a multicloud-capable management platform that can provide access and visibility to data from all sources in a unified way.

    Weigh portability against nativeness

    When it comes to multicloud, cloud-native design is both your enemy and your friend. On one hand, it provides the ability to fully leverage the power and flexibility of your chosen platform to run your workload in the most on-demand, performance-efficient, utility-optimized way possible.

    But it’s important to remember that building cloud-native for one platform directly conflicts with that workload’s portability to other platforms! You need to understand the balance between portability and native effectiveness that works best for each of your workloads.

    Info-Tech Insight

    You can (sort of) have the best of both worlds! While the decision to focus on the cloud-native products, services, and functions from a given cloud platform must be weighed carefully, it’s still a good idea to leverage open standards and architectures for your workloads, as those won’t hamper your portability in the same way.

    Broaden your cost management approach

    Even on singular platforms, cloud cost management is no easy task. In multicloud, this is amplified by the increased scale and scope of providers, products, rates, and units of measure.

    There is no easy solution to this – ultimately the same accountabilities and tasks that apply to good cost management on one cloud also apply to multicloud, just at greater scale and impact.

    The image contains a screenshot of cost management approach.

    Info-Tech Insight

    Evolving your tooling applies to cost management too. While the vendor-provided tools and dashboards for cost control on any given cloud provider’s platform are a good start and a critical source for data, to get a proper holistic view you will usually require multicloud cost management software (and possibly some development work).

    Think about the sky between the clouds

    A key theme in cloud service pricing is “it’s free to come in, but it costs to leave.” This is a critical consideration when designing the inflows and outflows of data, interactions, transactions, and resources among workloads sitting on different platforms and different regions or footprints.

    When defining your multicloud posture, think about what needs to flow between your various clouds and make sure to understand how these flows will affect costs, performance, and throughput of your workloads and the business processes they support.

    • Integration and Interfaces
    • Business Process and Application Flows
    • Inter-cloud Transit Costs

    Mature your management technology

    Automation Is Your Friend

    Managing multicloud is a lot of work. It makes sense to eliminate the most burdensome and error-prone tasks. Automating these tasks also increases the ease and speed of workload portability in most cases.

    Automation and scheduling are also key enablers of standardization – which is critical to managing costs and other risks in multicloud. Create policies that manage and optimize costs, resource utilization, and asset configuration. Use these to reduce the management burden and risk profile.

    Evolve Your Tooling

    Effective multicloud management requires a clear picture of your entire cloud ecosystem across all footprints. This generally isn’t possible using the default tools for any given cloud vendor. Fortunately, there is a wide ecosystem of multicloud tools to help provide you with a unified view.

    The best cloud management tools will not only allow you to get a unified view of your IT operations regardless of where the resources lie but also help you to evaluate your multiple cloud environments in a unified way, providing a level playing field to compare and identify opportunities for improvement.

    Info-Tech Insight

    Embrace openness! Leveraging open standards and technologies doesn’t just ease portability in multicloud; it also helps rationalize telemetry and metrics across platforms, making it easier to achieve a unified management view.

    Multicloud security

    Multicloud security challenges remain focused around managing user and role complexity

    • Fragmentation of identity and access management
    • Controlling access across platforms
    • Increased complexity of roles
    • API security
    • Managing different user types and subscriptions across different service models
    • Managing security best practices across multiple platforms
    • Potential increased attack surface

    Info-Tech Insight

    Don’t reinvent the wheel! Where possible, leverage your existing identity and access management platforms and role-based access control (RBAC) discipline and extend them out to your cloud footprints.

    Don’t fall in reactively!

    1. Multicloud isn’t bad or good.
    2. Put everything the right place; understand the other right places.
    3. Know where your data goes.
    4. Automation is your friend.
    5. Strategy fundamentals don’t change.
    6. Focus on SaaS (to start).
    7. Embrace openness.
    8. Modernize your tools.

    Related Info-Tech Research

    Define Your Cloud Vision
    This blueprint covers a workload-level approach to determining cloud migration paths

    10 Secrets for Successful Disaster Recovery in the Cloud
    This research set covers general cloud best practices for implement DR and resilience in the cloud.

    Bibliography

    “7 Best Practices for Multi-Cloud Management.” vmware.com, 29 April 2022. Web.
    Brown, Chalmers. “Six Best Practices For Multi-Cloud Management.” Forbes, 22 Jan. 2019. Web.
    Curless, Tim. “The Risks of Multi-Cloud Outweigh the Benefits.” AHEAD, n.d. Web.
    Tucker, Ryan. “Multicloud Security: Challenges and Solutions.” Megaport, 29 Sept 2022. Web.
    Velimirovic, Andreja. “How to Implement a Multi Cloud Strategy.” pheonixNAP, 23 June 2021. Web.
    “What is a Multi-Cloud Strategy?” vmware.com, n.d. Web.

    Go the Extra Mile With Blockchain

    • Buy Link or Shortcode: {j2store}130|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • The transportation and logistics industry is facing a set of inherent flaws, such as high processing fees, fraudulent information, and lack of transparency, that blockchain is set to transform and alleviate.
    • Many companies have FOMO (fear of missing out), causing them to rush toward blockchain adoption without first identifying the optimal use case.

    Our Advice

    Critical Insight

    • Understand how blockchain can alleviate your pain points before rushing to adopt the technology. You have been hearing about blockchain for some time now and are feeling pressured to adopt it. Moreover, the series of issues hindering the transportation and logistics industry, such as the lack of transparency, poor cash flow management, and high processing fees, are frustrating business leaders and thereby adding additional pressure on CIOs to adopt the technology. While blockchain is complex, you should focus on its key features of transparency, integrity, efficiency, and security to identify how it can help your organization.
    • Ensure your use case is actually useful and can be valuable to your organization by selecting a business idea that is viable, feasible, and desirable. Applying design thinking tactics to your evaluation process provides a practical approach that will help you avoid wasting resources (both time and money) and hurting IT’s image in the eyes of the business. While it is easy to get excited and invest in a new technology to help maintain your image as a thought leader, you must ensure that your use case is fully developed prior to doing so.

    Impact and Result

    • Understand blockchain’s transformative potential for the transportation and logistics industry by breaking down how its key benefits can alleviate inherent industry flaws.
    • Identify business processes and stakeholders that could benefit from blockchain.
    • Build and evaluate an inventory of use cases to determine where blockchain could have the greatest impact on your organization.
    • Articulate the value and organizational fit of your proposed use case to the business to gain their buy-in and support.

    Go the Extra Mile With Blockchain Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why your organization should care about blockchain’s transformative potential for the transportation and logistics industry and how Info-Tech will support you as you identify and build your blockchain use case.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Evaluate why blockchain can disrupt the transportation and logistics industry

    Analyze the four key benefits of blockchain as they relate to the transportation and logistics industry to understand how the technology can resolve issues being experienced by industry incumbents.

    • Go the Extra Mile With Blockchain – Phase 1: Evaluate Why Blockchain Can Disrupt the Transportation and Logistics Industry
    • Blockchain Glossary

    2. Build and evaluate an inventory of use cases

    Brainstorm a set of blockchain use cases for your organization and apply design thinking tactics to evaluate and select the optimal one to pitch to your executives for prototyping.

    • Go the Extra Mile With Blockchain – Phase 2: Build and Evaluate an Inventory of Use Cases
    • Blockchain Use Case Evaluation Tool
    • Prototype One Pager
    [infographic]

    Avoid Project Management Pitfalls

    • Buy Link or Shortcode: {j2store}374|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Program & Project Management
    • Parent Category Link: /program-and-project-management
    • IT organizations seem to do everything in projects, yet fewer than 15% successfully complete all deliverables on time and on budget.
    • Project managers seem to succumb to the relentless pressure from stakeholders to deliver more, more quickly, with fewer resources, and with less support than is ideal.
    • To achieve greater likelihood that your project will stay on track, watch out for the four big pitfalls: scope creep, failure to obtain stakeholder commitment, inability to assemble a team, and failure to plan.

    Our Advice

    Critical Insight

    • While many project managers worry about proper planning as the key to project success, skilled management of the political factors around a project has a much greater impact on success.
    • Alone, combating scope creep can improve your likelihood of success by a factor of 2x.
    • A strong project sponsor will be key to fighting the inevitable battles to control scope and obtain resources.

    Impact and Result

    • Take steps to avoid falling into common project pitfalls.
    • Assess which pitfalls threaten your project in its current state and take appropriate steps to avoid falling into them.
    • Avoiding pitfalls will allow you to deliver value on time and on budget, creating the perception of success in users’ and managers’ eyes.

    Avoid Project Management Pitfalls Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Learn about common PM pitfalls and the strategies to avoid them

    Consistently meet project goals through enhanced PM knowledge and awareness.

    • Storyboard: Avoid Project Management Pitfalls
    • None

    2. Detect project pitfalls

    Take action and mitigate a pitfall before it becomes a problem.

    • Project Pitfall Detection & Mitigation Tool

    3. Document and report PM issues

    Learn from issues encountered to help map PM strategies for future projects.

    • Project Management Pitfalls Issue Log
    [infographic]

    Microsoft Teams Cookbook

    • Buy Link or Shortcode: {j2store}408|cart{/j2store}
    • member rating overall impact (scale of 10): 8.8/10 Overall Impact
    • member rating average dollars saved: $6,299 Average $ Saved
    • member rating average days saved: 27 Average Days Saved
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity

    Remote work calls for leveraging your Office 365 license to use Microsoft Teams – but IT is unsure about best practices for governance and permissions. Moreover, IT has few resources to help train end users with Teams best practices.

    Our Advice

    Critical Insight

    Microsoft Teams is not a standalone app. Successful utilization of Teams occurs when conceived in the broader context of how it integrates with Office 365. Understanding how information flows between Teams, SharePoint Online, and OneDrive for Business, for instance, will aid governance with permissions, information storage, and file sharing.

    Impact and Result

    Use Info-Tech’s Microsoft Teams Cookbook to successfully implement and use Teams. This cookbook includes recipes for:

    • IT best practices concerning governance of the creation process and Teams rollout.
    • End-user best practices for Teams functionality and common use cases.

    Microsoft Teams Cookbook Research & Tools

    Start here – read the Executive Brief

    Learn critical insights for an effective Teams rollout.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Microsoft Teams Cookbook – Sections 1-2

    1. Teams for IT

    Understand best practices for governance of the Teams creation process and Teams rollout.

    • Microsoft Teams Cookbook – Section 1: Teams for IT

    2. Teams for end users

    Get end users on board with this series of how-tos and common use cases for Teams.

    • Microsoft Teams Cookbook – Section 2: Teams for End Users

    [infographic]

     

    Further reading

    Microsoft Teams Cookbook

    Recipes for best practices and use cases for Microsoft Teams.

    Table of contents

    Executive Brief

    Section 1: Teams for IT

    Section 2: Teams for End Users

    Executive Summary

    Situation

    Remote work calls for leveraging your Office 365 license to utilize Teams – but IT is unsure about best practices for governance and permissions.

    Without a framework or plan for governing the rollout of Teams, IT risks overlooking secure use of Teams, the phenomenon of “teams sprawl,” and not realizing how Teams integrates with Office 365 more broadly.

    Complication

    Teams needs to be rolled out quickly, but IT has few resources to help train end users with Teams best practices.

    With teams, channels, chats, meetings, and live events to choose from, end users may get frustrated with lack of guidance on how to use Teams’ many capabilities.

    Resolution

    Use Info-Tech’s Microsoft Teams Cookbook to successfully implement and utilize Teams. This cookbook includes recipes for:

    • IT best practices concerning governance of the creation process and Teams rollout.
    • End-user best practices for Teams functionality and common use cases.

    Key Insights

    Teams is not a standalone app

    Successful utilization of Teams occurs when conceived in the broader context of how it integrates with Office 365. Understanding how information flows between Teams, SharePoint Online, and OneDrive for Business, for instance, will aid governance with permissions, information storage, and file sharing.

    IT should paint the first picture for team creation

    No initial governance for team creation can lead to “teams sprawl.” While Teams was built to allow end users’ creativity to flow in creating teams and channels, this can create problems with a cluttered interface and keeping track of information. To prevent end-user dissatisfaction here, IT’s initial Teams rollout should offer a basic structure for end users to work with first, limiting early teams sprawl.

    The Teams admin center can only take you so far with permissions

    Knowing how Teams integrates with other Office 365 apps will help with rolling out sensitivity labels to protect important information being accidentally shared in Teams. Of course, technology only does so much – proper processes to train and hold people accountable for their actions with data sharing must be implemented, too.

    Related Info-Tech Research

    Establish a Communication and Collaboration System Strategy

    Don’t waste your time deploying yet another collaboration tool that won’t get used.

    Modernize Communication and Collaboration Infrastructure

    Your legacy telephony infrastructure is dragging you down – modern communications and collaboration technology will dramatically improve productivity.

    Migrate to Office 365 Now

    One small step to cloud, one big leap to Office 365. The key is to look before you leap.

    Section 1: Teams for IT

    Governance best practices and use cases for IT

    Section 1

    Teams for IT

    Section 2

    Teams for end users

    From determining prerequisites to engaging end users.

    IT fundamentals
    • Creation process
    • Teams rollout
    Use cases
    • Retain and search for legal/regulatory compliance
    • Add an external user to a team
    • Delete/archive a team

    Overview: Creation process

    IT needs to be prepared to manage other dependent services when rolling out Teams. See the figure below for how Teams integrates with these other Office 365 applications.

    A flow chart outlining how Teams integrates with other Office 365 applications. Along the side are different applications, from the top: 'Teams client', 'OneDrive for Business', 'Sharepoint Online', 'Planner (Tasks for Teams)', 'Exchange Online', and 'Stream'. Along the top are services of 'Teams client', 'Files', 'Teams', 'Chat', 'Meeting', and 'Calls'.

    Which Microsoft 365 license do I need to access Teams?

    • Microsoft 365 Business Essentials
    • Microsoft 365 Business Premium
    • Office 365 Enterprise, E1, E3, or E5
    • Office 365 Enterprise E4 (if purchased prior to its retirement)

    Please note: To appeal to the majority of Info-Tech’s members, this blueprint refers to Teams in the context of Office 365 Enterprise licenses.

    Assign admin roles

    You will already have at least one global administrator from setting up Office 365.

    Global administrators have almost unlimited access to settings and most of the data within the software, so Microsoft recommends having only two to four IT and business owners responsible for data and security.

    Info-Tech Best Practice

    Configure multifactor authentication for your dedicated Office 365 global administrator accounts and set up two-step verification.

    Once you have organized your global administrators, you can designate your other administrators with “just-enough” access for managing Teams. There are four administrator roles:

    Teams Service Administrator Manage the Teams service; manage and create Microsoft 365 groups.
    Teams Communications Administrator Manage calling and meetings features with Teams.
    Teams Communications Support Engineer Troubleshoot communications issues within Teams using the advanced troubleshooting toolset.
    Teams Communications Support Specialist Troubleshoot communications issues using Call Analytics.

    Prepare the network

    There are three prerequisites before Teams can be rolled out:

    • UDP ports 3478 through 3481 are opened.
    • You have a verified domain for Office 365.
    • Office 365 has been rolled out, including Exchange Online and SharePoint Online.

    Microsoft then recommends the following checklist to optimize your Teams utilization:

    • Optimize calls and performance using the Call Quality Dashboard.
    • Assess network requirements in the Network Planner in the Teams admin center.
    • Ensure all computers running Teams client can resolve external DNS queries.
    • Check adequate public IP addresses are assigned to the NAT pools to prevent port exhaustion.
    • Route to local or regional Microsoft data centers.
    • Whitelist all Office 365 URLs to move through security layers, especially IDS/IPS.
    • Split tunnel Teams traffic so it bypasses your organization’s VPN.

    Info-Tech Best Practice

    For online support and walkthroughs, utilize Advisor for Teams. This assistant can be found in the Teams admin center.

    Team Creation

    You can create and manage Teams through the Teams PowerShell module and the Teams admin center. Only the global administrator and Teams service administrator have full administrative capabilities in this center.

    Governance over team creation intends to prevent “teams sprawl” – the phenomenon whereby end users create team upon team without guidance. This creates a disorganized interface, with issues over finding the correct team and sharing the right information.

    Prevent teams sprawl by painting the first picture for end users:

    1. Decide what kind of team grouping would best fit your organization: by department or by project.
    2. Start with a small number of teams before letting end users’ creativity take over. This will prevent initial death by notifications and support adoption.
    3. Add people or groups to these teams. Assign multiple owners for each team in case people move around at the start of rollout or someone leaves the organization.
    4. Each team has a general channel that cannot be removed. Use it for sharing an overview of the team’s goals, onboarding, and announcements.

    Info-Tech Best Practice

    For smaller organizations that are project-driven, organize teams by projects. For larger organizations with established, siloed departments, organize by department; projects within departments can become channels.

    Integrations with SharePoint Online

    Teams does not integrate with SharePoint Server.

    Governance of Teams is important because of how tightly it integrates with other Office 365 apps, including SharePoint Online.

    A poor rollout of Teams will have ramifications in SharePoint. A good rollout will optimize these apps for the organization.

    Teams and SharePoint integrate in the following ways:

    • Each team created in Teams automatically generates a SharePoint team site behind it. All documents and chat shared through a team are stored in that team’s SharePoint document library.
    • As such, all files shared through Teams are subject to SharePoint permissions.
    • Existing SharePoint folders can be tied to a team without needing to create a new one.
    • If governance over resource sharing in Teams is poor, information can get lost, duplicated, or cluttered throughout both Teams and SharePoint.

    Info-Tech Best Practice

    End users should be encouraged to integrate their teams and channels with existing SharePoint folders and, where no folder exists, to create one in SharePoint first before then attaching a team to it.

    Permissions

    Within the Teams admin center, the global or Teams service administrator can manage Teams policies.

    Typical Teams policies requiring governance include:

    • The extent end users can discover or create private teams or channels
    • Messaging policies
    • Third-party app use

    Chosen policies can be either applied globally or assigned to specific users.

    Info-Tech Best Practice

    If organizations need to share sensitive information within the bounds of a certain group, private channels help protect this data. However, inviting users into that channel will enable them to see all shared history.

    External and guest access

    Within the security and compliance center, the global or Teams service administrator can set external and guest access.

    External access (federation) – turned on by default.

    • Lets you find, call, and chat with users in other domains. External users will have no access to the organization’s teams or team resources.

    Guest access – turned off by default.

    • Lets you add individual users with their own email address. You do this when you want external users to access teams and team resources. Approved guests will be added to the organization’s active directory.

    If guest access is enabled, it is subject to Azure AD and Office 365 licensing and service limits. Guests will have no access to the following, which cannot be changed:

    • OneDrive for Business
    • An organization’s calendar/meetings
    • PSTN
    • Organization’s hierarchical chart
    • The ability to create, revise, or browse a team
    • Upload files to one-on-one chat

    Info-Tech Best Practice

    Within the security and compliance center, you can allow users to add sensitivity labels to their teams that can prevent external and guest access.

    Expiration and archiving

    To reduce the number of unused teams and channels, or delete information permanently, the global or Teams service administrator can implement an Office 365 group expiration and archiving policy through the Teams admin center.

    If a team has an expiration policy applied to it, the team owner will receive a notification for team renewal 30 days, 15 days, and 1 day before the expiry date. They can renew their team at any point within this time.

    • To prevent accidental deletion, auto-renewal is enabled for a team. If the team owner is unable to manually respond, any team that has one channel visit from a team member before expiry is automatically renewed.
    • A deleted Office 365 group is retained for 30 days and can be restored at any point within this time.

    Alternatively, teams and their channels (including private) can be archived. This will mean that all activity for the team ceases. However, you can still add, remove, and update roles of the members.

    Retention and data loss prevention

    Retention policies can be created and managed in the Microsoft 365 Compliance Center or the security and compliance center PowerShell cmdlets. This can be applied globally or to specific users.

    By default, information shared through Teams is retained forever.

    However, setting up retention policies ensures data is retained for a specified time regardless of what happens to that data within Teams (e.g. user deletes).

    Info-Tech Best Practice

    To prevent external or guest users accessing and deleting sensitive data, Teams is able to block this content when shared by internal users. Ensure this is configured appropriately in your organization:

    • For guest access in teams and channels
    • For external access in meetings and chat

    Please note the following limitations of Teams’ retention and data loss prevention:

    • Organization-wide retention policies will need to be manually inputted into Teams. This is because Teams requires a retention policy that is independent of other workloads.
    • As of May 2020, retention policies apply to all information in Teams except private channel messages. Files shared in private channels, though, are subject to retention policies.
    • Teams does not support advanced retention settings, such as a policy that pertains to specific keywords or sensitive information.
    • It will take three to seven days to permanently delete expired messages.

    Teams telephony

    Teams has built-in functionality to call any team member within the organization through VoIP.

    However, Teams does not automatically connect to the PSTN, meaning that calling or receiving calls from external users is not immediately possible.

    Bridging VoIP calls with the PSTN through Teams is available as an add-on that can be attached to an E3 license or as part of an E5 license.

    There are two options to enable this capability:

    • Enable Phone System. This allows for call control and PBX capabilities in Office 365.
    • Use direct routing. You can use an existing PSTN connection via a Session Border Controller that links with Teams (Amaxra).

    Steps to implement Teams telephony:

    1. Ensure Phone System and required (non-Microsoft-related) services are available in your country or region.
    2. Purchase and assign Phone System and Calling Plan licenses. If Calling Plans are not available in your country or region, Microsoft recommends using Direct Routing.
    3. Get phone numbers and/or service numbers. There are three ways to do this:
      • Get new numbers through the Teams admin center.
      • If you cannot get new numbers through the Teams admin center, you can request new numbers from Microsoft directly.
      • Port or transfer existing numbers. To do this, you need to send Microsoft a letter of authorization, giving them permission to request and transfer existing numbers on your behalf.
    4. To enable service numbers, including toll-free numbers, Microsoft recommends setting up Communications Credits for your Calling Plans and Audio Conferencing.

    Overview: Teams rollout

    1. From Skype (and Slack) to Teams
    2. Gain stakeholder purchase
    3. Employ a phased deployment
    4. Engage end users

    Skype for Business is being retired; Microsoft offers a range of transitions to Teams.

    Combine the best transition mode with Info-Tech’s adoption best practices to successfully onboard and socialize Teams.

    From Skype to Teams

    Skype for Business Online will be retired on July 31, 2021. Choose from the options below to see which transition mode is right for your organization.

    Skype for Business On-Premises will be retired in 2024. To upgrade to Teams, first configure hybrid connectivity to Skype for Business Online.

    Islands mode (default)

    • Skype for Business and Teams coexist while Teams is rolled out.
    • Recommended for phased rollouts or when Teams is ready to use for chat, calling, and meetings.
    • Interoperability is limited. Teams and Skype for Business only transfer information if an internal Teams user sends communications to an external Skype for Business user.

    Teams only mode (final)

    • All capabilities are enabled in Teams and Skype for Business is disabled.
    • Recommended when end users are ready to switch fully to Teams.
    • End users may retain Skype for Business to join meetings with non-upgraded or external parties. However, this communication is only initiated from the Skype for Business external user.

    Collaboration first mode

    • Skype for Business and Teams coexist, but only Teams’ collaboration capabilities are enabled. Teams communications capabilities are turned off.
    • Recommended to leverage Skype for Business communications yet utilize Teams for collaboration.

    Meetings first mode

    • Skype for Business and Teams coexist, but only Teams’ meetings capabilities are enabled.
    • Recommended for organizations that want to leverage their Skype for Business On-Premises’ Enterprise Voice capability but want to benefit from Teams’ meetings through VoIP.

    From Slack to Teams

    The more that’s left behind in Slack, the easier the transition. As a prerequisite, pull together the following information:

    • Usage statistics of Slack workspaces and channels
    • What apps end users utilize in Slack
    • What message history you want to export
    • A list of users whose Slack accounts can map on to required Microsoft accounts
    Test content migration

    Your Slack service plan will determine what you can and can’t migrate. By default, public channels content can be exported. However, private channels may not be exportable, and a third-party app is needed to migrate Direct Messages.

    Files migration

    Once you have set up your teams and channels in Teams, you can programmatically copy files from Slack into the target Teams channel.

    Apps migration

    Once you have a list of apps and their configurations used in Slack’s workspaces, you can search in Teams’ app store to see if they’re available for Teams.

    User identity migration

    Slack user identities may not map onto a Microsoft account. This will cause migration issues, such as problems with exporting text content posted by that user.

    Follow the migration steps to the right.

    Importantly, determine which Slack workspaces and channels should become teams and channels within Teams.

    Usage statistics from Slack can help pinpoint which workspaces and channels are redundant.

    This will help IT paint an ordered first picture for new Teams end users.

    1. Create teams and channels in Teams
    2. Copy files into Teams
    3. Install apps, configure Office 365 Connecters
    4. Import Slack history
    5. Disable Slack user accounts

    Info-Tech Best Practice

    Avoid data-handling violations. Determine what privacy and compliance regulations (if any) apply to the handling, storage, and processing of data during this migration.

    Gain stakeholder purchase

    Change management is a challenging aspect of implementing a new collaboration tool. Creating a communication and adoption plan is crucial to achieving universal buy-in for Teams.

    To start, define SMART objectives and create a goals cascade.

    Specific Measurable Actionable Realistic Time Bound
    Make sure the objective is clear and detailed. Objectives are `measurable` if there are specific metrics assigned to measure success. Metrics should be objective. Objectives become actionable when specific initiatives designed to achieve the objective are identified. Objectives must be achievable given your current resources or known available resources. An objective without a timeline can be put off indefinitely. Furthermore, measuring success is challenging without a timeline.
    Who, what, where, why? How will you measure the extent to which the goal is met? What is the action-oriented verb? Is this within my capabilities? By when: deadline, frequency?

    Sample list of stakeholder-specific benefits from improving collaboration

    Stakeholder Driver Benefits
    Senior Leadership Resource optimization Increased transparency into IT operational costs.
    Better ability to forecast hardware, resourcing costs.
    All employees Increasing productivity Apps deployed faster.
    Issues fixed faster.
    Easier access to files.
    Able to work more easily offsite.
    LBU-HR, legal, finance Mitigating risk Better able to verify compliance with external regulations.
    Better understanding of IT risks.
    Service desk Resource optimization Able to resolve issues faster.
    Fewer issues stemming from updates.
    Tier 2 Increasing productivity Less time spent on routine maintenance.

    Use these activities to define what pain points stakeholders face and how Teams can directly mitigate those pain points.

    (Source: Rationalize Your Collaboration Tools (coming soon), Activities: 3.1C – 3.1D)

    Employ a phased deployment

    Info-Tech Best Practice

    Deploy Teams over a series of phases. As such, if you are already using Skype for Business, choose one of the coexistence phases to start.

      1. Identify and pilot Teams with early adopters that will become your champions. These champions should be formally trained, be encouraged to help and train their colleagues, and be positively reinforced for their efforts.
      2. Iron out bugs identified with the pilot group and train middle management. Enterprise collaboration tool adoption is strongly correlated with leadership adoption.
        1. Top-level management
          Control and direct overall organization.
        2. Middle management
          Execute top-level management’s plans in accordance with organization’s norms.
        3. First-level management
          Execute day-to-day activities.
      3. Use Info-Tech’s one-pager marketing template to advertise the new tool to stakeholders. Highlight how the new tool addresses specific pain points. Address questions stemming from fear and uncertainty to avoid employees’ embarrassment or their rejection of the tool.
    A screenshot of Info-Tech's one-pager marketing template.
    1. Extend the pilot to other departments and continue this process for the whole organization.

    (Source: Rationalize Your Collaboration Tools (coming soon), Tools:GANTT Chart and Marketing Materials, Activities: 3.2A – 3.2B)

    Info-Tech Insight

    Be in control of setting and maintaining expectations. Aligning expectations with reality and the needs of employees will lower onboarding resistance.

    Engage end users

    Short-term best practices

    Launch day:
    • Hold a “lunch and learn” targeted training session to walk end users through common use cases.
    • Open a booth or virtual session (through Teams!) and have tool representatives available to answer questions.
    • Create a game to get users exploring the new tool – from scavenger hunts to bingo.
    Launch week:
    • Offer incentives for using the tool and helping others, including small gift cards.
    • Publicize achievements if departments hit adoption milestones.

    Long-term best practices

    • Make available additional training past launch week. End users should keep learning new features to improve familiarity.
    • Distribute frequent training clips, slowly exposing end users to more complex ways of utilizing Teams.
    • Continue to positively reinforce and recognize those who use Teams well. This could be celebrating those that help others use the tool, how active certain users are, and attendance at learning events.

    Info-Tech Best Practice

    Microsoft has a range of training support that can be utilized. From instructor-led training to “Coffee in the Cloud” sessions, leverage all the support you can.

    Use case #1: Retain and search data for legal/regulatory compliance

    Scenario:

    Your organization requires you to retain data and documents for a certain period of time; however, after this period, your organization wishes to delete or archive the data instead of maintaining it indefinitely. Within the timeframe of the retention policy, the admin may be asked to retrieve information that has been requested through a legal channel.

    Purpose:
    • Maintain compliance with the legal and regulatory standards to which the organization is subject.
    Jobs:
    • Ensure the data is retained for the approved time period.
    • Ensure the policy applies to all relevant data and users.
    Solution: Retention Policies
    • Ensure that your organization has an Office 365 E3 or higher license.
    • Set the desired retention policy through the Security & Compliance Center or PowerShell by deciding which teams, channels, chats, and users the policies will apply to and what will happen once the retention period ends.
    • Ensure that matching retention policies are applied to SharePoint and OneDrive, since this is where files shared in Teams are stored.
    • Be aware that Teams retention policies cannot be applied to messages in private channels.
    Solution: e-Discovery
    • If legally necessary, place users or Teams on legal hold in order to retain data that would be otherwise deleted by your organization’s retention policies.
    • Perform e-discovery on Teams messages, files, and summaries of meetings and calls through the Security & Compliance Center.
    • See Microsoft’s chart on the next slide for what is e-discoverable.

    Content subject to e-discovery

    Content type eDiscoverable Notes
    Teams chat messages Yes Chat messages from chats where guest users are the only participants in a 1:1 or 1:N chat are not e-discoverable.
    Audio recordings No  
    Private channel messages Yes  
    Emojis, GIFs, stickers Yes  
    Code snippets No  
    Chat links Yes  
    Reactions (likes, hearts, etc) No  
    Edited messages Yes If the user is on hold, previous versions of edited messages are preserved.
    Inline images Yes  
    Tables Yes  
    Subject Yes  
    Quotes Yes Quoted content is searchable. However, search results don’t indicate that the content was quoted.
    Name of channel No  

    E-discovery does not capture audio messages and read receipts in MS Teams.

    Since files shared in private channels are stored separately from the rest of a team, follow Microsoft’s directions for how to include private channels in e-discovery. (Source: “Conduct an eDiscovery investigation of content in Microsoft Teams,” Microsoft, 2020.)

    Use case #2: Add external person to a team

    Scenario:

    A team in your organization needs to work in an ongoing way with someone external to the company. This user needs access to the relevant team’s work environment, but they should not be privy to the goings-on in the other parts of the organization.

    Jobs:

    This external person needs to be able to:

    • Attend meetings
    • Join calls
    • Chat with individual team members
    • View and collaborate on the team’s files
    Solution:
    • If necessary, set a data loss prevention policy to prevent your users from sharing certain types of information or files with external users present in your organization’s Teams chats and public channels.
    • Ensure that your Microsoft license includes DLP protection. However:
      • DLP cannot be applied to private channel messages.
      • DLP cannot block messages from external Skype for Business users nor external users who are not in “Teams only” mode.
    • Ensure that you have a team set up for the project that you wish the external user to join. The external user will be able to see all the channels in this team, unless you create a private channel they are restricted from.
    • Complete Microsoft’s “Guest Access Checklist” to enable guest access in Teams, if it isn’t already enabled.
    • As admin, give the external user guest access through the Teams admin center or Azure AD B2B collaboration. (If given permission, team owners can also add guests through the Teams client).
    • Decide whether to set a policy to monitor and audit external user activity.

    Use case #3: Delete/archive a team

    Scenario:

    In order to avoid teams sprawl, organizations may want IT to periodically delete or archive unused teams within the Teams client in order to improve the user interface.

    Alternately, if you are using a project-based approach to organizing Teams, you may wish to formalize a process to archive a team once the project is complete.

    Delete:
    • Determine if the team owner anticipates the team will need to be restored one day.
    • Ensure that deletion does not contradict the organization’s retention policy.
    • If not, proceed with deletion. Find the team in the Teams admin center and delete.
    • Restore a deleted team within 30 days of its initial deletion through PowerShell.
    Archive:
    • Determine if the team owner anticipates the team will need to be restored one day.
    • Find the relevant team in the Teams admin center and change its status to “Archived.”
    • Restore the archived team if the workspace becomes relevant once again.

    Info-Tech Best Practice

    Remind end users that they can hide teams or channels they do not wish to see in their Teams interface. Knowing a team can be hidden may impact a team owner’s decision to delete it.

    Section 2: Teams for End Users

    Best practices for utilizing teams, channels, chat, meetings, and live events

    Section 1

    Teams for IT

    Section 2

    Teams for end users

    From Teams how-tos to common use cases for end users.

    End user basics
    • Teams, channels, and chat
    • Meetings and live events
    Common use cases: Workspaces
    • WS#1: Departments
    • WS#2: A cross-functional committee
    • WS#3: An innovation day event
    • WS#4: A non-work-related social event
    • WS#5: A project team with a defined end time
    Common use cases: Meetings
    • M#1: Job interview with an external candidate
    • M#2: Quarterly board meeting
    • M#3: Weekly recurring team meeting
    • M#4: Morning stand-up/scrum
    • M#5: Phone call between two people

    Overview: Teams, channels, and chat

    Teams

    • Team: A workspace for a group of collaborative individuals.
      • Public channel: A focused area where all members of a team can meet, communicate, and share ideas and content.
      • Private channel: Like a public channel but restricted to a subset of team members, defined by channel owner.

    Chat

    • Chat: Two or more users collected into a common conversation thread.
    (Source: “Overview of teams and channels in Microsoft Teams,” Microsoft, 2020.)

    For any Microsoft Teams newcomer, the differences between teams, channels, and chat can be confusing.

    Use Microsoft’s figure (left) to see how these three mediums differ in their role and function.

    Best practices: Workspaces 1/2

      Team
    A workspace for a group of collaborative individuals.
    Public Channel
    A focused area where all members of a team can meet, communicate, and share ideas and content.
    Private Channel
    Like a public channel but restricted to a subset of team members, defined by channel owner.
    Group Chat
    Two or more users collected into a common conversation thread.
    Limits and Administrative Control
    Who can create? Default setting: All users in an organization can create a team

    Maximum 500,000 teams per tenant

    Any member of a team can create a public channel within the team

    Maximum 200 public channels per team

    Any member of a team can create a private channel and define its members

    Maximum 30 private channels per team

    Anyone
    Who can add members? Team owner(s); max 5,000 members per team N/A Channel owner(s) can add up to 250 members Anyone can bring new members into the chat (and decide if they can see the previous history) up to 100 members
    Who can delete? Team owner/admin can delete Any team member Channel owner(s) Anyone can leave a chat but cannot delete chat, but they are never effectively deleted
    Social Context
    Who can see it? Public teams are indexed and searchable

    Private teams are not indexed and are visible only to joined members

    All members of the team can see all public channels. Channels may be hidden from view for the purposes of cleaning up the UI. Individuals will only see private channels for which they have membership Only participants in the group chat can see the group chat
    Who can see the content? Team members can see any content that is not otherwise part of a private channel All team members All members of the private channel Only members of the group chat

    When does a Group Chat become a Channel?

    • When it’s appropriate for the conversation to have a gallery – an audience of members who may not be actively participating in the discussion.
    • When control over who joins the conversation needs to be centrally governed and not left up to anyone in the discussion.
    • When the discussion will persist over a longer time period.
    • When the number of participants approaches 100.

    When does a Channel become a Team?

    • When a team approaches 30 private channels, many of those private channels are likely candidates to become their own team.
    • When the channel membership needs to extend beyond the boundary of the team membership.

    Best practices: Workspaces 2/2

      Team
    A workspace for a group of collaborative individuals.
    Public Channel
    A focused area where all members of a team can meet, communicate, and share ideas and content.
    Private Channel
    Like a public channel but restricted to a subset of team members, defined by channel owner.
    Group Chat
    Two or more users collected into a common conversation thread.
    Data and Applications
    Where does the content live? SharePoint: Every team resides in its own SharePoint site SharePoint: Each team (public and private) has its own folder off the root of the SharePoint site’s repository SharePoint: Each team (public and private) has its own folder off the root of the SharePoint site’s repository OneDrive: Files that are shared in a chat are stored in the OneDrive folder of the original poster and shared to the other members
    How does the data persist or be retained? If a team expires/is deleted, its corresponding SharePoint site and those artifacts are also deleted Available for 21 days after deletion. Any member of the team can delete a public channel. The team owner and private channel owner can delete/restore a private channel Chats are never effectively deleted. They can be hidden to clean up the user interface.
    Video N/A Yes, select “Meet now” in channel below text entry box Yes, select “Meet now” in channel below text entry box Yes
    Phone calls N/A Yes, select “Meet now” in channel below text entry box Yes, select “Meet now” in channel below text entry box Yes
    Shared computer audio/screen N/A Yes, select “Meet now” in channel below text entry box Yes, select “Meet now” in channel below text entry box Yes
    File-sharing Within channels Yes. Frequently used/collaborated files can be turned into discrete tab. Yes. Frequently used/collaborated files can be turned into discrete tab. Yes
    Wikis Within channels Yes Yes No
    Whiteboarding No No No No

    When does a Team become a Channel?

    • When a team’s purpose for existing can logically be subsumed by another team that has a larger scope.

    When does a Channel become a Group Chat?

    • When a conversation within a channel between select users does not pertain to that channel’s scope (or any other existing channel), they should move the conversation to a group chat.
    • However, this is until that group chat desires to form a channel of its own.

    Create a new team

    Team owner: The person who creates the team. It is possible for the team owner to then invite other members of the team to become co-owners to distribute administrative responsibilities.

    Team members: People who have accepted their invitation to be a part of the team.

    NB: Your organization can control who has permission to set up a team. If you can’t set a up a team, contact your IT department.

    Screenshots detailing how to create a new team in Microsoft Teams, steps 1 to 3. Step 1: 'Click the <Teams data-verified= tab on the left-hand side of the app'. Step 2: 'At the bottom of the app, click '. Step 3: 'Under the banner , click '.">

    Create a new team

    Screenshot detailing how to create a new team in Microsoft Teams, the step 4 starting point with an arrow pointing to the 'Build a team from scratch' button.

    Decide from these two options:

    • Building a team from scratch, which will create a new group with no prior history imported (steps 4.1–4.3).
    • Creating a team from an existing group in Office 365, including an already existing team (steps 4.4–4.6).

    NB: You cannot create a team from an existing group if:

    • That group has 5,000 members or more.
    • That group is in Yammer.

    Screenshot detailing how to create a new team in Microsoft Teams, step 4.1. There are buttons for 'Private' and 'Public'.

    Decide if you want you new team from scratch to be private or public. If you set up a private team, any internal or external user you invite into the team will have access to all team history and files shared.

    Screenshot detailing how to create a new team in Microsoft Teams, step 4.2 and 4.3. 4.2 has a space to give your team a name and another for a description. 4.3 says 'Then click <Create data-verified='.">

    Create a new team

    Screenshot detailing how to create a new team in Microsoft Teams, the step 4 starting point with an arrow pointing to the 'Create from...' button.

    Decide from these two options:

    • Building a team from scratch, which will create a new group with no prior history imported (steps 4.1–4.3).
    • Creating a team from an existing group in Office 365, including an already existing team (steps 4.4–4.6).

    NB: You cannot create a team from an existing group if:

    • That group has 5,000 members or more.
    • That group is in Yammer.

    Screenshot detailing how to create a new team in Microsoft Teams, step 4.4. It reads 'Create a new team from something you already own' with a button for 'Team'.

    Configure your new team settings, including privacy, apps, tabs, and members.

    Screenshot detailing how to create a new team in Microsoft Teams, step 4.5 and 4.6. 4.5 has a space to give your team a name, a description, choose privacy settings, and what you'd like to include from the original team. 4.6 says 'Then click <Create data-verified='.">

    Add team members

    Remove team members

    Screenshot detailing how to add team members in Microsoft Teams, step 1.

    To add a team member, on the right-hand side of the team name, click “More options.”

    Then, from the drop-down menu, click “Add member.”

    Screenshot detailing how to remove team members in Microsoft Teams, step 1.

    Only team owners can remove a team member. To do so, on the right-hand side of the team name, click “More options.”

    Then, from the drop-down menu, click “Manage team.”

    Screenshot detailing how to add team members in Microsoft Teams, step 2.

    If you’re a team owner, you can then type a name or an email address to add another member to the team.

    If you’re a team member, typing a name or an email address will send a request to the team owner to consider adding the member.

    Screenshot detailing how to remove team members in Microsoft Teams, step 2.

    Under the “Members” tab, you’ll see a list of the members in the team. Click the “X” at the far right of the member’s name to remove them.

    Team owners can only be removed if they change their role to team member first.

    Create a new channel

    Screenshot detailing how to create a new channel in Microsoft Teams, step 1.

    On the right-hand side of the team name, click “More options.”

    Then, from the drop-down menu, click “Add channel.”

    Screenshot detailing how to create a new channel in Microsoft Teams, step 2.

    Name your channel, give a description, and set your channel’s privacy.

    Screenshot detailing how to create a new channel in Microsoft Teams, step 3.

    To manage subsequent permissions, on the right-hand side of the channel name, click “More options.”

    Then, from the drop-down menu, click “Manage channel.”

    Adding and removing members from channels:

    Only members in a team can see that team’s channels. Setting channel privacy as “standard” means that the channel can be accessed by anyone in a team. Unless privacy settings for a channel are set as “private” (from which the channel creator can choose who can be in that channel), there is no current way to remove members from channels.

    It will be up to the end user to decide which channels they want to hide.

    Link team/channel to SharePoint folder

    Screenshot detailing how to link a team or channel to a SharePoint folder in Microsoft Teams, steps 1, 2, and 3. Step 1: 'Along the top of the team/channel tab bar, click the “+” symbol'. Step 2: 'Select “Document Library” to link the team/channel to a SharePoint folder'. Step 3: 'Copy and paste the SharePoint URL for the desired folder, or search in “Relevant sites” if the folder can be found there'.

    Need to find the SharePoint URL?

    Screenshot detailing how to find the SharePoint URL in Microsoft Teams. 'Locate the folder in SharePoint and click <Show actions data-verified=', 'Click to access the folder's SharePoint URL.'">

    Hide/unhide teams

    Hide/unhide channels

    Screenshot detailing how to hide and unhide teams in Microsoft Teams, step 1.

    To hide a team, on the right-hand side of the team name, click “More options.”

    Then, from the drop-down menu, click “Hide.” Hidden teams are moved to the “hidden teams” menu at the bottom of your team list.

    Screenshot detailing how to hide and unhide channels in Microsoft Teams, step 1.

    To hide a channel, on the right-hand side of the channel name, click “More options.”

    Then, from the drop-down menu, click “Hide.” Hidden channels are moved to the “hidden channels” menu at the bottom of your channel list in that team.

    Screenshot detailing how to hide and unhide teams in Microsoft Teams, step 2. Screenshot of a button that says 'Hidden teams'.

    To unhide a team, click on the “hidden teams” menu. On the right-hand side of the team name, click “More options.”

    Then, from the drop-down menu, click “Show.”

    Screenshot detailing how to hide and unhide channels in Microsoft Teams, step 2.

    To unhide a channel, click on the “hidden channels” menu at the bottom of the team. This will produce a drop-down menu of all hidden channels in that team.

    Hover over the channel you want to unhide and click “Show.”

    Find/join teams

    Leave teams

    Screenshot detailing how to find and join teams in Microsoft Teams, step 1. Click the “Teams” tab on the left-hand side of the app. Screenshot detailing how to find and join teams in Microsoft Teams, step 2.

    At the bottom of the app, click “Join or create a team.” Teams will then suggest a range of teams that you might be looking for. You can join public teams immediately. You will have to request approval to join a private team.

    Screenshot detailing how to leave teams in Microsoft Teams.

    To leave a team, on the right-hand side of the team name, click “More options.”

    Then, from the drop-down menu, click “Leave the team.”

    NB: If the owner of a private team has switched off discoverability, you will have to contact that owner to join that team. Screenshot detailing how to find and join teams in Microsoft Teams, step 3. If you can’t immediately see the team, you have two options: either search for the team or enter that team’s code under the banner “Join a team with a code.” Can I find a channel?

    No. To join a channel, you need to first join the team that channel belongs to.

    Can I leave a channel?

    No. The most you can do is hide the channel. By default, if you join a team you will have access to all the channels within that team (unless a channel is private, in which case you’ll have to request access to that channel).

    Create a chat

    Screenshots detailing how to create a chat in Microsoft Teams, steps 1 to 5. Step 1:'Click the “Chat” tab on the left hand side of the app (or keyboard shortcut Ctrl+N)'. Step 2: 'Search the name of the person you want to chat with'. Step 3: 'You’re now ready to start the chat! You can also send a chat message while working in a separate channel by typing/chat into the search bar and entering the recipient’s name'. Step 4: 'For group chat, click the “Add people” button in the top right hand corner of the app to add other persons into the existing chat'. Step 5: 'You can then rename the group chat (if there are 3+ people) by clicking the “Name group chat” option to the right of the group chat members’ names'.

    Hide a chat

    Unhide a chat

    Screenshots detailing how to hide a chat in Microsoft Teams, steps 1 to 3. Step 1:'Click the “Chat” tab on the left-hand side of the app'. Step 2: 'Search the name of the chat or group chat that you want to hide'. Step 3: In either 'Single person chat options' or 'Group chat options' Click “More options.” Then click “Hide.”' To unhide a chat, search for the hidden person or name of the group chat in the search bar. Click “More options.” Then click “Unhide.” Screenshot detailing how to unhide a chat in Microsoft Teams.

    Leave a chat

    You can only leave group chats. To do so, click “More options.” Then click “Leave.” Screenshot detailing how to leave a chat in Microsoft Teams.

    Overview: Meetings and live events

    Teams Meetings: Real-time communication and collaboration between a group, limited to 250 people.

    Teams Live Events: designed for presentations and webinars to a large audience of up to 10,000 people, in which attendees watch rather than interact.

     

    Office 365 and Microsoft 365 Licenses

    I want to: F1 F3 E1 E3 E5 Audio conferencing add-on
    Join a Teams meeting No license required. Any email address can participate in a Teams meeting.
    Attend a Teams meeting with a dial-in phone number No license required. Any phone number can dial into a Teams meeting. (Meeting organizers need to have an Audio Conferencing add-on license to send an invite that includes dial-in conferencing.)
    Attend a Teams live event No license required. Any phone number can dial into a Teams live event.
    Create a Teams meeting for up to 250 attendees   One of these licensing plans
    Create a Teams meeting for up to 250 attendees with a dial-in phone number   One of these licensing plans + Audio Conferencing (Meeting organizers need to have an Audio Conferencing add-on license to send an invite that includes dial-in conferencing.)
    Create a Teams live event for up to 10,000 attendees     One of these licensing plans
    Dial out from a Teams meeting to add someone at their Call me at number   One of these licensing plans + Audio Conferencing (Meeting dial out to a Call me at number requires organizers to have an E5 or Audio Conference add-in license. A dial plan may also be needed.)

    Depending on the use case, end users will have to determine whether they need to hold a meeting or a live event.

    Use Microsoft’s table (left) to see what license your organization needs to perform meetings and live events.

    (Source: “Admin quick start – Meetings and live events in Microsoft Teams,” Microsoft, 2020.)

    Best practices: Meetings

      Ad Hoc Call
    Direct audio/video call
    Scheduled Meeting Live Event
    Limits and Administrative Control
    Who can create? Anyone Anyone Anyone, unless altered by admin (permission to create MS Stream events also required if external production tools are used).
    Who can add members? Anyone in the session. The meeting organizer can add new attendees to the meeting. The event creator (the “organizer”) sets attendee permissions and assigns event group roles (“producer” and “presenter”).
    Can external stakeholders attend? Yes, through email invite. However, collaboration tools are restricted. Yes, through email invite. However, collaboration tools are restricted. Public events: yes, through shared invite link.
    Org-wide event: yes, if guest/external access granted.
    Who can delete? Anyone can leave the session. There is no artifact to delete. The meeting organizer Any attendee can leave the session.
    The organizer can cancel the event.
    Maximum attendees 100 250 10,000 attendees and 10 active presenters/producers (250 presenters and producers can be present at the event).
    Social Context
    How does the request come in? Unscheduled.
    Notification of an incoming audio or video call.
    Scheduled.
    Meeting invite, populated in the calendar, at a scheduled time.
    Meeting only auto-populated in event group’s calendars. Organizer must circulate event invite link to attendees – for instance, by pasting link into an Outlook meeting invite.
    Available Functionality
    Screen-sharing Yes Yes Producers and Presenters (through Teams, no third-party app).
    Whiteboard No Yes Yes
    OneNote (for minutes) Yes (from a member’s OneDrive) Yes, part of the meeting construct. No. A Meeting Notes tab is available instead.
    Dedicated chat space Yes. Derived from a group chat. Meeting has its own chat room. The organizer can set up a moderated Q&A (not chat) when creating the event. Only Presenters and Producers can chat.
    Recording Yes Yes Yes. Event can last up to 4 hours.

    When should an Ad Hoc Call become a Scheduled Meeting?

    • When the participants need time to prepare content for the call.
    • When an answer is not required immediately.
    • When bringing a group of people together requires logistical organizing.

    When should a Scheduled Meeting become an Ad Hoc Call?

    • When the participants can meet on short notice.
    • When a topic under discussion requires creating alignment quickly.

    When should a Live Event be created?

    • When the expected attendance exceeds 250 people.
    • If the event does not require collaboration and is mostly a presenter conveying information.

    Create a scheduled meeting

    Screenshots detailing how to create a scheduled meeting in Microsoft Teams, steps 1 to 4. Step 1:'Click the “Calendar” tab on the left-hand side of the app'. Step 2: 'On the top-right of the app, click the drop-down menu for “+ New meeting” and then “Schedule meeting.”' Step 3: 'Fill in the meeting details. When inputting internal attendees, their names will drop down without needing their email. You will need to input email addresses for external attendees'. Step 4: 'To determine internal attendees’ availability, click “Scheduling assistant” on the top left. Then click “Save” to create the meeting'.

    Create an ad hoc meeting

    Screenshots detailing how to create an ad hoc meeting in Microsoft Teams, steps 1 to 4. Step 1:'Click the “Calendar” tab on the left-hand side of the app'. Step 2: 'Along the top-right, click “Meet now.”' Step 3: 'Name your meeting, choose your audio and video settings, and click “Join now.”'. Step 4: 'To determine internal attendees’ availability, click “Scheduling assistant” on the top left. Then click “Save” to create the meeting. You’ll then be prompted to fill in the meeting details. When inputting internal attendees, their names will drop down without needing their email. You will need to input email addresses for external attendees'.

    Tip: Use existing channels to host the chatrooms for your online meetings

    When you host a meeting online with Microsoft Teams, there will always be a chatroom associated with the meeting. While this is a great place for meeting participants to interact, there is one particular downside.

    Problem: The never-ending chat. Often the activity in these chatrooms can persist long after the meeting. The chatroom itself becomes, unofficially, a channel. When end users can’t keep up with the deluge of communication, the tools have failed them.

    Solution: Adding an existing channel to the meeting. This ensures that discussion activity is already hosted in the appropriate venue for the group, during and after the meeting. Furthermore, it provides non-attendees with a means to catch up on the discussion they have missed.

    In section two of this cookbook, we will often refer to this tactic.

    A screenshot detailing how to add an existing channel to a meeting in Microsoft Teams. 'Break the habit of online booking meetings in Outlook – use the Teams Calendar View instead! In order to make use of this function, the meeting must be setup in Microsoft Teams, not Microsoft Outlook. The option to assign a channel to the meeting will then be available to the meeting organizer.'

    Don’t have a channel for the chat session of your online meeting? Perhaps you should!

    If your meeting is with a group of individuals that will be collaborating frequently, they may need a workspace that persists beyond the meeting.

    Guests can still attend the meeting, but they can’t chat!

    If there are attendees in your meeting that do not have access to the channel you select to host the chat, they will not see the chat discussion nor have any ability to use this function.

    This may be appropriate in some cases – for example, a vendor providing a briefing as part of a regular team meeting.

    However, if there are attendees outside the channel membership that need to see the meeting chat, consider another channel or simply default to not assigning one.

    Meeting settings explained

    Show device settings. For settings concerning audio, video, and whether viewing is private.

    Show meeting notes. Use to take notes throughout the meeting. The notes will stay attached to this event.

    Show meeting details. Find meeting information for: a dial-in number, conference ID, and link to join.

    Enter full screen.

    Show background effects. Choose from a range of video backgrounds to hide/blur your location.

    Turn on the captions (preview). Turn on live speech-to-text captions.

    Keypad. For dialing a number within the meeting (when enabled as an add-on with E3 or as part of E5).

    Start recording. Recorded and saved using Microsoft Stream.

    End meeting.

    Turn off incoming video. To save network bandwidth, you can decline receiving attendee’s video.

    Click “More options” to access the meetings settings.

    Screen share. In the tool tray, select “Share” to share your screen. Select particular applications if you only want to share certain information; otherwise, you can share your whole desktop.

    System audio share. To share your device’s audio while screen sharing, checkbox the “Include system audio” option upon clicking “Share.”

    If you didn’t click that option at the start but now want to share audio during screen share, click the “Include systems audio” option in the tool tray along the top of the screen.

    Give/take control of screen share. To give control, click “Give control” in the tool tray along the top of the screen when sharing content. Choose from the drop-down who you would like to give control to. In the same spot, click “Take back control” when required.

    To request control, click “Request control” in the same space when viewing someone sharing their content. Click “Release control” once finished.

    Start whiteboarding

    1. You’ll first need to enable Microsoft Whiteboard in the Microsoft 365 admin center. Ask your relevant admin to do so if Whiteboard is not already enabled.
    2. Once enabled, click “Share” in a meeting. This feature only appears if you have 3+ participants in the meeting.
    3. Under the “Whiteboard” section in the bottom right, click “Microsoft Whiteboard.”
    4. Click the pen icons to the right of the screen to begin sketching.

    NB: Anonymous, federated, or guest users are currently not supported to start, view, or ink a whiteboard in a Teams meeting.

    Will the whiteboard session be recorded if the meeting is being recorded?

    No. However, the final whiteboard will be available to all meeting attendees after the meeting, under “Board Gallery” in the Microsoft Whiteboard app. Attendees can then continue to work on the whiteboard after the meeting has ended.

    Create a live event

    Screenshots detailing how to create a live event in Microsoft Teams, steps 1 to 3. Step 1: 'Click the “Calendar” tab on the left-hand side of the app'. Step 2: 'On the top right of the app, click the drop-down menu for “+ New meeting” and then “Live event.”' Step 3: 'You will be labeled the “Event organizer.” First, fill in the live event details on the left'. Screenshot detailing how to create a live event in Microsoft Teams, step 4.

    As the organizer, you can invite other people to the event who will be the “producers” or “presenters.”

    Producers: Control the live event stream, including being able to start and stop the event, share their own and others’ video, share desktop or window, and select layout.

    Presenters: Present audio, video, or a screen.

    Screenshot detailing how to create a live event in Microsoft Teams, step 5.

    Select who your audience will be for your live event from three options: specified people and groups, the organization, or the public with no sign-in required.

    Edit the setting for whether you want recording to be available for attendees.

    Then click “Schedule” to finish.

    Live event settings explained

    When you join the live event as a producer/presenter, nothing will be immediately broadcast. You’ll be in a pre-live state. Decide what content to share and in what order. Along the bottom of the screen, you can share your video and audio, share your screen, and mute incoming attendees.

    Once your content is ready to share along the bottom of the screen, add it to the screen on the left, in order of viewing. This is your queue – your “Pre-live” state. Then, click “Send now.”

    This content will now move to the right-hand screen, ready for broadcasting. Once you’re ready to broadcast, click “Start.” Your state will change from “Pre-live” to “Live.”

    Along the top right of the app will be a tools bar.

    Screenshot listing live events settings icons in Microsoft Teams. Beside the heart monitor icon is 'Monitor health and performance of network, devices, and media sharing'. Beside the notepad icon is 'Take meeting notes'. Beside the chatbox icon is 'Chat function'. Beside the two little people with a plus sign icon is 'Invite and show participants'. Beside the gear icon is 'Device settings'. Beside the small 'i' in a circle is 'Meeting details, including schedule, meeting link, and dial-in number'.

    Workspace #1: Departments

    Scenario: Most of your organization’s communication and collaboration occurs within its pre-existing departmental divisions.

    Conventional communication channels:

    • Oral communication: Employees work in proximity to each other and communicate in person, by phone, in department meetings
    • Email: Department-wide announcements
    • Memos: Typically posted/circulated in mailboxes

    Solution: Determine the best way to organize your organization’s departments in Teams based on its size and your requirements to keep information private between departments.

    Option A:

    • Create a team for the organization/division.
    • Create channels for each department. Remember that all members of a team can view all public channels created in that team and the default General channel.
    • Create private channels if you wish to have a channel that only select members of that team can see. Remember that private channels have some limitations in functionality.

    Option B:

    • Create a new team for each department.
    • Create channels within this team for projects or topics that are recurring workflows for the department members. Only department members can view the content of these channels.

    Option C:

    • Post departmental memos and announcements in the General channel.
    • Use “Meet now” in channels for ad hoc meetings. For regular department meetings, create a recurring Teams calendar event for the specific department channel (Option A) or the General channel (Option B). Remember that all members of a team can join a public channel meeting.

    Workspace #2: A cross-functional committee

    Scenario: Your organization has struck a committee composed of members from different departments. The rest of the organization should not have access to the work done in the committee.

    Purpose: To analyze a particular organizational challenge and produce a plan or report; to confidentially develop or carry out a series of processes that affect the whole organization.

    Jobs: Committee members must be able to:

    • Attend private meetings.
    • Share files confidentially.

    Solution:

    Ingredients:

    • Private team

    Construction:

    • Create a new private team for the cross-functional committee.
    • Add only committee members to the team.
    • Create channels based on the topics likely to be the focal point of the committee work.
    • Decide how you will use the mandatory General channel. If the committee is small and the work limited in scope, this channel may be the main communication space. If the committee is larger or the work more complex, use the General channel for announcements and move discussions to new topic-related channels.
    • Schedule recurring committee meetings in the Teams calendar. Add the relevant channel to the meeting invite to keep the meeting chat attached to this team and channel (as meeting organizer, put your name in the meeting invite notes, as the channel will show as the organizer in the Outlook invite).
    • Remember that all members of this team will have access to these meetings and be able to view that they are occurring.

    Workspace #3: An innovation day event

    Scenario: The organization holds a yearly innovation day event in which employees form small groups and work on a defined, short-term problem or project.

    Purpose: To develop innovative solutions and ideas.

    Jobs:

    • Convene small groups.
    • Work toward time-sensitive goals.
    • Communicate synchronously.
    • Share files.

    Solution:

    Ingredients:

    • Public team
    • Channel tabs
    • Whiteboard
    • Planner

    Construction:

    • Create a team for the innovation day event.
    • Add channels for each project working group.
    • Communicate to participants the schedule for the day and their assigned channel.
    • Use the General channel for announcements and instructions throughout the day. Ensure someone moderates the General channel for participants’ questions.
    • Pre-populate the channel tabs with files the participants need to work with. To add a scrum board, refer to M#4 (Morning stand-up/Scrum) in this slide deck.
    • For breakouts, instruct participants to use the “meet now” feature in their channel and how to use the Whiteboard during these meetings.
    • Arrange to have your IT admin archive the team after a certain point so the material is still viewable but not editable.

    Workspace #4: A non-work-related social event

    Scenario: Employees within the organization wish to organize social events around shared interests: board game clubs, book clubs, TV show discussion groups, trivia nights, etc.

    Purpose: To encourage cohesion among coworkers and boost morale.

    Jobs:

    • Schedule the event.
    • Invite participants.
    • Prepare the activity.
    • Host and moderate the discussion.

    Solution:

    Ingredients:

    • Public team
    • Private channels
    • Screen-sharing

    Construction:

    • Create a public team for the social event so that interested people can find and join it.
    • Example: Trivia Night
      • Schedule the event in the Teams calendar.
      • Publish the link to the Trivia Night team where other employees will see it.
      • Create private channels for each trivia team so they cannot see the other competitors’ discussions. Add yourself to each private channel so you can see their answers.
      • As the host, begin a meeting in the General channel. Pose the trivia questions live or present the questions on PowerPoint via screen-sharing.
      • Ask each team to post its answers to its private channel.
    • To avoid teams sprawl, ask your IT admin to set a deletion policy for the team, as long as this request does not contradict your organization’s policies on data retention. If the team becomes moribund, it can be set to auto-delete after a certain period of time.

    Workspace #5: A project team with a defined end time

    Scenario: Within a department/workplace team, employees are assigned to projects with defined end times, after which they will be assigned to a new project.

    Purpose: To complete project-based work that fulfills business needs.

    Jobs:

    • Oral communication with team members.
    • Synchronous and asynchronous work on project files.
    • The ability to attend scheduled meetings and ad hoc meetings.
    • The ability to access shared resources related to the project.

    Solution:

    If your working group already has its own team within Teams:

    • Create a new public or private channel for the project. Remember that some functionality is not available in private channels (such as Microsoft Planner).
    • Use the channel for the project team’s meetings (scheduled in Teams calendar or through Meet Now).
    • Add a tab that links to the team’s project folder in SharePoint.

    If your workplace team does not already have its own team in Teams:

    • Determine if there is a natural fit for this project as a new channel in an existing team. Remember that all team members will be able to see the channel if it is public and that all relevant project members need to belong to the Team to participate in the channel.
    • If necessary, create a new team for the project. Add the project members.
    • Create channels based on the type of work that comprises the project.
    • Use the channel for the project team’s meetings (scheduled in Teams calendar or through Meet Now)
    • Add a tab to link to the team’s project folder in SharePoint.

    Info-tech Best Practice

    Hide the channel after the project concludes to de-clutter your Teams user interface.

    Meeting #1: Job interview with external candidate

    Scenario: The organization must interview a slate of candidates to fill an open position.

    Purpose:

    • Select the most qualified candidate for the job.

    Jobs:

    • Create a meeting, ensuring the candidate and other attendees know when and where the meeting will happen.
    • Ensure the meeting is secure to protect confidential information.
    • Ensure the meeting is accessible, allowing the candidate to present themselves through audio and/or visual means.
    • Create a professional environment for the meeting to take place.
    • Engender a space for the candidate to share their CV, research, or other relevant file.
    • The interview must be transcribed and recorded.

    Solution:

    Ingredients:

    • Private Teams meeting
    • Screen-sharing
    • Microsoft Stream

    Construction:

    • Create a Teams meeting, inviting the candidate with their email, alongside other internal attendees. The Teams meeting invite will auto-generate a link to the meeting itself.
    • The host can control who joins the meeting through settings for the “lobby.”
    • Through the Teams meeting, the attendees will be able to use the voice and video chat functionality.
    • All attendees can opt to blur their backgrounds to maintain a professional online presence.
    • The candidate can share their screen, either specific applications or their whole desktop, during the Teams meeting.
    • A Teams meeting can be recorded and transcribed through Stream. After the meeting, the transcript can be searched, edited, and shared

    NB: The external candidate does not need the Teams application. Through the meeting invite, the external candidate will join via a web browser.

    Meeting #2: Quarterly board meeting

    Scenario: Every quarter, the organization holds its regular board meeting.

    Purpose: To discuss agenda items and determine the company’s future direction.

    Jobs:

    During meeting:
      • Attendance and minutes must be taken.
      • Votes must be recorded.
      • In-camera sessions must occur.
      • External experts must be included.
    After meeting:
    • Follow-up items must be assigned.
    • Reports must be submitted.

    Solution:

    Ingredients:

    • Teams calendar invite
    • Planner; Forms
    • Private channel
    • Microsoft Stream

    Construction:

    • Guest Invite: Invites can be sent to any non-domain-joined email address to join a private, invitation-only channel within the team controlled by the board chair.
    • SharePoint & Flow: Documents are emailed to the Team addresses, which kicks off an MS Flow routine to collect review notes.
    • Planner: Any board member can assign tasks to any employee.
    • Forms/Add-On: Chair puts down the form of the question and individual votes are tracked.
    • Teams cloud meeting recording: Recording available through Stream. Manual edits can be made to VTT caption file. Greater than acceptable transcription error rate.
    • Meeting Log: Real-time attendance is viewable but a point-in-time record needs admin access.

    NB: The external guests do not need the Teams application. Through the meeting invite, the guests will join via a web browser.

    Meeting #3: Weekly team meeting

    Scenario: A team meets for a weekly recurring meeting. The meeting is facilitated by the team lead (or manager) who addresses through agenda items and invites participation from the attendees.

    Purpose: The purpose of the meeting is to:

    • Share information verbally
    • Present content visually
    • Achieve consensus
    • Build team morale

    Jobs: The facilitator must:

    • Determine participants
    • Book room
    • Book meeting in calendar

    Solution:

    Ingredients:

    • Meeting Place: A channel in Microsoft Teams (must be public) where all members of the meeting make up the entirety of the audience.
    • Calendar Recurrence: A meeting is booked through Teams and appears in all participants’ Outlook calendar.
    • Collaboration Space: Participants join the meeting through video or audio and can share screens and contribute text, images, and links to the meeting chat.

    Construction:

    • Ensure your team already has a channel created for it. If not, create one in the appropriate team.
    • Create the meeting using the calendar view within Microsoft Teams:
      • Set the meeting’s name, attendees, time, and recurrence.
      • Add the team channel that serves as the most appropriate workplace for the meeting. (Any discussion in the meeting chat will be posted to this channel.)

    NB: Create the meeting in the Teams calendar, not Outlook, or you will not be able to add the Teams channel. As meeting organizer, put your name in the meeting invite notes, as the channel will show as the organizer in the Outlook invite.

    Meeting #4: Morning stand-up/scrum

    Scenario: Each morning, at 9am, members of the team meet online.

    Purpose: After some pleasantries, the team discusses what tasks they each plan to complete in the day.

    Jobs: The team leader (or scrum master) must:

    • Place all tasks on a scrum board, each represented by a sticky note denoting the task name and owner.
    • Move the sticky notes through the columns, adjusting assignments as needed.
    • Sort tasks into the following columns: “Not Started,” “In Progress,” and “Done.”

    Solution:

    Ingredients:

    • Meeting Place: A channel in Microsoft Teams (must be public) where all members of the meeting make up the entirety of the audience.
    • Scrum Board: A tab within that channel where a persistent scrum board has been created and is visible to all team members.

    Meeting Place Construction:

    • Create the meeting using the calendar view in Teams.
    • Set the meeting’s name, attendees, time, and work-week daily recurrence (see left).
    • Add the channel that is the most appropriate workplace for the meeting. Any meeting chat will be posted to this channel rather than a separate chat.

    Scrum Board Construction:

    • Add a tab to the channel using Microsoft Planner as the app. (You can use other task management apps such as Trello, but the identity integration of first-party Office 365 tools may be less hassle.)
    • Create a new (or import an existing) Plan to the channel. This will be used as the focal point.

    Meeting #5: Weekly team meeting

    Scenario: An audio-only conversation that could be a regularly scheduled event but is more often conducted on an ad-hoc basis.

    Purpose: To quickly share information, achieve consensus, or clarify misunderstandings.

    Jobs:

    • Dial recipient
    • See missed calls
    • Leave/check voicemail
    • Create speed-dial list
    • Conference call

    Solution:

    Ingredients:

    • Audio call begun through Teams chat.

    Construction:

    • Voice over IP calls between users in the same MS Teams tenant can begin in multiple ways:
      • A call can be initiated through any appearance of a user’s profile picture: hover over user’s profile photo in the Chat list and select the phone icon.
      • Enter your last chat with a user and click phone icon in upper-right corner.
      • Go to the Calls section and type the name in the “Make a call” text entry form.
    • Voicemail: Voicemail, missed calls, and call history are available in the Calls section.
    • Speed dial: Speed dial lists can be created in the Calls section.
    • Conference call: Other users can be added to an ongoing call.

    NB: Microsoft Teams can be configured to provide an organization’s telephony for external calls, but this requires an E5 license. Additional audio-conferencing licenses are required to call in to a Teams meeting over a phone.

    Bibliography 1/4

    Section 1: Teams for IT › Creation Process

    Overview: Creation process
    Assign admin roles
    Prepare the network
    Team creation
    Integrations with SharePoint Online
    Permissions

    Bibliography 2/4

    Section 1: Teams for IT › Creation Process (cont'd.)

    External and guest access
    Expiration and archiving
    Retention and data loss prevention
    Teams telephony

    Bibliography 3/4

    Section 1: Teams for IT › Teams Rollout

    From Skype to Teams
    From Slack to Teams
    Teams adoption

    Section 1: Teams for IT › Use Cases

    Bibliography 4/4

    Section 2: Teams for End Users › Teams, Channels, Chat

    Section 2: Teams for End Users › Meetings and Live Events

    Section 2: Teams for End Users › Use Cases

    Develop a Cloud Testing Strategy for Today's Apps

    • Buy Link or Shortcode: {j2store}470|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Cloud Strategy
    • Parent Category Link: /cloud-strategy
    • The growth of the Cloud and the evolution of business operations have shown that traditional testing strategies do not work well with modern applications.
    • Organizations require a new framework around testing cloud applications that account for on-demand scalability and self-provisioning.
    • Expectations of application consumers are continually increasing with speed-to-market and quality being the norm.

    Our Advice

    Critical Insight

    • Cloud technology does not change the traditional testing processes that many organizations have accepted and adopted. It does, however, enhance traditional practices with increased replication capacity, execution speed, and compatibility through its virtual infrastructure and automated processes. Consider these factors when developing the cloud testing strategy.
    • Involving the business in strategy development will keep them engaged and align business drivers with technical initiatives.
    • Implement cloud testing solutions in a well-defined rollout process to ensure business objectives are realized and cloud testing initiatives are optimized.
    • Cloud testing is green and dynamic. Realize the limitations of cloud testing and play on its strengths.

    Impact and Result

    • Engaging in a formal and standardized cloud testing strategy and consistently meeting business needs throughout the organization maintains business buy-in.
    • The Cloud compounds the benefits from virtualization and automation because of the Cloud’s scalability, speed, and off-premise and virtual infrastructure and data storage attributes.
    • Cloud testing presents a new testing avenue. Realize that only certain tests are optimized in the Cloud, i.e., load, stress, and functional testing.

    Develop a Cloud Testing Strategy for Today's Apps Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Develop a cloud testing strategy.

    Obtain organizational buy-ins and build a standardized and formal cloud testing strategy.

    • Storyboard: Develop a Cloud Testing Strategy for Today's Apps
    • None

    2. Assess the organization's readiness for cloud testing.

    Assess your people, process, and technology for cloud testing readiness and realize areas for improvement.

    • Cloud Testing Readiness Assessment Tool

    3. Plan and manage the resources allocated to each project task.

    Organize and monitor cloud project planning tasks throughout the project's duration.

    • Cloud Testing Project Planning and Monitoring Tool
    [infographic]

    Reduce Manual Repetitive Work With IT Automation

    • Buy Link or Shortcode: {j2store}458|cart{/j2store}
    • member rating overall impact (scale of 10): 9.5/10 Overall Impact
    • member rating average dollars saved: $34,099 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management
    • IT staff are overwhelmed with manual repetitive work.
    • You have little time for projects.
    • You cannot move as fast as the business wants.

    Our Advice

    Critical Insight

    • Optimize before you automate.
    • Foster an engineering mindset.
    • Build a process to iterate.

    Impact and Result

    • Begin by automating a few tasks with the highest value to score quick wins.
    • Define a process for rolling out automation, leveraging SDLC best practices.
    • Determine metrics and continually track the success of the automation program.

    Reduce Manual Repetitive Work With IT Automation Research & Tools

    Start here – read the Executive Brief

    Read this Executive Brief to understand why you should reduce manual repetitive work with IT automation.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify automation candidates

    Select the top automation candidates to score some quick wins.

    • Reduce Manual Repetitive Work With IT Automation – Phase 1: Identify Automation Candidates
    • IT Automation Presentation
    • IT Automation Worksheet

    2. Map and optimize process flows

    Map and optimize process flows for each task you wish to automate.

