Safety as a secondary consideration

  • Large vertical image:
  • member rating overall impact: Very High
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A

This is a story that should make you perk up.

I know of a department that was eager to launch their new product. The strain was severe. The board was breathing down their necks. Rivals were catching up (or so they thought).

What did they do?

"Let's get this thing live, prove the market wants it, then we'll circle back and handle all the security and stability backlog items." For the product owner, at the time, that seemed the right thing to do.

They were hacked 48 hours after going live.

Customer information was stolen. The brand's reputation suffered. The decision led to a months-long legal nightmare. And they still had to completely rebuild the system. Making stability and security bolt-on items is never a good idea.

The true price of "fix it later"

See, I understand. When the product owner is pressing for user experience enhancements and you're running out of time for launch, it's easy to overlook those "non-functional requirements." Yet, we should avoid blaming the product owner. The PO is under pressure from many stakeholders, and a delayed launch may also come with significant costs.

Load balancing isn't visible to customers, after all. Penetration testing doesn't excite them. Failure mechanisms don't matter to them. This statement is true until a malfunction impacts a client. Then it suddenly becomes the most important thing in the world.

However, I know that ignoring non-functional requirements (NFRs) can lead to failed businesses (or business lines). This elevates these issues beyond mere technical inconveniences. NFRs are designed with the client in mind.

Look at it this way. When your system crashes during periods of high traffic, how does the user experience change? How satisfied are customers when their personal information is stolen? When it takes 30 seconds for your website to load, how does that conversion rate look?

Let me expose you to some consultant figures. The average cost of IT outages is $5,600 per minute, according to a 2014 Gartner study. That figure can rise to $300,000 per hour for larger businesses. The reality is that in your department, you will rarely reach these numbers. When we look at current (2020-2025) and expected (2026) trends, the typical operational loss numbers in international commercial banking or insurance are closer to 100K for high-impact incidents that are handled within 2–3 hours.

Obviously, your numbers will vary. And if you don't know what your costs are, now would be a good time to discover that. This does not imply that you should simply accept the risks associated with such situations. You must fix or mitigate such opportunities for hackers to get in. Do so at the appropriate cost for your business.

Data breaches are a unique phenomenon. According to IBM's Cost of a Data Breach Report 2025, a data breach typically costs $4.44 million, and detecting and containing it takes an average of 241 days. Some preview data from the 2025 report include that 97% of organizations that reported on the study indicated that they lacked access controls for their AI systems. That means that many companies don't even have the basics in order. And AI-related breaches are just going to accelerate. AI security defenses will help lower the cost of such breaches.

Despite the decreasing cost of these breaches, I anticipate an increase in their frequency in the upcoming years.

This means that non-functional requirements in terms of security and resilience should take a more prominent place in the prioritizations. Your client depends on your systems being safe, resilient, and performant.

The blind spot in leadership

And yet, this is where some leaders make mistakes. I have the impression they believe that client-focused design means more functionality and elegant interfaces. They prioritize user experience enhancements over system reliability.

I want to share a key fact that distinguishes successful businesses: customers desire more than just a good product. It must always function for them. And that means following certain procedures. They are not there to hamper you; they are there to retain customers.

88% of online shoppers are less likely to visit a website again after a negative experience, according to research from Forrester. Amazon found that they lose 1% of sales for every 100 ms of latency. That 100 milliseconds adds up to millions of lost profits when billions of dollars are at stake.

You run the risk of more than just technical difficulties when you deprioritize safety. Customer trust, revenue stability, competitive advantage, adherence to the law, costs, and team morale are all at stake.

The "happy flow" trap is costing you revenue.

Allow me to illustrate what I see happening during development cycles.

The team tests the happy flow. The user successfully logs in. The user navigates with ease. The user makes the purchase without any problems. The user logs off without incident.

"Excellent! Publish it!"

However, what occurs if 1000 users attempt to log in at once? What occurs if an attempt is made to insert malicious code into your contact form? During a transaction, what happens if your database connection fails?

These are not extreme situations. These are real-life occurrences.

Fifty percent of data center managers and operators reported having an impactful outage in the previous three years, according to the Uptime Institute's 2025 Global Data Center Survey. Note that this is at the infra level. The biggest contributor is power outages. What role does power play in ensuring a smooth flow? Power will not always flow as you want it, so plan for lack of power and for spikes.

With regard to software failures, the spread of possible causes widens. AI is a big contributor. AI is typically brought in to accelerate development and assist in coding. But it tends to introduce subtle bugs and vulnerabilities that a seasoned developer has to review and solve.

Another upcoming article will discuss how faster release cycles often lead to a rush in testing. This should not be the case; by spending some time automating your (non-)regression test bank, you will gain speed. But you have to invest time in building the test suite.

Can your system handle success? This question should keep every executive awake at night.

I've witnessed businesses invest millions in advertising campaigns to drive traffic to systems that fail due to their success. Consider describing to your board how your greatest marketing victory became your worst operational mishap.

Managing traffic spikes is only one aspect of load balancing. It is about ensuring that your business can handle opportunities without being overwhelmed.

The mindset that transforms everything

Let's now address the most pressing issue: security.

The majority of leaders consider security to be like insurance, something you hope you never need. The fact that security is more than just protection, however, will alter the way you approach every project. It's approval to develop.

According to the Ponemon Institute's 2025 Cost of Insider Threats Global Report, the average annualized cost of insider threats, defined as employee negligence, criminal insiders, and credential thieves, has risen to $17.4 million per incident, up from $15.4 million in 2022. The number of discovered and analyzed incidents increased from 3,269 in 2018 to 7,868 in 2025 research studies. 

Cybersecurity Ventures predicts that cybercrime will cost the global economy $10.5 trillion annually by 2025.

The most fascinating thing, though, is that companies that invest in proactive security see measurable outcomes. Organizations that allocate over 10% of their IT budget to cybersecurity have a 2.5-fold higher chance of experiencing no security incidents than those that allocate less than 1%, per Deloitte's Future of Cyber Survey.

By hardening your systems against common attack vectors, you can scale quickly without worrying about the future. You can handle sensitive data with confidence, enter new markets without fear, establish partnerships that require trust, and focus on innovation instead of crisis management.

The non-functional needs that genuinely generate income

Allow me to explain this in a way that will satisfy your CFO.

Retention is equal to reliability. Customers return when a system functions reliably (given you sell items they want). The Harvard Business Review claims that a 5% increase in customer retention rates boosts profits by 25% to 95%. It is five to twenty-five times less expensive to retain customers than to acquire new ones.

Scalability is equal to security. Secure systems can handle larger client volumes, more sensitive data, and higher-value transactions. 69% of board members and C-suite executives think that privacy and cyber risks could affect their company's ability to grow, according to PwC.

Profit is equal to performance. You lose conversions for every second of load time. Google discovered that the likelihood of a bounce rises by 32% as page load time increases from 1 to 3 seconds. It increases by 90% from 1 second to 5 seconds. Walmart discovered that every second improvement in page load time led to a 2% increase in conversions.

Reputation is equal to resilience. Guess which company benefits when your system works while your competitors' systems fail? Failures reduce trust. 71% of consumers will actively advocate against companies they don't trust, and 67% of consumers will stop purchasing from them, according to Edelman's 2023 Trust Barometer. While the 2025 report does not present comparative numbers, distrust impacting consumer behavior is likely to be even more prevalent. 

The structure that reverses the script

Reframe this discussion with your executives and team

  • The question we should not ask is, "Can we afford to build this right?" but rather, "Can we afford not to?" This consideration is crucial because we risk losing customers at every obstacle they encounter. 
  • Non-functional requirements should be viewed as competitive advantages rather than obstructions. If it suddenly does not work, the customer walks away.
  • Consider viewing system reliability as a profit center instead of a cost center. When a customer knows it will work, they will order again and refer a friend.

The numbers support this point. Businesses that invest in operational resilience see three times higher profit margins and 2.5 times higher revenue growth than their counterparts, according to McKinsey's 2023 State of Organizations report. In 2025 we see a focus on AI, but the point remains.

These metrics will grab the attention when you're presenting them.

Although the average cost of downtime varies by industry, it is always high. 

The impact of a security breach on customer lifetime value is equally uncomfortable. Following a data breach, 78% of consumers will cease interacting with a brand online, and 36% will never do so again, according to Ping Identity's 2023 Consumer Identity Breach Report.

Every second that the system is unavailable results in a rapidly mounting loss of money. That's about $3,170 per minute of full downtime for a business that makes $100 million a year. We're talking about $31,700 per minute for billion-dollar businesses. Again, your experience may differ, but it's important to note that this cost is often unseen yet undeniable. If you want to calculate this more granularly, then I have a calculation method for you that is easy to implement.

There is a discernible trend in the cost of rebuilding versus building correctly the first time. Resolving a problem in production can cost four to five times as much as fixing it during design, and it can cost up to 100 times as much as fixing it during the requirements and design phase, according to IBM's Systems Sciences Institute.

The plan of action that truly works

This is what you should do right away.

Please begin by reviewing your current primary systems. When they're under stress, what happens? What occurs if they are attacked? What occurs if they don't work? 40% of businesses that suffer a significant system failure never reopen, although only 23% of organizations have tested their disaster recovery plans in the previous year, according to Gartner. Companies we work with test their systems at least once per year. If the results are unsatisfactory, we conduct a retest to ensure they meet our standards.

Next, please determine the actual cost of addressing issues at a later stage. Add in the costs of customer attrition, security breaches, downtime, and reconstruction. To lend credibility to your calculations, try to work out exact numbers for your company. Industry standards (like in this article) will give you indicators, but you need to know your figures.

Third, recast your non-functional needs as business needs. Consider focusing on strategies for managing success rather than solely discussing load balancing. Instead of discussing security testing, focus on revenue protection.

Fourth, consider safety when defining "done." Until a feature is dependable, secure, and scalable, it isn't considered complete. Projects that incorporate non-functional requirements from the outset have a threefold higher chance of success, per the Standish Group's 2023 Chaos Report.

Fifth, use system dependability as a differentiator in the marketplace. You're up when your rivals are down. You're safe when they're compromised.

The bottom line

I understand that resilience isn't sexy. I am aware that UI enhancements are more exciting than infrastructure resilience.

And yet, I know that businesses that prioritize safety will survive and lead after seeing others thrive and fail based on this one choice. Customers trust them. They are capable of scaling without breaking. Because they are confident that their systems can manage whatever comes next, they are the ones who get a good night's sleep.

Resilient organizations are twice as likely to surpass customer satisfaction goals and are 2.5 times more likely to achieve revenue growth of 10% or more.

Resilience represents the most significant competitive advantage. You have a choice. Just keep in mind that your clients are depending on you to do the job correctly.

Always happy to engage in a conversation.

Satisfy Customer Requirements for Information Security

  • Buy Link or Shortcode: {j2store}259|cart{/j2store}
  • member rating overall impact: 9.0/10 Overall Impact
  • member rating average dollars saved: $247 Average $ Saved
  • member rating average days saved: 3 Average Days Saved
  • Parent Category Name: Governance, Risk & Compliance
  • Parent Category Link: /governance-risk-compliance
  • Your customers and potential customers are increasingly demanding assurance that you will meet their information security requirements.
  • Responding to these assurance demands requires ever more effort from the security team, which distracts them from their primary mission of protecting the organization.
  • Every customer seems to have their own custom security questionnaire they want you to complete, increasing the effort you have to expend to respond to them.

Our Advice

Critical Insight

  • Your security program can be a differentiator and help win and retain customers.
  • Value rank your customers to right-size the level of effort your security team dedicates to responding to questionnaires.
  • SOC 2 or ISO 27001 certification can be an important part of your security marketing, but only if you make the right business case.

Impact and Result

  • CISOs need to develop a marketing strategy for their information security program.
  • Ensure that your security team dedicates the appropriate amount of effort to sales by value ranking your potential customers and aligning efforts to value.
  • Develop a business case for SOC 2 or ISO 27001 to determine if certification makes sense for your organization, and to gain support from key stakeholders.

Satisfy Customer Requirements for Information Security Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should proactively satisfy customer requirements for information security, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Manage customer expectations for information security

Identify your customers’ expectations for security and privacy, value rank your customers to right-size your efforts, and learn how to impress them with your information security program.

  • Satisfy Customer Requirements for Information Security – Phase 1: Manage Customer Expectations for Information Security

2. Select a certification path

Decide whether to obtain SOC 2 or ISO 27001 certification, and build a business case for certification.

  • Satisfy Customer Requirements for Information Security – Phase 2: Select a Certification Path
  • Security Certification Selection Tool
  • Security Certification Business Case Tool

3. Obtain and maintain certification

Develop your certification scope, prepare for the audit, and learn how to maintain your certification over time.

  • Satisfy Customer Requirements for Information Security – Phase 3: Obtain and Maintain Certification
[infographic]

Understand the Data and Analytics Landscape

  • Buy Link or Shortcode: {j2store}131|cart{/j2store}
  • member rating overall impact: 9.8/10 Overall Impact
  • member rating average dollars saved: $2,000 Average $ Saved
  • member rating average days saved: 14 Average Days Saved
  • Parent Category Name: Data Management
  • Parent Category Link: /data-management
  • The data and analytics landscape comprises many disciplines and components; organizations may find themselves unsure of where to start or what data topic or area they should be addressing.
  • Organizations want to better understand the components of the data and analytics landscape and how they are connected.

Our Advice

Critical Insight

  • This deck will provide a base understanding of the core data disciplines and will point to the various Info-Tech blueprints that dive deeper into each of the areas.

Impact and Result

  • This deck will provide a base understanding of the core disciplines of the data and analytics landscape and will point to the various Info-Tech blueprints that dive deeper into each of the areas.

Understand the Data and Analytics Landscape Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Understand the data and analytics landscape

Get an overview of the core disciplines of the data and analytics landscape.

  • Understand the Data and Analytics Landscape Storyboard

Infographic

Security Strategy

  • Buy Link or Shortcode: {j2store}42|cart{/j2store}
  • Related Products: {j2store}42|crosssells{/j2store}
  • member rating overall impact: 9.4/10
  • member rating average dollars saved: $33,431
  • member rating average days saved: 29
  • Parent Category Name: Security and Risk
  • Parent Category Link: /security-and-risk
  • byline: Embed security thinking through aligning your security strategy to business goals and values.

The challenge

You may be experiencing one or more of the following:

  • You may not have sufficient security resources to handle all the challenges.
  • Security threats are prevalent. Yet many businesses struggle to embed systemic security thinking into their culture.
  • The need to move towards strategic planning of your security landscape is evident. How to get there is another matter.

Our advice

Insight

To have a successful information security strategy, take these three factors into account:

  • Holistic: your view must include people, processes, and technology.
  • Risk awareness: Base your strategy on the actual risk profile of your company. And then add the appropriate best practices.
  • Business-aligned: When your strategic security plan demonstrates alignment with the business goals and supports it, embedding will go much more straightforward.

Impact and results 

  • We have developed a highly effective approach to creating your security strategy. We tested and refined this for more than seven years with hundreds of different organizations.
  • We ensure alignment with business objectives.
  • We assess organizational risk and stakeholder expectations.
  • We enable a comprehensive current state assessment.
  • And we prioritize initiatives and build out a right-sized security roadmap.

 

The roadmap

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

Get up to speed

Read up on why you should build your customized information security strategy. Review our methodology and understand the four ways we can support you.

Assess the security requirements

It all starts with risk appetite, yes, but security is something you want to get right. Determine your organizations' security pressures and business goals, and then determine your security program's goals.

  • Build an Information Security Strategy – Phase 1: Assess Requirements
  • Information Security Requirements Gathering Tool (xls)
  • Information Security Pressure Analysis Tool (xls)

Build your gap initiative

Our best-of-breed security framework makes you perform a gap analysis between where you are and where you want to be (your target state). Once you know that, you can define your goals and duties.

  • Build an Information Security Strategy – Phase 2: Assess Gaps
  • Information Security Program Gap Analysis Tool (xls)

Plan the implementation of your security strategy 

With your design at this level, it is time to plan your roadmap.

  • Build an Information Security Strategy – Phase 3: Build the Roadmap

Let it run and continuously improve. 

Learn to use our methodology to manage security initiatives as you go. Identify the resources you need to execute the evolving strategy successfully.

  • Build an Information Security Strategy – Phase 4: Execute and Maintain
  • Information Security Strategy Communication Deck (ppt)
  • Information Security Charter (doc)

 

Generative AI: Market Primer

  • Buy Link or Shortcode: {j2store}349|cart{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Data Management
  • Parent Category Link: /data-management
  • Much of the organization remains in the dark for understanding what Gen AI is, complicated by ambiguous branding from vendors claiming to provide Gen AI solutions.
  • Searching the market for a Gen AI platform is nearly impossible, owing to the sheer number of vendors.
  • The evaluative criteria for selecting a Gen AI platform are unclear.

Our Advice

Critical Insight

  • You cannot rush Gen AI selection and implementation. Organizations with (1) FTEs devoted to making Gen AI work (including developers and business intelligence analysts), (2) trustworthy and regularly updated data, and (3) AI governance are just now reaching PoC testing.
  • Gen AI is not a software category – it is an umbrella concept. Gen AI platforms will be built on different foundational models, be trained in different ways, and provide varying modalities. Do not expect Gen AI platforms to be compared against the same parameters in a vendor quadrant.
  • Bad data is the tip of the iceberg for Gen AI risks. While Gen AI success will be heavily reliant on the quality of data it is fine-tuned on, there are independent risks organizations must prepare for, from Gen AI hallucinations and output reliability to infrastructure feasibility and handling high-volume events.
  • Prepare for ongoing instability in the Gen AI market. If your organization is unsure about where to start with Gen AI, the secure route is to examine what your enterprise providers are offering. Use this as a learning platform to confidently navigate which specialized Gen AI provider will be viable for meeting your use cases.

Impact and Result

  • Consensus on Gen AI scope and key Gen AI capabilities
  • Identification of your readiness to leverage Gen AI applications
  • Agreement on Gen AI evaluative criteria
  • Knowledge of vendor viability

Generative AI: Market Primer Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Generative AI: Market Primer – Contextualize the marketspace and prepare for generative AI selection.

Use Info-Tech’s best practices for setting out a selection roadmap and evaluative criteria for narrowing down vendors – both enterprise and specialized providers.

  • Generative AI: Market Primer Storyboard
  • Data Governance Policy
  • AI Governance Storyboard
  • AI Architecture Assessment and Project Planning Tool
  • AI Architecture Assessment and Project Planning Tool – Sample
  • AI Architecture Templates
[infographic]

Further reading

Generative AI: Market Primer

Cut through Gen AI buzzwords to achieve market clarity.

Analyst Perspective

The generative AI (Gen AI) marketspace is complex, nascent, and unstable.

Organizations need to get clear on what Gen AI is, its infrastructural components, and the governance required for successful platform selection.

Thomas Randall

The urge to be fast-moving to leverage the potential benefits of Gen AI is understandable. There are plenty of opportunities for Gen AI to enrich an organization’s use cases – from commercial to R&D to entertainment. However, there are requisites an organization needs to get right before Gen AI can be effectively applied. Part of this is ensuring data and AI governance is well established and mature within the organization. The other part is contextualizing Gen AI to know what components of this market the organization needs to invest in.

Owing to its popularity surge, OpenAI’s ChatGPT has become near synonymous with Gen AI. However, Gen AI is an umbrella concept that encompasses a variety of infrastructural architecture. Organizations need to ask themselves probing questions if they are looking to work with OpenAI: Does ChatGPT rest on the right foundational model for us? Does ChatGPT offer the right modalities to support our organization’s use cases? How much fine-tuning and prompt engineering will we need to perform? Do we require investment in on-premises infrastructure to support significant data processing and high-volume events? And do we require FTEs to enable all this infrastructure?

Use this market primer to quickly get up to speed on the elements your organization might need to make the most of Gen AI.

Thomas Randall

Advisory Director, Info-Tech Research Group

Executive Summary

Your Challenge

  • Much of the organization remains in the dark for understanding what Gen AI is, complicated by ambiguous branding from vendors claiming to provide Gen AI solutions.
  • Searching the market for a Gen AI platform is near impossible, owing to the sheer number of vendors.
  • The evaluative criteria for selecting a Gen AI platform is unclear.

Common Obstacles

  • Data governance is immature within the organization. There is no source of truth or regularly updated organizational process assets.
  • AI functionality is not well understood within the organization; there is little AI governance for monitoring and controlling its use.
  • The extent of effort and resources required to make Gen AI a success remains murky.

Info-Tech's Solution

This market primer for Gen AI will help you:

  1. Contextualize the Gen AI market: Learn what components of Gen AI an organization should consider to make Gen AI a success.
  2. Prepare for Gen AI selection: Use Info-Tech’s best practices for setting out a selection roadmap and evaluative criteria for narrowing down vendors – both enterprise and specialized providers.

“We are entering the era of generative AI.
This is a unique time in our history where the benefits of AI are easily accessible and becoming pervasive with co-pilots emerging in the major business tools we use today. The disruptive capabilities that can potentially drive dramatic benefits also introduces risks that need to be planned for.”

Bill Wong, Principal Research Director – Data and BI, Info-Tech Research Group

Who benefits from this project?

This research is designed for:

  • Senior IT, developers, data staff, and project managers who:
    • Have received a mandate from their executives to begin researching the Gen AI market.
    • Need to quickly get up to speed on the state of the Gen AI market, given no deep prior knowledge of the space.
    • Require an overview of the different components to Gen AI to contextualize how vendor comparisons and selections can be made.
    • Want to gain an understanding of key trends, risks, and evaluative criteria to consider in their selection process.

This research will help you:

  • Articulate the potential business value of Gen AI to your organization.
  • Establish which high-value use cases could be enriched by Gen AI functionality.
  • Assess vendor viability for enterprise and specialized software providers in the Gen AI marketspace.
  • Collect information on the prerequisites for implementing Gen AI functionality.
  • Develop relevant evaluative criteria to assist differentiating between shortlisted contenders.

This research will also assist:

  • Executives, business analysts, and procurement teams who are stakeholders in:
    • Contextualizing the landscape for learning opportunities.
    • Gathering and documenting requirements.
    • Building deliverables for software selection projects.
    • Managing vendors, especially managing the relationships with incumbent enterprise software providers.

This research will help you:

  • Identify examples of how Gen AI applications could be leveraged for your organization’s core use cases.
  • Verify the extent of Gen AI functionality an incumbent enterprise provider has.
  • Validate accuracy of Gen AI language and architecture referenced in project deliverables.

Insight Summary

You cannot speedrun Gen AI selection and implementation.

Organizations with (1) FTEs devoted to making Gen AI work (including developers and business intelligence analysts), (2) trustworthy and regularly updated data, and (3) AI governance are just now reaching PoC testing.

Gen AI is not a software category – it is an umbrella concept.

Gen AI platforms will be built on different foundational models, be trained in different ways, and provide varying modalities. Do not expect to compare Gen AI platforms to the same parameters in a vendor quadrant.

Bad data is the tip of the iceberg for Gen AI risks.

While Gen AI success will be heavily reliant on the quality of data it is fine-tuned on, there are independent risks organizations must prepare for: from Gen AI hallucinations and output reliability to infrastructure feasibility to handle high-volume events.

Gen AI use may require changes to sales incentives.

If you plan to use Gen AI in a commercial setting, review your sales team’s KPIs. They are rewarded for sales velocity; if they are the human-in-the-loop to check for hallucinations, you must change incentives to ensure quality management.

Prepare for ongoing instability in the Gen AI market.

If your organization is unsure about where to start with Gen AI, the secure route is to examine what your enterprise providers are offering. Use this as a learning platform to confidently navigate which specialized Gen AI provider will be viable for meeting your use cases.

Brace for a potential return of on-premises infrastructure to power Gen AI.

The market trend has been for organizations to move to cloud-based products. Yet, for Gen AI, effective data processing and fine-tuning may call for organizations to invest in on-premises infrastructure (such as more GPUs) to enable their Gen AI to function effectively.

Info-Tech’s methodology for understanding the Gen AI marketspace

Phase Steps

1. Contextualize the Gen AI marketplace

  1. Define Gen AI and its components.
  2. Explore Gen AI trends.
  3. Begin deriving Gen AI initiatives that align with business capabilities.

2. Prepare for and understand Gen AI platform offerings

  1. Review Gen AI selection best practices and requisites for effective procurement.
  2. Determine evaluative criteria for Gen AI solutions.
  3. Explore Gen AI offerings with enterprise and specialized providers.
Phase Outcomes
  1. Achieve consensus on Gen AI scope and key Gen AI capabilities.
  2. Identify your readiness to leverage Gen AI applications.
  3. Hand off to Build Your Generative AI Roadmap to complete pre-requisites for selection.
  1. Determine whether deeper data and AI governance is required; if so, hand off to Create an Architecture for AI.
  2. Gain consensus on Gen AI evaluative criteria.
  3. Understand vendor viability.

Guided Implementation

Phase 1

Phase 2
  • Call #1: Discover if Gen AI is right for your organization. Understand what a Gen AI platform is and discover the art of the possible.
  • Call #2: To take advantage of Gen AI, perform a business capabilities analysis to begin deriving Gen AI initiatives.
  • Call #3: Explore whether Gen AI initiatives can be achieved either with incumbent enterprise players or via procurement of specialized solutions.
  • Call #4: Evaluate vendors and perform final due diligence.

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

The Gen AI market evaluation process should be broken into segments:

  1. Gen AI market education with this primer
  2. Structured approach to selection
  3. Evaluation and final due diligence

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful"

Guided Implementation

"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

Workshop

"We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

Consulting

"Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostics and consistent frameworks are used throughout all four options.

Software selection engagement

Five advisory calls over a five-week period to accelerate your selection process

  • Receive expert analyst guidance over five weeks (on average) to select and negotiate software.
  • Save money, align stakeholders, speed up the process, and make better decisions.
  • Use a repeatable, formal methodology to improve your application selection process.
  • Get better, faster results guaranteed, included in membership.
Software selection process timeline. Week 1: Awareness - 1 hour call, Week 2: Education & Discovery - 1 hour call, Week 3: Evaluation - 1 hour call, Week 4: Selection - 1 hour call, Week 5: Negotiation & Configuration - 1 hour call.

Click here to book your selection engagement.

Software selection workshops

40 hours of advisory assistance delivered online.

Select better software, faster.

  • 40 hours of expert analyst guidance
  • Project and stakeholder management assistance
  • Save money, align stakeholders, speed up the process, and make better decisions
  • Better, faster results guaranteed; 25K standard engagement fee
Software selection process timeline. Week 1: Awareness - 5 hours of Assistance, Week 2: Education & Discovery - 10 hours of assistance, Week 3: Evaluation - 10 hours of assistance, Week 4: Selection - 10 hours of assistance, Week 5: Negotiation & Configuration - 10 hours of assistance.

Click here to book your workshop engagement.

Microsoft Teams Cookbook

  • Buy Link or Shortcode: {j2store}408|cart{/j2store}
  • member rating overall impact: 8.8/10 Overall Impact
  • member rating average dollars saved: $6,299 Average $ Saved
  • member rating average days saved: 27 Average Days Saved
  • Parent Category Name: DR and Business Continuity
  • Parent Category Link: /business-continuity

Remote work calls for leveraging your Office 365 license to use Microsoft Teams – but IT is unsure about best practices for governance and permissions. Moreover, IT has few resources to help train end users with Teams best practices.

Our Advice

Critical Insight

Microsoft Teams is not a standalone app. Successful utilization of Teams occurs when conceived in the broader context of how it integrates with Office 365. Understanding how information flows between Teams, SharePoint Online, and OneDrive for Business, for instance, will aid governance with permissions, information storage, and file sharing.

Impact and Result

Use Info-Tech’s Microsoft Teams Cookbook to successfully implement and use Teams. This cookbook includes recipes for:

  • IT best practices concerning governance of the creation process and Teams rollout.
  • End-user best practices for Teams functionality and common use cases.

Microsoft Teams Cookbook Research & Tools

Start here – read the Executive Brief

Learn critical insights for an effective Teams rollout.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

  • Microsoft Teams Cookbook – Sections 1-2

1. Teams for IT

Understand best practices for governance of the Teams creation process and Teams rollout.

  • Microsoft Teams Cookbook – Section 1: Teams for IT

2. Teams for end users

Get end users on board with this series of how-tos and common use cases for Teams.

  • Microsoft Teams Cookbook – Section 2: Teams for End Users

[infographic]

 

Further reading

Microsoft Teams Cookbook

Recipes for best practices and use cases for Microsoft Teams.

Table of contents

Executive Brief

Section 1: Teams for IT

Section 2: Teams for End Users

Executive Summary

Situation

Remote work calls for leveraging your Office 365 license to utilize Teams – but IT is unsure about best practices for governance and permissions.

Without a framework or plan for governing the rollout of Teams, IT risks overlooking secure use of Teams, the phenomenon of “teams sprawl,” and not realizing how Teams integrates with Office 365 more broadly.

Complication

Teams needs to be rolled out quickly, but IT has few resources to help train end users with Teams best practices.

With teams, channels, chats, meetings, and live events to choose from, end users may get frustrated with lack of guidance on how to use Teams’ many capabilities.

Resolution

Use Info-Tech’s Microsoft Teams Cookbook to successfully implement and utilize Teams. This cookbook includes recipes for:

  • IT best practices concerning governance of the creation process and Teams rollout.
  • End-user best practices for Teams functionality and common use cases.

Key Insights

Teams is not a standalone app

Successful utilization of Teams occurs when conceived in the broader context of how it integrates with Office 365. Understanding how information flows between Teams, SharePoint Online, and OneDrive for Business, for instance, will aid governance with permissions, information storage, and file sharing.

IT should paint the first picture for team creation

No initial governance for team creation can lead to “teams sprawl.” While Teams was built to allow end users’ creativity to flow in creating teams and channels, this can create problems with a cluttered interface and keeping track of information. To prevent end-user dissatisfaction here, IT’s initial Teams rollout should offer a basic structure for end users to work with first, limiting early teams sprawl.

The Teams admin center can only take you so far with permissions

Knowing how Teams integrates with other Office 365 apps will help with rolling out sensitivity labels to protect important information being accidentally shared in Teams. Of course, technology only does so much – proper processes to train and hold people accountable for their actions with data sharing must be implemented, too.

Related Info-Tech Research

Establish a Communication and Collaboration System Strategy

Don’t waste your time deploying yet another collaboration tool that won’t get used.

Modernize Communication and Collaboration Infrastructure

Your legacy telephony infrastructure is dragging you down – modern communications and collaboration technology will dramatically improve productivity.

Migrate to Office 365 Now

One small step to cloud, one big leap to Office 365. The key is to look before you leap.

Section 1: Teams for IT

Governance best practices and use cases for IT

Section 1

Teams for IT

 Section 2

Teams for end users

From determining prerequisites to engaging end users.

IT fundamentals
  • Creation process
  • Teams rollout
Use cases
  • Retain and search for legal/regulatory compliance
  • Add an external user to a team
  • Delete/archive a team

Overview: Creation process

IT needs to be prepared to manage other dependent services when rolling out Teams. See the figure below for how Teams integrates with these other Office 365 applications.

A flow chart outlining how Teams integrates with other Office 365 applications. Along the side are different applications, from the top: 'Teams client', 'OneDrive for Business', 'Sharepoint Online', 'Planner (Tasks for Teams)', 'Exchange Online', and 'Stream'. Along the top are services of 'Teams client', 'Files', 'Teams', 'Chat', 'Meeting', and 'Calls'.

Which Microsoft 365 license do I need to access Teams?

  • Microsoft 365 Business Essentials
  • Microsoft 365 Business Premium
  • Office 365 Enterprise, E1, E3, or E5
  • Office 365 Enterprise E4 (if purchased prior to its retirement)

Please note: To appeal to the majority of Info-Tech’s members, this blueprint refers to Teams in the context of Office 365 Enterprise licenses.

Assign admin roles

You will already have at least one global administrator from setting up Office 365.

Global administrators have almost unlimited access to settings and most of the data within the software, so Microsoft recommends having only two to four IT and business owners responsible for data and security.

Info-Tech Best Practice

Configure multifactor authentication for your dedicated Office 365 global administrator accounts and set up two-step verification.

Once you have organized your global administrators, you can designate your other administrators with “just-enough” access for managing Teams. There are four administrator roles:

Teams Service Administrator Manage the Teams service; manage and create Microsoft 365 groups.
Teams Communications Administrator Manage calling and meetings features with Teams.
Teams Communications Support Engineer Troubleshoot communications issues within Teams using the advanced troubleshooting toolset.
Teams Communications Support Specialist Troubleshoot communications issues using Call Analytics.

Prepare the network

There are three prerequisites before Teams can be rolled out:

  • UDP ports 3478 through 3481 are opened.
  • You have a verified domain for Office 365.
  • Office 365 has been rolled out, including Exchange Online and SharePoint Online.

Microsoft then recommends the following checklist to optimize your Teams utilization:

  • Optimize calls and performance using the Call Quality Dashboard.
  • Assess network requirements in the Network Planner in the Teams admin center.
  • Ensure all computers running Teams client can resolve external DNS queries.
  • Check adequate public IP addresses are assigned to the NAT pools to prevent port exhaustion.
  • Route to local or regional Microsoft data centers.
  • Whitelist all Office 365 URLs to move through security layers, especially IDS/IPS.
  • Split tunnel Teams traffic so it bypasses your organization’s VPN.

Info-Tech Best Practice

For online support and walkthroughs, utilize Advisor for Teams. This assistant can be found in the Teams admin center.

Team Creation

You can create and manage Teams through the Teams PowerShell module and the Teams admin center. Only the global administrator and Teams service administrator have full administrative capabilities in this center.

Governance over team creation intends to prevent “teams sprawl” – the phenomenon whereby end users create team upon team without guidance. This creates a disorganized interface, with issues over finding the correct team and sharing the right information.

Prevent teams sprawl by painting the first picture for end users:

  1. Decide what kind of team grouping would best fit your organization: by department or by project.
  2. Start with a small number of teams before letting end users’ creativity take over. This will prevent initial death by notifications and support adoption.
  3. Add people or groups to these teams. Assign multiple owners for each team in case people move around at the start of rollout or someone leaves the organization.
  4. Each team has a general channel that cannot be removed. Use it for sharing an overview of the team’s goals, onboarding, and announcements.

Info-Tech Best Practice

For smaller organizations that are project-driven, organize teams by projects. For larger organizations with established, siloed departments, organize by department; projects within departments can become channels.

Integrations with SharePoint Online

Teams does not integrate with SharePoint Server.

Governance of Teams is important because of how tightly it integrates with other Office 365 apps, including SharePoint Online.

A poor rollout of Teams will have ramifications in SharePoint. A good rollout will optimize these apps for the organization.

Teams and SharePoint integrate in the following ways:

  • Each team created in Teams automatically generates a SharePoint team site behind it. All documents and chat shared through a team are stored in that team’s SharePoint document library.
  • As such, all files shared through Teams are subject to SharePoint permissions.
  • Existing SharePoint folders can be tied to a team without needing to create a new one.
  • If governance over resource sharing in Teams is poor, information can get lost, duplicated, or cluttered throughout both Teams and SharePoint.

Info-Tech Best Practice

End users should be encouraged to integrate their teams and channels with existing SharePoint folders and, where no folder exists, to create one in SharePoint first before then attaching a team to it.

Permissions

Within the Teams admin center, the global or Teams service administrator can manage Teams policies.

Typical Teams policies requiring governance include:

  • The extent end users can discover or create private teams or channels
  • Messaging policies
  • Third-party app use

Chosen policies can be either applied globally or assigned to specific users.

Info-Tech Best Practice

If organizations need to share sensitive information within the bounds of a certain group, private channels help protect this data. However, inviting users into that channel will enable them to see all shared history.

External and guest access

Within the security and compliance center, the global or Teams service administrator can set external and guest access.

External access (federation) – turned on by default.

  • Lets you find, call, and chat with users in other domains. External users will have no access to the organization’s teams or team resources.

Guest access – turned off by default.

  • Lets you add individual users with their own email address. You do this when you want external users to access teams and team resources. Approved guests will be added to the organization’s active directory.

If guest access is enabled, it is subject to Azure AD and Office 365 licensing and service limits. Guests will have no access to the following, which cannot be changed:

  • OneDrive for Business
  • An organization’s calendar/meetings
  • PSTN
  • Organization’s hierarchical chart
  • The ability to create, revise, or browse a team
  • Upload files to one-on-one chat

Info-Tech Best Practice

Within the security and compliance center, you can allow users to add sensitivity labels to their teams that can prevent external and guest access.

Expiration and archiving

To reduce the number of unused teams and channels, or delete information permanently, the global or Teams service administrator can implement an Office 365 group expiration and archiving policy through the Teams admin center.

If a team has an expiration policy applied to it, the team owner will receive a notification for team renewal 30 days, 15 days, and 1 day before the expiry date. They can renew their team at any point within this time.

  • To prevent accidental deletion, auto-renewal is enabled for a team. If the team owner is unable to manually respond, any team that has one channel visit from a team member before expiry is automatically renewed.
  • A deleted Office 365 group is retained for 30 days and can be restored at any point within this time.

Alternatively, teams and their channels (including private) can be archived. This will mean that all activity for the team ceases. However, you can still add, remove, and update roles of the members.

Retention and data loss prevention

Retention policies can be created and managed in the Microsoft 365 Compliance Center or the security and compliance center PowerShell cmdlets. This can be applied globally or to specific users.

By default, information shared through Teams is retained forever.

However, setting up retention policies ensures data is retained for a specified time regardless of what happens to that data within Teams (e.g. user deletes).

Info-Tech Best Practice

To prevent external or guest users accessing and deleting sensitive data, Teams is able to block this content when shared by internal users. Ensure this is configured appropriately in your organization:

  • For guest access in teams and channels
  • For external access in meetings and chat

Please note the following limitations of Teams’ retention and data loss prevention:

  • Organization-wide retention policies will need to be manually inputted into Teams. This is because Teams requires a retention policy that is independent of other workloads.
  • As of May 2020, retention policies apply to all information in Teams except private channel messages. Files shared in private channels, though, are subject to retention policies.
  • Teams does not support advanced retention settings, such as a policy that pertains to specific keywords or sensitive information.
  • It will take three to seven days to permanently delete expired messages.

Teams telephony

Teams has built-in functionality to call any team member within the organization through VoIP.

However, Teams does not automatically connect to the PSTN, meaning that calling or receiving calls from external users is not immediately possible.

Bridging VoIP calls with the PSTN through Teams is available as an add-on that can be attached to an E3 license or as part of an E5 license.

There are two options to enable this capability:

  • Enable Phone System. This allows for call control and PBX capabilities in Office 365.
  • Use direct routing. You can use an existing PSTN connection via a Session Border Controller that links with Teams (Amaxra).

Steps to implement Teams telephony:

  1. Ensure Phone System and required (non-Microsoft-related) services are available in your country or region.
  2. Purchase and assign Phone System and Calling Plan licenses. If Calling Plans are not available in your country or region, Microsoft recommends using Direct Routing.
  3. Get phone numbers and/or service numbers. There are three ways to do this:
    • Get new numbers through the Teams admin center.
    • If you cannot get new numbers through the Teams admin center, you can request new numbers from Microsoft directly.
    • Port or transfer existing numbers. To do this, you need to send Microsoft a letter of authorization, giving them permission to request and transfer existing numbers on your behalf.
  4. To enable service numbers, including toll-free numbers, Microsoft recommends setting up Communications Credits for your Calling Plans and Audio Conferencing.

Overview: Teams rollout

  1. From Skype (and Slack) to Teams
  2. Gain stakeholder purchase
  3. Employ a phased deployment
  4. Engage end users

Skype for Business is being retired; Microsoft offers a range of transitions to Teams.

Combine the best transition mode with Info-Tech’s adoption best practices to successfully onboard and socialize Teams.

From Skype to Teams

Skype for Business Online will be retired on July 31, 2021. Choose from the options below to see which transition mode is right for your organization.

Skype for Business On-Premises will be retired in 2024. To upgrade to Teams, first configure hybrid connectivity to Skype for Business Online.

Islands mode (default)

  • Skype for Business and Teams coexist while Teams is rolled out.
  • Recommended for phased rollouts or when Teams is ready to use for chat, calling, and meetings.
  • Interoperability is limited. Teams and Skype for Business only transfer information if an internal Teams user sends communications to an external Skype for Business user.

Teams only mode (final)

  • All capabilities are enabled in Teams and Skype for Business is disabled.
  • Recommended when end users are ready to switch fully to Teams.
  • End users may retain Skype for Business to join meetings with non-upgraded or external parties. However, this communication is only initiated from the Skype for Business external user.

Collaboration first mode

  • Skype for Business and Teams coexist, but only Teams’ collaboration capabilities are enabled. Teams communications capabilities are turned off.
  • Recommended to leverage Skype for Business communications yet utilize Teams for collaboration.

Meetings first mode

  • Skype for Business and Teams coexist, but only Teams’ meetings capabilities are enabled.
  • Recommended for organizations that want to leverage their Skype for Business On-Premises’ Enterprise Voice capability but want to benefit from Teams’ meetings through VoIP.

From Slack to Teams

The more that’s left behind in Slack, the easier the transition. As a prerequisite, pull together the following information:

  • Usage statistics of Slack workspaces and channels
  • What apps end users utilize in Slack
  • What message history you want to export
  • A list of users whose Slack accounts can map on to required Microsoft accounts
Test content migration

Your Slack service plan will determine what you can and can’t migrate. By default, public channels content can be exported. However, private channels may not be exportable, and a third-party app is needed to migrate Direct Messages.

Files migration

Once you have set up your teams and channels in Teams, you can programmatically copy files from Slack into the target Teams channel.

Apps migration

Once you have a list of apps and their configurations used in Slack’s workspaces, you can search in Teams’ app store to see if they’re available for Teams.

User identity migration

Slack user identities may not map onto a Microsoft account. This will cause migration issues, such as problems with exporting text content posted by that user.

Follow the migration steps to the right.

Importantly, determine which Slack workspaces and channels should become teams and channels within Teams.

Usage statistics from Slack can help pinpoint which workspaces and channels are redundant.

This will help IT paint an ordered first picture for new Teams end users.
  1. Create teams and channels in Teams
  2. Copy files into Teams
  3. Install apps, configure Office 365 Connecters
  4. Import Slack history
  5. Disable Slack user accounts

Info-Tech Best Practice

Avoid data-handling violations. Determine what privacy and compliance regulations (if any) apply to the handling, storage, and processing of data during this migration.

Gain stakeholder purchase

Change management is a challenging aspect of implementing a new collaboration tool. Creating a communication and adoption plan is crucial to achieving universal buy-in for Teams.

To start, define SMART objectives and create a goals cascade.

Specific Measurable Actionable Realistic Time Bound
Make sure the objective is clear and detailed. Objectives are `measurable` if there are specific metrics assigned to measure success. Metrics should be objective. Objectives become actionable when specific initiatives designed to achieve the objective are identified. Objectives must be achievable given your current resources or known available resources. An objective without a timeline can be put off indefinitely. Furthermore, measuring success is challenging without a timeline.
Who, what, where, why? How will you measure the extent to which the goal is met? What is the action-oriented verb? Is this within my capabilities? By when: deadline, frequency?

Sample list of stakeholder-specific benefits from improving collaboration

Stakeholder Driver Benefits
Senior Leadership Resource optimization Increased transparency into IT operational costs.
Better ability to forecast hardware, resourcing costs.
All employees Increasing productivity Apps deployed faster.
Issues fixed faster.
Easier access to files.
Able to work more easily offsite.
LBU-HR, legal, finance Mitigating risk Better able to verify compliance with external regulations.
Better understanding of IT risks.
Service desk Resource optimization Able to resolve issues faster.
Fewer issues stemming from updates.
Tier 2 Increasing productivity Less time spent on routine maintenance.

Use these activities to define what pain points stakeholders face and how Teams can directly mitigate those pain points.

(Source: Rationalize Your Collaboration Tools (coming soon), Activities: 3.1C – 3.1D)

Employ a phased deployment

Info-Tech Best Practice

Deploy Teams over a series of phases. As such, if you are already using Skype for Business, choose one of the coexistence phases to start.

    1. Identify and pilot Teams with early adopters that will become your champions. These champions should be formally trained, be encouraged to help and train their colleagues, and be positively reinforced for their efforts.
    2. Iron out bugs identified with the pilot group and train middle management. Enterprise collaboration tool adoption is strongly correlated with leadership adoption.
      1. Top-level management
        Control and direct overall organization.
      2. Middle management
        Execute top-level management’s plans in accordance with organization’s norms.
      3. First-level management
        Execute day-to-day activities.
    3. Use Info-Tech’s one-pager marketing template to advertise the new tool to stakeholders. Highlight how the new tool addresses specific pain points. Address questions stemming from fear and uncertainty to avoid employees’ embarrassment or their rejection of the tool.
A screenshot of Info-Tech's one-pager marketing template.
  1. Extend the pilot to other departments and continue this process for the whole organization.

(Source: Rationalize Your Collaboration Tools (coming soon), Tools:GANTT Chart and Marketing Materials, Activities: 3.2A – 3.2B)

Info-Tech Insight

Be in control of setting and maintaining expectations. Aligning expectations with reality and the needs of employees will lower onboarding resistance.

Engage end users

Short-term best practices

Launch day:
  • Hold a “lunch and learn” targeted training session to walk end users through common use cases.
  • Open a booth or virtual session (through Teams!) and have tool representatives available to answer questions.
  • Create a game to get users exploring the new tool – from scavenger hunts to bingo.
Launch week:
  • Offer incentives for using the tool and helping others, including small gift cards.
  • Publicize achievements if departments hit adoption milestones.

Long-term best practices

  • Make available additional training past launch week. End users should keep learning new features to improve familiarity.
  • Distribute frequent training clips, slowly exposing end users to more complex ways of utilizing Teams.
  • Continue to positively reinforce and recognize those who use Teams well. This could be celebrating those that help others use the tool, how active certain users are, and attendance at learning events.

Info-Tech Best Practice

Microsoft has a range of training support that can be utilized. From instructor-led training to “Coffee in the Cloud” sessions, leverage all the support you can.

Use case #1: Retain and search data for legal/regulatory compliance

Scenario:

Your organization requires you to retain data and documents for a certain period of time; however, after this period, your organization wishes to delete or archive the data instead of maintaining it indefinitely. Within the timeframe of the retention policy, the admin may be asked to retrieve information that has been requested through a legal channel.

Purpose:
  • Maintain compliance with the legal and regulatory standards to which the organization is subject.
Jobs:
  • Ensure the data is retained for the approved time period.
  • Ensure the policy applies to all relevant data and users.
Solution: Retention Policies
  • Ensure that your organization has an Office 365 E3 or higher license.
  • Set the desired retention policy through the Security & Compliance Center or PowerShell by deciding which teams, channels, chats, and users the policies will apply to and what will happen once the retention period ends.
  • Ensure that matching retention policies are applied to SharePoint and OneDrive, since this is where files shared in Teams are stored.
  • Be aware that Teams retention policies cannot be applied to messages in private channels.
Solution: e-Discovery
  • If legally necessary, place users or Teams on legal hold in order to retain data that would be otherwise deleted by your organization’s retention policies.
  • Perform e-discovery on Teams messages, files, and summaries of meetings and calls through the Security & Compliance Center.
  • See Microsoft’s chart on the next slide for what is e-discoverable.

Content subject to e-discovery

Content type eDiscoverable Notes
Teams chat messages Yes Chat messages from chats where guest users are the only participants in a 1:1 or 1:N chat are not e-discoverable.
Audio recordings No  
Private channel messages Yes  
Emojis, GIFs, stickers Yes  
Code snippets No  
Chat links Yes  
Reactions (likes, hearts, etc) No  
Edited messages Yes If the user is on hold, previous versions of edited messages are preserved.
Inline images Yes  
Tables Yes  
Subject Yes  
Quotes Yes Quoted content is searchable. However, search results don’t indicate that the content was quoted.
Name of channel No  

E-discovery does not capture audio messages and read receipts in MS Teams.

Since files shared in private channels are stored separately from the rest of a team, follow Microsoft’s directions for how to include private channels in e-discovery. (Source: “Conduct an eDiscovery investigation of content in Microsoft Teams,” Microsoft, 2020.)

Use case #2: Add external person to a team

Scenario:

A team in your organization needs to work in an ongoing way with someone external to the company. This user needs access to the relevant team’s work environment, but they should not be privy to the goings-on in the other parts of the organization.

Jobs:

This external person needs to be able to:

  • Attend meetings
  • Join calls
  • Chat with individual team members
  • View and collaborate on the team’s files
Solution:
  • If necessary, set a data loss prevention policy to prevent your users from sharing certain types of information or files with external users present in your organization’s Teams chats and public channels.
  • Ensure that your Microsoft license includes DLP protection. However:
    • DLP cannot be applied to private channel messages.
    • DLP cannot block messages from external Skype for Business users nor external users who are not in “Teams only” mode.
  • Ensure that you have a team set up for the project that you wish the external user to join. The external user will be able to see all the channels in this team, unless you create a private channel they are restricted from.
  • Complete Microsoft’s “Guest Access Checklist” to enable guest access in Teams, if it isn’t already enabled.
  • As admin, give the external user guest access through the Teams admin center or Azure AD B2B collaboration. (If given permission, team owners can also add guests through the Teams client).
  • Decide whether to set a policy to monitor and audit external user activity.

Use case #3: Delete/archive a team

Scenario:

In order to avoid teams sprawl, organizations may want IT to periodically delete or archive unused teams within the Teams client in order to improve the user interface.

Alternately, if you are using a project-based approach to organizing Teams, you may wish to formalize a process to archive a team once the project is complete.

Delete:
  • Determine if the team owner anticipates the team will need to be restored one day.
  • Ensure that deletion does not contradict the organization’s retention policy.
  • If not, proceed with deletion. Find the team in the Teams admin center and delete.
  • Restore a deleted team within 30 days of its initial deletion through PowerShell.
Archive:
  • Determine if the team owner anticipates the team will need to be restored one day.
  • Find the relevant team in the Teams admin center and change its status to “Archived.”
  • Restore the archived team if the workspace becomes relevant once again.

Info-Tech Best Practice

Remind end users that they can hide teams or channels they do not wish to see in their Teams interface. Knowing a team can be hidden may impact a team owner’s decision to delete it.

Section 2: Teams for End Users

Best practices for utilizing teams, channels, chat, meetings, and live events

Section 1

Teams for IT

 Section 2

Teams for end users

From Teams how-tos to common use cases for end users.

End user basics
  • Teams, channels, and chat
  • Meetings and live events
Common use cases: Workspaces
  • WS#1: Departments
  • WS#2: A cross-functional committee
  • WS#3: An innovation day event
  • WS#4: A non-work-related social event
  • WS#5: A project team with a defined end time
Common use cases: Meetings
  • M#1: Job interview with an external candidate
  • M#2: Quarterly board meeting
  • M#3: Weekly recurring team meeting
  • M#4: Morning stand-up/scrum
  • M#5: Phone call between two people

Overview: Teams, channels, and chat

Teams

  • Team: A workspace for a group of collaborative individuals.
    • Public channel: A focused area where all members of a team can meet, communicate, and share ideas and content.
    • Private channel: Like a public channel but restricted to a subset of team members, defined by channel owner.

Chat

  • Chat: Two or more users collected into a common conversation thread.
(Source: “Overview of teams and channels in Microsoft Teams,” Microsoft, 2020.)

For any Microsoft Teams newcomer, the differences between teams, channels, and chat can be confusing.

Use Microsoft’s figure (left) to see how these three mediums differ in their role and function.

Best practices: Workspaces 1/2

  Team
A workspace for a group of collaborative individuals.		 Public Channel
A focused area where all members of a team can meet, communicate, and share ideas and content.		 Private Channel
Like a public channel but restricted to a subset of team members, defined by channel owner.		 Group Chat
Two or more users collected into a common conversation thread.
Limits and Administrative Control
Who can create? Default setting: All users in an organization can create a team

Maximum 500,000 teams per tenant

 Any member of a team can create a public channel within the team

Maximum 200 public channels per team

 Any member of a team can create a private channel and define its members

Maximum 30 private channels per team

 Anyone
Who can add members? Team owner(s); max 5,000 members per team N/A Channel owner(s) can add up to 250 members Anyone can bring new members into the chat (and decide if they can see the previous history) up to 100 members
Who can delete? Team owner/admin can delete Any team member Channel owner(s) Anyone can leave a chat but cannot delete chat, but they are never effectively deleted
Social Context
Who can see it? Public teams are indexed and searchable

Private teams are not indexed and are visible only to joined members

 All members of the team can see all public channels. Channels may be hidden from view for the purposes of cleaning up the UI. Individuals will only see private channels for which they have membership Only participants in the group chat can see the group chat
Who can see the content? Team members can see any content that is not otherwise part of a private channel All team members All members of the private channel Only members of the group chat

When does a Group Chat become a Channel?

  • When it’s appropriate for the conversation to have a gallery – an audience of members who may not be actively participating in the discussion.
  • When control over who joins the conversation needs to be centrally governed and not left up to anyone in the discussion.
  • When the discussion will persist over a longer time period.
  • When the number of participants approaches 100.

When does a Channel become a Team?

  • When a team approaches 30 private channels, many of those private channels are likely candidates to become their own team.
  • When the channel membership needs to extend beyond the boundary of the team membership.

Best practices: Workspaces 2/2

  Team
A workspace for a group of collaborative individuals.		 Public Channel
A focused area where all members of a team can meet, communicate, and share ideas and content.		 Private Channel
Like a public channel but restricted to a subset of team members, defined by channel owner.		 Group Chat
Two or more users collected into a common conversation thread.
Data and Applications
Where does the content live? SharePoint: Every team resides in its own SharePoint site SharePoint: Each team (public and private) has its own folder off the root of the SharePoint site’s repository SharePoint: Each team (public and private) has its own folder off the root of the SharePoint site’s repository OneDrive: Files that are shared in a chat are stored in the OneDrive folder of the original poster and shared to the other members
How does the data persist or be retained? If a team expires/is deleted, its corresponding SharePoint site and those artifacts are also deleted Available for 21 days after deletion. Any member of the team can delete a public channel. The team owner and private channel owner can delete/restore a private channel Chats are never effectively deleted. They can be hidden to clean up the user interface.
Video N/A Yes, select “Meet now” in channel below text entry box Yes, select “Meet now” in channel below text entry box Yes
Phone calls N/A Yes, select “Meet now” in channel below text entry box Yes, select “Meet now” in channel below text entry box Yes
Shared computer audio/screen N/A Yes, select “Meet now” in channel below text entry box Yes, select “Meet now” in channel below text entry box Yes
File-sharing Within channels Yes. Frequently used/collaborated files can be turned into discrete tab. Yes. Frequently used/collaborated files can be turned into discrete tab. Yes
Wikis Within channels Yes Yes No
Whiteboarding No No No No

When does a Team become a Channel?

  • When a team’s purpose for existing can logically be subsumed by another team that has a larger scope.

When does a Channel become a Group Chat?

  • When a conversation within a channel between select users does not pertain to that channel’s scope (or any other existing channel), they should move the conversation to a group chat.
  • However, this is until that group chat desires to form a channel of its own.

Create a new team

Team owner: The person who creates the team. It is possible for the team owner to then invite other members of the team to become co-owners to distribute administrative responsibilities.

Team members: People who have accepted their invitation to be a part of the team.

NB: Your organization can control who has permission to set up a team. If you can’t set a up a team, contact your IT department.

Screenshots detailing how to create a new team in Microsoft Teams, steps 1 to 3. Step 1: 'Click the <Teams data-verified= tab on the left-hand side of the app'. Step 2: 'At the bottom of the app, click '. Step 3: 'Under the banner , click '.">

Create a new team

Screenshot detailing how to create a new team in Microsoft Teams, the step 4 starting point with an arrow pointing to the 'Build a team from scratch' button.

Decide from these two options:

  • Building a team from scratch, which will create a new group with no prior history imported (steps 4.1–4.3).
  • Creating a team from an existing group in Office 365, including an already existing team (steps 4.4–4.6).

NB: You cannot create a team from an existing group if:

  • That group has 5,000 members or more.
  • That group is in Yammer.

Screenshot detailing how to create a new team in Microsoft Teams, step 4.1. There are buttons for 'Private' and 'Public'.

Decide if you want you new team from scratch to be private or public. If you set up a private team, any internal or external user you invite into the team will have access to all team history and files shared.

Screenshot detailing how to create a new team in Microsoft Teams, step 4.2 and 4.3. 4.2 has a space to give your team a name and another for a description. 4.3 says 'Then click <Create data-verified='.">

Create a new team

Screenshot detailing how to create a new team in Microsoft Teams, the step 4 starting point with an arrow pointing to the 'Create from...' button.

Decide from these two options:

  • Building a team from scratch, which will create a new group with no prior history imported (steps 4.1–4.3).
  • Creating a team from an existing group in Office 365, including an already existing team (steps 4.4–4.6).

NB: You cannot create a team from an existing group if:

  • That group has 5,000 members or more.
  • That group is in Yammer.

Screenshot detailing how to create a new team in Microsoft Teams, step 4.4. It reads 'Create a new team from something you already own' with a button for 'Team'.

Configure your new team settings, including privacy, apps, tabs, and members.

Screenshot detailing how to create a new team in Microsoft Teams, step 4.5 and 4.6. 4.5 has a space to give your team a name, a description, choose privacy settings, and what you'd like to include from the original team. 4.6 says 'Then click <Create data-verified='.">

Add team members

Remove team members
Screenshot detailing how to add team members in Microsoft Teams, step 1.

To add a team member, on the right-hand side of the team name, click “More options.”

Then, from the drop-down menu, click “Add member.”

 Screenshot detailing how to remove team members in Microsoft Teams, step 1.

Only team owners can remove a team member. To do so, on the right-hand side of the team name, click “More options.”

Then, from the drop-down menu, click “Manage team.”
Screenshot detailing how to add team members in Microsoft Teams, step 2.

If you’re a team owner, you can then type a name or an email address to add another member to the team.

If you’re a team member, typing a name or an email address will send a request to the team owner to consider adding the member.

 Screenshot detailing how to remove team members in Microsoft Teams, step 2.

Under the “Members” tab, you’ll see a list of the members in the team. Click the “X” at the far right of the member’s name to remove them.

Team owners can only be removed if they change their role to team member first.

Create a new channel

Screenshot detailing how to create a new channel in Microsoft Teams, step 1.

On the right-hand side of the team name, click “More options.”

Then, from the drop-down menu, click “Add channel.”

 Screenshot detailing how to create a new channel in Microsoft Teams, step 2.

Name your channel, give a description, and set your channel’s privacy.
Screenshot detailing how to create a new channel in Microsoft Teams, step 3.

To manage subsequent permissions, on the right-hand side of the channel name, click “More options.”

Then, from the drop-down menu, click “Manage channel.”

Adding and removing members from channels:

Only members in a team can see that team’s channels. Setting channel privacy as “standard” means that the channel can be accessed by anyone in a team. Unless privacy settings for a channel are set as “private” (from which the channel creator can choose who can be in that channel), there is no current way to remove members from channels.

It will be up to the end user to decide which channels they want to hide.

Link team/channel to SharePoint folder

Screenshot detailing how to link a team or channel to a SharePoint folder in Microsoft Teams, steps 1, 2, and 3. Step 1: 'Along the top of the team/channel tab bar, click the “+” symbol'. Step 2: 'Select “Document Library” to link the team/channel to a SharePoint folder'. Step 3: 'Copy and paste the SharePoint URL for the desired folder, or search in “Relevant sites” if the folder can be found there'.

Need to find the SharePoint URL?

Screenshot detailing how to find the SharePoint URL in Microsoft Teams. 'Locate the folder in SharePoint and click <Show actions data-verified=', 'Click to access the folder's SharePoint URL.'">

Hide/unhide teams

Hide/unhide channels
Screenshot detailing how to hide and unhide teams in Microsoft Teams, step 1.

To hide a team, on the right-hand side of the team name, click “More options.”

Then, from the drop-down menu, click “Hide.” Hidden teams are moved to the “hidden teams” menu at the bottom of your team list.

 Screenshot detailing how to hide and unhide channels in Microsoft Teams, step 1.

To hide a channel, on the right-hand side of the channel name, click “More options.”

Then, from the drop-down menu, click “Hide.” Hidden channels are moved to the “hidden channels” menu at the bottom of your channel list in that team.
Screenshot detailing how to hide and unhide teams in Microsoft Teams, step 2. Screenshot of a button that says 'Hidden teams'.

To unhide a team, click on the “hidden teams” menu. On the right-hand side of the team name, click “More options.”

Then, from the drop-down menu, click “Show.”

 Screenshot detailing how to hide and unhide channels in Microsoft Teams, step 2.

To unhide a channel, click on the “hidden channels” menu at the bottom of the team. This will produce a drop-down menu of all hidden channels in that team.

Hover over the channel you want to unhide and click “Show.”

Find/join teams

Leave teams
Screenshot detailing how to find and join teams in Microsoft Teams, step 1. Click the “Teams” tab on the left-hand side of the app. Screenshot detailing how to find and join teams in Microsoft Teams, step 2.

At the bottom of the app, click “Join or create a team.” Teams will then suggest a range of teams that you might be looking for. You can join public teams immediately. You will have to request approval to join a private team.

 Screenshot detailing how to leave teams in Microsoft Teams.

To leave a team, on the right-hand side of the team name, click “More options.”

Then, from the drop-down menu, click “Leave the team.”
NB: If the owner of a private team has switched off discoverability, you will have to contact that owner to join that team. Screenshot detailing how to find and join teams in Microsoft Teams, step 3. If you can’t immediately see the team, you have two options: either search for the team or enter that team’s code under the banner “Join a team with a code.” Can I find a channel?

No. To join a channel, you need to first join the team that channel belongs to.

Can I leave a channel?

No. The most you can do is hide the channel. By default, if you join a team you will have access to all the channels within that team (unless a channel is private, in which case you’ll have to request access to that channel).

Create a chat

Screenshots detailing how to create a chat in Microsoft Teams, steps 1 to 5. Step 1:'Click the “Chat” tab on the left hand side of the app (or keyboard shortcut Ctrl+N)'. Step 2: 'Search the name of the person you want to chat with'. Step 3: 'You’re now ready to start the chat! You can also send a chat message while working in a separate channel by typing/chat into the search bar and entering the recipient’s name'. Step 4: 'For group chat, click the “Add people” button in the top right hand corner of the app to add other persons into the existing chat'. Step 5: 'You can then rename the group chat (if there are 3+ people) by clicking the “Name group chat” option to the right of the group chat members’ names'.

Hide a chat

Unhide a chat
Screenshots detailing how to hide a chat in Microsoft Teams, steps 1 to 3. Step 1:'Click the “Chat” tab on the left-hand side of the app'. Step 2: 'Search the name of the chat or group chat that you want to hide'. Step 3: In either 'Single person chat options' or 'Group chat options' Click “More options.” Then click “Hide.”' To unhide a chat, search for the hidden person or name of the group chat in the search bar. Click “More options.” Then click “Unhide.” Screenshot detailing how to unhide a chat in Microsoft Teams.

Leave a chat
You can only leave group chats. To do so, click “More options.” Then click “Leave.” Screenshot detailing how to leave a chat in Microsoft Teams.

Overview: Meetings and live events

Teams Meetings: Real-time communication and collaboration between a group, limited to 250 people.

Teams Live Events: designed for presentations and webinars to a large audience of up to 10,000 people, in which attendees watch rather than interact.

 

Office 365 and Microsoft 365 Licenses
I want to: F1 F3 E1 E3 E5 Audio conferencing add-on
Join a Teams meeting No license required. Any email address can participate in a Teams meeting.
Attend a Teams meeting with a dial-in phone number No license required. Any phone number can dial into a Teams meeting. (Meeting organizers need to have an Audio Conferencing add-on license to send an invite that includes dial-in conferencing.)
Attend a Teams live event No license required. Any phone number can dial into a Teams live event.
Create a Teams meeting for up to 250 attendees   One of these licensing plans
Create a Teams meeting for up to 250 attendees with a dial-in phone number   One of these licensing plans + Audio Conferencing (Meeting organizers need to have an Audio Conferencing add-on license to send an invite that includes dial-in conferencing.)
Create a Teams live event for up to 10,000 attendees     One of these licensing plans
Dial out from a Teams meeting to add someone at their Call me at number   One of these licensing plans + Audio Conferencing (Meeting dial out to a Call me at number requires organizers to have an E5 or Audio Conference add-in license. A dial plan may also be needed.)

Depending on the use case, end users will have to determine whether they need to hold a meeting or a live event.

Use Microsoft’s table (left) to see what license your organization needs to perform meetings and live events.

(Source: “Admin quick start – Meetings and live events in Microsoft Teams,” Microsoft, 2020.)

Best practices: Meetings

  Ad Hoc Call
Direct audio/video call		 Scheduled Meeting Live Event
Limits and Administrative Control
Who can create? Anyone Anyone Anyone, unless altered by admin (permission to create MS Stream events also required if external production tools are used).
Who can add members? Anyone in the session. The meeting organizer can add new attendees to the meeting. The event creator (the “organizer”) sets attendee permissions and assigns event group roles (“producer” and “presenter”).
Can external stakeholders attend? Yes, through email invite. However, collaboration tools are restricted. Yes, through email invite. However, collaboration tools are restricted. Public events: yes, through shared invite link.
Org-wide event: yes, if guest/external access granted.
Who can delete? Anyone can leave the session. There is no artifact to delete. The meeting organizer Any attendee can leave the session.
The organizer can cancel the event.
Maximum attendees 100 250 10,000 attendees and 10 active presenters/producers (250 presenters and producers can be present at the event).
Social Context
How does the request come in? Unscheduled.
Notification of an incoming audio or video call.		 Scheduled.
Meeting invite, populated in the calendar, at a scheduled time.		 Meeting only auto-populated in event group’s calendars. Organizer must circulate event invite link to attendees – for instance, by pasting link into an Outlook meeting invite.
Available Functionality
Screen-sharing Yes Yes Producers and Presenters (through Teams, no third-party app).
Whiteboard No Yes Yes
OneNote (for minutes) Yes (from a member’s OneDrive) Yes, part of the meeting construct. No. A Meeting Notes tab is available instead.
Dedicated chat space Yes. Derived from a group chat. Meeting has its own chat room. The organizer can set up a moderated Q&A (not chat) when creating the event. Only Presenters and Producers can chat.
Recording Yes Yes Yes. Event can last up to 4 hours.

When should an Ad Hoc Call become a Scheduled Meeting?

  • When the participants need time to prepare content for the call.
  • When an answer is not required immediately.
  • When bringing a group of people together requires logistical organizing.

When should a Scheduled Meeting become an Ad Hoc Call?

  • When the participants can meet on short notice.
  • When a topic under discussion requires creating alignment quickly.

When should a Live Event be created?

  • When the expected attendance exceeds 250 people.
  • If the event does not require collaboration and is mostly a presenter conveying information.

Create a scheduled meeting

Screenshots detailing how to create a scheduled meeting in Microsoft Teams, steps 1 to 4. Step 1:'Click the “Calendar” tab on the left-hand side of the app'. Step 2: 'On the top-right of the app, click the drop-down menu for “+ New meeting” and then “Schedule meeting.”' Step 3: 'Fill in the meeting details. When inputting internal attendees, their names will drop down without needing their email. You will need to input email addresses for external attendees'. Step 4: 'To determine internal attendees’ availability, click “Scheduling assistant” on the top left. Then click “Save” to create the meeting'.

Create an ad hoc meeting

Screenshots detailing how to create an ad hoc meeting in Microsoft Teams, steps 1 to 4. Step 1:'Click the “Calendar” tab on the left-hand side of the app'. Step 2: 'Along the top-right, click “Meet now.”' Step 3: 'Name your meeting, choose your audio and video settings, and click “Join now.”'. Step 4: 'To determine internal attendees’ availability, click “Scheduling assistant” on the top left. Then click “Save” to create the meeting. You’ll then be prompted to fill in the meeting details. When inputting internal attendees, their names will drop down without needing their email. You will need to input email addresses for external attendees'.

Tip: Use existing channels to host the chatrooms for your online meetings

When you host a meeting online with Microsoft Teams, there will always be a chatroom associated with the meeting. While this is a great place for meeting participants to interact, there is one particular downside.

Problem: The never-ending chat. Often the activity in these chatrooms can persist long after the meeting. The chatroom itself becomes, unofficially, a channel. When end users can’t keep up with the deluge of communication, the tools have failed them.

Solution: Adding an existing channel to the meeting. This ensures that discussion activity is already hosted in the appropriate venue for the group, during and after the meeting. Furthermore, it provides non-attendees with a means to catch up on the discussion they have missed.

In section two of this cookbook, we will often refer to this tactic.

A screenshot detailing how to add an existing channel to a meeting in Microsoft Teams. 'Break the habit of online booking meetings in Outlook – use the Teams Calendar View instead! In order to make use of this function, the meeting must be setup in Microsoft Teams, not Microsoft Outlook. The option to assign a channel to the meeting will then be available to the meeting organizer.'

Don’t have a channel for the chat session of your online meeting? Perhaps you should!

If your meeting is with a group of individuals that will be collaborating frequently, they may need a workspace that persists beyond the meeting.

Guests can still attend the meeting, but they can’t chat!

If there are attendees in your meeting that do not have access to the channel you select to host the chat, they will not see the chat discussion nor have any ability to use this function.

This may be appropriate in some cases – for example, a vendor providing a briefing as part of a regular team meeting.

However, if there are attendees outside the channel membership that need to see the meeting chat, consider another channel or simply default to not assigning one.

Meeting settings explained

Show device settings. For settings concerning audio, video, and whether viewing is private.

Show meeting notes. Use to take notes throughout the meeting. The notes will stay attached to this event.

Show meeting details. Find meeting information for: a dial-in number, conference ID, and link to join.

Enter full screen.

Show background effects. Choose from a range of video backgrounds to hide/blur your location.

Turn on the captions (preview). Turn on live speech-to-text captions.

Keypad. For dialing a number within the meeting (when enabled as an add-on with E3 or as part of E5).

Start recording. Recorded and saved using Microsoft Stream.

End meeting.

Turn off incoming video. To save network bandwidth, you can decline receiving attendee’s video.

Click “More options” to access the meetings settings.

Screen share. In the tool tray, select “Share” to share your screen. Select particular applications if you only want to share certain information; otherwise, you can share your whole desktop.

System audio share. To share your device’s audio while screen sharing, checkbox the “Include system audio” option upon clicking “Share.”

If you didn’t click that option at the start but now want to share audio during screen share, click the “Include systems audio” option in the tool tray along the top of the screen.

Give/take control of screen share. To give control, click “Give control” in the tool tray along the top of the screen when sharing content. Choose from the drop-down who you would like to give control to. In the same spot, click “Take back control” when required.

To request control, click “Request control” in the same space when viewing someone sharing their content. Click “Release control” once finished.

Start whiteboarding

  1. You’ll first need to enable Microsoft Whiteboard in the Microsoft 365 admin center. Ask your relevant admin to do so if Whiteboard is not already enabled.
  2. Once enabled, click “Share” in a meeting. This feature only appears if you have 3+ participants in the meeting.
  3. Under the “Whiteboard” section in the bottom right, click “Microsoft Whiteboard.”
  4. Click the pen icons to the right of the screen to begin sketching.

NB: Anonymous, federated, or guest users are currently not supported to start, view, or ink a whiteboard in a Teams meeting.

Will the whiteboard session be recorded if the meeting is being recorded?

No. However, the final whiteboard will be available to all meeting attendees after the meeting, under “Board Gallery” in the Microsoft Whiteboard app. Attendees can then continue to work on the whiteboard after the meeting has ended.

Create a live event

Screenshots detailing how to create a live event in Microsoft Teams, steps 1 to 3. Step 1: 'Click the “Calendar” tab on the left-hand side of the app'. Step 2: 'On the top right of the app, click the drop-down menu for “+ New meeting” and then “Live event.”' Step 3: 'You will be labeled the “Event organizer.” First, fill in the live event details on the left'. Screenshot detailing how to create a live event in Microsoft Teams, step 4.

As the organizer, you can invite other people to the event who will be the “producers” or “presenters.”

Producers: Control the live event stream, including being able to start and stop the event, share their own and others’ video, share desktop or window, and select layout.

Presenters: Present audio, video, or a screen.
Screenshot detailing how to create a live event in Microsoft Teams, step 5.

Select who your audience will be for your live event from three options: specified people and groups, the organization, or the public with no sign-in required.

Edit the setting for whether you want recording to be available for attendees.

Then click “Schedule” to finish.

Live event settings explained

When you join the live event as a producer/presenter, nothing will be immediately broadcast. You’ll be in a pre-live state. Decide what content to share and in what order. Along the bottom of the screen, you can share your video and audio, share your screen, and mute incoming attendees.

Once your content is ready to share along the bottom of the screen, add it to the screen on the left, in order of viewing. This is your queue – your “Pre-live” state. Then, click “Send now.”

This content will now move to the right-hand screen, ready for broadcasting. Once you’re ready to broadcast, click “Start.” Your state will change from “Pre-live” to “Live.”

Along the top right of the app will be a tools bar.

 Screenshot listing live events settings icons in Microsoft Teams. Beside the heart monitor icon is 'Monitor health and performance of network, devices, and media sharing'. Beside the notepad icon is 'Take meeting notes'. Beside the chatbox icon is 'Chat function'. Beside the two little people with a plus sign icon is 'Invite and show participants'. Beside the gear icon is 'Device settings'. Beside the small 'i' in a circle is 'Meeting details, including schedule, meeting link, and dial-in number'.

Workspace #1: Departments

Scenario: Most of your organization’s communication and collaboration occurs within its pre-existing departmental divisions.

Conventional communication channels:

  • Oral communication: Employees work in proximity to each other and communicate in person, by phone, in department meetings
  • Email: Department-wide announcements
  • Memos: Typically posted/circulated in mailboxes

Solution: Determine the best way to organize your organization’s departments in Teams based on its size and your requirements to keep information private between departments.

Option A:

  • Create a team for the organization/division.
  • Create channels for each department. Remember that all members of a team can view all public channels created in that team and the default General channel.
  • Create private channels if you wish to have a channel that only select members of that team can see. Remember that private channels have some limitations in functionality.

Option B:

  • Create a new team for each department.
  • Create channels within this team for projects or topics that are recurring workflows for the department members. Only department members can view the content of these channels.

Option C:

  • Post departmental memos and announcements in the General channel.
  • Use “Meet now” in channels for ad hoc meetings. For regular department meetings, create a recurring Teams calendar event for the specific department channel (Option A) or the General channel (Option B). Remember that all members of a team can join a public channel meeting.

Workspace #2: A cross-functional committee

Scenario: Your organization has struck a committee composed of members from different departments. The rest of the organization should not have access to the work done in the committee.

Purpose: To analyze a particular organizational challenge and produce a plan or report; to confidentially develop or carry out a series of processes that affect the whole organization.

Jobs: Committee members must be able to:

  • Attend private meetings.
  • Share files confidentially.

Solution:

Ingredients:

  • Private team

Construction:

  • Create a new private team for the cross-functional committee.
  • Add only committee members to the team.
  • Create channels based on the topics likely to be the focal point of the committee work.
  • Decide how you will use the mandatory General channel. If the committee is small and the work limited in scope, this channel may be the main communication space. If the committee is larger or the work more complex, use the General channel for announcements and move discussions to new topic-related channels.
  • Schedule recurring committee meetings in the Teams calendar. Add the relevant channel to the meeting invite to keep the meeting chat attached to this team and channel (as meeting organizer, put your name in the meeting invite notes, as the channel will show as the organizer in the Outlook invite).
  • Remember that all members of this team will have access to these meetings and be able to view that they are occurring.

Workspace #3: An innovation day event

Scenario: The organization holds a yearly innovation day event in which employees form small groups and work on a defined, short-term problem or project.

Purpose: To develop innovative solutions and ideas.

Jobs:

  • Convene small groups.
  • Work toward time-sensitive goals.
  • Communicate synchronously.
  • Share files.

Solution:

Ingredients:

  • Public team
  • Channel tabs
  • Whiteboard
  • Planner

Construction:

  • Create a team for the innovation day event.
  • Add channels for each project working group.
  • Communicate to participants the schedule for the day and their assigned channel.
  • Use the General channel for announcements and instructions throughout the day. Ensure someone moderates the General channel for participants’ questions.
  • Pre-populate the channel tabs with files the participants need to work with. To add a scrum board, refer to M#4 (Morning stand-up/Scrum) in this slide deck.
  • For breakouts, instruct participants to use the “meet now” feature in their channel and how to use the Whiteboard during these meetings.
  • Arrange to have your IT admin archive the team after a certain point so the material is still viewable but not editable.

Workspace #4: A non-work-related social event

Scenario: Employees within the organization wish to organize social events around shared interests: board game clubs, book clubs, TV show discussion groups, trivia nights, etc.

Purpose: To encourage cohesion among coworkers and boost morale.

Jobs:

  • Schedule the event.
  • Invite participants.
  • Prepare the activity.
  • Host and moderate the discussion.

Solution:

Ingredients:

  • Public team
  • Private channels
  • Screen-sharing

Construction:

  • Create a public team for the social event so that interested people can find and join it.
  • Example: Trivia Night
    • Schedule the event in the Teams calendar.
    • Publish the link to the Trivia Night team where other employees will see it.
    • Create private channels for each trivia team so they cannot see the other competitors’ discussions. Add yourself to each private channel so you can see their answers.
    • As the host, begin a meeting in the General channel. Pose the trivia questions live or present the questions on PowerPoint via screen-sharing.
    • Ask each team to post its answers to its private channel.
  • To avoid teams sprawl, ask your IT admin to set a deletion policy for the team, as long as this request does not contradict your organization’s policies on data retention. If the team becomes moribund, it can be set to auto-delete after a certain period of time.

Workspace #5: A project team with a defined end time

Scenario: Within a department/workplace team, employees are assigned to projects with defined end times, after which they will be assigned to a new project.

Purpose: To complete project-based work that fulfills business needs.

Jobs:

  • Oral communication with team members.
  • Synchronous and asynchronous work on project files.
  • The ability to attend scheduled meetings and ad hoc meetings.
  • The ability to access shared resources related to the project.

Solution:

If your working group already has its own team within Teams:

  • Create a new public or private channel for the project. Remember that some functionality is not available in private channels (such as Microsoft Planner).
  • Use the channel for the project team’s meetings (scheduled in Teams calendar or through Meet Now).
  • Add a tab that links to the team’s project folder in SharePoint.

If your workplace team does not already have its own team in Teams:

  • Determine if there is a natural fit for this project as a new channel in an existing team. Remember that all team members will be able to see the channel if it is public and that all relevant project members need to belong to the Team to participate in the channel.
  • If necessary, create a new team for the project. Add the project members.
  • Create channels based on the type of work that comprises the project.
  • Use the channel for the project team’s meetings (scheduled in Teams calendar or through Meet Now)
  • Add a tab to link to the team’s project folder in SharePoint.

Info-tech Best Practice

Hide the channel after the project concludes to de-clutter your Teams user interface.

Meeting #1: Job interview with external candidate

Scenario: The organization must interview a slate of candidates to fill an open position.

Purpose:

  • Select the most qualified candidate for the job.

Jobs:

  • Create a meeting, ensuring the candidate and other attendees know when and where the meeting will happen.
  • Ensure the meeting is secure to protect confidential information.
  • Ensure the meeting is accessible, allowing the candidate to present themselves through audio and/or visual means.
  • Create a professional environment for the meeting to take place.
  • Engender a space for the candidate to share their CV, research, or other relevant file.
  • The interview must be transcribed and recorded.

Solution:

Ingredients:

  • Private Teams meeting
  • Screen-sharing
  • Microsoft Stream

Construction:

  • Create a Teams meeting, inviting the candidate with their email, alongside other internal attendees. The Teams meeting invite will auto-generate a link to the meeting itself.
  • The host can control who joins the meeting through settings for the “lobby.”
  • Through the Teams meeting, the attendees will be able to use the voice and video chat functionality.
  • All attendees can opt to blur their backgrounds to maintain a professional online presence.
  • The candidate can share their screen, either specific applications or their whole desktop, during the Teams meeting.
  • A Teams meeting can be recorded and transcribed through Stream. After the meeting, the transcript can be searched, edited, and shared

NB: The external candidate does not need the Teams application. Through the meeting invite, the external candidate will join via a web browser.

Meeting #2: Quarterly board meeting

Scenario: Every quarter, the organization holds its regular board meeting.

Purpose: To discuss agenda items and determine the company’s future direction.

Jobs:

During meeting:
    • Attendance and minutes must be taken.
    • Votes must be recorded.
    • In-camera sessions must occur.
    • External experts must be included.
After meeting:
  • Follow-up items must be assigned.
  • Reports must be submitted.

Solution:

Ingredients:

  • Teams calendar invite
  • Planner; Forms
  • Private channel
  • Microsoft Stream

Construction:

  • Guest Invite: Invites can be sent to any non-domain-joined email address to join a private, invitation-only channel within the team controlled by the board chair.
  • SharePoint & Flow: Documents are emailed to the Team addresses, which kicks off an MS Flow routine to collect review notes.
  • Planner: Any board member can assign tasks to any employee.
  • Forms/Add-On: Chair puts down the form of the question and individual votes are tracked.
  • Teams cloud meeting recording: Recording available through Stream. Manual edits can be made to VTT caption file. Greater than acceptable transcription error rate.
  • Meeting Log: Real-time attendance is viewable but a point-in-time record needs admin access.

NB: The external guests do not need the Teams application. Through the meeting invite, the guests will join via a web browser.

Meeting #3: Weekly team meeting

Scenario: A team meets for a weekly recurring meeting. The meeting is facilitated by the team lead (or manager) who addresses through agenda items and invites participation from the attendees.

Purpose: The purpose of the meeting is to:

  • Share information verbally
  • Present content visually
  • Achieve consensus
  • Build team morale

Jobs: The facilitator must:

  • Determine participants
  • Book room
  • Book meeting in calendar

Solution:

Ingredients:

  • Meeting Place: A channel in Microsoft Teams (must be public) where all members of the meeting make up the entirety of the audience.
  • Calendar Recurrence: A meeting is booked through Teams and appears in all participants’ Outlook calendar.
  • Collaboration Space: Participants join the meeting through video or audio and can share screens and contribute text, images, and links to the meeting chat.

Construction:

  • Ensure your team already has a channel created for it. If not, create one in the appropriate team.
  • Create the meeting using the calendar view within Microsoft Teams:
    • Set the meeting’s name, attendees, time, and recurrence.
    • Add the team channel that serves as the most appropriate workplace for the meeting. (Any discussion in the meeting chat will be posted to this channel.)

NB: Create the meeting in the Teams calendar, not Outlook, or you will not be able to add the Teams channel. As meeting organizer, put your name in the meeting invite notes, as the channel will show as the organizer in the Outlook invite.

Meeting #4: Morning stand-up/scrum

Scenario: Each morning, at 9am, members of the team meet online.

Purpose: After some pleasantries, the team discusses what tasks they each plan to complete in the day.

Jobs: The team leader (or scrum master) must:

  • Place all tasks on a scrum board, each represented by a sticky note denoting the task name and owner.
  • Move the sticky notes through the columns, adjusting assignments as needed.
  • Sort tasks into the following columns: “Not Started,” “In Progress,” and “Done.”

Solution:

Ingredients:

  • Meeting Place: A channel in Microsoft Teams (must be public) where all members of the meeting make up the entirety of the audience.
  • Scrum Board: A tab within that channel where a persistent scrum board has been created and is visible to all team members.

Meeting Place Construction:

  • Create the meeting using the calendar view in Teams.
  • Set the meeting’s name, attendees, time, and work-week daily recurrence (see left).
  • Add the channel that is the most appropriate workplace for the meeting. Any meeting chat will be posted to this channel rather than a separate chat.

Scrum Board Construction:

  • Add a tab to the channel using Microsoft Planner as the app. (You can use other task management apps such as Trello, but the identity integration of first-party Office 365 tools may be less hassle.)
  • Create a new (or import an existing) Plan to the channel. This will be used as the focal point.

Meeting #5: Weekly team meeting

Scenario: An audio-only conversation that could be a regularly scheduled event but is more often conducted on an ad-hoc basis.

Purpose: To quickly share information, achieve consensus, or clarify misunderstandings.

Jobs:

  • Dial recipient
  • See missed calls
  • Leave/check voicemail
  • Create speed-dial list
  • Conference call

Solution:

Ingredients:

  • Audio call begun through Teams chat.

Construction:

  • Voice over IP calls between users in the same MS Teams tenant can begin in multiple ways:
    • A call can be initiated through any appearance of a user’s profile picture: hover over user’s profile photo in the Chat list and select the phone icon.
    • Enter your last chat with a user and click phone icon in upper-right corner.
    • Go to the Calls section and type the name in the “Make a call” text entry form.
  • Voicemail: Voicemail, missed calls, and call history are available in the Calls section.
  • Speed dial: Speed dial lists can be created in the Calls section.
  • Conference call: Other users can be added to an ongoing call.

NB: Microsoft Teams can be configured to provide an organization’s telephony for external calls, but this requires an E5 license. Additional audio-conferencing licenses are required to call in to a Teams meeting over a phone.

Bibliography 1/4

Section 1: Teams for IT › Creation Process

Overview: Creation process
Assign admin roles
Prepare the network
Team creation
Integrations with SharePoint Online
Permissions

Bibliography 2/4

Section 1: Teams for IT › Creation Process (cont'd.)

External and guest access
Expiration and archiving
Retention and data loss prevention
Teams telephony

Bibliography 3/4

Section 1: Teams for IT › Teams Rollout

From Skype to Teams
From Slack to Teams
Teams adoption

Section 1: Teams for IT › Use Cases

Bibliography 4/4

Section 2: Teams for End Users › Teams, Channels, Chat

Section 2: Teams for End Users › Meetings and Live Events

Section 2: Teams for End Users › Use Cases

Improve Your Statements of Work to Hold Your Vendors Accountable

  • Buy Link or Shortcode: {j2store}233|cart{/j2store}
  • member rating overall impact: 10.0/10 Overall Impact
  • member rating average dollars saved: $10,638 Average $ Saved
  • member rating average days saved: 16 Average Days Saved
  • Parent Category Name: Vendor Management
  • Parent Category Link: /vendor-management
  • SOW reviews are tedious, and reviewers may lack the skills and experience to effectively complete the process.
  • Vendors draft provisions that shift the performance risk to the customer in subtle ways that are often overlooked or not identified by customers.
  • Customers don’t understand the power and implications of SOWs, treating them as an afterthought or formality.

Our Advice

Critical Insight

  • There is often a disconnect between what is sold and what is purchased. To gain the customer’s approval, vendors will present a solution- or outcome-based proposal. However, the SOW is task or activity based, shifting the risk for success to the customer.
  • A good SOW takes time and should not be rushed. The quality of the requirements and of the SOW wording drive success. Not allocating enough time to address both increases the risk of the project’s failure.

Impact and Result

  • Info-Tech’s guidance and insights will help you navigate the complex process of SOW review and identify the key details necessary to maximize the protections for your organization and hold vendors accountable.
  • This blueprint provides direction on spotting vendor-biased terms and conditions and offers tips for mitigating the risk associated with words and phrases that shift responsibilities and obligations from the vendor to the customer.

Improve Your Statements of Work to Hold Your Vendors Accountable Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should spend more time assessing your statements of work, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Assess SOW Terms and Conditions

Use Info-Tech’s SOW review guidance to find common pitfalls and gotchas, to maximize the protections for your organization, and to hold vendors accountable.

  • Improve Your Statements of Work to Hold Your Vendors Accountable – Storyboard
  • Contract or SOW Guide
  • SOW Maps Tool
  • Red-Flag Words and Phrases Tool
[infographic]

Workshop: Improve Your Statements of Work to Hold Your Vendors Accountable

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Assess SOW Terms and Conditions

The Purpose

Gain a better understanding of common SOW clauses and phrases.

Key Benefits Achieved

Reduce risk

Increase vendor accountability

Improve negotiation positions

Activities

1.1 Review sample SOW provisions, identify the risks, and develop a negotiation position.

1.2 Review Info-Tech tools.

Outputs

Awareness and increased knowledge

Familiarity with the Info-Tech tools

Passwordless Authentication

  • Buy Link or Shortcode: {j2store}466|cart{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: End-User Computing
  • Parent Category Link: /end-user-computing
  • Stakeholders believe that passwords are still good enough.
  • You don’t know how the vendor products match to the capabilities you need to offer.
  • What do you need to test when you prototype these new technologies?
  • What associated processes/IT domains will be impacted or need to be considered?

Our Advice

Critical Insight

Passwordless is the right direction even if it’s not your final destination.

Impact and Result

  • Be able to handle objections from those who believe passwords are still “fine.”
  • Prioritize the capabilities you need to offer the enterprise, and match them to products/features you can buy from vendors.
  • Integrate passwordless initiatives with other key functions (cloud, IDaM, app rationalization, etc.).

Passwordless Authentication Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Passwordless Authentication – Know when you’ve been beaten!

Back in 2004 we were promised "the end of passwords" – why, then, are we still struggling with them today?

  • Passwordless Authentication Storyboard
[infographic]

Further reading

Passwordless Authentication

Know when you've been beaten!

Executive Summary

Your Challenge

  • The IT world is an increasingly dangerous place.
  • Every year literally billions of credentials are compromised and exposed on the internet.
  • The average employee has between 27 and 191 passwords to manage.
  • The line between business persona and personal persona has been blurred into irrelevancy.
  • You need a method of authenticating users that is up to these challenges

Common Obstacles

  • Legacy systems aside (wouldn't that be nice) this still won't be easy.
  • Social inertia – passwords worked before, so surely, they can still work today! Besides, users don't want to change.
  • Analysis paralysis – I don't want to get this wrong! How do I choose something that is going to be at the core of my infrastructure for the next 10 years?
  • Identity management – how can you fix authentication when people have multiple usernames?

Info-Tech's Approach

  • Inaction is not an option.
  • Most commercial, off-the-shelf apps are moving to a SaaS model, so start your efforts with them.
  • Your existing vendors already have technologies you are underusing or ignoring – stop that!
  • Your users want this change – they just might not know it yet…
  • Much like zero trust network access, the journey is more important than the destination. Incremental steps on the path toward passwordless authentication will still yield significant benefits.

Info-Tech Insight

Users have been burdened with unrealistic expectations when it comes to their part in maintaining enterprise security. Given the massive rise in the threat landscape, it is time for Infrastructure to adopt a user-experience-based approach if we want to move the needle on improving security posture.

Password Security Fallacy

"If you buy the premise…you buy the bit."
Johnny Carson

We've had plenty of time to see this coming.

Why haven't we done something?

  • Passwords are a 1970s construct.
  • End-users are complexity averse.
  • Credentials are leaked all the time.
  • New technologies will defeat even the most complex passwords.

Build the case, both to business stakeholders and end users, that "password" is not a synonym for "security."

Be ready for some objection handling!

This is an image of Bill Gates and Gavin Jancke at the 2004 RSA Conference in San Francisco, CA

Image courtesy of Microsoft

RSA Conference, 2004
San Francisco, CA

"There is no doubt that over time, people are going to rely less and less on passwords. People use the same password on different systems, they write them down and they just don't meet the challenge for anything you really want to secure."
Bill Gates

What about "strong" passwords?

There has been a password arms race going on since 1988

A massive worm attack against ARPANET prompted the initial research into password strength

Password strength can be expressed as a function of randomness or entropy. The greater the entropy the harder for an attacker to guess the password.

This is an image of Table 1 from Google Cloud Solutions Architects. it shows the number of bits of entropy for a number of Charsets.

Table: Modern password security for users
Ian Maddox and Kyle Moschetto, Google Cloud Solutions Architects

From this research, increasing password complexity (length, special characters, etc.) became the "best practice" to secure critical systems.

How many passwords??

XKCD Comic #936 (published in 2011)

This is an image of XKCD Comic # 936.

Image courtesy of Randall Munroe XKCD Comics (CC BY-NC 2.5)

It turns out that humans however are really bad at remembering complex passwords.

An Intel study (2016) suggested that the average enterprise employee needed to remember 27 passwords. A more recent study from LastPass puts that number closer to 191.

PEBKAC
Problem Exists Between Keyboard and Chair

Increasing entropy is the wrong way to fight this battle – which is good because we'd lose anyway.

Over the course of a single year, researchers at the University of California, Berkeley identified and tracked nearly 2 billion compromised credentials.

3.8 million were obtained via social engineering, another 788K from keyloggers. That's approx. 250,000 clear text credentials harvested every week!

The entirety of the password ecosystem has significant vulnerabilities in multiple areas:

  • Unencrypted server- and client-side storage
  • Sharing
  • Reuse
  • Phishing
  • Keylogging
  • Question-based resets

Even the 36M encrypted credentials compromised every week are just going to be stored and cracked later.

Source: Google, University of California, Berkeley, International Computer Science Institute

data-verified=22B hash/s">

Image courtesy of NVIDIA, NVIDIA Grace
  • Current GPUs (2021) have 200+ times more cracking power than CPU systems.

<8h 2040-bit RSA Key

Image: IBM Quantum System One (CES 2020) by IBM Research is licensed under CC BY-ND 2.0
  • Quantum computing can smash current encryption methods.
  • Google engineers have demonstrated techniques that reduce the number of qubits required from 1B to a mere 20 million

Enabling Technologies

"Give me a place to stand, and a lever long enough, and I will move the world."
Archimedes

Technology gives us (too many) options

The time to prototype is NOW!

Chances are you are already paying for one or more of these technologies from a current vendor:

  • SSO, password managers
  • Conditional access
  • Multifactor
  • Hardware tokens
  • Biometrics
  • PINs

Address all three factors of authentication

  • Something the user knows
  • Something the user has
  • Something the user is

Global Market of $12.8B
~16.7% CAGR
Source: Report Linker, 2022.

Focus your prototype efforts in four key testing areas

  • Deployment
  • User adoption/training
  • Architecture (points of failure)
  • Disaster recovery

Three factors for positive identification

Passwordless technologies focus on alternate authentication factors to supplement or replace shared secrets.

Knows: A secret shared between the user and the system; Has: A token possessed by the user and identifiable as unique by the system; Is: A distinctive and repeatable attribute of the user sampled by the system

Something you know

Shared secrets have well-known significant modern-day problems, but only when used in isolation. For end users, consider time-limited single use options, password managers, rate-limited login attempts, and reset rather than retrieval requests. On the system side, never forget strong cryptographic hashing along with a side of salt and pepper when storing passwords.

Something you have

A token (now known as a cryptographic identification device) such as a pass card, fob, smartphone, or USB key that is expected to be physically under the control of the user and is uniquely identifiable by the system. Easily decoupled in the event the token is lost, but potentially expensive and time-consuming to reprovision.

Something you are or do

Commonly referred to as biometrics, there are two primary classes. The first is measurable physical characteristics of the user such as a fingerprint, facial image, or retinal scan. The second class is a series of behavioral traits such as expected location, time of day, or device. These traits can be linked together in a conditional access policy.

Unlike other authentication factors, biometrics DO NOT provide for exact matches and instead rely on a confidence interval. A balance must be struck against the user experience of false negatives and the security risk of a false positive.

Prototype testing criteria

Deployment

Does the solution support the full variety of end-user devices you have in use?

Can the solution be configured with your existing single sign-on or central identity broker?

User Experience

Users already want a better experience than passwords.

What new behavior are you expecting (compelling) from the user?

How often and under what conditions will that behavior occur?

Architecture

Where are the points of failure in the solution?

Consider technical elements like session thresholds for reauthorization, but also elements like automation and self-service.

Disaster Recovery

Understand the exact responsibilities Infra&Ops have in the event of a system or user failure.

As many solutions are based in the public cloud, manage stakeholder expectations accordingly.

Next Steps

"Move the goalposts…and declare victory."
Informal Fallacy (yet very effective…)

It is more a direction than a destination…

Get the easy wins in the bank and then lay the groundwork for the long campaign ahead.

You're not going to get to a passwordless world overnight. You might not even get there for many years. But an agile approach to the journey ensures you will realize value every step of the way:

  • Start in the cloud:
  • Choose a single sign-on platform such as Azure Active Directory, Okta, Auth0, AWS IAM, TruSONA, HYPR, or others. Document Your Cloud Strategy.
  • Integrate the SaaS applications from your portfolio with your chosen platform.
  • Establish visibility and rationalize identity management:
    • Accounts with elevated privileges present the most risk – evaluate your authentication factors for these accounts first.
    • There is elegance (and deployment success) in Simplifying Identity & Access Management.
  • Pay your tech debt:

Fast IDentity Online (2) is now part of the web's DNA and is critical for digital transformation

  • IoT
  • Anywhere remote work
  • Government identity services
  • Digital wallets

Bibliography

"Backup Vs. Archiving: Know the Difference." Open-E. Accessed 05 Mar 2022.Web.
G, Denis. "How to Build Retention Policy." MSP360, Jan 3, 2020. Accessed 10 Mar 2022.
Ipsen, Adam. "Archive Vs. Backup: What's the Difference? A Definition Guide." BackupAssist, 28 Mar 2017. Accessed 04 Mar 2022.
Kang, Soo. "Mitigating the Expense of E-Discovery; Recognizing the Difference Between Back-Ups and Archived Data." Zasio Enterprises, 08 Oct 2015. Accessed 3 Mar 2022.
Mayer, Alex. "The 3-2-1 Backup Rule – An Efficient Data Protection Strategy." Naviko. Accessed 12 Mar 2022.
Steel, Amber. "LastPass Reveals 8 Truths about Passwords in the New Password Exposé." LastPass Blog, 1 Nov. 2017. Web.
"The Global Passwordless Authentication Market Size Is Estimated to Be USD 12.79 Billion in 2021 and Is Predicted to Reach USD 53.64 Billion by 2030 With a CAGR of 16.7% From 2022-2030." Report Linker, 9 June 2022. Web.
"What Is Data-Archiving?" Proofpoint. Accessed 07 Mar 2022.

Tech Trend Update: If Digital Ethics Then Data Equity

  • Buy Link or Shortcode: {j2store}100|cart{/j2store}
  • member rating overall impact: 9.0/10 Overall Impact
  • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
  • member rating average days saved: Read what our members are saying
  • Parent Category Name: Innovation
  • Parent Category Link: /innovation

COVID-19 is driving the need for quick technology solutions, including some that require personal data collection. Organizations are uncertain about the right thing to do.

Our Advice

Critical Insight

Data equity approaches personal data like money, putting the owner in control and helping to protect against unethical systems.

Impact and Result

There are some key considerations for businesses grappling with digital ethics:

  1. If partnering, set expectations.
  2. If building, invite criticism.
  3. If imbuing authority, consider the most vulnerable.

Tech Trend Update: If Digital Ethics Then Data Equity Research & Tools

Tech Trend Update: If Digital Ethics Then Data Equity

Understand how to use data equity as an ethical guidepost to create technology that will benefit everyone.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

  • Tech Trend Update: If Digital Ethics Then Data Equity Storyboard
[infographic]

Design an Enterprise Architecture Strategy

  • Buy Link or Shortcode: {j2store}580|cart{/j2store}
  • member rating overall impact: 9.4/10 Overall Impact
  • member rating average dollars saved: $63,181 Average $ Saved
  • member rating average days saved: 30 Average Days Saved
  • Parent Category Name: Strategy & Operating Model
  • Parent Category Link: /strategy-and-operating-model
  • The enterprise architecture (EA) team is constantly challenged to articulate the value of its function.
  • The CIO has asked the EA team to help articulate the business value the team brings.
  • Traceability from the business goals and vision to the EA contributions often does not exist.
  • Also, clients often struggle with complexity, priorities, and agile execution.

Our Advice

Critical Insight

  • EA can deliver many benefits to an organization. However, to increase the likelihood of success, the EA group needs to deliver value to the business and cannot be seen solely as IT.
  • Support from the organization is needed.
  • An EA strategy anchored in a value proposition will ensure that EA focuses on driving the most critical outcomes in support of the organization’s enterprise strategy.
  • As agility is not just for project execution, architects need to understand ways to deliver their guidance to influence project execution in real time, to enable the enterprise agility, and to enhance their responsiveness to changing conditions.

Impact and Result

  • Create an EA value proposition based on enterprise needs that clearly articulates the expected contributions of the EA function.
  • Establish the EA fundamentals (vision and mission statement, goals and objectives, and principles) needed to position the EA function to deliver the promised value proposition.
  • Identify the services that EA has to provide to the organization to deliver on the promised value proposition.

Design an Enterprise Architecture Strategy Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Design an Enterprise Architecture Strategy Deck – A guide to help you define services that your EA function will provide to the organization.

Establish an effective EA function that will realize value for the organization with an EA strategy.

  • Design an Enterprise Architecture Strategy – Phases 1-4

2. EA Function Strategy Template – A communication tool to secure the approval of the EA strategy from organizational stakeholders.

Use this template to document the outputs of the EA strategy and to communicate the EA strategy for approval by stakeholders.

  • EA Function Strategy Template

3. Stakeholder Power Map Template – A template to help visualize the importance of various stakeholders and their concerns.

Identify and prioritize the stakeholders that are important to your IT strategy development effort.

  • Stakeholder Power Map Template

4. PESTLE Analysis Template – A template to help you complete and document a PESTLE analysis.

Use this template to analyze the effect of external factors on IT.

  • PESTLE Analysis Template

5. EA Value Proposition Template – A template to communicate the value EA can provide to the organization.

Use this template to create an EA value proposition that explicitly communicates to stakeholders how an EA function can contribute to addressing their needs.

  • EA Value Proposition Template

6. EA Goals and Objectives Template – A template to identify the EA goals that support the identified promises of value from the EA value proposition.

Use this template to help set goals for your EA function based on the EA value proposition and identify objectives to measure the progression towards those EA goals.

  • EA Goals and Objectives Template

7. EA Principles Template – A template to identify the universal EA principles relevant to your organization.

Use this template to define relevant universal EA principles and create new EA principles to guide and inform IT investment decisions.

  • EA Principles Template – EA Strategy

8. EA Service Planning Tool – A template to identify the EA services your organization will provide to deliver on the EA value proposition.

Use this template to identify the EA services relevant to your organization and then define how those services will be accessed.

  • EA Service Planning Tool
[infographic]

Workshop: Design an Enterprise Architecture Strategy

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Map the EA Contributions to Business Goals

The Purpose

Show an example of traceability.

Key Benefits Achieved

Members have a real-world example of traceability between business goals and EA contributions.

Activities

1.1 Start from the business goals of the organization.

1.2 Document business and IT drivers.

1.3 Identify EA contributions that help achieve the business goals.

Outputs

Business goals documented.

Business and IT drivers documented.

Identified EA contributions and traced them to business goals.

2 Determine the Role of the Architect in the Agile Ceremonies of the Organization

The Purpose

Create an understanding about role of architect in Agile ceremonies.

Key Benefits Achieved

Understanding of the role of the EA architect in Agile ceremonies.

Activities

2.1 Document the Agile ceremony used in the organization (based on SAFe or other Agile approaches).

2.2 Determine which ceremonies the system architect will participate in.

2.3 Determine which ceremonies the solution architect will participate in.

2.4 Determine which ceremonies the enterprise architect will participate in.

2.5 Determine architect syncs, etc.

Outputs

Documented the Agile ceremonial used in the organization (based on SAFe or other Agile approaches).

Determined which ceremonies the system architect will participate in.

Determined which ceremonies the solution architect will participate in.

Determined which ceremonies the enterprise architect will participate in.

Determined architect syncs, etc.

Further reading

Design an Enterprise Architecture Strategy

Develop a strategy that fits the organization’s maturity and remains adaptable to unforeseen future changes.

EXECUTIVE BRIEF

Build a right-size enterprise architecture strategy

Enterprise Architecture Strategy
Business & IT Strategy
  • Organizational Goals and Objectives
  • Business Drivers
  • Environment and Industry Trends
  • EA Capabilities and Services
  • Business Architecture
  • Data Architecture
  • Application Architecture
  • Integration Architecture
  • Innovation
  • Roles and Organizational Structure
  • Security Architecture
  • Technology Architecture
  • Integration Architecture
  • Insight and Knowledge
  • EA Operating Model
 Unlock the Value of Architecture
  • Increased Business and IT Alignment
  • Robust, Flexible, Scalable, Interoperable, Extensible and Reliable Solutions
  • Timely/Agile Service Delivery and Operations
  • Cost-Effective Solutions
  • Appropriate Risk Management to Address the Risk Appetite
  • Increased Competitive Advantage
Current Environment
  • Business and IT Challenges
  • Opportunities
  • Enterprise Architecture Maturity

Enterprise Architecture – Thought Model

A thought model built around 'Enterprise Architecture', represented by a diagram on a cross-section of a ship which will be explained in the next slide. It begins with an arrow that says 'Organizational goals are the driving force and the ultimate goal' pointing to a bubble titled 'Organization' containing 'Analysis', 'Decisions', 'Actions'. An blue arrow on the right side with one '$' is labelled 'Iterations' and connects 'Organization' to 'Enterprise Architecture', 'Enterprise architecture creates new business value'. A green arrow on the left side with five '$' is labelled 'Goals' and connects back to 'Organization'. A the bottom, a bubble titled 'External forces, pressures, trends, data, etc.' has a blue arrow on the right side with one '$' connecting back to 'Enterprise Architecture'. Another blue arrow representing an output is labelled 'Outcomes' and originates from 'Enterprise Architecture'.

Enterprise Architecture Capabilities

A diagram on a cross-section of a ship representing 'Enterprise Architecture', including a row of process arrows beneath the ship pointing forward all labelled 'Agile iteration' and one airborne arrow above the stern pointing forward labelled 'Business Strategy'. Overlaid on the ship, starting at the back, are 'EA Strategy', 'EA Operating Model', 'Enterprise Principles, Methods, etc.', 'Foundational enterprise decisions: Business, Data/Apps, Technology, Integration, Security', 'Enterprise Reference Architecture', 'Goals, Value Chain, Capability, Business Processes', 'Enterprise Governance (e.g., Standard Mgmt.)', 'Domain Arch', 'Data & App Architecture', 'Security Architecture', 'Infrastructure: Cloud, Hybrid, etc.', at the very front is 'Implementation', and running along the bottom from back to front is 'Operations, Monitoring, and Continuous Improvement'.

Analyst Perspective

Enterprise architecture (EA) needs to be right-sized for the needs of the organization.

Photo of Milena Litoiu, Principal/Senior Director, Enterprise Architecture, Info-Tech Research Group

Enterprise architecture is NOT a one-size-fits-all endeavor. It needs to be right-sized to the needs of the organization.

Enterprise architects are boots on the ground and part of the solution; in addition, they need to have a good understanding of the corporate strategy, vision, and goals and have a vested interest on the optimization of the outcomes for the enterprise. They also need to anticipate the moves ahead, to be able to determine future trends and how they will impact the enterprise.

Milena Litoiu
Principal/Senior Director, Enterprise Architecture
Info-Tech Research Group

Analyst Perspective

EA provides business options based on a deep understanding of the organization.

“Enterprise architects need to think about and consider different areas of expertise when formulating potential business options. By understanding the context, the puzzle pieces can combine to create a positive business outcome that aligns with the organization’s strategies. Sometimes there will be missing pieces; leveraging what you know to create an outline of the pieces and collaborating with others can provide a general direction.”

Jean Bujold
Senior Workshop Delivery Director
Info-Tech Research Group

“The role of enterprise architecture is to eliminate misalignment between the business and IT and create value for the organization.”

Reddy Doddipalli
Senior Workshop Director, Research
Info-Tech Research Group

“Every transformation journey is an opportunity to learn: ‘Tell me and I forget. Teach me and I remember. Involve me and I learn.’ Benjamin Franklin.”

Graham Smith
Senior Lead Enterprise Architect and Independent Consultant

Develop an enterprise architecture strategy that:

  • Helps the organization make decisions that are hard to change in a complex environment.
  • Fits the current organization’s maturity and remains flexible and adaptable to unforeseen future changes.

Executive Summary

Your Challenge

We need to make decisions today for an unknown future. Decisions are influenced by:

  • Changes in the environment you operate in.
  • Complexity of both the business and IT landscapes.
  • IT’s difficulty in keeping up with business demands and remaining agile.
  • Program/project delivery pressure and long-term planning needs.
  • Other internal and external factors affecting your enterprise.

Common Obstacles

Decisions are often made:

  • Without a clear understanding of the business goals.
  • Without a holistic understanding; sometimes in conflict with one another.
  • That hinder the continuity of the organization.
  • That prevent value optimization at the enterprise level.

The more complex an organization, the more players involved, the more difficult it is to overcome these obstacles.

Info-Tech’s Approach

  • Is a holistic, top-down approach, from the business goals all the way to implementation.
  • Has EA act as the canary in the coal mine. EA will identify and mitigate risks in the organization.
  • Enables EA to provide an essential service rather than be an isolated kingdom or an ivory tower.
  • Acknowledges that EA is a balancing act among competing demands.
  • Makes decisions using guiding principles and guardrails, to create a flexible architecture that can evolve and expand, enabling enterprise agility.

Info-Tech Insight

There is no “right architecture” for organizations of all sizes, maturities, and cultural contexts. The value of enterprise architecture can only be measured against the business goals of a single organization. Enterprise architecture needs to be right-sized for your organization.

Info-Tech insight summary on arch. agility

Continuous innovation is of paramount importance in achieving and maintaining competitive advantage in the marketplace.

Business engagement

It is important to trace architectural decisions to business goals. As business goals evolve, architecture should evolve as well.

As new business input is provided during Agile cycles, architecture is continuously evolving.

EA fundamentals

EA fundamentals will shape how enterprise architects think and act, how they engage with the organization, what decisions they make, etc.

Start small and lean and evolve as needed.

Continuously align strategy with delivery and operations.

Architects should establish themselves as business partners as well as implementation/delivery leaders.

Enterprise services

Definitions of enterprise services should start from the business goals of the organization and the capabilities IT needs to perform for the organization to survive in the marketplace.

Continuous delivery and continuous innovation are the two facets of architecture.

Tactical insight

Your current maturity should be reflected as a baseline in the strategy.

Tactical insight

Take Agile/opportunistic steps toward your strategic North star.

Tactical insight

EA services differ based on goals, maturity, and the Agile appetite of the enterprise.

From the best industry experts

“The trick to getting value from enterprise architecture is to commit to the long haul.”

Jeanne W. Ross, MIT CISR
Co-author of Enterprise Architecture as Strategy: Creating a Foundation for Business Execution,
Harvard Business Press, 2006.

Typical EA maturity stages

A line chart that moves through multiple stages titled 'Enterprise Architecture Maturity Stages (MIT CISR)' The five stages of the chart, starting on the left, are 'Business Silos', 'Standardized Technology', 'Optimized Core', 'Business Componentization', and 'Digital Ecosystem'. 'The trick to getting value from enterprise architecture is to commit to the long haul.' The line begins at the bottom left of the chart and gradually creates a stretched S shape to the top right. Points along the line, respective to the aforementioned stages, are 'Locally Optimal Business Solutions', 'Technology Infrastructure Platform', 'Digitized Process Platform', 'Repository of Reusable Business Components', 'Components Connecting with Partners' Components', and at the end of the line, outside of the chart is 'Strategic Business Value from Technology'. Percentages along the bottom, respective to the aforementioned stages, read 20%, 36%, 45%, 7%, 2%. Percentages are rough approximations based on findings reported in Mocker, M., Ross, J.W., Beath, C.M., 'How Companies Use Digital Technologies to Enhance Customer Offerings--Summary of Survey Findings,' MIT CISR Working Paper No. 434, Feb. 2019. Copyright MIT, 2019.

Enterprise Architecture maturity

A maturity ladder visualization for 'Enterprise Architecture' with five color-coded levels. From the bottom up, the colors and designations are Red: 'Unstable', Orange: 'Firefighter', Yellow: 'Trusted Operator', Blue: 'Business Partner', and Green: 'Innovator'. Beside the visualization at the bottom it says 'EA is here', then an arrow in the direction of the top where it says 'EA needs to be here'.
  • Innovator – Transforms the Business
    Reliable Technology Innovation
  • Business Partner – Expands the Business
    Effective Use of Enterprise Architecture in all Business Projects, Enterprise Architecture Is Strategically Engaged
  • Trusted Operator – Optimizes the Business
    Enterprise Architecture Provides Business, Data, Application & Technology Architectures for All IT Projects
  • Firefighter – Supports the Business
    Reliable Architecture for Some Practices/Projects
  • Unstable – Struggles to Support
    Inability to Provide Reliable Architectures

Info-Tech Insight

There is no “absolute maturity” for organizations of all sizes, maturities, and cultural contexts. The maturity of enterprise architecture can only be measured against the business goals of the organization.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

Guided Implementation

Workshop

Consulting
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostics and consistent frameworks used throughout all four options

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com1-888-670-8889

Session 1 Session 2 Session 3 Session 4 Session 5
Activities
Identify organizational needs and landscape

1.0 Interview stakeholders to identify business and technology needs

1.1 Review organization perspective, including business needs, challenges, and strategic directions

1.2 Conduct PESTLE analysis to identify business and technology trends

1.3 Conduct SWOT analysis to identify business and technology internal perspective

Create the EA value proposition

2.1 Identify and prioritize EA stakeholders

2.2 Create business and technology drivers from needs

2.3 Define the EA value proposition

2.4 Identify EA maturity and target

Define the EA fundamentals

3.1 Define the EA goals and objectives

3.2 Determine EA scope

3.3 Create a set of EA principles

3.4. Define the need of a methodology/agility

3.5 Create the EA vision and mission statement

Identify the EA framework and communicate the EA strategy

4.1 Define initial EA operating model and governance mechanism

4.2 Define the activities and services the EA function will provide, derived from business goals

4.3 Determine effectiveness measures

4.4 Create EA roadmap and next steps

4.5 Build communication plan for stakeholders

Next Steps and Wrap-Up (offsite)

5.1 Generate workshop report

5.2 Set up review time for workshop report and to discuss next steps

Outcomes
  1. Stakeholder insights
  2. Organizational needs, challenges, and direction summary
  3. PESTLE & SWOT analysis
  1. Stakeholder power map
  2. List of business and technology drivers with associated pains
  3. Set of EA contributions articulating the promises of value in the EA value proposition
  4. EA maturity assessment
  1. EA scope
  2. List of EA principles
  3. EA vision statement
  4. EA mission statement
  5. Statement about role of enterprise architect relative to agility
  1. EA capabilities mapped to business goals of the organization
  2. List of EA activities and services the EA function is committed to providing
  3. KPI definitions
  4. EA roadmap
  5. EA communication plan
  1. Completed workshop report on EA strategy with roadmap, recommendations, and outcomes from workshop

Guided Implementation

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is 8 to 12 calls over the course of 4 to 6 months.

While variations depend on the maturity of the organization as well as its aspirations, these are some typical steps:

    Phase 1

  • Call #1: Explore the role of EA in your organization.

    • Phase 2

  • Call #2: Identify and prioritize stakeholders.
  • Call #3: Use a PESTLE analysis to identify business and technology needs.
  • Call #4: Prepare for stakeholder interviews.
  • Call #5: Discuss your EA value proposition.

    • Phase 3

  • Call #5: Understand the importance of EA fundamentals.
  • Call #6: Define the relevant EA services and their contributions to the organization.
  • Call #7: Measure EA effectiveness.

    • Phase 4

  • Call #8: Build your EA roadmap and communication plan.
  • Call #9: Discuss the EA role relative to agility.
  • Call #10: Summarize results and plan next steps.

Design an Enterprise Architecture Strategy

Phase 1

Explore the Role of Enterprise Architecture

Phase 1

  • 1.1 Explore a general EA strategy approach
  • 1.2 Introduce Agile EA architecture
    •

Phase 2

  • 2.1 Define the business and technology drivers
  • 2.2 Define your value proposition

Phase 3

  • 3.1 Realize the importance of EA fundamentals
  • 3.2 Finalize the EA fundamentals

Phase 4

  • 4.1 Select relevant EA services
  • 4.2 Finalize the set of services and secure approval

This phase will walk you through the following activities:

Define the role of the group and different roles inside the enterprise architecture competency.

This phase involves the following participants:

  • CIO
  • IT Leaders
  • Business Leaders

Enterprise architecture optimizes the outcomes of the entire organization

Corporate Strategy –› Enterprise Architecture Strategy

Info-Tech Insight

Enterprise architecture needs to have input from the corporate strategy of the organization. Similarly, EA governance needs to be informed by corporate governance. If this is not the case, it is like planning and governing with your eyes closed.

Existing EA functions vary in the value they achieve due to their level of maturity

EA Functions
Operationalized
  • EA function is operationalized and operates as an effective core function.
  • Effectively aligns the business and IT through governance, communication, and engagement.
 –––› Common EA value
Decreased cost Reduced risk
Emerging
  • Emerging but limited ad hoc EA function.
  • Limited by lack of alignment to the business and IT.
 –x–› Cut through complexity Increased agility
(Source: Booz & Co., 2009)

Benefits of enterprise architecture

  1. Focuses on business outcomes (business centricity)
  2. Provides traceability of architectural decisions to/from business goals
  3. Provides ways to measure results
  4. Provides consistency across different lines of business: establishes a common vocabulary, reducing inconsistencies
  5. Reduces duplications, creating additional efficiencies at the enterprise level
  6. Presents an actionable migration to the strategy/vision, through short-term milestones/steps

Benefits of enterprise architecture continued

  1. Done right, increases agility
  2. Done right, reduces costs
  3. Done right, mitigates risks
  4. Done right, stimulates innovation
  5. Done right, helps achieve the stated business goals (e.g. customer satisfaction) and improves the enterprise agility.
  6. Done right, enhances competitive advantage of the enterprise

Qualities of a well-established and practical enterprise architecture

  1. Objective
  2. Impartial
  3. Credible
  4. Practical
  5. Measurable
    6. (Source: University of Toronto, 2021)

Role of the enterprise architecture

  • Primarily to set up guardrails for the enterprise, so Agile teams work independently in a safe, ready-to-integrate environment
  • Establish strategy
  • Establish priorities
  • Continuously innovate
  • Establish enterprise standards and enterprise guardrails to guide Solution/Domain/Portfolio Architectures
  • Align with and be informed by the organization’s direction

Members of the Architecture Board:

  • Chief (Business) Strategist
  • Lead Enterprise Architect
  • Business SME from each major domain
  • IT SME from each major domain
  • Operational & Infrastructure SME
  • Security & Risk Officer
  • Process Management
  • Other relevant stakeholders

For enterprise architecture to contribute, EA must address the organizational vision and goals

External Factors –› Layers of a Business Model
(Organization) 		–› Architecture Supported Transformation
Industry Changes Business Strategy
Competition Value Streams
(Business Outcomes)
Regulatory Impacts Business Capability Maps
  • Security
Workforce Impacts Execution
  • Policies
  • Processes
  • People
  • Information
  • Applications
  • Technology

Info-Tech Insight

External forces can affect the organization as a whole; they need to be included as part of the holistic approach for enterprise architecture.

How does EA provide value?

Business and Technology Drivers – A set of statements created from business and technology needs. Gathered from information sources, it communicates improvements needed.

  • Vision, Aspirations, Long-Term Goals – Vision, aspirations, long term goals

    • EA Contributions – EA contributions that will alleviate obstructions. Removing the obstructions will allow EA to help satisfy business and technology needs.

      • Promise of Value – A statement that depicts a concrete benefit that the EA practice can provide for the organization in response to business and technology drivers.

Info-Tech Insight

Enterprise architecture needs to create and be part of a culture where decisions are made through collaboration while focusing on enterprise-wide efficiencies (e.g. reduced duplication, reusability, enterprise-wide cost minimization, overall security, comprehensive risk mitigation, and any other cross-cutting concerns) to optimize corporate business goals.

The EA function scope is influenced by the EA value proposition and previously developed EA fundamentals

Establish the EA function scope by using the EA value proposition and EA fundamentals that have already been developed. After defining the EA function scope, refer back to these statements to ensure it accurately reflects the EA value proposition and EA fundamentals.

EA value proposition

+

EA vision statement
EA mission statement
EA goals and objectives

—›
Influences

Organizational coverage

Architectural domains

Depth

Time horizon

—›
Defines 		EA function scope

EA team characteristics

Create the optimal EA strategy by including personnel who understand a broad set of topics in the organization

The team assembled to create the EA strategy will be defined as the “EA strategy creation team” in this blueprint.

  • Someone who has been in the organization for a long time and has built strong relationships with key stakeholders. This individual can exert influence and become the EA strategy sponsor.
  • An individual who understands how the different technology components in the organization support its business operations.
  • Someone in the organization who can communicate IT concepts to business managers in a language the business understands.
  • An individual with a strategy background or perspective on the organization. This individual will understand where the organization is headed.
  • Any individuals who feel an acute pain as a result of poorly made investment decisions. They can be champions of EA strategy in their respective functions.

EA skills and competencies

Apart from business know-how, the EA team should have the following skills

  • Architectural thinking
  • Analytical
  • Trusted, credible
  • Can handle complexity
  • Can change perspectives
  • Can learn fast (business and technology)
  • Independent and steadfast
  • Not afraid to go against the stream
  • Able to understand problems of others with empathy
  • Able to estimate scaling on design decisions such as model patterns
  • Intrinsic capability to identify where relevant details are
  • Able to identify root causes quickly
  • Able to communicate complex issues clearly
  • Able to negotiate and come up with acceptable solutions
  • Can model well
  • Able to change perspectives (from business to implementation and operational perspectives).

Use of enterprise architecture methodologies

Balance EA methodologies with Agile approaches

Using an enterprise architecture methodology is a good starting point to achieving a common understanding of what that is. Often, organizations agree to "tailor" methodologies to their needs.

The use of lean/Agile approaches will increase efficiency beyond traditional methodologies.

Use of EA methodologies vs. Agile methods

When to use what?

  • Use an existing methodology to structure your thinking and establish a common vocabulary to communicate basic concepts, processes, and approaches.
  • Customize the methodology to your needs; make it as lean as possible.
  • Execute in an Agile way, but keep in mind the thoughtful checks recommended by your end-to-end methodology.
  • Clarify goals.
  • Have good measures and metrics in place.
  • Continuously monitor progress, fit for purpose, etc.
  • Highlight risks, roadblocks, etc.
  • Get support.
  • Communicate vision, goals, key decisions, etc.
  • Iterate.

Business strategy first, EA strategy second, and EA operating model third

Corporate Strategy
“Why does our enterprise exist in the market?”
EA Strategy
“What does EA need to be and do to support the enterprise’s ability to meet its goals? What is EA’s value proposition?” 		Business & IT Operating Culture
“How does the organization’s culture and structure influence the EA operating model?”
EA Operating Model
How does EA need to operate on a daily basis to deliver the value proposition?”

High-level perspective

Creating an effective practice involves many moving parts.

A visual of the many moving parts in an effective practice; there are 6 smaller circles in a large circle, an input arrow labelled 'Environment', an output arrow labelled 'Results', and a thin arrow connecting 'Results' back to 'Environment'. Of the circles, 'Leadership' is in the center, connected to each of the others, while 'Culture', 'Strategy', 'Core Processes', 'Structure', and 'Systems' create a cycle. (Source: The Center for Organizational Design)

  • Environment. Influences that are external to the organization, such as customer perceptions, changing needs, and changes in technology, and the organization’s ability to adjust to them.
  • Strategy. The business strategy defines how the organization adds value and acts as the rudder to direct the organization. Organizational strategy defines the character of the organization, what it wants to be, its values, its vision, its mission, etc.
  • Core Process. The flow of work through the organization.
  • Structure. How people are organized around business processes. Includes reporting structures, boundaries, roles, and responsibilities. The structure should assist the organization with achieving its goals rather than hinder its performance.
  • Systems. Interrelated sets of tasks or activities that help organize and coordinate work.
  • Culture. The personality of the organization: its leadership style, attitudes, habits, and management practices. Culture measures how well philosophy is translated into practice.
  • Results. Measurement of how well the organization achieved its goals.
  • Leadership. Brings the organization together by providing vision and strategy; designing, monitoring, and nurturing the culture; and fostering agility.

The answer to the strategic planning entity dilemma is enterprise architecture

Enterprise architecture is a discipline that defines the structure and operation of an organization. The intent of enterprise architecture is to determine how an organization can most effectively achieve its current and future objectives.

Vision, goals, and aspirations as well internal and external pressures

Business current state

  • Existing capability
  • Existing capability
  • Existing capability
  • Existing capability
  • Existing capability
 Enterprise Architecture

IT current state

  • IT asset management
  • Database services
  • Application development

Business target state

  • Existing capability
  • Existing capability
  • Existing capability
  • Existing capability
  • Existing capability
  • New capability

IT target state

  • IT asset management
  • Database services
  • Application development
  • Business analytics
Complex, overlapping, contradictory world of humans vs. logical binary world of IT
EA is a planning tool to help achieve the corporate business goals

EA spans across all the domains of architecture

Business architecture is the cornerstone that sets the foundation for all other architectural domains: security, data, application, and technology.

A flow-like diagram titled 'Enterprise Architecture' beginning with 'Digital Architecture' and 'Business Architecture', which feeds into 'Security Architecture', which feeds into both 'Data Architecture' and 'Application Architecture', which both feed into 'Technology Architecture: Infrastructure'.

“An enterprise architecture practice is both difficult and costly to set up. It is normally built around a process of peer review and involves the time and talent of the strategic technical leadership of an enterprise.” (The Open Group Architecture Framework, 2018)

Enterprise architecture deployment continuum

A diagram visualizing the Enterprise architecture deployment continuum with two continuums, 'Level of Embedding' and 'EA Value', assigning terms to EA deployments based on where they fall. On the left is an 'Ivory Tower' configuration: EA' is separated from the 'BU's but is still controlling them. Level of Embedding: 'Centralized', EA Value: 'Dictatorship'. In the center is a 'Balanced' configuration: 'EA' is spread across and connected to each 'BU'. Level of Embedding: 'Federated', EA Value: 'Democracy'. On the right is a 'Siloed' configuration: Each 'BU' has its own separate 'EA'. Level of Embedding: 'Decentralized', EA Value: 'Abdication of enterprise role'.

Info-Tech Insight

The primary question during the design of the EA operating model is how to integrate the EA function with the rest of the business.

If the EA practice functions on its own, you end up with ivory tower syndrome and a dictatorship.

If you totally embed the EA function within business units it will become siloed with no enterprise value.

Organizations need to balance consistency at the enterprise level with creativity from the grass roots.

Enterprise vs. Program/Portfolio/Domain

Enterprise vs. Program/Portfolio/Domain. Image depicts where Enterprise Scope overlaps Program/Portfolio Scope. Enterprise Scope includes Business Architecture. Program/Portfolio Scope includes Business Requirements, Business Process, and Solutions Architecture. Overlap between scope includes Technology Architecture, Data Architecture, and Applications Architecture.

Info-Tech Insight

Decisions at the enterprise level apply across multiple programs/portfolios/solutions and represent the guardrails set for all to play within.

Decide on the degree of centralization

Larger organizations with multiple domains/divisions or business units will need to decide which architecture functions will be centralized and which, if any, will be decentralized as they plan to scope their EA program. What are the core functions to be centralized for the EA to deliver the greatest benefits?

Typically, we see a need to have a centralized repository of reusable assets and standards across the organization, while other approaches/standards can operate locally.

Centralization

  • Allows for more strategic planning
  • Visibility into standards and assets across the organization promotes rationalization and cost savings
  • Ensures enterprise-wide assets are used
  • More strategic sourcing of vendors and resellers
  • Can centrally negotiate pricing for better deals
  • Easier to manage risk and prepare for audits
  • Greater coordination of resources
  • Derives benefits from enterprise decisions, e.g. integration…

Decentralization

  • May allow for more innovation
  • May be easier to demonstrate local compliance if the organization is geographically decentralized
  • May be easier to procure software if offices are in different countries
  • Deployment and installation of software on user devices may be easier

EA strategy

What is the role of enterprise architecture vis-à-vis business goals?

  • What needs to be done?
  • Who needs to be involved?
  • When?
  • Where?
  • Why?
  • How?

Top-down approach starting from the goals of the organization

    What the Business Sees...
  • Business Goals
    • Value Streams
        What the CxO Sees...
      • Capabilities
          What the App Managers See...
        • Processes
          • Applications
              What the Program Managers See...
            • Programs/Projects

Info-Tech Insight

Being able to answer the deceptively simple question “How am I doing?” requires traceability to and from the business goals to be achieved all the way to applications, to infrastructure, and ultimately, to the funded initiatives (portfolios, programs, projects, etc.).

Measure EA strategy effectiveness by tracking the benefits it provides to the corporate business goals

The success of the EA function spans across three main dimensions:

  1. The delivery of EA-enabled business outcomes that are most important to the enterprise.
  2. The alignment between the business and the technology from a planning perspective.
  3. Improvements in the corporate business goals due to EA contributions (standardization, rationalization, reuse, etc.).

Corporate Business Goals

  • Reduction in operating costs
  • Decreased regulatory compliance infractions
  • Increased revenue from existing channels
  • Increased revenue from new channels
  • Faster time to business value
  • Improved business agility
  • Reduction in enterprise risk exposure

EA Contributions

  • Alignment of IT investments to business strategy
  • Achievement of business results directly linked to IT involvement
  • Application and platform rationalization
  • Standards in place
  • Flexible architecture
  • Better integration
  • Higher organizational satisfaction with technology-enabled services and solutions

Measurements

  • Cost reductions based on application and platform rationalization
  • Time and cost reductions due to standardization
  • Time reduction for integration
  • Service reused
  • Stakeholder satisfaction with EA services
  • Increase in customer satisfaction
  • Rework minimized
  • Lower cost of integration
  • Risk reduction
  • Faster time to market
  • Better scalability, etc.

Info-Tech Insight

Organizations must create clear and smart KPIs (key performance indicators) across the board.

From corporate strategy to enterprise architecture

A model connecting 'Enterprise Architecture' with 'Corporate Strategy' through 'EA Services' and 'EA Strategy'.

Info-Tech Insight

In the absence of a corporate strategy, enterprise architecture is missing its North Star.

However, enterprise architects can partner with the business strategists to build the needed vision.

Traceability to and from business corporate business goals to EA contributions (sample)

A model connecting 'Enterprise Architecture' with 'Corporate Goals' through 'EA Contributions'.

Enterprise architecture journey

The enterprise architecture journey, from left to right: 'Business Goals' and 'EA Maturity Assessment', 'EA Strategy', 'Industry-Specific Capability Model' and 'Customized to the Organization's Needs', 'EA Operating Model' and 'EA Governance', 'Business Architecture' and 'EA Tooling', 'Data Architecture' and 'Application Architecture', 'Infrastructure Architecture'.

Agile architecture principles

Agile architecture principles:
  • Fast learning cycle
  • Explore alternatives
  • Create environment for decentralized ideation and innovation

According to the Scaled Agile Framework, three of the most applicable principles for the architectural professions refer to the following:

  1. "Fast learning cycle" refers to learning cycles that allow for quick reiterations as well as the opportunity to fail fast to learn fast.
  2. "Explore alternatives" refers to the exploration phase and also to the need to make tough decisions and balance competing demands.
  3. "Create environment for decentralized ideation and innovation" ensures that no one has a monopoly on innovation. Moreover, EA needs to invite ideas from various stakeholders (from the business to operations as well as implementers, etc.).

Architecture roles in lean enterprises

Typical architecture roles in modern/Agile lean enterprises

  • System Architect
  • Solution Architect
  • Enterprise Architect

Depth vs. strategy focus

Typical architect roles

A graph with different architect roles mapped onto it. Axes are 'Low Strategic Impact' to 'High Strategic Impact' and 'Breadth' to 'Depth'. 'Enterprise Architect' has the highest strategic impact and most breadth. 'Technical/System Architect' has the lowest strategic impact and most depth. 'Solution Architect' sits in the middle of both axes.

Architecture roles continued

The three architect roles from above and their impacts on the list of 'Common Domains' to the right. 'Enterprise Architect's impact is 'Across Value Streams', 'Solution Architect's impact is 'Across Systems', 'Technical/System Architect's impact is 'Single System'. Adapted from Scaled Agile.

Common Domains

Business Architecture

Information Architecture

Application Architecture

Technical Architecture

Integration Architecture

Security Architecture

Others

Info-Tech Insight

All architects are boots on the ground and play in the solutioning space. What differs is their decisions’ impact (the enterprise architect’s decisions affects all domains and solutions).

SAFe definitions of the Enterprise/Solution and System Architect roles can be found here.

The role of the Enterprise Architect is detailed here.

Collaboration models across the enterprise

A collaboration model with 'Enterprise Architecture' at the top consisting of a 'Chief Enterprise Architect', 'Enterprise Architects', and 'EA Concerns across solutions': 'Architect A', 'Architect B', and 'Architect C'. Each lettered Architect is connected to their respective 'Solution Architect (A-C)' which runs their respective 'Delivery Team (A-C)' with 'Other Team Members'.(Adapted from Disciplined Agile)

There are both formal and informal collaborations between enterprise architects and solution architects across the enterprise.

Info-Tech Insight

Enterprise architects should collaborate with solutions architects to create the best solutions at the enterprise level and to provide guidance across the board.

Architect roles in SAFe

According to Scale Agile Framework 5 for Lean Enterprises:

  • The system architect participates in the Essential SAFe
  • Solution architects and system architects participate in Large Solution
  • The enterprise architect participates in the Portfolio SAFe
  • Enterprise, solution, and system architects are all involved in Full SAFe

Please check the SAFe Scaled Agile site for detailed information on the approach.

Architect roles and their participation in Agile events (see likely events and a typical calendar)

Info-Tech Insight

A clear commitment for architects to achieve and support agility is needed. Architects should not be in an ivory tower; they should be hands on and engaged in all relevant Agile ceremonies, like the pre- and post-program increment (PI) planning, etc.

Architect syncs are also required to ensure the needed collaboration.

Architect participation in Agile ceremonies, according to SAFe:

Architecture runway (at scale)

Info-Tech Insight

Architecting for scale, modularity, and extensibility is key for the architecture to adapt to changing conditions and evolve.

Proactively address NFRs; architect for performance and security.

Continuously refine the solution intent.

For large solutions, longer foundational architectural runways are needed.

Having an intentional continuous improvement/continuous development (CI/CD) pipeline to continuously release, test, and monitor is key to evolving large and complex systems.

Parallel continuous exploration/integration/deployment

A cycle titled DevOps containing three smaller cycles labelled 'Continuous Explorations', 'Continuous Integration', and 'Continuous Deployment'.

Info-Tech Insight

Architects need to help make some fundamental decisions, e.g. help define the environment that best supports continuous innovation or exploration and continuous integration, deployment, and delivery.

Typical strategic enterprise architecture involvement

Enterprise Architect —DRIVES–› Enterprise Architecture Strategy

Enterprise Architecture Strategy
  • Application Strategy
  • Business Strategy
  • Data Strategy
  • Implementation Strategy
  • Infrastructure Strategy
  • Inter-domain Collaboration
  • Integration Strategy
  • Operations Strategy
  • Security Strategy
    • (Adapted from Scaled Agile)

The EA statement relative to agility

The enterprise architecture statement relative to agility specifies the architects’ responsibilities as well as the Agile protocols they will participate in. This statement will guide every architect’s participation in planning meetings, pre- and post-PI, various syncs, etc. Use simple and concise terminology; speak loudly and clearly.

Strong EA statement relative to agility has the following characteristics:

  • Describes what different architect roles do to achieve the vision of the organization
  • In an agile way
  • Compelling
  • Easy to grasp
  • Sharply focused
  • Specific
  • Concise

Sample EA statement relative to agility

  • Create strategies that provide guardrails for the organization, provide standards, reusable assets, accelerators, and other decisions at the enterprise level that support agility.
  • Participate in pre-PI and post-PI planning activities, architect syncs, etc.

A clear statement can include additional details surrounding the enterprise architect’s role relative to agility

Below is a sample of connecting keywords to form an enterprise architect role statement, relative to agility.

Optimize, transform, and innovate by defining and implementing the [Company]’s target enterprise architecture in an agile way.

Optimize – We collaborate with the business to analyze and optimize business capabilities and business processes to enable the agile and efficient attainment of [Company name] business objectives.

Transform – We support IT-enabled business transformation programs by building and maintaining a shared vision of the future-state enterprise and consistently communicating it to stakeholders.

Innovate – We identify and develop new and creative opportunities for IT to enable the business. We communicate the art of the possible to the business.

Defining and implementing – We engage with project teams early and guide solution design and selection to ensure alignment to the target-state enterprise architecture and provide guidance and accelerators.

Target enterprise structure in an agile way – We analyze business needs and priorities and assess the current state of the enterprise. We build and maintain the target enterprise architecture blueprints that define:

  • Business capabilities and processes (business architecture)
  • Data, application, and technology assets that enable business capabilities and processes (technology architecture)
  • Architecture principles
  • Standards and reusable assets
  • Continuous exploration, integration, and deployment

Traditional vs. Agile approaches

Traditional Enterprise Architecture Next-Generation Enterprise Architecture
Scope: Technology focused Business transformation (scope includes both business and technology)
Bottom up Top down
Inside out Outside In
Point to point; difficult to change Expandable, extensible, evolvable
Control-based: Governance intensive; often over-centralized Guidance-based: Collaboration and partnership-driven based on accepted guardrails
Big up-front planning Incremental/dynamic planning; frequent changes
Functional siloes and isolated projects, programs, and portfolios Enterprise-driven outcome optimization (across value streams)

Info-Tech Insight

The role of the architecture in Lean (Agile) approaches is to set up the needed guardrails and ensure a safe environment where everyone can be effective and creative.

Design an Enterprise Architecture Strategy

Phase 2

Create the EA Value Proposition

Phase 1

  • 1.1 Explore a general EA strategy approach
  • 1.2 Introduce Agile EA architecture

Phase 2

  • 2.1 Define the business and technology drivers
  • 2.2 Define your value proposition
    •

Phase 3

  • 3.1 Realize the importance of EA fundamentals
  • 3.2 Finalize the EA fundamentals

Phase 4

  • 4.1 Select relevant EA services
  • 4.2 Finalize the set of services and secure approval

This phase will walk you through the following activities:

  • Identify and prioritize EA stakeholders.
  • Create business and technology drivers from stakeholder information.
  • Identify business pains and technology drivers.
  • Define EA contributions to alleviate the pains.
  • Create promises of value to fully articulate the value proposition.

This phase involves the following participants:

  • CIO
  • IT Leaders
  • Business Leaders

Step 2.1

Define the Business and Technology Drivers

Activities
  • 2.1.1 Use a stakeholder power map to identify and prioritize EA stakeholders
  • 2.1.2 Conduct a PESTLE analysis
  • 2.1.3 Review strategic planning documents
  • 2.1.4 Conduct EA stakeholder interviews

This step will walk you through the following activities:

  • Learn the five-step process to create an EA value proposition.
  • Uncover business and technology needs from stakeholders.

This step involves the following participants:

  • CIO
  • IT Leaders
  • Business Leaders

Outcomes of this step

An understanding of your organization’s EA needs.

Create the Value Proposition

Step 2.1 Step 2.2

Value proposition is an important step in the creation of the EA strategy

Creating an EA value proposition should be the first step to realizing a healthy EA function. The EA value proposition demonstrates to organizational stakeholders the importance of EA in helping to realize their needs.

Five steps towards the successful articulation of EA value proposition:

  1. Identify and prioritize stakeholders. The EA function must know to whom to communicate the value proposition.
  2. Construct business and technology drivers. Drivers are derived from the needs of the business and IT. Needs come from the analysis of external factors, strategic documents, and interviewing stakeholders. Helping stakeholders and the organization realize their needs demonstrates the value of EA.
  3. Discover pains that prevent driver realization. There are always challenges that obstruct drivers of the organization. Find out what they are to get closer to showing the value of EA.
  4. Brainstorm EA contributions. Pains that obstruct drivers have now been identified. To demonstrate EA’s value, think about how EA can help to alleviate those pains. Create statements that show how EA’s contribution will be able to overcome the pain to show the value of EA.
  5. Derive promises of value. Complete the articulation of value for the EA value proposition by stating how realizing the business or technology will provide in terms of value for the organization. Speak with the stakeholders to discover the value that can be achieved.

Info-Tech Insight

EA can deliver many benefits to an organization. To increase the likelihood of success, each EA group needs to commit to delivering value to their organization based on the current operating environment and the desired direction of the enterprise. An EA value proposition will articulate the group’s promises of value to the enterprise.

The foundation of an optimal EA value proposition is laid by defining the right stakeholders

All stakeholders need to know how the EA function can help them. Provide the stakeholders with an understanding of the EA strategy’s impact on the business by involving them.

A stakeholder map can be a powerful tool to help identify and prioritize stakeholders. A stakeholder map is a visual sketch of how various stakeholders interact with your organization, with each other, and with external audience segments.

An example stakeholder map with the 'Key players' quadrant highlighted, it includes 'CEO', 'CIO', and the modified position of 'CFO' after being engaged.

“Stakeholder management is critical to the success of every project in every organization I have ever worked with. By engaging the right people in the right way in your project, you can make a big difference to its success…and to your career.” (Rachel Thompson, MindTools)

2.1.1 Use a stakeholder power map to identify and prioritize EA stakeholders

2 hours

Input: Expertise from the EA strategy creation team

Output: An identified and prioritized set of stakeholders for the EA function to target

Materials: Note-taking materials, Whiteboard or flip chart, markers

Participants: EA strategy creation team

  1. A stakeholder power map helps to visualize the importance of various stakeholders and their concerns so you can prioritize your time according to the most powerful and most impacted stakeholders.
  2. Evaluate each stakeholder in terms of power, Involvement, impact, and support.
    • Power: How much influence does the stakeholder have? Enough to drive the project forward or into the ground?
    • Involvement: How interested is the stakeholder? How involved is the stakeholder in the project already?
    • Impact: To what degree will the stakeholder be impacted? Will this significantly change how they do their job?
    • Support: Is the stakeholder a supporter of the project? Neutral? A resistor?
  3. Map each stakeholder to an area on the Power Map Template.
  4. Ask yourself if the power map looks accurate. Is there someone who has no involvement in EA strategy development but should?
  5. Some stakeholders may have influence over others. For example, a COO who highly values the opinion of the Director of Operations would be influenced by that director. Draw an arrow from one stakeholder to another to signify this relationship.

Download the Stakeholder Power Map Template for more detailed instructions on completing this activity.

Each stakeholder will have a set of needs that will influence the final EA value proposition

All stakeholders will have a set of needs they would like to address. Take those needs and translate them into business and technology drivers. Drivers help clearly articulate to stakeholders, and the EA function, the stakeholder needs to be addressed.

Business Driver

Business drivers are internal or external business conditions, changing business capabilities, and changing market trends that impact the way EA operates and provides value to the enterprise.

Examples:

Ensure corporate compliance with legislation pertaining to data and security (e.g. regulated oil fields).

Enable the automation and digitization of internal processes and services to business stakeholders.

Technology Driver

Technology drivers are internal or external technology conditions or factors that are not within the control of the EA group that impact the way that the EA group operates and provides value to the enterprise.

Examples:

Establish standards and policies for enabling the organization to take advantage of cloud and mobile technologies.

Reduce the frequency of shadow IT by lowering the propensity to make business–technology decisions in isolation.

(Source: The Strategic CFO, 2013)

Gather information from stakeholders to begin the process of distilling business and technology drivers

Review information sources, then analyze them to derive business and technology drivers. Information sources are not targeted towards EA stakeholders. Analyze the information sources to create drivers that are relevant to EA stakeholders.

Information Sources Drivers (Examples)

PESTLE Analysis

Strategy Documents

Stakeholder Interviews

SWOT Analysis

—›

Analysis

 —›

Help the organization align technology investments with corporate strategy

Ensure corporate compliance with legislation.

Increase the organization’s speed to market.

Business and Technology Needs

By examining information sources, the EA team will come across a set of business and technology needs. Through analysis, these needs can be synthesized into drivers.

The PESTLE analysis will help you uncover external factors impacting the organization

PESTLE examines six perspectives for external factors that may impact business and technology needs. Below are prompting questions to facilitate a PESTLE analysis working session.

Political
  • Will a change in government (at any level) affect your organization?
  • Do inter-government or trade relations affect you?
  • Are there shareholder needs or demands that must be considered?
  • How are your costs changing (moving off-shore, fluctuations in markets, etc.)?
  • Do currency fluctuations have an effect on your business?
  • Can you attract and pay for top-quality talent (e.g. desirable location, reasonable cost of living, changes to insurance requirements)?
 Economic
Social
  • What are the demographics of your customers and/or employees?
  • What are the attitudes of your customers and/or staff (e.g. do they require social media, collaboration, transparency of costs)?
  • What is the general lifecycle of an employee (i.e. is there high turnover)?
  • Is there a market of qualified staff?
  • Is your business seasonal?
  • Do you require constant technology upgrades (e.g. faster network, new hardware)?
  • What is the appetite for innovation within your industry/business?
  • Are there demands for increasing data storage, quality, BI, etc.?
  • Are you looking to cloud technologies?
  • What is the stance on bring your own device?
  • Are you required to do a significant amount of development work in-house?
 Technological
Legal
  • Are there changes to trade laws?
  • Are there changes to regulatory requirements (i.e. data storage policies, privacy policies)?
  • Are there union factors that must be considered?
  • Is there a push towards being environmentally friendly?
  • Does the weather have any effect on your business (hurricanes, flooding, etc.)?
 Environmental

2.1.2 Conduct a PESTLE analysis

2 hours

Input: Expertise from EA strategy creation team

Output: Identified set of business and technology needs from PESTLE

Materials: Note-taking materials, Whiteboard or flip chart, markers

Participants: EA strategy creation team

  1. Begin conducting the PESTLE analysis by breaking the participants into groups. Divide the six different perspectives amongst the groups.
  2. Ask each group to begin to derive business and technology needs from their assigned perspectives. Use some of the areas noted below along with the questions on the previous slide to derive business and technology needs.
    • Political: Examine taxes, environmental regulations, and zoning restrictions.
    • Economic: Examine interest rates, inflation rate, exchange rates, the financial and stock markets, and the job market.
    • Social: Examine gender, race, age, income, disabilities, educational attainment, employment status, and religion.
    • Technological: Examine servers, computers, networks, software, database technologies, wireless capabilities, and availability of Software as a Service.
    • Legal: Examine trade laws, labor laws, environmental laws, and privacy laws.
    • Environmental: Examine green initiatives, ethical issues, weather patterns, and pollution.
  3. Ask each group to take into account the following questions when deriving business and technology needs:
    • Will business components require any changes to address the factor?
    • Will information technology components changes be needed to address any factor?
  4. Have each team record its findings. Have each team present its list and have remaining teams give feedback and additional suggestions. Record any changes in this step.

Download the PESTLE Analysis Template to assist with completing this activity.

Strategic planning documents can provide information regarding the direction of the organization

Some organizations (and business units) create an authoritative strategy document. These documents contain corporate aspirations and outline initiatives, reorganizations, and shifts in strategy. From these documents, a set of business and technology needs can be generated.

Overt Statements

  • Corporate objectives and initiatives are often explicitly stated in these documents. Look for statements that begin with phrases such as “Our corporate objectives are…”
  • Remember that different organizations use different terminology; if you cannot find the word goal or objective then look for “pillar,” “imperative,” “theme,” etc.

Turn these statements to business and technology needs by:

Asking the following:
  • Is there a need from a business perspective to address these objectives, initiatives, and shifts in strategy?
  • Is there a need from a technology perspective to address these objectives, initiatives, and shifts in strategy?

Covert Statements

  • Some corporate objectives and initiatives will be mentioned in passing and will require clarification. For example: “As we continue to penetrate new markets, we will be diversifying our manufacturing geography to simplify distribution.”

2.1.3 Review strategic planning documents

2 hours

Input: Strategic documents in the organization

Output: Identified set of business and technology needs from documents

Materials: Note-taking materials, Whiteboard or flip chart, markers

Participants: EA strategy creation team

Begin the identification process of business and technology needs from strategic documents with the following steps:

  1. Work with the EA strategy creation team to identify the strategic documents within the organization. Look for documents with any of the following content:
    • Corporate strategy document
    • Business unit strategy documents
    • Annual general reports
  2. Gather the strategic documents into one place and call a meeting with the EA strategy creation team to identify the business and technology needs in those documents.
  3. Pick one document and look through its contents. Look for future-looking words such as:
    • We will be…
    • We are planning to…
    • We will need…
  4. Consider those portions of the document with future-looking words and ask the following:
    • Will business components require any changes to address these objectives?
    • Will information technology components changes be needed to address these objectives?
  5. Record the business and technology needs identified in step 4. As well, record any questions you may have regarding the document contents for stakeholders to validate later.
  6. Move to the next document once complete. Complete steps 3-5 for the remaining strategy documents.

Stakeholder interviews will help you collect primary data and will shed light on stakeholder priorities and challenges

In this interview process, you will be asking EA stakeholders questions that uncover their business and technology needs. You will also be able to ask follow-up questions to get a better understanding of abstract or complex concepts from the strategy document review and PESTLE analysis.

EA Stakeholders:

  • Stakeholders may not think of their business and technology needs. But stakeholders will often explicitly state their objectives and initiatives.
  • Objectives often result in risks, opportunities, and annoyances:
    • Risks: Potential damage associated with pursuing an objective or initiative.
    • Opportunities: Potential gains that could be leveraged when capturing objectives and initiatives.
    • Annoyances: Roadblocks that could hinder the pursuit of objectives and initiatives.
  • Ask stakeholders questions on these areas to discern their business and technology needs.

Risks + Opportunities + Annoyances –› Business and Technology Needs

2.1.4 Conduct EA stakeholder interviews

4-8 hours

Input: Expertise from the EA stakeholders

Output: Business and technology needs for EA stakeholders

Materials: Note-taking materials, Whiteboard or flip chart, markers

Participants: EA strategy creation team, Identified EA stakeholders

  1. Schedule an interview with each of the stakeholders that were identified as key stakeholders in the Stakeholder Power Map.
  2. Meet with the key EA stakeholders and start business and technology needs gathering. Schedule each identified key stakeholder for an interview.
  3. When a stakeholder arrives for their interview, ask the following questions and record the answers to help uncover needs. Be sure to record which stakeholder answered the question. Further, record any future stakeholders that agree.
    • What are the current strengths of your organization?
    • What are the current weaknesses of your organization?
    • What is the number 1 risk you need to prevent?
    • What is the number 1 opportunity you want to capitalize on?
    • What is the number 1 annoying pet peeve you want to remove?
    • How would you prioritize these risks, opportunities, and annoyances?
  4. Recorded answer example: “We can’t see what the other departments are doing; when we spend a lot of money to invest in something, we later find out the capability is already within the company.”
  5. After completing each interview, verify with each stakeholder that you have captured their business and technology needs. Continue the interview process until all identified key stakeholders have been interviewed.
  6. Capture all inputs into a SWOT (strengths, weaknesses, opportunities, and threats) format.

Step 2.2

Define Your Value Proposition

Activities
  • 2.2.1 Create a set of business and technology drivers from business and technology needs
  • 2.2.2 Identify the pains associated with the business and technology drivers
  • 2.2.3 Identify the EA contributions that can address the pains
  • 2.2.4 Create promises of value to shape the EA value proposition

This step will walk you through the following activities:

  • Use business and technology drivers to determine EA’s role in your organization.

This step involves the following participants:

  • CIO
  • IT Leaders
  • Business Leaders

Outcomes of this step

A value proposition document that ties the value of the EA function to stakeholder needs.

Create the EA Value Proposition

Step 2.1 Step 2.2

Synthesize the collected data into business and technology drivers

Two triangles labelled 'Business needs' and 'Technology needs' point to a cloud labelled 'Analysis', which connects to the driver attributes on the right via a dotted line.

There are several key attributes that a driver should have.

Driver Key Attributes
  • A succinct statement.
  • Begins with “action words” to communicate a call to action (e.g. Support, Help, Enable).
  • Written in a language understood by all parties involved.
  • Communicates a need for improvement or prevention.

“The greatest impact of enterprise architecture is the strategic impact. Put the mission and the needs of the organization first.” (Matthew Kern, Clear Government Solutions)

2.2.1 Create a set of business and technology drivers from business and technology needs

3 hours

Input: Expertise from EA strategy creation team

Output: A set of business and technology drivers

Materials: Note-taking materials, Whiteboard or flip chart, markers

Participants: EA strategy creation team, EA stakeholders

Meet with the EA strategy creation team and follow the steps below to begin the process of synthesizing the business and technology needs into drivers.

  1. Lay out the documented business and technology needs your team gathered from PESTLE analysis, strategy document reviews, and stakeholder interviews.
  2. Assess the documented business and technology needs to see if there are common themes. Consolidate those similar business and technology needs by crafting one driver for them. For example:
    • PESTLE: Influx of competitors in the marketplace causing tighter margins.
    • Document review: Improve investment quality and their value to the organization.
    • Stakeholder interview: “We can’t see what the other departments are doing; when we spend a lot of money to invest in something, we later find out the capability is already within the company.”
    • Consolidated business driver example: Help the organization align investments with the corporate strategy and departmental priorities.
  3. As well, synthesize the business and technology needs that cannot be consolidated.
  4. Verify the completed list of drivers with stakeholders. This is to ensure you have fully captured their needs.

Download the EA Value Proposition Template to record your findings in this activity.

When addressing business and technology drivers, an organization can expect obstacles

A pain is an obstacle that business stakeholders will face when attempting to address business and technology drivers. Identify the pains associated with each driver so that EA’s contributions can be linked to resolving obstacles to address business needs.

Business and Technology Drivers

Pains
Created by assessing information sources. A sentence that states the nature of the pain and how the pain stops the organization from addressing the drivers.
Examples:
  • Business driver: Help the organization align investments with the corporate strategy and departmental priorities.
  • Technology driver: Improve the organization’s technology responsiveness and increase speed to market.
 Examples:
  • Business driver pains: Lack of holistic view of business capabilities obstructs the organization from aligning investments with corporate strategy and departmental priorities.
  • Technology driver pains: Ineffective application development requiring delays decreases the speed to market.

2.2.2 Identify the pains associated with the business and technology drivers

2 hours

Input: Expertise from EA strategy creation team and EA stakeholders

Output: An associated pain that obstructs each identified driver

Materials: Note-taking materials, Whiteboard or flip chart, markers

Participants: EA strategy creation team, EA stakeholders

Call a meeting with the EA strategy creation team and any available stakeholders to identify the pains that obstruct addressing the business and technology drivers.

Take each driver and ask the questions below to the EA strategy creation team and to any EA stakeholders who are available. Record the answers to identify the pains when realizing the drivers.

  1. What are your challenges in performing the activity or process today?
  2. What other business activities/processes will be impacted/improved if we solve this?
  3. What compliance/regulatory/policy concerns do we need to consider in any solution?
  4. What are the steps in the process/activity?

Take the recorded answers and follow the steps below to create the pain statements:

  1. Answers to the questions above can be long, unfocused, or spoken in a casual manner. To turn the answer into pains, refine the recorded answers into a succinct sentence that captures its meaning.
    • Recorded answer example: “I feel like there needs to be a holistic view of the organization. If we had a tool to see all the capabilities across the business, then we can figure out what investments should be prioritized.”
    • Example of pain statement: Lack of holistic view of business capabilities obstructs the organization from aligning investments with corporate strategy and departmental priorities.
  2. When the list of pains has been written out, verify with the stakeholders that you have fully captured their pains.

Download the EA Value Proposition Template to record your findings in this activity.

The identified pains can be alleviated by a set of EA contributions

Set the foundations for the value proposition by brainstorming the EA contributions that can alleviate the pains.

Business and technology drivers produce:

Pains

 —›
EA contributions produce:

Value by alleviating pains
Pains

Obstructions to addressing business and technology drivers. Stakeholders will face these pains.

Examples
  • Business driver pains: Lack of holistic view of business capabilities obstructs the organization from aligning investments with corporate strategy and departmental priorities.
EA contributions

Activities the EA function can perform to help alleviate the pains. Demonstrates the contributions the EA function can make to business value.

Examples:
  • Business driver EA contributions: Business capability mapping shows the business capabilities of the organization and the technology that supports those capabilities in the current and target state. This provides a view for the set of investments that are needed by the organization, which can then be prioritized.

Enterprise architecture functions can provide a diverse set of contributions to any organization – Sample

EA contribution category EA contribution details
Define business capabilities and processes As-is and target business capabilities and processes are documented and understood by both IT and the business.
Design information flows and services Information flows and services effectively support business capabilities and processes.
Analyze gaps and identify project opportunities Create informed project identification, scope definition, and project portfolio management.
Optimize technology assets Greater homogeneity and interoperability between tangible and intangible technology assets.
Create and maintain technology standards Decrease development, integration, and support efforts. Reduce complexity and improve interoperability.
Rationalize technology assets Tangible and intangible technology assets are rationalized to adequately and efficiently support information flows and services.

2.2.3 Identify the EA contributions that can address the pains

2 hours

Input: Expertise from EA strategy creation team

Output: EA contributions that addresses the pains that were identified

Materials: Note-taking materials, Whiteboard or flip chart, markers

Participants: EA strategy creation team

Gather with the EA strategy creation team, take each pain, then ask and record the answers to the questions below to identify the EA contributions that would solve the pains:

  1. What activities can the EA practice conduct to overcome the pain?
  2. What are the core EA models that can help accurately define the problem and assist in finding appropriate resolutions?
  3. What are the general EA benefits that can be associated with solving this pain?

Answers to the questions above will generate a list of activities EA can do to help alleviate the pains. Use the following steps to complete this activity:

  1. Create a stronger tie between the EA contributions and pains by linking the EA contribution statement to the pain.
    • Example of pain statement: Lack of holistic view of business capabilities obstructs the organization from aligning investments with corporate strategy and departmental priorities.
    • Example of EA contributions statement: Business capability mapping shows the business capabilities of the organization and the technology that supports those capabilities in the current and target state. This provides a view for the set of investments that are needed by the organization, which can then be prioritized.
  2. Verify with the stakeholders that they understand the EA contributions have been written out and how those contributions address the pains.

Download the EA Value Proposition Template to record your findings in this activity.

EA promises of value articulate EA’s commitment to the organization

  • Business Goals and Technology Drivers
    A set of statements created from business and technology needs. Gathered from information sources, it communicates improvements needed.

    • Value Streams, Aspirations, Long-Term Goals
      Value streams, aspirations, long-term goals

      • EA Contributions
        EA contributions that will alleviate the obstructions. Removing the obstructions will allow EA to help satisfy business and technology needs.

        • Promise of Value
          A statement that depicts a concrete benefit the EA practice can provide for the organization in response to business and technology drivers.
          Communicate the statements in a language that stakeholders understand to complete the articulation of EA’s value proposition.

2.2.4 Create promises of value to shape the EA value proposition

2 hours

Input: Expertise from EA strategy creation team and EA stakeholders

Output: Promises of value for each business and technology driver

Materials: Note-taking materials, Whiteboard or flip chart, markers

Participants: EA strategy creation team, EA stakeholders

Now that the EA contributions have been identified, identify the promises of value to articulate the value proposition.

Take each driver, then ask and record the answers to the questions below to identify the promises of value when realizing the drivers:

  1. What does amazing look like if we solve this perfectly?
  2. What other business activities/processes will be impacted/improved if we solve this?
  3. What measures of success/change should we use to prove value of the effort (KPIs/ROI)?

Take the recorded answers and follow the steps below to create the promises of value.

  1. Answers to the questions above can be long, unfocused, or spoken in a casual manner. To turn the answer into a promise of value, refine the recorded answer into a succinct sentence that captures its meaning.
    • Business driver example: Help the organization align investments with the corporate strategy and departmental priorities.
    • Recorded answer example: “If this would be solved perfectly, we would have a very easy time planning investments and investment planning hours can be spent doing other activities.”
    • Promises of value example: Increase the number of investments that have a direct tie to corporate strategy.
  2. When the promises of value have been written out, verify with the stakeholders that you have fully captured their ideas.

Download the EA Value Proposition Template to record your findings in this activity.

Design an Enterprise Architecture Strategy

Phase 3

Build the EA Fundamentals

Phase 1

  • 1.1 Explore a general EA strategy approach
  • 1.2 Introduce Agile EA architecture

Phase 2

  • 2.1 Define the business and technology drivers
  • 2.2 Define your value proposition

Phase 3

  • 3.1 Realize the importance of EA fundamentals
  • 3.2 Finalize the EA fundamentals
    •

Phase 4

  • 4.1 Select relevant EA services
  • 4.2 Finalize the set of services and secure approval

This phase will walk you through the following activities:

  • Create an EA vision statement and an EA mission statement.
  • Create EA goals, define EA objectives, and link them to EA goals.
  • Define the EA function scope dimensions.
  • Create a set of EA principles for your organization.
  • Discuss current methodology.

This phase involves the following participants:

  • CIO
  • EA Team
  • IT Leaders
  • Business Leaders

Step 3.1

Realize the Importance of EA Fundamentals

Activities
  • 3.1.1 Create the EA vision statement
  • 3.1.2 Create the EA mission statement
  • 3.1.3 Create EA goals
  • 3.1.4 Define EA objectives and link them to EA goals
  • 3.1.5 Record the details of each EA objective

This step will walk you through the following activities:

  • Define and document the fundamentals that guide the EA function.

This step involves the following participants:

  • CIO
  • EA Team
  • IT Leaders
  • Business Leaders

Outcomes of this step

  • Vision and mission statements for the EA function.
  • A set of EA goals and a set of objectives to track progression toward those goals.
Build the EA Fundamentals
Step 3.1 Step 3.2

EA fundamentals guide the EA function

EA fundamentals include a vision statement, a mission statement, goals and objectives, and principles. They are a set of documented statements that guide the EA function. The fundamentals guide the EA function in terms of its strategy and decision making.

EA vision statement EA mission statement

EA fundamentals
EA goals and objectives EA principles

Info-Tech Insight

Treat the critical elements of the EA group the same way as you would a business. Create a directional foundation for EA and define the vision, mission, goals, principles, and scope necessary to deliver on the established value proposition.

The EA vision statement articulates the aspirations of the EA function

The enterprise architecture vision statement communicates a desired future state of the EA function. The statement is expressed in the present tense. It seeks to articulate the desired role of the EA function and how the EA function will be perceived.

Strong EA vision statements have the following characteristics:

  • Describe a desired future
  • Focus on ends, not means
  • Communicate promise
  • Concise, no unnecessary words
  • Compelling
  • Achievable
  • Inspirational
  • Memorable

Sample EA vision statements:

  • To be a trusted partner for both the business and IT, driving enterprise effectiveness, efficiency, and agility at [Company Name].
  • To be a trusted partner and advisor to both the business and IT, contributing to business-IT alignment and cost reduction at [Company Name].
  • To create distinctive value and accelerate [Company Name]’s transformation.

The EA mission statement articulates the purpose of the EA function

The enterprise architecture mission statement specifies the team’s purpose or “reason of being.” The mission should guide each day’s activities and decisions. The mission statements use simple and concise terminology, speak loudly and clearly, and generate enthusiasm for the organization.

Strong EA mission statements have the following characteristics:

  • Articulates EA function purpose and reason for existence
  • Describes what the EA function does to achieve its vision
  • Defines who the customers of the EA function are
  • Compelling
  • Easy to grasp
  • Sharply focused
  • Inspirational
  • Memorable
  • Concise

Sample EA mission statements:

  • Define target enterprise architecture for [Company Name], identify solution opportunities, inform IT investment management, and direct solution development, acquisition, and operation compliance.
  • Synergize with both the business and IT to define and help realize [Company Name]’s target enterprise architecture that enables the business strategy and optimizes IT assets, resources, and capabilities.

The EA vision and mission statements become relevant to EA stakeholders when linked to the promises of value

The process for constructing the enterprise architecture vision statement and enterprise architecture mission statement is articulated below.

Promises of value Derive keywords Construct draft statements Reference test criteria Finalize statements
Derive the a set of keywords from the promises of value to accurately capture their essence. Create the initial statement using the keywords. Check the initial statement against a set of test criteria to ensure their quality. Finalize the statement after referencing the initial statement against the test criteria.

Derive keywords from promises of value to begin the vision and mission statement creation process

Develop keywords by summarizing the promises of value that were derived from drivers into one word that will take on the essence of the promise. See examples below:

Business and technology drivers Promises of value Keywords
Help the organization align investments with the corporate strategy and departmental priorities. Increase the number of investments that have a direct tie to corporate strategy. Business
Support the rapid growth and development of the company through fiscal planning, project planning, and technology sustainability. Ensure budgets and projects are delivered on time with the assistance of technology. IT-Enabled
Reduce the duplication and work effort to build and deploy technology solutions across the entire organization. Aim to reduce the number of redundant applications in the organization to streamline processes and save costs. Catalyst
Improve the organization’s technology responsiveness and increase speed to market. Reduce the number of days required in the SDLC for all core business support projects. Value delivery

An inspirational vision statement is greater than the sum of the individual words

Ensure the sentence is cohesive and captures additional value outside of the keywords. The statement as a whole should be greater than the sum of the parts. Expand upon the meaning of the words, if necessary, to communicate the value. Below is an example of a finished vision statement.

Sample

Be a catalyst for IT-enabled business value delivery.

Catalyst – We will continuously interact with the business and IT to accelerate and improve results.

IT-enabled – We will ensure the optimal use of technology in enabling business capabilities to achieve business objectives.

Business – We will be perceived as a business-focused unit that understands [Company name]’s business priorities and required business capabilities.

Value delivery – EA’s value will be recognized by both business and IT stakeholders. We will track and market EA’s contribution to business value organization-wide.

A clear mission statement can include additional details surrounding the EA team’s desired and expected value

Likewise, below is a sample of connecting keywords together to form an EA mission statement:

Optimize, transform, and innovate by defining and implementing the [Company]’s target enterprise architecture.

Optimize – We collaborate with the business to analyze and optimize business capabilities and business processes to enable the agile and efficient attainment of [Company name] business objectives.

Transform – We support IT-enabled business transformation programs by building and maintaining a shared vision of the future-state enterprise and consistently communicating it to stakeholders.

Innovate – We identify and develop new and creative opportunities for IT to enable the business. We communicate the art of the possible to the business.

Defining and implementing – We engage with project teams early and guide solution design and selection to ensure alignment to the target-state enterprise architecture.

Target enterprise structure – We analyze business needs and priorities and assess the current state of the enterprise. We build and maintain the target enterprise architecture blueprints that define:

  • Business capabilities and processes (business architecture)
  • Data, application, and technology assets that enable business capabilities and processes (technology architecture)
  • Architecture principles and standards

3.1.1 Create the EA vision statement

1 hour

Input: Identified promises of value, Vision statement test criteria

Output: EA function vision statement

Materials: Note-taking materials, Whiteboard or flip chart, markers

Participants: EA strategy creation team

Begin the creation of the EA vision statement by following the steps below:

  1. Gather the EA strategy creation team and have the promises of value from the EA value proposition laid out.
  2. Select one promise of value and work with the team to identify one word that captures the essence of that promise of value.
  3. Continue to the next promise of value until all of the promises of value have a keyword identified.
  4. Have the identified set of keywords laid out and see if any of their meanings are similar and can be consolidated together. Consolidate similar meaning keywords.
  5. Create the initial draft of the EA vision statement by linking the keywords together.
  6. Check the initial draft of the vision statement against the test criteria below. Ask the team if the vision statement satisfies each of the test criteria.
    • Do you find this vision exciting?
    • Is the vision clear, compelling, and easy to grasp?
    • Does this vision somehow connect to the core purpose?
    • Will this vision be exciting to a broad base of people in the organization, not just those within the EA team?
  7. Make changes to the initial draft to satisfy the test criteria. Socialize the EA vision statement with EA stakeholders to make sure it captures their needs.

3.1.2 Create the EA mission statement

1 hour

Input: Identified promises of value, Mission statement test criteria

Output: EA function mission statement

Materials: Note-taking materials, Whiteboard or flip chart, markers

Participants: EA strategy creation team

Begin the creation of the EA mission statement by following the steps below:

  1. Gather the EA strategy creation team and have the promises of value from the EA value proposition laid out.
  2. Select one promise of value and work with the team to identify one word that captures the essence of that promise of value.
  3. Continue to the next promise of value until all of the promises of value have a keyword identified.
  4. Have the identified set of keywords laid out, and see if any of their meanings are similar and can be consolidated together. Consolidate similar meaning keywords.
  5. Create the initial draft of the EA mission statement by linking the keywords together.
  6. Check the initial draft of the mission statement against the following test criteria below. Ask the team if the mission statement satisfies each of the test criteria.
    • Do you find this purpose personally inspiring?
    • Does the purpose help you to decide what activities to not pursue, to eliminate from consideration? Is this purpose authentic – something true to what the organization is all about – not merely words on paper that sound nice?
    • Would this purpose be greeted with enthusiasm rather than cynicism by a broad base of people in the organization?
  7. Make changes to the initial draft to satisfy the test criteria. Socialize the EA mission statement with EA stakeholders to make sure it captures their needs.

EA goals demonstrate the achievement of success of the EA function

Enterprise architecture goals define specific desired outcomes of an EA function. EA goals are important because they establish the milestones the EA function can strive toward to deliver their promises of value.

Inform EA goals by examining:

Promises of value

 —›
EA goals produce:

Targets and milestones
Promises of value

Produce EA strategic outcomes that can be classified into four categories. The four categories are:

  • Business performance
  • IT performance
  • Customer value
  • Risk management
EA goals

Support the strategic outcomes. EA goals can be strategic or operational:

  • EA strategic goals support the strategic outcomes.
  • EA operational goals help measure the architecture capability quality and supporting processes.

3.1.3 Create EA goals

2 hours

Input: Identified promises of value

Output: EA goals

Materials: Note-taking materials, Whiteboard or flip chart, markers

Participants: EA strategy creation team

Begin the creation of EA goals by following the steps below:

  1. Gather the EA strategy creation team and the identified promises of value from Phase 2, Create the EA Value Proposition.
  2. Open the EA Goals and Objectives Template and examine the list of default EA goals already within the template.
  3. Take the identified promises of value and discuss with the team if any of the EA goals in the template relate to the promises of value. Record the related EA goal and promise of value. See example below:
    • Promises of value example: Increase the number of investments that have a direct tie to corporate strategy.
    • Related EA goal example: Alignment of IT and business strategy.
  4. Repeat step 3 until all identified promises of value have been examined in relation to the EA goals in the template.
  5. If there are promises of value that are not related to an EA goal in the template, create EA goals to relate to those promises of value. Keep in mind that EA goals need to support the strategic outcomes produced by the promises of value. Record the EA goals in the template and document the related promises of value.

Download the EA Goals and Objectives Template to assist with completing this activity.

Starting with COBIT, select the appropriate objectives to track EA goals – Sample

Below are examples of EA goals and the objectives that track their performance:

IT performance-oriented goals Objectives
Alignment of IT and business strategy
  • Increase the percentage of enterprise strategic goals and requirements supported by IT strategic goals by X percent in the fiscal year.
  • Improve stakeholder satisfaction with planned function and services portfolio scope by X percent in the fiscal year.
  • Increase the percentage of IT value drivers mapped to business value drivers by X percent in the next fiscal year.
Increase in IT agility
  • Improve business executive satisfaction with IT’s responsiveness to new requirements by X percent in the fiscal year.
  • Increase the number of critical business processes supported by up-to-date infrastructure and applications in the next three years.
  • Lower the average time to turn strategic IT objectives into agreed-upon and approved initiatives.
Optimization of IT assets, resources, and capabilities
  • Increase the frequency of capability maturity and cost optimization assessments.
  • Improve the frequency of reporting for assessment result trends.
  • Raise the satisfaction levels of business and IT executives with IT-related costs and capabilities by X percent.

3.1.4 Define EA objectives and link them to EA goals

2 hours

Input: Defined EA goals

Output: EA objectives linked to EA goals

Materials: Note-taking materials, Whiteboard or flip chart, markers

Participants: EA strategy creation team

Begin the process of defining EA objectives and linking them to EA goals using the following steps:

  1. Gather the EA strategy creation team and open the EA Goals and Objectives Template.
  2. Have the goals laid out, and refer to the objectives already in the EA Goals and Objectives Template. Examine if any of them will fit the goals your team has created.
  3. If some of the goals your team has created do not fit with the objectives in the template, begin the process of creating new objectives. Remember, EA objectives are SMART metrics that help track the progress toward the EA goals.
  4. Create an EA objective and check if it is SMART by asking some of the questions below:
    • Specific: Is the objective specific to the goal? Is the objective clear to anyone who has basic knowledge of the goal?
    • Measurable: Is it possible to figure out how far the team would be away from completing the objective?
    • Agreed Upon: Does everyone involved agree the objective is the correct way to measure progress?
    • Realistic: Can the objective be met within the availability of resources, knowledge, and time?
    • Time Based: Is there a time-bound component to the goal?
  5. Continue to create new objectives until each goal has an objective linked to it.

Download the EA Goals and Objectives Template to assist with completing this activity.

For each of the objectives, determine how they will be collected, reported, and implemented

Add details to the enterprise architecture objectives previously defined to increase their clarity to stakeholders.

EA objective detail category Description
Unit of measure
  • The unit in which the objective will be presented.
Calculation formula
  • The formula by which the objective will be calculated.
Objective baseline, status, and target
  • Baseline: The state of the objective at the start of measurement.
  • Status: The current state of the measurement.
  • Target: The target state the measurement should reach.
Data collection
  • Responsible: The individual responsible for collecting the data.
  • Source: Where the data originates.
  • Frequency: How often the data will be collected to calculate the objective.
Reporting
  • Target Audience: The people the objective will be presented to.
  • Method: The method used to present the data collected on the objective (e.g. report, presentation).
  • Frequency: How often the data will be presented to the target audience.

3.1.5 Record the details of each EA objective

2 hours

Input: Defined list of EA objectives

Output: Increased detail into each defined EA objective

Materials: Note-taking materials, Whiteboard or flip chart, markers

Participants: EA strategy creation team

Record the details of each EA objective. Use the following steps below to assist with recording the details:

  1. Gather the EA strategy creation team, and open the EA Goals and Objectives Template.
  2. Select one objective that has been identified and discuss the formula for calculating the objective and in what units the objective will be recorded. Record the information in the “Calculation formula” and “Unit of measure” columns in the template once they have been agreed upon.
  3. Using the same objective, move to the “Data Collection” portion of the template. Discuss and record the following: the source of the data that generates the objective, the frequency of reporting on the objective, and the person responsible for reporting the objective.
  4. Move to the “Reporting” portion of the template. Discuss and record the target audience for the objective and the reporting frequency and method to those audiences.
  5. Examine the “Objective baseline,” “Objective status,” and “Objective target” columns. Record any measurement you may currently have in the “Objective baseline” column. Record what you would like the objective measurement to be in the “Objective target” column. Note: Keep track of the progression towards the target in the “Objective status” column in the future.
  6. Select the next objective and complete steps 2–5 for that measure. Continue this process until you have recorded details for all objectives.

Download the EA Goals and Objectives Template to assist with completing this activity.

Step 3.2

Finalize the EA Fundamentals

Activities
  • 3.2.1 Define the organizational coverage dimension of the EA function scope
  • 3.2.2 Define the architectural domains and depth dimension
  • 3.2.3 Define the time horizon dimension
  • 3.2.4 Create a set of EA principles for your organization
  • 3.2.5 Add the rationale and implications to the principles
  • 3.2.6 Operationalize the EA principles
  • 3.2.7 Discuss the need for classical methodology and/or a combination including Agile practices

This step will walk you through the following activities:

  • Define the EA function scope dimensions.
  • Create a set of EA principles.
  • Discuss the organization’s current methodology, if any, and whether it works for the business.

This step involves the following participants:

  • CIO
  • EA Team
  • IT Leaders
  • Business Leaders

Outcomes of this step

  • Defined scope of the EA function.
  • A set of EA principles for your organization.
  • A decision on traditional vs. Agile methodology or a blend of both.

Build the EA Fundamentals

Step 3.1 Step 3.2

A clear EA function scope defines the EA sandbox

The EA function scope constrains the promises of value the EA function will deliver on by taking into account factors across four dimensions. The EA function scope ensures that the EA function is not stretched beyond its current/planned means and capabilities when delivering the promised value. The four dimensions are illustrated below:

Organizational coverage
Determine the focus of the enterprise architecture effort in terms of specific business units, functions, departments, capabilities, or geographical areas. 		Depth
Determine the appropriate level of detail to be captured, based on the intended use of the enterprise architecture and the contingent decisions to be made.

EA Scope
Architectural Domains
Determine the EA domains (business, data, application, infrastructure, security) that are appropriate to address stakeholder concerns and architecture requirements. 		Time horizon
Determine the target-state architecture’s objective time period.

The EA function scope is influenced by the EA value proposition and previously developed EA fundamentals

Establish the EA function scope by using the EA value proposition and EA fundamentals that have been developed. After defining the EA function scope, refer back to these statements to ensure the EA function scope accurately reflects the EA value proposition and EA fundamentals.

EA value proposition

+

EA vision statement
EA mission statement
EA goals and objectives

—›
Influences

Organizational coverage

Architectural domains

Depth

Time horizon

—›
Defines 		EA function scope

EA scope – Organizational Coverage

The organizational coverage dimension of EA scope determines the focus of enterprise architecture effort in the organization. Coverage can be determined by specific business units, functions, departments, capabilities, or geographic areas. Info-Tech has typically seen two types of coverage based on the size of the organization.

Small and medium-size enterprise

Indicators: Full-time employees dedicated to manage its data and IT infrastructure. Individuals are IT generalists and may have multiple roles.

Recommended coverage: Typically, for small and medium-size businesses, the organizational coverage of architecture work is the entire enterprise. (Source: The Open Group, 2018)

Large enterprise

Indicators: Dedicated full-time IT staff with expertise to manage specific applications or parts of the IT infrastructure.

Recommended coverage: For large enterprises, it is often necessary to develop a number of architectures focused on specific business segments and/or geographies. In this federated model, an overarching enterprise architecture should be established to ensure interoperability and conformance to overarching EA principles. (Source: DCIG, 2011)

EA objectives track the progression towards the target set by EA goals

Enterprise architecture objectives are specific metrics that help measure and monitor progress towards achieving an EA goal. Objectives are SMART.

EA goals —› EA objectives
  • EA strategic goals:
    • Business performance
    • IT performance
    • Customer value
    • Risk management
  • EA operational goals
  • Specific
  • Measurable
  • Agreed upon
  • Realistic
  • Time bound
(Source: Project Smart, 2014)

Download the EA Goals and Objectives Template to see examples between the relationship of EA goals to objectives.

Measure the EA strategy effectiveness by tracking the benefits it provides to the corporate business goals

The success of the EA function is influenced by the following:

  • The delivery of EA-enabled business outcomes that are most important to the enterprise.
  • The alignment between the business and IT from a planning perspective.
  • Improvements in the corporate business goals due to EA contributions (standardization, rationalization, reuse, etc.).
Corporate Business Goals Measurements
  • Reduction in operating costs
  • Decrease in regulatory compliance infractions
  • Increased revenue from existing channels
  • Increased revenue from new channels
  • Faster time to business value
  • Improved business agility
  • Reduction in enterprise risk exposure
  • Cost reductions based on application and platform rationalization
  • Standard-based solutions
  • Time reduction for integration
  • Service reused
  • Stakeholder satisfaction with EA services
  • Increase customer satisfaction
  • Rework minimized
  • Lower cost of integration
  • Risk reduction
  • Faster time to market
  • Better scalability, etc.

3.2.1 Define the organizational coverage dimension of the EA function scope

2 hours

Input: EA value proposition, Previously defined EA fundamentals

Output: Organizational coverage dimension of EA scope defined

Materials: Note-taking materials, Whiteboard or flip chart, markers

Participants: EA strategy creation team

Define the organizational coverage of the EA function scope using the following steps below:

  1. Gather the EA strategy creation team. As well, gather the EA value proposition, the EA vision and mission statements, and the EA goals and objectives your team has already created.
  2. Ask the team to read each of the documents gathered in the previous step. This ensures the concepts are fresh in the team members’ minds when defining the EA function scope organizational coverage.
  3. Consider how much of the organization the EA function would need to cover. Refer to the gathered materials to assist with your decision. For example:
    • EA mission statement: Optimize, transform, and innovate by defining and implementing the [Company]’s target enterprise architecture.
    • Implications on organizational coverage: If the purpose of the EA function is to help optimize, transform, and innovate with target-state architecture mapping, then the scope should cover the entire organization. Only by mapping the entire organization’s architecture can the EA function assist with optimizing, transforming, and innovating.
  4. Work with the EA strategy creation team to examine all the gathered materials and document the implications on organization coverage as shown in step 3.
  5. Discuss with the team and select the organizational coverage level that best fits the documented implications for all the gathered materials. Refer back to the gathered materials and make any changes necessary to ensure they support the selected organizational coverage.

EA scope – Architectural Domains

A complete enterprise architecture should address all five architectural domains. The five architectural domains are business, data, application, infrastructure, and security.

Enterprise Architecture
—› Data Architecture
Business Architecture —› Infrastructure Architecture
Security Architecture
—› Application Architecture

“The realities of resource and time constraints often mean there is not enough time, funding, or resources to build a top-down, all-inclusive architecture encompassing all four architecture domains. Build architecture domains with a specific purpose in mind.” (The Open Group, 2018)

Each architectural domain creates a different view of the organization

Below are the definitions of different domains of enterprise architecture (Info-Tech perspective; others can be identified as well, e.g. Integration Architecture).

Business Architecture

Business architecture is a means of demonstrating the business value of subsequent architecture work to key stakeholders and the return on investment to those stakeholders from supporting and participating in the subsequent work. Business architecture defines the business strategy, governance, organization, and key business processes.

Data Architecture

Describes the structure of an organization’s logical and physical data assets and data management resources.

Application Architecture

Provides a blueprint for the individual applications to be deployed, their interactions, and their relationships to the core business processes of the organization.

Infrastructure Architecture

Represents the sum of hardware, software, and telecommunications-related IT capability associated with a particular enterprise. It is concerned with the synergistic operations and management of the devices in the organization.

Security Architecture

Provides an unified security design that addresses the necessities and potential risks involved in a certain scenario or environment. It also specifies when and where to apply security controls.
(Sources: The Open Group, 2018; IT Architecture Journal, 2014; Technopedia, 2016)

EA scope – Depth

EA scope depth defines the architectural detail for each EA domain that the organization has selected to pursue. The level of depth is broken down into four levels. The level of depth the organization decides to pursue should be consistent across the domains.

Contextual
  • Helps define the organization scope, and examines external and internal requirements and their effect on the organization. For example, enterprise governance.
Conceptual
  • High-level representations of the organization or what the organization wants to be. For example, business strategy, IT strategy.
Logical
  • Models that define how to implement the representation in the conceptual stage. For example, identifying the business gaps from the current state to the target state defined by the business strategy.
Physical
  • The technology and physical tools used to implement the representation created in the logical stage. For example, business processes that need to be created to bridge the gaps identified and reach the target stage.
(Source: Zachman International, 2011) Business Architecture Data Architecture Application Architecture Infrastructure Architecture Security Architecture

Each architectural depth level contains a set of key artifacts

The graphic below depicts examples of the key artifacts that each domain of architecture would produce at each depth level.

Contextual Enterprise Governance
Conceptual Business strategy Business objects Use-case models Technology landscaping Security policy
Logical Business capabilities Data attribution Application integration Network/ hardware topology Security standards
Physical Business process Database design Application design Configuration management Security configuration
Business Architecture Data Architecture Application Architecture Infrastructure Architecture Security Architecture

3.2.2 Define the architectural domains and depth dimension of the EA function scope

2 hours

Input: EA value proposition, Previously defined EA fundamentals

Output: Architectural domain and depth dimensions of EA scope defined

Materials: Note-taking materials, Whiteboard or flip chart, markers

Participants: EA strategy creation team

Define the EA function scope for your organization using the following steps below:

  1. Gather the EA strategy creation team. As well, gather the EA value proposition, the EA vision and mission statements, and the EA goals and objectives that your team has already created.
  2. Ask the team to read each of the documents gathered in the previous step. This ensures the concepts are fresh in the team members’ minds when defining the architectural domains and depth of the EA function scope.
  3. Consider the architectural domains and the depth those domains need to reach. Refer to the gathered materials to assist with your decision. For example:
    • Promise of value: Increase the number of IT investments with a direct tie to business strategy.
    • Implications on architectural domains: The EA function will need business architecture. Business architecture generates business capability mapping, which will anticipate what IT investments are needed for the future.
    • Implications on depth: Depth for business architecture needs to reach a logical level to encompass business capabilities.
  4. Work with the EA strategy creation team to examine all the gathered materials and document the implications on architectural domains and depth as shown in step 3.
  5. Discuss with the team and select the architectural domains and the depth for each domain that best fits the documented implication. Refer back to the gathered materials and make any changes necessary to ensure they support the selected architectural domains and depth.

EA scope – Time Horizon

The EA scope time horizon dictates how long to plan for the architecture.

It is important that the EA team’s work has an appropriate planning horizon while avoiding two extremes:

  1. A planning horizon that is too short focuses on immediate operational goals and strategic quick wins, missing the “big picture,” and fails to support the achievement of strategic long-term enterprise goals.
  2. A planning horizon that is too long is at a higher risk of becoming irrelevant.

Target the same strategic planning horizon as your business. Additionally, consider the following recommendations:

Planning Horizon: 1 year 2-3 years 5 years
Recommended under the following conditions:
  • Corporate strategy is not stable and frequently changes direction (typical for small and some mid-sized companies).
  • There will be a major update of the corporate strategy in one year.
  • The company will be acquired by or merged with another company in one year.
  • The business' strategic plan spans the next two to three years, and corporate strategy is moderately stable within this time frame (typical for mid-sized and some large companies).
  • The business' strategic plan spans the next five years and corporate strategy is very stable (typical for large companies).

3.2.3 Define the time horizon dimension of the EA function scope

2 hours

Input: EA value proposition, Previously defined EA fundamentals

Output: Time horizon dimension of EA scope defined

Materials: Note-taking materials, Whiteboard or flip chart, markers

Participants: EA strategy creation team

Define the EA function scope for your organization using the following steps below:

  1. Gather the EA strategy creation team. As well, gather the EA value proposition, the EA vision and mission statements, and the EA goals and objectives your team has already created.
  2. Ask the team to read each of the documents gathered in the previous step. This ensures the concepts are fresh in the team members’ minds when crafting the EA function scope.
  3. Consider the time horizons of the EA function scope. Refer to the gathered materials to assist with your decision. For example:
    • EA Objective: Increase the percentage of enterprise strategic goals and requirements supported by IT strategic goals by 30% in the next 3 years.
    • Implications on time horizon: Because it will take 3 years to measure the success of these EA objectives, the time horizon may need to be 3 years.
  4. Work with the EA strategy creation team to examine all the gathered materials and document the implications on time horizon as shown in step 3.
  5. Discuss with the team and select the time horizon that best fits the documented implication. Refer back to the gathered materials and make any changes necessary to ensure they support the selected architectural time horizon.

EA principles capture the EA value proposition essence and provide guidance for the decisions that impact architecture

EA principles are shared, long-lasting beliefs that guide the use of IT in constructing, transforming, and operating the enterprise by informing and restricting target-state enterprise architecture design, IT investment portfolio management, solution development, and procurement decisions.

EA value proposition Influences
—› 		EA Principles Guide and inform
—› 		Decisions on the Use of IT Direct and control
‹— 		Specific Domain Policies
‹———————

What decisions should be made? 		————— ————— —————
How should decisions be made? 		————— ————— —————————›
Who has the accountability and authority to make decisions?

EA principles must be carefully constructed to make sure they are adhered to and relevant

Info-Tech has identified a set of characteristics that EA principles should possess. Having these characteristics ensures the EA principles are relevant and followed in the organization.

Approach focused EA principles are focused on the approach, i.e. how the enterprise is built, transformed, and operated, as apposed to what needs to be built, which is defined by both functional and non-functional requirements.
Business relevant Create EA principles specific to the organization. Tie EA principles to the organization’s priorities and strategic aspirations.
Long lasting Build EA principles that will withstand the test of time.
Prescriptive Inform and direct decision making with EA principles that are actionable. Avoid truisms, general statements, and observations.
Verifiable If compliance can’t be verified, the principle is less likely to be followed.
Easily digestible EA principles must be clearly understood by everyone in IT and by business stakeholders. EA principles aren’t a secret manuscript of the EA team. EA principles should be succinct; wordy principles are hard to understand and remember.
Followed Successful EA principles represent a collection of beliefs shared among enterprise stakeholders. EA principles must be continuously “preached” to all stakeholders to achieve and maintain buy-in.

In organizations where formal policy enforcement works well, EA principles should be enforced through appropriate governance processes.

Review ten universal EA principles to determine if your organization wishes to adopt them

1. Enterprise value focus We aim to provide maximum long-term benefits to the enterprise as a whole while optimizing total costs of ownership and risks.
2. Fit for purpose We maintain capability levels and create solutions that are fit for purpose without over-engineering them.
3. Simplicity We choose the simplest solutions and aim to reduce operational complexity of the enterprise.
4. Reuse › buy › build We maximize reuse of existing assets. If we can’t reuse, we procure externally. As a last resort, we build custom solutions.
5. Managed data We handle data creation, modification, and use enterprise-wide in compliance with our data governance policy.
6. Controlled technical diversity We control the variety of technology platforms we use.
7. Managed security We manage security enterprise-wide in compliance with our security governance policy.
8. Compliance to laws and regulations We operate in compliance with all applicable laws and regulations.
9. Innovation We seek innovative ways to use technology for business advantage.
10. Customer centricity We deliver best experiences to our customers with our services and products.

3.2.4 Create a set of EA principles for your organization

2 hours

Input: Info-Tech’s ten universal EA principles, Identified promises of value

Output: A defined set of EA principles for your organization

Materials: Note-taking materials, Whiteboard or flip chart, markers

Participants: EA strategy creation team

Create a set of EA principles for your organization using the steps below:

  1. Gather the EA strategy creation team, download the EA Principles Template – EA Strategy, and have the identified promises of value opened.
  2. Select one universal principle and relate it to the promises of value by discussing with the EA strategy creation team. If there is a relation, record “Yes” in the template on the slide “Select the applicability of 10 universally accepted EA principles.” See example below:
    • Universal principle: Enterprise value focus – We aim to provide maximum long-term benefits to the enterprise as a whole while optimizing total costs of ownership and risks.
    • Related promise of value example: Increase the number of investments that have a direct tie with corporate strategy.
  3. Continue the process in step 2 until all ten universal EA principles have been examined. If there is a universal principle that is unrelated to a promise of value, discuss with the team whether the principle still needs to be included. If the principle is not included, record “No” in the template on the slide “Select the applicability of 10 universally accepted EA principles.”
  4. If there are any promises of value that are not captured by the universally accepted EA principles, the team may choose to create new principles. Create the new principles in the format below and record them in the template.
    • Name: The name of the principle, in a few words.
    • Statement: A sentence that expands on the “Name” section and explains what the principle achieves.

Download the EA Principles Template – EA Strategy to document this step.

Organizational stakeholders are more likely to follow EA principles when a rationale and an implication are provided

After defining the set of EA principles, ensure they are all expanded upon with a rationale and implications. The rationale and implications ensure principles are more likely to be followed because they communicate why the principles are important and how they are to be used.

Name
  • The name of the EA principle, in a few words.
Statement
  • A sentence that expands on the “Name” section and explains what the principle achieves.
Rationale
  • Describes the business benefits and reasoning for establishing the principle.
  • Explicitly links the principle to business/IT vision, mission, priorities, goals, or strategic aspirations (strategic themes).
Implications
  • Describe when and how the principle is to be applied.
  • Communicate this section with “must” sentences.
  • Refer to domain-specific policies that provide detailed, domain-specific direction on how to apply the principle.

3.2.5 Add the rationale and implications to the principles that have been created

2 hours

Input: Identified set of EA principles

Output: EA principles that have rationale and implications

Materials: Note-taking materials, Whiteboard or flip chart, markers

Participants: EA strategy creation team

Add the rationale and implication of each EA principle that your organization has selected using the following steps:

  1. Gather the EA strategy creation team and open the EA Principles Template – EA Strategy.
  2. Examine the EA Principles Template – EA Strategy. Look for the detailed descriptions of all the applicable EA universal principles, and discuss with the team whether the pre-populated rationale and implications need to be changed.
  3. Make sure all the rationale and implication sections of the applicable universal EA principles have been examined. Record the changes on the slide devoted to each principle in the template.
  4. Examine any new principles created outside of the universal EA principles. Create the rationale and implication sections for each of those principles. Use the slide “Review the rationale and implications for the applicable universal principles” in the EA Principles Template – EA Strategy to assist with this step.

Download the EA Principles Template – EA Strategy to document this step.

3.2.6 Operationalize the EA principles to ensure they are used when decisions are being made

1-2 hours

Input: Defined set of EA principles

Output: EA principles are successfully operationalized

Materials: Note-taking materials, Whiteboard or flip chart, markers

Participants: EA strategy creation team

Begin to operationalize the EA principles by reviewing the proposed principles with business and technology leadership to secure their approval.

  1. Publish the list of principles, their rationale, and their implications.
  2. Include the principles in any existing policies that guide decision making for the use of technology within the business.
  3. Provide existing governance bodies with the authority to enforce adherence to principles, and communicate the waiver process.
  4. Ensure that project-level teams are aware of the principles and have at least one champion guiding the decisions of the team.

Review a use case for the utilization of EA principles – Sample

After operationalizing the EA principles for your organization, the organization can now use those principles to guide and inform its IT investment decisions. Below is an example of a scenario where EA principles were used to guide and inform an IT investment decision.

Organization wants to provision an application but it needs to decide how to do so, and it considers the relevant EA principles:

  • Reuse › buy › build
  • Managed security
  • Innovation

The organization has decided to go with a specialized vendor, even though it normally prefers to reuse existing components. The vendor has experience in this domain, understands the data security implications, and can help the organization mitigate risk. Lastly, the vendor is known for providing new solutions on a regular basis and is a market leader, making it more likely to provide the organization with innovative solutions.

An oil and gas company created EA fundamentals to guide the EA function

CASE STUDY

Industry: Oil & Gas
Source: Info-Tech

Challenge

As an enterprise architecture function starting from ground zero, the organization did not have the EA fundamentals in place to guide the EA function. Further, the organization also did not possess an EA function scope to define the boundaries of the EA function.

Due to the lack of EA scope, the EA function did not know which part of the organization to provide contributions toward. A lack of EA fundamentals caused confusion regarding the future direction of the EA function.

Solution

Info-Tech worked with the EA team to define the different components of the EA fundamentals. This included EA vision and mission statements, EA goals and objectives, and EA principles.

Additionally, Info-Tech worked with the EA team to define the EA function scope.

These EA strategy components were created by examining the needs of the business. The components were aligned with the identified needs of the EA stakeholders.

Results

The defined EA function scope helped set out the responsibilities of the enterprise architecture function to the organization.

The EA vision and mission statements and EA goals and objectives were used to guide the direction of the EA function. These fundamentals helped the EA function improve its maturity and deliver on its promises.

The EA principles were used in IT review boards to guide the decisions on IT investments in the organization.

3.2.7 Discuss the need for a classical methodology and/or a combination including Agility practices

1 hour

Input: Existing methodologies

Output: Decisions about need of agility, ceremonies, and protocols to be used

Materials: Note-taking materials, Whiteboard or flip chart, markers

Participants: EA strategy creation team

Add the rationale and implication of adopting an Agile methodology and/or a combination with a traditional methodology.

  1. Is there an EA methodology adopted by the organization? Is there a classical one, or is it purely Agile?
  2. What would need to happen to address the business goals of the organization (e.g. is there a need to be more agile?)? Do you need to have more decisions centralized (e.g. to adopt certain standards, security controls)?
  3. Where on the decentralization continuum does your organization need to be?
  4. What role would Enterprise Architects have (would they need to be part of existing ceremonies? Would they need to blend traditional and agile processes?)?
  5. If a customized methodology is required, identify this as an item to be included as part of the EA roadmap (can be run as a Agile Enterprise Operating Model workshop).

Design an Enterprise Architecture Strategy

Phase 4

Design the EA Services

Phase 1

  • 1.1 Explore a general EA strategy approach
  • 1.2 Introduce Agile EA architecture

Phase 2

  • 2.1 Define the business and technology drivers
  • 2.2 Define your value proposition

Phase 3

  • 3.1 Realize the importance of EA fundamentals
  • 3.2 Finalize the EA fundamentals

Phase 4

  • 4.1 Select relevant EA services
  • 4.2 Finalize the set of services and secure approval
    •

This phase will walk you through the following activities:

  • Select relevant EA services
  • Finalize the set of services and secure approval

This phase involves the following participants:

  • CIO
  • EA Team
  • IT Leaders
  • Business Leaders

Step 4.1

Select Relevant EA Services

Activities
  • 4.1.1 Select the EA services relevant to your organization
  • 4.1.2 Identify if your organization needs additional services outside of the recommended list
  • 4.1.3 Complete all of the service catalog fields for each service to show the organization how each can be consumed

This step will walk you through the following activities:

  • Communicate a definition of EA services.
  • Link services to the previously identified EA contributions.

This step involves the following participants:

  • CIO
  • EA Team
  • IT Leaders
  • Business Leaders

Outcomes of this step

  • A defined set of services the EA function will provide.
  • An EA service catalog that demonstrates to the organization how each provided service can be accessed and consumed.

Design the EA Services

Step 3.1 Step 3.2

The definition of EA services will allow the group to communicate how they can add value to EA stakeholders

Enterprise architecture services are a set of activities the enterprise architecture function provides for the organization. EA services are important because the services themselves provide a set of benefits for the organization.

Enterprise Architecture Services

  • A means of delivering value to the business by facilitating outcomes service consumers want to achieve.
  • EA services are defined from the business perspective using business language.
  • EA services are designed to enable required business activities.

Viewing the EA function from a service perspective resolves the following pains:

  • Business users don’t know how EA can assist them.
  • Business users don’t know how to request access to a service with multiple sources of information available.
  • EA has no way of managing expectations for their users, which tend to inflate.
  • EA does not have a holistic view of all the services they need to provide.

Link EA services to the previously identified EA contributions

Previously identified EA contributions can be linked to EA services, which helps the EA function identify a set of EA services that are important to business stakeholders. Further, linking the EA contributions to EA services can define for the EA function the services they need to provide.

Demonstrate EA service value by linking them to EA contributions

  1. EA stakeholders generate drivers
  2. Drivers have pains that obstruct them
  3. Pains are alleviated by EA contributions
  4. EA contributions help define the EA services needed

    • EA Contributions
      Example EA contribution: Business capability mapping shows the business capabilities of the organization and the technology that supports those capabilities in the current and target state. This provides a view for the set of investments that are needed by the organization, which can then be prioritized.

      • EA Services
        Example EA service: Target-state business capability mapping

4.1.1 Select the EA services relevant to your organization

2 hours

Input: Previously identified EA contributions from the EA value proposition

Output: A set of EA services selected for the organization from Info-Tech’s defined set of EA services

Materials: Note-taking materials, Whiteboard or flip chart, markers

Participants: EA strategy creation team

Begin the selection of EA services relevant to your organization by following the steps below:

  1. Gather the EA strategy creation team, and the list of identified EA contributions that the team formulated during Phase 2.
  2. Open the EA Service Planning Tool, select one sub-service, and read its definition.
  3. Based on the definition of the sub-service, refer back to the identified list of EA contributions and check if there is an identified EA contribution that matches the service.
    • If the EA service definitions matches one of the identified EA contributions, then that EA service is relevant to the organization. If there is no match, then the EA service may not be relevant to the organization.
  4. Highlight the sub-service if it is relevant. Add a checkmark beside the EA contribution if it is addressed by a sub-service.
  5. Select the next sub-service and repeat steps 2-4. Continue down the list of sub-services in the EA Service Planning Tool until all sub-services have been examined.

Download the EA Service Planning Tool to assist with this activity.

4.1.2 Identify if your organization needs additional services outside of the recommended list

2 hours

Input: Expertise from the EA strategy creation team, Previously defined EA contributions

Output: A defined set of EA services outside the list Info-Tech has recommended

Materials: Note-taking materials, Whiteboard or flip chart, markers

Participants: EA strategy creation team

Identify if services outside of the recommended list in the EA Service Planning Tool are relevant to your organization by using the steps below:

  1. Gather the EA strategy creation team and the list of EA contributions with checkmarks for contributions addressed by EA services.
  2. Take the list of unaddressed EA contributions and select one EA contribution in the list. Assess whether an EA service is required to address the EA contribution. Ask the group the following:
    • Can the EA practice provide the service now?
    • Does providing this EA service line up with the previously defined EA function scope and EA fundamentals?
  3. Decide if a service needs to be provided for that contribution. If yes, give the service a name and a definition.
  4. Then, decide if the service fits into one of the service categories in the EA Service Planning Tool. If there is no fit, create another service category. Define the new service category as well.
  5. Continue to the next unaddressed EA contribution and repeat steps 2-4. Repeat this process until all unaddressed EA contributions have been assessed.

Download the EA Service Planning Tool to assist with this activity.

Create the EA service catalog to demonstrate to the organization how each service can be accessed and used

The EA service catalog is an important communicator to the business. It shifts the technology-oriented view of EA to services that show direct benefit to the business. It is a tool that communicates and provides clarity to the business about the EA services that are available and how those services can assist them.

Define the services to show value Define the service catalog to show how to use those services
Already defined
  • EA service categories
  • The services needed by the EA stakeholders in each EA service category
Need to define
  • Should EA deliver this service?
  • Service triggers
  • Service provider
  • Service requestor

Info-Tech Insight

The EA group must provide the organization with a list of services it will provide to demonstrate value. This will help the team manage expectations and the workload while giving organizational stakeholders a clear understanding of how to engage EA and what lies outside of EA’s involvement.

4.1.3 Complete all the service catalog fields for each service to show the organization how each can be consumed

4 hours

Input: Expertise from the EA strategy creation team

Output: Service details for each EA service in your organization

Materials: Note-taking materials, Whiteboard or flip chart, markers

Participants: EA strategy creation team

Complete the details for each relevant EA service in the EA Service Planning Tool by using the following steps:

  1. Gather the EA strategy creation team, and open the EA Service Planning Tool.
  2. Select one of the services you have defined as relevant and begin the process of defining the service. Define the following fields:
    • Should EA deliver this service? Should the EA team provide this service? (Yes/No)
    • Service trigger: What trigger will signal the need for the service?
    • Service provider: Who in the EA team will provide the service?
    • Service requestor: Who outside of the EA team has requested this service?
  3. Have the EA strategy creation team discuss and define each of the fields for the service above. Record the decisions in the corresponding columns of the EA Service Planning Tool.
  4. Select the next required EA service, and repeat steps 2 and 3. Repeat the process until all required EA services have their details defined.

Download the EA Service Planning Tool to assist with this activity.

Step 4.2

Finalize the Set of Services and Secure Approval

Activities
  • 4.2.1 Secure approval for your organization’s EA strategy
  • 4.2.2 Map the EA contributions to business goals
  • 4.2.3 Quantify the EA effectiveness
  • 4.2.4 Determine the role of the architect in the Agile ceremonies of the organization

This step will walk you through the following activities:

  • Present the EA strategy to stakeholders.
  • Determine service details for each EA service in your organization.

This step involves the following participants:

  • CIO
  • EA Team
  • IT Leaders
  • Business Leaders

Outcomes of this step

  • Secured approval for your organization’s EA strategy.
  • Measure effectiveness of EA contributions.

Design the EA Services

Step 4.1 Step 4.2

Present the EA strategy to stakeholders to secure approval of the finalized EA strategy

For the EA strategy to be successfully executed, it must be approved by the EA stakeholders. Securing their approval will increase the likelihood of success in the execution of the EA operating model.

Outputs that make up the EA strategy —› Present outputs to EA strategy stakeholders
  • Business and technology drivers
  • EA function value proposition

  • EA vision statement
  • EA mission statement
  • EA goals and objectives
  • EA scope
  • EA principles

  • EA function services
  • Identified and prioritized EA stakeholders.








  • The checkmark symbol represents the outputs this blueprint assists with creating.

4.2.1 Secure approval of your organization’s EA strategy

1 hour

Input: Completed EA Function Strategy Template, Expertise from EA strategy creation team

Output: Approval of the EA strategy

Materials: Note-taking materials, Whiteboard or flip chart, markers

Participants: EA strategy creation team, Key EA stakeholders

Use the following steps to assist with securing approval for your organization’s EA strategy:

  1. Call a meeting between the EA strategy creation team and the identified key EA stakeholders. Key stakeholders were defined in activity 2.1.1.
  2. Open the completed EA Function Strategy Template. Use it to help you discuss the merits of the EA strategy with the key stakeholders.
  3. Discuss with the stakeholders any concerns and modifications they wish to make to the strategy. If detailed questions are asked, refer to the other templates created as a part of this blueprint. Record those concerns and address them at a later time.
  4. After presenting the EA strategy, ask the stakeholders for approval. If stakeholders do not approve, refer back to the concerns documented in step 3 and inquire if addressing the concerns will result in approval.
  5. If applicable, address stakeholder concerns with the EA strategy.
  6. Once EA strategy has been approved, publish the EA strategy to ensure there is a mutual understanding of what the EA function will provide to the organization. Move on to Info-Tech’s Define an EA Operating Model blueprint to begin executing upon the EA strategy.

Use the EA Function Strategy Template to assist with this activity.

4.2.2 Map the EA contributions to the business goals

3 hours

Input: Expertise from EA strategy creation team

Output: Service details for each EA service in your organization

Materials: Note-taking materials, Whiteboard or flip chart, markers

Participants: EA strategy creation team

Map EA contributions/services to the goals of the organization.

  1. Start from the business goals of the organization.
  2. Determine Business and IT drivers.
  3. Identify EA contributions that help achieve the business goals.

Download the EA Service Planning Tool to assist with this activity.

Trace EA drivers to business goals (sample)

A model connecting 'Enterprise Architecture' with 'Corporate Goals' through 'EA Contributions'.

4.2.3 Quantify the EA effectiveness

1 hour

Input: Expertise from EA strategy creation team

Output: Defined KPIs (SMART)

Materials: Note-taking materials, Whiteboard or flip chart, markers

Participants: EA strategy creation team

Use SMART key performance indicators (KPIs) to measure EA contributions vis-à-vis business goals.

Measure the EA strategy effectiveness by tracking the benefits it provides to the corporate business goals

The success of the EA function spans across three main dimensions:

  • The delivery of EA-enabled business outcomes that are most important to the enterprise.
  • The alignment between the business and IT from a planning perspective.
  • Improvements in the corporate business goals due to EA contributions (standardization, rationalization, reuse, etc.).
Corporate Business GoalsEA ContributionsMeasurements
  • Reduction in operating costs
  • Decrease in regulatory compliance infractions
  • Increased revenue from existing channels
  • Increased revenue from new channels
  • Faster time to business value
  • Improved business agility
  • Reduction in enterprise risk exposure
  • Alignment of IT investments to business strategy
  • Achievement of business results directly linked to IT involvement
  • Application and platform rationalization
  • Standards in place
  • Flexible architecture
  • Better integration
  • Higher organizational satisfaction with technology-enabled services and solutions
  • Cost reductions based on application and platform rationalization
  • Standard based solutions
  • Time reduction for integration
  • Service reused
  • Stakeholder satisfaction with EA services
  • Increase customer satisfaction
  • Rework minimized
  • Lower cost of integration
  • Risk reduction
  • Faster time to market
  • Better scalability, etc.

The oil and gas company began the EA strategy creation by crafting an EA value proposition

CASE STUDY

Industry: Oil & Gas
Source: Info-Tech

Challenge

The oil and gas corporation faced a great challenge in communicating the role of enterprise architecture to the organization. Although it has the mandate from the CIO to create the EA function, there was no function in existence. Thus, few people in the organization understood EA.

Because of this lack of understanding, the EA function was often undermined. The EA function was seen as an order taker that provided some services to the organization.

Solution

First, Info-Tech worked with the enterprise architecture team to define the EA stakeholders in the organization.

Second, Info-Tech interviewed those stakeholders to identify their needs. The needs were analyzed and pains that would obstruct addressing those needs were identified.

Lastly, Info-Tech worked with the team to identify common EA contributions that would solve those pains.

Results

Through this process, Info-Tech helped the team at the oil and gas company create a document that could communicate the value of EA. Specifically, the document could articulate the issues obstructing each stakeholder from achieving their needs and how enterprise architecture could solve them.

With this value proposition, EA was able to demonstrate value to important stakeholders and set itself up for success in its future endeavors.

The oil and gas company defined EA services to provide and communicate value to the organization

CASE STUDY

Industry: Oil & Gas
Source: Info-Tech

Challenge

As a brand new enterprise architecture function, the EA function at the oil and gas corporation did not have a set of defined EA services. Because of this lack of EA services, the organization did not know what contributions EA could provide.

Further, without the definition of EA services, the EA function did not set out explicit expectations to the business. This caused expectations from the business to be different from those of the EA function, resulting in friction.

Solution

Info-Tech worked with the EA function at the oil and gas corporation to define a set of EA services the function could provide.

The Info-Tech team, along with the organization, assessed the business and technology needs of the stakeholder. Those needs acted as the basis for the EA function to create their initial services.

Additionally, Info-Tech worked with the team to define the service details (e.g. service benefits, service requestor, service provider) to communicate how to provide services to the business.

Results

The defined EA services led the EA function to communicate what it could provide for the business. As well, the defined services clarified the level of expectation for the business.

The EA team was able to successfully service the business on future projects, adding value through their expertise and knowledge of the organization’s systems. Because of the demonstrated value, EA has been given greater responsibility throughout the organization.

4.2.4 Determine the role of the architect in the Agile ceremonies of the organization

1 hour

Input: Expertise from EA strategy creation team

Output: Participation in Agile Pre- and Post-PI, Architect Syncs, etc.

Materials: Note-taking materials, Whiteboard or flip chart, markers

Participants: EA strategy creation team

Document the involvement of the enterprise architect in your organization’s Agile ceremonies.

  1. Document the Agile ceremonial used in the organization (based on SAFe or other Agile approaches).
  2. Determine ceremonies the System Architect will participate in.
  3. Determine ceremonies the Solution Architect will participate in
  4. Determine ceremonies the Enterprise Architect will participate in.
  5. Determine Architect Syncs, etc.

Note: Roles and responsibilities can be further defined as part of the Agile Enterprise Operating Model.

The EA role relative to agility

The enterprise architecture role relative to agility specifies the architecture roles as well as the agile protocols they will participate in.
This statement will guide every architect’s participation in planning meetings, pre- and post-PI, syncs, etc. Use simple and concise terminology; speak loudly and clearly.

A strong EA role statement relative to agility has the following characteristics:

  • Describes what different architect roles do to achieve the vision of the organization
  • In an agile way
  • Compelling
  • Easy to grasp
  • Sharply focused
  • Specific
  • Concise

Sample EA mission relative to agility

  • Create strategies that provide guardrails for the organization, provide standards, reusable assets, accelerators, and other decisions at the enterprise level that support agility.
  • Participate in pre-PI and post-PI planning activities, architect syncs, etc.

A clear statement can include additional details surrounding the Enterprise Architect role relative to agility

Likewise, below is a sample of connecting keywords together to form an enterprise architect role statement, relative to agility.

Optimize, transform, and innovate by defining and implementing the [Company]’s target enterprise architecture in an agile way.

Optimize – We collaborate with the business to analyze and optimize business capabilities and business processes to enable the agile and efficient attainment of [Company name] business objectives.

Transform – We support IT-enabled business transformation programs by building and maintaining a shared vision of the future-state enterprise and consistently communicating it to stakeholders.

Innovate – We identify and develop new and creative opportunities for IT to enable the business. We communicate the art of the possible to the business.

Defining and implementing – We engage with project teams early and guide solution design and selection to ensure alignment to the target-state enterprise architecture and provide guidance as well as accelerators.

Target enterprise structure in an agile way – We analyze business needs and priorities and assess the current state of the enterprise. We build and maintain the target enterprise architecture blueprints that define:

  • Business capabilities and processes (business architecture)
  • Data, application, and technology assets that enable business capabilities and processes (technology architecture)
  • Architecture principles
  • Standards and reusable assets
  • Continuous exploration, integration, and deployment

Move to the enterprise architecture operating model blueprint to execute your EA strategy

Once approved, move on to Info-Tech’s Define an EA Operating Model blueprint to begin executing on the EA strategy.

Enterprise architecture strategy

This blueprint focuses on setting up an enterprise architecture function, with the goal of maximizing the likelihood of EA success. The blueprint puts into place the components that will align the EA function with the needs of the stakeholders, guide the decision making of the EA function, and define the services EA can provide to the organization.

Agile enterprise architecture operating model

An EA operating model helps you design and organize the EA function, ensuring adherence to architectural standards and delivery of EA services. This blueprint acts on the EA strategy by creating methods to engage, govern, and develop architecture as a part of the larger organization.

Research contributors and experts

Photo of Milena Litoiu, Senior Director Research and Advisory, Enterprise Architecture Milena Litoiu
Senior Director Research and Advisory, Enterprise Architecture
  • Milena Litoiu is a Principal/Senior Manager of Enterprise Architecture. She is Master Certified with The Open Group and she sits on global architecture certification boards.
  • Other certifications include SABSA, CRISC, and Scaled Agile Framework. She started as a certified IT Architect at IBM and has over 25 years experience in this field.
  • Milena teaches enterprise architecture at the University of Toronto and led the development of the Enterprise Architecture Certificate (a course on EA fundamentals, one on EA development and Governance, and one on Trends going forward).
  • She has a Masters in Engineering, an executive MBA, and extensive experience in enterprise architecture as well as methodologies and tools.
 Photo of Lan Nguyen, IT Executive, Mentor, Managing Partner at CIOs Beyond Borders Group Lan Nguyen
IT Executive, Mentor, Managing Partner at CIOs Beyond Borders Group
  • Lan Nguyen has a wealth of experience driving the EA strategy and the digital transformation success at the City of Toronto.
  • Lan is a university lecturer on topics like strategic leadership in the digital enterprise.
  • Lan is a Managing Partner at CIOs Beyond Borders Group.
  • Lan specializes in Partnership Development; Governance; Strategic Planning, Business Development; Government Relations; Business Relationship Management; Leadership Development; Organizational Agility and Change Management; Talent Management; Managed Services; Digital Transformation; Strategic Management of Enterprise IT; Shared Services; Service Quality Improvement, Portfolio Management; Community Development; and Social Enterprise.


Photo of Dirk Coetsee, Director Research and Advisory, Enterprise Architecture, Data & Analytics Dirk Coetsee
Director Research and Advisory, Enterprise Architecture, Data & Analytics
  • Dirk Coetsee is a Research & Advisory Director in the Data & Analytics practice. Dirk has over 25 years of experience in data management and architecture within a wide range of industries, especially Financial Services, Manufacturing, and Retail.
  • Dirk spearheaded data architecture at several organizations and was involved in enterprise data architecture, data governance, and data quality and analytics. He architected many operational data stores of ranging complexity and transaction volumes and was part of major enterprise data warehouse initiatives. Lately, he was part of projects that implemented big data, enterprise service bus, and micro services architectures. Dirk has an in-depth knowledge of industry models within the financial and retail spaces.
  • Dirk holds a BSc (Hons) in Operational Research and an MBA with specialization in Financial Services from the University of Pretoria, South Africa.
 Photo of Andy Neill, AVP, Enterprise Architecture, Data and Analytics Andy Neill
AVP, Enterprise Architecture, Data and Analytics
  • Andy is AVP Data and Analytics and Chief Enterprise Architect at Info-Tech Research Group. Previous roles include leading the data architecture practice for Loblaw Companies Ltd, Shoppers Drug Mart and 360 Insights in Canada as well as leading architecture practices at Siemens consultancy, BBC, NHS, Ordnance Survey, and Houses of Parliament and Commons in the UK.
  • His responsibilities at Info-Tech include leading the data and analytics and enterprise architecture research practices and guiding the future of research and client engagement in that space.
  • Andy is the Product Owner for the Technical Counselor seat offering at Info-Tech, which gives world-class holistic support to our senior technical members.
  • He is also a instructor and content creator for the University of Toronto in the field of Enterprise Architecture.


Photo of Wayne Filin-Matthews, Chief Enterprise Architect, ICMG Winner of Global Chief Enterprise Architect of the Year 2019 Wayne Filin-Matthews
Chief Enterprise Architect, ICMG Winner of Global Chief Enterprise Architect of the Year 2019
  • Wayne is currently the EA Discipline Lead/Chief Enterprise Architect – Global Digital Transformation Office, COE at Dell Technologies.
  • He is a distinguished Motivator & Tech Lead as well as an influencer.
  • Wayne has led multiple Enterprise Architecture practices at the global level and has valuable contributions in this space managing and growing Enterprise Architecture and CTO practices across strategy, execution, and adoption parts of the IT lifecycle.
 Photo of Graham Smith, Experienced lead Enterprise Architect and Independent Consultant Graham Smith
Experienced lead Enterprise Architect and Independent Consultant
  • Graham is an experienced lead enterprise architect specializing in digital and data transformation, with over 33 years of experience, spanning financial markets, media, information, insurance, and telecommunications sectors. Graham has successfully established and led large teams across India, China, Australia, Americas, Japan, and the UK.
  • He is currently working as an independent consultant in digital and data-led transformation and his work spans established businesses and start-ups alike.