    • Reduce Manual Repetitive Work With IT Automation – Phase 2: Map & Optimize Process Flows

    3. Build a process for managing automation

    Build a process around managing IT automation to drive value over the long term.

    • Reduce Manual Repetitive Work With IT Automation – Phase 3: Build a Process for Managing Automation

    4. Build automation roadmap

    Build a long-term roadmap to enhance your organization's automation capabilities.

    • Reduce Manual Repetitive Work With IT Automation – Phase 4: Build Automation Roadmap
    • IT Automation Roadmap
    [infographic]

    Workshop: Reduce Manual Repetitive Work With IT Automation

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Automation Candidates

    The Purpose

    Identify top candidates for automation.

    Key Benefits Achieved

    Plan to achieve quick wins with automation for early value.

    Activities

    1.1 Identify MRW pain points.

    1.2 Drill down pain points into tasks.

    1.3 Estimate the MRW involved in each task.

    1.4 Rank the tasks based on value and ease.

    1.5 Select top candidates and define metrics.

    1.6 Draft project charters.

    Outputs

    MRW pain points

    MRW tasks

    Estimate of MRW involved in each task

    Ranking of tasks for suitability for automation

    Top candidates for automation & success metrics

    Project charter(s)

    2 Map & Optimize Processes

    The Purpose

    Map and optimize the process flow of the top candidate(s).

    Key Benefits Achieved

    Requirements for automation of the top task(s).

    Activities

    2.1 Map process flows.

    2.2 Review and optimize process flows.

    2.3 Clarify logic and finalize future-state process flows.

    Outputs

    Current-state process flows

    Optimized process flows

    Future-state process flows with complete logic

    3 Build a Process for Managing Automation

    The Purpose

    Develop a lightweight process for rolling out automation and for managing the automation program.

    Key Benefits Achieved

    Ability to measure and to demonstrate success of each task automation, and of the program as a whole.

    Activities

    3.1 Kick off your test plan for each automation.

    3.2 Define process for automation rollout.

    3.3 Define process to manage your automation program.

    3.4 Define metrics to measure success of your automation program.

    Outputs

    Test plan considerations

    Automation rollout process

    Automation program management process

    Automation program metrics

    4 Build Automation Roadmap

    The Purpose

    Build a roadmap to enhance automation capabilities.

    Key Benefits Achieved

    A clear timeline of initiatives that will drive improvement in the automation program to reduce MRW.

    Activities

    4.1 Build a roadmap for next steps.

    Outputs

    IT automation roadmap

    Further reading

    Reduce Manual Repetitive Work With IT Automation

    Free up time for value-adding jobs.

    ANALYST PERSPECTIVE

    Automation cuts both ways.

    Automation can be very, very good, or very, very bad.
    Do it right, and you can make your life a whole lot easier.
    Do it wrong, and you can suffer some serious pain.
    All too often, automation is deployed willy-nilly, without regard to the overall systems or business processes in which it lives.
    IT professionals should follow a disciplined and consistent approach to automation to ensure that they maximize its value for their organization.

    Derek Shank,
    Research Analyst, Infrastructure & Operations
    Info-Tech Research Group

    Executive summary

    Situation

    • IT staff are overwhelmed with manual repetitive work.
    • You have little time for projects.
    • You cannot move as fast as the business wants.

    Complication

    • Automation is simple to say, but hard to implement.
    • Vendors claim automation will solve all your problems.
    • You have no process for managing automation.

    Resolution

    • Begin by automating a few tasks with the highest value to score quick wins.
    • Define a process for rolling out automation, leveraging SDLC best practices.
    • Determine metrics and continually track the success of the automation program.

    Info-Tech Insight

    1. Optimize before you automate.The current way isn’t necessarily the best way.
    2. Foster an engineering mindset.Your team members may not be process engineers, but they should learn to think like one.
    3. Build a process to iterate.Effective automation can't be a one-and-done. Define a lightweight process to manage your program.

    Infrastructure & operations teams are overloaded with work

    • DevOps and digital transformation initiatives demand increased speed.
    • I&O is still tasked with security and compliance and audit.
    • I&O is often overloaded and unable to keep up with demand.

    Manual repetitive work (MRW) sucks up time

    • Manual repetitive work is a fact of life in I&O.
    • DevOps circles refer to this type of work simply as “toil.”
    • Toil is like treading water: it must be done, but it consumes precious energy and effort just to stay in the same place.
    • Some amount of toil is inevitable, but it's important to measure and cap toil, so it does not end up overwhelming your team's whole capacity for engineering work.

    Info-Tech Insight

    Follow our methodology to focus IT automation on reducing toil.

    Manual hand-offs create costly delays

    • Every time there is a hand-off, we lose efficiency and productivity.
    • In addition to the cost of performing manual work itself, we must also consider the impact of lost productivity caused by the delay of waiting for that work to be performed.

    Every queue is a tire fire

    Queues create waste and are extremely damaging. Like a tire fire, once you get started, they’re almost impossible to stamp out!

    Increase queues if you want

    • “More overhead”
    • “Lower quality”
    • “More variability”
    • “Less motivation”
    • “Longer cycle time”
    • “Increased risk”

    (Source: Edwards, citing Donald G. Reinersten: The Principles of Product Development Flow: Second Generation Lean Product Development )

    Increasing complexity makes I&O’s job harder

    Every additional layer of complexity multiplies points of failure. Beyond a certain level of complexity, troubleshooting can become a nightmare.

    Today, Operations is responsible for the outcomes of a full stack of a very complex, software-defined, API-enabled system running on infrastructure they may or may not own.
    – Edwards

    Growing technical debt means an ever-rising workload

    • Enterprises naturally accumulate technical debt.
    • All technology requires care and feeding.
    • I&O cannot control how much technology it’s expected to support.
    • I&O faces a larger and larger workload as technical debt accumulates.

    The systems built under each new technology paradigm never fully replace the systems built under the old paradigms. It’s not uncommon for an enterprise to have an accumulation of systems built over 10-15 years and have no budget, risk appetite, or even a viable path to replace them all. With each shift, who bares [SIC] the brunt of the responsibility for making sure the old and the new hang together? Operations, of course. With each new advance, Operations juggles more complexity and more layers of legacy technologies than ever before.
    – Edwards

    Most IT shops can’t have a dedicated engineering team

    • In most organizations, the team that builds things is best equipped to support them.
    • Often the knowledge to design systems and the knowledge to run those systems naturally co-exists in the same personnel resources.
    • When your I&O team is trying to do engineering work, they can end up frequently interrupted to perform operational tasks.
    A Venn Diagram is depicted which compares People who build things with People who run things. the two circles are almost completely overlapping, indicating the strong connection between the two groups.

    Personnel resources in most IT organizations overlap heavily between “build” and “run.”

    IT operations must become an engineering practice

    • Usually you can’t double your staff or double their hours.
    • IT professionals must become engineers.
    • We do this by automating manual repetitive work and reducing toil.
    Two scenarios are depicted. The first scenario is found at a hypothetical work camp, in which one employee performs the task of manually splitting firewood with an axe. In order to split twice as much firewood, the employee would need to spend twice the time. The second scenario is Engineering Operations. in this scenario, a wood processor is used to automate the task, allowing far more wood to be split in same amount of time.

    Build your Sys Admin an Iron Man suit

    Some CIOs see a Sys Admin and want to replace them with a Roomba. I see a Sys Admin and want to build them an Iron Man suit.
    – Deepak Giridharagopal, CTO, Puppet

    Two Scenarios are depicted. In one, an employee is replaced by automation, represented by a Roomba, reducing costs by laying off a single employee. In the second scenario, the single employee is given automated tools to do their job, represented by an iron-man suit, leading to a 10X boost in employee productivity.

    Use automation to reduce risk

    Consistency

    When we automate, we can make sure we do something the same way every time and produce a consistent result.

    Auditing and Compliance

    We can design an automated execution that will ship logs that provide the context of the action for a detailed audit trail.

    Change

    • Enterprise environments are continually changing.
    • When context changes, so does the procedure.
    • You can update your docs all you want, but you can't make people read them before executing a procedure.
    • When you update the procedure itself, you can make sure it’s executed properly.

    Follow Info-Tech’s approach: Start small and snowball

    • It’s difficult for I&O to get the staffing resources it needs for engineering work.
    • Rather than trying to get buy-in for resources using a “top down” approach, Info-Tech recommends that I&O score some quick wins to build momentum.
    • Show success while giving your team the opportunity to build their engineering chops.

    Because the C-suite relies on upwards communication — often filtered and sanitized by the time it reaches them — executives don’t see the bottlenecks and broken processes that are stalling progress.
    – Andi Mann

    Info-Tech’s methodology employs a targeted approach

    • You aren’t going to automate IT operations end-to-end overnight.
    • In fact, such a large undertaking might be more effort than it’s worth.
    • Info-Tech’s methodology employs a targeted approach to identify which candidates will score some quick wins.
    • We’ll demonstrate success, gain momentum, and then iterate for continual improvement.

    Invest in automation to reap long-term rewards

    • All too often people think of automation like a vacuum cleaner you can buy once and then forget.
    • The reality is you need to perform care and feeding for automation like for any other process or program.
    • To reap the greatest rewards you must continually invest in automation – and invest wisely.

    To get the full ROI on your automation, you need to treat it like an employee. When you hire an employee, you invest in that person. You spend time and resources training and nurturing new employees so they can reach their full potential. The investment in a new employee is no different than your investment in automation.– Edwards

    Measure the success of your automation program

    Example of How to Estimate Dollar Value Impact of Automation
    Metric Timeline Target Value
    Hours of manual repetitive work 12 months 20% reduction $48,000/yr.(1)
    Hours of project capacity 18 months 30% increase $108,000/yr.(2)
    Downtime caused by errors 6 months 50% reduction $62,500/yr.(3)

    1 15 FTEs x 80k/yr.; 20% of time on MRW, reduced by 20%
    2 15 FTEs x 80k/yr.; 30% project capacity, increased by 30%
    3 25k/hr. of downtime.; 5 hours per year of downtime caused by errors

    Automating failover for disaster recovery

    CASE STUDY

    Industry Financial Services
    Source Interview

    Challenge

    An IT infrastructure manager had established DR failover procedures, but these required a lot of manual work to execute. His team lacked the expertise to build automation for the failover.

    Solution

    The manager hired consultants to build scripts that would execute portions of the failover and pause at certain points to report on outcomes and ask the human operator whether to proceed with the next step.

    Results

    The infrastructure team reduced their achievable RTOs as follows:
    Tier 1: 2.5h → 0.5h
    Tier 2: 4h → 1.5h
    Tier 3: 8h → 2.5h
    And now, anyone on the team could execute the entire failover!

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Reduce Manual Repetitive Work With IT Automation – project overview

    1. Select Candidates 2. Map Process Flows 3. Build Process 4. Build Roadmap
    Best-Practice Toolkit

    1.1 Identify MRW pain points

    1.2 Drill down pain points into tasks

    1.3 Estimate the MRW involved in each task

    1.4 Rank the tasks based on value and ease

    1.5 Select top candidates and define metrics

    1.6 Draft project charters

    2.1 Map process flows

    2.2 Review and optimize process flows

    2.3 Clarify logic and finalize future-state process flows

    3.1 Kick off your test plan for each automation

    3.2 Define process for automation rollout

    3.3 Define process to manage your automation program

    3.4 Define metrics to measure success of your automation program

    4.1 Build automation roadmap

    Guided Implementations

    Introduce methodology.

    Review automation candidates.

    Review success metrics.

    Review process flows.

    Review end-to-end process flows.

    Review testing considerations.

    Review automation SDLC.

    Review automation program metrics.

    Review automation roadmap.

    Onsite Workshop Module 1:
    Identify Automation Candidates
    Module 2:
    Map and Optimize Processes
    Module 3:
    Build a Process for Managing Automation
    Module 4:
    Build Automation Roadmap
    Phase 1 Results:
    Automation candidates and success metrics
    Phase 2 Results:
    End-to-end process flows for automation
    Phase 3 Results:
    Automation SDLC process, and automation program management process
    Phase 4 Results:
    Automation roadmap

    Communicate Any IT Initiative

    • Buy Link or Shortcode: {j2store}428|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Lead
    • Parent Category Link: /lead

    IT communications are often considered ineffective and unengaging. This is demonstrated by the:

    • Lack of expectation that IT should communicate well. Why develop a skill that no one expects IT to deliver on?
    • Failure to recognize the importance of communication to engage employees and communicate ideas.
    • Perception that communication is a broadcast not a continuous dialogue.
    • Inability to create, monitor, and manage feedback mechanisms.
    • Overreliance on data as the main method of communication instead of as evidence to support a broader narrative.

    Our Advice

    Critical Insight

    • Don't make data your star. It is a supporting character. People can argue about the collection methods or interpretation of the data, but they cannot argue with the story you share.
    • Messages are also non-verbal. Practice using your voice and body to set the right tone and impact your audience.
    • Recognize that communications are essential even in highly technical IT environments.
    • Measure if the communication is being received and resulting in the desired outcome. If not, modify what and how the message is being expressed.

    Impact and Result

    • Develop an actionable plan to deliver consistent, timely messaging for all audiences.
    • Compose and deliver meaningful messages.
    • Consistently deliver the right information and the right time to the right stakeholders.

    Communicate Any IT Initiative Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Communicate Any IT Initiative Deck – A step-by-step document that walks you through how to plan, compose, and deliver communications to any stakeholder up, down, or across the organization.

    This blueprint not only provides the tools and techniques for planning, composing, and delivering effective communications, but also walks you through practical exercises. Practice and perfect your communication, composition, and delivery skills for any IT initiative.

    • Communicate Any IT Initiative – Phases 1-3

    2. Communicate Any IT Initiative Facilitation Deck – A step-by-step communications workshop deck suitable for any workshop with a communication component.

    Communication concepts and exercises that teach you how to plan, compose, and deliver effective communications. The deck includes practical tools, techniques, and skills practice.

    • Communicate Any IT Initiative Facilitation Deck

    3. Communications Planner – An communications plan template that includes a section to define a change, a communications plan, communications calendars, and a pitch composition exercise.

    This communications planner is a tool that accompanies the Effective IT Communications blueprint and the Communicate Any IT Initiative Facilitation Deck so that you can plan your communications, view your deliverables, and compose your pitch all in one document.

    • Communications Planner Tool

    4. Stakeholder Analysis Tool – A tool to help ensure that all stakeholders are identified and none are missed.

    A tool for identifying stakeholders and conducting an analysis to understand their degree of influence or impact.

    • Stakeholder Management Analysis Tool
    [infographic]

    Further reading

    Communicate Any IT Initiative

    Plan, compose, and deliver communications that engage your audience.

    Executive Summary

    Your Challenge Common Obstacles Info-Tech’s Approach
    Communicating about your initiative is when the work really begins. Many organizations struggle with:
    • Knowing what target audiences need to be communicated with.
    • Communicating the same message consistently and clearly across target audiences.
    • Communicating to target audiences at the right times.
    • Selecting a channel that will be most effective for the message and practicing to deliver that message.
    Some of the challenges IT faces when it comes to communicating its initiatives includes:
    • Not being given the opportunity or time to practice composing or delivering communications.
    • Coordinating the communications of this initiative with other initiative communications.
    • Forgetting to communicate with key stakeholders.
    Choosing not to communicate because we do not know how it’s leading to initiative failures and lack of adoption by impacted parties.
    For every IT initiative you have going forward, focus on following these three steps:
    1. Create a plan of action around who, what, how, and when communications will take place.
    2. Compose an easy-to-understand pitch for each stakeholder audience.
    3. Practice delivering the message in an authentic and clear manner.
    By following these steps, you will ensure that your audience always understands and feels ready to engage with you.

    Info-Tech Insight
    Every IT employee can be a great communicator; it just takes a few consistent steps, the right tools, and a dedication to practicing communicating your message.

    Info-Tech’s approach

    Effective communications is not a broadcast but a dialogue between communicator and audience in a continuous feedback loop.

    Continuous Feedback Loop

    The Info-Tech difference:

    1. The skills needed to communicate effectively as a front-line employee or CIO are the same. It’s important to begin the development of these skills from the beginning of one's career.
    2. Time is a non-renewable resource. Any communication needs to be considered valuable and engaging by the audience or they will be unforgiving.
    3. Don't make data your star. It is a supporting character. People can argue about the collection methods or interpretation of the data, but they cannot argue about the story you share.

    Poor communication can lead to dissatisfied stakeholders

    27.8% of organizations are not satisfied with IT communications.

    25.8% of business stakeholders are not satisfied with IT communications.

    Source: Info-Tech Diagnostic Programs; n=34,345 business stakeholders within 604 organizations

    The bottom line? Stakeholders for any initiative need to be communicated with often and well. When stakeholders become dissatisfied with IT’s communication, it can lead to an overall decrease in satisfaction with IT.

    Good IT initiative communications can be leverage

    • IT risk mitigation and technology initiative funding are dependent on critical stakeholders comprehending the risk impact and initiative benefit in easy-to-understand terms.
    • IT employees need clear and direct information to feel empowered and accountable to do their jobs well.
    • End users who have a good experience engaging in communications with IT employees have an overall increase in satisfaction with IT.
    • Continuously demonstrating IT’s value to the organization comes when those initiatives are clearly aligned to overall objectives – don’t assume this alignment is being made.
    • Communication prevents assumptions and further miscommunication from happening among IT employees who are usually impacted and fear change the most.

    “Nothing gets done properly if it's not communicated well.”
    -- Nastaran Bisheban, CTO KFC Canada

    Approach to communications

    Introduction
    Review effective communications.

    Plan
    Plan your communications using a strategic tool.

    Compose
    Create your own message.

    Deliver
    Practice delivering your own message.

    Info-Tech’s methodology for effective IT communications

    1. Plan Strategic Communications 2. Compose a Compelling Message 3. Deliver Messages Effectively
    Step Activities
    1. Define the Change
    2. Determine Target Audience
    3. Communication Outcomes
    4. Clarify the Key Message(s)
    5. Identify the Owner and Messenger(s)
    6. Select the Right Channels
    7. Establish a Frequency and Time Frame
    8. Obtain Feedback and Improve
    9. Finalize the Calendar
    1. Craft a Pitch
    2. Revise the Pitch
    1. Deliver Your Pitch
    2. Refine and Deliver Again
    Step Outcomes Establish an easy-to-read view of the key communications that need to take place related to your initiative or change. Practice writing a pitch that conveys the message in a compelling and easy-to-understand way. Practice delivering the pitch. Ensure there is authenticity in the delivery while still maintaining the audience’s attention.

    This blueprint can support communication about any IT initiative

    • Strategy or roadmap
    • Major transformational change
    • System integration
    • Process changes
    • Service changes
    • New solution rollouts
    • Organizational restructuring

    We recommend considering this blueprint a natural add-on to any completed Info-Tech blueprint, whether it is completed in the DIY fashion or through a Guided Implementation or workshop.

    Key deliverable:

    Communication Planner
    A single place to plan and compose all communications related to your IT initiative.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals.

    Facilitation Guide
    A step-by-step guide to help your IT organization develop a communication plan and practice composing and delivering key messages.

    Stakeholder Analysis
    An ability to assess all stakeholders based on impact, influence, and involvement.

    Workshop Overview

    MorningAfternoon
    ActivitiesPlan Strategic Communications for Your Initiative
    1. Define the Change
    2. Determine Target Audience
    3. Communication Outcomes
    4. Clarify the Key Message(s)
    5. Identify the Owner and Messenger(s)
    6. Select the Right Channels
    7. Establish a Frequency and Time Frame
    8. Obtain Feedback and Improve
    9. Finalize the Calendar
    Compose and Deliver a Compelling Message
    1. Craft a Pitch
    2. Revise the Pitch
    3. Deliver Your Pitch
    4. Refine and Deliver Again
    Deliverables
    1. Communication planner with weekly, monthly, and yearly calendar views to ensure consistent and ongoing engagement with every target audience member
    1. Crafted pitches that can be used for communicating the initiative to different stakeholders
    2. Skills and ability to deliver messages more effectively

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Key KPIs for communication with any stakeholder

    Measuring communication is hard; use these to determine effectiveness:

    Goal Key Performance Indicator (KPI) Related Resource
    Obtain board buy-in for IT strategic initiatives. X% of IT initiatives that were approved to be funded.
    Number of times that technical initiatives were asked to be explained further.
    Using our Board Presentation Review
    Ensure stakeholders feel engaged during initiatives. X% of business leadership satisfied with the statement “IT communicates with your group effectively.” Using the CIO Business Vision Diagnostic
    End users know what IT initiatives are going to impact the products or services they use. X% of end users that are satisfied with communications around changing services or applications. Using the End-User Satisfaction Survey
    Project stakeholders receive sufficient communication throughout the initiative. X% overall satisfaction with the quality of the project communications. Using the PPM Customer Satisfaction Diagnostic
    Employees are empowered to perform on IT initiatives. X% satisfaction employees have with statement “I have all the resources and information I need to do a great job.” Using the Employee Engagement Diagnostic Program

    Phase 1

    Plan Strategic Communications

    Activities
    1.1 Define the Change
    1.2 Determine Target Audience
    1.3 Communication Outcomes
    1.4 Clarify the Key Message(s)
    1.5 Identify the Owner and Messenger(s)
    1.6 Select the Right Channels
    1.7 Establish a Frequency and Time Frame
    1.8 Obtain Feedback and Improve
    1.9 Finalize the Calendar

    Communicate Any IT Initiative Effectively
    Phase1 > Phase 2 > Phase 3

    This step involves the following participants:
    Varies based on those who would be relevant to your initiative.

    Outcomes of this step
    Create an easy-to-follow communications plan to ensure that the right message is sent to the right audience using the right medium and frequency.

    What is an IT change?

    Before communicating, understand the degree of change.

    Incremental Change:
    • Changes made to improve current processes or systems (e.g. optimizing current technology).
    Transitional Change:
    • Changes that involve dismantling old systems and/or processes in favor of new ones (e.g. new product or services added).
    Transformational Change:
    • Significant change in organizational strategy or culture resulting in substantial shift in direction.
    Examples:
    • New or changed policy
    • Switching from on-premises to cloud-first infrastructure
    • Implementing ransomware risk controls
    • Implementing a learning & development plan
    Examples:
    • Moving to an insourced or outsourced service desk
    • Developing a BI & analytics function
    • Integrating risk into organization risk
    • Developing a strategy (technology, architecture, security, data, service, infrastructure, application)
    Examples:
    • Organizational redesign
    • Acquisition or merger of another organization
    • Implementing a digital strategy
    • A new CEO or board taking over the organization's direction

    Consider the various impacts of the change

    Invest time at the start of the project to develop a detailed understanding of the impact of the change. This will help to create a plan that will simplify the change and save time in the end. Evaluate the impact from a people, process, and technology perspective.

    Leverage a design thinking principle: Empathize with the stakeholder – what will change?

    People

    • Team structure
    • Reporting structure
    • Career paths
    • Job skills
    • Responsibilities
    • Company vision/mission
    • Number of FTE
    • Culture
    • Training required

    Process

    • Budget
    • Work location
    • Daily workflow
    • Working conditions
    • Work hours
    • Reward structure
    • Required number of completed tasks
    • Training required

    Technology

    • Required tools
    • Required policies
    • Required systems
    • Training required

    1.1 Define the change

    30 minutes

    1. While different stakeholders will be impacted by the change differently, it’s important to be able to describe what the change is at a higher level.
    2. Have everyone take eight minutes to jot down what the change is and why it is happening in one to two sentences. Tab 2 of the Communication Planner Tool can also be used to house the different ideas.
    3. Present the change statements to one another.
    4. By leveraging one of the examples or consolidating many examples, as a group document:
      • What is the change?
      • Why is it happening?
    5. The goal is to ensure that all individuals involved in establishing or implementing the change have the same understanding.
    Input Output
    • Individual ideas about what change is occurring and why.
    • A single statement that reflects the change occurring and the rationale for why the change is needed.
    Materials Participants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Communication Planner Tool

    Ensure effective communication by focusing on four key elements

    Audience
    Stakeholders (either groups or individuals) who will receive the communication.

    Message
    Information communicated to impacted stakeholders. Must be rooted in a purpose or intent.

    Messenger
    Person who delivers the communication to the audience. The communicator and owner are two different things.

    Channel
    Method or channel used to communicate to the audience.

    Identify the target audience

    The target audience always includes groups and individuals who are directly impacted by the change and may also include those who are change adjacent.

    Define the target audience: Identify which stakeholders will be the target audience of communications related to the initiative. Stakeholders can be single individuals (CFO) or groups (Applications Team).

    Stakeholders to consider:

    • Who is sponsoring the initiative?
    • Who benefits from the initiative?
    • Who loses from the initiative?
    • Who can make approvals?
    • Who controls resources?
    • Who has specialist skills?
    • Who implements the changes?
    • Who will be adversely affected by potential environmental and social impacts in areas of influence that are affected by what you are doing?
    • At which stage will stakeholders be most affected (e.g. procurement, implementation, operations, decommissioning)?
    • Will other stakeholders emerge as the phases are started and completed?

    1.2a Determine target audience

    20 minutes

    1. Consider all the potential individuals or groups of individuals who will be impacted or can influence the outcome of the initiative.
    2. On tab 3 of the Communication Planner Tool, list each of the stakeholders who will be part of the target audience. If in person, use sticky notes to define the target audiences. The individuals or group of individuals that make up the target audience are all the people who require being communicated with before, during, or after the initiative.
    3. As you list each target audience, consider how they perceive IT. This perception could impact how you choose to communicate with the stakeholder(s).
    InputOutput
    • The change
    • Why the change is needed
    • A list of individuals or group of individuals that will be communicated with.
    MaterialsParticipants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Communication Planner Tool

    1.2b Conduct a stakeholder analysis (optional)

    1 hour

    1. For each stakeholder identified as a part of the target audience, conduct an analysis to understand their degree of influence or impact.
    2. Based on the stakeholder, the influence or impact of the change, initiative, etc. can inform the type and way of communicating.
    3. This is a great activity for those who are unsure how to frame communications for each stakeholder identified as a target audience.
    InputOutput
    • The change
    • Why the change is needed
    • A list of individuals or group of individuals that will be communicated with
    • The degree of influence or impact each target audience stakeholder has.
    MaterialsParticipants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Stakeholder Management Analysis Tool

    Determine the desired outcome of communicating with each audience

    For each target audience, there will be an overall goal on why they need to be communicated with. This outcome or purpose is often dependent on the type of influence the stakeholder wields within the organization as well as the type of impact the change or initiative will have. Depending on the target audience, consider each of the communication outcomes listed below.

    Communicating Across the Organization Communicating Up to Board or Executives Communicating Within IT
    • Obtain buy-in
    • Obtain approval
    • Obtain funding
    • Demonstrate alignment to organization objectives
    • Reduce concerns about risk
    • Demonstrate alignment to organization objectives
    • Demonstrate alignment to individual departments or functions
    • Obtain other departments’ buy-in
    • Inform about a crisis
    • Inform about the IT change
    • Obtain adoption related to the change
    • Obtain buy-in
    • Inform about the IT change
    • Create a training plan
    • Inform about department changes
    • Inform about organization changes
    • Inform about a crisis
    • Obtain adoption related to the change
    • Distribute key messages to change agents

    1.3 Communication outcomes

    30 minutes

    1. For each stakeholder, there may be one or more reasons why you need to communicate with them. On tab 3 of the Communication Planner Tool or on a whiteboard, begin to identify the objective or outcome your team is seeking by engaging in each target audience.
    2. As you move through the communication outcomes, it could result in more than one outcome for each target audience.
    3. Ensure there is one line for each target audience desired communication outcome. Many stakeholders might need to be communicated with for several reasons. If using the Communication Planner Tool, add the target audience name in column C for as many different communication outcomes there are in column D related to that stakeholder.
    InputOutput
    • The change
    • A list of individuals or group of individuals that will be communicated with
    • Outcome or objective of communicating with each stakeholder
    MaterialsParticipants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Communication Planner Tool

    Establish and define key messages based on organizational objectives

    What are key messages?
    • Key messages guide all internal communications to ensure they are consistent, unified, and straightforward.
    • Distill key messages down from organizational objectives and use them to reinforce the organization’s strategic direction. Key messages should inspire employees to act in a way that will help the organization reach its objectives.
    How to establish key messages: Ground key messages in organizational strategy and culture. These should be the first places you look to determine the organization’s key messages:
    • Refer to organizational strategy documents. What needs to be reinforced in internal communications to ensure the organization can achieve its strategy? This is a key message.
    • Look at the organization’s values. How do values guide how work should be done? Do employees need to behave in a certain way or keep a certain value top of mind? This is a key message.

    Key messages should be clear, concise, and consistent (Porter, 2014). The intent is to convey important information in a way that is relatable and memorable, to promote reinforcement, and ultimately, to drive action.

    Info-Tech Insight
    Empathizing with the audience is key to anticipating and addressing objections as well as identifying benefits. Customize messaging based on audience attributes such as work model (e.g. hybrid), anticipated objections, what's in it for me? (WIIFM), and specific expectations.

    1.4 Clarify the key messages

    25 minutes

    1. Divide the number of communication lines up equally amongst the participants.
    2. Based on the outcome expected from engaging that target audience in communications, define one to five key messages that should be expressed.
    3. The key messages should highlight benefits anticipated, concerns anticipated, details about the change, and plan of action or next steps. The goal here is to ensure the target audience is included in the communication process.
    4. The key messages should be focused on how the target audience receives a consistent message, especially if different communication messengers are involved.
    5. Document the key messages on tab 3 of the Communication Planner Tool.
    InputOutput
    • The change
    • Target audience
    • Communication outcomes
    • Key messages to support a consistent approach
    MaterialsParticipants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Communication Planner Tool

    Understand to how to identify appropriate messengers

    Messages must be communicated by a variety of individuals across the organization. Select the messenger depending on the message characteristics (e.g. audience, message, medium). The same messenger can be used for a variety of messages across different mediums.

    Personal impact messages should be delivered by an employee's direct supervisor.

    Organizational impact messages and rationale should be delivered by senior leaders in the affected areas.

    Chart Preferred Messenger for Change Messages

    Recent research by Prosci found employees prefer to hear personal messages from their direct manager and organizational messages from the executive leadership team.

    Fifty percent of respondents indicated the CEO as the preferred messenger for organizational change messages.

    Select the appropriate messenger

    For each audience, message, and medium, review whether the message is personal or organizational to determine which messengers are best.

    The number and seniority of messengers involved depends on the size of the change:

    • Incremental change
      • Personal messages from direct supervisors
      • Organizational messages from a leader in the audience’s function or the direct supervisor
    • Transitional change
      • Personal messages from direct supervisors or function leaders
      • Organizational messages from a leader in the audience’s function or the C suite
    • Transformational change
      • Personal messages from direct supervisors or function leaders
      • Organizational messages from the CEO or C-suite
      • Cascading messages are critical in this type of change because all levels of the organization will be involved

    Communication owner vs. messenger

    Communication Owner

    Single person
    Accountable for the communication message and activities
    Oversees that the communication does not contradict other communications
    Validates the key messages to be made

    Communication Messenger(s)

    Single person or many people
    Responsible for delivering the intended message
    Engages the target audience in the communication
    Ensures the key messages are made in a consistent and clear manner

    1.5 Identify the owner and messenger(s)

    30 minutes

    1. For every communication, there needs to be a single owner. This is the person who approves the communication and will be accountable for the communication
    2. The messenger(s) can be several individuals or a single individual depending on the target audience and desired outcome being sought through the communications.
    3. Identify the person or role who will be accountable for the communication and document this in the Communication Planner Tool.
    4. Identify the person(s) or role(s) who will be responsible for delivering the communication and engaging the target audience and document this in the Communication Planner Tool.
    Input Output
    • Individual ideas about what change is occurring and why.
    • A single statement that reflects the change occurring and the rationale for why the change is needed.
    Materials Participants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Communication Planner Tool

    Review appropriate channel for different types of messages

    Communication channels are in-person, paper-based, or tech-enabled. Provide communicators with guidance on which mediums to use in different situations.

    First question: Should the communication be delivered in-person or not?
    Types of channels In-Person Paper-Based or Tech-Enabled
    Questions to consider
    • How is your message likely to be received? Is the message primarily negative?
    • Will the message prompt a lot of dialogue or questions? Will it require significant context or clarification?
    Note: Messages that are important, complex, or negative must be delivered in person. This allows the sender to provide context, clarify questions, and collect feedback.
    • Use paper-based and tech-enabled communications to provide reminders or updates.
    • When deciding which of the two to use, think about your audience: do they have regular access to a computer?
    Two-way interaction Supplement in-person communications with paper-based or tech-enabled communications to provide follow-up and consistency (Government of Nova Scotia). Tech-enabled communications allow the sender to deliver messages when they do not co-locate with the receiver. That said, make sure paper-based communications are provided to those without regular access to a computer.

    Consider accessibility when communicating change – not all employees will have access to the same mediums. To ensure inclusivity, strategically plan which mediums to use to reach the entire audience.

    Select communication channels

    Medium Description Key Messages When to Use
    One-on-One Meetings Individual meetings between managers and their direct reports to ensure they understand the change, can express any concerns, and obtain feedback or recommendations.
    • How the change will impact the employee, what they can expect throughout the change, how they can get support, what the timelines are, etc.
    • Requests for feedback.
    • Responses to feedback.
    • Most applicable for personal messages throughout all stages of change.
    • When real-time feedback is needed.
    • To understand the change’s impact on each employee, understand their emotional reactions and provide support.
    • After a change has been announced and continuing at a regular cadence until after the change has been implemented. Frequency of meetings will vary by employee over the course of the change.
    Team Meeting A meeting of a work unit or department. Can be virtual, in person, or a combination. Led by the work unit or department head/manager.
    • How the change will impact the team – how work gets done, who they work with, etc.
    • Available timelines regarding the change.
    • Support available throughout the change.
    • Most applicable for personal messages throughout all change stages.
    • When real-time communication is needed to keep everyone on the same page and provide an opportunity to ask questions (essential for buy-in).
    • To announce a small change or after a larger change announcement. Continue frequently until the end of adoption, with time reserved for ad hoc meetings.
    Email Electronic communication sent to the audience’s company emails, or in the absence of that, to their personal emails.
    • Overarching details and timelines.
    • Short, easy-to-digest pieces of information that either provide a summary of what to expect or describe actions employees need to take.
    • Applicable for both personal and organizational messages, depending on the messenger. Send personal messages in separate emails from organizational messages.
    • To communicate key details quickly and to a distributed workforce.
    • To reinforce or reiterate information that has been shared in person. Can be used broadly or target specific employees/groups.

    Select communication channels

    Medium Description Key Messages When to Use
    Town Hall Virtual or in-person meeting where senior leadership shares information with a wide audience about the change and answers questions.
    • Messaging that is applicable to a large audience.
    • The strategic decisions of senior leadership.
    • Highlight positive initiative outcomes.
    • Recognize employee efforts.
    • Report on engagement.
    • Most applicable for organizational messages to launch a change or between milestones in a long-term or complex change.
    • To enable senior leaders to explain strategic decisions to employees.
    • To allow employees to ask questions and provide feedback.
    • When support of senior leadership is critical to change success.
    Roadshow A series of meetings where senior leadership or the change champion travels to different geographic locations to hold town halls adapted to each location’s audience.
    • Why the change is happening, when the change is happening, who will be impacted, expectations, and key points of contact.
    • Most applicable for organizational messages to launch a change and between milestones during a long-term, large, or complex change.
    • For a change impacting several locations.
    • When face time with senior leadership is critical to developing understanding and adoption of the change. Satellite locations can often feel forgotten. A roadshow provides access to senior leadership and lends the credibility of the leader to the change.
    • To enable live two-way communication between employees and leadership.

    Select communication channels

    Medium Description Key Messages When to Use
    Intranet An internal company website that a large number of employees can access at any time.
    • Information that has already been communicated to the audience before, so they can access it at any time.
    • FAQs and/or general details about the change (e.g. milestones).
    • Most applicable for organizational messages.
    • To post relevant documentation so the audience can access it whenever they need it.
    • To enable consistency in answers to common questions.
    Training Scheduled blocks of time for the team to learn new skills and behaviors needed to successfully adapt to the change.
    • Reinforce the need for change and the benefits the change will have.
    • Most applicable for organizational messages during the implementation stage.
    • To reduce anxiety over change initiatives, improve buy-in, and increase adoption by helping employees develop skills and behaviors needed to perform effectively.
    Video Message A prerecorded short video clip designed for either simultaneous broadcast or just-in-time viewing. Can be sent over email or mobile or uploaded to a company portal/intranet.
    • Positive messaging to convey enthusiasm for the change.
    • Details about why the organization is changing and what the benefits will be, updates on major milestone achievements, etc.
    • Most applicable for organizational messages, used on a limited basis at any point during the change.
    • Effective when the message needs to appear more personal by putting a face to the message and when it can be presented in a condensed time frame.
    • When a message needs to be delivered consistently across a variety of employees, locations, and time zones.
    • To provide updates and recognize key achievements.

    Select communication channels

    Medium Description Key Messages When to Use
    Shift Turnover Meeting A meeting between teams or departments when a shift changes over; sometimes called a shift report. Used to communicate any relevant information from the outgoing shift to the incoming shift members.
    • Details related to the activities performed during the shift.
    • Most applicable for personal impact messages during the implementation stage to reinforce information shared using other communication mediums.
    • Where change directly impacts role expectations or performance so teams hear the same message at the same time.
    Company Newsletter Electronic or hardcopy newsletter published by the company. Contains timely updates on company information.
    • Overarching change details.
    • Information that has already been communicated through other mediums.
    • Varies with the change stage and newsletter frequency.
    • Most applicable for organizational messages throughout the change.
    • When the change implementation is expected to be lengthy and audiences need to be kept updated.
    • To celebrate change successes and milestone achievements.
    Sign/Poster Digital or paper-based sign, graphic, or image. Includes posters, screensavers, etc.
    • Positive messaging to convey enthusiasm for the change.
    • Key dates and activities.
    • Key contacts.
    • Most applicable for organizational messages throughout the change.
    • As visual reminders in common, highly visible locations (e.g. a company bulletin board, elevator TV monitors).

    1.6 Select the right channels

    20 minutes

    1. Consider the different channels that were described and presented on the previous five slides. Each channel has element(s) to it that will allow it to be more beneficial based on the communication target audience, outcome, and messenger.
    2. Evenly assign the number of communication rows on tab 3 of the Communication Planner Tool and input the channel that should be used.
    3. Consider if the channel will:
      • Obtain the desired outcome of the communication.
      • Be completed by the messenger(s) defined.
      • Support the target audience in understanding the key messages.
    4. If any target audience communication requires several channels, add additional rows to the planner on TAB 3.
    InputOutput
    • Target audience
    • Communication outcome
    • Communication messenger(s)
    • The right channel selected to support the desired communication outcome.
    MaterialsParticipants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Communication Planner Tool

    Define the communication time frame based on the initiative

    Communication occurs during four of the five stages of an initiative:

    01 Identify and prioritize 02 Prepare for initiative 03 Create a communication plan 04 Implement change 05 Sustain the desired outcome
    Before During After
    • Communication begins with sponsors and the project team.
    • Set general expectations with project team and sponsors.
    • Outline the communication plan for the remaining stages.
    • Set specific expectations with each stakeholder group.
    • Implement the communication plan.
    • Use feedback loops to determine updates or changes to communications.
    • Communication continues as required after the change.
    • Feedback loops continue until change becomes business as usual.
    Where communication needs to happen

    Don’t forget: Cascade messages down through the organization to ensure those who need to deliver messages have time to internalize the change before communicating it to others. Include a mix of personal and organizational messages, but where possible, separate personal and organizational content into different communications.

    Establish a frequency that aligns to the desired communication outcome

    Successful communications are frequent communications.

    • The cadence of a communication is highly dependent on the objective of the communication.
    • Each target requires a different frequency as well:
      • Board Presentations > four times a year is a good frequency
      • Executive Leadership > monthly frequency
      • Organizationally > annually and when necessary
      • Organization Crises > daily, if not hourly
      • IT Initiatives and Projects > weekly
      • IT Teams > weekly, if not daily

    Tech Team Frequency for Discussing Goals

    “When goals are talked about weekly, teams are nearly 3X more likely to feel confident hitting them.”
    – Hypercontext, 2022

    Info-Tech Insight
    Communications made once will always fail. Ensure there is a frequency appropriate for every communication — or do not expect the desired outcome.

    1.7 Establish a frequency and time frame

    30 minutes

    1. For each row in tab 3, determine how frequently that communication needs to take place and when that communication needs to be completed by.
      • Frequency: How often the communication will be delivered to the audience (e.g. one-time, monthly, as needed).
      • Time frame: When the communication will be delivered to the audience (e.g. a planned period or a specific date).
    2. When selecting the time frame, consider what dependencies need to take place prior to that communication. For example, IT employees should not be communicated with on anything that has not yet been approved by the CEO. Also consider when other communications might be taking place so the message is not lost in the noise.
    3. For frequency, the only time that a communication needs to take place once is when presenting up to senior leaders of the organization. And even then it will sometimes require more than one conversation. Be mindful of this.
    InputOutput
    • The change
    • Target audience
    • Communication outcome
    • Communication channel
    • Frequency and time frame of the communication
    MaterialsParticipants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Communication Planner Tool

    First, ensure feedback mechanisms are in place

    Soliciting and acting on feedback involves employees in the decision-making process and demonstrates to them that their contributions matter.

    Prior to the strategy rollout, make sure you have also established feedback mechanisms to collect feedback on both the messages delivered and how they were delivered. Some ways to collect feedback include:

    • Evaluating intranet comments and interactions (likes, etc.) if this function is enabled.
    • Measuring comprehension and satisfaction through surveys and polls.
    • Looking for themes in the feedback and questions employees bring forward to managers during in-person briefings.

    Feedback Mechanisms:

    • CIO Business Vision Survey
    • Engagement Surveys
    • Focus Groups
    • Suggestion Boxes
    • Team Meetings
    • Random Sampling
    • Informal Feedback
    • Direct Feedback
    • Audience Body Language
    • Repeating the Message Back

    Select metrics to measure progress on key results

    There are two types of metrics that can be used to measure the impact of an internal communications strategy and progress toward strategy goals. These metrics are used to measure both outputs and outcomes.

    Select metrics measuring both:
    Tactical Effectiveness (Outputs) Strategic Effectiveness (Outcomes)
    • Open rate
    • Click-through rate
    • Employee sentiment
    • Participation rates
    • Physical distractions
    • Shift in behavior
    • Manager capability to communicate
    • Organizational ability to meet goals
    • Engagement
    • Turnover

    Pyramid of metrics to measure process on key results

    1.8 Obtain feedback and improve

    20 minutes

    1. Evenly distribute the number of rows in the communication plan to all those involved. Consider a metric that would help inform whether the communication outcome was achieved.
    2. For each row, identify a feedback mechanism (slide 38) that could be used to enable the collection and confirm a successful outcome.
    3. Come back as a group and validate the feedback mechanisms selected.
    4. The important aspect here is not just to measure if the desired outcome was achieved. However, if the desired outcome is not achieved, consider what you might do to change or enable better communication to that target audience.
    5. Every communication can be better. Feedback, whether it is tactical or strategic, will help inform methods to improve future communication activities.
    InputOutput
    • Communication outcome
    • Target audience
    • Communication channel
    • A mechanism to measure communication feedback and adjust future communications when necessary.
    MaterialsParticipants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Communication Planner Tool

    Example of internal communications survey

    Use and modify the questions below when building an internal communications survey. Use a Likert scale to gauge responses.

    1. I am satisfied with the communications at our organization.
    2. I am kept fully informed of news and updates relevant to our organization.
    3. I receive information that is relevant to me on a regular basis.
    4. I have the information I need to do my job.
    5. I know where to go to find the information I am looking for.
    6. My manager communicates with me in-person on a regular basis.
    7. I feel I can believe the information I receive from the company.
    8. I feel heard by senior leaders and know that they have received my feedback.
    9. The content and information that I receive is interesting to me.

    Create an easy-to-read approach to communication

    Example of an easy-to-read approach to communication

    1.9 Finalize the calendar

    2 hours

    1. Once the information on tabs 2 and 3 of the Communication Planner Tool has been completed, start to organize the information in an easy-to-read view.
    2. Using the annual, monthly, and weekly calendar views on tabs 3 to 5, begin to formalize the dates of when communications will take place.
    3. Following the instructions on each tab, complete one or all of the views of the communication plan. Remember, the stakeholder that makes up the target audience needs to be considered and whether this communication will overlap with any other communications.
    InputOutput
    • Communication Plan on tab 2
    • Yearly, monthly, and weekly communication calendars
    MaterialsParticipants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Communication Planner Tool

    Phase 2

    Compose a Compelling Message

    Activities

    2.1 Craft a Pitch
    2.2 Revise the Pitch

    This step involves the following participants:
    Varies based on those who would be relevant to your initiative.

    Outcomes of this step
    Ability to create a clear, concise, and consistent message using best practices and a pitch framework.

    Communication Any IT Initiative Effectively

    Phase 1 > Phase 2 > Phase 3

    Include all the following pieces in your message for an effective communication

    Pieces needed in your message for effective communication

    Info-Tech Insight
    Time is a non-renewable resource. The message crafted must be considered a value-add communication to your audience.

    Enable good communication with these components

    Be Consistent Be Clear
    • The core message must be consistent regardless of audience, channel, or medium.
    • Test your communication with your team or colleagues to obtain feedback before delivering to a broader audience.
    • A lack of consistency can be interpreted as an attempt at deception. This can hurt credibility and trust.
    • Say what you mean and mean what you say.
    • Choice of language is important: “Do you think this is a good idea? I think we could really benefit from your insights and experience here.” Or do you mean: “I think we should do this. I need you to do this to make it happen.”
    • Don’t use jargon.
    Be Relevant Be Concise
    • Talk about what matters to the stakeholder.
    • Talk about what matters to the initiative.
    • Tailor the details of the message to each stakeholder’s specific concerns.
    • IT thinks in processes but stakeholders only care about results: talk in terms of results.
    • IT wants to be understood, but this does not matter to stakeholders. Think: “what’s in it for them?”
    • Communicate truthfully; do not make false promises or hide bad news.
    • Keep communication short and to the point so key messages are not lost in the noise.
    • There is a risk of diluting your key message if you include too many other details.
    • If you provide more information than necessary, the clarity and consistency of the message can be lost.

    Draft the core messages to communicate

    Draft core messages communicating information consistent with the high-level communications plan. This includes the overall goal of communications, key messaging, specifics related to the change action, and customizations for each audience. It’s also important to:

    1. Hook your audience: Use a compelling introduction that ensures your target audience cares about the message. Use a statistic or another piece of information that presents the problem in a unique way.
    2. Demonstrate you can help: Let the audience know that based on the unique problem you can help. There is value to engaging and working with you further.
    3. Repeat messages several times and through several messengers and mediums throughout the change stages to ensure all audience members receive and understand the details.
    4. Write for the ear: Use concise and clear sentences, avoid technological language, and when you speak it aloud ensure it sounds like how you would normally speak.
    5. Keep messaging positive but realistic. Avoid continually telling stakeholders that “change is hard.” Instead, communicate messages around change success to positively prime the audience’s mindset (Harvard Business Review).
    6. Communicate what is meaningfully unchanged. Not everything will be impacted by the change. To help reduce fears, include information about meaningful aspects of employees’ work that will not be changing (e.g. employees are moving to report to a new manager on a new team, but the job responsibilities are staying the same).
    7. Finish with a call to action: Your concluding statement should not be a thank-you but a call to action that ignites how your audience will behave after the communication.

    Components of a good pitch

    Key Components of a Good Pitch
    Purpose of the pitch What are you asking for? What is the desired outcome of the conversation? What three things do you want the audience to take away?
    Speak to what matters to them Who is your audience and what are their biggest challenges today? What do they care? What is the “so what”? Humanize it. Start with an example of a real person.
    Sell the improvement How is your solution going to solve that problem? Is your solution a pain killer or vitamin?
    Show real value How will your solution create real value? How can that be measured? Give an example.
    Discuss potential fears Identify and alleviate fears the stakeholder may have in working with you. Think about what they think now and what you want them to think.
    Have a call to action Identify what your ask is. What are you looking for from the stakeholder? Listen and respond.
    Follow up with a thank-you Did you ensure that the participants’ time was respected and appreciated? Be genuine and sincere.

    Key questions to answer with change communication

    To effectively communicate change, answer questions before they’re asked, whenever possible. To do this, outline at each stage of the change process what’s happening next for the audience and answer other anticipated questions. Pair key questions with core messages in change communications.

    Examples of key questions by change stage include:

    What is changing?
    When is the change expected?
    Who will be championing the change?
    What are the change expectations?
    Will I have input into how the change is happening?
    What’s happening next?
    Why are we changing?
    Why is the change happening now?
    What are the risks of not changing?
    What will be new?
    What’s in it for me?
    What training will be available?
    Who will be impacted?
    How will I be impacted?
    How will my team be impacted?
    What’s happening next?
    Who should I contact with questions or concerns?
    How will I be updated?
    How can I access more information?
    Will the previous process be available throughout the new process implementation?
    What needs to be done and what needs to stop to succeed?
    Will I be measured on this change?
    What’s happening next?
    How can I access more information?
    Will this change be added to key performance indicators?
    How did the change implementation go?
    What’s happening next?
    Before change During change After change
    Prepare for change Create change action and communication plan Implement change Sustain the change

    2.1 Craft a pitch

    20 minutes

    1. Using the set of stakeholders identified in activity 1.2, every participant takes one stakeholder.
    2. Open tab 7 of the Communication Planner Tool or use a piece of paper and create a communication message specific to that stakeholder.
    3. Select a topic from your workshop or use something you are passionate about.
    4. Consider the pitch components as a way to create your pitch. Remember to use what you have learned from the planning and composing sections of this training (in bold).
    5. Compose a three-minute pitch that you will deliver to your audience member.
    InputOutput
    • Individual ideas about what change is occurring and why.
    • A single statement that reflects the change occurring and the rationale for why the change is needed.
    MaterialsParticipants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Communication Planner Tool

    Communication Composition Checklist

    • Did you open the communication with a statistic or other memorable piece of information?
    • Is the topic being communicated in a compelling way that engages the target audience?
    • Are there statistics or data to support the story?
    • Are the statistics and data clear so they cannot be conveyed in any other way than their intended method?
    • Are you writing in clear and concise sentences?
    • Are you avoiding any technical jargon?
    • Is the message only focused on what needs to be said? Have you removed all unnecessary components?
    • Is the content organized in priority order? Could you adapt if the presentation time is shortened?
    • Is the way the communication is written sound like how you would speak normally? Are you writing for the ear?
    • Do you have a clear call to action that the audience will be asked to complete at the end?
    • Does your communication encourage discussion with the target audience? Is the audience a part of the solution?

    2.2 Revise the pitch

    10 minutes

    1. Review the pitch that was created in activity 2.1.
    2. Consider what could be done to make the pitch better:
      • Concise: Identify opportunities to remove unnecessary information.
      • Clear: It uses only terms or language the target audience would understand.
      • Relevant: It matters to the target audience and the problems they face.
      • Consistent: The message could be repeated across audiences.
    3. Validate that when you say the pitch out loud, it sounds like something you would say normally when communicating with other people.
    4. Make updates to the pitch and get ready to present.
    Input Output
    • Individual ideas about what change is occurring and why.
    • A single statement that reflects the change occurring and the rationale for why the change is needed.
    Materials Participants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Communication Planner Tool

    Phase 3

    Deliver Messages Effectively

    Activities
    3.1 Deliver Your Pitch
    3.2 Refine and Deliver Again

    This step involves the following participants:
    Varies based on those who would be relevant to your initiative.

    Outcomes of this step
    Ability to deliver the pitch in a manner that is clear and would be understood by the specific stakeholder the pitch is intended for.

    Communicate Any IT Initiative Effectively

    Phase 1 > Phase 2 > Phase 3

    Hone presentation skills before meeting with key stakeholders

    Using voice and body

    Think about the message you are trying to convey and how your body can support that delivery. Hands, stance, and frame all have an impact on what might be conveyed.

    If you want your audience to lean in and be eager about your next point, consider using a pause or softer voice and volume.

    Be professional and confident

    State the main points of your presentation confidently. While this should be obvious, it is essential. Your audience should be able to clearly see that you believe the points you are stating.

    Present in a way that is genuine to you and your voice. Whether you have an energetic personality or a calm and composed personality, the presentation should be authentic to you.

    Connect with your audience

    Look each member of the audience in the eye at least once during your presentation. Avoid looking at the ceiling, the back wall, or the floor. Your audience should feel engaged – this is essential to keeping their attention.

    Avoid reading from your slides. If there is text on a slide, paraphrase it while maintaining eye contact.

    Info-Tech Insight
    You are responsible for the response of your audience. If they aren’t engaged, it is on you as the communicator.

    Use clear slides that avoid distracting the audience

    Which slide will be better to present?

    Sample A:

    Sample A

    Sample B:

    Sample B

    3.1 Deliver your pitch

    20 minutes

    1. Take ten minutes to think about how to deliver your pitch. Where will you emphasize words, speak louder, softer, lean in, stand tall, make eye contact, etc.?
    2. Group into pairs. One person is the speaker and the other the audience.
    3. Set a timer on your phone or watch.
    4. Speaker:
      1. Take a few seconds to center yourself and prepare to deliver your pitch.
      2. Deliver your pitch to Person 2. Don’t forget to use your body language and your voice to deliver.
    5. Audience:
      1. Repeats ideas back to Person 1. Are the ideas correct? Are you convinced?
      2. Identifies who the audience is. Are they correct?
    6. Reverse roles and repeat.
    7. Discuss and provide feedback to one another.
    InputOutput
    • Written pitch
    • Best practices for delivering
    • An ability to deliver the pitch in a clear and concise manner that could be understood by the intended stakeholder.
    • Feedback from person 2.
    MaterialsParticipants
    • Pitch framework
    • Communications Plan Tool
    • Piece of paper
    • Varies based on those who would be relevant to your initiative.

    Communication Delivery Checklist

    • Are the slides clean so the audience can focus on your speaking and not on reading the context-heavy slide?
    • Have you practiced delivering the communication to team members or coaches?
    • Have you practiced delivering the communication to someone with little to no technology background?
    • Are you making yourself open to feedback and improvement opportunities?
    • If the communication is derailed from your plan, are you prepared to handle that change?
    • Can you deliver the communication without reading your notes word for word?
    • Have you adapted your voice throughout the communication to highlight specific components you want the audience to focus on?
    • Are you presenting in a way that is genuine to you and your personality?
    • Can you communicate the message within the time allotted?
    • Are you moving in an appropriate manner based on your communication (e.g. toward the screen, across the stage, hand gestures).

    3.2 Refine and deliver again

    1 hour

    1. Go back to what you wrote as your pitch and take ten minutes to eliminate more information to get the pitch down to two minutes based on the feedback from your original partner.
    2. Repeat the last exercise where you deliver your pitch; however, deliver it to the larger group this time.
    3. Focus on ways to adjust body language and voice to make the message more compelling.
    4. Identify if your audience is telling you anything with their body language (e.g. leaning in, leaning back). Use this to adjust as you are presenting.
    5. Have the group provide additional feedback on what was effective about the message and opportunities to further improve the message.
    InputOutput
    • Three-minute pitch
    • Feedback from first delivery
    • An ability to deliver the pitch in a clear and concise manner that could be understood by the intended stakeholder.
    MaterialsParticipants
    • Pitch framework
    • Communications Plan Tool
    • Piece of paper
    • Varies based on those who would be relevant to your initiative.

    Info-Tech Insight
    Whether the CIO or a service desk technician, delivering a presentation is a fear for every role in IT. Prepare your communication to help overcome the fears that are within your control.

    Research Contributors and Experts

    Anuja Agrawal, National Communications Director, PwC

    Anuja Agrawal
    National Communications Director
    PwC

    Anuja is an accomplished global communications professional, with extensive experience in the insurance, banking, financial, and professional services industry in Asia, the US, and Canada. She is currently the National Communications Director at PwC Canada. Her prior work experience includes communication leadership roles at Deutsche Bank, GE, Aviva, and Veritas. Anuja works closely with senior business leaders and key stakeholders to deliver measurable results and effective change and culture building programs. Anuja has experience in both internal and external communications, including strategic leadership communication, employee engagement, PR and media management, digital and social media, M&A/change and crisis management. Anuja believes in leveraging digital tools and technology-enabled solutions combined with in-person engagement to help improve the quality of dialogue and increase interactive communication within the organization to help build an inclusive culture of belonging.

    Nastaran Bisheban, Chief Technology Officer, KFC Canada

    Nastaran Bisheban
    Chief Technology Officer
    KFC Canada

    A passionate technologist and seasoned transformational leader. A software engineer and computer scientist by education, a certified Project Manager that holds an MBA in Leadership with Honors and Distinction from University of Liverpool. A public speaker on various disciplines of technology and data strategy with a Harvard Business School executive leadership program training to round it all. Challenges status quo and conventional practices; is an advocate for taking calculated risk and following the principle of continuous improvement. With multiple computer software and project management publications she is a strategic mentor and board member on various non-profit organizations. Nastaran sees the world as a better place only when everyone has a seat at the table and is an active advocate for diversity and inclusion.

    Heidi Davidson, Co-founder & CEO, Galvanize Worldwide and Galvanize On Demand

    Heidi Davidson
    Co-founder & CEO
    Galvanize Worldwide and Galvanize On Demand

    Dr. Heidi Davidson is the Co-Founder and CEO of Galvanize Worldwide, the largest distributed network of marketing and communications experts in the world. She also is the Co-Founder and CEO of Galvanize On Demand, a tech platform that matches marketing and communications freelancers with client projects. Now with 167 active experts, the Galvanize team delivers startup advisory work, outsourced marketing, training, and crisis communications to organizations of all sizes. Before Galvanize, Heidi spent four years as part of the turnaround team at BlackBerry as the Chief Communications Officer and SVP of Corporate Marketing, where she helped the company move from a device manufacturer to a security software provider.

    Eli Gladstone, Co-founder, Speaker Labs

    Eli Gladstone
    Co-Founder
    Speaker Labs

    Eli is a Co-Founder of Speaker Labs. He has spent over 6 years helping countless individuals overcome their public speaking fears and communicate with clarity and confidence. When he's not coaching others on how to build and deliver the perfect presentation, you'll probably find him reading some weird books, teaching his kids how to ski or play tennis, or trying to develop a good enough jumpshot to avoid being a liability on the basketball court.

    Francisco Mahfuz, Keynote Speaker & Storytelling Coach

    Francisco Mahfuz
    Keynote Speaker & Storytelling Coach

    Francisco Mahfuz has been telling stories in front of audiences for a decade, and even became a National Champion of public speaking. Today, Francisco is a keynote speaker and storytelling coach and offers communication training to individuals and international organisations, and has worked with organisations like Pepsi, HP, the United Nations, Santander and Cornell University. He's the author of Bare: A Guide to Brutally Honest Public Speaking, the host of The Storypowers Podcast, and he’s been part of the IESE MBA communications course since 2020. He's received a BA in English Literature from Birkbeck University in London.

    Sarah Shortreed, EVP & CTO, ATCO Ltd.

    Sarah Shortreed
    EVP & CTO
    ATCO Ltd.

    Sarah Shortreed is ATCO’s Executive Vice President and Chief Technology Officer. Her responsibilities include leading ATCO’s Information Technology (IT) function as it continues to drive agility and collaboration throughout ATCO’s global businesses and expanding and enhancing its enterprise IT strategy, including establishing ATCO’s technology roadmap for the future. Ms. Shortreed's skill and expertise are drawn from her more than 30-year career that spans many industries and includes executive roles in business consulting, complex multi-stakeholder programs, operations, sales, customer relationship management and product management. She was recently the Chief Information Officer at Bruce Power and has previously worked at BlackBerry, IBM and Union Gas. She sits on the Board of Governors for the University of Western Ontario and is the current Chair of the Chief Information Officer (CIO) Committee at the Conference Board of Canada.

    Eric Silverberg, Co-Founder Speaker Labs

    Eric Silverberg
    Co-Founder
    Speaker Labs

    Eric is a Co-Founder of Speaker Labs and has helped thousands of people build their public speaking confidence and become more dynamic and engaging communicators. When he's not running workshops to help people grow in their careers, there's a good chance you'll find him with his wife and dog, drinking Diet Coke and rewatching iconic episodes of the reality TV show Survivor! He's such a die-hard fan, that you'll probably see him playing the game one day.

    Stephanie Stewart, Communications Officer & DR Coordinator, Info Security Services Simon Fraser University

    Stephanie Stewart
    Communications Officer & DR Coordinator
    Info Security Services Simon Fraser University

    Steve Strout, President, Miovision Technologies

    Steve Strout
    President
    Miovision Technologies

    Mr. Strout is a recognized and experienced technology leader with extensive experience in delivering value. He has successfully led business and technology transformations by leveraging many dozens of complex global SFDC, Oracle and/or SAP projects. He is especially adept at leading what some call “Project Rescues” – saving people’s careers where projects have gone awry; always driving "on-time and on-budget.“ Mr. Strout is the current President of Miovision Technologies and the former CEO and board member of the Americas’ SAP Users’ Group (ASUG). His wealth of practical knowledge comes from 30 years of extensive experience in many CxO and executive roles at some prestigious organizations such as Vonage, Sabre, BlackBerry, Shred-it, The Thomson Corporation (now Thomson Reuters) and Morris Communications. Served on Boards including Customer Advisory Boards of Apple, AgriSource Data, Dell, Edgewise, EMC, LogiSense, Socrates.ai, Spiro Carbon Group, and Unifi.

    Info-Tech Research Group Contributors:
    Sanchia Benedict, Research Lead
    Koula Bouloukos, Production Manager
    Antony Chan, Executive Counsellor
    Janice Clatterbuck, Executive Counsellor
    Ahmed Jowar, Research Specialist
    Dave Kish, Practice Lead
    Nick Kozlo, Senior Research Analyst
    Heather Leier Murray, Senior Research Analyst
    Amanda Mathieson, Research Director
    Carlene McCubbin, Practice Lead
    Joe Meier, Executive Counsellor
    Andy Neill, AVP, Research
    Thomas Randall, Research Director

    Plus an additional two contributors who wish to remain anonymous.

    Related Info-Tech Research

    Boardroom Presentation Review

    • You will come away with a clear, concise, and compelling board presentation that IT leaders can feel confident presenting in front of their board of directors.
    • Add improvements to your current board presentation in terms of visual appeal and logical flow to ensure it resonates with your board of directors.
    • Leverage a best-of-breed presentation template.

    Build a Better Manager

    • Management skills training is needed, but organizations are struggling to provide training that makes a long-term difference in the skills managers actually use in their day to day.
    • Many training programs are ineffective because they offer the wrong content, deliver it in a way that is not memorable, and are not aligned with the IT department’s business objectives.

    Crisis Communication Guides

    During a crisis it is important to communicate to employees through messages that convey calm and are transparent and tailored to your audience. Use the Crisis Communication Guides to:

    • Draft a communication strategy.
    • Tailor messages to your audience.
    • Draft employee crisis communications.

    Use this guide to equip leadership to communicate in times of crisis.

    Bibliography

    Gallo, Carmine. "How Great Leaders Communicate." Harvard Business Review. 23 November 2022.

    Gallup. State of the American Workplace Report. Washington, D.C.: Gallup, 6 February 2020.

    Guthrie, Georgina. “Why Good Internal Communications Matter Now More than Ever.” Nulab. 15 Dec. 2021.

    Hypercontext. “The State of High Performing Teams in Tech 2022.” Hypercontext. 2022.

    Lambden, Duncan. “The Importance of Effective Workplace Communication – Statistics for 2022.” Expert Market. 13 June 2022.

    McCreary, Gale & WikiHow. “How to Measure the Effectiveness of Communication: 14 Steps.” WikiHow.

    Nowak, Marcin. “Top 7 Communication Problems in the Workplace.” MIT Enterprise Forum CEE, 2021.

    Nunn, Philip. “Messaging That Works: A Unique Framework to Maximize Communication Success.” iabc.

    Picincu, Andra. “How to Measure Effective Communications.” Small Business Chron. 12 January 2021.

    Price. David A. “Pixar Story Rules.”

    Prosci. “Best Practices in Change Management 2020 Edition.” Prosci, 2020.

    Roberts, Dan. “How CIOs Become Visionary Communicators.” CIO, 2019.

    Schlesinger, Mark. “Why building effective communication skill in IT is incredibly important.”

    Skills Framework for the Information Age, “Mapping SFIA Levels of Responsibilities to Behavioural Factors.” Skills Framework for the Information Age, 2021.

    St. James, Halina. Talk It Out. Podium, 2005.

    TeamState. “Communication in the Workplace Statistics: Importance and Effectiveness in 2022.” TeamStage, 2022.

    Walters, Katlin. “Top 5 Ways to Measure Internal Communication.” Intranet Connections, 30 May 2019.

    Get the Most Out of Your CRM

    • Buy Link or Shortcode: {j2store}537|cart{/j2store}
    • member rating overall impact (scale of 10): 9.7/10 Overall Impact
    • member rating average dollars saved: $31,749 Average $ Saved
    • member rating average days saved: 22 Average Days Saved
    • Parent Category Name: Customer Relationship Management
    • Parent Category Link: /customer-relationship-management
    • Application optimization is essential to stay competitive and productive in today’s digital environment.
    • Enterprise applications often involve large capital outlay, unquantified benefits, and high risk of failure.
    • Customer relationship management (CRM) application portfolios are often messy with multiple integration points, distributed data, and limited ongoing end-user training.
    • User dissatisfaction is common.

    Our Advice

    Critical Insight

    A properly optimized CRM ecosystem will reduce costs and increase productivity.

    Impact and Result

    • Build an ongoing optimization team to conduct application improvements.
    • Assess your CRM application(s) and the environment in which they exist. Take a business-first strategy to prioritize optimization efforts.
    • Validate CRM capabilities, user satisfaction, issues around data, vendor management, and costs to build out an optimization strategy.
    • Pull this all together to develop a prioritized optimization roadmap.

    Get the Most Out of Your CRM Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should optimize your CRM, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Map current-state capabilities

    Gather information around the application:

    • Get the Most Out of Your CRM Workbook

    2. Assess your current state

    Assess CRM and related environment. Perform CRM process assessment. Assess user satisfaction across key processes, applications, and data. Understand vendor satisfaction

    • CRM Application Inventory Tool

    3. Build your optimization roadmap

    Build your optimization roadmap: process improvements, software capability improvements, vendor relationships, and data improvement initiatives.

    Infographic

    Workshop: Get the Most Out of Your CRM

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Your CRM Application Vision

    The Purpose

    Define your CRM application vision.

    Key Benefits Achieved

    Develop an ongoing application optimization team.

    Realign CRM and business goals.

    Understand your current system state capabilities.

    Explore CRM and related costs.

    Activities

    1.1 Determine your CRM optimization team.

    1.2 Align organizational goals.

    1.3 Inventory applications and interactions.

    1.4 Define business capabilities.

    1.5 Explore CRM-related costs (optional).

    Outputs

    CRM optimization team

    CRM business model

    CRM optimization goals

    CRM system inventory and data flow

    CRM process list

    CRM and related costs

    2 Map Current-State Capabilities

    The Purpose

    Map current-state capabilities.

    Key Benefits Achieved

    Complete a CRM process gap analysis to understand where the CRM is underperforming.

    Review the CRM application portfolio assessment to understand user satisfaction and data concerns.

    Undertake a software review survey to understand your satisfaction with the vendor and product.

    Activities

    2.1 Conduct gap analysis for CRM processes.

    2.2 Perform an application portfolio assessment.

    2.3 Review vendor satisfaction.

    Outputs

    CRM process gap analysis

    CRM application portfolio assessment

    CRM software reviews survey

    3 Assess CRM

    The Purpose

    Assess CRM.

    Key Benefits Achieved

    Learn which processes you need to focus on.

    Uncover underlying user satisfaction issues to address these areas.

    Understand where data issues are occurring so that you can mitigate this.

    Investigate your relationship with the vendor and product, including that relative to others.

    Identify any areas for cost optimization (optional).

    Activities

    3.1 Explore process gaps.

    3.2 Analyze user satisfaction.

    3.3 Assess data quality.

    3.4 Understand product satisfaction and vendor management.

    3.5 Look for CRM cost optimization opportunities (optional).

    Outputs

    CRM process optimization priorities

    CRM vendor optimization opportunities

    CRM cost optimization

    4 Build the Optimization Roadmap

    The Purpose

    Build the optimization roadmap.

    Key Benefits Achieved

    Understanding where you need to improve is the first step, now understand where to focus your optimization efforts.

    Activities

    4.1 Identify key optimization areas.

    4.2 Build your CRM optimization roadmap and next steps.

    Outputs

    CRM optimization roadmap

    Further reading

    Get the Most Out of Your CRM

    In today’s connected world, continuous optimization of enterprise applications to realize your digital strategy is key.

    Get the Most Out of Your CRM

    In today’s connected world, continuous optimization of enterprise applications to realize your digital strategy is key.

    EXECUTIVE BRIEF

    Analyst Perspective

    Focus optimization on organizational value delivery.

    Customer relationship management (CRM) systems are at the core of a customer-centric strategy to drive business results. They are critical to supporting marketing, sales, and customer service efforts.

    CRM systems are expensive, their benefits are difficult to quantify, and they often suffer from poor user satisfaction. Post implementation, technology evolves, organizational goals change, and the health of the system is not monitored. This is complicated in today’s digital landscape with multiple integration points, siloed data, and competing priorities.

    Too often organizations jump into the selection of replacement systems without understanding the health of their current systems. IT leaders need to stop reacting and take a proactive approach to continually monitor and optimize their enterprise applications. Strategically realign business goals, identify business application capabilities, complete a process assessment, evaluate user adoption, and create an optimization roadmap that will drive a cohesive technology strategy that delivers results.

    This is a picture of Lisa Highfield

    Lisa Highfield
    Research Director,
    Enterprise Applications
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    In today’s connected world, continuous optimization of enterprise applications to realize your digital strategy is key.

    Enterprise applications often involve large capital outlay and unquantified benefits.

    CRM application portfolios are often messy. Add to that poor processes, distributed data, and lack of training – business results and user dissatisfaction is common.

    Technology owners are often distributed across the business. Consolidation of optimization efforts is key.

    Common Obstacles

    Enterprise applications involve large numbers of processes and users. Without a clear focus on organizational needs, decisions about what and how to optimize can become complicated.

    Competing and conflicting priorities may undermine optimization value by focusing on the approaches that would only benefit one line of business rather than the entire organization.

    Teams do not have a framework to illustrate, communicate, and justify the optimization effort in the language your stakeholders understand.

    Info-Tech’s Approach

    Build an ongoing optimization team to conduct application improvements.

    Assess your CRM application(s) and the environment in which they exist. Take a business-first strategy to prioritize optimization efforts.

    Validate CRM capabilities, user satisfaction, issues around data, vendor management, and costs to build out an optimization strategy

    Pull this all together to develop a prioritized optimization roadmap.

    Info-Tech Insight

    CRM implementation should not be a one-and-done exercise. A properly optimized CRM ecosystem will reduce costs and increase productivity.

    This is an image of the thought model: Get the Most Out of Your CRM

    Insight Summary

    Continuous assessment and optimization of customer relationship management (CRM) systems is critical to their success.

    • Applications and the environments in which they live are constantly evolving.
    • Get the Most Out of Your CRM provides business and application managers a method to complete a health assessment on their CRM systems to identify areas for improvement and optimization.
    • Put optimization practices into effect by:
      • Aligning and prioritizing key business and technology drivers.
      • Identifying CRM process classification, and performing a gap analysis.
      • Measuring user satisfaction across key departments.
      • Evaluating vendor relations.
      • Understanding how data fits.
      • Pulling it all together into an optimization roadmap.

    CRM platforms are the applications that provide functional capabilities and data management around the customer experience (CX).

    Marketing, sales, and customer service are enabled through CRM technology.

    CRM technologies facilitate an organization’s relationships with customers, service users, employees, and suppliers.

    CRM technology is critical to managing the lifecycle of these relationships, from lead generation, to sales opportunities, to ongoing support and nurturing of these relationships.

    Customer experience management (CXM)

    CRM platforms sit at the core of a well-rounded customer experience management ecosystem.

    Customer Relationship Management

    • Web Experience Management Platform
    • E-Commerce & Point-of-Sale Solutions
    • Social Media Management Platform
    • Customer Intelligence Platform
    • Customer Service Management Tools
    • Marketing Management Suite

    Customer relationship management suites are one piece of the overall customer experience management ecosystem, alongside tools such as customer intelligence platforms and adjacent point solutions for sales, marketing, and customer service. Review Info-Tech’s CXM blueprint to build a complete, end-to-end customer interaction solution portfolio that encompasses CRM alongside other critical components. The CXM blueprint also allows you to develop strategic requirements for CRM based on customer personas and external market analysis.