Thanks also go to all experts who contributed to previous versions of this document:

  • Zachary Curry, Director, Enterprise Architecture and Innovation, FMC Technologies
  • Pam Doucette, Director of Enterprise Architecture, Tufts Health Plan
  • Joe Evers, Consulting Principal, JcEvers Consulting Corp
  • Cameron Fairbairn, Enterprise Architect, Agriculture Financial Services Corporation (AFSC)
  • Michael Fulton, Chief Digital Officer & Senior IT Strategy & Architecture Consultant at CC and C Solutions
  • Tom Graves, Principal Consultant, Tetradian Consulting
  • (JB) Brahmaiah Jarugumilli, Consultant, Federal Aviation Administration – Enterprise Services Center
  • Huw Morgan, IT Research Executive, Enterprise Architect
  • Serge Parisien, Manager, Enterprise Architecture, Canada Mortgage & Housing Corporation

Additional interviews were conducted but are not listed due to privacy and confidentiality requirements.

Bibliography

“Agile Manifesto for Software Development,” Ward Cunningham, 2001. Accessed July 2021.

“ArchiMate 3.1 Specification.” The Open Group, n.d. Accessed July 2021.

“Are Your IT Strategy and Business Strategy Aligned?” 5Q Partners, 8 Jan. 2015. Accessed Oct. 2016.

Bowen, Fillmore. “How agile companies create and sustain high ROI.” IBM. Accessed Oct. 2016.

Burns, Peter, et al. Building Value through Enterprise Architecture: A Global Study. Booz & Co. 2009. Web. Nov. 2016.

“Demonstrating the Value of Enterprise Architecture in Delivering Business Capabilities.” Cisco, 2008. Web. Oct. 2016.

“Disciplined Agile.” Disciplined Agile Consortium, n.d. Web.

Fowler, Martin. “Building Effective software.” MartinFowler.com. Accessed July 2021.

Fowler, Martin. “Agile Software Guide.” MartinFowler.com, 1 Aug. 2019.

Accessed July 2021.

Haughey, Duncan. “SMART Goals.” Project Smart, 2014. Accessed July 2021.

Kern, Matthew. “20 Enterprise Architecture Practices.” LinkedIn, 3 March 2016. Accessed Nov. 2016.

Lahanas, Stephen. “Infrastructure Architecture, Defined.” IT Architecture Journal, Sept. 2014. Accessed July 2021.

Lean IX website, Accessed July 2021.

Litoiu, Milena. Course material from Information Technology 2690: Foundations of Enterprise Architecture, 2021, University of Toronto.

Mocker, M., J.W. Ross, and C.M. Beath. “How Companies Use Digital Technologies to Enhance Customer Findings.” MIT CISR Working Paper No. 434, Feb. 2019. Qtd in Mayor, Tracy. “MIT expert recaps 30-plus years of enterprise architecture.” MIT Sloan, 10 Aug. 2020. Web.

“Open Agile ArchitectureTM.” The Open Group, 2020. Accessed July 2021.

“Organizational Design Framework – The Transformation Model.” The Center for Organizational Design, n.d. Accessed 1 Aug. 2020.

Ross, Jeanne W. et al. Enterprise Architecture as Strategy: Creating a Foundation for Business Execution. Harvard Business School Press, 2006.

Rouse, Margaret. “Enterprise Architecture (EA).” SearchCIO, June 2007. Accessed Nov. 2016.

“SAFe 5 for Lean Enterprises.” Scaled Agile Framework, Scaled Agile, Inc. Accessed 2021.

“Security Architecture.” Technopedia, updated 20 Dec. 2016. Accessed July 2021.

“Software Engineering Institute.” Carnegie Mellon University, n.d. Web.

“TOGAF 9.1.” The Open Group, 2011. Accessed Oct. 2016.

“TOGAF 9.2.” The Open Group, 2018. Accessed July 2021.

Thompson, Rachel. “Stakeholder Analysis: Winning Support for Your Projects.” MindTools, n.d. Accessed July 2021.

Wendt, Jerome M. “Redefining ‘SMB’, ‘SME’ and ‘Large Enterprise.’” DCIG, 25 Mar. 2011. Accessed July 2021.

Wilkinson, Jim. “Business Drivers.” The Strategic CFO, 23 July 2013. Accessed July 2021.

Zachman, John. “Conceptual, Logical, Physical: It is Simple.” Zachman International, 2011. Accessed July 2021.

CIO Priorities 2022

  • Buy Link or Shortcode: {j2store}328|cart{/j2store}
  • member rating overall impact: 10.0/10 Overall Impact
  • member rating average dollars saved: $31,499 Average $ Saved
  • member rating average days saved: 9 Average Days Saved
  • Parent Category Name: Innovation
  • Parent Category Link: /innovation
  • Understand how to respond to trends affecting your organization.
  • Determine your priorities based on current state and relevant internal factors.
  • Assign the right amount of resources to accomplish your vision.
  • Consider what new challenges outside of your control will demand a response.

Our Advice

Critical Insight

A priority is created when external factors hold strong synergy with internal goals and an organization responds by committing resources to either avert risk or seize opportunity. These are the priorities identified in the report:

  1. Reduce Friction in the Hybrid Operating Model
  2. Improve Your Ransomware Readiness
  3. Support an Employee-Centric Retention Strategy
  4. Design an Automation Platform
  5. Prepare to Report on New Environmental, Social, and Governance Metrics

Impact and Result

Update your strategic roadmap to include priorities that are critical and relevant for your organization based on a balance of external and internal factors.

CIO Priorities 2022 Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. CIO Priorities 2022 – A report on the key priorities for competing in the digital economy.

Discover Info-Tech’s five priorities for CIOs in 2022.

  • CIO Priorities Report for 2022

2. Listen to the podcast series

Hear directly from our contributing experts as they discuss their case studies with Brian Jackson.

  • Frictionless hybrid working: How the Harvard Business School did it
  • Close call with ransomware: A CIO recounts a near security nightmare
  • How a financial services company dodged "The Great Resignation"
  • How Allianz took a blockchain platform from pilot to 1 million transactions
  • CVS Health chairman David Dorman on healthcare's hybrid future

Infographic

Further reading

CIO Priorities 2022

A jumble of business-related words. Info-Tech’s 2022 Tech Trends survey asked CIOs for their top three priorities. Cluster analysis of their open-ended responses shows four key themes:
  1. Business process improvements
  2. Digital transformation or modernization
  3. Security
  4. Supporting revenue growth or recovery

Info-Tech’s annual CIO priorities are formed from proprietary primary data and consultation with our internal experts with CIO stature

2022 Tech Trends Survey CIO Demographic N=123

Info-Tech’s Tech Trends 2022 survey was conducted between August and September 2021 and collected a total of 475 responses from IT decision makers, 123 of which were at the C-level. Fourteen countries and 16 industries are represented in the survey.

2022 IT Talent Trends Survey CIO Demographic N=44

Info-Tech’s IT Talent Trends 2022 survey was conducted between September and October 2021 and collected a total of 245 responses from IT decision makers, 44 of which were at the C-level. A broad range of countries from around the world are represented in the survey.

Internal CIO Panels’ 125 Years Of Combined C-Level IT Experience

Panels of former CIOs at Info-Tech focused on interpreting tech trends data and relating it to client experiences. Panels were conducted between November 2021 and January 2022.

CEO-CIO Alignment Survey Benchmark Completed By 107 Different Organizations

Info-Tech’s CEO-CIO Alignment program helps CIOs align with their supervisors by asking the right questions to ensure that IT stays on the right path. It determines how IT can best support the business’ top priorities and address the gaps in your strategy. In 2021, the benchmark was formed by 107 different organizations.

Build IT alignment

IT Management & Governance Diagnostic Benchmark Completed By 320 Different Organizations

Info-Tech’s Management and Governance Diagnostic helps IT departments assess their strengths and weaknesses, prioritize their processes and build an improvement roadmap, and establish clear ownership of IT processes. In 2021, the benchmark was formed by data from 320 different organizations.

Assess your IT processes

The CIO priorities are informed by Info-Tech’s trends research reports and surveys

Priority: “The fact or condition of being regarded or treated as more important than others.” (Lexico/Oxford)

Trend: “A general direction in which something is developing or changing.” (Lexico/Oxford)

A sequence of processes beginning with 'Sensing', 'Hypothesis', 'Validation', and ending with 'Trends, 'Priorities'. Under Sensing is Technology Research, Interviews & Insights, Gathering, and PESTLE. Under Hypothesis is Near-Future Probabilities, Identify Patterns, Identify Uncertainties, and Identify Human Benefits. Under Validation is Test Hypothesis, Case Studies, and Data-Driven Insights. Under Trends is Technology, Talent, and Industry. Under Priorities is CIO, Applications, Infrastructure, and Security.

Visit Info-Tech’s Trends & Priorities Research Center

Image called 'Defining the CIO Priorities for 2022'. Image shows 4 columns, Implications, Resource Investment, Amplifiers, and Actions and Outcomes, with 2 dotted lines, labeled External Context and Internal Context, running through all 4 columns and leading to bottom-right label called CIO Priorities Formed

The Five Priorities

Priorities to compete in the digital economy

  1. Reduce Friction in the Hybrid Operating Model
  2. Improve Your Ransomware Readiness
  3. Support an Employee-Centric Retention Strategy
  4. Design an Automation Platform
  5. Prepare to Report on New Environmental, Social, and Governance Metrics

Reduce friction in the hybrid operating model

Priority 01 | APO07 Human Resources Management

Deliver solutions that create equity between remote workers and office workers and make collaboration a joy.

Hybrid work is here to stay

CIOs must deal with new pain points related to friction of collaboration

In 2020, CIOs adapted to the pandemic’s disruption to offices by investing in capabilities to enable remote work. With restrictions on gathering in offices, even digital laggards had to shift to an all-remote work model for non-essential workers.

Most popular technologies already invested in to facilitate better collaboration

  • 24% Web Conferencing
  • 23% Instant Messaging
  • 20% Document Collaboration

In 2022, the focus shifts to solving problems created by the new hybrid operating model where some employees are in the office and some are working remotely. Without the ease of collaborating in a central hub, technology can play a role in reducing friction in several areas:

  • Foster more connections between employees. Remote workers are less likely to collaborate with people outside of their department and less likely to spontaneously collaborate with their peers. CIOs should provide a digital employee experience that fosters collaboration habits and keeps workers engaged.
  • Prevent employee attrition. With more workers reevaluating their careers and leaving their jobs, CIOs can help employees feel connected to the overall purpose of the organization. Finding a way to maintain culture in the new context will require new solutions. While conference room technology can be a bane to IT departments, making hybrid meetings effortless to facilitate will be more important.
  • Provide new standards for mediated collaboration. Meeting isn’t as easy as simply gathering around the same table anymore. CIOs need to provide structure around how hybrid meetings are conducted to create equity between all participants. Business continuity processes must also consider potential outages for collaboration services so employees can continue the work despite a major outage.

Three in four organizations have a “hybrid” approach to work. (Tech Trends 2022 Survey)

In most organizations, a hybrid model is being implemented. Only 14.9% of organizations are planning for almost everyone to return to the office, and only 9.9% for almost everyone to work remotely.

Elizabeth Clark

CIO, Harvard Business School

"I want to create experiences that are sticky. That keep people coming back and engaging with their colleagues."

 Photo of Elizabeth Clark, CIO, Harvard Business School.

Listen to the Tech Insights podcast:
Frictionless hybrid working: How the Harvard Business School did it

Internal interpretation: Harvard Business School

  • March 2020
    The pandemic disrupts in-class education at Harvard Business School. Their case study method of instruction that depends on in-person, high-quality student engagement is at risk. While students and faculty completed the winter semester remotely, the Dean and administration make the goal to restore the integrity of the classroom experience with equity for both remote and in-person students.
  • May 2020
    A cross-functional task force of about 100 people work intensively, conducting seven formal experiments, 80 smaller tests, and hundreds of polling data points, and a technology and facilities solution is designed: two 4K video cameras capturing both the faculty and the in-class students, new ceiling mics, three 85-inch TV screens, and students joining the videoconference from their laptops. A custom Zoom room, combining three separate rooms, integrated all the elements in one place and integrated with the lecture capture system and learning management system.
  • October 2020
    Sixteen classrooms are renovated to install the new solution. Students return to the classroom but in lower numbers due to limits on in-room capacity, but students rotate between the in-person and remote experience.
  • September 2021
    Renovations for the hybrid solution are complete in 26 classrooms and HBS has determined this will be its standard model for the classroom. The case method of teaching is kept alive and faculty and students are thrilled with the results.
  • November 2021
    HBS is adapting its solution for the classroom to its conference rooms and has built out eight different rooms for a hybrid experience. The 4K cameras and TV screens capture all participants in high fidelity as well as the blackboard.

Photo of a renovated classroom with Zoom participants integrated with the in-person students.
The renovated classrooms integrate all students, whether they are participating remotely or in person. (Image courtesy of Harvard Business School.)

Implications: Organization, Process, Technology

External

  • Organization – About half of IT practitioners in the Tech Trends 2022 survey feel that IT leaders, infrastructure and operations teams, and security teams were “very busy” in 2021. Capacity to adapt to hybrid work could be constrained by these factors.
  • Process – Organizations that want employees to benefit from being back in the office will have to rethink how workers can get more value out of in-person meetings that also require videoconference participation with remote workers.
  • Technology – Fifty-four percent of surveyed IT practitioners say the pandemic raised IT spending compared to the projections they made in 2020. Much of that investment went into adapting to a remote work environment.

Internal

  • Organization – HBS added 30 people to its IT staff on term appointments to develop and implement its hybrid classroom solutions. Hires included instructional designers, support technicians, coordinators, and project managers.
  • Process – Only 25 students out of the full capacity of 95 could be in the classroom due to COVID-19 regulations. On-campus students rotated through the classroom seats. An app was created to post last-minute seat availability to keep the class full.
  • Technology – A Zoom room was created that combines three rooms to provide the full classroom experience: a view of the instructor, a clear view of each student that enlarges when they are speaking, and a view of the blackboard.

Resources Applied

Appetite for Technology

CIOs and their direct supervisors both ranked internal collaboration tools as being a “critical need to adopt” in 2021, according to Info-Tech’s CEO-CIO Alignment Benchmark Report.

Intent to Invest

Ninety-seven percent of IT practitioners plan to invest in technology to facilitate better collaboration between employees in the office and outside the office by the end of 2022, according to Info-Tech’s 2022 Tech Trends survey.

“We got so many nice compliments, which you don’t get in IT all the time. You get all the complaints, but it’s a rare case when people are enthusiastic about something that was delivered.” (Elizabeth Clark, CIO, Harvard Business School)

Harvard Business School

  • IT staff were reassigned from other projects to prioritize building a hybrid classroom solution. A cloud migration and other portfolio projects were put on pause.
  • The annual capital A/V investment was doubled. The amount of spend on conference rooms was tripled.
  • Employees were hired to the media services team at a time when other areas of the organization were frozen.

Outcomes at Harvard Business School

The new normal at Harvard Business School

New normal: HBS has found its new default operating model for the classroom and is extending its solution to its operating environment.

Improved CX: The high-quality experience for students has helped avoid attrition despite the challenges of the pandemic.

Engaged employees: The IT team is also engaged and feels connected to the mission of the school.

Photo of a custom Zoom room bringing together multiple view of the classroom as well as all remote students.
A custom Zoom room brings together multiple different views of the classroom into one single experience for remote students. (Image courtesy of Harvard Business School.)

From Priorities to Action

Make hybrid collaboration a joy

Align with your organization’s goals for collaboration and customer interaction, with the target of high satisfaction for both customers and employees. Invest in capital projects to improve the fidelity of conference rooms, develop and test a new way of working, and increase IT capacity to alleviate pressure points.

Foster both asynchronous and synchronous collaboration approaches to avoid calendars filling up with videoconference meetings to get things done and to accommodate workers contributing from across different time zones.

“We’ll always have hybrid now. It’s opened people’s eyes and now we’re thinking about the future state. What new markets could we explore?” (Elizabeth Clark, CIO, Harvard Business School)

Take the next step

Run Better Meetings
Hybrid, virtual, or in person – set meeting best practices that support your desired meeting norms.

Prepare People Leaders for the Hybrid Work Environment
Set hybrid work up for success by providing people leaders with the tools they need to lead within the new model.

Hoteling and Hot-Desking: A Primer
What you need to know regarding facilities, IT infrastructure, maintenance, security, and vendor solutions for desk hoteling and hot-desking.

“Human Resources Management” gap between importance and effectiveness
Info-Tech Research Group Management and Governance Diagnostic Benchmark 2021

A bar chart illustrating the Human Resources Management gap between importance and effectiveness. The difference is marked as Delta 2.3.

Improve your ransomware readiness

Priority 02 | APO13 Security Strategy

Mitigate the damage of successful ransomware intrusions and make recovery as painless as possible.

The ransomware crisis threatens every organization

Prevention alone won’t be enough against the forces behind ransomware.

Cybersecurity is always top of mind for CIOs but tends to be deprioritized due to other demands related to digital transformation or due to cost pressures. That’s the case when we examine our data for this report.

Cybersecurity ranked as the fourth-most important priority by CIOs in Info-Tech’s 2022 Tech Trends survey, behind business process improvement, digital transformation, and modernization. Popular ways to prepare for a successful attack include creating offline backups, purchasing insurance, and deploying new solutions to eradicate ransomware.

CIOs and their direct supervisors ranked “Manage IT-Related Security” as the third-most important top IT priority on Info-Tech’s CEO-CIO Alignment Benchmark for 2021, in support of business goals to manage risk, comply with external regulation, and ensure service continuity.

Most popular ways for organizations to prepare for the event of a successful ransomware attack:

  • 25% Created offline backups
  • 18% Purchased cyberinsurance
  • 19% New tech to eradicate ransomware

Whatever priority an organization places on cybersecurity, when ransomware strikes, it quickly becomes a red alert scenario that disrupts normal operations and requires all hands on deck to respond. Sophisticated attacks executed at wide scale demonstrate that security can be bypassed without creating an alert. After that’s accomplished, the perpetrators build their leverage by exfiltrating data and encrypting critical systems.

CIOs can plan to mitigate ransomware attacks in several constructive ways:

  • Business impact analysis. Determine the costs of an outage for specific periods and the system and data recovery points in time.
  • Engage a partner for 24/7 monitoring. Gain real-time awareness of your critical systems.
  • Review your identity access management (IAM) policies. Use of multi-factor authentication and limiting access to only the roles that need it reduces ransomware risk.

50% of all organizations spent time and money specifically to prevent ransomware in the past year. (Info-Tech Tech Trends 2022 Survey)

John Doe

CIO, mid-sized manufacturing firm in the US

"I want to create experiences that are sticky. That keep people coming back and engaging with their colleagues."

Blank photo.

Listen to the Tech Insights podcast:
Close call with ransomware: a CIO recounts a near security nightmare

Internal interpretation: US-based, mid-sized manufacturing firm

  • May 1, 2021
    A mid-sized manufacturing firm (“The Firm”) CIO gets a call from his head of security about odd things happening on the network. A call is made to Microsoft for support. Later that night, the report is that an unwanted crypto-mining application is the culprit. But a couple of hours later, that assessment is proven wrong when it’s realized that hundreds of systems are staged for a ransomware attack. All the attacker has to do is push the button.
  • May 2, 2021
    The Firm disconnects all its global sites to cut off new pathways for the malware to infect. All normal operations cease for 24 hours. It launches its cybersecurity insurance process. The CIO engages a new security vendor, CrowdStrike, to help respond. Employees begin working from home if they can so they can make use of their own internet service. The Firm has cut off its public internet connectivity and is severed from cloud services such as Azure storage and collaboration software.
  • May 4, 2021
    The hackers behind the attack are revealed by security forensics experts. A state-sponsored agency in Russia set up the ransomware and left it ready to execute. It sold the staged attack to a cybercriminal group, Doppel Spider. According to CrowdStrike, the group uses malware to run “big game hunting operations” and targets 18 different countries including the US and multiple industries, including manufacturing.
  • May 10, 2021
    The Firm has totally recovered from the ransomware incident and avoided any serious breach or paying a ransom. The CIO worked more hours than at any other point in his career, logging an estimated 130 hours over the two weeks.
  • November 2021
    The Firm never previously considered itself a ransomware target but has now reevaluated that stance. It has hired a service provider to run a security operations center on a 24/7 basis. It's implemented a more sophisticated detection and response model and implemented multi-factor authentication. It’s doubled its security spend in 2021 and will invest more in 2022.

“Now we take the approach that if someone does get in, we're going to find them out.” (John Doe, CIO, “The Firm”)

Implications: Organization, Process, Technology

External

  • Organization – Organizations must consider how their employees play a role in preventing ransomware and plan for training to recognize phishing and other common traps. They must make plans for employees to continue their work if systems are disrupted by ransomware.
  • Process – Backup processes across multiple systems should be harmonized to have both recent and common points to recover from. Work with the understanding IT will have to take systems offline if ransomware is discovered and there is no time to ask for permission.
  • Technology – Organizations can benefit from security services provided by a forensics-focused vendor. Putting cybersecurity insurance in place not only provides financial protection but also guidance in what to do and which vendors to work with to prevent and recover from ransomware.

Internal

  • Organization – The Firm was prepared with a business continuity plan to allow many of its employees to work remotely, which was necessary because the office network was incapacitated for ten days during recovery.
  • Process – Executives didn’t seek to assign blame for the security incident but took it as a signal there were some new costs involved to stay in business. It initiated new outsource relationships and hired one more full-time employee to shore up security resources.
  • Technology – New ransomware eradication software was deployed to 2,000 computers. Scripted processes automated much of the work, but in some cases full system rebuilds were required. Backup systems were disconnected from the network as soon as the malware was discovered.

Resources Applied

Consider the Alternative

Organizations should consider how much a ransomware attack on critical systems would cost them if they were down for a minimum of 24-48 hours. Plan to invest an amount at least equal to the costs of that downtime.

Ask for ID

Implementing across-the-board multi-factor authentication reduces chances of infection and is cheap, with enterprise solutions ranging from $2 to $5 per user on average. Be strict and deny access when connections don’t authenticate.

“You'll never stop everything from getting into the network. You can still focus on stopping the bad actors, but then if they do make it in, make sure they don't get far.” (John Doe, CIO, “The Firm”)

“The Firm” (Mid-Sized Manufacturer)

  • During the crisis, The Firm paused all activities and focused solely on isolating and eliminating the ransomware threat.
  • New outsourcing relationship with a vendor provides a 24/7 Security Operations Center.
  • One more full-time employee on the security team.
  • Doubled investment in security in 2021 and will spend more in 2022.

Outcomes at “The Firm” (Mid-Sized Manufacturer)

The new cost of doing business

Real-time security: While The Firm is still investing in prevention-based security, it is also developing its real-time detection and response capabilities. When ransomware makes it through the cracks, it wants to know as soon as possible and stop it.

Leadership commitment: The C-suite is taking the experience as a wake-up call that more investment is required in today’s threat landscape. The Firm rates security more highly as an overall organizational goal, not just something for IT to worry about.

Stock photo of someone using their phone while sitting at a computer, implying multi-factor authentication.
The Firm now uses multi-factor authentication as part of its employee sign-on process. For employees, authenticating is commonly achieved by using a mobile app that receives a secret code from the issuer.

From Priorities to Action

Cybersecurity is everyone’s responsibility

In Info-Tech’s CEO-CIO Alignment Benchmark for 2021, the business goal of “Manage Risk” was the single biggest point of disagreement between CIOs and their direct supervisors. CIOs rank it as the second-most important business goal, while CEOs rank it as sixth-most important.

Organizations should align on managing risk as a top priority given the severity of the ransomware threat. The threat actors and nature of the attacks are such that top leadership must prepare for when ransomware hits. This includes halting operations quickly to contain damage, engaging third-party security forensics experts, and coordinating with government regulators.

Cybersecurity strategies may be challenged to be effective without creating some friction for users. Organizations should look beyond multi-layer prevention strategies and lean toward quick detection and response, spending evenly across prevention, detection, and response solutions.

Take the next step

Create a Ransomware Incident Response Plan
Don’t be the next headline. Determine your current readiness, response plan, and projects to close gaps.

Simplify Identity and Access Management
Select and implement IAM and produce vendor RFPs that will contain the capabilities you need, including multi-factor authentication.

Cybersecurity Series Featuring Sandy Silk
More from Info-Tech’s Senior Workshop Director Sandy Silk in this video series created while she was still at Harvard University.

Gap between CIOs and CEOs in points allocated to “Manage risk” as a top business goal

A bar chart illustrating the gap between CIOs and CEOs in points allocated to 'Manage risk' as a top business goal. The difference is marked as Delta 1.5.

Support an employee-centric retention strategy

Priority 03 | ITRG02 Leadership, Culture & Values

Avoid being a victim of “The Great Resignation” by putting employees at the center of an experience that will engage them with clear career path development, purposeful work, and transparent feedback.

Defining an employee-first culture that improves retention

The Great resignation isn’t good for firms

In 2021, many workers decided to leave their jobs. Working contexts were disrupted by the pandemic and that saw non-essential workers sent home to work, while essential workers were asked to continue to come into work despite the risks of COVID-19. These disruptions may have contributed to many workers reevaluating their professional goals and weighing their values differently. At the same time, 2021 saw a surging economy and many new job opportunities to create a talent-hungry market. Many workers could have been motivated to take a new opportunity to increase their salary or receive other benefits such as more flexibility.

Annual turnover rate for all us employees on the rise

  • 20% – Jan.-Aug. 2020, Dipped from 22% in 2019
  • 25% Jan.-Aug. 2021, New record high
    • Data from Visier Inc.

When you can’t pay them, develop them

IT may be less affected than other departments by this trend. Info-Tech’s 2022 IT Talent Trends Report shows that on average, estimated turnover rate in IT is lower than the rest of the organization. Almost half of respondents estimated their organization’s voluntary turnover rate was 10% or higher. Only 30% of respondents estimate that IT’s voluntary turnover rate is in the same range. However, CIOs working in industries with the highest turnover rates will have to work to keep their workers engaged and satisfied, as IT skills are easily transferred to other industries.

49% ranked “enabling learning & development within IT” as high priority, more than any other single challenge. (IT Talent Trends 2022 Survey, N=227)

A bar chart of 'Industries with highest turnover rates (%)' with 'Leisure and Hospitality' at 6.4%, 'Trade, Transportation & Utilities' at 3.6%, 'Professional and Business' at 3.3%, and 'Other Services' at 3.1%. U.S. Bureau of Labor Statistics, 2022.

Jeff Previte

Executive Vice-President of IT, CrossCountry Mortgage

“We have to get to know the individual at a personal level … Not just talking about the business, but getting to know the person."

 Photo of Jeff Previte, Executive Vice-President of IT, CrossCountry Mortgage.

Listen to the Tech Insights podcast:
How a financial services company dodged ‘The Great Resignation’

Internal interpretation: CrossCountry Mortgage

  • May 2019
    Jeff Previte joins Cleveland, Ohio-based CrossCountry Mortgage in the CIO role. The company faces a challenge with employee turnover, particularly in IT. The firm is a sales-focused organization and saw its turnover rate reach as high as 60%. Yet Previte recognized that IT had some meaningful goals to achieve and would need to attract – and retain – some higher caliber talent. His first objective in his new role was to meet with IT employees and business leadership to set priorities.
  • July 2019
    Previte takes a “people-first” approach to leadership and meets his staff face-to-face to understand their personal situations. He sets to work on defining roles and responsibilities in the organization, spending about a fifth of his time on defining the strategy.
  • June 2020
    Previte assigned his leadership team to McLean & Company’s Design an Impactful Employee Development Program. From there, the team developed a Salesforce tool called the Career Development Workbook. “We had some very passionate developers and admins that wanted to build a home-grown tool,” he says. It turns McLean & Company’s process into a digital tool employees can use to reflect on their careers and explore their next steps. It helps facilitate development conversations with managers.
  • January 2021
    CrossCountry Mortgage changes its approach to career development activities. Going to external conferences and training courses is reduced to just 30% of that effort. The rest is by doing hands-on work at the company. Previte aligned with his executives and road-mapped IT projects annually. Based on employee’s interests, opportunities are found to carve out time from usual day-to-day activities to spend time on a project in a new area. When there’s a business need, someone internally can be ready to transition roles.
  • June 2021
    In the two years since joining the company, Previte has reduced the turnover rate to just 12%. The IT department has grown to more adequately meet the needs of the business and employees are engaged with more opportunities to develop their careers. Instead of focusing on compensation, Previte focused more on engaging employees with a developmentally dedicated environment and continuous hands-on learning.

“It’s come down to a culture shift. Folks have an idea of where we’re headed as an organization, where we’re headed as an IT team, and how their role contributes to that.” (Jeff Previte, EVP of IT, CrossCountry Mortgage)

Implications: Organization, Process, Technology

External

  • Organization – A high priority is being placed on improving IT’s maturity through its talent. Enabling learning and development in IT, enabling departmental innovation, and recruiting are the top three highest priorities according to IT Talent Trends 2022 survey responses.
  • Process – Recruiting is more challenging for industries that operate primarily onsite, according to McLean & Company's 2022 HR Trends Report. They face more challenges attracting applications, more rejected offers, and more candidate ghosting compared to remote-capable industries.
  • Technology – Providing a great employee experience through digital tools is more important as many organizations see a mix of workers in the office and at home. These tools can help connect colleagues, foster professional development, and improve the candidate experience.

Internal

  • Organization – CrossCountry Mortgage faced a situation where IT employees did not have clarity on their roles and responsibilities. In terms of salary, it wasn’t offering at the high end compared to other employers in Cleveland.
  • Process – To foster a culture of growth and development, CrossCountry Mortgage put in place a performance assessment system that encouraged reflection and goal setting, aided by collaboration with a manager.
  • Technology – The high turnover rate was limiting CrossCountry Mortgage from achieving the level of maturity it needed to support the company’s goals. It ingrained its new PA process with a custom build of a Salesforce tool.

Resources Applied

Show me the money

Almost six in ten Talent Trends survey respondents identified salary and compensation as the reason that employees resigned in the past year. Organizations looking to engage employees must first pay a fair salary according to market and industry conditions.

Build me up

Professional development and opportunity for innovative work are the next two most common reasons for resignations. Organizations must ensure they create enough capacity to allow workers time to spend on development.

“Building our own solution created an element of engagement. There was a sense of ownership that the team had in thinking through this.” (Jeff Previte, CrossCountry Mortgage)

CrossCountry Mortgage

  • Executive time: CIO spends 10-20% of his time on activities related to designing the approach.
  • Leveraged memberships with Info-Tech Research Group and McLean & Company to define professional development process.
  • Internal IT develops automated workflow in Salesforce.
  • Hired additional IT staff to build out overall capacity and create time for development activities.

Outcomes at CrossCountry Mortgage

Engaged IT workforce

The Great Maturation: IT staff turnover rate dropped to 10-12% and IT talent is developing on the job to improve the department’s overall skill level. More IT staff on hand and more engaged workers mean IT can deliver higher maturity level results.

Alignment achieved: Connecting IT’s initiatives to the vision of the C-suite creates a clear purpose for IT in its initiatives. Staff understand what they need to achieve to progress their careers and can grow while they work.

Photo of employees from CrossCountry Mortgage assisting with a distribution event.
Employees from CrossCountry Mortgage headquarters assist with a drive-thru distribution event for the Cleveland Food Bank on Dec. 17, 2021. (Image courtesy of CrossCountry Mortgage.)

From Priorities to Action

Staff retention is a leadership priority

The Great Resignation trend is bringing attention to employee engagement and staff retention. IT departments are busier than ever during the pandemic as they work overtime to keep up with a remote workforce and new security threats. At the same time, IT talent is among the most coveted on the market.

CIOs need to develop a people-first approach to improve the employee experience. Beyond compensation, IT workers need clarity in terms of their career paths, a direct connection between their work and the goals of the organization, and time set aside for professional development.

Info-Tech’s 2021 benchmark for “Leadership, Culture & Values” shows that most organizations rate this capability very highly (9) but see room to improve on their effectiveness (6.9).

Take the next step

IT Talent Trends 2022
See how IT talent trends are shifting through the pandemic and understand how themes like The Great Resignation has impacted IT.

McLean & Company’s Modernize Performance Management
Customize the building blocks of performance management to best fit organizational needs to impact individual and organizational performance, productivity, and engagement.

Redesign Your IT Organizational Structure
Define future-state work units, roles, and responsibilities that will enable the IT organization to complete the work that needs to be done.

“Leadership, Culture & Values” gap between importance and effectiveness
Info-Tech Research Group Management and Governance Diagnostic Benchmark 2021

A bar chart illustrating the 'Leadership, Culture & Values' gap between importance and effectiveness. The difference is marked as Delta 2.1.

Design an automation platform

Priority 04 | APO04 Innovation

Position yourself to buy or build a platform that will enable new automation opportunities through seamless integration.

Build it or buy it, but platform integration can yield great benefits

Necessity is the mother of innovation

When it’s said that digital transformation accelerated during the pandemic, what’s really meant is that processes that were formerly done manually became automated through software. In responses to the Tech Trends survey, CIOs say digital transformation was more of a focus during the pandemic, and eight in ten CIOs also say they shifted more than 20% of their organization’s processes to digital during the pandemic. Automating tasks through software can be called digitalization.

Most organizations became more digitalized during the pandemic. But how they pursued it depends on their IT maturity. For digital laggards, partnering with a technology services platform is the path of least resistance. For sophisticated innovators, they can consider building a platform to address the specific needs of their business process. Doing so requires the foundation of an existing “digital factory” or innovation arm where new technologies can be tested, proofs of concept developed, and external partnerships formed. Patience is key with these efforts, as not every investment will yield immediate returns and some will fail outright.

Build it or buy it, platform participants integrate with their existing systems through application programming interfaces (APIs). Organizations should determine their platform strategies based on maturity, then look to integrate the business processes that will yield the most gains.

What role should you play in the platform ecosystem?

A table with levels on the maturity ladder laid out as a sprint. Column headers are maturity levels 'Struggle', 'Support', 'Optimize', 'Expand', and 'Transform', row headers are 'Maturity' and 'Role'. Roles are assigned to one or many levels. 'Improve' is solely under Struggle. 'Integrate' spans from Support to Transform. 'Buy' spans Support to Expand. 'Build' begins midway through Expand and all of Transform. 'Partner' spans from Optimize to halfway through Transform.

68% of CIOs say digital transformation became much more of a focus for their organization during the pandemic (Info-Tech Tech Trends 2022 Survey)

Bob Crozier

Chief Architect, Allianz Technology & Global Head of Blockchain, Allianz Technology SE

"Smart contracts are really just workflows between counterparties."

 Photo of Bob Crozier, Chief Architect, Allianz Technology & Global Head of Blockchain, Allianz Technology SE.

Listen to the Tech Insights podcast:
How Allianz took a blockchain platform from pilot to 1 million transactions

Internal interpretation: Allianz Technology

  • 2015
    After smart contracts are demonstrated on the Ethereum blockchain, Allianz and other insurers recognize the business value. There is potential to use the capability to administer a complex, multi-party contract where the presence of the reinsurer in the risk transfer ecosystem is required. Manual contracts could be turned into code and automated. Allianz organized an early proof of concept around a theoretical pandemic excessive loss contract.
  • 2018
    Allianz Chief Architect Bob Crozier is leading the Global Blockchain Center of Competence for Allianz. They educate Allianz on the value of blockchain for business. They also partner with a joint venture between the Technology University of Munich and the state of Bavaria. A cohort of Masters students is looking for real business problems to solve with open-source distributed ledger technology. Allianz puts its problem statement in front of the group. A student team presents a proof of concept for an international motor insurance claims settlement and it comes in second place at a pitch day competition.
  • 2019
    Allianz brings the concept back in-house, and its business leaders return to the concept. Startup Luther Systems is engaged to build a minimum-viable product for the solution, with the goal being a pilot involving three or four subsidiaries in different countries. The Blockchain Center begins communicating with 25 Allianz subsidiaries that will eventually deploy the platform.
  • 2020
    Allianz is in build mode on its international motor insurance claims platform. It leverages its internal Dev/SecOps teams based in Munich and in India.
  • May 2021
    Allianz goes live with its new platform on May 17, decommissioning its old system and migrating all live claims data onto the new blockchain platform. It sees 400 concurrent users go live across Europe.
  • January 2022
    Allianz mines its one-millionth block to its ledger on Jan. 19, with each block representing a peer-to-peer transaction across its 25 subsidiaries in different countries. The platform has settled hundreds of millions of dollars.

Stock photo of two people arguing over a car crash.

Implications: Organization, Process, Technology

External

  • Organization – To explore emerging technologies like blockchain, organizations need staff that are accountable for innovation and have leeway to develop proofs of concept. External partners are often required to bring in fresh ideas and move quickly towards an MVP.
  • Process – According to the Tech Trends 2022 survey, 84% of CIOs consider automation a high-value digital capability, and 77% say identity verification is a high-value capability. A blockchain platform using smart contracts can deliver those.
  • Technology – The Linux Foundation’s Hyperledger Fabric is an open-source blockchain technology that’s become popular in the financial industry for its method of forming consensus and its modular architecture. It’s been adopted by USAA, MasterCard, and PayPal. It also underpins the IBM Blockchain Platform and is supported by Azure Blockchain.

Internal

  • Organization – Allianz is a holding company that owns Allianz Technology and 25 operating entities across Europe. It uses the technology arm to innovate on the business process and creates shared platforms that its entities can integrate with to automate across the value chain.
  • Process – Initial interest in smart contracts on blockchain were funneled into a student competition, where a proof of concept was developed. Allianz partnered with a startup to develop an MVP, then developed the platform while aligning with its business units ahead of launch.
  • Technology – Allianz built its blockchain platform on Hyperledger Fabric because it was a permissioned system, unlike other public permissionless blockchains such as Ethereum, and because its mining mechanism was much more energy efficient compared to other blockchains using Proof of Work consensus models.

Resources Applied

Time to innovate

Exploring emerging technology for potential use cases is difficult for staff tasked with running day-to-day operations. Organizations serious about innovation create a separate team that can focus on “moonshot” projects and connect with external partners.

Long-term ROI

Automation of new business processes often requires a high upfront initial investment for a long-term efficiency gain. A proof of concept should demonstrate clear business value that can be repeated often and for a long period.

“My next project has to deliver in the tens of millions of value in return. The bar is high and that’s what it should be for a business of our size.” (Bob Crozier, Allianz)

Allianz

  • Several operating entities from different countries supplied subject matter expertise and helped with the testing process.
  • Allianz Technology team has eight staff members. It is augmented by Luther Systems and the team at industry group B3i.
  • Funding of less than $5 million to develop. Dev team continues to add improvements.
  • Operating requires just one full-time employee plus infrastructure costs, mostly for public cloud hosting.

Outcomes at Allianz

From insurer to platform provider

Deliver your own SaaS: Allianz Technology built its blockchain-based claims settlement platform and its subsidiaries consume it as software as a service. The platform runs on a distributed architecture across Europe, with each node running the same version of the software. Operating entities can also integrate their own systems to the platform via APIs and further automate business processes such as billing.

Ready to scale: After processing one million transactions, the international claims settlement platform is proven and ready to add more participants. Crozier sees auto repair shops and auto manufacturers as the next logical users.

Stock photo of Blockchain.
Allianz is a shareholder of the Blockchain Insurance Industry Initiative (B3i). It is providing a platform used by a group of insurance companies in the commercial and reinsurance space.

When should we use blockchain? THREE key criteria:

  • Redundant processes
    Different entities follow the same process to achieve the desired outcome.
  • Audit trail
    Accountability in the decision making must be documented.
  • Reconciliation
    Parties need to be able to resolve disputes by tracing back to the truth.

From Priorities to Action

It’s a build vs. buy question for platforms

Allianz was able to build a platform for its group of European subsidiaries because of its established digital factory and commitment to innovation. Allianz Technology is at the “innovate” level of IT maturity, allowing it to create a platform that subsidiaries can integrate with via APIs. For firms that are lower on the IT maturity scale, buying a platform solution is the better path to automation. These firms will be concerned with integrating their legacy systems to platforms that can reduce the friction of their operating environments and introduce modern new capabilities.

From Info-Tech’s Build a Winning Business Process Automation Playbook

An infographic comparing pros and cons of Build versus Buy. On the 'Build: High Delivery Capacity & Capability' side is 'Custom Development', 'Data Integration', 'AI/ML', 'Configuration', 'Native Workflow', and 'Low & No Code'. On the 'Buy: Low Delivery Capacity & Capability' side is 'Outsource Development', 'iPaaS', 'Chatbots', 'iBPMS & Rules Engines', 'RPA', and 'Point Solutions'.

Take the next step

Accelerate Your Automation Processes
Integrate automation solutions and take the first steps to building an automation suite.

Build Effective Enterprise Integration on the Back of Business Process
From the backend to the frontlines – let enterprise integration help your business processes fly.

Evolve Your Business Through Innovation
Innovation teams are tasked with the responsibility of ensuring that their organizations are in the best position to succeed while the world is in a period of turmoil, chaos, and uncertainty.

“Innovation” gap between importance and effectiveness Info-Tech Research Group Management and Governance Diagnostic Benchmark 2021

A bar chart illustrating the 'Innovation' gap between importance and effectiveness. The difference is marked as Delta 2.1.

Prepare to report on new environmental, social, and governance (ESG) metrics

Priority 05 | ITRG06 Business Intelligence and Reporting

Be ready to either lead or support initiatives to meet the criteria of new ESG reporting mandates and work toward disclosure reporting solutions.

Time to get serious about ESG

What does CSR or ESG mean to a CIO?

Humans are putting increasing pressure on the planet’s natural environment and creating catastrophic risks as a result. Efforts to mitigate these risks have been underway for the past 30 years, but in the decade ahead regulators are likely to impose more strict requirements that will be linked to the financial value of an organization. Various voluntary frameworks exist for reporting on environmental, social, and governance (ESG) or corporate social responsibility (CSR) metrics. But now there are efforts underway to unify and clarify those standards.

The most advanced effort toward a global set of standards is in the environmental area. At the United Nations’ COP26 summit in Scotland last November, the International Sustainability Standards Board (ISSB) announced its headquarters (Frankfurt) and three other international office locations (Montreal, San Francisco, and London) and its roadmap for public consultations. It is working with an array of voluntary standards groups toward a consensus.

In Info-Tech’s 2022 Tech Trends survey, two-thirds of CIOs say their organization is committed to reducing greenhouse gas emissions, yet only 40% say their organizational leadership is very concerned with reducing those emissions. CIOs will need to consider how to align organizational concern with internal commitments and new regulatory pressures. They may investigate new real-time reporting solutions that could serve as a competitive differentiator on ESG.

Standards informing the ISSB’s global set of climate standards

A row of logos of organizations that inform ISSB's global set of climate standards.

67% of CIOs say their organization is committed to reducing greenhouse gases, with one-third saying that commitment is public. (Info-Tech Tech Trends 2022 Survey)

40% of CIOs say their organizational leadership is very concerned with reducing greenhouse gas emissions.

David W. Dorman

Chairman of the board, CVS Health

“ESG is a question of what you do in the microcosm of your company to make sure there is a clear, level playing field – that there is a color-blind, gender-blind meritocracy available – that you are aware that not in every case can you achieve that without really focusing on it. It’s not going to happen on its own. That’s why our commitments have real dollars behind them and real focus behind them because we want to be the very best at doing them.”

Photo of David W. Dorman, Chairman of the Board, CVS Health.

Listen to the Tech Insights podcast:
CVS Health chairman David Dorman on healthcare's hybrid future

Internal interpretation: CVS Health

CVS Health established a new steering committee of senior leaders in 2020 to oversee ESG commitments. It designs its corporate social responsibility strategy, Transform Health 2030, by aligning company activities in four key areas: healthy people, healthy business, healthy planet, and healthy community. The strategy aligns with the United Nations’ Sustainable Development Goals. In alignment with these goals, CVS identifies material topics where the company has the most ability to make an impact. In 2020, its top three topics were:

  1. Access to quality health care
  2. Patient and customer safety
  3. Data protection and privacy
Material Topic
Access to quality health care
Material Topic
Patient and customer safety
Material Topic
Data protection and privacy
Technology Initiative
MinuteClinic’s Virtual Collaboration for Nurses

CVS provided Apple iPads compliant with the Health Insurance Portability and Accountability Act (HIPAA) to clinics in a phased approach, providing training to more than 700 providers in 26 states by February 2021. Nurses could use the iPads to attend virtual morning huddles and access clinical education. Nurses could connect virtually with other healthcare experts to collaborate on delivering patient care in real-time. The project was able to scale across the country through a $50,000 American Nurses Credentialing Center Pathway Award. (Wolters Kluwer Health, Inc.)

Technology Initiative
MinuteClinic’s E-Clinic

MinuteClinics launched this telehealth solution in response to the pandemic, rolling it out in three weeks. The solution complemented video visits delivered in partnership with the Teladoc platform. Visits cost $59 and are covered by Aetna insurance plans, a subsidiary of CVS Health. It hosted more than 20,000 E-Clinic visits through the end of 2020. CVS connected its HealthHUBs to the solution to increase capacity in place of walk-in appointments and managed patients via phone for medication adherence and care plans. CVS also helped behavioral health providers transition patients to virtual visits. (CVS Health)

Technology Initiative
Next Generation Authentication Platform

CVS patented this solution to authenticate customers accessing digital channels. It makes use of the available biometrics data and contextual information to validate identity without the need for a password. CVS planned to extend the platform to voice channels as well, using voiceprint technology. The solution prevents unauthorized access to sensitive health data while providing seamless access for customers. (LinkedIn)

Implications: Organization, Process, Technology

External

  • Organization – Since the mid-2010s, younger investors have demonstrated reliance on ESG data when making investment decisions, resulting in the creation of voluntary standards that offered varied approaches. Organizations in ESG exchange-traded funds are outperforming the overall S&P 500 (S&P Global Market Intelligence).
  • Process – Organizations are issuing ESG reports today despite the absence of clear rules to follow for reporting results. With regulators expected to step in to establish more rigid guidelines, many organizations will need to revisit their approach to ESG reports.
  • Technology – Real-time reporting of ESG metrics will become a competitive advantage before 2030. Engineering a solution that can alert organizations to poor performance on ESG measures and allow them to respond could avert losing market value.

Internal

  • Organization – CVS Health established an ESG Steering Committee in 2020 composed of senior leaders including its chief governance officers, chief sustainability officer, chief risk officer, and controller and SVP of investor relations. It is supported by the ESG Operating Committee.
  • Process – CVS conducts a materiality assessment in accordance with Global Reporting Initiative standards to determine the most significant ESG impacts it can make and what topics most influence the decisions of stakeholders. It engages with various stakeholder groups on CSR topics.
  • Technology – CVS technology initiatives during the pandemic focused on supporting patients and employees in collaborating on health care delivery using virtual solutions, providing rich digital experiences that are easily accessible while upholding high security and privacy standards.

Resources Applied

Lack of commitment

While 83% of businesses state support for the Sustainable Development Goals outlined by the Global Reporting Initiative (GRI), only 40% make measurable commitments to their goals.

Show your work

The GRI recommends organizations not only align their activities with sustainable development goals but also demonstrate contributions to specific targets in reporting on the positive actions they carry out. (GRI, “State of Progress: Business Contributions to the SDGS.”)

“We end up with a longstanding commitment to diversity because that’s what our customer base looks like.” (David Dorman, CVS Health)

CVS Health

  • The MinuteClinic Virtual Collaboration solution was piloted in Houston, demonstrated success, and won additional $50,000 funding from the Pathway to Excellence Award to scale the program across the country (Wolters Kluwer Health, Inc.).
  • The Next-Gen Authentication solution is provided by the vendor HYPR. It is deployed to ten million users and looking to scale to 30 million more. Pricing for enterprises is quoted at $1 per user, but volume pricing would apply to CVS (HYPR).

Outcomes at CVS Health

Delivering on hybrid healthcare solutions

iPads for collaboration: Healthcare practitioners in the MinuteClinic Virtual Collaboration initiative agreed that it improved the use of interprofessional teams, working well virtually with others, and improved access to professional resources (Wolters Kluwer Health, Inc.)

Remote healthcare: Saw a 400% increase in MinuteClinic virtual visits in 2020 (CVS Health).

Verified ID: The Next Generation Authentication platform allowed customers to register for a COVID-19 vaccination appointment. CVS has delivered more than 50 million vaccines (LinkedIn).

Stock photo of a doctor with an iPad.
CVS Health is making use of digital channels to connect its customers and health practitioners to a services platform that can supplement visits to a retail or clinic location to receive diagnostics and first-hand care.

From Priorities to Action

Become your organization’s ESG Expert

The risks posed to organizations and wider society are becoming more severe, driving a transition from voluntary frameworks for ESG goals to a mandatory one that’s enforced by investors and governments. Organizations will be expected to tie their core activities to a defined set of ESG goals and maintain a balance sheet of their positive and negative impacts. CIOs should become experts in ESG disclosure requirements and recommend the steps needed to meet or exceed competitors’ efforts. If a leadership vacuum for ESG accountability exists, CIOs can either seek to support their peers that are likely to become accountable or take a leadership role in overseeing the area. CIOs should start working toward solutions that deliver real-time reporting on ESG goals to make reporting frictionless.

“If you don’t have ESG oversight at the highest levels of the company, it won’t wind up getting the focus. That’s why we review it at the Board multiple times per year. We have an annual report, we compare how we did, what we intended to do, where did we fall short, where did we exceed, and where we can run for daylight to do more.” (David Dorman, CVS Health)

Take the next step

ESG Disclosures: How Will We Record Status Updates on the World We Are Creating?
Prepare for the era of mandated environmental, social, and governance disclosures.

Private Equity and Venture Capital Growing Impact of ESG Report
Learn about how the growing impact of ESG affects both your organization and IT specifically, including challenges and opportunities, with expert assistance.

“Business Intelligence and Reporting” gap between importance and effectiveness
Info-Tech Research Group Management and Governance Diagnostic Benchmark 2021

A bar chart illustrating the 'BI and Reporting' gap between importance and effectiveness. The difference is marked as Delta 2.4.

The Five Priorities

Priorities to compete in the digital economy

  1. Reduce Friction in the Hybrid Operating Model
  2. Improve Your Ransomware Readiness
  3. Support an Employee-Centric Retention Strategy
  4. Design an Automation Platform
  5. Prepare to Report on New Environmental, Social, and Governance Metrics

Contributing Experts

Elizabeth Clark

CIO, Harvard Business School
Photo of Elizabeth Clark, CIO, Harvard Business School.

Jeff Previte

Executive Vice-President of IT, CrossCountry Mortgage
Photo of Jeff Previte, Executive Vice-President of IT, CrossCountry Mortgage.

Bob Crozier

Chief Architect, Allianz Technology & Global Head of Blockchain, Allianz Technology SE
Photo of Bob Crozier, Chief Architect, Allianz Technology & Global Head of Blockchain, Allianz Technology SE.

David W. Dorman

Chairman of the Board, CVS Health
Photo of David W. Dorman, Chairman of the Board, CVS Health.

Info-Tech’s internal CIO panel contributors

  • Bryan Tutor
  • John Kemp
  • Mike Schembri
  • Janice Clatterbuck
  • Sandy Silk
  • Sallie Wright
  • David Wallace
  • Ken McGee
  • Mike Tweedie
  • Cole Cioran
  • Kevin Tucker
  • Angelina Atkins
  • Yakov Kofner
 Photo of an internal CIO panel contributor. Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.
Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.
Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.

Thank you for your support

Logo for the Blockchain Research Institute.
Blockchain Research Institute

Bibliography – CIO Priorities 2022

“2020 Corporate Social Responsibility Report.” CVS Health, 2020, p. 127. Web.

“Adversary: Doppel Spider - Threat Actor.” Crowdstrike Adversary Universe, 2021. Accessed 29 Dec. 2021.

“Aetna CVS Health Success Story.” HYPR, n.d. Accessed 6 Feb. 2022.

Baig, Aamer. “The CIO agenda for the next 12 months: Six make-or-break priorities.” McKinsey Digital, 1 Nov. 2021. Web.

Ball, Sarah, Kristene Diggins, Nairobi Martindale, Angela Patterson, Anne M. Pohnert, Jacinta Thomas, Tammy Todd, and Melissa Bates. “2020 ANCC Pathway Award® winner.” Wolters Kluwer Health, Inc., 2021. Accessed 6 Feb. 2022.

“Canadian Universities Propose Designs for a Central Bank Digital Currency.” Bank of Canada, 11 Feb. 2021. Accessed 14 Dec. 2021.

“Carbon Sequestration in Wetlands.” MN Board of Water and Soil Resources, n.d. Accessed 15 Nov. 2021.

“CCM Honored as a NorthCoast 99 Award Winner.” CrossCountry Mortgage, 1 Dec. 2021. Web.

Cheek, Catherine. “Four Things We Learned About the Resignation Wave–and What to Do Next.” Visier Inc. (blog), 5 Oct. 2021. Web.

“Companies Using Hyperledger Fabric, Market Share, Customers and Competitors.” HG Insights, 2022. Accessed 25 Jan. 2022.

“IFRS Foundation Announces International Sustainability Standards Board, Consolidation with CDSB and VRF, and Publication of Prototype Disclosure Requirements.” IFRS, 3 Nov. 2021. Web.

“IT Priorities for 2022: A CIO Report.” Mindsight, 28 Oct. 2021. Web.

“Job Openings and Labor Turnover Survey.” Databases, Tables & Calculators by Subject, U.S. Bureau of Labor Statistics, 2022. Accessed 9 Feb. 2022.

Kumar, Rashmi, and Michael Krigsman. “CIO Planning and Investment Strategy 2022.” CXOTalk, 13 Sept. 2021. Web.

Leonhardt, Megan. “The Great Resignation Is Hitting These Industries Hardest.” Fortune, 16 Nov. 2021. Accessed 7 Jan. 2022.

“Most companies align with SDGs – but more to do on assessing progress.” Global Reporting Initiative (GRI), 17 Jan. 2022. Web.

Navagamuwa, Roshan. “Beyond Passwords: Enhancing Data Protection and Consumer Experience.” LinkedIn, 15 Dec. 2020.

Ojo, Oluwaseyi. “Achieving Digital Business Transformation Using COBIT 2019.” ISACA, 19 Aug. 2019. Web.

“Priority.” Lexico.com, Oxford University Press, 2021. Web.

Riebold, Jan, and Yannick Bartens. “Reinventing the Digital IT Operating Model for the ‘New Normal.’” Capgemini Worldwide, 3 Nov. 2020. Web.

Samuels, Mark. “The CIO’s next priority: Using the tech budget for growth.” ZDNet, 1 Sept. 2021. Accessed 1 Nov. 2021.

Sayer, Peter. “Exclusive Survey: CIOs Outline Tech Priorities for 2021-22.” CIO, 5 Oct. 2021. Web.

Shacklett, Mary E. “Where IT Leaders Are Likely to Spend Budget in 2022.” InformationWeek, 10 Aug. 2021. Web.

“Table 4. Quits Levels and Rates by Industry and Region, Seasonally Adjusted - 2021 M11 Results.” U.S. Bureau of Labor Statistics, Economic News Release, 1 Jan. 2022. Accessed 7 Jan. 2022.

“Technology Priorities CIOs Must Address in 2022.” Gartner, 19 Oct. 2021. Accessed 1 Nov. 2021.

Thomson, Joel. Technology, Talent, and the Future Workplace: Canadian CIO Outlook 2021. The Conference Board of Canada, 7 Dec. 2021. Web.

“Trend.” Lexico.com, Oxford University Press, 2021. Web.

Vellante, Dave. “CIOs signal hybrid work will power tech spending through 2022.” SiliconANGLE, 25 Sept. 2021. Web.

Whieldon, Esther, and Robert Clark. “ESG funds beat out S&P 500 in 1st year of COVID-19; how 1 fund shot to the top.” S&P Global Market Intelligence, April 2021. Accessed Dec. 2021.

IT Diversity & Inclusion Tactics

  • Buy Link or Shortcode: {j2store}517|cart{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Engage
  • Parent Category Link: /engage
  • Although inclusion is key to the success of a diversity and inclusion (D&I) strategy, the complexity of the concept makes it a daunting pursuit.
  • This is further complicated by the fact that creating inclusion is not a one-and-done exercise. Rather, it requires the ongoing commitment of employees and managers to reassess their own behaviors and to drive a cultural shift.

Our Advice

Critical Insight

Realize the benefits of a diverse workforce by embedding inclusion into work practices, behaviors, and values, ensuring accountability throughout the department.

Impact and Result

Understand what it means to be inclusive: reassess work practices and learn how to apply leadership behaviors to create an inclusive environment

IT Diversity & Inclusion Tactics Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Mobilize inclusion efforts

Learn, evaluate, and understand what it means to be inclusive, examine biases, and apply inclusive leadership behaviors.

  • Diversity & Inclusion Initiatives Catalog
  • Inclusive IT Work Practices Examples
  • Inclusive Work Practices Template
  • Equip Managers to Adopt Inclusive Leadership Behaviors
  • Workbook: Equip Managers to Adopt Inclusive Leadership Behaviors
  • Standard Focus Group Guide
[infographic]

The Small Enterprise Guide to People and Resource Management

  • Buy Link or Shortcode: {j2store}602|cart{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Train & Develop
  • Parent Category Link: /train-and-develop
  • 52% of small business owners agree that labor quality is their most important problem, and 76% of executives expect the talent market to get even more challenging.
  • The problem? You can't compete on salary, training budgets are slim, you need people skilled in all areas, and even one resignation represents a large part of your workforce.

Our Advice

Critical Insight

  • The usual, reactive approach to workforce management is risky:
    • Optimizing tactics helps you hire faster, train more, and negotiate better contracts.
    • But fulfilling needs as they arise costs more, has greater risk of failure, and leaves you unprepared for future needs.
  • In a small enterprise where every resource counts, in which one hire represents 10% of your workforce, it is essential to get it right.

Impact and Result

  • Workforce planning helps you anticipate future needs.
  • More lead time means better decisions at lower cost.
  • Small Enterprises benefit most, since every resource counts.

The Small Enterprise Guide to People and Resource Management Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. The Small Enterprise Guide to People and Resource Management Deck – Find out why workforce planning is critical for small enterprises.

Use this storyboard to lay the foundation of people and resources management practices in your small enterprise IT department.

  • The Small Enterprise Guide to People and Resource Management – Phases 1-3

2. Workforce Planning Workbook – Use the tool to successfully complete all of the activities required to define and estimate your workforce needs for the future.

Use these concise exercises to analyze your department’s talent current and future needs and create a skill sourcing strategy to fill the gaps.

  • Workforce Planning Workbook for Small Enterprises

3. Knowledge Transfer Tools – Use these templates to identify knowledge to be transferred.

Work through an activity to discover key knowledge held by an employee and create a plan to transfer that knowledge to a successor.

  • IT Knowledge Identification Interview Guide Template
  • IT Knowledge Transfer Plan Template

4. Development Planning Tools – Use these tools to determine priority development competencies.

Assess employees’ development needs and draft a development plan that fits with key organizational priorities.

  • IT Competency Library
  • Leadership Competencies Workbook
  • IT Employee Career Development Workbook
  • Individual Competency Development Plan
  • Learning Methods Catalog for IT Employees

Infographic

Workshop: The Small Enterprise Guide to People and Resource Management

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Lay Your Foundations

The Purpose

Set project direction and analyze workforce needs.

Key Benefits Achieved

Planful needs analysis ensures future workforce supports organizational goals.

Activities

1.1 Set workforce planning goals and success metrics.

1.2 Identify key roles and competency gaps.

1.3 Conduct a risk analysis to identify future needs.

1.4 Determine readiness of internal successors.

Outputs

Work with the leadership team to:

Extract key business priorities.

Set your goals.

Assess workforce needs.

2 Create Your Workforce Plan

The Purpose

Conduct a skill sourcing analysis, and determine competencies to develop internally.

Key Benefits Achieved

A careful analysis ensures skills are being sourced in the most efficient way, and internal development is highly aligned with organizational objectives.

Activities

2.1 Determine your skill sourcing route.

2.2 Determine priority competencies for development.

Outputs

Create a workforce plan.

2.Determine guidelines for employee development.

3 Plan Knowledge Transfer

The Purpose

Discover knowledge to be transferred, and build a transfer plan.

Key Benefits Achieved

Ensure key knowledge is not lost in the event of a departure.

Activities

3.1 Discover knowledge to be transferred.

3.2 Identify the optimal knowledge transfer methods.

3.3 Create a knowledge transfer plan.

Outputs

Discover tacit and explicit knowledge.

Create a knowledge transfer roadmap.

4 Plan Employee Development

The Purpose

Create a development plan for all staff.

Key Benefits Achieved

A well-structured development plan helps engage and retain employees while driving organizational objectives.

Activities

4.1 Identify target competencies & draft development goals

4.2 Select development activities and schedule check-ins.

4.3 Build manager coaching skills.

Outputs

Assess employees.

Prioritize development objectives.

Plan development activities.

Build management skills.

Further reading

The Small Enterprise Guide to People and Resource Management

Quickly start getting the right people, with the right skills, at the right time

Is this research right for you?

Research Navigation

Managing the people in your department is essential, whether you have three employees or 300. Depending on your available time, resources, and current workforce management maturity, you may choose to focus on the overall essentials, or dive deep into particular areas of talent management. Use the questions below to help guide you to the right Info-Tech resources that best align with your current needs.

Question If you answered "no" If you answered "yes"

Does your IT department have fewer than 15 employees, and is your organization's revenue less than $25 million (USD)?

Review Info-Tech's archive of research for mid-sized and large enterprise clients.

Follow the guidance in this blueprint.

Does your organization require a more rigorous and customizable approach to workforce management?

Follow the guidance in this blueprint.

Review Info-Tech's archive of research for mid-sized and large enterprise clients.

Analyst Perspective

Workforce planning is even more important for small enterprises than large organizations.

It can be tempting to think of workforce planning as a bureaucratic exercise reserved for the largest and most formal of organizations. But workforce planning is never more important than in small enterprises, where every individual accounts for a significant portion of your overall productivity.

Without workforce planning, organizations find themselves in reactive mode, hiring new staff as the need arises. They often pay a premium for having to fill a position quickly or suffer productivity losses when a critical role goes unexpectedly vacant.

A workforce plan helps you anticipate these challenges, come up with solutions to mitigate them, and allocate resources for the most impact, which means a greater return on your workforce investment in the long run.

This blueprint will help you accomplish this quickly and efficiently. It will also provide you with the essential development and knowledge transfer tools to put your plan into action.

This is a picture of Jane Kouptsova

Jane Kouptsova
Senior Research Analyst, CIO Advisory
Info-Tech Research Group

Executive Summary

Your Challenge

52% of small business owners agree that labor quality is their most important problem.1

Almost half of all small businesses face difficulty due to staff turnover.

76% of executives expect the talent market to get even more challenging.2

Common Obstacles

76% of executives expect workforce planning to become a top strategic priority for their organization.2

But…

30% of small businesses do not have a formal HR function.3

Small business leaders are often left at a disadvantage for hiring and retaining the best talent, and they face even more difficulty due to a lack of support from HR.

Small enterprises must solve the strategic workforce planning problem, but they cannot invest the same time or resources that large enterprises have at their disposal.

Info-Tech's Approach

A modular, lightweight approach to workforce planning and talent management, tailored to small enterprises

Clear activities that guide your team to decisive action

Founded on your IT strategy, ensuring you have not just good people, but the right people

Concise yet comprehensive, covering the entire workforce lifecycle from competency planning to development to succession planning and reskilling

Info-Tech Insight

Every resource counts. When one hire represents 10% of your workforce, it is essential to get it right.

1CNBC & SurveyMonkey. 2ADP. 3Clutch.

Labor quality is small enterprise's biggest challenge

The key to solving it is strategic workforce planning

Strategic workforce planning (SWP) is a systematic process designed to identify and address gaps in today's workforce, including pinpointing the human capital needs of the future.

Linking workforce planning with strategic planning ensures that you have the right people in the right positions, in the right places, at the right time, with the knowledge, skills, and attributes to deliver on strategic business goals.

SWP helps you understand the makeup of your current workforce and how well prepared it is or isn't (as the case may be) to meet future IT requirements. By identifying capability gaps early, CIOs can prepare to train or develop current staff and minimize the need for severance payouts and hiring costs, while providing clear career paths to retain high performers.

52%

of small business owners agree that labor quality is their most important problem.1

30%

30% of small businesses have no formal HR function.2

76%

of senior leaders expect workforce planning to become the top strategic challenge for their organization.3

1CNBC & SurveyMonkey. 2Clutch. 3ADP.

Workforce planning matters more for small enterprises

You know that staffing mistakes can cost your department dearly. But did you know the costs are greater for small enterprises?

The price of losing an individual goes beyond the cost of hiring a replacement, which can range from 0.5 to 2 times that employee's salary (Gallup, 2019). Additional costs include loss of productivity, business knowledge, and team morale.

This is a major challenge for large organizations, but the threat is even greater for small enterprises, where a single individual accounts for a large proportion of IT's productivity. Losing one of a team of 10 means 10% of your total output. If that individual was solely responsible for a critical function, your department now faces a significant gap in its capabilities. And the effect on morale is much greater when everyone is on the same close-knit team.

And the threat continues when the staffing error causes you not to lose a valuable employee, but to hire the wrong one instead. When a single individual makes up a large percentage of your workforce, as happens on small teams, the effects of talent management errors are magnified.

A group of 100 triangles is shown above a group of 10 triangles. In each group, one triangle is colored orange, and the rest are colored blue.

Info-Tech Insight

One bad hire on a team of 100 is a problem. One bad hire on a team of 10 is a disaster.

This is an image of Info-Tech's small enterprise guide o people and resource management.

Blueprint pre-step: Determine your starting point

People and Resource management is essential for any organization. But depending on your needs, you may want to start at different stages of the process. Use this slide as a quick reference for how the activities in this blueprint fit together, how they relate to other workforce management resources, and the best starting point for you.

Your IT strategy is an essential input to your workforce plan. It defines your destination, while your workforce is the vessel that carries you there. Ensure you have at least an informal strategy for your department before making major workforce changes, or review Info-Tech's guidance on IT strategy.

This blueprint covers the parts of workforce management that occur to some extent in every organization:

  • Workforce planning
  • Knowledge transfer
  • Development planning

You may additionally want to seek guidance on contract and vendor management, if you outsource some part of your workload outside your core IT staff.

Track metrics

Consider these example metrics for tracking people and resource management success

Project Outcome Metric Baseline Target
Reduced training costs Average cost of training (including facilitation, materials, facilities, equipment, etc.) per IT employee
Reduced number of overtime hours worked Average hours billed at overtime rate per IT employee
Reduced length of hiring period Average number of days between job ad posting and new hire start date
Reduced number of project cancellations due to lack of capacity Total of number of projects cancelled per year
Increased number of projects completed per year (project throughput) Total number of project completions per year
Greater net recruitment rate Number of new recruits/Number of terminations and departures
Reduced turnover and replacement costs Total costs associated with replacing an employee, including position coverage cost, training costs, and productivity loss
Reduced voluntary turnover rate Number of voluntary departures/Total number of employees
Reduced productivity loss following a departure or termination Team or role performance metrics (varies by role) vs. one year ago

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

Guided Implementation

“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

Workshop

“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

Consulting

“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation

What does a typical GI on this topic look like?

Phase 1 Phase 2 Phase 3

Call #1:

Scope requirements, objectives, and your specific challenges.

Call #2: Assess current workforce needs.

Call #4: Determine skill sourcing route.

Call #6:

Identify knowledge to be transferred.

Call #8: Draft development goals and select activities.

Call #3: Explore internal successor readiness.

Call #5:Set priority development competencies.

Call #7: Create a knowledge transfer plan.

Call #9: Build managers' coaching & feedback skills.

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is between 4 to 6 calls over the course of 3 to 4 months.

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

Day 1

Day 2

Day 3

Day 4

Day 5
1.Lay Your Foundations 2. Create Your Workforce Plan 3. Plan Knowledge Transfer 3. Plan Employee Development Next Steps and Wrap-Up (offsite)
Activities

1.1 Set workforce planning goals and success metrics

1.2 Identify key roles and competency gaps

1.3 Conduct a risk analysis to identify future needs

1.4 Determine readiness of internal successors

1.5 Determine your skill sourcing route

1.6 Determine priority competencies for development

3.1 Discover knowledge to be transferred

3.2 Identify the optimal knowledge transfer methods

3.3 Create a knowledge transfer plan

4.1 Identify target competencies & draft development goals

4.2 Select development activities and schedule check-ins

4.3 Build manager coaching skills

Outcomes

Work with the leadership team to:

  1. Extract key business priorities
  2. Set your goals
  3. Assess workforce needs

Work with the leadership team to:

  1. Create a workforce plan
  2. Determine guidelines for employee development

Work with staff and managers to:

  1. Discover tacit and explicit knowledge
  2. Create a knowledge transfer roadmap

Work with staff and managers to:

  1. Assess employees
  2. Prioritize development objectives
  3. Plan development activities
  4. Build management skills

Info-Tech analysts complete:

  1. Workshop report
  2. Workforce plan record
  3. Action plan

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

Each onsite day is structured with group working sessions from 9-11 a.m. and 1:30-3:30 p.m. and includes Open Analyst Timeslots, where our facilitators are available to expand on scheduled activities, capture and compile workshop results, or review additional components from our comprehensive approach.

This is a calendar showing days 1-4, and times from 8am-5pm

Phase 1

Workforce Planning

Workforce Planning

Knowledge Transfer

Development Planning

Identify needs, goals, metrics, and skill gaps.

Select a skill sourcing strategy.

Discover critical knowledge.

Select knowledge transfer methods.

Identify priority competencies.

Assess employees.

Draft development goals.

Provide coaching & feedback.

The Small Enterprise Guide to People and Resource Management

Phase Participants

  • Leadership team
  • Managers
  • Human resource partner (if applicable)

Additional Resources

Workforce Planning Workbook for Small Enterprises

Phase pre-step: Gather resources and participants

  1. Ensure you have an up-to-date IT strategy. If you don't have a formal strategy in place, ensure you are aware of the main organizational objectives for the next 3-5 years. Connect with executive stakeholders if necessary to confirm this information.
    If you are not sure of the organizational direction for this time frame, we recommend you consult Info-Tech's material on IT strategy first, to ensure your workforce plan is fully positioned to deliver value to the organization.
  2. Consult with your IT team and gather any documentation pertaining to current roles and skills. Examples include an org chart, job descriptions, a list of current tasks performed/required, a list of company competencies, and a list of outsourced projects.
  3. Gather the right participants. Most of the decisions in this section will be made by senior leadership, but you will also need input from front-line managers. Ensure they are available on an as-needed basis. If your organization has an HR partner, it can also be helpful to involve them in your workforce planning process.

Formal workforce planning benefits even small teams

Strategic workforce planning (SWP) is a systematic process designed to identify and address gaps in your workforce today and plan for the human capital needs of the future.

Your workforce plan is an extension of your IT strategy, ensuring that you have the right people in the right positions, in the right places, at the right time, with the knowledge, skills, and attributes to deliver on strategic business goals.

SWP helps you understand the makeup of your current workforce and how well prepared it is or isn't (as the case may be) to meet future IT requirements. By identifying capability gaps early, CIOs can prepare to train or develop current staff and minimize the need for severance payouts and hiring costs, while providing clear career paths to retain high performers.

The smaller the business, the more impact each individual's performance has on the overall success of the organization. When a given role is occupied by a single individual, the organization's performance in that function is determined wholly by one employee. Creating a workforce plan for a small team may seem excessive, but it ensures your organization is not unexpectedly hit with a critical competency gap.

Right-size your workforce planning process to the size of your enterprise

Small organizations are 2.2 times more likely to have effective workforce planning processes.1 Be mindful of the opportunities and risks for organizations of your size as you execute the project. How you build your workforce plan will not change drastically based on the size of your organization; however, the scope of your initiative, the size of your team, and the tactics you employ may vary.

Small Organization

Medium Organization

Large Organization

Project Opportunities

  • Project scope is much more manageable.
  • Communication and planning can be more manageable.
  • Fewer roles can clarify prioritization needs and promotability.
  • Project scope is more manageable.
  • Moderate budget for workforce planning initiatives is needed.
  • Communication and enforcement is easier.
  • Larger candidate pool to pull from.
  • Greater career path options for staff.
  • In-house expertise may be available

Project Risks

  • Limited resources and time to execute the project.
  • In-house expertise is unlikely.
  • Competencies may be informal and not documented.
  • Limited overlap in responsibilities, resulting in fewer redundancies.
  • Limited staff with experience for the project.
  • Workforce planning may be a lower priority and difficult to generate buy-in for.
  • Requires more staff to manage workforce plan and execute initiatives.
  • Less collective knowledge on staff strengths may make career planning difficult.
  • Geographically dispersed business units make collaboration and communication difficult.

1 McLean & Company Trends Report 2014

1.1 Set project outcomes and success metrics

1-3 hours

  1. As a group, brainstorm key pain points that the IT department experiences due to the lack of a workforce plan. Ask them to consider turnover, retention, training, and talent acquisition.
  2. Discuss any key themes that arise and brainstorm your desired project outcomes. Keep a record of these for future reference and to aid in stakeholder communication.
  3. Break into smaller groups (or if too small, continue as a single group):
    1. For each desired outcome, consider what metrics you could use to track progress. Keep your initial list of pain points in mind as you brainstorm metrics.
    2. Write each of the metric suggestions on a whiteboard and agree to track 3-5 metrics. Set targets for each metric. Consider the effort required to obtain and track the metric, as well as its reliability.
    3. Assign one individual for tracking the selected metrics. Following the meeting, that individual will be responsible for identifying the baseline and targets, and reporting on metrics progress.

Input

Output

  • List of workforce data available
  • List of workforce metrics to track the workforce plan's impact

Materials

Participants

  • Whiteboard/flip charts
  • Leadership team
  • Human resource partner (if applicable)

1.2 Identify key roles and competency gaps

1-3 hours

  1. As a group, identify all strategic, core, and supporting roles by reviewing the organizational chart:
    1. Strategic: What are the roles that must be filled by top performers and cannot be left vacant in order to meet strategic objectives?
    2. Core: What roles are important to drive operational excellence?
    3. Supporting: What roles are required for day-to-day work, but are low risk if the role is vacant for a period of time?
  2. Working individually or in small groups, have managers for each identified role define the level of competence required for the job. Consider factors such as:
    1. The difficulty or criticality of the tasks being performed
    2. The impact on job outcomes
    3. The impact on the performance of other employees
    4. The consequence of errors if the competency is not present
    5. How frequently the competency is used on the job
    6. Whether the competency is required when the job starts or can be learned or acquired on the job within the first six months
  3. Continue working individually and rate the level of proficiency of the current incumbent.
  4. As a group, review the assessment and make any adjustments.

Record this information in the Workforce Planning Workbook for Small Enterprises.

Download the Workforce Planning Workbook for Small Enterprises

1.2 Identify key roles and competency gaps

Input Output
  • Org chart, job descriptions, list of current tasks performed/required, list of company competencies
  • List of competency gaps for key roles
Materials Participants
  • Leadership team
  • Managers

Conduct a risk-of-departure analysis

A risk-of-departure analysis helps you plan for future talent needs by identifying which employees are most likely to leave the organization (or their current role).

A risk analysis takes into account two factors: an employee's risk for departure and the impact of departure:

Employees are high risk for departure if they:

  • Have specialized or in-demand skills (tenured employees are more likely to have this than recent hires)
  • Are nearing retirement
  • Have expressed career aspirations that extend outside your organization
  • Have hit a career development ceiling at your organization
  • Are disengaged
  • Are actively job searching
  • Are facing performance issues or dismissal OR promotion into a new role

Employees are low risk for departure if they:

  • Are a new hire or new to their role
  • Are highly engaged
  • Have high potential
  • Are 5-10 years out from retirement

If you are not sure where an employee stands with respect to leaving the organization, consider having a development conversation with them. In the meantime, consider them at medium risk for departure.

To estimate the impact of departure, consider:

  • The effect of losing the employee in the near- and medium-term, including:
    • Impact on the organization, department, unit/team and projects
    • The cost (in time, resources, and productivity loss) to replace the individual
    • The readiness of internal successors for the role

1.3 Conduct a risk analysis to identify future needs

1-3 hours

Preparation: Your estimation of whether key employees are at risk of leaving the organization will depend on what you know of them objectively (skills, age), as well as what you learn from development conversations. Ensure you collect all relevant information prior to conducting this activity. You may need to speak with employees' direct managers beforehand or include them in the discussion.

  • As a group, list all your current employees, and using the previous slide for guidance, rank them on two parameters: risk of departure and impact of departure, on a scale of low to high. Record your conclusions in a chart like the one on the right. (For a more in-depth risk assessment, use the "Risk Assessment Results" tab of the Key Roles Succession Planning Tool.)
  • Employees that fall in the "Mitigate" quadrant represent key at-risk roles with at least moderate risk and moderate impact. These are your succession planning priorities. Add these roles to your list of key roles and competency gaps, and include them in your workforce planning analysis.
  • Employees that fall in the "Manage" quadrants represent secondary priorities, which should be looked at if there is capacity after considering the "Mitigate" roles.

Record this information in the Workforce Planning Workbook for Small Enterprises.

This is an image of the Risk analysis for risk of departure to importance of departure.

Info-Tech Insight

Don't be afraid to rank most or all your staff as "high impact of departure." In a small enterprise, every player counts, and you must plan accordingly.

1.3 Conduct a risk analysis to identify future needs

Input Output
  • Employee data on competencies, skills, certifications, and performance. Input from managers from informal development conversations.
  • A list of first- and second-priority at-risk roles to carry forward into a succession planning analysis
Materials Participants
  • Leadership team
  • Managers

Determine your skill sourcing route

The characteristics of need steer hiring managers to a preferred choice, while the marketplace analysis will tell you the feasibility of each option.

Sourcing Options

Preferred Options

Final Choice

four blue circles

A right facing arrow

Two blue circles A right facing arrow One blue circle
State of the Marketplace

State of the Marketplace

Urgency: How soon do we need this skill? What is the required time-to-value?

Criticality: How critical, i.e. core to business goals, are the services or systems that this skill will support?

Novelty: Is this skill brand new to our workforce?

Availability: How often, and at what hours, will the skill be needed?

Durability: For how long will this skill be needed? Just once, or indefinitely for regular operations?

Scarcity: How popular or desirable is this skill? Do we have a large enough talent pool to draw from? What competition are we facing for top talent?

Cost: How much will it cost to hire vs. contract vs. outsource vs. train this skill?

Preparedness: Do we have internal resources available to cultivate this skill in house?

1.4 Determine your skill sourcing route

1-3 hours

  1. Identify the preferred sourcing method as a group, starting with the most critical or urgent skill need on your list. Use the characteristics of need to guide your discussion. If more than one option seems adequate, carry several over to the next step.
  2. Consider the marketplace factors applicable to the skill in question and use these to narrow down to one final sourcing decision.
    1. If it is not clear whether a suitable internal candidate is available or ready, refer to the next activity for a readiness assessment.
  3. Be sure to document the rationale supporting your decision. This will ensure the decision can be clearly communicated to any stakeholders, and that you can review on your decision-making process down the line.

Record this information in the Workforce Planning Workbook for Small Enterprises.

Info-Tech Insight

Consider developing a pool of successors instead of pinning your hopes on just one person. A single pool of successors can be developed for either one key role that has specialized requirements or even multiple key roles that have generic requirements.

Input

Output

  • List of current and upcoming skill gaps
  • A sourcing decision for each skill

Materials

Participants

  • Leadership team
  • Human resource partner (if applicable)

1.5 Determine readiness of internal successors

1-3 hours

  1. As a group, and ensuring you include the candidates' direct managers, identify potential successors for the first role on your list.
  2. Ask how effectively the potential successor would serve in the role today. Review the competencies for the key role in terms of:
    1. Relationship-building skills
    2. Business skills
    3. Technical skills
    4. Industry-specific skills or knowledge
  3. Determine what competencies the succession candidate currently has and what must be learned. Be sure you know whether the candidate is open to a career change. Don't assume – if this is not clear, have a development conversation to ensure everyone is on the same page.
  4. Finally, determine how difficult it will be for the successor to acquire missing skills or knowledge, whether the resources are available to provide the required development, and how long it will take to provide it.
  5. As a group, decide whether training an internal successor is a viable option for the role in question, considering the successor's readiness and the characteristics of need for the role. If a clear successor is not readily apparent, consider:
    1. If the development of the successor can be fast-tracked, or if some requirements can be deprioritized and the successor provided with temporary support from other employees.
    2. If the role in question is being discussed because the current incumbent is preparing to leave, consider negotiating an arrangement that extends the incumbent's employment tenure.
  6. Record the decision and repeat for the next role on your list.

Info-Tech Insight

A readiness assessment helps to define not just development needs, but also any risks around the organization's ability to fill a key role.

Input

Output

  • List of roles for which you are considering training internally
  • Job descriptions and competency requirements for the roles
  • List of roles for which internal successors are a viable option

Materials

Participants

  • Leadership team
  • Candidates' direct managers, if applicable

Use alternative work arrangements to gain time to prepare successors

Alternative work arrangements are critical tools that employers can use to achieve a mutually beneficial solution that mitigates the risk of loss associated with key roles.

Alternative work arrangements not only support employees who want to keep working, but more importantly, they allow the business to retain employees that are needed in key roles who are departure risks due to retirement.

Viewing retirement as a gradual process can help you slow down skill loss in your organization and ensure you have sufficient time to train successors. Retiring workers are becoming increasingly open to alternative work arrangements. Among employed workers aged 50-75, more than half planned to continue working part-time after retirement.
Source: Statistics Canada.

Flexible work options are the most used form of alternative work arrangement

A bar graph showing the percent of organizations who implemented alternate work arrangement, for Flexible work options; Contract based work; Part time roles; Graduated retirement programs; Part year jobs or job sharing; Increased PTO for employees over a certain age.

Source: McLean & Company, N=44

Choose the alternative work arrangement that works best for you and the employee

Alternative Work Arrangement Description Ideal Use Caveats
Flexible work options Employees work the same number of hours but have flexibility in when and where they work (e.g. from home, evenings). Employees who work fairly independently with no or few direct reports. Employee may become isolated or disconnected, impeding knowledge transfer methods that require interaction or one-on-one time.
Contract-based work Working for a defined period of time on a specific project on a non-salaried or non-wage basis. Project-oriented work that requires specialized knowledge or skills. Available work may be sporadic or specific projects more intensive than the employee wants. Knowledge transfer must be built into the contractual arrangement.
Part-time roles Half days or a certain number of days per week; indefinite with no end date in mind. Employees whose roles can be readily narrowed and upon whom people and critical processes are not dependent. It may be difficult to break a traditionally full-time job down into a part-time role given the size and nature of associated tasks.
Graduated retirement Retiring employee has a set retirement date, gradually reducing hours worked per week over time. Roles where a successor has been identified and is available to work alongside the incumbent in an overlapping capacity while he or she learns. The role may only require a single FTE, and the organization may not be able to afford the amount of redundancy inherent in this arrangement.

Choose the alternative work arrangement that works best for you and the employee

Alternative Work Arrangement Description Ideal Use Caveats
Part-year jobs or job sharing Working part of the year and having the rest of the year off, unpaid. Project-oriented work where ongoing external relationships do not need to be maintained. The employee is unavailable for knowledge transfer activities for a large portion of the year. Another risk is that the employee may opt not to return at the end of the extended time off with little notice.
Increased paid time off Additional vacation days upon reaching a certain age. Best used as recognition or reward for long-term service. This may be a particularly useful retention incentive in organizations that do not offer pension plans. The company may not be able to financially afford to pay for such extensive time off. If the role incumbent is the only one in the role, this may mean crucial work is not being done.
Altered roles Concentration of a job description on fewer tasks that allows the employee to focus on his or her specific expertise. Roles where a successor has been identified and is available to work alongside the incumbent, with the incumbent's new role highly focused on mentoring. The role may only require a single FTE, and the organization may not be able to afford the amount of redundancy inherent in this arrangement.

Phase 2

Knowledge Transfer

Workforce Planning

Knowledge Transfer

Development Planning

Identify needs, goals, metrics, and skill gaps.

Select a skill sourcing strategy.

Discover critical knowledge.

Select knowledge transfer methods.

Identify priority competencies.

Assess employees.

Draft development goals.

Provide coaching & feedback.

The Small Enterprise Guide to People and Resource Management

Phase Participants

  • Leadership/management team
  • Incumbent & successor

Additional Resources

IT Knowledge Identification Interview Guide Template

Knowledge Transfer Plan Template

Determine your skill sourcing route

Knowledge transfer plans have three key components that you need to complete for each knowledge source:

Define what knowledge needs to be transferred

Each knowledge source has unique information which needs to be transferred. Chances are you don't know what you don't know. The first step is therefore to interview knowledge sources to find out.

Identify the knowledge receiver

Depending on who the information is going to, the knowledge transfer tactic you employ will differ. Before deciding on the knowledge receiver and tactic, consider three key factors:

  • How will this knowledge be used in the future?
  • What is the next career step for the knowledge receiver?
  • Are the receiver and the source going to be in the same location?

Identify which knowledge transfer tactics you will use for each knowledge asset

Not all tactics are good in every situation. Always keep the "knowledge type" (information, process, skills, and expertise), knowledge sources' engagement level, and the knowledge receiver in mind as you select tactics.

Don't miss tacit knowledge

There are two basic types of knowledge: "explicit" and "tacit." Ensure you capture both to get a well-rounded overview of the role.

Explicit Tacit
  • "What knowledge" – knowledge can be articulated, codified, and easily communicated.
  • Easily explained and captured – documents, memos, speeches, books, manuals, process diagrams, facts, etc.
  • Learn through reading or being told.
  • "How knowledge" – intangible knowledge from an individual's experience that is more from the process of learning, understanding, and applying information (insights, judgments, and intuition).
  • Hard to verbalize, and difficult to capture and quantify.
  • Learn through observation, imitation, and practice.

Types of explicit knowledge

Types of tacit knowledge

Information Process Skills Expertise

Specialized technical knowledge.

Unique design capabilities/methods/models.

Legacy systems, details, passwords.

Special formulas/algorithms/ techniques/contacts.

  • Specialized research & development processes.
  • Proprietary production processes.
  • Decision-making processes.
  • Legacy systems.
  • Variations from documented processes.
  • Techniques for executing on processes.
  • Relationship management.
  • Competencies built through deliberate practice enabling someone to act effectively.
  • Company history and values.
  • Relationships with key stakeholders.
  • Tips and tricks.
  • Competitor history and differentiators.

e.g. Knowing the lyrics to a song, building a bike, knowing the alphabet, watching a YouTube video on karate.

e.g. Playing the piano, riding a bike, reading or speaking a language, earning a black belt in karate.

Embed your knowledge transfer methods into day-to-day practice

Multiple methods should be used to transfer as much of a person's knowledge as possible, and mentoring should always be one of them. Select your method according to the following criteria:

Info-Tech Insight

The more integrated knowledge transfer is in day-to-day activities, the more likely it is to be successful, and the lower the time cost. This is because real learning is happening at the same time real work is being accomplished.

Type of Knowledge

  • Tacit knowledge transfer methods are often informal and interactive:
    • Mentoring
    • Multi-generational work teams
    • Networks and communities
    • Job shadowing
  • Explicit knowledge transfer methods tend to be more formal and one way:
    • Formal documentation of processes and best practices
    • Self-published knowledge bases
    • Formal training sessions
    • Formal interviews

Incumbent's Preference/Successor's Preference

Ensure you consult the employees, and their direct manager, on the way they are best prepared to teach and learn. Some examples of preferences include:

  1. Prefer traditional classroom learning, augmented with participation, critical reflection, and feedback.
  2. May get bored during formal training sessions and retain more during job shadowing.
  3. Prefer to be self-directed or self-paced, and highly receptive to e-learning and media.
  4. Prefer informal, incidental learning, tend to go immediately to technology or direct access to people. May have a short attention span and be motivated by instant results.
  5. May be uncomfortable with blogs and wikis, but comfortable with SharePoint.

Cost

Consider costs beyond the monetary. Some methods require an investment in time (e.g. mentoring), while others require an investment in technology (e.g. knowledge bases).

The good news is that many supporting technologies may already exist in your organization or can be acquired for free.

Methods that cost time may be difficult to get underway since employees may feel they don't have the time or must change the way they work.

2.1 Create a knowledge transfer plan

1-3 hours

  1. Working together with the current incumbent, brainstorm the key information pertaining to the role that you want to pass on to the successor. Use the IT Knowledge Identification Interview Guide Template to ensure you don't miss anything.
    • Consider key knowledge areas, including:
      • Specialized technical knowledge.
      • Specialized research and development processes.
      • Unique design capabilities/methods/models.
      • Special formulas/algorithms/techniques.
      • Proprietary production processes.
      • Decision-making criteria.
      • Innovative sales methods.
      • Knowledge about key customers.
      • Relationships with key stakeholders.
      • Company history and values.
    • Ask questions of both sources and receivers of knowledge to help determine the best knowledge transfer methods to use.
      • What is the nature of the knowledge? Explicit or tacit?
      • Why is it important to transfer?
      • How will the knowledge be used?
      • What knowledge is critical for success?
      • How will the users find and access it?
      • How will it be maintained and remain relevant and usable?
      • What are the existing knowledge pathways or networks connecting sources to recipients?
  2. Once the knowledge has been identified, use the information on the following slides to decide on the most appropriate methods. Be sure to consult the incumbent and successor on their preferences.
  3. Prioritize your list of knowledge transfer activities. It's important not to try to do too much too quickly. Focus on some quick wins and leverage the success of these initiatives to drive the project forward. Follow these steps as a guide:
    1. Take an inventory of all the tactics and techniques which you plan to employ. Eliminate redundancies where possible.
    2. Start your implementation with your highest risk role or knowledge item, using explicit knowledge transfer tactics. Interviews, use cases, and process mapping will give you some quick wins and will help gain momentum for the project.
    3. Then move forward to other tactics, the majority of which will require training and process design. Pick 1-2 other key tactics you would like to employ and build those out. For tactics that require resources or monetary investment, start with those that can be reused for multiple roles.

Record your plan in the IT Knowledge Transfer Plan Template.

Download the IT Knowledge Identification Interview Guide Template

Download the Knowledge Transfer Plan Template

Info-Tech Insight

Wherever possible, ask employees about their personal learning styles. It's likely that a collaborative compromise will have to be struck for knowledge transfer to work well.

2.1 Create a knowledge transfer plan

Input

Output

  • List of roles for which you need to transfer knowledge
  • Prioritized list of knowledge items and chosen transfer method

Materials

Participants

  • Leadership team
  • Incumbent
  • Successor

Not every transfer method is effective for every type of knowledge

Knowledge Type
Tactic Explicit Tacit
Information Process Skills Expertise
Interviews Very Strong Strong Strong Strong
Process Mapping Medium Very Strong Very Weak Very Weak
Use Cases Medium Very Strong Very Weak Very Weak
Job Shadow Very Weak Medium Very Strong Very Strong
Peer Assist Strong Medium Very Strong Very Strong
Action Review Medium Medium Strong Strong
Mentoring Weak Weak Strong Very Strong
Transition Workshop Strong Strong Strong Weak
Storytelling Weak Weak Strong Very Strong
Job Share Weak Weak Very Strong Very Strong
Communities of Practice Strong Weak Very Strong Very Strong

This table shows the relative strengths and weaknesses of each knowledge transfer tactic compared against four different knowledge types.

Not all techniques are effective for all types of knowledge; it is important to use a healthy mixture of techniques to optimize effectiveness.

Employees' engagement can impact knowledge transfer effectiveness

Level of Engagement
Tactic Disengaged/ Indifferent Almost Engaged - Engaged
Interviews Yes Yes
Process Mapping Yes Yes
Use Cases Yes Yes
Job Shadow No Yes
Peer Assist Yes Yes
Action Review Yes Yes
Mentoring No Yes
Transition Workshop Yes Yes
Storytelling No Yes
Job Share Maybe Yes
Communities of Practice Maybe Yes

When considering which tactics to employ, it's important to consider the knowledge holder's level of engagement. Employees who you would identify as being disengaged may not make good candidates for job shadowing, mentoring, or other tactics where they are required to do additional work or are asked to influence others.

Knowledge transfer can be controversial for all employees as it can cause feelings of job insecurity. It's essential that motivations for knowledge transfer are communicated effectively.

Pay particular attention to your communication style with disengaged and indifferent employees, communicate frequently, and tie communication back to what's in it for them.

Putting disengaged employees in a position where they are mentoring others can be a risk, as their negativity could influence others not to participate, or it could negate the work you're doing to create a positive knowledge sharing culture.

Employees' engagement can impact knowledge transfer effectiveness

Effort by Stakeholder

Tactic

Business Analyst

IT Manager

Knowledge Holder

Knowledge Receiver

Interviews

These tactics require the least amount of effort, especially for organizations that are already using these tactics for a traditional requirements gathering process.

Medium

N/A

Low

Low

Process Mapping

Medium

N/A

Low

Low

Use Cases

Medium

N/A

Low

Low

Job Shadow

Medium

Medium

Medium

Medium

Peer Assist

Medium

Medium

Medium

Medium

Action Review

These tactics generally require more involvement from IT management and the BA in tandem for preparation. They will also require ongoing effort for all stakeholders. It's important to gain stakeholder buy-in as it is key for success.

Low

Medium

Medium

Low

Mentoring

Medium

High

High

Medium

Transition Workshop

Medium

Low

Medium

Low

Storytelling

Medium

Medium

Low

Low

Job Share

Medium

High

Medium

Medium

Communities of Practice

High

Medium

Medium

Medium

Phase 3

Development Planning

Workforce Planning

Knowledge Transfer

Development Planning

Identify needs, goals, metrics, and skill gaps.

Select a skill sourcing strategy.

Discover critical knowledge.

Select knowledge transfer methods.

Identify priority competencies.

Assess employees.

Draft development goals.

Provide coaching & feedback.

The Small Enterprise Guide to People and Resource Management

Phase Participants

  • Leadership team
  • Managers
  • Employees

Additional Resources

Effective development planning hinges on robust performance management

Your performance management framework is rooted in organizational goals and defines what it means to do any given role well.

Your organization's priority competencies are the knowledge, skills and attributes that enable an employee to do the job well.

Each individual's development goals are then aimed at building these priority competencies.

Mission Statement

To be the world's leading manufacturer and distributor of widgets.

Business Goal

To increase annual revenue by 10%.

IT Department Objective

To ensure reliable communications infrastructure and efficient support for our sales and development teams.

Individual Role Objective

To decrease time to resolution of support requests by 10% while maintaining quality.

Info-Tech Insight

Without a performance management framework, your employees cannot align their development with the organization's goals. For detailed guidance, see Info-Tech's blueprint Setting Meaningful Employee Performance Measures.

What is a competency?

The term "competency" refers to the collection of knowledge, skills, and attributes an employee requires to do a job well.

Often organizations have competency frameworks that consist of core, leadership, and functional competencies.

Core competencies apply to every role in the organization. Typically, they are tied to organizational values and business mission and/or vision.

Functional competencies are at the department, work group, or job role levels. They are a direct reflection of the function or type of work carried out.

Leadership competencies generally apply only to people managers in the organization. Typically, they are tied to strategic goals in the short to medium term

Generic Functional
  • Core
  • Leadership
  • IT
  • Finance
  • Sales
  • HR

Use the SMART model to make sure goals are reasonable and attainable

S

Specific: Be specific about what you want to accomplish. Think about who needs to be involved, what you're trying to accomplish, and when the goal should be met.

M

Measurable: Set metrics that will help to determine whether the goal has been reached.

A

Achievable: Ensure that you have both the organizational resources and employee capability to accomplish the goal.

R

Relevant: Goals must align with broader business, department, and development goals in order to be meaningful.

T

Time-bound: Provide a target date to ensure the goal is achievable and provide motivation.

Example goal:

"Learn Excel this summer."

Problems:

Not specific enough, not measurable enough, nor time bound.

Alternate SMART goal:

"Consult with our Excel expert and take the lead on creating an Excel tool in August."

3.2 Identify target competencies & draft development goals

1 hour

Pre-work: Employees should come to the career conversation having done some self-reflection. Use Info-Tech's IT Employee Career Development Workbook to help employees identify their career goals.

  1. Pre-work: Managers should gather any data they have on the employee's current proficiency at key competencies. Potential sources include task-based assessments, performance ratings, supervisor or peer feedback, and informal conversation.

    Prioritize competencies. Using your list of priority organizational competencies, work with your employees to help them identify two to four competencies to focus on developing now and in the future. Use the Individual Competency Development Plan template to document your assessment and prioritize competencies for development. Consider the following questions for guidance:
    1. Which competencies are needed in my current role that I do not have full proficiency in?
    2. Which competencies are related to both my career interests and the organization's priorities?
    3. Which competencies are related to each other and could be developed together or simultaneously?
  2. Draft goals. Ask your employee to create a list of multiple simple goals to develop the competencies they have selected to work on developing over the next year. Identifying multiple goals helps to break development down into manageable chunks. Ensure goals are concrete, for example, if the competency is "communication skills," your development goals could be "presentation skills" and "business writing."
  3. Review goals:
    1. Ask why these areas are important to the employee.
    2. Share your ideas and why it is important that the employee develop in the areas identified.
    3. Ensure that the goals are realistic. They should be stretch goals, but they must be achievable. Use the SMART framework on the previous slide for guidance.

Info-Tech Insight

Lack of career development is the top reason employees leave organizations. Development activities need to work for both the organization and the employee's own development, and clearly link to advancing employees' careers either at the organization or beyond.

Download the IT Employee Career Development Workbook

Download the Individual Competency Development Plan

3.2 Identify target competencies & draft development goals

Input

Output

  • Employee's career aspirations
  • List of priority organizational competencies
  • Assessment of employee's current proficiency
  • A list of concrete development goals

Materials

Participants

  • Employee
  • Direct manager

Apply a blend of learning methods

  • Info-Tech recommends the 70-20-10 principle for learning and development, which places the greatest emphasis on learning by doing. This experiential learning is then supported by feedback from mentoring, training, and self-reflection.
  • Use the 70-20-10 principle as a guideline – the actual breakdown of your learning methods will need to be tailored to best suit your organization and the employee's goals.

Spend development time and effort wisely:

70%

On providing challenging on-the-job opportunities

20%

On establishing opportunities for people to develop learning relationships with others, such as coaching and mentoring

10%

On formal learning and training programs

Internal initiatives are a cost-effective development aid

Internal Initiative

What Is It?

When to Use It

Special Project

Assignment outside of the scope of the day-to-day job (e.g. work with another team on a short-term initiative).

As an opportunity to increase exposure and to expand skills beyond those required for the current job.

Stretch Assignment

The same projects that would normally be assigned, but in a shorter time frame or with a more challenging component.

Employee is consistently meeting targets and you need to see what they're capable of.

Training Others

Training new or more junior employees on their position or a specific process.

Employee wants to expand their role and responsibility and is proficient and positive.

Team Lead On an Assignment

Team lead for part of a project or new initiative.

To prepare an employee for future leadership roles by increasing responsibility and developing basic managerial skills.

Job Rotation

A planned placement of employees across various roles in a department or organization for a set period of time.

Employee is successfully meeting and/or exceeding job expectations in their current role.

Incorporating a development objective into daily tasks

What do we mean by incorporating into daily tasks?

The next time you assign a project to an employee, you should also ask the employee to think about a development goal for the project. Try to link it back to their existing goals or have them document a new goal in their development plan.

For example: A team of employees always divides their work in the same way. Their goal for their next project could be to change up the division of responsibility so they can learn each other's roles.

Another example:

"I'd like you to develop your ability to explain technical terms to a non-technical audience. I'd like you to sit down with the new employee who starts tomorrow and explain how to use all our software, getting them up and running."

Info-Tech Insight

Employees often don't realize that they are being developed. They either think they are being recognized for good work or they are resentful of the additional workload.

You need to tell your employees that the activity you are asking them to do is intended to further their development.

However, be careful not to sell mundane tasks as development opportunities – this is offensive and detrimental to engagement.

Establish manager and employee accountability for following up

Ensure that the employee makes progress in developing prioritized competencies by defining accountabilities:

Tracking Progress

Checking In

Development Meetings

Coaching & Feedback

Employee accountability:

  • Employees need to keep track of what they learn.
  • Employees should take the time to reflect on their progress.

Manager accountability:

  • Managers need to make the time for employees to reflect.

Employee accountability:

  • Employees need to provide managers with updates and ask for help.

Manager accountability:

  • Managers need to check in with employees to see if they need additional resources.

Employee accountability:

  • Employees need to complete assessments again to determine whether they have made progress.

Manager accountability:

  • Managers should schedule monthly meetings to discuss progress and identify next steps.

Employee accountability:

  • Employees should ask their manager and colleagues for feedback after development activities.

Manager accountability:

  • Managers can use both scheduled meetings and informal conversations to provide coaching and feedback to employees.

3.3 Select development activities and schedule check-ins

1-3 hours

Pre-work: Employees should research potential development activities and come prepared with a range of suggestions.

Pre-work: Managers should investigate options for employee development, such as internal training/practice opportunities for the employee's selected competencies and availability of training budget.

  1. Communicate your findings about internal opportunities and external training allowance to the employee. This can also be done prior to the meeting, to help guide the employee's own research. Address any questions or concerns.
  2. Review the employee's proposed list of activities, and identify priority ones based on:
    1. How effectively they support the development of priority competencies.
    2. How closely they match the employee's original goals.
    3. The learning methods they employ, and whether the chosen activities support a mix of different methods.
    4. The degree to which the employee will have a chance to practice new skills hands-on.
    5. The amount of time the activities require, balanced against the employee's work obligations.
  3. Guide the employee in selecting activities for the short and medium term. Establish an understanding that this list is tentative and subject to ongoing revision during future check-ins.
    1. If in doubt about whether the employee is over-committing, err on the side of fewer activities to start.
  4. Schedule a check-in for one month out to review progress and roadblocks, and to reaffirm priorities.
  5. Check-ins should be repeated regularly, typically once a month.

Download the Learning Methods Catalog

Info-Tech Insight

Adopt a blended learning approach using a variety of techniques to effectively develop competencies. This will reinforce learning and accommodate different learning styles. See Info-Tech's Learning Methods Catalog for a description of popular experiential, relational, and formal learning methods.

3.3 Select development activities and schedule check-ins

Input

Output

  • List of potential development activities (from employee)
  • List of organizational resources (from manager)
  • A selection of feasible development activities
  • Next check-in scheduled

Materials

Participants

  • Employee
  • Direct manager

Tips for tricky conversations about development

What to do if…

Employees aren't interested in development:

  • They may have low aspiration for advancement.
  • Remind them about the importance of staying current in their role given increasing job requirements.
  • Explain that skill development will make their job easier and make them more successful at it; sell development as a quick and effective way to learn the skill.
  • Indicate your support and respond to concerns.

Employees have greater aspiration than capability:

  • Explain that there are a number of skills and capabilities that they need to improve in order to move to the next level. If the specific skills were not discussed during the performance appraisal, do not hesitate to explain the improvements that you require.
  • Inform the employee that you want them to succeed and that by pushing too far and too fast they risk failure, which would not be beneficial to anyone.
  • Reinforce that they need to do their current job well before they can be considered for promotion.

Employees are offended by your suggestions:

  • Try to understand why they are offended. Before moving forward, clarify whether they disagree with the need for development or the method by which you are recommending they be developed.
  • If it is because you told them they had development needs, then reiterate that this is about helping them to become better and that everyone has areas to develop.
  • If it is about the development method, discuss the different options, including the pros and cons of each.

Coaching and feedback skills help managers guide employee development

Coaching and providing feedback are often confused. Managers often believe they are coaching when they are just giving feedback. Learn the difference and apply the right approach for the right situation.

What is coaching?

A conversation in which a manager asks questions to guide employees to solve problems themselves.

Coaching is:

  • Future-focused
  • Collaborative
  • Geared toward growth and development

What is feedback?

Information conveyed from the manager to the employee about their performance.

Feedback is:

  • Past-focused
  • Prescriptive
  • Geared toward behavior and performance

Info-Tech Insight

Don't forget to develop your managers! Ensure coaching, feedback, and management skills are part of your management team's development plan.

Understand the foundations of coaching to provide effective development coaching:

Knowledge Mindset Relationship
  • Understand what coaching is and how to apply it:
  • Identify when to use coaching, feedback, or other people management practices, and how to switch between them.
  • Know what coaching can and cannot accomplish.
  • When focusing on performance, guide an employee to solve problems related to their work. When focusing on development, guide an employee to reach their own development goals.
  • Adopt a coaching mindset by subscribing to the following beliefs:
  • Employees want to achieve higher performance and have the potential to do so.
  • Employees have a unique and valuable perspective to share of the challenges they face as well as the possible solutions.
  • Employees should be empowered to realize solutions themselves to motivate them in achieving goals.
  • Develop a relationship of trust between managers and employees:
  • Create an environment of psychological safety where employees feel safe to be open and honest.
  • Involve employees in decision making and inform employees often.
  • Invest in employees' success.
  • Give and expect candor.
  • Embrace failure.

Apply the "4A" behavior-focused coaching model

Using a model allows every manager, even those with little experience, to apply coaching best practices effectively.

Actively Listen

Ask

Action Plan

Adapt

Engage with employees and their message, rather than just hearing their message.

Key active listening behaviors:

  • Provide your undivided attention.
  • Observe both spoken words and body language.
  • Genuinely try to understand what the employee is saying.
  • Listen to what is being said, then paraphrase back what you heard.

Ask thoughtful, powerful questions to learn more information and guide employees to uncover opportunities and/or solutions.

Key asking behaviors:

  • Ask open-ended questions.
  • Ask questions to learn something you didn't already know.
  • Ask for reasoning (the why).
  • Ask "what else?"

Hold employees and managers accountable for progress and results.

During check-ins, review each development goal to ensure employees are meeting their targets.

Key action planning behaviors:

Adapt to individual employees and situations.

Key adapting behaviors:

  • Recognize employees' unique characteristics.
  • Appreciate the situation at hand and change your behavior and communication in order to best support the individual employee.

Use the following questions to have meaningful coaching conversations

Opening Questions

  • What's on your mind?
  • Do you feel you've had a good week/month?
  • What is the ideal situation?
  • What else?

Problem-Identifying Questions

  • What is most important here?
  • What is the challenge here for you?
  • What is the real challenge here for you?
  • What is getting in the way of you achieving your goal?

Problem-Solving Questions

  • What are some of the options available?
  • What have you already tried to solve this problem? What worked? What didn't work?
  • Have you considered all the possibilities?
  • How can I help?

Next-Steps Questions

  • What do you need to do, and when, to achieve your goal?
  • What resources are there to help you achieve your goal? This includes people, tools, or even resources outside our organization.
  • How will you know when you have achieved your goal? What does success look like?

The purpose of asking questions is to guide the conversation and learn something you didn't already know. Choose the questions you ask based on the flow of the conversation and on what information you would like to uncover. Approach the answers you get with an open mind.

Info-Tech Insight

Avoid the trap of "hidden agenda" questions, whose real purpose is to offer your own advice.

Use the following approach to give effective feedback

Provide the feedback in a timely manner

  • Plan the message you want to convey.
  • Provide feedback "just-in-time."
  • Ensure recipient is not preoccupied.
  • Try to balance the feedback; refer to successful as well as unsuccessful behavior.

Communicate clearly, using specific examples and alternative behaviors

  • Feedback must be honest and helpful.
  • Be specific and give a recent example.
  • Be descriptive, not evaluative.
  • Relate feedback to behaviors that can be changed.
  • Give an alternative positive behavior.

Confirm their agreement and understanding

  • Solicit their thoughts on the feedback.
  • Clarify if not understood; try another example.
  • Confirm recipient understands and accepts the feedback.

Manager skill is crucial to employee development

Development is a two-way street. This means that while employees are responsible for putting in the work, managers must enable their development with support and guidance. The latter is a skill, which managers must consciously cultivate.