    CRM by the numbers

    1/3

    Statistical analysis of CRM projects indicate failures vary from 18% to 69%. Taking an average of those analyst reports, about one-third of CRM projects are considered a failure.
    Source: CIO Magazine, 2017

    85%

    Companies that apply the principles of behavioral economics outperform their peers by 85% in sales growth and more than 25% in gross margin.
    Source: Gallup, 2012

    40%

    In 2019, 40% of executives name customer experience the top priority for their digital transformation.
    Source: CRM Magazine, 2019

    CRM dissatisfaction

    Drivers of Dissatisfaction

    Business Data People and Teams Technology
    • Misaligned objectives
    • Product fit
    • Changing priorities
    • Lack of metrics
    • Access to data
    • Data hygiene
    • Data literacy
    • One view of the customer
    • User adoption
    • Lack of IT support
    • Training (use of data and system)
    • Vendor relations
    • Systems integration
    • Multichannel complexity
    • Capability shortfall
    • Lack of product support

    Info-Tech Insight

    While technology is the key enabler of building strong customer experiences, there are many other drivers of dissatisfaction. IT must stand shoulder to shoulder with the business to develop a technology framework for customer relationship management.

    Marketing, Sales, and Customer Service, along with IT, can only optimize CRM with the full support of each other. The cooperation of the departments is crucial when trying to improve CRM technology capabilities and customer interaction.

    Application optimization is risky without a plan

    Avoid the common pitfalls.

    • Not considering application optimization as a business and IT partnership that requires continuous formal engagement of all participants.
    • Not having a good understanding of current state, including integration points and data.
    • Not adequately accommodating feedback and changes after digital applications are deployed and employed.
    • Not treating digital applications as a motivator for potential future IT optimization effort, and not incorporating digital assets in strategic business planning.
    • Not involving department leads, management, and other subject matter experts to facilitate the organizational change digital applications bring.

    “A successful application optimization strategy starts with the business need in mind and not from a technological point of view. No matter from which angle you look at it, modernizing a legacy application is a considerable undertaking that can’t be taken lightly. Your best approach is to begin the journey with baby steps.”
    – Ernese Norelus, Sreeni Pamidala, and Oliver Senti
    Medium, 2020

    Info-Tech’s methodology for Get the Most Out of Your CRM

    1. Map Current-State Capabilities 2. Assess Your Current State 3. Build Your Optimization Roadmap
    Phase Steps
    1. Identify stakeholders and build your CRM optimization team
    2. Build a CRM strategy model
    3. Inventory current system state
    4. Define business capabilities
    1. Conduct a gap analysis for CRM processes
    2. Assess user satisfaction
    3. Review your satisfaction with the vendor and product
    1. Identify key optimization areas
    2. Compile optimization assessment results
    Phase Outcomes
    1. Stakeholder map
    2. CRM optimization team
    3. CRM business model
    4. Strategy alignment
    5. Systems inventory and diagram
    6. Business capabilities map
    7. Key CRM processes list
    1. Gap analysis for CRM-related processes
    2. Understanding of user satisfaction across applications and processes
    3. Insight into CRM data quality
    4. Quantified satisfaction with the vendor and product
    1. Application optimization plan

    Get the Most Out of Your CRM Workbook

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals.

    Key deliverable:

    CRM Optimization Roadmap (Tab 8)

    This image contains a screenshot from Tab 9 of the Get the most out of your CRM WorkshopThis image contains a screenshot from Tab 9 of the Get the most out of your CRM Workshop

    Complete an assessment of processes, user satisfaction, data quality, and vendor management using the Workbook or the APA diagnostic.

    CRM Business Model (Tab 2)

    This image contains a screenshot from Tab 2 of the Get the most out of your CRM Workshop

    Align your business and technology goals and objectives in the current environment.

    Prioritized CRM Optimization Goals (Tab 3)

    This image contains a screenshot from Tab 3 of the Get the most out of your CRM Workshop

    Identify and prioritize your CRM optimization goals.

    Application Portfolio Assessment (APA)

    This image contains a screenshot of the Application Portfolio Assessment

    Assess IT-enabled user satisfaction across your CRM portfolio.

    Prioritized Process Assessment (Tab 5)

    This image contains a screenshot from Tab 5 of the Get the most out of your CRM Workshop

    Understand areas for improvement.

    Case Study

    Align strategy and technology to meet consumer demand.

    INDUSTRY - Entertainment
    SOURCE - Forbes, 2017

    Challenge

    Beginning as a mail-out service, Netflix offered subscribers a catalog of videos to select from and have mailed to them directly. Customers no longer had to go to a retail store to rent a video. However, the lack of immediacy of direct mail as the distribution channel resulted in slow adoption.

    Blockbuster was the industry leader in video retail but was lagging in its response to industry, consumer, and technology trends around customer experience

    Solution

    In response to the increasing presence of tech-savvy consumers on the internet, Netflix invested in developing its online platform as its primary distribution channel. The benefit of doing so was two-fold: passive brand advertising (by being present on the internet) and meeting customer demands for immediacy and convenience. Netflix also recognized the rising demand for personalized service and created an unprecedented, tailored customer experience.

    Results

    Netflix’s disruptive innovation is built on the foundation of great customer experience management. Netflix is now a $28-billion company, which is tenfold what Blockbuster was worth.

    Netflix used disruptive technologies to innovatively build a customer experience that put it ahead of the long-time, video rental industry leader, Blockbuster.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2:

    Build the CRM team.

    Align organizational goals.

    Call #4:

    Conduct gap analysis for CRM processes.

    Prepare application portfolio assessment.

    Call #5:

    Understand product satisfaction and vendor management.

    Look for CRM cost optimization opportunities (optional).

    Call #7:

    Identify key optimization areas.

    Build out optimization roadmap and next steps.

    Call #3:

    Map current state.

    Inventory CRM processes.

    Explore CRM-related costs.

    Call #6:

    Review APA results.

    A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5
    Define Your CRM Application Vision Map Current-State Capabilities Assess CRM Build the Optimization Roadmap Next Steps and Wrap-Up (offsite)

    Activities

    1.1 Determine your CRM optimization team

    1.2 Align organizational goals

    1.3 Inventory applications and interactions

    1.4 Define business capabilities

    1.5 Explore CRM-related costs

    2.1 Conduct gap analysis for CRM processes

    2.2 Perform an application portfolio assessment

    2.3 Review vendor satisfaction

    3.1 Explore process gaps

    3.2 Analyze user satisfaction

    3.3 Assess data quality

    3.4 Understand product satisfaction and vendor management

    3.5 Look for CRM cost optimization opportunities (optional)

    4.1 Identify key optimization areas

    4.2 Build your CRM optimization roadmap and next steps

    5.1 Complete in-progress deliverables from previous four days

    5.2 Set up review time for workshop deliverables and to discuss next steps

    Deliverables
    1. CRM optimization team
    2. CRM business model
    3. CRM optimization goals
    4. CRM system inventory and data flow
    5. CRM process list
    6. CRM and related costs
    1. CRM process gap analysis
    2. CRM application portfolio assessment
    3. CRM software reviews survey
    1. CRM process optimization priorities
    2. CRM vendor optimization opportunities
    3. CRM cost optimization
    1. CRM optimization roadmap

    Phase 1

    Map Current-State Capabilities

    • 1.1 Identify Stakeholders and Build Your Optimization Team
    • 1.2 Build a CRM Strategy Model
    • 1.3 Inventory Current System State
    • 1.4 Define Business Capabilities
    • 1.5 Understand CRM Costs

    Get the Most Out of Your CRM

    This phase will walk you through the following activities:

    • Align your organizational goals
    • Gain a firm understanding of your current state
    • Inventory CRM and related applications
    • Confirm the organization’s capabilities

    This phase involves the following participants:

    • Product Owners
    • CMO
    • Departmental leads – Sales, Marketing, Customer Service, or other
    • Applications Director
    • Senior Business Analyst
    • Senior Developer
    • Procurement Analysts

    Inventory of CRM and related systems

    Develop an integration map to specify which applications will interface with each other.

    This is an image of an integration map, integrating the following Terms to CRM: Telephony Systems; Directory Services; Email; Content Management; Point Solutions; ERP

    Integration is paramount: your CRM application often integrates with other applications within the organization. Create an integration map to reflect a system of record and the exchange of data. To increase customer engagement, channel integration is a must (i.e. with robust links to unified communications solutions, email, and VoIP telephony systems).

    CRM plays a key role in the more holistic customer experience framework. However, it is heavily influenced by and often interacts with many other platforms.

    Data is one key consideration that needs to be considered here. If customer information is fragmented, it will be nearly impossible to build a cohesive view of the customer. Points of integration (POIs) are the junctions between the CRM(s) and other applications where data is flowing to and from. They are essential to creating value, particularly in customer insight-focused and omnichannel-focused deployments.

    Customer expectations are on the rise

    CRM strategy is a critical component of customer experience (CX).

    CUSTOMER EXPERIENCE

    1. Thoughtfulness is in
      Connect with customers on a personal level
    2. Service over products
      The experience is more important than the product
    3. Culture is now number one
      Culture is the most overlooked piece of customer experience strategy
    4. Engineering and service finally join forces
      Companies are combining their technology and service efforts to create
      strong feedback loops
    5. The B2B world is inefficiently served
      B2B needs to step up with more tools and a greater emphasis placed on
      customer experience

    Source: Forbes, 2019

    Build a cohesive CRM strategy that aligns business goals with CRM capabilities.

    Info-Tech Insight

    Customers expect to interact with organizations through the channels of their choice. Now more than ever, you must enable your organization to provide tailored customer experiences.

    IT is critical to the success of your CRM strategy

    Today’s shared digital landscape of the CIO and CMO

    CIO

    • IT Operations
    • Service Delivery and Management
    • IT Support
    • IT Systems and Application
    • IT Strategy and Governance
    • Cybersecurity

    Collaboration and Partnership

    • Digital Strategy = Transformation
      Business Goals | Innovation | Leadership | Rationalization
    • Customer Experience
      Architecture | Design | Omnichannel Delivery | Management
    • Insight (Market Facing)
      Analytics | Business Intelligence | Machine Learning | AI
    • Marketing Integration + Operating Model
      Apps | Channels | Experiences | Data | Command Center
    • Master Data
      Customer | Audience | Industry | Digital Marketing Assets

    CMO

    • PEO Media
    • Brand Management
    • Campaign Management
    • Marketing Tech
    • Marketing Ops
    • Privacy, Trust, and Regulatory Requirements

    Info-Tech Insight

    Technology is the key enabler of building strong customer experiences: IT must stand shoulder to shoulder with the business to develop a technology framework for customer relationship management.

    Step 1.1

    Identify Stakeholders and Build Your Optimization Team

    Activities

    1.1.1 Identify the stakeholders whose support will be critical to success

    1.1.2 Select your CRM optimization team

    Map Current-State Capabilities

    This step will walk you through the following activities:

    • Identify CRM drivers and objectives.
    • Explore CRM challenges and pain points.
    • Discover CRM benefits and opportunities.
    • Align the CRM foundation with the corporate strategy.

    This step involves the following participants:

    • Stakeholders
    • Project sponsors and leaders

    Outcomes of this step

    • Stakeholder map
    • CRM optimization team composition

    CRM optimization stakeholders

    Understand the roles necessary to get the most out of your CRM.

    Understand the role of each player within your optimization initiative. Look for listed participants on the activity slides to determine when each player should be involved.

    Info-Tech Insight

    Do not limit input or participation. Include subject matter experts and internal stakeholders at stages within the optimization initiative. Such inputs can be solicited on a one-off basis as needed. This ensures you take a holistic approach to creating your CRM optimization strategy.

    Title

    Roles Within CRM Optimization Initiative

    Optimization Sponsor

    • Owns the project at the management/C-suite level
    • Responsible for breaking down barriers and ensuring alignment with organizational strategy
    • CMO, VP od Marketing, VP of Sales, VP of Customer Care, or similar

    Optimization Initiative Manager

    • Typically IT individual(s) that oversee day-to-day operations
    • Responsible for preparing and managing the project plan and monitoring the project team’s progress
    • Applications Manager or other IT Manager, Business Analyst, Business Process Owner, or similar

    Business Leads/
    Product Owners

    • Works alongside the Optimization Initiative Manager to ensure that the strategy is aligned with business needs
    • In this case, likely to be a marketing, sales, or customer service lead
    • Product Owners
    • Sales Director, Marketing Director, Customer Care Director, or similar

    CRM Optimization Team

    • Comprised of individuals whose knowledge and skills are crucial to optimization success
    • Responsible for driving day-to-day activities, coordinating communication, and making process and design decisions
    • Project Manager, Business Lead, CRM Manager, Integration Manager, Application SMEs, Developers, Business Process Architects, and/or similar SMEs

    Steering Committee

    • Comprised of C-suite/management level individuals that act as the CRM optimization decision makers.
    • Responsible for validating goals and priorities, defining the optimization scope, enabling adequate resourcing, and managing change
    • Project Sponsor, Project Manager, Business Lead, CMO, Business Unit SMEs, or similar

    1.1.1 Identify stakeholders critical to success

    1 hour

    1. Hold a meeting to identify the stakeholders that should be included in the project’s steering committee.
    2. Finalize selection of steering committee members.
    3. Contact members to ensure their willingness to participate.
    4. Document the steering committee members and the milestone/presentation expectations for reporting project progress and results.

    Input

    • Stakeholder interviews
    • Business process owners list

    Output

    • CRM optimization stakeholders
    • Steering committee members

    Materials

    • N/A

    Participants

    • Product Owners
    • CMO
    • Departmental Leads – Sales, Marketing, Customer Service (and others)
    • Applications Director
    • Senior Business Analyst
    • Senior Developer
    • Procurement Analyst

    The CRM optimization team

    Consider the core team functions when composing the CRM optimization team. Form a cross-functional team (i.e. across IT, Marketing, Sales, Service, Operations) to create a well-aligned CRM optimization strategy.

    Don’t let your core team become too large when trying to include all relevant stakeholders. Carefully limiting the size of the optimization team will enable effective decision making while still including functional business units such as Marketing, Sales, Service, and Customer Service.

    Required Skills/Knowledge

    Suggested Optimization Team Members

    Business

    • Understanding of the customer
    • Departmental processes
    • Sales Manager
    • Marketing Manager
    • Customer Service Manager

    IT

    • Product Owner
    • Application developers
    • Enterprise architects
    • CRM Application Manager
    • Business Process Manager
    • Data Stewards
    Other
    • Operations
    • Administrative
    • Change management
    • Operations Manager
    • CFO
    • Change Management Manager

    1.1.2 Select your CRM optimization team

    30 minutes

    1. Have the CMO and other key stakeholders discuss and determine who will be involved in the CRM optimization project.
      • Depending on the initiative and the size of the organization the size of the team will vary.
      • Key business leaders in key areas – Sales, Marketing, Customer Service, and IT – should be involved.
    2. Document the members of your optimization team in the Get the Most Out of Your CRM Workbook, tab “1. Optimization Team.”
      • Depending on your initiative and size of your organization, the size of this team will vary.

    Get the Most Out of Your CRM Workbook

    Input

    • Stakeholders

    Output

    • List of CRM Optimization Team members

    Materials

    • Get the Most Out of Your CRM Workbook

    Participants

    • Product Owners
    • CMO
    • Departmental Leads – Sales, Marketing, Customer Service
    • Applications Director
    • Senior Business Analyst
    • Senior Developer
    • Procurement Analyst

    Step 1.2

    Build a CRM Strategy Model

    Activities

    • 1.2.1 Explore environmental factors and technology drivers
    • 1.2.2 Discuss challenges and pain points
    • 1.2.3 Discuss opportunities and benefits
    • 1.2.4 Align CRM strategy with organizational goals

    Map Current-State Capabilities

    This step will walk you through the following activities:

    • Identify CRM drivers and objectives.
    • Explore CRM challenges and pain points.
    • Discover the CRM benefits and opportunities.
    • Align the CRM foundation with the corporate strategy.

    This step involves the following participants:

    • CRM Optimization Team

    Outcomes of this step

    • CRM business model
    • Strategy alignment

    Align the CRM strategy with the corporate strategy

    Corporate Strategy

    Your corporate strategy:

    • Conveys the current state of the organization and the path it wants to take.
    • Identifies future goals and business aspirations.
    • Communicates the initiatives that are critical for getting the organization from its current state to the future state.

    Unified Strategy

    • The CRM optimization can be and should be linked, with metrics, to the corporate strategy and ultimate business objectives.

    CRM Strategy

    Your CRM Strategy:

    • Communicates the organization’s budget and spending on CRM.
    • Identifies IT initiatives that will support the business and key CRM objectives.
    • Outlines staffing and resourcing for CRM initiatives.

    CRM projects are more successful when the management team understands the strategic importance and the criticality of alignment. Time needs to be spent upfront aligning business strategies with CRM capabilities. Effective alignment between Sales, Marketing, Customer Service, Operations, IT, and the business should happen daily. Alignment doesn’t just need to occur at the executive level but at each level of the organization.

    Sample CRM objectives

    Increase Revenue

    Enable lead scoring

    Deploy sales collateral management tools

    Improve average cost per lead via a marketing automation tool

    Enhance Market Share

    Enhance targeting effectiveness with a CRM

    Increase social media presence via an SMMP

    Architect customer intelligence analysis

    Improve Customer Satisfaction

    Reduce time-to-resolution via better routing

    Increase accessibility to customer service with live chat

    Improve first contact resolution with customer KB

    Increase Customer Retention

    Use a loyalty management application

    Improve channel options for existing customers

    Use customer analytics to drive targeted offers

    Create Customer-Centric Culture

    Ensure strong training and user adoption programs

    Use CRM to provide 360-degree view of all customer interactions

    Incorporate the voice of the customer into product development

    Identifying organizational objectives of high priority will assist in breaking down business needs and CRM objectives. This exercise will better align the CRM systems with the overall corporate strategy and achieve buy-in from key stakeholders.

    CRM business model Template

    This image contains a screenshot of the CRM business model template

    Understand objectives for creating a strong CRM strategy

    Business Needs

    Business Drivers

    Technology Drivers

    Environmental Factors

    Definition A business need is a requirement associated with a particular business process. Business drivers can be thought of as business-level goals. These are tangible benefits the business can measure such as employee retention, operation excellence, and financial performance. Technology drivers are technological changes that have created the need for a new CRM enablement strategy. Many organizations turn to technology systems to help them obtain a competitive edge. External considerations are factors taking place outside of the organization that are impacting the way business is conducted inside the organization. These are often outside the control of the business.

    Examples

    • Audit tracking
    • Authorization levels
    • Business rules
    • Data quality
    • Employee engagement
    • Productivity
    • Operational efficiency
    • Deployment model (i.e. SaaS)
    • Integration
    • Reporting capabilities
    • Fragmented technologies
    • Economic and political factors, the labor market
    • Competitive influencers
    • Compliance regulations

    Info-Tech Insight

    One of the biggest drivers for CRM adoption is the ability to make decisions through consolidated data. This driver is a result of external considerations. Many industries today are highly competitive, uncertain, and rapidly changing. To succeed under these pressures, there needs to be timely information and visibility into all components of the organization.

    1.2.1 Explore environmental factors and technology drivers

    30 minutes

    1. Identify business drivers that are contributing to the organization’s need for CRM.
    2. Understand how the company is running today and what the organization’s future will look like. Try to identify the purpose for becoming an integrated organization. Use a whiteboard and markers to capture key findings.
    3. Consider environmental factors: external considerations, organizational drivers, technology drivers, and key functional requirements.
    4. Use the Get the Most Out of Your CRM Workbook, tab “2. Business Model,” to complete this exercise.

    Get the Most Out of Your CRM Workbook

    This is a screenshot of the CRM Business Model the following boxes highlighted in purple boxes.  CRM business Needs; Environmental Factors; Technology Drivers

    External Considerations

    Organizational Drivers

    Technology Considerations

    Functional Requirements

    • Funding Constraints
    • Regulations
    • Compliance
    • Scalability
    • Operational Efficiency
    • Data Accuracy
    • Data Quality
    • Better Reporting
    • Information Availability
    • Integration Between Systems
    • Secure Data

    Create a realistic CRM foundation by identifying the challenges and barriers to the project

    There are several different factors that may stifle the success of an CRM portfolio. Organizations creating an CRM foundation must scan their current environment to identify internal barriers and challenges.

    Common Internal Barriers

    Management Support

    Organizational Culture

    Organizational Structure

    IT Readiness

    Definition The degree of understanding and acceptance towards CRM technology and systems. The collective shared values and beliefs. The functional relationships between people and departments in an organization. The degree to which the organization’s people and processes are prepared for new CRM system(s.)

    Questions

    • Is a CRM project recognized as a top priority?
    • Will management commit time to the project?
    • Are employees resistant to change?
    • Is the organization highly individualized?
    • Is the organization centralized?
    • Is the organization highly formalized?
    • Is there strong technical expertise?
    • Is there strong infrastructure?
    Impact
    • Funding
    • Resources
    • Knowledge sharing
    • User acceptance
    • Flow of knowledge
    • Poor implementation
    • Need for reliance on consultants

    1.2.2 Discuss challenges and pain points

    30 minutes

    1. Identify challenges with current systems and processes.
    2. Brainstorm potential barriers to success. Use a whiteboard and markers to capture key findings.
    3. Consider the project barriers: functional gaps, technical gaps, process gaps, and barriers to CRM success.
    4. Use the Get the Most Out of Your CRM Workbook, tab “2. Business Model,” to complete this exercise.

    Get the Most Out of Your CRM Workbook

    This is a screenshot of the CRM Business Model the following boxes highlighted in purple boxes.  Barriers

    Functional Gaps

    Technical Gaps

    Process Gaps

    Barriers to Success

    • No sales tracking within core CRM
    • Inconsistent reporting – data quality concerns
    • Duplication of data
    • Lack of system integration
    • Cultural mindset
    • Resistance to change
    • Lack of training
    • Funding

    1.2.3 Discuss opportunities and benefits

    30 minutes

    1. Identify opportunities and benefits from an integrated system.
    2. Brainstorm potential enablers for successful CRM enablement and the ideal portfolio.
    3. Consider the project enablers: business benefits, IT benefits, organizational benefits, and enablers of CRM success.
    4. Use the Get the Most Out of Your CRM Workbook, tab “2. Business Model,” to complete this exercise.
    This is a screenshot of the CRM Business Model the following boxes highlighted in purple boxes.  Enablers

    Business Benefits

    IT Benefits

    Organizational Benefits

    Enablers of Success

    • Business-IT alignment
    • Compliance
    • Scalability
    • Operational Efficiency
    • Data Accuracy
    • Data Quality
    • Better Reporting
    • Change Management
    • Training
    • Alignment to Strategic Objectives

    1.2.4 Align CRM strategy with organizational goals

    1 hour

    1. Discuss your corporate objectives (organizational goals). Choose three to five corporate objectives that are a priority for the organization in the current year.
    2. Break into groups and assign each group one corporate objective.
    3. For each objective, produce several ways an optimized CRM system will meet the given objective.
    4. Think about the modules and CRM functions that will help you realize these benefits.
    5. Use the Get the Most Out of Your CRM Workbook, tab “2. Business Model,” to complete this exercise.
    Increase Revenue

    CRM Benefits

    • Increase sales by 5%
    • Expand to new markets
    • Offer new product
    • Identify geographies underperforming
    • Build out global customer strategy
    • Allow for customer segmentation
    • Create targeted marketing campaigns

    Input

    • Organizational goals
    • CRM strategy model

    Output

    • Optimization benefits map

    Materials

    • Get the Most Out of Your CRM Workbook

    Participants

    • Product Owners
    • CMO
    • Departmental Leads – Sales, Marketing, Customer Service
    • Applications Director
    • Senior Business Analyst
    • Senior Developer
    • Procurement Analyst

    Download the Get the Most Out of Your CRM Workbook

    Step 1.3

    Inventory Current System State

    Activities

    1.3.1 Inventory applications and interactions

    Map Current-State Capabilities

    This step will walk you through the following activities:

    • Inventory applications
    • Map interactions between systems

    This step involves the following participants:

    • CRM Optimization Team
    • Enterprise Architect
    • Data Architect

    Outcomes of this step

    • Systems inventory
    • Systems diagram

    1.3.1 Inventory applications and interactions

    1-3 hours

    1. Individually list all electronic systems involved in the organization. This includes anything related to customer information and interactions, such as CRM, ERP, e-commerce, finance, email marketing, and social media, etc.
    2. Document data flows into and out of each system to the ERP. Refer to the example on the next slide (CRM data flow).
    3. Review the processes in place (e.g. reporting, marketing, data moving into and out of systems). Document manual processes. Identify integration points. If flowcharts exist for these processes, it may be useful to provide these to the participants.
    4. If possible, diagram the system. Include information direction flow. Use the sample CRM map, if needed.

    This image contains an example of a CRM Data Flow

    CRM data flow

    This image contains an example of a CRM Data Flow

    Be sure to include enterprise applications that are not included in the CRM application portfolio. Popular systems to consider for POIs include billing, directory services, content management, and collaboration tools.

    When assessing the current application portfolio that supports CRM, the tendency will be to focus on the applications under the CRM umbrella, relating mostly to Marketing, Sales, and Customer Service. Be sure to include systems that act as input to, or benefit due to outputs from, the CRM or similar applications.

    Sample CRM map

    This image contains an example of a CRM map

    Step 1.4

    Define Business Capabilities

    Activities

    1.4.1 Define business capabilities

    1.4.2 List your key CRM processes

    Map Current-State Capabilities

    This step will walk you through the following activities:

    • Define your business capabilities
    • List your key CRM processes

    This step involves the following participants:

    • CRM Optimization Team
    • Business Architect

    Outcomes of this step

    • Business capabilities map
    • Key CRM processes list

    Business capability map (Level 0)

    This image contains a screenshot of a business capability map.  an Arrow labeled CRM points to the Revenue Generation section. Revenue Generation: Marketing; Sales; Customer Service.

    In business architecture, the primary view of an organization is known as a business capability map.

    A business capability defines what a business does to enable value creation, rather than how.

    Business capabilities:

    • Represent stable business functions.
    • Are unique and independent of each other.
    • Typically will have a defined business outcome.

    A business capability map provides details that help the business architecture practitioner direct attention to a specific area of the business for further assessment.

    Capability vs. process vs. feature

    Understanding the difference

    When examining CRM optimization, it is important we approach this from the appropriate layer.

    Capability:

    • The ability of an entity (e.g. organization or department) to achieve its objectives (APQC, 2017).
    • An ability that an organization, person, or system possesses. Typically expressed in general and high-level terms and typically require a combination of organization, people, processes, and technology to achieve (TOGAF).

    Process:

    • Can be manual or technology enabled. A process is a series of interrelated activities that convert inputs into results (outputs). Processes consume resources, require standards for repeatable performance, and respond to control systems that direct the quality, rate, and cost of performance. The same process can be highly effective in one circumstance and poorly effective in another with different systems, tools, knowledge, and people (APQC, 2017).

    Feature:

    • Is a distinguishing characteristic of a software item (e.g. performance, portability, or functionality) (IEEE, 2005).

    In today’s complex organizations, it can be difficult to understand where inefficiencies stem from and how performance can be enhanced.
    To fix problems and maximize efficiencies business capabilities and processes need to be examined to determine gaps and areas of lagging performance.

    Info-Tech’s CRM framework and industry tools such as the APQC’s Process Classification Framework can help make sense of this.

    1.4.1 Define business capabilities

    1-3 hours

    1. Look at the major functions or processes within the scope of CRM.
    2. Compile an inventory of current systems that interact with the chosen processes. In its simplest form, document your application inventory in a spreadsheet (see tab 3 of the CRM Application Inventory Tool). For large organizations, interview representatives of business domains to help create your list of applications.
    3. Make sure to include any processes that are manual versus automated.
    4. Use your current state drawing from activity 1.3.1 to link processes to applications for further effect.

    CRM Application Inventory Tool

    Input

    • Current systems
    • Key processes
    • APQC Framework
    • Organizational process map

    Output

    • List of key business processes

    Materials

    • CRM Application Inventory Tool
    • CRM APQC Framework
    • Whiteboard, PowerPoint, or flip charts
    • Pens/markers

    Participants

    • CRM Optimization Team

    CRM process mapping

    This image contains two screenshots.  one is of the business capability map seen earlier in this blueprint, and the other includes the following operating model: Objectives; Value Streams; Capabilities; Processes

    The operating model

    An operating model is a framework that drives operating decisions. It helps to set the parameters for the scope of CRM and the processes that will be supported. The operating model will serve to group core operational processes. These groupings represent a set of interrelated, consecutive processes aimed at generating a common output.

    The Value Stream

    Value Stream Defined

    Value Streams

    Design Product

    Produce Product

    Sell Product

    Customer Service

    • Manufacturers work proactively to design products and services that will meet consumer demand.
    • Products are driven by consumer demand and governmental regulations.
    • Production processes and labor costs are constantly analyzed for efficiencies and accuracies.
    • Quality of product and services are highly regulated through all levels of the supply chain.
    • Sales networks and sales staff deliver the product from the organization to the end consumer.
    • Marketing plays a key role throughout the value stream connecting consumers wants and needs to the product and services offered.
    • Relationships with consumers continue after the sale of a product and services.
    • Continued customer support and mining is important to revenue streams.

    Value streams connect business goals to the organization’s value realization activities in the marketplace. Those activities are dependent on the specific industry segment in which an organization operates.

    There are two types of value streams: core value streams and support value streams.

    • Core value streams are mostly externally facing. They deliver value to either an external or internal customer and they tie to the customer perspective of the strategy map.
    • Support value streams are internally facing and provide the foundational support for an organization to operate.

    An effective method for ensuring all value streams have been considered is to understand that there can be different end-value receivers.

    APQC Framework

    Help define your inventory of sales, marketing, and customer services processes.

    Operating Processes

    1. Develop Vision and Strategy
    2. Develop and Manage Products and Services
    3. Market and Sell Products and Services
    4. Deliver Physical Products
    5. Deliver Services

    Management and Support Processes

    1. Manage Customer Service
    2. Develop and Manage Human Capital
    3. Manage Information Technology (IT)
    4. Manage Financial Resources
    5. Acquire, Construct, and Manage Assets
    6. Manage Enterprise Risk, Compliance, Remediation, and Resiliency
    7. Manage External Relationships
    8. Develop and Manage Business Capabilities

    Source: APQC, 2020

    If you do not have a documented process model, you can use the APQC Framework to help define your inventory of sales business processes.

    APQC’s Process Classification Framework is a taxonomy of cross-functional business processes intended to allow the objective comparison of organizational performance within and among organizations.

    Go to this link

    Process mapping hierarchy

    This image includes explanations for the following PCF levels:  Level 1 - Category; Level 2 - Process Group; Level 3 - Process; Level 4 - Activity; Level 5 - Task

    APQC provides a process classification framework. It allows organizations to effectively define their processes and manage them appropriately.

    THE APQC PROCESS CLASSIFICATION FRAMEWORK (PCF)® was developed by non-profit APQC, a global resource for benchmarking and best practices, and its member companies as an open standard to facilitate improvement through process management and benchmarking, regardless of industry, size, or geography. The PCF organizes operating and management processes into 12 enterprise level categories, including process groups and over 1,000 processes and associated activities. To download the full PCF or industry-specific versions of the PCF as well as associated measures and benchmarking, visit www.apqc.org/pcf.

    Cross-industry classification framework

    Level 1 Level Level 3 Level 4

    Market and sell products and services

    Understand markets, customers, and capabilities Perform customer and market intelligence analysis Conduct customer and market research

    Market and sell products and services

    Develop sales strategy Develop sales forecast Gather current and historic order information

    Deliver services

    Manage service delivery resources Manage service delivery resource demand Develop baseline forecasts
    ? ? ? ?

    Info-Tech Insight

    Focus your initial assessment on the level 1 processes that matter to your organization. This allows you to target your scant resources on the areas of optimization that matter most to the organization and minimize the effort required from your business partners.

    You may need to iterate the assessment as challenges are identified. This allows you to be adaptive and deal with emerging issues more readily and become a more responsive partner to the business.

    1.4.2 List your key CRM processes

    1-3 hours

    1. Reflect on your organization’s CRM capabilities and processes.
    2. Refer to tab 4, “Process Importance,” in your Get the Most Out of Your CRM Workbook. You can use your own processes if you prefer. Consult tab 10. “Framework (Reference)” in the Workbook to explore additional capabilities.
    3. Use your CRM goals as a guide.

    Get the Most Out of Your CRM Workbook

    This is a screenshot from the APQC Cross-Industry Process Classification Framework, adapted to list key CRM processes

    *Adapted from the APQC Cross-Industry Process Classification Framework, 2019.

    Step 1.5

    Understand CRM Costs

    Activities

    1.5.1 List CRM-related costs (optional)

    Map Current-State Capabilities

    This step will walk you through the following activities:

    • Define your business capabilities
    • List your key CRM processes

    This step involves the following participants:

    • Finance Representatives
    • CRM Optimization Team

    Outcomes of this step

    • Current CRM and related operating costs

    1.5.1 List CRM-related costs (optional)

    3+ hours

    Before you can make changes and optimization decisions, you need to understand the high-level costs associated with your current application architecture. This activity will help you identify the types of technology and people costs associated with your current systems.

    1. Identify the types of technology costs associated with each current system:
      1. System Maintenance
      2. Annual Renewal
      3. Licensing
    2. Identify the cost of people associated with each current system:
      1. Full-Time Employees
      2. Application Support Staff
      3. Help Desk Tickets
    3. Use the Get the Most Out of Your CRM Workbook, tab “9. Costs (Optional),” to complete this exercise.

    This is a screenshot of an example of a table which lays out CRM and Associated Costs.

    Get the Most Out of Your CRM Workbook

    Phase 2

    Assess Your Current State

    • 2.1 Conduct a Gap Analysis for CRM Processes
    • 2.2 Assess User Satisfaction
    • 2.3 Review Your Satisfaction With the Vendor and Product

    Get the Most Out of Your CRM

    This phase will guide you through the following activities:

    • Determine process relevance
    • Perform a gap analysis
    • Perform a user satisfaction survey
    • Assess software and vendor satisfaction

    This phase involves the following participants:

    • CRM optimization team
    • Users across functional areas of your CRM and related technologies

    Step 2.1

    Conduct a Gap Analysis for CRM Processes

    Activities

    • 2.1.1 Determine process relevance
    • 2.1.2 Perform process gap analysis

    Assess Your Current State

    This step will walk you through the following activities:

    • Determine process relevance
    • Perform a gap analysis

    This step involves the following participants:

    • CRM optimization team

    Outcomes of this step

    • Gap analysis for CRM-related processes (current vs. desired state)

    2.1.1 Determine process relevance

    1-3 hours

    1. Open tab “4. Process Importance,” in the Get the Most Out of Your CRM Workbook.
    2. Rate each process for level of importance to your organization on the following scale:
      • Crucial
      • Important
      • Secondary
      • Unimportant
      • Not applicable

    This image contains a screenshot of tab 4 of the Get the most out of your CRM Workbook.

    Get the Most Out of Your CRM Workbook

    2.1.2 Perform process gap analysis

    1-3 hours

    1. Open tab “5. Process Assessment,” in the Get the Most Out of Your CRM Workbook.
    2. For each line item, identify your current state and your desired state on the following scale:
      • Not important
      • Poor
      • Moderate
      • Good
      • Excellent

    This is a screenshot of Tab 5 of the Get the Most Out of your CRM Workshop

    Get the Most Out of Your CRM Workbook

    Step 2.2

    Assess User Satisfaction

    Activities

    • 2.2.1 Prepare and complete a user satisfaction survey
    • 2.2.2 Enter user satisfaction

    Assess Your Current State

    This step will walk you through the following activities:

    • Preparation and completion of an application portfolio assessment (APA)
    • Entry of the user satisfaction scores into the workbook

    This step involves the following participants:

    • CRM optimization team
    • Users across functional areas of CRM and related technologies

    Outcomes of this step

    • Understanding of user satisfaction across applications and processes
    • Insight into CRM data quality

    Benefits of the Application Portfolio Assessment

    This is a screenshot of the application  Overview tab

    Assess the health of the application portfolio

    • Get a full 360-degree view of the effectiveness, criticality, and prevalence of all relevant applications to get a comprehensive view of the health of the applications portfolio.
    • Identify opportunities to drive more value from effective applications, retire nonessential applications, and immediately address at-risk applications that are not meeting expectations.

    This is a screenshot of the Finance Overview tab

    Provide targeted department feedback

    • Share end-user satisfaction and importance ratings for core IT services, IT communications, and business enablement to focus on the right end-user groups or lines of business, and ramp up satisfaction and productivity.

    This is a screenshot of the application  Overview tab

    Insight into the state of data quality

    • Data quality is one of the key issues causing poor CRM user satisfaction and business results. This can include the relevance, accuracy, timeliness, or usability of the organization’s data.
    • Targeted, open-ended feedback around data quality will provide insight into where optimization efforts should be focused.

    2.2.1 Prepare and complete a user satisfaction survey

    1 hour

    Option 1: Use Info-Tech’s Application Portfolio Assessment to generate your user satisfaction score. This tool not only measures application satisfaction but also elicits great feedback from users regarding support they receive from the IT team.

    1. Download the CRM Application Inventory Tool.
    2. Complete the “Demographics” tab (tab 2).
    3. Complete the “Inventory” tab (tab 3).
      1. Complete the inventory by treating each process within the organization as a separate row. Use the processes identified in the process gap analysis as a reference.
      2. Treat every department as a separate column in the department section. Feel free to add, remove, or modify department names to match your organization.
      3. Include data quality for all applications applicable.

    Option 2: Use the method of choice to elicit current user satisfaction for each of the processes identified as important to the organization.

    1. List processes identified as important (from the Get the Most Out of Your CRM Workbook, tab 4, “Process Importance”).
    2. Gather user contact information by department.
    3. Ask users to rate satisfaction: Extremely Satisfied, Satisfied, Neutral, Dissatisfied, and Extremely Dissatisfied (on Get the Most Out of Your CRM Workbook, tab 5. “Process Assessment”).

    This image contains a screenshot of the CRM Application Inventory Tool Tab

    Understand user satisfaction across capabilities and departments within your organization.

    Download the CRM Application Inventory Tool

    2.2.2 Enter user satisfaction

    20 minutes

    Using the results from the Application Portfolio Assessment or your own user survey:

    1. Open your Get the Most Out of Your CRM Workbook, tab “5. Process Assessment.”
    2. For each process, record up to three different department responses.
    3. Enter the answers to the survey for each line item using the drop-down options:
      • Extremely Satisfied
      • Satisfied
      • Neutral
      • Dissatisfied
      • Extremely Dissatisfied

    This is a screenshot of Tab 5 of the Get the most out of your CRM Workbook

    Understand user satisfaction across capabilities and departments within your organization.

    Get the Most Out of Your CRM Workbook

    Step 2.3

    Review Your Satisfaction With the Vendor and Product

    Activities

    2.3.1 Rate your vendor and product satisfaction

    2.3.2 Enter SoftwareReviews scores from your CRM Product Scorecard (optional)

    Assess Your Current State

    This step will walk you through the following activities:

    • Rate your vendor and product satisfaction
    • Compare with survey data from SoftwareReviews

    This step involves the following participants:

    • CRM Owner(s)
    • Procurement Representative
    • Vendor Contracts Manager

    Outcomes of this step

    • Quantified satisfaction with vendor and product

    Use a SoftwareReviews Product Scorecard to evaluate your satisfaction compared to other organizations.

    This is a screenshot of the SoftwareReviews Product Scorecard

    Source: SoftwareReviews, March 2019

    Where effective IT leaders spend their time

    This image contains two lists.  One list is where CIOs with  data-verified=80% satisfaction score, and the other list is CIOs with <80% satisfaction score.">

    Info-Tech Insight

    The data shows that effective IT leaders invest a significant amount of time (8%) on vendor management initiatives.

    Be proactive in managing you calendar and block time for these important tasks.

    CIOs who prioritize vendor management see improved results

    Analysis of CIOs’ calendars revealed that how CIOs spend their time has a correlation to both stakeholder IT satisfaction and CEO-CIO alignment.

    Those CIOs that prioritized vendor management were more likely to have a business satisfaction score greater than 80%.

    This image demonstrates that CIOs who spend time with the team members of their direct reports delegate management responsibilities to direct reports and spend less time micromanaging, and CIOs who spend time on vendor management align rapidly changing business needs with updated vendor offerings.

    2.3.1 Rate your vendor and product satisfaction

    30 minutes

    Use Info-Tech’s vendor satisfaction survey to identify optimization areas with your CRM product(s) and vendor(s).

    Option 1 (recommended): Conduct a satisfaction survey using SoftwareReviews. This option allows you to see your results in the context of the vendor landscape.

    Download the Get the Most Out of Your CRM Workbook

    Option 2: Use your Get the Most Out of Your CRM Workbook, tab “6. Vendor Optimization,” to review your satisfaction with your software.

    SoftwareReviews’ Customer Relationship Management

    This is a screenshot of tab 6 of the Get the most out of your CRM Workbook.

    2.3.2 Enter SoftwareReviews scores (optional)

    30 minutes

    1. Download the scorecard for your CRM product from the SoftwareReviews website. (Note: Not all products are represented or have sufficient data, so a scorecard may not be available.)
    2. Use your Get the Most Out of Your CRM Workbook, tab “6. Vendor Optimization,” to record the scorecard results.
    3. Use your Get the Most Out of Your CRM Workbook, tab “6. Vendor Optimization,” to flag areas where your score may be lower than the product scorecard. Brainstorm ideas for optimization.

    Download the Get the Most Out of Your CRM Workbook

    SoftwareReviews’ Customer Relationship Management

    This is a screenshot of the optional vendor optimization scorecard

    Phase 3

    Build Your Optimization Roadmap

    • 3.1 Identify Key Optimization Areas
    • 3.2 Compile Optimization Assessment Results

    Get the Most Out of Your CRM

    This phase will walk you through the following activities:

    • Identify key optimization areas
    • Create an optimization roadmap

    This phase involves the following participants:

    • CRM Optimization Team

    Build your optimization roadmap

    Address process gaps

    • CRM and related technologies are invaluable to sales, marketing, and customer service enablement, but they must have supported processes driven by business goals.
    • Identify areas where capabilities need to be improved and work towards.

    Support user satisfaction

    • The best technology in the world won’t deliver business results if it is not working for the users who need it.
    • Understand concerns, communicate improvements, and support users in all roles.

    Improve data quality

    • Data quality is unique to each business unit and requires tolerance, not perfection.
    • Implement a set of data quality initiatives that are aligned with overall business objectives and aimed at addressing data practices and the data itself.

    Proactively manage vendors

    • Vendor management is a critical component of technology enablement and IT satisfaction.
    • Assess your current satisfaction against those of your peers and work towards building a process that is best fit for your organization.

    Info-Tech Insight

    Enabling a high-performing, customer-centric sales, marketing, and customer service operations program requires excellent management practices and continuous optimization efforts.

    Technology portfolio and architecture is important, but we must go deeper. Taking a holistic view of CRM technologies in the environments in which they operate allows for the inclusion of people and process improvements – this is key to maximizing business results.

    Using a formal CRM optimization initiative will drive business-IT alignment, identify IT automation priorities, and dig deep into continuous process improvement.

    Step 3.1

    Identify Key Optimization Areas

    Activities

    • 3.1.1 Explore process gaps
    • 3.1.2 Analyze user satisfaction
    • 3.1.3 Assess data quality
    • 3.1.4 Analyze product satisfaction and vendor management

    Build Your Optimization Roadmap

    This step will guide you through the following activities:

    • Explore existing process gaps
    • Identify the impact of processes on user satisfaction
    • Identify the impact of data quality on user satisfaction
    • Review your overall product satisfaction and vendor management

    This step involves the following participants:

    • CRM Optimization Team

    Outcomes of this step

    • Application optimization plan

    3.1.1 Explore process gaps

    1 hour

    1. Review the compiled CRM Process Assessment in the Get the Most Out of Your CRM Workbook, tab “7. Process Prioritization.”
    2. These are processes you should prioritize.
    • The activities in the rest of Step 3.1 help you create optimization strategies for the different areas of improvement these processes relate to: user satisfaction, data quality, product satisfaction, and vendor management.
  • Consolidate your optimization strategies in the Get the Most Out of Your CRM Workbook, tab “8. Optimization Roadmap.” (See next slide for screenshot.)
  • This image consists of the CRM Process Importance Rankings

    Get the Most Out of Your CRM Workbook

    Plan your product optimization strategy for each area of improvement

    This is a screenshot from the Get the most out of your CRM Workbook, with the Areas of Improvement column  highlighted in a red box.

    3.1.2 Analyze user satisfaction

    1 hour

    1. Use the APA survey results from activity 2.2.1 (or your own internal survey) to identify areas where the organization is performing low in user satisfaction across the CRM portfolio.
      1. Understand application portfolio and IT service satisfaction.
      2. Identify cost savings opportunities from unused or unimportant apps.
      3. Build a roadmap for improving user IT services.
      4. Manage needs by department and seniority.
    2. Consolidate your optimization strategies in the Get the Most Out of Your CRM Workbook, tab “8. Optimization Roadmap.” (See next slide for screenshot.)

    this is an image of the Business & IT Communications Overview Tab from the Get the Most Out of Your CRM Workbook

    Get the Most Out of Your CRM Workbook

    Plan your user satisfaction optimization strategy

    This is a screenshot from the Get the most out of your CRM Workbook, with the Optimization Strategies column  highlighted in a red box.

    Next steps in improving your data quality

    Data Quality Management Effective Data Governance Data-Centric Integration Strategy Extensible Data Warehousing
    • Prevention is ten times cheaper than remediation. Stop fixing data quality with band-aid solutions and start fixing it by healing it at the source of the problem.
    • Data governance enables data-driven insight. Think of governance as a structure for making better use of data.
    • Every enterprise application involves data integration. Any change in the application and database ecosystem requires you to solve a data integration problem.
    • A data warehouse is a project; but successful data warehousing is a program. An effective data warehouse requires planning beyond the technology implementation.
    • Data quality is unique to each business unit and requires tolerance, not perfection. If the data allows the business to operate at the desired level, don’t waste time fixing data that may not need to be fixed.
    • Collaboration is critical. The business may own the data, but IT understands the data. Data governance will not work unless the business and IT work together.
    • Data integration is becoming more and more critical for downstream functions of data management and for business operations to be successful. Poor integration holds back these critical functions.
    • Governance, not technology, needs to be the core support system for enabling a data warehouse program.
    • Implement a set of data quality initiatives that are aligned with overall business objectives and aimed at addressing data practices and the data itself.
    • Data governance powers the organization up the data value chain through policies and procedures, master data management, data quality, and data architecture.
    • Build your data integration practice with a firm foundation in governance and reference architecture. Ensure your process is scalable and sustainable.
    • Leverage an approach that focuses on constructing a data warehouse foundation that can address a combination of operational, tactical, and ad hoc business needs.
    • Develop a prioritized data quality improvement project roadmap and long-term improvement strategy.
    • Create a roadmap to prioritize initiatives and delineate responsibilities among data stewards, data owners, and members of the data governance steering committee.
    • Support the flow of data through the organization and meet the organization’s requirements for data latency, availability, and relevancy.
    • Invest time and effort to put together pre-project governance to inform and provide guidance to your data warehouse implementation.
    • Build related practices with more confidence and less risk after achieving an appropriate level of data quality.
    • Ensure buy-in from the business and IT stakeholders. Communicate initiatives to end users and executives to reduce resistance.
    • Data availability must be frequently reviewed and repositioned to continue to grow with the business.
    • Select the most suitable architecture pattern to ensure the data warehouse is “built right” at the very beginning.

    Build Your Data Quality Program

    Establish Data Governance

    Build a Data Integration Strategy

    Build an Extensible Data Warehouse Foundation

    3.1.3 Assess data quality

    1 hour

    1. Use your APA survey results (if available) to identify areas where the organization is performing low in data quality initiatives. Common areas for improvement include:
      • Overall data quality management
      • Effective data governance
      • Poor data integration
      • The need to implement extensible data warehousing
    2. Consolidate your optimization strategies in the Get the Most Out of Your CRM Workbook, tab “8. Optimization Roadmap.” (See next slide for screenshot.)

    This is an image of the Business & IT Communications Overview tab from the Get the most out of your CRM Workbook

    Get the Most Out of Your CRM Workbook

    Plan your data quality optimization strategy

    This is a screenshot from the Get the most out of your CRM Workbook, with the Optimization Strategies column  highlighted in a red box.

    Use Info-Tech’s vendor management initiative (VMI)

    Create a right-size, right-fit strategy for managing the vendors relevant to your organization.

    A crowd chart is depicted, with quadrants for strategic value, and Vendor spend/switching cost.

    Info-Tech Insight

    A VMI is a formalized process within an organization, responsible for evaluating, selecting, managing, and optimizing third-party providers of goods and services.

    The amount of resources you assign to managing vendors depends on the number and value of your organization’s relationships. Before optimizing your vendor management program around the best practices presented in this blueprint, assess your current maturity and build the process around a model that reflects the needs of your organization.

    Info-Tech uses VMI interchangeably with the terms “vendor management office (VMO),” “vendor management function,” “vendor management process,” and “vendor management program.”

    Jump Start Your Vendor Management Initiative

    3.1.4 Analyze product satisfaction and vendor management

    1 hour

    1. Use the Get the Most Out of Your CRM Workbook, tab “6. Vendor Optimization.”
    2. Download the SoftwareReviews Vendor Scorecard.
    3. Using the scorecards, compare your results with those of your peers.
    4. Consolidate areas of improvement and optimization strategies in the Get the Most Out of Your CRM Workbook, tab “8. Optimization Roadmap.” (See next slide for screenshot.)

    See previous slide for help around implementing a vendor management initiative.

    This is a screenshot from the Get the most out of your CRM Workbook, with the Areas for Optimization column  highlighted in a red box.

    Get the Most Out of Your CRM Workbook

    Plan your vendor management optimization strategy

    This is a screenshot from the Get the most out of your CRM Workbook, with the Optimization Strategies column  highlighted in a red box.

    Step 3.2

    Compile Optimization Assessment Results

    Activities

    • 3.2.1 Identify key optimization areas

    Build Your Optimization Roadmap

    This step will guide you through the following activities:

    • Use your work from previous activities and prioritization to build your list of optimization activities and lay them out on a roadmap

    This step involves the following participants:

    • CRM Optimization Team

    Outcomes of this step

    • Application optimization plan

    3.2.1 Identify key optimization areas

    1-3 hours

    Before you can make changes and optimization decisions, you need to understand the high-level costs associated with your current application architecture. This activity will help you identify the types of technology and people costs associated with your current systems.

    1. Consolidate your findings and identify optimization priorities (Step 3.1).
    2. Prioritize those most critical to the organization, easiest to change, and whose impact will be highest.
    3. Use the information gathered from exercise 1.5.1 on Get the Most Out of Your CRM Workbook, tab “9. Costs (Optional).”
    4. These costs could affect the priority or timeline of the initiatives. Consolidate your thoughts on your Get the Most Out of Your CRM Workbook, tab 8, “Optimization Roadmap.” Note: There is no column specific to costs on tab 8.

    This is meant as a high-level roadmap. For formal, ongoing optimization project management, refer to “Build a Better Backlog” (Phase 2 of the Info-Tech blueprint Deliver on Your Digital Product Vision).

    This is a screenshot from the Get the most out of your CRM Workbook, with the Priority; Owner; and Timeline columns highlighted in a red box.

    Next steps: Manage your technical debt

    Use a holistic assessment of the “interest” paid on technical debt to quantify and prioritize risk and enable the business make better decisions.

    • Technical debt is an IT risk, which in turn is a category of business risk.
    • The business must decide how to manage business risk.
    • At the same time, business decision makers may not be aware of technical debt or be able to translate technical challenges into business risk. IT must help the business make decisions around IT risk by describing the risk of technical debt in business terms and by outlining the options available to address risk.
    • Measure the ongoing business impact (the “interest” paid on technical debt) to establish the business risk of technical debt. Consider a range of possible impacts including direct costs, lost goodwill, lost flexibility and resilience, and health, safety, and compliance impacts.
    • When weighing these impacts, the business may choose to accept the risk of technical debt if the cost of addressing the debt outweighs the benefit. But it’s critically important that the business accepts that risk – not IT.

    Manage Your Technical Debt

    Take it a step further…

    Deliver on Your Digital Product Vision

    Phase 2: Build a Better Product Backlog

    Build a structure for your backlog that supports your product vision.

    Deliver on Your Digital Product Vision

    Build a better backlog

    An ongoing CRM optimization effort is best facilitated through a continuous Agile process. Use info-Tech’s developed tools to build out your backlog.

    The key to a better backlog is a common structure and guiding principles that product owners and product teams can align to.

    Info-Tech Insight

    Exceptional customer value begins with a clearly defined backlog focused on items that will create the greatest human and business benefits.

    Activity Participants

    Backlog Activity

    Quality Filter

    Product Manager

    Product Owner

    Dev Team

    Scrum Master

    Business

    Architects

    Sprint

    Sprint Planning

    “Accepted”

    Ready

    Refine

    “Ready”

    Qualified

    Analysis

    “Qualified”

    Ideas

    Intake

    “Backlogged”

    A product owner and the product backlog are critical to realize the benefits of Agile development

    A product owner is accountable for defining and prioritizing the work that will be of the greatest value to the organization and its customers. The backlog is the key to facilitating this process and accomplishing the most fundamental goals of delivery.

    For more information on the role of a product owner, see Build a Better Product Owner.

    Highly effective Agile teams spend 28% of their time on product backlog management and roadmapping (Quantitative Software Management, 2015).

    1. Manage Stakeholders

    • Stakeholders need to be kept up to speed on what the future holds for a product, or at least they should be heard. This task falls to the product owner.

    2. Inform and Protect the Team

    • The product owner is a servant leader of the team. They need to protect the team from all the noise and give them the time they need to focus on what they do best: develop.

    3. Maximize Value to the Product

    • Sifting through all of these voices and determining what is valuable, or what is most valuable, falls to the product owner.

    A backlog stores and organizes PBIs at various stages of readiness.

    Your backlog must give you a holistic understanding of demand for change in the product

    A well-formed backlog can be thought of as a DEEP backlog:

    Detailed Appropriately: PBIs are broken down and refined as necessary.

    Emergent: The backlog grows and evolves over time as PBIs are added and removed.

    Estimated: The effort a PBI requires is estimated at each tier.

    Prioritized: The PBI’s value and priority are determined at each tier.

    Ideas; Qualified; Ready

    3 - IDEAS

    Composed of raw, vague, and potentially large ideas that have yet to go through any formal valuation.

    2 - QUALIFIED

    Researched and qualified PBIs awaiting refinement.

    1 - READY

    Discrete, refined PBIs that are ready to be placed in your development teams’ sprint plans.

    Summary of Accomplishment

    Get the Most Out of Your CRM

    CRM technology is critical to facilitate an organization’s relationships with customers, service users, employees, and suppliers. CRM implementation should not be a one-and-done exercise. There needs to be an ongoing optimization to enable business processes and optimal organizational results.

    Get the Most Out of Your CRM allows organizations to proactively implement continuous assessment and optimization of a customer relationship management system. This includes:

    • Alignment and prioritization of key business and technology drivers
    • Identification of CRM processes including classification and gap analysis
    • Measurement of user satisfaction across key departments
    • Improved vendor relations
    • Data quality initiatives

    This formal CRM optimization initiative will drive business-IT alignment, identify IT automation priorities, and dig deep into continuous process-improvement.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

    Contact your account representative for more information

    workshops@infotech.com
    1-866-670-8889

    Research Contributors

    Ben Dickie

    Ben Dickie
    Research Practice Lead
    Info-Tech Research Group

    Ben Dickie is a Research Practice Lead at Info-Tech Research Group. His areas of expertise include customer experience management, CRM platforms, and digital marketing. He has also led projects pertaining to enterprise collaboration and unified communications.

    Scott Bickley

    Scott Bickley
    Practice Lead & Principal Research Director
    Info-Tech Research Group

    Scott Bickley is a Practice Lead & Principal Research Director at Info-Tech Research Group focused on vendor management and contract review. He also has experience in the areas of IT asset management (ITAM), software asset management (SAM), and technology procurement, along with a deep background in operations, engineering, and quality systems management.

    Andy Neil

    Andy Neil
    Practice Lead, Applications
    Info-Tech Research Group

    Andy is Senior Research Director, Data Management and BI, at Info-Tech Research Group. He has over 15 years of experience in managing technical teams, information architecture, data modeling, and enterprise data strategy. He is an expert in enterprise data architecture, data integration, data standards, data strategy, big data, and the development of industry-standard data models.

    Bibliography

    Armel, Kate. “Data-driven Estimation, Management Lead to High Quality.” Quantitative Software Management Inc. 2015. Web.

    Chappuis, Bertil, and Brian Selby. “Looking beyond Technology to Drive Sales Operations.” McKinsey & Company, 24 June 2016. Web.

    Cross-Industry Process Classification Framework (PCF) Version 7.2.1. APQC, 26 Sept. 2019. Web.

    Fleming, John, and Hater, James. “The Next Discipline: Applying Behavioral Economics to Drive Growth and Profitability.” Gallup, 22 Sept. 2012. Accessed 6 Oct. 2020.

    Hinchcliffe, Dion. “The evolving role of the CIO and CMO in customer experience.” ZDNet, 22 Jan. 2020. Web.

    Karlsson, Johan. “Backlog Grooming: Must-Know Tips for High-Value Products.” Perforce. 18 May 2018. Web. Feb. 2019.

    Klie, L. “CRM Still Faces Challenges, Most Speakers Agree: CRM systems have been around for decades, but interoperability and data siloes still have to be overcome.” CRM Magazine, vol. 23, no. 5, 2019, pp. 13-14.

    Kumar, Sanjib, et al. “Improvement of CRM Using Data Mining: A Case Study at Corporate Telecom Sector.” International Journal of Computer Applications, vol. 178, no. 53, 2019, pp. 12-20, doi:10.5120/ijca2019919413.

    Morgan, Blake. “50 Stats That Prove The Value Of Customer Experience.” Forbes, 24 Sept. 2019. Web.

    Norelus, Ernese, et al. “An Approach to Application Modernization: Discovery and Assessment Phase.” IBM Garage, Medium, 24 Feb 2020. Accessed 4 Mar. 2020.

    “Process Frameworks.” APQC, 4 Nov. 2020. Web.

    “Process vs. Capability: Understanding the Difference.” APCQ, 2017. Web.

    Rubin, Kenneth S. "Essential Scrum: A Practical Guide to the Most Popular Agile Process." Pearson Education, 2012.

    Savolainen, Juha, et al. “Transitioning from Product Line Requirements to Product Line Architecture.” 29th Annual International Computer Software and Applications Conference (COMPSAC'05), IEEE, vol. 1, 2005, pp. 186-195, doi: 10.1109/COMPSAC.2005.160

    Smith, Anthony. “How To Create A Customer-Obsessed Company Like Netflix.” Forbes, 12 Dec. 2017. Web.

    “SOA Reference Architecture – Capabilities and the SOA RA.” The Open Group, TOGAF. Web.

    Taber, David. “What to Do When Your CRM Project Fails.” CIO Magazine, 18 Sept. 2017. Web.

    “Taudata Case Study.” Maximizer CRM Software, 17 Jan. 2020. Web.

    Build a Data Architecture Roadmap

    • Buy Link or Shortcode: {j2store}124|cart{/j2store}
    • member rating overall impact (scale of 10): 8.8/10 Overall Impact
    • member rating average dollars saved: $8,846 Average $ Saved
    • member rating average days saved: 23 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Data architecture involves many moving pieces requiring coordination to provide greatest value from data.
    • Data architects are at the center of this turmoil and must be able to translate high-level business requirements into specific instructions for data workers using complex data models.
    • Data architects must account for the constantly growing data and application complexity, more demanding needs from the business, an ever-increasing number of data sources, and a growing need to integrate components to ensure that performance isn’t compromised.

    Our Advice

    Critical Insight

    • Data architecture needs to evolve with the changing business landscape. There are four common business drivers that put most pressure on archaic architectures. As a result, the organization’s architecture must be flexible and responsive to changing business needs.
    • Data architecture is not just about models. Viewing data architecture as just technical data modeling can lead to structurally unsound data that does not serve the business.
    • Data is used differently across the layers of an organization’s data architecture, and the capabilities needed to optimize use of data change with it. Architecting and managing data from source to warehousing to presentation requires different tactics for optimal use.

    Impact and Result

    • Have a framework in place to identify the appropriate solution for the challenge at hand. Our three-phase practical approach will help you build a custom and modernized data architecture.
      • Identify and prioritize the business drivers in which data architecture changes would create the largest overall benefit, and determine the corresponding data architecture tiers that need to be addressed.
      • Discover the best-practice trends, measure your current state, and define the targets for your data architecture tactics.
      • Build a cohesive and personalized roadmap for restructuring your data architecture. Manage your decisions and resulting changes.

    Build a Data Architecture Roadmap Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why your organization should optimize its data architecture as it evolves with the drivers of the business to get the most from its data.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prioritize your data architecture with business-driven tactics

    Identify the business drivers that necessitate data architecture improvements, then create a tactical plan for optimization.

    • Build a Business-Aligned Data Architecture Optimization Strategy – Phase 1: Prioritize Your Data Architecture With Business-Driven Tactics
    • Data Architecture Driver Pattern Identification Tool
    • Data Architecture Optimization Template

    2. Personalize your tactics to optimize your data architecture

    Analyze how you stack up to Info-Tech’s data architecture capability model to uncover your tactical plan, and discover groundbreaking data architecture trends and how you can fit them into your action plan.

    • Build a Business-Aligned Data Architecture Optimization Strategy – Phase 2: Personalize Your Tactics to Optimize Your Data Architecture
    • Data Architecture Tactical Roadmap Tool
    • Data Architecture Trends Presentation

    3. Create your tactical data architecture roadmap

    Optimize your data architecture by following tactical initiatives and managing the resulting change brought on by those optimization activities.

    • Build a Business-Aligned Data Architecture Optimization Strategy – Phase 3: Create Your Tactical Data Architecture Roadmap
    • Data Architecture Decision Template
    [infographic]

    Workshop: Build a Data Architecture Roadmap

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify the Drivers of the Business for Optimizing Data Architecture

    The Purpose

    Explain approach and value proposition.

    Review the common business drivers and how the organization is driving a need to optimize data architecture.

    Understand Info-Tech’s five-tier data architecture model.

    Determine the pattern of tactics that apply to the organization for optimization.

    Key Benefits Achieved

    Understanding of the current data architecture landscape.

    Priorities for tactical initiatives in the data architecture practice are identified.

    Target state for the data quality practice is defined.

    Activities

    1.1 Explain approach and value proposition.

    1.2 Review the common business drivers and how the organization is driving a need to optimize data architecture.

    1.3 Understand Info-Tech’s five-tier data architecture model.

    1.4 Determine the pattern of tactics that apply to the organization for optimization.

    Outputs

    Five-tier logical data architecture model

    Data architecture tactic plan

    2 Determine Your Tactics For Optimizing Data Architecture

    The Purpose

    Define improvement initiatives.

    Define a data architecture improvement strategy and roadmap.

    Key Benefits Achieved

    Gaps, inefficiencies, and opportunities in the data architecture practice are identified.

    Activities

    2.1 Create business unit prioritization roadmap.

    2.2 Develop subject area project scope.

    2.3 Subject area 1: data lineage analysis, root cause analysis, impact assessment, business analysis

    Outputs

    Business unit prioritization roadmap

    Subject area scope

    Data lineage diagram

    3 Create a Strategy for Data Quality Project 2

    The Purpose

    Define improvement initiatives.

    Define a data quality improvement strategy and roadmap.

    Key Benefits Achieved

    Improvement initiatives are defined.

    Improvement initiatives are evaluated and prioritized to develop an improvement strategy.

    A roadmap is defined to depict when and how to tackle the improvement initiatives.

    Activities

    3.1 Create business unit prioritization roadmap.

    3.2 Develop subject area project scope.

    3.3 Subject area 1: data lineage analysis, root cause analysis, impact assessment, business analysis.

    Outputs

    Business unit prioritization roadmap

    Subject area scope

    Data lineage diagram

    Further reading

    Build a Data Architecture Roadmap

    Optimizing data architecture requires a plan, not just a data model.

    ANALYST PERSPECTIVE

    Integral to an insight-driven enterprise is a modern and business-driven data environment.

    “As business and data landscapes change, an organization’s data architecture needs to be able to keep pace with these changes. It needs to be responsive so as to not only ensure the organization continues to operate efficiently but that it supports the overall strategic direction of the organization.

    In the dynamic marketplace of today, organizations are constantly juggling disruptive forces and are finding the need to be more proactive rather than reactive. As such, organizations are finding their data to be a source of competitive advantage where the data architecture has to be able to not only support the increasing amount, sources, and rate at which organizations are capturing and collecting data but also be able to meet and deliver on changing business needs.

    Data architecture optimization should, therefore, aid in breaking down data silos and creating a more shared and all-encompassing data environment for better empowering the business.” (Crystal Singh, Director, Research, Data and Information Practice, Info-Tech Research Group)

    Our understanding of the problem

    This Research Is Designed For:
    • Data architects or their equivalent, looking to optimize and improve the efficiency of the capture, movement and storage of data for a variety of business drivers.
    • Enterprise architects looking to improve the backbone of the holistic approach of their organization’s structure.
    This Research Will Help You:
    • Identify the business drivers that are impacted and improved by best-practice data architecture.
    • Optimize your data architecture using tactical practices to address the pressing issues of the business to drive modernization.
    • Align the organization’s data architecture with the grander enterprise architecture.
    This Research Will Also Assist:
    • CIOs concerned with costs, benefits, and the overall structure of their organizations data flow.
    • Database administrators tasked with overseeing crucial elements of the data architecture.
    This Research Will Help Them:
    • Get a handle on the current situation of data within the organization.
    • Understand how data architecture affects the operations of the data sources within the enterprise.

    Executive summary

    Situation

    • The data architecture of a modern organization involves many moving pieces requiring coordination to provide greatest value from data.
    • Data architects are at the center of this turmoil and must be able to translate high-level business requirements into specific instructions for data workers using complex data models.

    Complication

    • Data architects must account for the constantly growing data and application complexity, and more demanding needs from the business.
    • There is an ever-increasing number of data sources and a growing need to integrate components to ensure that performance isn’t compromised.
    • There isn’t always a clearly defined data architect role, yet the responsibilities must be filled to get maximum value from data.

    Resolution

    • To deal with these challenges, a data architect must have a framework in place to identify the appropriate solution for the challenge at hand.
      • Identify and prioritize the business drivers in which data architecture changes would create the largest overall benefit, and determine the corresponding data architecture tiers that need to be addressed to customize your solution.
      • Discover the best practice trends, measure your current state, and define the targets for your data architecture tactics.
      • Build a cohesive and personalized roadmap for restructuring your data architecture. Manage your decisions and resulting changes.

    Info-Tech Insight

    1. Data architecture is not just about models. Viewing data architecture as just technical data modeling can lead to a data environment that does not aptly serve or support the business. Identify the priorities of your business and adapt your data architecture to those needs.
    2. Changes to data architecture are typically driven by four common business driver patterns. Use these as a shortcut to understand how to evolve your data architecture.
    3. Data is used differently across the layers of an organization’s data architecture; therefore, the capabilities needed to optimize the use of data change with it. Architecting and managing data from source to warehousing to presentation requires different tactics for optimal use.

    Your data is the foundation of your organization’s knowledge and ability to make decisions

    Data should be at the foundation of your organization’s evolution.

    The transformational insights that executives are constantly seeking to leverage can be uncovered with a data practice that makes high quality, trustworthy information readily available to the business users who need it.

    50% Organizations that embrace data are 50% more likely to launch products and services ahead of their competitors. (Nesta, 2016)

    Whether hoping to gain a better understanding of your business or trying to become an innovator in your industry, any organization can get value from its data regardless of where you are in your journey to becoming a data-driven enterprise:

    Business Monitoring
    • Data reporting
    • Uncover inefficiencies
    • Monitor progress
    • Track inventory levels
    Business Insights
    • Data analytics
    • Expose patterns
    • Predict future trends
    Business Optimization
    • Data-based apps
    • Build apps to automate actions based on insights
    Business Transformation
    • Monetary value of data
    • Create new revenue streams
    (Journey to Data Driven Enterprise, 2015)

    As organizations seek to become more data driven, it is imperative to better manage data for its effective use

    Here comes the zettabyte era.

    A zettabyte is a billion terabytes. Organizations today need to measure their data size in zettabytes, a challenge that is only compounded by the speed at which the data is expected to move.

    Arriving at the understanding that data can be the driving force of your organization is just the first step. The reality is that the true hurdles to overcome are in facing the challenges of today’s data landscape.

    Challenges of The Modern Data Landscape
    Data at rest Data movement
    Greater amounts Different types Uncertain quality Faster rates Higher complexity

    “The data environment is very chaotic nowadays. Legacy applications, data sprawl – organizations are grappling with what their data landscape looks like. Where are our data assets that we need to use?” (Andrew Johnston, Independent Consultant)

    Solution

    Well-defined and structured data management practices are the best way to mitigate the limitations that derive from these challenges and leverage the most possible value from your data.

    Refer to Info-Tech’s capstone Create a Plan For Establishing a Business-Aligned Data Management Practice blueprint to understand data quality in the context of data disciplines and methods for improving your data management capabilities.

    Data architecture is an integral aspect of data management

    Data Architecture

    The set of rules, policies, standards, and models that govern and define the type of data collected and how it is used, stored, managed, and integrated within the organization and its database systems.

    In general, the primary objective of data architecture is the standardization of data for the benefit of the organization.

    54% of leading “analytics-driven” enterprises site data architecture as a required skill for data analytics initiatives. (Maynard 2015)

    MYTH

    Data architecture is purely a model of the technical requirements of your data systems.

    REALITY

    Data architecture is largely dependent on a human element. It can be viewed as “the bridge between defining strategy and its implementation”. (Erwin 2016)

    Functions

    A strong data architecture should:

    • Define, visualize, and communicate data strategy to various stakeholders.
    • Craft a data delivery environment.
    • Ensure high data quality.
    • Provide a roadmap for continuous improvement.

    Business value

    A strong data architecture will help you:

    • Align data processes with business strategy and the overall holistic enterprise architecture.
    • Enable efficient flow of data with a stronger focus on quality and accessibility.
    • Reduce the total cost of data ownership.

    Data architects must maintain a comprehensive view of the organization’s rapidly proliferating data

    The data architect:
    • Acts as a “translator” between the business and data workers to communicate data and technology requirements.
    • Facilitates the creation of the data strategy.
    • Manages the enterprise data model.
    • Has a greater knowledge of operational and analytical data use cases.
    • Recommends data management policies and standards, and maintains data management artifacts.
    • Reviews project solution architectures and identifies cross impacts across the data lifecycle.
    • Is a hands-on expert in data management and warehousing technologies.
    • Is not necessarily it’s own designated position, but a role that can be completed by a variety of IT professionals.

    Data architects bridge the gap between strategic and technical requirements:

    Visualization centering the 'Data Architect' as the bridge between 'Data Workers', 'Business', and 'Data & Applications'.

    “Fundamentally, the role of a data architect is to understand the data in an organization at a reasonable level of abstraction.” (Andrew Johnston, Independent Consultant)

    Many are experiencing the pains of poor data architecture, but leading organizations are proactively tackling these issues

    Outdated and archaic systems and processes limit the ability to access data in a timely and efficient manner, ultimately diminishing the value your data should bring.

    59%

    of firms believe their legacy storage systems require too much processing to meet today’s business needs. (Attivio, Survey Big Data decision Makers, 2016)

    48%

    of companies experience pains from being reliant on “manual methods and trial and error when preparing data.” (Attivio, Survey Big Data decision Makers, 2016)

    44%
    +
    22%

    44% of firms said preparing data was their top hurdle for analytics, with 22% citing problems in accessing data. (Data Virtualization blog, Data Movement Killed the BI Star, 2016)

    Intuitive organizations who have recognized these shortcomings have already begun the transition to modernized and optimized systems and processes.

    28%

    of survey respondents say they plan to replace “data management and architecture because it cannot handle the requirements of big data.” (Informatica, Digital Transformation: Is Your Data Management Ready, 2016)

    50%

    Of enterprises plan to replace their data warehouse systems and analytical tools in the next few years. (TDWI, End of the Data Warehouse as we know it, 2017)

    Leading organizations are attacking data architecture problems … you will be left behind if you do not start now!

    Once on your path to redesigning your data architecture, neglecting the strategic elements may leave you ineffective

    Focusing on only data models without the required data architecture guidance can cause harmful symptoms in your IT department, which will lead to organization-wide problems.

    IT Symptoms Due to Ineffective Data Architecture

    Poor Data Quality

    • Inconsistent, duplicate, missing, incomplete, incorrect, unstandardized, out of date, and mistake-riddled data can plague your systems.

    Poor Accessibility

    • Delays in accessing data.
    • Limits on who can access data.
    • Limited access to data remotely.

    Strategic Disconnect

    • Disconnect between owner and consumer of data.
    • Solutions address narrow scope problems.
    • System barriers between departments.
    Leads to Poor Organizational Conditions

    Inaccurate Insights

    • Inconsistent and/or erroneous operational and management reports.
    • Ineffective cross-departmental use of analytics.

    Ineffective Decision Making

    • Slow flow of information to executive decision makers.
    • Inconsistent interpretation of data or reports.

    Inefficient Operations

    • Limits to automated functionality.
    • Increased divisions within organization.
    • Regulatory compliance violations.
    You need a solution that will prevent the pains.

    Follow Info-Tech’s methodology to optimize data architecture to meet the business needs

    The following is a summary of Info-Tech’s methodology:

    1

    1. Prioritize your core business objectives and identify your business driver.
    2. Learn how business drivers apply to specific tiers of Info-Tech’s five-tier data architecture model.
    3. Determine the appropriate tactical pattern that addresses your most important requirements.
    Visualization of the process described on the left: Business drivers applying to Info-Tech's five-tier data architecture, then determining tactical patterns, and eventually setting targets of your desired optimized state.

    2

    1. Select the areas of the five-tier architecture to focus on.
    2. Measure current state.
    3. Set the targets of your desired optimized state.

    3

    1. Roadmap your tactics.
    2. Manage and communicate change.
    A roadmap leading to communication.

    Info-Tech will get you to your optimized state faster by focusing on the important business issues

    First Things First

    1. Info-Tech’s methodology helps you to prioritize and establish the core strategic objectives behind your goal of modernizing data architecture. This will narrow your focus to the appropriate areas of your current data systems and processes that require the most attention.

    Info-Tech has identified these four common drivers that lead to the need to optimize your data architecture.

    • Becoming More Data Driven
    • Regulations and Compliance
    • Mergers and Acquisitions
    • New Functionality or Business Rule

    These different core objectives underline the motivation to optimize data architecture, and will determine your overall approach.

    Use the five-tier architecture to provide a consumable view of your data architecture

    Every organization’s data system requires a unique design and an assortment of applications and storage units to fit their business needs. Therefore, it is difficult to paint a picture of an ideal model that has universal applications. However, when data architecture is broken down in terms of layers or tiers, there exists a general structure that is seen in all data systems.

    Info-Tech's Five Tier Data Architecture. The five tiers being 'Sources' which includes 'Apps', 'Excel and other documents', and 'Access database(s)'; 'Integration and Translation' the 'Movement and transformation of data'; 'Warehousing' which includes 'Data Lakes & Warehouse(s) (Raw Data)'; 'Analytics' which includes 'Data Marts', 'Data Cube', 'Flat Files', and 'BI Tools'; and 'Presentation' which includes 'Reports' and 'Dashboards'.

    Thinking of your data systems and processes in this framework will allow you to see how different elements of the architecture relate to specific business operations.

    1. This blueprint will demonstrate how the business driver behind your redesign requires you to address specific layers of the five-tier data architecture.
    1. Once you’ve aligned your business driver to the appropriate data tiers, this blueprint will provide you with the best practice tactics you should apply to achieve an optimized data architecture.

    Use the five-tier architecture to prioritize tactics to improve your data architecture in line with your pattern

    Info-Tech’s Data Architecture Capability Model
    Info-Tech’s Data Architecture Capability Model featuring the five-tier architecture listing 'Core Capabilities' and 'Advanced Capabilities' within each tier, and a list of 'Cross Capabilities' which apply to all tiers.
    1. Based on your business driver, the relevant data tiers, and your organization’s own specific requirements you will need to establish the appropriate data architecture capabilities.
    2. This blueprint will help you measure how you are currently performing in these capabilities…
    3. And help you define and set targets so you can reach your optimized state.
    1. Once completed, these steps will be provided with the information you will need to create a comprehensive roadmap.
    2. Lastly, this blueprint will provide you with the tools to communicate this plan across your organization and offer change management guidelines to ensure successful adoption.
    Info-Tech Insight

    Optimizing data architecture requires a tactical approach, not a passive approach.

    The demanding task of optimization requires the ability to heavily prioritize. After you have identified why, determine how using our pre-built roadmap to address the four common drivers.

    Do not forget: data architecture is not a standalone concept; it fits into the more holistic design of enterprise architecture

    Data Architecture in Alignment

    Data architecture can not be designed to simply address the focus of data specialists or even the IT department.

    It must act as a key component in the all encompassing enterprise architecture and reflect the strategy and design of the entire business.

    Data architecture collaborates with application architecture in the delivery of effective information systems, and informs technology architecture on data related infrastructure requirements/considerations

    Please refer to the following blueprints to see the full picture of enterprise architecture:

    A diagram titled 'Enterprise Architecture' with multiple forms of architecture interacting with each other. At the top is 'Business Architecture' which feeds into 'Data Architecture' and 'Application Architecture' which feed into each other, and influence 'Infrastructure Architecture' and 'Security Architecture'.
    Adapted from TOGAF
    Refer to Phase C of TOGAF and Bizbok for references to the components of business architecture that are used in data architecture.

    Info-Tech’s data architecture optimization methodology helped a monetary authority fulfill strict regulatory pressures

    CASE STUDY

    Industry: Financial
    Source: Info-Tech Consulting
    Symbol for 'Monetary Authority Case Study'. Look for this symbol as you walk through the blueprint for details on how Info-Tech Consulting assisted this monetary authority.

    Situation: Strong external pressures required the monetary authority to update and optimize its data architecture.

    The monetary authority is responsible for oversight of the financial situation of a country that takes in revenue from foreign incorporation. Due to increased pressure from international regulatory bodies, the monetary authority became responsible for generating multiple different types of beneficial ownership reports based on corporation ownership data within 24 hours of a request.

    A stale and inefficient data architecture prevented the monetary authority from fulfilling external pressures.

    Normally, the process to generate and provide beneficial ownership reports took a week or more. This was due to multiple points of stale data architecture, including a dependence on outdated legacy systems and a broken process for gathering the required data from a mix of paper and electronic sources.

    Provide a structured approach to solving the problem

    Info-Tech helped the monetary authority identify the business need that resulted from regulatory pressures, the challenges that needed to be overcome, and actionable tactics for addressing the needs.

    Info-Tech’s methodology was followed to optimize the areas of data architecture that address the business driver.

    • External Requirements
    • Business Driver
        Diagnose Data Architecture Problems
      • Outdated architecture (paper, legacy systems)
      • Stale data from other agencies
      • Incomplete data
          Data Architecture Optimization Tactics
        1. Optimized Source Databases
        2. Improved Integration
        3. Data Warehouse Optimization
        4. Data Marts for Reports
        5. Report Delivery Efficiency

    As you walk through this blueprint, watch for additional case studies that walk through the details of how Info-Tech helped this monetary authority.

    This blueprint’s three-step process will help you optimize data architecture in your organization

    Phase 1
    Prioritize Your Data Architecture With Business-Driven Tactics
    Phase 2
    Personalize Your Tactics to Optimize Your Data Architecture
    Phase 3
    Create Your Tactical Data Architecture Roadmap
    Step 1: Identify Your Business Driver for Optimizing Data Architecture
    • Learn about what data architecture is and how it must evolve with the drivers of the business.
    • Determine the business driver that your organization is currently experiencing.
    • Data Architecture Driver Pattern Identification Tool

    Step 2: Determine Actionable Tactics to Optimize Data Architecture
    • Create your data architecture optimization plan to determine the high-level tactics you need to follow.
    • Data Architecture Optimization Template

    Step 1: Measure Your Data Architecture Capabilities
    • Determine where you currently stand in the data architecture capabilities across the five-tier data architecture.
    • Data Architecture Tactical Roadmap Tool

    Step 2: Set a Target for Data Architecture Capabilities
    • Identify your targets for the data architecture capabilities.
    • Data Architecture Tactical Roadmap Tool

    Step 3: Identify the Tactics that Apply to Your Organization
    • Understand the trends in the field of data architecture and how they can help to optimize your environment.
    • Data Architecture Trends Presentation

    Step 1: Personalize Your Data Architecture Roadmap
    • Personalize the tactics across the tiers that apply to you to build your personalized roadmap.
    • Data Architecture Tactical Roadmap Tool

    Step 2: Manage Your Data Architecture Decisions and the Resulting Changes
    • Document the changes in the organization’s data architecture.
    • Data architecture involves change management – learn how data architects should support change management in the organization.
    • Data Architecture Decision Template

    Use these icons to help direct you as you navigate this research

    Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

    A small monochrome icon of a wrench and screwdriver creating an X.

    This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

    A small monochrome icon depicting a person in front of a blank slide.

    This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Build a Business-Aligned Data Architecture Optimization Strategy – project overview

    PHASE 1
    Prioritize Your Data Architecture With Business-Driven Tactics
    PHASE 2
    Personalize Your Tactics to Optimize Your Data Architecture
    PHASE 3
    Create Your Tactical Data Architecture Roadmap
    Supporting Tool icon

    Best-Practice Toolkit

    1.1 Identify Your Business Driver for Optimizing Data Architecture

    1.2 Determine Actionable Tactics to Optimize Data Architecture

    2.1 Measure Your Data Architecture Capabilities

    2.2 Set a Target for Data Architecture Capabilities

    2.3 Identify the Tactics that Apply to Your Organization

    3.1 Personalize Your Data Architecture Roadmap

    3.2 Manage Your Data Architecture Decisions and the Resulting Changes

    Guided Implementations

    • Understand what data architecture is, how it aligns with enterprise architecture, and how data architects support the needs of the business.
    • Identify the business drivers that necessitate the optimization of the organization’s data architecture.
    • Create a tactical plan to optimize data architecture across Info-Tech’s five-tier logical data architecture model.
    • Understand Info-Tech’s tactical data architecture capability model and measure the current state of these capabilities at the organization.
    • Determine the target state of data architecture capabilities.
    • Understand the trends in the field of data architecture and identify how they can fit into your environment.
    • Use the results of the data architecture capability gap assessment to determine the priority of activities to populate your personalized data architecture optimization roadmap.
    • Understand how to manage change as a data architect or equivalent.
    Associated Activity icon

    Onsite Workshop

    Module 1:
    Identify the Drivers of the Business for Optimizing Data Architecture
    Module 2:
    Create a Tactical Plan for Optimizing Data Architecture
    Module 3:
    Create a Personalized Roadmap for Data Architecture Activities

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Preparation

    Workshop Day 1

    Workshop Day 2

    Workshop Day 3

    Workshop Day 4

    Workshop Day 5

    Organize and Plan Workshop Identify the Drivers of the Business for Optimizing Data Architecture Determine the Tactics For Optimizing Data Architecture Create Your Roadmap of Optimization Activities Create Your Personalized Roadmap Create a Plan for Change Management

    Morning Activities

    • Finalize workshop itinerary and scope.
    • Identify workshop participants.
    • Gather strategic documentation.
    • Engage necessary stakeholders.
    • Book interviews.
    • 1.1 Explain approach and value proposition.
    • 1.2 Review the common business drivers and how the organization is driving a need to optimize data architecture.
    • 2.1 Create your data architecture optimization plan.
    • 2.2 Interview key business stakeholders for input on business drivers for data architecture.
    • 3.1 Align with the enterprise architecture by interviewing the enterprise architect for input on the data architecture optimization roadmap.
    • 4.1 As a group, determine the roadmap activities that are applicable to your organization and brainstorm applicable initiatives.
    • 5.1 Use the Data Architecture Decision Documentation Template to document key decisions and updates.

    Afternoon Activities

    • 1.3 Understand Info-Tech’s Five-Tier Data Architecture.
    • 1.4 Determine the pattern of tactics that apply to the organization for optimization.
    • 2.3 With input from the business and enterprise architect, determine the current data architecture capabilities.
    • 3.3 With input from the business and enterprise architect, determine the target data architecture capabilities.
    • 4.2 Determine the timing and effort of the roadmap activities.
    • 5.2 Review best practices for change management.
    • 5.3 Present roadmap and findings to the business stakeholders and enterprise architect.

    Deliverables

    • Workshop Itinerary
    • Workshop Participant List
    1. Five-Tier Logical Data Architecture Model
    2. Data Architecture Tactic Plan
    1. Five-Tier Data Architecture Capability Model
    1. Data Architecture Tactical Roadmap
    1. Data Architecture Tactical Roadmap
    1. Data Architecture Decision Template

    Build a Business-Aligned Data Architecture Optimization Strategy

    PHASE 1

    Prioritize Your Data Architecture With Business-Driven Tactics

    Phase 1 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Prioritize Your Data Architecture With Business-Driven Tactics

    Proposed Time to Completion: 2 weeks
    Step 1.1: Identify Your Business Driver for Optimizing Data Architecture Step 1.2: Determine Actionable Tactics to Optimize Data Architecture
    Start with an analyst kick-off call:
    • Understand what data architecture is, what it is not, and how it fits into the broader enterprise architecture program.
    • Determine the drivers that fuel the need for data architecture optimization.
    Review findings with analyst:
    • Understand the Five-Tier Data Architecture Model and how the drivers of the business inform your priorities across this logical model of data architecture.
    Then complete these activities…
    • Complete the Data Architecture Driver Pattern Identification Tool.
    Then complete these activities…
    • Create a tactical data architecture optimization plan based on the business driver input.
    With these tools & templates:
    • Data Architecture Driver Pattern Identification Tool
    With these tools & templates:
    • Data Architecture Optimization Template

    Phase 1 Results & Insights

    • Data Architecture is not just about data models. The approach that Phase 1 guides you through will help to not only plan where you need to focus your efforts as a data architect (or equivalent) but also give you guidance in how you should go about optimizing the holistic data architecture environment based on the drivers of the business.

    Phase 1 will help you create a strategy to optimize your data architecture using actionable tactics

    In this phase, you will determine your focus for optimizing your data architecture based on the business drivers that are commonly felt by most organizations.

    1. Identify the business drivers that necessitate data architecture optimization efforts.
    2. Understand Info-Tech’s Five-Tier Data Architecture, a logical architecture model that will help you prioritize tactics for optimizing your data architecture environment.
    3. Identify tactics for optimizing the organization’s data architecture across the five tiers.

    “To stay competitive, we need to become more data-driven. Compliance pressures are becoming more demanding. We need to add a new functionality.”

    Info-Tech’s Five-Tier Data Architecture:

    1. Data Sources
    2. Data Integration and Translation
    3. Data Warehousing
    4. Data Analytics
    5. Data Presentation

    Tactical plan for Data Architecture Optimization

    Phase 1, Step 1: Identify Your Business Driver for Optimizing Data Architecture

    PHASE 1

    1.1 1.2
    Identify Your Business Driver for Optimizing Data Architecture Determine Actionable Tactics to Optimize Data Architecture

    This step will walk you through the following activities:

    • Understand how data architecture fits into the organization’s larger enterprise architecture.
    • Understand what data architecture is and how it should be driven by the business.
    • Identify the driver that is creating a need for data architecture optimization.

    This step involves the following participants:

    • Data Architect
    • Enterprise Architect

    Outcomes of this step

    • A starting point for the many responsibilities of the data architect role. Balancing business and technical requirements can be challenging, and to do so you need to first understand what is driving the need for data architecture improvements.
    • Holistic understanding of the organization’s architecture environment, including enterprise, application, data, and technology architectures and how they interact.

    Data architecture involves planning, communication, and understanding of technology

    Data Architecture

    A description of the structure and interaction of the enterprise’s major types and sources of data, logical data assets, physical data assets, and data management resources (TOGAF 9).

    The subject area of data management that defines the data needs of the enterprise and designs the master blueprints to meet those needs (DAMA DMBOK, 2009).

    IBM (2007) defines data architecture as the design of systems and applications that facilitate data availability and distribution across the enterprise.

    Definitions vary slightly across major architecture and management frameworks.

    However, there is a general consensus that data architecture provides organizations with:

    • Alignment
    • Planning
    • Road mapping
    • Change management
    • A guide for the organization’s data management program

    Data architecture must be based on business goals and objectives; developed within the technical strategies, constraints, and opportunities of the organization in support of providing a foundation for data management.

    Current Data Management
    • Alignment
    • Planning
    • Road mapping
    Goal for Data Management

    Info-Tech Insight

    Data Architecture is not just data models. Data architects must understand the needs of the business, as well as the existing people and processes that already exist in the organization to effectively perform their job.

    Review how data architecture fits into the broader architectural context

    A flow diagram starting with 'Business Processes/Activities' to 'Business Architecture' which through a process of 'Integration' flows to 'Data Architecture' and 'Application Architecture', the latter of which also flows into to the former, and they both flow into 'Technology Architecture' which includes 'Infrastructure' and 'Security'.

    Each layer of architecture informs the next. In other words, each layer has components that execute processes and offer services to the next layer. For example, data architecture can be broken down into more granular activities and processes that inform how the organization’s technology architecture should be arranged.

    Data does not exist on its own. It is informed by business architecture and used by other architectural domains to deliver systems, IT services, and to support business processes. As you build your practice, you must consider how data fits within the broader architectural framework.

    The Zachman Framework is a widely used EA framework; within it, data is identified as the first domain.

    The framework aims to standardize artifacts (work-products) within each architectural domain, provides a cohesive view of the scope of EA and clearly delineates data components. Use the framework to ensure that your target DA practice is aligned to other domains within the EA framework.

    'The Zachman Framework for Enterprise Architecture: The Enterprise Ontology', a complicated framework with top and bottom column headers and left and right row headers. Along the top are 'Classification Names': 'What', 'How', 'Where', 'Who', 'When', and 'Why'. Along the bottom are 'Enterprise Names': 'Inventory Sets', 'Process Flows', 'Distribution Networks', 'Responsibility Assignments', 'Timing Cycles', and 'Motivation Intentions'. Along the left are 'Audience Perspectives': 'Executive Perspective', 'Business Mgmt. Perspective', 'Architect Perspective', 'Engineer Perspective', 'Technician Perspective', and 'Enterprise Perspective'. Along the right are 'Model Names': 'Scope Contexts', 'Business Concepts', 'System Logic', 'Technology Physics', 'Tool Components', and 'Operations Instances'.
    (Source: Zachman International)

    Data architects operate in alignment with the other various architecture groups

    Data architects operate in alignment with the other various architecture groups, with coordination from the enterprise architect.

    Enterprise Architect
    The enterprise architect provides thought leadership and direction to domain architects.

    They also maintain architectural standards across all the architectural domains and serve as a lead project solution architect on the most critical assignments.

    • Business Architect
      A business subject matter expert who works with the line-of-business team to assist in business planning through capability-based planning.
    • Security Architect
      Plays a pivotal role in formulating the security strategy of the organization, working with the business and CISO/security manager. Recommends and maintains security standards, policies, and best practices.
    • Infrastructure Architect
      Recommends and maintains standards across the compute, storage, and network layers of the organization. Reviews project solution architectures to ensure compliance with infrastructure standards, regulations, and target state blueprints.
    • Application Architect
      Manages the business effectiveness, satisfaction, and maintainability of the application portfolio. Conduct application architecture assessments to document expected quality attribute standards, identify hotspots, and recommend best practices.
    • Data Architect
      Facilitates the creation of data strategy and has a greater understanding of operational and analytical data use cases. Manages the enterprise data model which includes all the three layers of modelling - conceptual, logical, and physical. Recommends data management policies and standards, and maintains data management artefacts. Reviews project solution architectures and identifies cross impacts across the data lifecycle.

    As a data architect, you must maintain balance between the technical and the business requirements

    The data architect role is integral to connecting the long-term goals of the business with how the organization plans to manage its data for optimal use.

    Data architects need to have a deep experience in data management, data warehousing, and analytics technologies. At a high level, the data architect plans and implements an organization’s data, reporting, and analytics roadmap.

    Some of the role’s primary duties and responsibilities include:

    1. Data modeling
    2. Reviewing existing data architecture
    3. Benchmark and improve database performance
    4. Fine tune database and SQL queries
    5. Lead on ETL activities
    6. Validate data integrity across all platforms
    7. Manage underlying framework for data presentation layer
    8. Ensure compliance with proper reporting to bureaus and partners
    9. Advise management on data solutions

    Data architects bridge the gap between strategic and technical requirements:

    Visualization centering the 'Data Architect' as the bridge between 'Data Workers', 'Business', and 'Data & Applications'.

    “Fundamentally, the role of a data architect is to understand the data in an organization at a reasonable level of abstraction.” (Andrew Johnston, Independent Consultant)

    Info-Tech Insight

    The data architect role is not always clear cut. Many organizations do not have a dedicated data architect resource, and may not need one. However, the duties and responsibilities of the data architect must be carried out to some degree by a combination of resources as appropriate to the organization’s size and environment.

    Understand the role of a data architect to ensure that essential responsibilities are covered in the organization

    A database administrator (DBA) is not a data architect, and data architecture is not something you buy from an enterprise application vendor.

    Data Architect Role Description

    • The data architect must develop (along with the business) a short-term and long-term vision for the enterprise’s data architecture.
    • They must be able to create processes for governing the identification, collection, and use of accurate and valid metadata, as well as for tracking data quality, completeness, and redundancy.
    • They need to create strategies for data security, backup, disaster recovery, business continuity, and archiving, and ensure regulatory compliance.

    Skills Necessary

    • Hands-on experience with data architecting and management, data mining, and large-scale data modeling.
    • Strong understanding of relational and non-relational data structures, theories, principles, and practices.
    • Strong familiarity with metadata management.
    • Knowledge of data privacy practices and laws.

    Define Policies, Processes, and Priorities

    • Policies
      • Boundaries of the data architecture.
      • Data architecture standards.
      • Data architecture security.
      • Responsibility of ownership for the data architecture and data repositories.
      • Responsibility for data architecture governance.
    • Processes
      • Data architecture communication.
      • Data architecture change management.
      • Data architecture governance.
      • Policy compliance monitoring.
    • Priorities
      • Align architecture efforts with business priorities.
      • Close technology gaps to meet service level agreements (SLAs).
      • Determine impacts on current or future projects.

    See Info-Tech’s Data Architect job description for a comprehensive description of the data architect role.

    Leverage data architecture frameworks to understand how the role fits into the greater Enterprise Architecture framework

    Enterprise data architectures are available from industry consortiums such as The Open Group (TOGAF®), and open source initiatives such as MIKE2.0.

    Logo for The Open Group.

    The Open Group TOGAF enterprise architecture model is a detailed framework of models, methods, and supporting tools to create an enterprise-level architecture.

    • TOGAF was first developed in 1995 and was based on the Technical Architecture Framework for Information Management (TAFIM) developed by the US Department of Defense.
    • TOGAF includes application, data, and infrastructure architecture domains providing enterprise-level, product-neutral architecture principles, policies, methods, and models.
    • As a member of The Open Group, it is possible to participate in ongoing TOGAF development initiatives.

    The wide adoption of TOGAF has resulted in the mapping of it to several other industry standards including CoBIT and ITIL.

    Logo for MIKE2.0.

    MIKE2.0 (Method for an Integrated Knowledge Environment), is an open source method for enterprise information management providing a framework for information development.

    • SAFE (Strategic Architecture for the Federated Enterprise) provides the technology solution framework for MIKE2.0
    • SAFE includes application, presentation, information, data, Infrastructure, and metadata architecture domains.

    Info-Tech Best Practice

    If an enterprise-level IT architecture is your goal, TOGAF is likely a better model. However, if you are an information and knowledge-based business then MIKE2.0 may be more relevant to your business.

    The data architect must identify what drives the need for data from the business to create a business-driven architecture

    As the business landscape evolves, new needs arise. An organization may undergo new compliance requirements, or look to improve their customer intimacy, which could require a new functionality from an application and its associated database.

    There are four common scenarios that lead to an organization’s need to optimize its data architecture and these scenarios all present unique challenges for a data architect:

    1. Becoming More Data Driven As organizations are looking to get more out of their data, there is a push for more accurate and timely data from applications. Data-driven decision making requires verifiable data from trustworthy sources. Result: Replace decisions made on gut or intuition with real and empirical data - make more informed and data-driven decisions.
    2. New Functionality or Business Rule In order to succeed as business landscapes change, organizations find themselves innovating on products or services and the way they do things. Changes in business rules, product or service offering, and new functionalities can subsequently demand more from the existing data architecture. Result: Prepare yourself to successfully launch new business initiatives with an architecture that supports business needs.
    3. Mergers and Acquisitions If an organization has recently acquired, been acquired, or is merging with another, the technological implications require careful planning to ensure a seamless fit. Application consolidation, retirement, data transfer, and integration points are crucial. Result: Leverage opportunities to incorporate and consolidate new synergistic assets to realize the ROI.
    4. Risk and Compliance Data in highly regulated organizations needs to be kept safe and secure. Architectural decisions around data impact the level of compliance within the organization. Result: Avoid the fear of data audits, regulatory violations, and privacy breaches.

    Info-Tech Best Practice

    These are not the only reasons why data architects need to optimize the organization’s data architecture. These are only four of the most common scenarios, however, other business needs can be addressed using the same concept as these four common scenarios.

    Use the Data Architecture Driver tool to identify your focus for data architecture

    Supporting Tool icon 1.1 Data Architecture Driver Pattern Identification Tool

    Follow Info-Tech’s process of first analyzing the needs of the business, then determining how best to architect your data based on these drivers. Data architecture needs to be able to rapidly evolve to support the strategic goals of the business, and the Data Architecture Driver Pattern Identification Tool will help you to prioritize your efforts to best do this.

    Tab 2. Driver Identification

    Objective: Objectively assess the most pressing business drivers.

    Screenshot of the Data Architecture Driver Pattern Identification Tool, tab 2.

    Tab 3. Tactic Pattern Plan, Section 1

    Purpose: Review your business drivers that require architectural changes in your environment.

    Screenshot of the Data Architecture Driver Pattern Identification Tool, tab 3, section 1.

    Tab 3. Tactic Pattern Plan, Section 2

    Purpose: Determine a list of tactics that will help you address the business drivers.

    Screenshot of the Data Architecture Driver Pattern Identification Tool, tab 3, section 2.

    Step
    • Evaluate business drivers to determine the data architecture optimization priorities and tactics.
    Step
    • Understand how each business driver relates to data architecture and how each driver gives rise to a specific pattern across the five-tier data architecture.
    Step
    • Review the list of high-level tactics presented to optimize your data architecture across the five tier architecture.

    Identify the drivers for improving your data architecture

    Associated Activity icon 1.1.1 1 hour

    INPUT: Data Architecture Driver tool assessment prompts.

    OUTPUT: Identified business driver that applies to your organization.

    Materials: Data Architecture Driver Pattern Identification Tool

    Participants: Data architect, Enterprise architect

    Instructions

    In Tab 2. Driver Identification of the Data Architecture Driver Pattern Identification Tool, assess the degree to which the organization is feeling the pains of the four most common business drivers:

    1. Is there a present or growing need for the business to be making data-driven decisions?
    2. Does the business want to explore a new functionality and hence require a new application?
    3. Is your organization acquiring or merging with another entity?
    4. Is your organization’s regulatory environment quick to change and require stricter reporting?

    Data architecture improvements need to be driven by business need.

    Screenshot of the Data Architecture Driver Pattern Identification Tool, tab 2 Driver Identification.
    Tab 2. Driver Identification

    “As a data architect, you have to understand the functional requirements, the non-functional requirements, then you need to make a solution for those requirements. There can be multiple solutions and multiple purposes. (Andrew Johnston, Independent Consultant)

    Interview the business to get clarity on business objectives and drivers

    Associated Activity icon 1.1.2 1 hour per interview

    INPUT: Sample questions targeting the activities, challenges, and opportunities of each business unit

    OUTPUT: Sample questions targeting the activities, challenges, and opportunities of each business unit

    Materials: Data Architecture Driver Pattern Identification Tool

    Participants: Data architect, Business representatives, IT representatives

    Identify 2-3 business units that demonstrate enthusiasm for or a positive outlook on improving how organizational data can help them in their role and as a unit.

    Conducting a deep-dive interview process with these key stakeholders will help further identify high-level goals for the data architecture strategy within each business unit. This process will help to secure their support throughout the implementation process by giving them a sense of ownership.

    Key Interview Questions:

    1. What are your primary activities? What do you do?
    2. What challenges do you have when completing your activities?
    3. How is poor data impacting your job?
    4. If [your selected domain]’s data is improved, what business issues would this help solve?

    Request background information and documentation from stakeholders regarding the following:

    • What current data management policies and processes exist (that you know of)?
    • Who are the data owners and end users?
    • Where are the data sources within the department stored?
    • Who has access to these data sources?
    • Are there existing or ongoing data issues within those data sources?

    Interview the enterprise architect to get input on the drivers of the business

    Associated Activity icon 1.1.3 2 hours

    INPUT: Data Architecture Driver tool assessment prompts.

    OUTPUT: Identified business driver that applies to your organization.

    Materials: Data Architecture Driver Pattern Identification Tool

    Participants: Data architect, Enterprise architect

    Data architecture improvements need to be driven by business need.

    Instructions

    As you work through Tab 2. Driver Identification of the Data Architecture Driver Pattern Identification Tool, consult with the enterprise architect or equivalent to assist you in rating the importance of each of the symptoms of the business drivers. This will help you provide greater value to the business and more aligned objectives.

    Screenshot of the Data Architecture Driver Pattern Identification Tool, tab 2 Driver Identification.
    Tab 2. Driver Identification

    Once you know what that need is, go to Step 2.

    Phase 1, Step 2: Establish Actionable Tactics to Optimize Data Architecture

    PHASE 1

    1.11.2
    Identify Your Business Driver for Optimizing Data ArchitectureDetermine Actionable Tactics to Optimize Data Architecture

    This step will walk you through the following activities:

    • Understand Info-Tech’s five-tier data architecture to begin focusing your architectural optimization.
    • Create your Data Architecture Optimization Template to plan your improvement tactics.
    • Prioritize your tactics based on the five-tier architecture to plan optimization.

    This step involves the following participants:

    • Data Architect
    • Enterprise Architect
    • DBAs

    Outcomes of this step

    • A tactical and prioritized plan for optimizing the organization’s data architecture according to the needs of the business.

    To plan a business-driven architecture, data architects need to keep the organization’s big picture in mind

    Remember… Architecting an organization involves alignment, planning, road mapping, design, and change management functions.

    Data architects must be heavily involved with:

    • Understanding the short- and long-term visions of the business to develop a vision for the organization’s data architecture.
    • Creating processes for governing the identification, collection, and use of accurate and valid data, as well as for tracking data quality, completeness, and redundancy.
    • They need to create strategies for data security, backup, disaster recovery, business continuity, and archiving, and ensure regulatory compliance.

    To do this, you need a framework. A framework provides you with the holistic view of the organization’s data environment that you can use to design short- and long-term tactics for improving the use of data for the needs of the business.

    Use Info-Tech’s five-tier data architecture to model your environment in a logical, consumable fashion.

    Info-Tech Best Practice

    The more complicated an environment is, the more need there is for a framework. Being able to pick a starting point and prioritize tasks is one of the most difficult, yet most essential, aspects of any architect’s role.

    The five tiers of an organization’s data architecture support the use of data throughout its lifecycle

    Info-Tech’s five-tier data architecture model summarizes an organization’s data environment at a logical level. Data flows from left to right, but can also flow from the presentation layer back to the warehousing layer for repatriation of data.

    Info-Tech's Five Tier Data Architecture. The five tiers being 'Sources' which includes 'App1 ', 'App2', 'Excel and other documents', 'Access database(s)', 'IOT devices', and 'External data feed(s) & social media'; 'Integration and Translation' which includes 'Solutions: SOA, Point to Point, Manual Loading, ESB , ETL, ODS, Data Hub' and 'Functions: Scrambling Masking Encryption, Tokenizing, Aggregation, Transformation, Migration, Modeling'; 'Warehousing' which includes 'Data Lakes & Warehouse(s) (Raw Data)', 'EIM, ECM, DAM', and 'Data Lakes & Warehouse(s) (Derived Data)'; 'Analytics' which includes 'Data Marts', 'Data Cube', 'Flat Files', 'BI Tools', and the 'Protected Zone: Data Marts - BDG Class Ref. MDM'; and 'Presentation' which includes 'Formulas', 'Thought Models', 'Reports', 'Dashboards', 'Presentations', and 'Derived Data (from analytics activities)'.

    Use the Data Architecture Optimization Template to build your improvement roadmap

    Supporting Tool icon 1.2 Data Architecture Optimization Template

    Download the Data Architecture Optimization Template.

    Overview

    Use this template to support your team in creating a tactical strategy for optimizing your data architecture across the five tiers of the organization’s architecture. This template can be used to document your organization’s most pressing business driver, the reasons for optimizing data architecture according to that driver, and the tactics that will be employed to address the shortcomings in the architecture.

    Sample of Info-Tech’s Data Architecture Optimization Template. Info-Tech’s Data Architecture Optimization Template Table of Contents
    1. Build Your Current Data Architecture Logical Model Use this section to document the current data architecture situation, which will provide context for your plan to optimize your data architecture.
    2. Optimization Plan Use this section to document the tactics that will be employed to optimize the current data architecture according to the tactic pattern identified by the business driver.

    Fill out as you go

    As you read about the details of the five-tier data architecture model in the following slides, start building your current logical data architecture model by filling out the sections that correspond to the various tiers. For example, if you identified that the most pressing business driver is becoming compliant with regulations, document the sources of data required for compliance, as well as the warehousing strategy currently being employed. This will help you to understand the organization’s data architecture at a logical level.

    Tier 1 represents all of the sources of your organization’s data

    Tier 1 of Info-Tech's Five Tier Data Architecture, 'Sources', which includes 'App1 ', 'App2', 'Excel and other documents', 'Access database(s)', 'IOT devices', and 'External data feed(s) & social media'.
    –› Data to integration layer

    Tier 1 is where the data enters the organization.

    All applications, data documents such as MS Excel spreadsheets, documents with table entries, manual extractions from other document types, user-level databases including MS Access and MySQL, other data sources, data feeds, big datasets, etc. reside here.

    This tier typically holds the siloed data that is so often not available across the enterprise because the data is held within department-level applications or systems. This is also the layer where transactions and operational activities occur and where data is first created or ingested.

    There are any number of business activities from transactions through business processes that require data to flow from one system to another, so it is often at this layer we see data created more than once, data corruption occurs, manual re-keying of data from system to system, and spaghetti-like point-to-point connections are built that are often fragile. This is usually the single most problematic area within an enterprise’s data environment. Application- or operational-level (siloed) reporting often occurs at this level.

    Info-Tech Best Practice

    An optimized Tier 1 has the following attributes:

    • Rationalized applications
    • Operationalized database administration
    • Databases governed, monitored, and maintained to ensure optimal performance

    Tier 2 represents the movement of data

    Tier 2 of Info-Tech's Five Tier Data Architecture, 'Integration and Translation', which includes 'Solutions: SOA, Point to Point, Manual Loading, ESB , ETL, ODS, Data Hub' and 'Functions: Scrambling Masking Encryption, Tokenizing, Aggregation, Transformation, Migration, Modeling'.
    –› Data to Warehouse Environment

    Find out more

    For more information on data integration, see Info-Tech’s Optimize the Organization’s Data Integration Practices blueprint.

    Tier 2 is where integration, transformation, and aggregation occur.

    Regardless of how you integrate your systems and data stores, whether via ETL, ESB, SOA, data hub, ODS, point-to-point, etc., the goal of this layer is to move data at differing speeds for one of two main purposes:

    1) To move data from originating systems to downstream systems to support integrated business processes. This ensures the data is pristine through the process and improves trustworthiness of outcomes and speed to task and process completion.

    2) To move data to Tier 3 - The Data Warehouse Architecture, where data rests for other purposes. This movement of data in its purest form means we move raw data to storage locations in an overall data warehouse environment reflecting any security, compliance and other standards in our choices for how to store.

    Also, this is where data is transformed for unique business purpose that will also be moved to a place of rest or a place of specific use. Data masking, scrambling, aggregation, cleansing and matching, and other data related blending tasks occur at this layer.

    Info-Tech Best Practice

    An optimized Tier 2 has the following attributes:

    • Business data glossary is leveraged
    • ETL is governed
    • ETL team is empowered
    • Data matching is facilitated
    • Canonical data model is present

    Tier 3 is where data comes together from all sources to be stored in a central warehouse environment

    Tier 3 is where data rests in long-term storage.

    This is where data rests (long-term storage) and also where an enterprise’s information, documents, digital assets, and any other content types are stored. This is also where derived and contrived data creations are stored for re-use, and where formulas, thought models, heuristics, algorithms, report styles, templates, dashboard styles, and presentations-layer widgets are all stored in the enterprise information management system.

    At this layer there may be many technologies and many layers of security to reflect data domains, classifications, retention, compliance, and other data needs. This is also the layer where data lakes exist as well as traditional relational databases, enterprise database systems, enterprise content management systems, and simple user-level databases.

    Info-Tech Best Practice

    An optimized Tier 3 has the following attributes:

    • Data warehouse is governed
    • Data warehouse operations and planning
    • Data library is comprehensive
    • Four Rosetta Stones of data are in place: BDG, data classification, reference data, master data.
    Data from integration layer –›
    Tier 3 of Info-Tech's Five Tier Data Architecture, 'Data Warehouse Environment' which includes 'Data Lakes & Warehouse(s) (Raw Data)', 'EIM, ECM, DAM'.
    –› Analytics

    Find out more

    For more information on Data Warehousing, see Info-Tech’s Build an Extensible Data Warehouse Foundation and Drive Business Innovation With a Modernized Data Warehouse Environment blueprints.

    Tier 4 is where knowledge and insight is born

    Tier 4 represents data being used for a purpose.

    This is where you build fit-for-purpose data sets (marts, cubes, flat files) that may now draw from all enterprise data and information sources as held in Tier 3. This is the first place where enterprise views of all data may be effectively done and with trust that golden records from systems of record are being used properly.

    This is also the layer where BI tools get their greatest use for performing analysis. Unlike Tier 3 where data is at rest, this tier is where data moves back into action. Data is brought together in unique combinations to support reporting, and analytics. It is here that the following enterprise analytic views are crafted:
    Exploratory, Inferential, Causal, Comparative, Statistical, Descriptive, Diagnostic, Hypothesis, Predictive, Decisional, Directional, Prescriptive

    Info-Tech Best Practice

    An optimized Tier 4 has the following attributes:

    • Reporting meets business needs
    • Data mart operations are in place
    • Governance of data marts, cubes, and BI tools in place
    Warehouse Environment –›
    Tier 4 of Info-Tech's Five Tier Data Architecture, 'Analytics', which includes 'Data Marts', 'Data Cube', 'Flat Files', and 'BI Tools'.
    –› Presentation

    Find out more

    For more information on BI tools and strategy, see Info-Tech’s Select and Implement a Business Intelligence and Analytics Solution and Build a Next Generation BI with a Game-Changing BI Strategy blueprints.

    The presentation layer, Tier 5, is where data becomes presentable information

    Tier 5 represents data in knowledge form.

    This is where the data and information combine in information insight mapping methods (presentations, templates, etc.). We craft and create new ways to slice and dice data in Tier 4 to be shown and shared in Tier 5.

    Templates for presenting insights are extremely valuable to an enterprise, both for their initial use, and for the ability to build deeper, more insightful analytics. Re-use of these also enables maximum speed for sharing, consuming the outputs, and collective understanding of these deeper meanings that is a critical asset to any enterprise. These derived datasets and the thought models, presentation styles, templates, and other derived and contrived assets should be repatriated into the derived data repositories and the enterprise information management systems respectively as shown in Tier 3.

    Find out more

    For more information on enterprise content management and metadata, see Info-Tech’s Develop an ECM Strategy and Break Open Your DAM With Intuitive Metadata blueprints.

    Tier 5 of Info-Tech's Five Tier Data Architecture, 'Presentation', which includes 'Formulas', 'Thought Models', 'Reports', 'Dashboards', 'Presentations', and 'Derived Data (from analytics activities)'. The 'Repatriation of data' feeds the derived data back into Warehousing.

    Info-Tech Best Practice

    An optimized Tier 5 has the following attributes:

    • Metadata creation is supervised
    • Metadata is organized
    • Metadata is governed
    • Content management capabilities are present

    Info-Tech Insight

    Repatriation of data and information is an essential activity for all organizations to manage organizational knowledge. This is the activity where information, knowledge, and insights that are stored in content form are moved back to the warehousing layer for long-term storage. Because of this, it is crucial to have an effective ECM strategy as well as the means to find information quickly and efficiently. This is where metadata and taxonomy come in.

    As a data architect, you must prioritize your focus according to business need

    Determine your focus.

    Now that you have an understanding of the drivers requiring data architecture optimization, as well as the current data architecture situation at your organization, it is time to determine the actions that will be taken to address the driver.

    1. Business driver

    Screenshot of Data Architecture Driver Pattern Identification Tool, Tab 2. Tactic Pattern Plan.
    Data Architecture Driver Pattern Identification Tool, Tab 2. Tactic Pattern Plan

    3. Documented tactic plan

    Data Architecture Optimization Template

    2. Tactics across the five tiers

    Another screenshot of Data Architecture Driver Pattern Identification Tool, Tab 2. Tactic Pattern Plan.

    The next four slides provide an overview of the priorities that accompany the four most common business drivers that require updates to a stale data architecture.

    Business driver #1: Adding a new functionality to an application can have wide impacts on data architecture

    Does the business wants to add a new application or supplement an existing application with a new functionality?

    Whether the business wants to gain better customer intimacy, achieve operational excellence, or needs to change its compliance and reporting strategy, the need for collecting new data through a new application or a new functionality within an existing application can arise. This business driver has the following attributes:

    • Often operational oriented and application driven.
    • An application is changed through an application version upgrade, migration to cloud, or application customization, or as a result of application rationalization or changes in the way that application data is generated.
    • However, not all new functionalities trigger this scenario. Non-data-related changes, such as a new interface, new workflows, or any other application functionality changes that do not involve data, will not have data architecture impacts.
    Stock photo of someone using a smartphone with apps.
    Modified icon for Tools & Templates. When this business driver arises, data architects should focus on optimizing architecture at the source tier and the integration of the new functionality. Tactics for this business driver should address the following pattern:
    Tiers 1 and 2 highlighted.

    Business driver #2: Organizations today are looking to become more data driven

    Does the business wants to better leverage its data?

    An organization can want to use its data for multiple reasons. Whether these reasons include improving customer experience or operational excellence, the data architect must ensure that the organization’s data aggregation environment, reporting and analytics, and presentation layer are assessed and optimized for serving the needs of the business.

    “Data-drivenness is about building tools, abilities, and, most crucially, a culture that acts on data.” (Carl Anderson, Creating a Data-Driven Organization)

    Tactics for this business driver should address the following pattern:
    Tiers 3, 4, and 5 highlighted.
    Modified icon for Tools & Templates. When this business driver arises, data architects should focus on optimizing architecture at the source tier and the integration of the new functionality.
    Stock photo of someone sitting at multiple computers with analytics screens open.
    • This scenario is typically project driven and analytical oriented.
    • The business is looking to leverage data and information by processing data through BI tools and self-service.
    • Example: The organization wants to include new third-party data, and needs to build a new data mart to provide a slice of data for analysis.

    Business driver #3: Risk and compliance demands can put pressure on outdated architectures

    Is there increasing pressure on the business to maintain compliance requirements as per regulations?

    An organization can want to use its data for multiple reasons. Whether these reasons include improving customer experience or operational excellence, the data architect must ensure that the organization’s data aggregation environment, reporting and analytics, and presentation layer are assessed and optimized for serving the needs of the business.

    There are different types of requirements:
    • Can be data-element driven. For example, PII, PHI are requirements around data elements that are associated with personal and health information.
    • Can be process driven. For example, some requirements restrict data read/write to certain groups.
    Stock photo of someone pulling a block out of a Jenga tower.
    Modified icon for Tools & Templates. When this business driver arises, data architects should focus on optimizing architecture where data is stored: at the sources, the warehouse environment, and analytics layer. Tactics for this business driver should address the following pattern:
    Tiers 1, 3, and 4 highlighted.

    Business driver #4: Mergers and acquisitions can require a restructuring of the organization’s data architecture

    Is the organization looking to acquire or merge with another organization or line of business?

    There are three scenarios that encompass the mergers and acquisitions business driver for data architecture:

    1. The organization acquires/merges with another organization and wants to integrate the data.
    2. The organization acquires/merges a subset of an organization (a line of business, for example) and wants to integrate the data.
    3. The organization acquires another organization for competitive purposes, and does not need to integrate the data.
    Regardless of what scenario your organization falls into, you must go through the same process of identifying the requirements for the new data:
    1. Understand what data you are getting.
      The business may acquire another organization for the data, for the technology, and/or for algorithms (for example). If the goal is to integrate the new data, you must understand if the data is unstructured, structured, how much data, etc.
    2. Plan for the integration of the new data into your environment.
      Do you have the expertise in-house to integrate the data? Database structures and systems are often mismatched (for example, acquired company could have an Oracle database whereas you are an SAP shop) and this may require expertise from the acquired company or a third party.
    3. Integrate the new data.
      Often, the extraction of the new data is the easy part. Transforming and loading the data is the difficult and costly part.
    “As a data architect, you must do due diligence of the acquired firm. What are the workflows, what are the data sources, what data is useful, what is useless, what is the value of the data, and what are the risks of embedding the data?” (Anonymous Mergers and Acquisitions Consultant)
    Modified icon for Tools & Templates. When this business driver arises, data architects should focus on optimizing architecture at the source tier, the warehousing layer, and analytics. Tiers 1, 3, and 4 highlighted.

    Determine your tier priority pattern and the tactics that you should address based on the business drivers

    Associated Activity icon 1.2.1 30 minutes

    INPUT: Business driver assessment

    OUTPUT: Tactic pattern and tactic plan

    Materials: Data Architecture Driver Pattern Identification Tool, Data Architecture Optimization Template

    Participants: Data architect, Enterprise architect

    Instructions
    1. After you have assessed the organization’s business driver on Tab 1. Driver Identification, move to Tab 2. Tactic Pattern Plan.
    2. Here, you will find a summary of the business driver that applies to you, as well as the tier priority pattern that will help you to focus your efforts for data architecture.
    3. Document the Tier Priority Pattern and associated tactics in Section 2. Optimization Plan of the Data Architecture Optimization Plan.
    Screenshot of Data Architecture Driver Tool.
    Data Architecture Driver Tool
    Arrow pointing right. Sample of Data Architecture Optimization Template
    Data Architecture Optimization Template

    Info-Tech Insight

    Our approach will help you to get to the solution of the organization’s data architecture problems as quickly as possible. However, keep in mind that you should still address the other tiers of your data architecture even if they are not part of the pattern we identified. For example, if you need to become more data driven, don’t completely ignore the sources and the integration of data. However, to deliver the most and quickest value, focus on tiers 3, 4, and 5.

    This phase helped you to create a tactical plan to optimize your data architecture according to business priorities

    Phase 1 is all about focus.

    Data architects and those responsible for updating an organization’s data architecture have a wide-open playing field with which to take their efforts. Being able to narrow down your focus and generate an actionable plan will help you provide more value to the organization quickly and get the most out of your data.

      Phase 1
      • Business Drivers
        • Tactic Pattern
          • Tactical Plan

    Now that you have your prioritized tactical plan, move to Phase 2. This phase will help you map these priorities to the essential capabilities and measure where you stack up in these capabilities. This is an essential step in creating your data architecture roadmap and plan for coming years to modernize the organization’s data architecture.

    To identify what the monetary authority needed from its data architecture, Info-Tech helped determine the business driver

    CASE STUDY

    Industry: Financial
    Source: Info-Tech Consulting
    Symbol for 'Monetary Authority Case Study'.

    Part 1

    Prior to receiving new external requirements, the monetary Authority body had been operating with an inefficient system. Outdated legacy systems, reports in paper form, incomplete reports, and stale data from other agencies resulted in slow data access. The new requirements demanded speeding up this process.

    Diagram comparing the 'Original Reporting' requirement of 'Up to 7 days' vs the 'New Requirement' of 'As soon as 1 hour'. The steps of reporting in that time are 'Report Request', 'Gather Data', and 'Make Report'.

    Although the organization understood it needed changes, it first needed to establish what were the business objectives, and which areas of their architecture they would need to focus on.

    The business driver in this case was compliance requirements, which directed attention to the sources, aggregation, and insights tiers.

    Tiers 1, 3, and 4 highlighted.

    Looking at the how the different tiers relate to certain business operations, the organization uncovered the best practise tactics to achieving an optimized data architecture.

    1. Source Tactics: 3. Warehousing Tactics: 4. Analytics Tactics:
    • Identify data sources
    • Ensure data quality
    • Properly catalogue data
    • Properly index data
    • Provide the means for data accessibility
    • Allow for data reduction/space for report building

    Once the business driver had been established, the organization was able to identify the specific areas it would eventually need to evaluate and remedy as needed.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1.1

    Sample of activity 1.1.1 'Identify the drivers for improving your data architecture'. Identify the business driver that will set the direction of your data architecture optimization plan.

    In this activity, the facilitator will guide the team in identifying the business driver that is creating the need to improve the organization’s data architecture. Data architecture needs to adapt to the changing needs of the business, so this is the most important step of any data architecture improvements.

    1.2.1

    Sample of activity 1.2.1 'Determine your tier priority pattern and the tactics that you should address based on the business drivers'. Determine the tactics that you will use to optimize data architecture.

    In this activity, the facilitator will help the team create a tactical plan for optimizing the organization’s data architecture across the five tiers of the logical model. This plan can then be followed when addressing the business needs.

    Build a Business-Aligned Data Architecture Optimization Strategy

    PHASE 2

    Personalize Your Tactics to Optimize Your Data Architecture

    Phase 2 will determine your tactics that you should implement to optimize your data architecture

    Business Drivers
    Each business driver requires focus on specific tiers and their corresponding capabilities, which in turn correspond to tactics necessary to achieve your goal.
    New Functionality Risk and Compliance Mergers and Acquisitions Become More Data Driven
    Tiers 1. Data Sources 2. Integration 3. Warehousing 4. Insights 5. Presentation
    Capabilities Current Capabilities
    Target Capabilities
    Example Tactics Leverage indexes, partitions, views, and clusters to optimize performance.

    Cleanse data source.

    Leverage integration technology.

    Identify matching approach priorities.

    Establish governing principles.

    Install performance enhancing technologies.

    Establish star schema and snowflake principles.

    Share data via data mart.

    Build metadata architecture:
    • Data lineage
    • Sharing
    • Taxonomy
    • Automatic vs. manual creation

    Phase 2 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Personalize Your Tactics to Optimize Your Data Architecture

    Proposed Time to Completion: 2 weeks
    Step 2.1: Measure Your Data Architecture Capabilities Step 2.2: Set a Target for Data Architecture Capabilities Step 2.3: Identify the Tactics That Apply to Your Organization
    Start with an analyst kick-off call:
    • Understand Info-Tech’s data architecture capability model to begin identifying where to develop tactics for optimizing your data architecture.
    Review findings with analyst:
    • Understand Info-Tech’s data architecture capability model to begin identifying where to develop tactics for optimizing your data architecture.
    Finalize phase deliverable:
    • Learn about the trends in data architecture that can be leveraged to develop tactics.
    Then complete these activities…
    • Measure your current state across the tiers of the capability model that will help address your business driver.
    Then complete these activities…
    • Measure your target state for the capabilities that will address your business driver.
    Then complete these activities…
    • Review the tactical roadmap that was created with guidance from the capability gap analysis.
    With these tools & templates:
    • Data Architecture Tactical Roadmap Tool
    With these tools & templates:
    • Data Architecture Tactical Roadmap Tool
    With these tools & templates:
    • Data Architecture Trends Presentation Template

    Phase 2 Results & Insights

    • Data architecture is not just data models. Understand the essential capabilities that your organization needs from its data architecture to develop a tactical plan for optimizing data architecture across its people, processes, and technology.

    Phase 2, Step 1: Measure Your Data Architecture Capabilities

    PHASE 2

    2.1 2.2 2.3
    Measure Your Data Architecture Capabilities Set a Target for Data Architecture Capabilities Identify the Tactics That Apply to Your Organization

    This step will walk you through the following activities:

    • As you walk through the data architecture capability model, measure your current state in each of the relevant capabilities.
    • Distinguish between essential and nice-to-have capabilities for your organization.

    This step involves the following participants:

    • Data Architect

    Outcomes of this step

    • A framework for generating a tactical plan for data architecture optimization.
    • Knowledge of the various trends in the data architecture field that can be incorporated into your plan.

    To personalize your tactical strategy, you must measure up your base data architecture capabilities

    What is a capability?

    Capabilities represent a mixture of people, technology, and processes. The focus of capability design is on the outcome and the effective use of resources to produce a differentiating capability or an essential supporting capability.

    To personalize your tactics, you have to understand what the essential capabilities are across the five tiers of an organization’s data architecture. Then, assess where you currently stand in these capabilities and where you need to go in order to build your optimization plan.

    'Capability' as a mixture of 'People', 'Technology', 'Process', and 'Assets'.

    Info-Tech’s data architecture capability model can be laid over the five-tier data architecture to understand the essential and advanced capabilities that an organization should have, and to build your tactical strategy for optimizing the organization’s data architecture across the tiers.

    Use Info-Tech’s data architecture capability model as a resource to assess and plan your personalized tactics

    Info-Tech’s data architecture capability model can be laid over the five-tier data architecture to understand the essential and advanced capabilities that an organization should have, and to build your tactical strategy for optimizing the organization’s data architecture across the tiers.

    Info-Tech’s Data Architecture Capability Model featuring the five-tier architecture listing 'Core Capabilities' and 'Advanced Capabilities' within each tier, and a list of 'Cross Capabilities' which apply to all tiers.

    Use the Data Architecture Tactical Roadmap Tool to create a tailored plan of action

    Supporting Tool icon 2.1.1 Data Architecture Tactical Roadmap Tool

    Instructions

    Use the Data Architecture Tactical Roadmap Tool as your central tool to develop a tactical plan of action to optimize the organization’s data architecture.

    This tool contains the following sections:

    1. Business Driver Input
    2. Capability Assessment
    3. Capability Gap Analysis
    4. Tactical Roadmap
    5. Metrics
    6. Initiative Roadmap

    INFO-TECH DELIVERABLE

    Sample of the Info-Tech deliverable Data Architecture Tactical Roadmap Tool.

    Benefits of using this tool:

    • Comprehensive documentation of data architecture capabilities present in leading organizations.
    • Generates an accurate architecture roadmap for your organization that is developed in alignment with the broader enterprise architecture and related architectural domains.

    To create a plan for your data architecture priorities, you must first understand where you currently stand

    Now that you understand the business problem that you are trying to solve, it is time to take action in solving the problem.

    The organization likely has some of the capabilities that are needed to solve the problem, but also a need to improve other capabilities. To narrow down the capabilities that you should focus on, first select the business driver that was identified in Phase 1 in Tab 1. Business Driver Input of the Data Architecture Tactical Roadmap Tool. This will customize the roadmap tool to deselect the capabilities that are likely to be less relevant to your organization.

    For Example: If you identified your business driver as “becoming more data-driven”, you will want to focus on measuring and building out the capabilities within Tiers 3, 4, and 5 of the capability model.

    Data Architecture Capability Model
    Info-Tech’s Data Architecture Capability Model with tiers 3, 4, and 5 highlighted.

    Note

    If you want to assess your organization for all of the capabilities across the data architecture capability model, select “Comprehensive Data Architecture Assessment” in Tab 1. Business Driver Input of the Data Architecture Tactical Roadmap Tool.

    Determine your current state across the related architecture tiers

    Associated Activity icon 2.1.2 1 hour

    INPUT: Current data architecture capabilities.

    OUTPUT: An idea of where you currently stand in the capabilities.

    Materials: Data Architecture Tactical Roadmap Tool

    Participants: Data architect, Enterprise architect, Business representatives

    Use the Data Architecture Tactical Roadmap Tool to evaluate the baseline and target capabilities of your practice in terms of how data architecture is approached and executed.

    Instructions
    1. Invite the appropriate stakeholders to participate in this exercise.
    2. On Tab 2. Practice Components, assess the current and target states of each capability on a scale of 1–5.
    3. Note: “Ad hoc” implies a capability is completed, but randomly, informally, and without a standardized method.
      These results will set the baseline against which you will monitor performance progress and keep track of improvements over time.
    To assess data architecture maturity, Info-Tech uses the Capability Maturity Model Integration (CMMI) program for rating capabilities on a scale of 1 to 5:

    1 = Initial/Ad hoc

    2 = Developing

    3 = Defined

    4 = Managed and Measurable

    5 = Optimized

    Info-Tech Insight

    Focus on Early Alignment. Assessing capabilities within specific people’s job functions can naturally result in disagreement or debate, especially between business and IT people. Objectively facilitate any debate and only finalize capability assessments when there is full alignment. Remind everyone that data architecture should ultimately serve business needs wherever possible.

    Phase 2, Step 2: Set a Target for Data Architecture Capabilities

    PHASE 2

    2.12.22.3
    Measure Your Data Architecture CapabilitiesSet a Target for Data Architecture CapabilitiesIdentify the Tactics That Apply to Your Organization

    This step will walk you through the following activities:

    • Determine your target state in each of the relevant capabilities.
    • Distinguish between essential and nice-to-have capabilities for your organization.

    This step involves the following participants:

    • Data Architect

    Outcomes of this step

    • A holistic understanding of where the organization’s data architecture currently sits, where it needs to go, and where the biggest gaps lie.

    To create a plan for your data architecture priorities, you must also understand where you need to get to in the future

    Keep the goal in mind by documenting target state objectives. This will help to measure the highest priority gaps in the organization’s data architecture capabilities.

    Example driver = Becoming more data driven Arrow pointing right. Info-Tech’s Data Architecture Capability Model with tiers 3, 4, and 5 highlighted. Arrow pointing right. Current Capabilities Arrow pointing right. Target Capabilities
    Gaps and Priorities
    Stock photo of a hand placing four shelves arranged as stairs. On the first step is a mini-cut-out of a person walking.

    Determine your future state across the relevant tiers of the data architecture capability model

    Associated Activity icon 2.2.1 2 hours

    INPUT: Current state of data architecture capabilities.

    OUTPUT: Target state of data architecture capabilities.

    Materials: Data Architecture Tactical Roadmap Tool

    Participants: Data architect

    The future of data architecture is now.

    Determine the state of data architecture capabilities that the organization needs to reach to address the drivers of the business.

    For example: If you identified your business driver as “becoming more data driven”, you will want to focus on the capabilities within Tiers 3, 4, and 5 of the capability model.

    Driver = Becoming more data driven Arrow pointing right. Info-Tech’s Data Architecture Capability Model with tiers 3, 4, and 5 highlighted. Arrow pointing right. Target Capabilities

    Identify where gaps in your data architecture capabilities lie

    Associated Activity icon 2.2.2 1 hour

    INPUT: Current and target states of data architecture capabilities.

    OUTPUT: Holistic understanding of where you need to improve data architecture capabilities.

    Materials: Data Architecture Tactical Roadmap Tool

    Participants: Data architect

    Visualization of gap assessment of data quality practice capabilities

    To enable deeper analysis on the results of your capability assessment, Tab 4. Capability Gap Analysis in the Data Architecture Tactical Roadmap Tool creates visualizations of the gaps identified in each of your practice capabilities and related data management practices. These diagrams serve as analysis summaries.

    Gap Assessment of Data Source Capabilities

    Sample of the Data Architecture Tactical Roadmap Tool, tab 4. Capability Gap Analysis.

    Use Tab 3. Data Quality Practice Scorecard to enhance your data quality project.

    1. Enhance your gap analyses by forming a relative comparison of total gaps in key practice capability areas, which will help in determining priorities.
    2. Put these up on display to improve discussion in the gap analyses and prioritization sessions.
    3. Improve the clarity and flow of your strategy template, final presentations, and summary documents by copying and pasting the gap assessment diagrams.

    Phase 2, Step 3: Identify the Tactics That Apply to Your Organization

    PHASE 2

    2.12.22.3
    Measure Your Data Architecture CapabilitiesSet a Target for Data Architecture CapabilitiesIdentify the Tactics That Apply to Your Organization

    This step will walk you through the following activities:

    • Before making your personal tactic plan, identify the trends in data architecture that can benefit your organization.
    • Understand Info-Tech’s data architecture capability model.
    • Initiate the Data Architecture Roadmap Tool to begin creating a roadmap for your optimization plan.

    This step involves the following participants:

    • Data Architect

    Outcomes of this step

    • A framework for generating a tactical plan for data architecture optimization.
    • Knowledge of the various trends in the data architecture field that can be incorporated into your plan.

    Capitalize on trends in data architecture before you determine the tactics that apply to you

    Stop here. Before you begin to plan for optimization of the organization’s data environment, get a sense of the sustainability and scalability of the direction of the organization’s data architecture evolution.

    Practically any trend in data architecture is driven by an attempt to solve one or more the common challenges of today’s tumultuous data landscape, otherwise known as “big data.” Data is being produced in outrageous amounts, at very high speeds, and in a growing number of types and structures.

    To meet these demands, which are not slowing down, you must keep ahead of the curve. Consider the internal and external catalysts that might fuel your organization’s need to modernize its data architecture:

    Big Data

    Data Storage

    Advanced analytics

    Unstructured data

    Integration

    Hadoop ecosystem

    The discussion about big data is no longer about what it is, but how do businesses of all types operationalize it.

    Is your organization currently capturing and leveraging big data?

    Are they looking to do so in the near future?

    The cloud

    The cloud offers economical solutions to many aspects of data architecture.

    Have you dealt with issues of lack of storage space or difficulties with scalability?

    Do you need remote access to data and tools?

    Real-time architecture

    Advanced analytics (machine learning, natural language processing) often require data in real-time. Consider Lambda and Kappa architectures.

    Has your data flow prevented you from automation, advanced analytics, or embracing the world of IoT?

    Graph databases

    Self-service data access allows more than just technical users to participate in analytics. NoSQL can uncover buried relationships in your data.

    Has your organization struggled to make sense of different types of unstructured data?

    Is ETL enough?

    What SQL is to NoSQL, ETL is to NoETL. Integration techniques are being created to address the high variety and high velocity of data.

    Have your data scientists wasted too much time and resources in the ETL stage?

    Read the Data Architecture Trends Presentation to understand the current cutting edge topics in data architecture

    Supporting Tool icon 2.1 Data Architecture Trends Presentation

    The speed at which new technology is changing is making it difficult for IT professionals to keep pace with best practices, let alone cutting edge technologies.

    The Info-Tech Data Architecture Trends Presentation provides a glance at some of the more significant innovations in technology that are driving today’s advanced data architectures.

    This presentation also explains how these trends relate to either the data challenges you may be facing, or the specific business drivers you are hoping to bring to your organization.

    Sample of the Data Architecture Trends Presentation.
    Data Architecture Trends Presentation

    Gaps between your current and future capabilities will help you to determine the tactics that apply to you

    Now that you know where the organization currently stands, follow these steps to begin prioritizing the initiatives:

    1. What are you trying to accomplish? Determine target states that are framed in quantifiable objectives that can be clearly communicated. The more specific the objectives are the better.
    2. Evaluate the “delta,” or difference between where the organization currently stands and where it needs to go. This will be expressed in terms of gap closure strategies, and will help clarify the initiatives that will populate the road map.
    3. Determine the relative business value of each initiative, as well as the relative complexities of successfully implementing them. These scores should be created with stakeholder input, and then plotted in an effort/transition quadrant map to determine where the quickest and most valuable wins lie.
    Current State Gap Closure Strategies Target State Data Architecture Tactical Roadmap
    • Organization objectives
    • Functional needs
    • Current operating models
    • Technology assets
    Initiatives involving:
    • Organizational changes
    • Functional changes
    • Technology changes
    • Process changes
    • Performance objectives (revenue growth, customer intimacy, growth of organization)
    • Operating model improvements
    • Prioritized, simplified, and compelling vision of how the organization will optimize data architecture

    (Source: “How to Build a Roadmap”)

    Info-Tech Insight

    Optimizing data architecture requires a tactical approach, not a passive approach. The demanding task of optimization requires the ability to heavily prioritize. After you have identified why, determine how using our pre-built roadmap to address the four common drivers.

    Each of the layers of an organization’s data architecture have associated challenges to optimization

    Stop! Before you begin, recognize these “gotchas” that can present roadblocks to creating an effective data architecture environment.

    Before diving headfirst into creating your tactical data architecture plan, documenting the challenges associated with each aspect of the organization’s data architecture can help to identify where you need to focus your energy in optimizing each tier. The following table presents the common challenges across the five tiers:

    Source Tier

    Integration Tier

    Warehousing Tier

    Analytics Tier

    Presentation Tier

    Inconsistent data models Performance issues Scalability of the data warehouse Data currency, flexibility Model interoperability
    Data quality measures: data accuracy, timeliness, accessibility, relevance Duplicated data Infrastructure needed to support volume of data No business context for using the data in the correct manner No business context for using the data in the correct manner
    Free-form field and data values beyond data domain Tokenization and other required data transformations Performance
    Volume
    Greedy consumers can cripple performance
    Insufficient infrastructure
    Inefficiencies in building the data mart Report proliferation/chaos (“kitchen sink dashboards”)
    Reporting out of source systems DB model inefficiencies
    Manual errors;
    Application usability
    Elasticity

    Create metrics before you plan to optimize your data architecture

    Associated Activity icon 2.2.3 1 hour

    INPUT: Tactics that will be used to optimize data architecture.

    OUTPUT: Metrics that can be used to measure optimization success.

    Materials: Data Architecture Tactical Roadmap Tool

    Participants: Data architect

    Metrics will help you to track your optimization efforts and ensure that they are providing value to the organization.

    There are two types of metrics that are useful for data architects to track and measure: program metrics and project metrics. Program metrics represent the activities that the data architecture program, which is the sum of multiple projects, should help to improve. Project metrics are the more granular metrics that track each project.

    Program Metrics

    • TCO of IT
      • Costs associated with applications, databases, data maintenance
      • Should decrease with better data architecture (rationalized apps, operationalized databases)
    • Cost savings:
      • Retiring a legacy system and associated databases
      • Consolidated licensing
      • Introducing shared services
    • Data systems under maintenance (maintenance burden)
    • End-user data requests fulfilled
    • Improvement of time of delivery of reports and insights

    Project Metrics

    • Percent of projects in alignment with EA
    • Percent of projects compliant with the EA governance process (architectural due diligence rate)
    • Reducing time to market for launching new products
      • Reducing human error rates
      • Speeding up order delivery
      • Reducing IT costs
      • Reducing severity and frequency of security incidents

    Use Tab 6. Metrics of the Data Architecture Tactical Roadmap Tool to document and track metrics associated with your optimization tactics.

    Use Info-Tech’s resources to build your data architecture capabilities

    The following resources from Info-Tech can be used to improve the capabilities that were identified as having a gap. Read more about the details of the five-tier architecture in the blueprints below:

    Data Governance

    Data architecture depends on effective data governance. Use our blueprint, Enable Shared Insights With an Effective Data Governance Engine to get more out of your architecture.

    Data Quality

    The key to maintaining high data quality is a proactive approach that requires you to establish and update strategies for preventing, detecting, and correcting errors. Find out more on how to improve data quality with Info-Tech’s blueprint, Restore Trust in Your Data Using a Business-Aligned Data Quality Management Approach.

    Master Data Management

    When you start your data governance program, you will quickly realize that you need an effective MDM strategy for managing your critical data assets. Use our blueprint, Develop a Master Data Management Strategy and Roadmap to Better Monetize Data to get started with MDM.

    Data Warehouse

    The key to maintaining high data quality is a proactive approach that requires you to establish and update strategies for preventing, detecting, and correcting errors. Find out more on how to improve data quality with Info-Tech’s blueprint, Drive Business Innovation With a Modernized Data Warehouse Environment.

    With the optimal tactics identified, the monetary authority uncovered areas needing improvement

    CASE STUDY

    Industry: Financial
    Source: Info-Tech Consulting
    Symbol for 'Monetary Authority Case Study'.

    Part 2

    After establishing the appropriate tactics based on its business driver, the monetary authority was able to identify its shortcomings and adopt resolutions to remedy the issues.

    Best Practice Tactic Current State Solution
    Tier 1 - Data Sources Identify data sources Data coming from a number of locations. Create data model for old and new systems.
    Ensure data quality Internal data scanned from paper and incomplete. Data cleansing and update governance and business rules for migration to new system.
    External sources providing conflicting data.
    Tier 3 - Data Warehousing Data catalogue Data aggregated incompletely. Built proper business data glossary for searchability.
    Indexing Data warehouse performance sub-optimal. Architected data warehouse for appropriate use (star schema).
    Tier 4 - Data Analytics Data accessibility Relevant data buried in warehouse. Build data marts for access.
    Data reduction Accurate report building could not be performed in current storage. Built interim solution sandbox, spin up SQL database.

    Establishing these solutions provided the organization with necessary information to build their roadmap and move towards implementing an optimized data architecture.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of a Info-Tech analyst.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1.1 – 2.2.2

    Sample of activities 2.1.1 and 2.2.2, the first being 'Determine your current state across the related architecture tiers'. Evaluate your current capabilities and design your target data quality practice from two angles

    In this assessment and planning activity, the team will evaluate the current and target capabilities for your data architecture’s ability to meet business needs based on the essential capabilities across the five tiers of an organization’s architectural environment.

    2.2.3

    Sample of activity 2.2.3 'Create metrics before you plan to optimize your data architecture'. Create metrics to track the success of your optimization plan.

    The Info-Tech facilitator will guide you through the process of creating program and project metrics to track as you optimize your data architecture. This will help to ensure that the tactics are helping to improve crucial business attributes.

    Build a Business-Aligned Data Architecture Optimization Strategy

    PHASE 3

    Create Your Tactical Data Architecture Roadmap

    Phase 3 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Create Your Tactical Data Architecture Roadmap

    Proposed Time to Completion: 2 weeks
    Step 3.1: Personalize Your Data Architecture RoadmapStep 3.2: Manage Your Data Architecture Decisions and the Resulting Changes
    Start with an analyst kick-off call:
    • Review the tactical plan that addresses the business drivers by optimizing your data architecture in the relevant focus areas.
    Review findings with analyst:
    • Discuss and review the roadmap of optimization activities, including dependencies, timing, and ownership of activities.
    • Understand how change management is an integral aspect of any data architecture optimization plan.
    Then complete these activities…
    • Create your detailed data architecture initiative roadmap.
    Then complete these activities…
    • Create your Data Architecture Decision Template to document the changes that are going to be made to optimize your data architecture environment.
    • Review how change management fits into the data architecture improvement program.
    With these tools & templates:
    • Data Architecture Tactical Roadmap Tool
    With these tools & templates:
    • Data Architecture Decision Template

    Phase 3 Results & Insights

    • Phase 3 will help you to build a personalized roadmap and plan for optimizing data architecture in your organization. In carrying out this roadmap, changes will, by necessity, occur. Therefore, an integral aspect of a data architect’s role is change management. Use the resources included in Phase 3 to smoothen the change management process.

    Phase 3, Step 1: Personalize Your Data Architecture Roadmap

    PHASE 3

    3.1 3.2
    Personalize Your Data Architecture Roadmap Manage Your Data Architecture Decisions and the Resulting Changes

    This step will walk you through the following activities:

    • Determine the timing, effort, and ownership of the recommended optimization initiatives.
    • Brainstorm initiatives that are not yet on the roadmap but apply to you.

    This step involves the following participants:

    • Data Architect
    • DBAs
    • Enterprise Architect

    Outcomes of this step

    • A roadmap of specific initiatives that map to the tactical plan for optimizing your organization’s data architecture.
    • A plan for communicating high-level business objectives to data workers to address the issues of the business.

    Now that you have tactical priorities, identify the actionable steps that will lead you to an optimized data architecture

    Phase 1 and 2 helped you to identify tactics that address some of the most common business drivers. Phase 3 will bring you through the process of practically planning what those tactics look like in your organization’s environment and create a roadmap to plan how you will generate business value through optimization of your data architecture environment.