For more in-depth management skills development, see the Info-Tech "Build a Better Manager" training resources:

Bibliography

Anderson, Kelsie. "Is Your IT Department Prepared for the 4 Biggest Challenges of 2017?" 14 June 2017.
Atkinson, Carol, and Peter Sandiford. "An Exploration of Older Worker Flexible Working Arrangements in Smaller Firms." Human Resource Management Journal, vol. 26, no. 1, 2016, pp. 12–28. Wiley Online Library.
BasuMallick, Chiradeep. "Top 8 Best Practices for Employee Cross-Training." Spiceworks, 15 June 2020.
Birol, Andy. "4 Ways You Can Succeed With a Staff That 'Wears Multiple Hats.'" The Business Journals, 26 Nov. 2013.
Bleich, Corey. "6 Major Benefits To Cross-Training Employees." EdgePoint Learning, 5 Dec. 2018.
Cancialosi, Chris. "Cross-Training: Your Best Defense Against Indispensable Employees." Forbes, 15 Sept. 2014.
Cappelli, Peter, and Anna Tavis. "HR Goes Agile." Harvard Business Review, Mar. 2018.
Chung, Kai Li, and Norma D'Annunzio-Green. "Talent Management Practices of SMEs in the Hospitality Sector: An Entrepreneurial Owner-Manager Perspective." Worldwide Hospitality and Tourism Themes, vol. 10, no. 4, Jan. 2018.
Clarkson, Mary. Developing IT Staff: A Practical Approach. Springer Science & Business Media, 2012.
"CNBC and SurveyMonkey Release Latest Small Business Survey Results." Momentive, 2019. Press Release. Accessed 6 Aug. 2020.
Cselényi, Noémi. "Why Is It Important for Small Business Owners to Focus on Talent Management?" Jumpstart:HR | HR Outsourcing and Consulting for Small Businesses and Startups, 25 Mar. 2013.
dsparks. "Top 10 IT Concerns for Small Businesses." Stratosphere Networks IT Support Blog - Chicago IT Support Technical Support, 16 May 2017.
Duff, Jimi. "Why Small to Mid-Sized Businesses Need a System for Talent Management | Talent Management Blog | Saba Software." Saba, 17 Dec. 2018.
Employment and Social Development Canada. "Age-Friendly Workplaces: Promoting Older Worker Participation." Government of Canada, 3 Oct. 2016.
Exploring Workforce Planning. Accenture, 23 May 2017.
"Five Major IT Challenges Facing Small and Medium-Sized Businesses." Advanced Network Systems. Accessed 25 June 2020.
Harris, Evan. "IT Problems That Small Businesses Face." InhouseIT, 17 Aug. 2016.
Heathfield, Susan. "What Every Manager Needs to Know About Succession Planning." Liveabout, 8 June 2020.
---. "Why Talent Management Is an Important Business Strategy." Liveabout, 29 Dec. 2019.
Herbert, Chris. "The Top 5 Challenges Facing IT Departments in Mid-Sized Companies." ExpertIP, 25 June 2012.
How Smaller Organizations Can Use Talent Management to Accelerate Growth. Avilar. Accessed 25 June 2020.
Krishnan, TN, and Hugh Scullion. "Talent Management and Dynamic View of Talent in Small and Medium Enterprises." Human Resource Management Review, vol. 27, no. 3, Sept. 2017, pp. 431–41.
Mann Jackson, Nancy. "Strategic Workforce Planning for Midsized Businesses." ADP, 6 Feb. 2017.
McCandless, Karen. "A Beginner's Guide to Strategic Talent Management (2020)." The Blueprint, 26 Feb. 2020.
McFeely, Shane, and Ben Wigert. "This Fixable Problem Costs U.S. Businesses $1 Trillion." Gallup.com, 13 Mar. 2019.
Mihelič, Katarina Katja. Global Talent Management Best Practices for SMEs. Jan. 2020.
Mohsin, Maryam. 10 Small Business Statistics You Need to Know in 2020 [May 2020]. 4 May 2020.
Ramadan, Wael H., and B. Eng. The Influence of Talent Management on Sustainable Competitive Advantage of Small and Medium Sized Establishments. 2012, p. 15.
Ready, Douglas A., et al. "Building a Game-Changing Talent Strategy." Harvard Business Review, no. January–February 2014, Jan. 2014.
Reh, John. "Cross-Training Employees Strengthens Engagement and Performance." Liveabout, May 2019.
Rennie, Michael, et al. McKinsey on Organization: Agility and Organization Design. McKinsey, May 2016.
Roddy, Seamus. "The State of Small Business Employee Benefits in 2019." Clutch, 18 Apr. 2019.
SHRM. "Developing Employee Career Paths and Ladders." SHRM, 28 Feb. 2020.
Strandberg, Coro. Sustainability Talent Management: The New Business Imperative. Strandberg Consulting, Apr. 2015.
Talent Management for Small & Medium-Size Businesses. Success Factors. Accessed 25 June 2020.
"Top 10 IT Challenges Facing Small Business in 2019." Your IT Department, 8 Jan. 2019.
"Why You Need Workforce Planning." Workforce.com, 24 Oct. 2022.

Document and Maintain Your Disaster Recovery Plan

  • Buy Link or Shortcode: {j2store}417|cart{/j2store}
  • member rating overall impact: 9.3/10 Overall Impact
  • member rating average dollars saved: $52,224 Average $ Saved
  • member rating average days saved: 38 Average Days Saved
  • Parent Category Name: DR and Business Continuity
  • Parent Category Link: /business-continuity
  • Disaster recovery plan (DRP) documentation is often driven by audit or compliance requirements rather than aimed at the team that would need to execute recovery.
  • Between day-to-day IT projects and the difficulty of maintaining 300+ page manuals, DRP documentation is not updated and quickly becomes unreliable.
  • Inefficient publishing strategies result in your DRP not being accessible during disaster or key staff not knowing where to find the latest version.

Our Advice

Critical Insight

  • DR documentation fails when organizations try to boil the ocean with an all-in-one plan aimed at auditors, business leaders, and IT. It’s too long, too hard to maintain, and ends up being little more than shelf-ware.
  • Using flowcharts, checklists, and diagrams aimed at an IT audience is more concise and effective in a disaster, quicker to create, and easier to maintain.
  • Create your DRP in layers to keep the work manageable. Start with a recovery workflow to ensure a coordinated response, and build out supporting documentation over time.

Impact and Result

  • Create visual and concise DR documentation that strips out unnecessary content and is written for an IT audience – the team that would actually be executing the recovery. Your business leaders can take the same approach to create separate business response plans. Don’t mix the two in an all-in-one plan that is not effective for either audience.
  • Determine a documentation distribution strategy that supports ease of maintenance and accessibility during a disaster.
  • Incorporate DRP maintenance into change management procedures to systematically update and refine the DR documentation. Don’t save up changes for a year-end blitz, which turns document maintenance into an onerous project.

Document and Maintain Your Disaster Recovery Plan Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should adopt a visual-based DRP, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Streamline DRP documentation

Start by documenting your recovery workflow. Create supporting documentation in the form of checklists, flowcharts, topology diagrams, and contact lists. Finally, summarize your DR capabilities in a DRP Summary Document for stakeholders and auditors.

  • Document and Maintain Your Disaster Recovery Plan – Phase 1: Streamline DRP Documentation

2. Select the optimal DRP publishing strategy

Select criteria for assessing DRP tools, and evaluate whether a business continuity management tool, document management solution, wiki site, or manually distributing documentation is best for your DR team.

  • Document and Maintain Your Disaster Recovery Plan – Phase 2: Select the Optimal DRP Publishing Strategy
  • DRP Publishing and Document Management Solution Evaluation Tool
  • BCM Tool – RFP Selection Criteria

3. Keep your DRP relevant through maintenance best practices

Learn how to integrate DRP maintenance into core IT processes, and learn what to look for during testing and during annual reviews of your DRP.

  • Document and Maintain Your Disaster Recovery Plan – Phase 3: Keep Your DRP Relevant Through Maintenance Best Practices
  • Sample Project Intake Form Addendum for Disaster Recovery
  • Sample Change Management Checklist for Disaster Recovery
  • DRP Review Checklist
  • DRP-BCP Review Workflow (Visio)
  • DRP-BCP Review Workflow (PDF)

4. Appendix: XMPL Case Study

Model your DRP after the XMPL case study disaster recovery plan documentation.

  • Document and Maintain Your Disaster Recovery Plan – Appendix: XMPL Case Study
  • XMPL DRP Summary Document
  • XMPL Notification, Assessment, and Declaration Plan
  • XMPL Systems Recovery Playbook
  • XMPL Recovery Workflows (Visio)
  • XMPL Recovery Workflows (PDF)
  • XMPL Data Center and Network Diagrams (Visio)
  • XMPL Data Center and Network Diagrams (PDF)
  • XMPL DRP Business Impact Analysis Tool
  • XMPL DRP Workbook
[infographic]

Workshop: Document and Maintain Your Disaster Recovery Plan

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Streamline DRP Documentation

The Purpose

Teach your team how to create visual-based documentation.

Key Benefits Achieved

Learn how to create visual-based DR documentation.

Activities

1.1 Conduct a table-top planning exercise.

1.2 Document your high-level incident response plan.

1.3 Identify documentation to include in your playbook.

1.4 Create an initial collection of supplementary documentation.

1.5 Discuss what further documentation is necessary for recovering from a disaster.

1.6 Summarize your DR capabilities for stakeholders.

Outputs

Documented high-level incident response plan

List of documentation action items

Collection of 1-3 draft checklists, flowcharts, topology diagrams, and contact lists

Action items for ensuring that the DRP is executable for both primary and backup DR personnel

DRP Summary Document

2 Select the Optimal DRP Publishing Strategy

The Purpose

Learn the considerations for publishing your DRP.

Key Benefits Achieved

Identify the best strategy for publishing your DRP.

Activities

2.1 Select criteria for assessing DRP tools.

2.2 Evaluate categories for DRP tools.

Outputs

Strategy for publishing DRP

3 Learn How to Keep Your DRP Relevant Through Maintenance Best Practices

The Purpose

Address the common pain point of unmaintained DRPs.

Key Benefits Achieved

Create an approach for maintaining your DRP.

Activities

3.1 Alter your project intake considerations.

3.2 Integrate DR considerations into change management.

3.3 Integrate documentation into performance measurement and performance management.

3.4 Learn best practices for maintaining your DRP.

Outputs

Project Intake Form Addendum Template

Change Management DRP Checklist Template

Further reading

Document and Maintain Your Disaster Recovery Plan

Put your DRP on a diet – keep it fit, trim, and ready for action.

ANALYST PERSPECTIVE

The traditional disaster recovery plan (DRP) “red binder” is dead. It takes too long to create, it’s too hard to maintain, and it’s not usable in a crisis.

“This blueprint outlines the following key tactics to streamline your documentation effort and produce a better result:

  • Write for an IT audience and focus on how to recover. You don’t need 30 pages of fluff describing the purpose of the document.
  • Use flowcharts, checklists, and diagrams over traditional manuals. This drives documentation that is more concise, easier to maintain, and effective in a crisis.
  • Create your DRP in layers to get tangible results faster, starting with a recovery workflow that outlines your DR strategy, and then build out the specific documentation needed to support recovery.”
    •
(Frank Trovato, Research Director, Infrastructure, Info-Tech Research Group)

This project is about DRP documentation after you have clarified your DR strategy; create these necessary inputs first

These artifacts are the cornerstone for any disaster recovery plan.

  • Business Impact Analysis
  • DR Roles and Responsibilities
  • Recovery Workflow

Missing a component? Start here. ➔ Create a Right-Sized Disaster Recovery Plan

This blueprint walks you through building these inputs.
Our approach saves clients on average US$16,825.22. (Clients self-reported an average saving of US$16,869.21 while completing the Create a Right-Sized Disaster Recovery Plan blueprint through advisory calls, guided implementations, or workshops (Info-Tech Research Group, 2017, N=129).)

How this blueprint will help you document your DRP

This Research is Designed For:

  • IT managers in charge of disaster recovery planning (DRP) and execution.
  • Organizations seeking to optimize their DRP using best-practice methodology.
  • Business continuity professionals that are involved with disaster recovery.

This Research Will Help You:

  • Divide the process of creating DR documentation into manageable chunks, providing a defined scope for you to work in.
  • Identify an appropriate DRP document management and distribution strategy.
  • Ensure that DR documentation is up to date and accessible.

This Research Will Also Assist:

  • IT managers preparing for a DR audit.
  • IT managers looking to incorporate components of DR into an IT operations document.

This Research Will Help Them:

  • Follow a structured approach in building DR documentation using best practices.
  • Integrate DR into day-to-day IT operations.

Executive summary

Situation

  • DR documentation is often driven by audit or compliance requirements, rather than aimed at the team that would need to execute recovery.
  • Traditional DRPs are text-heavy, 300+ page manuals that are simply not usable in a crisis.
  • Compounding the problem, DR documentation is rarely updated, so it’s just shelf-ware.

Complication

  • DRP is often given lower priority as day-to-day IT projects displace DR documentation efforts.
  • Inefficient publishing strategies result in your DRP not being accessible during disasters or key staff not knowing where to find the latest version.
  • Organizations that create traditional DRPs end up with massive manuals that are difficult to maintain, so they quickly become unreliable.

Resolution

  • Create visual and concise DR documentation that strips out unnecessary content and is written for an IT audience – the team that would actually be executing the recovery. Your business leaders can take the same approach to create separate business response plans – don’t mix the two into an all-in-one plan that is not effective for either audience.
  • Determine a documentation distribution strategy that supports ease of maintenance and accessibility during a disaster.
  • Incorporate DRP maintenance into change management and project intake procedures to systematically update and refine the DR documentation. Don’t save up changes for a year-end blitz, which turns document maintenance into an onerous project.

Info-Tech Insight

  1. DR documentation fails when organizations try to boil the ocean with an all-in-one plan aimed at auditors, business leaders, and IT. It’s too long, too hard to maintain, and ends up being little more than shelf-ware.
  2. Using flowcharts, checklists, and diagrams aimed at an IT audience is more concise and effective in a disaster, quicker to create, and easier to maintain.
  3. Create your DRP in layers to keep the work manageable. Start with a recovery workflow to ensure a coordinated response, and build out supporting documentation over time.

An effective DRP that mitigates a wide range of potential outages is critical to minimizing the impact of downtime

The criticality of having an effective DRP is underestimated.

Cost of Downtime for the Fortune 1000
  • Cost of unplanned apps downtime per year: $1.25B to $2.5B
  • Cost of critical apps failure per hour: $500,000 to $1M
  • Cost of infrastructure failure per hour: $100,000
  • 35% reported to have recovered within 12 hours.
  • 17% of infrastructure failures took more than 24 hours to recover.
  • 13% of application failures took more than 24 hours to recover.
Size of Impact Increasing Across Industries
  • The cost of downtime is rising across the board and not just for organizations that traditionally depend on IT (e.g. e-commerce).
  • Downtime cost increase since 2010:
    • Hospitality: 129% increase
    • Transportation: 108% increase
    • Media organizations: 104% increase
Potential Lost Revenue
A line graph of Potential Lost Revenue with vertical axis 'LOSS ($)' and horizontal axis 'TIME'. The line starts with low losses near the origin where 'Incident Occurs', gradually accelerates to higher losses as time passes, then decelerates before 'All Revenue Lost'. Note: 'Delay in recovery causes exponential revenue loss'.
(Adapted from: Rothstein, Philip Jan. Disaster Recovery Testing: Exercising Your Contingency Plan (2007 Edition).)

The impact of downtime increases significantly over time, not just in terms of lost revenue (as illustrated here) but also goodwill/reputation and health/safety. An effective DR solution and overall resiliency that mitigate a wide range of potential outages are critical to minimizing the impact of downtime.

Without an effective DRP, your organization is gambling on being able to define and implement a recovery strategy during a time of crisis. At the very least, this means extended downtime – potentially weeks – and substantial impact.

Only 38% of those with a full or mostly complete DRP believe their DRPs would be effective in a real crisis

Organizations continue to struggle with creating DRPs, let alone making them actionable.

Why are so many living with either an incomplete or ineffective DRP? For the same reasons that IT documentation in general continues to be a pain point:

  • It is an outdated model of what documentation should be – the traditional manual with detailed (lengthy) descriptions and procedures.
  • Despite the importance of DR, low priority is placed on creating a DRP and the day-to-day SOPs required to support a recovery.
  • There is a lack of effective processes for ensuring documentation stays up to date.
A bar graph documenting percentages of survey responses about the completeness of their DRP. 'Only 20% of survey respondents indicated they have a complete DRP'. 13% said 'No DRP'. 33% said 'Partial DRP'. 34% said 'Mostly Completed'. 20% said 'Full DRP'.
(Source: Info-Tech Research Group, N=165) 		A bar graph documenting percentages of survey responses about the level of confidence in their DRP. 'Only 38% of those who have a mostly completed or full DRP actually feel it would be effective in a crisis'. 4% said 'Low'. 58% said 'Unsure'. 38% said 'Confident'.
(Source: Info-Tech Research Group, N=69 (includes only those who indicated DRP is mostly completed or completed))

Improve usability and effectiveness with visual-based and more-concise documentation

Choose flowcharts over process guides, checklists over lengthy procedures, and diagrams over descriptions.

If you need a three-inch binder to hold your DRP, imagine having to flip through it to determine next steps during a crisis.

DR documentation needs to be concise, scannable, and quickly understood to be effective. Visual-based documentation meets these requirements, so it’s no surprise that it also leads to higher DR success.

DR success scores are based on:

  • Meeting recovery time objectives (RTOs).
  • Meeting recovery point objectives (RPOs).
  • IT staff’s confidence in their ability to meet RTOs/RPOs.
A line graph of DR documentation types and their effectiveness. The vertical axis is 'DR Success', from Low to High. The horizontal axis is Documentation Type, from 'Traditional Manual' to 'Primarily flowcharts, checklists, and diagrams'. The line trends up to higher success with visual-based and more-concise documentation.(Source: Info-Tech Research Group, N=95)

“Without question, 300-page DRPs are not effective. I mean, auditors love them because of the detail, but give me a 10-page DRP with contact lists, process flows, diagrams, and recovery checklists that are easy to follow.” (Bernard Jones, MBCI, CBCP, CORP, Manager Disaster Recovery/BCP, ActiveHealth Management)

Maintainability is another argument for visual-based, concise documentation

There are two end goals for your DR documentation: effectiveness and maintainability. Without either, you will not have success during a disaster.

Organizations using a visual-based approach were 30% more likely to find that DR documentation is easy to maintain. “Easy to maintain” leads to a 46% higher rate of DR success.
Two bar graphs documenting survey responses regarding maintenance ease of DR documentation types. The first graph compares Traditional Manual vs Visual-based. For 'Traditional Manual' 72% responded they were Difficult to maintain while 28% responded they were Easy to maintain; for 'Visual-based' 42% responded they were Difficult to maintain while 58% responded they were Easy to maintain. Visual-based DR documentation received 30% more votes for Easy to Maintain. The second graph compares success rates of 'Difficult to Maintain' vs 'Easy to Maintain' DR documentation with Difficult being 31% and Easy being 77%, a 46% difference. 'Source: Info-Tech Research Group, N=96'.

Not only are visual-based disaster recovery plans more effective, but they are also easier to maintain.

Overcome documentation inertia with a tiered model that allows you to eat the elephant one bite at a time

Start with a recovery workflow to at least ensure a coordinated response. Then use that workflow to determine required supporting documentation.

Recovery Workflow: Starting the project with overly detailed documentation can slow down the entire process. Overcome planning inertia by starting with high-level incident response plans in a flowchart format. For examples and additional information, see XMPL Medical’s Recovery Workflows.

Recovery Procedures (Systems Recovery Playbook): For each step in the high-level flowchart, create recovery procedures where necessary using additional flowcharts, checklists, and diagrams as appropriate. Leverage Info-Tech’s Systems Recovery Playbook example as a starting point.

Additional Reference Documentation: Reference existing IT documentation, such as network diagrams and configuration documents, as well as more detailed step-by-step procedures where necessary (e.g. vendor documentation), particularly where needed to support alternate recovery staff who may not be as well versed as the primary system owners.

Info-Tech Insight

Organizations that use flowcharts, checklist, and diagrams over traditional, dense DRP manuals are far more likely to meet their RTOs/RPOs because their documentation is more usable and easier to maintain.

Use a DRP summary document to satisfy executives, auditors, and clients

Stakeholders don’t have time to sift through a pile of paper. Summarize your overall continuity capabilities in one, easy-to-read place.

DRP Summary Document

  • Summarize BIA results
  • Summarize DR strategy (including DR sites)
  • Summarize backup strategy
  • Summarize testing and maintenance plans

Follow Info-Tech’s methodology to make DRP documentation efficient and effective

Phases

 Phase 1: Streamline DRP documentation Phase 2: Select the optimal DRP publishing strategy Phase 3: Keep your DRP relevant through maintenance best practices

Phases

1.1

 Start with a recovery workflow

2.1

 Decide on a publishing strategy

3.1

 Incorporate DRP maintenance into core IT processes

1.2

 Create supporting DRP documentation

3.2

 Conduct an annual focused review

1.3

 Write the DRP Summary

Tools and Templates

 End-to-End Sample DRP DRP Publishing Evaluation Tool Project In-take/Request Form

Change Management Checklist

Follow XMPL Medical’s journey through DR documentation

CASE STUDY

Industry Healthcare
Source Created by amalgamating data from Info-Tech’s client base

Streamline your documentation and maintenance process by following the approach outlined in XMPL Medical’s journey to an end-to-end DRP.

Outline of the Disaster Recovery Plan

XMPL’s disaster recovery plan includes its business impact analysis and a subset of tier 1 and tier 2 patient care applications.

Its DRP includes incident response flowcharts, system recovery checklists, and a communication plan. Its DRP also references IT operations documentation (e.g. asset management documents, system specs, and system configuration docs), but this material is not published with the example documentation.

Resulting Disaster Recovery Plan

XMPL’s DRP includes actionable documents in the form of high-level disaster response plan flowcharts and system recovery checklists. During an incident, the DR team is able to clearly see the items for which they are responsible.

Disaster Recovery Plan
  • Recovery Workflow
  • Business Impact Analysis
  • DRP Summary
  • System Recovery Checklists
  • Communication, Assessment, and Disaster Declaration Plan

Info-Tech Best Practice

XMPL Medical’s disaster recovery plan illustrates an effective DRP. Model your end-to-end disaster recovery plan after XMPL’s completed templates. The specific data points will differ from organization to organization, but the structure of each document will be similar.

Model your disaster recovery documentation off of our example

CASE STUDY

Industry Healthcare
Source Created by amalgamating data from Info-Tech’s client base

Recovery Workflow:

  • Recovery Workflows (PDF, VSDX)

Recovery Procedures (Systems Recovery Playbook):

  • DR Notification, Assessment, and Disaster Declaration Plan
  • Systems Recovery Playbook
  • Network Topology Diagrams

Additional Reference Documentation:

  • DRP Workbook
  • Business Impact Analysis
  • DRP Summary Document

Use Info-Tech’s DRP Maturity Scorecard to evaluate your progress

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

Guided Implementation

Workshop

Consulting
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostics and consistent frameworks used throughout all four options

Document and Maintain Your Disaster Recovery Plan – Project Overview

1. Streamline DRP Documentation 2. Select the Optimal DRP Publishing Strategy 3. Keep Your DRP Relevant
Supporting Tool icon
Best-Practice Toolkit

1.1 Start with a recovery workflow

1.2 Create supporting DRP documentation

1.3 Write the DRP summary

2.1 Create Committee Profiles

3.1 Build Governance Structure Map

3.2 Create Committee Profiles

Guided Implementations
  • Review Info-Tech’s approach to DRP documentation.
  • Create a high-level recovery workflow.
  • Create supporting DRP documentation.
  • Write the DRP summary.
  • Identify criteria for selecting a DRP publishing strategy.
  • Select a DRP publishing strategy.
  • Optional: Select requirements for a BCM tool and issue an RFP.
  • Optional: Review responses to RFP.
  • Learn best practices for integrating DRP maintenance into day-to-day IT processes.
  • Learn best practices for DRP-focused reviews.
Associated Activity icon
Onsite Workshop 		Module 1:
Streamline DRP documentation 		Module 2:
Select the optimal DRP publishing strategy 		Module 3:
Learn best practices for keeping your DRP relevant
Phase 1 Outcome:
  • A complete end-to-end DRP
 Phase 2 Outcome:
  • Selection of a publishing and management tool for your DRP documentation
 Phase 3 Outcome:
  • Strategy for maintaining your DRP documentation

Workshop Overview Associated Activity icon

Contact your account representative or email Workshops@InfoTech.com for more information.

Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4 Workshop Day 5
Info-Tech Analysts Finalize Deliverables
Activities
Assess DRP Maturity and Review Current Capabilities

0.1 Assess current DRP maturity through Info-Tech’s Maturity Scorecard.

0.2 Identify the IT systems that support mission-critical business activities, and select 2 or 3 key applications to be the focus of the workshop.

0.3 Identify current recovery strategies for selected applications.

0.4 Identify current DR challenges for selected applications.

Document Your Recovery Workflow

1.1 Create a recovery workflow: review tabletop planning, walk through DR scenarios, identify DR gaps, and determine how to fill them.

Create Supporting Documentation

1.2 Create supporting DRP documentation.

1.3 Write the DRP summary.

Establish a DRP Publishing, Management, and Maintenance Strategy

2.1 Decide on a publishing strategy.

3.1 Incorporate DRP maintenance into core IT.

3.2 Considerations for reviewing your DRP regularly.

Deliverables
  1. Baseline DRP metric (based on DRP Maturity Scorecard)
  1. High-level DRP workflow
  2. DRP gaps and risks identified
  1. Recovery workflow and/or checklist for sample of IT systems
  2. Customized DRP Summary Template
  1. Strategy for selecting a DRP publishing tool
  2. DRP management and maintenance strategy
  3. Workshop summary presentation deck

Workshop Goal: Learn how to document and maintain your DRP.

Use these icons to help direct you as you navigate this research

Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

A small monochrome icon of a wrench and screwdriver creating an X.

This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

A small monochrome icon depicting a person in front of a blank slide.

This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.


Phase 1: Streamline DRP Documentation

Step 1.1: Start with a recovery workflow

PHASE 1
PHASE 2
PHASE 3
1.1 1.2 1.3 2.1 3.1 3.2
Start with a Recovery Workflow Create Supporting Documentation Write the DRP Summary Select DRP Publishing Strategy Integrate into Core IT Processes Conduct an Annual Focused Review

This step will walk you through the following activities:

  • Review a model DRP.
  • Review your recovery workflow.
  • Identify documentation required to support the recovery workflow.

This step involves the following participants:

  • DRP Owner
  • System SMEs
  • Alternate DR Personnel

Outcomes of this step

  • Understanding the visual-based, concise approach to DR documentation.
  • Creating a recovery workflow that provides a roadmap for coordinating incident response and identifying required supporting documentation.

Info-Tech Insights

A DRP is a collection of procedures and supporting documents that allow an organization to recover its IT services to minimize system downtime for the business.

1.1 — Start with a recovery workflow to ensure a coordinated response and identify required supporting documentation

The recovery workflow clarifies your DR strategy and ensures the DR team is on the same page.

Recovery Workflow

The recovery workflow maps out the incident response plan from event detection, assessment, and declaration to systems recovery and validation.

This documentation includes:

  • Clarifying initial incident response steps.
  • Clarifying the order of systems recovery and which recovery actions can occur concurrently.
  • Estimating actual recovery timeline through each stage of recovery.
Recovery Procedures (Playbook)
Additional Reference Documentation

“We use flowcharts for our declaration procedures. Flowcharts are more effective when you have to explain status and next steps to upper management.” (Assistant Director-IT Operations, Healthcare Industry)

Review business impact analysis (BIA) results to plan your recovery workflow

The BIA defines system criticality from the business’s perspective. Use it to guide system recovery order.

Specifically, review the following from your BIA:

  • The list of tier 1, 2, and 3 applications. This will dictate the recovery order in your recovery workflow.
  • Application dependencies. This will outline what needs to be included as part of an application recovery workflow.
  • The recovery time objective (RTO) and recovery point objective (RPO) for each application. This will also guide the recovery, and enable you to identify gaps where the recovery workflow does not meet RTOs and RPOs.

CASE STUDY: The XMPL DRP documentation is based on this Business Impact Analysis Tool.

Haven’t conducted a BIA? Use Info-Tech’s streamlined approach.

Info-Tech’s publication Create a Right-Sized Disaster Recovery Plan takes a very practical approach to BIA work. Our process gives IT leaders a mechanism to quickly get agreement on system recovery order and DR investment priorities.

Conduct a tabletop planning exercise to determine your recovery workflow

Associated Activity icon 1.1.1 Tabletop Planning Exercise

  1. Define a scenario to drive the tabletop planning exercise:
    • Use a scenario that forces a full failover to your DR environment, so you can capture an end-to-end recovery workflow.
    • Avoid scenarios that impact health and safety such as tornados or a fire. You want to focus on IT recovery.
    • Example scenarios: Burst water pipe that causes data-center-wide damage or a gas leak that forces evacuation and power to be shut down for at least two days.

Note: You may have already completed this exercise as part of Create a Right-Sized Disaster Recovery Plan.

Info-Tech Insight

Use scenarios to provide context for DR planning, and to test your plans, but don’t create a separate plan for every possibility.

The high-level recovery plan will be the same whether the incident is a fire, flood, or tornado. While there might be some variances and outliers, these scenarios can be addressed by adding decision points and/or separate, supplementary instructions.

Walk through the scenario and capture the recovery workflow

Associated Activity icon 1.1.2 Tabletop Planning Exercise
  1. Capture the following information for tier 1, tier 2, and tier 3 systems:
    1. On white cue cards, record the steps and track start and end times for each step (where 00:00 is when the incident occurred).
    2. On yellow cue cards, document gaps in people, process, and technology requirements to complete the step.
    3. On red cue cards, indicate risks (e.g. no backup person for a key staff member).

Note:

  • Ensure the language is sufficiently genericized (e.g. refer to events, not specifically a burst water pipe).
  • Review isolated failures (e.g. hardware, software). Typically, the recovery procedure documented for individual systems covers the essence of the recovery workflow whether it’s just the one system that failed or it’s part of a site-wide recovery.

Note: You may have already completed this exercise as part of Create a Right-Sized Disaster Recovery Plan.

Document your current-state recovery workflow based on the results of the tabletop planning

Supporting Tool icon 1.1.2 Incident Response Plan Flowcharts, Tabs 2 and 3

After you finish the tabletop planning exercise, the steps on the set of cue cards define your recovery workflow. Capture this in a flowchart format.

Use the sample DRP to guide your own flowchart. Some notes on the example are:

  • XMPL’s Incident Management to DR flowchart shows the connection between its standard Service Desk processes and DR processes.
  • XMPL’s high-level workflows outline its recovery of tier 1, 2, and 3 systems.
  • Where more detail is required, include links to supporting documentation. In this example, XMPL Medical includes links to its Systems Recovery Playbook.
Preview of an Info-Tech Template depicting a sample flowchart.

This sample flowchart is included in XMPL Recovery Workflows.

Step 1.2: Create Supporting DRP Documentation

PHASE 1
PHASE 2
PHASE 3
1.11.21.32.13.13.2
Start with a Recovery WorkflowCreate Supporting DocumentationWrite the DRP SummarySelect DRP Publishing StrategyIntegrate into Core IT ProcessesConduct an Annual Focused Review

This step will walk you through the following activities:

  • Create checklists for your playbook.
  • Document more complex procedures with flowcharts.
  • Gather and/or write network topology diagrams.
  • Compile a contact list.
  • Ensure there is enough material for backup personnel.

This step involves the following participants:

  • DRP Owner
  • System SMEs
  • Backup DR Personnel

Outcomes of this step

  • Actionable supporting documentation for your disaster recovery plan.
  • Contact list for IT personnel, business personnel, and vendor support.

1.2 — Create supporting documentation for your disaster recovery plan

Now that you have a high-level incident response plan, collect the information you need for executing that plan.

Recovery Workflow

Write your recovery procedures playbook to be effective and usable. Your playbook documentation should include:

  • Supplementary flowcharts
  • Checklists
  • Topology diagrams
  • Contact lists
  • DRP summary

Reference vendors’ technical information in your flowcharts and checklists where appropriate.

Recovery Procedures (Playbook)

Additional Reference Documentation

Info-Tech Insight

Write for your audience. The playbook is for IT; include only the information they need to execute the plan. DRP summaries are for executives and auditors; do not include information intended for IT. Similarly, your disaster recovery plan is not for business units; keep BCP content out of your DRP.

Use checklists to streamline step-by-step procedures

Supporting Tool icon 1.2.1 XMPL Medical’s System Recovery Checklists

Checklists are ideal when staff just need a reminder of what to do, not how to do it.

XMPL Medical used its high-level flowcharts as a roadmap for creating its Systems Recovery Playbook.

  • Since its Playbook is intended for experienced IT staff, the writing style in the checklists is concise. XMPL includes links to reference material to support recovery, especially for alternate staff who might need additional instruction.
  • XMPL includes key parameters (e.g. IP addresses) rather than assume those details would be memorized, especially in a stressful DR scenario.
  • Similarly, include links to other useful resources such as VM templates.
Preview of the Info-Tech Template 'Systems Recovery Playbook'.

Included in the XMPL Systems Recovery Playbook are checklists for recovering XMPL’s virtual desktop infrastructure, mission-critical applications, and core infrastructure components.

Use flowcharts to document processes with concurrent tasks not easily captured in a checklist

Supporting Tool icon 1.2.2 XMPL Medical’s Phone Services Recovery Flowchart

Recovery procedures can consist of flowcharts, checklists, or both, as well as diagrams. The main goal is to be clear and concise.

  • XMPL Medical created a flowchart to capture its phone services recovery procedure to capture concurrent tasks.
  • Additional instructions, where required, could still be captured in a Playbook checklist or other supporting documentation.
  • The flowchart could have also included key settings or other details as appropriate, particularly if the DR team chose to maintain this recovery procedure just in a flowchart format.
Preview of the Info-Tech Template 'Recovery Workflows'.

Included in the XMPL DR documentation is an example flowchart for recovering phone systems. This flowchart is in Recovery Workflows.

Reference this blueprint for more SOP flowchart examples: Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind

Use topology diagrams to capture network layout, integrations, and system information

Supporting Tool icon 1.2.4 XMPL Medical’s Data Center and Network Diagrams

Topology diagrams, key checklists, and configuration settings are often enough for experienced networking staff to carry out their DR tasks.

  • XMPL Medical includes these diagrams with its DRP. Instead of recreating these diagrams, the XMPL Medical DR Manager asked their network team for these diagrams:
    • Primary data center diagram
    • DR site diagram
    • High-level network diagrams
  • Often, organizations already have network topology diagrams for reference purposes.

“Our network engineers came to me and said our standard SOP template didn't work for them. They're now using a lot of diagrams and flowcharts, and that has worked out better for them.” (Assistant Director-IT Operations, Healthcare Industry)

Preview of the Info-Tech Template 'Systems Recovery Playbook'.

You can download a PDF and a VSD version of these Data Center and Network Diagrams from Info-Tech’s website.

Create a list of organizational, IT, and vendor contacts that may be required to assist with recovery

If there is something strange happening to your IT infrastructure, who you gonna call?

Many DR managers have their team on speed dial. However, having the contact info of alternate staff, BCP leads, and vendors can be very helpful during a disaster. XMPL Medical lists the following information in its DRP Workbook:

  • The DR Teams, SMEs critical to disaster recovery, their backups, and key contacts (e.g. BC Management team leads, vendor contacts) that would be involved in:
    • Declaring a disaster.
    • Coordinating a response at an organizational level.
    • Executing recovery.
  • The people that have authority to declare a disaster.
  • Each person’s spending authority.
  • The rules for delegating authority.
  • Primary and alternate staff for each role.
Example list of alternate staff, BCP leads, and vendors.

Confirm with your DR team that you have all of the documentation that you need to recover during a disaster

Associated Activity icon 1.2.7 Group Discussion

DISCUSS: Is there enough information in your DRP for both primary and backup DR personnel?

  • Is it clear who is responsible for each DR task, including notification steps?
  • Have alternate staff for each role been identified?
  • Does the recovery workflow capture all of the high-level steps?
  • Is there enough documentation for alternate staff (e.g. network specs)?

Step 1.3: Write the DRP Summary

PHASE 1
PHASE 2
PHASE 3
1.11.21.32.13.13.2
Start with a Recovery WorkflowCreate Supporting DocumentationWrite the DRP SummarySelect DRP Publishing StrategyIntegrate into Core IT ProcessesConduct an Annual Focused Review

This step will walk you through the following activities:

  • Write a DRP summary document.

This step involves the following participants:

  • DRP Owner

Outcomes of this step

  • High-level outline of your DRP capabilities for stakeholders such as executives, auditors, and clients.

Summarize your DR capabilities using a DRP summary document

Supporting Tool icon 1.3.1 DRP Summary Document

The sample included on Info-Tech’s website is customized for the XMPL Medical Case Study – use the download as a starting point for your own summary document.

DRP Summary Document

XMPL’s DRP Summary is organized into the following categories:

  • DR requirements: This includes a summary of scope, business impact analysis (BIA), risk assessment, and high-level RTOs and achievable RTOs.
  • DR strategy: This includes a summary of XMPL’s recovery procedures, DR site, and backup strategy.
  • Testing and maintenance: This includes a summary of XMPL’s DRP testing and maintenance strategy.

Be transparent about existing business risks in your DRP summary

The DRP summary document is business facing. Include information of which business leaders (and other stakeholders) need to be aware.

  • Discrepancies between desired and achievable RTOs? Organizational leadership needs to know this information. Only then can they assign the resources and budget that IT needs to achieve the desired DR capabilities.
  • What is the DRP’s scope? XMPL Medical lists the IT components that will be recovered during a disaster, and components which will not. For instance, XMPL’s DRP does not recover medical equipment, and XMPL has separate plans for business continuity and emergency response coordination.
Application tier Desired RTO (hh:mm) Desired RPO (hh:mm) Achievable RTO (hh:mm) Achievable RPO (hh:mm)
Tier 1 4:00 1:00 *90:00 1:00
Tier 2 8:00 1:00 *40:00 1:00
Tier 3 48:00 24:00 *96:00 24:00

The above table to is a snippet from the XMPL DR Summary Document (section 2.1.3.2).

In the example, the DR team is unable to recover tier 1, 2, and 3 systems within the desired RTO. As such, they clearly communicate this information in the DRP summary, and include action items to address these gaps.

Phase 2: Select the Optimal DRP Publishing Strategy

Step 2.1: Select a DRP Publishing Strategy

PHASE 1
PHASE 2
PHASE 3
1.11.21.32.13.13.2
Start with a Recovery WorkflowCreate Supporting DocumentationWrite the DRP SummarySelect DRP Publishing StrategyIntegrate into Core IT ProcessesConduct an Annual Focused Review

This step will walk you through the following activities:

  • Select criteria for assessing DRP tools.
  • Evaluate categories for DRP tools.
  • Optional: Write an RFP for a BCM tool.

This step involves the following participants:

  • DRP Owner

Outcomes of this step

  • Identified strategies for publishing your DRP (i.e. making it available to your DR team).

Info-Tech Insights

Diversify your publishing strategy to ensure you can access your DRP in a disaster. For example, if you are using a BCM tool or SharePoint Online as your primary documentation repository, also push the DRP to your DR team’s smartphones as a backup in case the disaster affects internet access.

2.1 — Select a DR publishing and document management strategy that fits your organization

Publishing and document management considerations:

Portability/External Access: Assume your primary site is down and inaccessible. Can you still access your documentation? As shown in this chart, traditional strategies of either keeping a copy at another location (e.g. at the failover site) or with staff (e.g. on a USB drive) still dominate, but these aren’t necessarily the best options.
A bar chart titled 'Portability Strategy Popularity'. 'External Website (wiki site, cloud-based DRP tool, etc.)' scored 16%. 'Failover Site (network drive or redundant SharePoint, etc.)' scored 53%. 'Distribute to Staff (use USB drive, personal email, etc.)' scored 50%. 'Not Accessible Offsite' scored 7%.
Note: Percentages total more than 100% due to respondents using more than one portability strategy.
(Source: Info-Tech Research Group, N=118)
Maintainability/Usability: How easy is it to create, update, and use the documentation? Is it easy to link to other documents as shown in the flowchart and checklist examples? Is there version control? Lack of version control can create a maintenance nightmare as well as issues in a crisis if staff are questioning whether they have the right version.
Cost/Effort: Is the cost and effort appropriate? For example, a large enterprise may need a formal solution (e.g. DRP tools or SharePoint), but the cost might be hard to justify for a smaller company.

Pros and cons of potential strategies

This section will review the following strategies, their pros and cons, and how they meet publishing and document management requirements:

  • DRP tools (e.g. eBRP, Recovery Planner, LDRPS)
  • In-house solutions combining SharePoint and MS Office (or equivalent)
  • Wiki site
  • “Manual” approaches such as storing documents on a USB drive

Avoid 42 hours of downtime due to a non-diversified publishing strategy

CASE STUDY

Industry Municipality
Source Interview

Situation

  • A municipal government has recently completed an end-to-end disaster recovery plan.
  • The team is feeling good about the fact that they were able to identify:
    • Relative criticality of applications.
    • Dependencies for each application.
    • Incident response plans for the current state and desired state.
    • System recovery procedures.

Challenge

  • While the DR plan itself was comprehensive, the team only published the DR onto the government’s network drives.
  • A power generation issue caused power to be shut down, which in turn cascaded into downtime for the network.
  • Once the network was down, their DRP was inaccessible.

Insights

  • Each piece of documentation that was created could have contributed to recovery efforts. However, because they were inaccessible, there was a delayed response to the incident. The result was 42 hours of downtime for end users.
  • Having redundant publishing strategies is just like having redundant IT infrastructure. In the event of downtime, not only do you need to have DR documentation, but you also need to make sure that it is accessible.

Decide on a DR publishing strategy by looking at portability, maintainability, cost, and required effort

Supporting Tool icon 2.1.1 DRP Publishing and Management Evaluation Tool

Use the information included in Step 2.1 to guide your analysis of DRP publishing solutions.

The tool enables you to compare two possible solutions based on these key considerations discussed in this section:

  • Portability/external access
  • Maintainability/usability
  • Cost
  • Effort

The right choice will depend on factors such as current in-house tools, maturity around document management, the size of your IT department, and so on.

For example, a small shop may do very well with the USB drive strategy, whereas a multi-national company will need a more formal strategy to manage consistent DRP distribution.

Preview of Info-Tech's 'DRP Publishing and Management Solution Evaluation Tool'.

The DRP Publishing and Management Solution Evaluation Tool helps you to evaluate the tools included in this section.

Don’t think of a business continuity management (BCM) tool as a silver bullet; know what you’re getting out of it

Portability/External Access:
  • Pros: Typically a SaaS option provides built-in external access with appropriate security and user administration to vary access rights.
  • Cons: Degree of external access is often dependent on the vendor.
Maintainability/Usability:
  • Pros: Built-in templates encourage consistency and guide initial content development by indicating what details need to be captured.
  • Pros: Built-in document management (e.g. version control, metadata support), centralized access/navigation to required documents, and some automation (e.g. update contacts throughout the system).
  • Cons: Not a silver bullet. You still have to do the work to define and capture your processes.
  • Cons: Requires end-user and administrator training.
Cost/Effort:
  • Pros: For large enterprises, the convenience of built-in document management and templates can outweigh the cost.
  • Cons: Expect leading DRP tools to cost $20K or more per year.

About this approach:
BCM tools are solutions that provide templates, tools, and document management to create BC and DR documentation.

Info-Tech Insight

The business case for a BCM tool is built by answering the following questions:

  • Will the BCM tool solve an unmet need?
  • Will the tool be more effective and efficient than an in-house solution?
  • Will the solution provide enhanced capabilities that an in-house solution cannot provide?

If you cannot get a satisfactory answer to each of these questions, then opt for an in-house solution.

“We explored a DRP tool, and it was something we might have used, but it was tens of thousands of pounds per year, so it didn’t stack up financially for us at all.” (Rik Toms, Head of Strategy – IP and IT, Cable and Wireless Communications)

For in-house solutions, leverage tools such as SharePoint to provide document management capabilities

Portability/External Access:
  • Pros: SharePoint is commonly web-enabled and supports external access with appropriate security and user administration.
  • Cons: Must be installed at redundant sites or be cloud-based to be effective in a crisis that takes down your primary data center.
Maintainability/Usability:
  • Pros: Built-in document management (e.g. version control, metadata support) as well as centralized access/navigation to required documents.
  • Pros: No tool learning curve – SharePoint and MS Office would be existing solutions already used on a daily basis.
  • Cons: No built-in automation (e.g. automated updates to contacts throughout the system).
  • Cons: Consistency depends on creating templates and implementing processes for document updates, review, and approval.
Cost/Effort:
  • Pros: Using existing tools, so this is a sunk cost in terms of capex.
  • Cons: Additional effort required to create templates and manage the documentation library.

About this approach:
DRPs and SOPs most often start as MS Office documents, even if there is a DRP tool available. For organizations that elect to bypass a formal DRP tool, and most do, the biggest gap they have to overcome is document management.

Many organizations are turning to SharePoint to meet this need. For those that already have SharePoint in place, it makes sense to further leverage SharePoint for DR documentation and day-to-day SOPs.

For SharePoint to be a practical solution, the documentation must still be accessible if the primary data center is down, e.g. by having redundant SharePoint instances at multiple in-house locations, or using a cloud-based SharePoint solution.

“Just about everything that a DR planning tool does, you can do yourself using homegrown solutions or tools that you're already familiar with such as Word, Excel, and SharePoint.” (Allen Zuk, President and CEO, Sierra Management Consulting)

A healthcare company uses SharePoint as its DRP and SOP documentation management solution

CASE STUDY Healthcare

  • This organization is responsible for 50 medical facilities across three states.
  • It explored DRP tools, but didn’t find the right fit, so it has developed an in-house solution based in SharePoint. While DRP tools have improved, the organization no longer needs that type of solution. Its in-house solution is meeting its needs.
  • It has SharePoint instances at multiple locations to ensure availability if one site is down.

Documentation Strategy

  • Created an IT operations library in SharePoint for DR and SOPs, from basic support to bare-metal restore procedures.
  • SOPs are linked from SharePoint to the virtual help desk for greater accessibility.
  • Where practical, diagrams and flowcharts are used, e.g. DR process flowcharts and network services SOPs dominated by diagrams and flowcharts.

Management Strategy

  • Directors and the CIO have made finishing off SOPs their performance improvement objective for the year. The result is staff have made time to get this work done.
  • Status updates are posted monthly, and documentation is a regular agenda item in leadership meetings.
  • Regular tabletop testing validates documentation and ensures familiarity with procedures, including where to find required information.

Results

  • Dependency on a few key individuals has been reduced. All relevant staff know what they need to do and where to access required documentation.
  • SOPs are enabling DR training as well as day-to-day operations training for new staff.
  • The organization has a high confidence in its ability to recovery from a disaster within established timelines.

Explore using a wiki site as an inexpensive alternative to SharePoint and other content management solutions

Portability/External Access:
  • Pros: Wiki sites can support external access as with any web solution.
  • Cons: Must be installed at redundant sites, hosted, or cloud-based to be effective in a crisis that takes down your primary data center.
Maintainability/Usability:
  • Pros: Built-in document management (version control, metadata support, etc.) as well as centralized access/navigation to required information.
  • Pros: Authorized users can make updates dynamically, depending on how much restriction you have on the site.
  • Cons: No built-in automation (e.g. automated updates to contacts throughout the system).
  • Cons: Consistency depends on creating templates and implementing processes for document updates, review, and approval.
Cost/Effort:
  • Pros: An inexpensive option compared to traditional content management solutions such as SharePoint.
  • Cons: Learning curve if wikis are new to your organization.

About this approach:
Wiki sites are websites where users collaborate to create and edit the content. Wikipedia is an example.

While wiki sites are typically used for collaboration and dynamic content development, the traditional collaborative authoring model can be restricted to provide structure and an approval process.

Several tools are available to create and manage wiki sites (and other collaboration solutions), as outlined in the following research:

Info-Tech Insight

If your organization is not already using wiki sites, this technology can introduce a culture shock. Start slow by using a wiki site within a specific department or for a particular project. Then evaluate how well your staff adapt to this technology as well as its potential effectiveness in your organization. Refer to our collaboration strategy research for additional guidance.

For small IT shops, distributing documentation to key staff (e.g. via a USB drive) can still be effective

Portability/External Access:
  • Pros: Appropriate staff have the documentation with them; there is no need to log into a remote site or access a tool to get at the information.
  • Cons: Relies on staff to be diligent about ensuring they have the latest documentation and keep it with them (not leave it in their desk drawer).
Maintainability/Usability:
  • Pros: With this strategy, MS Office (or equivalent) is used to create and maintain the documentation, so there is no learning curve.
  • Pros: Simple, straightforward methodology – keep the master on a network drive, and download a copy to your USB drive.
  • Cons: No built-in automation (e.g. automated updates to contact information) or document management (e.g. version control).
  • Cons: Consistency depends on creating templates and implementing rigid processes for document updates, review, and approval.
Cost/Effort:
  • Pros: Little to no cost and no tool management required.
  • Cons: “Manual” document management requires strict attention to process for version control, updates, approvals, and distribution.

About this approach:
With this strategy, your ERT and key IT staff keep a copy of your DRP and relevant documentation with them (e.g. on a USB drive). If the primary site experiences a major event, they have ready access to the documentation.

Fifty percent of respondents in our recent survey use this strategy. A common scenario is to use a shared network drive or a solution such as SharePoint as the master centralized repository, but distribute a copy to key staff.

Info-Tech Insight

This approach can have similar disadvantages as using hard copies. Ensuring the USB drives are up to date, and that all staff who might need access have a copy, can become a burdensome process. More often, USB drives are updated periodically, so there is the risk that the information will be out of date or incomplete.

Avoid extensive use of paper copies of DR documentation

DR documents need to be easy to update, accessible from anywhere, and searchable. Paper doesn’t meet these needs.

Portability/External Access:
  • Pros: Does not rely on technology or power.
  • Cons: Requires all staff who might be involved in a DR to have a copy, and to have it with them at all times, to truly have access at any time from anywhere.
Maintainability/Usability:
  • Pros: In terms of usability, again there is no dependence on technology.
  • Cons: Updates need to be printed and distributed to all relevant staff every time there is a change to ensure staff have access to the latest, most accurate documentation if a disaster occurred. You can’t schedule disasters, so information needs to be current all the time.
  • Cons: Navigation to other information is manual – flipping through pages, etc. No searching or hyperlinks.
Cost/Effort:
  • Pros: No technology system to maintain, aside from what you use for printing.
  • Cons: Printing expenses are actually among the highest incurred by organizations, and this adds to it.
  • Cons: Labor intensive due to need to print and physically distribute documentation updates.

About this approach:
Traditionally DRPs are printed and distributed to managers and/or kept in a central location at both the primary site and a secondary site. In addition, wallet cards are distributed that contain key information such as contact numbers.

A wallet card or even a few printed copies of your high-level DRP for general reference can be helpful, but paper is not a practical solution for your overall DR documentation library, particularly when you include SOPs for recovery procedures.

One argument in favor of paper is there is no dependency on power during a crisis. However, in a power outage, staff can use smartphones and potentially laptops (with battery power) to access electronically stored documentation to get through first response steps. In addition, your DR site should have backup power to be an appropriate recovery site.

Optional: Partial list of BCM tool vendors

A partial list of BCM tool vendors, including: Business Protector, catalyst, clearview, ContinuityLogic. Fusion, Logic Manager, Quantivate, RecoveryPlanner.com, MetricStream, SimpleRisk, riskonnect, Strategic BCP - ResilienceONE, RSA, and Sungard Availability Services.

The list is only a partial list of BCM tool vendors. The order in which vendors are presented, and inclusion in this list, does not represent an endorsement.

Optional: Use our list of requirements as a foundation for selecting and reviewing BCM tools

Supporting Tool icon 2.1.2 BCM Tool – RFP Selection Criteria

If a BCM tool is the best option for your environment, expedite the evaluation process with our BCM Tool – RFP Selection Criteria.

Through advisory services, workshops, and consulting engagements, we have created this BCM Tool Requirements List. The featured requirements includes the following categories:

  1. Integrations
  2. Planning and Monitoring
  3. Administration
  4. Architecture
  5. Security
  6. Support and Training
Preview of the Info-Tech template 'BCM Tool – RFP Selection Criteria'.

This BCM Tool – RFP Selection Criteria can be appended to an RFP. You can leverage Info-Tech’s RFP Template if your organization does not have one.

Info-Tech can write full RFPs

As part of a consulting engagement, Info-Tech can write RFPs for BCM tools and provide a customized scoring tool based on your environment’s unique requirements.

Phase 3: Keep Your DRP Relevant Through Maintenance Best Practices

Step 3.1: Integrate DRP maintenance into core IT processes

PHASE 1
PHASE 2
PHASE 3
1.11.21.32.13.13.2
Start with a Recovery WorkflowCreate Supporting DocumentationWrite the DRP SummarySelect DRP Publishing StrategyIntegrate into Core IT ProcessesConduct an Annual Focused Review

This step will walk you through the following activities:

  • Integrate DRP maintenance with Project Management.
  • Integrate DRP considerations into Change Management.
  • Integrate with Performance Management.

This step involves the following participants:

  • DRP Owner
  • Head of Project Management Office
  • Head of Change Advisory Board
  • CIO

Outcomes of this step

  • Updated project intake form.
  • Updated change management practice.
  • Updated performance appraisals.

3.1 — Incorporate DRP maintenance into core IT processes

Focusing on these three processes will help ensure that your plan stays current, accurate, and usable.

The Info-Tech / COBIT5 'IT Management and Governance Framework' with three processes highlighted: 'MEA01 Performance Measurement', 'BAI06 Change Management', and 'BAI01 Project Management'.

Info-Tech Best Practice

Prioritize quick wins that will have large benefits. The advice presented in this section offers easy ways to help keep your DRP up to date. These simple solutions can save a lot of time and effort for your DRP team as opposed to more intricate changes to the processes above.

Assess how new projects impact service criticality and DR requirements upfront during project intake

 Icon for process 'BAI01 Project Management'.
Supporting Tool icon 3.1.1 Sample Project Intake Form Addendum

Understand the RTO/RPO requirements and IT impacts for new or enhanced services to ensure appropriate provisioning and overall DRP updates.

  • Have submitters include service continuity requirements. This information can be inserted into your business impact analysis. Use similar language that you use in your own BIA.
    • The submitter should know how critical the resulting project will be. Any items that the submitter doesn’t know, the Project Steering Committee should investigate.
  • Have IT assess the impact on the DRP. The submitter will not know how the DRP will be impacted directly. Ask the project committee to consider how DRP documentation and the DR environment will need to be changed due to the project under consideration.

Note: The goal is not to make DR a roadblock, but rather to ensure project requirements will be met – including availability and DR requirements.

Preview of the Info-Tech template 'Project Intake Form'.

This Project Intake Form asks the submitter to fill out the availability and criticality requirements for the project.

Leverage your change management process to identify required DRP updates as they occur

 Icon for process 'BAI06 Change Management'.

Avoid the year-end rush to update your DRP. Keeping it up to date as changes occur saves time in the long run and ensures your plan is accurate when you need it.

  • As part of your change management process, identify potential updates to:
    • System documentation (e.g. configuration settings).
    • Recovery procedures (e.g. if a system has been virtualized, that changes the recovery procedure).
    • Your DR environment (e.g. system configuration updates for standby systems).
  • Keep track of how often a system has changed. Relevant DRP documentation might be due for a deeper review:
    • After a system has been changed ten times (even from routine changes), notify your DRP Manager to flag the relevant DRP documentation for review.
    • As part of formal DRP reviews, pay closer attention to DRP documentation for the flagged systems.
Preview of the Info-Tech template 'Disaster Recovery Change Management'.

This template asks the submitter to fill out the availability and criticality requirements for the project.

For change management best practices beyond DRP considerations, please see Optimize Change Management.

Integrate documentation into performance measurement and performance management

 Icon for process 'MEA01 Performance Measurement'.

Documentation is a necessary evil – few like to create it and more immediate tasks take priority. If it isn’t scheduled and prioritized, it won’t happen.

Why documentation is such a challenge

How management can address these challenges
We all know that IT staff typically do not like to write documentation. That’s not why they were hired, and good documentation is not what gets them promoted. Include documentation deliverables in your IT staff’s performance appraisal to stress the importance of ensuring documentation is up to date, especially where it might impact DR success.
Similarly, documentation is secondary to more urgent tasks. Time to write documentation is often not allocated by project managers. Schedule time for developing documentation, just like any other project, or it won’t happen.
Writing manuals is typically a time-intensive task. Focus on what is necessary for another experienced IT professional to execute the recovery. As discussed earlier, often a diagram or checklist is good enough and actually far more usable in a crisis.

“Our directors and our CIO have tied SOP work to performance evaluations, and SOP status is reviewed during management meetings. People have now found time to get this work done.” (Assistant Director – IT Operations, Healthcare Industry)

Step 3.2: Conduct an Annual Focused Review

PHASE 1
PHASE 2
PHASE 3
1.11.21.32.13.13.2
Start with a Recovery WorkflowCreate Supporting DocumentationWrite the DRP SummarySelect DRP Publishing StrategyIntegrate into Core IT ProcessesConduct an Annual Focused Review

This step will walk you through the following activities:

  1. Identify components of your DRP to refresh.
  2. Identify organizational changes requiring further focus.
  3. Test your DRP and identify problems.
  4. Correct problems identified with DRP.

This step involves the following participants:

  • DRP Owner
  • System SMEs
  • Backup DR Personnel

Outcomes of this step

  • An actionable, up-to-date DRP.

Info-Tech Insight

Testing is a waste of time and resources if you do not fix what’s broken. Tabletop testing is effective at uncovering gaps in your DR processes, but if you don’t address those gaps, then your DRP will still be unusable in a disaster.

Set up a safety net to capture changes that slipped through the cracks with a focused review process

Evaluate documentation supporting high-priority systems, as well as documentation supporting IT systems that have been significantly changed.

  • Ideally you’re maintaining documentation as you go along. But you need to have an annual review to catch items that may have slipped through.
  • Don’t review everything. Instead, review:
    • IT systems that have had 10+ changes: small changes and updates can add up over time. Ensure:
      • The plans for these systems are updated for changes (e.g. configuration changes).
      • SMEs and backup personnel are familiar with the changes.
    • Tier 1 / Gold Systems: Ensure that you can still recover tier 1 systems with your existing DRP documentation.
  • Track documentation issues that you discovered with your ticketing system or service desk tool to ensure necessary documentation changes are made.
  1. Annual Focused Review
  2. Tier 1 Systems
  3. Significantly Changed Systems
  4. Organizational Changes

Identify larger changes, both organizational and within IT, that necessitate DRP updates

During your focused review, consider how organizational changes have impacted your DRP.

The COBIT 5 Enablers provide a foundation for this analysis. Consider:

  • Changes in regulatory requirements: Are there new requirements for IT that are not reflected in your DRP? Is the organization required to comply with any additional regulations?
  • Changes to organizational structures, business processes, and how employees work: Can employees still be productive once tier 1 services are restored or have RTOs changed? Has organizational turnover impacted your DRP?
  • SMEs leaving or changing roles: Can IT still execute your DRP? Are there still people for all the key roles?
  • Changes to IT infrastructure and applications: Can the business still access the information they need during a disaster? Is your BIA still accurate? Do new services need to be considered tier 1?

Info-Tech Best Practice

COBIT 5 Enablers
What changes need to be reflected in your DRP?

A cycle visualization titled 'Disaster Recovery Plan'. Starting at 'Changes in Regulatory Requirements', it proceeds clockwise to 'Organizational Structure', 'Changes in Business Processes', and 'How Employees Work', before it returns to DRP. Then 'Changes to Applications', 'Changes to Infrastructure', 'SMEs Leaving or Changing Roles', and then back to the DRP.

Create a plan during your annual focused review to test your DRP throughout the year

Regardless of your documentation approach, training and familiarity with relevant procedures is critical.

  • Start with tabletop exercises and progress to technology-based testing (simulation, parallel, and full-scale testing).
  • Ask staff to reference documentation while testing, even if they do not need to. This practice helps to confirm documentation accuracy and accessibility.
  • Incorporate cross-training in DR testing. This gives important experience to backup personnel and will further validate that documents are complete and accurate.
  • Track any discovered documentation issues with your ticketing system or project tracking tools to ensure necessary documentation changes are made.

Example Test Schedule:

  1. Q1: Tabletop testing shadowed by backup personnel
  2. Q2: Tabletop testing led by backup personnel
  3. Q3: Technology-based testing
  4. Annual Focused Review: Review Results

Reference this blueprint for guidance on DRP testing plans: Reduce Costly Downtime Through DR Testing

Appendix A: XMPL Case Study

Follow XMPL Medical’s journey through DR documentation

CASE STUDY

Industry Healthcare
Source Created by amalgamating data from Info-Tech’s client base

Streamline your documentation and maintenance process by following the approach outlined in XMPL Medical’s journey to an end-to-end DRP.

Outline of the Disaster Recovery Plan

XMPL’s disaster recovery plan includes its business impact analysis and a subset of tier 1 and tier 2 patient care applications.

Its DRP includes incident response flowcharts, system recovery checklists, and a communication plan. Its DRP also references IT operations documentation (e.g. asset management documents, system specs, and system configuration docs), but this material is not published with the example documentation.

Resulting Disaster Recovery Plan

XMPL’s DRP includes actionable documents in the form of high-level disaster response plan flowcharts and system recovery checklists. During an incident, the DR team is able to clearly see the items for which they are responsible.

Disaster Recovery Plan
  • Recovery Workflow
  • Business Impact Analysis
  • DRP Summary
  • System Recovery Checklists
  • Communication, Assessment, and Disaster Declaration Plan

Info-Tech Best Practice

XMPL Medical’s disaster recovery plan illustrates an effective DRP. Model your end-to-end disaster recovery plan after XMPL’s completed templates. The specific data points will differ from organization to organization, but the structure of each document will be similar.

Model your disaster recovery documentation off of our example

CASE STUDY

Industry Healthcare
Source Created by amalgamating data from Info-Tech’s client base

Recovery Workflow:

  • Recovery Workflows (PDF, VSDX)

Recovery Procedures (Systems Recovery Playbook):

  • DR Notification, Assessment, and Disaster Declaration Plan
  • Systems Recovery Playbook
  • Network Topology Diagrams

Additional Reference Documentation:

  • DRP Workbook
  • Business Impact Analysis
  • DRP Summary Document

Use our structure to create your practical disaster recovery plan.

Appendix B: Summary, Next Steps, and Bibliography

Insight breakdown

Use visual-based documentation instead of a traditional DRP manual.

  • Flowcharts, checklists, and diagrams are more concise, easier to maintain, and more effective in a crisis.
  • Write for an IT audience and focus on how to recover. You don’t need 30 pages of fluff describing the purpose of the document.

Create your DRP in layers to keep the work manageable.

  • Start with a recovery workflow to ensure a coordinated response, and build out supporting documentation over time.

Prioritize quick wins to make DRP maintenance easier and more likely to happen.

  • Incorporate DRP maintenance into change management and project intake procedures to systematically update and refine the DR documentation. Don’t save up changes for a year-end blitz, which turns document maintenance into an onerous project.

Summary of accomplishment

Knowledge Gained

  • How to create visual-based DRP documentation
  • How to integrate DRP maintenance into core IT processes

Processes Optimized

  • DRP documentation creation
  • DRP publishing tool selection
  • DRP documentation maintenance

Deliverables Completed

  • DRP documentation
  • Strategy for publishing your DRP
  • Modified project-intake form
  • Change management checklist for DR considerations

Project step summary

Client Project: Document and Maintain Your Disaster Recovery Plan

  • Create a recovery workflow.
  • Create supporting DRP documentation.
  • Write a summary for your DRP.
  • Decide on a publishing strategy.
  • Incorporate DRP maintenance into core IT processes.
  • Conduct an annual focused review.

Info-Tech Insight

This project has the ability to fit the following formats:

  • Onsite workshop by Info-Tech Research Group consulting analysts.
  • Do-it-yourself with your team.
  • Remote delivery (Info-Tech Guided Implementation).

Related Info-Tech research

Create a Right-Sized Disaster Recovery Plan
Close the gap between your DR capabilities and service continuity requirements.

Reduce Costly Downtime Through DR Testing
Improve the accuracy of your DRP and your team’s ability to efficiently execute recovery procedures through regular DR testing.

Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind
Go beyond satisfying auditors to drive process improvement, consistent IT operations, and effective knowledge transfer.

Prepare for a DRP Audit
Assess your current DRP maturity, identify required improvements, and complete an audit-ready DRP summary document.

Bibliography

A Structured Approach to Enterprise Risk Management (ERM) and the Requirements of ISO 31000. The Association of Insurance and Risk Managers, Alarm: The Public Risk Management Association, and The Institute of Risk Management, 2010.

“APO012: Manage Risk.” COBIT 5: Enabling Processes. ISACA, 2012.

Bird, Lyndon, Ian Charters, Mel Gosling, Tim Janes, James McAlister, and Charlie Maclean-Bristol. Good Practice Guidelines: A Guide to Global Good Practice in Business Continuity. Global ed. Business Continuity Institute, 2013.

COBIT 5: A Business Framework for the Governance and Management of Enterprise IT. ISACA, 2012.

“EDM03: Ensure Risk Optimisation.” COBIT 5: Enabling Processes. ISACA, 2012.

Risk Management. ISO 31000:2009.

Rothstein, Philip Jan. Disaster Recovery Testing: Exercising Your Contingency Plan. Rothstein Associates: 1 Oct. 2007.

Societal Security – Business continuity management systems – Guidance. ISO 22313:2012.

Societal Security – Business continuity management systems – Requirements. ISO 22301:2012.

Understanding and Articulating Risk Appetite. KPMG, 2008.

Enhance Your Solution Architecture Practices

  • Buy Link or Shortcode: {j2store}157|cart{/j2store}
  • member rating overall impact: 9.0/10 Overall Impact
  • member rating average dollars saved: $33,359 Average $ Saved
  • member rating average days saved: 11 Average Days Saved
  • Parent Category Name: Development
  • Parent Category Link: /development
  • In today’s world, business agility is essential to stay competitive. Quick responses to business needs through efficient development and deployment practices is critical for business value delivery.
  • A mature solution architecture practice is the basic necessity for a business to have technical agility.

Our Advice

Critical Insight

Don’t architect for normal situations. That is a shallow approach and leads to decisions that may seem “right” but will not be able to stand up to system elasticity needs.

Impact and Result

  • Understand the different parts of a continuous security architecture framework and how they may apply to your decisions.
  • Develop a solution architecture for upcoming work (or if there is a desire to reduce tech debt).

Enhance Your Solution Architecture Practices Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Solution Architecture Practices Deck – A deck to help you develop an approach for or validate existing solution architecture capability.

Translate stakeholder objectives into architecture requirements, solutions, and changes. Incorporate architecture quality attributes in decisions to increase your architecture’s life. Evaluate your solution architecture from multiple views to obtain a holistic perspective of the range of issues, risks, and opportunities.

  • Enhance Your Solution Architecture Practices – Phases 1-3

2. Solution Architecture Template – A template to record the results from the exercises to help you define, detail, and make real your digital product vision.

Identify and detail the value maps that support the business, and discover the architectural quality attribute that is most important for the value maps. Brainstorm solutions for design decisions for data, security, scalability, and performance.

  • Solution Architecture Template
[infographic]

Workshop: Enhance Your Solution Architecture Practices

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Vision and Value Maps

The Purpose

Document a vision statement for the solution architecture practice (in general) and/or a specific vision statement, if using a single project as an example.

Document business architecture and capabilities.

Decompose capabilities into use cases.

Key Benefits Achieved

Provide a great foundation for an actionable vision and goals that people can align to.

Develop a collaborative understanding of business capabilities.

Develop a collaborative understanding of use cases and personas that are relevant for the business.

Activities

1.1 Develop vision statement.

1.2 Document list of value stream maps and their associated use cases.

1.3 Document architectural quality attributes needed for use cases using SRME.

Outputs

Solution Architecture Template with sections filled out for vision statement canvas and value maps

2 Continue Vision and Value Maps, Begin Phase 2

The Purpose

Map value stream to required architectural attributes.

Prioritize architecture decisions.

Discuss and document data architecture.

Key Benefits Achieved

An understanding of architectural attributes needed for value streams.

Conceptual understanding of data architecture.

Activities

2.1 Map value stream to required architectural attributes.

2.2 Prioritize architecture decisions.

2.3 Discuss and document data architecture.

Outputs

Solution Architecture Template with sections filled out for value stream and architecture attribute mapping; a prioritized list of architecture design decisions; and data architecture

3 Continue Phase 2, Begin Phase 3

The Purpose

Discuss security and threat assessment.

Discuss resolutions to threats via security architecture decisions.

Discuss system’s scalability needs.

Key Benefits Achieved

Decisions for security architecture.

Decisions for scalability architecture.

Activities

3.1 Discuss security and threat assessment.

3.2 Discuss resolutions to threats via security architecture decisions.

3.3 Discuss system’s scalability needs.

Outputs

Solution Architecture Template with sections filled out for security architecture and scalability design

4 Continue Phase 3, Start and Finish Phase 4

The Purpose

Discuss performance architecture.

Compile all the architectural decisions into a solutions architecture list.

Key Benefits Achieved

A complete solution architecture.

A set of principles that will form the foundation of solution architecture practices.

Activities

4.1 Discuss performance architecture.

4.2 Compile all the architectural decisions into a solutions architecture list.

Outputs

Solution Architecture Template with sections filled out for performance and a complete solution architecture

Further reading

Enhance Your Solution Architecture Practice

Ensure your software systems solution is architected to reflect stakeholders’ short- and long-term needs.

Analyst Perspective

Application architecture is a critical foundation for supporting the growth and evolution of application systems. However, the business is willing to exchange the extension of the architecture’s life with quality best practices for the quick delivery of new or enhanced application functionalities. This trade-off may generate immediate benefits to stakeholders, but it will come with high maintenance and upgrade costs in the future, rendering your system legacy early.

Technical teams know the importance of implementing quality attributes into architecture but are unable to gain approval for the investments. Overcoming this challenge requires a focus of architectural enhancements on specific problem areas with significant business visibility. Then, demonstrate how quality solutions are vital enablers for supporting valuable application functionalities by tracing these solutions to stakeholder objectives and conducting business and technical risk and impact assessments through multiple business and technical perspectives.

this is a picture of Andrew Kum-Seun

Andrew Kum-Seun
Research Manager, Applications
Info-Tech Research Group

Enhance Your Solution Architecture

Ensure your software systems solution is architected to reflect stakeholders’ short- and long-term needs.

EXECUTIVE BRIEF

Executive Summary

Your Challenge

  • Most organizations have some form of solution architecture; however, it may not accurately and sufficiently support the current and rapidly changing business and technical environments.
  • To enable quick delivery, applications are built and integrated haphazardly, typically omitting architecture quality practices.

Common Obstacles

  • Failing to involve development and stakeholder perspectives in design can lead to short-lived architecture and critical development, testing, and deployment constraints and risks being omitted.
  • Architects are experiencing little traction implementing solutions to improve architecture quality due to the challenge of tracing these solutions back to the right stakeholder objectives.

Info-Tech's Approach

  • Translate stakeholder objectives into architecture requirements, solutions, and changes. Incorporate architecture quality attributes in decisions to increase your architecture’s life.
  • Evaluate your solution architecture from multiple views to obtain a holistic perspective of the range of issues, risks, and opportunities.
  • Regularly review and recalibrate your solution architecture so that it accurately reflects and supports current stakeholder needs and technical environments.

Info-Tech Insight

Well-received applications can have poor architectural qualities. Functional needs often take precedence over quality architecture. Quality must be baked into design, execution, and decision-making practices to ensure the right tradeoffs are made.

A badly designed solution architecture is the root of all technical evils

A well-thought-through and strategically designed solution architecture is essential for the long-term success of any software system, and by extension, the organization because:

  1. It will help achieve quality attribute requirements (security, scalability, performance, usability, resiliency, etc.) for a software system.
  2. It can define and refine architectural guiding principles. A solution architecture is not only important for today but also a vision for the future of the system’s ability to react positively to changing business needs.
  3. It can help build usable (and reusable) services. In a fast-moving environment, the convenience of having pre-made plug-and-play architectural objects reduces the risk incurred from knee-jerk reactions in response to unexpected demands.
  4. It can be used to create a roadmap to an IT future state. Architectural concerns support transition planning activities that can lead to the successful implementation of a strategic IT plan.

Demand for quick delivery makes teams omit architectural best practices, increasing downstream risks

In its need for speed, a business often doesn’t see the value in making sure architecture is maintainable, reusable, and scalable. This demand leads to an organizational desire for development practices and the procurement of vendors that favor time-to-market over long-term maintainability. Unfortunately, technical teams are pushed to omit design quality and validation best practices.

What are the business impacts of omitting architecture design practices?

Poor quality application architecture impedes business growth opportunities, exposes enterprise systems to risks, and consumes precious IT budgets in maintenance that could otherwise be used for innovation and new projects.

Previous estimations indicate that roughly 50% of security problems are the result of software design. […] Flaws in the architecture of a software system can have a greater impact on various security concerns in the system, and as a result, give more space and flexibility for malicious users.(Source: IEEE Software)

Errors in software requirements and software design documents are more frequent than errors in the source code itself according to Computer Finance Magazine. Defects introduced during the requirements and design phase are not only more probable but also more severe and more difficult to remove. (Source: iSixSigma)

Design a solution architecture that can be successful within the constraints and complexities set before you

APPLICATION ARCHITECTURE…

… describes the dependencies, structures, constraints, standards, and development guidelines to successfully deliver functional and long-living applications. This artifact lays the foundation to discuss the enhancement of the use and operations of your systems considering existing complexities.

Good architecture design practices can give you a number of benefits:

Lowers maintenance costs by revealing key issues and risks early. The Systems Sciences Institute at IBM has reported that the cost to fix an error found after product release was 4 to 5 times as much as one uncovered during design.(iSixSigma)

Supports the design and implementation activities by providing key insights for project scheduling, work allocation, cost analysis, risk management, and skills development.(IBM: developerWorks)

Eliminates unnecessary creativity and activities on the part of designers and implementers, which is achieved by imposing the necessary constraints on what they can do and making it clear that deviation from constraints can break the architecture.(IBM: developerWorks)

Use Info-Tech’s Continuous Solution Architecture (CSA) Framework for designing adaptable systems

Solution architecture is not a one-size-fits-all conversation. There are many design considerations and trade-offs to keep in mind as a product or services solution is conceptualized, evaluated, tested, and confirmed. The following is a list of good practices that should inform most architecture design decisions.

Principle 1: Design your solution to have at least two of everything.

Principle 2: Include a “kill switch” in your fault-isolation design. You should be able to turn off everything you release.

Principle 3: If it can be monitored, it should be. Use server and audit logs where possible.

Principle 4: Asynchronous is better than synchronous. Asynchronous design is more complex but worth the processing efficiency it introduces.

Principle 5: Stateless over stateful: State data should only be used if necessary.

Principle 6: Go horizonal (scale out) over vertical (scale up).

Principle 7: Good architecture comes in small packages.

Principle 8: Practice just-in-time architecture. Delay finalizing an approach for as long as you can.

Principle 9: X-ilities over features. Quality of an architecture is the foundation over which features exist. A weak foundation can never be obfuscated through shiny features.

Principle 10: Architect for products not projects. A product is an ongoing concern, while a project is short lived and therefore only focused on what is. A product mindset forces architects to think about what can or should be.

Principle 11: Design for rollback: When all else fails, you should be able to stand up the previous best state of the system.

Principle 12: Test the solution architecture like you test your solution’s features.

CSA should be used for every step in designing a solution’s architecture

Solution architecture is a technical response to a business need, and like all complex evolutionary systems, must adapt its design for changing circumstances.

The triggers for changes to existing solution architectures can come from, at least, three sources:

  1. Changing business goals
  2. Existing backlog of technical debt
  3. Solution architecture roadmap

A solution’s architecture is cross-cutting and multi-dimensional and at the minimum includes:

  • Product Portfolio Strategy
  • Application Architecture
  • Data Architecture
  • Information Architecture
  • Operational Architecture

along with several qualitative attributes (also called non-functional requirements).

This image contains a chart which demonstrates the relationship between changing hanging business goals, Existing backlog of technical debt, Solution architecture roadmap, and Product Portfolio Strategy, Application Architecture, Data Architecture, Information Architecture and, Operational Architecture

Related Research: Product Portfolio Strategy

Integrate Portfolios to Create Exceptional Customer Value

  • Define an organizing principle that will structure your projects and applications in a way that matters to your stakeholders.
  • Bridge application and project portfolio data using the organizing principle that matters to communicate with stakeholders across the organization.
  • Create a dashboard that brings together the benefits of both project and application portfolio management to improve visibility and decision making.

Deliver on Your Digital Portfolio Vision

  • Recognize that a vision is only as good as the data that backs it up. Lay out a comprehensive backlog with quality built in that can be effectively communicated and understood through roadmaps.
  • Your intent is only a dream if it cannot be implemented ; define what goes into a release plan via the release canvas.
  • Define a communication approach that lets everyone know where you are heading.

Related Research: Data, Information & Integration Architecture

Build a Data Architecture Roadmap

  • Have a framework in place to identify the appropriate solution for the challenge at hand. Our three-phase practical approach will help you build a custom and modernized data architecture.
  • Identify and prioritize the business drivers in which data architecture changes would create the largest overall benefit and determine the corresponding data architecture tiers that need to be addressed.
  • Discover the best-practice trends, measure your current state, and define the targets for your data architecture tactics.
  • Build a cohesive and personalized roadmap for restructuring your data architecture. Manage your decisions and resulting changes.

Build a Data Pipeline for Reporting and Analytics

  • Understand your high-level business capabilities and interactions across them – your data repositories and flows should be just a digital reflection thereof.
  • Divide your data world in logical verticals overlaid with various speed data progression lanes, i.e. build your data pipeline – and conquer it one segment at a time.
  • Use the most appropriate database design pattern for a given phase/component in your data pipeline progression.

Related Research:Operational Architecture

Optimize Application Release Management

  • Acquire release management ownership. Ensure there is appropriate accountability for the speed and quality of the releases passing through the entire pipeline.
  • A release manager has oversight over the entire release process and facilitates the necessary communication between business stakeholders and various IT roles.
  • Instill holistic thinking. Release management includes all steps required to push release and change requests to production along with the hand-off to Operations and Support. Increase the transparency and visibility of the entire pipeline to ensure local optimizations do not generate bottlenecks in other areas.
  • Standardize and lay a strong release management foundation. Optimize the key areas where you are experiencing the most pain and continually improve.

Build Your Infrastructure Roadmap

  • Increased communication. More information being shared to more people who need it.
  • Better planning. More accurate information being shared.
  • Reduced lead times. Less due diligence or discovery work required as part of project implementations.
  • Faster delivery times. Less low-value work, freeing up more time for project work.

Related Research:Security Architecture

Identify Opportunities to Mature the Security Architecture

  • A right-sized security architecture can be created by assessing the complexity of the IT department, the operations currently underway for security, and the perceived value of a security architecture within the organization. This will bring about a deeper understanding of the organizational infrastructure.
  • Developing a security architecture should also result in a list of opportunities (i.e. initiatives) that an organization can integrate into a roadmap. These initiatives will seek to improve security operations and strengthen the IT department’s understanding of security’s role within the organization.
  • A better understanding of the infrastructure will help to save time on determining the correct technologies required from vendors, and therefore, cut down on the amount of vendor noise.
  • Creating a defensible roadmap will assist with justifying future security spend.

Key deliverable:

Solution Architecture Template
Record the results from the exercises to help you define, detail, and make real your digital product vision.

Blueprint Deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

This image contains screenshots of the deliverables which will be discussed later in this blueprint

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.

Guided Implementation

Our team knows that we need to fix a process, but we need assistance to determine where to focus. some check-ins along the way would help keep us on track

Workshop

We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place

Consulting

Our team does not have the time or the knowledge to take this project on. we need assistance through the entirety of this project.

Diagnostics and consistent frameworks are used throughout all four options

Workshop Overview

Contact your account representative for more information. workshops@infotech.com 1-888-670-8889

Day 1 Day 2 Day 3 Day 4
Exercises
  1. Articulate an architectural vision
  2. Develop dynamic value stream maps
  1. Create a conceptual map between the value stream, use case, and required architectural attribute
  2. Create a prioritized list of architectural attributes
  3. Develop a data architecture that supports transactional and analytical needs
  1. Document security architecture risks and mitigations
  2. Document scalability architecture
  1. Document performance-enhancing architecture
  2. Bring it all together
Outcomes
  1. Architecture vision
  2. Dynamic value stream maps (including user stories/personas)
  1. List of required architectural attributes
  2. Architectural attributes prioritized
  3. Data architecture design decisions
  1. Security threat and risk analysis
  2. Security design decisions
  3. Scalability design decisions
  1. Performance design decisions
  2. Finalized decisions

Guided Implementation

What does a typical GI on this topic look like?

A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization.
This GI is between 8 to 10 calls over the course of approximately four to six months.

Phase 1 Phase 2 Phase 2
Call #1:
Articulate an architectural vision.		 Call #4:
Continue discussion on value stream mapping and related use cases.		 Call #6:
Document security design decisions.
Call #2:
Discuss value stream mapping and related use cases.		 Call #5:
  • Map the value streams to required architectural attribute.
  • Create a prioritized list of architectural attributes.
 Call #7:
  • Document scalability design decisions.
  • Document performance design decisions.
Call #3:
Continue discussion on value stream mapping and related use cases.		 Call #8:
Bring it all together.

Phase 1: Visions and Value Maps

Phase 1

1.1 Articulate an Architectural Vision
1.2 Develop Dynamic Value Stream Maps
1.3 Map Value Streams, Use Cases, and Required Architectural Attributes
1.4 Create a Prioritized List of Architectural Attributes

Phase 2

2.1 Develop a Data Architecture That Supports Transactional and Analytical Needs
2.2 Document Security Architecture Risks and Mitigations

Phase 3

3.1 Document Scalability Architecture
3.2 Document Performance Enhancing Architecture
3.3 Combine the Different Architecture Design Decisions Into a Unified Solution Architecture

This phase will walk you through the following activities:

  • Determine a vision for architecture outcomes
  • Draw dynamic value stream maps
  • Derive architectural design decisions
  • Prioritize design decisions

This phase involves the following participants:

  • Business Architect
  • Product Owner
  • Application Architect
  • Integration Architect
  • Database Architect
  • Enterprise Architect

Enhance Your Solution Architecture Practice

Let’s get this straight: You need an architectural vision

If you start off by saying I want to architect a system, you’ve already lost. Remember what a vision is for!

An architectural vision...

… is your North Star

Your product vision serves as the single fixed point for product development and delivery.

… aligns stakeholders

It gets everyone on the same page.

… helps focus on meaningful work

There is no pride in being a rudderless ship. It can also be very expensive.

And eventually...

… kick-starts your strategy

We know where to go, we know who to bring along, and we know the steps to get there. Let’s plan this out.

An architectural vision is multi-dimensional

Who is the target customer (or customers)?

What is the key benefit a customer can get from using our service or product?

Why should they be engaged with you?

What makes our service or product better than our competitors?

(Adapted from Crossing the Chasm)

Info-Tech Insight

It doesn’t matter if you are delivering value to internal or external stakeholders, you need a product vision to ensure everyone understands the “why.”

Use a canvas as the dashboard for your architecture

The solution architecture canvas provides a single dashboard to quickly define and communicate the most important information about the vision. A canvas is an effective tool for aligning teams and providing an executive summary view.

This image contains a sample canvas for you to use as the dashboard for your architecture. The sections are: Solution Name, Tracking Info, Vision, Business Goals, Metrics, Personas, and Stakeholders.

Leverage the solution architecture canvas to state and inform your architecture vision

This image contains the sample canvas from the previous section, with annotations explaining what to do for each of the headings.

1.1 Craft a vision statement for your solution’s architecture

  1. Use the product canvas template provided for articulating your solution’s architecture.

*If needed, remove or add additional data points to fit your purposes.

There are different statement templates available to help form your product vision statements. Some include:

  • For [our target customer], who [customer’s need], the [product] is a [product category or description] that [unique benefits and selling points]. Unlike [competitors or current methods], our product [main differentiators].
  • We believe (in) a [noun: world, time, state, etc.] where [persona] can [verb: do, make, offer, etc.], for/by/with [benefit/goal].
  • To [verb: empower, unlock, enable, create, etc.] [persona] to [benefit, goal, future state].
  • Our vision is to [verb: build, design, provide] the [goal, future state] to [verb: help, enable, make it easier to...] [persona].

(Adapted from Crossing the Chasm)

Download the Solution Architecture Template and document your vision statement.

Input

  • Business Goals
  • Product Portfolio Vision

Output

  • Solution Architecture Vision

Materials

  • Whiteboard/Flip Charts

Participants

  • Business Architect
  • Product Owner
  • IT Leadership
  • Business Leadership

Solution Architecture Canvas: Refine your vision statement

This image contains a screenshot of the canvas from earlier in the blueprint, with only the annotation for Solution Name: Vision, unique value proposition, elevator pitch, or positioning statement.

Understand your value streams before determining your solution’s architecture

Business Strategy

Sets and communicates the direction of the entire organization.

Value Stream

Segments, groups, and creates a coherent narrative as to how an organization creates value.

Business Capability Map

Decomposes an organization into its component parts to establish a common language across the organization.

Execution

Implements the business strategy through capability building or improvement projects.

Identify your organization’s goals and define the value streams that support them

Goal

Revenue Growth

Value Streams

Stream 1- Product Purchase
Stream 2- Customer Acquisition
stream 3- Product Financing

There are many techniques that help with constructing value streams and their capabilities.

Domain-driven design is a technique that can be used for hypothesizing the value maps, their capabilities, and associated solution architecture.

Read more about domain-driven design here.

Value streams can be external (deliver value to customers) or internal (support operations)

    External Perspective

  1. Core value streams are mostly externally facing: they deliver value to either an external/internal customer and they tie to the customer perspective of the strategy map.
  • E.g. customer acquisition, product purchase, product delivery

Internal Perspective

  • Support value streams are internally facing: they provide the foundational support for an organization to operate.
    • E.g. employee recruitment to retirement

    Key Questions to Ask While Evaluating Value Streams

    • Who are your customers?
    • What benefits do we deliver to them?
    • How do we deliver those benefits?
    • How does the customer receive the benefits?
    This image contains an example of value streams. The main headings are: Customer Acquisitions, Product Purchase, Product Delivery, Confirm Order, Product Financing, and Product Release.

    Value streams highlight the what, not the how

    Value chains set a high-level context, but architectural decisions still need to be made to deal with the dynamism of user interaction and their subsequent expectations. User stories (and/or use cases) and themes are great tools for developing such decisions.

    Product Delivery

    1. Order Confirmation
    2. Order Dispatching
    3. Warehouse Management
    4. Fill Order
    5. Ship Order
    6. Deliver Order

    Use Case and User Story Theme: Confirm Order

    This image shows the relationship between confirming the customer's order online, and the Online Buyer, the Online Catalog, the Integrated Payment, and the Inventory Lookup.

    The use case Confirming Customer’s Online Order has four actors:

    1. An Online Buyer who should be provided with a catalog of products to purchase from.
    2. An Online Catalog that is invoked to display its contents on demand.
    3. An Integrated Payment system for accepting an online form of payment (credit card, Bitcoins, etc.) in a secure transaction.
    4. An Inventory Lookup module that confirms there is stock available to satisfy the Online Buyer’s order.

    Info-Tech Insight

    Each use case theme links back to a feature(s) in the product backlog.

    Related Research

    Deliver on Your Digital Portfolio Vision

    • Recognize that a vision is only as good as the data that backs it up. Lay out a comprehensive backlog with quality built in that can be effectively communicated and understood through roadmaps.
    • Your intent is only a dream if it cannot be implemented – define what goes into a release plan via the release canvas.
    • Define a communication approach that lets everyone know where you are heading.

    Document Your Business Architecture

    • Recognize the opportunity for architecture work, analyze the current and target states of your business strategy, and identify and engage the right stakeholders.
    • Model the business in the form of architectural blueprints.
    • Apply business architecture techniques such as strategy maps, value streams, and business capability maps to design usable and accurate blueprints of the business.
    • Drive business architecture forward to promote real value to the organization.
    • Assess your current projects to determine if you are investing in the right capabilities. Conduct business capability assessments to identify opportunities and to prioritize projects.

    1.2 Document dynamic value stream maps

    1. Create value stream maps that support your business objectives.
    • The value stream maps could belong to existing or new business objectives.
  • For each value stream map:
    • Determine use case(s), the actors, and their expected activity.

    *Refer to the next slide for an example of a dynamic value stream map.

    Download the Solution Architecture Template for documentation of dynamic value stream map

    Input

    • Business Goals
    • Some or All Existing Business Processes
    • Some or All Proposed New Business Processes

    Output

    • Dynamic Value Stream Maps for Multiple Use Roles and Use Cases

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Product Owner
    • Application Architect
    • Integration Architect

    Example: Dynamic value stream map

    Loan Provision*

    *Value Stream Name: Usually has the same name as the capability it illustrates.

    Loan Application**; Disbursement of Fund**; Risk Management**; Service Accounts**

    **Value Stream Components: Specific functions that support the successful delivery of a value stream.

    Disbursement of Funds

    This image shows the relationship between depositing the load into the applicant's bank account, and the Applicant's bank, the Loan Applicant, and the Loan Supplier.

    Style #1:

    The use case Disbursement of Funds has three actors:

    1. A Loan Applicant who applied for a loan and got approved for one.
    2. A Loan Supplier who is the source for the funds.
    3. The Applicant’s Bank that has an account into which the funds are deposited.

    Style # 2:

    Loan Provision: Disbursement of Funds
    Use Case Actors Expectation
    Deposit Loan Into Applicant’s Bank Account
    1. Loan Applicant
    2. Loan Supplier
    3. Applicant’s Bank
    1. Should be able to see deposit in bank account
    2. Deposit funds into account
    3. Accept funds into account

    Mid-Phase 1 Checkpoint

    By now, the following items are ideally completed:

    • Mid-Phase 1 Checkpoint

    Start with an investigation of your architecture’s qualitative needs

    Quality attributes can be viewed as the -ilities (e.g. scalability, usability, reliability) that a software system needs to provide. A system not meeting any of its quality attribute requirements will likely not function as required. Examples of quality attributes are:

    1. Slow system response time
    2. Security breaches that result in loss of personal data
    3. A product feature upgrade that is not compatible with previous versions
    Examples of Qualitative Attributes
    Performance Compatibility Usability Reliability Security Maintainability
    • Response Time
    • Resource Utilization
    • System Capacity
    • Interoperability
    • Accessibility
    • User Interface
    • Intuitiveness
    • Availability
    • Fault Tolerance
    • Recoverability
    • Integrity
    • Non-Repudiation
    • Modularity
    • Reusability
    • Modifiability
    • Testability

    Focus on quality attributes that are architecturally significant.

    • Not every system requires every quality attribute.
    • Pay attention to those attributes without which the solution will not be able to satisfy a user’s abstract* expectation.
    • This set can be considered Architecturally Significant Requirements (ASR). ASR concern scenarios have the most impact on the architecture of the software system.
    • ASR are fundamental needs of the system and changing them in the future can be a costly and difficult exercise.

    *Abstract since attributes like performance and reliability are not directly measurable by a user.

    Stimulus Response Measurement Environmental Context

    For applicable use cases: (*Adapted from S Carnegie Mellon University, 2000)

    1. Determine the Stimulus (temporal, external, or internal) that puts stress on the system. For example, a VPN-accessed hospital management system is used for nurses to login at 8am every weekday.
    2. Describe how the system should Respond to the stimulus. For example, the hospital management system should complete a nurse login under 10ms on initiation of the HTTPS request.
    3. Set a Measurement criteria for determining the success of the response to the stimulus. For example, the system should be able to successfully respond to 98% of the HTTPS requests the first time.
    4. Note the environmental context under which the stimulus occurs, including any unusual conditions in effect.
    • The hospital management system needs to respond in under 10ms under typical load or peak load?
    • What is the time variance of peak loads, for example, an e-commerce system during a Black Friday sale?
    • How big is the peak load?

    Info-Tech Insight

    Three out of four is bad. Don’t architect for normal situations because the solution will be fragile and prone to catastrophic failure under unexpected events.
    Read article: Retail sites crash under weight of online Black Friday shoppers.

    Discover and evaluate the qualitative attributes needed for use cases or user stories

    Deposit Loan Into Applicant’s Bank Account

    Assume analysis is being done for a to-be developed system.

    User Loan Applicant
    Expectations On login to the web system, should be able to see accurate bank balance after loan funds are deposited.
    User signs into the online portal and opens their account balance page.
    Expected Response From System System creates a connection to the data source and renders it on the screen in under 10ms.
    Measurement Under Normal Loads:
    • Response in 10ms or less
    • Data should not be stale
    		 Under Peak Loads:
    • Response in 15ms or less
    • Data should not be stale
    Quality Attribute Required Required Attribute # 1: Performance
    • Design Decision: Reduce latency by placing authorization components closer to user’s location.
    Required Attribute # 2: Data Reliability
    • Design Decision: Use event-driven ETL pipelines.
    Required Attribute # 3: Scalability
    • Design Decision: Following Principle # 4 of the CSA (JIT Architecture), delay decision until necessary.

    Use cases developed in Phase 1.2 should be used here. (Adapted from the ATAM Utility Tree Method for Quality Attribute Engineering)

    Reduce technical debt while you are at it

    Deposit Loan Into Applicant’s Bank Account

    Assume analysis is being done for a to-be developed system.

    UserLoan Applicant
    ExpectationsOn login to the web system, should be able to see accurate bank balance after loan funds are deposited.
    User signs into the online portal and opens their account balance page.
    Expected Response From SystemSystem creates a connection to the data source and renders it on the screen in under 10ms.
    MeasurementUnder Normal Loads:
    • Response in 10ms or less
    • Data should not be stale
    		Under Peak Loads:
    • Response in 15ms or less
    • Data should not be stale
    Quality Attribute RequiredRequired Attribute # 1: Performance
    • Design Decision: Reduce latency by placing authorization components closer to user’s location.

    Required Attribute # 2: Data Reliability

    • Expected is 15ms or less under peak loads, but average latency is 21ms.
    • Design Decision: Use event-driven ETL pipelines.

    Required Attribute # 3: Scalability

    • Data should not be stale and should sync instantaneously, but in some zip codes data synchronization is taking 8 hours.
    • Design Decision: Investigate integrations and flows across application, database, and infrastructure. (Note: A dedicated section for discussing scalability is presented in Phase 2.)

    1.3 Create a conceptual map between the value streams, use cases, and required architectural attributes

    1. For selected use cases completed in Phase 1.2:
    • Map the value stream to its associated use cases.
    • For each use case, list the required architectural quality attributes.

    Download the Solution Architecture Template for mapping value stream components to their required architectural attribute.

    Input

    • Use Cases
    • User Roles
    • Stimulus to System
    • Response From System
    • Response Measurement

    Output

    • List of Architectural Quality Attributes

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Application Architect
    • Integration Architect
    • Database Architect
    • Infrastructure Architect

    Example for Phase 1.3

    Loan Provision

    Loan Application → Disbursement of Funds → Risk Management → Service Accounts

    Value Stream Component Use Case Required Architectural Attribute
    Loan Application UC1: Submit Loan Application
    UC2: Review Loan Application
    UC3: Approve Loan Application
    UCn: ……..     		UC1: Resilience, Data Reliability
    UC2: Data Reliability
    UC3: Scalability, Security, Performance
    UCn: …..
    Disbursement of Funds UC1: Deposit Funds Into Applicant’s Bank Account
    UCn: ……..     		UC1: Performance, Scalability, Data Reliability
    Risk Management ….. …..
    Service Accounts ….. …..

    1.2 Document dynamic value stream maps

    1. Create value stream maps that support your business objectives.
    • The value stream maps could belong to existing or new business objectives.
  • For each value stream map:
    • Determine use case(s), the actors, and their expected activity.

    *Refer to the next slide for an example of a dynamic value stream map.

    Download the Solution Architecture Template for documentation of dynamic value stream map

    Input

    • Business Goals
    • Some or All Existing Business Processes
    • Some or All Proposed New Business Processes

    Output

    • Dynamic Value Stream Maps for Multiple Use Roles and Use Cases

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Product Owner
    • Application Architect
    • Integration Architect

    Example: Dynamic value stream map

    Loan Provision*

    *Value Stream Name: Usually has the same name as the capability it illustrates.

    Loan Application**; Disbursement of Fund**; Risk Management**; Service Accounts**

    **Value Stream Components: Specific functions that support the successful delivery of a value stream.

    Disbursement of Funds

    This image shows the relationship between depositing the load into the applicant's bank account, and the Applicant's bank, the Loan Applicant, and the Loan Supplier.

    Style #1:

    The use case Disbursement of Funds has three actors:

    1. A Loan Applicant who applied for a loan and got approved for one.
    2. A Loan Supplier who is the source for the funds.
    3. The Applicant’s Bank that has an account into which the funds are deposited.

    Style # 2:

    Loan Provision: Disbursement of Funds
    Use Case Actors Expectation
    Deposit Loan Into Applicant’s Bank Account
    1. Loan Applicant
    2. Loan Supplier
    3. Applicant’s Bank
    1. Should be able to see deposit in bank account
    2. Deposit funds into account
    3. Accept funds into account

    Mid-Phase 1 Checkpoint

    By now, the following items are ideally completed:

    • Mid-Phase 1 Checkpoint

    Start with an investigation of your architecture’s qualitative needs

    Quality attributes can be viewed as the -ilities (e.g. scalability, usability, reliability) that a software system needs to provide. A system not meeting any of its quality attribute requirements will likely not function as required. Examples of quality attributes are:

    1. Slow system response time
    2. Security breaches that result in loss of personal data
    3. A product feature upgrade that is not compatible with previous versions
    Examples of Qualitative Attributes
    Performance Compatibility Usability Reliability Security Maintainability
    • Response Time
    • Resource Utilization
    • System Capacity
    • Interoperability
    • Accessibility
    • User Interface
    • Intuitiveness
    • Availability
    • Fault Tolerance
    • Recoverability
    • Integrity
    • Non-Repudiation
    • Modularity
    • Reusability
    • Modifiability
    • Testability

    Focus on quality attributes that are architecturally significant.

    • Not every system requires every quality attribute.
    • Pay attention to those attributes without which the solution will not be able to satisfy a user’s abstract* expectation.
    • This set can be considered Architecturally Significant Requirements (ASR). ASR concern scenarios have the most impact on the architecture of the software system.
    • ASR are fundamental needs of the system and changing them in the future can be a costly and difficult exercise.

    *Abstract since attributes like performance and reliability are not directly measurable by a user.

    Stimulus Response Measurement Environmental Context

    For applicable use cases: (*Adapted from S Carnegie Mellon University, 2000)

    1. Determine the Stimulus (temporal, external, or internal) that puts stress on the system. For example, a VPN-accessed hospital management system is used for nurses to login at 8am every weekday.
    2. Describe how the system should Respond to the stimulus. For example, the hospital management system should complete a nurse login under 10ms on initiation of the HTTPS request.
    3. Set a Measurement criteria for determining the success of the response to the stimulus. For example, the system should be able to successfully respond to 98% of the HTTPS requests the first time.
    4. Note the environmental context under which the stimulus occurs, including any unusual conditions in effect.
    • The hospital management system needs to respond in under 10ms under typical load or peak load?
    • What is the time variance of peak loads, for example, an e-commerce system during a Black Friday sale?
    • How big is the peak load?

    Info-Tech Insight

    Three out of four is bad. Don’t architect for normal situations because the solution will be fragile and prone to catastrophic failure under unexpected events.
    Read article: Retail sites crash under weight of online Black Friday shoppers.

    Discover and evaluate the qualitative attributes needed for use cases or user stories

    Deposit Loan Into Applicant’s Bank Account

    Assume analysis is being done for a to-be developed system.

    User Loan Applicant
    Expectations On login to the web system, should be able to see accurate bank balance after loan funds are deposited.
    User signs into the online portal and opens their account balance page.
    Expected Response From System System creates a connection to the data source and renders it on the screen in under 10ms.
    Measurement Under Normal Loads:
    • Response in 10ms or less
    • Data should not be stale
    		 Under Peak Loads:
    • Response in 15ms or less
    • Data should not be stale
    Quality Attribute Required Required Attribute # 1: Performance
    • Design Decision: Reduce latency by placing authorization components closer to user’s location.
    Required Attribute # 2: Data Reliability
    • Design Decision: Use event-driven ETL pipelines.
    Required Attribute # 3: Scalability
    • Design Decision: Following Principle # 4 of the CSA (JIT Architecture), delay decision until necessary.

    Use cases developed in Phase 1.2 should be used here. (Adapted from the ATAM Utility Tree Method for Quality Attribute Engineering)

    Reduce technical debt while you are at it

    Deposit Loan Into Applicant’s Bank Account

    Assume analysis is being done for a to-be developed system.

    UserLoan Applicant
    ExpectationsOn login to the web system, should be able to see accurate bank balance after loan funds are deposited.
    User signs into the online portal and opens their account balance page.
    Expected Response From SystemSystem creates a connection to the data source and renders it on the screen in under 10ms.
    MeasurementUnder Normal Loads:
    • Response in 10ms or less
    • Data should not be stale
    		Under Peak Loads:
    • Response in 15ms or less
    • Data should not be stale
    Quality Attribute RequiredRequired Attribute # 1: Performance
    • Design Decision: Reduce latency by placing authorization components closer to user’s location.

    Required Attribute # 2: Data Reliability

    • Expected is 15ms or less under peak loads, but average latency is 21ms.
    • Design Decision: Use event-driven ETL pipelines.

    Required Attribute # 3: Scalability

    • Data should not be stale and should sync instantaneously, but in some zip codes data synchronization is taking 8 hours.
    • Design Decision: Investigate integrations and flows across application, database, and infrastructure. (Note: A dedicated section for discussing scalability is presented in Phase 2.)

    1.3 Create a conceptual map between the value streams, use cases, and required architectural attributes

    1. For selected use cases completed in Phase 1.2:
    • Map the value stream to its associated use cases.
    • For each use case, list the required architectural quality attributes.

    Download the Solution Architecture Template for mapping value stream components to their required architectural attribute.

    Input

    • Use Cases
    • User Roles
    • Stimulus to System
    • Response From System
    • Response Measurement

    Output

    • List of Architectural Quality Attributes

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Application Architect
    • Integration Architect
    • Database Architect
    • Infrastructure Architect

    Prioritize architectural quality attributes to ensure a right-engineered solution

    Trade-offs are inherent in solution architecture. Scaling systems may impact performance and weaken security, while fault-tolerance and redundancy may improve availability but at higher than desired costs. In the end, the best solution is not always perfect, but balanced and right-engineered (versus over- or under-engineered).

    Loan Provision

    Loan Application → Disbursement of Funds → Risk Management → Service Accounts

    1. Map architecture attributes against the value stream components.
    • Use individual use cases to determine which attributes are needed for a value stream component.
    This image contains a screenshot of the table showing the importance of scalability, resiliance, performance, security, and data reliability for loan application, disbursement of funds, risk management, and service accounts.

    In our example, the prioritized list of architectural attributes are:

    • Security (4 votes for Very Important)
    • Data Reliability (2 votes for Very Important)
    • Scalability (1 vote for Very Important and 1 vote for Fairly Important) and finally
    • Resilience (1 vote for Very Important, 0 votes for Fairly Important and 1 vote for Mildly Important)
    • Performance (0 votes for Very Important, 2 votes for Fairly Important)

    1.4 Create a prioritized list of architectural attributes (from 1.3)

    1. Using the tabular structure shown on the previous slide:
    • Map each value stream component against architectural quality attributes.
    • For each mapping, indicate its importance using the green, blue, and yellow color scheme.

    Download the Solution Architecture Template and document the list of architectural attributes by priority.

    Input

    • List of Architectural Attributes From 1.3

    Output

    • Prioritized List of Architectural Attributes

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Application Architect
    • Integration Architect
    • Database Architect
    • Infrastructure Architect

    End of Phase 1

    At the end of this Phase, you should have completed the following activities:

    • Documented a set of dynamic value stream maps along with selected use cases.
    • Using the SRME framework, identified quality attributes for the system under investigation.
    • Prioritized quality attributes for system use cases.

    Phase 2: Multi-Purpose Data and Security Architecture

    Phase 1

    1.1 Articulate an Architectural Vision
    1.2 Develop Dynamic Value Stream Maps
    1.3 Map Value Streams, Use Cases, and Required Architectural Attributes
    1.4 Create a Prioritized List of Architectural Attributes

    Phase 2

    2.1 Develop a Data Architecture That Supports Transactional and Analytical Needs
    2.2 Document Security Architecture Risks and Mitigations

    Phase 3

    3.1 Document Scalability Architecture
    3.2 Document Performance Enhancing Architecture
    3.3 Combine the Different Architecture Design Decisions Into a Unified Solution Architecture

    This phase will walk you through the following activities:

    • Understand the scalability, performance, resilience, and security needs of the business.

    This phase involves the following participants:

    • Business Architect
    • Product Owner
    • Application Architect
    • Integration Architect
    • Database Architect
    • Enterprise Architect

    Enhance Your Solution Architecture Practice

    Fragmented data environments need something to sew them together

    • A full 93% of enterprises have a multi-cloud strategy, with 87% having a hybrid-cloud environment in place.
    • On average, companies have data stored in 2.2 public and 2.2 private clouds as well as in various on-premises data repositories.
    This image contains a breakdown of the cloud infrastructure, including single cloud versus multi-cloud.

    Source: Flexera

    In addition, companies are faced with:

    • Access and integration challenges (Who is sending the data? Who is getting it? Can we trust them?)
    • Data format challenges as data may differ for each consumer and sender of data
    • Infrastructure challenges as data repositories/processors are spread out over public and private clouds, are on premises, or in multi-cloud and hybrid ecosystems
    • Structured vs. unstructured data

    A robust and reliable integrated data architecture is essential for any organization that aspires to be relevant and impactful in its industry.

    Data’s context and influence on a solution’s architecture cannot be overestimated

    Data used to be the new oil. Now it’s the life force of any organization that has serious aspirations of providing profit-generating products and services to customers. Architectural decisions about managing data have a significant impact on the sustainability of a software system as well as on quality attributes such as security, scalability, performance, and availability.

    Storage and Processing go hand in hand and are the mainstay of any data architecture. Due to their central position of importance, an architecture decision for storage and processing must be well thought through or they become the bottleneck in an otherwise sound system.

    Ingestion refers to a system’s ability to accept data as an input from heterogenous sources, in different formats, and at different intervals.

    Dissemination is the set of architectural design decisions that make a system’s data accessible to external consumers. Major concerns involve security for the data in motion, authorization, data format, concurrent requests for data, etc.

    Orchestration takes care of ensuring data is current and reliable, especially for systems that are decentralized and distributed.

    Data architecture requires alignment with a hybrid data management plan

    Most companies have a combination of data. They have data they own using on-premises data sources and on the cloud. Hybrid data management also includes external data, such as social network feeds, financial data, and legal information amongst many others.

    Data integration architectures have typically been put in one of two major integration patterns:

    Application to Application Integration (or “speed matters”) Analytical Data Integrations (or “send it to me when its all done”)
    • This domain is concerned with ensuring communication between processes.
    • Examples include patterns such as Service-Oriented Architecture, REST, Event Hubs and Enterprise Service Buses.
    • This domain is focused on integrating data from transactional processes towards enterprise business intelligence. It supports activities that require well-managed data to generate evidence-based insights.
    • Examples of this pattern are ELT, enterprise data warehouses, and data marts.

    Sidebar

    Difference between real-time, batch, and streaming data movements

    Real-Time

    • Reacts to data in seconds or even quicker.
    • Real-time systems are hard to implement.

    Batch

    • Batch processing deals with a large volume of data all at once and data-related jobs are typically completed simultaneously in non-stop, sequential order.
    • Batch processing is an efficient and low-cost means of data processing.
    • Execution of batch processing jobs can be controlled manually, providing further control over how the system treats its data assets.
    • Batch processing is only useful if there are no requirements for data to be fresh and current. Real-time systems are suited to processing data that requires these attributes.

    Streaming

    • Stream processing allows almost instantaneous analysis of data as it streams from one device to another.
    • Since data is analyzed quickly, storage may not be a concern (since only computed data is stored while raw data can be dispersed).
    • Streaming requires the flow of data into the system to equal the flow of data computing, otherwise issues of data storage and performance can rise.

    Modern data ingestion and dissemination frameworks keep core data assets current and accessible

    Data ingestion and dissemination frameworks are critical for keeping enterprise data current and relevant.

    Data ingestion/dissemination frameworks capture/share data from/to multiple data sources.

    Factors to consider when designing a data ingestion/dissemination architecture

    What is the mode for data movement?