    Diagram of the three phases and the goals of each one. The first phase says 'Identify your data architecture business driver' and highlights 'Business Driver 3' out of four to focus on in Phase 2. Phase 2 says 'Optimization tactics across the five-tier logical data architecture' and identifies four of six 'Tactics' to use in Phase 3. Phase 3 is a 'Practical Roadmap of Initiatives' and utilizes a timeline of initiatives in which to apply the chosen tactics.

    Use the Data Architecture Tactic Roadmap Tool to personalize your roadmap

    Supporting Tool icon 3.1.1 Data Architecture Tactic Roadmap Tool
    Generating Your Roadmap
    1. On Tab 5. Tactic and Initiative Planning, you will find a list of tactics that correspond to every capability that applies to your chosen driver and where there is a gap. In addition, each tactic has a sequence of “Suggested Initiatives,” which represent the best-practice steps that you should take to optimize your data architecture according to your priorities and gaps.
    2. Customize this list of initiatives according to your needs.
    3. The Gantt chart is generated in Tab 7. Initiative Roadmap, and can be used to organize your plan and ensure that all of the essential aspects of optimizing data architecture are addressed.
    4. The roadmap can be used as an “executive brief” roadmap and as a communication tool for the business.
    Screenshot of the Data Architecture Tactic Roadmap Tool, Tab 5. Tactic and Initiative Planning.
    Tab 5. Tactic and Initiative Planning

    Screenshot of the Data Architecture Tactic Roadmap Tool, Tab 7. Initiative Roadmap.
    Tab 7. Initiative Roadmap

    Determine the details of your data architecture optimization activities

    Associated Activity icon 3.1.2 1 hour

    INPUT: Timing of initiatives for optimizing data architecture.

    OUTPUT: Optimization roadmap

    Materials: Data Architecture Tactic Roadmap Tool

    Participants: Data architect, Enterprise Architect

    Instructions

    1. With the list of suggested activities in place on Tab 5. Tactic and Initiative Planning, select whether or not the initiatives will be included in the roadmap. By default, all of the initiatives are set to “Yes.”
    2. Plan the sequence, starting time, and length of each initiative, as well as the assigned responsibility of the initiative in Tab 5. Tactic and Initiative Planning of the Data Architecture Tactic Roadmap Tool.
    3. The tool will a generate a Gantt chart based on the start and length of your initiatives.
    4. The Gantt chart is generated in Tab 7. Initiative Roadmap.
    Screenshot of the Data Architecture Tactic Roadmap Tool, Tab 5. Tactic and Initiative Planning. Tab 5. Tactic and Initiative Planning Screenshot of the Data Architecture Tactic Roadmap Tool, Tab 7. Initiative Roadmap. Tab 7. Initiative Roadmap

    Info-Tech Insight

    The activities that populate the roadmap can be taken as best practice activities. If you want an actionable, comprehensive, and prescriptive plan for optimizing your data architecture, fill in the timing of the activities and print the roadmap. This can serve as a rapid communication tool for your data architecture plan to the business and other architects.

    Optimizing data architecture relies on communication between the business and data workers

    Remember: Data architects bridge the gap between strategic and technical requirements of data.

    Visualization centering the 'Data Architect' as the bridge between 'Data Workers', 'Business', and 'Data & Applications'.

    Therefore, as you plan the data and its interactions with applications, it is imperative that you communicate the plan and its implications to the business and the data workers. Stock photo of coworkers communicating.
    Also remember: In Phase 1, you built your tactical data architecture optimization plan.
    Sample 1 of the Data Architecture Optimization Template. Sample 2 of the Data Architecture Optimization Template.
    Use this document to communicate your plan for data architecture optimization to both the business and the data workers. Socialize this document as a representation of your organization’s current data architecture as well as where it is headed in the future.

    Communicate your data architecture optimization plan to the business for approval

    Associated Activity icon 3.1.3 2 hours

    INPUT: Data Architecture Tactical Roadmap

    OUTPUT: Communication plan

    Materials: Data Architecture Optimization Template

    Participants: Data Architect, Business representatives, IT representatives

    Instructions

    Begin by presenting your plan and roadmap to the business units who participated in business interviews in activity 1.1.3 of Phase 1.

    If you receive feedback that suggests that you should make revisions to the plan, consult Info-Tech Research Group for suggestions on how to improve the plan.

    If you gain approval for the plan, communicate it to DBAs and other data workers.

    Iterative optimization and communication plan:
    Visualization of the Iterative optimization and communication plan. 'Start here' at 'Communicate Plan and Roadmap to the Business', and then continue in a cycle of 'Receive Approval or Suggested Modifications', 'Get Advice for Improvements to the Plan', 'Revise Plan', and back to the initial step until you receive 'Approval', then 'Present to Data Workers'.

    With a roadmap in place, the monetary authority followed a tactical and practical plan to repair outdated data architecture

    CASE STUDY

    Industry: Financial
    Source: Info-Tech Consulting
    Symbol for 'Monetary Authority Case Study'.

    Part 3

    After establishing the appropriate tactics based on its business driver, the monetary authority was able to identify its shortcomings and adopt resolutions to remedy the issues.

    Challenge

    A monetary authority was placed under new requirements where it would need to produce 6 different report types on its clients to a regulatory body within a window potentially as short as 1 hour.

    With its current capabilities, it could complete such a task in roughly 7 days.

    The organization’s data architecture was comprised of legacy systems that had poor searchability. Moreover, the data it worked with was scanned from paper, regularly incomplete and often inconsistent.

    Solution

    The solution first required the organization to establish the business driver behind the need to optimize its architecture. In this case, it would be compliance requirements.

    With Info-Tech’s methodology, the organization focused on three tiers: data sources, warehousing, and analytics.

    Several solutions were developed to address the appropriate lacking capabilities. Firstly, the creation of a data model for old and new systems. The implementation of governance principles and business rules for migration of any data. Additionally, proper indexing techniques and business data glossary were established. Lastly, data marts and sandboxes were designed for data accessibility and to enable a space for proper report building.

    Results

    With the solutions established, the monetary authority was given information it needed to build a comprehensive roadmap, and is currently undergoing the implementation of the plan to ensure it will experience its desired outcome – an optimized data architecture built with the capacity to handle external compliance requirements.

    Phase 3, Step 2: Manage Your Data Architecture Decisions and the Resulting Changes

    PHASE 3

    3.13.2
    Personalize Your Data Architecture RoadmapManage Your Data Architecture Decisions and the Resulting Changes

    This step will walk you through the following activities:

    • With a plan in place, document the major architectural decisions that have been and will be made to optimize data architecture.
    • Create a plan for change and release management, an essential function of the data architect role.

    This step involves the following participants:

    • Data Architect
    • Enterprise Architect

    Outcomes of this step

    • Resources for documenting and managing the inevitable change associated with updates to the organization’s data architecture environment.

    To implement data architecture changes, you must plan to accommodate the issues that come with change

    Once you have a plan in place, one the most challenging aspects of improving an organization is yet to come…overcoming change!

    “When managing change, the job of the data architect is to avoid unnecessary change and to encapsulate necessary change.

    You must provide motivation for simplifying change, making it manageable for the whole organization.” (Andrew Johnston, Independent Consultant)

    Stock photo of multiple hands placing app/website design elements on a piece of paper.

    Create roadmap

    Arrow pointing down.

    Communicate roadmap

    Arrow pointing down.

    Implement roadmap

    Arrow pointing down.

    Change management

    Use the Data Architecture Decision Template when architectural changes are made

    Supporting Tool icon 3.2 Data Architecture Decision Template
    Document the architectural decisions made to provide context around changes made to the organization’s data environment.

    The goal of this Data Architecture Decision Template is to provide data architects with a template for managing the changes that accompany major architectural decisions. As you work through the Build a Business-Aligned Data Architecture Optimization Strategy blueprint, you will create a plan for tactical initiatives that address the drivers of the business to optimize your data architecture. This plan will bring about changes to the organization’s data architecture that need change management considerations.

    Document any major changes to the organization’s data architecture that are required to evolve with the organization’s drivers. This will ensure that major architectural changes are documented, tracked, and that the context around the decision is maintained.

    “Environment is very chaotic nowadays – legacy apps, sprawl, ERPs, a huge mix and orgs are grappling with what our data landscape look like? Where are our data assets that we need to use?” (Andrew Johnston, Independent Consultant)

    Sample of the Data Architecture Decision Template.

    Use Info-Tech’s Data Architecture Decision Template to document any major changes in the organization’s data architecture.

    Leverage Info-Tech’s resources to smooth change management

    As changes to the architectural environment occur, data architects must stay ahead of the curve and plan the change management considerations that come with major architectural decisions.

    “When managing change, the job of the data architect is to avoid unnecessary change and to encapsulate necessary change.

    You must provide motivation for simplifying change, making it manageable for the whole organization.” (Andrew Johnston, Independent Consultant)

    See Info-Tech’s resources on change management to smooth changes:
    Banner for the blueprint set 'Optimize Change Management' with subtitle 'Turn and face the change with a right-sized change management process'.
    Sample of the Optimize Change Management blueprint.

    Change Management Blueprint

    Sample of the Change Management Roadmap Tool.

    Change Management Roadmap Tool

    Use Info-Tech’s resources for effective release management

    As changes to the architectural environment occur, data architects must stay ahead of the curve and plan the release management considerations around new hardware and software releases or updates.

    Release management is a process that encompasses the planning, design, build, configuration, and testing of hardware and software releases to create a defined set of release components (ITIL). Release activities can include the distribution of the release and supporting documentation directly to end users. See Info-Tech’s resources on Release Management to smooth changes:

    Banner for the blueprint set 'Take a Holistic View to Optimize Release Management' with subtitle 'Build trust by right-sizing your process using appropriate governance'.
    Samples of the Release Management blueprint.

    Release Management Blueprint

    Sample of the Release Management Process Standard Template.

    Release Management Process Standard Template

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of a Info-Tech analyst.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1.1

    Sample of activity 3.1.2 'Determine the timing of your data architecture optimization activities'. Create your personalized roadmap of activities.

    In this activity, the facilitator will guide the team in evaluating practice gaps highlighted by the assessment, and compare these gaps at face value so general priorities can be documented. The same categories as in 3.1.1 are considered.

    3.1.3

    Sample of activity 3.1.3 'Communicate your Data Architecture Optimization Plan to the business for approval'. Communicate your data architecture optimization plan.

    The facilitator will help you to identify the optimal medium and timing for communicating your plan for optimizing your data architecture.

    Insight breakdown

    Insight 1

    • Data architecture needs to evolve along with the changing business landscape. There are four common business drivers that put most pressure on archaic architectures. As a result, the organization’s architecture must be flexible and responsive to changing business needs.

    Insight 2

    • Data architecture is not just about models.
      Viewing data architecture as just technical data modeling can lead to structurally unsound data that does not serve the business.

    Insight 3

    • Data is used differently across the layers of an organization’s data architecture, and the capabilities needed to optimize use of data change with it. Architecting and managing data from source to warehousing to presentation requires different tactics for optimal use.

    Summary of accomplishment

    Knowledge Gained

    • An understanding of what data architecture is, how data architects can provide value to the organization, and how data architecture fits into the larger enterprise architecture picture.
    • The capabilities required for optimization of the organization’s data architecture across the five tiers of the logical data architecture model.

    Processes Optimized

    • Prioritization and planning of data architect responsibilities across the five tiers of the five-tier logical data architecture model.
    • Roadmapping of tactics that address the most common business drivers of the organization.
    • Architectural change management.

    Deliverables Completed

    • Data Architecture Driver Pattern Identification Tool
    • Data Architecture Optimization Template
    • Data Architecture Trends Presentation
    • Data Architecture Roadmap Tool
    • Data Architecture Decision Template

    Research contributors and experts

    Photo of Ron Huizenga, Senior Product Manager, Embarcadero Technologies, Inc. Ron Huizenga, Senior Product Manager
    Embarcadero Technologies, Inc.

    Ron Huizenga has over 30 years of experience as an IT executive and consultant in enterprise data architecture, governance, business process reengineering and improvement, program/project management, software development, and business management. His experience spans multiple industries including manufacturing, supply chain, pipelines, natural resources, retail, healthcare, insurance, and transportation.

    Photo of Andrew Johnston, Architect, Independent Consultant. Andrew Johnston, Architect Independent Consultant

    An independent consultant with a unique combination of managerial, commercial, and technical skills, Andrew specializes in the development of strategies and technical architectures that allow businesses to get the maximum benefit from their IT resources. He has been described by clients as a "broad spectrum" architect, summarizing his ability to engage in many problems at many levels.

    Research contributors

    Internal Contributors
    Logo for Info-Tech Research Group.
    • Steven J. Wilson, Senior Director, Research & Advisory Services
    • Daniel Ko, Research Manager
    • Bernie Gilles, Senior Director, Research & Advisory Services
    External Contributors
    Logo for Embarcadero.
    Logo for Questa Computing. Logo for Geha.
    • Ron Huizenga, Embercardo Technologies
    • Andrew Johnston, Independent Consultant
    • Darrell Enslinger, Government Employees Health Association
    • Anonymous Contributors

    Bibliography

    Allen, Mark. “Get the ETL Out of Here.” MarkLogic. Sep, 2016. Web. 25 Apr 2017.[http://www.marklogic.com/blog/get-the-etl-out-of-here/]

    Anadiotis, George. “Streaming hot: Real-time big data architecture matters.” ZDNet. Jan, 2017. Web. 25 Apr 2017. [http://www.zdnet.com/article/streaming-hot-real-time-big-data-architecture-matters/]

    Aston, Dan. “The Economic value of Enterprise Architecture and How to Show It.” Erwin. Aug, 2016. Web. 20 Apr 2017. [http://erwin.com/blog/economic-value-enterprise-architecture-show/]

    Baer, Tony. “2017 Trends to Watch: Big Data.” Ovum. Nov, 2016. Web. 25 Apr 2017.

    Bmc. “Benefits & Advantages of Hadoop.” Bmc. Web. 25 Apr 2017. [http://www.bmcsoftware.ca/guides/hadoop-benefits-business-case.html]

    Boyd, Ryan, et al. “Relational vs. Graph Data Modeling” DZone. Mar 2016. Web. 25 Apr 2017. [https://dzone.com/articles/relational-vs-graph-data-modeling]

    Brahmachar, Satya. “Theme To Digital Transformation - Journey to Data Driven Enterprise” Feb, 2015. Web. 20 Apr 2017. [http://satyabrahmachari-thought-leader.blogspot.ca/2015/02/i-smac-theme-to-digital-transformation.html]

    Capsenta. “NoETL.” Capsenta. Web. 25 Apr 2017. [https://capsenta.com/wp-content/uploads/2015/03/Capsenta-Booklet.pdf]

    Connolly, Shaun. “Implementing the Blueprint for Enterprise Hadoop” Hortonworks. Apr, 2014. Web. 25 Apr 2017. https://hortonworks.com/blog/implementing-the-blue...

    Forbes. “Cloud 2.0: Companies Move From Cloud-First To Cloud-Only.” Forbes. Apr, 2017. Web. 25 Apr 2017. [https://www.forbes.com/sites/vmware/2017/04/07/cloud-2-0-companies-move-from-cloud-first-to-cloud-only/#5cd9d94a4d5e]

    Forgeat, Julien. “Lambda and Kappa.” Ericsson. Nov 2015. Web 25 Apr 2017. [https://www.ericsson.com/research-blog/data-knowledge/data-processing-architectures-lambda-and-kappa/]

    Grimes, Seth. “Is It Time For NoETL?” InformationWeek. Mar, 2010. Web. 25 Apr 2017. [http://www.informationweek.com/software/information-management/is-it-time-for-noetl/d/d-id/1087813]

    Gupta, Manav. et al. “How IB‹ leads in building big data analytics solutions in the cloud.” IBM. Feb, 2016. Web. 25 Apr 2017. [https://www.ibm.com/developerworks/cloud/library/cl-ibm-leads-building-big-data-analytics-solutions-cloud-trs/index.html#N102DE]

    “How To Build A Roadmap.” Hub Designs Magazine. Web 25 Apr 2017. [https://hubdesignsmagazine.com/2011/03/05/how-to-build-a-roadmap/]

    IBM. “Top industry use cases for stream computing.” IBM. Oct, 2015. Web. 25 Apr 2017. [https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=IMW14704USEN]

    Mateos-Garcia, Juan, et al. “Skills Of The Datavores.” Nesta. July. 2015. Web. 8 Aug 2016. [https://www.nesta.org.uk/sites/default/files/skills_of_the_datavores.pdf].

    Maynard, Steven. “Analytics: Don’t Forget The Human Element” Forbes. 2015. Web. 20 Apr. 2017. [http://www.ey.com/Publication/vwLUAssets/EY-Forbes-Insights-Data-and-Analytics-Impact-Index-2015/$FILE/EY-Forbes-Insights-Data-and-Analytics-Impact-Index-2015.pdf]

    Neo4j. “From Relational to Neo4j.” Neo4j. Web. 25 Apr 2017. [https://neo4j.com/developer/graph-db-vs-rdbms/#_from_relational_to_graph_databases]

    NoETL “NoETL.” NoETL. Web. 25 Apr 2017. [http://noetl.org/]

    Nolan, Roger. “Digital Transformation: Is Your Data Management Ready?” Informatica. Jun, 2016. Web. 20 Apr 2017. [https://blogs.informatica.com/2016/06/10/digital-transformation-data-management-ready/#fbid=hmBYQgS6hnm]

    OpsClarity. “2016 State of Fast Data & Streaming Applications.” OpsClarity. Web. 25 Apr 2017. [https://www.opsclarity.com/wp-content/uploads/2016/07/2016FastDataSurvey.pdf]

    Oracle. “A Relational Database Overview.” Oracle. Web. 25 Apr 2017. [https://docs.oracle.com/javase/tutorial/jdbc/overview/database.html]

    Ponemon Institute LLC. “Big Data Cybersecurity Analytics Research Repor.t” Cloudera. Aug, 2016. Web. 25 Apr 2017. [https://www.cloudera.com/content/dam/www/static/documents/analyst-reports/big-data-cybersecurity-analytics-research-report.pdf]

    Sanchez, Jose Juan. “Data Movement Killed the BI Star.” DV Blog. May, 2016. Web. 20 Apr. 2017. [http://www.datavirtualizationblog.com/data-movement-killed-the-bi-star/]

    SAS. “Hadoop; What it is and why does it matter?” SAS. Web. 25 Apr 2017. [https://www.sas.com/en_ca/insights/big-data/hadoop.html#hadoopusers]

    Schumacher, Robin. “A Quick Primer on graph Databases for RDBMS Professionals.” Datastax. Jul, 2016. Web. 25 Apr 2017. [http://www.datastax.com/2016/07/quick-primer-on-graph-databases-for-rdbms-professionals]

    Swoyer, Steve. “It’s the End of the Data Warehouse as We Know It.” TDWI. Jan, 2017. Web. 20 Apr. 2017. [https://upside.tdwi.org/articles/2017/01/11/end-of-the-data-warehouse-as-we-know-it.aspx]

    Webber, Jim, and Ian Robinson. “The Top 5 Use Cases of Graph Databases.” Neo4j. 2015. Web. 25 Apr 2017. [http://info.neo4j.com/rs/773-GON-065/images/Neo4j_Top5_UseCases_Graph%20Databases.pdf]

    Zachman Framework. [https://www.zachman.com/]

    Zupan, Jane. “Survey of Big Data Decision Makers.” Attiv/o. May, 2016. Web. 20 Apr 2017. [https://www.attivio.com/blog/post/survey-big-data-decision-makers]

    Build a Data Classification MVP for M365

    • Buy Link or Shortcode: {j2store}67|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: End-User Computing Applications
    • Parent Category Link: /end-user-computing-applications
    • Resources are the primary obstacle to getting a foot hold in O365 governance, whether it is funding or FTE resources.
    • Data is segmented and is difficult to analyze when you can’t see it or manage the relationships between sources.
    • Organizations expect results early and quickly and a common obstacle is that building a proper data classification framework can take more than two years and the business can't wait that long.

    Our Advice

    Critical Insight

    • Data classification is the lynchpin to ANY effective governance of O/M365 and your objective is to navigate through this easily and effectively and build a robust, secure, and viable governance model.
    • Start your journey by identifying what and where your data is and how much data you have. You need to understand what sensitive data you have and where it is stored before you can protect it or govern that data.
    • Ensure there is a high-level leader who is the champion of the governance objective.

    Impact and Result

    • Using least complex sensitivity labels in your classification are your building blocks to compliance and security in your data management schema; they are your foundational steps.

    Build a Data Classification MVP for M365 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build a Data Classification MVP for M365 Deck – A guide for how to build a minimum-viable product for data classification that end users will actually use.

    Discover where your data resides, what governance helps you do, and what types of data you're classifying. Then build your data and security protection baselines for your retention policy, sensitivity labels, workload containers, and both forced and unforced policies.

    • Build a Data Classification MVP for M365 Storyboard
    [infographic]

    Further reading

    Build a Data Classification MVP for M365

    Kickstart your governance with data classification users will actually use!

    Executive Summary

    Info-Tech Insight

    • Creating an MVP gets you started in data governance
      Information protection and governance are not something you do once and then you are done. It is a constant process where you start with the basics (a minimum-viable product or MVP) and enhance your schema over time. The objective of the MVP is reducing obstacles to establishing an initial governance position, and then enabling rapid development of the solution to address a variety of real risks, including data loss prevention (DLP), data retention, legal holds, and data labeling.
    • Define your information and protection strategy
      The initial strategy is to start looking across your organization and identifying your customer data, regulatory data, and sensitive information. To have a successful data protection strategy you will include lifecycle management, risk management, data protection policies, and DLP. All key stakeholders need to be kept in the loop. Ensure you keep track of all available data and conduct a risk analysis early. Remember, data is your highest valued intangible asset.
    • Planning and resourcing are central to getting started on MVP
      A governance plan and governance decisions are your initial focus. Create a team of stakeholders that include IT and business leaders (including Legal, Finance, HR, and Risk), and ensure there is a top-level leader who is the champion of the governance objective, which is to ensure your data is safe, secure, and not prone to leakage or theft, and maintain confidentiality where it is warranted.

    Executive Summary

    Your Challenge
    • Today, the amount of data companies are gathering is growing at an explosive rate. New tools are enabling unforeseen channels and ways of collaborating.
    • Combined with increased regulatory oversight and reporting obligations, this makes the discovery and management of data a massive undertaking. IT can’t find and protect the data when the business has difficulty defining its data.
    • The challenge is to build a framework that can easily categorize and classify data yet allows for sufficient regulatory compliance and granularity to be useful. Also, to do it now because tomorrow is too late.
    Common Obstacles

    Data governance has several obstacles that impact a successful launch, especially if governing M365 is not a planned strategy. Below are some of the more common obstacles:

    • Resources are the primary obstacle to starting O365 governance, whether it is funding or people.
    • Data is segmented and is difficult to analyze when you can’t see it or manage the relationships between sources.
    • Organizations expect results early and quickly and a common obstacle is that building a "proper data classification framework” is a 2+ year project and the business can't wait that long.
    Info-Tech’s Approach
    • Start with the basics: build a minimum-viable product (MVP) to get started on the path to sustainable governance.
    • Identify what and where your data resides, how much data you have, and understand what sensitive data needs to be protected.
    • Create your team of stakeholders, including Legal, records managers, and privacy officers. Remember, they own the data and should manage it.
    • Categorization comes before classification, and discovery comes before categorization. Use easy-to-understand terms like high, medium, or low risk.

    Info-Tech Insight

    Data classification is the lynchpin to any effective governance of O/M365 and your objective is to navigate through this easily and effectively and build a robust, secure, and viable governance model. Start your journey by identifying what and where your data is and how much data do you have. You need to understand what sensitive data you have and where it is stored before you can protect or govern it. Ensure there is a high-level leader who is the champion of the governance objectives. Data classification fulfills the governance objectives of risk mitigation, governance and compliance, efficiency and optimization, and analytics.

    Questions you need to ask

    Four key questions to kick off your MVP.

    1

    Know Your Data

    Do you know where your critical and sensitive data resides and what is being done with it?

    Trying to understand where your information is can be a significant project.

    2

    Protect Your Data

    Do you have control of your data as it traverses across the organization and externally to partners?

    You want to protect information wherever it goes through encryption, etc.

    3

    Prevent Data Loss

    Are you able to detect unsafe activities that prevent sharing of sensitive information?

    Data loss prevention (DLP) is the practice of detecting and preventing data breaches, exfiltration, or unwanted destruction of sensitive data.

    4

    Govern Your Data

    Are you using multiple solutions (or any) to classify, label, and protect sensitive data?

    Many organizations use more than one solution to protect and govern their data, making it difficult to determine if there are any coverage gaps.

    Classification tiers

    Build your schema.

    Pyramid visualization for classification tiers. The top represents 'Simplicity', and the bottom 'Complexity' with the length of the sides at each level representing the '# of policies' and '# of labels'. At the top level is 'MVP (Minimum-Viable Product) - Confidential, Internal (Subcategory: Personal), Public'. At the middle level is 'Regulated - Highly Confidential, Confidential, Sensitive, General, Internal, Restricted, Personal, Sub-Private, Public'. And a the bottom level is 'Government (DOD) - Top Secret (TS), Secret, Confidential, Restricted, Official, Unclassified, Clearance'

    Info-Tech Insight

    Deciding on how granular you go into data classification will chiefly be governed by what industry you are in and your regulatory obligations – the more highly regulated your industry, the more classification levels you will be mandated to enforce. The more complexity you introduce into your organization, the more operational overhead both in cost and resources you will have to endure and build.

    Microsoft MIP Topology

    Microsoft Information Protection (MIP), which is Microsoft’s Data Classification Services, is the key to achieving your governance goals. Without an MVP, data classification will be overwhelming; simplifying is the first step in achieving governance.

    A diagram of multiple offerings all connected to 'MIP Data Classification Service'. Circled is 'Sensitivity Labels' with an arrow pointing back to 'MIP' at the center.
    (Source: Microsoft, “Microsoft Purview compliance portal”)

    Info-Tech Insight

    Using least-complex sensitivity labels in your classification are your building blocks to compliance and security in your data management schema; they are your foundational steps.

    MVP RACI Chart

    Data governance is a "takes a whole village" kind of effort.

    Clarify who is expected to do what with a RACI chart.

    End User M365 Administrator Security/ Compliance Data Owner
    Define classification divisions R A
    Appy classification label to data – at point of creation A R
    Apply classification label to data – legacy items R A
    Map classification divisions to relevant policies R A
    Define governance objectives R A
    Backup R A
    Retention R A
    Establish minimum baseline A R

    What and where your data resides

    Data types that require classification.

    Logos for 'Microsoft', 'Office 365', and icons for each program included in that package.
    M365 Workload Containers
    Icon for MS Exchange. Icon for MS SharePoint.Icon for MS Teams. Icon for MS OneDrive. Icon for MS Project Online.
    Email
    • Attachments
    Site Collections, Sites Sites Project Databases
    Contacts Teams and Group Site Collections, Sites Libraries and Lists Sites
    Metadata Libraries and Lists Documents
    • Versions
    Libraries and Lists
    Teams Conversations Documents
    • Versions
    Metadata Documents
    • Versions
    Teams Chats Metadata Permissions
    • Internal Sharing
    • External Sharing
    Metadata
    Permissions
    • Internal Sharing
    • External Sharing
    Files Shared via Teams Chats Permissions
    • Internal Sharing
    • External Sharing

    Info-Tech Insight

    Knowing where your data resides will ensure you do not miss any applicable data that needs to be classified. These are examples of the workload containers; you may have others.

    Discover and classify on- premises files using AIP

    AIP helps you manage sensitive data prior to migrating to Office 365:
    • Use discover mode to identify and report on files containing sensitive data.
    • Use enforce mode to automatically classify, label, and protect files with sensitive data.
    Can be configured to scan:
    • SMB files
    • SharePoint Server 2016, 2013
    Stock image of a laptop uploading to the cloud with a padlock and key in front of it.
    • Map your network and find over-exposed file shares.
    • Protect files using MIP encryption.
    • Inspect the content in file repositories and discover sensitive information.
    • Classify and label file per MIP policy.
    Azure Information Protection scanner helps discover, classify, label, and protect sensitive information in on-premises file servers. You can run the scanner and get immediate insight into risks with on-premises data. Discover mode helps you identify and report on files containing sensitive data (Microsoft Inside Track and CIAOPS, 2022). Enforce mode automatically classifies, labels, and protects files with sensitive data.

    Info-Tech Insight

    Any asset deployed to the cloud must have approved data classification. Enforcing this policy is a must to control your data.

    Understanding governance

    Microsoft Information Governance

    Information Governance
    • Retention policies for workloads
    • Inactive and archive mailboxes

    Arrow pointing down-right

    Records Management
    • Retention labels for items
    • Disposition review

    Arrow pointing down-left

    Retention and Deletion

    ‹——— Connectors for Third-Party Data ———›

    Information governance manages your content lifecycle using solutions to import, store, and classify business-critical data so you can keep what you need and delete what you do not. Backup should not be used as a retention methodology since information governance is managed as a “living entity” and backup is a stored information block that is “suspended in time.” Records management uses intelligent classification to automate and simplify the retention schedule for regulatory, legal, and business-critical records in your organization. It is for that discrete set of content that needs to be immutable.
    (Source: Microsoft, “Microsoft Purview compliance portal”)

    Retention and backup policy decision

    Retention is not backup.

    Info-Tech Insight

    Retention is not backup. Retention means something different: “the content must be available for discovery and legal document production while being able to defend its provenance, chain of custody, and its deletion or destruction” (AvePoint Blog, 2021).

    Microsoft Responsibility (Microsoft Protection) Weeks to Months Customer Responsibility (DLP, Backup, Retention Policy) Months to Years
    Loss of service due to natural disaster or data center outage Loss of data due to departing employees or deactivated accounts
    Loss of service due to hardware or infrastructure failure Loss of data due to malicious insiders or hackers deleting content
    Short-term (30 days) user error with recycle bin/ version history (including OneDrive “File Restore”) Loss of data due to malware or ransomware
    Short-term (14 days) administrative error with soft- delete for groups, mailboxes, or service-led rollback Recovery from prolonged outages
    Long-term accidental deletion coverage with selective rollback

    Understand retention policy

    What are retention policies used for? Why you need them as part of your MVP?

    Do not confuse retention labels and policies with backup.

    Remember: “retention [policies are] auto-applied whereas retention label policies are only applied if the content is tagged with the associated retention label” (AvePoint Blog, 2021).

    E-discovery tool retention policies are not turned on automatically.

    Retention policies are not a backup tool – when you activate this feature you are unable to delete anyone.

    “Data retention policy tools enable a business to:

    • “Decide proactively whether to retain content, delete content, or retain and then delete the content when needed.
    • “Apply a policy to all content or just content meeting certain conditions, such as items with specific keywords or specific types of sensitive information.
    • “Apply a single policy to the entire organization or specific locations or users.
    • “Maintain discoverability of content for lawyers and auditors, while protecting it from change or access by other users. […] ‘Retention Policies’ are different than ‘Retention Label Policies’ – they do the same thing – but a retention policy is auto-applied, whereas retention label policies are only applied if the content is tagged with the associated retention label.

    “It is also important to remember that ‘Retention Label Policies’ do not move a copy of the content to the ‘Preservation Holds’ folder until the content under policy is changed next.” (Source: AvePoint Blog, 2021)

    Definitions

    Data classification is a focused term used in the fields of cybersecurity and information governance to describe the process of identifying, categorizing, and protecting content according to its sensitivity or impact level. In its most basic form, data classification is a means of protecting your data from unauthorized disclosure, alteration, or destruction based on how sensitive or impactful it is.

    Once data is classified, you can then create policies; sensitive data types, trainable classifiers, and sensitivity labels function as inputs to policies. Policies define behaviors, like if there will be a default label, if labeling is mandatory, what locations the label will be applied to, and under what conditions. A policy is created when you configure Microsoft 365 to publish or automatically apply sensitive information types, trainable classifiers, or labels.

    Sensitivity label policies show one or more labels to Office apps (like Outlook and Word), SharePoint sites, and Office 365 groups. Once published, users can apply the labels to protect their content.

    Data loss prevention (DLP) policies help identify and protect your organization's sensitive info (Microsoft Docs, April 2022). For example, you can set up policies to help make sure information in email and documents is not shared with the wrong people. DLP policies can use sensitive information types and retention labels to identify content containing information that might need protection.

    Retention policies and retention label policies help you keep what you want and get rid of what you do not. They also play a significant role in records management.

    Data examples for MVP classification

    • Examples of the type of data you consider to be Confidential, Internal, or Public.
    • This will help you determine what to classify and where it is.
    Internal Personal, Employment, and Job Performance Data
    • Social Security Number
    • Date of birth
    • Marital status
    • Job application data
    • Mailing address
    • Resume
    • Background checks
    • Interview notes
    • Employment contract
    • Pay rate
    • Bonuses
    • Benefits
    • Performance reviews
    • Disciplinary notes or warnings
    Confidential Information
    • Business and marketing plans
    • Company initiatives
    • Customer information and lists
    • Information relating to intellectual property
    • Invention or patent
    • Research data
    • Passwords and IT-related information
    • Information received from third parties
    • Company financial account information
    • Social Security Number
    • Payroll and personnel records
    • Health information
    • Self-restricted personal data
    • Credit card information
    Internal Data
    • Sales data
    • Website data
    • Customer information
    • Job application data
    • Financial data
    • Marketing data
    • Resource data
    Public Data
    • Press releases
    • Job descriptions
    • Marketing material intended for general public
    • Research publications

    New container sensitivity labels (MIP)

    New container sensitivity labels

    Public Private
    Privacy
    1. Membership to group is open; anyone can join
    2. “Everyone except external guest” ACL onsite; content available in search to all tenants
    1. Only owner can add members
    2. No access beyond the group membership until someone shares it or changes permissions
    Allowed Not Allowed
    External guest policy
    1. Membership to group is open; anyone can join
    2. “Everyone except external guest” ACL onsite; content available in search to all tenants
    1. Only owner can add members
    2. No access beyond the group membership until someone shares it or changes permissions

    What users will see when they create or label a Team/Group/Site

    Table of what users will see when they create or label a team/group/site highlighting 'External guest policy' and 'Privacy policy options' as referenced above.
    (Source: Microsoft, “Microsoft Purview compliance portal”)

    Info-Tech Insights

    Why you need sensitivity container labels:
    • Manage privacy of Teams Sites and M365 Groups
    • Manage external user access to SPO sites and teams
    • Manage external sharing from SPO sites
    • Manage access from unmanaged devices

    Data protection and security baselines

    Data Protection Baseline

    “Microsoft provides a default assessment in Compliance Manager for the Microsoft 365 data protection baseline" (Microsoft Docs, June 2022). This baseline assessment has a set of controls for key regulations and standards for data protection and general data governance. This baseline draws elements primarily from NIST CSF (National Institute of Standards and Technology Cybersecurity Framework) and ISO (International Organization for Standardization) as well as from FedRAMP (Federal Risk and Authorization Management Program) and GDPR (General Data Protection Regulation of the European Union).

    Security Baseline

    The final stage in M365 governance is security. You need to implement a governance policy that clearly defines storage locations for certain types of data and who has permission to access it. You need to record and track who accesses content and how they share it externally. “Part of your process should involve monitoring unusual external sharing to ensure staff only share documents that they are allowed to” (Rencore, 2021).

    Info-Tech Insights

    • Controls are already in place to set data protection policy. This assists in the MVP activities.
    • Finally, you need to set your security baseline to ensure proper permissions are in place.

    Prerequisite baseline

    Icon of crosshairs.
    Security

    MFA or SSO to access from anywhere, any device

    Banned password list

    BYOD sync with corporate network

    Icon of a group.
    Users

    Sign out inactive users automatically

    Enable guest users

    External sharing

    Block client forwarding rules

    Icon of a database.
    Resources

    Account lockout threshold

    OneDrive

    SharePoint

    Icon of gears.
    Controls

    Sensitivity labels, retention labels and policies, DLP

    Mobile application management policy

    Building baselines

    Sensitivity Profiles: Public, Internal, Confidential; Subcategory: Highly Confidential

    Microsoft 365 Collaboration Protection Profiles

    Sensitivity Public External Collaboration Internal Highly Confidential
    Description Data that is specifically prepared for public consumption Not approved for public consumption, but OK for external collaboration External collaboration highly discouraged and must be justified Data of the highest sensitivity: avoid oversharing, internal collaboration only
    Label details
    • No content marking
    • No encryption
    • Public site
    • External collaboration allowed
    • Unmanaged devices: allow full access
    • No content marking
    • No encryption
    • Private site
    • External collaboration allowed
    • Unmanaged devices: allow full access
    • Content marking
    • Encryption
    • Private site
    • External collaboration allowed but monitored
    • Unmanaged devices: limited web access
    • Content marking
    • Encryption
    • Private site
    • External collaboration disabled
    • Unmanaged devices: block access
    Teams or Site details Public Team or Site open discovery, guests are allowed Private Team or Site members are invited, guests are allowed Private Team or Site members are invited, guests are not allowed
    DLP None Warn Block

    Please Note: Global/Compliance Admins go to the 365 Groups platform, the compliance center (Purview), and Teams services (Source: Microsoft Documentation, “Microsoft Purview compliance documentation”)

    Info-Tech Insights

    • Building baseline profiles will be a part of your MVP. You will understand what type of information you are addressing and label it accordingly.
    • Sensitivity labels are a way to classify your organization's data in a way that specifies how sensitive the data is. This helps you decrease risks in sharing information that shouldn't be accessible to anyone outside your organization or department. Applying sensitivity labels allows you to protect all your data easily.

    MVP activities

    PRIMARY
    ACTIVITIES
    Define Your Governance
    The objective of the MVP is reducing barriers to establishing an initial governance position, and then enabling rapid progression of the solution to address a variety of tangible risks, including DLP, data retention, legal holds, and labeling.
    Decide on your classification labels early.

    CATEGORIZATION





    CLASSIFICATION

    MVP
    Data Discovery and Management
    AIP (Azure Information Protection) scanner helps discover, classify, label, and protect sensitive information in on-premises file servers. You can run the scanner and get immediate insight into risks with on-premises data.
    Baseline Setup
    Building baseline profiles will be a part of your MVP. You will understand what type of information you are addressing and label it accordingly. Microsoft provides a default assessment in Compliance Manager for the Microsoft 365 data protection baseline.
    Default M365 settings
    Microsoft provides a default assessment in Compliance Manager for the Microsoft 365 data protection baseline. This baseline assessment has a set of controls for key regulations and standards for data protection and general data governance.
    SUPPORT
    ACTIVITIES
    Retention Policy
    Retention policy is auto-applied. Decide whether to retain content, delete content, or retain and then delete the content.
    Sensitivity Labels
    Automatically enforce policies on groups through labels; classify groups.
    Workload Containers
    M365: SharePoint, Teams, OneDrive, and Exchange, where your data is stored for labels and policies.
    Unforced Policies
    Written policies that are not enforceable by controls in Compliance Manager such as acceptable use policy.
    Forced Policies
    Restrict sharing controls to outside organizations. Enforce prefix or suffix to group or team names.

    ACME Company MVP for M/O365

    PRIMARY
    ACTIVITIES
    Define Your Governance


    Focus on ability to use legal hold and GDPR compliance.

    CATEGORIZATION





    CLASSIFICATION

    MVP
    Data Discovery and Management


    Three classification levels (public, internal, confidential), which are applied by the user when data is created. Same three levels are used for AIP to scan legacy sources.

    Baseline Setup


    All data must at least be classified before it is uploaded to an M/O365 cloud service.

    Default M365 settings


    Turn on templates 1 8 the letter q and the number z

    SUPPORT
    ACTIVITIES
    Retention Policy


    Retention policy is auto-applied. Decide whether to retain content, delete content, or retain and then delete the content.

    Sensitivity Labels


    Automatically enforce policies on groups through labels; classify groups.

    Workload Containers


    M365: SharePoint, Teams, OneDrive, and Exchange, where your data is stored for labels and policies.

    Unforced Policies


    Written policies that are not enforceable by controls in Compliance Manager such as acceptable use policy.

    Forced Policies


    Restrict sharing controls to outside organizations. Enforce prefix or suffix to group or team names.

    Related Blueprints

    Govern Office 365

    Office 365 is as difficult to wrangle as it is valuable. Leverage best practices to produce governance outcomes aligned with your goals.

    Map your organizational goals to the administration features available in the Office 365 console. Your governance should reflect your requirements.

    Migrate to Office 365 Now

    Jumping into an Office 365 migration project without careful thought of the risks of a cloud migration will lead to project halt and interruption. Intentionally plan in order to expose risk and to develop project foresight for a smooth migration.

    Microsoft Teams Cookbook

    Remote work calls for leveraging your Office 365 license to use Microsoft Teams – but IT is unsure about best practices for governance and permissions. Moreover, IT has few resources to help train end users with Teams best practices

    IT Governance, Risk & Compliance

    Several blueprints are available on a broader topic of governance, from Make Your IT Governance Adaptable to Improve IT Governance to Drive Business Results and Build an IT Risk Management Program.

    Bibliography

    “Best practices for sharing files and folders with unauthenticated users.” Microsoft Build, 28 April 2022. Accessed 2 April 2022.

    “Build and manage assessments in Compliance Manager.” Microsoft Docs, 15 June 2022. Web.

    “Building a modern workplace with Microsoft 365.” Microsoft Inside Track, n.d. Web.

    Crane, Robert. “June 2020 Microsoft 365 Need to Know Webinar.” CIAOPS, SlideShare, 26 June 2020. Web.

    “Data Classification: Overview, Types, and Examples.” Simplilearn, 27 Dec. 2021. Accessed 11 April 2022.

    “Data loss prevention in Exchange Online.” Microsoft Docs, 19 April 2022. Web.

    Davies, Nahla. “5 Common Data Governance Challenges (and How to Overcome Them).” Dataversity. 25 October 2021. Accessed 5 April 2022.

    “Default labels and policies to protect your data.” Microsoft Build, April 2022. Accessed 3 April 2022.

    M., Peter. "Guide: The difference between Microsoft Backup and Retention." AvePoint Blog, 9 Oct. 2021. Accessed 4 April 2022.

    Meyer, Guillaume. “Sensitivity Labels: What They Are, Why You Need Them, and How to Apply Them.” nBold, 6 October 2021. Accessed 2 April 2022.

    “Microsoft 365 guidance for security & compliance.” Microsoft, 27 April 2022. Accessed 28 April 2022.

    “Microsoft Purview compliance portal.” Microsoft, 19 April 2022. Accessed 22 April 2022.

    “Microsoft Purview compliance documentation.” Microsoft, n.d. Accessed 22 April 2022.

    “Microsoft Trust Center: Products and services that run on trust.” Microsoft, 2022. Accessed 3 April 2022.

    “Protect your sensitive data with Microsoft Purview.” Microsoft Build, April 2022. Accessed 3 April 2022.

    Zimmergren, Tobias. “4 steps to successful cloud governance in Office 365.” Rencore, 9 Sept. 2021. Accessed 5 April 2022.

    Decide if You Are Ready for SAFe

    • Buy Link or Shortcode: {j2store}355|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Complex application landscapes require delivery teams to work together and coordinate changes across multiple product lines and releases.
    • Leadership wants to balance strategic goals with localized prioritization of changes.
    • Traditional methodologies are not well suited to support enterprise agility: Scrum doesn’t scale easily, and Waterfall is too slow and risky.

    Our Advice

    Critical Insight

    SAFe’s popularity is largely due to its structural resemblance to enterprise portfolio and project planning with top-down prioritization and decision making. This directly conflicts with Agile’s purpose and principles of empowerment and agility.

    • Poor culture, processes, governance, and leadership will disrupt any methodology. Many drivers for SAFe could be solved by improving and standardizing development and release management within current methodologies.
    • Few organizations are capable or should be applying a pure SAFe framework. Successful organizations have adopted and modified SAFe frameworks to best fit their needs, teams, value streams, and maturity.

    Impact and Result

    • Start with a clear understanding of your needs, constraints, goals, and culture.
      • Start with an Agile readiness assessment. Agile is core to value realization.
      • Take the time to determine your drivers and goals.
      • If SAFe is right for you, selecting the right implementation partner is key.
    • Plan SAFe as a long-term enterprise cultural transformation requiring changes at all levels.

    Decide if You Are Ready for SAFe Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Decide if You Are Ready for SAFe Storyboard – Research to help you understand where SAFe fits into delivery methodologies and determine if SAFe is right for your organization.

    This deck will guide you to define your primary drivers for SAFe, assess your Agile readiness, define enablers and blockers, estimate implementation risk, and start your SAFe implementation plan.

    • Decide if You Are Ready for SAFe Storyboard

    2. Scaled Agile Readiness Assessment – A tool to conduct an Agile readiness survey.

    Start your journey with a clear understanding about the level of Agile and product maturity throughout the organization. Each area that lacks strength should be evaluated further and added to your journey map.

    • Scaled Agile Readiness Assessment

    3. SAFe Transformation Playbook – A template to build a change management plan to guide your transition.

    Define clear ownership for every critical step.

    • SAFe Transformation Playbook
    [infographic]

    Workshop: Decide if You Are Ready for SAFe

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand where SAFe fits into delivery methodologies and SDLCs

    The Purpose

    Understand what is driving your proposed SAFe transformation and if it is the right framework for your organization.

    Key Benefits Achieved

    Better understanding of your scaled agile needs and drivers

    Activities

    1.1 Define your primary drivers for SAFe.

    1.2 Create your own list of pros and cons of SAFe.

    Outputs

    List of primary drivers for SAFe

    List of pros and cons of SAFe

    2 Determine if you are ready for SAFe

    The Purpose

    Identify factors influencing a SAFe implementation and ensure teams are aware and prepared.

    Key Benefits Achieved

    Starting understanding of your organization’s readiness to implement a SAFe framework

    Activities

    2.1 Assess your Agile readiness.

    2.2 Define enablers and blockers of scaling Agile delivery.

    2.3 Estimate your SAFe implementation risk.

    2.4 Start your SAFe implementation plan.

    Outputs

    Agile readiness assessment results

    List of enablers and blockers of scaling Agile delivery

    Estimated SAFe implementation risk

    High-level SAFe implementation plan template

    Further reading

    Decide if You Are Ready for SAFe

    Approach the Scaled Agile Framework (SAFe) with open eyes and an open wallet.

    Analyst Perspective

    Ensure that SAFe is the right move before committing.

    Waterfall is dead. Or obsolete at the very least.

    Organizations cannot wait months or years for product, service, application, and process changes. They need to embrace business agility to respond to opportunities more quickly and deliver value sooner. Agile established values and principles that have promoted smaller cycle times, greater connections between teams, improved return on investment (ROI) prioritization, and improved team empowerment.

    Where organizations continue to struggle is matching localized Scrum teams with enterprise initiatives. This struggle is compounded by legacy executive planning cycles, which undermine Agile team authority. SAFe has provided a series of frameworks to help organizations deal with these issues. It combines enterprise planning and alignment with cross-team collaboration.

    Don't rely on popularity or marketing to make your scaled Agile decision. SAFe is a highly disruptive transformation, and it requires extensive training, coaching, process changes, and time to implement. Without the culture shift to an Agile mindset at all levels, SAFe becomes a mirror of Waterfall processes dressed in SAFe names. Furthermore, SAFe itself will not fix problems with communication, requirements, development, testing, release, support, or governance. You will still need to fix these problems within the SAFe framework to be successful.

    Hans Eckman, Principal Research Director, Applications Delivery and Management

    Hans Eckman
    Principal Research Director, Applications Delivery and Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge Common Obstacles Info-Tech's Approach
    • Complex application landscapes require delivery teams to work together and coordinate changes across multiple product lines and releases.
    • Leadership wants to maintain executive strategic planning with faster delivery of changes.
    • Traditional methodologies are not well suited to support enterprise agility.
      • Waterfall is too slow, inefficient, and full of accumulated risk.
      • Scrum is not easy to scale and requires behavioral changes.
    • Enterprise transformations are never fast or easy, and SAFe is positioned as a complete replacement of your delivery practices.
    • Teams struggle with SAFe's rigid framework, interconnected methodologies, and new terms.
    • Few organizations are successful at implementing a pure SAFe framework.
    • Organizations without scaled product families have difficulties organizing SAFe teams into proper value streams.
    • Team staffing and stability are hard to resolve.
    Start with a clear understanding of your needs, constraints, goals, and culture.
    • Developing an Agile mindset is core to value realization. Start with Info-Tech's Agile Readiness Assessment.
    • Take the time to identify your drivers and goals.
    • If SAFe is right for you, build a transformation plan and select the right implementation partner.
    Plan SAFe as a long-term enterprise cultural transformation, requiring changes at all levels.

    Info-Tech Insight
    SAFe is a highly disruptive enterprise transformation, and it won't solve your organizational delivery challenges by itself. Start with an open mind, and understand what is needed to support a multi-year cultural transition. Decide how far and how fast you are willing to transform, and make sure that you have the right transformation and coaching partner in place. There is no right software development lifecycle (SDLC) or methodology. Find or create the methodology that best aligns to your needs and goals.

    Agile's Four Core Values

    "...while there is value in the items on the right, we value the items on the left more."
    - The Agile Manifesto

    STOP! If you're not Agile, don't start with SAFe.

    Agile over SAFe

    Successful SAFe requires an Agile mindset at all levels.

    Be aware of common myths around Agile and SAFe

    SAFe does not...

    1...solve development and communication issues.

    2...ensure that you will finish requirements faster.

    3...mean that you do not need planning and documentation.

    "Without proper planning, organizations can start throwing more resources at the work, which spirals into the classic Waterfall issues of managing by schedule."
    – Kristen Morton, Associate Implementation Architect,
    OneShield Inc. (Info-Tech Interview)

    Info-Tech Insight
    Poor culture, processes, governance, and leadership will disrupt any methodology. Many drivers for SAFe could be solved by improving and standardizing development and release management within current methodologies.

    Review the drivers that are motivating your organization to adopt and scale Agile practices

    Functional groups have their own drivers to adopt Agile development processes, practices, and techniques (e.g. to improve collaboration, decrease churn, or increase automation). Their buy-in to scaling Agile is just as important as the buy-in of stakeholders.

    If a group's specific needs and drivers are not addressed, its members may develop negative sentiments toward Agile development. These negative sentiments can affect their ability to see the benefits of Agile, and they may return to their old habits once the opportunity arises.

    It is important to find opportunities in which both business objectives and functional group drivers can be achieved by scaling Agile development. This can motivate teams to continuously improve and adhere to the new environment, and it will maintain business buy-in. It can also be used to justify activities that specifically address functional group drivers.

    Examples of Motivating Drivers for Scaling Agile

    • Improve artifact handoffs between development and operations.
    • Increase collaboration among development teams.
    • Reveal architectural and system risks early.
    • Expedite the feedback loop from support.
    • Improve capacity management.
    • Support development process innovation.
    • Create a safe environment to discuss concerns.
    • Optimize value streams.
    • Increase team engagement and comradery.

    Don't start with scaled Agile!

    Scaling Agile is a way to optimize product management and product delivery in application lifecycle management practices. Do not try to start with SAFe when the components are not yet in place.

    Scaled Agile


    Thought model describing how Agile connects Product Management to Product Delivery to elevate the entire Solution Lifecycle.

    Scale Agile delivery to improve cross-functional dependencies and releases

    Top Business Concerns When Scaling Agile

    1 Organizational Culture: The current culture may not support team empowerment, learning from failure, and other Agile principles. SAFe also allows top-down decisions to persist.

    2 Executive Support: Executives may not dedicate resources, time, and effort into removing obstacles to scaling Agile because of lack of business buy-in.

    3 Team Coordination: Current collaboration structures may not enable teams and stakeholders to share information freely and integrate workflows easily.

    4 Business Misalignment: Business vision and objectives may be miscommunicated early in development, risking poorly planned and designed initiatives and low-quality products.

    Extending collaboration is the key to success.

    Uniting stakeholders and development into a single body is the key to success. Assess the internal and external communication flow and define processes for planning and tracking work so that everyone is aware of how to integrate, communicate, and collaborate.

    The goal is to enable faster reaction to customer needs, shorter release cycles, and improved visibility of the project's progress with cross-functional and diverse conversations.

    Advantages of successful SAFe implementations

    Once SAFe is complete and operational, organizations have seen measurable benefits:

    • Multiple frameworks to support different levels of SAFe usage
    • Deliberate and consistent planning and coordination
    • Coordinating dependencies within value streams
    • Reduced time to delivery
    • Focus on customers and end users
    • Alignment to business goals and value streams
    • Increased employee engagement

    Sources: TechBeacon, 2019; Medium, 2020; "Benefits," Scaled Agile, 2023;
    "Pros and Cons," PremierAgile, n.d.; "Scaling Agile Challenges," PremierAgile, n.d.

    Advantages of successful SAFe implementations

    Source: "Benefits," Scaled Agile, 2023

    Recognize the difference between Scrum teams and the Scaled Agile Framework (SAFe)

    SAFe provides a framework that aligns Scrum teams into coordinated release trains driven by top-down prioritization.

    Scrum vs SAFe

    Develop Your Agile Approach for a Successful Transformation

    Source: Scaled Agile, Inc.

    Info-Tech's IT Management & Governance Framework

    Info-Tech's IT Management & Governance Framework

    Info-Tech Insight
    SAFe is an enterprise, culture, and process transformation that impacts all IT services. Some areas of Info-Tech's IT Management & Governance Framework have higher impacts and require special attention. Plan to include transformation support for each of these topics during your SAFe implementation. SAFe will not fix broken processes on its own.

    Without adopting an Agile mindset, SAFe becomes Waterfall with SAFe terminology

    Waterfall with SAFe terminology

    Source: Scaled Agile, Inc.

    Info-Tech Insight
    When first implementing SAFe, organizations reproduce their organizational design and Waterfall delivery structures with SAFe terms:

    • Delivery Manager = Release Train Engineer
    • Stakeholder/Sponsor = Product Manager
    • Release = Release Train
    • Project/Program = Project or Portfolio

    SAFe isn't without risks or challenges

    Risks and Causes of Failed SAFe Transformations

    • SAFe conflicts with legacy cultures and delivery processes.
    • SAFe promotes continued top-down decisions, undermining team empowerment.
    • Scaled product families are required to define proper value streams.
    • Team empowerment and autonomy are reduced.
    • SAFe activities are poorly executed.
    • There are high training and coaching costs.
    • Implementation takes a long time.
    • End-to-end delivery management tools aligned to SAFe are required.
    • Legacy delivery challenges are not specifically solved with SAFe.
    • SAFe is designed to work for large-scale development teams.

    Challenges

    • Adjusting to a new set of terms for common roles, processes, and activities
    • Executing planning cycles
    • Defining features and epics at the right level
    • Completing adequate requirements
    • Defining value streams
    • Coordinating releases and release trains
    • Providing consistent quality

    Sources: TechBeacon, 2019; Medium, 2020; "Benefits," Scaled Agile, 2023;
    "Pros and Cons," PremierAgile, n.d.; "Scaling Agile Challenges," PremierAgile, n.d.

    Focus on your core competencies instead

    Before undertaking an enterprise transformation, consider improving the underlying processes that will need to be fixed anyway. Fixing these areas while implementing SAFe compounds the effort and disruption.

    Product Delivery

    Product Management

    "But big-bang transitions are hard. They require total leadership commitment, a receptive culture, enough talented and experienced agile practitioners to staff hundreds of teams without depleting other capabilities, and highly prescriptive instruction manuals to align everyone's approach."
    – "Agile at Scale," Harvard Business Review

    Insight Summary

    Overarching insight
    SAFe is a highly disruptive enterprise transformation, and it will not solve your organizational delivery challenges by itself. Start with an open mind, and understand what is needed to support a multi-year cultural transition. Decide how far and fast you are willing to transform and make sure that you have the right transformation and coaching partner in place.

    SAFe conflicts with core Agile principles.
    The popularity of SAFe is largely due to its structural resemblance to enterprise portfolio and project planning with top-down prioritization and decision-making. This directly conflicts with Agile's purpose and principles of empowerment and agility.

    SAFe and Agile will not solve enterprise delivery challenges.
    Poor culture, processes, governance, and leadership will disrupt any methodology. Many issues with drivers for SAFe could be solved by improving development and release management within current methodologies.

    Most organizations should not be using a pure SAFe framework
    Few organizations are capable of, or should be, applying a pure SAFe framework. Successful organizations have adopted and modified SAFe frameworks to best fit their needs, teams, value streams, and maturity.

    Without an Agile mindset, SAFe will be executed as Waterfall stages using SAFe terminology.
    Groups that "Do Agile" are not likely to embrace the behavioral changes needed to make any scaled framework effective. SAFe becomes a series of Waterfall PIs using SAFe terminology.

    Your transformation does not start with SAFe.
    Start your transition to scaled Agile with a maturity assessment for current delivery practices. Fixing broken process, tools, and teams must be at the heart of your initiative.

    Blueprint Deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key Deliverable

    SAFe Transformation Playbook

    Build a transformation and organizational change management plan to guide your transition. Define clear ownership for every critical step.

    Scaled Agile Readiness Assessment

    Conduct the Agile readiness survey. Without an Agile mindset, SAFe will follow Waterfall or WaterScrumFall practices.

    Case Study

    Spotify's approach to Agile at scale

    INDUSTRY: Digital Media
    SOURCE: Unified Communications and Collaborations

    Spotify's Scaling Agile Initiative

    With rapid user adoption growth (over 15 million active users in under six years), Spotify had to find a way to maintain an Agile mindset across 30+ teams in three different cities, while maintaining the benefits of cross-functional collaboration and flexibility for future growth.

    Spotify's Approach

    Spotify found a fit-for-purpose way for the organization to increase team autonomy without losing the benefits of cross-team communication from economics of scale. Spotify focused on identifying dependencies that block or slow down work through a mix of reprioritization, reorganization, architectural changes, and technical solutions. The organization embraced dependencies that led to cross-team communication and built in the necessary flexibility to allow Agile to grow with the organization.

    Spotify's scaling Agile initiative used interview processes to identify what each team depended on and how those dependencies blocked or slowed the team.

    Squad refers to an autonomous Agile release team in this case study.

    Case Study

    Suncorp instilled dedicated communication streams to ensure cross-role collaboration and culture.

    INDUSTRY: Insurance
    SOURCE: Agile India, International Conference on Agile and Lean Software Development, 2014

    Challenge Solution Results
    • Suncorp Group wanted to improve delivery and minimize risk. Suncorp realized that it needed to change its project delivery process to optimize business value delivery.
    • With five core business units, over 15,000 employees, and US$96 billion in assets, Suncorp had to face a broad set of project coordination challenges.
    • Suncorp decided to deliver all IT projects using Agile.
    • Suncorp created a change program consisting of five main streams of work, three of which dealt with the challenges specific to Agile culture:
      • People: building culture, leadership, and support
      • Communication: ensuring regular employee collaboration
      • Capabilities: blending training and coaching
    • Sponsorship from management and champions to advocate Agile were key to ensure that everyone was unified in a common purpose.
    • Having a dedicated communication stream was vital to ensure regular sharing of success and failure to enable learning.
    • Having a structured, standard approach to execute the planned culture change was integral to success.

    Case Study

    Nationwide embraces DevOps and improves software quality.

    INDUSTRY: Insurance
    SOURCE: Agile India, International Conference on Agile and Lean Software Development, 2014

    Challenge Solution Results
    • In the past, Nationwide primarily followed a Waterfall development process. However, this method created conflicts between IT and business needs.
    • The organization began transitioning from Waterfall to Agile development. It has seen early successes with Agile: decrease in defects per release and more success in meeting delivery times.
    • Nationwide needed to respond more efficiently to changing market requirements and regulations and to increase speed to market.
    • Nationwide decided to take a DevOps approach to application development and delivery.
    • IT wanted to perform continuous integration and deployment in its environments.
    • Cross-functional teams were organically created, made up of members from the business and multiple IT groups, including development and operations.
    • DevOps allowed Nationwide to be more Agile and more responsive to its customers.
    • Teams were able to perform acceptance testing with their customers in parallel with development. This allowed immediate feedback to help steer the project in the right direction.
    • DevOps improved code quality by 50% over a three-year period and reduced user downtime by 70%.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit Guided Implementation Workshop Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1

    Call #1:

    Scope your requirements, objectives, and specific challenges.

    Call #2:

    1.1.1 Define your primary drivers for SAFe.

    1.1.2 Create your own list of pros and cons of SAFe.

    Call #3:

    1.2.1 Assess your Agile readiness.

    1.2.2 Define enablers and blockers for scaling Agile delivery.

    1.2.3 Estimate your SAFe implementation risk.

    Call #4:

    1.2.4 Start your SAFe implementation plan.

    Summarize your results and plan your next steps.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is one to four calls over the course of one to six weeks.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Pre-Planning Step 1.1 Step 1.2
    Identify your stakeholders. Step 1.1 Understand where SAFe fits into your delivery methodologies and SDLCs. Step 1.2 Determine if you are ready for SAFe.
    Activities 1. Determine stakeholders and subject matter experts.
    2. Coordinate timing and participation.
    3. Set goals and expectations for the workshop.
    1.1.1 Define your primary drivers for SAFe.
    1.1.2 Create your own list of pros and cons of SAFe
    1.2.1 Assess your Agile readiness.
    1.2.2 Define enablers and blockers for scaling Agile delivery.
    1.2.3 Estimate your SAFe implementation risk.
    1.2.4 Start your SAFe implementation plan.
    Deliverables
  • Workshop schedule
  • Participant commitment
    • List of primary drivers for SAFe
    • List of pros and cons of SAFe
    • Agile Readiness Assessment results
    • List of enablers and blockers for scaling Agile delivery
    • Estimated SAFe implementation risk
    • Template for high-level SAFe implementation plan

    Supporting Your Agile Journey

    Enable Product Agile Delivery Executive Workshop Develop Your Agile Approach Spread Best Practices with an Agile Center of Excellence Implement DevOps Practices That Work Enable Organization-Wide Collaboration by Scaling Agile
    Number One Number two Number Three Number Four Number Five

    Align and prepare your IT leadership teams.

    Audience: Senior and IT delivery leadership

    Size: 8-16 people

    Time: 7 hours

    Tune Agile team practices to fit your organization culture.

    Audience: Agile pilot teams and subject matter experts (SMEs)

    Size: 10-20 people

    Time: 4 days

    Leverage Agile thought leadership to expand your best practices.

    Audience: Agile SMEs and thought leaders

    Size: 10-20 people

    Time: 4 days

    Build a continuous integration and continuous delivery pipeline.

    Audience: Product owners (POs) and delivery team leads

    Size: 10-20 people

    Time: 4 days

    Execute a disciplined approach to rolling out Agile methods.

    Audience: Agile steering team and SMEs

    Size: 3-8 people

    Time: 3 hours

    Repeat Legend

    Sample agendas are included in the following sections for each of these topics.

    Your Product Transformation Journey

    1. Make the Case for Product Delivery2. Enable Product Delivery - Executive Workshop3. Deliver on Your Digital Product Vision4. Deliver Digital Products at Scale5. Mature and Scale Product Ownership
    Align your organization with the practices to deliver what matters most.Participate in a one-day executive workshop to help you align and prepare your leadership.Enhance product backlogs, roadmapping, and strategic alignment.Scale product families to align with your organization's goals.Align and mature your product owners.

    Audience: Senior executives and IT leadership

    Size: 8-16 people

    Time: 6 hours

    Repeat Symbol

    Audience: Product owners/managers

    Size: 10-20 people

    Time: 3-4 days

    Repeat Symbol

    Audience: Product owners/managers

    Size: 10-20 people

    Time: 3-4 days

    Audience: Product owners/managers

    Size: 8-16 people

    Time: 2-4 days

    Repeat Symbol

    Repeat Legend

    Phase 1

    Determine if SAFe Is Right for Your Organization

    Phase 1
    1.1 Understand where SAFe fits into your delivery methodologies and SDLCs
    1.2 Determine if you are ready for SAFe (fit for purpose)

    This phase will walk you through the following activities:

    • 1.1.1 Define your primary drivers for SAFe.
    • 1.1.2 Create your own list of pros and cons of SAFe.
    • 1.2.1 Assess your Agile readiness.
    • 1.2.2 Define enablers and blockers for scaling Agile delivery.
    • 1.2.3 Estimate your SAFe implementation risk.
    • 1.2.4 Start your SAFe implementation plan.

    This phase involves the following participants:

    • Senior leadership
    • IT leadership
    • Project Management Office
    • Delivery managers
    • Product managers/owners
    • Agile thought leaders and coaches
    • Compliance teams leads

    Step 1.1

    Understand where SAFe fits into your delivery methodologies and SDLCs

    Activities
    1.1.1 Define your primary drivers for SAFe
    1.1.2 Create your own list of pros and cons of SAFe

    This step involves the following participants:

    • IT leadership
    • Delivery managers
    • Project management office
    • Product owners and managers
    • Development team leads
    • Portfolio managers
    • Architects

    Outcomes of this step:

    • List of primary drivers for SAFe
    • List of pros and cons of SAFe

    Agile's Four Core Values

    "...while there is value in the items on the right, we value the items on the left more."
    – The Agile Manifesto

    STOP! If you're not Agile, don't start with SAFe.

    Agile's Four Core Values

    Successful SAFe requires an Agile mindset at all levels.

    Be aware of common myths around Agile and SAFe

    SAFe does not...

    1...solve development and communication issues.

    2...ensure that you will finish requirements faster.

    3...mean that you do not need planning and documentation.

    "Without proper planning, organizations can start throwing more resources at the work, which spirals into the classic Waterfall issues of managing by schedule."
    – Kristen Morton, Associate Implementation Architect,
    OneShield Inc. (Info-Tech Interview)

    Info-Tech Insight
    SAFe only provides a framework and steps where these issues can be resolved.

    The importance of values and principles

    Modern development practices (such as Agile, Lean, and DevOps) are based on values and principles. This supports the move away from command-and-control management to self-organizing teams.

    Values

    • Values represent your team's core beliefs and capture what you want to instill in your team.

    Principles

    • Principles represent methods for solving a problem or deciding.
    • Given that principles are rooted in specifics, they can change more frequently because they are both fallible and conducive to learning.

    Consider the guiding principles of your application team

    Teams may have their own perspectives on how they deliver value and their own practices for how they do this. These perspectives can help you develop guiding principles for your own team to explain your core values and cement your team's culture. Guiding principles can help you:

    • Enable the appropriate environment to foster collaboration within current organizational, departmental, and cultural constraints
    • Foster the social needs that will engage and motivate your team in a culture that suits its members
    • Ensure that all teams are driven toward the same business and team goals, even if other teams are operating differently
    • Build organizational camaraderie aligned with corporate strategies

    Info-Tech Insight
    Following methodologies by the book can be detrimental if they do not fit your organization's needs, constraints, and culture. The ultimate goal of all teams is to deliver value. Any practices or activities that drive teams away from this goal should be removed or modified.

    Review the drivers that are motivating your organization to adopt and scale Agile practices

    Functional groups have their own drivers to adopt Agile development processes, practices, and techniques (e.g. to improve collaboration, decrease churn, or increase automation). Their buy-in to scaling Agile is just as important as the buy-in of stakeholders.

    By not addressing a group's specific needs and drivers, the resulting negative sentiments of its members toward Agile development can affect their ability to see the benefits of Agile and they may return to old habits once the opportunity arises.

    Find opportunities in which both business objectives and functional group drivers can be achieved with scaling Agile development. This alignment can motivate teams to continuously improve and adhere to the new environment, and it will maintain business buy-in. This assessment can also be used to justify activities that specifically address functional group drivers.

    Examples of Motivating Drivers for Scaling Agile

    • Improve artifact hand-offs between development and operations.
    • Increase collaboration among development teams.
    • Reveal architectural and system risks early.
    • Expedite the feedback loop from support.
    • Improve capacity management.
    • Support development process innovation.
    • Create a safe environment to discuss concerns.
    • Optimize value streams.
    • Increase team engagement and comradery.

    Exercise 1.1.1 Define your primary drivers for SAFe

    30 minutes

    • Brainstorm a list of drivers for scaling Agile.
    • Build a value canvas to help capture and align team expectations.
    • Identify jobs or functions that will be impacted by SAFe.
    • List your current pains and gains.
    • List the pain relievers and gain creators.
    • Identify the deliverable needed for a successful transformation.
    • Complete your SAFe value canvas in your SAFe Transformation Playbook.

    Enter the results in your SAFe Transformation Playbook.

    Input
    • Organizational understanding
    • Existing Agile delivery strategic plans
    Output
    • IT leadership
    • Delivery managers
    • Project management office
    • Product owners and managers
    • Development team leads
    • Portfolio managers
    • Architects

    SAFe Value Canvas Template

    SAFe Value Canvas Template

    Case Study

    A public utilities organization steadily lost stakeholder engagement, diminishing product quality.

    INDUSTRY: Public Utilities
    SOURCE: Info-Tech Expert Interview

    Challenge

    • The goal of a public utilities organization was to adopt Agile so it could quickly respond to changes and trim costs.
    • The organization decided to scale Agile using a structured approach. It began implementation with IT teams that were familiar with Agile principles and leveraged IT seniors as Agile champions. To ensure that Agile principles were widespread, the organization decided to develop a training program with vendor assistance.
    • As Agile successes began to be seen, the organization decided to increase the involvement of business teams gradually so it could organically grow the concept within the business.

    Results

    • Teams saw significant success with many projects because they could easily demonstrate deliverables and clearly show the business value. Over time, the teams used Agile for large projects with complex processing needs.
    • Teams continued to deliver small projects successfully, but business engagement waned over time. Some of the large, complex applications they delivered using Agile lacked the necessary functionality and appropriate controls and, in some cases, did not have the ability to scale due to a poor architectural framework. These applications required additional investment, which far exceeded the original cost forecasts.

    While Agile and product development are intertwined, they are not the same!

    Delivering products does not necessarily require an Agile mindset. However, Agile methods help to facilitate the journey because product thinking is baked into them.

    Agile and product development are intertwined

    Recognize the difference between Scrum teams and the Scaled Agile Framework (SAFe)

    SAFe provides a framework that aligns Scrum teams into coordinated release trains driven by top-down prioritization.

    Difference between Scrum and SAFe

    Develop Your Agile Approach for a Successful Transformation

    Without adopting an Agile mindset, SAFe becomes Waterfall with SAFe terminology

    Waterfall with SAFe terminology

    Info-Tech Insight
    When first implementing SAFe, organizations reproduce their organizational design and Waterfall delivery structures with SAFe terms:

    • Delivery Manager = Release Train Engineer
    • Stakeholder/Sponsor = Product Manager
    • Release = Release Train
    • Project/Program = Project or Portfolio

    Advantages of successful SAFe implementations

    Once SAFe is complete and operational, organizations have seen measurable benefits:

    • Multiple frameworks to support different levels of SAFe usage
    • Deliberate and consistent planning and coordination
    • Coordinating dependencies within value streams
    • Reduced time to delivery
    • Focus on customers and end users
    • Alignment to business goals and value streams
    • Increased employee engagement

    Sources: TechBeacon, 2019; Medium, 2020; "Benefits," Scaled Agile, 2023;
    "Pros and Cons," PremierAgile, n.d.; "Scaling Agile Challenges," PremierAgile, n.d.

    Advantages of successful SAFe implementations

    Source: "Benefits," Scaled Agile, 2023

    SAFe isn't without risks or challenges

    Risks and Causes of Failed SAFe Transformations

    • SAFe conflicts with legacy cultures and delivery processes.
    • SAFe promotes continued top-down decisions, undermining team empowerment.
    • Scaled product families are required to define proper value streams.
    • Team empowerment and autonomy are reduced.
    • SAFe activities are poorly executed.
    • There are high training and coaching costs.
    • Implementation takes a long time.
    • End-to-end delivery management tools aligned to SAFe are required.
    • Legacy delivery challenges are not specifically solved with SAFe.
    • SAFe is designed to work for large-scale development teams.

    Challenges

    • Adjusting to a new set of terms for common roles, processes, and activities
    • Executing planning cycles
    • Defining features and epics at the right level
    • Completing adequate requirements
    • Defining value streams
    • Coordinating releases and release trains
    • Providing consistent quality

    Sources: TechBeacon, 2019; Medium, 2020; "Benefits," Scaled Agile, 2023; "Pros and Cons," PremierAgile, n.d.; "Scaling Agile Challenges," PremierAgile, n.d.

    Exercise 1.1.2 Create your own list of the pros and cons of SAFe

    1 hour

    Pros Cons

    Enter the results in your SAFe Transformation Playbook

    Input
    • Organizational drivers
    • Analysis of SAFe
    • Estimate of fit for purpose
    Output
    • IT leadership
    • Delivery managers
    • Project management office
    • Product owners and managers
    • Development team leads
    • Portfolio managers
    • Architects

    Focus on your core competencies instead

    Before undertaking an enterprise transformation, consider improving the underlying processes that will need to be fixed anyway. Fixing these areas while implementing SAFe compounds the effort and disruption.