    • The mode for data movement is directly influenced by the size of data being moved and the downstream requirements for data currency.
    • Data can move in real-time, as a batch, or as a stream.

    What is the ingestion/dissemination architecture deployment strategy?

    • Outside of critical security concerns, hosting on the cloud vs. on premises leads to a lower total cost of ownership (TCO) and a higher return on investment (ROI).

    How many different and disparate data sources are sending/receiving data?

    • Stability comes if there is a good idea about the data sources/recipient and their requirements.

    What are the different formats flowing through?

    • Is the data in the form of data blocks? Is it structured, semi-unstructured, or unstructured?

    What are expected performance SLAs as data flow rate changes?

    • Data change rate is defined as the size of changes occurring every hour. It helps in selecting the appropriate tool for data movement.
    • Performance is a derivative of latency and throughput, and therefore, data on a cloud is going to have higher latency and lower throughput then if it is kept on premises.
    • What is the transfer data size? Are there any file compression and/or file splits applied on the data? What is the average and maximum size of a block object per ingestion/dissemination operation?

    What are the security requirements for the data being stored?

    • The ingestion/dissemination framework should be able to work through a secure tunnel to collect/share data if needed.

    Sensible storage and processing strategy can improve performance and scalability and be cost-effective

    The range of options for data storage is staggering...

    … but that’s a good thing because the range of data formats that organizations must deal with is also richer than in the past.

    Different strokes for different workloads.

    The data processing tool to use may depend upon the workloads the system has to manage.

    Expanding upon the Risk Management use case (as part of the Loan Provision Capability), one of the outputs for risk assessment is a report that conducts a statistical analysis of customer profiles and separates those that are possibly risky. The data for this report is spread out across different data systems and will need to be collected in a master data management storage location. The business and data architecture team have discussed three critical system needs, noted below:

    Data Management Requirements for Risk Management Reporting Data Design Decision
    Needs to query millions of relational records quickly
    • Strong indexing
    • Strong caching
    • Message queue
    Needs a storage space for later retrieval of relational data
    • Data storage that scales as needed
    Needs turnkey geo-replication mechanism with document retrieval in milliseconds
    • Add NoSQL with geo-replication and quick document access

    Keep every core data source on the same page through orchestration

    Data orchestration, at its simplest, is the combination of data integration, data processing, and data concurrency management.

    Data pipeline orchestration is a cross-cutting process that manages the dependencies between your data integration tasks and scheduled data jobs.

    A task or application may periodically fail, and therefore, as a part of our data architecture strategy, there must be provisions for scheduling, rescheduling, replaying, monitoring, retrying, and debugging the entire data pipeline in a holistic way.

    Some of the functionality provided by orchestration frameworks are:

    • Job scheduling
    • Job parametrization
    • SLAs tracking, alerting, and notification
    • Dependency management
    • Error management and retries
    • History and audit
    • Data storage for metadata
    • Log aggregation
    Data Orchestration Has Three Stages
    Organize Transform Publicize
    Organizations may have legacy data that needs to be combined with new data. It’s important for the orchestration tool to understand the data it deals with. Transform the data from different sources into one standard type. Make transformed data easily accessible to stakeholders.

    2.1 Discuss and document data architecture decisions

    1. Using the value maps and associated use cases from Phase 1, determine the data system quality attributes.
    2. Use the sample tabular layout on the next slide or develop one of your own.

    Download the Solution Architecture Template for documenting data architecture decisions.

    Input

    • Value Maps and Use Cases

    Output

    • Initial Set of Data Design Decisions

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Application Architect
    • Integration Architect
    • Database Architect
    • Infrastructure Architect

    Example: Data Architecture

    Data Management Requirements for Risk Management Reporting Data Design Decision
    Needs to query millions of relational records quickly
    • Strong indexing
    • Strong caching
    • Message queue
    Needs a storage space for later retrieval of relational data
    • Data storage that scales as needed
    Needs turnkey geo-replication mechanism with document retrieval in milliseconds
    • Add NoSQL with geo-replication and quick document access

    There is no free lunch when making the most sensible security architecture decision; tradeoffs are a necessity

    Ensuring that any real system is secure is a complex process involving tradeoffs against other important quality attributes (such as performance and usability). When architecting a system, we must understand:

    • Its security needs.
    • Its security threat landscape.
    • Known mitigations for those threats to ensure that we create a system with sound security fundamentals.

    The first thing to do when determining security architecture is to conduct a threat and risk assessment (TRA).

    This image contains a sample threat and risk assessment. The steps are Understand: Until we thoroughly understand what we are building, we cannot secure it. Structure what you are building, including: System boundary, System structure, Databases, Deployment platform; Analyze: Use techniques like STRIDE and attack trees to analyze what can go wrong and what security problems this will cause; Mitigate: The security technologies to use, to mitigate your concerns, are discussed here. Decisions about using single sign-on (SSO) or role-based access control (RBAC), encryption, digital signatures, or JWT tokens are made. An important part of this step is to consider tradeoffs when implementing security mechanisms; validate: Validation can be done by experimenting with proposed mitigations, peer discussion, or expert interviews.

    Related Research

    Optimize Security Mitigation Effectiveness Using STRIDE

    • Have a clear picture of:
      • Critical data and data flows
      • Organizational threat exposure
      • Security countermeasure deployment and coverage
    • Understand which threats are appropriately mitigated and which are not.
    • Generate a list of initiatives to close security gaps.
    • Create a quantified risk and security model to reassess program and track improvement.
    • Develop measurable information to present to stakeholders.

    The 3A’s of strong security: authentication, authorization, and auditing

    Authentication

    Authentication mechanisms help systems verify that a user is who they claim to be.

    Examples of authentication mechanisms are:

    • Two-Factor Authentication
    • Single Sign-On
    • Multi-Factor Authentication
    • JWT Over OAUTH

    Authorization

    Authorization helps systems limit access to allowed features, once a user has been authenticated.

    Examples of authentication mechanisms are:

    • RBAC
    • Certificate Based
    • Token Based

    Auditing

    Securely recording security events through auditing proves that our security mechanisms are working as intended.

    Auditing is a function where security teams must collaborate with software engineers early and often to ensure the right kind of audit logs are being captured and recorded.

    Info-Tech Insight

    Defects in your application software can compromise privacy and integrity even if cryptographic controls are in place. A security architecture made after thorough TRA does not override security risk introduced due to irresponsible software design.

    Examples of threat and risk assessments using STRIDE and attack trees

    STRIDE is a threat modeling framework and is composed of:

    • Spoofing or impersonation of someone other than oneself
    • Tampering with data and destroying its integrity
    • Repudiation by bypassing system identity controls
    • Information disclosure to unauthorized persons
    • Denial of service that prevents system or parts of it from being used
    • Elevation of privilege so that attackers get rights they should not have
    Example of using STRIDE for a TRA on a solution using a payment system This image contains a sample attack tree.
    Spoofing PayPal Bad actor can send fraudulent payment request for obtaining funds.
    Tampering PayPal Bad actor accesses data base and can resend fraudulent payment request for obtaining funds.
    Repudiation PayPal Customer claims, incorrectly, their account made a payment they did not authorize.
    Disclosure PayPal Private service database has details leaked and made public.
    Denial of Service PayPal Service is made to slow down through creating a load on the network, causing massive build up of requests
    Elevation of Privilege PayPal Bad actor attempts to enter someone else’s account by entering incorrect password a number of times.

    2.2 Document security architecture risks and mitigations

    1. Using STRIDE, attack tree, or any other framework of choice:
    • Conduct a TRA for use cases identified in Phase 1.2
  • For each threat identified through the TRA, think through the implications of using authentication, authorization, and auditing as a security mechanism.

    • Download the Solution Architecture Template for documenting data architecture decisions.

    Input

    • Dynamic Value Stream Maps

    Output

    • Security Architecture Risks and Mitigations

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Product Owner
    • Security Team
    • Application Architect
    • Integration Architect

    Examples of threat and risk assessments using STRIDE

    Example of using STRIDE for a TRA on a solution using a payment system
    Threat System Component Description Quality Attribute Impacted Resolution
    Spoofing PayPal Bad actor can send fraudulent payment request for obtaining funds. Confidentiality Authorization
    Tampering PayPal Bad actor accesses data base and can resend fraudulent payment request for obtaining funds. Integrity Authorization
    Repudiation PayPal Customer claims, incorrectly, their account made a payment they did not authorize. Integrity Authentication and Logging
    Disclosure PayPal Private service database has details leaked and made public. Confidentiality Authorization
    Denial of Service PayPal Service is made to slow down through creating a load on the network, causing massive build up of requests Availability N/A
    Elevation of Privilege PayPal Bad actor attempts to enter someone else’s account by entering incorrect password a number of times. Confidentiality, Integrity, and Availability Authorization

    Phase 3: Upgrade Your System’s Availability

    Phase 1

    1.1 Articulate an Architectural Vision
    1.2 Develop Dynamic Value Stream Maps
    1.3 Map Value Streams, Use Cases, and Required Architectural Attributes
    1.4 Create a Prioritized List of Architectural Attributes

    Phase 2

    2.1 Develop a Data Architecture That Supports Transactional and Analytical Needs
    2.2 Document Security Architecture Risks and Mitigations

    Phase 3

    3.1 Document Scalability Architecture
    3.2 Document Performance Enhancing Architecture
    3.3 Combine the Different Architecture Design Decisions Into a Unified Solution Architecture

    This phase will walk you through the following activities:

    • Examine architecture for scalable and performant system designs
    • Integrate all design decisions made so far into a solution design decision log

    This phase involves the following participants:

    • Business Architect
    • Product Owner
    • Application Architect
    • Integration Architect
    • Database Architect
    • Enterprise Architect

    Enhance Your Solution Architecture Practice

    In a cloud-inspired system architecture, scalability takes center stage as an architectural concern

    Scale and scope of workloads are more important now than they were, perhaps, a decade and half back. Architects realize that scalability is not an afterthought. Not dealing with it at the outset can have serious consequences should an application workload suddenly exceed expectations.

    Scalability is …

    … the ability of a system to handle varying workloads by either increasing or decreasing the computing resources of the system.

    An increased workload could include:

    • Higher transaction volumes
    • A greater number of users

    Architecting for scalability is …

    … not easy since organizations may not be able to accurately judge, outside of known circumstances, when and why workloads may unexpectedly increase.

    A scalable architecture should be planned at the:

    • Application Level
    • Infrastructure Level
    • Database Level

    The right amount and kind of scalability is …

    … balancing the demands of the system with the supply of attributes.

    If demand from system > supply from system:

    • Services and products are not useable and deny value to customers.

    If supply from system > demand from system:

    • Excess resources have been paid for that are not being used.

    When discussing the scalability needs of a system, investigate the following, at a minimum:

    • In case workloads increase due to higher transaction volumes, will the system be able to cope with the additional stress?
    • In situations where workloads increase, will the system be able to support the additional stress without any major modifications being made to the system?
    • Is the cost associated with handling the increased workloads reasonable for the benefit it provides to the business?
    • Assuming the system doesn’t scale, is there any mechanism for graceful degradation?

    Use evidence-based decision making to ensure a cost-effective yet appropriate scaling strategy

    The best input for an effective scaling strategy is previously gathered traffic data mapped to specific circumstances.

    In some cases, either due to lack of monitoring or the business not being sure of its needs, scalability requirements are hard to determine. In such cases, use stated tactical business objectives to design for scalability. For example, the business might state its desire to achieve a target revenue goal. To accommodate this, a certain number of transactions would need to be conducted, assuming a particular conversion rate.

    Scaling strategies can be based on Vertical or Horizontal expansion of resources.
    Pros Cons
    Vertical
    Scale up through use of more powerful but limited number of resources
    • May not require frequent upgrades.
    • Since data is managed through a limited number of resources, it is easier to share and keep current.
    • Costly upfront.
    • Application, database, and infrastructure may not be able to make optimal use of extra processing power.
    • As the new, more powerful resource is provisioned, systems may experience downtime.
    • Lacks redundancy due to limited points of failure.
    • Performance is constrained by the upper limits of the infrastructure involved.
    Horizontal
    Scale out through use of similarly powered but larger quantity of resources
    • Cost-effective upfront.
    • System downtime is minimal, when scaling is being performed.
    • More redundance and fault-tolerance is possible since there are many nodes involved, and therefore, can replace failed nodes.
    • Performance can scale out as more nodes are added.
    • Upgrades may occur more often than in vertical scaling.
    • Increases machine footprints and administrative costs over time.
    • Data may be partitioned on multiple nodes, leading to administrative and data currency challenges.

    Info-Tech Insight

    • Scalability is the one attribute that sparks a lot of trade-off discussions. Scalable solutions may have to compromise on performance, cost, and data reliability.
    • Horizontal scalability is mostly always preferable over vertical scalability.

    Sidebar

    The many flavors of horizontal scaling

    Traffic Shard-ing

    Through this mechanism, incoming traffic is partitioned around a characteristic of the workload flowing in. Examples of partitioning characteristics are user groups, geo-location, and transaction type.

    Beware of:

    • Lack of data currency across shards.

    Copy and Paste

    As the name suggests, clone the compute resources along with the underlying databases. The systems will use a load balancer as the first point of contact between itself and the workload flowing in.

    Beware of:

    • Though this is a highly scalable model, it does introduce risks related to data currency across all databases.
    • In case master database writes are frequent, it could become a bottleneck for the entire system.

    Productization Through Containers

    This involves breaking up the system into specific functions and services and bundling their business rules/databases into deployable containers.

    Beware of:

    • Too many containers introduce the need to orchestrate the distributed architecture that results from a service-oriented approach.

    Start a scalability overview with a look at the database(s)

    To know where to go, you must know where you are. Before introducing architectural changes to database designs, use the right metrics to get an insight into the root cause of the problem(s).

    In a nutshell, the purpose of scaling solutions is to have the technology stack do less work for the most requested services/features or be able to effectively distribute the additional workload across multiple resources.

    For databases, to ensure this happens, consider these techniques:

    • Reuse data through caching on the server and/or the client. This eliminates the need for looking up already accessed data. Examples of caching are:
      • In-memory caching of data
      • Caching database queries
    • Implement good data retrieval techniques like indexes.
    • Divide labor at the database level.
      • Through setting up primary-secondary distribution of data. In such a setup, the primary node is involved in writing data to itself and passes on requests to secondary nodes for fulfillment.
      • Through setting up database shards (either horizontally or vertically).
        • In a horizontal shard, a data table is broken into smaller pieces with the same data model but unique data in it. The sum total of the shared databases contains all the data in the primary data table.
        • In a vertical shard, a data table is broken into smaller pieces, but each piece may have a subset of the data columns. The data’s corresponding columns are put into the table where the column resides.

    Info-Tech Insight

    A non-scalable architecture has more than just technology-related ramifications. Hoping that load balancers or cloud services will manage scalability-related issues is bound to have economic impacts as well.

    Sidebar

    Caching Options

    CSA PRINCIPLE 5 applies to any decision that supports system scalability.
    “X-ilities Over Features”

    Database Caching
    Fetches and stores result of database queries in memory. Subsequent requests to the database for the same queries will investigate the cache before making a connection with the database.
    Tools like Memcached or Redis are used for database caching.

    Precompute Database Caching
    Unlike database caching, this style of caching precomputes results of queries that are popular and frequently used. For example, a database trigger could execute several predetermined queries and have them ready for consumption. The precomputed results may be stored in a database cache.

    Application Object Caching
    Stores computed results in a cache for later retrieval. For data sources, which are not changing frequently and are part of a computation output, application caching will remove the need to connect with a database.

    Proxy Caching
    Caches retrieved web pages on a proxy server and makes them available for the next time the page is requested.

    The intra- and inter-process communication of the systems middle tier can become a bottleneck

    To synchronize or not to synchronize?

    A synchronous request (doing one thing at a time) means that code execution will wait for the request to be responded to before continuing.

    • A synchronous request is a blocking event and until it is completed, all following requests will have to wait for getting their responses.
    • An increasing workload on a synchronous system may impact performance.
    • Synchronous interactions are less costly in terms of design, implementation, and maintenance.
    • Scaling options include:
    1. Vertical scale up
    2. Horizontal scale out of application servers behind a load balancer and a caching technique (to minimize data retrieval roundtrips)
    3. Horizonal scale out of database servers with data partitioning and/or data caching technique

    Use synchronous requests when…

    • Each request to a system sets the necessary precondition for a following request.
    • Data reliability is important, especially in real-time systems.
    • System flows are simple.
    • Tasks that are typically time consuming, such as I/O, data access, pre-loading of assets, are completed quickly.

    Asynchronous requests (doing many things at the same time) do not block the system they are targeting.

    • It is a “fire and forget” mechanism.
    • Execution on a server/processor is triggered by the request, however, additional technical components (callbacks) for checking the state of the execution must be designed and implemented.
    • Asynchronous interactions require additional time to be spent on implementation and testing.
    • With asynchronous interactions, there is no guarantee the request initiated any processing until the callbacks check the status of the executed thread.

    Use asynchronous requests when…

    • Tasks are independent in nature and don’t require inter-task communication.
    • Systems flows need to be efficient.
    • The system is using event-driven techniques for processing.
    • Many I/O tasks are involved.
    • The tasks are long running.

    Sidebar

    Other architectural tactics for inter-process communication

    STATELESS SERVICES VERSUS STATEFUL SERVICES
    • Does not require any additional data, apart from the bits sent through with the request.
    • Without implementing a caching solution, it is impossible to access the previous data trail for a transaction session.
    • In addition to the data sent through with the request, require previous data sent to complete processing.
    • Requires server memory to store the additional state data. With increasing workloads, this could start impacting the server’s performance.
    It is generally accepted that stateless services are better for system scalability, especially if vertical scaling is costly and there is expectation that workloads will increase.
    MICROSERVICES VERSUS SERVERLESS FUNCTIONS
    • Services are designed as small units of code with a single responsibility and are available on demand.
    • A microservices architecture is easily scaled horizontally by adding a load balancer and a caching mechanism.
    • Like microservices, these are small pieces of code designed to fulfill a single purpose.
    • Are provided only through cloud vendors, and therefore, there is no need to worry about provisioning of infrastructure as needs increase.
    • Stateless by design but the life cycle of a serverless function is vendor controlled.
    Serverless function is an evolving technology and tightly controlled by the vendor. As and when vendors make changes to their serverless products, your own systems may need to be modified to make the best use of these upgrades.

    A team that does not measure their system’s scalability is a team bound to get a 5xx HTTP response code

    A critical aspect of any system is its ability to monitor and report on its operational outcomes.

    • Using the principle of continuous testing, every time an architectural change is introduced, a thorough load and stress testing cycle should be executed.
    • Effective logging and use of insightful metrics helps system design teams make data-driven decisions.
    • Using principle of site reliability engineering and predictive analytics, teams can be prepared for any unplanned exaggerated stimulus on the system and proactively set up remedial steps.

    Any system, however well architected, will break one day. Strategically place kill-switches to counter any failures and thoroughly test their functioning before releasing to production.

    • Using Principles 2 and 9 of the CSA, (include kill-switches and architect for x-ilities over features), introduce tactics at the code and higher levels that can be used to put a system in its previous best state in case of failure.
    • Examples of such tactics are:
      • Feature flags for turning on/off code modules that impact x-ilities.
      • Implement design patterns like throttling, autoscaling, and circuit breaking.
      • Writing extensive log messages that bubble up as exceptions/error handling from the code base. *Logging can be a performance drag. Use with caution as even logging code is still code that needs CPU and data storage.

    Performance is a system’s ability to satisfy time-bound expectations

    Performance can also be defined as the ability for a system to achieve its timing requirements, using available resources, under expected full-peak load:

    (International Organization for Standardization, 2011)

    • Performance and scalability are two peas in a pod. They are related to each other but are distinct attributes. Where scalability refers to the ability of a system to initiate multiple simultaneous processes, performance is the system’s ability to complete the processes within a mandated average time period.
    • Degrading performance is one of the first red flags about a system’s ability to scale up to workload demands.
    • Mitigation tactics for performance are very similar to the tactics for scalability.

    System performance needs to be monitored and measured consistently.

    Measurement Category 1: System performance in terms of end-user experience during different load scenarios.

    • Response time/latency: Length of time it takes for an interaction with the system to complete.
    • Turnaround time: Time taken to complete a batch of tasks.
    • Throughput: Amount of workload a system is capable of handling in a unit time period.

    Measurement Category 2: System performance in terms of load managed by computational resources.

    • Resource utilization: The average usage of a resource (like CPU) over a period. Peaks and troughs indicate excess vs. normal load times.
    • Number of concurrent connections: Simultaneous user requests that a resource like a server can successfully deal with at once.
    • Queue time: The turnaround time for a specific interaction or category of interactions to complete.

    Architectural tactics for performance management are the same as those used for system scalability

    Application Layer

    • Using a balanced approach that combines CSA Principle 7 (Good architecture comes in small packages) and Principle 10 (Architect for products, not projects), a microservices architecture based on domain-driven design helps process performance. Microservices use lightweight HTTP protocols and have loose coupling, adding a degree of resilience to the system as well. *An overly-engineered microservices architecture can become an orchestration challenge.
    • The code design must follow standards that support performance. Example of standards is SOLID*.
    • Serverless architectures can run application code from anywhere – for example, from edge servers close to an end user – thereby reducing latency.

    Database Layer

    • Using the right database technologies for persistence. Relational databases have implicit performance bottlenecks (which get exaggerated as data size grows along with indexes), and document store database technologies (key-value or wide-column) can improve performance in high-read environments.
    • Data sources, especially those that are frequently accessed, should ideally be located close to the application servers. Hybrid infrastructures (cloud and on premises mixed) can lead to latency when a cloud-application is accessing on-premises data.
    • Using a data partitioning strategy, especially in a domain-driven design architecture, can improve the performance of a system.

    Performance modeling and continuous testing makes the SRE a happy engineer

    Performance modeling and testing helps architecture teams predict performance risks as the solution is being developed.
    (CSA Principle 12: Test the solution architecture like you test your solution’s features)

    Create a model for your system’s hypothetical performance testing by breaking an end-to-end process or use case into its components. *Use the SIPOC framework for decomposition.

    This image contains an example of modeled performance, showing the latency in the data flowing from different data sources to the processing of the data.

    In the hypothetical example of modeled performance above:

    • The longest period of latency is 15ms.
    • The processing of data takes 30ms, while the baseline was established at 25ms.
    • Average latency in sending back user responses is 21ms – 13ms slower than expected.

    The model helps architects:

    • Get evidence for their assumptions
    • Quantitatively isolate bottlenecks at a granular level

    Model the performance flow once but test it periodically

    Performance testing measures the performance of a software system under normal and abnormal loads.

    Performance testing process should be fully integrated with software development activities and as automated as possible. In a fast-moving Agile environment, teams should attempt to:

    • Shift-left performance testing activities.
    • Use performance testing to pinpoint performance bottlenecks.
    • Take corrective action, as quickly as possible.

    Performance testing techniques

    • Normal load testing: Verifies the system’s behavior under the expected normal load to ensure that its performance requirements are met. Load testing can be used to measure response time, responsiveness, turnaround time, and throughput.
    • Expected maximum load testing: Like the normal load testing process, ensures system meets its performance requirements under expected maximum load.
    • Stress testing: Evaluates system behavior when processing loads beyond the expected maximum.

    *In a real production scenario, a combination of these tests are executed on a regular basis to monitor the performance of the system over a given period.

    3.1-3.2 Discuss and document initial decisions made for architecture scalability and performance

    1. Use the outcomes from either or both Phases 1.3 and 1.4.
    • For each value stream component, list the architecture decisions taken to ensure scalability and performance at client-facing and/or business-rule layers.

    Download the Solution Architecture Template for documenting data architecture decisions.

    Input

    • Output From Phase 1.3 and/or From Phase 1.4

    Output

    • Initial Set of Design Decisions Made for System Scalability and Performance

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Application Architect
    • Integration Architect
    • Database Architect
    • Infrastructure Architect

    Example: Architecture decisions for scalability and performance

    Value Stream Component Design Decision for User Interface Layer Design Decisions for Middle Processing Layer
    Loan Application Scalability: N/A
    Resilience: Include circuit breaker design in both mobile app and responsive websites.
    Performance: Cache data client.    		 Scalability: Scale vertically (up) since loan application processing is very compute intensive.
    Resilience: Set up fail-over replica.
    Performance: Keep servers in the same geo-area.
    Disbursement of Funds *Does not have a user interface Scalability: Scale horizontal when traffic reaches X requests/second.
    Resilience: Create microservices using domain-driven design; include circuit breakers.
    Performance: Set up application cache; synchronous communication since order of data input is important.
    …. …. ….

    3.3 Combine the different architecture design decisions into a unified solution architecture

    Download the Solution Architecture Template for documenting data architecture decisions.

    Input

    • Output From Phase 1.3 and/or From Phase 1.4
    • Output From Phase 2.1
    • Output From Phase 2.2
    • Output From 3.1 and 3.2

    Output

    • List of Design Decisions for the Solution

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Application Architect
    • Integration Architect
    • Database Architect
    • Infrastructure Architect

    Putting it all together is the bow that finally ties this gift

    This blueprint covered the domains tagged with the yellow star.

    This image contains a screenshot of the solution architecture framework found earlier in this blueprint, with stars next to Data Architecture, Security, Performance, and Stability.

    TRADEOFF ALERT

    The right design decision is never the same for all perspectives. Along with varying opinions, comes the “at odds with each other set” of needs (scalability vs. performance, or access vs. security).

    An evidence-based decision-making approach using a domain-driven design strategy is a good mix of techniques for creating the best (right?) solution architecture.

    This image contains a screenshot of a table that summarizes the themes discussed in this blueprint.

    Summary of accomplishment

    • Gained understanding and clarification of the stakeholder objectives placed on your application architecture.
    • Completed detailed use cases and persona-driven scenario analysis and their architectural needs through SRME.
    • Created a set of design decisions for data, security, scalability, and performance.
    • Merged the different architecture domains dealt with in this blueprint to create a holistic view.

    Bibliography

    Ambysoft Inc. “UML 2 Sequence Diagrams: An Agile Introduction.” Agile Modeling, n.d. Web.

    Bass, Len, Paul Clements, and Rick Kazman. Software Architecture in Practices: Third Edition. Pearson Education, Inc. 2003.

    Eeles, Peter. “The benefits of software architecting.” IBM: developerWorks, 15 May 2006. Web.

    Flexera 2020 State of the Cloud Report. Flexera, 2020. Web. 19 October 2021.

    Furdik, Karol, Gabriel Lukac, Tomas Sabol, and Peter Kostelnik. “The Network Architecture Designed for an Adaptable IoT-based Smart Office Solution.” International Journal of Computer Networks and Communications Security, November 2013. Web.

    Ganzinger, Matthias, and Petra Knaup. “Requirements for data integration platforms in biomedical research networks: a reference model.” PeerJ, 5 February 2015. (https://peerj.com/articles/755/).

    Garlan, David, and Mary Shaw. An Introduction to Software Architecture. CMU-CS-94-166, School of Computer Science Carnegie Mellon University, January 1994.

    Gupta, Arun. “Microservice Design Patterns.” Java Code Geeks, 14 April 2015. Web.

    How, Matt. The Modern Data Warehouse in Azure. O’Reilly, 2020.

    ISO/IEC 17788:2014: Information technology – Cloud computing, International Organization for Standardization, October 2014. Web.

    ISO/IEC 18384-1:2016: Information technology – Reference Architecture for Service Oriented Architecture (SOA RA), International Organization for Standardization, June 2016. Web.

    ISO/IEC 25010:2011(en) Systems and software engineering — Systems and software Quality Requirements and Evaluation (SQuaRE) — System and software quality models. International Organization for Standardization, March 2011. Web.

    Kazman, R., M. Klein, and P. Clements. ATAM: Method for Architecture Evaluation. S Carnegie Mellon University, August 2000. Web.

    Microsoft Developer Network. “Chapter 16: Quality Attributes.” Microsoft Application Architecture Guide. 2nd Ed., 13 January 2010. Web.

    Microsoft Developer Network. “Chapter 2: Key Principles of Software Architecture.” Microsoft Application Architecture Guide. 2nd Ed., 13 January 2010. Web.

    Microsoft Developer Network. “Chapter 3: Architectural Patterns and Styles.” Microsoft Application Architecture Guide. 2nd Ed., 14 January 2010. Web.

    Microsoft Developer Network. “Chapter 5: Layered Application Guidelines.” Microsoft Application Architecture Guide. 2nd Ed., 13 January 2010. Web.

    Mirakhorli, Mehdi. “Common Architecture Weakness Enumeration (CAWE).” IEEE Software, 2016. Web.

    Moore, G. A. Crossing the Chasm, 3rd Edition: Marketing and Selling Disruptive Products to Mainstream Customers (Collins Business Essentials) (3rd ed.). Harper Business, 2014.

    OASIS. “Oasis SOA Reference Model (SOA RM) TC.” OASIS Open, n.d. Web.

    Soni, Mukesh. “Defect Prevention: Reducing Costs and Enhancing Quality.” iSixSigma, n.d. Web.

    The Open Group. TOGAF 8.1.1 Online, Part IV: Resource Base, Developing Architecture Views. TOGAF, 2006. Web.

    The Open Group. Welcome to the TOGAF® Standard, Version 9.2, a standard of The Open Group. TOGAF, 2018. Web.

    Watts, S. “The importance of solid design principles.” BMC Blogs, 15 June 2020. 19 October 2021.

    Young, Charles. “Hexagonal Architecture–The Great Reconciler?” Geeks with Blogs, 20 Dec 2014. Web.

    APPENDIX A

    Techniques to enhance application architecture.

    Consider the numerous solutions to address architecture issues or how they will impact your application architecture

    Many solutions exist for improving the layers of the application stack that may address architecture issues or impact your current architecture. Solutions range from capability changes to full stack replacement.

    Method Description Potential Benefits Risks Related Blueprints
    Business Capabilities:
    Enablement and enhancement
    • Introduce new business capabilities by leveraging unused application functionalities or consolidate redundant business capabilities.
    • Increase value delivery to stakeholders.
    • Lower IT costs through elimination of applications.
    • Increased use of an application could overload current infrastructure.
    • IT cannot authorize business capability changes.
    		 Use Info-Tech’s Document Your Business Architecture blueprint to gain better understanding of business and IT alignment.
    Removal
    • Remove existing business capabilities that don’t contribute value to the business.
    • Lower operational costs through elimination of unused and irrelevant capabilities.
    • Business capabilities may be seen as relevant or critical by different stakeholder groups.
    • IT cannot authorize business capability changes.
    		 Use Info-Tech’s Build an Application Rationalization Framework to rationalize your application portfolio.
    Business Process:
    Process integration and consolidation
    • Combine multiple business processes into a single process.
    • Improved utilization of applications in each step of the process.
    • Reduce business costs through efficient business processes.
    • Minimize number of applications required to execute a single process.
    • Significant business disruption if an application goes down and is the primary support for business processes.
    • Organizational pushback if process integration involves multiple business groups.
    Business Process (continued):
    Process automation
    • Automate manual business processing tasks.
    • Reduce manual processing errors.
    • Improve speed of delivery.
    • Significant costs to implement automation.
    • Automation payoffs are not immediate.
    Lean business processes
    • Eliminate redundant steps.
    • Streamline existing processes by focusing on value-driven steps.
    • Improve efficiency of business process through removal of wasteful steps.
    • Increase value delivered at the end of the process.
    • Stakeholder pushback from consistently changing processes.
    • Investment from business is required to fit documentation to the process.
    Outsource the process
    • Outsource a portion of or the entire business process to a third party.
    • Leverage unavailable resources and skills to execute the business process.
    • Loss of control over process.
    • Can be costly to bring the process back into the business if desired in the future.
    Business Process (continued):
    Standardization
    • Implement standards for business processes to improve uniformity and reusability.
    • Consistently apply the same process across multiple business units.
    • Transparency of what is expected from the process.
    • Improve predictability of process execution.
    • Process bottlenecks may occur if a single group is required to sign off on deliverables.
    • Lack of enforcement and maintenance of standards can lead to chaos if left unchecked.
    User Interface:
    Improve user experience (UX)
    • Eliminate end-user emotional, mechanical, and functional friction by improving the experience of using the application.
    • UX encompasses both the interface and the user’s behavior.
    • Increase satisfaction and adoption rate from end users.
    • Increase brand awareness and user retention.
    • UX optimizations are only focused on a few user personas.
    • Current development processes do not accommodate UX assessments
    Code:
    Update coding language    		 Translate legacy code into modern coding language.
    • Coding errors in modern languages can have lesser impact on the business processes they support.
    • Modern languages tend to have larger pools of coders to hire.
    • Increase availability of tools to support modern languages.
    • Coding language changes can create incompatibilities with existing infrastructure.
    • Existing coding translation tools do not offer 100% guarantee of legacy function retention.
    Code (continued):
    Open source code
    • Download pre-built code freely available in open source communities.
    • Code is rapidly evolving in the community to meet current business needs.
    • Avoid vendor lock-in from proprietary software
    • Community rules may require divulgence of work done with open source code.
    • Support is primarily provided through community, which may not address specific concerns.
    Update the development toolchain
    • Acquire new or optimize development tools with increased testing, build, and deployment capabilities.
    • Increase developer productivity.
    • Increase speed of delivery and test coverage with automation.
    • Drastic IT overhauls required to implement new tools such as code conversion, data migration, and development process revisions.
    Update source code management
    • Optimize source code management to improve coding governance, versioning, and development collaboration.
    • Ability to easily roll back to previous build versions and promote code to other environments.
    • Enable multi-user development capabilities.
    • Improve conflict management.
    • Some source code management tools cannot support legacy code.
    • Source code management tools may be incompatible with existing development toolchain.
    Data:
    Outsource extraction
    • Outsource your data analysis and extraction to a third party.
    • Lower costs to extract and mine data.
    • Leverage unavailable resources and skills to translate mined data to a usable form.
    • Data security risks associated with off-location storage.
    • Data access and control risks associated with a third party.
    Update data structure
    • Update your data elements, types (e.g. transactional, big data), and formats (e.g. table columns).
    • Standardize on a common data definition throughout the entire organization.
    • Ease data cleansing, mining, analysis, extraction, and management activities.
    • New data structures may be incompatible with other applications.
    • Implementing data management improvements may be costly and difficult to acquire stakeholder buy-in.
    Update data mining and data warehousing tools
    • Optimize how data is extracted and stored.
    • Increase the speed and reliability of the data mined.
    • Perform complex analysis with modern data mining and data warehousing tools.
    • Data warehouses are regularly updated with the latest data.
    • Updating data mining and warehousing tools may create incompatibilities with existing infrastructure and data sets.
    Integration:
    Move from point-to-point to enterprise service bus (ESB)
    • Change your application integration approach from point-to-point to an ESB.
    • Increase the scalability of enterprise services by exposing applications to a centralized middleware.
    • Reduce the number of integration tests to complete with an ESB.
    • Single point of failure can cripple the entire system.
    • Security threats arising from centralized communication node.
    Leverage API integration
    • Leverage application programming interfaces (APIs) to integrate applications.
    • Quicker and more frequent transfers of lightweight data compared to extract, load, transfer (ETL) practices.
    • Increase integration opportunities with other modern applications and infrastructure (including mobile devices).
    • APIs are not as efficient as ETL when handling large data sets.
    • Changing APIs can break compatibility between applications if not versioned properly.

    Create an Architecture for AI

    • Buy Link or Shortcode: {j2store}344|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $604,999 Average $ Saved
    • member rating average days saved: 49 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management

    This research is designed to help organizations who are facing these challenges:

    • Deliver on the AI promise within the organization.
    • Prioritize the demand for AI projects and govern the projects to prevent overloading resources.
    • Have sufficient data management capability.
    • Have clear metrics in place to measure progress and for decision making.

    AI requires a high level of maturity in all data management capabilities, and the greatest challenge the CIO or CDO faces is to mature these capabilities sufficiently to ensure AI success.

    Our Advice

    Critical Insight

    • Build your target state architecture from predefined best-practice building blocks.
    • Not all business use cases require AI to increase business capabilities.
    • Not all organizations are ready to embark on the AI journey.
    • Knowing the AI pattern that you will use will simplify architecture considerations.

    Impact and Result

    • This blueprint will assist organizations with the assessment, planning, building, and rollout of their AI initiatives.
      • Do not embark on an AI project with an immature data management practice. Embark on initiatives to fix problems before they cripple your AI projects.
      • Using architecture building blocks will speed up the architecture decision phase.
    • The success rate of AI initiatives is tightly coupled with data management capabilities and a sound architecture.

    Create an Architecture for AI Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to understand why you need an underlying architecture for AI, review Info-Tech's methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess business use cases for AI readiness

    Define business use cases where AI may bring value. Evaluate each use case to determine the company’s AI maturity in people, tools, and operations for delivering the correct data, model development, model deployment, and the management of models in the operational areas.

    • Create an Architecture for AI – Phase 1: Assess Business Use Cases for AI Readiness
    • AI Architecture Assessment and Project Planning Tool
    • AI Architecture Assessment and Project Planning Tool – Sample

    2. Design your target state

    Develop a target state architecture to allow the organization to effectively deliver in the promise of AI using architecture building blocks.

    • Create an Architecture for AI – Phase 2: Design Your Target State
    • AI Architecture Templates

    3. Define the AI architecture roadmap

    Compare current state with the target state to define architecture plateaus and build a delivery roadmap.

    • Create an Architecture for AI – Phase 3: Define the AI Architecture Roadmap
    [infographic]

    Workshop: Create an Architecture for AI

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Answer “Where To?”

    The Purpose

    Define business use cases where AI may add value and assess use case readiness.

    Key Benefits Achieved

    Know upfront if all required data resources are available in the required velocity, veracity, and variety to service the use case.

    Activities

    1.1 Review the business vision.

    1.2 Identify and classify business use cases.

    1.3 Assess company readiness for each use case.

    1.4 Review architectural principles and download and install Archi.

    Outputs

    List of identified AI use cases

    Assessment of each use case

    Data sources needed for each use case

    Archi installed

    2 Define the Required Architecture Building Blocks

    The Purpose

    Define architecture building blocks that can be used across use cases and data pipeline.

    Key Benefits Achieved

    The architectural building blocks ensure reuse of resources and form the foundation of a stepwise rollout.

    Activities

    2.1 ArchiMate modelling language overview.

    2.2 Architecture building block overview

    2.3 Identify architecture building blocks by use case.

    2.4 Define the target state architecture.

    Outputs

    A set of building blocks created in Archi

    Defined target state architecture using architecture building blocks

    3 Assess the Current State Architecture

    The Purpose

    Assess your current state architecture in the areas identified by the target state.

    Key Benefits Achieved

    Only evaluating the current state architecture that will influence your AI implementation.

    Activities

    3.1 Identify the current state capabilities as required by the target state.

    3.2 Assess your current state architecture.

    3.3 Define a roadmap and design implementation plateaus.

    Outputs

    Current state architecture documented in Archi

    Assessed current state using assessment tool

    A roadmap defined using plateaus as milestones

    4 Bridge the Gap and Create the Roadmap

    The Purpose

    Assess your current state against the target state and create a plan to bridge the gaps.

    Key Benefits Achieved

    Develop a roadmap that will deliver immediate results and ensure long-term durability.

    Activities

    4.1 Assess the gaps between current- and target-state capabilities.

    4.2 Brainstorm initiatives to address the gaps in capabilities

    4.3 Define architecture delivery plateaus.

    4.4 Define a roadmap with milestones.

    4.5 Sponsor check-in.

    Outputs

    Current to target state gap assessment

    Architecture roadmap divided into plateaus

    Maximize Value From Your Value-Added Reseller (VAR)

    • Buy Link or Shortcode: {j2store}215|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management

    Organizations need to understand their value-added reseller (VAR) portfolio and the greater VAR landscape to better:

    • Manage the VAR portfolio.
    • Understand additional value each VAR can provide.
    • Maximize existing VAR commitments.
    • Evaluate the VARs’ performance.

    Our Advice

    Critical Insight

    VARs typically charge more for products because they are in some way adding value. If you’re not leveraging any of the provided value, you’re likely wasting money and should use a basic commodity-type reseller for procurement.

    Impact and Result

    This project will provide several benefits to Vendor Management and Procurement:

    • Defined VAR value and performance tracking.
    • Manageable portfolio of VARs that fully benefit the organization.
    • Added training, licensing advice, faster quoting, and invoicing resolution.
    • Reduced deployment and logistics costs.

    Maximize Value From Your Value-Added Reseller (VAR) Research & Tools

    Start here – read the Executive Brief

    Read our informative Executive Brief to find out why you should maximize value from your value-added reseller, review Info-Tech’s methodology, and understand the three ways to better manage your VARs improve performance and reduce costs.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Organize and prioritize

    Organize all your VARs and create a manageable portfolio detailing their value, specific, product, services, and certifications.

    • Maximize Value From Your Value-Added Reseller – Phase 1: Organize and Prioritize
    • VAR Listing and Prioritization Tool

    2. “EvaluRate” your VARs

    Create an in-depth evaluation of the VARs’ capabilities.

    • Maximize Value From Your Value-Added Reseller – Phase 2: EvaluRate Your VARs
    • VAR Features Checklist Tool
    • VAR Profile and EvaluRation Tool

    3. Consolidate and reduce

    Assess each VAR for low performance and opportunity to increase value or consolidate to another VAR and reduce redundancy.

    • Maximize Value From Your Value-Added Reseller – Phase 3: Consolidate and Reduce

    4. Maximize their value

    Micro-manage your primary VARs to ensure performance to commitments and maximize their value.

    • Maximize Value From Your Value-Added Reseller – Phase 4: Maximize Their Value
    • VAR Information and Scorecard Workbook
    [infographic]

    Optimize the IT Operations Center

    • Buy Link or Shortcode: {j2store}449|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management
    • Your team’s time is burned up by incident response.
    • Manual repetitive work uses up expensive resources.
    • You don’t have the visibility to ensure the availability the business demands.

    Our Advice

    Critical Insight

    • Sell the project to the business.
    • Leverage the Operations Center to improve IT Operations.

    Impact and Result

    • Clarify lines of accountability and metrics for success.
    • Implement targeted initiatives and track key metrics for continual improvement.

    Optimize the IT Operations Center Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should Optimize the IT Operations Center, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Lightning Phase: Pluck Low-Hanging Fruit for Quick Wins

    Get quick wins to demonstrate early value for investments in IT Operations.

    • Optimize the IT Operations Center – Lightning Phase: Pluck Low-Hanging Fruit for Quick Wins

    2. Get buy-in

    Get buy-in from business stakeholders by speaking their language.

    • Optimize the IT Operations Center – Phase 1: Get Buy-In
    • IT Operations Center Prerequisites Assessment Tool
    • IT Operations Center Stakeholder Buy-In Presentation
    • IT Operations Center Continual Improvement Tracker

    3. Define accountability and metrics

    Formalize process and task accountability and develop targeted metrics.

    • Optimize the IT Operations Center – Phase 2: Define Accountability and Metrics
    • IT Operations Center RACI Charts Template

    4. Assess gaps and prioritize initiatives

    Identify pain points and determine the top solutions.

    • Optimize the IT Operations Center – Phase 3: Assess Gaps and Prioritize Initiatives
    • IT Operations Center Gap and Initiative Tracker
    • IT Operations Center Initiative Prioritization Tool

    5. Launch initiatives and track metrics

    Lay the foundation for implementation and continual improvement.

    • Optimize the IT Operations Center – Phase 4: Launch Initiatives and Track Metrics
    [infographic]

    Workshop: Optimize the IT Operations Center

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Check Foundation

    The Purpose

    Ensure base maturity in IT Operations processes.

    Key Benefits Achieved

    Verify that foundation is in place to proceed with Operations Center project.

    Activities

    1.1 Evaluate base maturity.

    Outputs

    IT Operations Center Prerequisites Assessment Tool

    2 Define Accountabilities

    The Purpose

    Define accountabilities for Operations processes and tasks.

    Key Benefits Achieved

    Documented accountabilities.

    Activities

    2.1 Pluck low-hanging fruit for quick wins.

    2.2 Complete process RACI.

    2.3 Complete task RACI.

    Outputs

    Project plan

    Process RACI

    Task RACI

    3 Map the Challenge

    The Purpose

    Define metrics and identify accountabilities and gaps.

    Key Benefits Achieved

    List of initiatives to address pain points.

    Activities

    3.1 Define metrics.

    3.2 Define accountabilities.

    3.3 Identify gaps.

    Outputs

    IT Operations Center Gap and Initiative Tracker

    4 Build Action Plan

    The Purpose

    Develop an action plan to boost KPIs.

    Key Benefits Achieved

    Action plan and success criteria.

    Activities

    4.1 Prioritize initiatives.

    Outputs

    IT Operations Center Initiative Prioritization Tool

    5 Map Out Implementation

    The Purpose

    Build an implementation plan for continual improvement.

    Key Benefits Achieved

    Continual improvement against identified metrics and KPIs.

    Activities

    5.1 Build implementation plan.

    Outputs

    IT Operations Center Continual Improvement Tracker

    Further reading

    Optimize the IT Operations Center

    Stop burning budget on non-value-adding activities.

    ANALYST PERSPECTIVE

    The Network Operations Center is not in Kansas anymore.

    "The old-school Network Operations Center of the telecom world was heavily peopled and reactionary. Now, the IT Operations Center is about more than network monitoring. An effective Operations Center provides visibility across the entire stack, generates actionable alerts, resolves a host of different incidents, and drives continual improvement in the delivery of high-quality services.
    IT’s traditional siloed approach cannot provide the value the business demands. The modern Operations Center breaks down these silos for the end-to-end view required for a service-focused approach."
    Derek Shank,
    Research Analyst, Infrastructure & Operations
    Info-Tech Research Group

    Our understanding of the problem

    This Research Is Designed For:

    • IT Operations Managers
    • IT Infrastructure Managers
    • CIOs

    This Research Will Help You:

    • Improve reliability of services.
    • Reduce the cost of incident response.
    • Reduce the cost of manual repetitive work (MRW).

    This Research Will Also Assist

    • Business Analysts
    • Project Managers
    • Business Relationship Managers

    This Research Will Help Them

    • Develop appropriate non-functional requirements.
    • Integrate non-functional requirements into solution design and project implementation.

    Executive Summary

    Situation

    • Your team’s time is burned up by incident response.
    • MRW burns up expensive resources.
    • You don’t have the visibility to ensure the availability the business demands.

    Complication

    • The increasing complexity of technology has resulted in siloed teams of specialists.
    • The business views IT Operations as a cost center and doesn’t want to provide resources to support improvement initiatives.

    Resolution

    • Pluck low-hanging fruit for quick wins.
    • Obtain buy-in from business stakeholders by speaking their language.
    • Clarify lines of accountability and metrics for success.
    • Implement targeted initiatives and track key metrics for continual improvement.

    Info-Tech Insight

    1. Sell the project to the business. Your first job is a sales job because executive sponsorship is key to project success.
    2. Worship the holy trinity of metrics: impact of downtime, cost of incident response, and time spent on manual repetitive work (MRW).
    3. Invest in order to profit. Improving the Operations Center takes time and money. Expect short-term pain to realize long-term gain.

    The role of the Network Operations Center has changed

    • The old approach was technology siloed and the Network Operations Center (NOC) only cared about the network.
    • The modern Operations Center is about ensuring high availability of end-user services, and requires cross-functional expertise and visibility across all the layers of the technology stack.
    A pie chart is depicted. The data displayed on the chart, in decreasing order of size, include: Applications; Servers; LAN; WAN; Security; Storage. Source: Metzler, n.d.

    Most organizations lack adequate visibility

    • The rise of hybrid cloud has made environments more complex, not less.
    • The increasing complexity makes monitoring and incident response more difficult than ever.
    • Only 31% of organizations use advanced monitoring beyond what is offered by cloud providers.
    • 69% perform no monitoring, basic monitoring, or rely entirely on the cloud provider’s monitoring tools.
    A Pie chart is depicted. Two data are represented on the chart. The first, representing 69% of the chart, is: Using no monitoring, basic monitoring, or relying only on the cloud vendor's monitoring. the second, representing 31% of the chart, is Using advanced monitoring beyond what cloud vendors provide. Source: InterOp ITX, 2018

    Siloed service level agreements cannot ensure availability

    You can meet high service level agreements (SLAs) for functional silos, but still miss the mark for service availability. The business just wants things to work!

    this image contains Info-Tech's SLA-compliance rating chart, which displays the categories: Available, behaving as expected; Slow/degraded; and Unavailable, for each of: Webserver; Database; Storage; Network; Application; and, Business Service

    The cost of downtime is massive

    Increasing reliance on IT makes downtime hurt more than ever.
    98% of enterprises lose $100,000+.
    81% of enterprises lose $300,000+ per hour of downtime.

    This is a bar graph, showing the cost per hour of downtime, against the percentage of enterprises.

    Source: ITIC, 2016

    IT is asked to do more with less

    Most IT budgets are staying flat or shrinking.

    57% of IT departments expect their budget to stay flat or to shrink from 2018 to 2019.

    This image contains a pie chart with two data, one is labeled: Increase; representing 43% of the chart. The other datum is labeled: Shrink or stay flat, and represents 57% of the chart.

    Unify and streamline IT Operations

    A well-run Operations Center ensures high availability at reasonable cost. Improving your Operations Center results in:

    • Higher availability
    • Increased reliability
    • Improved project capacity
    • Higher business satisfaction

    Measure success with the holy trinity of metrics

    Focus on reducing downtime, cost of incident response, and MRW.

    This image contains a Funnel Chart showing the inputs: Downtime; Cost of Incident Response; MRW; and the output: Reduce for continual improvement

    Start from the top and employ a targeted approach

    Analyze data to get buy-in from stakeholders, and use our tools and templates to follow the process for continual improvement in IT Operations.

    This image depicts a cycle, which includes: Data analysis; Executive Sponsorship; Success Criteria; Gap Assessment; Initiatives; Tracking & Measurement

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Optimize the IT Operations Center – project overview

    Launch the Project

    Identify Enterprise Services

    Identify Line of Business Services

    Complete Service Definitions

    Best-Practice Toolkit

    🗲 Pluck Low-Hanging Fruit for Quick Wins

    1.1 Ensure Base Maturity Is in Place

    1.2 Make the Case

    2.1 Define Accountabilities

    2.2 Define Metrics

    3.1 Assess Gaps

    3.2 Plan Initiatives

    4.1 Lay Foundation

    4.2 Launch and Measure

    Guided Implementations

    Discuss current state.

    Review stakeholder presentation.

    Review RACIs.

    Review metrics.

    Discuss gaps.

    Discuss initiatives.

    Review plan and metric schedule.

    Onsite Workshop Module 1:

    Clear understanding of project objectives and support obtained from the business.

    		Module 2:

    Enterprise services defined and categorized.

    		Module 3:

    LOB services defined based on user perspective.

    		Module 4:

    Service record designed according to how IT wishes to communicate to the business.

    Phase 1 Results:

    Stakeholder presentation

    		Phase 2 Results:
    • RACIs
    • Metrics
    		Phase 3 Results:
    • Gaps list
    • Prioritized list of initiatives
    		 Phase 4 Results:
    • Implementation plan
    • Continual improvement tracker

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Pre-Workshop Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4
    Activities

    Check Foundation

    Define Accountabilities

    Map the Challenge

    Build Action Plan

    Map Out Implementation

    1.1 Ensure base maturity.

    🗲 Pluck low-hanging fruit for quick wins.

    2.1 Complete process RACI.

    2.2 Complete task RACI.

    3.1 Define metrics.

    3.2 Define accountabilities.

    3.2 Identify gaps.

    4.1 Prioritize initiatives.

    5.1 Build implementation plan.

    Deliverables
    1. IT Operations Center Prerequisites Assessment Tool
    1. IT Operations Center RACI Charts Template
    1. IT Operations Center Gap and Initiative Tracker
    1. IT Operations Center Initiative Prioritization Tool
    1. IT Operations Center Continual Improvement Tracker

    PHASE 🗲

    Pluck Low-Hanging Fruit for Quick Wins

    Optimize the IT Operations Center

    Conduct a ticket-trend analysis

    Generate reports on tickets from your IT service management (ITSM) tool. Look for areas that consume the most resources, such as:

    • Recurring tickets.
    • Tickets that have taken a long time to resolve.
    • Tickets that could have been resolved at a lower tier.
    • Tickets that were unnecessarily or improperly escalated.

    Identify issues

    Analyze the tickets:

    • Look for recurring tickets that may indicate underlying problems.
    • Ask tier 2 and 3 technicians to flag tickets that could have been resolved at a lower tier.
    • Identify painful and/or time consuming service requests.
    • Flag any manual repetitive work.

    Write the issues on a whiteboard.

    Oil & Gas IT reduces manual repetitive maintenance work

    CASE STUDY
    Industry Oil & Gas
    Source Interview

    Challenge

    The company used a webserver to collect data from field stations for analytics. The server’s version did not clear its cache – it filled up its own memory and would not overwrite, so it would just lock up and have to be rebooted manually.

    Solution

    The team found out that the volumes and units of data would cause the memory to fill at a certain time of the month. They wrote a script to reboot the machine and set up a planned outage during the appropriate weekend each month.

    Results

    The team never had to do manual reboots again – though they did have to tweak their reboot script not to rely on their calendar, after a shift in production broke the pattern between memory consumption and the calendar.

    Rank the issues

    🗲.1.1 10 minutes

    1. Assign each participant five sticky dots to use for voting.
    2. Have each participant place any number of dots beside the issue(s) of their choice.
    3. Count the dots and rank the top three most important issues.

    INPUT

    • List of issues

    OUTPUT

    • Top three issues

    Materials

    • Whiteboard
    • Markers
    • Sticky dots

    Participants

    • Operations Manager
    • Infrastructure Manager
    • I&O team members

    Brainstorm solutions

    🗲.1.2 10 minutes

    1. Write the three issues at the top of a whiteboard, each at the head of its own column.
    2. Focusing on one issue at a time, brainstorm potential solutions for each issue. Have one person write all the proposed solutions on the board beneath the issue.

    Info-Tech Best Practice

    Do not censor or evaluate the proposed solutions at this time. During brainstorming, focus on coming up with as many potential solutions as possible, no matter how infeasible or outlandish.

    INPUT

    • Top three issues

    OUTPUT

    • Potential solutions

    Materials

    • Whiteboard
    • Markers

    Participants

    • Operations Manager
    • Infrastructure Manager
    • I&O team members

    Evaluate and rank potential solutions

    🗲.1.3 30 minutes

    1. Score the solutions from 1-5 on each of the two dimensions:
    • Attainability
    • Probable efficacy
  • Identify the top scoring solution for each issue. In the event of a tie, vote to determine the winner.

    • Info-Tech Insight

    Quick wins are the best of both worlds. To get a quick win, pick a solution that is both readily attainable and likely to have high impact.

    INPUT

    • Potential solutions

    OUTPUT

    • Ranked list of solutions

    Materials

    • Whiteboard
    • Markers

    Participants

    • Operations Manager
    • Infrastructure Manager
    • I&O team members

    Develop metrics to measure the effectiveness of solutions

    You should now have a top potential solution for each pain point.

    For each pain point and proposed solution, identify the metric that would indicate whether the solution had been effective or not. For example:

    • Pain point: Too many unnecessary escalations for SharePoint issues.
    • Solution: Train tier 1 staff to resolve SharePoint tickets.
    • Metric: % of SharePoint tickets resolved at tier 1.

    Design solutions

    • Some solutions explain themselves. E.g., hire an extra service desk person.
    • Others require more planning and design, as they involve a bespoke solution. E.g., improve asset management process or automate onboarding of new users.
    • For the solutions that require planning, take the time to design each solution fully before rushing to implement it.

    Build solutions

    • Build any of the solutions that require building. For example, any scripting for automations requires the writing of those scripts, and any automated ticket routing requires configuration of your ITSM tool.
    • Part of the build phase for many solutions should also involve designing the tests of those solutions.

    Test solutions – refine and iterate

    • Think about the expected outcome and results of the solutions that require testing.
    • Test each solution under production-like circumstances to see if the results and behavior are as expected.
    • Refine and iterate upon the solutions as necessary, and test again.

    Implement solutions and measure results

    • Before implementing each solution, take a baseline measurement of the metric that will measure success.
    • Implement the solutions using your change management process.
    • After implementation, measure the success of the solution using the appropriate metric.
    • Document the results and judge whether the solution has been effective.

    Use the top result as a case study to obtain buy-in

    Your most effective solution will make a great case study.

    Write up the results and input the case study into the IT Operations Center Stakeholder Buy-In Presentation.

    This image contains a screenshot of info-tech's default format for presenting case studies.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts

    this is a picture of an Info-Tech Analyst
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.
    The following are sample activities that will be conducted by Info-Tech analysts with your team:
    🗲.1.2 This image contains a screenshot from section 🗲.1.2 of this blueprint.

    Identify issues

    Look for areas that aren’t working optimally.

    🗲.1.3 this image contains a screenshot from section 🗲.1.3 of this blueprint.

    Evaluate and rank potential solutions

    Sort the wheat from the chaff and plan for quick wins.

    PHASE 1

    Get Buy-In

    Optimize the IT Operations Center

    Step 1.1: Ensure Base Maturity Is in Place

    This step will walk you through the following activities:

    • Assess maturity of base IT Operations processes.

    Outcomes of this step

    • Completed IT Operations Center Prerequisites Assessment Tool

    Base processes underpin the Operations Center

    • Before you optimize your Operations Center, you should have foundational ITSM processes in place: service desk, and incident, problem, and change management.
    • Attempting to optimize Operations before it rests on a solid foundation can only lead to frustration.

    IT Operations Center

    • Service Desk
    • Incident Management
    • Problem Management
    • Change Management

    Info-Tech Insight

    ITIL isn’t dead. New technology such as cloud solutions and advanced monitoring tools have transformed how ITSM processes are implemented, but have not obviated them.

    Assess maturity of prerequisite processes

    1.1.1 IT Operations Center Prerequisites Assessment Tool

    • Don’t try to prematurely optimize your Operations Center.
    • Before undertaking this project, you should already have a base level of maturity in the four foundational IT Operations processes.
    • Complete the IT Operations Center Prerequisites Assessment Tool to assess your current level in service desk, incident management, problem management, and change management.
    this image contains a screenshot from Info-Tech's IT Operations Center Prerequisite Assessment

    Make targeted improvements on prerequisite processes if necessary

    If there are deficiencies in any of your foundational processes, take the time to remedy those first before proceeding with Optimize the IT Operations Center. See Info-Tech’s other blueprints:

    Standardize the Service Desk

    Strengthen your service desk to build a strong ITSM foundation.

    Incident and Problem Management

    Don’t let persistent problems govern your department.

    Optimize Change Management

    Turn and face the change with a right-sized change management process.

    Step 1.2: Make the Case

    This step will walk you through the following activities:

    • Estimate the impact of downtime for top five applications.
    • Estimate the cost of incident response.
    • Estimate the cost of MRW.
    • Set success metrics and estimate the ROI of the Operations Center project.
    • IT Operations Center Stakeholder Buy-In Presentation

    Obtaining buy-in is critical

    Buy-in from top-level stakeholders is critical to the success of the project.

    Before jumping into your initiatives, take the time to make the case and bring the business on board.

    Factors that “prevent us from improving the NOC”

    This image contains a graph of factors that prevent us from improving the NOC. In decreasing order, they include: Lack of strategic guidance from our vendors; The unwillingness of our management to accept new risk; Lack of adequate software tools; Our internal processes; Lack of management vision; Lack of funding; and Lack of personnel resources. There is a red circle drawn around the last three entries, with the words: Getting Buy-in Removes the Top Three Roadblocks to Improvement!. Source: Metzier, n.d

    List your top five applications

    List your top five applications for business criticality.

    Don’t agonize over decisions at this point.

    Generally, the top applications will be customer facing, end-user facing for the most critical business units, or critical for health and safety.

    Estimate impact of downtime

    • Come up with a rough, back-of-the-napkin estimate of the hourly cost of downtime for each application.
    • Complete page two of the IT Operations Center Stakeholder Buy-In Presentation.
    • Estimate loss of revenue per hour, loss of productivity per hour, and IT cost per incident resolution hour.
    • Pull a report on incident hours/outages in the past year from your ITSM tool. Multiply the total cost per incident hour by the incident hours per year to determine the current cost per year of service disruptions for each service.
    • Add up the cost for each of the top five services.
    • Now you can show the business a hard value number that quantifies your availability issues.

    Estimate salary cost of non-value-adding work

    Complete page three of the IT Operations Center Stakeholder Buy-In Presentation.

    • Estimate annual wage cost of incident response: multiply incident response hours per year (take from your ITSM tool) by the average hourly wage of incident responders.
    • Estimate annual cost of MRW: multiply MRW hours per year (take from ITSM tool or from time-keeping tool, or use best guess based on talking to staff members) by the average hourly wage of IT staff performing MRW.
    • Add the two numbers together to calculate the non-value-adding IT salary cost per year.
    • Express the previous number as a percentage of total IT salary. Everything that is not incident response or MRW is value-adding work.

    Now you have the holy trinity of metrics: set some targets

    The holy trinity of metrics:

    • Cost of downtime
    • % of salary on incident response
    • % of salary on MRW

    You want to reduce the above numbers. Set some back-of-the-napkin targets for percentage reductions for each of these areas. These are high-level metrics that business stakeholders will care about.

    Take your best guess at targets. Higher maturity organizations will have less potential for reduction from a percentage point of view (eventually you hit diminishing returns), while organizations just beginning to optimize their Operations Center have the potential for huge gains.

    Calculate the potential gains of targets

    Complete page five of the IT Operations Center Stakeholder Buy-In Presentation.

    • Multiply the targeted/estimated % reductions of the costs by your current costs to determine the potential savings/benefits.
    • Do a back-of-the napkin estimate of the cost of the Operations Center improvement project. Use reasonable numbers for cost of personnel time and cost of tools, and be sure to include ongoing personnel time costs – your time isn’t free and continual improvement takes work and effort.
    • Calculate the ROI.

    Fill out the case study

    • Complete page six of the IT Operations Center Stakeholder Buy-In Presentation. If you completed the lightning phase, use the results of your own quick win project(s) as an example of feasibility.
    • If you did not complete the lightning phase, delete this slide, or use an example of what other organizations have achieved to demonstrate feasibility.
    This image contains a screenshot of info-tech's default format for presenting case studies.

    Present to stakeholders

    • Deliver the presentation to key stakeholders.
    • Focus on the high-level story that the current state is costing real dollars and wages, and that these losses can be minimized through process improvements.
    • Be up front that many of the numbers are based on estimates, but be prepared to defend the reasonableness of the estimates.

    Gain buy-in and identify project sponsor

    • If the business is on board with the project, determine one person to be the executive sponsor for the project. This person should have a strong desire to see the project succeed, and should have some skin in the game.

    Formalize communication with the project sponsor

    • Establish how you will communicate with the sponsor throughout the project (e.g. weekly or monthly e-mail updates, bi-weekly meetings).
    • Set up a regular/recurring cadence and stick to it, so it can be put on auto-pilot. Be clear about who is responsible for initiating communication and sticking to the reporting schedule.

    Info-Tech Insight

    Tailor communication to the sponsor. The project sponsor is not the project manager. The sponsor’s role is to drive the project forward by allocating appropriate resources and demonstrating highly visible support to the broader organization. The sponsor should be kept in the loop, but not bothered with minutiae.

    Note the starting numbers for the holy trinity

    Use the IT Operations Center Continual Improvement Tracker:

    • Enter your starting numbers for the holy trinity of metrics.
    • After planning and implementing initiatives, this tracker will be used to update against the holy trinity to assess the success of the project on an ongoing basis and to drive continual improvement.

    PHASE 2

    Define Accountability and Metrics

    Optimize the IT Operations Center

    Step 2.1: Define Accountabilities

    This step will walk you through the following activities:

    • Formalize RACI for key processes.
    • Formalize RACI for key tasks.

    Outcomes of this step

    • Completed RACIs

    List key Operations Center processes

    Compile a list of processes that are key for the Operations Center.

    These processes should include the four foundational processes:

    • Service Desk
    • Incident Management
    • Problem Management
    • Change Management

    You may also want to include processes such as the following:

    • Event Management
    • Configuration Management

    Avoid listing processes you have yet to develop – stick with those already playing a role in your current state.

    Formalize RACI for key processes

    Use the IT Operations Center RACI Charts Template. Complete a RACI for each of the key processes involved in the IT Operations Center.

    RACI:

    • Responsible (does the work on a day-to-day basis)
    • Accountable (reviews, signs off, and is held accountable for outcomes)
    • Consulted (input is sought to feed into decision making)
    • Informed (is given notification of outcomes)

    As a best practice, no more than one person should be responsible or accountable for any given process. The same person can be both responsible and accountable for a given process, or it could be two different people.

    Avoid making someone accountable for a process if they do not have full visibility into the process for appropriate oversight, or do not have time to give the process sufficient attention.

    Formalize RACI for IT tasks

    Now think about the actual tasks or work that goes on in IT. Which roles and individuals are accountable for which tasks or pieces of work?

    In this case, more than one role/person can be listed as responsible or accountable in the RACI because we’re talking about types or categories of work. No conflict will occur because these individuals will be responsible or accountable for different pieces of work or individual tasks of the same type. (e.g. all service desk staff are responsible for answering phones and inputting tickets into the ITSM tool, but no more than one staff member is responsible for the input of any given ticket from a specific phone call).

    Step 2.2: Define Metrics

    This step will walk you through the following activities:

    • Cascade operational metrics from the holy trinity.
    • Evaluate metrics and identify key performance indicators (KPIs).
    • Cascade performance assessment (PA) metrics to support KPIs.
    • Build feedback loop for PA metrics.

    Outcomes of this step

    • KPIs
    • PA metrics

    Metrics must span across silos for shared accountability

    To adequately support the business goals of the organization, IT metrics should span across functional silos.

    Metrics that span across silos foster shared accountability across the IT organization.

    Metrics supported by all groups

    three grain silos are depicted. below, are the words IT Groups, with arrows pointing from the words to each of the three silos.

    Cascade operational metrics from the holy trinity

    Focus on the holy trinity of metrics.

    From these, cascade down to operational metrics that contribute to the holy trinity. It is possible that an operational metric may support more than one trinity metric. For example:

    a flow chart is depicted. two input circles point toward a central circle, and two output circles point away. the input circles include: Cost of Downtime; Cost of Incident Response. The central circle reads: Mean time to restore service. the output circles include the words: Tier 1 Resolution Rate; %% of Known Errors Captured in ITSM Tool.

    Evaluate metrics and identify KPIs

      • Evaluate your operational metrics and determine which ones are likely to have the largest impact on the holy trinity of metrics.
      • Identify the ten metrics likely to have the most impact: these will be your KPIs moving forward.
      • Enter these KPIs into the IT Operations Center Continual Improvement Tracker.
      		 this image depicts a cycle around the term KPI. The cycle includes: Objective; Measurement; optimization; strategy; performance; evaluation

    Beware how changing variables/context can affect metrics

    • Changes in context can affect metrics drastically. It’s important to keep the overall context in mind to avoid being led astray by certain numbers taken in isolation.
    • For example, a huge hiring spree might exhaust the stock of end-user devices, requiring time to procure hardware before the onboarding tickets can be completely fulfilled. You may have improved your onboarding process through automation, but see a large increase in average time to onboard a new user. Keep an eye out for such anomalies or fluctuations, and avoid putting too much stock in any single operational KPI.
    • Remember, operational KPIs are just a heuristic tool to support the holy trinity of metrics.

    Determine accountability for KPIs

    • For each operational KPI, assign one person to be accountable for that KPI.
    • Be sure the person in charge has the necessary authority and oversight over the processes and personnel that most affect that KPI – otherwise it makes little sense to hold the individual accountable.
    • Consulting your process RACIs is a good place to start.
    • Record the accountable person for each KPI in the IT Operations Center Continual Improvement Tracker.

    Info-Tech Best Practice

    Match accountability with authority. The person accountable for each KPI should be the one who has the closet and most direct control over the work and processes that most heavily impact that KPI.

    Cascade PA metrics to support KPIs

    KPIs are ultimately driven by how IT does its work, and how individuals work is driven by how their performance is assessed and evaluated.

    For the top KPIs, be sure there are individual PA metrics in place that support the KPI, and if not, develop the appropriate PA metrics.

    For example:

    • KPI: Mean time to resolve incidents
    • PA metric: % of escalations that followed SOP (e.g. not holding onto a ticket longer than supposed to)
    • KPI: Number of knowledge base articles written
    • PA metric: Number of knowledge base articles written/contributed to

    Communicate key changes in PA metrics

    Any changes from the previous step will take time and effort to implement and make stick.

    Changing people’s way of working is extremely difficult.

    Build a communication and implementation plan about rolling out these changes, emphasize the benefits for everyone involved, and get buy-in from the affected staff members.

    Build feedback loops for PA metrics

    Now that PA metrics support your Operations Center’s KPIs, you should create frequent feedback loops to drive and boost those PA metrics.

    Once per year or once per quarter is not frequent enough. Managers should meet with their direct reports at least monthly and review their reports’ performance against PA metrics.

    Use a “set it and forget it” implementation, such as a recurring task or meeting in your calendar.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts

    this is a picture of an Info-Tech Analyst

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.
    The following are sample activities that will be conducted by Info-Tech analysts with your team:
    2.2.1 This image contains a screenshot from section 2.2.1 of this blueprint.

    Cascade operational metrics from the holy trinity

    Rank goals based on business impact and stakeholder pecking order.

    2.2.2 this image contains a screenshot from section 2.2.2 of this blueprint.

    Determine accountability for KPIs

    Craft a concise and compelling elevator pitch that will drive the project forward.

    PHASE 3

    Assess Gaps and Prioritize Initiatives

    Optimize the IT Operations Center

    Step 3.1: Assess Gaps

    This step will walk you through the following activities:

    • Assess visibility provided by monitoring.
    • Assess process workflows and identify areas for automation.
    • Assess requests and identify potential for automation.
    • Assess Operations Center staff capabilities.
    • Conduct a root cause analysis on the gaps/pain points.

    Outcomes of this step

    • List of gaps
    • List of root causes

    Measure current state of KPIs and identify lagging ones

    Take a baseline measurement of each operational KPI.

    If historical data is available, compare the present state measurement to data points collected over the last year or so.

    Review the measured KPIs.

    Identify any KPIs that seem lagging or low, or that may be particularly important to influence.

    Record lagging KPIs in the IT Operations Center Gap and Initiative Tracker tool.

    Assess visibility provided by monitoring

    List the top five most critical business services supported by IT.
    Assess the current state of your monitoring tools.

    For each business service, rate the level of visibility your monitoring tools allow from the following options:

    1. We have no visibility into the service, or lack visibility into crucial elements.
    2. We have basic visibility (up/down) into all the IT components that support the service.
    3. We have basic visibility (up/down) into the end service itself, in addition to all the IT components that make it up.
    4. We have some advanced visibility into some aspects of the service and/or its IT components.
    5. We have a full, end-to-end view of performance across all the layers of the stack, as well as the end business service itself.

    Identify where more visibility may be necessary

    For most organizations it isn’t practical to have complete visibility into everything. For the areas in which visibility is lacking into key services, think about whether more visibility is actually required or not. Consider some of the following questions:

    • How great is the impact of this service being unavailable?
    • Would greater visibility into the service significantly reduce the mean time to restore the service in the event of incidents?

    Record any deficiencies in the IT Operations CenterGap and Initiative Tracker tool.

    Assess alerting

    Assess alerting for your most critical services.

    Consider whether any of the following problems occur:

    • Often receive no alert(s) in the event of critical outages of key services (we find out about critical outages from the service desk).
    • We are regularly overwhelmed with too many alerts to investigate properly.
    • Our alerts are rarely actionable.
    • We often receive many false alerts.

    Identify areas for potential improvement in the managing of alerts. Record any deficiencies in the IT Operations Center Gap and Initiative Tracker tool.

    Assess process workflows and identify areas for automation

    Review your process flows for base processes such as Service Desk, Incident Management, Problem Management, and Change Management.

    Identify areas in the workflows where there may be defects, inefficiencies, or potential for improvement or automation.

    Record any deficiencies in the IT Operations Center Gap and Initiative Tracker tool.

    See the blueprint Prepare for Cognitive Service Management for process workflows and areas to look for automation possibilities.

    Prepare for Cognitive Service Management

    Make ready for AI-assisted IT operations.

    Assess requests and identify potential for automation

    • Assess the most common work orders or requests handled by the Operations Center group (i.e. this does not include requests fulfilled by the help desk).
    • Which work orders are the most painful? That is, what common work orders involve the greatest effort or the most manual work to fulfill?
    • Fulfillment of common, recurring work orders is MRW, and should be reduced or removed if possible.
    • Consider automation of certain work orders, or self-service delivery.
    • Record any deficiencies in the IT Operations Center Gap and Initiative Tracker tool.

    Assess Operations Center staff capabilities

    • Assess the skills and expertise of your team members.
    • Consider some of the following:
      • Are there team members who could perform their job more effectively by picking up certain skills or proficiencies?
      • Are there team members who have the potential to shift into more valuable or useful roles, given the appropriate training?
      • Are there individual team members whose knowledge is crucial for operations, and whose function cannot be taken up by others?

    Record any deficiencies in the IT Operations Center Gap and Initiative Tracker tool.

    Info-Tech Insight

    Train to avoid pain. All too often organizations expose themselves to significant key person risk by relying on the specialized skills and knowledge of one team member. Use cross training to remedy such single points of failure before the risk materializes.

    Brainstorm pain points

    Brainstorm any pain points not discussed in the previous areas.

    Pain points can be specific operational issues that have not yet been considered. For example:

    • Tom is overwhelmed with tickets.
    • Our MSP often breaches SLA.
    • We don’t have a training budget.

    Record any deficiencies in the IT Operations CenterGap and Initiative Tracker tool.

    Conduct a root cause analysis on the gaps/pain points

    • Pain points can often be symptoms of other deficiencies, or somewhat removed from the actual problem.
    • Using the 5 Whys, conduct a root cause analysis on the pain points for which the causes are not obvious.
    • For each pain point, ask “why” for a sequence of five times, attempting to proceed to the root cause of the issue. This root cause is the true gap that needs to be remedied to resolve the pain point.
    • For example:
      • The Wi-Fi network often goes down in the afternoon.
        • Why?: Its bandwidth gets overloaded.
        • Why?: Many people are streaming video.
        • Why?: There’s a live broadcast of a football game at that time.
      • Possible solutions:
        • Block access to the streaming services.
        • Project the game on a screen in a large conference room and encourage everyone to watch it there.

    Step 3.2: Plan Initiatives

    This step will walk you through the following activities:

    • Brainstorm initiatives to boost KPIs and address gaps.
    • Prioritize potential initiatives.
    • Decide which initiatives to include on the roadmap.

    Outcomes of this step

    • Targeted improvement roadmap

    Brainstorm initiatives to boost KPIs and address gaps

    Prioritize potential initiatives

    3.2.1 IT Operations Center Initiative Prioritization Tool

    • Use the IT Operations Center Initiative Prioritization Tool.
    • Enter the initiatives into the tool.
    • For each initiative, input the following ranking criteria:
      • The metric/KPI’s estimated degree of impact on the holy trinity.
      • The gap or pain point’s estimated degree of impact on the metric/KPI.
      • The initiative’s estimated degree of positive impact on the gap or pain point
      • The initiative’s attainability.
    • Estimate the resourcing capacity required for each initiative.
    • For accurate capacity assessment, input as “force include” all current in-flight projects handled by the Operations Center group (including those unrelated to the Operations Center project).

    Decide which initiatives to include on the roadmap

    • Not all initiatives will be worth pursuing – and especially not all at once.
    • Consider the results displayed on the final tab of the IT Operations CenterInitiative Prioritization Tool.
    • Based on the prioritization and taking capacity into account, decide which initiatives to include on your roadmap.
    • Sometimes, for operational or logistical reasons, it may make sense to schedule an initiative at a time other than its priority might dictate. Make such exceptions on a case-by-case basis.

    Assign an owner to each initiative, and provide resourcing

    • For each initiative, assign one person to be the owner of that initiative.
    • Be sure that person has the authority and the bandwidth necessary to drive the initiative forward.
    • Secure additional resourcing for any initiatives you want to include on your roadmap that are lacking capacity.

    Info-Tech Insight

    You must invest resources in order to reduce the time spent on non-value-adding work.

    "The SRE model of working – and all of the benefits that come with it – depends on teams having ample capacity for engineering work. If toil eats up that capacity, the SRE model can’t be launched or sustained. An SRE perpetually buried under toil isn’t an SRE, they are just a traditional long-suffering SysAdmin with a new title."– David N. Blank-Edelman

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts

    this is a picture of an Info-Tech Analyst

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.
    The following are sample activities that will be conducted by Info-Tech analysts with your team:
    3.1.1 This image contains a screenshot from section 3.1.1 of this blueprint.

    Conduct a root cause analysis on the gaps/pain points

    Find out the cause, so you can come up with solutions.

    3.2.1 this image contains a screenshot from section 3.2.1 of this blueprint.

    Prioritize potential initiatives

    Don’t try to boil the ocean. Target what’s manageable and what will have the most impact.

    PHASE 4

    Launch Initiatives and Track Metrics

    Optimize the IT Operations Center

    Step 4.1: Lay Foundation

    This step will walk you through the following activities:

    • Build initiative communication plan.
    • Develop a testing plan for each technical initiative.

    Outcomes of this step

    • Communication plan
    • Testing plan(s)

    Expect resistance to change

    • It’s not as simple as rolling out what you’ve designed.
    • Anything that affects people’s way of working will inevitably be met with suspicion and pushback.
    • Be prepared to fight the battle.

      • "The hardest part is culture. You must get people to see the value of automation. Their first response is ‘We've been doing it this way for 10 years, why do we need to do it another way?’ It's hard to get someone out of their comfort zone to learn something new, especially when they've been at an organization for 20 years. You need to give them incentives."– Cyrus Kalatbari, Senior IT Architect, Infrastructure/Cloud

    Communicate changes in advance, along with their benefits!

    • Communicate changes well in advance of the date(s) of implementation.
    • Emphasize the benefits of the changes – not just for the organization, but for employees and staff members.
    • Advance communication of changes helps make them more palatable, and builds trust in employees by making them feel informed of what’s going on.

    Involve IT staff in design and implementation of changes

    • As you communicate the coming changes, take the opportunity to involve any affected staff members who have not yet participated in the project.
    • Solicit their feedback and get them to help design and implement the initiatives that involve significant changes to their roles.

    Develop a testing plan for each technical initiative

    • Some initiatives, such as appointing a new change manager or hiring a new staff member, do not make sense to test.
    • On the other hand, technical initiatives such as automation scripts, new monitoring tools or dashboards, and changed alert thresholds should be tested thoroughly before implementation.
    • For each technical initiative, think about the expected results and performance if it were to run in production, and build a test plan to ensure it behaves as expected and there are no corner cases.

    Test technology initiatives and iterate if necessary

    • Test each technical initiative under a variety of circumstances, with as close an environment to production as possible.
    • Try to develop corner cases or unusual or unexpected situations, and see if any of these will break the functionality or produce unintended or unexpected results.
    • Document the results of the testing, and iterate on the initiative and test again if necessary.

    "The most important things – and the things that people miss – are prerequisites and expected results. People jump out and build scripts, then the scripts go into the ditch, and they end up debugging in production." – Darin Stahl, Research Director, Infrastructure & Operations

    Step 4.2: Launch and Measure

    This step will walk you through the following activities:

    • Launch initiatives and track adoption and effectiveness.
    • Investigate initiatives that appear ineffective.
    • Measure success with the holy trinity.

    Outcomes of this step

    • Continual improvement roadmap

    Establish a review cycle for each metric

    Info-Tech Best Practice

    Don’t measure what doesn’t matter. If a metric is not going to be reviewed or reported on for informational or decision-making purposes, it should not be tracked.

    Launch initiatives and track adoption and effectiveness

    • Launch the initiatives.
    • Some initiatives will need to proceed through your change management process in order to roll out, but others will not.
    • Track the adoption of initiatives that require it.
      • Some initiatives will require tracking of adoption, whereas others will not.
      • For example, hiring a new service desk staff member does not require tracking of adoption, but implementing a new process for ticket handling does.
      • The implementation plan should include a way to measure the adoption of such initiatives, and regularly review the numbers to see if the implementation has been successful.
    • For all initiatives, measure their effectiveness by continuing to track the KPI/metric that the initiative is intended to influence.

    Assess metrics according to review cycle for continual improvement

    • Assess metrics according to the review cycle.
    • Note whether metrics are improving in the right direction or not.
    • Correlate changes in the metrics with measures of the adoption of the initiatives – see whether initiatives that have been adopted are moving the needle on the KPIs they are intended to.

    Investigate initiatives that appear ineffective

    • If the adoption of an initiative has succeeded, but the expected impact of that initiative on the KPI has not taken place, investigate further and conduct a root causes analysis to determine why this is the case.
    • Sometimes, anomalies or fluctuations will occur that cause the KPI not to move in accordance with the success of the initiative. In this case, it’s just a fluke and the initiative can still be successful in influencing the KPI over the long term.
    • Other times, the initiative may prove mostly or entirely ineffective, either due to misdesign of the initiative itself, a change of circumstances, or other compounding factors or complexities. If the initiative proves ineffective, consider iterating modifications of the initiative and continuing to measure the effect on KPIs – or perhaps killing the initiative altogether.
    • Remember that experimentation is not a bad thing – it’s okay that not every initiative will always prove worthwhile.

    Measure success with the holy trinity

    • Report to business stakeholders on the effect on the holy trinity of metrics at least annually.
    • Calculate the ROI of the project after two years and compare the results to the targeted ROI you initially presented in the IT Operations Center Stakeholder Buy-In Presentation.
    This image contains a Funnel Chart showing the inputs: Downtime; Cost of Incident Response; MRW; and the output: Reduce for continual improvement

    Iterate on the Operations Center process for continual improvement

    This image depicts a cycle, which includes: Data analysis; Executive Sponsorship; Success Criteria; Gap Assessment; Initiatives; Tracking & Measurement

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts

    this is a picture of an Info-Tech Analyst

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.
    The following are sample activities that will be conducted by Info-Tech analysts with your team:
    4.1.1This image contains a screenshot from section 3.1.1 of this blueprint.

    Communicate changes in advance, along with their benefits!

    Rank goals based on business impact and stakeholder pecking order.

    4.1.2 this image contains a screenshot from section 3.2.1 of this blueprint.

    Develop a testing plan for each technical initiative

    Craft a concise and compelling elevator pitch that will drive the project forward.

    Research contributors and experts
    This is a picture of Cyrus Kalatbari, IT infrastructure/cloud architect

    Cyrus Kalatbari, IT Infrastructure/Cloud Architect

    Cyrus’ in-depth knowledge cutting across I&O and service delivery has enhanced the IT operations of multiple enterprise-class clients.

    This is a picture of Derek Cullen, Chief Technology Officer

    Derek Cullen, Chief Technology Officer

    Derek is a proven leader in managing enterprise-scale development, deployment, and integration of applications, platforms, and systems, with a sharp focus on organizational transformation and corporate change.

    This is a picture of Phil Webb, Senior Manager

    Phil Webb, Senior Manager – Unified Messaging and Mobility

    Phil specializes in service delivery for cloud-based and hybrid technology solutions, spanning requirements gathering, solution design, new technology introduction, development, integration, deployment, production support, change/release delivery, maintenance, and continuous improvement.

    This is a picture of Richie Mendoza, IT Services Delivery Consultant

    Richie Mendoza, IT Services Delivery Consultant

    Ritchie’s accomplishments include pioneering a cloud capacity management process and presenting to the Operations team and to higher management, while providing a high level of technical leadership in all phases of capacity management activities.

    This is a picture of Rob Thompson, Solutions Architect

    Rob Thomson, Solutions Architect

    Rob is an IT leader with a track record of creating and executing digital transformation initiatives to achieve the desired outcomes by integrating people, process, and technology into an efficient and effective operating model.

    Related Info-Tech research

    Create a Configuration Management Roadmap

    Right-size your CMDB to improve IT operations.

    Harness Configuration Management Superpowers

    Build a CMDB around the IT services that are most important to the organization.

    Develop an IT Infrastructure Services Playbook

    Automation, SDI, and DevOps – build a cheat sheet to manage a changing Infrastructure & Operations environment.

    Develop an Availability and Capacity Management Plan

    Manage capacity to increase uptime and reduce costs.

    Establish a Program to Enable Effective Performance Monitoring

    Maximize the benefits of infrastructure monitoring investments by diagnosing and assessing transaction performance, from network to server to end-user interface.

    Bibliography

    Baker, Dan, and Hal Baylor. “How Benchmarking & Streamlining NOC Operations Can Lower Costs & Boost Effectiveness.” Top Operator, Mar. 2017. Web.

    Blank-Edelman, David. Seeking SRE: Conversations About Running Production Systems at Scale. O'Reilly, 2018. Web.

    CA Technologies. “IT Transformation to Next-Generation Operations Centers: Assure Business Service Reliability by Optimizing IT Operations.” CA Technologies, 2014. Web.

    Ditmore, Jim. “Improving Availability: Where to Start.” Recipes for IT, n.d. Web.

    Ennis, Shawn. “A Phased Approach for Building a Next-Generation Network Operations Center.” Monolith Software, 2009. Web.

    Faraclas, Matt. “Why Does Infrastructure Operations Still Suck?” Ideni, 25 Feb. 2016. Web.

    InterOp ITX. “2018 State of the Cloud.” InterOp ITX, Feb. 2018. Web.

    ITIC. “Cost of Hourly Downtime Soars: 81% of Enterprises Say it Exceeds $300K On Average.” ITIC, 2 Aug. 2016. Web.

    Joe the IT Guy. “Availability Management Is Harder Than it Looks.” Joe the IT Guy, 10 Feb. 2016. Web.

    ---. “Do Quick Wins Exist for Availability Management?” Joe the IT Guy, 15 May 2014. Web.

    Lawless, Steve. “11 Top Tips for Availability Management.” Purple Griffon, 4 Jan. 2019. Web.

    Metzler, Jim. “The Next Generation Network Operations Center: How the Focus on Application Delivery is Redefining the NOC.” Ashton, Metzler & Associates, n.d. Web.

    Nilekar, Shirish. “Beyond Redundancy: Improving IT Availability.” Network Computing, 28 Aug. 2015. Web.

    Slocum, Mac. “Site Reliability Engineering (SRE): A Simple Overview.” O’Reilly, 16 Aug. 2018. Web.

    Spiceworks. “The 2019 State of IT.” Spiceworks, 2019. Web

    Terms of use

     These Terms of Use state the terms and conditions under which you may use this website and the Services, which are the property of Tymans Group BV. ("TY"). Your use of this site and the Services constitutes acceptance of these Terms of Use.
    1. General Use Restrictions

    TY services, advice, materials, products, websites, and networks (collectively the "Services") are to be used for the User (meaning a named individual user that uses the publicly available Services or is authorized by TY in a service agreement to use the Services that require paid access) use and benefit only pursuant to the terms and limitations of the paid subscription and may not be disclosed, disseminated or distributed to any other party, except as TY otherwise agrees in writing. The User will not circumvent any encryption or otherwise gain access to Services for which the User has not been expressly granted the appropriate rights of access.

    The User will not use the Services for or knowingly transmit to TY or upload to any TY site or network any illegal, improper, or unacceptable material or use them for illegal, improper, or unacceptable practices, including without limitation the dissemination of any defamatory, fraudulent, infringing, abusive, lewd, obscene or pornographic material, viruses, trojan horses, time bombs, worms, or other harmful code designed to interrupt, destroy, or limit the functionality of any software, hardware or communications equipment, unsolicited mass email or other internet-based advertising campaigns, privacy breaches, denial of use attacks, spoofing, or impersonation.

    1. Copyright

    The Services are © Tymans Group BV. All rights reserved.

    The Services are owned by and copyrighted by TY and other parties and may contain trademarks of TY or others. They are protected by Canadian, US, and international copyright and trademark laws and conventions.

    User may use the Services solely for his or their own information purposes pursuant to the terms and limitations of the paid subscription. The User may download any of the Service's tools or templates for his or her individual use but may not distribute any articles, tools, templates, or blueprints internally, subject to the exceptions below. The User may create derivative works from the Service's tools or templates and distribute these for internal use but may not distribute these derivative works externally for any commercial or resale purposes.

    Any other reproduction or dissemination of the Services in any form or by any means is forbidden without TY's written permission, and without limiting the generality of the foregoing, the User will not:

    • A. record and re-transmit the Service over any network (including any local area network), except as otherwise stated above;
    • B. use any Service in any timesharing, service bureau, bulletin board, or similar arrangement or public display;
    • C. post any Service to any other online service (including bulletin boards or the internet);
    • D. sublicense, lease, sell, offer for sale or assign the Service; or
    • E. use TY's name or any excerpts from the Services in the promotion of its products or services.
    1. Users

    Users must be authorized to use the Services by TY. Users must maintain and protect the confidentiality of any password(s) and are responsible for ensuring that the passwords are effective. Users shall advise TY immediately if they discover that their password has been compromised at the following number: 1-888-670-8889. If you are an organization that is party to a service agreement with TY, references in these Terms of Use to "User(s)" include you, and you are responsible for compliance by named individual Users within your organization with these Terms of Use.

    1. User Perspective

    For the benefit of all Users, TY's research services include the ability for Users to (i) participate in the creation of research by contributing User perspectives for publication on TY's websites and (ii) participate in industry-specific community groups and other forums by contributing discussion posts. All such contributions are voluntary with the full consent of the User. If your account is used to contribute content to TY's websites (collectively, "User Contributions"), you agree to accept sole responsibility for those User Contributions, including the information, statements, facts, and material contained in any form or medium (e.g., text, audio, video, and photographic) therein. To the extent Users contribute any feedback to TY (as User Contributions or otherwise), TY may use that feedback to assess, improve, and market its products. To the extent Users contribute to research, TY may incorporate those contributions within the research Services without the necessity of attribution. You grant us and our affiliates a worldwide, irrevocable, royalty-free, nonexclusive license to use, reproduce, create derivative works of, distribute publicly display, and publish User Contributions. You agree you will not attempt to enforce any so-called "moral rights" in User Contributions against us or our affiliates.

    By using TY's research services, you agree that none of your User Contributions will:

    • Infringe on the intellectual property, trade secret, privacy, publicity, or other rights of others;
    • Contain false statements or misrepresentations that could damage TY or any third party;
    • Include obscene, libelous, defamatory, threatening, harassing, abusive, hateful, sexually explicit, sexually-oriented, profane, or embarrassing material, as determined by TY in its sole discretion;
    • Be illegal or otherwise objectionable;
    • Contain the personal information of any third party, including, without limitation, addresses, phone numbers, email addresses, Social Security numbers, and credit card numbers;
    • Encourage or facilitate insider trading or anti-competitive behavior;
    • Include commercial advertisements or solicitations; or
    • Purport to or actually provide legal or professional advice.

    BecauseTY's Web sites are available to the public, User Contributions on TY's Web sites are not Confidential Information.

    Although you are solely responsible for the content you provide, and we do not have a policy of reviewing or monitoring all User Contributions, we reserve the right to pre-screen and/or monitor User Contributions. If we become aware of User Contributions that violate these Terms of Service or that we believe to be otherwise objectionable, we may reject or delete them or take other action without notice to you and at our sole discretion.

    If you believe that any User Contributions appear to violate these Terms of Service, or if you believe any other user is engaged in illegal, harassing, or objectionable behavior, please contact us.

    1. Non-Disclosure of Confidential Information

    In these Terms of Use, "Confidential Information" means information of a commercially sensitive or proprietary character that is marked as confidential or that a reasonable person would understand to be confidential. The "Disclosing Party" is the party disclosing Confidential Information, and the "Receiving Party" is the party receiving Confidential Information. However, Confidential Information does not include information that:

    • was in the public domain at the time of communication to the Receiving Party or is later placed in the public domain by the Disclosing Party;
    • entered the public domain through no fault of the Receiving Party subsequent to the time of disclosure hereunder to the Receiving Party;
    • was in the Receiving Party's possession free of any obligation of confidence prior to disclosure hereunder; or
    • was developed by employees or agents of the Receiving Party independently of and without reference to any Confidential Information.

    The Receiving Party shall not disclose, publish or communicate the Confidential Information to any third party without the prior written consent of the Disclosing Party. However, the Receiving Party may disclose the Confidential Information to a third party who has a need to know the Confidential Information and (i) is an accountant, attorney, underwriter, or advisor under a duty of confidentiality; or (ii) is under a written obligation of confidentiality at least as restrictive as this Agreement and to the extent required by law.

    TY may create or use anonymized data for purposes such as benchmarking, analytics, and other good-faith business purposes. Anonymized data is not the Confidential Information of Users.

    1. Term

    Many of the Services are "subscription" services that have a fixed Term and must be renewed in writing at the end of the term for services to continue. The contractual term of membership is generally one (1) to three (3) years in length and is agreed to by the parties in writing. Workshops purchased as part of membership expire without refund or credit at the end of the membership period covered by the purchase. Workshops purchased outside membership expire without refund or credit one (1) year after purchase. TY may terminate a User's access at any time if the User or the entity paying for the User's access violates the terms of use or subscription or any other agreement with TY.

    1. Cancellation

    As the Services are paid in advance for a committed membership term, a service agreement or membership cannot be terminated by a User for convenience during a contractual term.

    1. Changes

    TY strives to innovate. TY may update, upgrade or otherwise change or discontinue content, features, or other aspects of its Services. TY will not make changes that cumulatively degrade the quality of a paid subscription to the Services. TY also reserves the right to change the terms and conditions applicable to your use of the Services unless TY has otherwise agreed in a service agreement. Use of the Services after such changes shall be deemed to be acceptance by the User of such changes. These terms were last revised on June 8, 2022.

    1. Accuracy of Information and Warranty

    The information contained in the Services has been obtained from sources believed to be reliable, but TY does not warrant the completeness, timeliness, or accuracy of any information contained in the Services. The Services are intended to: help identify business risks; provide insights based on industry research; and help you focus on certain matters which may be affecting your business. TY does not provide legal, accounting, or other professional advice, nor should any advice from TY be construed as such. We encourage you to seek professional advice whenever necessary.

    TY expressly excludes and disclaims all express or implied conditions, representations, and warranties, including, without limitation, any implied warranties or conditions of merchantability or fitness for a particular purpose, to the extent allowable by law.

    Although TY takes reasonable steps to screen Services for infection by viruses, worms, Trojan horses, or other code manifesting contaminating or destructive properties before making the Services available, TY cannot guarantee that any Service will be free of infection.

    User assumes sole responsibility for the selection of the Services to achieve its intended results. The opinions expressed in the Services are subject to change without notice.

    TY does not endorse third-party products or services. TY assesses and analyzes the effectiveness and appropriateness of information technology in the context of a general business environment only unless specifically hired by a User to assess in the context of their own environment.

    1. Limitation of Liability

    In no event is TY liable for any special, indirect, consequential, incidental, punitive, or other damages however caused, whether in contract, tort, negligence, strict liability, operation of law, or otherwise (including without limitation damages for lost profits, business interruption or loss arising out of the use of or inability to use the Services, or any information provided in the Services, or claims attributable to errors, omissions or other inaccuracies in the Service or interpretations thereof), even if TY has been advised of the possibility of such damages. TY's total liability shall in no event exceed the amount paid by the User for the Service in question.

    The User acknowledges that TY has set its prices and sold the Services to it in reliance on the limitations of liability and disclaimers of warranties and damages set forth herein and that the same form a fundamental and essential basis of the bargain between the parties. They shall apply even if the contract between the User and TY is found to have failed in its fundamental or essential purpose or has been fundamentally breached.

    1. Links to Third-Party Sites

    Any third-party sites that are linked to the Services are not under TY's control. TY is not responsible for anything on the linked sites, including without limitation any content, links to other sites, any changes to those sites, or any policies those sites may have. TY provides links as a convenience only, and such links do not imply any endorsement by TY of those sites.

    1. Investment Advice

    The Services are not intended to be used for the purpose of, or as a basis for, making investment decisions or recommendations with respect to securities of any company or industry, and TY assumes no liability for decisions made, in whole or in part, on the basis of any information contained in the Services.

    1. Governing Law

    This site and any service agreement are governed by the laws of the Province of Ontario, Canada, excluding any conflicts of law provisions and excluding the United Nations Convention on Contracts for the International Sale of Goods. Any legal action against TY shall take place in the courts of the province of Antwerp, Belgium. The parties attorn to the non-exclusive jurisdiction of the courts of Ontario.

    1. Entire Agreement

    These standard terms of use, together with any service agreements and statements of work signed by the parties, contains the complete and exclusive statement of Agreement between the parties and supersedes all purchase order terms and conditions, understandings, proposals, negotiations, representations, or warranties of any kind whether written or oral.

    1. Privacy

    A User's right to privacy is of paramount importance to TY. See our Privacy Policy for more detail. The identity of our research clients is not considered personal or confidential information, and we may disclose that information for promotion and marketing purposes.

    1. Contact Information

    Attn: General Counsel

    legal@tymansgroup.com

    (US): 1-917-473-8669

    (BE): 32-468-142-754

    Mergers & Acquisitions: The Sell Blueprint

    • Buy Link or Shortcode: {j2store}324|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy

    There are four key scenarios or entry points for IT as the selling/divesting organization in M&As:

    • IT can suggest a divestiture to meet the business objectives of the organization.
    • IT is brought in to strategy plan the sale/divestiture from both the business’ and IT’s perspectives.
    • IT participates in due diligence activities and complies with the purchasing organization’s asks.
    • IT needs to reactively prepare its environment to enable the separation.

    Consider the ideal scenario for your IT organization.

    Our Advice

    Critical Insight

    Divestitures are inevitable in modern business, and IT’s involvement in the process should be too. This progression is inspired by:

    • The growing trend for organizations to increase, decrease, or evolve through these types of transactions.
    • A maturing business perspective of IT, preventing the difficulty that IT is faced with when invited into the transaction process late.
    • Transactions that are driven by digital motivations, requiring IT’s expertise.
    • There never being such a thing as a true merger, making the majority of M&A activity either acquisitions or divestitures.

    Impact and Result

    Prepare for a sale/divestiture transaction by:

    • Recognizing the trend for organizations to engage in M&A activity and the increased likelihood that, as an IT leader, you will be involved in a transaction in your career.
    • Creating a standard strategy that will enable strong program management.
    • Properly considering all the critical components of the transaction and integration by prioritizing tasks that will reduce risk, deliver value, and meet stakeholder expectations.

    Mergers & Acquisitions: The Sell Blueprint Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how your organization can excel its reduction strategy by engaging in M&A transactions. Review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Proactive Phase

    Be an innovative IT leader by suggesting how and why the business should engage in an acquisition or divestiture.

    • One-Pager: M&A Proactive
    • Case Study: M&A Proactive
    • Information Asset Audit Tool
    • Data Valuation Tool
    • Enterprise Integration Process Mapping Tool
    • Risk Register Tool
    • Security M&A Due Diligence Tool
    • Service Catalog Internal Service Level Agreement Template

    2. Discovery & Strategy

    Create a standardized approach for how your IT organization should address divestitures or sales.

    • One-Pager: M&A Discovery & Strategy – Sell
    • Case Study: M&A Discovery & Strategy – Sell

    3. Due Diligence & Preparation

    Comply with due diligence, prepare the IT environment for carve-out possibilities, and establish the separation project plan.

    • One-Pager: M&A Due Diligence & Preparation – Sell
    • Case Study: M&A Due Diligence & Preparation – Sell
    • IT Due Diligence Charter
    • IT Culture Diagnostic
    • M&A Separation Project Management Tool (SharePoint)
    • SharePoint Template: Step-by-Step Deployment Guide
    • M&A Separation Project Management Tool (Excel)

    4. Execution & Value Realization

    Deliver on the separation project plan successfully and communicate IT’s transaction value to the business.

    • One-Pager: M&A Execution & Value Realization – Sell
    • Case Study: M&A Execution & Value Realization – Sell

    Infographic

    Workshop: Mergers & Acquisitions: The Sell Blueprint

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Pre-Transaction Discovery & Strategy

    The Purpose

    Establish the transaction foundation.

    Discover the motivation for divesting or selling.

    Formalize the program plan.

    Create the valuation framework.

    Strategize the transaction and finalize the M&A strategy and approach.

    Key Benefits Achieved

    All major stakeholders are on the same page.

    Set up crucial elements to facilitate the success of the transaction.

    Have a repeatable transaction strategy that can be reused for multiple organizations.

    Activities

    1.1 Conduct the CIO Business Vision and CEO-CIO Alignment diagnostics.

    1.2 Identify key stakeholders and outline their relationship to the M&A process.

    1.3 Understand the rationale for the company's decision to pursue a divestiture or sale.

    1.4 Assess the IT/digital strategy.

    1.5 Identify pain points and opportunities tied to the divestiture/sale.

    1.6 Create the IT vision statement and mission statement and identify IT guiding principles and the transition team.

    1.7 Document the M&A governance.

    1.8 Establish program metrics.

    1.9 Create the valuation framework.

    1.10 Establish the separation strategy.

    1.11 Conduct a RACI.

    1.12 Create the communication plan.

    1.13 Prepare to assess target organizations.

    Outputs

    Business perspectives of IT

    Stakeholder network map for M&A transactions

    Business context implications for IT

    IT’s divestiture/sale strategic direction

    Governance structure

    M&A program metrics

    IT valuation framework

    Separation strategy

    RACI

    Communication plan

    Prepared to assess target organization(s)

    2 Mid-Transaction Due Diligence & Preparation

    The Purpose

    Establish the foundation.

    Discover the motivation for separation.

    Identify expectations and create the carve-out roadmap.

    Prepare and manage employees.

    Plan the separation roadmap.

    Key Benefits Achieved

    All major stakeholders are on the same page.

    Methodology identified to enable compliance during due diligence.

    Employees are set up for a smooth and successful transition.

    Separation activities are planned and assigned.

    Activities

    2.1 Gather and evaluate the stakeholders involved, M&A strategy, future-state operating model, and governance.

    2.2 Review the business rationale for the divestiture/sale.

    2.3 Establish the separation strategy.

    2.4 Create the due diligence charter.

    2.5 Create a list of IT artifacts to be reviewed in the data room.

    2.6 Create a carve-out roadmap.

    2.7 Create a service/technical transaction agreement.

    2.8 Measure staff engagement.

    2.9 Assess the current culture and identify the goal culture.

    2.10 Create employee transition and functional workplans.

    2.11 Establish the separation roadmap.

    2.12 Establish and align project metrics with identified tasks.

    2.13 Estimate integration costs.

    Outputs

    Stakeholder map

    IT strategy assessed

    IT operating model and IT governance structure defined

    Business context implications for IT

    Separation strategy

    Due diligence charter

    Data room artifacts

    Carve-out roadmap

    Service/technical transaction agreement

    Engagement assessment

    Culture assessment

    Employee transition and functional workplans

    Integration roadmap and associated resourcing

    3 Post-Transaction Execution & Value Realization

    The Purpose

    Establish the transaction foundation.

    Discover the motivation for separation.

    Plan the separation roadmap.

    Prepare employees for the transition.

    Engage in separation.

    Assess the transaction outcomes.

    Key Benefits Achieved

    All major stakeholders are on the same page.

    Separation activities are planned and assigned.

    Employees are set up for a smooth and successful transition.

    Separation strategy and roadmap are executed to benefit the organization.

    Review what went well and identify improvements to be made in future transactions.

    Activities

    3.1 Identify key stakeholders and outline their relationship to the M&A process.

    3.2 Gather and evaluate the M&A strategy, future-state operating model, and governance.

    3.3 Review the business rationale for the divestiture/sale.

    3.4 Establish the separation strategy.

    3.5 Prioritize separation tasks.

    3.6 Establish the separation roadmap.

    3.7 Establish and align project metrics with identified tasks.

    3.8 Estimate separation costs.

    3.9 Measure staff engagement.

    3.10 Assess the current culture and identify the goal culture.

    3.11 Create employee transition and functional workplans.

    3.12 Complete the separation by regularly updating the project plan.

    3.13 Assess the service/technical transaction agreement.

    3.14 Confirm separation costs.

    3.15 Review IT’s transaction value.

    3.16 Conduct a transaction and separation SWOT.

    3.17 Review the playbook and prepare for future transactions.

    Outputs

    M&A transaction team

    Stakeholder map

    IT strategy assessed

    IT operating model and IT governance structure defined

    Business context implications for IT

    Separation strategy

    Separation roadmap and associated resourcing

    Engagement assessment

    Culture assessment

    Employee transition and functional workplans

    Updated separation project plan

    Evaluated service/technical transaction agreement

    SWOT of transaction

    M&A Sell Playbook refined for future transactions

    Further reading

    Mergers & Acquisitions: The Sell Blueprint

    For IT leaders who want to have a role in the transaction process when their business is engaging in an M&A sale or divestiture.

    EXECUTIVE BRIEF

    Analyst Perspective

    Don’t wait to be invited to the M&A table, make it.

    Photo of Brittany Lutes, Research Analyst, CIO Practice, Info-Tech Research Group.
    Brittany Lutes
    Research Analyst,
    CIO Practice
    Info-Tech Research Group
    Photo of Ibrahim Abdel-Kader, Research Analyst, CIO Practice, Info-Tech Research Group.
    Ibrahim Abdel-Kader
    Research Analyst,
    CIO Practice
    Info-Tech Research Group

    IT has always been an afterthought in the M&A process, often brought in last minute once the deal is nearly, if not completely, solidified. This is a mistake. When IT is brought into the process late, the business misses opportunities to generate value related to the transaction and has less awareness of critical risks or inaccuracies.

    To prevent this mistake, IT leadership needs to develop strong business relationships and gain respect for their innovative suggestions. In fact, when it comes to modern M&A activity, IT should be the ones suggesting potential transactions to meet business needs, specifically when it comes to modernizing the business or adopting digital capabilities.

    IT needs to stop waiting to be invited to the acquisition or divestiture table. IT needs to suggest that the table be constructed and actively work toward achieving the strategic objectives of the business.

    Executive Summary

    Your Challenge

    There are four key scenarios or entry points for IT as the selling/divesting organization in M&As:

    • IT can suggest a divestiture to meet the business objectives of the organization.
    • IT is brought in to strategy plan the sale/divestiture from both the business’ and IT’s perspectives.
    • IT participates in due diligence activities and complies with the purchasing organization’s asks.
    • IT needs to reactively prepare its environment to enable the separation.

    Consider the ideal scenario for your IT organization.

    Common Obstacles

    Some of the obstacles IT faces include:

    • IT is often told about the transaction once the deal has already been solidified and is now forced to meet unrealistic business demands.
    • The business does not trust IT and therefore does not approach IT to define value or reduce risks to the transaction process.
    • The people and culture element is forgotten or not given adequate priority.

    These obstacles often arise when IT waits to be invited into the transaction process and misses critical opportunities.

    Info-Tech's Approach

    Prepare for a sale/divestiture transaction by:

    • Recognizing the trend for organizations to engage in M&A activity and the increased likelihood that, as an IT leader, you will be involved in a transaction in your career.
    • Creating a standard strategy that will enable strong program management.
    • Properly considering all the critical components of the transaction and integration by prioritizing tasks that will reduce risk, deliver value, and meet stakeholder expectations.

    Info-Tech Insight

    As the number of merger, acquisition, and divestiture transactions continues to increase, so too does IT’s opportunity to leverage the growing digital nature of these transactions and get involved at the onset.

    The changing M&A landscape

    Businesses will embrace more digital M&A transactions in the post-pandemic world

    • When the pandemic occurred, businesses reacted by either pausing (61%) or completely cancelling (46%) deals that were in the mid-transaction state (Deloitte, 2020). The uncertainty made many organizations consider whether the risks would be worth the potential benefits.
    • However, many organizations quickly realized the pandemic is not a hindrance to M&A transactions but an opportunity. Over 16,000 American companies were involved in M&A transactions in the first six months of 2021 (The Economist). For reference, this had been averaging around 10,000 per six months from 2016 to 2020.
    • In addition to this transaction growth, organizations have increasingly been embracing digital. These trends increase the likelihood that, as an IT leader, you will engage in an M&A transaction. However, it is up to you when you get involved in the transactions.

    The total value of transactions in the year after the pandemic started was $1.3 billion – a 93% increase in value compared to before the pandemic. (Nasdaq)

    71% of technology companies anticipate that divestitures will take place as a result of the COVID-19 pandemic. (EY, 2020)

    Your challenge

    IT is often not involved in the M&A transaction process. When it is, it’s often too late.