    Product Delivery

    Product Management

    "But big-bang transitions are hard. They require total leadership commitment, a receptive culture, enough talented and experienced agile practitioners to staff hundreds of teams without depleting other capabilities, and highly prescriptive instruction manuals to align everyone's approach."
    - "Agile at Scale," Harvard Business Review

    Step 1.2

    Determine if you are ready for SAFe (fit for purpose)

    Activities
    1.2.1 Assess your Agile readiness
    1.2.2 Define enablers and blockers for scaling Agile delivery
    1.2.3 Estimate your SAFe implementation risk
    1.2.4 Start your SAFe implementation plan

    This step involves the following participants:

    • IT leadership
    • Delivery managers
    • Project management office
    • Product owners and managers
    • Development team leads
    • Portfolio managers
    • Architects

    Outcomes of this step:

    • Agile Readiness Assessment results
    • Enablers and blockers for scaling Agile
    • SAFe implementation risk
    • SAFe implementation plan

    Use CLAIM to guide your Agile journey

    Use CLAIM to guide your Agile journey

    Conduct the Agile Readiness Assessment Survey

    Without an Agile mindset, SAFe will follow Waterfall or WaterScrumFall practices.

    • Start your journey with a clear understanding of the level of Agile and product maturity throughout your organization.
    • Each area that lacks strength should be evaluated further and added to your journey map.

    Chart of Agile Readiness

    Exercise 1.2.1 Assess your Agile readiness

    1 hour

    • Open and complete the Agile Readiness Assessment in your playbook or the Excel tool provided.
    • Discuss each area's high and low scores to reach a consensus.
    • Record your results in your SAFe Transformation Playbook.

    Chart of Agile Readiness

    Enter the results in Scaled Agile Readiness Assessment.

    Input
    • Organizational knowledge
    • Agile Readiness Assessment
    Output
    • IT leadership
    • Delivery managers
    • Project Management Office
    • Product owners and managers
    • Development team leads
    • Portfolio managers
    • Architects

    Exercise 1.2.2 Define enablers and blockers for scaling Agile delivery

    1 hour

    • Identify and mitigate blockers for scaling Agile in your organization.
      • Identify enablers who will support successful SAFe transformation.
      • Identify blockers who will make the transition to SAFe more difficult.
      • For each blocker, define at least one mitigating step.
    Enablers Blockers Mitigation

    Enter the results in your SAFe Transformation Playbook

    Input
    • Agile Readiness Assessment
    • Organizational knowledge
    Output
    • IT leadership
    • Delivery managers
    • Project management office
    • Product owners and managers
    • Development team leads
    • Portfolio managers
    • Architects

    Estimate your SAFe implementation risk

    Poor Fit High Risk Scaling Potential
    Team size <50 >150 or non-dedicated 50-150 dedicated
    Agile maturity Waterfall and project delivery Individual Scrum DevOps teams Scrum DevOps teams coordinating dependencies
    Product management maturity Project-driver changes from stakeholders Proxy product owners within delivery teams Defined product families and products
    Strategic goals Localized decisions Enterprise goals implemented at the app level Translation and refinement of enterprise goals through product families
    Enterprise architecture Siloed architecture standards Common architectures Future enterprise architecture and employee review board (ERB) reviews
    Release management Independent release schedules Formal release calendar Continuous integration/development (CI/CD) with organizational change management (OCM) scheduled cross-functional releases
    Requirements management and quality assurance Project based Partial requirements and test case coverage Requirements as an asset and test automation

    Exercise 1.2.3 Estimate your SAFe implementation risk

    30 minutes

    • Determine which description best matches your overall organizational state.
    • Enter the results in your SAFe Transformation Playbook.
    • Change the text to bold in the cell you selected to describe your current state and/or add a border around the cell.

    Chart of SAFe implementation risk

    Enter the results in SAFe Transformation Playbook.

    Input
    • Agile Readiness Assessment
    • Organizational knowledge
    Output
    • IT leadership
    • Delivery managers
    • Project management office
    • Product owners and managers
    • Development team leads
    • Portfolio managers
    • Architects

    Interpret your SAFe implementation risks

    Analyze your highlighted selections and patterns in the rows and columns. Use these factors to inform your SAFe implementation steps and timing.

    Interpret your SAFe implementation risks

    Build your implementation plan

    Build a transformation and organizational change management plan to guide your transition. Define clear ownership for every critical step.

    Plan your transformation.

    • Align stakeholders and thought leaders.
    • Select an implementation partner.
    • Insert critical steps.

    Build your SAFe framework.

    • Define your target SAFe framework.
    • Customize your SAFe framework.
    • Establish SAFe governance and reporting.
    • Insert critical steps.

    Implement SAFe practices.

    • Define product families and value streams.
    • Conduct SAFe training for:
      • Executive leadership
      • Agile SAFe coaches
      • Practitioners
    • Insert critical steps.

    For additional help with OCM, please download Master Organizational Change Management Practices.

    Exercise 1.2.4 Start your SAFe implementation plan

    30 minutes

    • Using the high-level SAFE implementation framework, begin building out the critical steps.
    • Record the results in your SAFe Transformation Playbook.
    • Your playbook is an evergreen document to help guide your implementation. It should be reviewed often.

    SAFe implementation plan

    Enter the results in your SAFe Transformation Playbook

    Input
    • SAFe readiness assessment
    • Enablers and blockers
    • Drivers for SAFe
    Output
    • IT leadership
    • Delivery managers
    • Project management office
    • Product owners and managers
    • Development team leads
    • Portfolio managers
    • Architects

    Select an implementation partner

    Finding the right SAFe implementation partner is critical to your transformation success.

    • Using your previous assessment, align internal and external resources to support your transformation.
    • Select a partner who has experience in similar organizations and is aligned with your delivery goals.
    • Plan to transition support to internal teams when SAFe practices have stabilized and moved into continuous improvement.
    • Augment your transformation partner with internal coaches.
    • Plan for a multiyear engagement before SAFe benefits are realized.

    Summary of Accomplishments

    Your journey begins.

    Implementing SAFe is a long, expensive, and difficult process. For some organizations, SAFe provides the balance of leadership-driven prioritization and control with shorter release cycles and time to value. The key is making sure that SAFe is right for you and you are ready for SAFe. Few organizations fit perfectly into one of the SAFe frameworks. Instead, consider fine-tuning and customizing SAFe to meet your needs and gradual transformation.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.
    workshops@infotech.com
    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.

    Below are sample activities that will be conducted by Info-Tech analysts with your team:

    Scaled Agile Delivery Readiness Assessment
    This assessment will help identify enablers and blockers in your organizational culture using our CLAIM+G organization transformation model.

    SAFE Value Canvas
    Use a value campus to define jobs, pains, gains, pain relievers, gain creators, and needed deliverables to help inform and guide your SAFe transformation.

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Bibliography

    "6 Biggest SAFe Agile Implementation Mistakes to Avoid." Triumph Strategic Consulting, 27 July 2017.

    "The 7 Must-Haves for Achieving Scaling Agile Success." The 7 Must-Haves for Achieving Scaling Agile Success.

    Ageling, Willem-Jan. "11 Most Common Reasons to Use Scaled Agile Framework (SAFE) and How to Do This With Unscaled Scrum." Medium, Serious Scrum, 26 Jan. 2020.

    Agile India, International Conference on Agile and Lean Software Development, 2014.

    "Air France - KLM - Agile Adoption with SAFe." Scaled Agile, 28 Nov. 2022.

    "Application Development Trends 2019 - Global Survey Report." OutSystems.

    "Benefits of SAFe: How It Benefits Organizations." Scaled Agile, 13 Mar. 2023.

    Berkowitz, Emma. "The Cost of a SAFe(r) Implementation: CPRIME Blog." Cprime, 30 Jan. 2023.

    "Chevron - Adopting SAFe with Remote Workforce." Scaled Agile, 28 Nov. 2022.

    "Cisco It - Adopting Agile Development with SAFe." Scaled Agile, 13 Sept. 2022.

    "CMS - Business Agility Transformation Using SAFe." Scaled Agile, 13 Sept. 2022.

    Crain, Anthony. "4 Biggest Challenges in Moving to Scaled Agile Framework (SAFe)." TechBeacon, 25 Jan. 2019.

    "The Essential Role of Communications ." Project Management Institute .

    Gardiner, Phil. "SAFe Implementation: 4 Tips for Getting Started." Applied Frameworks, 20 Jan. 2022.

    "How Do I Start Implementing SAFe?" Agility in Mind, 29 July 2022.

    "How to Masterfully Screw Up Your SAFe Implementation." Wibas Artikel-Bibliothek, 6 Sept. 2022.

    "Implementation Roadmap." Scaled Agile Framework, 14 Mar. 2023.

    Islam, Ayvi. "SAFe Implementation 101 - The Complete Guide for Your Company." //Seibert/Media, 22 Dec. 2020.

    "Johnson Controls - SAFe Implementation Case Study." Scaled Agile, 28 Nov. 2022.

    "The New Rules and Opportunities of Business Transformation." KPMG.

    "Nokia Software - SAFe Agile Transformation." Scaled Agile, 28 Nov. 2022.

    Pichler, Roman. "What Is Product Management?" Romanpichler, 2014.

    "Product Documentation." ServiceNow.

    "Pros and Cons of Scaled Agile Framework." PremierAgile.

    "Pulse of the Profession Beyond Agility." Project Management Institute.

    R, Ramki. "Pros and Cons of Scaled Agile Framework (SAFe)." Medium, 3 Mar. 2019.

    R, Ramki. "When Should You Consider Implementing SAFe (Scaled Agile Framework)?" Medium, Medium, 3 Mar. 2019.

    Rigby, Darrell, Jeff Sutherland, and Andy Noble. "Agile at Scale: How to go from a few teams to hundreds." Harvard Business Review, 2018.

    "SAFe Implementation Roadmap." Scaled Agile Framework, Scaled Agile, Inc., 14 Mar. 2023.

    "SAFe Partner Cprime: SAFe Implementation Roadmap: Scaled Agile." Cprime, 5 Apr. 2023.

    "SAFe: The Good, the Bad, and the Ugly." Project Management Institute.

    "Scaled Agile Framework." Wikipedia, Wikimedia Foundation, 29 Mar. 2023.

    "Scaling Agile Challenges and How to Overcome Them." PremierAgile.

    "SproutLoud - a Case Study of SAFe Agile Planning." Scaled Agile, 29 Nov. 2022.

    "Story." Scaled Agile Framework, 13 Apr. 2023.

    Sutherland , Jeff. "Scrum: How to Do Twice as Much in Half the Time." Tedxaix, YouTube, 7 July 2014.

    Venema, Marjan. "6 Scaled Agile Frameworks - Which One Is Right for You?" NimbleWork, 23 Dec. 2022.

    Warner, Rick. "Scaled Agile: What It Is and Why You Need It." High-Performance Low-Code for App Development, OutSystems, 25 Oct. 2019.

    Watts, Stephen, and Kirstie Magowan. "The Scaled Agile Framework (SAFE): What to Know and How to Start." BMC Blogs, 9 Sept. 2020.

    "What Is SAFe? The Scaled Agile Framework Explained." CIO, 9 Feb. 2021.

    "Why Agile Transformations Fail: Four Common Culprits." Planview.

    "Why You Should Use SAFe (and How to Find SAFe Training to Help)." Easy Agile.

    Y., H. "Story Points vs. 'Ideal Days.'" Cargo Cultism, 19 Aug. 2010.

    Bibliography

    Enable Organization-Wide Collaboration by Scaling Agile

    Ambler, Scott W. "Agile Architecture: Strategies for Scaling Agile Development." Agile Modeling, 2012.

    - - -. "Comparing Approaches to Budgeting and Estimating Software Development Projects." AmbySoft.

    - - -. "Agile and Large Teams." Dr. Dobb's, 17 Jun 2008.

    Ambler, Scott W. and Mark Lines. Disciplined Agile Delivery: A Practitioner's Guide to Agile Software Delivery in the Enterprise. IBM Press, 2012.

    Ambler, Scott W., and Mark Lines. "Scaling Agile Software Development: Disciplined Agility at Scale." Disciplined Agile Consortium White Paper Series, 2014.

    AmbySoft. "2014 Agile Adoption Survey Results." Scott W. Ambler + Associates, 2014.

    Bersin, Josh. "Time to Scrap Performance Appraisals?" Forbes Magazine, 5 June 2013. Accessed 30 Oct. 2013..

    Cheese, Peter, et al. " Creating an Agile Organization." Accenture, Oct. 2009. Accessed Nov. 2013..

    Croxon, Bruce, et al. "Dinner Series: Performance Management with Bruce Croxon from CBC's 'Dragon's Den.'" HRPA Toronto Chapter. Sheraton Hotel, Toronto, ON, 12 Nov. 2013. Panel discussion.

    Culbert, Samuel. "10 Reasons to Get Rid of Performance Reviews." Huffington Post Business, 18 Dec. 2012. Accessed 28 Oct. 2013.

    Denning, Steve. "The Case Against Agile: Ten Perennial Management Objections." Forbes Magazine, 17 Apr. 2012. Accessed Nov. 2013.

    Estis, Ryan. "Blowing up the Performance Review: Interview with Adobe's Donna Morris." Ryan Estis & Associates, 17 June 2013. Accessed Oct. 2013.

    Heikkila et al. "A Revelatory Case Study on Scaling Agile Release Planning." EUROMICRO Conference on Software Engineering and Advanced Applications (SEAA), 2010.

    Holler, Robert, and Ian Culling. "From Agile Pilot Project to Enterprise-Wide Deployment: Five Sure-Fire Ways To Fail When You Scale." VersionOne, 2010.

    Kniberg, Henrik, and Anders Ivarsson, "Scaling Agile @ Spotify," Unified Communications and Collaborations, 2012.

    Narayan, Sriram. "Agile IT Organization Design: For Digital Transformation and Continuous Delivery." Addison-Wesley Professional, 2015.

    Shrivastava, NK, and Phillip George. "Scaling Agile." RefineM, 2015.

    Sirkia, Rami, and Maarit Laanti. "Lean and Agile Financial Planning." Scaled Agile Framework Blog, 2014.

    Scaled Agile Framework (SAFe). "Agile Architecture." Scaled Agile Inc., 2015.

    VersionOne. 9th Annual: State of Agile Survey. VersionOne, LLC, 2015.

    Appendix A: Supporting Info-Tech Research

    Transformation topics and supporting research to make your journey easier, with less rework

    Supporting research and services

    Improving IT Alignment

    Build a Business-Aligned IT Strategy
    Success depends on IT initiatives clearly aligned to business goals, IT excellence, and driving technology innovation.

    Make Your IT Governance Adaptable
    Governance isn't optional, so keep it simple and make it flexible.

    Create an IT View of the Service Catalog
    Unlock the full value of your service catalog with technical components.

    Application Portfolio Management Foundations
    Ensure your application portfolio delivers the best possible return on investment.

    Shifting Toward Agile DevOps

    Agile/DevOps Research Center
    Access the tools and advice you need to be successful with Agile.

    Develop Your Agile Approach for a Successful Transformation
    Understand Agile fundamentals, principles, and practices so you can apply them effectively in your organization.

    Implement DevOps Practices That Work
    Streamline business value delivery through the strategic adoption of DevOps practices.

    Perform an Agile Skills Assessment
    Being Agile isn't about processes, it's about people.

    Define the Role of Project Management in Agile and Product-Centric Delivery
    Projects and products are not mutually exclusive.

    Shifting Toward Product Management

    Make the Case for Product Delivery
    Align your organization on the practices to deliver what matters most.

    Deliver on Your Digital Product Vision
    Build a product vision your organization can take from strategy through execution.

    Deliver Digital Products at Scale
    Deliver value at the scale of your organization through defining enterprise product families.

    Mature and Scale Product Ownership
    Strengthen the product owner role in your organization by focusing on core capabilities and proper alignment.

    Build a Value Measurement Framework
    Focus product delivery on business value- driven outcomes.

    Improving Value and Delivery Metrics

    Build a Value Measurement Framework
    Focus product delivery on business value-driven outcomes.

    Create a Holistic IT Dashboard
    Mature your IT department by measuring what matters.

    Select and Use SDLC Metrics Effectively
    Be careful what you ask for, because you will probably get it.

    Reduce Time to Consensus With an Accelerated Business Case
    Expand on the financial model to give your initiative momentum.

    Improving Governance, Prioritization, and Value

    Make Your IT Governance Adaptable
    Governance isn't optional, so keep it simple and make it flexible.

    Maximize Business Value From IT Through Benefits Realization
    Embed benefits realization into your governance process to prioritize IT spending and confirm the value of IT.

    Drive Digital Transformation With Platform Strategies
    Innovate and transform your business models with digital platforms.

    Succeed With Digital Strategy Execution
    Building a digital strategy is only half the battle: create a systematic roadmap of technology initiatives to execute the strategy and drive digital transformation.

    Build a Value Measurement Framework
    Focus product delivery on business value-driven outcomes.

    Create a Holistic IT Dashboard
    Mature your IT department by measuring what matters.

    Improving Requirements Management and Quality Assurance

    Requirements Gathering for Small Enterprises
    Right-size the guidelines of your requirements gathering process.

    Improve Requirements Gathering
    Back to basics: great products are built on great requirements.

    Build a Software Quality Assurance Program
    Build quality into every step of your SDLC.

    Automate Testing to Get More Done
    Drive software delivery throughput and quality confidence by extending your automation test coverage.

    Manage Your Technical Debt
    Make the case to manage technical debt in terms of business impact.

    Create a Business Process Management Strategy
    Avoid project failure by keeping the "B" in BPM.

    Build a Winning Business Process Automation Playbook
    Optimize and automate your business processes with a user-centric approach.

    Improving Release Management

    Optimize Applications Release Management
    Build trust by right-sizing your process using appropriate governance.

    Streamline Application Maintenance
    Effective maintenance ensures the long-term value of your applications.

    Streamline Application Management
    Move beyond maintenance to ensure exceptional value from your apps.

    Optimize IT Change Management
    Right-size IT change management to protect the live environment.

    Manage Your Technical Debt
    Make the case to manage technical debt in terms of business impact.

    Improve Application Development Throughput
    Drive down your delivery time by eliminating development inefficiencies and bottlenecks while maintaining high quality.

    Improving Business Relationship Management

    Embed Business Relationship Management in IT
    Show that IT is worthy of Trusted Partner status.

    Mature and Scale Product Ownership
    Strengthen the product owner role in your organization by focusing on core capabilities and proper alignment.

    Improving Security

    Build an Information Security Strategy
    Create value by aligning your strategy to business goals and business risks.

    Develop and Deploy Security Policies
    Enhance your overall security posture with a defensible and prescriptive policy suite.

    Simplify Identity and Access Management
    Leverage risk- and role-based access control to quantify and simplify the identity and access management (IAM) process.

    Improving and Supporting Business-Managed Applications

    Embrace Business-Managed Applications
    Empower the business to implement their own applications with a trusted business-IT relationship.

    Enhance Your Solution Architecture Practices
    Ensure your software systems solution is architected to reflect stakeholders' short- and long-term needs.

    Satisfy Digital End Users With Low- and No-Code
    Extend IT, automation, and digital capabilities to the business with the right tools, good governance, and trusted organizational relationships.

    Build Your First RPA Bot
    Support RPA delivery with strong collaboration and management foundations.

    Automate Work Faster and More Easily With Robotic Process Automation
    Embrace the symbiotic relationship between the human and digital workforce.

    Improving Business Intelligence, Analytics, and Reporting

    Modernize Data Architecture for Measurable Business Results
    Enable the business to achieve operational excellence, client intimacy, and product leadership with an innovative, agile, and fit-for-purpose data architecture practice.

    Build a Reporting and Analytics Strategy
    Deliver actionable business insights by creating a business-aligned reporting and analytics strategy.

    Build Your Data Quality Program
    Quality data drives quality business decisions.

    Design Data-as-a-Service
    Journey to the data marketplace ecosystems.

    Build a Robust and Comprehensive Data Strategy
    Learn about the key to building and fostering a data-driven culture.

    Build an Application Integration Strategy
    Level the table before assembling the application integration puzzle or risk losing pieces.

    Appendix B: SDLC Transformation Steps

    Waterfall SDLC

    Valuable product delivered at the end of an extended project lifecycle, frequently in years

    Waterfall SDLC

    • Business is separated from the delivery of technology it needs. Only one-third of the product is actually valuable (ITRG, N=40,000).
    • In Waterfall, a team of experts in specific disciplines hand off different aspects of the lifecycle.
    • Document sign-offs are required to ensure integration between silos (Business, Development, and Operations) and individuals.
    • A separate change-request process lays over the entire lifecycle to prevent changes from disrupting delivery.
    • Tools are deployed to support a specific role (e.g. BA) and seldom integrated (usually requirements <-> test).

    Wagile/Agifall/WaterScrumFall SDLC

    Valuable product delivered in multiple releases

     Wagile/Agifall/WaterScrumFall SDLC

    • Business is more closely integrated by a business product owner, who is accountable for day-to-day delivery of value for users.
    • The team collaborates and develops cross-functional skills as they define, design, build, and test code over time.
    • Sign-offs are reduced but documentation is still focused on satisfying project delivery and operations policy requirements.
    • Change is built into the process to allow the team to respond to change dynamically.
    • Tools start to be integrated to streamline delivery (usually requirements and Agile work management tools).

    Agile SDLC

    Valuable product delivered iteratively: frequency depends Ops' capacity

    Agile SDLC

    • Business users are closely integrated through regularly scheduled demos (e.g. every two weeks).
    • Team is fully cross-functional and collaborates to plan, define, design, build, and test the code, supported by specialists.
    • Documentation is focused on future development and operations needs.
    • Change is built into the process to allow the team to respond to change dynamically.
    • Automation is explored for application development (e.g. automated regression testing).

    Agile With DevOps SDLC

    High frequency iterative delivery of valuable product (e.g. every two weeks)

     Agile With DevOps SDLC

    • Business users are closely integrated through regularly scheduled demos.
    • Development and operations teams collaborate to plan, define, design, build, test, and deploy code, supported by automation.
    • Documentation is focused on supporting users, future changes, and operational support.
    • Change is built into the process to allow the team to respond to change dynamically.
    • Test, build, deploy process is fully automated. (Service desk is still separated.)

    DevOps SDLC

    Continuous integration and delivery

     DevOps SDLC

    • Business users are closely integrated through regularly scheduled demos.
    • Fully integrated DevOps team collaborates to plan, define, design, build, test, deploy, and maintain code.
    • Documentation is focused on future development and use adoption.
    • Change is built into the process to allow the team to respond to change dynamically.
    • Development and operations toolchain are fully integrated.

    Fully integrated product SDLC

    Agile + DevOps + continuous delivery of valuable product on demand

     Fully integrated product SDLC

    • Business users are fully integrated with the teams through dedicated business product owner.
    • Cross-functional teams collaborate across the business and technical life of the product.
    • Documentation supports internal and external needs (business, users, operations).
    • Change is built into the process to allow the team to respond to change dynamically.
    • Toolchain is fully integrated (including service desk).

    Appendix C: Understanding Agile Scrum Practices and Ceremonies

    Cultural advantages of Agile

    Cultural advantages of Agile

    Agile* SDLC

    With shared ownership instead of silos, we are able to deliver value at the end of every iteration (aka sprint)

    Agile SDLC

    Key Elements of the Agile SDLC

    • You are not "one and done." There are many short iterations with constant feedback.
    • There is an empowered product owner. This is a single authoritative voice who represents stakeholders.
    • There is a fluid product backlog. This enables prioritization of requirements "just-in-time."
    • There is a cross-functional, self-managing team. This team makes commitments and is empowered by the organization to do so.
    • There is working, tested code at the end of each sprint: Value becomes more deterministic along sprint boundaries.
    • Stakeholders are allowed to see and use the functionality and provide necessary feedback.
    • Feedback is being continuously injected back into the product backlog. This shapes the future of the solution.
    • There is continuous improvement through sprint retrospectives.
    • The virtuous cycle of sprint-demo-feedback is internally governed when done right.

    * There are many Agile methodologies to choose from, but Scrum is by far the most widely used (and is shown above).

    Understand the Scrum process

    The scrum process coordinates multiple stakeholders to deliver on business priorities.

    Understand the Scrum process

    Understand the ceremonies part of the scrum process

     Understand the ceremonies part of the scrum process

    Scrum vs. Kanban: Key differences

    Scrum vs. Kanban: Key differences

    Scrum vs. Kanban: When to use each

    Scrum

    Related or grouped changes are delivered in fixed time intervals.

    Use when:

    • Coordinating the development or release of related items
    • Maturing a product or service
    • Coordinating interdependencies between work items

    Kanban

    Independent items are delivered as soon as each is ready.

    Use when:

    • Completing work items from ticketing or individual requests
    • Completing independent changes
    • Releasing changes as soon as possible

    Appendix D: Improving Product Management

    Product delivery realizes value for your product family

    While planning and analysis are done at the family level, work and delivery are done at the individual product level.

    Product delivery realizes value for your product family

    Manage and communicate key milestones

    Successful product-delivery managers understand and define key milestones in their product-delivery lifecycles. These milestones need to be managed along with the product backlog and roadmap.

    Manage and communicate key milestones

    Info-Tech Best Practice
    Product management is not just about managing the product backlog and development cycles. Teams need to manage key milestones, such as learning milestones, test releases, product releases, phase gates, and other organizational checkpoints.

    A backlog stores and organizes product backlog items (PBIs) at various stages of readiness

    Organize product backlog at various stages of readiness

    A well-formed backlog can be thought of as a DEEP backlog:

    Detailed Appropriately: PBIs are broken down and refined as necessary.

    Emergent: The backlog grows and evolves over time as PBIs are added and removed.

    Estimated: The effort that a PBI requires is estimated at each tier.

    Prioritized: A PBI's value and priority are determined at each tier.

    Source: Perforce, 2018

    Backlog tiers facilitate product planning steps

    Ranging from the intake of an idea to a PBI ready for development; to enter the backlog, each PBI must pass through a given quality filter.

    Backlog tiers facilitate product planning steps

    Each activity is a variation of measuring value and estimating effort in order to validate and prioritize a PBI.

    A PBI successfully completes an activity and moves to the next backlog tier when it meets the appropriate criteria. Quality filters should exist between each tier.

    Use quality filters to ensure focus on the most important PBIs

    Expand the concepts of defining "ready" and "done" to include the other stages of a PBI's journey through product planning.

    Use quality filters to ensure focus on the most important PBIs

    Info-Tech Best Practice
    A quality filter ensures that quality is met and the appropriate teams are armed with the correct information to work more efficiently and improve throughput.

    Define product value by aligning backlog delivery with roadmap goals

    In each product plan, the backlogs show what you will deliver. Roadmaps identify when and in what order you will deliver value, capabilities, and goals.

    Define product value by aligning backlog delivery with roadmap goals

    Product roadmaps guide delivery and communicate your strategy

    In "Deliver on Your Digital Product Vision," we demonstrate how a product roadmap is core to value realization. The product roadmap is your communicated path. As a product owner, you use it to align teams and changes to your defined goals, as well as your product to enterprise goals and strategy.

    Product roadmaps guide delivery and communicate your strategy

    Info-Tech Insight
    The quality of your product backlog - and your ability to realize business value from your delivery pipeline - is directly related to the input, content, and prioritization of items in your product roadmap.

    Info-Tech's approach

    Operationally align product delivery to enterprise goals

    Operationally align product delivery to enterprise goals

    The Info-Tech Difference

    Create a common definition of what a product is and identify the products in your inventory.

    Use scaling patterns to build operationally aligned product families.

    Develop a roadmap strategy to align families and products to enterprise goals and priorities.

    Use products and families to assess value realization.

    Looking at Risk in a New Light: The Six Pillars of Vendor Risk Management

    • Buy Link or Shortcode: {j2store}209|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management

    • Moreso than at any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.
    • It is increasingly likely that one of an organization's vendors, or their n-party support vendors, will cause an incident. Organizations must protect themselves by creating better mechanisms to hold their n-party vendors accountable and validate that they comply.

    Our Advice

    Critical Insight

    • Identifying and managing a vendor’s potential risk impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes may affect your organization.
    • Organizational leadership is often taken unaware by changes, and their plans lack the flexibility to adjust to significant regulatory upheavals.

    Impact and Result

    • Vendor management practices educate organizations on the different potential risks from vendors in your market and suggest creative and alternative ways to avoid and help manage them.
    • Prioritize and classify your vendors with quantifiable, standardized rankings.
    • Prioritize focus on your high-risk vendors.
    • Standardize your processes for identifying and monitoring vendor risks with our Comprehensive Risk Impact Tool to manage potential impacts.

    Looking at Risk in a New Light: The Six Pillars of Vendor Risk Management Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Looking at Risk in a New Light: The Six Pillars of Vendor Risk Management – Use the research to better understand the negative impacts of vendor actions to your organization

    Use this research to identify and quantify the potential risk impacts caused by vendors. Utilize Info-Tech's approach to look at the impact from various perspectives to better prepare for issues that may arise.

    • Looking at Risk in a New Light: The Six Pillars of Vendor Risk Management Storyboard

    2. Comprehensive Risk Impact Tool – Use this tool to help identify and quantify the impacts of negative vendor actions.

    By playing the “what if” game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    • Comprehensive Risk Impact Tool
    [infographic]

    Further reading

    Looking at Risk in a New Light: The Six Pillars of Vendor Risk Management

    Approach vendor risk impact assessments from all perspectives.

    Analyst Perspective

    Organizations must comprehensively understand the impacts vendors may cause through different potential actions.

    Frank Sewell

    The risks from the vendor market have become more prevalent as the technologies and organizational strategies shift to a global direction. With this shift in risk comes a necessary perspective change to align with the greater likelihood of an incident occurring from vendors' (or one of their downstream support vendor's) negative actions.

    Organizational leadership must become more aware of the increasing risks that engaging vendors impose. To do so, they need to make informed decisions, which can only be provided by engaging expert resources in their organizations to compile a comprehensive look at potential risk impacts.

    Frank Sewell

    Research Director, Vendor Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    More so than at any other time, our world is changing. As a result organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.

    It is increasingly likely that one of your vendors, or their n-party support vendors, will cause an incident. Organizations must protect themselves by creating better mechanisms to hold their n-party vendors accountable and validate that they comply.

    Common Obstacles

    Identifying and managing a vendor’s potential risk impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes may affect your organization.

    Organizational leadership is often taken unaware by changes, and their plans lack the flexibility to adjust to significant regulatory upheavals.

    Info-Tech's Approach

    Vendor management practices educate organizations on the different potential risks from vendors in your market and suggest creative and alternative ways to avoid and help manage them.

    Prioritize and classify your vendors with quantifiable, standardized rankings.

    Prioritize focus on your high-risk vendors.

    Standardize your processes for identifying and monitoring vendor risks with our Comprehensive Risk Impact Tool to manage potential impacts.

    Info-Tech Insight

    Organizations must evolve their risk assessments to be more adaptive to respond to changes in the global market. Ongoing monitoring and continual assessment of vendors’ risks is crucial to avoiding negative impacts.

    Info-Tech’s multi-blueprint series on vendor risk assessment

    There are many individual components of vendor risk beyond cybersecurity.`

    6 components of vendor risk beyond cybersecurity.  Financial, Reputational, Operational, Strategic, Security, Regulatory & Compliance.

    This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.

    Out of Scope:
    This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.

    The world is constantly changing

    The IT market is constantly reacting to global influences. By anticipating changes, leaders can set expectations and work with their vendors to accommodate them.

    When the unexpected happens, being able to adapt quickly to new priorities ensures continued long-term business success.

    Below are some things no one expected to happen in the last few years:

    62%

    of IT professionals are more concerned about being a victim of ransomware than they were a year ago.

    Info-Tech Tech Trends Survey 2022

    82%

    of Microsoft non-essential employees shifted to working from home in 2020, joining the 18% already remote.

    Info-Tech Tech Trends Survey 2022

    89%

    of organizations invested in web conferencing technology to facilitate collaboration.

    Info-Tech Tech Trends Survey 2022

    Looking at Risk in a New Light:

    the 6 Pillars of Vendor Risk Management

    Vendor Risk

    • Financial

    • Strategic

    • Operational

    • Security

    • Reputational

    • Regulatory

    • Organizations must review their risk appetite and tolerance levels, considering their complete landscape.
    • Changing regulations, acquisitions, and events that affect global supply chains are current realities, not unlikely scenarios.
    • Prepare your vendor risk management for success using due diligence and scenario- based “What If” discussions to bring all the relevant parties to the table and educate your whole organization on risk factors.
    Assessing Financial Risk Impacts

    Strategic risks on a global scale

    Odds are at least one of these is currently affecting your strategic plans

    • Vendor Acquisitions
    • Global Pandemic
    • Global Shortages
    • Gas Prices
    • Poor Vendor Performance
    • Travel Bans
    • War
    • Natural Disasters
    • Supply Chain Disruptions
    • Security Incidents

    Make sure you have the right people at the table to identify and plan to manage impacts.

    Assess internal and external operational risk impacts

    Two sides of the same coin

    Internal

    • Poorly vetted supplemental staff
    • Bad system configurations
    • Lack of relevant skills
    • Poor vendor performance
    • Failure to follow established processes
    • Weak contractual accountability
    • Unsupportable or end-of-life system components

    External

    • Cyberattacks
    • Supply Chain Issues
    • Geo-Political Disruptions
    • Vendor Acquisitions
    • N-Party Non-Compliance
    • Vendor Fraud

    Operational risk is the risk of losses caused by flawed or failed processes, policies, systems, or events that disrupt business operations.

    Identify and manage security risk impacts on your organization

    Due diligence will enable successful outcomes

    • Poor vendor performance
    • Vendor acquisition
    • Supply chain disruptions and shortages
    • N-party risk
    • Third-party risk

    What your vendor associations say about you

    Reputations that affect your brand: Bad customer reviews, breach of data, poor security posture, negative news articles, public lawsuits, poor performance.

    Regulatory compliance

    Consider implementing vendor management initiatives and practices in your organization to help gain compliance with your expanding vendor landscape.

    Your organizational risks may be monitored but are your n-party vendors?

    6 components of vendor risk beyond cybersecurity.  Financial, Reputational, Operational, Strategic, Security, Regulatory & Compliance.

    Review your expectations with your vendors and hold them accountable

    Regulatory entities are looking beyond your organization’s internal compliance these days. Instead, they are more and more diving into your third-party and downstream relationships, particularly as awareness of downstream breaches increases globally.

    • Are you assessing your vendors regularly?
    • Are you validating those assessments?
    • Do your vendors have a map of their downstream support vendors?
    • Do they have the mechanisms to hold those downstream vendors accountable to your standards?

    Identify and manage risks

    Regulatory

    Regulatory agencies are putting more enforcement around ESG practices across the globe. As a result, organizations will need to monitor the changing regulations and validate that their vendors and n-party support vendors are adhering to these regulations or face penalties for non-compliance.

    Security-Data protection

    Data protection remains an issue. Organizations should ensure that the data their vendors obtain remains protected throughout the vendor’s lifecycle, including post-termination. Otherwise, they could be monitoring for a data breach in perpetuity.

    Mergers and acquisitions

    More prominent vendors continuously buy smaller companies to control the market in the IT industry. Organizations should put protections in their contracts to ensure that an IT vendor’s acquisition does not put them in a relationship with someone that could cause them an issue.

    Identify and manage risks

    Poor vendor performance

    Consider the impact of a vendor that fails to perform midway through the implementation. Organizations need to be able to manage the impact of replacing that vendor and cutting their losses rather than continuing to throw good money away after bad performance.

    Supply chain disruptions and global shortages

    Geopolitical disruptions and natural disasters have caused unprecedented interruptions to business. Incorporate forecasting of product and ongoing business continuity planning into your strategic plans to adapt as events unfold.

    Poorly configured systems

    Failing to ensure that your vendor-supported systems are properly configured and that your vendors are meeting your IT change control and configuration standards is more commonplace than expected. Proper oversight and management of your support vendors is crucial to ensure they are meeting expectations in this regard.

    What to look for

    Identify potential risk impacts

    • Is there a record of complaints against the vendor from their employees or customers?
    • Is the vendor financially sound, with the resources to support your needs?
    • Has the vendor been cited for regulatory compliance issues in the past?
    • Does the vendor have a comprehensive list of their n-party vendor partners?
      • Are they willing to accept appropriate contractual protections regarding them?
    • Does the vendor self-audit, or do they use a vetted third-party audit firm to issue a SOC report annually?
    • Does the vendor operate in regions known for instability?
    • Is the vendor willing to make concessions on contractual protections, or are they only offering one-sided agreements with as-is warranties?

    Prepare your vendor risk management for success

    Due diligence will enable successful outcomes.

    1. Obtain top-level buy-in; it is critical to success.
    2. Build enterprise risk management (ERM) through incremental improvement.
    3. Focus initial efforts on the “big wins” to prove the process works.
    4. Use existing resources.
    5. Build on any risk management activities that already exist in the organization.
    6. Socialize ERM throughout the organization to gain additional buy-in.
    7. Normalize the process long term with ongoing updates and continuing education for the organization.
    8. (Adapted from COSO)

    How to assess third-party risk

    1. Review organizational risks

      Understand the organizations risks to prepare for the “What If” game exercise.
    2. Identify and understand potential risks

      Play the “What If” game with the right people at the table.
    3. Create a risk profile packet for leadership

      Pull all the information together in a presentation document.
    4. Validate the risks

      Work with leadership to ensure that the proposed risks are in line with their thoughts.
    5. Plan to manage the risks

      Lower the overall risk potential by putting mitigations in place.
    6. Communicate the plan

      It is important not only to have a plan but also to socialize it in the organization for awareness.
    7. Enact the plan

      Once the plan is finalized and socialized, put it in place with continued monitoring for success.

    Adapted from Harvard Law School Forum on Corporate Governance

    Insight summary

    Risk impacts often come from unexpected places and have significant consequences.

    Knowing who your vendors are using for their support and supply chain could be crucial in eliminating the risk of non-compliance for your organization.

    Having a plan to identify and validate the regulatory compliance of your vendors is a must for any organization to avoid penalties.

    Insight 1

    Organizations’ strategic plans need to be adaptable to avoid vendors’ negative actions causing an expedited shift in priorities.

    For example, Philips’ recall of ventilators impacted its products and the availability of its competitors’ products as demand overwhelmed the market.

    Insight 2

    Organizations often fail to understand how n-party vendors could place them in non-compliance.

    Even if you know your complete third-party vendor landscape, you may not be aware of the downstream vendors in play. Ensure that you get visibility into this space as well, and hold your direct vendors accountable for the actions of their vendors.

    Insight 3

    Organizations need to know where their data lives and ensure it is protected.

    Make sure you know which vendors are accessing/storing your data, where they are keeping it, and that you can get it back and have the vendors destroy it when the relationship is over. Without adequate protections throughout the lifecycle of the vendor, you could be monitoring for breaches in perpetuity.

    Insight summary

    Assessing financial impacts is an ongoing, educative, and collaborative multidisciplinary process that vendor management initiatives are uniquely designed to coordinate and manage for organizations.

    Operational risk impacts often come from unexpected places and have unforeseen impacts. Knowing where your vendors place in critical business processes and those vendors' business continuity plans concerning your organization should be a priority for those managing the vendors.

    Insight 4

    Organizations need to learn how to assess the likelihood of potential risks in the rapidly changing online environments and recognize how their partnerships and subcontractors’ actions can affect their brand.

    For example, do you understand how a simple news article raises your profile for short-term and long-term adverse events?

    Insight 5

    Organizations fail to plan for vendor acquisitions appropriately.

    Vendors routinely get acquired in the IT space. Does your organization have appropriate safeguards from inadvertently entering a negative relationship? Do you have plans for replacing critical vendors purchased in such a manner?

    Insight 6

    Vendors are becoming more and more crucial to organizations’ overall operations, and most organizations have a poor understanding of the potential impacts they represent.

    Is your vendor solvent? Do they have enough staff to accommodate your needs? Has their long-term planning been affected by changes in the market? Are they unique in their space?

    Identifying vendor risk

    Who should be included in the discussion?

    • While it is true that executive-level leadership defines the strategy for an organization, it is vital for those making decisions to make informed decisions.
    • Getting input from operational experts at your organization will enhance your business's long-term potential for success.
    • Involving those who directly manage vendors and understand the market will aid operational experts in determining the forward path for relationships with your current vendors and identifying emerging potential strategic partners.
    • Make sure security, risk, and compliance are all at the table. These departments all look at risk from different angles for the business and give valuable insight collectively.
    • Organizations have a wealth of experience in their marketing departments that can help identify real-world scenarios of negative actions.

    See the blueprint Build an IT Risk Management Program

    Review your risk management plans for new risks on a regular basis.

    Keep in mind Risk =
    Likelihood x Impact

    (R=L*I).

    Impact (I) tends to remain the same, while Likelihood (L) is becoming closer to 100% as threat actors become more prevalent.

    Managing vendor risk impacts

    How could your vendors impact your organization?

    • Review vendors’ downstream connections to understand thoroughly who you are in business with
    • Institute continuous vendor lifecycle management
    • Develop IT risk governance and change control
    • Introduce continual risk assessment to monitor the relevant vendor markets
    • Monitor and schedule contract renewals and new service/module negotiations
    • Perform business alignment meetings to reassess relationships
    • Ensure strategic alignment in contracts
    • Review vendors’ business continuity plans and disaster recovery testing
    • Re-evaluate corporate policies frequently
    • Monitor your company’s and associated vendors’ online presence
    • Be adaptable and allow for innovations that arise from the current needs
      • Capture lessons learned from prior incidents to improve over time, and adjust your plans accordingly

    Organizations must review their risk appetite and tolerance levels, considering their complete landscape.

    Changing regulations, acquisitions, new security issues, and events that affect global supply chains are current realities, not unlikely scenarios.

    Ongoing Improvement

    Incorporating lessons learned.

    • Over time, despite everyone’s best observations and plans, incidents will catch us off guard.
    • When that happens, follow your incident response plans and act accordingly.
    • An essential step is to document what worked and what did not – collectively known as the “lessons learned.”
    • Use the lessons learned document to devise, incorporate, and enact a better risk management process.

    Sometimes disasters occur despite our best plans to manage them.

    When this happens, it is important to document the lessons learned and improve our plans going forward.

    The "what if" game

    1-3 hours

    Vendor management professionals are in an excellent position to help senior leadership identify and pull together resources across the organization to determine potential risks. By playing the "what if" game and asking probing questions to draw out – or eliminate – possible adverse outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    1. Break into smaller groups (if too small, continue as a single group).
    2. Use the Comprehensive Risk Impact Tool to prompt discussion on potential risks. Keep this discussion flowing organically to explore all potentials but manage the overall process to keep the discussion pertinent and on track.
    3. Collect the outputs and ask the subject matter experts (SMEs) for management options for each one in order to present a comprehensive risk strategy. You will use this to educate senior leadership so that they can make an informed decision to accept or reject the solution.

    Download the Comprehensive Risk Impact Tool

    Input

    • List of identified potential risk scenarios scored by impact
    • List of potential mitigations of the scenarios to reduce the risk

    Output

    • Comprehensive risk profile on the specific vendor solution

    Materials

    • Whiteboard/flip charts
    • Comprehensive Risk Impact Tool to help drive discussion

    Participants

    • Vendor Management – Coordinator
    • Organizational Leadership
    • Operations Experts (SMEs)
    • Business Process Experts
    • Legal/Compliance/Risk Manager

    High risk example from tool

    High risk example from Tool.  Shows sample questions to ask to identify impacts, their associated score, weight, and comments or notes.

    Note: Even though a few items are “scored” they have not been added to the overall weight, signaling that the company has noted but does not necessarily hold them against the vendor.

    How to mitigate:

    • Contractually insist that the vendor have a third-party security audit performed annually with the stipulation that they will not denigrate below your acceptable standards.
    • At renewal negotiate better contractual terms and protections for your organization.

    Low risk example from tool

    Low risk example from Tool.  Shows sample questions to ask to identify impacts, their associated score, weight, and comments or notes.

    Summary

    Seek to understand all potential risk impacts to better prepare your organization for success.

    • Organizations need to understand and map out their entire vendor landscape.
    • Understand where all your data lives and how you can control it throughout the vendor lifecycle.
    • Organizations need to be realistic about the likelihood of potential risks in the changing global world.
    • Those organizations that consistently follow their established risk-assessment and due-diligence processes are better positioned to avoid penalties.
    • Understand how your vendors prioritize your organization in their business continuity processes.
    • Bring the right people to the table to outline potential risks in the market and your organization.
    • Socialize the third-party vendor risk management process throughout the organization to heighten awareness and enable employees to help protect the organization.
    • Organizations need to learn how to assess the likelihood of potential risks in the changing global markets and recognize how their partnerships and subcontracts affect their brand.
    • Incorporate lessons learned from prior incidents into your risk management process to build better plans for future issues.

    Organizations must evolve their risk assessments to be more meaningful to respond to global changes in the market.

    Organizations should increase the resources dedicated to monitoring the market as regulatory agencies continue to hold them more and more accountable.

    Bibliography

    Olaganathan, Rajee. “Impact of COVID-19 on airline industry and strategic plan for its recovery with special reference to data analytics technology.” Global Journal of Engineering and Technology Advances, vol 7, no 1, 2021, pp. 033-046.

    Tonello, Matteo. “Strategic Risk Management: A Primer for Directors.” Harvard Law School Forum on Corporate Governance, 23 Aug. 2012.

    Frigo, Mark L., and Richard J. Anderson. “Embracing Enterprise Risk Management: Practical Approaches for Getting Started.” COSO, 2011.

    Weak Cybersecurity is taking a toll on Small Businesses (tripwire.com)

    SecureLink 2022 White Paper SL_Page_EA+PAM (rocketcdn.me)

    Shared Assessments Member Poll March 2021 "Guide: Evolving Work Environments Impact of Covid-19 on Profile and Management of Third Parties“

    “Cybersecurity only the tip of the iceberg for third-party risk management”. Help Net Security, April 21, 2021. Accessed: 2022-07-29.

    “Third-Party Risk Management (TPRM) Managed Services”. Deloitte, 2022. Accessed: 2022-07-29.

    “The Future of TPRM: Third Party Risk Management Predictions for 2022”. OneTrust, December 20th2021. Accessed 2022-07-29.

    “Third Party Vendor definition”. Law Insider, Accessed 2022-07-29.

    “Third Party Risk”. AWAKE Security, Accessed 2022-07-29.

    Glidden, Donna. "Don't Underestimate the Need to Protect Your Brand in Publicity Clauses", Info-Tech Research Group, June 2022.

    Greenaway, Jordan. "Managing Reputation Risk: A start-to-finish guide", Transmission Private, July 2022. Accessed June 2022.

    Jagiello, Robert D, and Thomas T Hills. “Bad News Has Wings: Dread Risk Mediates Social Amplification in Risk Communication. ”Risk analysis : an official publication of the Society for Risk Analysis vol. 38,10 (2018): 2193-2207.doi:10.1111/risa.13117

    Kenton, Will. "Brand Recognition", Investopedia, August 2021. Accessed June 2022. Lischer, Brian. "How Much Does it Cost to Rebrand Your Company?", Ignyte, October 2017. Accessed June 2022.

    "Powerful Examples of How to Respond to Negative Reviews", Review Trackers, February 2022. Accessed June 2022.

    "The CEO Reputation Premium: Gaining Advantage in the Engagement Era", Weber Shadwick, March 2015. Accessed on June 2022.

    "Valuation of Trademarks: Everything You Need to Know",UpCounsel, 2022. Accessed June 2022.

    Related Info-Tech Research

    Identify and Manage Financial Risk Impacts on Your Organization

    • Vendor management practices educate organizations on potential financial impacts that vendors may incur and suggest systems to help manage them.
    • Standardize your processes for identifying and monitoring vendor risks to manage financial impacts with our Financial Risk Impact Tool.

    Identify and Manage Reputational Risk Impacts on Your Organization

    • Vendor management practices educate organizations on potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.
    • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your reputation and brand with our Reputational Risk Impact Tool.

    Identify and Manage Strategic Risk Impacts on Your Organization

    • Vendor management practices educate organizations on potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.
    • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your strategic plan with our Strategic Risk Impact Tool.

    Regulatory guidance and industry standards

    Get Started With FinOps

    • Buy Link or Shortcode: {j2store}473|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Cloud Strategy
    • Parent Category Link: /cloud-strategy
    • Runaway cloud costs are wrecking the CIO’s budget, but cloud costs are hard to reign in because vendors are not always up front about the true costs, it’s easy to oversubscribe to services and quickly run up costs with pay-as-you-go service, and cloud bills are complex.
    • While IT isn’t the business owner for cloud services, they often carry the cost of overruns on their budget, and don’t have the skills or influence to more effectively manage cloud costs.
    • Truly optimizing cloud spend and maximizing business value from cloud requires insight and collaboration from IT/engineering, finance, and business owners, but those teams are often siloed and manage their cloud usage or spend differently.

    Our Advice

    Critical Insight

    • The business units that need to collaborate to make FinOps work are often siloed, with different processes, data, metrics and cloud expertise. Coordinating their efforts to encourage shared responsibility can be a big obstacle to overcome.
    • FinOps requires a cultural shift to empower every cloud user to take accountability for cloud cost optimization.
    • To get started with FinOps, it’s essential to first break down those silos and get the multiple teams involved on the same page. Everyone must understand how FinOps is part of their responsibilities.

    Impact and Result

    • Implementing FinOps will lead to improved visibility and control over cloud spend, optimized resource allocation and reduced cloud waste, enhanced transparency, improved forecasting and budgeting, and increased accountability over cloud costs across business units.
    • This blueprint will help you get started with FinOps by identifying the roles involved in FinOps, defining the key activities that must be conducted, and assigning ownership to each task. This will help foster a shared responsibility for FinOps and encourage everyone to work toward common goals.

    Get Started With FinOps Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Get Started With FinOps Deck – A guide to defining and assigning the roles and activities involved in FinOps.

    This storyboard will help you define FinOps roles and structure of the FinOps and other teams, identify key activities, and assign ownership to each. It will also provide guidance on analyzing the results of the RACI chart.

    • Get Started With FinOps Storyboard

    2. FinOps RACI Chart – A tool to help you assess the current state of FinOps activities and assign ownership to each.

    This tool will help you assess the current state of FinOps activities and assign ownership to each activity. Use the outputs of the exercise to define how roles across the organization will be involved in FinOps and where to focus efforts in maturing in FinOps.

    • FinOps RACI Chart
    [infographic]

    Further reading

    Get Started With FinOps

    FinOps goes beyond identifying cloud savings. It empowers every cloud user to maximize the value of their spend.

    Executive Brief

    Analyst Perspective

    The first step of FinOps is collectively realizing that maximizing value is every cloud user's responsibility.

    Natalie Sansone

    Natalie Sansone, PhD
    Research Director, Infrastructure & Operations
    Info-Tech Research Group

    As cloud adoption increases, and with it the complexity of cloud environments, managing and optimizing cloud spend has become both a top challenge and priority for IT organizations. In response, the practice of FinOps has emerged to help organizations maximize the value they get from the cloud. As its popularity surges, organizations are told they must do FinOps, but many feel their practice is not yet mature. One of their biggest obstacles is empowering engineers and other cloud users to work toward this shared goal with other teams.

    To grow and mature your FinOps practice, your first challenge is breaking down silos, encouraging collaboration across varying business units, and getting all cloud users to be accountable for their cloud usage and spend and to understand the shared goals of FinOps. Beyond finding ways to reduce cloud costs, FinOps is a cultural shift that enables better collaboration between distributed teams. It allows them to leverage data to identify opportunities to maximize business value from cloud investments.

    Whether you’re starting the FinOps journey or looking to mature your practice, this blueprint will help you organize by defining the required role and tasks. Then you can work through a collective exercise to ensure everyone understands who is involved and responsible for each activity. You’ll gain the information you need and be better positioned to continuously improve and mature your processes, but success begins with everyone understanding that FinOps is a shared responsibility.

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    • Runaway cloud costs are wrecking the CIO’s budget, but these are hard to rein in because cloud vendors are not always upfront about the true costs. It’s easy to oversubscribe to services and quickly run up costs with pay-as-you-go service and complex bills.
    • While IT isn’t the business owner for cloud services, they often carry the cost of overruns on their budget, and don’t have the skills or influence to more effectively manage cloud costs.
    • Truly optimizing cloud spend and maximizing its business value requires insight and collaboration from IT/engineering, finance, and business owners, but those teams are often siloed and manage their cloud usage/spend differently.
    • IT leaders are instructed to implement a FinOps practice, but don’t truly understand what that is, who needs to be involved, or where to start.
    • Business units that must collaborate to make FinOps work are often siloed and have different processes, data, metrics, and cloud expertise. Coordinating efforts to encourage shared responsibility can be a challenge. FinOps requires a cultural shift to empower every cloud user to take accountability for cost optimization.
    • Lack of visibility into cloud usage, spending patterns, and cost drivers along with inadequate tools to get the required data to drive decision making. This leads to hindered progress.
    • Implementing FinOps will improve visibility and control over cloud spend, optimize resource allocation and reduce waste, enhance transparency, improve forecasting and budgeting, and improve cost accountability across business units.
    • To get started with FinOps, first it’s essential to break down those silos and coordinate the multiple teams involved. Everyone must understand how FinOps is part of their responsibilities.
    • This blueprint will help you identify the roles involved in FinOps, define the key activities that must be conducted, and assign ownership to each task. This will help foster a shared responsibility for FinOps and encourage everyone to work toward common goals.

    Info-Tech Insight

    FinOps is not just about driving cloud savings. It’s a cultural shift empowering every cloud user to maximize the value of their spend. The first step of FinOps is therefore to help everyone understand their share of responsibility.

    What is FinOps?

    Definition

    “FinOps is an evolving cloud financial management discipline and cultural practice that enables organizations to get maximum business value by helping engineering, finance, technology, and business teams to collaborate on data-driven spending decisions.”

    Definition Updated: November 2021 by the FinOps Foundation Technical Advisory Council

    The ultimate purpose of FinOps is to bring business value to your organization by reducing cloud waste.

    • FinOps is the people, processes, and tools you use to eliminate waste and ensure you get the most value from your cloud spend.
    • FinOps is the framework within which teams can operate to ensure they are optimizing their use of cloud resources.
    • FinOps brings financial accountability to cloud spend.
    • FinOps is a culture practice where everyone collaborates and takes ownership for their cloud usage while being supported and governed by a central group. It breaks down silos so teams that haven’t worked closely together in the past collaborate toward shared goals.
    • It brings financial accountability and cultural change to cloud spend by enabling distributed teams to better collaborate and leverage data to decide where/when to invest in cloud for maximum business value.
    • FinOps is not done by an individual or just one team. It’s a change in the way that many disparate teams work together, from engineering to finance to business teams.

    Common misconceptions about FinOps

    FinOps is not

    FinOps is

    • Only about saving money
    • Only focused on activities related to cost optimization
    • IT financial management, which involves tracking and analyzing all costs associated with IT services
    • An activity (or set of activities) done by one person or team
    • Short for financial operations
    • About maximizing value. FinOps is optimizing cloud costs to provide maximum business value and support scalability (sometimes this means investing more money in cloud)
    • FinOps also involves building a culture of accountability, visibility, and collaboration around cloud usage and cost
    • Focused specifically on managing/optimizing cloud costs
    • A cultural shift around how disparate teams work together, people from all areas of the organization can play a role
    • The term is a portmanteau (combination) of Finance and (Dev)Ops, emphasizing the collaboration between business and engineering teams1
    1 “What is FinOps?” FinOps Foundation, 2023

    FinOps’ popularity has exploded in recent years

    2012 - The practice of FinOps begins to emerge through early scalers in public cloud like Adobe and Intuit

    2017 - Many IT departments begin to use the cloud for limited use cases, but very few enterprises are all in the cloud

    2019 - Many companies begin moving to a cloud-first strategy, shifting IT spend from capital to operational expenditure (CapEx to OpEx), complicating cloud bills

    February 2019 - The FinOps Foundation is born out of Cloudability’s Customer Advisory Board meeting where many cloud practitioners discuss the need for a community of practitioners

    June 2020 - The FinOps Foundation merges with Linux Foundation and sets the standard for cloud financial management

    Sources: Carr, 2022; Linux Foundation, 2023, Storment & Fuller, 2023.

    The image contains a graph that demonstrates the increasing number of people listing FinOps as a skill.

    Where did the term come from?

    The term FinOps has risen in popularity over the last few years. Originally, organizations used the term cloud cost management, then cloud cost optimization, then more broadly, cloud financial management. The latter has now been largely replaced by FinOps.

    Why is FinOps so essential? (1/2)

    The shift from fixed to variable spend has changed the way organizations must manage and report on costs.

    In the traditional data center era:

    • The enterprise procured infrastructure through large capital refreshes of data center hardware.
    • Infrastructure teams tried their best to avoid running out of storage before the next hardware refresh. Equipment was intentionally oversized to accommodate unexpected growth.
    • IT teams would not worry about how much infrastructure resources they consumed, provided they stayed within planned capacity limits. If capacity ran low, resource usage would be adjusted.
    • The business might not like laying out large capital expenditures, but it had full visibility into the cost and got to approve spending in advance using financial controls.
    • Monthly costs were well-understood and monthly or infrequent reporting was acceptable because day-to-day costs did not vary.
    • Mature organizations might chargeback or showback costs to application teams based on number of virtual machines or other measures, but traditional on-premises chargeback wouldn't save money overall.

    Why is FinOps so essential? (2/2)

    The shift from fixed to variable spend has changed the way organizations must manage and report on costs.

    In the cloud era:

    • Infrastructure resources must no longer be provisioned in advance through spending capital budgets.
    • Capacity management isn’t a major concern. Spare capacity is always available, and savings can result from not paying for unnecessary capacity.
    • Cloud services often offer pay-as-you-go pricing models, allowing more control and flexibility to pay only for the resources you consume.
    • When services use more resources than they need, running costs increase. Cost reductions are realized through reducing the size of allocated resources.
    • The variable consumption model can reduce operating costs but can make budgeting and forecasting difficult. IT and the business can no longer predict what they will pay for infrastructure resources.
    • Billing is no longer straightforward and monthly. Resources are individually charged in micro amounts. Costs must be regularly reviewed as unexpected or forgotten resource usage can add up significantly.

    Managing cloud spend remains a challenge for many organizations

    Given the variable nature of cloud costs and complex pricing structures, it can be easy to overspend without mature FinOps processes in place. Indeed, 82% of organizations cite managing cloud spend as one of their top challenges.

    Respondents reported that public cloud spend was over budget by an average of 18%, up from 13% the previous year.

    Source: Flexera 2023 State of the Cloud Report, n=750

    Organization's top cloud challenges.

    While FinOps adoption has rapidly increased, maturity has not

    Most organizations understand the value of FinOps but are not mature in their practice.

    NetApp’s 2023 State of CloudOps Report found that:

    96% say FinOps is important to their cloud strategy

    9% have a mature FinOps practice

    92% report that they struggle with FinOps

    Source: NetApp, 2023 State of CloudOps Report, n=310 IT decision makers in the United States responsible for public cloud infrastructure investments.

    Flexera’s 2023 State of the Cloud report found that 72% of organizations have a dedicated FinOps team.

    Flexera’s annual report also found that year over year, cloud cost responsibilities are increasingly shifting away from Finance/Accounting and Vendor Management teams and over to FinOps teams as they emerge and mature.

    Source: Flexera, 2023 State of the Cloud Report, n=750 decision-makers and users around the world

    Develop a Security Operations Strategy

    • Buy Link or Shortcode: {j2store}264|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $79,249 Average $ Saved
    • member rating average days saved: 28 Average Days Saved
    • Parent Category Name: Security Processes & Operations
    • Parent Category Link: /security-processes-and-operations
    • There is an onslaught of security data – generating information in different formats, storing it in different places, and forwarding it to different locations.
    • The organization lacks a dedicated enterprise security team. There is limited resourcing available to begin or mature a security operations center.
    • Many organizations are developing ad hoc security capabilities that result in operational inefficiencies, the misalignment of resources, and the misuse of security technology investments.
    • It is difficult to communicate the value of a security operations program when trying to secure organizational buy-in to gain the appropriate resourcing.
    • There is limited communication between security functions due to a centralized security operations organizational structure.

    Our Advice

    Critical Insight

    1. Security operations is no longer a center, but a process. The need for a physical security hub has evolved into the virtual fusion of prevention, detection, analysis, and response efforts. When all four functions operate as a unified process, your organization will be able to proactively combat changes in the threat landscape.
    2. Functional threat intelligence is a prerequisite for effective security operations – without it, security operations will be inefficient and redundant. Eliminate false positives by contextualizing threat data, aligning intelligence with business objectives, and building processes to satisfy those objectives.
    3. If you are not communicating, you are not secure. Collaboration eliminates siloed decisions by connecting people, processes, and technologies. You leave less room for error, consume fewer resources, and improve operational efficiency with a transparent security operations process.

    Impact and Result

    • A unified security operations process actively transforms security events and threat information into actionable intelligence, driving security prevention, detection, analysis, and response processes, addressing the increasing sophistication of cyberthreats, and guiding continuous improvement.
    • This blueprint will walk through the steps of developing a flexible and systematic security operations program relevant to your organization.

    Develop a Security Operations Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should enhance your security operations program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess your current state

    Assess current prevention, detection, analysis, and response capabilities.

    • Develop a Security Operations Strategy – Phase 1: Assess Operational Requirements
    • Security Operations Preliminary Maturity Assessment Tool

    2. Develop maturity initiatives

    Design your optimized state of operations.

    • Develop a Security Operations Strategy – Phase 2: Develop Maturity Initiatives
    • Information Security Requirements Gathering Tool
    • Concept of Operations Maturity Assessment Tool

    3. Define operational interdependencies

    Identify opportunities for collaboration within your security program.

    • Develop a Security Operations Strategy – Phase 3: Define Operational Interdependencies
    • Security Operations RACI Chart & Program Plan
    • Security Operations Program Cadence Schedule Template
    • Security Operations Collaboration Plan
    • Security Operations Metrics Summary Document
    [infographic]

    Workshop: Develop a Security Operations Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess Operational Requirements

    The Purpose

    Determine current prevention, detection, analysis, and response capabilities, operational inefficiencies, and opportunities for improvement.

    Key Benefits Achieved

    Determine why you need a sound security operations program.

    Understand Info-Tech’s threat collaboration environment.

    Evaluate your current security operation’s functions and capabilities.

    Activities

    1.1 Understand the benefits of refining your security operations program.

    1.2 Gauge your current prevention, detection, analysis, and response capabilities.

    Outputs

    Security Operations Preliminary Maturity Assessment Tool

    2 Develop Maturity Initiatives

    The Purpose

    Begin developing and prioritizing gap initiatives in order to achieve the optimal state of operations.

    Key Benefits Achieved

    Establish your goals, obligations, scope, and boundaries.

    Assess your current state and define a target state.

    Develop and prioritize gap initiatives.

    Define the cost, effort, alignment, and security benefits of each initiative.

    Develop a security strategy operational roadmap.

    Activities

    2.1 Assess your current security goals, obligations, and scope.

    2.2 Design your ideal target state.

    2.3 Prioritize gap initiatives.

    Outputs

    Information Security Strategy Requirements Gathering Tool

    Security Operations Maturity Assessment Tool

    3 Define Operational Interdependencies

    The Purpose

    Identify opportunities for collaboration.

    Formalize your operational process flows.

    Develop a comprehensive and actionable measurement program.

    Key Benefits Achieved

    Understand the current security operations process flow.

    Define the security operations stakeholders and their respective deliverables.

    Formalize an internal information-sharing and collaboration plan.

    Activities

    3.1 Identify opportunities for collaboration.

    3.2 Formalize a security operations collaboration plan.

    3.3 Define operational roles and responsibilities.

    3.4 Develop a comprehensive measurement program.

    Outputs

    Security Operations RACI & Program Plan Tool

    Security Operations Collaboration Plan

    Security Operations Cadence Schedule Template

    Security Operations Metrics Summary

    Further reading

    INFO-TECH RESEARCH GROUP

    Develop a Security Operations Strategy

    Transition from a security operations center to a threat collaboration environment.

    Info-Tech Research Group, Inc. is a global leader in providing IT research and advice. Info-Tech’s products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns.
    © 1997-2017 Info-Tech Research Group Inc.

    ANALYST PERSPECTIVE

    “A reactive security operations program is no longer an option. The increasing sophistication of threats demands a streamlined yet adaptable mitigation and remediation process. Protect your assets by preparing for the inevitable; unify your prevention, detection, analysis, and response efforts and provide assurance to your stakeholders that you are making information security a top priority.”

    Phot of Edward Gray, Consulting Analyst, Security, Risk & Compliance, Info-Tech Research Group.

    Edward Gray,
    Consulting Analyst, Security, Risk & Compliance
    Info-Tech Research Group



    Our understanding of the problem

    This Research Is Designed For:
    • Chief Information Officer (CIO)
    • Chief Information Security Officer (CISO)
    • Chief Operating Officer (COO)
    • Security / IT Management
    • Security Operations Director / Security Operations Center (SOC)
    • Network Operations Director / Network Operations Center (NOC)
    • Systems Administrator
    • Threat Intelligence Staff
    • Security Operations Staff
    • Security Incident Responders
    • Vulnerability Management Staff
    • Patch Management
    This Research Will Help You:
    • Enhance your security program by implementing and streamlining next-generation security operations processes.
    • Increase organizational situational awareness through active collaboration between core threat teams, enriching internal security events with external threat intelligence and enhancing security controls.
    • Develop a comprehensive threat analysis and dissemination process: align people, process, and technology to scale security to threats.
    • Identify the appropriate technological and infrastructure-based sourcing decisions.
    • Design a step-by-step security operations implementation process.
    • Pursue continuous improvement: build a measurement program that actively evaluates program effectiveness.
    This Research Will Also Assist:
    • Board / Chief Executive Officer
    • Information Owners (Business Directors/VP)
    • Security Governance and Risk Management
    • Fraud Operations
    • Human Resources
    • Legal and Public Relations
    This Research Will Help Them
    • Aid decision making by staying abreast of cyberthreats that could impact the business.
    • Increase visibility into the organization’s threat landscape to identify likely targets or identify exposed vulnerabilities.
    • Ensure the business is compliant with regularity, legal, and/or compliance requirements.
    • Understand the value and return on investment of security operations offerings.

    Executive summary

    Situation

    • Current security practices are disjointed, operating independently with a wide variety of processes and tools to conduct incident response, network defense, and threat analysis. These disparate mitigations leave organizations vulnerable to the increasing number of malicious events.
    • Threat management has become resource intensive, requiring continuous monitoring, collection, and analysis of massive volumes of security event data, while juggling business, compliance, and consumer obligations.

    Complication

    • There is an onslaught of security data – generating information in different formats, storing it in different places, and forwarding it to different locations.
    • The organization lacks a dedicated enterprise security team. There is limited resourcing available to begin or mature a security operations center.
    • Many organizations are developing ad hoc security capabilities that result in operational inefficiencies, the misalignment of resources, and the misuse of their security technology investments.
    • It is difficult to communicate the value of a security operations program when trying to secure organizational buy-in to gain the appropriate resourcing.
    • There is limited communication between security functions due to a centralized security operations organizational structure.

    Resolution

    • A unified security operations process actively transforms security events and threat information into actionable intelligence, driving security prevention, detection, analysis, and response processes, addressing the increasing sophistication of cyberthreats, and guiding continuous improvement.
    • This blueprint will walk through the steps of developing a flexible and systematic security operations program relevant to your organization.

    Info-Tech Insight

    1. Security operations is no longer a center, but a process. The need for a physical security hub has evolved into the virtual fusion of prevention, detection, analysis, and response efforts. When all four functions operate as a unified process, your organization will be able to proactively combat changes in the threat landscape.
    2. Functional threat intelligence is a prerequisite for effective security operations – without it, security operations will be inefficient and redundant. Eliminate false positives by contextualizing threat data, aligning intelligence with business objectives, and building processes to satisfy those objectives.
    3. If you are not communicating, you are not secure. Collaboration eliminates siloed decisions by connecting people, processes, and technologies. You leave less room for error, consume fewer resources, and improve operational efficiency with a transparent security operations process.

    Data breaches are resulting in major costs across industries

    Horizontal bar chart of 'Per capita cost by industry classification of benchmarked companies', with the highest cost attributed to 'Health', 'Pharmaceutical', 'Financial', 'Energy', and 'Transportation'.

    Average data breach costs per compromised record hit an all-time high of $217 (in 2015); $74 is direct cost (e.g. legal fees, technology investment) and $143 is indirect cost (e.g. abnormal customer churn). (Source: Ponemon Institute, “2015 Cost of Data Breach Study: United States”)

    '% of systems impacted by a data breach', '1% No Impact', '19% 1-10% impacted', '41% 11-30% impacted', '24% 31-50% impacted', '15% more than 50% impacted
    Divider line.
    '% of customers lost from a data breach', '61% Lost <20%', '21% Lost 20-40%', '8% Lost 40-60%', '6% Lost 60-80%', '4% Lost 80-100%'.
    Divider line.
    '% of business opportunity lost from a data breach', '58% Lost <20%', '25% Lost 20-40%', '9% Lost, 40-60%', '5% Lost 60-80%', '4% Lost 80-100%'.
    (Source: The Network, “ Cisco 2017 Security Capabilities Benchmark Study”)

    Persistent issues

    • Organizational barriers separating prevention, detection, analysis, and response efforts.
      Siloed operations limit collaboration and internal knowledge sharing.
    • Lack of knowledgeable security staff.
      Human capital is transferrable between roles and functions and must be cross-trained to wear multiple hats.
    • Failure to evaluate and improve security operations.
      The effectiveness of operations must be frequently measured and (re)assessed through an iterative system of continuous improvement.
    • Lack of standardization.
      Pre-established use cases and policies outlining tier-1 operational efforts will eliminate ad hoc remediation efforts and streamline operations.
    • Failure to acknowledge the auditor as a customer.
      Many compliance and regulatory obligations require organizations to have comprehensive documentation of their security operations practices.

    60% Of organizations say security operation teams have little understanding of each other’s requirements.

    40% Of executives report that poor coordination leads to excessive labor and IT operational costs.

    38-100% Increase in efficiency after closing operational gaps with collaboration.
    (Source: Forbes, “The Game Plan for Closing the SecOps Gap”)

    The solution

    Bar chart of the 'Benefits of Internal Collaboration' with 'Increased Operational Efficiency' and 'Increased Problem Solving' having the highest percentage.

    “Empower a few administrators with the best information to enable fast, automated responses.”
    – Ismael Valenzuela, IR/Forensics Technical Practice Manager, Foundstone® Services, Intel Security)

    Insufficient security personnel resourcing has been identified as the most prevalent challenge in security operations…

    When an emergency security incident strikes, weak collaboration and poor coordination among critical business functions will magnify inefficiencies in the incident response (IR) process, impacting the organization’s ability to minimize damage and downtime.

    The solution: optimize your SOC. Info-Tech has seen SOCs with five analysts outperform SOCs with 25 analysts through tools and process optimization.

    Sources:
    Ponemon. "2016 State of Cybersecurity in Small & Medium-Sized Businesses (SMB).”
    Syngress. Designing and Building a Security Operations Center.

    Maintain a holistic security operations program

    Legacy security operations centers (SOCs) fail to address gaps between data sources, network controls, and human capital. There is limited visibility and collaboration between departments, resulting in siloed decisions that do not support the best interests of the organization.
    Venn diagram of 'Next-Gen Security Operations' with four intersecting circles: 'Prevent', 'Detect', 'Analyze', and 'Respond'.

    Security operations is part of what Info-Tech calls a threat collaboration environment, where members must actively collaborate to address cyberthreats affecting the organization’s brand, business operations, and technology infrastructure on a daily basis.

    Prevent: Defense in depth is the best approach to protect against unknown and unpredictable attacks. Diligent patching and vulnerability management, endpoint protection, and strong human-centric security (amongst other tactics) are essential. Detect: There are two types of companies – those who have been breached and know it and those who have been breached and don’t know it. Ensure that monitoring, logging, and event detection tools are in place and appropriate to your organizational needs
    Analyze: Raw data without interpretation cannot improve security and is a waste of time, money, and effort. Establish a tiered operational process that not only enriches data but also provides visibility into your threat landscape. Respond: Organizations can’t rely on an ad hoc response anymore – don’t wait until a state of panic. Formalize your response processes in a detailed incident runbook in order to reduce incident remediation time and effort.

    Info-Tech’s security operations blueprint ties together various initiatives

    Stock image 1.

    Design and Implement a Vulnerability Management Program

    Vulnerability Management
    Vulnerability management revolves around the identification, prioritization, and remediation of vulnerabilities. Vulnerability management teams hunt to identify which vulnerabilities need patching and remediating.
    Deliverables
    • Vulnerability Tracking Tool
    • Vulnerability Scanning Tool RFP Template
    • Penetration Test RFP Template
    • Vulnerability Mitigation Process Template
    Stock image 2.

    Integrate Threat Intelligence Into Your Security Operations

    Threat Intelligence
    Threat intelligence addresses the collection, analysis, and dissemination of external threat data. Analysts act as liaisons to their peers, publishing actionable threat alerts, reports, and briefings. Threat intelligence proactively monitors and identifies whether threat indicators are impacting your organization.
    • Maturity Assessment Tool
    • Threat Intelligence RACI Tool
    • Management Plan Template
    • Threat Intelligence Policy Template
    • Alert Template
    • Alert and Briefing Cadence Schedule
    Stock image 3.

    Develop Foundational Security Operations Processes

    Operations
    Security operations include the real-time monitoring and analysis of events based on the correlation of internal and external data sources. This also includes incident escalation based on impact. Analysts are constantly tuning and tweaking rules and reporting thresholds to further help identify which indicators are most impactful during the analysis phase of operations.
    • Maturity Assessment Tool
    • Event Prioritization Tool
    • Efficiency Calculator
    • SecOps Policy Template
    • In-House vs. Outsourcing Decision-Making Tool
    • SecOps RACI Tool
    • TCO & ROI Comparison Calculator
    Stock image 4.

    Develop and Implement a Security Incident Management Program

    Incident Response
    Effective and efficient management of incidents involves a formal process of analysis, containment, eradication, recovery, and post-incident activities. IR teams coordinate root-cause analysis and incident gathering while facilitating post-incident lessons learned. Incident response can provide valuable threat data that ties specific indicators to threat actors or campaigns.
    • Incident Management Policy
    • Maturity Assessment Tool
    • Incident Management RACI Tool
    • Incident Management Plan
    • Incident Runbook Prioritization Tool
    • Various Incident Management Runbooks

    This blueprint will…

    …better protect your organization with an interdependent and collaborative security operations program.

    Phase 01

    Assess your operational requirements.

    Phase 02

    Optimize and further mature your security operations processes

    Phase 3a

    Develop the process flow and specific interaction points between functions

    Phase 3b

    Test your current capabilities with a table top exercise
    Briefly assess your current prevention, detection, analysis, and response capabilities.
    Highlight operational weak spots that should be addressed before progressing.
    Develop a prioritized list of security-focused operational initiatives.
    Conduct a holistic analysis of your operational capabilities.
    Define the operational interaction points between security-focused operational departments.
    Document the results in comprehensive operational interaction agreement.
    Test your operational processes with Info-Tech’s security operations table-top exercise.

    Info-Tech integrates several best practices to create a best-of-breed security framework

    Legend for the 'Information Security Framework' identifying blue best practices as 'In Scope' and white best practices as 'Out of Scope'. Info-Tech's 'Information Security Framework' of best practices with two main categories 'Governance' and 'Management', each with subcategories such as 'Context & Leadership' and 'Prevention', each with a group of best practices color-coded to the associated legend identifying them as 'In Scope' or 'Out of Scope'.

    Benefits of a collaborative and integrated operations program

    Effective security operations management will help you do the following:

    • Improve efficacy
      Develop structured processes to automate activities and increase process consistency across the security program. Expose operational weak points and transition teams from firefighting to an innovator role.
    • Improve threat protection
      Enhance network controls through the hardening of perimeter defenses, an intelligence-driven analysis process, and a streamlined incident remediation process.
    • Improve visibility and information sharing
      Promote both internal and external information sharing to enable good decision making.
    • Create and clarify accountability and responsibility
      Security operations management practices will set a clear level of accountability throughout the security program and ensure role responsibility for all tasks and processes involved in service delivery.
    • Control security costs
      Security operations management is concerned with delivering promised services in the most efficient way possible. Good security operations management practices will provide insight into current costs across the organization and present opportunities for cost savings.
    • Identify opportunities for continuous improvement
      Increased visibility into current performance levels and the ability to accurately identify opportunities for continuous improvement.

    Impact

    Short term:

    • Streamlined security operations program development process.
    • Completed comprehensive list of operational gaps and initiatives.
    • Formalized and structured implementation process.
    • Standardized operational use cases that predefine necessary operational protocol.

    Long term:

    • Enhanced visibility into immediate threat environment.
    • Improved effectiveness of internal defensive controls.
    • Increased operational collaboration between prevention, detection, analysis, and response efforts.
    • Enhanced security pressure posture.
    • Improved communication with executives about relevant security risks to the business.

    Understand the cost of not having a suitable security operations program

    A practical approach, justifying the value of security operations, is to identify the assets at risk and calculate the cost to the company should the information assets be compromised (i.e. assess the damage an attacker could do to the business).

    Cost Structure Cost Estimation ($) for SMB
    (Small and medium-sized business)
    Cost Estimation ($) for LE
    (Large enterprise)
    Security controls Technology investment: software, hardware, facility, maintenance, etc.
    Cost of process implementation: incident response, CMBD, problem management, etc.
    Cost of resource: salary, training, recruiting, etc.
    $0-300K/year $200K-2M/year
    Security incidents
    (if no security control is in place)
    Explicit cost:
    1. Incident response cost:
      • Remediation costs
      • Productivity: (number of employees impacted) × (hours out) × (burdened hourly rate)
      • Extra professional services
      • Equipment rental, travel expenses, etc.
      • Compliance fine
      • Cost of notifying clients
    2. Revenue loss: direct loss, the impact of permanent loss of data, lost future revenues
    3. Financial performance: credit rating, stock price
      Hidden cost:
      • Reputation, customer loyalty, etc.
    $15K-650K/year $270K-11M/year

    Workshop Overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4 Workshop Day 5
    Activities
    • Kick-off and introductions.
    • High-level overview of weekly activities and outcomes.
    • Activity: Define workshop objectives and current state of knowledge.
    • Understand the threat collaboration environment.
    • Understand the benefits of an optimized security operations.
    • Activity: Review preliminary maturity level.
    • Activity: Assess current people, processes, and technology capabilities.
    • Activity: Assess workflow capabilities.
    • Activity: Begin deep-dive into maturity assessment tool.
    • Discuss strategies to enhance the analysis process (ticketing, automation, visualization, use cases, etc.).
    • Activity: Design ideal target state.
    • Activity: Identify security gaps.
    • Build initiatives to bridge the gaps.
    • Activity: Estimate the resources needed.
    • Activity: Prioritize gap initiatives.
    • Activity: Develop dashboarding and visualization metrics.
    • Activity: Plan for a transition with the security roadmap and action plan.
    • Activity: Define and assign tier 1, 2 & 3 SOC roles and responsibilities.
    • Activity: Assign roles and responsibilities for each security operations initiative.
    • Activity: Develop a comprehensive measurement program.
    • Activity: Develop specific runbooks for your top-priority incidents (e.g. ransomware).
      • Detect the incident.
      • Analyze the incident.
      • Contain the incident.
      • Eradicate the root cause.
      • Recover from the incident.
      • Conduct post-incident analysis and communication.
    • Activity:Conduct attack campaign simulation.
    • Finalize main deliverables.
    • Schedule feedback call.
    Deliverables
    1. Security Operations Maturity Assessment Tool
    1. Target State and Gap Analysis (Security Operations Maturity Assessment Tool)
    1. Security Operations Role & Process Design
    2. Security Operations RACI Chart
    3. Security Operations Metrics Summary
    4. Security Operations Phishing Process Runbook
    5. Attack Campaign Simulation PowerPoint

    All Final Deliverables

    Develop a Security Operations Strategy

    PHASE 1

    Assess Operational Requirements

    1

    Assess Operational Requirements

    2

    Develop Maturity Initiatives

    3

    Define Interdependencies

    This step will walk you through the following activities:

    • Determine why you need a sound security operations program.
    • Understand Info-Tech’s threat collaboration environment.
    • Evaluate your current security operation’s functions and capabilities.

    Outcomes of this step

    • A defined scope and motive for completing this project.
    • Insight into your current security operations capabilities.
    • A prioritized list of security operations initiatives based on maturity level.

    Info-Tech Insight

    Security operations is no longer a center, but a process. The need for a physical security hub has evolved into the virtual fusion of prevention, detection, analysis, and response efforts. When all four functions operate as a unified process, your organization will be able to proactively combat changes in the threat landscape.

    Warm-up exercise: Why build a security operations program?

    Estimated time to completion: 30 minutes

    Discussion: Why are we pursuing this project?

    What are the objectives for optimizing and developing sound security operations?

    Stakeholders Required:

    • Key business executives
    • IT leaders
    • Security operations team members

    Resources Required

    • Sticky notes
    • Whiteboard
    • Dry-erase markers
    1. Briefly define the scope of security operations
      What people, processes, and technology fall within the security operations umbrella?
    2. Brainstorm the implications of not acting
      What does the status quo have in store? What are the potential risks?
    3. Define the goals of the project
      Clarify from the outset: what exactly do you want to accomplish from this project?
    4. Prioritize all brainstormed goals
      Classify the goals based on relevant prioritization criteria, e.g. urgency, impact, cost.

    Info-Tech Best Practice

    Don’t develop a security operations program with the objective of zero incidents. This reliance on prevention results in over-engineered security solutions that cost more than the assets being protected.

    Decentralizing the SOC: Security as a function

    Before you begin, remember that no two security operation programs are the same. While the end goal may be similar, the threat landscape, risk tolerance, and organizational requirements will differ from any other SOC. Determine what your DNA looks like before you begin to protect it.

    Security operations must provide several fundamental functions:
    • Real-time monitoring, detecting, and triaging of data from both internal and external sources.
    • In-depth analysis of indicators and incidents, leveraging malware analysis, correlation and rule tweaking, and forensics and eDiscovery techniques.
    • Network/host scanning and vulnerability patch management.
    • Incident response, remediation, and reporting. Security operations must disseminate appropriate information/intelligence to relevant stakeholders.
    • Comprehensive logging and ticketing capabilities that document and communicate events throughout the threat collaboration environment.
    • Tuning and tweaking of technologies to ingest collected data and enhance the analysis process.
    • Enhance overall organizational situational awareness by reporting on security trends, escalating incidents, and sharing adversary tools, tactics, and procedures.
    Venn diagram of 'Security Operations' with four intersecting circles: 'Prevent', 'Detect', 'Analyze', and 'Respond'.
    At its core, a security operations program is responsible for the prevention, detection, analysis, and response of security events.

    Optimized security operations can seamlessly integrate threat and incident management processes with monitoring and compliance workflows and resources. This integration unlocks efficiency.

    Understand the levels of security operations

    Take the time to map out what you need and where you should go. Security operations has to be more than just monitoring events – there must be a structured program.

    Foundational Arrow with a plus sign pointing right. Operational Arrow with a plus sign pointing right. Strategic
    • Intrusion Detection Management
    • Active Device and Event Monitoring
    • Log Collection and Retention
    • Reporting and Escalation Management
    • Incident Management
    • Audit Compliance
    • Vendor Management
    • Ticketing Processes
    • Packet Capture and Analysis
    • SIEM
    • Firewall
    • Antivirus
    • Patch Management
    • Event Analysis and Incident Triage
    • Security Log Management
    • Vulnerability Management
    • Host Hardening
    • Static Malware Analysis
    • Identity and Access Management
    • Change Management
    • Endpoint Management
    • Business Continuity Management
    • Encryption Management
    • Cloud Security (if applicable)
    • SIEM with Defined Use Cases
    • Big Data Security Analytics
    • Threat Intelligence
    • Network Flow Analysis
    • VPN Anomaly Detection
    • Dynamic Malware Analysis
    • Use-Case Management
    • Feedback and Continuous Improvement Management
    • Visualization and Dashboarding
    • Knowledge Portal Ticket Documentation
    • Advanced Threat Hunting
    • Control and Process Automation
    • eDiscovery and Forensics
    • Risk Management
    ——Security Operations Capabilities—–›

    Understand security operations: Establish a unified threat collaboration environment

    Stock image 1.

    Design and Implement a Vulnerability Management Program

    Security operations is part of what Info-Tech calls a threat collaboration environment, where members must actively collaborate to address threats impacting the organization’s brand, operations, and technology infrastructure.
    • Managing incident escalation and response.
    • Coordinating root-cause analysis and incident gathering.
    • Facilitating post-incident lessons learned.
    • Managing system patching and risk acceptance.
    • Conducting vulnerability assessment and penetration testing.
    • Monitoring in real-time and triaging of events.
    • Escalating events to incident management team.
    • Tuning and tweaking rules and reporting thresholds.
    • Gathering and analyzing external threat data.
    • Liaising with peers, industry, and government.
    • Publishing threat alerts, reports, and briefings.

    Info-Tech Best Practice

    Ensure that information flows freely throughout the threat collaboration environment – each function should serve to feed and enhance the next.

    Stock image 2.

    Integrate Threat Intelligence Into Your Security Operations

    Stock image 3.

    Develop Foundational Security Operations Processes

    Stock image 4.

    Develop and Implement a Security Incident Management Program

    The threat collaboration environment is comprised of three core elements

    Info-Tech Insight

    The value of a SOC can be achieved with fewer prerequisites than you think. While it is difficult to cut back on process and technology requirements, human capital is transferrable between roles and functions and can be cross-trained to satisfy operational gaps.

    Three hexes fitting together with the words 'People', 'Process', and 'Technology'. People. Effective human capital is fundamental to establishing an efficient security operations program, and if enabled correctly, can be the driving factor behind successful process optimization. Ensure you address several critical human capital components:
    • Who is responsible for each respective threat collaboration environment function?
    • What are the required operational roles, responsibilities, and competencies for each employee?
    • Are there formalized training procedures to onboard new employees?
    • Is there an established knowledge transfer and management program?
    Processes. Formal and informal mechanisms that bridge security throughout the collaboration environment and organization at large. Ask yourself:
    • Are there defined runbooks that clearly outline critical operational procedures and guidelines?
    • Is there a defined escalation protocol to transfer knowledge and share threats internally?
    • Is there a defined reporting procedure to share intelligence externally?
    • Are there formal and accessible policies for each respective security operations function?
    • Is there a defined measurement program to report on the performance of security operations?
    • Is there a continuous improvement program in place for all security operations functions?
    • Is there a defined operational vendor management program?
    Technology. The composition of all infrastructure, systems, controls, and tools that enable processes and people to operate and collaborate more efficiently. Determine:
    • Are the appropriate controls implemented to effectively prevent, detect, analyze, and remediate threats? Is each control documented with an assigned asset owner?
    • Can a solution integrate with existing controls? If so, to what extent?
    • Is there a centralized log aggregation tool such as a SIEM?
    • What is the operational cost to effectively manage each control?
    • Is the control the most up-to-date version? Have the most recent patches and configuration changes been applied? Can it be consolidated with or replaced by another control?

    Conduct a preliminary maturity assessment before tackling this project

    Stock image 1.

    Design and Implement a Vulnerability Management Program

    Sample of Info-Tech's Security Operations Preliminary Maturity Assessment

    At a high level, assess your organization’s operational maturity in each of the threat collaboration environment functions. Determine whether the foundational processes exist in order to mature and streamline your security operations.

    Stock image 2.

    Integrate Threat Intelligence Into Your Security Operations

    Stock image 3.

    Develop Foundational Security Operations Processes

    Stock image 4.

    Develop and Implement a Security Incident Management Program

    Assess the current maturity of your security operations program

    Prioritize the component most important to the development of your security operations program.

    Screenshot of a table from the Security Operations Preliminary Maturity Assessment presenting the 'Impact Sub-Weightings' of 'People', 'Process', 'Technology', and 'Policy'.
    Screenshot of a table from the Security Operations Preliminary Maturity Assessment assessing the 'Current State' and 'Target State' of different 'Security Capabilities'.
    Each “security capability” covers a component of the overarching “security function.” Assign a current and target maturity score to each respective security capability. (Note: The CMMI maturity scores are further explained on the following slide.) Document any/all comments for future Info-Tech analyst discussions.

    Assign each security capability a reflective and desired maturity score.

    Your current and target state maturity will be determined using the capability maturity model integration (CMMI) scale. Ensure that all participants understand the 1-5 scale.
    Two-way vertical arrow colored blue at the top and green at the bottom. Ad Hoc
    1 Arrow pointing right. Initial/Ad Hoc: Activity is not well defined and is ad hoc, e.g. no formal roles or responsibilities exist, de facto standards are followed on an individual-by-individual basis.
    2 Arrow pointing right. Developing: Activity is established and there is moderate adherence to its execution, e.g. while no formal policies have been documented, content management is occurring implicitly or on an individual-by-individual basis.
    3 Arrow pointing right. Defined: Activity is formally established, documented, repeatable, and integrated with other phases of the process, e.g. roles and responsibilities have been defined and documented in an accessible policy, however, metrics are not actively monitored and managed.
    4 Arrow pointing right. Managed and Measurable: Activity execution is tracked by gathering qualitative and quantitative feedback, e.g. metrics have been established to monitor the effectiveness of tier-1 SOC analysts.
    5 Arrow pointing right. Optimized: Qualitative and quantitative feedback is used to continually improve the execution of the activity, e.g. the organization is an industry leader in the respective field; research and development efforts are allocated in order to continuously explore more efficient methods of accomplishing the task at hand.
    Optimized

    Notes: Info-Tech seldom sees a client achieve a CMMI score of 4 or 5. To achieve a state of optimization there must be a subsequent trade-off elsewhere. As such, we recommend that organizations strive for a CMMI score of 3 or 4.

    Ensure that your threat collaboration environment is of a sufficient maturity before progressing

    Example report card from the maturity assessment. Functions are color-coded green, yellow, and red. Review the report cards for each of the respective threat collaboration environment functions.
    • A green function indicates that you have exceeded the operational requirements to proceed with the security operations initiative.
    • A yellow function indicates that your maturity score is below the recommended threshold; Info-Tech advises revisiting the attached blueprint. In the instance of a one-off case, the client can proceed with this security operations initiative.
    • A red function indicates that your maturity score is well below the recommended threshold; Info-Tech strongly advises to not proceed with the security operations initiative. Revisit the recommended blueprint and further mature the specific function.

    Are you ready to move on to the next phase?

    Self-Assessment Questions

    • Have you clearly defined the rationale for refining your security operations program?
    • Have you clearly defined and prioritized the goals and outcomes of optimizing your security operations program?
    • Have you assessed your respective people, process, and technological capabilities?
    • Have you completed the Security Operations Preliminary Maturity Assessment Tool?
    • Were all threat collaboration environment functions of a sufficient maturity level?

    If you answered “yes” to the questions, then you are ready to move on to Phase 2: Develop Maturity Initiatives

    Develop a Security Operations Strategy

    PHASE 2

    Develop Maturity Initiatives

    1

    Assess Operational Requirements

    2

    Develop Maturity Initiatives

    3

    Define Interdependencies

    This step will walk you through the following activities:

    • Establish your goals, obligations, scope, and boundaries.
    • Assess your current state and define a target state.
    • Develop and prioritize gap initiatives.
    • Define cost, effort, alignment, and security benefit of each initiative.
    • Develop a security strategy operational roadmap.

    Outcomes of this step

    • A formalized understanding of your business, customer, and regulatory obligations.
    • A comprehensive current and target state assessment.
    • A succinct and consolidated list of gap initiatives that will collectively achieve your target state.
    • A formally documented set of estimated priority variables (cost, effort, business alignment).
    • A fully prioritized security roadmap that is in alignment with business goals and informed by the organization’s needs and limitations.

    Info-Tech Insight

    Functional threat intelligence is a prerequisite for effective security operations – without it, security operations will be inefficient and redundant. Eliminate false positives by contextualizing threat data, aligning intelligence with business objectives, and building processes to satisfy those objectives

    Align your security operations program with corporate goals and obligations

    A common challenge for security leaders is learning to express their initiatives in terms that are meaningful to business executives.

    Frame the importance of your security operations program to
    align with that of the decision makers’ over-arching strategy.

    Oftentimes resourcing and funding is dependent on the
    alignment of security initiatives to business objectives.

    Corporate goals and objectives can be categorized into three major buckets:
    1. BUSINESS OBLIGATIONS
      The primary goals and functions of the organization at large. Examples include customer retention, growth, innovation, customer experience, etc.
    2. CONSUMER OBLIGATIONS
      The needs and demands of internal and external stakeholders. Examples include ease of use (external), data protection (external), offsite access (internal), etc.
    3. COMPLIANCE OBLIGATIONS
      The requirements of the organization to comply with mandatory and/or voluntary standards. Examples include HIPAA, PIPEDA, ISO 27001, etc.
    *Do not approach the above list with a security mindset – take a business perspective and align your security efforts accordingly.

    Info-Tech Best Practice

    Developing a security operations strategy is a proactive activity that enables you to get in front of any upcoming business projects or industry trends rather than having to respond reactively later on. Consider as many foreseeable variables as possible!

    Determine your security operations program scope and boundaries

    It is important to define all security-related areas of responsibility. Upon completion you should clearly understand what you are trying to secure.

    Ask yourself:
    Where does the onus of responsibility stop?

    The organizational scope and boundaries and can be categorized into four major buckets:
    1. PHYSICAL SCOPE
      The physical locations that the security operations program is responsible for. Examples include office locations, remote access, clients/vendors, etc.
    2. IT SYSTEMS
      The network systems that must be protected by the security operations program. Examples include fully owned systems, IaaS, PaaS, remotely hosted SaaS, etc.
    3. ORGANIZATIONAL SCOPE
      The business units, departments, or divisions that will be affected by the security operations program. Examples include user groups, departments, subsidiaries, etc.
    4. DATA SCOPE
      The data types that the business handles and the privacy/criticality level of each. Examples include top secret, confidential, private, public, etc.

    This also includes what is not within scope. For some outsourced services or locations you may not be responsible for security. For some business departments you may not have control of security processes. Ensure that it is made explicit at the outset, what will be included and what will be excluded from security considerations.

    Reference Info-Tech’s security strategy: goals, obligations, and scope activities

    Explicitly understanding how security aligns with the core business mission is critical for having a strategic plan and fulfilling the role of business enabler.

    Download and complete the information security goals, obligations and scope activities (Section 1.3) within the Info-Tech security strategy research publication. If previously completed, take the time to review your results.

    GOALS and OBLIGATIONS
    Proceed through each slide and brainstorm the ways that security operations supports business, customer, and compliance needs.

    Goals & Obligations
    Screenshots of slides from the information security goals, obligations and scope activities (Section 1.3) within the Info-Tech security strategy research publication.

    PROGRAM SCOPE & BOUNDARIES
    Assess your current organizational environment. Document current IT systems, critical data, physical environments, and departmental divisions.

    If a well-defined corporate strategy does not exist, these questions can help pinpoint objectives:

    • What is the message being delivered by the CEO?
    • What are the main themes of investments and projects?
    • What are the senior leaders measured on?
    Program Scope & Boundaries
    Screenshots of slides from the information security goals, obligations and scope activities (Section 1.3) within the Info-Tech security strategy research publication.

    INFO-TECH OPPORTUNITY

    For more information on how to complete the goals & obligations activity please reference Section 1.3 of Info-Tech’s Build an Information Security Strategy blueprint.

    Complete the Information Security Requirements Gathering Tool

    On tab 1. Goals and Obligations:
    • Document all business, customer, and compliance obligations. Ensure that each item is reflective of the over-arching business strategy and is not security focused.
    • In the second column, identify the corresponding security initiative that supports the obligation.
    Screenshot from tab 1 of Info-Tech's Information Security Requirements Gathering Tool. Columns are 'Business obligations', 'Security obligations to support the business (optional)', and 'Notes'.
    On tab 2. Scope and Boundaries:
    • Record all details for what is in and out of scope from physical, IT, organizational, and data perspectives.
    • Complete the affiliated columns for a comprehensive scope assessment.
    • As a discussion guide, refer to the considerations slides prior to this in phase 1.3.
    Screenshot from tab 2 of Info-Tech's Information Security Requirements Gathering Tool. Title is 'Physical Scope', Columns are 'Environment Name', 'Highest data criticality here', 'Is this in scope of the security strategy?', 'Are we accountable for security here?', and 'Notes'.
    For the purpose of this security operations initiative please IGNORE the risk tolerance activities on tab 3.

    Info-Tech Best Practice

    A common challenge for security leaders is expressing their initiatives in terms that are meaningful to business executives. This exercise helps make explicit the link between what the business cares about and what security is trying to do.

    Conduct a comprehensive security operations maturity assessment

    The following slides will walk you through the process below.

    Define your current and target state

    Self-assess your current security operations capabilities and determine your intended state.

    Create your gap initiatives

    Determine the operational processes that must be completed in order to achieve the target state.

    Prioritize your initiatives

    Define your prioritization criteria (cost, effort, alignment, security benefit) based on your organization

    Build a Gantt chart for your upcoming initiatives
    The final output will be a Gantt to action your prioritized initiatives

    Info-Tech Insight

    Progressive improvements provide the most value to IT and your organization. Leaping from pre-foundation to complete optimization is an ineffective goal. Systematic improvements to your security performance delivers value to your organization, each step along the way.

    Optimize your security operations workflow

    Info-Tech consulted various industry experts and consolidated their optimization advice.

    Dashboards: Centralized visibility, threat analytics, and orchestration enable faster threat detection with fewer resources.

    Adding more controls to a network never increases resiliency. Identify technological overlaps and eliminate unnecessary costs.

    Automation: There is shortfall in human capital in contrast to the required tools and processes. Automate the more trivial processes.

    SOCs with 900 employees are just as efficient as those with 35-40. There is an evident tipping point in marginal value.

    There are no plug-and-play technological solutions – each is accompanied by a growing pain and an affiliated human capital cost.

    Planning: Narrow the scope of operations to focus on protecting assets of value.

    Cross-train employees throughout different silos. Enable them to wear multiple hats.

    Practice: None of the processes happen in a vacuum. Make the most of tabletop exercises and other training exercises.

    Define appropriate use cases and explicitly state threat escalation protocol. Focus on automating the tier-1 analyst role.

    Self-assess your current-state capabilities and determine the appropriate target state

    1. Review:
    The heading in blue is the security domain, light blue is the subdomain and white is the specific control.
    2. Determine and Record:
    Ask participants to identify your organization’s current maturity level for each control. Next, determine a target maturity level that meets the requirements of the area (requirements should reflect the goals and obligations defined earlier).
    3.
    In small groups, have participants answer “what is required to achieve the target state?” Not all current/target state gaps will require additional description, explanation, or an associated imitative. You can generate one initiative that may apply to multiple line items.

    Screenshot of a table for assessing the current and target states of capabilities.

    Info-Tech Best Practice

    When customizing your gap initiatives consider your organizational requirements and scope while remaining realistic. Below is an example of lofty vs. realistic initiatives:
    Lofty: Perform thorough, manual security analysis. Realistic: Leverage our SIEM platform to perform more automated security analysis through the use of log information.

    Consolidate related gap initiatives to simplify and streamline your roadmap

    Identify areas of commonality between gap initiative in order to effectively and efficiently implement your new initiatives.

    Steps:
    1. After reviewing and documenting initiatives for each security control, begin sorting controls by commonality, where resources can be shared, or similar end goals and actions. Begin by copying all initiatives from tab 2. Current State Assessment into tab 5. Initiative List of the Security Operations Maturity Assessment Tool and then consolidating them.
    2. Initiatives Consolidated Initiatives
      Document data classification and handling in AUP —› Document data classification and handling in AUP Keep urgent or exceptional initiatives separate so they can be addressed appropriately.
      Document removable media in AUP —› Define and document an Acceptable Use Policy Other similar or related initiatives can be consolidated into one item.
      Document BYOD and mobile devices in AUP —›
      Document company assets in Acceptable Use Policy (AUP) —›

    3. Review grouped initiatives and identify specific initiatives should be broken out and defined separately.
    4. Record your consolidated gap initiatives in the Security Operations Maturity Assessment Tool, tab 6. Initiative Prioritization.

    Understand your organizational maturity gap

    After inputting your current and target scores and defining your gap initiatives in tab 2, review tab 3. Current Maturity and tab 4. Maturity Gap in Info-Tech’s Security Operations Maturity Assessment Tool.

    Automatically built charts and tables provide a clear visualization of your current maturity.

    Presenting these figures to stakeholders and management can help visually draw attention to high-priority areas and contextualize the gap initiatives for which you will be seeking support.

    Screenshot of tabs 3 and 4 from Info-Tech's Security Operations Maturity Assessment Tool. Bar charts titled 'Planning and Direction', 'Vulnerability Management', 'Threat Intelligence', and 'Security Maturity Level Gap Analysis'.

    Info-Tech Best Practice

    Communicate the value of future security projects to stakeholders by copying relevant charts and tables into an executive stakeholder communication presentation (ask an Info-Tech representative for further information).

    Define cost, effort, alignment, and security benefit

    Define low, medium, and high resource allocation, and other variables for your gap initiatives in the Concept of Operations Maturity Assessment Tool. These variables include:
    1. Define initial cost. One-time, upfront capital investments. The low cut-off would be a project that can be approved with little to no oversight. Whereas the high cut-off would be a project that requires a major approval or a formal capital investment request. Initial cost covers items such as appliance cost, installation, project based consulting fees, etc.
    2. Define ongoing cost. This includes any annually recurring operating expenses that are new budgetary costs, e.g. licensing or rental costs. Do not account for FTE employee costs. Generally speaking you can take 20-25% of initial cost as ongoing cost for maintenance and service.
    3. Define initial staffing in hours. This is total time in hours required to complete a project. Note: It is not total elapsed time, but dedicated time. Consider time required to research, document, implement, review, set up, fine tune, etc. Consider all staff hours required (2 staff at 8 hours means 16 hours total).
    4. Define ongoing staffing in hours. This is the ongoing average hours per week required to support that initiative. This covers all operations, maintenance, review, and support for the initiative. Some initiatives will have a week time commitment (e.g. perform a vulnerability scan using our tool once a week) versus others that may have monthly, quarterly, or annual time commitments that need to averaged out per week (e.g. perform annual security review requiring 0.4 hours/week (20 hours total based on 50 working weeks per year).
    Table relating the four definitions on the left, 'Initial Cost', 'Ongoing Cost (annual)', 'Initial Staffing in Hours', and 'Ongoing Staffing in Hours/Week'. Each row header is a definition and has four sub-rows 'High', 'Medium', 'Low', and 'Zero'.

    Info-Tech Best Practice

    When considering these parameters, aim to use already existing resource allocations.

    For example, if there is a dollar value that would require you to seek approval for an expense, this might be the difference between a medium and a high cost category.

    Define cost, effort, alignment, and security benefit

    1. Define Alignment with Business. This variable is meant to capture how well the gap initiative aligns with organizational goals and objectives. For example, something with high alignment usually can be tied to a specific organization initiative and will receive senior management support. You can either:
      • Set low, medium, and high based on levels of support the organization will provide (e.g. High – senior management support, Medium – VP/business unit head support, IT support only)
      • Attribute specific corporate goals or initiatives to the gap initiative (e.g. High – directly supports a customer requirement/key contract requirement; Medium – indirectly support customer requirement/key contract OR enables remote workforce; Low – security best practice).
    2. Define Security Benefit. This variable is meant to capture the relative security benefit or risk reduction being provided by the gap initiative. This can be represented through a variety of factors, such as:
      • Reduces compliance or regulatory risk by meeting a control requirement
      • Reduces availability and operational risk
      • Implements a non-existent control
      • Secures high-criticality data
      • Secures at-risk end users
    Table relating the two definitions on the left, 'Alignment with Business', and 'Security Benefit'. Each row header is a definition and has three sub-rows 'High', 'Medium', and 'Low'.

    Info-Tech Best Practice

    Make sure you consider the value of AND/OR. For either alignment with business or security benefit, the use of AND/OR can become useful thresholds to rank similar importance but different value initiatives.

    Example: with alignment with business, an initiative can indirectly support a key compliance requirement OR meet a key corporate goal.

    Info-Tech Insight

    You cannot do everything – and you probably wouldn’t want to. Make educated decisions about which projects are most important and why.

    Apply your variable criteria to your initiatives

    Identify easy-win tasks and high-value projects worth fighting for.
    Categorize the Initiative
    Select the gap initiative type from the down list. Each category (Must, Should, Could, and Won’t) is considered to be an “execution wave.” There is also a specific order of operations within each wave. Based on dependencies and order of importance, you will execute on some “must-do” items before others.
    Assign Criteria
    For each gap initiative, evaluate it based on your previously defined parameters for each variable.
    • Cost – initial and ongoing
    • Staffing – initial and ongoing
    • Alignment with business
    • Security benefit
    Overall Cost/Effort Rating
    An automatically generated score between 0 and 12. The higher the score attached to the initiative, the more effort required. The must-do, low-scoring items are quick wins and must be prioritized first.
    Screenshot of a table from Info-Tech's Concept of Operations Maturity Assessment Tool with all of the previous table row headers as column headers.

    A financial services organization defined its target security state and created an execution plan

    CASE STUDY
    Industry: Financial Services | Source: Info-Tech Research Group
    Framework Components
    Security Domains & Accompanied Initiatives
    (A portion of completed domains and initiatives)
    CSC began by creating over 100 gap initiatives across Info-Tech’s seven security domains.
    Current-State Assessment Context & Leadership Compliance, Audit & Review Security Prevention
    Gap Initiatives Created 12
    Initiatives
    14
    Initiatives
    45
    Initiatives
    Gap Initiative Prioritization
    Planned Initiative(s)* Initial Cost Ongoing Cost Initial Staffing Ongoing Staffing
    Document Charter Low - ‹$5K Low - ‹$1K Low - ‹1d Low - ‹2 Hour
    Document RACI Low - ‹$5K Low - ‹$1K Low - ‹1d Low - ‹2 Hour
    Expand IR processes Medium - $5K-$50K Low - ‹$1K High - ›2w Low - ‹2 Hour
    Investigate Threat Intel Low - ‹$5K Low - ‹$1K Medium - 1-10d Low - ‹2 Hour
    CSC’s defined low, medium, and high for cost and staffing are specific to the organization.

    CSC then consolidated its initiatives to create less than 60 concise tasks.

    *Initiatives and variables have been changed or modified to maintain anonymity

    Review your prioritized security roadmap

    Review the final Gantt chart to review the expected start and end dates for your security initiatives as part of your roadmap.

    In the Gantt chart, go through each wave in sequence and determine the planned start date and planned duration for each gap initiative. As you populate the planned start dates, take into consideration the resource constraints or dependencies for each project. Go back and revise the granular execution wave to resolve any conflicts you find.

    Screenshot of a 'Gantt Chart for Initiatives', a table with planned and actual start times and durations for each initiative, and beside it a roadmap with the dates from the Gantt chart plugged in.
    Review considerations
    • Does this roadmap make sense for our organization?
    • Do we focus too much on one quarter over others?
    • Will the business be going through any significant changes during the upcoming years that will directly impact this project?
    This is a living management document
    • You can use the same process on a per-case basis to decide where this new project falls in the priority list, and then add it to your Gantt chart.
    • As you make progress, check items off of the list, and periodically use this chart to retroactively update your progress towards achieving your overall target state.

    Consult an Info-Tech Analyst

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    Onsite workshops offer an easy way to accelerate your project. If a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to successfully complete your project.
    Photo of TJ Minichillo, Senior Director – Security, Risk & Compliance, Info-Tech Research Group. TJ Minichillo
    Senior Director – Security, Risk & Compliance
    Info-Tech Research Group
    Edward Gray, Consulting Analyst – Security, Risk & Compliance, Info-Tech Research Group. Edward Gray
    Consulting Analyst – Security, Risk & Compliance
    Info-Tech Research Group
    Photo of Celine Gravelines, Research Manager – Security, Risk & Compliance, Info-Tech Research Group. Celine Gravelines
    Research Manager – Security, Risk & Compliance
    Info-Tech Research Group
    If you are not communicating, then you are not secure.

    Call 1-888-670-8889 or email workshops@infotech.com for more information.

    Are you ready to move on to the next phase?

    Self-Assessment Questions

    • Have you identified your organization’s corporate goals along with your obligations?
    • Have you defined the scope and boundaries of your security program?
    • Have you determined your organization’s risk tolerance level?
    • Have you considered threat types your organization may face?
    • Are the above answers documented in the Security Requirements Gathering Tool?
    • Have you defined your maturity for both your current and target state?
    • Do you have clearly defined initiatives that would bridge the gap between your current and target state?
    • Are each of the initiatives independent, specific, and relevant to the associated control?
    • Have you indicated any dependencies between your initiatives?
    • Have you consolidated your gap initiatives?
    • Have you defined the parameters for each of the prioritization variables (cost, effort, alignment, and security benefit)?
    • Have you applied prioritization parameters to each consolidated initiative?
    • Have you recorded your final prioritized roadmap in the Gantt chart tab?
    • Have you reviewed your final Gantt chart to ensure it aligns to your security requirements?

    If you answered “yes” to the questions, then you are ready to move on to Phase 3: Define Operational Interdependencies

    Develop a Security Operations Strategy

    PHASE 3

    Define Operational Interdependencies

    1

    Assess Operational Requirements

    2

    Develop Maturity Initiatives

    3

    Define Interdependencies

    This step will walk you through the following activities:

    • Understand the current security operations process flow.
    • Define the security operations stakeholders and their respective deliverables.
    • Formalize an internal information sharing and collaboration plan.

    Outcomes of this step

    • A formalized security operations interaction agreement.
    • A security operations service and product catalog.
    • A structured operations collection plan.

    Info-Tech Insight

    If you are not communicating, you are not secure. Collaboration eliminates siloed decisions by connecting people, processes, and technologies. You leave less room for error, consume fewer resources, and improve operational efficiency with a transparent security operations process.

    Tie everything together with collaboration

    If you are not communicating, you are not secure. Collaboration eliminates siloed decisions by connecting people, processes, and technologies. You leave less room for error, consume fewer resources, and improve operational efficiency with a transparent security operations process.

    Define Strategic Needs and Requirements Participate in Information Sharing Communicate Clearly
    • Establish a channel to communicate management needs and requirements and define important workflow activities. Focus on operationalizing those components.
    • Establish a feedback loop to ensure your actions satisfied management’s criteria.
    • Consolidate critical security data within a centralized portal that is accessible throughout the threat collaboration environment, reducing the human capital resources required to manage that data.
    • Participate in external information sharing groups such as ISACs. Intelligence collaboration allows organizations to band together to decrease risk and protect one another from threat actors.
    • Disseminate relevant information in clear and succinct alerts, reports, or briefings.
    • Security operations analysts must be able to translate important technical security issues and provide in-depth strategic insights.
    • Define your audience before presenting information; various stakeholders will interpret information differently. You must present it in a format that appeals to their interests.
    • Be transparent in your communications. Holding back information will only serve to alienate groups and hinder critical business decisions.

    Info-Tech Best Practice

    Simple collaborative activities, such as a biweekly meeting, can unite prevention, detection, analysis, and response teams to help prevent siloed decision making.

    Understand the security operations process flow

    Process standardization and automation is critical to the effectiveness of security operations.

    Process flow for security operations with column headers 'Monitoring', 'Preliminary Analysis (Tier 1)', 'Triage', 'Investigation & Analysis (Tier 2)', 'Response', and 'Advanced Threat Detection (Tier 3)'. All processes begin with elements in the 'Monitoring' column and end up at 'Visualization & Dashboarding'.

    Document your security operations’ capabilities and tasks

    Table of capabilities and tasks for security operations.
    Document your security operations’ functional capabilities and operational tasks to satisfy each capability. What resources will you leverage to complete the specific task/capability? Identify your internal and external collection sources to satisfy the individual requirement. Identify the affiliated product, service, or output generated from the task/capability. Determine your escalation protocol. Who are the stakeholders you will be sharing this information with?
    Capabilities

    The major responsibilities of a specific function. These are the high-level processes that are expected to be completed by the affiliated employees and/or stakeholders.

    Tasks

    The specific and granular tasks that need to be completed in order to satisfy a portion of or the entire capability.

    Download Info-Tech’s Security Operations RACI Chart & Program Plan.

    Convert your results into actionable process flowcharts

    Map each functional task or capability into a visual process-flow diagram.

    • The title should reflect the respective capability and product output.
    • List all involved stakeholders (inputs and threat escalation protocol) along the left side.
    • Ensure all relevant security control inputs are documented within the body of the process-flow diagram.
    • Map out the respective processes in order to achieve the desired outcome.
    • Segment each process within its own icon and tie that back to the respective input.
    Example of a process flow made with sticky notes.

    Title: Output #1 Example of a process flow diagram with columns 'Stakeholders', 'Input Processes', 'Output Processes', and 'Threat Escalation Protocol'. Processes are mapped by which stakeholder and column they fall to.

    Download Info-Tech’s Security Operations RACI Chart & Program Plan.

    Formalize the opportunities for collaboration within your security operations program

    Security Operations Collaboration Plan

    Security operations provides a single pane of glass through which the threat collaboration environment can manage its operations.

    How to customize

    The security operations interaction agreement identifies opportunities for optimization through collaboration and cross-training. The document is composed of several components:

    • Security operations program scope and objectives
    • Operational capabilities and outputs on a per function basis
    • A needs and requirements collection plan
    • Escalation protocol and respective information-sharing guidance (i.e. a detailed cadence schedule)
    • A security operations RACI chart
    Sample of Info-Tech's Security Operations Collaboration Plan.

    Info-Tech Best Practice

    Understand the operational cut-off points. While collaboration is encouraged, understand when the onus shifts to the rest of the threat collaboration environment.

    Assign responsibilities for the threat management process

    Security Operations RACI Chart & Program Plan

    Formally documenting roles and responsibilities helps to hold those accountable and creates awareness as to everyone’s involvement in various tasks.

    How to customize
    • Customize the header fields with applicable stakeholders.
    • Identify stakeholders that are:
      • Responsible: The person(s) who does the work to accomplish the activity; they have been tasked with completing the activity and/or getting a decision made.
      • Accountable: The person(s) who is accountable for the completion of the activity. Ideally, this is a single person and is often an executive or program sponsor.
      • Consulted: The person(s) who provides information. This is usually several people, typically called subject matter experts (SMEs).
      • Informed: The person(s) who is updated on progress. These are resources that are affected by the outcome of the activities and need to be kept up to date.
    Sample of Info-Tech's Security Operations Collaboration Plan.

    Download Info-Tech’s Security Operations RACI Chart & Program Plan.

    Identify security operations consumers and their respective needs and requirements

    Ensure your security operations program is constantly working toward satisfying a consumer need or requirement.

    Internal Consumers External Consumers
    • Business Executives & Management (CIO, CISO, COO):
      • Inform business decisions regarding threats and their association with future financial risk, reputational risk, and continuity of operations.
    • Human Resources:
      • Security operations must directly work with HR to enforce tight device controls, develop processes, and set expectations.
    • Legal:
      • Security operations is responsible to notify the legal department of data breaches and the appropriate course of action.
    • Audit and Compliance:
      • Work with the auditing department to define additional audits or controls that must be measured.
    • Public Relations/Marketing Employees:
      • Employees must be educated on prevalent threats and how to avoid or mitigate them.

    Note: Your organization might not be the final target, but it could be a primary path for attackers. If you exist as a third-party partner to another organization, your responsibility in your technology ecosystem extends beyond your own product or service offerings.

    • Third-Party Contractors:
      • Identify relevant threats across industries – security operations is responsible for protecting more than just itself.
    • Commercial Vendors:
      • Identify commercial vendors of control failures and opportunities for operational improvement.
    • Suppliers:
      • Provide or maintain a certain level of security delivery.
      • Meet the same level of security that is expected of business units.
    • All End Users:
      • Be notified of any data breaches and potential violations of privacy.

    Info-Tech Best Practice

    “In order to support a healthy constituency, network operations and security operations should be viewed as equal partners, rather than one subordinate to the other.” (Mitre world-class CISO)

    Define the stakeholders, their respective outputs, and the underlying need

    Security Operations Program Service & Product Catalog

    Create an informal security operations program service and product catalog. Work your way backwards – map each deliverable to the respective stakeholders and functions.

    Action/Output Arrow pointing right. Frequency Arrow pointing right. Stakeholders/Function
    Document the key services and outputs produced by the security operations program. For example:
    • Real-time monitoring
    • Event analysis and incident coordination
    • Malware analysis
    • External information sharing
    • Published alerts, reports, and briefings
    • Metrics
    Define the frequency for which each deliverable or service is produced or conducted. Leverage this activity to establish a state of accountability within your threat collaboration environment. Identify the stakeholders or groups affiliated with each output. Remember to include potential MSSPs.
    • Vulnerability Management
    • Threat Intelligence
    • Tier 1, 2, and 3 Analysts
    • Incident Response
    • MSSP
    • Network Operations
    Remember to include any target-state outputs or services identified in the maturity assessment. Use this exercise as an opportunity to organize your security operations outputs and services.

    Info-Tech Best Practice

    Develop a central web/knowledge portal that is easily accessible throughout the threat collaboration environment.

    Internal information sharing helps to focus operational efforts

    Organizations must share information internally and through secure external information sharing and analysis centers (ISACs).

    Ensure information is shared in a format that relates to the particular end user. Internal consumers fall into two categories:

    • Strategic Users — Intelligence enables strategic stakeholders to better understand security trends, minimize risk, and make more educated and informed decisions. The strategic intelligence user often lacks technical security knowledge; bridge the communication gap between security and non-technical decision makers by clearly communicating the underlying value and benefits.
    • Operational Users — Operational users integrate information and indicators directly into their daily operations and as a result have more in-depth knowledge of the technical terms. Reports help to identify escalated alerts that are part of a bigger campaign, provide attribution and context to attacks, identify systems that have been compromised, block malicious URLs or malware signatures in firewalls, IDPS systems, and other gateway products, identify patches, reduce the number of incidents, etc.
    Collaboration includes the exchange of:
    • Contextualized threat indicators, threat actors, TTPs, and campaigns.
    • Attribution of the attack, motives of the attacker, victim profiles, and frequent exploits.
    • Defensive and mitigation strategies.
    • Best-practice incident response procedures.
    • Technical tools to help normalize threat intelligence formats or decode malicious network traffic.
    Collaboration can be achieved through:
    • Manual unstructured exchanges such as alerts, reports, briefings, knowledge portals, or emails.
    • Automated centralized platforms that allow users to privately upload, aggregate, and vet threat intelligence. Current players include commercial, government, and open-source information-sharing and analysis centers.
    Isolation prevents businesses from learning from each others’ mistakes and/or successes.

    Define the routine of your security operations program in a detailed cadence schedule

    Security Operations Program Cadence Schedule Template

    Design your meetings around your security operations program’s outputs and capabilities

    How to customize

    Don’t operate in a silo. Formalize a cadence schedule to develop a state of accountability, share information across the organization, and discuss relevant trends. A detailed cadence schedule should include the following:

    • Activity, output, or topic being discussed.
    • Participants and stakeholders involved.
    • Value and purpose of meeting.
    • Duration and frequency of each meeting.
    • Investment per participant per meeting.
    Sample of Info-Tech's Security Operations Program Cadence Schedule Template.

    Info-Tech Best Practice

    Schedule regular meetings composed of key members from different working groups to discuss concerns, share goals, and communicate operational processes pertaining to their specific roles.

    Apply a strategic lens to your security operations program

    Frame the importance of optimizing the security operations program to align with that of the decision makers’ overarching strategy.

    Strategies
    1. Bridge the communication gap between security and non-technical decision makers. Communicate concisely in business-friendly terms.
    2. Quantify the ROI for the given project.
    3. Educate stakeholders – if stakeholders do not understand what a security operations program encompasses, it will be hard for them to champion the initiative.
    4. Communicate the implications, value, and benefits of a security operations program.
    5. Frame the opportunity as a competitive advantage, e.g. proactive security measures as a client acquisition strategy.
    6. Address the increasing prevalence of threat actors. Use objective data to demonstrate the impact, e.g. through case studies, recent media headlines, or statistics.

    Defensive Strategy diagram with columns 'Adversaries', 'Defenses', 'Assets', and priority level.
    (Source: iSIGHT, “ Definitive Guide to Threat Intelligence”)

    Info-Tech Best Practice

    Refrain from using scare tactics such as fear, uncertainty, and doubt (FUD). While this may be a short-term solution, it limits the longevity of your operations as senior management is not truly invested in the initiative.

    Example: Align your strategic needs with that of management.

    Identify assets of value, current weak security measures, and potential adversaries. Demonstrate how an optimized security operations program can mitigate those threats.

    Develop a comprehensive measurement program to evaluate the effectiveness of your security operations

    There are three types of metrics pertaining to security operations:

    1) Operations-focused

    Operations-focused metrics are typically communicated through a centralized visualization such as a dashboard. These metrics guide operational efforts, identifying operational and control weak points while ensuring the appropriate actions are taken to fix them.

    Examples include, but are not limited to:

    • Ticketing metrics (e.g. average ticket resolution rate, ticketing status, number of tickets per queue/analyst).
    • False positive percentage per control.
    • Incident response metrics (e.g. mean time to recovery).
    • CVSS scores per vulnerability.

    2) Business-focused

    The evaluation of operational success from a business perspective.

    Example metrics include:

    • Return on investment.
    • Total cost of ownership (can be segregated by function: prevent, detect, analyze, and respond).
    • Saved costs from mitigated breaches.
    • Security operations budget as a percentage of the IT budget.

    3) Initiative-focused

    The measurement of security operations project progress. These are frequently represented as time, resource, or cost-based metrics.

    Note: Remember to measure end-user feedback. Asking stakeholders about their current expectations via a formal survey is the most effective way to kick-start the continuous improvement process.

    Info-Tech Best Practice

    Operational metrics have limited value beyond security operations – when communicating to management, focus on metrics that are actionable from a business perspective.

    Download Info-Tech’s Security Operations Metrics Summary Document.Sample of Info-Tech's Security Operations Metrics Summary Document.

    Identify the triggers for continual improvement

    Continual Improvement

    • Audits: Check for performance requirements in order to pass major audits.
    • Assessments: Variances in efficiency or effectiveness of metrics when compared to the industry standard.
    • Process maturity: Opportunity to increase efficiency of services and processes.
    • Management reviews: Routine reviews that reveal gaps.
    • Technology advances: For example, new security architecture/controls have been released.
    • Regulations: Compliance to new or changed regulations.
    • New staff or technology: Disruptive technology or new skills that allow for improvement.

    Conduct tabletop exercises with Info-Tech’s onsite workshop

    Assess your security operations capabilities

    Leverage Info-Tech’s Security Operations Tabletop Exercise to guide simulations to validate your operational procedures.

    How to customize
    • Use the templates to document actions and actors.
    • For each new injection, spend three minutes discussing the response as a group. Then spend two minutes documenting each role’s contribution to the response. After the time limit, proceed to the following injection scenario.
    • Review the responses only after completing the entire exercise.
    Sample of Info-Tech's Security Operations Tabletop Exercise.

    This tabletop exercise is available through an onsite workshop as we can help establish and design a tabletop capability for your organization.

    Are you ready to implement your security operations program?

    Self-Assessment Questions

    • Is there a formalized security operations collaboration plan?
    • Are all key stakeholders documented and acknowledged?
    • Have you defined your strategic needs and requirements in a formalized collection plan?
    • Is there an established channel for management to communicate needs and requirements to the security operation leaders?
    • Are all program outputs documented and communicated?
    • Is there an accessible, centralized portal or dashboard that actively aggregates and communicates key information?
    • Is there a formalized threat escalation protocol in order to facilitate both internal and external information sharing?
    • Does your organization actively participate in external information sharing through the use of ISACs?
    • Does your organization actively produce reports, alerts, products, etc. that feed into and influence the output of other functions’ operations?
    • Have you assigned program responsibilities in a detailed RACI chart?
    • Is there a structured cadence schedule for key stakeholders to actively communicate and share information?
    • Have you developed a structured measurement program on a per function basis?
    • Now that you have constructed your ideal security operations program strategy, revisit the question “Are you answering all of your objectives?”

    If you answered “yes” to the questions, then you are ready to implement your security operations program.

    Summary

    Insights

    1. Security operations is no longer a center, but a process. The need for a physical security hub has evolved into the virtual fusion of prevention, detection, analysis, and response efforts. When all four functions operate as a unified process, your organization will be able to proactively combat changes in the threat landscape.
    2. Functional threat intelligence is a prerequisite for effective security operations – without it, security operations will be inefficient and redundant. Eliminate false positives by contextualizing threat data, aligning intelligence with business objectives, and building processes to satisfy those objectives
    3. If you are not communicating, then you are not secure. Collaboration eliminates siloed decisions by connecting people, processes, and technologies. You leave less room for error, consume fewer resources, and improve operational efficiency with a transparent security operations process.

    Best Practices

    • Have a structured plan of attack. Define your unique threat landscape, as well as business, regulatory, and consumer obligations.
    • Foster both internal and external collaboration.
    • Understand the operational cut-off points. While collaboration is encouraged, understand when the onus shifts to the rest of the threat collaboration environment.
    • Do not bite off more than you can chew. Identify current people, processes, and technologies that satisfy immediate problems and enable future expansion.
    • Leverage threat intelligence to create a predictive and proactive security operations analysis process.
    • Formalize escalation procedures with logic and incident management flow.
    • Don’t develop a security operations program with the objective of zero incidents. This reliance on prevention results in over-engineered security solutions that cost more than the assets being protected.
    • Ensure that information flows freely throughout the threat collaboration environment – each function should serve to feed and enhance the next.
    • Develop a central web/knowledge portal that is easily accessible throughout the threat collaboration environment
    Protect your organization with an interdependent and collaborative security operations program.

    Bibliography

    “2016 State of Cybersecurity in Small & Medium-Sized Businesses (SMB).” Ponemon Institute, June 2016. Web. 10 Nov. 2016.

    Ahmad, Shakeel et al. “10 Tips to Improve Your Security Incident Readiness and Response.” RSA, n.d. Web. 12 Nov. 2016.

    Anderson, Brandie. “ Building, Maturing & Rocking a Security Operations Center.” Hewlett Packard, n.d. Web. 4 Nov. 2016.

    Barnum, Sean. “Standardizing cyber threat intelligence information with the structured threat information expression.” STIX, n.d. Web. 03 Oct. 2016.

    Bidou, Renaud. “Security Operation Center Concepts & Implementation.” IV2-Technologies, n.d. Web. 20 Nov. 2016.

    Bradley, Susan. “Cyber threat intelligence summit.” SANS Institute InfoSec Reading Room, n.d. Web. 03 Oct. 2016.

    “Building a Security Operations Center.” DEF CON Communications, Inc., 2015. Web. 14 Nov. 2016.

    “Building a Successful Security Operations Center.” ArcSight, 2015. Web. 21 Nov. 2016.

    “Building an Intelligence-Driven Security Operations Center.” RSA, June 2014. Web. 25 Nov. 2016.

    Caltagirone, Sergio, Andrew Pendergast, and Christopher Betz. “Diamond Model of Intrusion Analysis,” Center for Cyber Threat Intelligence and Threat Research, 5 July 2013. Web. 25 Aug. 2016.

    “Cisco 2017 Annual Cybersecurity Report: Chief Security Officers Reveal True Cost of Breaches and the Actions Organizations Are Taking.” The Network. Cisco, 31 Jan. 2017. Web. 11 Nov. 2017.

    “CITP Training and Education.” Carnegie Mellon University, 2015. Web. 03 Oct. 2016.

    “Creating and Maintaining a SOC.” Intel Security, n.d. Web. 14 Nov. 2016.

    “Cyber Defense.” Mandiant, 2015. Web. 10 Nov. 2016.

    “Cyber Security Operations Center (CSOC).” Northrop Grumman, 2014. Web. 14 Nov. 2016.

    Danyliw, Roman. “Observations of Successful Cyber Security Operations.” Carnegie Mellon, 12 Dec. 2016. Web. 14 Dec. 2016.

    “Designing and Building Security Operations Center.” SearchSecurity. TechTarget, Mar. 2016. Web. 14 Dec. 2016.

    EY. “Managed SOC.” EY, 2015. Web. 14 Nov. 2016.

    Fishbach, Nicholas. “How to Build and Run a Security Operations Center.” Securite.org, n.d. Web. 20 Nov. 2016.

    “Framework for improving critical infrastructure cybersecurity.” National Institute of Standards and Technology, 12 Feb. 2014. Web.

    Friedman, John, and Mark Bouchard. “Definitive Guide to Cyber Threat Intelligence.” iSIGHT, 2015. Web. 1 June 2015.

    Goldfarb, Joshua. “The Security Operations Hierarchy of Needs.” Securityweek.com, 10 Sept. 2015. Web. 14 Dec. 2016.

    “How Collaboration Can Optimize Security Operations.” Intel, n.d. Web. 2 Nov. 2016.

    Hslatman. “Awesome threat intelligence.” GitHub, 16 Aug. 2016. Web. 03 Oct. 2016.

    “Implementation Framework – Collection Management.” Carnegie Mellon University, 2015. Web.

    “Implementation Framework – Cyber Threat Prioritization.” Carnegie Mellon University, 03 Oct. 2016. Web. 03 Oct. 2016.

    “Intelligent Security Operations Center.” IBM, 25 Feb. 2015. Web. 15 Nov. 2016.

    Joshi Follow , Abhishek. “Best Practices for Security Operations Center.” LinkedIn, 01 Nov. 2015. Web. 14 Nov. 2016.

    Joshi. “Best Practices for a Security Operations Center.” Cybrary, 18 Sept. 2015. Web. 14 Dec. 2016.

    Kelley, Diana and Ron Moritz. “Best Practices for Building a Security Operations Center.” Information Security Today, 2006. Web. 10 Nov. 2016.

    Killcrece, Georgia, Klaus-Peter Kossakowski, Robin Ruefle, and Mark Zajicek. ”Organizational Models for Computer Security Incident Response Teams (CSIRTs).” Carnegie Mellon Software Engineering Institute, Dec. 2003. Carnegie Mellon. Web. 10 Nov. 2016.

    Kindervag , John. “SOC 2.0: Three Key Steps toward the Next-generation Security Operations Center.” SearchSecurity. TechTarget, Dec. 2010. Web. 14 Dec. 2016.

    Kvochko, Elena. “Designing the Next Generation Cyber Security Operations Center.” Forbes Magazine, 14 Mar. 2016. Web. 14 Dec. 2016.

    Lambert, P. “ Security Operations Center: Not Just for Huge Enterprises.” TechRepublic, 31 Jan. 2013. Web. 10 Nov. 2016.

    Lecky, M. and D. Millier. “Re-Thinking Security Operations.” SecTor Security Education Conference. Toronto, 2014.

    Lee, Michael. “Three Elements That Every Advanced Security Operations Center Needs.” CSO | The Resource for Data Security Executives, n.d. Web. 16 Nov. 2016.

    Linch, David and Jason Bergstrom. “Building a Culture of Continuous Improvement in an Age of Disruption.” Deloitte LLP, 2014.

    Lynch, Steve. “Security Operations Center.” InfoSec Institute, 14 May 2015. Web. 14 Dec. 2016.

    Macgregor, Rob. “Diamonds or chains – cyber security updates.” PwC, n.d. Web. 03 Oct. 2016.

    “Make Your Security Operations Center (SOC) More Efficient.” Making Your Data Center Energy Efficient (2011): 213-48. Intel Security. Web. 20 Nov. 2016.

    Makryllos, Gordon. “The Six Pillars of Security Operations.” CSO | The Resource for Data Security Executives, n.d. Web. 14 Nov. 2016.

    Marchany, R. “ Building a Security Operations Center.” Virginia Tech, 2015. Web. 8 Nov. 2016.

    Marty, Raffael. “Dashboards in the Security Operations Center (SOC).” Security Bloggers Network, 15 Jan. 2016. Web. 14 Nov. 2016.

    Minu, Adolphus. “Discovering the Value of Knowledge Portal.” IBM, n.d. Web. 1 Nov. 2016.

    Muniz, J., G. McIntyre, and N. AlFardan. “Introduction to Security Operations and the SOC.” Security Operations Center: Building, Operating, and Maintaining your SOC. Cisco Press, 29 Oct. 2015. Web. 14 Nov. 2016.

    Muniz, Joseph and Gary McIntyre. “ Security Operations Center.” Cisco, Nov. 2015. Web. 14 Nov. 2016.

    Muniz, Joseph. “5 Steps to Building and Operating an Effective Security Operations Center (SOC).” Cisco, 15 Dec. 2015. Web. 14 Dec. 2016.

    Nathans, David. Designing and Building a Security Operations Center. Syngress, 2015. Print.

    National Institute of Standards and Technology. “SP 800-61 Revision 2: Computer Security Incident Handling Guide.” 2012. Web.

    National Institute of Standards and Technology. “SP 800-83 Revision 1.” 2013. Web.

    National Institute of Standards and Technology. “SP 800-86: Guide to Integrating Forensic Techniques into Incident Response.” 2006. Web.

    F5 Networks. “F5 Security Operations Center.” F5 Networks, 2014. Web. 10 Nov. 2016.

    “Next Generation Security Operations Center.” DTS Solution, n.d. Web. 20 Nov. 2016.

    “Optimizing Security Operations.” Intel, 2015. Web. 4 Nov. 2016.

    Paganini, Pierluigi. “What Is a SOC ( Security Operations Center)?” Security Affairs, 24 May 2016. Web. 14 Dec. 2016.

    Ponemon Institute LLC. “Cyber Security Incident Response: Are we as prepared as we think?” Ponemon, 2014. Web.

    Ponemon Institute LLC. “The Importance of Cyber Threat Intelligence to a Strong Security Posture.” Ponemon, Mar. 2015. Web. 17 Aug. 2016.

    Poputa-Clean, Paul. “Automated defense – using threat intelligence to augment.” SANS Institute InfoSec Reading Room, 15 Jan. 2015. Web.

    Quintagroup. “Knowledge Management Portal Solution.” Quintagroup, n.d. Web.

    Rasche, G. “Guidelines for Planning an Integrated Security Operations Center.” EPRI, Dec. 2013. Web. 25 Nov. 2016.

    Rehman, R. “What It Really Takes to Stand up a SOC.” Rafeeq Rehman – Personal Blog, 27 Aug. 2015. Web. 14 Dec. 2016.

    Rothke, Ben. “Designing and Building Security Operations Center.” RSA Conference, 2015. Web. 14 Nov. 2016.

    Ruks, Martyn and David Chismon. “Threat Intelligence: Collecting, Analysing, Evaluating.” MWR Infosecurity, 2015. Web. 24 Aug. 2016.

    Sadamatsu, Takayoshi. “Practice within Fujitsu of Security Operations Center.” Fujitsu, July 2016. Web. 15 Nov. 2016.

    Sanders, Chris. “Three Useful SOC Dashboards.” Chris Sanders, 24 Oct. 2016. Web. 14 Nov. 2016.

    SANS Institute. “Incident Handler's Handbook.” 2011. Web.

    Schilling, Jeff. “5 Pitfalls to Avoid When Running Your SOC.” Dark Reading, 18 Dec. 2014. Web. 14 Nov. 2016.

    Schinagl, Stef, Keith Schoon, and Ronald Paans. “A Framework for Designing a Security Operations Centre (SOC).” 2015 48th Hawaii International Conference on System Sciences. Computer.org, 2015. Web. 20 Nov. 2016.

    “Security – Next Gen SOC or SOF.” InfoSecAlways.com, 31 Dec. 2013. Web. 14 Nov. 2016.

    “Security Operations Center Dashboard.” Enterprise Dashboard Digest, n.d. Web. 14 Dec. 2016.

    “Security Operations Center Optimization Services.” AT&T, 2015. Web. 5 Nov. 2016.

    “Security Operations Centers — Helping You Get Ahead of Cybercrime Contents.” EY, 2014. Web. 6 Nov. 2016.

    Sheikh, Shah. “DTS Solution - Building a SOC (Security Operations Center).” LinkedIn, 4 May 2013. Web. 20 Nov. 2016.

    Soto, Carlos. “ Security Operations Center (SOC) 101.” Tom's IT Pro, 28 Oct. 2015. Web. 14 Dec. 2016.

    “Standardizing and Automating Security Operations.” National Institute of Standards and Technology, 3 Sept. 2006. Web.

    “Strategy Considerations for Building a Security Operations Center.” IBM, Dec. 2013. Web. 5 Nov. 2016.

    “Summary of Key Findings.” Carnegie Mellon University, 03 Oct. 2016. Web. 03 Oct. 2016.

    “Sustainable Security Operations.” Intel, 2016. Web. 20 Nov. 2016.

    “The Cost of Malware Containment.” Ponemon Institute, Jan. 2015. Web.

    “The Game Plan for Closing the SecOps Gap.” BMC. Forbes Magazine, Jan. 2016. Web. 10 Jan. 2017.

    Veerappa Srinivas, Babu. “Security Operations Centre (SOC) in a Utility Organization.” GIAC, 17 Sept. 2014. Web. 5 Nov. 2016.

    Wang, John. “Anatomy of a Security Operations Center.” NASA, 2015. Web. 2 Nov. 2016.

    Weiss, Errol. “Statement for the Record.” House Financial Services Committee, 1 June 2012. Web. 12 Nov. 2016.

    Wilson, Tim. “SOC 2.0: A Crystal-Ball Glimpse of the Next-Generation Security Operations Center.” Dark Reading, 22 Nov. 2010. Web. 10 Nov. 2016.

    Zimmerman, Carson. “Ten Strategies of a World-Class Cybersecurity Operations Center.” Mitre, 2014. Web. 24 Aug. 2016.

    Create a Right-Sized Enterprise Architecture Governance Framework

    • Buy Link or Shortcode: {j2store}582|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $10,000 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Strategy & Operating Model
    • Parent Category Link: /strategy-and-operating-model
    • EA governance is perceived as an unnecessary layer of bureaucracy because business benefits are poorly communicated.
    • The organization doesn’t have a formalized EA practice.
    • Where an EA practice exists, employees are unsure of EA’s roles and responsibilities.

    Our Advice

    Critical Insight

    • Enterprise architecture is not a technical function – it should be business-value driven and forward looking, positioning organizational assets in favor of long-term strategy rather than short-term tactics.

    Impact and Result

    • Value-focused. Focus EA governance on helping the organization achieve business benefits. Promote EA’s contribution in realizing business value.
    • Right-sized. Re-use existing process checkpoints rather than creating new ones. Clearly define EA governance inclusion criteria for projects.
    • Defined and measured process. Define metrics to measure EA’s performance and integrate EA governance with other governance processes such as project governance. Also clearly define the EA governing bodies’ composition, domain, inputs, and outputs.
    • Strike the right balance. Adopt architecture principles that strikes the right balance between business and technology.

    Create a Right-Sized Enterprise Architecture Governance Framework Research & Tools

    Start here – read the Executive Brief

    Read our Executive Brief to find out how implementing a successful enterprise architecture governance framework can benefit your organization.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Current State of EA Governance

    Identify the organization’s standing in terms of the enterprise architecture practice, and know the gaps and what the EA practice needs to fulfill to create a good governance framework.

    • Create a Right-Sized Enterprise Architecture Governance Framework – Phase 1: Current State of EA Governance
    • EA Capability – Risk and Complexity Assessment Tool
    • EA Governance Assessment Tool

    2. EA Fundamentals

    Understand the EA fundamentals and then refresh them to better align the EA practice with the organization and create business benefit.

    • Create a Right-Sized Enterprise Architecture Governance Framework – Phase 2: EA Fundamentals
    • EA Vision and Mission Template
    • EA Goals and Measures Template
    • EA Principles Template

    3. Engagement Model

    Analyze the IT operating model and identify EA’s role at each stage; refine it to promote effective EA engagement upfront in the early stages of the IT operating model.

    • Create a Right-Sized Enterprise Architecture Governance Framework – Phase 3: Engagement Model
    • EA Engagement Model Template

    4. EA Governing Bodies

    Set up EA governing bodies to provide guidance and foster a collaborative environment by identifying the correct number of EA governing bodies, defining the game plan to initialize the governing bodies, and creating an architecture review process.

    • Create a Right-Sized Enterprise Architecture Governance Framework – Phase 4: EA Governing Bodies
    • Architecture Board Charter Template
    • Architecture Review Process Template

    5. EA Policy

    Create an EA policy to provide a set of guidelines designed to direct and constrain the architecture actions of the organization in the pursuit of its goals in order to improve architecture compliance and drive business value.

    • Create a Right-Sized Enterprise Architecture Governance Framework – Phase 5: EA Policy
    • EA Policy Template
    • EA Assessment Checklist Template
    • EA Compliance Waiver Process Template
    • EA Compliance Waiver Form Template

    6. Architectural Standards

    Define architecture standards to facilitate information exchange, improve collaboration, and provide stability. Develop a process to update the architectural standards to ensure relevancy and promote process transparency.

    • Create a Right-Sized Enterprise Architecture Governance Framework – Phase 6: Architectural Standards
    • Architecture Standards Update Process Template

    7. Communication Plan

    Craft a plan to engage the relevant stakeholders, ascertain the benefits of the initiative, and identify the various communication methods in order to maximize the chances of success.

    • Create a Right-Sized Enterprise Architecture Governance Framework – Phase 7: Communication Plan
    • EA Governance Communication Plan Template
    • EA Governance Framework Template
    [infographic]

    Workshop: Create a Right-Sized Enterprise Architecture Governance Framework

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Current State of EA governance (Pre-workshop)

    The Purpose

    Conduct stakeholder interviews to understand current state of EA practice and prioritize gaps for EA governance based on organizational complexity.

    Key Benefits Achieved

    Prioritized list of actions to arrive at the target state based on the complexity of the organization

    Activities

    1.1 Determine organizational complexity.

    1.2 Conduct an assessment of the EA governance components.

    1.3 Identify and prioritize gaps.

    1.4 Conduct senior management interviews.

    Outputs

    Organizational complexity score

    EA governance current state and prioritized list of EA governance component gaps

    Stakeholder perception of the EA practice

    2 EA Fundamentals and Engagement Model

    The Purpose

    Refine EA fundamentals to align the EA practice with the organization and identify EA touchpoints to provide guidance for projects.

    Key Benefits Achieved

    Alignment of EA goals and objectives with the goals and objectives of the organization

    Early involvement of EA in the IT operating model

    Activities

    2.1 Review the output of the organizational complexity and EA assessment tools.

    2.2 Craft the EA vision and mission.

    2.3 Develop the EA principles.

    2.4 Identify the EA goals.

    2.5 Identify EA engagement touchpoints within the IT operating model.

    Outputs

    EA vision and mission statement

    EA principles

    EA goals and measures

    Identified EA engagement touchpoints and EA level of involvement

    3 EA Governing Bodies

    The Purpose

    Set up EA governing bodies to provide guidance and foster a collaborative environment by identifying the correct number of EA governing bodies, defining the game plan to initialize the governing bodies and creating an architecture review process.

    Key Benefits Achieved

    Business benefits are maximized and solution design is within the options set forth by the architectural reference models while no additional layers of bureaucracy are introduced

    Activities

    3.1 Identify the number of governing bodies.

    3.2 Define the game plan to initialize the governing bodies.

    3.3 Define the architecture review process.

    Outputs

    Architecture board structure and coverage

    Identified architecture review template

    4 EA Policy

    The Purpose

    Create an EA policy to provide a set of guidelines designed to direct and constrain the architecture actions of the organization in the pursuit of its goals in order to improve architecture compliance and drive business value.

    Key Benefits Achieved

    Improved architecture compliance, which ties investments to business value and provides guidance to architecture practitioners

    Activities

    4.1 Define the scope.

    4.2 Identify the target audience.

    4.3 Determine the inclusion and exclusion criteria.

    4.4 Craft an assessment checklist.

    Outputs

    Defined scope

    Inclusion and exclusion criteria for project review

    Architecture assessment checklist

    5 Architectural Standards and Communication Plan

    The Purpose

    Define architecture standards to facilitate information exchange, improve collaboration, and provide stability.

    Craft a communication plan to implement the new EA governance framework in order to maximize the chances of success.

    Key Benefits Achieved

    Consistent development of architecture, increased information exchange between stakeholders

    Improved process transparency

    Improved stakeholder engagement

    Activities

    5.1 Identify and standardize EA work products.

    5.2 Classifying the architectural standards.

    5.3 Identifying the custodian of standards.

    5.4 Update the standards.

    5.5 List the changes identified in the EA governance initiative

    5.6 Create a communication plan.

    Outputs

    Identified set of EA work products to standardize

    Architecture information taxonomy

    Identified set of custodian of standards

    Standard update process

    List of EA governance initiatives

    Communication plan for EA governance initiatives

    Further reading

    Create a Right-Sized Enterprise Architecture Governance Framework

    Focus on process standardization, repeatability, and sustainability.