    • The most important driver of an acquisition is the ability to access new technology (DLA Piper), and yet 50% of the time, IT isn’t involved in the M&A transaction at all (IMAA Institute, 2017).
    • Additionally, IT’s lack of involvement in the process negatively impacts the business:
      • Most organizations (60%) do not have a standardized approach to integration (Steeves and Associates), let alone separation.
      • Two-thirds of the time, the divesting organization and acquiring organization will either fail together or succeed together (McKinsey, 2015).
      • Less than half (47%) of organizations actually experience the positive results sought by the M&A transaction (Steeves and Associates).
    • Organizations pursuing M&A and not involving IT are setting themselves up for failure.

    Only half of M&A deals involve IT (Source: IMAA Institute, 2017)

    Common Obstacles

    These barriers make this challenge difficult to address for many organizations:

    • IT is rarely afforded the opportunity to participate in the transaction deal. When IT is invited, this often happens later in the process where separation will be critical to business continuity.
    • IT has not had the opportunity to demonstrate that it is a valuable business partner in other business initiatives.
    • One of the most critical elements that IT often doesn’t take the time or doesn’t have the time to focus on is the people and leadership component.
    • IT waits to be invited to the process rather then actively involving themselves and suggesting how value can be added to the process.

    In hindsight, it’s clear to see: Involving IT is just good business.

    47% of senior leaders wish they would have spent more time on IT due diligence to prevent value erosion. (Source: IMAA Institute, 2017)

    “Solutions exist that can save well above 50 percent on divestiture costs, while ensuring on-time delivery.” (Source: SNP)

    Info-Tech's approach

    Acquisitions & Divestitures Framework

    Acquisitions and divestitures are inevitable in modern business, and IT’s involvement in the process should be too. This progression is inspired by:

    1. The growing trend for organizations to increase, decrease, or evolve through these types of transactions.
    2. Transactions that are driven by digital motivations, requiring IT’s expertise.
    3. A maturing business perspective of IT, preventing the difficulty that IT is faced with when invited into the transaction process late.
    4. There never being such a thing as a true merger, making the majority of M&A activity either acquisitions or divestitures.
    A diagram highlighting the 'IT Executives' Role in Acquisitions and Divestitures' when they are integrated at different points in the 'Core Business Timeline'. There are four main entry points 'Proactive', 'Discovery and Strategy', 'Due Diligence and Preparation', and 'Execution and Value Realized'. It is highlighted that IT can and should start at 'Proactive', but most organizations start at 'Execution and Value Realized'. 'Proactive': suggest opportunities to evolve the organization; prove IT's value and engage in growth opportunities early. Innovators start here. Steps of the business timeline in 'Proactive' are 'Organization strategies are defined' and 'M and A is considered to enable strategy'. After a buy or sell transaction is initiated is 'Discovery and Strategy': pre-transaction state. If it is a Buy transaction, 'Establish IT's involvement and approach'. If it is a Sell transaction, 'Prepare to engage in negotiations'. Business Partners start here. Steps of the business timeline in 'Discovery and Strategy' are 'Searching criteria is set', 'Potential candidates are considered', and 'LOI is sent/received'. 'Due Diligence and Preparation': mid-transaction state. If it is a Buy transaction, 'Identify potential transaction benefits and risks'. If it is a Sell transaction, 'Comply, communicate, and collaborate in transaction'. Trusted Operators start here. Steps of the business timeline in 'Due Diligence and Preparation' are 'Due diligence engagement occurs', 'Final agreement is reached', and 'Preparation for transaction execution occurs'. 'Execution and Value Realization': post-transaction state. If it is a Buy transaction, 'Integrate the IT environments and achieve business value'. If it is a Sell transaction, 'Separate the IT environment and deliver on transaction terms'. Firefighters start here. Steps of the business timeline in 'Execution and Value Realization' are 'Staff and operations are addressed appropriately', 'Day 1 of implementation and integration activities occurs', '1st 100 days of new entity state occur' and 'Ongoing risk mitigating and value creating activities occur'.

    The business’ view of IT will impact how soon IT can get involved

    There are four key entry points for IT

    A colorful visualization of the four key entry points for IT and a fifth not-so-key entry point. Starting from the top: 'Innovator', Information and Technology as a Competitive Advantage, 90% Satisfaction; 'Business Partner', Effective Delivery of Strategic Business Projects, 80% Satisfaction; 'Trusted Operator', Enablement of Business Through Application and Work Orders, 70% Satisfaction; 'Firefighter', Reliable Infrastructure and IT Service Desk, 60% Satisfaction; and then 'Unstable', Inability to Consistently Deliver Basic Services, <60% Satisfaction.
    1. Innovator: IT suggests a sale or divestiture to meet the business objectives of the organization.
    2. Business Partner: IT is brought in to strategy plan the sale/divestiture from both the business’ and IT’s perspective.
    3. Trusted Operator: IT participates in due diligence activities and complies with the purchasing organization’s asks.
    4. Firefighter: IT needs to reactively prepare its environment in order to enable the separation.

    Merger, acquisition, and divestiture defined

    Merger

    A merger looks at the equal combination of two entities or organizations. Mergers are rare in the M&A space, as the organizations will combine assets and services in a completely equal 50/50 split. Two organizations may also choose to divest business entities and merge as a new company.

    Acquisition

    The most common transaction in the M&A space, where an organization will acquire or purchase another organization or entities of another organization. This type of transaction has a clear owner who will be able to make legal decisions regarding the acquired organization.

    Divestiture

    An organization may decide to sell partial elements of a business to an acquiring organization. They will separate this business entity from the rest of the organization and continue to operate the other components of the business.

    Info-Tech Insight

    A true merger does not exist, as there is always someone initiating the discussion. As a result, most M&A activity falls into acquisition or divestiture categories.

    Selling vs. buying

    The M&A process approach differs depending on whether you are the selling or buying organization

    This blueprint is only focused on the sell side:

    • Examples of sell-related scenarios include:
      • Your organization is selling to another organization with the intent of keeping its regular staff, operations, and location. This could mean minimal separation is required.
      • Your organization is selling to another organization with the intent of separating to be a part of the purchasing organization.
      • Your organization is engaging in a divestiture with the intent of:
        • Separating components to be part of the purchasing organization permanently.
        • Separating components to be part of a spinoff and establish a unit as a standalone new company.
    • As the selling organization, you could proactively seek out suitors to purchase all or components of your organization, or you could be approached by an organization.

    The buy side is focused on:

    • More than two organizations could be involved in a transaction.
    • Examples of buy-related scenarios include:
      • Your organization is buying another organization with the intent of having the purchased organization keep its regular staff, operations, and location. This could mean minimal integration is required.
      • Your organization is buying another organization in its entirety with the intent of integrating it into your original company.
      • Your organization is buying components of another organization with the intent of integrating them into your original company.
    • As the purchasing organization, you will probably be initiating the purchase and thus will be valuating the selling organization during due diligence and leading the execution plan.

    For more information on acquisitions or purchases, check out Info-Tech’s Mergers & Acquisitions: The Buy Blueprint.

    Core business timeline

    For IT to be valuable in M&As, you need to align your deliverables and your support to the key activities the business and investors are working on.

    Info-Tech’s methodology for Selling Organizations in Mergers, Acquisitions, or Divestitures

    1. Proactive

    2. Discovery & Strategy

    3. Due Diligence & Preparation

    4. Execution & Value Realization

    Phase Steps
    1. Identify Stakeholders and Their Perspective of IT
    2. Assess IT’s Current Value and Future State
    3. Drive Innovation and Suggest Growth Opportunities
    1. Establish the M&A Program Plan
    2. Prepare IT to Engage in the Separation or Sale
    1. Engage in Due Diligence and Prepare Staff
    2. Prepare to Separate
    1. Execute the Transaction
    2. Reflection and Value Realization

    Phase Outcomes

    Be an innovative IT leader by suggesting how and why the business should engage in an acquisition or divestiture.

    Create a standardized approach for how your IT organization should address divestitures or sales.

    Comply with due diligence, prepare the IT environment for carve-out possibilities, and establish the separation project plan.

    Deliver on the separation project plan successfully and communicate IT’s transaction value to the business.

    Metrics for each phase

    1. Proactive

    2. Discovery & Strategy

    3. Valuation & Due Diligence

    4. Execution & Value Realization

    • % Share of business innovation spend from overall IT budget
    • % Critical processes with approved performance goals and metrics
    • % IT initiatives that meet or exceed value expectation defined in business case
    • % IT initiatives aligned with organizational strategic direction
    • % Satisfaction with IT's strategic decision-making abilities
    • $ Estimated business value added through IT-enabled innovation
    • % Overall stakeholder satisfaction with IT
    • % Percent of business leaders that view IT as an Innovator
    • % IT budget as a percent of revenue
    • % Assets that are not allocated
    • % Unallocated software licenses
    • # Obsolete assets
    • % IT spend that can be attributed to the business (chargeback or showback)
    • % Share of CapEx of overall IT budget
    • % Prospective organizations that meet the search criteria
    • $ Total IT cost of ownership (before and after M&A, before and after rationalization)
    • % Business leaders that view IT as a Business Partner
    • % Defects discovered in production
    • $ Cost per user for enterprise applications
    • % In-house-built applications vs. enterprise applications
    • % Owners identified for all data domains
    • # IT staff asked to participate in due diligence
    • Change to due diligence
    • IT budget variance
    • Synergy target
    • % Satisfaction with the effectiveness of IT capabilities
    • % Overall end-customer satisfaction
    • $ Impact of vendor SLA breaches
    • $ Savings through cost-optimization efforts
    • $ Savings through application rationalization and technology standardization
    • # Key positions empty
    • % Frequency of staff turnover
    • % Emergency changes
    • # Hours of unplanned downtime
    • % Releases that cause downtime
    • % Incidents with identified problem record
    • % Problems with identified root cause
    • # Days from problem identification to root cause fix
    • % Projects that consider IT risk
    • % Incidents due to issues not addressed in the security plan
    • # Average vulnerability remediation time
    • % Application budget spent on new build/buy vs. maintenance (deferred feature implementation, enhancements, bug fixes)
    • # Time (days) to value realization
    • % Projects that realized planned benefits
    • $ IT operational savings and cost reductions that are related to synergies/divestitures
    • % IT staff–related expenses/redundancies
    • # Days spent on IT separation
    • $ Accurate IT budget estimates
    • % Revenue growth directly tied to IT delivery
    • % Profit margin growth

    IT's role in the selling transaction

    And IT leaders have a greater likelihood than ever of needing to support a merger, acquisition, or divestiture.

    1. Reduced Risk

      IT can identify risks that may go unnoticed when IT is not involved.

    2. Increased Accuracy

      The business can make accurate predictions around the costs, timelines, and needs of IT.

    3. Faster Integration

      Faster integration means faster value realization for the business.

    4. Informed Decision Making

      IT leaders hold critical information that can support the business in moving the transaction forward.

    5. Innovation

      IT can suggest new opportunities to generate revenue, optimize processes, or reduce inefficiencies.

    The IT executive’s critical role is demonstrated by:

    • Reduced Risk

      47% of senior leaders wish they would have spent more time on IT due diligence to prevent value erosion (IMAA Institute, 2017).

    • Increased Accuracy

      Sellers often only provide 15 to 30 days for the acquiring organization to decide (Forbes, 2018), increasing the necessity of accurate pricing.

    • Faster Integration

      36% of CIOs have visibility into only business unit data, making the divestment a challenge (EY, 2021).

    • Informed Decision Making

      Only 38% of corporate and 22% of private equity firms include IT as a significant aspect in their transaction approach (IMAA Institute, 2017).

    • Innovation

      Successful CIOs involved in M&As can spend 70% of their time on aspects outside of IT and 30% of their time on technology and delivery (CIO).

    Playbook benefits

    IT Benefits

    • IT will be seen as an innovative partner to the business, and its suggestions and involvement in the organization will lead to benefits, not hindrances.
    • Develop a streamlined method to prepare the IT environment for potential carve-out and separations, ensuring risk management concerns are brought to the business’ attention immediately.
    • Create a comprehensive list of items that IT needs to do during the separation that can be prioritized and actioned.

    Business Benefits

    • The business will get accurate and relevant information about its IT environment in order to sell or divest the company to the highest bidder for a true price.
    • Fewer business interruptions will happen, because IT can accurately plan for and execute the high-priority separation tasks.
    • The business can obtain a high-value offer for the components of IT being sold and can measure the ongoing value the sale will bring.

    Insight summary

    Overarching Insight

    IT controls if and when it gets invited to support the business through a purchasing growth transaction. Take control of the process, demonstrate the value of IT, and ensure that separation of IT environments does not lead to unnecessary and costly decisions.

    Proactive Insight

    CIOs on the forefront of digital transformation need to actively look for and suggest opportunities to acquire or partner on new digital capabilities to respond to rapidly changing business needs.

    Discovery & Strategy Insight

    IT organizations that have an effective M&A program plan are more prepared for the transaction, enabling a successful outcome. A structured strategy is particularly necessary for organizations expected to deliver M&As rapidly and frequently.

    Due Diligence & Preparation Insight

    IT often faces unnecessary separation challenges because of a lack of preparation. Secure the IT environment and establish how IT will retain employees early in the transaction process.

    Execution & Value Realization Insight

    IT needs to demonstrate value and cost savings within 100 days of the transaction. The most successful transactions are when IT continuously realizes synergies a year after the transaction and beyond.

    Blueprint deliverables

    Key Deliverable: M&A Sell Playbook

    The M&A Sell Playbook should be a reusable document that enables your IT organization to successfully deliver on any divestiture transaction.

    Screenshots of the 'M and A Sell Playbook' deliverable.

    M&A Sell One-Pager

    See a one-page overview of each phase of the transaction.

    Screenshots of the 'M and A Sell One-Pagers' deliverable.

    M&A Sell Case Studies

    Read a one-page case study for each phase of the transaction.

    Screenshots of the 'M and A Sell Case Studies' deliverable.

    M&A Separation Project Management Tool (SharePoint)

    Manage the separation process of the divestiture/sale using this SharePoint template.

    Screenshots of the 'M and A Separation Project Management Tool (SharePoint)' deliverable.

    M&A Separation Project Management Tool (Excel)

    Manage the separation process of the divestiture/sale using this Excel tool if you can’t or don’t want to use SharePoint.

    Screenshots of the 'M and A Separation Project Management Tool (Excel)' deliverable.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 6 to 10 calls over the course of 2 to 4 months.

      Proactive Phase

    • Call #1: Scope requirements, objectives, and your specific challenges.

      • Discovery & Strategy Phase

    • Call #2: Determine stakeholders and business perspectives on IT.
    • Call #3: Identify how M&A could support business strategy and how to communicate.

      • Due Diligence & Preparation Phase

    • Call #4: Establish a transaction team and divestiture/sale strategic direction.
    • Call #5: Create program metrics and identify a standard separation strategy.
    • Call #6: Prepare to carve out the IT environment.
    • Call #7: Identify the separation program plan.

      • Execution & Value Realization Phase

    • Call #8: Establish employee transitions to retain key staff.
    • Call #9: Assess IT’s ability to deliver on the divestiture/sale transaction.

    The Sell Blueprint

    Phase 1

    Proactive

    Phase 1

    		 Phase 2 Phase 3 Phase 4
    • 1.1 Identify Stakeholders and Their Perspective of IT
    • 1.2 Assess IT’s Current Value and Future State
    • 1.3 Drive Innovation and Suggest Reduction Opportunities
    • 2.1 Establish the M&A Program Plan
    • 2.2 Prepare IT to Engage in the Separation or Sale
    • 3.1 Engage in Due Diligence and Prepare Staff
    • 3.2 Prepare to Separate
    • 4.1 Execute the Transaction
    • 4.2 Reflection and Value Realization

    This phase will walk you through the following activities:

    • Conduct the CEO-CIO Alignment diagnostic
    • Conduct the CIO Business Vision diagnostic
    • Visualize relationships among stakeholders to identify key influencers
    • Group stakeholders into categories
    • Prioritize your stakeholders
    • Plan to communicate
    • Valuate IT
    • Assess the IT/digital strategy
    • Determine pain points and opportunities
    • Align goals to opportunities
    • Recommend reduction opportunities

    This phase involves the following participants:

    • IT and business leadership

    What is the Proactive phase?

    Embracing the digital drivers

    As the number of merger, acquisition, or divestiture transactions driven by digital means continues to increase, IT has an opportunity to not just be involved in a transaction but actively seek out potential deals.

    In the Proactive phase, the business is not currently considering a transaction. However, the business could consider one to reach its strategic goals. IT organizations that have developed respected relationships with the business leaders can suggest these potential transactions.

    Understand the business’ perspective of IT, determine who the critical M&A stakeholders are, valuate the IT environment, and examine how it supports the business goals in order to suggest an M&A transaction.

    In doing so, IT isn’t waiting to be invited to the transaction table – it’s creating it.

    Goal: To support the organization in reaching its strategic goals by suggesting M&A activities that will enable the organization to reach its objectives faster and with greater-value outcomes.

    Proactive Prerequisite Checklist

    Before coming into the Proactive phase, you should have addressed the following:

    • Understand what mergers, acquisitions, and divestitures are.
    • Understand what mergers, acquisitions, and divestitures mean for the business.
    • Understand what mergers, acquisitions, and divestitures mean for IT.

    Review the Executive Brief for more information on mergers, acquisitions, and divestitures for selling organizations.

    Proactive

    Step 1.1

    Identify M&A Stakeholders and Their Perspective of IT

    Activities

    • 1.1.1 Conduct the CEO-CIO Alignment diagnostic
    • 1.1.2 Conduct the CIO Business Vision diagnostic
    • 1.1.3 Visualize relationships among stakeholders to identify key influencers
    • 1.1.4 Group stakeholders into categories
    • 1.1.5 Prioritize your stakeholders
    • 1.16 Plan to communicate

    This step involves the following participants:

    • IT executive leader
    • IT leadership
    • Critical M&A stakeholders

    Outcomes of Step

    Understand how the business perceives IT and establish strong relationships with critical M&A stakeholders.

    Business executives' perspectives of IT

    Leverage diagnostics and gain alignment on IT’s role in the organization

    • To suggest or get involved with a merger, acquisition, or divestiture, the IT executive leader needs to be well respected by other members of the executive leadership team and the business.
    • Specifically, the Proactive phase relies on the IT organization being viewed as an Innovator within the business.
    • Identify how the CEO/business executive currently views IT and where they would like IT to move within the Maturity Ladder.
    • Additionally, understand how other critical department leaders view IT and how they view the partnership with IT.
    A colorful visualization titled 'Maturity Ladder' detailing levels of IT function that a business may choose from based on the business executives' perspectives of IT. Starting from the bottom: 'Struggle', Does not embarrass, Does not crash; 'Support', Keeps business happy, Keeps costs low; 'Optimize', Increases efficiency, Decreases costs; 'Expand', Extends into new business, Generates revenue; 'Transform', Creates new industry.

    Misalignment in target state requires further communication between the CIO and CEO to ensure IT is striving toward an agreed-upon direction.

    Info-Tech’s CIO Business Vision (CIO BV) diagnostic measures a variety of high-value metrics to provide a well-rounded understanding of stakeholder satisfaction with IT.

    Sample of Info-Tech's CIO Business Vision diagnostic measuring percentages of high-value metrics like 'IT Satisfaction' and 'IT Value' regarding business leader satisfaction. A note for these two reads 'Evaluate business leader satisfaction with IT this year and last year'. A section titled 'Relationship' has metrics such as 'Understands Needs' and 'Trains Effectively'. A note for this section reads 'Examine relationship indicators between IT and the business'. A section titled 'Security Friction' has metrics such as 'Regulatory Compliance-Driven' and 'Office/Desktop Security'.

    Business Satisfaction and Importance for Core Services

    The core services of IT are important when determining what IT should focus on. The most important services with the lowest satisfaction offer the largest area of improvement for IT to drive business value.

    Sample of Info-Tech's CIO Business Vision diagnostic specifically comparing the business satisfaction of 12 core services with their importance. Services listed include 'Service Desk', 'IT Security', 'Requirements Gathering', 'Business Apps', 'Data Quality', and more. There is a short description of the services, a percentage for the business satisfaction with the service, a percentage comparing it to last year, and a numbered ranking of importance for each service. A note reads 'Assess satisfaction and importance across 12 core IT capabilities'.

    1.1.1 Conduct the CEO-CIO Alignment diagnostic

    2 weeks

    Input: IT organization expertise and the CEO-CIO Alignment diagnostic

    Output: An understanding of an executive business stakeholder’s perception of IT

    Materials: M&A Sell Playbook, CEO-CIO Alignment diagnostic

    Participants: IT executive/CIO, Business executive/CEO

    1. The CEO-CIO Alignment diagnostic can be a powerful input. Speak with your Info-Tech account representative to conduct the diagnostic. Use the results to inform current IT capabilities.
    2. You may choose to debrief the results of your diagnostic with an Info-Tech analyst. We recommend this to help your team understand how to interpret and draw conclusions from the results.
    3. Examine the results of the survey and note where there might be specific capabilities that could be improved.
    4. Determine whether there are any areas of significant disagreement between the you and the CEO. Mark down those areas for further conversations. Additionally, take note of areas that could be leveraged to support transactions or support your rationale in recommending transactions.

    Download the sample report.

    Record the results in the M&A Sell Playbook.

    1.1.2 Conduct the CIO Business Vision diagnostic

    2 weeks

    Input: IT organization expertise, CIO BV diagnostic

    Output: An understanding of business stakeholder perception of certain IT capabilities and services

    Materials: M&A Buy Playbook, CIO Business Vision diagnostic

    Participants: IT executive/CIO, Senior business leaders

    1. The CIO Business Vision (CIO BV) diagnostic can be a powerful tool for identifying IT capability focus areas. Speak with your account representative to conduct the CIO BV diagnostic. Use the results to inform current IT capabilities.
    2. You may choose to debrief the results of your diagnostic with an Info-Tech analyst. We recommend this to help your team understand how to interpret the results and draw conclusions from the diagnostic.
    3. Examine the results of the survey and take note of any IT services that have low scores.
    4. Read through the diagnostic comments and note any common themes. Especially note which stakeholders identified they have a favorable relationship with IT and which stakeholders identified they have an unfavorable relationship. For those who have an unfavorable relationship, identify if they will have a critical role in a growth transaction.

    Download the sample report.

    Record the results in the M&A Sell Playbook.

    Create a stakeholder network map for M&A transactions

    Follow the trail of breadcrumbs from your direct stakeholders to their influencers to uncover hidden stakeholders.

    Example:

    Diagram of stakeholders and their relationships with other stakeholders, such as 'Board Members', 'CFO/Finance', 'Compliance', etc. with 'CIO/IT Leader' highlighted in the middle. There are unidirectional black arrows and bi-directional green arrows indicating each connection.

      Legend
    • Black arrows indicate the direction of professional influence
    • Dashed green arrows indicate bidirectional, informal influence relationships

    Info-Tech Insight

    Your stakeholder map defines the influence landscape that the M&A transaction will occur within. This will identify who holds various levels of accountability and decision-making authority when a transaction does take place.

    Use connectors to determine who may be influencing your direct stakeholders. They may not have any formal authority within the organization, but they may have informal yet substantial relationships with your stakeholders.

    1.1.3 Visualize relationships among stakeholders to identify key influencers

    1-3 hours

    Input: List of M&A stakeholders

    Output: Relationships among M&A stakeholders and influencers

    Materials: Flip charts, Markers, Sticky notes, M&A Sell Playbook

    Participants: IT executive leadership

    1. The purpose of this activity is to list all the stakeholders within your organization that will have a direct or indirect impact on the M&A transaction.
    2. Determine the critical stakeholders, and then determine the stakeholders of your stakeholders and consider adding each of them to the stakeholder list.
    3. Assess who has either formal or informal influence over your stakeholders; add these influencers to your stakeholder list.
    4. Construct a diagram linking stakeholders and their influencers together.
      • Use black arrows to indicate the direction of professional influence.
      • Use dashed green arrows to indicate bidirectional, informal influence relationships.

    Record the results in the M&A Sell Playbook.

    Categorize your stakeholders with a prioritization map

    A stakeholder prioritization map helps IT leaders categorize their stakeholders by their level of influence and ownership in the merger, acquisition, or divestiture process.

    A prioritization map of stakeholder categories split into four quadrants. The vertical axis is 'Influence', from low on the bottom to high on top. The horizontal axis is 'Ownership/Interest', from low on the left to high on the right. 'Spectators' are low influence, low ownership/interest. 'Mediators' are high influence, low ownership/interest. 'Noisemakers' are low influence, high ownership/interest. 'Players' are high influence, high ownership/interest.

    There are four areas in the map, and the stakeholders within each area should be treated differently.

    Players – players have a high interest in the initiative and the influence to effect change over the initiative. Their support is critical, and a lack of support can cause significant impediment to the objectives.

    Mediators – mediators have a low interest but significant influence over the initiative. They can help to provide balance and objective opinions to issues that arise.

    Noisemakers – noisemakers have low influence but high interest. They tend to be very vocal and engaged, either positively or negatively, but have little ability to enact their wishes.

    Spectators – generally, spectators are apathetic and have little influence over or interest in the initiative.

    1.1.4 Group stakeholders into categories

    30 minutes

    Input: Stakeholder map, Stakeholder list

    Output: Categorization of stakeholders and influencers

    Materials: Flip charts, Markers, Sticky notes, M&A Sell Playbook

    Participants: IT executive leadership, Stakeholders

    1. Identify your stakeholders’ interest in and influence on the M&A process as high, medium, or low by rating the attributes below.
    2. Map your results to the model to the right to determine each stakeholder’s category.

    Same prioritization map of stakeholder categories as before. This one has specific stakeholders mapped onto it. 'CFO' is mapped as low interest and middling influence, between 'Mediator' and 'Spectator'. 'CIO' is mapped as higher than average interest and high influence, a 'Player'. 'Board Member' is mapped as high interest and high influence, a 'Player'.

    Level of Influence
    • Power: Ability of a stakeholder to effect change.
    • Urgency: Degree of immediacy demanded.
    • Legitimacy: Perceived validity of stakeholder’s claim.
    • Volume: How loud their “voice” is or could become.
    • Contribution: What they have that is of value to you.
    Level of Interest

    How much are the stakeholder’s individual performance and goals directly tied to the success or failure of the product?

    Record the results in the M&A Sell Playbook.

    Prioritize your stakeholders

    There may be too many stakeholders to be able to manage them all. Focus your attention on the stakeholders that matter most.

    Level of Support

    Supporter

    Evangelist

    Neutral

    Blocker
    Stakeholder Category Player Critical High High Critical
    Mediator Medium Low Low Medium
    Noisemaker High Medium Medium High
    Spectator Low Irrelevant Irrelevant Low

    Consider the three dimensions for stakeholder prioritization: influence, interest, and support. Support can be determined by answering the following question: How significant is that stakeholder to the M&A or divestiture process?

    These parameters are used to prioritize which stakeholders are most important and should receive your focused attention.

    1.1.5 Prioritize your stakeholders

    30 minutes

    Input: Stakeholder matrix

    Output: Stakeholder and influencer prioritization

    Materials: Flip charts, Markers, Sticky notes, M&A Sell Playbook

    Participants: IT executive leadership, M&A/divestiture stakeholders

    1. Identify the level of support of each stakeholder by answering the following question: How significant is that stakeholder to the M&A transaction process?
    2. Prioritize your stakeholders using the prioritization scheme on the previous slide.

    Stakeholder

    Category

    Level of Support

    Prioritization
    CMO Spectator Neutral Irrelevant
    CIO Player Supporter Critical

    Record the results in the M&A Sell Playbook.

    Define strategies for engaging stakeholders by type

    A revisit to the map of stakeholder categories, but with strategies listed for each one, and arrows on the side instead of an axis. The vertical arrow is 'Authority', which increases upward, and the horizontal axis is Ownership/Interest which increases as it moves to the right. The strategy for 'Players' is 'Engage', for 'Mediators' is 'Satisfy', for 'Noisemakers' is 'Inform', and for 'Spectators' is 'Monitor'.

    Type

    Quadrant

    Actions
    Players High influence, high interest – actively engage Keep them updated on the progress of the project. Continuously involve Players in the process and maintain their engagement and interest by demonstrating their value to its success.
    Mediators High influence, low interest – keep satisfied They can be the game changers in groups of stakeholders. Turn them into supporters by gaining their confidence and trust and including them in important decision-making steps. In turn, they can help you influence other stakeholders.
    Noisemakers Low influence, high interest – keep informed Try to increase their influence (or decrease it if they are detractors) by providing them with key information, supporting them in meetings, and using Mediators to help them.
    Spectators Low influence, low interest – monitor They are followers. Keep them in the loop by providing clarity on objectives and status updates.

    Info-Tech Insight

    Each group of stakeholders draws attention and resources away from critical tasks. By properly identifying stakeholder groups, the IT executive leader can develop corresponding actions to manage stakeholders in each group. This can dramatically reduce wasted effort trying to satisfy Spectators and Noisemakers while ensuring the needs of Mediators and Players are met.

    1.1.6 Plan to communicate

    30 minutes

    Input: Stakeholder priority, Stakeholder categorization, Stakeholder influence

    Output: Stakeholder communication plan

    Materials: Flip charts, Markers, Sticky notes, M&A Sell Playbook

    Participants: IT executive leadership, M&A/divestiture stakeholders

    The purpose of this activity is to make a communication plan for each of the stakeholders identified in the previous activities, especially those who will have a critical role in the M&A transaction process.

    1. In the M&A Sell Playbook, input the type of influence each stakeholder has on IT, how they would be categorized in the M&A process, and their level of priority. Use this information to create a communication plan.
    2. Determine the methods and frequency of communication to keep the necessary stakeholder satisfied and maintain or enhance IT’s profile within the organization.

    Record the results in the M&A Sell Playbook.

    Proactive

    Step 1.2

    Assess IT’s Current Value and Method to Achieve a Future State

    Activities

    • 1.2.1 Valuate IT
    • 1.2.2 Assess the IT/digital strategy

    This step involves the following participants:

    • IT executive leader
    • IT leadership
    • Critical stakeholders to M&A

    Outcomes of Step

    Identify critical opportunities to optimize IT and meet strategic business goals through a merger, acquisition, or divestiture.

    How to valuate your IT environment

    And why it matters so much

    • Valuating your current organization’s IT environment is a critical step that all IT organizations should take, whether involved in an M&A or not, to fully understand what it might be worth.
    • The business investments in IT can be directly translated into a value amount. For every $1 invested in IT, the business might be gaining $100 in value back or possibly even loosing $100.
    • Determining, documenting, and communicating this information ensures that the business takes IT’s suggestions seriously and recognizes why investing in IT is so critical.
    • There are three ways a business or asset can be valuated:
      • Cost Approach: Look at the costs associated with building, purchasing, replacing, and maintaining a given aspect of the business.
      • Market Approach: Look at the relative value of a particular aspect of the business. Relative value can fluctuate and depends on what the markets and consequently society believe that particular element is worth.
      • Discounted Cash Flow Approach: Focus on what the potential value of the business could be or the intrinsic value anticipated due to future profitability.
      • (Source: “Valuation Methods,” Corporate Finance Institute)

    Four ways to create value through digital

    1. Reduced costs
    2. Improved customer experience
    3. New revenue sources
    4. Better decision making
      5. (Source: McKinsey & Company)

    1.2.1 Valuate IT

    1 day

    Input: Valuation of data, Valuation of applications, Valuation of infrastructure and operations, Valuation of security and risk

    Output: Valuation of IT

    Materials: Relevant templates/tools listed on the following slides, Capital budget, Operating budget, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership

    The purpose of this activity is to demonstrate that IT is not simply an operational functional area that diminishes business resources. Rather, IT contributes significant value to the business.

    1. Review each of the following slides to valuate IT’s data, applications, infrastructure and operations, and security and risk. These valuations consider several tangible and intangible factors and result in a final dollar amount.
    2. Input the financial amounts identified for each critical area into a summary slide. Use this information to determine where IT is delivering value to the organization.

    Info-Tech Insight

    Consistency is key when valuating your IT organization as well as other IT organizations throughout the transaction process.

    Record the results in the M&A Sell Playbook.

    Data valuation

    Data valuation identifies how you monetize the information that your organization owns.

    Create a data value chain for your organization

    When valuating the information and data that exists in an organization, there are many things to consider.

    Info-Tech has two tools that can support this process:

    1. Information Asset Audit Tool: Use this tool first to take inventory of the different information assets that exist in your organization.
    2. Data Valuation Tool: Once information assets have been accounted for, valuate the data that exists within those information assets.

    Data Collection

    Insight Creation

    Value Creation

    Data Valuation
    01 Data Source
    02 Data Collection Method
    03 Data     		04 Data Analysis
    05 Insight
    06 Insight Delivery     		07 Consumer
    08 Value in Data     		09 Value Dimension
    10 Value Metrics Group
    11 Value Metrics
    Screenshots of Tab 2 of Info-Tech's Data Valuation Tool.

    Instructions

    1. Using the Data Valuation Tool, start gathering information based on the eight steps above to understand your organization’s journey from data to value.
    2. Identify the data value spectrum. (For example: customer sales service, citizen licensing service, etc.)
    3. Fill out the columns for data sources, data collection, and data first.
    4. Capture data analysis and related information.
    5. Then capture the value in data.
    6. Add value dimensions such as usage, quality, and economic dimensions.
      • Remember that economic value is not the only dimension, and usage/quality has a significant impact on economic value.
    7. Collect evidence to justify your data valuation calculator (market research, internal metrics, etc.).
    8. Finally, calculate the value that has a direct correlation with underlying value metrics.

    Application valuation

    Calculate the value of your IT applications

    When valuating the applications and their users in an organization, consider using a business process map. This shows how business is transacted in the company by identifying which IT applications support these processes and which business groups have access to them. Info-Tech has a business process mapping tool that can support this process:

    • Enterprise Integration Process Mapping Tool: Complete this tool first to map the different business processes to the supporting applications in your organization.

    Instructions

    1. Start by calculating user costs. This is the multiplication of: (# of users) × (% of time spent using IT) × (fully burdened salary).
    2. Identify the revenue per employee and divide that by the average cost per employee to calculate the derived productivity ratio (DPR).
    3. Once you have calculated the user costs and DPR, multiply those total values together to get the application value.

      4. User Costs

      Total User Costs

      Derived Productivity Ratio (DPR)

      Total DPR

      Application Value
      # of users % time spent using IT Fully burdened salary Multiply values from the 3 user costs columns Revenue per employee Average cost per employee (Revenue P.E) ÷ (Average cost P.E) (User costs) X (DPR)

    4. Once the total application value is established, calculate the combined IT and business costs of delivering that value. IT and business costs include inflexibility (application maintenance), unavailability (downtime costs, including disaster exposure), IT costs (common costs statistically allocated to applications), and fully loaded cost of active (full-time equivalent [FTE]) users.
    5. Calculate the net value of applications by subtracting the total IT and business costs from the total application value calculated in step 3.

      6. IT and Business Costs

      Total IT and Business Costs

      Net Value of Applications
      Application maintenance Downtime costs (include disaster exposure) Common costs allocated to applications Fully loaded costs of active (FTE) users Sum of values from the four IT and business costs columns (Application value) – (IT and business costs)

    (Source: CSO)

    Infrastructure valuation

    Assess the foundational elements of the business’ information technology

    The purpose of this exercise is to provide a high-level infrastructure valuation that will contribute to valuating your IT environment.

    Calculating the value of the infrastructure will require different methods depending on the environment. For example, a fully cloud-hosted organization will have different costs than a fully on-premises IT environment.

    Instructions:

    1. Start by listing all of the infrastructure-related items that are relevant to your organization.
    2. Once you have finalized your items column, identify the total costs/value of each item.
      • For example, total software costs would include servers and storage.
    3. Calculate the total cost/value of your IT infrastructure by adding all of values in the right column.

    Item

    Costs/Value
    Hardware Assets Total Value +$3.2 million
    Hardware Leased/Service Agreement -$
    Software Purchased +$
    Software Leased/Service Agreement -$
    Operational Tools
    Network
    Disaster Recovery
    Antivirus
    Data Centers
    Service Desk
    Other Licenses
    Total:

    For additional support, download the M&A Runbook for Infrastructure and Operations.

    Risk and security

    Assess risk responses and calculate residual risk

    The purpose of this exercise is to provide a high-level risk assessment that will contribute to valuating your IT environment. For a more in-depth risk assessment, please refer to the Info-Tech tools below:

    1. Risk Register Tool
    2. Security M&A Due Diligence Tool
      3.

    Instructions

    1. Review the probability and impact scales below and ensure you have the appropriate criteria that align to your organization before you conduct a risk assessment.
    2. Identify the probability of occurrence and estimated financial impact for each risk category detail and fill out the table on the right. Customize the table as needed so it aligns to your organization.

      3. Probability of Risk Occurrence

      Occurrence Criteria
      (Classification; Probability of Risk Event Within One Year)

      Negligible Very Unlikely; ‹20%
      Very Low Unlikely; 20 to 40%
      Low Possible; 40 to 60%
      Moderately Low Likely; 60 to 80%
      Moderate Almost Certain; ›80%

    Note: If needed, you can customize this scale with the severity designations that you prefer. However, make sure you are always consistent with it when conducting a risk assessment.

    Financial & Reputational Impact

    Budgetary and Reputational Implications
    (Financial Impact; Reputational Impact)
    Negligible (‹$10,000; Internal IT stakeholders aware of risk event occurrence)
    Very Low ($10,000 to $25,000; Business customers aware of risk event occurrence)
    Low ($25,000 to $50,000; Board of directors aware of risk event occurrence)
    Moderately Low ($50,000 to $100,000; External customers aware of risk event occurrence)
    Moderate (›$100,000; Media coverage or regulatory body aware of risk event occurrence)

    Risk Category Details

    Probability of Occurrence

    Estimated Financial Impact

    Estimated Severity (Probability X Impact)
    Capacity Planning
    Enterprise Architecture
    Externally Originated Attack
    Hardware Configuration Errors
    Hardware Performance
    Internally Originated Attack
    IT Staffing
    Project Scoping
    Software Implementation Errors
    Technology Evaluation and Selection
    Physical Threats
    Resource Threats
    Personnel Threats
    Technical Threats
    Total:

    1.2.2 Assess the IT/digital strategy

    4 hours

    Input: IT strategy, Digital strategy, Business strategy

    Output: An understanding of an executive business stakeholder’s perception of IT, Alignment of IT/digital strategy and overall organization strategy

    Materials: Computer, Whiteboard and markers, M&A Sell Playbook

    Participants: IT executive/CIO, Business executive/CEO

    The purpose of this activity is to review the business and IT strategies that exist to determine if there are critical capabilities that are not being supported.

    Ideally, the IT and digital strategies would have been created following development of the business strategy. However, sometimes the business strategy does not directly call out the capabilities it requires IT to support.

    1. On the left half of the corresponding slide in the M&A Sell Playbook, document the business goals, initiatives, and capabilities. Input this information from the business or digital strategies. (If more space for goals, initiatives, or capabilities is needed, duplicate the slide).
    2. On the other half of the slide, document the IT goals, initiatives, and capabilities. Input this information from the IT strategy and digital strategy.

    For additional support, see Build a Business-Aligned IT Strategy.

    Record the results in the M&A Sell Playbook.

    Proactive

    Step 1.3

    Drive Innovation and Suggest Growth Opportunities

    Activities

    • 1.3.1 Determine pain points and opportunities
    • 1.3.2 Align goals with opportunities
    • 1.3.3 Recommend reduction opportunities

    This step involves the following participants:

    • IT executive leader
    • IT leadership
    • Critical M&A stakeholders

    Outcomes of Step

    Establish strong relationships with critical M&A stakeholders and position IT as an innovative business partner that can suggest reduction opportunities.

    1.3.1 Determine pain points and opportunities

    1-2 hours

    Input: CEO-CIO Alignment diagnostic, CIO Business Vision diagnostic, Valuation of IT environment, IT-business goals cascade

    Output: List of pain points or opportunities that IT can address

    Materials: Computer, Whiteboard and markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Business stakeholders

    The purpose of this activity is to determine the pain points and opportunities that exist for the organization. These can be external or internal to the organization.

    1. Identify what opportunities exist for your organization. Opportunities are the potential positives that the organization would want to leverage.
    2. Next, identify pain points, which are the potential negatives that the organization would want to alleviate.
    3. Spend time considering all the options that might exist, and keep in mind what has been identified previously.

    Opportunities and pain points can be trends, other departments’ initiatives, business perspectives of IT, etc.

    Record the results in the M&A Sell Playbook.

    1.3.2 Align goals with opportunities

    1-2 hours

    Input: CEO-CIO Alignment diagnostic, CIO Business Vision diagnostic, Valuation of IT environment, IT-business goals cascade, List of pain points and opportunities

    Output: An understanding of an executive business stakeholder’s perception of IT, Foundations for reduction strategy

    Materials: Computer, Whiteboard and markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Business stakeholders

    The purpose of this activity is to determine whether a growth or separation strategy might be a good suggestion to the business in order to meet its business objectives.

    1. For the top three to five business goals, consider:
      1. Underlying drivers
      2. Digital opportunities
      3. Whether a growth or reduction strategy is the solution
    2. Just because a growth or reduction strategy is a solution for a business goal does not necessarily indicate M&A is the way to go. However, it is important to consider before you pursue suggesting M&A.

    Record the results in the M&A Sell Playbook.

    1.3.3 Recommend reduction opportunities

    1-2 hours

    Input: Growth or separation strategy opportunities to support business goals, Stakeholder communication plan, Rationale for the suggestion

    Output: M&A transaction opportunities suggested

    Materials: M&A Sell Playbook

    Participants: IT executive/CIO, Business executive/CEO

    The purpose of this activity is to recommend a merger, acquisition, or divestiture to the business.

    1. Identify which of the business goals the transaction would help solve and why IT is the one to suggest such a goal.
    2. Leverage the stakeholder communication plan identified previously to give insight into stakeholders who would have a significant level of interest, influence, or support in the process.

    Info-Tech Insight

    With technology and digital driving many transactions, leverage your organizations’ IT environment as an asset and reason why the divestiture or sale should happen, suggesting the opportunity yourself.

    Record the results in the M&A Sell Playbook.

    By the end of this Proactive phase, you should:

    Be prepared to suggest M&A opportunities to support your company’s goals through sale or divestiture transactions

    Key outcome from the Proactive phase

    Develop progressive relationships and strong communication with key stakeholders to suggest or be aware of transformational opportunities that can be achieved through sale or divestiture strategies.

    Key deliverables from the Proactive phase
    • Business perspective of IT examined
    • Key stakeholders identified and relationship to the M&A process outlined
    • Ability to valuate the IT environment and communicate IT’s value to the business
    • Assessment of the business, digital, and IT strategies and how M&As could support those strategies
    • Pain points and opportunities that could be alleviated or supported through an M&A transaction
    • Sale or divestiture recommendations

    The Sell Blueprint

    Phase 2

    Discovery & Strategy

    Phase 1

    Phase 2

    		Phase 3Phase 4
    • 1.1 Identify Stakeholders and Their Perspective of IT
    • 1.2 Assess IT’s Current Value and Future State
    • 1.3 Drive Innovation and Suggest Reduction Opportunities
    • 2.1 Establish the M&A Program Plan
    • 2.2 Prepare IT to Engage in the Separation or Sale
    • 3.1 Engage in Due Diligence and Prepare Staff
    • 3.2 Prepare to Separate
    • 4.1 Execute the Transaction
    • 4.2 Reflection and Value Realization

    This phase will walk you through the following activities:

    • Create the mission and vision
    • Identify the guiding principles
    • Create the future-state operating model
    • Determine the transition team
    • Document the M&A governance
    • Create program metrics
    • Establish the separation strategy
    • Conduct a RACI
    • Create the communication plan
    • Assess the potential organization(s)

    This phase involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Pre-Work

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Establish the Transaction FoundationDiscover the Motivation for Divesting or SellingFormalize the Program PlanCreate the Valuation FrameworkStrategize the TransactionNext Steps and Wrap-Up (offsite)

    Activities

    • 0.1 Conduct the CIO Business Vision and CEO-CIO Alignment diagnostics
    • 0.2 Identify key stakeholders and outline their relationship to the M&A process
    • 0.3 Identify the rationale for the company's decision to pursue a divestiture or sale
    • 1.1 Review the business rationale for the divestiture/sale
    • 1.2 Assess the IT/digital strategy
    • 1.3 Identify pain points and opportunities tied to the divestiture/sale
    • 1.4 Create the IT vision statement, create the IT mission statement, and identify IT guiding principles
    • 2.1 Create the future-state operating model
    • 2.2 Determine the transition team
    • 2.3 Document the M&A governance
    • 2.4 Establish program metrics
    • 3.1 Valuate your data
    • 3.2 Valuate your applications
    • 3.3 Valuate your infrastructure
    • 3.4 Valuate your risk and security
    • 3.5 Combine individual valuations to make a single framework
    • 4.1 Establish the separation strategy
    • 4.2 Conduct a RACI
    • 4.3 Review best practices for assessing target organizations
    • 4.4 Create the communication plan
    • 5.1 Complete in-progress deliverables from previous four days
    • 5.2 Set up review time for workshop deliverables and to discuss next steps

    Deliverables

    1. Business perspectives of IT
    2. Stakeholder network map for M&A transactions
    1. Business context implications for IT
    2. IT’s divestiture/sale strategic direction
    1. Operating model for future state
    2. Transition team
    3. Governance structure
    4. M&A program metrics
    1. IT valuation framework
    1. Separation strategy
    2. RACI
    3. Communication plan
    1. Completed M&A program plan and strategy
    2. Prepared to assess target organization(s)

    What is the Discovery & Strategy phase?

    Pre-transaction state

    The Discovery & Strategy phase during a sale or divestiture is a unique opportunity for many IT organizations. IT organizations that can participate in the transaction at this stage are likely considered a strategic partner of the business.

    For one-off sales/divestitures, IT being invited during this stage of the process is rare. However, for organizations that are preparing to engage in many divestitures over the coming years, this type of strategy will greatly benefit from IT involvement. Again, the likelihood of participating in an M&A transaction is increasing, making it a smart IT leadership decision to, at the very least, loosely prepare a program plan that can act as a strategic pillar throughout the transaction.

    During this phase of the pre-transaction state, IT may be asked to participate in ensuring that the IT environment is able to quickly and easily carve out components/business lines and deliver on service-level agreements (SLAs).

    Goal: To identify a repeatable program plan that IT can leverage when selling or divesting all or parts of the current IT environment, ensuring customer satisfaction and business continuity

    Discovery & Strategy Prerequisite Checklist

    Before coming into the Discovery & Strategy phase, you should have addressed the following:

    • Understand the business perspective of IT.
    • Know the key stakeholders and have outlined their relationship to the M&A process.
    • Be able to valuate the IT environment and communicate IT's value to the business.
    • Understand the rationale for the company's decision to pursue a sale or divestiture and the opportunities or pain points the sale should address.

    Discovery & Strategy

    Step 2.1

    Establish the M&A Program Plan

    Activities

    • 2.1.1 Create the mission and vision
    • 2.1.2 Identify the guiding principles
    • 2.1.3 Create the future-state operating model
    • 2.1.4 Determine the transition team
    • 2.1.5 Document the M&A governance
    • 2.1.6 Create program metrics

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team

    Outcomes of Step

    Establish an M&A program plan that can be repeated across sales/divestitures.

    The vision and mission statements clearly articulate IT’s aspirations and purpose

    The IT vision statement communicates a desired future state of the IT organization, whereas the IT mission statement portrays the organization’s reason for being. While each serves its own purpose, they should both be derived from the business context implications for IT.

    Vision Statements

    Mission Statements

    Characteristics
    • Describe a desired future
    • Focus on ends, not means
    • Concise
    • Aspirational
    • Memorable
    • Articulate a reason for existence
    • Focus on how to achieve the vision
    • Concise
    • Easy to grasp
    • Sharply focused
    • Inspirational

    Samples

    		 To be a trusted advisor and partner in enabling business innovation and growth through an engaged IT workforce. (Source: Business News Daily) IT is a cohesive, proactive, and disciplined team that delivers innovative technology solutions while demonstrating a strong customer-oriented mindset. (Source: Forbes, 2013)

    2.1.1 Create the mission and vision statements

    2 hours

    Input: Business objectives, IT capabilities, Rationale for the transaction

    Output: IT’s mission and vision statements for reduction strategies tied to mergers, acquisitions, and divestitures

    Materials: Flip charts/whiteboard, Markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create mission and vision statements that reflect IT’s intent and method to support the organization as it pursues a reduction strategy.

    1. Review the definitions and characteristics of mission and vision statements.
    2. Brainstorm different versions of the mission and vision statements.
    3. Edit the statements until you get to a single version of each that accurately reflects IT’s role in the reduction process.

    Record the results in the M&A Sell Playbook.

    Guiding principles provide a sense of direction

    IT guiding principles are shared, long-lasting beliefs that guide the use of IT in constructing, transforming, and operating the enterprise by informing and restricting IT investment portfolio management, solution development, and procurement decisions.

    A diagram illustrating the place of 'IT guiding principles' in the process of making 'Decisions on the use of IT'. There are four main items, connecting lines naming the type of process in getting from one step to the next, and a line underneath clarifying the questions asked at each step. On the far left, over the question 'What decisions should be made?', is 'Business context and IT implications'. This flows forward to 'IT guiding principles', and they are connected by 'Influence'. Next, over the question 'How should decisions be made?', is the main highlighted section. 'IT guiding principles' flows forward to 'Decisions on the use of IT', and they are connected by 'Guide and inform'. On the far right, over the question 'Who has the accountability and authority to make decisions?', is 'IT policies'. This flows back to 'Decisions on the use of IT', and they are connected by 'Direct and control'.

    IT principles must be carefully constructed to make sure they are adhered to and relevant

    Info-Tech has identified a set of characteristics that IT principles should possess. These characteristics ensure the IT principles are relevant and followed in the organization.

    Approach focused. IT principles should be focused on the approach – how the organization is built, transformed, and operated – as opposed to what needs to be built, which is defined by both functional and non-functional requirements.

    Business relevant. Create IT principles that are specific to the organization. Tie IT principles to the organization’s priorities and strategic aspirations.

    Long lasting. Build IT principles that will withstand the test of time.

    Prescriptive. Inform and direct decision making with actionable IT principles. Avoid truisms, general statements, and observations.

    Verifiable. If compliance can’t be verified, people are less likely to follow the principle.

    Easily Digestible. IT principles must be clearly understood by everyone in IT and by business stakeholders. IT principles aren’t a secret manuscript of the IT team. IT principles should be succinct; wordy principles are hard to understand and remember.

    Followed. Successful IT principles represent a collection of beliefs shared among enterprise stakeholders. IT principles must be continuously communicated to all stakeholders to achieve and maintain buy-in.

    In organizations where formal policy enforcement works well, IT principles should be enforced through appropriate governance processes.

    Consider the example principles below

    IT Principle Name

    IT Principle Statement
    1. Risk Management We will ensure that the organization’s IT Risk Management Register is properly updated to reflect all potential risks and that a plan of action against those risks has been identified.
    2. Transparent Communication We will ensure employees are spoken to with respect and transparency throughout the transaction process.
    3. Separation for Success We will create a carve-out strategy that enables the organization and clearly communicates the resources required to succeed.
    4. Managed Data We will handle data creation, modification, separation, and use across the enterprise in compliance with our data governance policy.
    5.Deliver Better Customer Service We will reduce the number of products offered by IT, enabling a stronger focus on specific products or elements to increase customer service delivery.
    6. Compliance With Laws and Regulations We will operate in compliance with all applicable laws and regulations for both our organization and the potentially purchasing organization.
    7. Defined Value We will create a plan of action that aligns with the organization’s defined value expectations.
    8. Network Readiness We will ensure that employees and customers have immediate access to the network with minimal or no outages.
    9. Value Generator We will leverage the current IT people, processes, and technology to turn the IT organization into a value generator by developing and selling our services to purchasing organizations.

    2.1.2 Identify the guiding principles

    2 hours

    Input: Business objectives, IT capabilities, Rationale for the transaction, Mission and vision statements

    Output: IT’s guiding principles for reduction strategies tied to mergers, acquisitions, and divestitures

    Materials: Flip charts/whiteboard, Markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create the guiding principles that will direct the IT organization throughout the reduction strategy process.

    1. Review the role of guiding principles and the examples of guiding principles that organizations have used.
    2. Brainstorm different versions of the guiding principles. Each guiding principle should start with the phrase “We will…”
    3. Edit and consolidate the statements until you have a list of approximately eight to ten statements that accurately reflect IT’s role in the reduction process.
    4. Review the guiding principles every six months to ensure they continue to support the delivery of the business’ reduction strategy goals.

    Record the results in the M&A Sell Playbook.

    Create two IT teams to support the transaction

    IT M&A Transaction Team

    • The IT M&A Transaction Team should consist of the strongest members of the IT team who can be expected to deliver on unusual or additional tasks not asked of them in normal day-to-day operations.
    • The roles selected for this team will have very specific skills sets or deliver on critical separation capabilities, making their involvement in the combination of two or more IT environments paramount.
    • These individuals need to have a history of proving themselves very trustworthy, as they will likely be required to sign an NDA as well.
    • Expect to have to certain duplicate capabilities or roles across the M&A Team and Operational Team.

    IT Operational Team

    • This group is responsible for ensuring the business operations continue.
    • These employees might be those who are newer to the organization but can be counted on to deliver consistent IT services and products.
    • The roles of this team should ensure that end users or external customers remain satisfied.

    Key capabilities to support M&A

    Consider the following capabilities when looking at who should be a part of the IT Transaction Team.

    Employees who have a significant role in ensuring that these capabilities are being delivered will be a top priority.

    Infrastructure & Operations

    • System Separation
    • Data Management
    • Helpdesk/Desktop Support
    • Cloud/Server Management

    Business Focus

    • Service-Level Management
    • Enterprise Architecture
    • Stakeholder Management
    • Project Management

    Risk & Security

    • Privacy Management
    • Security Management
    • Risk & Compliance Management

    Build a lasting and scalable operating model

    An operating model is an abstract visualization, used like an architect’s blueprint, that depicts how structures and resources are aligned and integrated to deliver on the organization’s strategy.

    It ensures consistency of all elements in the organizational structure through a clear and coherent blueprint before embarking on detailed organizational design.

    The visual should highlight which capabilities are critical to attaining strategic goals and clearly show the flow of work so that key stakeholders can understand where inputs flow in and outputs flow out of the IT organization.

    As you assess the current operating model, consider the following:

    • Does the operating model contain all the necessary capabilities your IT organization requires to be successful?
    • What capabilities should be duplicated?
    • Are there individuals with the skill set to support those roles? If not, is there a plan to acquire or develop those skills?
    • A dedicated project team strictly focused on M&A is great. However, is it feasible for your organization? If not, what blockers exist?
    A diagram with 'Initiatives' and 'Solutions' on the left and right of an area chart, 'Customer' at the top, the area between them labelled 'Functional Area n', and six horizontal bars labelled 'IT Capability' stacked on top of each other. The 'IT Capability' bars are slightly skewed to the 'Solutions' side of the chart.

    Info-Tech Insight

    Investing time up-front getting the operating model right is critical. This will give you a framework to rationalize future organizational changes, allowing you to be more iterative and allowing your model to change as the business changes.

    2.1.3 Create the future-state operating model

    4 hours

    Input: Current operating model, IT strategy, IT capabilities, M&A-specific IT capabilities, Business objectives, Rationale for the transaction, Mission and vision statements

    Output: Future-state operating model for divesting organizations

    Materials: Operating model, Capability overlay, Flip charts/whiteboard, Markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to establish what the future-state operating model will be if your organization needs to adjust to support a divestiture transaction. If your organization plans to sell in its entirety, you may choose to skip this activity.

    1. Ensuring that all the IT capabilities are identified by the business and IT strategy, document your organization’s current operating model.
    2. Identify what core capabilities would be critical to the divesting transaction process and separation. Highlight and make copies of those capabilities in the M&A Sell Playbook. As a result of divesting, there may also be capabilities that will become irrelevant in your future state.
    3. Ensure the capabilities that will be decentralized are clearly identified. Decentralized capabilities do not exist within the central IT organization but rather in specific lines of businesses, products, or locations to better understand needs and deliver on the capability.

    An example operating model is included in the M&A Sell Playbook. This process benefits from strong reference architecture and capability mapping ahead of time.

    Record the results in the M&A Sell Playbook.

    2.1.4 Determine the transition team

    3 hours

    Input: IT capabilities, Future-state operating model, M&A-specific IT capabilities, Business objectives, Rationale for the transaction, Mission and vision statements

    Output: Transition team

    Materials: Reference architecture, Organizational structure, Flip charts/whiteboard, Markers

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create a team that will support your IT organization throughout the transaction. Determining which capabilities and therefore which roles will be required ensures that the business will continue to get the operational support it needs.

    1. Based on the outcome of activity 2.1.3, review the capabilities that your organization will require on the transition team. Group capabilities into functional groups containing capabilities that are aligned well with one another because they have similar responsibilities and functionalities.
    2. Replace the capabilities with roles. For example, stakeholder management, requirements gathering, and project management might be one functional group. Project management and stakeholder management might combine to create a project manager role.
    3. Review the examples in the M&A Sell Playbook and identify which roles will be a part of the transition team.

    For more information, see Redesign Your Organizational Structure

    What is governance?

    And why does it matter so much to IT and the M&A process?

    • Governance is the method in which decisions get made, specifically as they impact various resources (time, money, and people).
    • Because M&A is such a highly governed transaction, it is important to document the governance bodies that exist in your organization.
    • This will give insight into what types of governing bodies there are, what decisions they make, and how that will impact IT.
    • For example, funds to support separation need to be discussed, approved, and supplied to IT from a governing body overseeing the acquisition.
    • A highly mature IT organization will have automated governance, while a seemingly non-existent governance process will be considered ad hoc.
    A pyramid with four levels representing the types of governing bodies that are available with differing levels of IT maturity. An arrow beside the pyramid points upward. The bottom of the arrow is labelled 'Traditional (People and document centric)' and the top is labelled 'Adaptive (Data centric)'. Starting at the bottom of the pyramid is level 1 'Ad Hoc Governance', 'Governance that is not well defined or understood within the organization. It occurs out of necessity but often not by the right people'. Level 2 is 'Controlled Governance', 'Governance focused on compliance and decisions driven by hierarchical authority. Levels of authority are defined and often driven by regulatory'. Level 3 is 'Agile Governance', 'Governance that is flexible to support different needs and quick response in the organization. Driven by principles and delegated throughout the company'. At the top of the pyramid is level 4 'Automated Governance', 'Governance that is entrenched and automated into organizational processes and product/service design. Empowered and fully delegated governance to maintain fit and drive organizational success and survival'.

    2.1.5 Document M&A governance

    1-2 hours

    Input: List of governing bodies, Governing body committee profiles, Governance structure

    Output: Documented method on how decisions are made as it relates to the M&A transaction

    Materials: Flip charts/whiteboard, Markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to determine the method in which decisions are made throughout the M&A transaction as it relates to IT. This will require understanding both governing bodies internal to IT and those external to IT.

    1. First, determine the other governance structures within the organization that will impact the decisions made about M&A. List out these bodies or committees.
    2. Create a profile for each committee that looks at the membership, purpose of the committee, decision areas (authority), and the process of inputs and outputs. Ensure IT committees that will have a role in this process are also documented. Consider the benefits realized, risks, and resources required for each.
    3. Organize the committees into a structure, identifying the committees that have a role in defining the strategy, designing and building, and running.

    Record the results in the M&A Sell Playbook.

    Current-state structure map – definitions of tiers

    Strategy: These groups will focus on decisions that directly connect to the strategic direction of the organization.

    Design & Build: The second tier of groups will oversee prioritization of a certain area of governance as well as design and build decisions that feed into strategic decisions.

    Run: The lowest level of governance will be oversight of more-specific initiatives and capabilities within IT.

    Expect tier overlap. Some committees will operate in areas that cover two or three of these governance tiers.

    Measure the IT program’s success in terms of its ability to support the business’ M&A goals

    Upper management will measure IT’s success based on your ability to support the underlying reasons for the M&A. Using business metrics will help assure business stakeholders that IT understands their needs and is working with the business to achieve them.

    Business-Specific Metrics

    • Revenue Growth: Increase in the top line as seen by market expansion, product expansion, etc. by percentage/time.
    • Synergy Extraction: Reduction in costs as determined by the ability to identify and eliminate redundancies over time.
    • Profit Margin Growth: Increase in the bottom line as a result of increased revenue growth and/or decreased costs over time.

    IT-Specific Metrics

    • IT operational savings and cost reductions due to synergies: Operating expenses, capital expenditures, licenses, contracts, applications, infrastructure over time.
    • Reduction in IT staff expense and headcount: Decreased budget allocated to IT staff, and ability to identify and remove redundancies in staff.
    • Meeting or improving on IT budget estimates: Delivering successful IT separation on a budget that is the same or lower than the budget estimated during due diligence.
    • Meeting or improving on IT time-to-separation estimates: Delivering successful IT carve-out on a timeline that is the same or shorter than the timeline estimated during due diligence.
    • Business capability support: Delivering the end state of IT that supports the expected business capabilities and growth.

    Establish your own metrics to gauge the success of IT

    Establish SMART M&A Success Metrics

    S pecific Make sure the objective is clear and detailed.
    M easurable Objectives are measurable if there are specific metrics assigned to measure success. Metrics should be objective.
    A ctionable Objectives become actionable when specific initiatives designed to achieve the objective are identified.
    R ealistic Objectives must be achievable given your current resources or known available resources.
    T ime-Bound An objective without a timeline can be put off indefinitely. Furthermore, measuring success is challenging without a timeline.
    • What should IT consider when looking to identify potential additions, deletions, or modifications that will either add value to the organization or reduce costs/risks?
    • Provide a definition of synergies.
    • IT operational savings and cost reductions due to synergies: Operating expenses, capital expenditures, licenses, contracts, applications, infrastructure.
    • Reduction in IT staff expense and headcount: Decreased budget allocated to IT staff, and ability to identify and remove redundancies in staff.
    • Meeting or improving on IT budget estimates: Delivering successful IT separation on a budget that is the same or lower than the budget estimated during due diligence.
    • Meeting or improving on IT time-to-separation estimates: Delivering successful IT carve-out on a timeline that is the same or shorter than the timeline estimated during due diligence.
    • Revenue growth: Increase in the top line as a result, as seen by market expansion, product expansion, etc., as a result of divesting lines of the business and selling service-level agreements to the purchasing organization.
    • Synergy extraction: Reduction in costs, as determined by the ability to identify and eliminate redundancies.
    • Profit margin growth: Increase in the bottom line as a result of increased revenue growth and/or decreased costs.

    Metrics for each phase

    1. Proactive

    2. Discovery & Strategy

    3. Valuation & Due Diligence

    4. Execution & Value Realization

    • % Share of business innovation spend from overall IT budget
    • % Critical processes with approved performance goals and metrics
    • % IT initiatives that meet or exceed value expectation defined in business case
    • % IT initiatives aligned with organizational strategic direction
    • % Satisfaction with IT's strategic decision-making abilities
    • $ Estimated business value added through IT-enabled innovation
    • % Overall stakeholder satisfaction with IT
    • % Percent of business leaders that view IT as an Innovator
    • % IT budget as a percent of revenue
    • % Assets that are not allocated
    • % Unallocated software licenses
    • # Obsolete assets
    • % IT spend that can be attributed to the business (chargeback or showback)
    • % Share of CapEx of overall IT budget
    • % Prospective organizations that meet the search criteria
    • $ Total IT cost of ownership (before and after M&A, before and after rationalization)
    • % Business leaders that view IT as a Business Partner
    • % Defects discovered in production
    • $ Cost per user for enterprise applications
    • % In-house-built applications vs. enterprise applications
    • % Owners identified for all data domains
    • # IT staff asked to participate in due diligence
    • Change to due diligence
    • IT budget variance
    • Synergy target
    • % Satisfaction with the effectiveness of IT capabilities
    • % Overall end-customer satisfaction
    • $ Impact of vendor SLA breaches
    • $ Savings through cost-optimization efforts
    • $ Savings through application rationalization and technology standardization
    • # Key positions empty
    • % Frequency of staff turnover
    • % Emergency changes
    • # Hours of unplanned downtime
    • % Releases that cause downtime
    • % Incidents with identified problem record
    • % Problems with identified root cause
    • # Days from problem identification to root cause fix
    • % Projects that consider IT risk
    • % Incidents due to issues not addressed in the security plan
    • # Average vulnerability remediation time
    • % Application budget spent on new build/buy vs. maintenance (deferred feature implementation, enhancements, bug fixes)
    • # Time (days) to value realization
    • % Projects that realized planned benefits
    • $ IT operational savings and cost reductions that are related to synergies/divestitures
    • % IT staff–related expenses/redundancies
    • # Days spent on IT separation
    • $ Accurate IT budget estimates
    • % Revenue growth directly tied to IT delivery
    • % Profit margin growth

    2.1.6 Create program metrics

    1-2 hours

    Input: IT capabilities, Mission, vision, and guiding principles, Rationale for the acquisition

    Output: Program metrics to support IT throughout the M&A process

    Materials: Flip charts/whiteboard, Markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to determine how IT’s success throughout a growth transaction will be measured and determined.

    1. Document a list of appropriate metrics on the whiteboard. Remember to include metrics that demonstrate the business impact. You can use the sample metrics listed on the previous slide as a starting point.
    2. Set a target and deadline for each metric. This will help the group determine when it is time to evaluate progression.
    3. Establish a baseline for each metric based on information collected within your organization.
    4. Assign an owner for tracking each metric as well as someone to be accountable for performance.

    Record the results in the M&A Sell Playbook.

    Discovery & Strategy

    Step 2.2

    Prepare IT to Engage in the Separation or Sale

    Activities

    • 2.2.1 Establish the separation strategy
    • 2.2.2 Conduct a RACI
    • 2.2.3 Create the communication plan
    • 2.2.4 Assess the potential organization(s)

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team

    Outcomes of Step

    Identify IT’s plan of action when it comes to the separation/sale and align IT’s separation/sale strategy with the business’ M&A strategy.

    Separation strategies

    There are several IT separation strategies that will let you achieve your target technology environment.

    IT Separation Strategies
    • Divest. Carve out elements of the IT organization and sell them to a purchasing organization with or without a service-level agreement.
    • Sell. Sell the entire IT environment to a purchasing organization. The purchasing organization takes full responsibility in delivering and running the IT environment.
    • Spin-Off Joint Venture. Carve out elements of the IT organization and combine them with elements of a new or purchasing organization to create a new entity.

    The approach IT takes will depend on the business objectives for the M&A.

    • Generally speaking, the separation strategy is well understood and influenced by the frequency of and rationale for selling.
    • Based on the initiatives generated by each business process owner, you need to determine the IT separation strategy that will best support the desired target technology environment, especially if you are still operating or servicing elements of that IT environment.

    Key considerations when choosing an IT separation strategy include:

    • What are the main business objectives of the M&A?
    • What are the key synergies expected from the transaction?
    • What IT separation strategy best helps obtain these benefits?
    • What opportunities exist to position the business for sustainable and long-term growth?

    Separation strategies in detail

    Review highlights and drawbacks of different separation strategies

    Divest
      Highlights
    • Recommended for businesses striving to reduce costs and potentially even generate revenue for the business through the delivery of SLAs.
    • Opportunity to reduce or scale back on lines of business or products that are not driving profits.
      Drawbacks
    • May be forced to give up critical staff that have been known to deliver high value.
    • The IT department is left to deliver services to the purchasing organization with little support or consideration from the business.
    • There can be increased risk and security concerns that need to be addressed.
    Sell
      Highlights
    • Recommended for businesses looking to gain capital to exit the market profitably or to enter a new market with a large sum of capital.
    • The business will no longer exist, and as a result all operational costs, including IT, will become redundant.
      Drawbacks
    • IT is no longer needed as an operating or capital service for the organization.
    • Lost resources, including highly trained and critical staff.
    • May require packaging employees off and using the profit or capital generated to cover any closing costs.
    Spin-Off or Joint Venture
      Highlights
    • Recommended for businesses looking to expand their market presence or acquire new products. Essentially aligning the two organizations in the same market.
    • Each side has a unique offering but complementing capabilities.
      Drawbacks
    • As much as the organization is going through a separation from the original company, it will be going through an integration with the new company.
    • There could be differences in culture.
    • This could require a large amount of investment without a guarantee of profit or success.

    2.2.1 Establish the separation strategy

    1-2 hours

    Input: Business separation strategy, Guiding principles, M&A governance

    Output: IT’s separation strategy

    Materials: Flip charts/whiteboard, Markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to determine IT’s approach to separating or selling. This approach might differ slightly from transaction to transaction. However, the businesses approach to transactions should give insight into the general separation strategy IT should adopt.

    1. Make sure you have clearly articulated the business objectives for the M&A, the technology end state for IT, and the magnitude of the overall separation.
    2. Review and discuss the highlights and drawbacks of each type of separation.
    3. Use Info-Tech’s Separation Posture Selection Framework on the next slide to select the separation posture that will appropriately enable the business. Consider these questions during your discussion:
      1. What are the main business objectives of the M&A? What key IT capabilities will need to support business objectives?
      2. What key synergies are expected from the transaction? What opportunities exist to position the business for sustainable growth?
      3. What IT separation best helps obtain these benefits?

    Record the results in the M&A Sell Playbook.

    Separation Posture Selection Framework

    Business M&A Strategy

    Resultant Technology Strategy

    M&A Magnitude (% of Seller Assets, Income, or Market Value)

    IT Separation Posture
    A. Horizontal Adopt One Model ‹100% Divest
    ›99% Sell
    B. Vertical Create Links Between Critical Systems Any Divest
    C. Conglomerate Independent Model Any Joint Venture
    Divest
    D. Hybrid: Horizontal & Conglomerate Create Links Between Critical Systems Any Divest
    Joint Venture

    M&A separation strategy

    Business M&A Strategy Resultant Technology Strategy M&A Magnitude (% of Seller Assets, Income, or Market Value) IT Separation Posture

    You may need a hybrid separation posture to achieve the technology end state.

    M&A objectives may not affect all IT domains and business functions in the same way. Therefore, the separation requirements for each business function may differ. Organizations will often choose to select and implement a hybrid separation posture to realize the technology end state.

    Each business division may have specific IT domain and capability needs that require an alternative separation strategy.

    • Example: Even when conducting a joint venture by forming a new organization, some partners might view themselves as the dominant partner and want to influence the IT environment to a greater degree.
    • Example: Some purchasing organizations will expect service-level agreements to be available for a significant period of time following the divestiture, while others will be immediately independent.

    2.2.2 Conduct a RACI

    1-2 hours

    Input: IT capabilities, Transition team, Separation strategy

    Output: Completed RACI for Transition team

    Materials: Reference architecture, Organizational structure, Flip charts/whiteboard, Markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to identify the core accountabilities and responsibilities for the roles identified as critical to your transition team. While there might be slight variation from transaction to transaction, ideally each role should be performing certain tasks.

    1. First, identify a list of critical tasks that need to be completed to support the sale or separation. For example:
      • Communicate with the company M&A team.
      • Identify the key IT solutions that can and cannot be carved out.
      • Gather data room artifacts and provide them to acquiring organization.
    2. Next, identify at the activity level which role is accountable or responsible for each activity. Enter an A for accountable, R for responsible, or A/R for both.

    Record the results in the M&A Sell Playbook.

    Communication and change

    Prepare key stakeholders for the potential changes

    • Anytime you are starting a project or program that will depend on users and stakeholders to give up their old way of doing things, change will force people to become novices again, leading to lost productivity and added stress.
    • Change management can improve outcomes for any project where you need people to adopt new tools and procedures, comply with new policies, learn new skills and behaviors, or understand and support new processes.
    • M&As move very quickly, and it can be very difficult to keep track of which stakeholders you need to be communicating with and what you should be communicating.
    • Not all organizations embrace or resist change in the same ways. Base your change communications on your organization’s cultural appetite for change in general.
      • Organizations with a low appetite for change will require more direct, assertive communications.
      • Organizations with a high appetite for change are more suited to more open, participatory approaches.

    Three key dimensions determine the appetite for cultural change:

    • Power Distance. Refers to the acceptance that power is distributed unequally throughout the organization.
      In organizations with a high power distance, the unequal power distribution is accepted by the less powerful employees.
    • Individualism. Organizations that score high in individualism have employees who are more independent. Those who score low in individualism fall into the collectivism side, where employees are strongly tied to one another or their groups.
    • Uncertainty Avoidance. Describes the level of acceptance that an organization has toward uncertainty. Those who score high in this area find that their employees do not favor uncertain situations, while those that score low in this area find that their employees are comfortable with change and uncertainty.

    2.2.3 Create the communication plan

    1-2 hours

    Input: IT’s M&A mission, vision, and guiding principles, M&A transition team, IT separation strategy, RACI

    Output: IT’s M&A communication plan

    Materials: Flip charts/whiteboard, Markers, RACI, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create a communication plan that IT can leverage throughout the initiative.

    1. Create a structured communication plan that allows for continuous communication with the integration management office, senior management, and the business functional heads.
    2. Outline key topics of communication, with stakeholders, inputs, and outputs for each topic.
    3. Review Info-Tech’s example communication plan in the M&A Sell Playbook and update it with relevant information.
    4. Does this communication plan make sense for your organization? What doesn’t make sense? Adjust the communication guide to suit your organization.

    Record the results in the M&A Sell Playbook.

    Assessing potential organizations

    As soon as you have identified organizations to consider, it’s imperative to assess critical risks. Most IT leaders can attest that they will receive little to no notice when the business is pursuing a sale and IT has to assess the IT organization. As a result, having a standardized template to quickly assess the potential acquiring organization is important.

    Ways to Assess

    1. News: Assess what sort of news has been announced in relation to the organization. Have they had any risk incidents? Has a critical vendor announced working with them?
    2. LinkedIn: Scan through the LinkedIn profiles of employees. This will give you a sense of what platforms they have based on employees. It will also give insight into positive or negative employee experiences that could impact retention.
    3. Trends: Some industries will have specific solutions that are relevant and popular. Assess what the key players are (if you don’t already know) to determine the solution.
    4. Business Architecture: While this assessment won’t perfect, try to understand the business’ value streams and the critical business and IT capabilities that would be needed to support them. Will your organization or employee skills be required to support these long term?

    Info-Tech Insight

    Assessing potential organizations is not just for the purchaser. The seller should also know what the purchasing organization’s history with M&As is and what potential risks could occur if remaining connected through ongoing SLAs.

    2.2.4 Assess the potential organization(s)

    1-2 hours

    Input: Publicized historical risk events, Solutions and vendor contracts likely in the works, Trends

    Output: IT’s valuation of the potential organization(s) for selling or divesting

    Materials: M&A Sell Playbook

    Participants: IT executive/CIO

    The purpose of this activity is to assess the organization(s) that your organization is considering selling or divesting to.

    1. Complete the Historical Valuation Worksheet in the M&A Sell Playbook to understand the type of IT organization that your company may support.
      • The business likely isn’t looking for in-depth details at this time. However, as the IT leader, it is your responsibility to ensure critical risks are identified and communicated to the business.
    2. Use the information identified to help the business narrow down which organizations could be the right organizations to sell or divest to.

    Record the results in the M&A Sell Playbook.

    By the end of this pre-transaction phase you should:

    Have a program plan for M&As and a repeatable M&A strategy for IT when engaging in reduction transactions

    Key outcomes from the Discovery & Strategy phase
    • Prepare the IT environment to support the potential sale or divestiture by identifying critical program plan elements and establishing a separation or carve-out strategy that will enable the business to reach its goals.
    • Create a M&A strategy that accounts for all the necessary elements of a transaction and ensures sufficient governance, capabilities, and metrics exist.
    Key deliverables from the Discovery & Strategy phase
    • Create vision and mission statements
    • Establish guiding principles
    • Create a future-state operating model
    • Identify the key roles for the transaction team
    • Identify and communicate the M&A governance
    • Determine target metrics
    • Identify the M&A operating model
    • Select the separation strategy framework
    • Conduct a RACI for key transaction tasks for the transaction team
    • Document the communication plan

    M&A Sell Blueprint

    Phase 3

    Due Diligence & Preparation

    Phase 1Phase 2

    Phase 3

    		Phase 4
    • 1.1 Identify Stakeholders and Their Perspective of IT
    • 1.2 Assess IT’s Current Value and Future State
    • 1.3 Drive Innovation and Suggest Reduction Opportunities
    • 2.1 Establish the M&A Program Plan
    • 2.2 Prepare IT to Engage in the Separation or Sale
    • 3.1 Engage in Due Diligence and Prepare Staff
    • 3.2 Prepare to Separate
    • 4.1 Execute the Transaction
    • 4.2 Reflection and Value Realization

    This phase will walk you through the following activities:

    • Drive value with a due diligence charter
    • Gather data room artifacts
    • Measure staff engagement
    • Assess culture
    • Create a carve-out roadmap
    • Prioritize separation tasks
    • Establish the separation roadmap
    • Identify the buyer’s IT expectations
    • Create a service/transaction agreement
    • Estimate separation costs
    • Create an employee transition plan
    • Create functional workplans for employees
    • Align project metrics with identified tasks

    This phase involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team
    • Business leaders
    • Purchasing organization
    • Transition team

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Pre-Work

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Establish the Transaction FoundationDiscover the Motivation for SeparationIdentify Expectations and Create the Carve-Out RoadmapPrepare and Manage EmployeesPlan the Separation RoadmapNext Steps and Wrap-Up (offsite)

    Activities

    • 0.1 Identify the rationale for the company's decision to pursue a divestiture/sale.
    • 0.2 Identify key stakeholders and determine the IT transaction team.
    • 0.3 Gather and evaluate the M&A strategy, future-state operating model, and governance.
    • 1.1 Review the business rationale for the divestiture/sale.
    • 1.2 Identify pain points and opportunities tied to the divestiture/sale.
    • 1.3 Establish the separation strategy.
    • 1.4 Create the due diligence charter.
    • 2.1 Identify the buyer’s IT expectations.
    • 2.2 Create a list of IT artifacts to be reviewed in the data room.
    • 2.3 Create a carve-out roadmap.
    • 2.4 Create a service/technical transaction agreement.
    • 3.1 Measure staff engagement.
    • 3.2 Assess the current culture and identify the goal culture.
    • 3.3 Create an employee transition plan.
    • 3.4 Create functional workplans for employees.
    • 4.1 Prioritize separation tasks.
    • 4.2 Establish the separation roadmap.
    • 4.3 Establish and align project metrics with identified tasks.
    • 4.4 Estimate separation costs.
    • 5.1 Complete in-progress deliverables from previous four days.
    • 5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    1. IT strategy
    2. IT operating model
    3. IT governance structure
    4. M&A transaction team
    1. Business context implications for IT
    2. Separation strategy
    3. Due diligence charter
    1. Data room artifacts identified
    2. Carve-out roadmap
    3. Service/technical transaction agreement
    1. Engagement assessment
    2. Culture assessment
    3. Employee transition plans and workplans
    1. Separation roadmap and associated resourcing
    1. Divestiture separation strategy for IT

    What is the Due Diligence & Preparation phase?

    Mid-transaction state

    The Due Diligence & Preparation phase during a sale or divestiture is a critical time for IT. If IT fails to proactively participate in this phase, IT will have to merely react to separation expectations set by the business.

    If your organization is being sold in its entirety, staff will have major concerns about their future in the new organization. Making this transition as smooth as possible and being transparent could go a long way in ensuring their success in the new organization.

    In a divestiture, this is the time to determine where it’s possible for the organization to divide or separate from itself. A lack of IT involvement in these conversations could lead to an overcommitment by the business and under-delivery by IT.

    Goal: To ensure that, as the selling or divesting organization, you comply with regulations, prepare staff for potential changes, and identify a separation strategy if necessary

    Due Diligence Prerequisite Checklist

    Before coming into the Due Diligence & Preparation phase, you must have addressed the following:

    • Understand the rationale for the company's decision to pursue a sale or divestiture and what opportunities or pain points the sale should alleviate.
    • Identify the key roles for the transaction team.
    • Identify the M&A governance.
    • Determine target metrics.
    • Select a separation strategy framework.
    • Conduct a RACI for key transaction tasks for the transaction team.

    Before coming into the Due Diligence & Preparation phase, we recommend addressing the following:

    • Create vision and mission statements.
    • Establish guiding principles.
    • Create a future-state operating model.
    • Identify the M&A operating model.
    • Document the communication plan.
    • Examine the business perspective of IT.
    • Identify key stakeholders and outline their relationship to the M&A process.
    • Be able to valuate the IT environment and communicate IT’s value to the business.

    The Technology Value Trinity

    Delivery of Business Value & Strategic Needs

    • Digital & Technology Strategy
      The identification of objectives and initiatives necessary to achieve business goals.
    • IT Operating Model
      The model for how IT is organized to deliver on business needs and strategies.
    • Information & Technology Governance
      The governance to ensure the organization and its customers get maximum value from the use of information and technology.

    All three elements of the Technology Value Trinity work in harmony to deliver business value and achieve strategic needs. As one changes, the others need to change as well.

    • Digital and IT Strategy tells you what you need to achieve to be successful.
    • IT Operating Model and Organizational Design is the alignment of resources to deliver on your strategy and priorities.
    • Information & Technology Governance is the confirmation of IT’s goals and strategy, which ensures the alignment of IT and business strategy. It’s the mechanism by which you continuously prioritize work to ensure that what is delivered is in line with the strategy. This oversight evaluates, directs, and monitors the delivery of outcomes to ensure that the use of resources results in the achieving the organization’s goals.

    Too often strategy, operating model and organizational design, and governance are considered separate practices. As a result, “strategic documents” end up being wish lists, and projects continue to be prioritized based on who shouts the loudest – not based on what is in the best interest of the organization.

    Due Diligence & Preparation

    Step 3.1

    Engage in Due Diligence and Prepare Staff

    Activities

    • 3.1.1 Drive value with a due diligence charter
    • 3.1.2 Gather data room artifacts
    • 3.1.3 Measure staff engagement
    • 3.1.4 Assess culture

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team
    • Business leaders
    • Prospective IT organization
    • Transition team

    Outcomes of Step

    This step of the process is when IT should prepare and support the business in due diligence and gather the necessary information about staff changes.

    3.1.1 Drive value with a due diligence charter

    1-2 hours

    Input: Key roles for the transaction team, M&A governance, Target metrics, Selected separation strategy framework, RACI of key transaction tasks for the transaction team

    Output: IT Due Diligence Charter

    Materials: M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create a charter leveraging the items completed in the previous phase, as listed on the Due Diligence Prerequisite Checklist slide, to gain executive sign-off.

    1. In the IT Due Diligence Charter in the M&A Sell Playbook, complete the aspects of the charter that are relevant for you and your organization.
    2. We recommend including these items in the charter:
      • Communication plan
      • Transition team roles
      • Goals and metrics for the transaction
      • Separation strategy
      • Sale/divestiture RACI
    3. Once the charter has been completed, ensure that business executives agree to the charter and sign off on the plan of action.

    Record the results in the M&A Sell Playbook.

    3.1.2 Gather data room artifacts

    4 hours

    Input: Future-state operating model, M&A governance, Target metrics, Selected separation strategy framework, RACI of key transaction tasks for the transaction team

    Output: List of items to acquire and verify can be provided to the purchasing organization while in the data room

    Materials: Critical domain lists on following slides, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team, Transition team, Legal team, Compliance/privacy officers

    The purpose of this activity is to create a list of the key artifacts that you could be asked for during the due diligence process.

    1. Review the lists on the following pages as a starting point. Identify which domains, stakeholders, artifacts, and information should be requested for the data room.
    2. IT leadership may or may not be asked to enter the data room directly. The short notice for having to find these artifacts for the purchasing organization can leave your IT organization scrambling. Identify the critical items worth obtaining ahead of time.
    3. Once you have identified the artifacts, provide the list to the legal team or compliance/privacy officers and ensure they also agree those items can be provided. If changes to the documents need to be made, take the time to do so.
    4. Store all items in a safe and secure file or provide to the M&A team ahead of due diligence.

    **Note that if your organization is not leading/initiating the data room, then you can ignore this activity.

    Record the results in the M&A Sell Playbook.

    Critical domains

    Understand the key stakeholders and outputs for each domain

    Domain

    Stakeholders

    Key Artifacts

    Key Information to request
    Business
    • Enterprise Architecture
    • Business Relationship Manager
    • Business Process Owners
    • Business capability map
    • Capability map (the M&A team should be taking care of this, but make sure it exists)
    • Business satisfaction with various IT systems and services
    Leadership/IT Executive
    • CIO
    • CTO
    • CISO
    • IT budgets
    • IT capital and operating budgets (from current year and previous year)
    Data & Analytics
    • Chief Data Officer
    • Data Architect
    • Enterprise Architect
    • Master data domains, system of record for each
    • Unstructured data retention requirements
    • Data architecture
    • Master data domains, sources, and storage
    • Data retention requirements
    Applications
    • Applications Manager
    • Application Portfolio Manager
    • Application Architect
    • Applications map
    • Applications inventory
    • Applications architecture
    • Copy of all software license agreements
    • Copy of all software maintenance agreements
    Infrastructure
    • Head of Infrastructure
    • Enterprise Architect
    • Infrastructure Architect
    • Infrastructure Manager
    • Infrastructure map
    • Infrastructure inventory
    • Network architecture (including which data centers host which infrastructure and applications)
    • Inventory (including separation capabilities of vendors, versions, switches, and routers)
    • Copy of all hardware lease or purchase agreements
    • Copy of all hardware maintenance agreements
    • Copy of all outsourcing/external service provider agreements
    • Copy of all service-level agreements for centrally provided, shared services and systems
    Products and Services
    • Product Manager
    • Head of Customer Interactions
    • Product lifecycle
    • Product inventory
    • Customer market strategy

    Critical domains (continued)

    Understand the key stakeholders and outputs for each domain

    Domain

    Stakeholders

    Key Artifacts

    Key Information to request

    Operations
    • Head of Operations
    • Service catalog
    • Service overview
    • Service owners
    • Access policies and procedures
    • Availability and service levels
    • Support policies and procedures
    • Costs and approvals (internal and customer costs)
    IT Processes
    • CIO
    • IT Management
    • VP of IT Governance
    • VP of IT Strategy
    • IT process flow diagram
    • Processes in place and productivity levels (capacity)
    • Critical processes/processes the organization feels they do particularly well
    IT People
    • CIO
    • VP of Human Resources
    • IT organizational chart
    • Competency & capacity assessment
    • IT organizational structure (including resources from external service providers such as contractors) with appropriate job descriptions or roles and responsibilities
    • IT headcount and location
    Security
    • CISO
    • Security Architect
    • Security posture
    • Information security staff
    • Information security service providers
    • Information security tools
    • In-flight information security projects
    Projects
    • Head of Projects
    • Project portfolio
    • List of all future, ongoing, and recently completed projects
    Vendors
    • Head of Vendor Management
    • License inventory
    • Inventory (including what will and will not be transitioning, vendors, versions, number of licenses)

    Retain top talent throughout the transition

    Focus on retention and engagement

    • People are such a critical component of this process, especially in the selling organization.
    • Retaining employees, especially the critical employees who hold specific skills or knowledge, will ensure the success and longevity of the divesting organization, purchasing organization, or the new company.
    • Giving employees a role in the organization and ensuring they do not see their capabilities as redundant will be critical to the process.
    • It is okay if employees need to change what they were doing temporarily or even long-term. However, being transparent about these changes and highlighting their value to the process and organization(s) will help.
    • The first step to moving forward with retention is to look at the baseline engagement and culture of employees and the organization. This will help determine where to focus and allow you to identify changes in engagement that resulted from the transaction.
    • Job engagement drivers are levers that influence the engagement of employees in their day-to-day roles.
    • Organizational engagement drivers are levers that influence an employee’s engagement with the broader organization.
    • Retention drivers are employment needs. They don’t necessarily drive engagement, but they must be met for engagement to be possible.

    3.1.3 Measure staff engagement

    3-4 hours

    Input: Engagement survey

    Output: Baseline engagement scores

    Materials: Build an IT Employee Engagement Program

    Participants: IT executive/CIO, IT senior leadership, IT employees of current organization

    The purpose of this activity is to measure current staff engagement to have a baseline to measure against in the future state. This is a good activity to complete if you will be divesting or selling in entirety.

    The results from the survey should act as a baseline to determine what the organization is doing well in terms of employee engagement and what drivers could be improved upon.

    1. Review Info-Tech’s Build an IT Employee Engagement Program research and select a survey that will best meet your needs.
    2. Conduct the survey and note which drivers employees are currently satisfied with. Likewise, note where there are opportunities.
    3. Document actions that should be taken to mitigate the negative engagement drivers throughout the transaction and enhance or maintain the positive engagement drivers.

    Record the results in the M&A Sell Playbook.

    Assess culture as a part of engagement

    Culture should not be overlooked, especially as it relates to the separation of IT environments

    • There are three types of culture that need to be considered.
    • Most importantly, this transition is an opportunity to change the culture that might exist in your organization’s IT environment.
    • Make a decision on which type of culture you’d like IT to have post transition.

    Target Organization's Culture. The culture that the target organization is currently embracing. Their established and undefined governance practices will lend insight into this.

    Your Organization’s Culture. The culture that your organization is currently embracing. Examine people’s attitudes and behaviors within IT toward their jobs and the organization.

    Ideal Culture. What will the future culture of the IT organization be once separation is complete? Are there aspects that your current organization and the target organization embrace that are worth considering?

    Culture categories

    Map the results of the IT Culture Diagnostic to an existing framework

    Competitive
    • Autonomy
    • Confront conflict directly
    • Decisive
    • Competitive
    • Achievement oriented
    • Results oriented
    • High performance expectations
    • Aggressive
    • High pay for good performance
    • Working long hours
    • Having a good reputation
    • Being distinctive/different
    Innovative
    • Adaptable
    • Innovative
    • Quick to take advantage of opportunities
    • Risk taking
    • Opportunities for professional growth
    • Not constrained by rules
    • Tolerant
    • Informal
    • Enthusiastic
    Traditional
    • Stability
    • Reflective
    • Rule oriented
    • Analytical
    • High attention to detail
    • Organized
    • Clear guiding philosophy
    • Security of employment
    • Emphasis on quality
    • Focus on safety
    Cooperative
    • Team oriented
    • Fair
    • Praise for good performance
    • Supportive
    • Calm
    • Developing friends at work
    • Socially responsible

    Culture Considerations

    • What culture category was dominant for each IT organization?
    • Do you share the same dominant category?
    • Is your current dominant culture category the most ideal to have post-separation?

    3.1.4 Assess Culture

    3-4 hours

    Input: Cultural assessments for current IT organization, Cultural assessment for target IT organization

    Output: Goal for IT culture

    Materials: IT Culture Diagnostic

    Participants: IT executive/CIO, IT senior leadership, IT employees of current organization, IT employees of target organization, Company M&A team

    The purpose of this activity is to assess the different cultures that might exist within the IT environments of the organizations involved. By understanding the culture that exists in the purchasing organization, you can identify the fit and prepare impacted staff for potential changes.

    1. Complete this activity by leveraging the blueprint Fix Your IT Culture, specifically the IT Culture Diagnostic.
    2. Fill out the diagnostic for the IT department in your organization:
      1. Answer the 16 questions in tab 2, Diagnostic.
      2. Find out your dominant culture and review recommendations in tab 3, Results.
    3. Document the results from tab 3, Results, in the M&A Sell Playbook if you are trying to record all artifacts related to the transaction in one place.
    4. Repeat the activity for the purchasing organization.
    5. Leverage the information to determine what the goal for the culture of IT will be post-separation if it will differ from the current culture.

    Record the results in the M&A Sell Playbook.

    Due Diligence & Preparation

    Step 3.2

    Prepare to Separate

    Activities

    • 3.2.1 Create a carve-out roadmap
    • 3.2.2 Prioritize separation tasks
    • 3.2.3 Establish the separation roadmap
    • 3.2.4 Identify the buyer’s IT expectations
    • 3.2.5 Create a service/transaction agreement
    • 3.2.6 Estimate separation costs
    • 3.2.7 Create an employee transition plan
    • 3.2.8 Create functional workplans for employees
    • 3.2.9 Align project metrics with identified tasks

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Transition team
    • Company M&A team
    • Purchasing organization

    Outcomes of Step

    Have an established plan of action toward separation across all domains and a strategy toward resources.

    Don’t underestimate the importance of separation preparation

    Separation involves taking the IT organization and dividing it into two or more separate entities.

    Testing the carve capabilities of the IT organization often takes 3 months. (Source: Cognizant, 2014)

    Daimler-Benz lost nearly $19 billion following its purchase of Chrysler by failing to recognize the cultural differences that existed between the two car companies. (Source: Deal Room)

    Info-Tech Insight

    Separating the IT organization requires more time and effort than business leaders will know. Frequently communicate challenges and lost opportunities when carving the IT environment out.

    Separation needs

    Identify the business objectives of the sale to determine the IT strategy

    Set up a meeting with your IT due diligence team to:

    • Ensure there will be no gaps in the delivery of products and services in the future state.
    • Discuss the people and processes necessary to achieve the target technology environment and support M&A business objectives.

    Use this opportunity to:

    • Identify data and application complexities between the involved organizations.
    • Identify the IT people and process gaps, initiatives, and levels of support expected.
    • Determine your infrastructure needs to ensure effectiveness and delivery of services:
      • Does IT have the infrastructure to support the applications and business capabilities?
      • Identify any gaps between the current infrastructure in both organizations and the infrastructure required.
      • Identify any redundancies/gaps.
      • Determine the appropriate IT separation strategies.
    • Document your gaps, redundancies, initiatives, and assumptions to help you track and justify the initiatives that must be undertaken and help estimate the cost of separation.

    Separation strategies

    There are several IT separation strategies that will let you achieve your target technology environment.

    IT Separation Strategies
    • Divest. Carve out elements of the IT organization and sell them to a purchasing organization with or without a service-level agreement.
    • Sell. Sell the entire IT environment to a purchasing organization. The purchasing organization takes full responsibility in delivering and running the IT environment.
    • Spin-Off Joint Venture. Carve out elements of the IT organization and combine them with elements of a new or purchasing organization to create a new entity.

    The approach IT takes will depend on the business objectives for the M&A.

    • Generally speaking, the separation strategy is well understood and influenced by the frequency of and rationale for selling.
    • Based on the initiatives generated by each business process owner, you need to determine the IT separation strategy that will best support the desired target technology environment, especially if you are still operating or servicing elements of that IT environment.

    Key considerations when choosing an IT separation strategy include:

    • What are the main business objectives of the M&A?
    • What are the key synergies expected from the transaction?
    • What IT separation strategy best helps obtain these benefits?
    • What opportunities exist to position the business for sustainable and long-term growth?

    Separation strategies in detail

    Review highlights and drawbacks of different separation strategies

    Divest
      Highlights
    • Recommended for businesses striving to reduce costs and potentially even generate revenue for the business through the delivery of SLAs.
    • Opportunity to reduce or scale back on lines of business or products that are not driving profits.
      Drawbacks
    • May be forced to give up critical staff that have been known to deliver high value.
    • The IT department is left to deliver services to the purchasing organization with little support or consideration from the business.
    • There can be increased risk and security concerns that need to be addressed.
    Sell
      Highlights
    • Recommended for businesses looking to gain capital to exit the market profitably or to enter a new market with a large sum of capital.
    • The business will no longer exist, and as a result all operational costs, including IT, will become redundant.
      Drawbacks
    • IT is no longer needed as an operating or capital service for the organization.
    • Lost resources, including highly trained and critical staff.
    • May require packaging employees off and using the profit or capital generated to cover any closing costs.
    Spin-Off or Joint Venture
      Highlights
    • Recommended for businesses looking to expand their market presence or acquire new products. Essentially aligning the two organizations in the same market.
    • Each side has a unique offering but complementing capabilities.
      Drawbacks
    • As much as the organization is going through a separation from the original company, it will be going through an integration with the new company.
    • There could be differences in culture.
    • This could require a large amount of investment without a guarantee of profit or success.

    Preparing the carve-out roadmap

    And why it matters so much

    • When carving out the IT environment in preparation for a divestiture, it’s important to understand the infrastructure, application, and data connections that might exist.
    • Much to the business’ surprise, carving out the IT environment is not easy, especially when considering the services and products that might depend on access to certain applications or data sets.
    • Once the business has indicated which elements they anticipate divesting, be prepared for testing the functionality and ability of this carve-out, either through automation or manually. There are benefits and drawbacks to both methods:
      • Automated requires a solution and a developer to code the tests.
      • Manual requires time to find the errors, possibly more time than automated testing.
    • Identify if there are dependencies that will make the carve-out difficult.
      • For example, the business is trying to divest Product X, but that product is integrated with Product Y, which is not being sold.
      • Consider all the processes and products that specific data might support as well.
      • Moreover, the data migration tool will need to enter the ERP system and identify not just the data but all supporting and historical elements that underlie the data.

    Critical components to consider:

    • Selecting manual or automated testing
    • Determining data dependencies
    • Data migration capabilities
    • Auditing approval
    • People and skills that support specific elements being carved out

    3.2.1 Create a carve-out roadmap

    6 hours

    Input: Items included in the carve-out, Dependencies, Whether testing is completed, If the carve-out will pass audit, If the carve-out item is prepared to be separated

    Output: Carve-out roadmap

    Materials: Business’ divestiture plan, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Business leaders, Transition team

    The purpose of this activity is to prepare the IT environment by identifying a carve-out roadmap, specifically looking at data, infrastructure, and applications. Feel free to expand the roadmap to include other categories as your organization sees fit.

    1. In the Carve-Out Roadmap in the M&A Sell Playbook, identify the key elements of the carve-out in the first column.
    2. Note any dependencies the items might have. For example:
      • The business is selling Product X, which is linked to Data X and Data Y. The organization does not want to sell Data Y. Data X would be considered dependent on Data Y.
    3. Once the dependencies have been confirmed, begin automated or manual testing to examine the possibility of separating the data sets (or other dependencies) from one another.
    4. After identifying an acceptable method of separation, inform the auditing individual or body and confirm that there would be no repercussions for the planned process.

    Record the results in the M&A Sell Playbook.

    3.2.2 Prioritize separation tasks

    2 hours

    Input: Separation tasks, Transition team, M&A RACI

    Output: Prioritized separation list

    Materials: Separation task checklist, Separation roadmap

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to prioritize the different separation tasks that your organization has identified as necessary to this transaction. Some tasks might not be relevant for this particular transaction, and others might be critical.

    1. Begin by downloading the SharePoint or Excel version of the M&A Separation Project Management Tool.
    2. Identify which separation tasks you want to have as part of your project plan. Alter or remove any tasks that are irrelevant to your organization. Add in tasks you think are missing.
    3. When deciding criticality of the task, consider the effect on stakeholders, those who are impacted or influenced in the process of the task, and dependencies (e.g. data strategy needs to be addressed first before you can tackle its dependencies, like data quality).
    4. Feel free to edit the way you measure criticality. The standard tool leverages a three-point scale. At the end, you should have a list of tasks in priority order based on criticality.

    Record the updates in the M&A Separation Project Management Tool (SharePoint).

    Record the updates in the M&A Separation Project Management Tool (Excel).

    Separation checklists

    Prerequisite Checklist
    • Build the project plan for separation and prioritize activities
      • Plan first day
      • Plan first 30/100 days
      • Plan first year
    • Create an organization-aligned IT strategy
    • Identify critical stakeholders
    • Create a communication strategy
    • Understand the rationale for the sale or divestiture
    • Develop IT's sale/divestiture strategy
      • Determine goal opportunities
      • Create the mission and vision statements
      • Create the guiding principles
      • Create program metrics
    • Consolidate reports from due diligence/data room
    • Conduct culture assessment
    • Create a transaction team
    • Establish a service/technical transaction agreement
    • Plan and communicate culture changes
    • Create an employee transition plan
    • Assess baseline engagement
    Business
    • Design an enterprise architecture
    • Document your business architecture
    • Meet compliance and regulatory standards
    • Identify and assess all of IT's risks
    Applications
    • Prioritize and address critical applications
      • CRM
      • HRIS
      • Financial
      • Sales
      • Risk
      • Security
      • ERP
      • Email
    • Develop method of separating applications
    • Model critical applications that have dependencies on one another
    • Identify the infrastructure capacity required to support critical applications
    • Prioritize and address critical applications
    Leadership/IT Executive
    • Build an IT budget
    • Structure operating budget
    • Structure capital budget
    • Identify the workforce demand vs. capacity
    • Establish and monitor key metrics
    • Communicate value realized/cost savings
    Data
    • Confirm data strategy
    • Confirm data governance
    • Build a data architecture roadmap
    • Analyze data sources and domains
    • Evaluate data storage (on-premises vs. cloud)
    • Develop an enterprise content management strategy and roadmap
    • Ensure cleanliness/usability of data sets
    • Identify data sets that can remain operational if reduced/separated
    • Develop reporting and analytics capabilities
    • Confirm data strategy
    Operations
    • Manage sales access to customer data
    • Determine locations and hours of operation
    • Separate/terminate phone lists and extensions
    • Split email address books
    • Communicate helpdesk/service desk information

    Separation checklists (continued)

    Infrastructure
    • Manage organization domains
    • Consolidate data centers
    • Compile inventory of vendors, versions, switches, and routers
    • Review hardware lease or purchase agreements
    • Review outsourcing/service provider agreements
    • Review service-level agreements
    • Assess connectivity linkages between locations
    • Plan to migrate to a single email system if necessary
    • Determine network access concerns
    Vendors
    • Establish a sustainable vendor management office
    • Review vendor landscape
    • Identify warranty options
    • Identify the licensing grant
    • Rationalize vendor services and solutions
    People
    • Design an IT operating model
    • Design your future IT organizational structure
    • Conduct a RACI for prioritized activities
    • Conduct a culture assessment and identify goal IT culture
    • Build an IT employee engagement program
    • Determine critical roles and systems/process/products they support
    • Define new job descriptions with meaningful roles and responsibilities
    • Create employee transition plans
    • Create functional workplans
    Projects
    • Identify projects to be on hold
    • Communicate project intake process
    • Reprioritize projects
    Products & Services
    • Redefine service catalog
    • Ensure customer interaction requirements are met
    • Select a solution for product lifecycle management
    • Plan service-level agreements
    Security
    • Conduct a security assessment
    • Develop accessibility prioritization and schedule
    • Establish an information security strategy
    • Develop a security awareness and training program
    • Develop and manage security governance, risk, and compliance
    • Identify security budget
    • Build a data privacy and classification program
    IT Processes
    • Evaluate current process models
    • Determine productivity/capacity levels of processes
    • Identify processes to be changed/terminated
    • Establish a communication plan
    • Develop a change management process
    • Establish/review IT policies
    • Evaluate current process models

    3.2.2 Establish the separation roadmap

    2 hours

    Input: Prioritized separation tasks, Carve-out roadmap, Employee transition plan, Separation RACI, Costs for activities, Activity owners

    Output: Separation roadmap

    Materials: M&A Separation Project Plan Tool (SharePoint), M&A Separation Project Plan Tool (Excel), SharePoint Template: Step-by-Step Deployment Guide

    Participants: IT executive/CIO, IT senior leadership, Transition team, Company M&A team

    The purpose of this activity is to create a roadmap to support IT throughout the separation process. Using the information gathered in previous activities, you can create a roadmap that will ensure a smooth separation.

    1. Use our Separation Project Management Tool to help track critical elements in relation to the separation project. There are a few options available:
      1. Follow the instructions on the next slide if you are looking to upload our SharePoint project template. Additional instructions are available in the SharePoint Template Step-by-Step Deployment Guide.
      2. If you cannot or do not want to use SharePoint as your project management solution, download our Excel version of the tool.
        **Remember that this your tool, so customize to your liking.
    2. Identify who will own or be accountable for each of the separation tasks and establish the time frame for when each project should begin and end. This will confirm which tasks should be prioritized.

    Record the updates in the M&A Separation Project Management Tool (SharePoint).

    Record the updates in the M&A Separation Project Management Tool (Excel).

    Separation Project Management Tool (SharePoint Template)

    Follow these instructions to upload our template to your SharePoint environment

    1. Create or use an existing SP site.
    2. Download the M&A Separation Project Management Tool (SharePoint) .wsp file from the Mergers & Acquisitions: The Sell Blueprint landing page.
    3. To import a template into your SharePoint environment, do the following:
      1. Open PowerShell.
      2. Connect-SPO Service (need to install PowerShell module).
      3. Enter in your tenant admin URL.
      4. Enter in your admin credentials.
      5. Set-SPO Site https://YourDomain.sharepoint.com/sites/YourSiteHe... -DenyAddAndCustomizePages 0
      OR
      1. Turn on both custom script features to allow users to run custom
      4. Screenshot of the 'Custom Script' option for importing a template into your SharePoint environment. Feature description reads 'Control whether users can run custom script on personal sites and self-service created sites. Note: changes to this setting might take up to 24 hours to take effect. For more information, see http://go.microsoft.com/fwlink/?LinkIn=397546'. There are options to prevent or allow users from running custom script on personal/self-service created sites.
    4. Enable the SharePoint Server feature.
    5. Upload the .wsp file in Solutions Gallery.
    6. Deploy by creating a subsite and select from custom options.
      • Allow or prevent custom script
      • Security considerations of allowing custom script
      • Save, download, and upload a SharePoint site as a template
      7. Refer to Microsoft documentation to understand security considerations and what is and isn’t supported:

    For more information, check out the SharePoint Template: Step-by-Step Deployment Guide.

    Supporting the transition and establishing service-level agreements

    The purpose of this part of the transition is to ensure both buyer and seller have a full understanding of expectations for after the transaction.

    • Once the organizations have decided to move forward with a deal, all parties need a clear level of agreement.
    • IT, since it is often seen as an operational division of an organization, is often expected to deliver certain services or products once the transaction has officially closed.
    • The purchasing organization or the new company might depend on IT to deliver these services until they are able to provide those services on their own.
    • Having a clear understanding of what the buyer’s expectations are and what your company, as the selling organization, can provide is important.
    • Have a conversation with the buyer and document those expectations in a signed service agreement.

    3.2.4 Identify the buyer's IT expectations

    3-4 hours

    Input: Carve-out roadmap, Separation roadmap, Up-to-date version of the agreement

    Output: Buyer’s IT expectations

    Materials: Questions for meeting

    Participants: IT executive/CIO, IT senior leadership, Company M&A team, Purchasing company M&A team, Purchasing company IT leadership

    The purpose of this activity is to determine if the buyer has specific service expectations for your IT organization. By identifying, documenting, and agreeing on what services your IT organization will be responsible for, you can obtain a final agreement to protect you as the selling organization.

    1. Buyers should not assume certain services will be provided. Organize a meeting with IT leaders and the company M&A teams to determine what services will be provided.
    2. The next slide has a series of questions that you can start from. Ensure you get detailed information about each of the services.
    3. Once you fully understand the buyer’s IT expectations, create an SLA in the next activity and obtain sign-off from both organizations.

    Questions to ask the buyer

    1. What services would you like my IT organization to provide?
    2. How long do you anticipate those services will be provided to you?
    3. How do you expect your staff/employees to communicate requests or questions to my staff/employees?
    4. Are there certain days or times that you expect these services to be delivered?
    5. How many staff do you expect should be available to support you?
    6. What should be the acceptable response time on given service requests?
    7. When it comes to the services you require, what level of support should we provide?
    8. If a service requires escalation to Level 2 or Level 3 support, are we still expected to support this service? Or are we only Level 1 support?
    9. What preventative security methods does your organization have to protect our environment during this agreement period?

    3.2.5 Create a service/ transaction agreement

    6 hours

    Input: Buyer's expectations, Separation roadmap

    Output: SLA for the purchasing organization

    Materials: Service Catalog Internal Service Level Agreement Template, M&A Separation Project Plan Tool (SharePoint), M&A Separation Project Plan Tool (Excel)

    Participants: IT executive/CIO, IT senior leadership, Company M&A team, Purchasing company M&A team, Purchasing company IT leadership

    The purpose of this activity is to determine if the buyer has specific service expectations for your IT organization post-transaction that your IT organization is agreeing to provide.

    1. Document the expected services and the related details in a service-level agreement.
    2. Provide the SLA to the purchasing organization.
    3. Obtain sign-off from both organizations on the level of service that is expected of IT.
    4. Update the M&A Separation Project Management Tool Excel or SharePoint document to reflect any additional items that the purchasing organization identified.

    *For organizations being purchased in their entirety, this activity may not be relevant.

    Modify the Service Catalog Internal Service Level Agreement with the agreed-upon terms of the SLA.

    Importance of estimating separation costs

    Change is the key driver of separation costs

    Separation costs are dependent on the following:
    • Meeting synergy targets – whether that be cost saving or growth related.
      • Employee-related costs, licensing, and reconfiguration fees play a huge part in meeting synergy targets.
    • Adjustments related to compliance or regulations – especially if there are changes to legal entities, reporting requirements, or risk mitigation standards.
    • Governance or third party–related support required to ensure timelines are met and the separation is a success.
    Separation costs vary by industry type.
    • Certain industries may have separation costs made up of mostly one type, differing from other industries, due to the complexity and demands of the transaction. For example:
      • Healthcare separation costs are mostly driven by regulatory, safety, and quality standards, as well as consolidation of the research and development function.
      • Energy and Utilities tend to have the lowest separation costs due to most transactions occurring within the same sector rather than as cross-sector investments. For example, oil and gas transactions tend to be for oil fields and rigs (strategic fixed assets), which can easily be added to the buyer’s portfolio.

    Separation costs are more related to the degree of change required than the size of the transaction.

    3.2.6 Estimate separation costs

    3-4 hours

    Input: Separation tasks, Transition team, Valuation of current IT environment, Valuation of target IT environment, Outputs from data room, Technical debt, Employees

    Output: List of anticipated costs required to support IT separation

    Materials: Separation task checklist, Separation roadmap, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team, Transition team

    The purpose of this activity is to estimate the costs that will be associated with the separation. Identify and communicate a realistic figure to the larger M&A team within your company as early in the process as possible. This ensures that the funding required for the transaction is secured and budgeted for in the overarching transaction.

    1. On the associated slide in the M&A Sell Playbook, input:
      • Task
      • Domain
      • Cost type
      • Total cost amount
      • Level of certainty around the cost
    2. Provide a copy of the estimated costs to the company’s M&A team. Also provide any additional information identified earlier to help them understand the importance of those costs.

    Record the results in the M&A Sell Playbook.

    Employee transition planning

    Considering employee impact will be a huge component to ensure successful separation

    • Meet With Leadership
    • Plan Individual and Department Redeployment
    • Plan Individual and Department Layoffs
    • Monitor and Manage Departmental Effectiveness
    • For employees, the transition could mean:
      • Changing from their current role to a new role to meet requirements and expectations throughout the transition.
      • Being laid off because the role they are currently occupying has been made redundant.
    • It is important to plan for what the M&A separation needs will be and what the IT operational needs will be.
    • A lack of foresight into this long-term plan could lead to undue costs and headaches trying to retain critical staff, rehiring positions that were already let go, and keeping redundant employees longer then necessary.

    Info-Tech Insight

    Being transparent throughout the process is critical. Do not hesitate to tell employees the likelihood that their job may be made redundant. This will ensure a high level of trust and credibility for those who remain with the organization after the transaction.

    3.2.7 Create an employee transition plan

    3-4 hours

    Input: IT strategy, IT organizational design

    Output: Employee transition plans

    Materials: M&A Sell Playbook, Whiteboard, Sticky notes, Markers

    Participants: IT executive/CIO, IT senior leadership, Company M&A team, Transition team

    The purpose of this activity is to create a transition plan for employees.

    1. Transition planning can be done at specific individual levels or more broadly to reflect a single role. Consider these four items in the transition plan:
      • Understand the direction of the employee transitions.
      • Identify employees that will be involved in the transition (moved or laid off).
      • Prepare to meet with employees.
      • Meet with employees.
    2. For each employee that will be facing some sort of change in their regular role, permanent or temporary, create a transition plan.
    3. For additional information on transitioning employees, review the blueprint Streamline Your Workforce During a Pandemic.

    **Note that if someone’s future role is a layoff, then there is no need to record anything for skills needed or method for skill development.

    Record the results in the M&A Sell Playbook.

    3.2.8 Create functional workplans for employees

    3-4 hours

    Input: Prioritized separation tasks, Employee transition plan, Separation RACI, Costs for activities, Activity owners

    Output: Employee functional workplans

    Materials: M&A Sell Playbook, Learning and development tools

    Participants: IT executive/CIO, IT senior leadership, IT management team, Company M&A team, Transition team

    The purpose of this activity is to create a functional workplan for the different employees so that they know what their key role and responsibilities are once the transaction occurs.

    1. First complete the transition plan from the previous activity (3.2.7) and the separation roadmap. Have these documents ready to review throughout this process.
    2. Identify the employees who will be transitioning to a new role permanently or temporarily. Creating a functional workplan is especially important for these employees.
    3. Identify the skills these employees need to have to support the separation. Record this in the corresponding slide in the M&A Sell Playbook.
    4. For each employee, identify someone who will be a point of contact for them throughout the transition.

    It is recommended that each employee have a functional workplan. Leverage the IT managers to support this task.

    Record the results in the M&A Sell Playbook.

    Metrics for separation

    Valuation & Due Diligence

    • % Defects discovered in production
    • $ Cost per user for enterprise applications
    • % In-house-built applications vs. enterprise applications
    • % Owners identified for all data domains
    • # IT staff asked to participate in due diligence
    • Change to due diligence
    • IT budget variance
    • Synergy target

    Execution & Value Realization

    • % Satisfaction with the effectiveness of IT capabilities
    • % Overall end-customer satisfaction
    • $ Impact of vendor SLA breaches
    • $ Savings through cost-optimization efforts
    • $ Savings through application rationalization and technology standardization
    • # Key positions empty
    • % Frequency of staff turnover
    • % Emergency changes
    • # Hours of unplanned downtime
    • % Releases that cause downtime
    • % Incidents with identified problem record
    • % Problems with identified root cause
    • # Days from problem identification to root cause fix
    • % Projects that consider IT risk
    • % Incidents due to issues not addressed in the security plan
    • # Average vulnerability remediation time
    • % Application budget spent on new build/buy vs. maintenance (deferred feature implementation, enhancements, bug fixes)
    • # Time (days) to value realization
    • % Projects that realized planned benefits
    • $ IT operational savings and cost reductions that are related to synergies/divestitures
    • % IT staff–related expenses/redundancies
    • # Days spent on IT separation
    • $ Accurate IT budget estimates
    • % Revenue growth directly tied to IT delivery
    • % Profit margin growth

    3.2.9 Align project metrics with identified tasks

    3-4 hours

    Input: Prioritized separation tasks, Employee transition plan, Separation RACI, Costs for activities, Activity owners, M&A goals

    Output: Separation-specific metrics to measure success

    Materials: Separation roadmap, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Transition team

    The purpose of this activity is to understand how to measure the success of the separation project by aligning metrics to each identified task.

    1. Review the M&A goals identified by the business. Your metrics will need to tie back to those business goals.
    2. Identify metrics that align to identified tasks and measure achievement of those goals. For each metric you consider, ask the following questions:
      • What is the main goal or objective that this metric is trying to solve?
      • What does success look like?
      • Does the metric promote the right behavior?
      • Is the metric actionable? What is the story you are trying to tell with this metric?
      • How often will this get measured?
      • Are there any metrics it supports or is supported by?

    Record the results in the M&A Sell Playbook.

    By the end of this mid-transaction phase you should:

    Have successfully evaluated your IT people, processes, and technology to determine a roadmap forward for separating or selling.

    Key outcomes from the Due Diligence & Preparation phase
    • Participate in due diligence activities to comply with regulatory and auditing standards and prepare employees for the transition.
    • Create a separation roadmap that considers the tasks that will need to be completed and the resources required to support separation.
    Key deliverables from the Due Diligence & Preparation phase
    • Drive value with a due diligence charter
    • Gather data room artifacts
    • Measure staff engagement
    • Assess culture
    • Create a carve-out roadmap
    • Prioritize separation tasks
    • Establish the separation roadmap
    • Identify the buyer’s IT expectations
    • Create a service/transaction agreement
    • Estimate separation costs
    • Create an employee transition plan
    • Create functional workplans for employees
    • Align project metrics with identified tasks

    M&A Sell Blueprint

    Phase 4

    Execution & Value Realization

    Phase 1Phase 2Phase 3

    Phase 4

    • 1.1 Identify Stakeholders and Their Perspective of IT
    • 1.2 Assess IT’s Current Value and Future State
    • 1.3 Drive Innovation and Suggest Reduction Opportunities
    • 2.1 Establish the M&A Program Plan
    • 2.2 Prepare IT to Engage in the Separation or Sale
    • 3.1 Engage in Due Diligence and Prepare Staff
    • 3.2 Prepare to Separate
    • 4.1 Execute the Transaction
    • 4.2 Reflection and Value Realization

    This phase will walk you through the following activities:

    • Monitor service agreements
    • Continually update the project plan
    • Confirm separation costs
    • Review IT’s transaction value
    • Conduct a transaction and separation SWOT
    • Review the playbook and prepare for future transactions

    This phase involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Vendor management team
    • IT transaction team
    • Company M&A team

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Pre-Work

    Day 1

    Day 2

    Day 3

    Engage in Separation

    Day 4

    Establish the Transaction FoundationDiscover the Motivation for IntegrationPlan the Separation RoadmapPrepare Employees for the TransitionEngage in SeparationAssess the Transaction Outcomes (Must be within 30 days of transaction date)

    Activities

    • 0.1 Identify the rationale for the company's decision to pursue a divestiture/sale.
    • 0.2 Identify key stakeholders and determine the IT transaction team.
    • 0.3 Gather and evaluate the M&A strategy, future-state operating model, and governance.
    • 1.1 Review the business rationale for the divestiture/sale.
    • 1.2 Identify pain points and opportunities tied to the divestiture/sale.
    • 1.3 Establish the separation strategy.
    • 1.4 Create the due diligence charter.
    • 2.1 Prioritize separation tasks.
    • 2.2 Establish the separation roadmap.
    • 2.3 Establish and align project metrics with identified tasks.
    • 2.4 Estimate separation costs.
    • 3.1 Measure staff engagement
    • 3.2 Assess the current culture and identify the goal culture.
    • 3.3 Create an employee transition plan.
    • 3.4 Create functional workplans for employees.
    • S.1 Complete the separation by regularly updating the project plan.
    • S.2 Assess the service/technical transaction agreement.
    • 4.1 Confirm separation costs.
    • 4.2 Review IT’s transaction value.
    • 4.3 Conduct a transaction and separation SWOT.
    • 4.4 Review the playbook and prepare for future transactions.

    Deliverables

    1. IT strategy
    2. IT operating model
    3. IT governance structure
    4. M&A transaction team
    1. Business context implications for IT
    2. Separation strategy
    3. Due diligence charter
    1. Separation roadmap and associated resourcing
    1. Engagement assessment
    2. Culture assessment
    3. Employee transition plans and workplans
    1. Evaluate service/technical transaction agreement
    2. Updated separation project plan
    1. SWOT of transaction
    2. M&A Sell Playbook refined for future transactions

    What is the Execution & Value Realization phase?

    Post-transaction state

    Once the transaction comes to a close, it’s time for IT to deliver on the critical separation tasks. As the selling organization in this transaction, you need to ensure you have a roadmap that properly enables the ongoing delivery of your IT environment while simultaneously delivering the necessary services to the purchasing organization.

    Throughout the separation transaction, some of the most common obstacles IT should prepare for include difficulty separating the IT environment, loss of key personnel, disengaged employees, and security/compliance issues.

    Post-transaction, the business needs to understands the value they received by engaging in the transaction and the ongoing revenue they might obtain as a result of the sale. You also need to ensure that the IT environment is functioning and mitigating any high-risk outcomes.

    Goal: To carry out the planned separation activities and deliver the intended value to the business.

    Execution Prerequisite Checklist

    Before coming into the Execution & Value Realization phase, you must have addressed the following:

    • Understand the rationale for the company's decisions to pursue a sale or divestiture and what opportunities or pain points the sale should alleviate.
    • Identify the key roles for the transaction team.
    • Identify the M&A governance.
    • Determine target metrics.
    • Select a separation strategy framework.
    • Conduct a RACI for key transaction tasks for the transaction team.
    • Create a carve-out roadmap.
    • Prioritize separation tasks.
    • Establish the separation roadmap.
    • Create employee transition plans.

    Before coming into the Execution & Value Realization phase, we recommend addressing the following:

    • Create vision and mission statements.
    • Establish guiding principles.
    • Create a future-state operating model.
    • Identify the M&A operating model.
    • Document the communication plan.
    • Examine the business perspective of IT.
    • Identify key stakeholders and outline their relationship to the M&A process.
    • Establish a due diligence charter.
    • Be able to valuate the IT environment and communicate IT’s value to the business.
    • Gather and present due diligence data room artifacts.
    • Measure staff engagement.
    • Assess and plan for culture.
    • Estimate separation costs.
    • Create functional workplans for employees.
    • Identify the buyer’s IT expectations.
    • Create a service/ transaction agreement.

    Separation checklists

    Prerequisite Checklist
    • Build the project plan for separation and prioritize activities
      • Plan first day
      • Plan first 30/100 days
      • Plan first year
    • Create an organization-aligned IT strategy
    • Identify critical stakeholders
    • Create a communication strategy
    • Understand the rationale for the sale or divestiture
    • Develop IT's sale/divestiture strategy
      • Determine goal opportunities
      • Create the mission and vision statements
      • Create the guiding principles
      • Create program metrics
    • Consolidate reports from due diligence/data room
    • Conduct culture assessment
    • Create a transaction team
    • Establish a service/technical transaction agreement
    • Plan and communicate culture changes
    • Create an employee transition plan
    • Assess baseline engagement
    Business
    • Design an enterprise architecture
    • Document your business architecture
    • Meet compliance and regulatory standards
    • Identify and assess all of IT's risks
    Applications
    • Prioritize and address critical applications
      • CRM
      • HRIS
      • Financial
      • Sales
      • Risk
      • Security
      • ERP
      • Email
    • Develop method of separating applications
    • Model critical applications that have dependencies on one another
    • Identify the infrastructure capacity required to support critical applications
    • Prioritize and address critical applications
    Leadership/IT Executive
    • Build an IT budget
    • Structure operating budget
    • Structure capital budget
    • Identify the workforce demand vs. capacity
    • Establish and monitor key metrics
    • Communicate value realized/cost savings
    Data
    • Confirm data strategy
    • Confirm data governance
    • Build a data architecture roadmap
    • Analyze data sources and domains
    • Evaluate data storage (on-premises vs. cloud)
    • Develop an enterprise content management strategy and roadmap
    • Ensure cleanliness/usability of data sets
    • Identify data sets that can remain operational if reduced/separated
    • Develop reporting and analytics capabilities
    • Confirm data strategy
    Operations
    • Manage sales access to customer data
    • Determine locations and hours of operation
    • Separate/terminate phone lists and extensions
    • Split email address books
    • Communicate helpdesk/service desk information

    Separation checklists (continued)

    Infrastructure
    • Manage organization domains
    • Consolidate data centers
    • Compile inventory of vendors, versions, switches, and routers
    • Review hardware lease or purchase agreements
    • Review outsourcing/service provider agreements
    • Review service-level agreements
    • Assess connectivity linkages between locations
    • Plan to migrate to a single email system if necessary
    • Determine network access concerns
    Vendors
    • Establish a sustainable vendor management office
    • Review vendor landscape
    • Identify warranty options
    • Identify the licensing grant
    • Rationalize vendor services and solutions
    People
    • Design an IT operating model
    • Design your future IT organizational structure
    • Conduct a RACI for prioritized activities
    • Conduct a culture assessment and identify goal IT culture
    • Build an IT employee engagement program
    • Determine critical roles and systems/process/products they support
    • Define new job descriptions with meaningful roles and responsibilities
    • Create employee transition plans
    • Create functional workplans
    Projects
    • Identify projects to be on hold
    • Communicate project intake process
    • Reprioritize projects
    Products & Services
    • Redefine service catalog
    • Ensure customer interaction requirements are met
    • Select a solution for product lifecycle management
    • Plan service-level agreements
    Security
    • Conduct a security assessment
    • Develop accessibility prioritization and schedule
    • Establish an information security strategy
    • Develop a security awareness and training program
    • Develop and manage security governance, risk, and compliance
    • Identify security budget
    • Build a data privacy and classification program
    IT Processes
    • Evaluate current process models
    • Determine productivity/capacity levels of processes
    • Identify processes to be changed/terminated
    • Establish a communication plan
    • Develop a change management process
    • Establish/review IT policies
    • Evaluate current process models

    Execution & Value Realization

    Step 4.1

    Execute the Transaction

    Activities

    • 4.1.1 Monitor service agreements
    • 4.1.2 Continually update the project plan

    This step will walk you through the following activities:

    • Monitor service agreements
    • Continually update the project plan

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Vendor management team
    • IT transaction team
    • Company M&A team

    Outcomes of Step

    Successfully execute the separation of the IT environments and update the project plan, strategizing against any roadblocks as they come.

    Key concerns to monitor during separation

    If you are entering the transaction at this point, consider and monitor the following three items above all else.

    Your IT environment, reputation as an IT leader, and impact on key staff will depend on monitoring these aspects.

    • Risk & Security. Make sure that the channels of communication between the purchasing organization and your IT environment are properly determined and protected. This might include updating or removing employees’ access to certain programs.
    • Retaining Employees. Employees who do not see a path forward in the organization or who feel that their skills are being underused will be quick to move on. Make sure they are engaged before, during, and after the transaction to avoid losing employees.
    • IT Environment Dependencies. Testing the IT environment several times and obtaining sign-off from auditors that this has been completed correctly should be completed well before the transaction occurs. Have a strong architecture outlining technical dependencies.

    For more information, review:

    • Reduce and Manage Your Organization’s Insider Threat Risk
    • Map Technical Skills for a Changing Infrastructure Operations Organization
    • Build a Data Architecture Roadmap

    4.1.1 Monitor service agreements

    3-6 months

    Input: Original service agreement, Risk register

    Output: Service agreement confirmed

    Materials: Original service agreement

    Participants: IT executive/CIO, IT senior leadership, External organization IT senior leadership

    The purpose of this activity is to monitor the established service agreements on an ongoing basis. Your organization is most at risk during the initial months following the transaction.

    1. Ensure the right controls exist to prevent the organization from unnecessarily opening itself up to risks.
    2. Meet with the purchasing organization/subsidiary three months after the transaction to ensure that everyone is satisfied with the level of services provided.
    3. This is not a quick and completed activity, but one that requires ongoing monitoring. Repeatedly identify potential risks worth mitigating.

    For additional information and support for this activity, see the blueprint Build an IT Risk Management Program.

    4.1.2 Continually update the project plan

    Reoccurring basis following transition

    Input: Prioritized separation tasks, Separation RACI, Activity owners

    Output: Updated separation project plan

    Materials: M&A Separation Project Plan Tool (SharePoint), M&A Separation Project Plan Tool (Excel)

    Participants: IT executive/CIO, IT senior leadership, IT transaction team, Company M&A team

    The purpose of this activity is to ensure that the project plan is continuously updated as your transaction team continues to execute on the various components outlined in the project plan.

    1. Set a regular cadence for the transaction team to meet, update the project plan, review the status of the various separation task items, and strategize how to overcome any roadblocks.
    2. Employ governance best practices in these meetings to ensure decisions can be made effectively and resources allocated strategically.

    Record the updates in the M&A Separation Project Management Tool (SharePoint).

    Record the updates in the M&A Separation Project Management Tool (Excel).

    Execution & Value Realization

    Step 4.2

    Reflection and Value Realization

    Activities

    • 4.2.1 Confirm separation costs
    • 4.2.2 Review IT’s transaction value
    • 4.2.3 Conduct a transaction and separation SWOT
    • 4.2.4 Review the playbook and prepare for future transactions

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Transition team
    • Company M&A team

    Outcomes of Step

    Review the value that IT was able to generate around the transaction and strategize about how to improve future selling or separating transactions.

    4.2.1 Confirm separation costs

    3-4 hours

    Input: Separation tasks, Carve-out roadmap, Transition team, Previous RACI, Estimated separation costs

    Output: Actual separation costs

    Materials: M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Transaction team, Company M&A team

    The purpose of this activity is to confirm the associated costs around separation. While the separation costs would have been estimated previously, it’s important to confirm the costs that were associated with the separation in order to provide an accurate and up-to-date report to the company’s M&A team.

    1. Taking all the original items identified previously in activity 3.2.6, identify if there were changes in the estimated costs. This can be an increase or a decrease.
    2. Ensure that each cost has a justification for why the cost changed from the original estimation.

    Record the results in the M&A Sell Playbook.

    Track cost savings and revenue generation

    Throughout the transaction, the business would have communicated its goals, rationales, and expectations for the transaction. Sometimes this is done explicitly, and other times the information is implicit. Either way, IT needs to ensure that metrics have been defined and are measuring the intended value that the business expects. Ensure that the benefits realized to the organization are being communicated regularly and frequently.

    1. Define Metrics: Select metrics to track synergies through the separation.
      1. You can track value by looking at percentages of improvement in process-level metrics depending on the savings or revenue being pursued.
      2. For example, if the value being pursued is decreasing costs, metrics could range from capacity to output, highlighting that the output remains high despite smaller IT environments.
    2. Prioritize Value-Driving Initiatives: Estimate the cost and benefit of each initiative's implementation to compare the amount of business value to the cost. The benefits and costs should be illustrated at a high level. Estimating the exact dollar value of fulfilling a synergy can be difficult and misleading.
        Steps
      • Determine the benefits that each initiative is expected to deliver.
      • Determine the high-level costs of implementation (capacity, time, resources, effort).
    3. Track Cost Savings and Revenue Generation: Develop a detailed workplan to resource the roadmap and track where costs are saved and revenue is generated as the initiatives are undertaken.

    4.2.2 Review IT’s transaction value

    3-4 hours

    Input: Prioritized separation tasks, Separation RACI, Activity owners, M&A company goals

    Output: Transaction value

    Materials: M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company's M&A team

    The purpose of this activity is to track how your IT organization performed against the originally identified metrics.

    1. If your organization did not have the opportunity to identify metrics, determine from the company M&A what those metrics might be. Review activity 3.2.9 for more information on metrics.
    2. Identify whether the metric (which should support a goal) was at, below, or above the original target metric. This is a very critical task for IT to complete because it allows IT to confirm that they were successful in the transaction and that the business can count on them in future transactions.
    3. Be sure to record accurate and relevant information on why the outcomes (good or bad) are supporting the M&A goals set out by the business.

    Record the results in the M&A Sell Playbook.

    4.2.3 Conduct a transaction and separation SWOT

    2 hours

    Input: Separation costs, Retention rates, Value that IT contributed to the transaction

    Output: Strengths, weaknesses, opportunities, and threats

    Materials: Flip charts, Markers, Sticky notes

    Participants: IT executive/CIO, IT senior leadership, Business transaction team

    The purpose of this activity is to assess the positive and negative elements of the transaction.

    1. Consider the internal and external elements that could have impacted the outcome of the transaction.
      • Strengths. Internal characteristics that are favorable as they relate to your development environment.
      • Weaknesses Internal characteristics that are unfavorable or need improvement.
      • Opportunities External characteristics that you may use to your advantage.
      • Threats External characteristics that may be potential sources of failure or risk.

    Record the results in the M&A Sell Playbook.

    M&A Sell Playbook review

    With an acquisition complete, your IT organization is now more prepared then ever to support the business through future M&As

    • Now that the transaction is more than 80% complete, take the opportunity to review the key elements that worked well and the opportunities for improvement.
    • Critically examine the M&A Sell Playbook your IT organization created and identify what worked well to help the transaction and where your organization could adjust to do better in future transactions.
    • If your organization were to engage in another sale or divestiture under your IT leadership, how would you go about the transaction to make sure the company meets its goals?

    4.2.4 Review the playbook and prepare for future transactions

    4 hours

    Input: Transaction and separation SWOT

    Output: Refined M&A playbook

    Materials: M&A Sell Playbook

    Participants: IT executive/CIO

    The purpose of this activity is to revise the playbook and ensure it is ready to go for future transactions.

    1. Using the outputs from the previous activity, 4.2.3, determine what strengths and opportunities there were that should be leveraged in the next transaction.
    2. Likewise, determine which threats and weaknesses could be avoided in the future transactions.
      Remember, this is your M&A Sell Playbook, and it should reflect the most successful outcome for you in your organization.

    Record the results in the M&A Sell Playbook.

    By the end of this post-transaction phase you should:

    Have completed the separation post-transaction and be fluidly delivering the critical value that the business expected of IT.

    Key outcomes from the Execution & Value Realization phase
    • Ensure the separation tasks are being completed and that any blockers related to the transaction are being removed.
    • Determine where IT was able to realize value for the business and demonstrate IT’s involvement in meeting target goals.
    Key deliverables from the Execution & Value Realization phase
    • Monitor service agreements
    • Continually update the project plan
    • Confirm separation costs
    • Review IT’s transaction value
    • Conduct a transaction and separation SWOT
    • Review the playbook and prepare for future transactions

    Summary of Accomplishment

    Problem Solved

    Congratulations, you have completed the M&A Sell Blueprint!

    Rather than reacting to a transaction, you have been proactive in tackling this initiative. You now have a process to fall back on in which you can be an innovative IT leader by suggesting how and why the business should engage in a separation or sale transaction. You have:

    • Created a standardized approach for how your IT organization should address divestitures or sales.
    • Retained critical staff and complied with any regulations throughout the transaction.
    • Delivered on the separation project plan successfully and communicated IT’s transaction value to the business.

    Now that you have done all of this, reflect on what went well and what can be improved if you were to engage in a similar divestiture or sale again.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information
    workshops@infotech.com 1-888-670-8899

    Research Contributors and Experts

    Ibrahim Abdel-Kader
    Research Analyst | CIO
    Info-Tech Research Group     		Brittany Lutes
    Senior Research Analyst | CIO
    Info-Tech Research Group
    John Annand
    Principal Research Director | Infrastructure
    Info-Tech Research Group     		Scott Bickley
    Principal Research Director | Vendor Management
    Info-Tech Research Group
    Cole Cioran
    Practice Lead | Applications
    Info-Tech Research Group     		Dana Daher
    Research Analyst | Strategy & Innovation
    Info-Tech Research Group
    Eric Dolinar
    Manager | M&A Consulting
    Deloitte Canada     		Christoph Egel
    Director, Solution Design & Deliver
    Cooper Tire & Rubber Company
    Nora Fisher
    Vice President | Executive Services Advisory
    Info-Tech Research Group     		Larry Fretz
    Vice President | Industry
    Info-Tech Research Group

    Research Contributors and Experts

    David Glazer
    Vice President of Analytics
    Kroll     		Jack Hakimian
    Senior Vice President | Workshops and Delivery
    Info-Tech Research Group
    Gord Harrison
    Senior Vice President | Research & Advisory
    Info-Tech Research Group     		Valence Howden
    Principal Research Director | CIO
    Info-Tech Research Group
    Jennifer Jones
    Research Director | Industry
    Info-Tech Research Group     		Nancy McCuaig
    Senior Vice President | Chief Technology and Data Office
    IGM Financial Inc.
    Carlene McCubbin
    Practice Lead | CIO
    Info-Tech Research Group     		Kenneth McGee
    Research Fellow | Strategy & Innovation
    Info-Tech Research Group
    Nayma Naser
    Associate
    Deloitte     		Andy Neill
    Practice Lead | Data & Analytics, Enterprise Architecture
    Info-Tech Research Group

    Research Contributors and Experts

    Rick Pittman
    Vice President | Research
    Info-Tech Research Group     		Rocco Rao
    Research Director | Industry
    Info-Tech Research Group
    Mark Rosa
    Senior Vice President & Chief Information Officer
    Mohegan Gaming and Entertainment     		Tracy-Lynn Reid
    Research Lead | People & Leadership
    Info-Tech Research Group
    Jim Robson
    Senior Vice President | Shared Enterprise Services (retired)
    Great-West Life     		Steven Schmidt
    Senior Managing Partner Advisory | Executive Services
    Info-Tech Research Group
    Nikki Seventikidis
    Senior Manager | Finance Initiative & Continuous Improvement
    CST Consultants Inc.     		Allison Straker
    Research Director | CIO
    Info-Tech Research Group
    Justin Waelz
    Senior Network & Systems Administrator
    Info-Tech Research Group     		Sallie Wright
    Executive Counselor
    Info-Tech Research Group

    Bibliography

    “5 Ways for CIOs to Accelerate Value During Mergers and Acquisitions.” Okta, n.d. Web.

    Altintepe, Hakan. “Mergers and acquisitions speed up digital transformation.” CIO.com, 27 July 2018. Web.

    “America’s elite law firms are booming.” The Economist, 15 July 2021. Web.

    Barbaglia, Pamela, and Joshua Franklin. “Global M&A sets Q1 record as dealmakers shape post-COVID world.” Nasdaq, 1 April 2021. Web.

    Boyce, Paul. “Mergers and Acquisitions Definition: Types, Advantages, and Disadvantages.” BoyceWire, 8 Oct. 2020. Web.

    Bradt, George. “83% Of Mergers Fail -- Leverage A 100-Day Action Plan For Success Instead.” Forbes, 27 Jan. 2015. Web.

    Capgemini. “Mergers and Acquisitions: Get CIOs, IT Leaders Involved Early.” Channel e2e, 19 June 2020. Web.

    Chandra, Sumit, et al. “Make Or Break: The Critical Role Of IT In Post-Merger Integration.” IMAA Institute, 2016. Web.

    Deloitte. “How to Calculate Technical Debt.” The Wall Street Journal, 21 Jan. 2015. Web.

    Ernst & Young. “IT As A Driver Of M&A Success.” IMAA Institute, 2017. Web.

    Fernandes, Nuno. “M&As In 2021: How To Improve The Odds Of A Successful Deal.” Forbes, 23 March 2021. Web.

    “Five steps to a better 'technology fit' in mergers and acquisitions.” BCS, 7 Nov. 2019. Web.

    Fricke, Pierre. “The Biggest Opportunity You’re Missing During an M&Aamp; IT Integration.” Rackspace, 4 Nov. 2020. Web.

    Garrison, David W. “Most Mergers Fail Because People Aren't Boxes.” Forbes, 24 June 2019. Web.

    Harroch, Richard. “What You Need To Know About Mergers & Acquisitions: 12 Key Considerations When Selling Your Company.” Forbes, 27 Aug. 2018. Web.

    Hope, Michele. “M&A Integration: New Ways To Contain The IT Cost Of Mergers, Acquisitions And Migrations.” Iron Mountain, n.d. Web.

    “How Agile Project Management Principles Can Modernize M&A.” Business.com, 13 April 2020. Web.

    Hull, Patrick. “Answer 4 Questions to Get a Great Mission Statement.” Forbes, 10 Jan. 2013. Web.

    Kanter, Rosabeth Moss. “What We Can Learn About Unity from Hostile Takeovers.” Harvard Business Review, 12 Nov. 2020. Web.

    Koller, Tim, et al. “Valuation: Measuring and Managing the Value of Companies, 7th edition.” McKinsey & Company, 2020. Web.

    Labate, John. “M&A Alternatives Take Center Stage: Survey.” The Wall Street Journal, 30 Oct. 2020. Web.

    Lerner, Maya Ber. “How to Calculate ROI on Infrastructure Automation.” DevOps.com, 1 July 2020. Web.

    Loten, Angus. “Companies Without a Tech Plan in M&A Deals Face Higher IT Costs.” The Wall Street Journal, 18 June 2019. Web.

    Low, Jia Jen. “Tackling the tech integration challenge of mergers today” Tech HQ, 6 Jan. 2020. Web.

    Lucas, Suzanne. “5 Reasons Turnover Should Scare You.” Inc. 22 March 2013. Web.

    “M&A Trends Survey: The future of M&A. Deal trends in a changing world.” Deloitte, Oct. 2020. Web.

    Maheshwari, Adi, and Manish Dabas. “Six strategies tech companies are using for successful divesting.” EY, 1 Aug. 2020. Web.

    Majaski, Christina. “Mergers and Acquisitions: What's the Difference?” Investopedia, 30 Apr. 2021.

    “Mergers & Acquisitions: Top 5 Technology Considerations.” Teksetra, 21 Jul. 2020. Web.

    “Mergers Acquisitions M&A Process.” Corporate Finance Institute, n.d. Web.

    “Mergers and acquisitions: A means to gain technology and expertise.” DLA Piper, 2020. Web.

    Nash, Kim S. “CIOs Take Larger Role in Pre-IPO Prep Work.” The Wall Street Journal, 5 March 2015. Web.

    O'Connell, Sean, et al. “Divestitures: How to Invest for Success.” McKinsey, 1 Aug. 2015. Web

    Paszti, Laila. “Canada: Emerging Trends In Information Technology (IT) Mergers And Acquisitions.” Mondaq, 24 Oct. 2019. Web.

    Patel, Kiison. “The 8 Biggest M&A Failures of All Time” Deal Room, 9 Sept. 2021. Web.

    Peek, Sean, and Paula Fernandes. “What Is a Vision Statement?” Business News Daily, 7 May 2020. Web.

    Ravid, Barak. “How divestments can re-energize the technology growth story.” EY, 14 July 2021. Web.

    Ravid, Barak. “Tech execs focus on growth amid increasingly competitive M&A market.” EY, 28 April 2021. Web.

    Resch, Scott. “5 Questions with a Mergers & Acquisitions Expert.” CIO, 25 June 2019. Web.

    Salsberg, Brian. “Four tips for estimating one-time M&A integration costs.” EY, 17 Oct. 2019. Web.

    Samuels, Mark. “Mergers and acquisitions: Five ways tech can smooth the way.” ZDNet, 15 Aug. 2018. Web.

    “SAP Divestiture Projects: Options, Approach and Challenges.” Cognizant, May, 2014. Web.

    Steeves, Dave. “7 Rules for Surviving a Merger & Acquisition Technology Integration.” Steeves and Associates, 5 Feb. 2020. Web.

    Tanaszi, Margaret. “Calculating IT Value in Business Terms.” CSO, 27 May 2004. Web.

    “The CIO Playbook. Nine Steps CIOs Must Take For Successful Divestitures.” SNP, 2016. Web.

    “The Role of IT in Supporting Mergers and Acquisitions.” Cognizant, Feb. 2015. Web.

    Torres, Roberto. “M&A playbook: How to prepare for the cost, staff and tech hurdles.” CIO Dive, 14 Nov. 2019. Web.

    “Valuation Methods.” Corporate Finance Institute, n.d. Web.

    Weller, Joe. “The Ultimate Guide to the M&A Process for Buyers and Sellers.” Smartsheet, 16 May 2019. Web.

    Create a Game Plan to Implement Cloud Backup the Right Way

    • Buy Link or Shortcode: {j2store}469|cart{/j2store}
    • member rating overall impact: 7.0/10 Overall Impact
    • member rating average dollars saved: $2,000 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Storage & Backup Optimization
    • Parent Category Link: /storage-and-backup-optimization
    • Cloud adoption is frequently driven by hype rather than careful consideration of the best-fit solution.
    • IT is frequently rushed into cloud adoption without appropriate planning.
    • Organizations frequently lack appropriate strategies to deal with cloud-specific backup challenges.
    • Insufficient planning for cloud backup can exacerbate problems rather than solving them, leading to poor estimates of the cost and effort involved, budget overruns, and failure to meet requirements.

    Our Advice

    Critical Insight

    • The cloud isn’t a magic bullet, but it tends to deliver the most value to organizations with specific use cases – frequently smaller organizations who are looking to avoid the cost of building or upgrading a data center.
    • Cloud backup does not necessarily reduce backup costs so much as it moves them around. Cloud backup distributes costs over a longer term. Organizations need to compare the difference in CAPEX and OPEX to determine if making the move makes financial sense.
    • The cloud can deliver a great deal of value for organizations who are looking to reduce the operational effort demanded by an existing tape library for second- or third-tier backups.
    • Data security risks in some cases may be overstated, depending on what on-premises security is available. However, targeting backup to the cloud introduces other risks that need to be considered before implementation is given the green light.

    Impact and Result

    • Understand if cloud backup is the right solution for actual organizational needs.
    • Make an informed decision about targeting backup to the cloud by considering the big picture TCO and effort level involved in adoption.
    • Have a ready strategy to mitigate the most common challenges with cloud adoption projects.
    • Develop a roadmap that lays out the required step-by-step to implement cloud backup.

    Create a Game Plan to Implement Cloud Backup the Right Way Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand the benefits and risks of targeting backups to the cloud

    Build a plan to mitigate the risks associated with backing data up in the cloud.

    • Storyboard: Create a Game Plan to Implement Cloud Backup the Right Way

    2. Determine if the cloud can meet the organization's data requirements

    Assess if the cloud is a good fit for your organization’s backup data.

    • Cloud Backup Implementation Game Plan Tool

    3. Mitigate the Challenges of Backing Up to the Cloud

    Build a cloud challenge contingency plan.

    4. Build a Cloud Backup Implementation Roadmap

    Perform a gap analysis to determine cloud backup implementation initiatives.

    Infographic

    Workshop: Create a Game Plan to Implement Cloud Backup the Right Way

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Evaluate the business case for targeting backup at the cloud

    The Purpose

    Understand how cloud backup will affect backup and recovery processes

    Determine backup and recovery objectives

    Assess the value proposition of cloud backup

    Key Benefits Achieved

    A high-level understanding of the benefits of moving to cloud backup

    A best-fit analysis of cloud backup in comparison to organizational needs

    Activities

    1.1 Document stakeholder goals for cloud backup

    1.2 Document present backup processes

    1.3 Document ideal backup processes

    1.4 Review typical benefits of cloud backup

    Outputs

    Documented stakeholder goals

    Current backup process diagrams

    Ideal backup process diagram

    2 Identify candidate data sets and assess opportunities and readiness

    The Purpose

    Identify candidate data sets for cloud-based backup

    Determine RPOs and RTOs for candidate data sets

    Identify potential value specific to each data set for targeting backup at the cloud

    Evaluate organizational readiness for targeting backup at the cloud

    Key Benefits Achieved

    Documented recovery objectives

    Recommendations for cloud backup based on actual organizational needs and readiness

    Activities

    2.1 Document candidate data sets

    2.2 Determine recovery point and recovery time objectives for candidate data sets

    2.3 Identify potential value of cloud-based backup for candidate data sets

    2.4 Discuss the risk and value of cloud-based backup versus an on-premises solution

    2.5 Evaluate organizational readiness for cloud backup

    2.6 Identify data sets to move to the cloud

    Outputs

    Validated list of candidate data sets

    Specific RPOs and RTOs for core data sets

    An assessment of the value of cloud backup for data sets

    A tool-based recommendation for moving backups to the cloud

    3 Mitigate the challenges of backing up to the cloud

    The Purpose

    Understand different cloud provider models and their specific risks

    Identification of how cloud backup will affect IT infrastructure and personnel

    Strategize ways to mitigate the most common challenges of implementing cloud backup

    Understand the client/vendor relationship in cloud backup

    Understand the affect of cloud backup on data security

    Key Benefits Achieved

    Verified best-fit cloud provider model for organizational needs

    Verified strategy for meeting the most common challenges for cloud-based backup

    A strong understanding of how cloud backup will change IT

    Strategies for approaching vendors to ensure a strong footing in negotiations and clear expectations for the client/vendor relationship

    Activities

    3.1 Discuss the impact of cloud backup on infrastructure and IT environment

    3.2 Create a cloud backup risk contingency plan

    3.3 Document compliance and security regulations

    3.4 Identify client and vendor responsibilities for cloud backup

    3.5 Discuss and document the impact of cloud backup on IT roles and responsibilities

    3.6 Compile a list of implementation intiatives

    3.7 Evaluate the financial case for cloud backup

    Outputs

    Cloud risk assessment

    Documented contingency strategies for probabe risks

    Negotiation strategies for dealing with vendors

    A committed go/no-go decision on the value of cloud backup weighted against the effort of implementation

    4 Build a cloud backup implementation roadmap

    The Purpose

    Create a road map for implementing cloud backup

    Key Benefits Achieved

    Determine any remaining gaps between the present state and the ideal state for cloud backup

    Understand the steps and time frame for implementing cloud backup

    Allocate roles and responsibilities for the implementation intitiative

    A validated implementation road map

    Activities

    4.1 Perform a gap analysis to generate a list of implementation intiatives

    4.2 Prioritize cloud backup initiatives

    4.3 Assess risks and dependencies for critical implementation initiatives

    4.4 Assign ownership over implementation tasks

    4.5 Determine road map time frame and structure

    4.6 Populate the roadmap with cloud backup initiatives

    Outputs

    A validated gap analysis

    A prioritized list of cloud backup initiatives

    Documented dependencies and risks associated with implementation tasks

    A roadmap for targeting backups at the cloud

    Identify and Manage Security Risk Impacts on Your Organization

    • Buy Link or Shortcode: {j2store}221|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • More than any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.
    • A new global change will impact your organization at any given time. Ensure that you monitor threats appropriately and that your plans are flexible enough to manage the inevitable consequences.

    Our Advice

    Critical Insight

    • Identifying and managing a vendor’s potential security risk impacts on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes could introduce new risks.
    • Organizational leadership is often taken unaware during crises, and their plans lack the flexibility needed to adjust to significant market upheavals and surprise incidents.

    Impact and Result

    • Vendor management practices educate organizations on the potential risks from vendors in your market and suggest creative and alternative ways to avoid and manage them.
    • Prioritize and classify your vendors with quantifiable, standardized rankings.
    • Prioritize focus on your high-risk vendors.
    • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts with our Security Risk Impact Tool.

    Identify and Manage Security Risk Impacts on Your Organization Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and Manage Security Risk Impacts on Your Organization Deck – Use the research to better understand the negative impacts of vendor actions on your security.

    Use this research to identify and quantify the potential security impacts caused by vendors. Use Info-Tech’s approach to look at the security impacts from various perspectives to better prepare for issues that may arise.

    • Identify and Manage Security Risk Impacts on Your Organization Storyboard

    2. Security Risk Impact Tool – Use this tool to help identify and quantify the security impacts of negative vendor actions.

    By playing the “what if” game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    • Security Risk Impact Tool
    [infographic]

    Further reading

    Identify and Manage Security Risk Impacts on Your Organization

    Know where the attacks are coming from so you know where to protect.

    Analyst perspective

    It is time to start looking at risk realistically and move away from “trust but verify” toward zero trust.

    Frank Sewell, Research Director, Vendor Management

    Frank Sewell,
    Research Director, Vendor Management
    Info-Tech Research Group

    We are inundated with a barrage of news about security incidents on what seems like a daily basis. In such an environment, it is easy to forget that there are ways to help prevent such things from happening and that they have actual costs if we relax our diligence.

    Most people are aware of defense strategies that help keep their organization safe from direct attack and inside threats. Likewise, they expect their trusted partners to perform the same diligence. Unfortunately, as more organizations use cloud service vendors, the risks with n-party vendors are increasing.

    Over the last few years, we have learned the harsh lesson that downstream attacks affect more businesses than we ever expected as suppliers, manufacturers of base goods and materials, and rising transportation costs affect the global economy.

    “Trust but verify” – while a good concept – should give way to the more effective zero-trust model in favor of knowing it’s not a matter of if an incident happens but when.

    Executive Summary

    Your Challenge

    More than any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.

    A new global change will impact your organization at any given time. Ensure that you monitor threats appropriately and that your plans are flexible enough to manage the inevitable consequences.

    Common Obstacles

    Identifying and managing a vendor’s potential security risk impacts on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes could introduce new risks.

    Organizational leadership is often taken unaware during crises, and their plans lack the flexibility needed to adjust to significant market upheavals and surprise incidents.

    Info-Tech’s Approach

    Vendor management practices educate organizations on the potential risks from vendors in your market and suggest creative and alternative ways to avoid and manage them.

    Prioritize and classify your vendors with quantifiable, standardized rankings.

    Prioritize focus on your high-risk vendors.

    Standardize your processes for identifying and monitoring vendor risks to manage potential impacts with our Security Risk Impact Tool.

    Info-Tech Insight
    Organizations must evolve their security risk assessments to be more adaptive to respond to global changes in the market. Ongoing monitoring of third-party vendor risks and holding those vendors accountable throughout the vendor lifecycle are critical to preventing disastrous impacts.

    Info-Tech’s multi-blueprint series on vendor risk assessment

    There are many individual components of vendor risk beyond cybersecurity.

    Multi-blueprint series on vendor risk assessment

    This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.

    Out of Scope:
    This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.

    Security risk impacts

    Potential losses to the organization due to security incidents

    • In this blueprint we’ll explore security risks, particularly from third-party vendors, and their impacts.
    • Identify potentially disruptive events to assess the overall impact on organizations and implement adaptive measures to correct security plans.

    The world is constantly changing

    The IT market is constantly reacting to global influences. By anticipating changes, leaders can set expectations and work with their vendors to accommodate them.

    When the unexpected happens, being able to adapt quickly to new priorities ensures continued long-term business success.

    Below are some things no one expected to happen in the last few years:

    62% 83% 84%
    Ransomware attacks spiked 62% globally (and 158% in North America alone). 83% of companies increased organizational focus on third-party risk management in 2020. In a 2020 survey, 84% of organizations reported having experienced a third-party incident in the last three years.
    One Trust, 2022 Help Net Security, 2021 Deloitte, 2020

    Identify and manage security risk impacts on your organization

    Identify and manage security risk impacts on your organization

    Due diligence will enable successful outcomes.

    What is third-party risk?

    Third-Party Vendor: Anyone who provides goods or services to a company or individual in exchange for payment transacted with electronic instructions (Law Insider).

    Third-Party Risk: The potential threat presented to organizations’ employee and customer data, financial information, and operations from the organization’s supply chain and other outside parties that provide products and/or services and have access to privileged systems (Awake Security).

    It is essential to know not only who your vendors are but also who their vendors are (n-party vendors). Organizations often overlook that their vendors rely on others to support their business, and those layers can add risk to your organization.

    Identify and manage security risks

    Global Pandemic

    Very few people could have predicted that a global pandemic would interrupt business on the scale experienced today. Organizations should look at their lessons learned and incorporate adaptable preparations into their security planning and ongoing monitoring moving forward.

    Vendor Breaches

    The IT market is an ever-shifting environment; more organizations are relying on cloud service vendors, staff augmentation, and other outside resources. Organizations should hold these vendors (and their downstream vendors) to the same levels of security and standards of conduct that they hold their internal resources.

    Resource Shortages

    A lack of resources is often overlooked, but it’s easily recognized as a reason for a security incident. All too often, companies are unwilling to dedicate resources to their vendors’ security risk assessment and ongoing monitoring needs. Only once an incident occurs do companies decide it is time to reprioritize.

    Engineer Your Event Management Process

    • Buy Link or Shortcode: {j2store}461|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management

    Build an event management practice that is situated in the larger service management environment. Purposefully choose valuable events to track and predefine their associated actions to cut down on data clutter.

    Our Advice

    Critical Insight

    Event management is useless in isolation. The goals come from the pain points of other ITSM practices. Build handoffs to other service management practices to drive the proper action when an event is detected.

    Impact and Result

    Create a repeatable framework to define monitored events, their root cause, and their associated action. Record your monitored events in a catalog to stay organized.

    Engineer Your Event Management Process Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Engineer Your Event Management Deck – A step-by-step document that walks you through how to choose meaningful, monitored events to track and action.

    Engineer your event management practice with tracked events informed by the business impact of the related systems, applications, and services. This storyboard will help you properly define and catalog events so you can properly respond when alerted.

    • Engineer Your Event Management Process – Phases 1-3

    2. Event Management Cookbook – A guide to help you walk through every step of scoping event management and defining every event you track in your IT environment.

    Use this tool to define your workflow for adding new events to track. This cookbook includes the considerations you need to include for every tracked event as well as the roles and responsibilities of those involved with event management.

    • Event Management Cookbook

    3. Event Management Catalog – Using the Event Management Cookbook as a guide, record all your tracked events in the Event Management Catalog.

    Use this tool to record your tracked events and alerts in one place. This catalog allows you to record the rationale, root-cause, action, and data governance for all your monitored events.

    • Event Management Catalog

    4. Event Management Workflow – Define your event management handoffs to other service management practices.

    Use this template to help define your event management handoffs to other service management practices including change management, incident management, and problem management.

    • Event Management Workflow (Visio)
    • Event Management Workflow (PDF)

    5. Event Management Roadmap – Implement and continually improve upon your event management practice.

    Use this tool to implement and continually improve upon your event management process. Record, prioritize, and assign your action items from the event management blueprint.

    • Event Management Roadmap
    [infographic]

    Workshop: Engineer Your Event Management Process

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Situate Event Management in Your Service Management Environment

    The Purpose

    Determine goals and challenges for event management and set the scope to business-critical systems.

    Key Benefits Achieved

    Defined system scope of Event Management

    Roles and responsibilities defined

    Activities

    1.1 List your goals and challenges

    1.2 Monitoring and event management RACI

    1.3 Abbreviated business impact analysis

    Outputs

    Event Management RACI (as part of the Event Management Cookbook)

    Abbreviated BIA (as part of the Event Management Cookbook)

    2 Define Your Event Management Scope

    The Purpose

    Define your in-scope configuration items and their operational conditions

    Key Benefits Achieved

    Operational conditions, related CIs and dependencies, and CI thresholds defined

    Activities

    2.1 Define operational conditions for systems

    2.2 Define related CIs and dependencies

    2.3 Define conditions for CIs

    2.4 Perform root-cause analysis for complex condition relationships

    2.5 Set thresholds for CIs

    Outputs

    Event Management Catalog

    3 Define Thresholds and Actions

    The Purpose

    Pre-define actions for every monitored event

    Key Benefits Achieved

    Thresholds and actions tied to each monitored event

    Activities

    3.1 Set thresholds to monitor

    3.2 Add actions and handoffs to event management

    Outputs

    Event Catalog

    Event Management Workflows

    4 Start Monitoring and Implement Event Management

    The Purpose

    Effectively implement event management

    Key Benefits Achieved

    Establish an event management roadmap for implementation and continual improvement

    Activities

    4.1 Define your data policy for event management

    4.2 Identify areas for improvement and establish an implementation plan

    Outputs

    Event Catalog

    Event Management Roadmap

    Further reading

    Engineer Your Event Management Process

    Track monitored events purposefully and respond effectively.

    EXECUTIVE BRIEF

    Analyst Perspective

    Event management is useless in isolation.

    Event management creates no value when implemented in isolation. However, that does not mean event management is not valuable overall. It must simply be integrated properly in the service management environment to inform and drive the appropriate actions.

    Every step of engineering event management, from choosing which events to monitor to actioning the events when they are detected, is a purposeful and explicit activity. Ensuring that event management has open lines of communication and actions tied to related practices (e.g. problem, incident, and change) allows efficient action when needed.

    Catalog your monitored events using a standardized framework to allow you to know:

    1. The value of tracking the event.
    2. The impact when the event is detected.
    3. The appropriate, right-sized reaction when the event is detected.
    4. The tool(s) involved in tracking the event.

    Properly engineering event management allows you to effectively monitor and understand your IT environment and bolster the proactivity of the related service management practices.

    Benedict Chang

    Benedict Chang
    Research Analyst, Infrastructure & Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Strive for proactivity. Implement event management to reduce response times of technical teams to solve (potential) incidents when system performance degrades.

    Build an integrated event management practice where developers, service desk, and operations can all rely on event logs and metrics.

    Define the scope of event management including the systems to track, their operational conditions, related configuration items (CIs), and associated actions of the tracked events.

    Common Obstacles

    Managed services, subscription services, and cloud services have reduced the traditional visibility of on- premises tools.

    System(s) complexity and integration with the above services has increased, making true cause and effect difficult to ascertain.

    Info-Tech’s Approach

    Clearly define a limited number of operational objectives that may benefit from event management.

    Focus only on the key systems whose value is worth the effort and expense of implementing event management.

    Understand what event information is available from the CIs of those systems and map those against your operational objectives.

    Write a data retention policy that balances operational, audit, and debugging needs against cost and data security needs.

    Info-Tech Insight

    More is NOT better. Even in an AI-enabled world, every event must be collected with a specific objective in mind. Defining the purpose of each tracked event will cut down on data clutter and response time when events are detected.

    Your challenge

    This research is designed to help organizations who are facing these challenges or looking to:

    • Build an event management practice that is situated in the larger service management environment.
    • Purposefully choose events and to track as well as their related actions based on business-critical systems, their conditions, and their related CIs.
    • Cut down on the clutter of current events tracked.
    • Create a framework to add new events when new systems are onboarded.

    33%

    In 2020, 33% of organizations listed network monitoring as their number one priority for network spending. 27% of organizations listed network monitoring infrastructure as their number two priority.
    Source: EMA, 2020; n=350

    Common obstacles

    These barriers make this challenge difficult to address for many organizations:

    • Many organizations have multiple tools across multiple teams and departments that track the current state of infrastructure, making it difficult to consolidate event management into a single practice.
    • Managed services, subscription services, and cloud services have reduced the traditional visibility of on-premises tools
    • System(s) complexity and integration with the above services has increased, making true cause and effect difficult to ascertain.

    Build event management to bring value to the business

    33%

    33% of all IT organizations reported that end users detected and reported incidents before the network operations team was aware of them.
    Source: EMA, 2020; n=350

    64%

    64% of enterprises use 4-10 monitoring tools to troubleshoot their network.
    Source: EMA, 2020; n=350

    Info-Tech’s approach

    Choose your events purposefully to avoid drowning in data.

    A funnel is depicted. along the funnel are the following points: Event Candidates: 1. System Selection by Business Impact; 2. System Decomposition; 3. Event Selection and Thresholding; 4. Event Action; 5. Data Management; Valuable, Monitored, and Actioned Events

    The Info-Tech difference:

    1. Start with a list of your most business-critical systems instead of data points to measure.
    2. Decompose your business-critical systems into their configuration items. This gives you a starting point for choosing what to measure.
    3. Choose your events and label them as notifications, warnings, or exceptions. Choose the relevant thresholds for each CI.
    4. Have a pre-defined action tied to each event. That action could be to log the datapoint for a report or to open an incident or problem ticket.
    5. With your event catalog defined, choose how you will measure the events and where to store the data.

    Event management is useless in isolation

    Define how event management informs other management practices.

    Logging, Archiving, and Metrics

    Monitoring and event management can be used to establish and analyze your baseline. The more you know about your system baselines, the easier it will be to detect exceptions.

    Change Management

    Events can inform needed changes to stay compliant or to resolve incidents and problems. However, it doesn’t mean that changes can be implemented without the proper authorization.

    Automatic Resolution

    The best use case for event management is to detect and resolve incidents and problems before end users or IT are even aware.

    Incident Management

    Events sitting in isolation are useless if there isn’t an effective way to pass potential tickets off to incident management to mitigate and resolve.

    Problem Management

    Events can identify problems before they become incidents. However, you must establish proper data logging to inform problem prioritization and actioning.

    Info-Tech’s methodology for Engineering Your Event Management Process

    1. Situate Event Management in Your Service Management Environment 2. Define Your Monitoring Thresholds and Accompanying Actions 3. Start Monitoring and Implement Event Management

    Phase Steps

    1.1 Set Operational and Informational Goals

    1.2 Scope Monitoring and States of Interest

    2.1 Define Conditions and Related CIs

    2.2 Set Monitoring Thresholds and Alerts

    2.3 Action Your Events

    3.1 Define Your Data Policy

    3.2 Define Future State

    Event Cookbook

    Event Catalog

    Phase Outcomes

    Monitoring and Event Management RACI

    Abbreviated BIA

    Event Workflow

    Event Management Roadmap

    Insight summary

    Event management is useless in isolation.

    The goals come from the pain points of other ITSM practices. Build handoffs to other service management practices to drive the proper action when an event is detected.

    Start with business intent.

    Trying to organize a catalog of events is difficult when working from the bottom up. Start with the business drivers of event management to keep the scope manageable.

    Keep your signal-to-noise ratio as high as possible.

    Defining tracked events with their known conditions, root cause, and associated actions allows you to be proactive when events occur.

    Improve slowly over time.

    Start small if need be. It is better and easier to track a few items with proper actions than to try to analyze events as they occur.

    More is NOT better. Avoid drowning in data.

    Even in an AI-enabled world, every event must be collected with a specific objective in mind. Defining the purpose of each tracked event will cut down on data clutter and response time when events are detected.

    Add correlations in event management to avoid false positives.

    Supplement the predictive value of a single event by aggregating it with other events.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverable:

    This is a screenshot of the Event Management Cookbook

    Event Management Cookbook
    Use the framework in the Event Management Cookbook to populate your event catalog with properly tracked and actioned events.

    This is a screenshot of the Event Management RACI

    Event Management RACI
    Define the roles and responsibilities needed in event management.

    This is a screenshot of the event management workflow

    Event Management Workflow
    Define the lifecycle and handoffs for event management.

    This is a screenshot of the Event Catalog

    Event Catalog
    Consolidate and organize your tracked events.

    This is a screenshot of the Event Roadmap

    Event Roadmap
    Roadmap your initiatives for future improvement.

    Blueprint benefits

    IT Benefits

    • Provide a mechanism to compare operating performance against design standards and SLAs.
    • Allow for early detection of incidents and escalations.
    • Promote timely actions and ensure proper communications.
    • Provide an entry point for the execution of service management activities.
    • Enable automation activity to be monitored by exception
    • Provide a basis for service assurance, reporting and service improvements.

    Business Benefits

    • Less overall downtime via earlier detection and resolution of incidents.
    • Better visibility into SLA performance for supplied services.
    • Better visibility and reporting between IT and the business.
    • Better real-time and overall understanding of the IT environment.

    Case Study

    An event management script helped one company get in front of support calls.

    INDUSTRY - Research and Advisory

    SOURCE - Anonymous Interview

    Challenge

    One staff member’s workstation had been infected with a virus that was probing the network with a wide variety of usernames and passwords, trying to find an entry point. Along with the obvious security threat, there existed the more mundane concern that workers occasionally found themselves locked out of their machine and needed to contact the service desk to regain access.

    Solution

    The system administrator wrote a script that runs hourly to see if there is a problem with an individual’s workstation. The script records the computer's name, the user involved, the reason for the password lockout, and the number of bad login attempts. If the IT technician on duty notices a greater than normal volume of bad password attempts coming from a single account, they will reach out to the account holder and inquire about potential issues.

    Results

    The IT department has successfully proactively managed two distinct but related problems: first, they have prevented several instances of unplanned work by reaching out to potential lockouts before they receive an incident report. They have also successfully leveraged event management to probe for indicators of a security threat before there is a breach.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2: Introduce the Cookbook and explore the business impact analysis.

    Call #4: Define operational conditions.

    Call #6: Define actions and related practices.

    Call #8: Identify and prioritize improvements.

    Call #3: Define system scope and related CIs/ dependencies.

    Call #5: Define thresholds and alerts.

    Call #7: Define data policy.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 6 to 12 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5
    Situate Event Management in Your Service Management Environment Define Your Event Management Scope Define Thresholds and Actions Start Monitoring and Implement Event Management Next Steps and Wrap-Up (offsite)

    Activities

    1.1 3.1 Set Thresholds to Monitor

    3.2 Add Actions and Handoffs to Event Management

    Introductions

    1.2 Operational and Informational Goals and Challenges

    1.3 Event Management Scope

    1.4 Roles and Responsibilities

    2.1 Define Operational Conditions for Systems

    2.2 Define Related CIs and Dependencies

    2.3 Define Conditions for CIs

    2.4 Perform Root-Cause Analysis for Complex Condition Relationships

    2.4 Set Thresholds for CIs

    3.1 Set Thresholds to Monitor

    3.2 Add Actions and Handoffs to Event Management

    4.1 Define Your Data Policy for Event Management

    4.2 Identify Areas for Improvement and Future Steps

    4.3 Summarize Workshop

    5.1 Complete In-Progress Deliverables From Previous Four Days

    5.2 Set Up Review Time for Workshop Deliverables and to Discuss Next Steps

    Deliverables
    1. Monitoring and Event Management RACI (as part of the Event Management Cookbook)
    2. Abbreviated BIA (as part of the Event Management Cookbook)
    3. Event Management Cookbook
    1. Event Management Catalog
    1. Event Management Catalog
    2. Event Management Workflows
    1. Event Management Catalog
    2. Event Management Roadmap
    1. Workshop Summary

    Phase 1

    Situate Event Management in Your Service Management Environment

    Phase 1 Phase 2 Phase 3

    1.1 Set Operational and Informational Goals
    1.2 Scope Monitoring and Event Management Using Business Impact

    2.1 Define Conditions and Related CIs
    2.2 Set Monitoring Thresholds and Alerts
    2.3 Action Your Events

    3.1 Define Your Data Policy
    3.2 Set Your Future of Event Monitoring

    Engineer Your Event Management Process

    This phase will walk you through the following activities:

    1.1.1 List your goals and challenges

    1.1.2 Build a RACI chart for event management

    1.2.1 Set your scope using business impact

    This phase involves the following participants:

    Infrastructure management team

    IT managers

    Step 1.1

    Set Operational and Informational Goals

    Activities

    1.1.1 List your goals and challenges

    1.1.2 Build a RACI chart for event management

    Situate Event Management in Your Service Management Environment

    This step will walk you through the following activities:

    Set the overall scope of event management by defining the governing goals. You will also define who is involved in event management as well as their responsibilities.

    This step involves the following participants:

    Infrastructure management team

    IT managers

    Outcomes of this step

    Define the goals and challenges of event management as well as their data proxies.

    Have a RACI matrix to define roles and responsibilities in event management.

    Situate event management among related service management practices

    This image depicts the relationship between Event Management and related service management practices.

    Event management needs to interact with the following service management practices:

    • Incident Management – Event management can provide early detection and/or prevention of incidents.
    • Availability and Capacity Management – Event management helps detect issues with availability and capacity before they become an incident.
    • Problem Management – The data captured in event management can aid in easier detection of root causes of problems.
    • Change Management – Event management can function as the rationale behind needed changes to fix problems and incidents.

    Consider both operational and informational goals for event management

    Event management may log real-time data for operational goals and non-real time data for informational goals

    Event Management

    Operational Goals (real-time)

    Informational Goals (non-real time)

    Incident Response & Prevention

    Availability Scaling

    Availability Scaling

    Modeling and Testing

    Investigation/ Compliance

    • Knowing what the outcomes are expected to achieve helps with the design of that process.
    • A process targeted to fewer outcomes will generally be less complex, easier to adhere to, and ultimately, more successful than one targeted to many goals.
    • Iterate for improvement.

    1.1.1 List your goals and challenges

    Gather a diverse group of IT staff in a room with a whiteboard.

    Have each participant write down their top five specific outcomes they want from improved event management.

    Consolidate similar ideas.

    Prioritize the goals.

    Record these goals in your Event Management Cookbook.

    Priority Example Goals
    1 Reduce response time for incidents
    2 Improve audit compliance
    3 Improve risk analysis
    4 Improve forecasting for resource acquisition
    5 More accurate RCAs

    Input

    • Pain points

    Output

    • Prioritized list of goals and outcomes

    Materials

    • Whiteboard/flip charts
    • Sticky notes

    Participants

    • Infrastructure management team
    • IT managers

    Download the Event Management Cookbook

    Event management is a group effort

    • Event management needs to involve multiple other service management practices and service management roles to be effective.
    • Consider the roles to the right to see how event management can fit into your environment.

    Infrastructure Team

    The infrastructure team is accountable for deciding which events to track, how to track, and how to action the events when detected.

    Service Desk

    The service desk may respond to events that are indicative of incidents. Setting a root cause for events allows for quicker troubleshooting, diagnosis, and resolution of the incident.

    Problem and Change Management

    Problem and change management may be involved with certain event alerts as the resultant action could be to investigate the root cause of the alert (problem management) or build and approve a change to resolve the problem (change management).

    1.1.2 Build a RACI chart for event management

    1. As a group, complete the RACI chart using the template to the right. RACI stands for the following:
      • Responsible. The person doing the work.
      • Accountable. The person who ensures the work is done.
      • Consulted. Two-way communication.
      • Informed. One-way communication
      • There must be one and only one accountable person for each task. There must also be at least one responsible person. Depending on the use case, RACI letters may be combined (e.g. AR means the person who ensures the work is complete but also the person doing the work).
    2. Start with defining the roles in the first row in your own environment.
    3. Look at the tasks on the first column and modify/add/subtract tasks as necessary.
    4. Populate the RACI chart as necessary.

    Download the Event Management Cookbook

    Event Management Task IT Manager SME IT Infrastructure Manager Service Desk Configuration Manager (Event Monitoring System) Change Manager Problem Manager
    Defining systems and configuration items to monitor R C AR R
    Defining states of operation R C AR C
    Defining event and event thresholds to monitor R C AR I I
    Actioning event thresholds: Log A R
    Actioning event thresholds: Monitor I R A R
    Actioning event thresholds: Submit incident/change/problem ticket R R A R R I I
    Close alert for resolved issues AR RC RC

    Step 1.2

    Scope Monitoring and Event Management Using Business Impact

    Activities

    1.2.1 Set your scope using business impact

    Situate Event Management in Your Service Management Environment

    This step will walk you through the following activities:

    • Set your scope of event management using an abbreviated business impact analysis.

    This step involves the following participants:

    • Infrastructure manager
    • IT managers

    Outcomes of this step

    • List of systems, services, and applications to monitor.

    Use the business impact of your systems to set the scope of monitoring

    Picking events to track and action is difficult. Start with your most important systems according to business impact.

    • Business impact can be determined by how costly system downtime is. This could be a financial impact ($/hour of downtime) or goodwill impact (internal/external stakeholders affected).
    • Use business impact to determine the rating of a system by Tier (Gold, Silver, or Bronze):
      • GOLD: Mission-critical services. An outage is catastrophic in terms of cost or public image/goodwill. Example: trading software at a financial institution.
      • SILVER: Important to daily operations but not mission critical. Example: email services at any large organization.
      • BRONZE: Loss of these services is an inconvenience more than anything, though they do serve a purpose and will be missed if they are never brought back online. Example: ancient fax machines.
    • Align a list of systems to track with your previously selected goals for event management to determine WHY you need to track that system. Tracking the system could inform critical SLAs (performance/uptime), vulnerability, compliance obligations, or simply system condition.

    More is not better

    Tracking too many events across too many tools could decrease your responsiveness to incidents. Start tracking only what is actionable to keep the signal-to-noise ratio of events as high as possible.

    % of Incidents Reported by End Users Before Being Recognized by IT Operations

    A bar graph is depicted. It displays the following Data: All Organizations: 40%; 1-3 Tools: 29; 4-10 Tools: 36%; data-verified=11 Tools: 52">

    Source: Riverbed, 2016

    1.2.1 Set your scope using business impact

    Collating an exhaustive list of applications and services is onerous. Start small, with a subset of systems.

    1. Gather a diverse group of IT staff and end users in a room with a whiteboard.
    2. List 10-15 systems and services. Solicit feedback from the group. Questions to ask:
      • What services do you regularly use? What do you see others using?
        (End users)
      • Which service comprises the greatest number of service calls? (IT)
      • What services are the most critical for business operations? (Everybody)
      • What is the cost of downtime (financial and goodwill) for these systems? (Business)
      • How does monitoring these systems align with your goals set in Step 1.1?
    3. Assign an importance to each of these systems from Gold (most important) to Bronze (least important).
    4. Record these systems in your Event Management Cookbook.
    Systems/Services/Applications Tier
    1 Core Infrastructure Gold
    2 Internet Access Gold
    3 Public-Facing Website Gold
    4 ERP Silver
    15 PaperSave Bronze

    Include a variety of services in your analysis

    It might be tempting to jump ahead and preselect important applications. However, even if an application is not on the top 10 list, it may have cross-dependencies that make it more valuable than originally thought.

    For a more comprehensive BIA, see Create a Right-Sized Disaster Recovery Plan
    Download the Event Management Cookbook

    Phase 2

    Define Your Monitoring Thresholds and Accompanying Actions

    Phase 1Phase 2Phase 3

    1.1 Set Operational and Informational Goals
    1.2 Scope Monitoring and Event Management Using Business Impact

    2.1 Define Conditions and Related CIs
    2.2 Set Monitoring Thresholds and Alerts
    2.3 Action Your Events

    3.1 Define Your Data Policy
    3.2 Set Your Future of Event Monitoring

    Engineer Your Event Management Process

    This phase will walk you through the following activities:

    • 2.1.1 Define performance conditions
    • 2.1.2 Decompose services into Related CIs
    • 2.2.1 Verify your CI conditions with a root-cause analysis
    • 2.2.2 Set thresholds for your events
    • 2.3.1 Set actions for your thresholds
    • 2.3.2 Build your event management workflow

    This phase involves the following participants:

    • Business system owners
    • Infrastructure manager
    • IT managers

    Step 2.1

    Define Conditions and Related CIs

    Activities

    2.1.1 Define performance conditions

    2.1.2 Decompose services into related CIs

    Define Your Monitoring Thresholds and Accompanying Actions

    This step will walk you through the following activities:

    For each monitored system, define the conditions of interest and related CIs.

    This step involves the following participants:

    Business system owners

    Infrastructure manager

    IT managers

    Outcomes of this step

    List of conditions of interest and related CIs for each monitored system.

    Consider the state of the system that is of concern to you

    Events present a snapshot of the state of a system. To determine which events you want to monitor, you need to consider what system state(s) of importance.

    • Systems can be in one of three states:
      • Up
      • Down
      • Degraded
    • What do these states mean for each of your systems chosen in your BIA?
    • Up and Down are self-explanatory and a good place to start.
    • However, degraded systems are indicative that one or more component systems of an overarching system has failed. You must uncover the nature of such a failure, which requires more sophisticated monitoring.

    2.1.1 Define system states of greatest importance for each of your systems

    1. With the system business owners and compliance officers in the room, list the performance states of your systems chosen in your BIA.
    2. If you have too many systems listed, start only with the Gold Systems.
    3. Use the following proof approaches if needed:
      • Positive Proof Approach – every system when it has certain technical and business performance expectations. You can use these as a baseline.
      • Negative Proof Approach – users know when systems are not performing. Leverage incident data and end-user feedback to determine failed or degraded system states and work backwards.
    4. Focus on the end-user facing states.
    5. Record your critical system states in the Event Management Cookbook.
    6. Use these states in the next several activities and translate them into measurable infrastructure metrics.

    Input

    • Results of business impact analysis

    Output

    • Critical system states

    Materials

    • Whiteboard/flip charts
    • Sticky notes
    • Markers

    Participants

    • Infrastructure manager
    • Business system owners

    Download the Event Management Cookbook

    2.1.2 Decompose services into relevant CIs

    Define your system dependencies to help find root causes of degraded systems.

    1. For each of your systems identified in your BIA, list the relevant CIs.
    2. Identify dependencies and relationship of those CIs with other CIs (linkages and dependencies).
    3. Starting with the Up/Down conditions for your Gold systems, list the conditions of the CIs that would lead to the condition of the system. This may be a 1:1 relationship (e.g. Core Switches down = Core Infrastructure down) or a many:1 relationship (some virtualization hosts + load balancers down = Core Infrastructure down). You do not need to define specific thresholds yet. Focus on conditions for the CIs.
    4. Repeat step 3 with Degraded conditions.
    5. Repeat step 3 and 4 with Silver and Bronze systems.
    6. Record the results in the Event Management Cookbook.

    Core Infrastructure Example

    An iceberg is depicted. below the surface, are the following terms in order from shallowest to deepest: MPLS Connection, Core Switches, DNS; DHCP, AD ADFS, SAN-01; Load Balancers, Virtualization Hosts (x 12); Power and Cooling

    Download the Event Management Cookbook

    Step 2.2

    Set Monitoring Thresholds and Alerts

    Activities

    2.2.1 Verify your CI conditions with a root-cause analysis

    2.2.2 Set thresholds for your events

    Define Your Monitoring Thresholds and Accompanying Actions

    This step will walk you through the following activities:

    Set monitoring thresholds for each CI related to each condition of interest.

    This step involves the following participants:

    Business system managers

    Infrastructure manager

    IT managers

    Service desk manager

    Outcomes of this step

    List of events to track along with their root cause.

    Event management will involve a significant number of alerts

    Separate the serious from trivial to keep the signal-to-noise ratio high.

    Event Categories: Exceptions: Alarms Indicate Failure; Alerts indicate exceeded thresholds; Normal Operation. Event Alerts: Informational; Exceptional; Warning

    Set your own thresholds

    You must set your own monitoring criteria based on operational needs. Events triggering an action should be reviewed via an assessment of the potential project and associated risks.

    Consider the four general signal types to help define your tracked events

    Latency – time to respond

    Examples:

    • Web server – time to complete request
    • Network – roundtrip ping time
    • Storage – read/write queue times

    Traffic – amount of activity per unit time

    Web sever – how many pages per minute

    Network – Mbps

    Storage – I/O read/writes per sec

    Errors – internally tracked erratic behaviors

    Web Server – page load failures

    Network – packets dropped

    Storage – disk errors

    Saturation – consumption compared to theoretical maximum

    Web Server – % load

    Network – % utilization

    Storage – % full

    2.2.1 Verify your CI conditions with a root-cause analysis

    RCAs postulate why systems go down; use the RCA to inform yourself of the events leading up to the system going down.

    1. Gather a diverse group of IT staff in a room with a whiteboard.
    2. Pick a complex example of a system condition (many:1 correlation) that has considerable data associated with it (e.g. recorded events, problem tickets).
    3. Speculate on the most likely precursor conditions. For example, if a related CI fails or is degraded, which metrics would you likely see before the failure?
    4. If something failed, imagine what you’d most likely see before the failure.
    5. Extend that timeline backward as far as you can be reasonably confident.
    6. Pick a value for that event.
    7. Write out your logic flow from event recognition to occurrence.
    8. Once satisfied, program the alert and ideally test in a non-prod environment.

    Public Website Example

    Dependency CIs Tool Metrics
    ISP WAN SNMP Traps Latency
    Telemetry Packet Loss
    SNMP Pooling Jitter
    Network Performance Web Server Response Time
    Connection Stage Errors
    Web Server Web Page DOM Load Time
    Performance
    Page Load Time

    Let your CIs help you

    At the end of the day, most of us can only monitor what our systems let us. Some (like Exchange Servers) offer a crippling number of parameters to choose from. Other (like MPLS) connections are opaque black boxes giving up only the barest of information. The metrics you choose are largely governed by the art of the possible.

    Case Study

    Exhaustive RCAs proved that 54% of issues were not caused by storage.

    This is the Nimble Storage Logo

    INDUSTRY - Enterprise IT
    SOURCE - ESG, 2017

    Challenge

    Despite a laser focus on building nothing but all-flash storage arrays, Nimble continued to field a dizzying number of support calls.

    Variability and complexity across infrastructure, applications, and configurations – each customer install being ever so slightly different – meant that the problem of customer downtime seemed inescapable.

    Solution

    Nimble embedded thousands of sensors into its arrays, both at a hardware level and in the code. Thousands of sensors per array multiplied by 7,500 customers meant millions of data points per second.

    This data was then analyzed against 12,000 anonymized app-data gap-related incidents.

    Patterns began to emerge, ones that persisted across complex customer/array/configuration combinations.

    These patterns were turned into signatures, then acted on.

    Results

    54% of app-data gap related incidents were in fact related to non-storage factors! Sub-optimal configuration, bad practices, poor integration with other systems, and even VM or hosts were at the root cause of over half of reported incidents.

    Establishing that your system is working fine is more than IT best practice – by quickly eliminating potential options the right team can get working on the right system faster thus restoring the service more quickly.

    Gain an even higher SNR with event correlation

    Filtering:

    Event data determined to be of minimal predictive value is shunted aside.

    Aggregation:

    De-duplication and combination of similar events to trigger a response based on the number or value of events, rather than for individual events.

    Masking:

    Ignoring events that occur downstream of a known failed system. Relies on accurate models of system relationships.

    Triggering:

    Initiating the appropriate response. This could be simple logging, any of the exception event responses, an alert requiring human intervention, or a pre-programmed script.

    2.2.2 Set thresholds for your events

    If the event management team toggles the threshold for an alert too low (e.g. one is generated every time a CPU load reaches 60% capacity), they will generate too many false positives and create far too much work for themselves, generating alert fatigue. If they go the other direction and set their thresholds too high, there will be too many false negatives – problems will slip through and cause future disruptions.

    1. Take your list of RCAs from the previous activity and conduct an activity with the group. The goal of the exercise is to produce the predictive event values that confidently predict an imminent event.
    2. Questions to ask:
      • What are some benign signs of this incident?
      • Is there something we could have monitored that would have alerted us to this issue before an incident occurred?
      • Should anyone have noticed this problem? Who? Why? How?
      • Go through this for each of the problems identified and discuss thresholds. When complete, include the information in the Event Management Catalog.

    Public Website Example

    Dependency Metrics Threshold
    Network Performance Latency 150ms
    Packet Loss 10%
    Jitter >1ms
    Web Server Response Time 750ms
    Performance
    Connection Stage Errors 2
    Web Page Performance DOM Load time 1100ms
    Page Load time 1200ms

    Download the Event Management Cookbook

    Step 2.3

    Action Your Events

    Activities

    2.3.1 Set actions for your thresholds

    2.3.2 Build your event management workflow

    Define Your Monitoring Thresholds and Associated Actions

    This step will walk you through the following activities:

    With your list of tracked events from the previous step, build associated actions and define the handoff from event management to related practices.

    This step involves the following participants:

    Event management team

    Infrastructure team

    Change manager

    Problem manager

    Incident manager

    Outcomes of this step

    Event management workflow

    Set actions for your thresholds

    For each of your thresholds, you will need an action tied to the event.

    • Review the event alert types:
      • Informational
      • Warning
      • Exception
    • Your detected events will require one of the following actions if detected.
    • Unactioned events will lead to a poor signal-to-noise ratio of data, which ultimately leads to confusion in the detection of the event and decreased response effectiveness.

    Event Logged

    For informational alerts, log the event for future analysis.

    Automated Resolution

    For a warning or exception event or a set of events with a well-known root cause, you may have an automated resolution tied to detection.

    Human Intervention

    For warnings and exceptions, human intervention may be needed. This could include manual monitoring or a handoff to incident, change, or problem management.

    2.3.1 Set actions for your thresholds

    Alerts generated by event management are useful for many different ITSM practitioners.

    1. With the chosen thresholds at hand, analyze the alerts and determine if they require immediate action or if they can be logged for later analysis.
    2. Questions to ask:
      1. What kind of response does this event warrant?
      2. How could we improve our event management process?
      3. What event alerts would have helped us with root-cause analysis in the past?
    3. Record the results in the Event Management Catalog.

    Public Website Example

    Outcome Metrics Threshold Response (s)
    Network Performance Latency 150ms Problem Management Tag to Problem Ticket 1701
    Web Page Performance DOM Load time 1100ms Change Management

    Download the Event Management Catalog

    Input

    • List of events generated by event management

    Output

    • Action plan for various events as they occur

    Materials

    • Whiteboard/flip charts
    • Pens
    • Paper

    Participants

    • Event Management Team
    • Infrastructure Team
    • Change Manager
    • Problem Manager
    • Incident Manager

    2.3.2 Build your event management workflow

    1. As a group, discuss your high-level monitoring, alerting, and actioning processes.
    2. Define handoff processes to incident, problem, and change management. If necessary, open your incident, problem, and change workflows and discuss how the event can further pass onto those practices. Discuss the examples below:
      • Incident Management: Who is responsible for opening the incident ticket? Can the incident ticket be automated and templated?
      • Change Management: Who is responsible for opening an RFC? Who will approve the RFC? Can it be a pre-approved change?
      • Problem Management : Who is responsible for opening the problem ticket? How can the event data be useful in the problem management process?
    3. Use and modify the example workflow as needed by downloading the Event Management Workflow.

    Example Workflow:

    This is an image of an example Event Management Workflow

    Download the Event Management Workflow

    Common datapoints to capture for each event

    Data captured will help related service management practices in different ways. Consider what you will need to record for each event.

    • Think of the practice you will be handing the event to. For example, if you’re handing the event off to incident or problem management, data captured will have to help in root-cause analysis to find and execute the right solution. If you’re passing the event off to change management, you may need information to capture the rationale of the change.
    • Knowing the driver for the data can help you define the right data captured for every event.
    • Consider the data points below for your events:

    Data Fields

    Device

    Date/time

    Component

    Parameters in exception

    Type of failure

    Value

    Download the Event Management Catalog

    Start Monitoring and Implement Event Management

    Phase 1Phase 2Phase 3

    1.1 Set Operational and Informational Goals
    1.2 Scope Monitoring and Event Management Using Business Impact

    2.1 Define Conditions and Related CIs
    2.2 Set Monitoring Thresholds and Alerts
    2.3 Action Your Events

    3.1 Define Your Data Policy
    3.2 Set Your Future of Event Monitoring

    Engineer Your Event Management Process

    This phase will walk you through the following activities:

    3.1.1 Define data policy needs

    3.2.1 Build your roadmap

    This phase involves the following participants:

    Business system owners

    Infrastructure manager

    IT managers

    Step 3.1

    Define Your Data Policy

    Activities

    3.1.1 Define data policy needs

    Start Monitoring and Implement Event Management

    This step will walk you through the following activities:

    Your overall goals from Phase 1 will help define your data retention needs. Document these policy statements in a data policy.

    This step involves the following participants:

    CIO

    Infrastructure manager

    IT managers

    Service desk manager

    Outcomes of this step

    Data retention policy statements for event management

    Know the difference between logs and metrics

    Logs

    Metrics

    A log is a complete record of events from a period:

    • Structured
    • Binary
    • Plaintext
    		 Missing entries in logs can be just as telling as the values existing in other entries. A metric is a numeric value that gives information about a system, generally over a time series. Adjusting the time series allows different views of the data.

    Logs are generally internal constructs to a system:

    • Applications
    • DB replications
    • Firewalls
    • SaaS services

    Completeness and context make logs excellent for:

    • Auditing
    • Analytics
    • Real-time and outlier analysis
    		 As a time series, metrics operate predictably and consistently regardless of system activity.

    This independence makes them ideal for:

    • Alerts
    • Dashboards
    • Profiling

    Large amounts of log data can make it difficult to:

    • Store
    • Transmit
    • Sift
    • Sort

    Context insensitivity means we can apply the same metric to dissimilar systems:

    • This is especially important for blackbox systems not fully under local control.

    Understand your data requirements

    Amount of event data logged by a 1000 user enterprise averages 113GB/day

    Source: SolarWinds

    Security Logs may contain sensitive information. Best practice is to ensure logs are secure at rest and in transit. Tailor your security protocol to your compliance regulations (PCI, etc.).
    Architecture and Availability When production infrastructure goes down, logging tends to go down as well. Holes in your data stream make it much more difficult to determine root causes of incidents. An independent secondary architecture helps solve problems when your primary is offline. At the very least, system agents should be able to buffer data until the pipeline is back online.
    Performance Log data grows: organically with the rest of the enterprise and geometrically in the event of a major incident. Your infrastructure design needs to support peak loads to prevent it from being overwhelmed when you need it the most.
    Access Control Events have value for multiple process owners in your enterprise. You need to enable access but also ensure data consistency as each group performs their own analysis on the data.
    Retention Near-real time data is valuable operationally; historic data is valuable strategically. Find a balance between the two, keeping in mind your obligations under compliance frameworks (GDPR, etc.).

    3.1.1 Set your data policy for every event

    1. Given your event list in the Event Management Catalog, include the following information for each event:
      • Retention Period
      • Data Sensitivity
      • Data Rate
    2. Record the results in the Event Management Catalog.

    Public Website Example

    Metrics/Log Retention Period Data Sensitivity Data Rate
    Latency 150ms No
    Packet Loss 10% No
    Jitter >1ms No
    Response Time 750ms No
    HAProxy Log 7 days Yes 3GB/day
    DOM Load time 1100ms
    Page Load time 1200ms
    User Access 3 years Yes

    Download the Event Management Catalog

    Input

    • List of events generated by event management
    • List of compliance standards your organization adheres to

    Output

    • Data policy for every event monitored and actioned

    Materials

    • Whiteboard/flip charts
    • Pens
    • Paper

    Participants

    • Event management team
    • Infrastructure team

    Step 3.2

    Set Your Future of Event Monitoring

    Activities

    3.2.1 Build your roadmap

    Start Monitoring and Implement Event Management

    This step will walk you through the following activities:

    Event management maturity is slowly built over time. Define your future actions in a roadmap to stay on track.

    This step involves the following participants:

    CIO

    Infrastructure manager

    IT managers

    Outcomes of this step

    Event management roadmap and action items

    Practice makes perfect

    For every event that generates an alert, you want to judge the predictive power of said event.

    Engineer your event management practice to be predictive. For example:

    • Up/Down Alert – Expected Consequence: Service desk will start working on the incident ticket before a user reports that said system has gone down.
    • SysVol Capacity Alert – Expected Consequence: Change will be made to free up space on the volume prior to the system crashing.

    If the expected consequence is not observed there are three places to look:

    1. Was the alert received by the right person?
    2. Was the alert received in enough time to do something?
    3. Did the event triggering the alert have a causative relationship with the consequence?

    While impractical to look at every action resulting from an alert, a regular review process will help improve your process. Effective alerts are crafted with specific and measurable outcomes.

    Info-Tech Insight

    False positives are worse than missed positives as they undermine confidence in the entire process from stakeholders and operators. If you need a starting point, action your false positives first.

    Mind Your Event Management Errors

    Two Donut charts are depicted. The first has a slice which is labeled 7% False Positive. The Second has a slice which is labeled 33% False Negative.

    Source: IEEE Communications Magazine March 2012

    Follow the Cookbook for every event you start tracking

    Consider building event management into new, onboarded systems as well.

    You now have several core systems, their CIs, conditions, and their related events listed in the Event Catalog. Keep the Catalog as your single reference point to help manage your tracked events across multiple tools.

    The Event Management Cookbook is designed to be used over and over. Keep your tracked events standard by running through the steps in the Cookbook.

    An additional step you could take is to pull the Cookbook out for event tracking for each new system added to your IT environment. Adding events in the Catalog during application onboarding is a good way to manage and measure configuration.

    Event Management Cookbook

    This is a screenshot of the Event Management Cookbook

    Use the framework in the Event Management Cookbook to populate your event catalog with properly tracked and actioned events.

    3.2.1 Build an event management roadmap

    Increase your event management maturity over time by documenting your goals.

    Add the following in-scope goals for future improvement. Include owner, timeline, progress, and priority.

    • Add additional systems/applications/services to event management
    • Expand condition lists for given systems
    • Consolidate tracking tools for easier data analysis and actioning
    • Integrate event management with additional service management practices

    This image contains a screenshot of a sample Event Management Roadmap

    Summary of Accomplishment

    Problem Solved

    You now have a structured event management process with a start on a properly tracked and actioned event catalog. This will help you detect incidents before they become incidents, changes needed to the IT environment, and problems before they spread.

    Continue to use the Event Management Cookbook to add new monitored events to your Event Catalog. This ensures future events will be held to the same or better standard, which allows you to avoid drowning in too much data.

    Lastly, stay on track and continually mature your event management practice using your Event Management Roadmap.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop

    Contact your account representative for more information

    workshops@infotech.com

    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    This is an example of a RACI Chart for Event Management

    Build a RACI Chart for Event Management

    Define and document the roles and responsibilities in event management.

    This is an example of a business impact chart

    Set Your Scope Using Business Impact

    Define and prioritize in-scope systems and services for event management.

    Related Info-Tech Research

    Standardize the Service Desk

    Improve customer service by driving consistency in your support approach and meeting SLAs.

    Improve Incident and Problem Management

    Don’t let persistent problems govern your department

    Harness Configuration Management Superpowers

    Build a service configuration management practice around the IT services that are most important to the organization.

    Select Bibliography

    DeMattia, Adam. “Assessing the Financial Impact of HPE InfoSight Predictive Analytics.” ESG, Softchoice, Sept. 2017. Web.

    Hale, Brad. “Estimating Log Generation for Security Information Event and Log Management.” SolarWinds, n.d. Web.

    Ho, Cheng-Yuan, et al. “Statistical Analysis of False Positives and False Negatives from Real Traffic with Intrusion Detection/Prevention Systems.” IEEE Communications Magazine, vol. 50, no. 3, 2012, pp. 146-154.

    ITIL Foundation ITIL 4 Edition = ITIL 4. The Stationery Office, 2019.

    McGillicuddy, Shamus. “EMA: Network Management Megatrends 2016.” Riverbed, April 2016. Web.

    McGillicuddy, Shamus. “Network Management Megatrends 2020.” Enterprise Management Associates, APCON, 2020. Web.

    Rivas, Genesis. “Event Management: Everything You Need to Know about This ITIL Process.” GB Advisors, 22 Feb. 2021. Web.

    “Service Operations Processes.” ITIL Version 3 Chapters, 21 May 2010. Web.

    Build a Data Integration Strategy

    • Buy Link or Shortcode: {j2store}125|cart{/j2store}
    • member rating overall impact: 8.8/10 Overall Impact
    • member rating average dollars saved: $11,677 Average $ Saved
    • member rating average days saved: 7 Average Days Saved
    • Parent Category Name: Enterprise Integration
    • Parent Category Link: /enterprise-integration
    • As organizations process more information at faster rates, there is increased pressure for faster and more efficient data integration.
    • Data integration is becoming more and more critical for downstream functions of data management and for business operations to be successful. Poor integration holds back these critical functions.

    Our Advice

    Critical Insight

    • Every IT project requires data integration. Regardless of the current problem and the solution being implemented, any change in the application and database ecosystem requires you to solve a data integration problem.
    • Data integration problem solving needs to start with business activity. After understanding the business activity, move to application and system integration to drive the optimal data integration activities.
    • Data integration improvement needs to be backed by solid requirements that depend on the use case. Info-Tech’s use cases will help you identify your organization’s requirements and integration architecture for its ideal data integration solution.

    Impact and Result

    • Create a data integration solution that supports the flow of data through the organization and meets the organization’s requirements for data latency, availability, and relevancy.
    • Build your data integration practice with a firm foundation in governance and reference architecture; use best-fit reference architecture patterns and the related technology and resources to ensure that your process is scalable and sustainable.
    • The business’ uses of data are constantly changing and evolving, and as a result, the integration processes that ensure data availability must be frequently reviewed and repositioned in order to continue to grow with the business.

    Build a Data Integration Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why your organization should improve its data integration, review Info-Tech’s methodology, and understand how we can help you create a loosely coupled integration architecture.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Collect integration requirements

    Identify data integration pains and needs and use them to collect effective business requirements for the integration solution.

    • Break Down Data Silos With a Data-Centric Integration Strategy – Phase 1: Collect Integration Requirements
    • Data Integration Requirements Gathering Tool

    2. Analyze integration requirements

    Determine technical requirements for the integration solution based on the business requirement inputs.

    • Break Down Data Silos With a Data-Centric Integration Strategy – Phase 2: Analyze Integration Requirements
    • Data Integration Trends Presentation
    • Data Integration Pattern Selection Tool

    3. Design the data-centric integration solution

    Determine your need for a data integration proof of concept, and then design the data model for your integration solution.

    • Break Down Data Silos With a Data-Centric Integration Strategy – Phase 3: Design the Data-Centric Integration Solution
    • Data Integration POC Template
    • Data Integration Mapping Tool
    [infographic]

    Workshop: Build a Data Integration Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Collect Integration Requirements

    The Purpose

    Explain approach and value proposition.

    Review the common business drivers and how the organization is driving a need to optimize data integration.

    Understand Info-Tech’s approach to data integration.

    Key Benefits Achieved

    Current integration architecture is understood.

    Priorities for tactical initiatives in the data architecture practice related to integration are identified.

    Target state for data integration is defined.

    Activities

    1.1 Discuss the current data integration environment and the pains that are felt by the business and IT.

    1.2 Determine what the problem statement and business case look like to kick-start a data integration improvement initiative.

    1.3 Understand data integration requirements from the business.

    Outputs

    Data Integration Requirements Gathering Tool

    2 Analyze Integration Requirements

    The Purpose

    Understand what the business requires from the integration solution.

    Identify the common technical requirements and how they relate to business requirements.

    Review the trends in data integration to take advantage of new technologies.

    Brainstorm how the data integration trends can fit within your environment.

    Key Benefits Achieved

    Business-aligned requirements gathered for the integration solution.

    Activities

    2.1 Understand what the business requires from the integration solution.

    2.2 Identify the common technical requirements and how they relate to business requirements.

    Outputs

    Data Integration Requirements Gathering Tool

    Data Integration Trends Presentation

    3 Design the Data-Centric Integration Solution

    The Purpose

    Learn about the various integration patterns that support organizations’ data integration architecture.

    Determine the pattern that best fits within your environment.

    Key Benefits Achieved

    Improvement initiatives are defined.

    Improvement initiatives are evaluated and prioritized to develop an improvement strategy.

    A roadmap is defined to depict when and how to tackle the improvement initiatives.

    Activities

    3.1 Learn about the various integration patterns that support organizations’ data integration architecture.

    3.2 Determine the pattern that best fits within your environment.

    Outputs

    Integration Reference Architecture Patterns

    Data Integration POC Template

    Data Integration Mapping Tool

    Further reading

    Build a Data Integration Strategy

    Integrate your data or disintegrate your business.

    ANALYST PERSPECTIVE

    Integrate your data or disintegrate your business.

    "Point-to-point integration is an evil that builds up overtime due to ongoing business changes and a lack of integration strategy. At the same time most businesses are demanding consistent, timely, and high-quality data to fuel business processes and decision making.

    A good recipe for successful data integration is to discover the common data elements to share across the business by establishing an integration platform and a canonical data model.

    Place yourself in one of our use cases and see how you fit into a common framework to simplify your problem and build a data-centric integration environment to eliminate your data silos."

    Rajesh Parab, Director, Research & Advisory Services

    Info-Tech Research Group

    Our understanding of the problem

    This Research Is Designed For:

    • Data engineers feeling the pains of poor integration from inaccuracies and inefficiencies during the data integration lifecycle.
    • Business analysts communicating the need for improved integration of data.
    • Data architects looking to design and facilitate improvements in the holistic data environment.
    • Data architects putting high-level architectural design changes into action.

    This Research Will Also Assist:

    • CIOs concerned with the costs, benefits, and the overall structure of their organization’s data flow.
    • Enterprise architects trying to understand how improved integration will affect overall organizational architecture.

    This Research Will Help You:

    • Understand what integration is, and how it fits into your organization.
    • Identify opportunities for leveraging improved integration for data-driven insights.
    • Design a loosely coupled integration architecture that is flexible to changing needs.
    • Determine the needs of the business for integration and design solutions for the gaps that fit the requirements.

    This Research Will Help Them:

    • Get a handle on the current data situation and how data interacts within the organization.
    • Understand how data architecture affects operations within the enterprise.

    Executive summary

    Situation

    • As organizations process more information at faster rates, there is increased pressure for faster and more efficient data integration.
    • Data integration is becoming more and more critical for downstream functions of data management and for business operations to be successful. Poor integration holds back these critical functions.

    Complication

    • Investments in integration can be a tough sell for the business, and it is difficult to get support for integration as a standalone project.
    • Evolving business models and uses of data are growing rapidly at rates that often exceed the investment in data management and integration tools. As a result, there is often a gap between data availability and the business’ latency demands.

    Resolution

    • Create a data-centric integration solution that supports the flow of data through the organization and meets the organization’s requirements for data accuracy, relevance, availability, and timeliness.
    • Build your data-centric integration practice with a firm foundation in governance and reference architecture; use best-fit reference architecture patterns and the related technology and resources to ensure that your process is scalable and sustainable.
    • The business’ uses of data are constantly changing and evolving, and as a result the integration processes that ensure data availability must be frequently reviewed and repositioned to continue to grow with the business.

    Info-Tech Insight

    1. Every IT project requires data integration.Any change in the application and database ecosystem requires you to solve a data integration problem.
    2. Integration problem solving needs to start with business activity. After understanding the business activity, move to application and system integration to drive optimal data integration activities.
    3. Integration initiatives need to be backed by requirements that depend on use cases. Info-Tech’s use cases will help identify organizational requirements and the ideal data-centric integration solution.

    Your data is the foundation of your organization’s knowledge and ability to make decisions

    Integrate the Data, Not the Applications

    Data is one of the most important assets in a modern organization. Contained within an organization’s data are the customers, the products, and the operational details that make an organization function. Every organization has data, and this data might serve the needs of the business today.

    However, the only constant in the world is change. Changes in addresses, amounts, product details, partners, and more occur at a rapid rate. If your data is isolated, it will quickly become stale. Getting up-to-date data to the right place at the right time is where data-centric integration comes in.

    "Data is the new oil." – Clive Humby, Chief Data Scientist Source: Medium, 2016

    The image shows two graphics. The top shows two sets of circles with an arrow pointing to the right between them: on the left, there is a large centre circle with the word APP in it, and smaller circles surrounding it that read DATA. On the right, the large circle reads DATA, and the smaller circles, APP. On the lower graphic, there are also two sets of circles, with an arrow pointing to the right between them. This time, the largest circle envelopes the smaller circles. The circle on the right has a larger circle in the centre that reads Apple Watch Heart Monitoring App, and smaller circles around it labelled with types of data. The circle on the right contains a larger circle in the centre that reads Heart Data, and the smaller circles are labelled with types of apps.

    Organizations are having trouble keeping up with the rapid increases in data growth and complexity

    To keep up with increasing business demands and profitability targets and decreasing cost targets, organizations are processing and exchanging more data than ever before.

    To get more value from their information, organizations are relying on more and more complex data sources. These diverse data sources have to be properly integrated to unlock the full potential of your data:

    The most difficult integration problems are caused by semantic heterogeneity (Database Research Technology Group, n.d.).

    80% of business decisions are made using unstructured data (Concept Searching, 2015).

    85% of businesses are struggling to implement the correct integration solution to accurately interpret their data (KPMG, 2014).

    Break Down Your Silos

    Integrating large volumes of data from the many varied sources in an organization has incredible potential to yield insights, but many organizations struggle with creating the right structure for that blending to take place, and data silos form.

    Data-centric integration capabilities can break down organizational silos. Once data silos are removed and all the information that is relevant to a given problem is available, problems with operational and transactional efficiencies can be solved, and value from business intelligence (BI) and analytics can be fully realized.

    Data-centric integration is the solution you need to bring data together to break down data silos

    On one hand…

    Data has massive potential to bring insight to an organization when combined and analyzed in creative ways.

    On the other hand…

    It is difficult to bring data together from different sources to generate insights and prevent stale data.

    How can these two ideas be reconciled?

    Answer: Info-Tech’s Data Integration Onion Framework summarizes an organization’s data environment at a conceptual level, and is used to design a common data-centric integration environment.

    Info-Tech’s Data Integration Onion Framework

    The image shows Info Tech's Data Integration Onion Framework. It is a circular graphic, with a series on concentric rings, each representing a category and containing specific examples of items within those categories.

    Poor integration will lead to problems felt by the business and IT

    The following are pains reported by the business due to poor integration:

    59% Of managers said they experience missing data every day due to poor distribution results in data sets that are valuable to their central work functions. (Experian, 2016)

    42% Reported accidentally using the wrong information, at least once a week. (Computerworld, 2017)

    37% Of the 85% of companies trying to be more data driven, only 37% achieved their goal. (Information Age, 2019)

    "I never guess. It is a capital mistake to theorize before one has data. Insensibly one begins to twist facts to suit theories, instead of theories to suit facts." – Sir Arthur Conan Doyle, Sherlock Holmes

    Poor integration can make IT less efficient as well:

    90% Of all company generated data is “dark.” Getting value out of dark data is not difficult or costly. (Deloitte Insights, 2017)

    5% As data sits in a database, up to 5% of customer data changes per month. (Data.com, 2016)

    "Most traditional machine learning techniques are not inherently efficient or scalable enough to handle the data. Machine learning needs to reinvent itself for big data processing primarily in pre-processing of data." – J. Qiu et al., ‎2016

    Understand the common challenges of integration to avoid the pains

    There are three types of challenges that organizations face when integrating data:

    1. Disconnect from the business

    Poor understanding of the integration problem and requirements lead to integrations being built that are not effective for quality data.

    50% of project rework is attributable to problems with requirements. (Info-Tech Research Group)

    45% of IT professionals admit to being “fuzzy” about the details of a project’s business objectives. (Blueprint Software Systems Inc., 2012)

    2. Lack of strategy

    90% Of organizations will lack an integration strategy through to 2018. (Virtual Logistics, 2017)

    Integrating data without a long-term plan is a recipe for point-to-point integration spaghettification:

    The image shows two columns of rectangles, each with the word Application Services. Between them are arrows, matching boxes in one column to the other. The lines of the arrows are curvy.

    3. Data complexity

    Data architects and other data professionals are increasingly expected to be able to connect data using whatever interface is provided, at any volume, and in any format – all without affecting the quality of the data.

    36% Of developers report problems integrating data due to different standards interpretations. (DZone, 2015)

    These challenges lead to organizations building a data architecture and integration environment that is tightly coupled.

    A loose coupling integration strategy helps mitigate the challenges and realize the benefits of well-connected data

    Loose Coupling

    Most organizations don’t have the foresight to design their architecture correctly the first time. In a perfect world, organizations would design their application and data architecture to be scalable, modular, and format-neutral – like building blocks.

    Benefits of a loosely coupled architecture:

    • Increased ability to support business needs by adapting easily to changes.
    • Added ability to incorporate new vendors and new technology due to increased flexibility.
    • Potential for automated, real-time integration.
    • Elimination of re-keying/manual entry of data.
    • Federation of data.

    Vs. Tight Coupling

    However, this is rarely the case. Most architectures are more like a brick wall – permanent, hard to add to and subtract from, and susceptible to weathering.

    Problems with a tightly coupled architecture:

    • Delays in combining data for analysis.
    • Manual/Suboptimal DI in the face of changing business needs.
    • Lack of federation.
    • Lack of flexibility.
    • Fragility of integrated platforms.
    • Limited ability to explore new functionalities.

    Establish an Effective IT Steering Committee

    • Buy Link or Shortcode: {j2store}191|cart{/j2store}
    • member rating overall impact: 9.6/10 Overall Impact
    • member rating average dollars saved: $44,821 Average $ Saved
    • member rating average days saved: 11 Average Days Saved
    • Parent Category Name: IT Governance, Risk & Compliance
    • Parent Category Link: /it-governance-risk-and-compliance
    • Unfortunately, when CIOs implement IT steering committees, they often lack the appropriate structure and processes to be effective.
    • Due to the high profile of the IT steering committee membership, CIOs need to get this right – or their reputation is at risk.

    Our Advice

    Critical Insight

    • 88% of IT steering committees fail. The organizations that succeed have clearly defined responsibilities that are based on business needs.
    • Without a documented process your committee can’t execute on its responsibilities. Clearly define the flow of information to make your committee actionable.
    • Limit your headaches by holding your IT steering committee accountable for defining project prioritization criteria.

    Impact and Result

    Leverage Info-Tech’s process and deliverables to see dramatic improvements in your business satisfaction through an effective IT steering committee. This blueprint will provide three core customizable deliverables that you can use to launch or optimize your IT steering committee:

    • IT Steering Committee Charter: Use this template in combination with this blueprint to form a highly tailored committee.
    • IT Steering Committee Stakeholder Presentation: Build understanding around the goals and purpose of the IT steering committee, and generate support from your leadership team.
    • IT Steering Committee Project Prioritization Tool: Engage your IT steering committee participants in defining project prioritization criteria. Track project prioritization and assess your portfolio.

    Establish an Effective IT Steering Committee Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should establish an IT steering committee, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build the steering committee charter

    Build your IT steering committee charter using results from the stakeholder survey.

    • Establish an Effective IT Steering Committee – Phase 1: Build the Steering Committee Charter
    • IT Steering Committee Stakeholder Survey
    • IT Steering Committee Charter

    2. Define IT steering commitee processes

    Define your high level steering committee processes using SIPOC, and select your steering committee metrics.

    • Establish an Effective IT Steering Committee – Phase 2: Define ITSC Processes

    3. Build the stakeholder presentation

    Customize Info-Tech’s stakeholder presentation template to gain buy-in from your key IT steering committee stakeholders.

    • Establish an Effective IT Steering Committee – Phase 3: Build the Stakeholder Presentation
    • IT Steering Committee Stakeholder Presentation

    4. Define the prioritization criteria

    Build the new project intake and prioritization process for your new IT steering committee.

    • Establish an Effective IT Steering Committee – Phase 4: Define the Prioritization Criteria
    • IT Steering Committee Project Prioritization Tool
    • IT Project Intake Form
    [infographic]

    Workshop: Establish an Effective IT Steering Committee

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Build the IT Steering Committee

    The Purpose

    Lay the foundation for your IT steering committee (ITSC) by surveying your stakeholders and identifying the opportunities and threats to implementing your ITSC.

    Key Benefits Achieved

     An understanding of the business environment affecting your future ITSC and identification of strategies for engaging with stakeholders

    Activities

    1.1 Launch stakeholder survey for business leaders.

    1.2 Analyze results with an Info-Tech advisor.

    1.3 Identify opportunities and threats to successful IT steering committee implementation.

    1.4 Develop the fit-for-purpose approach.

    Outputs

    Report on business leader governance priorities and awareness

    Refined workshop agenda

    2 Define the ITSC Goals

    The Purpose

    Define the goals and roles of your IT steering committee.

    Plan the responsibilities of your future committee members.

    Key Benefits Achieved

     Groundwork for completing the steering committee charter

    Activities

    2.1 Review the role of the IT steering committee.

    2.2 Identify IT steering committee goals and objectives.

    2.3 Conduct a SWOT analysis on the five governance areas

    2.4 Define the key responsibilities of the ITSC.

    2.5 Define ITSC participation.

    Outputs

    IT steering committee key responsibilities and participants identified

    IT steering committee priorities identified

    3 Define the ITSC Charter

    The Purpose

    Document the information required to create an effective ITSC Charter.

    Create the procedures required for your IT steering committee.

    Key Benefits Achieved

    Clearly defined roles and responsibilities for your steering committee

    Completed IT Steering Committee Charter document

    Activities

    3.1 Build IT steering committee participant RACI.

    3.2 Define your responsibility cadence and agendas.

    3.3 Develop IT steering committee procedures.

    3.4 Define your IT steering committee purpose statement and goals.

    Outputs

    IT steering committee charter: procedures, agenda, and RACI

    Defined purpose statement and goals

    4 Define the ITSC Process

    The Purpose

    Define and test your IT steering committee processes.

    Get buy-in from your key stakeholders through your stakeholder presentation.

    Key Benefits Achieved

    Stakeholder understanding of the purpose and procedures of IT steering committee membership

    Activities

    4.1 Define your high-level IT steering committee processes.

    4.2 Conduct scenario testing on key processes, establish ITSC metrics.

    4.3 Build your ITSC stakeholder presentation.

    4.4 Manage potential objections.

    Outputs

    IT steering committee SIPOC maps

    Refined stakeholder presentation

    5 Define Project Prioritization Criteria

    The Purpose

    Key Benefits Achieved

    Activities

    5.1 Create prioritization criteria

    5.2 Customize the project prioritization tool

    5.3 Pilot test the tool

    5.4 Define action plan and next steps

    Outputs

    IT Steering Committee Project Prioritization Tool

    Action plan

    Further reading

    Establish an Effective IT Steering Committee

    Have the right people making the right decisions to drive IT success.

    Our understanding of the problem

    This Research Is Designed For:

    • CIOs
    • IT Leaders

    This Research Will Also Assist:

    • Business Partners

    This Research Will Help You:

    • Structure an IT steering committee with the appropriate membership and responsibilities
    • Define appropriate cadence around business involvement in IT decision making
    • Define your IT steering committee processes, metrics, and timelines
    • Obtain buy-in for IT steering committee participations
    • Define the project prioritization criteria

    This Research Will Help Them:

    • Understand the importance of IT governance and their role
    • Identify and build the investment prioritization criteria

    Executive Summary

    Situation

    • An effective IT steering committee (ITSC) is one of the top predictors of value generated by IT, yet only 11% of CIOs believe their committees are effective.
    • An effective steering committee ensures that the right people are involved in critical decision making to drive organizational value.

    Complication

    • Unfortunately, when CIOs do implement IT steering committees, they often lack the appropriate structure and processes to be effective.
    • Due to the high profile of the IT steering committee membership, CIOs need to get this right – or their reputation is at risk.

    Resolution

    Leverage Info-Tech’s process and deliverables to see dramatic improvements in your business satisfaction through an effective IT steering committee. This blueprint will provide three core customizable deliverables that you can use to launch or optimize your IT steering committee. These include:

    1. IT Steering Committee Charter: Customizable charter complete with example purpose, goals, responsibilities, procedures, RACI, and processes. Use this template in combination with this blueprint to get a highly tailored committee.
    2. IT Stakeholder Presentation: Use our customizable presentation guide to build understanding around the goals and purpose of the IT steering committee and generate support from your leadership team.
    3. IT Steering Committee Project Prioritization Tool: Engage your IT steering committee participants in defining the project prioritization criteria. Use our template to track project prioritization and assess your portfolio.