    ANALYST PERSPECTIVE

    "Enterprise architecture is not a technology concept, rather it is the foundation on which businesses orient themselves to create and capture value in the marketplace. Designing architecture is not a simple task and creating organizations for the future requires forward thinking and rigorous planning.

    Architecture processes that are supposed to help facilitate discussions and drive option analysis are often seen as an unnecessary overhead. The negative perception is due to enterprise architecture groups being overly prescriptive rather than providing a set of options that guide and constrain solutions at the same time.

    EA groups should do away with the direct and control mindset and change to a collaborate and mentor mindset. As part of the architecture governance, EA teams should provide an option set that constrains design choices, and also be open to changes to standards or best practices. "

    Gopi Bheemavarapu, Sr. Manager, CIO Advisory Info-Tech Research Group

    Our understanding of the problem

    This Research Is Designed For:

    • CIO
    • IT Leaders
    • Business Leaders
    • Head of Enterprise Architecture
    • Enterprise Architects
    • Domain Architects
    • Solution Architects

    This Research Will Help You:

    • Understand the importance of enterprise architecture (EA) governance and how to apply it to guide architectural decisions.
    • Enhance your understanding of the organization’s current EA governance and identify areas for improvement.
    • Optimize your EA engagement model to maximize value creation.
    • Learn how to set up the optimal number of governance bodies in order to avoid bureaucratizing the organization.

    This Research Will Also Assist:

    • Business Relationship Managers
    • Business Analysts
    • IT Managers
    • Project Managers
    • IT Analysts
    • Quality Assurance Leads
    • Software Developers

    This Research Will Help Them:

    • Give an overview of enterprise architecture governance
    • Clarity on the role of enterprise architecture team

    Executive summary

    Situation

    • Deployed solutions do not meet business objectives resulting in expensive and extensive rework.
    • Each department acts independently without any regular EA touchpoints.
    • Organizations practice project-level architecture as opposed to enterprise architecture.

    Complication

    • EA governance is perceived as an unnecessary layer of bureaucracy because business benefits are poorly communicated.
    • The organization doesn’t have a formalized EA practice.
    • Where an EA practice exists, employees are unsure of EA’s roles and responsibilities.

    Resolution

    • Value-focused. Focus EA governance on helping the organization achieve business benefits. Promote EA’s contribution in realizing business value.
    • Right-sized. Re-use existing process checkpoints, rather than creating new ones. Clearly define EA governance inclusion criteria for projects.
    • Defined and measured process. Define metrics to measure EA’s performance and integrate EA governance with other governance processes such as project governance. Also clearly define the EA governing bodies’ composition, domain, inputs, and outputs.
    • Strike the right balance. Adopt architecture principles that strikes the right balance between business and technology imperatives.

    Info-Tech Insight

    Enterprise architecture is critical to ensuring that an organization has the solid IT foundation it needs to efficiently enable the achievement of its current and future strategic goals rather than focusing on short-term tactical gains.

    What is enterprise architecture governance?

    An architecture governance process is the set of activities an organization executes to ensure that decisions are made and accountability is enforced during the execution of its architecture strategy. (Hopkins, “The Essential EA Toolkit.”)

    EA governance includes the following:

    • Implement a system of controls over the creation and monitoring of all architectural components.
    • Ensure effective introduction, implementation, and evolution of architectures within the organization.
    • Implement a system to ensure compliance with internal and external standards and regulatory obligations.
    • Develop practices that ensure accountability to a clearly identified stakeholder community, both inside and outside the organization.

    (TOGAF)

    IT governance sets direction through prioritization and decision making, and monitors overall IT performance.

    The image shows a circle set within a larger circle. The inner circle is connected to the bottom of the larger circle. The inner circle is labelled EA Governance and the larger circle is labelled IT Governance.

    EA governance ensures that optimal architectural design choices are being made that focus on long-term value creation.

    Harness the benefits of an optimized EA governance

    Core benefits of EA governance are seen through:

    Value creation

    Effective EA governance ensures alignment between organizational investments and corporate strategic goals and objectives.

    Cost reduction

    Architecture standards provide guidance to identify opportunities for reuse and eliminate redundancies in an organization.

    Risk optimization

    Architecture review processes and assessment checklists ensure that solutions are within the acceptable risk levels of the organization.

    EA governance is difficult to structure appropriately, but having an effective structure will allow you to:

    • Achieve business strategy through faster time-to-market innovations and capabilities.
    • Reduced transaction costs with more consistent business processes and information across business units.
    • Lower IT costs due to better traceability, faster design, and lower risk.
    • Link IT investments to organizational strategies and objectives
    • Integrate and institutionalizes IT best practices.
    • Enable the organization to take full advantage of its information, infrastructure, and hardware and software assets.
    • Support regulatory as well as best practice requirements such as auditability, security, responsibility, and accountability.

    Organizations that have implemented EA governance realize greater benefits from their EA programs

    Modern day CIOs of high-performing organizations use EA as a strategic planning discipline to improve business-IT alignment, enable innovation, and link business and IT strategies to execution.

    Recent Info-Tech research found that organizations that establish EA governance realize greater benefits from their EA initiatives.

    The image shows a bar graph, with Impact from EA on the Y-axis, and different initiatives listed on the X-axis. Each initiative has two bars connected to it, with a blue bar representing answers of No and the grey bar representing answers of Yes.

    (Info-Tech Research Group, N=89)

    Measure EA governance implementation effectiveness

    Define key operational measures for internal use by IT and EA practitioners. Also, define business value measures that communicate and demonstrate the value of EA as an “enabler” of business outcomes to senior executives.

    EA performance measures (lead, operational) EA value measures (lag)
    Application of EA management process EA’s contribution to IT performance EA’s contribution to business value

    Enterprise Architecture Management

    • Number of months since the last review of target state EA blueprints.

    IT Investment Portfolio Management

    • Percentage of projects that were identified and proposed by EA.

    Solution Development

    • Number of projects that passed EA reviews.
    • Number of building blocks reused.

    Operations Management

    • Reduction in the number of applications with overlapping functionality.

    Business Value

    • Lower non-discretionary IT spend.
    • Decreased time to production.
    • Higher satisfaction of IT-enabled services.

    An insurance provider adopts a value-focused, right-sized EA governance program

    CASE STUDY

    Industry Insurance

    Source Info-Tech

    Situation

    The insurance sector has been undergoing major changes, and as a reaction, businesses within the sector have been embracing technology to provide innovative solutions.

    The head of EA in a major insurance provider (henceforth to be referred to as “INSPRO01”) was given the mandate to ensure that solutions are architected right the first time to maximize reuse and reduce technology debt. The EA group was at a critical point – to demonstrate business value or become irrelevant.

    Complication

    The project management office had been accountable for solution architecture and had placed emphasis on short-term project cost savings at the expense of long term durability.

    There was a lack of awareness of the Enterprise Architecture group within INSPRO01, and people misunderstood the roles and responsibilities of the EA team.

    Result

    Info-Tech helped define the responsibilities of the EA team and clarify the differences between the role of a Solution Architect vs. Enterprise Architect.

    The EA team was able to make the case for change in the project management practices to ensure architectures are reviewed and approved prior to implementation.

    As a result, INSPRO01 saw substantial increases in reuse opportunities and thereby derived more value from its technology investments.

    Success factors for EA governance

    The success of any EA governance initiative revolves around adopting best practices, setting up repeatable processes, and establishing appropriate controls.

    1. Develop best practices for managing architecture policies, procedures, roles, skills, and organizational structures.
    2. Establish organizational responsibilities and structures to support the architecture governance processes.
    3. Management of criteria for the control of the architecture governance processes, dispensations, compliance assessments, and SLAs.

    Info-Tech’s approach to EA governance

    Our best-practice approach is grounded in TOGAF and enhanced by the insights and guidance from our analysts, industry experts, and our clients.

    Value-focused. Focus EA governance on helping the organization achieve business benefits. Promote EA’s contribution in realizing business value.

    Right-sized. Insert EA governance into existing process checkpoints rather than creating new ones. Clearly define EA governance inclusion criteria for projects.

    Measured. Define metrics to measure EA’s performance, and integrate EA governance with other governance processes such as project governance. Also clearly define the EA governing bodies’ composition, domain, inputs, and outputs.

    Balanced. Adopt architecture principles that strikes the right balance between business and technology.

    Info-Tech’s EA governance framework

    Info-Tech’s architectural governance framework provides a value-focused, right-sized approach with a strong emphasis on process standardization, repeatability, and sustainability.

    1. Current state of EA governance
    2. EA fundamentals
    3. Engagement model
    4. EA governing bodies
    5. EA policy
    6. Architectural standards
    7. Communication Plan

    Use Info-Tech’s templates to complete this project

    1. Current state of EA governance
      • EA Capability - Risk and Complexity Assessment Tool
      • EA Governance Assessment Tool
    2. EA fundamentals
      • EA Vision and Mission Template
      • EA Goals and Measures Template
      • EA Principles Template
    3. Engagement model
      • EA Engagement Model Template
    4. EA governing bodies
      • Architecture Board Charter Template
      • Architecture Review Process Template
    5. EA policy
      • EA Policy Template
      • Architecture Assessment Checklist Template
      • Compliance Waiver Process Template
      • Compliance Waiver Form Template
    6. Architectural standards
      • Architecture Standards Update Process Template
    7. Communication Plan
      • EA Governance Communication Plan Template
      • EA Governance Framework Template

    As you move through the project, capture your progress with a summary in the EA Governance Framework Template.

    Download the EA Governance Framework Template document for use throughout this project.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    EA governance framework – phase-by-phase outline (1/2)

    Current state of EA governance EA Fundamentals Engagement Model EA Governing Bodies
    Best-Practice Toolkit

    1.1 Determine organizational complexity

    1.2 Conduct an assessment of the EA governance components

    1.3 Identify and prioritize gaps

    2.1 Craft the EA vision and mission

    2.2 Develop the EA principles

    2.3 Identify the EA goals

    3.1 Build the case for EA engagement

    3.2 Identify engagement touchpoints within the IT operating model

    4.1 Identify the number of governing bodies

    4.2 Define the game plan to initialize the governing bodies

    4.3 Define the architecture review process

    Guided Implementations
    • Determine organizational complexity
    • Assess current state of EA governance
    • Develop the EA fundamentals
    • Review the EA fundamentals
    • Review the current IT operating model
    • Determine the target engagement model
    • Identify architecture boards and develop charters
    • Develop an architecture review process

    Phase 1 Results:

    • EA Capability - risk and complexity assessment
    • EA governance assessment

    Phase 2 Results:

    • EA vision and mission
    • EA goals and measures
    • EA principles

    Phase 3 Results:

    • EA engagement model

    Phase 4 Results:

    • Architecture board charter
    • Architecture review process

    EA governance framework – phase-by-phase outline (2/2)

    EA Policy Architectural Standards Communication Plan
    Best-Practice Toolkit

    5.1 Define the scope of EA policy

    5.2 Identify the target audience

    5.3 Determine the inclusion and exclusion criteria

    5.4 Craft an assessment checklist

    6.1 Identify and standardize EA work products

    6.2 Classify the architectural standards

    6.3 Identify the custodian of standards

    6.4 Update the standards

    7.1 List the changes identified in the EA governance initiative

    7.2 Identify stakeholders

    7.3 Create a communication plan

    Guided Implementations
    • EA policy, assessment checklists, and decision types
    • Compliance waivers
    • Understand architectural standards
    • EA repository and updating the standards
    • Create a communication plan
    • Review the communication plan

    Phase 5 Results:

    • EA policy
    • Architecture assessment checklist
    • Compliance waiver process
    • Compliance waiver form

    Phase 6 Results:

    • Architecture standards update process

    Phase 7 Results:

    • Communication plan
    • EA governance framework

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Pre-workshopWorkshop Day 1Workshop Day 2Workshop Day 3Workshop Day 4
    ActivitiesCurrent state of EA governance EA fundamentals and engagement model EA governing bodies EA policy Architectural standards and

    communication plan

    1.1 Determine organizational complexity

    1.2 Conduct an assessment of the EA governance components

    1.3 Identify and prioritize gaps

    1.4 Senior management interviews

    1. Review the output of the organizational complexity and EA assessment tools
    2. Craft the EA vision and mission
    3. Develop the EA principles.
    4. Identify the EA goals
    5. Identify EA engagement touchpoints within the IT operating model
    1. Identify the number of governing bodies
    2. Define the game plan to initialize the governing bodies
    3. Define the architecture review process
    1. Define the scope
    2. Identify the target audience
    3. Determine the inclusion and exclusion criteria
    4. Craft an assessment checklist
    1. Identify and standardize EA work products
    2. Classifying the architectural standards
    3. Identifying the custodian of standards
    4. Updating the standards
    5. List the changes identified in the EA governance initiative
    6. Identify stakeholders
    7. Create a communication plan
    Deliverables
    1. EA Capability - risk and complexity assessment tool
    2. EA governance assessment tool
    1. EA vision and mission template
    2. EA goals and measures template
    3. EA principles template
    4. EA engagement model template
    1. Architecture board charter template
    2. Architecture review process template
    1. EA policy template
    2. Architecture assessment checklist template
    3. Compliance waiver process template
    4. Compliance waiver form template
    1. Architecture standards update process template
    2. Communication plan template

    Phase 1

    Current State of EA Governance

    Create a Right-Sized Enterprise Architecture Governance Framework

    Current State of EA Governance

    1. Current State of EA Governance
    2. EA Fundamentals
    3. Engagement Model
    4. EA Governing Bodies
    5. EA Policy
    6. Architectural Standards
    7. Communication Plan

    This phase will walk you through the following activities:

    • Determine organizational complexity
    • Conduct an assessment of the EA governance components
    • Identify and prioritize gaps

    This step involves the following participants:

    • CIO
    • IT Leaders
    • Business Leaders
    • Head of Enterprise Architecture
    • Enterprise Architects
    • Domain Architects
    • Solution Architects

    Outcomes of this step

    • Prioritized list of gaps

    Info-Tech Insight

    Correlation is not causation – an apparent problem might be a symptom rather than a cause. Assess the organization’s current EA governance to discover the root cause and go beyond the symptoms.

    Phase 1 guided implementation outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Current State of EA Governance

    Proposed Time to Completion: 2 weeks

    Step 1.1: Determine organizational complexity

    Start with an analyst kick-off call:

    • Discuss how to use Info-Tech’s EA Capability – Risk and Complexity Assessment Tool.
    • Discuss how to complete the inputs on the EA Governance Assessment Tool.

    Then complete these activities…

    • Conduct an assessment of your organization to determine its complexity.
    • Assess the state of EA governance within your organization.

    With these tools & templates:

    • EA Capability – Risk and Complexity Assessment Tool
    • EA Governance Assessment Tool

    Step 1.2: Assess current state of EA governance

    Start with an analyst kick-off call:

    • Review the output of the EA governance assessment and gather feedback on your goals for the EA practice.

    Then complete these activities…

    • Discuss whether you are ready to proceed with the project.
    • Review the list of tasks and plan your next steps.

    With these tools & templates:

    • EA Governance Assessment Tool

    Right-size EA governance based on organizational complexity

    Determining organizational complexity is not rocket science. Use Info-Tech’s tool to quantify the complexity and use it, along with common sense, to determine the appropriate level of architecture governance.

    Info-Tech’s methodology uses six factors to determine the complexity of the organization:

    1. The size of the organization, which can often be denoted by the revenue, headcount, number of applications in use, and geographical diversity.
    2. The solution alignment factor helps indicate the degree to which various projects map to the organization’s strategy.
    3. The size and complexity of the IT infrastructure and networks.
    4. The portfolio of applications maintained by the IT organization.
    5. Key changes within the organization such as M&A, regulatory changes, or a change in business or technology leadership.
    6. Other negative influences that can adversely affect the organization.

    Determine your organization’s level of complexity

    1.1 2 hours

    Input

    • Group consensus on the current state of EA competencies.

    Output

    • A list of gaps that need to be addressed for EA governance competencies.

    Materials

    • Info-Tech’s EA assessment tool, a computer, and/or a whiteboard and marker.

    Participants

    • EA team, business line leads, IT department leads.

    The image shows a screenshot of the Table of Contents with the EA Capability section highlighted.

    Step 1 - Facilitate

    Download the EA Capability – Risk and Complexity Assessment Tool to facilitate a session on determining your organization’s complexity.

    Download EA Organizational - Risk and Complexity Assessment Tool

    Step 2 - Summarize

    Summarize the results in the EA governance framework document.

    Update the EA Governance Framework Template

    Understand the components of effective EA governance

    EA governance is multi-faceted and it facilitates effective use of resources to meet organizational strategic objectives through well-defined structural elements.

    EA Governance

    • Fundamentals
    • Engagement Model
    • Policy
    • Governing Bodies
    • Architectural Standards

    Components of architecture governance

    1. EA vision, mission, goals, metrics, and principles that provide a direction for the EA practice.
    2. An engagement model showing where and in what fashion EA is engaged in the IT operating model.
    3. An architecture policy formulated and enforced by the architectural governing bodies to guide and constrain architectural choices in pursuit of strategic goals.
    4. Governing bodies to assess projects for compliance and provide feedback.
    5. Architectural standards that codify the EA work products to ensure consistent development of architecture.

    Next Step: Based on the organization’s complexity, conduct a current state assessment of EA governance using Info-Tech’s EA Governance Assessment Tool.

    Assess the components of EA governance in your organization

    1.2 2 hrs

    Input

    • Group consensus on the current state of EA competencies.

    Output

    • A list of gaps that need to be addressed for EA governance competencies.

    Materials

    • Info-Tech’s EA assessment tool, a computer, and/or a whiteboard and marker.

    Participants

    • EA team, business line leads, IT department leads.

    The image shows a screenshot of the Table of Contents with the EA Governance section highlighted.

    Step 1 - Facilitate

    Download the “EA Governance Assessment Tool” to facilitate a session on identifying the best practices to be applied in your organization.

    Download Info-Tech’s EA Governance Assessment Tool

    Step 2 - Summarize

    Summarize the identified best practices in the EA governance framework document.

    Update the EA Governance Framework Template


    Conduct a current state assessment to identify limitations of the existing EA governance framework

    CASE STUDY

    Industry Insurance

    Source Info-Tech

    Situation

    INSPRO01 was planning a major transformation initiative. The organization determined that EA is a strategic function.

    The CIO had pledged support to the EA group and had given them a mandate to deliver long-term strategic architecture.

    The business leaders did not trust the EA team and believed that lack of business skills in the group put the business transformation at risk.

    Complication

    The EA group had been traditionally seen as a technology organization that helps with software design.

    The EA team lacked understanding of the business and hence there had been no common language between business and technology.

    Result

    Info-Tech helped the EA team create a set of 10 architectural principles that are business-value driven rather than technical statements.

    The team socialized the principles with the business and technology stakeholders and got their approvals.

    By applying the business focused architectural principles, the EA team was able to connect with the business leaders and gain their support.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Key Activities

    • Determine organizational complexity.
    • Conduct an assessment of the EA governance components.
    • Identify and prioritize gaps.

    Outcomes

    • Organizational complexity assessment
    • EA governance capability assessment
    • A prioritized list of capability gaps

    Phase 2

    EA Fundamentals

    Create a Right-Sized Enterprise Architecture Governance Framework

    EA Fundamentals

    1. Current State of EA Governance
    2. EA Fundamentals
    3. Engagement Model
    4. EA Governing Bodies
    5. EA Policy
    6. Architectural Standards
    7. Communication Plan

    This phase will walk you through the following activities:

    • Craft the EA vision and mission
    • Develop the EA principles.
    • Identify the EA goals

    This step involves the following participants:

    • CIO
    • IT Leaders
    • Business Leaders
    • Head of Enterprise Architecture
    • Enterprise Architects
    • Domain Architects
    • Solution Architects

    Outcomes of this step

    • Refined set of EA fundamentals to support the building of EA governance

    Info-Tech Insight

    A house divided against itself cannot stand – ensure that the EA fundamentals are aligned with the organization’s goals and objectives.

    Phase 2 guided implementation outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: EA Fundamentals

    Proposed Time to Completion: 3 weeks

    Step 2.1: Develop the EA fundamentals

    Review findings with analyst:

    • Discuss the importance of the EA fundamentals – vision, mission, goals, measures, and principles.
    • Understand how to align the EA vision, mission, goals, and measures to your organization’s vision, mission, goals, measures, and principles.

    Then complete these activities…

    • Develop the EA vision statements.
    • Craft the EA mission statements.
    • Define EA goals and measures.
    • Adopt EA principles.

    With these tools & templates:

    • EA Vision and Mission Template
    • EA Principles Template
    • EA Goals and Measures Template

    Step 2.2: Review the EA fundamentals

    Review findings with analyst:

    • Review the EA fundamentals in conjunction with the results of the EA governance assessment tool and gather feedback.

    Then complete these activities…

    • Refine the EA vision, mission, goals, measures, and principles.
    • Review the list of tasks and plan your next steps.

    With these tools & templates:

    • EA Vision and Mission Template
    • EA Principles Template
    • EA Goals and Measures Template

    Fundamentals of an EA organization

    Vision, mission, goals and measures, and principles form the foundation of the EA function.

    Factors to consider when developing the vision and mission statements

    The vision and mission statements provide strategic direction to the EA team. These statements should be created based on the business and technology drivers in the organization.

    Business Drivers

    • Business drivers are factors that determine, or cause, an increase in value or major improvement of a business.
    • Examples of business drivers include:
      • Increased revenue
      • Customer retention
      • Salesforce effectiveness
      • Innovation

    Technology Drivers

    • Technology drivers are factors that are vital for the continued success and growth of a business using effective technologies.
    • Examples of technology drivers include:
      • Enterprise integration
      • Information security
      • Portability
      • Interoperability

    "The very essence of leadership is [that] you have a vision. It's got to be a vision you articulate clearly and forcefully on every occasion. You can't blow an uncertain trumpet." – Theodore Hesburgh

    Develop vision, mission, goals, measures, and principles to define the EA capability direction and purpose

    EA capability vision statement

    Articulates the desired future state of EA capability expressed in the present tense.

    • What will be the role of EA capability?
    • How will EA capability be perceived?

    Example: To be recognized by both the business and IT as a trusted partner that drives [Company Name]’s effectiveness, efficiency, and agility.

    EA capability mission statement

    Articulates the fundamental purpose of the EA capability.

    • Why does EA capability exist?
    • What does EA capability do to realize its vision?
    • Who are the key customers of the EA capability?

    Example: Define target enterprise architecture for [Company Name], identify solution opportunities, inform IT investment management, and direct solution development, acquisition, and operation compliance.

    EA capability goals and measures

    EA capability goals define specific desired outcomes of an EA management process execution. EA capability measures define how to validate the achievement of the EA capability goals.

    Example:

    Goal: Improve reuse of IT assets at [Company Name].

    Measures:

    • The number of building blocks available for reuse.
    • Percent of projects that utilized existing building blocks.
    • Estimated efficiency gain (= effort to create a building block * reuse count).

    EA principles

    EA principles are shared, long-lasting beliefs that guide the use of IT in constructing, transforming, and operating the enterprise by informing and restricting target-state enterprise architecture design, solution development, and procurement decisions.

    Example:

    • EA principle name: Reuse.
    • Statement: Maximize reuse of existing assets.
    • Rationale: Reuse prevents duplication of development and support efforts, increasing efficiency, and agility.
    • Implications: Define architecture and solution building blocks and ensure their consistent application.

    EA principles guide decision making

    Policies can be seen as “the letter of the law,” whereas EA principles summarize “the spirit of the law.”

    The image shows a graphic with EA Principles listed at the top, with an arrow pointing down to Decisions on the use of IT. At the bottom are domain-specific policies, with two arrows pointing upwards: the arrow on the left is labelled direct, and the arrow on the right is labelled control. The arrow points up to the label Decisions on the use of IT. On the left, there is an arrow pointing both up and down. At the top it is labelled The spirit of the law, and at the bottom, The letter of the law. On the right, there is another arrow pointing both up and down, labelled How should decisions be made at the top and labelled Who has the accountability and authority to make decisions? at the bottom.

    Define EA capability goals and related measures that resonate with EA capability stakeholders

    EA capability goals, i.e. specific desired outcomes of an EA management process execution. Use COBIT 5, APO03 process goals, and metrics as a starting point.

    The image shows a chart titled Manage Enterprise Architecture.

    Define relevant business value measures to collect indirect evidence of EA’s contribution to business benefits

    Define key operational measures for internal use by IT and EA practitioners. Also, define business value measures that communicate and demonstrate the value of EA as an enabler of business outcomes to senior executives.

    EA performance measures (lead, operational) EA value measures (lag)
    Application of EA management process EA’s contribution to IT performance EA’s contribution to business value

    Enterprise Architecture Management

    • Number of months since the last review of target state EA blueprints.

    IT Investment Portfolio Management

    • Percentage of projects that were identified and proposed by EA.

    Solution Development

    • Number of projects that passed EA reviews.
    • Number of building blocks reused.

    Operations Management

    • Reduction in the number of applications with overlapping functionality.

    Business Value

    • Lower non-discretionary IT spend.
    • Decreased time to production.
    • Higher satisfaction of IT-enabled services.

    Refine the organization’s EA fundamentals

    2.1 2 hrs

    Input

    • Group consensus on the current state of EA competencies.

    Output

    • A list of gaps that need to be addressed for EA governance competencies.

    Materials

    • Info-Tech’s EA assessment tool, a computer, and/or a whiteboard and marker.

    Participants

    • EA team, business line leads, IT department leads.

    The image shows the Table of Contents with four sections highlighted, beginning with EA Vision Statement and ending with EA Goals and Measures.

    Step 1 - Facilitate

    Download the three templates and hold a working session to facilitate a session on creating EA fundamentals.

    Download the EA Vision and Mission Template, the EA Principles Template, and the EA Goals and Measures Template

    Step 2 - Summarize

    Document the final vision, mission, principles, goals, and measures within the EA Governance Framework.

    Update the EA Governance Framework Template


    Ensure that the EA fundamentals are aligned to the organizational needs

    CASE STUDY

    Industry Insurance

    Source Info-Tech

    Situation

    The EA group at INSPRO01 was being pulled in multiple directions with requests ranging from architecture review to solution design to code reviews.

    Project level architecture was being practiced with no clarity on the end goal. This led to EA being viewed as just another IT function without any added benefits.

    Info-Tech recommended that the EA team ensure that the fundamentals (vision, mission, principles, goals, and measures) reflect what the team aspired to achieve before fixing any of the process concerns.

    Complication

    The EA team was mostly comprised of technical people and hence the best practices outlined were not driven by business value.

    The team had no documented vision and mission statements in place. In addition, the existing goals and measures were not tied to the business strategic objectives.

    The team had architectural principles documented, but there were too many and they were very technical in nature.

    Result

    With Info-Tech’s guidance, the team developed a vision and mission statement to succinctly communicate the purpose of the EA function.

    The team also reduced and simplified the EA principles to make sure they were value driven and communicated in business terms.

    Finally, the team proposed goals and measures to track the performance of the EA team.

    With the fundamentals in place, the team was able to show the value of EA and gain organization-wide acceptance.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Key Activities

    • Craft the EA vision and mission.
    • Develop the EA principles.
    • Identify the EA goals.

    Outcomes

    • Refined set of EA fundamentals to support the building of EA governance.

    Phase 3

    Engagement Model

    Create a Right-Sized Enterprise Architecture Governance Framework

    Engagement Model

    1. Current state of EA governance
    2. EA fundamentals
    3. Engagement model
    4. EA governing bodies
    5. EA policy
    6. Architectural standards
    7. Communication Plan

    This step will walk you through the following activities:

    • Build the case for EA engagement
    • Engagement touchpoints within the IT operating model

    This step involves the following participants:

    • CIO
    • IT Leaders
    • Business Leaders
    • Head of Enterprise Architecture
    • Enterprise Architects
    • Domain Architects
    • Solution Architects

    Outcomes of this step

    • Summary of the assessment of the current EA engagement model
    • Target EA engagement model

    Info-Tech Insight

    Perform due diligence prior to decision making. Use the EA Engagement Model to promote conversations between stage gate meetings as opposed to having the conversation during the stage gate meetings.

    Phase 3 guided implementation outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: EA engagement model

    Proposed Time to Completion: 2 weeks

    Step 3.1 Review the current IT operating model

    Start with an analyst kick-off call:

    • Review Info-Tech’s IT operating model.
    • Understand how to document your organization’s IT operating model.
    • Document EA’s current role and responsibility at each stage of the IT operating model.

    Then complete these activities…

    • Document your organization’s IT operating model.

    With these tools & templates:

    • EA Engagement Model Template

    Step 3.2: Determine the target engagement model

    Review findings with analyst:

    • Review your organization’s current state IT operating model.
    • Review your EA’s role and responsibility at each stage of the IT operating model.
    • Document the role and responsibility of EA in the future state.

    Then complete these activities…

    • Document EA’s future role within each stage of your organization’s IT operating model.

    With these tools & templates:

    • EA Engagement Model Template.

    The three pillars of EA Engagement

    Effective EA engagement revolves around three basic principles – generating business benefits, creating adaptable models, and being able to replicate the process across the organization.

    Business Value Driven

    Focus on generating business value from organizational investments.

    Repeatable

    Process should be standardized, transparent, and repeatable so that it can be consistently applied across the organization.

    Flexible

    Accommodate the varying needs of projects of different sizes.

    Where these pillars meet: Advocates long-term strategic vs. short-term tactical solutions.

    EA interaction points within the IT operating model

    EA’s engagement in each stage within the plan, build, and run phases should be clearly defined and communicated.

    Plan Strategy Development Business Planning Conceptualization Portfolio Management
    Build Requirements Solution Design Application Development/ Procurement Quality Assurance
    Run Deploy Operate

    Document the organization’s current IT operating model

    3.1 2-3 hr

    Input

    • IT project lifecycle

    Output

    • Organization’s current IT operating model.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, IT department leads, business leaders.

    Instructions:

    Hold a working session with the participants to document the current IT operating model. Facilitate the activity using the following steps:

    1. Map out the IT operating model.

    1. Find a project that was just deployed within the organization and backtrack every step of the way to the strategy development that resulted in the conception of the project.
    2. Interview the personnel involved with each step of the process to get a sense of whether or not projects usually move to deployment going through these steps.
    3. Review Info-Tech’s best-practice IT operating model presented in the EA Engagement Model Template, and add or remove any steps to the existing organization’s IT operating model as necessary. Document the finalized steps of the IT operating model.

    2. Determine EA’s current role in the operating model.

    1. Interview EA personnel through each step of the process and ask them their role. This is to get a sense of the type of input that EA is having into each step of the process.
    2. Using the EA Engagement Model Template, document the current role of EA in each step of the organization’s IT operation as you complete the interviews.

    Download the EA Engagement Model Template to document the organization’s current IT operating model.

    Define RACI in every stage of the IT operating model (e.g. EA role in strategy development phase of the IT operating model is presented below)

    Strategy Development

    Also known as strategic planning, strategy development is fundamental to creating and running a business. It involves the creation of a longer-term game plan or vision that sets specific goals and objectives for a business.

    R Those in charge of performing the task. These are the people actively involved in the completion of the required work. Business VPs, EA, IT directors R
    A The one ultimately answerable for the correct and thorough completion of the deliverable or task, and the one who delegates the work to those responsible. CEO A
    C Those whose opinions are sought before a decision is made, and with whom there is two-way communication. PMO, Line managers, etc. C
    I Those who are kept up to date on progress, and with whom there is one-way communication. Development managers, etc. I

    Next Step: Similarly define the RACI for each stage of the IT operating model; refer to the activity slide for prompts.

    Best practices on the role of EA within the IT operating model

    Plan

    Strategy Development

    C

    Business Planning

    C

    Conceptualization

    A

    Portfolio Management

    C

    Build

    Requirements

    C

    Solution Design

    R

    Application Development/ Procurement

    R

    Quality Assurance

    I

    Run

    Deploy

    I

    Operate

    I

    Next Step: Define the role of EA in each stage of the IT operating model; refer to the activity slide for prompts.

    Define EA’s target role in each step of the IT operating model

    3.2 2 hrs

    Input

    • Organization’s IT operating model.

    Output

    • Organization’s EA engagement model.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, CIO, business leaders, IT department leaders.

    The image shows the Table of Contents for the EA Engagement Model Template with the EA Engagement Summary section highlighted.

    Step 1 - Facilitate

    Download the EA Engagement Model Template and hold a working session to define EA’s target role in each step of the IT operating model.

    Download the EA Engagement Model Template

    Step 2 - Summarize

    Document the target state role of EA within the EA Governance Framework document.

    Update the EA Governance Framework Template


    Design an EA engagement model to formalize EA’s role within the IT operating model

    CASE STUDY

    Industry Insurance

    Source Info-Tech

    Situation

    INSPRO01 had a high IT cost structure with looming technology debt due to a preference for short-term tactical gains over long-term solutions.

    The business satisfaction with IT was at an all-time low due to expensive solutions that did not meet business needs.

    INSPRO01’s technology landscape was in disarray with many overlapping systems and interoperability issues.

    Complication

    No single team within the organization had an end-to-end perspective all the way from strategy to project execution. A lot of information was being lost in handoffs between different teams.

    This led to inconsistent design/solution patterns being applied. Investment decisions had not been grounded in reality and this often led to cost overruns.

    Result

    Info-Tech helped INSPRO01 identify opportunities for EA team engagement at different stages of the IT operating model. EA’s role within each stage was clearly defined and documented.

    With Info-Tech’s help, the EA team successfully made the case for engagement upfront during strategy development rather than during project execution.

    The increased transparency enabled the EA team to ensure that investments were aligned to organizational strategic goals and objectives.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Key Activities

    • Build the case for EA engagement.
    • Identify engagement touchpoints within the IT operating model.

    Outcomes

    • Summary of the assessment of the current EA engagement model
    • Target EA engagement model

    Phase 4

    EA Governing Bodies

    Create a Right-Sized Enterprise Architecture Governance Framework

    EA Governing Bodies

    1. Current state of EA governance
    2. EA fundamentals
    3. Engagement model
    4. EA governing bodies
    5. EA policy
    6. Architectural standards
    7. Communication Plan

    This phase will walk you through the following activities:

    • Identify the number of governing bodies
    • Define the game plan to initialize the governing bodies
    • Define the architecture review process

    This step involves the following participants:

    • CIO
    • IT Leaders
    • Business Leaders
    • Head of Enterprise Architecture
    • Enterprise Architects
    • Domain Architects
    • Solution Architects

    Outcomes of this step

    • Charter definition for each EA governance board

    Info-Tech Insight

    Use architecture governance like a scalpel rather than a hatchet. Implement governing bodies to provide guidance rather than act as a police force.

    Phase 4 guided implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 4: Create or identify EA governing bodies

    Proposed Time to Completion: 2 weeks

    Step 4.1: Identify architecture boards and develop charters

    Start with an analyst kick-off call:

    • Understand the factors influencing the number of governing bodies required for an organization.
    • Understand the components of a governing body charter.

    Then complete these activities…

    • Identify how many governing bodies are needed.
    • Define EA governing body composition, meeting frequency, and domain of coverage.
    • Define the inputs and outputs of each EA governing body.
    • Identify mandatory inclusion criteria.

    With these tools & templates:

    • Architecture Board Charter Template

    Step 4.2: Develop an architecture review process

    Follow-up with an analyst call:

    • Review the number of boards identified for your organization and gather feedback.
    • Review the charters developed for each governing body and gather feedback.
    • Understand the various factors that impact the architecture review process.
    • Review Info-Tech’s best-practice architecture review process.

    Then complete these activities…

    • Refine the charters for governing bodies.
    • Develop the architecture review process for your organization.

    With these tools & templates:

    • Architecture Review Process Template

    Factors that determine the number of architectural boards required

    The primary purpose of architecture boards is to ensure that business benefits are maximized and solution design is within the options set forth by the architectural reference models without introducing additional layers of bureaucracy.

    The optimal number of architecture boards required in an organization is a function of the following factors:

    • EA organization model
      • Distributed
      • Federated
      • Centralized
    • Architecture domains Maturity of architecture domains
    • Project throughput

    Commonly observed architecture boards:

    • Architecture Review Board
    • Technical Architecture Committee
    • Data Architecture Review Board
    • Infrastructure Architecture Review Board
    • Security Architecture Review Board

    Info-Tech Insight

    Before building out a new governance board, start small by repurposing existing forums by adding architecture as an agenda item. As the items for review increase consider introducing dedicated governing bodies.

    EA organization model drives the architecture governance structure

    EA teams can be organized in three ways – distributed, federated, and centralized. Each model has its own strengths and weaknesses. EA governance must be structured in a way such that the strengths are harvested and the weaknesses are mitigated.

    Distributed Federated Centralized
    EA org. structure
    • No overarching EA team exists and segment architects report to line of business (LOB) executives.
    • A centralized EA team exists with segment architects reporting to LOB executives and dotted-line to head of (centralized) EA.
    • A centralized EA capability exists with enterprise architects reporting to the head of EA.
    Implications
    • Produces a fragmented and disjointed collection of architectures.
    • Economies of scale are not realized.
    • High cross-silo integration effort.
    • LOB-specific approach to EA.
    • Requires dual reporting relationships.
    • Additional effort is required to coordinate centralized EA policies and blueprints with segment EA policies and blueprints.
    • Accountabilities may be unclear.
    • Can be less responsive to individual LOB needs, because the centralized EA capability must analyze needs of multiple LOBs and various trade-off options to avoid specialized, one-off solutions.
    • May impede innovation.
    Architectural boards
    • Cross LOB working groups to create architecture standards, patterns, and common services.
    • Local boards to support responsiveness to LOB-specific needs.
    • Cross LOB working groups to create architecture standards, patterns and common services.
    • Cross-enterprise boards to ensure adherence to enterprise standards and reduce integration costs.
    • Local boards to support responsiveness to LOB specific needs.
    • Enterprise working groups to create architecture standards, patterns, and all services.
    • Central board to ensure adherence to enterprise standards.

    Architecture domains influences the number of architecture boards required

    • An architecture review board (ARB) provides direction for domain-specific boards and acts as an escalation point. The ARB must have the right mix of both business and technology stakeholders.
    • Domain-specific boards provide a platform to have focused discussions on items specific to that domain.
    • Based on project throughput and the maturity of each domain, organizations would have to pick the optimal number of boards.
    • Architecture working groups provide a platform for cross-domain conversations to establish organization wide standards.
    Level 1 Architecture Review Board IT and Business Leaders
    Level 2 Business Architecture Board Data Architecture Board Application Architecture Board Infrastructure Architecture Board Security Architecture Board IT and Business Managers
    Level 3 Architecture Working Groups Architects

    Create a game plan for the architecture boards

    • Start with a single board for each level – an architecture review board (ARB), a technical architecture committee (TAC), and architecture working groups.
    • As the organization matures and the number of requests to the TAC increase, consider creating domain-specific boards – such as business architecture, data architecture, application architecture, etc. – to handle architecture decisions pertaining to that domain.

    Start with this:

    Level 1 Architecture Review Board
    Level 2 Technical Architecture Committee
    Level 3 Architecture Working Groups

    Change to this:

    Architecture Review Board IT and Business Leaders
    Business Architecture Board Data Architecture Board Application Architecture Board Infrastructure Architecture Board Security Architecture Board IT and Business Managers
    Architecture Working Groups Architects

    Architecture boards have different objectives and activities

    The boards at each level should be set up with the correct agenda – ensure that the boards’ composition and activities reflect their objective. Use the entry criteria to communicate the agenda for their meetings.

    Architecture Review Board Technical Architecture Committee
    Objective
    • Evaluates business strategy, needs, and priorities, sets direction and acts as a decision making authority of the EA capability.
    • Directs the development of target state architecture.
    • Monitors performance and compliance of the architectural standards.
    • Monitor project solution architecture compliance to standards, regulations, EA principles, and target state EA blueprints.
    • Review EA compliance waiver requests, make recommendations, and escalate to the architecture review board (ARB).
    Composition
    • Business Leadership
    • IT Leadership
    • Head of Enterprise Architecture
    • Business Managers
    • IT Managers
    • Architects
    Activities
    • Review compliance of conceptual solution to standards.
    • Discuss the enterprise implications of the proposed solution.
    • Select and approve vendors.
    • Review detailed solution design.
    • Discuss the risks of the proposed solution.
    • Discuss the cost of the proposed solution.
    • Review and recommend vendors.
    Entry Criteria
    • Changes to IT Enterprise Technology Policy.
    • Changes to the technology management plan.
    • Approve changes to enterprise technology inventory/portfolio.
    • Ongoing operational cost impacts.
    • Detailed estimates for the solution are ready for review.
    • There are significant changes to protocols or technologies responsible for solution.
    • When the project is deviating from baselined architectures.

    Identify the number of governing bodies

    4.1 2 hrs

    Input

    • EA Vision and Mission
    • EA Engagement Model

    Output

    • A list of EA governing bodies.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, CIO, business line leads, IT department leads.

    Instructions:

    Hold a working session with the participants to identify the number of governing bodies. Facilitate the activity using the following steps:

    1. Examine the EA organization models mentioned previously. Assess how your organization is structured, and identify whether your organization has a federated, distributed or centralized EA organization model.
    2. Reference the “Game plan for the architecture boards” slide. Assess the architecture domains, and define how many there are in the organization.
    3. Architecture domains:
      1. If no defined architecture domains exist, model the number of governing bodies in the organization based on the “Start with this” scenario in the “Game plan for the architecture boards” slide.
      2. If defined architecture domains do exist, model the number of governing bodies based on the “Change to this” scenario in the “Game plan for the architecture boards” slide.
    4. Name each governing body you have defined in the previous step. Download Info-Tech’s Architecture Board Charter Template for each domain you have named. Input the names into the title of each downloaded template.

    Download the Architecture Board Charter Template to document this activity.

    Defining the governing body charter

    The charter represents the agreement between the governing body and its stakeholders about the value proposition and obligations to the organization.

    1. Purpose: The reason for the existence of the governing body and its goals and objectives.
    2. Composition: The members who make up the committee and their roles and responsibilities in it.
    3. Frequency of meetings: The frequency at which the committee gathers to discuss items and make decisions.
    4. Entry/Exit Criteria: The criteria by which the committee selects items for review and items for which decisions can be taken.
    5. Inputs: Materials that are provided as inputs for review and decision making by the committee.
    6. Outputs: Materials that are provided by the committee after an item has been reviewed and the decision made.
    7. Activities: Actions undertaken by the committee to arrive at its decision.

    Define EA’s target role in each step of the IT operating model

    4.2 3 hrs

    Input

    • A list of all identified EA governing bodies.

    Output

    • Charters for each EA governing bodies.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, business line leads, IT department leads.

    The image shows the Table of Contents for the EA Governance Framework document, with the Architecture Board Charters highlighted.

    Step 1 Facilitate

    Hold a working session with the stakeholders to define the charter for each of the identified architecture boards.

    Download Architecture Board Charter Template

    Step 2 Summarize

    • Summarize the objectives of each board and reference the charter document within the EA Governance Framework.
    • Upload the final charter document to the team’s common repository.

    Update the EA Governance Framework document


    Considerations when creating an architecture review process

    • Ensure that architecture review happens at major milestones within the organization’s IT Operating Model such as the plan, build, and run phases.
    • In order to provide continuous engagement, make the EA group accountable for solution architecture in the plan phase. In the build phase, the EA group will be consulted while the solution architect will be responsible for the project solution architecture.

    Plan

    • Strategy Development
    • Business Planning
    • A - Conceptualization
    • Portfolio Management

    Build

    • Requirements
    • R - Solution Design
    • Application Development/ Procurement
    • Quality Assurance

    Run

    • Deploy
    • Operate

    Best-practice project architecture review process

    The best-practice model presented facilitates the creation of sound solution architecture through continuous engagement with the EA team and well-defined governance checkpoints.

    The image shows a graphic of the best-practice model. At the left, four categories are listed: Committees; EA; Project Team; LOB. At the top, three categories are listed: Plan; Build; Run. Within the area between these categories is a flow chart demonstrating the best-practice model and specific checkpoints throughout.

    Develop the architecture review process

    4.3 2 hours

    Input

    • A list of all EA governing bodies.
    • Info-Tech’s best practice architecture review process.

    Output

    • The new architecture review process.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, business line leads, IT department leads.

    Hold a working session with the participants to develop the architecture review process. Facilitate the activity using the following steps:

    1. Reference Info-Tech’s best-practice architecture review process embedded within the “Architecture Review Process Template” to gain an understanding of an ideal architecture review process.
    2. Identify the stages within the plan, build, and run phases where solution architecture reviews should occur, and identify the governing bodies involved in these reviews.
    3. As you go through these stages, record your findings in the Architecture Review Process Template.
    4. Connect the various activities leading to and from the architecture creation points to outline the review process.

    Download the Architecture Review Process Template for additional guidance regarding developing an architecture review process.

    Develop the architecture review process

    4.3 2 hrs

    Input

    • A list of all identified EA governing bodies.

    Output

    • Charters for each EA governing bodies.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, business line leads, IT department leads.

    The image shows a screenshot of the Table of Contents, with the Architecture Review Process highlighted.

    Step 1 - Facilitate

    Download Architecture Review Process Template and facilitate a session to customize the best-practice model presented in the template.

    Download the Architecture Review Process Template

    Step 2 - Summarize

    Summarize the process changes and document the process flow in the EA Governance Framework document.

    Update the EA Governance Framework Template

    Right-size EA governing bodies to reduce the perception of red tape

    Case Study

    Industry Insurance

    Source Info-Tech

    Situation

    At INSPRO01, architecture governance boards were a bottleneck. The boards fielded all project requests, ranging from simple screen label changes to complex initiatives spanning multiple applications.

    These boards were designed as forums for technology discussions without any business stakeholder involvement.

    Complication

    INSPRO01’s management never gave buy-in to the architecture governance boards since their value was uncertain.

    Additionally, architectural reviews were perceived as an item to be checked off rather than a forum for getting feedback.

    Architectural exceptions were not being followed through due to the lack of a dispensation process.

    Result

    Info-Tech has helped the team define adaptable inclusion/exclusion criteria (based on project complexity) for each of the architectural governing boards.

    The EA team was able to make the case for business participation in the architecture forums to better align business and technology investment.

    An architecture dispensation process was created and operationalized. As a result architecture reviews became more transparent with well-defined next steps.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Key Activities

    • Identify the number of governing bodies.
    • Define the game plan to initialize the governing bodies.
    • Define the architecture review process.

    Outcomes

    • Charter definition for each EA governance board

    Phase 5

    EA Policy

    Create a Right-Sized Enterprise Architecture Governance Framework

    EA Policy

    1. Current state of EA governance
    2. EA fundamentals
    3. Engagement model
    4. EA governing bodies
    5. EA policy
    6. Architectural standards
    7. Communication Plan

    This phase will walk you through the following activities:

    • Define the EA policy scope
    • Identify the target audience
    • Determine the inclusion and exclusion criteria
    • Create an assessment checklist

    This step involves the following participants:

    • CIO
    • IT Leaders
    • Business Leaders
    • Head of Enterprise Architecture
    • Enterprise Architects
    • Domain Architects
    • Solution Architects

    Outcomes of this step

    • The completed EA policy
    • Project assessment checklist
    • Defined assessment outcomes
    • Completed compliance waiver process

    Info-Tech Insight

    Use the EA policy to promote EA’s commitment to deliver value to business stakeholders through process transparency, stakeholder engagement, and compliance.

    Phase 5 guided implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 5: EA Policy

    Proposed Time to Completion: 3 weeks

    Step 5.1–5.3: EA Policy, Assessment Checklists, and Decision Types

    Start with an analyst kick-off call:

    • Discuss the three pillars of EA policy and its purpose.
    • Review the components of an effective EA policy.
    • Understand how to develop architecture assessment checklists.
    • Understand the assessment decision types.

    Then complete these activities…

    • Define purpose, scope, and audience of the EA policy.
    • Create a project assessment checklist.
    • Define the organization’s assessment decision type.

    With these tools & templates:

    • EA Policy Template
    • EA Assessment Checklist Template

    Step 5.4: Compliance Waivers

    Review findings with analyst:

    • Review your draft EA policy and gather feedback.
    • Review your project assessment checklists and the assessment decision types.
    • Discuss the best-practice architecture compliance waiver process and how to tailor it to your organizational needs.

    Then complete these activities…

    • Refine the EA policy based on feedback gathered.
    • Create the compliance waiver process.

    With these tools & templates:

    • EA Compliance Waiver Process Template
    • EA Compliance Waiver Form Template

    Three pillars of architecture policy

    Architecture policy is a set of guidelines, formulated and enforced by the governing bodies of an organization, to guide and constrain architectural choices in pursuit of strategic goals.

    Architecture compliance – promotes compliance to organizational standards through well-defined assessment checklists across architectural domains.

    Business value – ensures that investments are tied to business value by enforcing traceability to business capabilities.

    Architectural guidance – provides guidance to architecture practitioners on the application of the business and technology standards.

    Components of EA policy

    An enterprise architecture policy is an actionable document that can be applied to projects of varying complexity across the organization.

    1. Purpose and Scope: This EA policy document clearly defines the scope and the objectives of architecture reviews within an organization.
    2. Target Audience: The intended audience of the policy such as employees and partners.
    3. Architecture Assessment Checklist: A wide range of typical questions that may be used in conducting Architecture Compliance reviews, relating to various aspects of the architecture.
    4. Assessment Outcomes: The outcome of the architecture review process that determines the conformance of a project solution to the enterprise architecture standards.
    5. Compliance Waiver: Used when a solution or segment architecture is perceived to be non-compliant with the enterprise architecture.

    Draft the purpose and scope of the EA policy

    5.1 2.5 hrs

    Input

    • A consensus on the purpose, scope, and audience for the EA policy.

    Output

    • Documented version of the purpose, scope, and audience for the EA policy.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, CIO, business line leads, IT department leads.

    The image shows a screenshot of the Table of Contents with the EA Policy section highlighted.

    Step 1 - Facilitate

    Download the EA Policy Template and hold a working session to draft the EA policy.

    Download the EA Policy Template

    Step 2 - Summarize

    • Summarize purpose, scope, and intended audience of the policy in the EA Governance Framework document.
    • Update the EA policy document with the purpose, scope and intended audience.

    Update the EA Governance Framework Template

    Architecture assessment checklist

    Architecture assessment checklist is a list of future-looking criteria that a project will be assessed against. It provides a set of standards against which projects can be assessed in order to render a decision on whether or not the project can be greenlighted.

    Architecture checklists should be created for each EA domain since each domain provides guidance on specific aspects of the project.

    Sample Checklist Questions

    Business Architecture:

    • Is the project aligned to organizational strategic goals and objectives?
    • What are the business capabilities that the project supports? Is it creating new capabilities or supporting an existing one?

    Data Architecture:

    • What processes are in place to support data referential integrity and/or normalization?
    • What is the physical data model definition (derived from logical data models) used to design the database?

    Application Architecture:

    • Can this application be placed on an application server independent of all other applications? If not, explain the dependencies.
    • Can additional parallel application servers be easily added? If so, what is the load balancing mechanism?

    Infrastructure Architecture:

    • Does the solution provide high-availability and fault-tolerance that can recover from events within a datacenter?

    Security Architecture:

    • Have you ensured that the corporate security policies and guidelines to which you are designing are the latest versions?

    Create architectural assessment checklists

    5.2 2 hrs

    Input

    • Reference architecture models.

    Output

    • Architecture assessment checklist.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, business line leads, IT department leads.

    The image shows a screenshot of the Table of Contents with the EA Assessment Checklist section highlighted.

    Step 1 - Facilitate

    Download the EA Assessment Checklist Template and hold a working session to create the architectural assessment checklists.

    Download the EA Assessment Checklist Template

    Step 2 - Summarize

    • Summarize the major points of the checklists in the EA Governance Framework document.
    • Update the EA policy document with the detailed architecture assessment checklists.

    Update the EA Governance Framework Template

    Architecture assessment decision types

    • As a part of the proposed solution review, the governing bodies produce a decision indicating the compliance of the solution architecture with the enterprise standards.
    • Go, No Go, or Conditional are a sample set of decision outcomes available to the governing bodies.
    • On a conditional approval, the project team must file for a compliance waiver.

    Approved

    • The solution demonstrates substantial compliance with standards.
    • Negligible risk to the organization or minimal risks with sound plans of how to mitigate them.
    • Architectural approval to proceed with delivery type of work.

    Conditional Approval

    • The significant aspects of the solution have been addressed in a satisfactory manner.
    • Yet, there are some aspects of the solution that are not compliant with standards.
    • The architectural approval is conditional upon presenting the missing evidence within a minimal period of time determined.
    • The risk level may be acceptable to the organization from an overall IT governance perspective.

    Not Approved

    • The solution is not compliant with the standards.
    • Scheduled for a follow-up review.
    • Not recommended to proceed until the solution is more compliant with the standards.

    Best-practice architecture compliance waiver process

    Waivers are not permanent. Waiver terms must be documented for each waiver specifying:

    • Time period after which the architecture in question will be compliant with the enterprise architecture.
    • The modifications necessary to the enterprise architecture to accommodate the solution.

    The image shows a flow chart, split into 4 sections: Enterprise Architect; Solution Architect; TAC; ARB. To the right of these section labels, there is a flow chart that documents the waiver process.

    Create compliance waiver process

    5.4 3-4 hrs

    Input

    • A consensus on the compliance waiver process.

    Output

    • Documented compliance waiver process and form.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, business line leads, IT department leads.

    The image shows the Table of Contents with the Compliance Waiver Form section highlighted.

    Step 1 - Facilitate

    Download the EA compliance waiver template and hold a working session to customize the best-practice process to your organization’s needs.

    Download the EA Compliance Waiver Process Template

    Step 2 - Summarize

    • Summarize the objectives and high-level process in the EA Governance Framework document.
    • Update the EA policy document with the compliance waiver process.
    • Upload the final policy document to the team’s common repository.

    Update the EA Governance Framework Template

    Creates an enterprise architecture policy to drive adoption

    Case Study

    Industry Insurance

    Source Info-Tech

    Situation

    EA program adoption across INSPRO01 was at its lowest point due to a lack of transparency into the activities performed by the EA group.

    Often, projects ignored EA entirely as it was viewed as a nebulous and non-value-added activity that produced no measurable results.

    Complication

    There was very little documented information about the architecture assessment process and the standards against which project solution architectures were evaluated.

    Additionally, there were no well-defined outcomes for the assessment.

    Project groups were left speculating about the next steps and with little guidance on what to do after completing an assessment.

    Result

    Info-Tech helped the EA team create an EA policy containing architecture significance criteria, assessment checklists, and reference to the architecture review process.

    Additionally, the team also identified guidelines and detailed next steps for projects based on the outcome of the architecture assessment.

    These actions brought clarity to EA processes and fostered better engagement with the EA group.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Key Activities

    • Define the scope.
    • Identify the target audience.
    • Determine the inclusion and exclusion criteria.
    • Create an assessment checklist.

    Outcomes

    • The completed EA policy
    • Project assessment checklist
    • Defined assessment outcomes
    • Completed compliance waiver process

    Phase 6

    Architectural Standards

    Create a Right-Sized Enterprise Architecture Governance Framework

    Architectural Standards

    1. Current state of EA governance
    2. EA fundamentals
    3. Engagement model
    4. EA governing bodies
    5. EA policy
    6. Architectural standards
    7. Communication Plan

    This phase will walk you through the following activities:

    • Identify and standardize EA work products
    • Classify the architectural standards
    • Identify the custodian of standards
    • Update the standards

    This step involves the following participants:

    • Head of Enterprise Architecture
    • Enterprise Architects
    • Domain Architects
    • Solution Architects

    Outcomes of this step

    • A standardized set of EA work products
    • A way to categorize and store EA work products
    • A defined method of updating standards

    Info-Tech Insight

    The architecture standard is the currency that facilitates information exchange between stakeholders. The primary purpose is to minimize transaction costs by providing a balance between stability and relevancy.

    Phase 6 guided implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 6: Architectural standards

    Proposed Time to Completion: 4 weeks

    Step 6.1: Understand Architectural Standards

    Start with an analyst kick-off call:

    • Discuss architectural standards.
    • Know how to identify and define EA work products.
    • Understand the standard content of work products.

    Then complete these activities…

    • Identify and standardize EA work products.

    Step 6.2–6.3: EA Repository and Updating the Standards

    Review with analyst:

    • Review the standardized EA work products.
    • Discuss the principles of EA repository.
    • Discuss the Info-Tech best-practice model for updating architecture standards and how to tailor them to your organizational context.

    Then complete these activities…

    • Build a folder structure for storing EA work products.
    • Use the Info-Tech best-practice architecture standards update process to develop your organization’s process for updating architecture standards.

    With these tools & templates:

    • Architecture Standards Update Process Template

    Recommended list of EA work products to standardize

    • EA work products listed below are typically produced as a part of the architecture lifecycle.
    • To ensure consistent development of architecture, the work products need to be standardized.
    • Consider standardizing both the naming conventions and the content of the work products.
    1. EA vision: A document containing the vision that provides the high-level aspiration of the capabilities and business value that EA will deliver.
    2. Statement of EA Work: The Statement of Architecture Work defines the scope and approach that will be used to complete an architecture project.
    3. Reference architectures: A reference architecture is a set of best-practice taxonomy that describes components and the conceptual structure of the model, as well as graphics, which provide a visual representation of the taxonomy to aid understanding. Reference architectures are created for each of the architecture domains.
    4. Solution proposal: The proposed project solution based on the EA guidelines and standards.
    5. Compliance assessment request: The document that contains the project solution architecture assessment details.
    6. Architecture change request: The request that initiates a change to architecture standards when existing standards can no longer meet the needs of the enterprise.
    7. Transition architecture: A transition architecture shows the enterprise at incremental states that reflect periods of transition that sit between the baseline and target architectures.
    8. Architectural roadmap: A roadmap that lists individual increments of change and lays them out on a timeline to show progression from the baseline architecture to the target architecture.
    9. EA compliance waiver request: A compliance waiver request that must be made when a solution or segment architecture is perceived to be non-compliant with the enterprise architecture.

    Standardize the content of each work product

    1. Purpose - The reason for the existence of the work product.
    2. Owner - The owner of this EA work product.
    3. Target Audience - The intended audience of the work product such as employees and partners.
    4. Naming Pattern - The pattern for the name of the work product as well as its file name.
    5. Table of Contents - The various sections of the work product.
    6. Review & Sign-Off Authority - The stakeholders who will review the work product and approve it.
    7. Repository Folder Location - The location where the work product will be stored.

    Identify and standardize work products

    6.1 3 hrs

    Input

    • List of various documents being produced by projects currently.

    Output

    • Standardized list of work products.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • A computer, and/or a whiteboard and marker.

    Instructions:

    Hold a working session with the participants to identify and standardize work products. Facilitate the activity using the steps below.

    1. Identifying EA work products:
      1. Start by reviewing the list of all architecture-related documents presently produced in the organization. Any such deliverable with the following characteristics can be standardized:
        1. If it can be broken out and made into a standalone document.
        2. If it can be made into a fill-in form completed by others.
        3. If it is repetitive and requires iterative changes.
      2. Create a list of work products that your organization would like to standardize based on the characteristics above.
    2. The content and format of standardized EA work products:
      1. For each work product your organization wishes to standardize, look at its purpose and brainstorm the content needed to fulfill that purpose.
      2. After identifying the elements that need to be included in the work product to fulfill its purpose, order them logically for presentation purposes.
      3. In each section of the work product that need to be completed, include instructions on how to complete the section.
      4. Review the seven elements presented in the previous slide and include them in the work products.

    EA repository - information taxonomy

    As the EA function begins to grow and accumulates EA work products, having a well-designed folder structure helps you find the necessary information efficiently.

    Architecture meta-model

    Describes the organizationally tailored architecture framework.

    Architecture capability

    Defines the parameters, structures, and processes that support the enterprise architecture group.

    Architecture landscape

    An architectural presentation of assets in use by the enterprise at particular points in time.

    Standards information base

    Captures the standards with which new architectures and deployed services must comply.

    Reference library

    Provides guidelines, templates, patterns, and other forms of reference material to accelerate the creation of new architectures for the enterprise.

    Governance log

    Provides a record of governance activity across the enterprise.

    Create repository folder structure

    6.2 5-6 hrs

    Input

    • List of standardized work products.

    Output

    • EA work products mapped to a repository folder.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, IT department leads.

    Instructions:

    Hold a working session with the participants to create a repository structure. Facilitate the activity using the steps below:

    1. Start with the taxonomy on the previous slide, and sort the existing work products into these six categories.
    2. Assess that the work products are sorted in a mutually exclusive and collectively exhaustive fashion. This means that a certain work product that appears in one category should not appear in another category. As well, make sure these six categories capture all the existing work products.
    3. Based on the categorization of the work products, build a folder structure that follows these categories, which will allow for the work products to be accessed quickly and easily.

    Create a process to update EA work products

    • Architectural standards are not set in stone and should be reviewed and updated periodically.
    • The Architecture Review Board is the custodian for standards.
    • Any change to the standards need to be assessed thoroughly and must be communicated to all the impacted stakeholders.

    Architectural standards update process

    Identify

    • Identify changes to the standards

    Assess

    • Review and assess the impacts of the change

    Document

    • Document the change and update the standard

    Approve

    • Distribute the updated standards to key stakeholders for approval

    Communicate

    • Communicate the approved changes to impacted stakeholders

    Create a process to continually update standards

    6.3 1.5 hrs

    Input

    • The list of work products and its owners.

    Output

    • A documented work product update process.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, business line leads, IT department leads.

    The image shows the screenshot of the Table of Contents with the Standards Update Process highlighted.

    Step 1 - Facilitate

    Download the standards update process template and hold a working session to customize the best practice process to your organization’s needs.

    Download the Architecture Standards Update Process Template

    Step 2 - Summarize

    Summarize the objectives and the process flow in the EA governance framework document.

    Update the EA Governance Framework Template

    Create architectural standards to minimize transaction costs

    Case Study

    Industry Insurance

    Source Info-Tech

    Situation

    INSPRO01 didn’t maintain any centralized standards and each project had its own solution/design work products based on the preference of the architect on the project. This led to multiple standards across the organization.

    Lack of consistency in architectural deliverables made the information hand-offs expensive.

    Complication

    INSPRO01 didn’t maintain the architectural documents in a central repository and the information was scattered across multiple project folders.

    This caused key stakeholders to make decisions based on incomplete information and resulted in constant revisions as new information became available.

    Result

    Info-Tech recommended that the EA team identify and standardize the various EA work products so that information was collected in a consistent manner across the organization.

    The team also recommended an information taxonomy to store the architectural deliverables and other collateral.

    This resulted in increased consistency and standardization leading to efficiency gains.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Key Activities

    • Identify and standardize EA work products.
    • Classify the architectural standards.
    • Identify the custodian of standards.
    • Update the standards.

    Outcomes

    • A standardized set of EA work products
    • A way to categorize and store EA work products
    • A defined method of updating standards

    Phase 7

    Communication Plan

    Create a Right-Sized Enterprise Architecture Governance Framework

    Communication Plan

    1. Current state of EA governance
    2. EA fundamentals
    3. Engagement model
    4. EA governing bodies
    5. EA policy
    6. Architectural standards
    7. Communication Plan

    This phase will walk you through the following activities:

    • List the changes identified in the EA governance initiative
    • Identify stakeholders
    • Create a communication plan

    This step involves the following participants:

    • Head of Enterprise Architecture
    • Enterprise Architects
    • Domain Architects
    • Solution Architects

    Outcomes of this step

    • Communication Plan
    • EA Governance Framework

    Info-Tech Insight

    By failing to prepare, you are preparing to fail – maximize the likelihood of success for EA governance by engaging the relevant stakeholders and communicating the changes.

    Phase 7 guided implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 6: Operationalize the EA governance framework

    Proposed Time to Completion: 1 week

    Step 7.1: Create a Communication Plan

    Start with an analyst kick-off call:

    • Discuss how to communicate changes to stakeholders.
    • Discuss the purposes and benefits of the EA governance framework.

    Then complete these activities…

    • Identify the stakeholders affected by the EA governance transformations.
    • List the benefits of the proposed EA governance initiative.
    • Create a plan to communicate the changes to impacted stakeholders.

    With these tools & templates:

    • EA Governance Communication Plan Template
    • EA Governance Framework Template

    Step 7.2: Review the Communication Plan

    Start with an analyst kick-off call:

    • Review the communication plan and gather feedback on the proposed stakeholders.
    • Confer about the various methods of communicating change in an organization.
    • Discuss the uses of the EA Governance Framework.

    Then complete these activities…

    • Refine your communication plan and use it to engage with stakeholders to better serve customers.
    • Create the EA Governance Framework to accompany the communication plan in engaging stakeholders to better understand the value of EA.

    With these tools & templates:

    • EA Governance Communication Plan Template
    • EA Governance Framework Template

    Communicate changes to stakeholders

    The changes made to the EA governance components need to be reviewed, approved, and communicated to all of the impacted stakeholders.

    Deliverables to be reviewed:

    • Fundamentals
      • Vision and Mission
      • Goals and Measures
      • Principles
    • Architecture review process
    • Assessment checklists
    • Policy Governing body charters
    • Architectural standards

    Deliverable Review Process:

    Step 1: Hold a meeting with stakeholders to review, refine, and agree on the changes.

    Step 2: Obtain an official approval from the stakeholders.

    Step 3: Communicate the changes to the impacted stakeholders.

    Communicate the changes by creating an EA governance framework and communication plan

    7.1 3 hrs

    Input

    • EA governance deliverables.

    Output

    • EA Governance Framework
    • Communication Plan.

    Materials

    • A computer, and/or a whiteboard and marker.

    Participants

    • EA team, CIO, business line leads, IT department leads.

    Instructions:

    Hold a working session with the participants to create the EA governance framework as well as the communication plan. Facilitate the activity using the steps below:

    1. EA Governance Framework:
      1. The EA Governance Framework is a document that will help reference and cite all the materials created from this blueprint. Follow the instructions on the framework to complete.
    2. Communication Plan:
      1. Identify the stakeholders based on the EA governance deliverables.
      2. For each stakeholder identified, complete the “Communication Matrix” section in the EA Governance Communication Plan Template. Fill out the section based on the instructions in the template.
      3. As the stakeholders are identified based on the “Communication Matrix,” use the EA Governance Framework document to communicate the changes.

    Download the EA Governance Communication Plan Template and EA Governance Framework Template for additional instructions and to document your activities in this phase.

    Maximize the likelihood of success by communicating changes

    Case Study

    Industry Insurance

    Source Info-Tech

    Situation

    The EA group followed Info-Tech’s methodology to assess the current state and has identified areas for improvement.

    Best practices were adopted to fill the gaps identified.

    The team planned to communicate the changes to the technology leadership team and get approvals.

    As the EA team tried to roll out changes, they encountered resistance from various IT teams.

    Complication

    The team was not sure of how to communicate the changes to the business stakeholders.

    Result

    Info-Tech has helped the team conduct a thorough stakeholder analysis to identify all the stakeholders who would be impacted by the changes to the architecture governance framework.

    A comprehensive communication plan was developed that leveraged traditional email blasts, town hall meetings, and non-traditional methods such as team blogs.

    The team executed the communication plan and was able to manage the change effectively.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Key Activities

    • List the changes identified in the EA governance initiative.
    • Identify stakeholders.
    • Create a communication plan.
    • Compile the materials created in the blueprint to better communicate the value of EA governance.

    Outcomes

    • Communication plan
    • EA governance framework

    Bibliography

    Government of British Columbia. “Architecture and Standards Review Board.” Government of British Columbia. 2015. Web. Jan 2016. < http://www.cio.gov.bc.ca/cio/standards/asrb.page >

    Hopkins, Brian. “The Essential EA Toolkit Part 3 – An Architecture Governance Process.” Cio.com. Oct 2010. Web. April 2016. < http://www.cio.com/article/2372450/enterprise-architecture/the-essential-ea-toolkit-part-3---an-architecture-governance-process.html >

    Kantor, Bill. “How to Design a Successful RACI Project Plan.” CIO.com. May 2012. Web. Jan 2016. < http://www.cio.com/article/2395825/project-management/how-to-design-a-successful-raci-project-plan.html >

    Sapient. “MIT Enterprise Architecture Guide.” Sapient. Sep 2004. Web. Jan 2016. < http://web.mit.edu/itag/eag/FullEnterpriseArchitectureGuide0.1.pdf >

    TOGAF. “Chapter 41: Architecture Repository.” The Open Group. 2011. Web. Jan 2016. < http://pubs.opengroup.org/architecture/togaf9-doc/arch/chap41.html >

    TOGAF. “Chapter 48: Architecture Compliance.” The Open Group. 2011. Web. Jan 2016. < http://pubs.opengroup.org/architecture/togaf9-doc/arch/chap48.html >

    TOGAF. “Version 9.1.” The Open Group. 2011. Web. Jan 2016. http://pubs.opengroup.org/architecture/togaf9-doc/arch/

    United States Secret Service. “Enterprise Architecture Review Board.” United States Secret Service. Web. Jan 2016. < http://www.archives.gov/records-mgmt/toolkit/pdf/ID191.pdf >

    Virginia Information Technologies Agency. “Enterprise Architecture Policy.” Commonwealth of Virginia. Jul 2006. Web. Jan 2016. < https://www.vita.virginia.gov/uploadedfiles/vita_main_public/library/eapolicy200-00.pdf >

    Research contributors and experts

    Alan Mitchell, Senior Manager, Global Cities Centre of Excellence, KPMG

    Alan Mitchell has held numerous consulting positions before his role in Global Cities Centre of Excellence for KPMG. As a Consultant, he has had over 10 years of experience working with enterprise architecture related engagements. Further, he worked extensively with the public sector and prides himself on his knowledge of governance and how governance can generate value for an organization.

    Ian Gilmour, Associate Partner, EA advisory services, KPMG

    Ian Gilmour is the global lead for KPMG’s enterprise architecture method and Chief Architect for the KPMG Enterprise Reference Architecture for Health and Human Services. He has over 20 years of business design experience using enterprise architecture techniques. The key service areas that Ian focuses on are business architecture, IT-enabled business transformation, application portfolio rationalization, and the development of an enterprise architecture capability within client organizations.

    Djamel Djemaoun Hamidson, Senior Enterprise Architect, CBC/Radio-Canada

    Djamel Djemaoun is the Senior Enterprise Architect for CBC/Radio-Canada. He has over 15 years of Enterprise Architecture experience. Djamel’s areas of special include service-oriented architecture, enterprise architecture integration, business process management, business analytics, data modeling and analysis, and security and risk management.

    Sterling Bjorndahl, Director of Operations, eHealth Saskatchewan

    Sterling Bjorndahl is now the Action CIO for the Sun Country Regional Health Authority, and also assisting eHealth Saskatchewan grow its customer relationship management program. Sterling’s areas of expertise include IT strategy, enterprise architecture, ITIL, and business process management. He serves as the Chair on the Board of Directors for Gardiner Park Child Care.

    Huw Morgan, IT Research Executive, Enterprise Architect

    Huw Morgan has 10+ years experience as a Vice President or Chief Technology Officer in Canadian internet companies. As well, he possesses 20+ years experience in general IT management. Huw’s areas of expertise include enterprise architecture, integration, e-commerce, and business intelligence.

    Serge Parisien, Manager, Enterprise Architecture at Canada Mortgage Housing Corporation

    Serge Parisien is a seasoned IT leader with over 25 years of experience in the field of information technology governance and systems development in both the private and public sectors. His areas of expertise include enterprise architecture, strategy, and project management.

    Alex Coleman, Chief Information Officer at Saskatchewan Workers’ Compensation Board

    Alex Coleman is a strategic, innovative, and results-driven business leader with a proven track record of 20+ years’ experience planning, developing, and implementing global business and technology solutions across multiple industries in the private, public, and not-for-profit sectors. Alex’s expertise includes program management, integration, and project management.

    L.C. (Skip) Lumley , Student of Enterprise and Business Architecture

    Skip Lumley was formerly a Senior Principle at KPMG Canada. He is now post-career and spends his time helping move enterprise business architecture practices forward. His areas of expertise include enterprise architecture program implementation and public sector enterprise architecture business development.

    Additional contributors

    • Tim Gangwish, Enterprise Architect at Elavon
    • Darryl Garmon, Senior Vice President at Elavon
    • Steve Ranaghan, EMEIA business engagement at Fujitsu