    Info-Tech Insight

    1. 88% of IT steering committees fail. The organizations that succeed have clearly defined responsibilities that are based on business needs.
    2. Without a documented process your committee can’t execute on its responsibilities. Clearly define the flow of information to make your committee actionable.
    3. Limit your headaches by holding your IT steering committee accountable for defining project prioritization criteria.

    IT Steering Committee

    Effective IT governance critical in driving business satisfaction with IT. Yet 88% of CIOs believe that their governance structure and processes are not effective. The IT steering committee (ITSC) is the heart of the governance body and brings together critical organizational stakeholders to enable effective decision making (Info-Tech Research Group Webinar Survey).

    IT STEERING COMMITTEES HAVE 3 PRIMARY OBJECTIVES – TO IMPROVE:

    1. Alignment: IT steering committees drive IT and business strategy alignment by having business partners jointly accountable for the prioritization and selection of projects and investments within the context of IT capacity.
    2. Accountability: The ITSC facilitates the involvement and commitment of executive management through clearly defined roles and accountabilities for IT decisions in five critical areas: investments, projects, risk, services, and data.
    3. Value Generation: The ITSC is responsible for the ongoing evaluation of IT value and performance of IT services. The committee should define these standards and approve remediation plans when there is non-achievement.

    "Everyone needs good IT, but no one wants to talk about it. Most CFOs would rather spend time with their in-laws than in an IT steering-committee meeting. But companies with good governance consistently outperform companies with bad. Which group do you want to be in?"

    – Martha Heller, President, Heller Search Associates

    An effective IT steering committee improves IT and business alignment and increases support for IT across the organization

    CEOs’ PERCEPTION OF IT AND BUSINESS ALIGNMENT

    67% of CIOs/CEOs are misaligned on the target role for IT.

    47% of CEOs believe that business goals are going unsupported by IT.

    64% of CEOs believe that improvement is required around IT’s understanding of business goals.

    28% of business leaders are supporters of their IT departments.

    A well devised IT steering committee ensures that core business partners are involved in critical decision making and that decisions are based on business goals – not who shouts the loudest. Leading to faster decision-making time, and better-quality decisions and outcomes.

    Source: Info-Tech CIO/CEO Alignment data

    Despite the benefits, 9 out of 10 steering committees are unsuccessful

    WHY DO IT STEERING COMMITTEES FAIL?

    1. A lack of appetite for an IT steering committee from business partners
      2. An effective ITSC requires participation from core members of the organization’s leadership team. The challenge is that most business partners don’t understand the benefits of an ITSC and the responsibilities aren’t tailored to participants’ needs or interests. It’s the CIOs responsibility to make this case to stakeholders and right-size the committee responsibilities and membership.
    2. IT steering committees are given inappropriate responsibilities
      3. The IT steering committee is fundamentally about decision making; it’s not a working committee. CIOs struggle with clarifying these responsibilities on two fronts: either the responsibilities are too vague and there is no clear way to execute on them within a meeting, or responsibilities are too tactical and require knowledge that participants do not have. Responsibilities should determine who is on the ITSC, not the other way around.
    3. Lack of process around execution
      4. An ITSC is only valuable if members are able to successfully execute on the responsibilities. Without well defined processes it becomes nearly impossible for the ITSC to be actionable. As a result, participants lack the information they need to make critical decisions, agendas are unmet, and meetings are seen as a waste of time.

    GOVERNANCE and ITSC and IT Management

    Organizations often blur the line between governance and management, resulting in the business having say over the wrong things. Understand the differences and make sure both groups understand their role.

    The ITSC is the most senior body within the IT governance structure, involving key business executives and focusing on critical strategic decisions impacting the whole organization.

    Within a holistic governance structure, organizations may have additional committees that evaluate, direct, and monitor key decisions at a more tactical level and report into the ITSC.

    These committees require specialized knowledge and are implemented to meet specific organizational needs. Those operational committees may spark a tactical task force to act on specific needs.

    IT management is responsible for executing on, running, and monitoring strategic activities as determined by IT governance.

    RELATIONSHIP BETWEEN STRATEGIC, TACTICAL, AND OPERATIONAL GROUPS

    Strategic IT Steering Committee
    Tactical

    Project Governance Service Governance

    Risk Governance Information Governance

    		 IT Management
    Operational Risk Task Force

    This blueprint focuses exclusively on building the IT steering committee. For more information on IT governance see Info-Tech’s blueprint Tailor an IT Governance Plan to Fit Organizational Needs.

    1. Governance of the IT Portfolio & Investments: ensures that funding and resources are systematically allocated to the priority projects that deliver value
    2. Governance of Projects: ensures that IT projects deliver the expected value, and that the PM methodology is measured and effective.
    3. Governance of Risks: ensures the organization’s ability to assess and deliver IT projects and services with acceptable risk.
    4. Governance of Services: ensures that IT delivers the required services at the acceptable performance levels.
    5. Governance of Information and Data: ensures the appropriate classification and retention of data based on business need.

    If these symptoms resonate with you, it might be time to invest in building an IT steering committee

    SIGNS YOU MAY NEED TO BUILD AN IT STEERING COMMITTEE

    As CIO I find that there is a lack of alignment between business and IT strategies.
    I’ve noticed that projects are thrown over the fence by stakeholders and IT is expected to comply.
    I’ve noticed that IT projects are not meeting target project metrics.
    I’ve struggled with a lack of accountability for decision making, especially by the business.
    I’ve noticed that the business does not understand the full cost of initiatives and projects.
    I don’t have the authority to say “no” when business requests come our way.
    We lack a standardized approach for prioritizing projects.
    IT has a bad reputation within the organization, and I need a way to improve relationships.
    Business partners are unaware of how decisions are made around IT risks.
    Business partners don’t understand the full scope of IT responsibilities.
    There are no SLAs in place and no way to measure stakeholder satisfaction with IT.

    Info-Tech’s approach to implementing an IT steering committee

    Info-Tech’s IT steering committee development blueprint will provide you with the required tools, templates, and deliverables to implement a right-sized committee that’s effective the first time.

    • Measure your business partner level of awareness and interest in the five IT governance areas, and target specific responsibilities for your steering committee based on need.
    • Customize Info-Tech’s IT Steering Committee Charter Template to define and document the steering committee purpose, responsibilities, participation, and cadence.
    • Build critical steering committee processes to enable information to flow into and out of the committee to ensure that the committee is able to execute on responsibilities.
    • Customize Info-Tech’s IT Steering Committee Stakeholder Presentation template to make your first meeting a breeze, providing stakeholders with the information they need, with less than two hours of preparation time.
    • Leverage our workshop guide and prioritization tools to facilitate a meeting with IT steering committee members to define the prioritization criteria for projects and investments and roll out a streamlined process.

    Info-Tech’s Four-Phase Process

    Key Deliverables:
    1 2 3 4
    Build the Steering Committee Charter Define ITSC Processes Build the Stakeholder Presentation Define the Prioritization Criteria
    • IT Steering Committee Stakeholder Survey
    • IT Steering Committee Charter
      • Purpose
      • Responsibilities
      • RACI
      • Procedures
    • IT Steering Committee SIPOC (Suppliers, Inputs, Process, Outputs, Customers)
    • Defined process frequency
    • Defined governance metrics
    • IT Steering Committee Stakeholder Presentation template
      • Introduction
      • Survey outcomes
      • Responsibilities
      • Next steps
      • ITSC goals
    • IT project prioritization facilitation guide
    • IT Steering Committee Project Prioritization Tool
    • Project Intake Form

    Leverage both COBIT and Info-Tech-defined metrics to evaluate the success of your program or project

    COBIT METRICS Alignment
    • Percent of enterprise strategic goals and requirements supported by strategic goals.
    • Level of stakeholder satisfaction with scope of the planned portfolio of programs and services.
    		 Accountability
    • Percent of executive management roles with clearly defined accountabilities for IT decisions.
    • Rate of execution of executive IT-related decisions.
    		 Value Generation
    • Level of stakeholder satisfaction and perceived value.
    • Number of business disruptions due to IT service incidents.
    INFO-TECH METRICS Survey Metrics:
    • Percent of business leaders who believe they understand how decisions are made in the five governance areas.
    • Percentage of business leaders who believe decision making involved the right people.
    Value of Customizable Deliverables:
    • Estimated time to build IT steering committee charter independently X cost of employee
    • Estimated time to build and generate customer stakeholder survey and generate reports X cost of employee
    • # of project interruptions due to new or unplanned projects

    CASE STUDY

    Industry: Consumer Goods

    Source: Interview

    Situation

    A newly hired CIO at a large consumer goods company inherited an IT department with low maturity from her predecessor. Satisfaction with IT was very low across all business units, and IT faced a lot of capacity constraints. The business saw IT as a bottleneck or red tape in terms of getting their projects approved and completed.

    The previous CIO had established a steering committee for a short time, but it had a poorly established charter that did not involve all of the business units. Also the role and responsibilities of the steering committee were not clearly defined. This led the committee to be bogged down in politics.

    Due to the previous issues, the business was wary of being involved in a new steering committee. In order to establish a new steering committee, the new CIO needed to navigate the bad reputation of the previous CIO.

    Solution

    The CIO established a new steering committee engaging senior members of each business unit. The roles of the committee members were clearly established in the new steering committee charter and business stakeholders were informed of the changes through presentations.

    The importance of the committee was demonstrated through the new intake and prioritization process for projects. Business stakeholders were impressed with the new process and its transparency and IT was no longer seen as a bottleneck.

    Results

    • Satisfaction with IT increased by 12% after establishing the committee and IT was no longer seen as red tape for completing projects
    • IT received approval to hire two more staff members to increase capacity
    • IT was able to augment service levels, allowing them to reinvest in innovative projects
    • Project prioritization process was streamlined

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Establish an Effective IT Steering Committee

    Build the Steering Committee Charter Define ITSC Processes Build the Stakeholder Presentation Define the Prioritization Criteria
    Best-Practice Toolkit

    1.1 Survey Your Steering Committee Stakeholders

    1.2 Build Your ITSC Charter

    2.1 Build a SIPOC

    2.2 Define Your ITSC Process

    		 3.1 Customize the Stakeholder Presentation

    4.1 Establish your Prioritization Criteria

    4.2 Customize the Project Prioritization Tool

    4.3 Pilot Test Your New Prioritization Criteria
    Guided Implementations
    • Launch your stakeholder survey
    • Analyze the results of the survey
    • Build your new ITSC charter
    • Review your completed charter
    • Build and review your SIPOC
    • Review your high-level steering committee processes
    • Customize the presentation
    • Build a script for the presentation
    • Practice the presentation
    • Review and select prioritization criteria
    • Review the Project Prioritization Tool
    • Review the results of the tool pilot test
    Onsite Workshop

    Module 1:

    Build a New ITSC Charter

    Module 2:

    Design Steering Committee Processes

    Module 3:

    Present the New Steering Committee to Stakeholders

    Module 4:

    Establish Project Prioritization Criteria

    Phase 1 Results:
    • Customized ITSC charter

    Phase 2 Results:

    • Completed SIPOC and steering committee processes
    		 Phase 3 Results:
    • Customized presentation deck and script
    		 Phase 4 Results:
    • Customized project prioritization tool

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4 Workshop Day 5
    Activities

    Build the IT Steering Committee

    1.1 Launch stakeholder survey for business leaders

    1.2 Analyze results with an Info-Tech Advisor

    1.3 Identify opportunities and threats to successful IT steering committee implementation.

    1.4 Develop the fit-for-purpose approach

    Define the ITSC Goals

    2.1 Review the role of the IT steering committee

    2.2 Identify IT steering committee goals and objectives

    2.3 Conduct a SWOT analysis on the five governance areas

    2.4 Define the key responsibilities of the ITSC 2.5 Define ITSC participation

    Define the ITSC Charter

    3.1 Build IT steering committee participant RACI

    3.2 Define your responsibility cadence and agendas

    3.3 Develop IT steering committee procedures

    3.4 Define your IT steering committee purpose statement and goals

    Define the ITSC Process

    4.1 Define your high-level IT steering committee processes

    4.2 Conduct scenario testing on key processes, establish ITSC metrics

    4.3 Build your ITSC stakeholder presentation

    4.4 Manage potential objections

    Define Project Prioritization Criteria

    5.1 Create prioritization criteria

    5.2 Customize the Project Prioritization Tool

    5.3 Pilot test the tool

    5.4 Define action plan and next steps

    Deliverables
    1. Report on business leader governance priorities and awareness
    2. Refined workshop agenda
    1. IT steering committee priorities identified
    2. IT steering committee key responsibilities and participants identified
    1. IT steering committee charter: procedures, agenda, and RACI
    2. Defined purpose statement and goals
    1. IT steering committee SIPOC maps
    2. Refined stakeholder presentation
    1. Project Prioritization Tool
    2. Action plan

    Phase 1

    Build the IT Steering Committee Charter

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Formalize the Security Policy Program

    Proposed Time to Completion: 1-2 weeks

    Select Your ITSC Members

    Start with an analyst kick-off call:

    • Launch your stakeholder survey

    Then complete these activities…

    • Tailor the survey questions
    • Identify participants and tailor email templates

    With these tools & templates:

    • ITSC Stakeholder Survey
    • ITSC Charter Template

    Review Stakeholder Survey Results

    Review findings with analyst:

    • Review the results of the Stakeholder Survey

    Then complete these activities…

    • Customize the ITSC Charter Template

    With these tools & templates:

    • ITSC Charter Template

    Finalize the ITSC Charter

    Finalize phase deliverable:

    • Review the finalized ITSC charter with an Info-Tech analyst

    Then complete these activities…

    • Finalize any changes to the ITSC Charter
    • Present it to ITSC Members

    With these tools & templates:

    • ITSC Charter Template

    Build the IT Steering Committee Charter

    This step will walk you through the following activities:

    • Launch and analyze the stakeholder survey
    • Define your ITSC goals and purpose statement
    • Determine ITSC responsibilities and participants
    • Determine ITSC procedures

    This step involves the following participants:

    • CIO
    • IT Steering Committee
    • IT Leadership Team
    • PMO

    Key Insight:

    Be exclusive with your IT steering committee membership. Determine committee participation based on committee responsibilities. Select only those who are key decision makers for the activities the committee is responsible for and, wherever possible, keep membership to 5-8 people.

    Tailor Info-Tech’s IT Steering Committee Charter Template to define terms of reference for the ITSC

    1.1

    A charter is the organizational mandate that outlines the purpose, scope, and authority of the ITSC. Without a charter, the steering committee’s value, scope, and success criteria are unclear to participants, resulting in unrealistic stakeholder expectations and poor organizational acceptance.

    Start by reviewing Info-Tech’s template. Throughout this section we will help you to tailor its contents.

    Committee Purpose: The rationale, benefits of, and overall function of the committee.

    Responsibilities: What tasks/decisions the accountable committee is making.

    Participation: Who is on the committee

    RACI: Who is accountable, responsible, consulted, and informed regarding each responsibility.

    Committee Procedures and Agendas: Includes how the committee will be organized and how the committee will interact and communicate with business units.

    A screenshot of Info-Tech's <em data-verified=IT Steering Committee Charter Template.">

    IT Steering Committee Charter

    Take a data-driven approach to build your IT steering committee based on business priorities

    1.2

    Leverage Info-Tech’s IT Steering Committee Stakeholder Surveyand reports to quickly identify business priorities and level of understanding of how decisions are made around the five governance areas.

    Use these insights to drive the IT steering committee responsibilities, participation, and communication strategy.

    The Stakeholder Survey consists of 17 questions on:

    • Priority governance areas
    • Desired level of involvement in decision making in the five governance areas
    • Knowledge of how decisions are made
    • Five open-ended questions on improvement opportunities

    To simplify your data collection and reporting, Info-Tech can launch a web-based survey, compile the report data and assist in the data interpretation through one of our guided implementations.

    Also included is a Word document with recommended questions, if you prefer to manage the survey logistics internally.

    A screenshot of Info-Tech's first page of the <em data-verified=IT Steering Committee Stakeholder Survey "> A screenshot of Info-Tech's survey.

    Leverage governance reports to define responsibilities and participants, and in your presentation to stakeholders

    1.3

    A screenshot is displayed. It advises that 72% of stakeholders do <strong data-verified= understand how decisions around IT services are made (quality, availability, etc.). Two graphs are included in the screenshot. One of the bar graphs shows the satisfaction with the quality of decisions and transparency around IT services. The other bar graph displays IT decisions around service delivery and quality that involve the right people.">

    OVERALL PRIORITIES

    You get:

    • A clear breakdown of stakeholders’ level of understanding on how IT decisions are made in the five governance areas
    • Stakeholder perceptions on the level of IT and business involvement in decision making
    • Identification of priority areas

    So you can:

    • Get an overall pulse check for understanding
    • Make the case for changes in decision-making accountability
    • Identify which areas the IT steering committee should focus on
    A screenshot is displayed. It advises that 80% of stakeholders do <strong data-verified=not understand how decisions around IT investments or project and service resourcing are made. Two bar graphs are displayed. One of the bar graphs shows the satisfaction with the quality of decisions made around IT investments. The other graph display IT decisions around spending priorities involving the right people.">

    GOVERNANCE AREA REPORTS

    You get:

    • Satisfaction score for decision quality in each governance area
    • Breakdown of decision-making accountability effectiveness
    • Identified level of understanding around decision making
    • Open-ended comments

    So you can:

    • Identify the highest priority areas to change.
    • To validate changes in decision-making accountability
    • To understand business perspectives on decision making.

    Conduct a SWOT analysis of the five governance areas

    1.4

    1. Hold a meeting with your IT leadership team to conduct a SWOT analysis on each of the five governance areas. Start by printing off the following five slides to provide participants with examples of the role of governance and the symptoms of poor governance in each area.
    2. In groups of 1-2 people, have each group complete a SWOT analysis for one of the governance areas. For each consider:
    • Strengths: What is currently working well in this area?
    • Weaknesses: What could you improve? What are some of the challenges you’re experiencing?
    • Opportunities: What are some organizational trends that you can leverage? Consider whether your strengths or weaknesses that could create opportunities?
    • Threats: What are some key obstacles across people, process, and technology?
  • Have each team or individual rotate until each person has contributed to each SWOT. Add comments from the stakeholder survey to the SWOT.
  • As a group rank each of the five areas in terms of importance for a phase one IT steering committee implementation, and highlight the top 10 challenges, and the top 10 opportunities you see for improvement.
  • Document the top 10 lists for use in the stakeholder presentation.

    • INPUT

    • Survey outcomes
    • Governance overview handouts

    OUTPUT

    • SWOT analysis
    • Ranked 5 areas
    • Top 10 challenges and opportunities identified.

    Materials

    • Governance handouts
    • Flip chart paper, pens

    Participants

    • IT leadership team

    Governance of RISK

    Governance of risk establishes the risk framework, establishes policies and standards, and monitors risks.

    Governance of risk ensures that IT is mitigating all relevant risks associated with IT investments, projects, and services.

    GOVERNANCE ROLES:

    1. Defines responsibility and accountability for IT risk identification and mitigation.
    2. Ensures the consideration of all elements of IT risk, including value, change, availability, security, project, and recovery
    3. Enables senior management to make better IT decisions based on the evaluation of the risks involved
    4. Facilitates the identification and analysis of IT risk and ensures the organization’s informed response to that risk.

    Symptoms of poor governance of risk

    • Opportunities for value creation are missed by not considering or assessing IT risk, or by completely avoiding all risk.
    • No formal risk management process or accountabilities exist.
    • There is no business continuity strategy.
    • Frequent security breaches occur.
    • System downtime occurs due to failed IT changes.

    Governance of PPM

    Governance of the IT portfolio achieves optimum ROI through prioritization, funding, and resourcing.

    PPM practices create value if they maximize the throughput of high-value IT projects at the lowest possible cost. They destroy value when they foster needlessly sophisticated and costly processes.

    GOVERNANCE ROLES:

    1. Ensures that the projects that deliver greater business value get a higher priority.
    2. Provides adequate funding for the priority projects and ensures adequate resourcing and funding balanced across the entire portfolio of projects.
    3. Makes the business and IT jointly accountable for setting project priorities.
    4. Evaluate, direct, and monitor IT value metrics and endorse the IT strategy and monitor progress.

    Symptoms of poor governance of PPM/investments

    • The IT investment mix is determined solely by Finance and IT.
    • It is difficult to get important projects approved.
    • Projects are started then halted, and resources are moved to other projects.
    • Senior management has no idea what projects are in the backlog.
    • Projects are approved without a valid business case.

    Governance of PROJECTS

    Governance of projects improves the quality and speed of decision making for project issues.

    Don’t confuse project governance and management. Governance makes the decisions regarding allocation of funding and resources and reviews the overall project portfolio metrics and process methodology.

    Management ensures the project deliverables are completed within the constraints of time, budget, scope, and quality.

    GOVERNANCE ROLES:

    1. Monitors and evaluates the project management process and critical project methodology metrics.
    2. Ensures review and mitigation of project issue and that management is aware of projects in crisis.
    3. Ensures that projects beginning to show characteristics of failure cannot proceed until issues are resolved.
    4. Endorses the project risk criteria, and monitors major risks to project completion.
    5. Approves the launch and execution of projects.

    Symptoms of poor governance of projects

    • Projects frequently fail or get cancelled.
    • Project risks and issues are not identified or addressed.
    • There is no formal project management process.
    • There is no senior stakeholder responsible for making project decisions.
    • There is no formal project reporting.

    Governance of SERVICES

    Governance of services ensures delivery of a highly reliable set of IT services.

    Effective governance of services enables the business to achieve the organization’s goals and strategies through the provision of reliable and cost-effective services.

    GOVERNANCE ROLES:

    1. Ensures the satisfactory performance of those services critical to achieving business objectives.
    2. Monitors and directs changes in service levels.
    3. Ensures operational and performance objectives for IT services are met.
    4. Approves policy and standards on the service portfolio.

    Symptoms of poor governance of service

    • There is a misalignment of business needs and expectations with IT capability.
    • No metrics are reported for IT services.
    • The business is unaware of the IT services available to them.
    • There is no accountability for service level performance.
    • There is no continuous improvement plan for IT services.
    • IT services or systems are frequently unavailable.
    • Business satisfaction with IT scores are low.

    Governance of INFORMATION

    Governance of information ensures the proper handling of data and information.

    Effective governance of information ensures the appropriate classification, retention, confidentiality, integrity, and availability of data in line with the needs of the business.

    GOVERNANCE ROLES:

    1. Ensures the information lifecycle owner and process are defined and endorse by business leadership.
    2. Ensures the controlled access to a comprehensive information management system.
    3. Ensures knowledge, information, and data are gathered, analyzed, stored, shared, used, and maintained.
    4. Ensures that external regulations are identified and met.

    Symptoms of poor governance of information

    • There is a lack of clarity around data ownership, and data quality standards.
    • There is insufficient understanding of what knowledge, information, and data are needed by the organization.
    • There is too much effort spent on knowledge capture as opposed to knowledge transfer and re-use.
    • There is too much focus on storing and sharing knowledge and information that is not up to date or relevant.
    • Personnel see information management as interfering with their work.

    Identify the responsibilities of the IT steering committee

    1.5

    1. With your IT leadership team, review the typical responsibilities of the IT steering committee on the following slide.
    2. Print off the following slide, and in your teams of 1-2 have each group identify which responsibilities they believe the IT steering committee should have, brainstorm any additional responsibilities, and document their reasoning.

      3. Note: The bolded responsibilities are the ones that are most common to IT steering committees, and greyed out responsibilities are typical of a larger governance structure. Depending on their level of importance to your organization, you may choose to include the responsibility.

    3. Have each team present to the larger group, track the similarities and differences between each of the groups, and come to consensus on the list of responsibilities.
    4. Complete a sanity check – review your swot analysis and survey results. Do the responsibilities you’ve identified resolve the critical challenges or weaknesses?
    5. As a group, consider the responsibilities and consider whether you can reasonably implement those in one year, or if there are any that will need to wait until year two of the IT steering committee.
    6. Modify the list of responsibilities in Info-Tech’s IT Steering Committee Charter by deleting the responsibilities you do not need and adding any that you identified in the process.

    INPUT

    • SWOT analysis
    • Survey reports

    OUTPUT

    • Defined ITSC responsibilities documented in the ITSC Charter

    Materials

    • Responsibilities handout
    • Voting dots

    Participants

    • IT leadership team

    Typical IT steering committee and governance responsibilities

    The bolded responsibilities are those that are most common to IT steering committees, and responsibilities listed in grey are typical of a larger governance structure.

    INVESTMENTS / PPM

    • Establish the target investment mix
    • Evaluate and select programs/projects to fund
    • Monitor IT value metrics
    • Endorse the IT budget
    • Monitor and report on program/project outcomes
    • Direct the governance optimization
    • Endorse the IT strategy

    PROJECTS

    • Monitor project management metrics
    • Approve launch of projects
    • Review major obstacles to project completion
    • Monitor a standard approach to project management
    • Monitor and direct project risk
    • Monitor requirements gathering process effectiveness
    • Review feasibility studies and formulate alternative solutions for high risk/high investment projects

    SERVICE

    • Monitor stakeholder satisfaction with services
    • Monitor service metrics
    • Approve plans for new or changed service requirements
    • Monitor and direct changes in service levels
    • Endorse the enterprise architecture
    • Approve policy and standards on the service portfolio
    • Monitor performance and capacity

    RISK

    • Monitor risk management metrics
    • Review the prioritized list of risks
    • Monitor changes in external regulations
    • Maintain risk profiles
    • Approve the risk management emergency action process
    • Maintain a mitigation plan to minimize risk impact and likelihood
    • Evaluate risk management
    • Direct risk management

    INFORMATION / DATA

    • Define information lifecycle process ownership
    • Monitor information lifecycle metrics
    • Define and monitor information risk
    • Approve classification categories of information
    • Approve information lifecycle process
    • Set policies on retirement of information

    Determine committee membership based on the committee’s responsibilities

    • One of the biggest benefits to an IT steering committee is it involves key leadership from the various lines of business across the organization.
    • However, in most cases, more people get involved than is required, and all the committee ends up accomplishing is a lot of theorizing. Participants should be selected based on the identified responsibilities of the IT steering committee.
    • If the responsibilities don’t match the participants, this will negatively impact committee effectiveness as leaders become disengaged in the process and don’t feel like it applies to them or accomplishes the desired goals. Once participants begin dissenting, it’s significantly more difficult to get results.
    • Be careful! When you have more than one individual in a specific role, select only the people whose attendance is absolutely critical. Don’t let your governance collapse under committee overload!

    LIKELY PARTICIPANT EXAMPLES:

    MUNICIPALITY

    • City Manager
    • CIO/IT Leader
    • CCO
    • CFO
    • Division Heads

    EDUCATION

    • Provost
    • Vice Provost
    • VP Academic
    • VP Research
    • VP Public Affairs
    • VP Operations
    • VP Development
    • Etc.

    HEALTHCARE

    • President/CEO
    • CAO
    • EVP/ EDOs
    • VPs
    • CIO
    • CMO

    PRIVATE ORGANIZATIONS

    • CEO
    • CFO
    • COO
    • VP Marketing
    • VP Sales
    • VP HR
    • VP Product Development
    • VP Engineering
    • Etc.

    Identify committee participants and responsibility cadence

    1.6

    1. In a meeting with your IT leadership team, review the list of committee responsibilities and document them on a whiteboard.
    2. For each responsibility, identify the individuals whom you would want to be either responsible or accountable for that decision.
    3. Repeat this until you’ve completed the exercise for each responsibility.
    4. Group the responsibilities with the same participants and highlight groupings with less than four participants. Consider the responsibility and determine whether you need to change the wording to make it more applicable or if you should remove the responsibility.
    5. Review the grouping, the responsibilities within them, and their participants, and assess how frequently you would like to meet about them – annually, quarterly, or monthly. (Note: suggested frequency can be found in the IT Steering Committee Charter.)
    6. Subdivide the responsibilities for the groupings to determine your annual, quarterly, and monthly meeting schedule.
    7. Validate that one steering committee is all that is needed, or divide the responsibilities into multiple committees.
    8. Document the committee participants in the IT Steering Committee Charter and remove any unneeded responsibilities identified in the previous exercise.

    INPUT

    • List of responsibilities

    OUTPUT

    • ITSC participants list
    • Meeting schedule

    Materials

    • Whiteboard
    • Markers

    Participants

    • IT leadership team

    Committees can only be effective if they have clear and documented authority

    It is not enough to participate in committee meetings; there needs to be a clear understanding of who is accountable, responsible, consulted, and informed about matters brought to the attention of the committee.

    Each committee responsibility should have one person who is accountable, and at least one person who is responsible. This is the best way to ensure that committee work gets done.

    An authority matrix is often used within organizations to indicate roles and responsibilities in relation to processes and activities. Using the RACI model as an example, there is only one person accountable for an activity, although several people may be responsible for executing parts of the activity. In this model, accountable means end-to-end accountability for the process.

    RESPONSIBLE: The one responsible for getting the job done.

    ACCOUNTABLE: Only one person can be accountable for each task.

    CONSULTED: Involvement through input of knowledge and information.

    INFORMED: Receiving information about process execution and quality.

    A chart is depicted to show an example of the authority matrix using the RACI model.

    Define IT steering committee participant RACI for each of the responsibilities

    1.7

    1. Use the table provided in the IT Steering Committee Charter and edit he list of responsibilities to reflect the chosen responsibilities of your ITSC.
    2. Along the top of the chart list the participant names, and in the right hand column of the table document the agreed upon timing from the previous exercise.
    3. For each of the responsibilities identify whether participants are Responsible, Accountable, Consulted, or Informed by denoting an R, A, C, I, or N/A in the table. Use N/A if this is a responsibility that the participant has no involvement in.
    4. Review your finalized RACI chart. If there are participants who are only consulted or informed about the majority of responsibilities, consider removing them from the IT steering committee. You only want the decision makers on the committee.

    INPUT

    • Responsibilities
    • Participants

    OUTPUT

    • RACI documented in the ITSC Charter

    Materials

    • ITSC RACI template
    • Projector

    Participants

    • IT leadership

    Building the agenda may seem trivial, but it is key for running effective meetings

    49% of people consider unfocused meetings as the biggest workplace time waster.*

    63% of the time meetings do not have prepared agendas.*

    80% Reduction of time spent in meetings by following a detailed agenda and starting on time.*

    *(Source: http://visual.ly/fail-plan-plan-fail).

    EFFECTIVE MEETING AGENDAS:

    1. Have clearly defined meeting objectives.
    2. Effectively time-boxed based on priority items.
    3. Defined at least two weeks prior to the meetings.
    4. Evaluated regularly – are not static.
    5. Leave time at the end for new business, thus minimizing interruptions.

    BUILDING A CONSENT AGENDA

    A consent agenda is a tool to free up time at meetings by combining previously discussed or simple items into a single item. Items that can be added to the consent agenda are those that are routine, noncontroversial, or provided for information’s sake only. It is expected that participants read this information and, if it is not pulled out, that they are in agreement with the details.

    Members have the option to pull items out of the consent agenda for discussion if they have questions. Otherwise these are given no time on the agenda.

    Define the IT steering committee meeting agendas and procedures

    1.8

    Agendas

    1. Review the listed responsibilities, participants, and timing as identified in a previous exercise.
    2. Annual meeting: Identify if all of the responsibilities will be included in the annual meeting agenda (likely all governance responsibilities).
    3. Quarterly Meeting Agenda: Remove the meeting responsibilities from the annual meeting agenda that are not required and create a list of responsibilities for the quarterly meetings.
    4. Monthly Meeting Agenda: Remove all responsibilities from the list that are only annual or quarterly and compile a list of monthly meeting responsibilities.
    5. Review each responsibility, and estimate the amount of time each task will take within the meeting. We recommend giving yourself at least an extra 10-20% more time for each agenda item for your first meeting. It’s better to have more time than to run out.
    6. Complete the Agenda Template in the IT Steering Committee Charter.

    Procedures:

    1. Review the list of IT steering committee procedures, and replace the grey text with the information appropriate for your organization.

    INPUT

    • Responsibility cadence

    OUTPUT

    • ITSC annual, quarterly, monthly meeting agendas & procedures

    Materials

    • ITSC Charter

    Participants

    • IT leadership team

    Draft your IT steering committee purpose statement and goals

    1.9

    1. In a meeting with your IT leadership team – and considering the defined responsibilities, participants, and opportunities and threats identified – review the example goal statement in the IT Steering Committee Charter, and first identify whether any of these statements apply to your organization. Select the statements that apply and collaboratively make any changes needed.
    2. Define unique goal statements by considering the following questions:
      1. What three things would you realistically list for the ITSC to achieve.
      2. If you were to accomplish three things in the next year, what would those be?
    3. Document those goals in the IT Steering Committee Charter.
    4. With those goal statements in mind, consider the overall purpose of the committee. The purpose statement should be a reflection of what the committee does, why it does it, and the goals.
    5. Have each individual review the example purpose statement, and draft what they think a good purpose statement would be.
    6. Present each statement, and work together to determine a best of breed statement.
    7. Document this in the IT Steering Committee Charter.

    INPUT

    • Responsibilities, participants, top 10 lists of challenges and opportunities.

    OUTPUT

    • ITSC goals and purpose statement

    Materials

    • ITSC Charter

    Participants

    • IT leadership team

    CASE STUDY

    "Clearly defined Committee Charter allows CIO to escape the bad reputation of previous committee."

    Industry: Consumer Goods

    Source: Interview

    CHALLENGE

    The new CIO at a large consumer goods company had difficulty generating interest in creating a new IT steering committee. The previous CIO had created a steering committee that was poorly organized and did not involve all of the pertinent members. This led to a committee focused on politics that would often devolve into gossip. Also, many members were dissatisfied with the irregular meetings that would often go over their allotted time.

    In order to create a new committee, the new CIO needed to dispel the misgivings of the business leadership.

    SOLUTION

    The new CIO decided to build the new steering committee from the ground up in a systematic way.

    She collected information from relevant stakeholders about what they know/how they feel about IT and used this information to build a detailed charter.

    Using this info she outlined the new steering committee charter and included in it the:

    1. Purpose
    2. Responsibilities
    3. RACI Chart
    4. Procedures

    OUTCOME

    The new steering committee included all the key members of business units, and each member was clear on their roles in the meetings. Meetings were streamlined and effective. The adjustments in the charter and the improvement in meeting quality played a role in improving the satisfaction scores of business leaders with IT by 21%.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1

    A screenshot of activity 1.1 is displayed. 1.1 is about surveying your ITSC stakeholders.

    Survey your ITSC stakeholders

    Prior to the workshop, Info-Tech’s advisors will work with you to launch the IT Steering Committee Stakeholder Survey to understand business priorities and level of understanding of how decisions are made. Using this data, we will create the IT steering committee responsibilities, participation, and communication strategy.

    1.7

    A screenshot of activity 1.7 is displayed. 1.7 is about defining a participant RACI for each of the responsibilities.

    Define a participant RACI for each of the responsibilities

    The analyst will facilitate several exercises to help you and your stakeholders create an authority matrix. The output will be defined responsibilities and authorities for members.

    Phase 2

    Build the IT Steering Committee Process

    Phase 2 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Define your ITSC Processes
    Proposed Time to Completion: 2 weeks

    Review SIPOCs and Process Creation

    Start with an analyst kick-off call:

    • Review the purpose of the SIPOC and how to build one

    Then complete these activities…

    • Build a draft SIPOC for your organization

    With these tools & templates:

    Phase 2 of the Establish an Effective IT Steering Committee blueprint

    Finalize the SIPOC

    Review Draft SIPOC:

    • Review and make changes to the SIPOC
    • Discuss potential metrics

    Then complete these activities…

    • Test survey link
    • Info-Tech launches survey

    With these tools & templates:

    Phase 2 of the Establish an Effective IT Steering Committee blueprint

    		 Finalize Metrics

    Finalize phase deliverable:

    • Finalize metrics

    Then complete these activities…

    • Establish ITSC metric triggers

    With these tools & templates:

    Phase 2 of the Establish an Effective IT Steering Committee blueprint

    Build the IT Steering Committee Process

    This step will walk you through the following activities:

    • Define high-level steering committee processes using SIPOC
    • Select steering committee metrics

    This step involves the following participants:

    • CIO
    • IT Steering Committee
    • IT Leadership Team
    • PMO

    Key Insight:

    Building high-level IT steering committee processes brings your committee to life. Having a clear process will ensure that you have the right information from the right sources so that committees can operate and deliver the appropriate output to the customers who need it.

    Build your high-level IT steering committee processes to enable committee functionality

    The IT steering committee is only valuable if members are able to successfully execute on responsibilities.

    One of the most common mistakes organizations make is that they build their committee charters and launch into their first meeting. Without defined inputs and outputs, a committee does not have the needed information to be able to effectively execute on responsibilities and is unable to meet its stated goals.

    The arrows in this picture represent the flow of information between the IT steering committee, other committees, and IT management.

    Building high-level processes will define how that information flows within and between committees and will enable more rapid decision making. Participants will have the information they need to be confident in their decisions.

    Strategic IT Steering Committee
    Tactical

    Project Governance Service Governance

    Risk Governance Information Governance

    		 IT Management
    Operational Risk Task Force

    Define the high-level process for each of the IT steering committee responsibilities

    Info-Tech recommends using SIPOC as a way of defining how the IT steering committee will operate.

    Derived from the core methodologies of Six Sigma process management, SIPOC – a model of Suppliers, Inputs, Processes, Outputs, Customers – is one of several tools that organizations can use to build high level processes. SIPOC is especially effective when determining process scope and boundaries and to gain consensus on a process.

    By doing so you’ll ensure that:

    1. Information and documentation required to complete each responsibility is identified.
    2. That the results of committee meetings are distributed to those customers who need the information.
    3. Inputs and outputs are identified and that there is defined accountability for providing these.

    Remember: Your IT steering committee is not a working committee. Enable effective decision making by ensuring participants have the necessary information and appropriate recommendations from key stakeholders to make decisions.

    Supplier Input
    Who provides the inputs to the governance responsibility. The documented information, data, or policy required to effectively respond to the responsibility.
    Process
    In this case this represents the IT steering committee responsibility defined in terms of the activity the ITSC is performing.
    Output Customer
    The outcome of the meeting: can be approval, rejection, recommendation, request for additional information, endorsement, etc. Receiver of the outputs from the committee responsibility.

    Define your SIPOC model for each of the IT steering committee responsibilities

    2.1

    1. In a meeting with your IT leadership, draw the SIPOC model on a whiteboard or flip-chart paper. Either review the examples on the following slides or start from scratch.
    2. If you are adjusting the following slides, consider the templates you already have which would be appropriate inputs and make adjustments as needed.

    For atypical responsibilities:

    1. Start with the governance responsibility and identify what specifically it is that the IT steering committee is doing with regards to that responsibility. Write that in the center of the model.
    2. As a group, consider what information or documentation would be required by the participants to effectively execute on the responsibility.
    3. Identify which individual will supply each piece of documentation. This person will be accountable for this moving forward.
    4. Outputs: Once the committee has met about the responsibility, what information or documentation will be produced. List all of those documents.
    5. Identify the individuals who need to receive the outputs of the information.
    6. Repeat this for all of the responsibilities.
    7. Once complete, document the SIPOC models in the IT Steering Committee Charter.

    INPUT

    • List of responsibilities
    • Example SIPOCs

    OUTPUT

    • SIPOC model for all responsibilities.

    Materials

    • Whiteboard
    • Markers
    • ITSC Charter

    Participants

    • IT leadership team

    SIPOC examples for typical ITSC responsibilities

    SIPOC: Establish the target investment mix
    Supplier Input
    CIO
    • Target investment mix and rationale
    Process
    Responsibility: The IT steering committee shall review and approve the target investment mix.
    Output Customer
    • Approval of target investment mix
    • Rejection of target investment mix
    • Request for additional information
    • CFO
    • CIO
    • IT leadership
    SIPOC: Endorse the IT budget
    Supplier Input
    CIO
    • Recommendations

    See Info-Tech’s blueprint IT Budget Presentation
    Process

    Responsibility: Review the proposed IT budget as defined by the CIO and CFO.
    Output Customer
    • Signed endorsement of the IT budget
    • Request for additional information
    • Recommendation for changes to the IT budget.
    • CFO
    • CIO
    • IT leadership

    SIPOC examples for typical ITSC responsibilities

    SIPOC: Monitor IT value metrics
    Supplier Input
    CIO
    • IT value dashboard
    • Key metric takeaways
    • Recommendations
    CIO Business Vision
    Process

    Responsibility: Review recommendations and either accept or reject recommendations. Refine go-forward metrics.
    Output Customer
    • Launch corrective task force
    • Accept recommendations
    • Define target metrics
    • CEO
    • CFO
    • Business executives
    • CIO
    • IT leadership
    SIPOC: Evaluate and select programs/projects to fund
    Supplier Input
    PMO
    • Recommended project list
    • Project intake documents
    • Prioritization criteria
    • Capacity metrics
    • IT budget

    See Info-Tech’s blueprint

    Grow Your Own PPM Solution
    Process

    Responsibility: The ITSC will approve the list of projects to fund based on defined prioritization criteria – in line with capacity and IT budget.

    It is also responsible for identifying the prioritization criteria in line with organizational priorities.
    Output Customer
    • Approved project list
    • Request for additional information
    • Recommendation for increased resources
    • PMO
    • CIO
    • Project sponsors

    SIPOC examples for typical ITSC responsibilities

    SIPOC: Endorse the IT strategy
    Supplier Input
    CIO
    • IT strategy presentation

    See Info-Tech’s blueprint

    IT Strategy and Roadmap
    Process

    Responsibility: Review, understand, and endorse the IT strategy.

    Output Customer
    • Signed endorsement of the IT strategy
    • Recommendations for adjustments
    • CEO
    • CFO
    • Business executives
    • IT leadership
    SIPOC: Monitor project management metrics
    Supplier Input
    PMO
    • Project metrics report with recommendations
    Process

    Responsibility: Review recommendations around PM metrics and define target metrics. Endorse current effectiveness levels or determine corrective action.
    Output Customer
    • Accept project metrics performance
    • Accept recommendations
    • Launch corrective task force
    • Define target metrics
    • PMO
    • Business executives
    • IT leadership

    SIPOC examples for typical ITSC responsibilities

    SIPOC: Approve launch of planned and unplanned project
    Supplier Input
    CIO
    • Project list and recommendations
    • Resourcing report
    • Project intake document

    See Info-Tech’s Blueprint:

    Grow Your Own PPM Solution
    Process

    Responsibility: Review the list of projects and approve the launch or reprioritization of projects.

    Output Customer
    • Approved launch of projects
    • Recommendations for changes to project list
    • CFO
    • CIO
    • IT leadership
    SIPOC: Monitor stakeholder satisfaction with services and other service metrics
    Supplier Input
    Service Manager
    • Service metrics report with recommendations
    Info-Tech End User Satisfaction Report
    Process

    Responsibility: Review recommendations around service metrics and define target metrics. Endorse current effectiveness levels or determine corrective action.

    Output Customer
    • Accept service level performance
    • Accept recommendations
    • Launch corrective task force
    • Define target metrics
    • Service manager
    • Business executives
    • IT leadership

    SIPOC examples for typical ITSC responsibilities

    SIPOC: Approve plans for new or changed service requirements
    Supplier Input
    Service Manager
    • Service change request
    • Project request and change plan
    Process

    Responsibility: Review IT recommendations, approve changes, and communicate those to staff.

    Output Customer
    • Approved service changes
    • Rejected service changes
    • Service manager
    • Organizational staff
    SIPOC: Monitor risk management metrics
    Supplier Input
    CIO
    • Risk metrics report with recommendations
    Process

    Responsibility: Review recommendations around risk metrics and define target metrics. Endorse current effectiveness levels or determine corrective action.

    Output Customer
    • Accept risk register and mitigation strategy
    • Launch corrective task force to address risks
    • Risk manager
    • Business executives
    • IT leadership

    SIPOC examples for typical ITSC responsibilities

    SIPOC: Review the prioritized list of risks
    Supplier Input
    Risk Manager
    • Risk register
    • Mitigation strategies
    See Info-Tech’s risk management research to build a holistic risk strategy.
    Process

    Responsibility: Accept the risk registrar and define any additional action required.

    Output Customer
    • Accept risk register and mitigation strategy
    • Launch corrective task force to address risks
    • Risk manager
    • IT leadership
    • CRO
    SIPOC: Define information lifecycle process ownership
    Supplier Input
    CIO
    • List of risk owner options with recommendations
    See Info-Tech’s related blueprint: Information Lifecycle Management
    Process

    Responsibility: Define responsibility and accountability for information lifecycle ownership.

    Output Customer
    • Defined information lifecycle owner
    • Organization wide.

    SIPOC examples for typical ITSC responsibilities

    SIPOC: Monitor information lifecycle metrics
    Supplier Input
    Information lifecycle owner
    • Information metrics report with recommendations
    Process

    Responsibility: Review recommendations around information management metrics and define target metrics. Endorse current effectiveness levels or determine corrective action.

    Output Customer
    • Accept information management performance
    • Accept recommendations
    • Launch corrective task force to address challenges
    • Define target metrics
    • IT leadership

    Define which metrics you will report to the IT steering committee

    2.2

    1. Consider your IT steering committee goals and the five IT governance areas.
    2. For each governance area, identify which metrics you are currently tracking and determine whether these metrics are valuable to IT, to the business, or both. For metrics that are valuable to business stakeholders determine whether you have an identified target metric.

    New Metrics:

    1. For each of the five IT governance areas review your SWOT analysis and document your key opportunities and weaknesses.
    2. For each, brainstorm hypotheses around why the opportunity was weak or was a success. For each hypothesis identify if there are any clear ways to measure and test the hypothesis.
    3. Review the list of metrics and select 5-7 metrics to track for each prioritized governance area.

    INPUT

    • List of responsibilities
    • Example SIPOCs

    OUTPUT

    • SIPOC model for all responsibilities

    Materials

    • Whiteboard
    • Markers

    Participants

    • IT leadership team

    IT steering committee metric triggers to consider

    RISK

    • Risk profile % increase
    • # of actionable risks outstanding
    • # of issues arising not identified prior
    • # of security breaches

    SERVICE

    • Number of business disruptions due to IT service incidents
    • Number of service requests by department
    • Number of service requests that are actually projects
    • Causes of tickets overall and by department
    • Percentage of duration attributed to waiting for client response

    PROJECTS

    • Projects completed within budget
    • Percentage of projects delivered on time
    • Project completion rate
    • IT completed assigned portion to scope
    • Project status and trend dashboard

    INFORMATION / DATA

    • % of data properly classified
    • # of incidents locating data
    • # of report requests by complexity
    • # of open data sets

    PPM /INVESTMENTS

    • CIO Business Vision (an Info-Tech diagnostic survey that helps align IT strategy with business goals)
    • Level of stakeholder satisfaction and perceived value
    • Percentage of ON vs. OFF cycle projects by area/silo
    • Realized benefit to business units based on investment mix
    • Percent of enterprise strategic goals and requirements supported by strategic goals
    • Target vs. actual budget
    • Reasons for off-cycle projects causing delays to planned projects

    CASE STUDY

    Industry: Consumer Goods

    Source: Interview

    "IT steering committee’s reputation greatly improved by clearly defining its process."

    CHALLENGE

    One of the major failings of the previous steering committee was its poorly drafted procedures. Members of the committee were unclear on the overall process and the meeting schedule was not well established.

    This led to low attendance at the meetings and ineffective meetings overall. Since the meeting procedures weren’t well understood, some members of the leadership team took advantage of this to get their projects pushed through.

    SOLUTION

    The first step the new CIO took was to clearly outline the meeting procedures in her new steering committee charter. The meeting agenda, meeting goals, length of time, and outcomes were outlined, and the stakeholders signed off on their participation.

    She also gave the participants a SIPOC, which helped members who were unfamiliar with the process a high-level overview. It also reacquainted previous members with the process and outlined changes to the previous, out-of-date processes.

    OUTCOME

    The participation rate in the committee meetings improved from the previous rate of approximately 40% to 90%. The committee members were much more satisfied with the new process and felt like their contributions were appreciated more than before.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    An image of an Info-Tech analyst is depicted.

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1

    A screenshot of activity 2.1 is depicted. Activity 2.1 is about defining a SIPOC for each of the ITSC responsibilities.

    Define a SIPOC for each of the ITSC responsibilities

    Create SIPOCs for each of the governance responsibilities with the help of an Info-Tech advisor.

    2.2

    A screenshot of activity 2.2 is depicted. Activity 2.2 is about establishing the reporting metrics for the ITSC.

    Establish the reporting metrics for the ITSC

    The analyst will facilitate several exercises to help you and your stakeholders define the reporting metrics for the ITSC.

    Phase 3

    Build the Stakeholder Presentation

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Build the Stakeholder Presentation
    Proposed Time to Completion: 1 week

    Customize the Presentation

    Start with an analyst kick-off call:

    • Review the IT Steering Committee Stakeholder Presentation with an analyst

    Then complete these activities…

    • Schedule the first meeting and invite the ITSC members
    • Customize the presentation template

    With these tools & templates:

    IT Steering Committee Stakeholder Presentation


    		Review and Practice the Presentation

    Review findings with analyst:

    • Review the changes made to the template
    • Practice the presentation and create a script

    Then complete these activities…

    • Hold the ITSC meeting

    With these tools & templates:

    • IT Steering Committee Stakeholder Presentation
    		Review the First ITSC Meeting

    Finalize phase deliverable:

    • Review the outcomes of the first ITSC meeting and plan out the next steps

    Then complete these activities…

    • Review the discussion and plan next steps

    With these tools & templates:

    Establish an Effective IT Steering Committee blueprint

    Build the Stakeholder Presentation

    This step will walk you through the following activities:

    • Organizing the first ITSC meeting
    • Customizing an ITSC stakeholder presentation
    • Determine ITSC responsibilities and participants
    • Determine ITSC procedures

    This step involves the following participants:

    • CIO
    • IT Steering Committee
    • IT Leadership Team
    • PMO

    Key Insight:

    Stakeholder engagement will be critical to your ITSC success, don't just focus on what is changing. Ensure stakeholders know why you are engaging them and how it will help them in their role.

    Hold a kick-off meeting with your IT steering committee members to explain the process, responsibilities, and goals

    3.1

    Don’t take on too much in your first IT steering committee meeting. Many participants may not have participated in an IT steering committee before, or some may have had poor experiences in the past.

    Use this meeting to explain the role of the IT steering committee and why you are implementing one, and help participants to understand their role in the process.

    Quickly customize Info-Tech’s IT Steering Committee Stakeholder Presentation template to explain the goals and benefits of the IT steering committee, and use your own data to make the case for governance.

    At the end of the meeting, ask committee members to sign the committee charter to signify their agreement to participate in the IT steering committee.

    A screenshot of IT Steering Committee: Meeting 1 is depicted. A screenshot of the IT Steering Committee Challenges and Opportunities for the organization.

    Tailor the IT Steering Committee Stakeholder Presentation template: slides 1-5

    3.2 Estimated Time: 10 minutes

    Review the IT Steering Committee Stakeholder Presentation template. This document should be presented at the first IT steering committee meeting by the assigned Committee Chair.

    Customization Options

    Overall: Decide if you would like to change the presentation template. You can change the color scheme easily by copying the slides in the presentation deck and pasting them into your company’s standard template. Once you’ve pasted them in, scan through the slides and make any additional changes needed to formatting.

    Slide 2-3: Review the text on each of the slides and see if any wording should be changed to better suite your organization.

    Slide 4: Review your list of the top 10 challenges and opportunities as defined in section 2 of this blueprint. Document those in the appropriate sections. (Note: be careful that the language is business-facing; challenges and opportunities should be professionally worded.)

    Slide 5: Review the language on slide 5 to make any necessary changes to suite your organization. Changes here should be minimal.

    INPUT

    • Top 10 list
    • Survey report
    • ITSC Charter

    OUTPUT

    • Ready-to-present presentation for defined stakeholders

    Materials

    • IT Steering Committee Stakeholder Presentation

    Participants

    • IT Steering Committee Chair/CIO

    Tailor the IT Steering Committee Stakeholder Presentation template: slides 6-10

    3.2 Estimated Time: 10 minutes

    Customization Options

    Slide 6: The goal of this slide is to document and share the names of the participants on the IT steering committee. Document the names in the right-hand side based on your IT Steering Committee Charter.

    Slides 7-9:

    • Review the agenda items as listed in your IT Steering Committee Charter. Document the annual, quarterly, and monthly meeting responsibilities on the left-hand side of slides 7-9.
    • Meeting Participants: For each slide, list the members who are required for that meeting.
    • Document the key required reading materials as identified in the SIPOC charts under “inputs.”
    • Document the key meeting outcomes as identified in the SIPOC chart under “outputs.”

    Slide 10: Review and understand the rollout timeline. Make any changes needed to the timeline.

    INPUT

    • Top 10 list
    • Survey report
    • ITSC Charter

    OUTPUT

    • Ready-to-present presentation for defined stakeholders

    Materials

    • IT Steering Committee Stakeholder Presentation

    Participants

    • IT Steering Committee Chair/CIO

    Present the information to the IT leadership team to increase your comfort with the material

    3.3 Estimated Time: 1-2 hours

    1. Once you have finished customizing the IT Steering Committee Stakeholder Presentation, practice presenting the material by meeting with your IT leadership team. This will help you become more comfortable with the dialog and anticipate any questions that might arise.
    2. The ITSC chair will present the meeting deck, and all parties should discuss what they think went well and opportunities for improvement.
    3. Each business relationship manager should document the needed changes in preparation for their first meeting.

    INPUT

    • IT Steering Committee Stakeholder Presentation - Meeting 1

    Participants

    • IT leadership team

    Schedule your first meeting of the IT steering committee

    3.4

    By this point, you should have customized the meeting presentation deck and be ready to meet with your IT steering committee participants.

    The meeting should be one hour in duration and completed in person.

    Before holding the meeting, identify who you think is going to be most supportive and who will be least. Consider meeting with those individuals independently prior to the group meeting to elicit support or minimize negative impacts on the meeting.

    Customize this calendar invite script to invite business partners to participate in the meeting.

    Hello [Name],

    As you may have heard, we recently went through an exercise to develop an IT steering committee. I’d like to take some time to discuss the results of this work with you, and discuss ways in which we can work together in the future to better enable corporate goals.

    The goals of the meeting are:

    1. Discuss the benefits of an IT steering committee
    2. Review the results of the organizational survey
    3. Introduce you to our new IT steering committee

    I look forward to starting this discussion with you and working with you more closely in the future.

    Warm regards,

    CASE STUDY

    Industry:Consumer Goods

    Source: Interview

    "CIO gains buy-in from the company by presenting the new committee to its stakeholders."

    CHALLENGE

    Communication was one of the biggest steering committee challenges that the new CIO inherited.

    Members were resistant to joining/rejoining the committee because of its previous failures. When the new CIO was building the steering committee, she surveyed the members on their knowledge of IT as well as what they felt their role in the committee entailed.

    She found that member understanding was lacking and that their knowledge surrounding their roles was very inconsistent.

    SOLUTION

    The CIO dedicated their first steering committee meeting to presenting the results of that survey to align member knowledge.

    She outlined the new charter and discussed the roles of each member, the goals of the committee, and the overarching process.

    OUTCOME

    Members of the new committee were now aligned in terms of the steering committee’s goals. Taking time to thoroughly outline the procedures during the first meeting led to much higher member engagement. It also built accountability within the committee since all members were present and all members had the same level of knowledge surrounding the roles of the ITSC.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1

    A screenshot of Activity 3.1 is depicted. Activity 3.1 is about creating a presentation for ITSC stakeholders to be presented at the first ITSC meeting.

    Create a presentation for ITSC stakeholders to be presented at the first ITSC meeting

    Work with an Info-Tech advisor to customize our IT Steering Committee Stakeholder Presentation template. Use this presentation to gain stakeholder buy-in by making the case for an ITSC.

    Phase 4

    Define the Prioritization Criteria

    Phase 4 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation : Define the Prioritization Criteria
    Proposed Time to Completion: 4 weeks

    Discuss Prioritization Criteria

    Start with an analyst kick-off call:

    • Review sample project prioritization criteria and discuss criteria unique to your organization

    Then complete these activities...

    • Select the criteria that would be most effective for your organization
    • Input these into the tool

    With these tools & templates:

    IT Steering Committee Project Prioritization Tool

    Customize the IT Steering Committee Project Prioritization Tool

    Review findings with analyst:

    • Review changes made to the tool
    • Finalize criteria weighting

    Then complete these activities…

    • Pilot test the tool using projects from the previous year

    With these tools & templates:

    IT Steering Committee Project Prioritization Tool

    Review Results of the Pilot Test

    Finalize phase deliverable:

    • Review the results of the pilot test
    • Make changes to the tool

    Then complete these activities…

    • Input your current project portfolio into the prioritization tool

    With these tools & templates:

    IT Steering Committee Project Prioritization Tool

    Define the Project Prioritization Criteria

    This step will walk you through the following activities:

    • Selecting the appropriate project prioritization criteria for your organization
    • Developing weightings for the prioritization criteria
    • Filling in Info-Tech’s IT Steering Committee Project Prioritization Tool

    This step involves the following participants:

    • CIO
    • IT Steering Committee
    • IT Leadership Team
    • PMO

    Key Insight:

    The steering committee sets and agrees to principles that guide prioritization decisions. The agreed upon principles will affect business unit expectations and justify the deferral of requests that are low priority. In some cases, we have seen the number of requests drop substantially because business units are reluctant to propose initiatives that do not fit high prioritization criteria.

    Understand the role of the IT steering committee in project prioritization

    One of the key roles of the IT steering committee is to review and prioritize the portfolio of IT projects.

    What is the prioritization based on? Info-Tech recommends selecting four broad criteria with two dimensions under each to evaluate the value of the projects. The criteria are aligned with how the project generates value for the organization and the execution of the project.

    What is the role of the steering committee in prioritizing projects? The steering committee is responsible for reviewing project criteria scores and making decisions about where projects rank on the priority list. Planning, resourcing, and project management are the responsibility of the PMO or the project owner.

    Info-Tech’s Sample Criteria

    Value

    Strategic Alignment: How much a project supports the strategic goals of the organization.

    Customer Satisfaction: The impact of the project on customers and how visible a project will be with customers.

    Operational Alignment: Whether the project will address operational issues or compliance.

    Execution

    Financial: Predicted ROI and cost containment strategies.

    Risk: Involved with not completing projects and strategies to mitigate it.

    Feasibility: How easy the project is to complete and whether staffing resources exist.

    Use Info-Tech’s IT Steering Committee Project Prioritization Tool to catalog and prioritize your project portfolio

    4.1

    • Use Info-Tech’s IT Steering Committee Project Prioritization Tool in conjunction with the following activities to catalog and prioritize all of the current IT projects in your portfolio.
    • Assign weightings to your selected criteria to prioritize projects based on objective scores assigned during the intake process and adjust these weightings on an annual basis to align with changing organizational priorities and goals.
    • Use this tool at steering committee meetings to streamline the prioritization process and create alignment with the PMO and project managers.
    • Monitor ongoing project status and build a communication channel between the PMO and project managers and the IT steering committee.
    • Adjusting the titles in the Settings tab will automatically adjust the titles in the Project Data tab.
    • Note: To customize titles in the document you must unprotect the content under the View tab. Be sure to change the content back to protected after making the changes.
    A screenshot of Info-Tech's IT Steering Committee Project Prioritization Tool is depicted. The first page of the tool is shown. A screenshot of Info-Tech's IT Steering Committee Project Prioritization Tool is depicted. The page depicted is on the Intake and Prioritization Tool Settings.

    Establish project prioritization criteria and build the matrix

    4.2 Estimated Time: 1 hour

    1. During the second steering committee meeting, discuss the criteria you will be basing your project prioritization scoring on.
    2. Review Info-Tech’s prioritization criteria matrix, located in the Prioritization Criteria List tab of the IT Steering Committee Project Prioritization Tool, to gain ideas for what criteria would best suit your organization.
    3. Write these main criteria on the whiteboard and brainstorm criteria that are more specific for your organization; include these on the list as well.
    4. Discuss the criteria. Eliminate criteria that won’t contribute strongly to the prioritization process and vote on the remaining. Select four main criteria from the list.
    5. After selecting the four main criteria, write these on the whiteboard and brainstorm the dimensions that fall under the criteria. These should be more specific/measurable aspects of the criteria. These will be the statements that values are assigned to for prioritizing projects so they should be clear. Use the Prioritization Criteria List in the tool to help generate ideas.
    6. After creating the dimensions, determine what the scoring statements will be. These are the statements that will be used to determine the score out of 10 that the different dimensions will receive.
    7. Adjust the Settings and Project Data tabs in the IT Steering Committee Project Prioritization Tool to reflect your selections.
    8. Edit Info-Tech’s IT Project Intake Form or the intake form that you currently use to contain these criteria and scoring parameters.

    INPUT

    • Group input
    • IT Steering Committee Project Prioritization Tool

    OUTPUT

    • Project prioritization criteria to be used for current and future projects

    Materials

    • Whiteboard and markers

    Participants

    • IT steering committee
    • CIO
    • IT leadership

    Adjust prioritization criteria weightings to reflect organizational needs

    4.3 Estimated Time: 1 hour

    1. In the second steering committee meeting, after deciding what the project prioritization criteria will be, you need to determine how much weight (the importance) each criteria will receive.
    2. Use the four agreed upon criteria with two dimensions each, determined in the previous activity.
    3. Perform a $100 test to assign proportions to each of the criteria dimensions.
      1. Divide the committee into pairs.
      2. Tell each pair that they have $100 divide among the 4 major criteria based on how important they feel the criteria is.
      3. After dividing the initial $100, ask them to divide the amount they allocated to each criteria into the two sub-dimensions.
      4. Next, ask them to present their reasoning for the allocations to the rest of the committee.
      5. Discuss the weighting allotments and vote on the best one (or combination).
      6. Input the weightings in the Settings tab of the IT Steering Committee Project Prioritization Tool and document the discussion.
    4. After customizing the chart establish the owner of the document. This person should be a member of the PMO or the most suitable IT leader if a PMO doesn’t exist.
    5. Only perform this adjustment annually or if a major strategic change happens within the organization.

    INPUT

    • Group discussion

    OUTPUT

    • Agreed upon criteria weighting
    • Complete prioritization tool

    Materials

    • IT Steering Committee Project Prioritization Tool
    • Whiteboard and sticky notes

    Participants

    • IT steering committee
    • IT leadership

    Document the prioritization criteria weightings in Info-Tech’s IT Steering Committee Project Prioritization Tool.

    Configure the prioritization tool to align your portfolio with business strategy

    4.4 Estimated Time: 60 minutes

    Download Info-Tech’s Project Intake and Prioritization Tool.

    A screenshot of Info-Tech's Project Intake and Prioritization Tool.

    Rank: Project ranking will dynamically update relative to your portfolio capacity (established in Settings tab) and the Size, Scoring Progress, Remove from Ranking, and Overall Score columns. The projects in green represent top priorities based on these inputs, while yellow projects warrant additional consideration should capacity permit.

    Scoring Progress: You will be able to determine some items on the scorecard earlier in the scoring progress (such as strategic and operational alignment). As you fill in scoring columns on the Project Data tab, the Scoring Progress column will dynamically update to track progress.

    The Overall Score will update automatically as you complete the scoring columns (refer to Activity 4.2).

    Days in Backlog: This column will help with backlog management, automatically tracking the number of days since an item was added to the list based on day added and current date.

    Validate your new prioritization criteria using previous projects

    4.5 Estimated Time: 2 hours

    1. After deciding on the prioritization criteria, you need to test their validity.
    2. Look at the portfolio of projects that were completed in the previous year.
    3. Go through each project and score it according to the criteria that were determined in the previous exercise.
    4. Enter the scores and appropriate weighting (according to goals/strategy of the previous year) into the IT Steering Committee Project Prioritization Tool.
    5. Look at the prioritization given to the projects in reference to how they were previously prioritized.
    6. Adjust the criteria and weighting to either align the new prioritization criteria with previous criteria or to align with desired outcomes.
    7. After scoring the old projects, pilot test the tool with upcoming projects.

    INPUT

    • Information on previous year’s projects
    • Group discussion

    OUTPUT

    • Pilot tested project prioritization criteria

    Materials

    • IT Steering Committee Project Prioritization Tool

    Participants

    • IT steering committee
    • IT leadership
    • PMO

    Pilot the scorecard to validate criteria and weightings

    4.6 Estimated Time: 60 minutes

    1. Pilot your criteria and weightings in the IT Steering Committee Project Prioritization Tool using project data from one or two projects currently going through approval process.
    2. For most projects, you will be able to determine strategic and operational alignment early in the scoring process, while the feasibility and financial requirements will come later during business case development. Score each column as you can. The tool will automatically track your progress in the Scoring Progress column on the Project Data tab.

    Projects that are scored but not prioritized will populate the portfolio backlog. Items in the backlog will need to be rescored periodically, as circumstances can change, impacting scores. Factors necessitating rescoring can include:

    • Assumptions in business case have changed.
    • Organizational change – e.g. a new CEO or a change in strategic objectives.
    • Major emergencies or disruptions – e.g. a security breach.

    Score projects using the Project Data tab in Info-Tech’s IT Steering Committee Project Prioritization Tool

    A screenshot of Info-Tech's <em data-verified=IT Steering Committee Project Prioritization Tool is depicted. The Data Tab is shown.">

    Use Info-Tech’s IT Project Intake Form to streamline the project prioritization and approval process

    4.7

    • Use Info-Tech’s IT Project Intake Form template to streamline the project intake and prioritization process.
    • Customize the chart on page 2 to include the prioritization criteria that were selected during this phase of the blueprint.
    • Including the prioritization criteria at the project intake phase will free up a lot of time for the steering committee. It will be their job to verify that the criteria scores are accurate.
    A screenshot of Info-Tech's IT Project Intake Form is depicted.

    After prioritizing and selecting your projects, determine how they will be resourced

    Consult these Info-Tech blueprints on project portfolio management to create effective portfolio project management resourcing processes.

    A Screenshot of Info-Tech's Create Project Management Success Blueprint is depicted. Create Project Management Success A Screenshot of Info-Tech's Develop a Project Portfolio Management Strategy Blueprint is depicted. Develop a Project Portfolio Management Strategy

    CASE STUDY

    Industry: Consumer Goods

    Source: Interview

    "Clear project intake and prioritization criteria allow for the new committee to make objective priority decisions."

    CHALLENGE

    One of the biggest problems that the previous steering committee at the company had was that their project intake and prioritization process was not consistent. Projects were being prioritized based on politics and managers taking advantage of the system.

    The procedure was not formalized so there were no objective criteria on which to weigh the value of proposed projects. In addition to poor meeting attendance, this led to the overall process being very inconsistent.

    SOLUTION

    The new CIO, with consultation from the newly formed committee, drafted a set of criteria that focused on the value and execution of their project portfolio. These criteria were included on their intake forms to streamline the rating process.

    All of the project scores are now reviewed by the steering committee, and they are able to facilitate the prioritization process more easily.

    The objective criteria process also helped to prevent managers from taking advantage of the prioritization process to push self-serving projects through.

    OUTCOME

    This was seen as a contributor to the increase in satisfaction scores for IT, which improved by 12% overall.

    The new streamlined process helped to reduce capacity constraints on IT, and it alerted the company to the need for more IT employees to help reduce these constraints further. The IT department was given permission to hire two new additional staff members.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    4.1

    A screenshot of activity 4.1 is depicted. Activity 4.1 was about defining your prioritization criteria and customize our <em data-verified=IT Steering Committee Project Prioritization Tool.">

    Define your prioritization criteria and customize our IT Steering Committee Project Prioritization Tool

    With the help of Info-Tech advisors, create criteria for determining a project’s priority. Customize the tool to reflect the criteria and their weighting. Run pilot tests of the tool to verify the criteria and enter your current project portfolio.

    Research contributors and experts

    • Andy Lomasky, Manager, Technology & Management Consulting, McGladrey LLP
    • Angie Embree, CIO, Best Friends Animal Society
    • Corinne Bell, CTO and Director of IT Services, Landmark College
    • John Hanskenecht, Director of Technology, University of Detroit Jesuit High School and Academy
    • Lori Baker, CIO, Village of Northbrook
    • Lynne Allard, IT Supervisor, Nipissing Parry Sound Catholic School Board
    • Norman Allen, Senior IT Manager, Baker Tilly
    • Paul Martinello, VP, IT Services, Cambridge and North Dumfries Hydro Inc.
    • Renee Martinez, IT Director/CIO, City of Santa Fe
    • Sam Wong, Director, IT, Seneca College
    • Suzanne Barnes, Director, Information Systems, Pathfinder International
    • Walt Joyce, CTO, Peoples Bank

    Appendices

    GOVERNANCE & ITSC & IT Management

    Organizations often blur the line between governance and management, resulting in the business having say over the wrong things. Understand the differences and make sure both groups understand their role.

    The ITSC is the most senior body within the IT governance structure, involving key business executives and focusing on critical strategic decisions impacting the whole organization.

    Within a holistic governance structure, organizations may have additional committees that evaluate, direct, and monitor key decisions at a more tactical level and report into the ITSC.

    These committees require specialized knowledge and are implemented to meet specific organizational needs. Those operational committees may spark a tactical task force to act on specific needs.

    IT management is responsible for executing on, running, and monitoring strategic activities as determined by IT governance.

    Strategic IT Steering Committee
    Tactical

    Project Governance Service Governance

    Risk Governance Information Governance

    		 IT Management
    Operational Risk Task Force

    This blueprint focuses exclusively on building the IT Steering committee. For more information on IT governance see Info-Tech’s related blueprint: Tailor an IT Governance Plan to Fit Organizational Needs.

    IT steering committees play an important role in IT governance

    By bucketing responsibilities into these areas, you’ll be able to account for most key IT decisions and help the business to understand their role in governance, fostering ownership and joint accountability.

    The five governance areas are:

    Governance of the IT Portfolio and Investments: Ensures that funding and resources are systematically allocated to the priority projects that deliver value.

    Governance of Projects: Ensures that IT projects deliver the expected value, and that the PM methodology is measured and effective.

    Governance of Risks: Ensures the organization’s ability to assess and deliver IT projects and services with acceptable risk.

    Governance of Services: Ensures that IT delivers the required services at the acceptable performance levels.

    Governance of Information and Data: Ensures the appropriate classification and retention of data based on business need.

    A survey of stakeholders identified a need for increased stakeholder involvement and transparency in decision making

    A bar graph is depicted. The title is: I understand how decisions are made in the following areas. The areas include risk, services, projects, portfolio, and information. A circle graph is depicted. The title is: Do IT decisions involve the right people?

    Overall, survey respondents indicated a lack of understanding about how decisions are made around risk, services, projects, and investments, and that business involvement in decision making was too minimal.

    Satisfaction with decision quality around investments and PPM are uneven and largely not well understood

    72% of stakeholders do not understand how decisions around IT services are made (quality, availability, etc.).

    A bar graph is depicted. The title is: How satisfied are you with the quality of decisions and transparency around IT services? A bar graph is depicted. Title of the graph: IT decisions around service delivery and quality involve the right people?

    Overall, services were ranked #1 in importance of the 5 areas

    62% of stakeholders do not understand how decisions around IT services are made (quality, availability, etc.).

    A bar graph is depicted. The title is: How satisfied are you with the quality of decisions and transparency around IT services? A bar graph is depicted. Title of the graph: IT decisions around service delivery and quality involve the right people?

    Projects ranked as one of the areas with which participants are most satisfied with the quality of decisions

    70% of stakeholders do not understand how decisions around projects selection, success, and changes are made.

    A bar graph is depicted. The title is: How satisfied are you with the quality of decisions and transparency around IT services? A bar graph is depicted. The title is: IT decisions around project changes, delays, and metrics involve the right people?

    Stakeholders are largely unaware of how decisions around risk are made and believe business participation needs to increase

    78% of stakeholders do not understand how decisions around risk are made

    A bar graph is depicted. The title is: How satisfied are you with the quality of decisions made around risk? A bar graph is depicted. The title is: IT decisions around acceptable risk involve the right people?

    The majority of stakeholders believe that they are aware of how decisions around information are made

    67% of stakeholders believe they do understand how decisions around information (data) retention and classification are made.

    A bar graph is depicted. The title is: How satisfied are you with the quality of decisions around information governance? A bar graph is depicted. The title is: IT decisions around information retention and classification involve the right people?

    Choose a Right-Sized Contact Center Solution

    • Buy Link or Shortcode: {j2store}334|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $25,535 Average $ Saved
    • member rating average days saved: 18 Average Days Saved
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design
    • IT needs a method to pinpoint which contact center solution best aligns with business objectives, adapting to a post-COVID world of remote work, flexibility, and scalability.
    • Scoring RFP and RFQ proposals is a complex process, and it is difficult to map and gap without a clear view of the organization’s needs. SOWs can contain pitfalls that cause expensive headaches for the organization in the long run. Guidance through a SOW is required to best represent the organization’s interests.

    Our Advice

    Critical Insight

    • “On-premises versus cloud” is a false dichotomy. Contact center architectures come in all shapes and sizes, and organizations should discern whether a hybrid option best meets their needs.
    • Contact centers should service customers – not capabilities. Capabilities must work for you, your agents, and your customers – not the other way around.
    • Deliverables and responsibilities should be a contract’s focal point. While organizations are right to focus on avoiding unanticipated license charges, it is more important to clearly define how deliverables and responsibilities will be divided among the organization, the vendor, and potential third parties.

    Impact and Result

    • Assess the array of contact center architectures with Info-Tech’s Contact Center Decision Points Tool to select a right-sized solution.
    • Build business requirements in a formalized process to achieve stakeholder buy-in.
    • Use Info-Tech’s Contact Center RFP Scoring Tool to evaluate and choose from a range of vendors.
    • Successfully navigate and avoid major pitfalls in a SOW construction.
    • Justify each stage of the process with this blueprint’s key deliverable: the Contact Center Playbook.

    Choose a Right-Sized Contact Center Solution Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to examine the current contact center marketspace, review Info-Tech’s methodology for choosing a right-sized contact center solution, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess Contact Center Architectures

    Establish your project vision and metrics of success before shortlisting potential contact center architectures and deciding which is right-sized for the organization.

    • Choose a Right-Sized Contact Center Solution – Phase 1: Assess Contact Center Architectures
    • Contact Center Playbook
    • Contact Center Decision Points Tool

    2. Gather Requirements and Shortlist Vendors

    Build business requirements to achieve stakeholder buy-in, define key deliverables, and issue an RFP/RFQ to shortlisted vendors.

    • Choose a Right-Sized Contact Center Solution – Phase 2: Gather Requirements and Shortlist Vendors
    • Requirements Gathering Documentation Tool
    • Lean RFP Template
    • Contact Center Business Requirements Document
    • Request for Quotation Template
    • Long-Form RFP Template

    3. Score Vendors and Construct SOW

    Score RFP/RFQ responses and decide upon a vendor before constructing a SOW.

    • Choose a Right-Sized Contact Center Solution – Phase 3: Score Vendors and Construct SOW
    • Contact Center RFP Scoring Tool
    • Contact Center SOW Template and Guide
    [infographic]

    Workshop: Choose a Right-Sized Contact Center Solution

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess Architecture

    The Purpose

    Shortlist and decide upon a right-sized contact center architecture.

    Key Benefits Achieved

    A high-level decision for a right-sized architecture

    Activities

    1.1 Define vision and mission statements.

    1.2 Identify infrastructure metrics of success.

    1.3 Confirm key performance indicators for contact center operations.

    1.4 Complete architecture assessment.

    1.5 Confirm right-sized architecture.

    Outputs

    Project outline

    Metrics of success

    KPIs confirmed

    Quickly narrow down right-sized architecture

    Decision on right-sized contact center architecture

    2 Gather Requirements

    The Purpose

    Build business requirements and define key deliverables to achieve stakeholder buy-in and shortlist potential vendors.

    Key Benefits Achieved

    Key deliverables defined and a shortlist of no more than five vendors

    Sections 7-8 of the Contact Center Playbook completed

    Activities

    2.1 Hold focus groups with key stakeholders.

    2.2 Gather business, nonfunctional, and functional requirements.

    2.3 Define key deliverables.

    2.4 Shortlist five vendors that appear meet those requirements.

    Outputs

    User requirements identified

    Business Requirements Document completed

    Key deliverables defined

    Shortlist of five vendors

    3 Initial Vendor Scoring

    The Purpose

    Compare and evaluate shortlisted vendors against gathered requirements.

    Key Benefits Achieved

    Have a strong overview of which vendors are preferred for issuing RFP/RFQ

    Section 9 of the Contact Center Playbook

    Activities

    3.1 Input requirements to the Contact Center RFP Scoring Tool. Define which are mandatory and which are desirable.

    3.2 Determine which vendors best meet requirements.

    3.3 Compare requirements met with anticipated TCO.

    3.4 Compare and rank vendors.

    Outputs

    An assessment of requirements

    Vendor scoring

    A holistic overview of requirements scoring and vendor TCO

    An initial ranking of vendors to shape RFP process after workshop end

    4 SOW Walkthrough

    The Purpose

    Walk through the Contact Center SOW Template and Guide to identify how much time to allocate per section and who will be responsible for completing it.

    Key Benefits Achieved

    An understanding of a SOW that is designed to avoid major pitfalls with vendor management

    Section 10 of the Contact Center Playbook

    Activities

    4.1 Get familiar with the SOW structure.

    4.2 Identify which sections will demand greater time allocation.

    4.3 Strategize how to avoid potential pitfalls.

    4.4 Confirm reviewer responsibilities.

    Outputs

    A broad understanding of a SOW’s key sections

    A determination of how much time should be allocated for reviewing major sections

    A list of ways to avoid major pitfalls with vendor management

    A list of reviewers, the sections they are responsible for reviewing, and their time allocation for their review

    5 Communicate and Implement

    The Purpose

    Finalize deliverables and plan post-workshop communications.

    Key Benefits Achieved

    A completed Contact Center Playbook that justifies each decision of this workshop

    Activities

    5.1 Finalize deliverables.

    5.2 Support communication efforts.

    5.3 Identify resources in support of priority initiatives.

    Outputs

    Contact Center Playbook delivered

    Post-workshop engagement to confirm satisfaction

    Follow-up research that complements the workshop or leads workshop group in relevant new directions

    Craft a Customer-Driven Market Strategy With Unbiased Data

    • Buy Link or Shortcode: {j2store}611|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Selection & Implementation
    • Parent Category Link: /selection-and-implementation
    • Market strategies are informed by gut feel and endless brainstorming instead of market data to take their product from concept to customer.
    • Hiring independent market research firms results in a lack of unbiased third-party data. Research firms tell vendors what they want to hear instead of offering an agnostic view of software trends.
    • Dissatisfied customers don’t tell you directly why they are leaving, so there is no feedback loop back into product improvements.
    • Often a market strategy is built after a product is developed to force the product’s fit in the market. The product marketing team has no say in the product vision or future improvements.

    Our Advice

    Critical Insight

    • Adopt the 5 P’s to building a winning market strategy: Proposition, Product, Pricing, Placement, and Promotion.
    • You can’t be everything to everyone. Testing your proposition in the market to see what sticks is a risky move. Promise future value using past successes by gaining a deeper understanding of which customers and submarkets truly align to your product.
    • Customers have learned to avoid shiny new objects but still expect rapid feature releases. Differentiating features require a closer look at the underpinning vendor capabilities. Having intentional feature releases requires a feedback loop into the product roadmap and increases influence by the product marketing team.
    • Price transparency and sensitivity should drive what you offer to customers. Negotiating solely on price is a race to the bottom.

    Impact and Result

    • Leverage this report to gain insights on the software selection process and what top vendors do best.
    • Gain a bird’s-eye view on customer purchasing behavior using over 40,000 data points on satisfaction and importance collected directly from the source.
    • Build a winning market strategy influenced by real customer data that drives vendor success.

    Craft a Customer-Driven Market Strategy With Unbiased Data Research & Tools

    Read the storyboard

    Read our storyboard to find out why you should leverage SoftwareReviews data to craft your market strategy, review Info-Tech’s methodology, and understand unbiased customer data on software purchasing triggers.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Craft a Customer-Driven Market Strategy With Unbiased Data Storyboard
    [infographic]

    Prototype With an Innovation Design Sprint

    • Buy Link or Shortcode: {j2store}90|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • The business has a mandate for IT-led innovation.
    • IT doesn’t have the budget it wants for high-risk, high-reward initiatives.
    • Many innovation projects have failed in the past.
    • Many projects that have moved through the approval process failed to meet their expectations.

    Our Advice

    Critical Insight

    • Don’t let perfect be the enemy of good. Think like a start-up and use experimentation and rapid re-iteration to get your innovative ideas off the ground.

    Impact and Result

    • Build and test a prototype in four days using Info-Tech’s Innovation Design Sprint Methodology.
    • Create an environment for co-creation between IT and the business.
    • Learn techniques for socializing and selling your ideas to business stakeholders.
    • Refine your prototype through rapid iteration and user-experience testing.
    • Socialize design thinking culture, tactics, and methods with the business.

    Prototype With an Innovation Design Sprint Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should evaluate your ideas using a design sprint, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand and ideate

    Define the problem and start ideating potential solutions.

    • Prototype With an Innovation Design Sprint – Day 1: Understand and Ideate
    • Prototyping Workbook

    2. Divide and conquer

    Split off into prototyping teams to build and test the first-iteration prototypes

    • Prototype With an Innovation Design Sprint – Day 2: Divide and Conquer
    • Research Study Log Tool

    3. Unite and integrate

    Integrate the best ideas from the first iterations and come up with a team solution to the problem.

    • Prototype With an Innovation Design Sprint – Day 3: Unite and Integrate
    • Prototype One Pager

    4. Build and sell

    Build and test the team’s integrated prototype, decide on next steps, and come up with a pitch to sell the solution to business executives.

    • Prototype With an Innovation Design Sprint – Day 4: Build and Sell
    [infographic]

    Workshop: Prototype With an Innovation Design Sprint

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand and Ideate

    The Purpose

    Align the team around a well-defined business problem and start ideating solutions.

    Key Benefits Achieved

    Ideate solutions in the face of organizational cconstraints and characterize the success of the prototype.

    Activities

    1.1 Frame the problem.

    1.2 Develop evaluation criteria.

    1.3 Diverge and converge.

    Outputs

    Problem statement(s)

    Evaluation criteria

    Ideated solutions

    2 Divide and Conquer

    The Purpose

    Break off into teams to try and develop solutions that address the problem in unique ways.

    Key Benefits Achieved

    Develop and test a first-iteration prototype.

    Activities

    2.1 Design first prototypes in teams.

    2.2 Conduct UX testing.

    Outputs

    First-iteration prototypes

    User feedback and data

    3 Unite and Integrate

    The Purpose

    Bring the team back together to develop a team vision of the final prototype.

    Key Benefits Achieved

    Integrated, second-iteration prototype.

    Activities

    3.1 Create and deliver prototype pitches.

    3.2 Integrate prototypes.

    Outputs

    Prototype practice pitches

    Second-iteration prototype

    4 Build and Sell

    The Purpose

    Build and test the second prototype and prepare to sell it to business executives.

    Key Benefits Achieved

    Second-iteration prototype and a budget pitch.

    Activities

    4.1 Conduct second round of UX testing.

    4.2 Create one pager and budget pitch.

    Outputs

    User feedback and data

    Prototype one pager and budget pitch

    The Rush Trap: Why "Move Fast and Break Things" Breaks Your Business

    • Large vertical image:

    Most business leaders think that the best way to beat the competition is to push their development teams harder and demand faster delivery. I've seen the opposite happen many times.

    When you prioritize "shipping fast" and "getting to market first," you often end up taking the longest time to succeed, because your team must spend months, sometimes years, addressing the problems caused by your haste. On the surface, things appear to be improving, but internally, they can feel overwhelming. You will notice this impact on your staff.

    This is the harsh truth about rushing IT development:

    Every Shortcut Creates Two New Problems

    Here's what really happens in the codebase when you tell your team to "just get it done fast": you don't do proper input validation and sanitization because you say, "We'll add that later." And then you have to deal with SQL injection attacks and data breaches for months. This wasted time could have been avoided by using simple parameterized queries and validation frameworks.

    In 2024, the average cost of a data breach was $4.88 million. 73% of these breaches require more than 200 days to resolve. You only code for the happy flow, but real users submit incorrect data, experience network timeouts, and encounter failures with third-party APIs. 

    Your app crashes more than it should because you didn't set up proper error handling, or circuit breakers, or graceful degradation patterns. I know these take time to implement, but what would you rather have? Customers abandoning it?

    Businesses lose an average of $5,600 per minute when their systems go down, and e-commerce sites can lose up to $300,000 per hour during busy times. Instead of fixing the root causes of problems, you just patch them up with quick fixes. Instead of proper garbage collection, that memory leak gets a band-aid restart script. Instead of being optimized, the slow database query is cached.

    Soon, you will find yourself struggling to keep your building intact.

    To keep up with technical debt, companies usually have to spend 23–42% of their total IT budget each year.

    You don't do full testing because "writing unit tests takes longer than manual testing." This approach does not include load testing, test-driven development, or integration testing. Your first real test is when you have paying customers in production. Companies that don't test their software properly have 60% more bugs in their products and spend 40% more time fixing them than companies that do.

    You start without being able to properly monitor and see what's going on. There are no logging frameworks, no application performance monitoring, and no health checks in place. When things go wrong—and they will—it's difficult to figure out what's amiss. Without proper monitoring, it takes an average of 4.5 hours to find and fix IT problems. With full observability tools, it only takes 45 minutes.

    It's easy to see that every shortcut you take today will cause two new problems tomorrow. Each of those problems makes two more. You're going to be in a lot of trouble with technical debt, security holes, and unstable systems soon. All because you were in a hurry to meet some random deadline.

    The true cost of rushing in those "move fast and break things" success stories is often overlooked. You don't guarantee a quick time to market when you rush code to market. You're just making sure that failure to market happens quickly. Remember that most Silicon Valley break-movers lose millions, but you never read about those; you only read about the 1 in 350 VC-backed companies that make it. That is a staggering 0.29%. I would not bet on that strategy just yet.

    Because code that is rushed doesn't just break once. It breaks all the time. In production. This issue arises when dealing with real customers. At the worst times. Your developers are putting out fires instead of adding new features. Instead of adding the features that the customer asked for, they're fixing race conditions at 2 AM. They're patching vulnerabilities in dependencies rather than creating the next version.

    According to research, developers in environments with a lot of technical debt spend 42% of their time on maintenance and bug fixes, while those in well-architected systems spend only 23% of their time on these tasks. Bad code drives up your infrastructure costs by requiring more servers to handle the same load. Your database runs slower because no one took the time to make the right indexes or make the queries run faster. Unoptimized applications typically require 3 to 5 times more infrastructure resources, directly impacting your cloud computing and operational costs.

    The costs of getting new customers go up because products that are rushed have higher churn rates. People stop using apps that crash a lot or don't work well. For example, 53% of mobile users will stop using an app if it takes longer than 3 seconds to load. It costs 5 to 25 times more to get a new customer than to keep an old one.

    In the meantime, what about your competitor who took an extra month to set up proper error handling, security controls, and performance optimization? They're growing smoothly while you're still working on the base.

    The Slow Way Is the Quick Way

    Let me tell you a myth that is costing you millions: The race isn't about speed unless you're in a real winner-take-all market with huge network effects. It's about lasting.

    There is usually room for more than one winner in most markets. Your real job isn't to be the first to market; it's to still be there when the "fast movers" fail because they owe too much money. The businesses that are the biggest in their markets aren't usually the first ones there. They are the ones who took the time to use excellent software engineering practices from the start. They used well-known security frameworks like the OWASP guidelines to make their systems safe, set up the right authentication and authorization patterns, and made sure their APIs were designed with security and resilience in mind from the start.

    Companies that have good security practices have 76% fewer security incidents and save an average of $1.76 million for every breach they avoid. They wrote code for failure scenarios using patterns like retry logic with exponential backoff, circuit breakers to stop failures from spreading, and bulkhead isolation to keep problems from spreading.

    They set up full logging and monitoring so they could find problems before customers did. Systems that are built well and have the right resilience patterns are up 99.9% of the time, while systems that are built quickly are up 95% to 98% of the time. While you may believe that 95% to 98% uptime is an acceptable figure to agree to, take a moment to consider what that actually translates to in terms of downtime for your availability metrics. Remember that you should only calculate the times you really want to be available. This is due to the fact that any unavailability during your downtime is not taken into account. But failures do not take your opening hours into consideration. 

    Successful companies used domain-driven design to get the business requirements right, made complete API documentation, and built automated testing suites that found regressions before deployment. Companies that do a lot of testing deliver features 2.5 times faster and with 50% fewer bugs after deployment.

    They made sure that their environments were always the same by using infrastructure as code, setting up the right CI/CD pipelines with automated security scanning and regression testing, and planning for horizontal scaling from the start.

    Companies that have mature DevOps practices deploy 208 times more often and have lead times that are 106 times faster, all while being more reliable.

    What This Means for Your Process of Development

    The truth is that your development schedule isn't about meeting deadlines. The purpose is to create systems that function effectively when real people use them in real-life situations with actual data and at a large scale. If your code crashes under load because you didn't use the right caching strategies or database connection pooling, it doesn't matter how fast it is to market.

    If you neglect to conduct security code reviews and utilize static analysis tools, the likelihood of hacking increases significantly.

    Think about the return on investment: putting in an extra 20–30% up front for the right architecture, security, and testing usually cuts the total cost of ownership by 60–80% over the life of the application.

    The first "delay" of 2 to 4 weeks for proper engineering practices saves 6 to 12 months of fixing technical debt later on.

    You have a simple choice: either take the time to follow excellent software engineering practices now, or spend the next two years telling customers why your system is down again while your competitors take your market share. The companies that last and eventually take over choose quality engineering over random speed. I leave it up to your imagination as to what multi-trillion-dollar company immediately comes to mind.

    I am always up for a conversation.

    Review Your Application Strategy

    • Buy Link or Shortcode: {j2store}82|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $12,599 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Over 80% of CXOs experience frustration with IT’s failure to deliver business value.
    • Sixty percent of CEOs believe that improvement is required around IT’s understanding of business goals.
    • Sixty percent of IT professionals know there is an opportunity to run applications more efficiently, eliminating wasteful or low-value activities.

    Our Advice

    Critical Insight

    • Organizations need to better align their application strategy with their business strategy as they proceed through tactical initiatives.
    • Application strategies provide guidance on how they will help the organization survive and thrive.

    Impact and Result

    Aligning your business with applications through your strategy will not only increase business satisfaction but also help to ensure you’re delivering applications that enable the organization’s goals.

    Review Your Application Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should have an application strategy and why you should use Info-Tech’s approach to review it. Learn how we can support you in completing this strategy and review.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Review your strategy

    This review guide provides organizations with a detailed assessment of their application strategy, ensuring that the applications enable the business strategy so that the organization can be more effective.The assessment provides criteria and exercises to provide actionable outcomes.

    • Application Strategy Assessment Tool
    • Application Strategy Action Plan Report Template
    • Application Strategy Sample Action Plan Report
    [infographic]

    Implement and Mature Your User Experience Design Practice

    • Buy Link or Shortcode: {j2store}430|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Requirements & Design
    • Parent Category Link: /requirements-and-design

    Many organizations want to get to market quickly and on budget but don’t know the steps to get the right product/service to satisfy the users and business. This may be made apparent through uninformed decisions leading to lack of adoption of your product or service, rework due to post-implementation user feedback, or the competition discovering new approaches that outshine yours.

    Our Advice

    Critical Insight

    Ensure your practice has a clear understanding of the design problem space – not just the solution. An understanding of the user is critical to this.

    Impact and Result

    • Create a practice that is focused on human outcomes; it starts and ends with the people you are designing for. This includes:
      • Establishing a practice with a common vision.
      • Enhancing the practice through four design factors.
      • Communicating a roadmap to improve your business through design.
    • Create a practice that develops solutions specific to the needs of users, customers, and stakeholders.

    Implement and Mature Your User Experience Design Practice Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement an experience design practice, review Info-Tech’s methodology, and understand the four dimensions we recommend using to mature your practice.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build the foundation

    Motivate your team with a common vision, mission, and goals.

    • Design Roadmap Workbook
    • User Experience Practice Roadmap

    2. Review the design dimensions

    Examine your practice – from the perspectives of organizational alignment, business outcomes, design perspective, and design integration – to determine what it takes to improve your maturity.

    3. Build your roadmap and communications

    Bring it all together – determine your team structure, the roadmap for the practice maturity, and communication plan.

    [infographic]

    Workshop: Implement and Mature Your User Experience Design Practice

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Answer “So What?”

    The Purpose

    Make the case for UX. Bring the team together with a common mission, vision, and goals.

    Key Benefits Achieved

    Mission, vision, and goals for design

    Activities

    1.1 Define design practice goals.

    1.2 Generate the vision statement.

    1.3 Develop the mission statement.

    Outputs

    Design vision statement

    Design mission statement

    Design goals

    2 Examine Design Dimensions

    The Purpose

    Review the dimensions that help organizations to mature, and assess what next steps make sense for your organization.

    Key Benefits Achieved

    Develop initiatives that are right-sized for your organization.

    Activities

    2.1 Examine organizational alignment.

    2.2 Establish priorities for initiatives.

    2.3 Identify business value sources.

    2.4 Identify design perspective.

    2.5 Brainstorm design integration.

    2.6 Complete UCD-Canvas.

    Outputs

    Documented initiatives for design maturity

    Design canvas framework

    3 Create Structure and Initiatives

    The Purpose

    Make your design practice structure right for you.

    Key Benefits Achieved

    Examine patterns and roles for your organization.

    Activities

    3.1 Structure your design practice.

    Outputs

    Design practice structure with patterns

    4 Roadmap and Communications

    The Purpose

    Define the communications objectives and audience for your roadmap.

    Develop your communication plan.

    Sponsor check-in.

    Key Benefits Achieved

    Complete in-progress deliverables from previous four days.

    Set up review time for workshop deliverables and to discuss next steps.

    Activities

    4.1 Define the communications objectives and audience for your roadmap.

    4.2 Develop your communication plan.

    Outputs

    Communication Plan and Roadmap

    Develop a Security Awareness and Training Program That Empowers End Users

    • Buy Link or Shortcode: {j2store}370|cart{/j2store}
    • member rating overall impact: 9.4/10 Overall Impact
    • member rating average dollars saved: $12,075 Average $ Saved
    • member rating average days saved: 11 Average Days Saved
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting
    • The fast evolution of the cybersecurity landscape requires security training and awareness programs that are frequently updated and improved.
    • Security and awareness training programs often fail to engage end users. Lack of engagement can lead to low levels of knowledge retention.
    • Irrelevant or outdated training content does not properly prepare your end users to effectively defend the organization against security threats.

    Our Advice

    Critical Insight

    • One-time, annual training is no longer sufficient for creating an effective security awareness and training program.
    • By presenting security as a personal and individualized issue, you can make this new personal focus a driver for your organizational security awareness and training program.

    Impact and Result

    • Create a training program that delivers smaller amounts of information on a more frequent basis to minimize effort, reduce end-user training fatigue, and improve content relevance.
    • Evaluate and improve your security awareness and training program continuously to keep its content up-to-date. Leverage end-user feedback to ensure content remains relevant to those who receive it.

    Develop a Security Awareness and Training Program That Empowers End Users Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop a security awareness and training program that empowers end users, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Develop your training program

    Create or mature a security awareness and training program that is tailored to your organization.

    • Develop a Security Awareness and Training Program That Empowers End Users – Phase 1: Develop Your Training Program
    • Security Awareness and Training Program Development Tool
    • End-User Security Job Description Template
    • Training Materials – Physical Computer Security
    • Training Materials – Cyber Attacks
    • Training Materials – Incident Response
    • Training Materials – Mobile Security
    • Training Materials – Passwords
    • Training Materials – Phishing
    • Training Materials – Social Engineering
    • Training Materials – Web Usage
    • Security Awareness and Training Vendor Evaluation Tool
    • Security Awareness and Training Metrics Tool
    • End-User Security Knowledge Test Template
    • Security Training Campaign Development Tool

    2. Design an effective training delivery plan

    Explore methods of training delivery and select the most effective solutions.

    • Develop a Security Awareness and Training Program That Empowers End Users – Phase 2: Design an Effective Training Delivery Plan
    • Information Security Awareness and Training Policy
    • Security Awareness and Training Gamification Guide
    • Mock Spear Phishing Email Examples
    • Security Training Email Templates
    • Security Awareness and Training Module Builder and Training Schedule
    • Security Training Campaign Development Tool
    • Security Training Program Manual
    • Security Awareness and Training Feedback Template
    • Security Awareness Month Week 1: Staying in Touch
    • Security Awareness Month Week 2: Sharing Special Moments
    • Security Awareness Month Week 3: Working and Networking
    • Security Awareness Month Week 4: Families and Businesses
    [infographic]

    Workshop: Develop a Security Awareness and Training Program That Empowers End Users

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Outline the Plan for Long-term Program Improvement

    The Purpose

    Identify the maturity level of the existing security awareness and training program and set development goals.

    Establish program milestones and outline key initiatives for program development.

    Identify metrics to measure program effectiveness.

    Key Benefits Achieved

    Identified the gaps between the current maturity level of the security awareness and training program and future target states.

    Activities

    1.1 Create a program development plan.

    1.2 Investigate and select metrics to measure program effectiveness.

    1.3 Execute some low-hanging fruit initiatives for collecting metrics: e.g. create a knowledge test, feedback survey, or gamification guide.

    Outputs

    Customized development plan for program.

    Tool for tracking metrics.

    Customized knowledge quiz ready for distribution.

    Customized feedback survey for training.

    Gamification program outline.

    2 Identify and Assess Audience Groups and Security Training Topics

    The Purpose

    Determine the unique audience groups within your organization and evaluate their risks and vulnerabilities.

    Prioritize training topics and audience groups to effectively streamline program development.

    Key Benefits Achieved

    Created a comprehensive list of unique audience groups and the corresponding security training that each group should receive.

    Determined priority ratings for both audience groups and the security topics to be delivered.

    Activities

    2.1 Identify the unique audience groups within your organization and the threats they face.

    2.2 Determine the priority levels of the current security topics.

    2.3 Review audience groups and determine which topics need to be delivered to each group.

    Outputs

    Risk profile for each identified audience group.

    Priority scores for all training topics.

    List of relevant security topics for each identified audience group.

    3 Plan the Training Delivery

    The Purpose

    Identify all feasible delivery channels for security training within your organization.

    Build a vendor evaluation tool and shortlist or harvest materials for in-house content creation.

    Key Benefits Achieved

    List of all potential delivery mechanisms for security awareness and training.

    Built a vendor evaluation tool and discussed a vendor shortlist.

    Harvested a collection of free online materials for in-house training development.

    Activities

    3.1 Discuss potential delivery mechanisms for training, including the purchase and use of a vendor.

    3.2 If selecting a vendor, review vendor selection criteria and discuss potential vendor options.

    3.3 If creating content in-house, review and select available resources on the web.

    Outputs

    List of available delivery mechanisms for training.

    Vendor assessment tool and shortlist.

    Customized security training presentations.

    4 Create a Training Schedule for Content Deployment

    The Purpose

    Create a plan for deploying a pilot program to gather valuable feedback.

    Create an ongoing training schedule.

    Define the end users’ responsibilities towards security within the organization.

    Key Benefits Achieved

    Created a plan to deploy a pilot program.

    Created a schedule for training deployment.

    Defined role of end users in helping protect the organization against security threats.

    Activities

    4.1 Build training modules.

    4.2 Create an ongoing training schedule.

    4.3 Define and document your end users’ responsibilities towards their security.

    Outputs

    Documented modular structure to training content.

    Training schedule.

    Security job description template.

    End-user training policy.

    IT Talent Trends 2022

    • Buy Link or Shortcode: {j2store}541|cart{/j2store}
    • member rating overall impact: 8.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: People & Leadership
    • Parent Category Link: /people-and-leadership

    Business and IT leaders aiming to build and keep successful teams in 2022 must:

    • Optimize IT in the face of a competitive labor market.
    • Build or maintain a culture of diversity, equity, and inclusion.
    • Manage the monumental shift to the new normal of remote work.
    • Weather the Great Resignation and come out on top.
    • Correctly assess development areas for their teams.
    • Justify investing in IT talent.

    Our Advice

    Critical Insight

    • If 2021 was about beginning to act on employee needs, 2022 will be about strategically examining each trend to ensure that the organization's promises to take action are more than lip service.
    • Employees have always been able to see through disingenuous attempts to engage them, but in 2022 the stakes are higher due to increased talent mobility.

    Impact and Result

    This report includes:

    • A concise, executive-ready trend report.
    • Data and insights from IT organizations from around the world.
    • Steps to take for each of the trends depending on your current maturity level.
    • Examples and case studies.
    • Links to in-depth Info-Tech research and tools.

    IT Talent Trends 2022 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. IT Talent Trends Report for 2022 – A report to help you incorporate new ways of working into your business to build and keep the best team.

    Discover Info-Tech’s 2022 talent trends for IT leaders, which will provide insight into taking a strategic approach to navigate the post-pandemic IT talent landscape.

    • IT Talent Trends Report for 2022

    Infographic

    Further reading

    IT Talent Trends 2022

    The last two years have been a great experiment … but it’s not over yet.

    Incorporate new ways of working into your business to build and keep the best team.

    Over the past two years, organizations have ventured into unprecedented ways of working and supporting their employees, as they tried to maintain productivity through the pandemic. This experiment has made lasting changes to both business models and employee expectations, and these effects will continue to be seen long after we return to a “new normal.”

    While the pandemic forced us to work differently for the past two years, looking forward, successful organizations will incorporate new ways of working into their business models – beyond simply having a remote work policy.

    How we work, source roles, and develop talent continue to evolve as we navigate a different world with employees being more vocal in their desires, and leaders continue to play a key role.

    The IT talent market will never be the same, and organizations must reevaluate their employee experience from the bottom up to successfully weather the shift to the new normal.

    IT Talent Trends 2022

    Strategic Recruiting Finds Good Talent

    Finding talent in a strained talent market requires a marketing approach. Posting a job description isn’t enough.

    		The (Not So) Great Resignation

    IT is faring better than other functions; however, specific industries need to pay attention.

    		Grow Your DEI Practices Into Meaningful Actions

    Good intentions are not enough.

    		Remote Work Is Here – Can Your Culture Adapt?

    The Great Experiment is over. Are leaders equipped to capitalize on its promises?

    		Management Skills Drive Success in a Remote World

    Despite the need for remote team management training, it is still not happening.

    The pandemic has clarified employees’ needs and amplified their voices

    If 2021 was about beginning to act on employee needs, 2022 will be about strategically examining each trend to ensure that the actions taken by the organization are more than lip service.

    Employees have always been able to see through disingenuous attempts to engage them, but in 2022 the stakes are higher due to increased talent mobility.

    Trends that were just starting to come into focus last year have established themselves as critical determinants of the employee experience in 2022.

    2021

    		DEI: A Top Talent ObjectiveRemote Work Is Here to StayUncertainty Unlocks PerformanceA Shift in Skills PrioritiesA Greater Emphasis on Wellbeing
    Arrow pointing down.Joiner pointing down.Joiner pointing down.

    2022

    		Strategic Recruiting Finds Good Talent

    Finding talent in a strained talent market requires a marketing approach. Posting a job description isn’t enough.

    		The (Not So) Great Resignation

    IT is faring better than other functions; however, specific industries need to pay attention.

    		Grow Your DEI Practices Into Meaningful Actions

    Good intentions are not enough.

    		Remote Work Is Here – Can Your Culture Adapt?

    The Great Experiment is over. Are leaders equipped to capitalize on its promises?

    		Management Skills Drive Success in a Remote World

    Despite the need for remote team management training, it is still not happening.

    What employees are looking for is changing

    Superficial elements of traditional office culture were stripped away by the quick shift to a remote environment, giving employees the opportunity to reevaluate what truly matters to them in a job.

    The biggest change from 2019 (pre-pandemic) to today is increases in the importance of culture, flexible/remote work, and work-life balance.

    Organizations that fail to keep up with this shift in priorities will see the greatest difficulty in hiring and retaining staff.

    As an employee, which of the following would be important to you when considering a potential employer?

    2019 2021
    Flexible Work Pie graph representing response percentages from employees regarding importance of these factors. Flexible Work: 2019, Very 46%, Somewhat 49%, Not at All 5%.
    n=275     		Arrow pointing right. Pie graph representing response percentages from employees regarding importance of these factors. Flexible Work: 2021, Very 76%, Somewhat 21%, Not at All 2%.
    n=206
    Work-Life Balance Pie graph representing response percentages from employees regarding importance of these factors. Work-Life Balance: 2019, Very 67%, Somewhat 30%, Not at All 3%.
    n=277     		Arrow pointing right. Pie graph representing response percentages from employees regarding importance of these factors. Work-Life Balance: 2021, Very 80%, Somewhat 18%, Not at All 1%.
    n=206
    Culture Pie graph representing response percentages from employees regarding importance of these factors. Culture: 2019, Very 68%, Somewhat 31%, Not at All 1%.
    n=277     		Arrow pointing right. Pie graph representing response percentages from employees regarding importance of these factors. Culture: 2021, Very 81%, Somewhat 19%, Not at All 0%.
    n=206
    Source: Info-Tech Talent Trends Survey data collected in 2019 and 2021 Purple Very Important
    Blue Somewhat Important
    Green Not at All Important

    IT’s top talent priorities in 2022

    IT’s top Talent priorities reflect a post-pandemic focus on optimizing talent to fulfill strategic objectives: Top challenges for IT departments, by average rank, with 1 being the top priority.

    Important
    In the 2022 IT Talent Trends Survey, IT departments’ top priorities continue to be learning and innovation in support of organizational objectives. —› Enabling leaning and development within IT
    —› Enabling departmental innovation     		5.01
    5.54
    With employees being clearer and more vocal about their needs than ever before, employee experience has risen to the forefront of IT’s concern as a key enabler of strategic objectives. —› Providing a great employee experience for IT 5.66
    Supporting departmental change 6.01
    With organizations finally on the way to financial stability post pandemic, recruiting is a major focus. —› Recruiting (e.g. quickly filling vacant roles in IT with quality external talent) 6.18
    However, IT’s key efforts are threatened by critical omissions: Fostering a positive employee relations climate in the department 6.32
    Despite a focus on learning and development, leadership skills are not yet a top focus. —› Developing the organization's IT leaders 6.33
    Rapidly moving internal IT employees to staff strategic priorities 6.96
    Facilitating data-driven people decisions within IT 7.12
    Controlling departmental labor costs and maximizing the value of the labor spend 7.13
    Despite the need to provide a great employee experience, the focus on diversity, equity, and inclusion is low. —› Fostering an environment of diversity, equity, and inclusion in the department 7.31
    Despite prioritizing recruiting, IT departments see candidate experience as a last priority, either not focusing on it or relegating it to HR. —› Providing a great candidate experience for IT candidates 8.43
    (n=227)

    IT Talent Trends 2022

    Look beneath the surface of the trends to navigate them successfully

    Above Ground
    Focusing on what you see 'Above the line" won't solve the problem.

    Talent isn't a checklist.

    Strategic Recruiting Finds Good Talent

    Finding talent in a strained talent market requires a marketing approach. Posting a job description isn't enough.
    • The number of job openings increased to 11.4 million on the last business day of October, up from 10.6 million in September (US Bureau of Labor Statistics, Dec. 2021)

    The (Not So) Great Resignation

    IT is faring better than other functions; however, specific industries need to pay attention.
    • In September, in the US, 4.4 million people left their jobs. That number dropped to 4.2 million in October. (US Labor Stats, Dec. 2021)
    • 30% of workers will likely switch jobs if they have to return to the office full time. (McKinsey, Dec. 2021)

    Grow Your DEI Practices Into Meaningful Actions

    Good intentions are not enough.
    • 95% of organizations are focusing on DEI. (2022 HR Trends Report)
    • 48% of IT departments have delivered training on DEI over the past year.

    Remote Work is Here. Can Your Culture Adapt?

    The Great Experiment is over. Are you equipped to capitalize on its promises?
    • 85% of organizations saw the same or higher productivity during the pandemic.
    • 91% of organizations are continuing remote work.

    Management Skills Drive Success in a Remote World

    Despite the need for remote team management training, it is still not happening.
    • 72% of IT departments report high effectiveness at managing remote staff.
    • Learning and development is IT's top priority.
    Cross-section of the Earth and various plants with their root systems, highlighting the world above ground and below.
    Beneath the Surface
    For each trend, a strategic approach to get "under the line" will help form your response.

    Talent needs a holistic approach, as under the line everything is connected. If you are experiencing challenges in one area, analyzing data (e.g. engagement, exit surveys, effectiveness of DEI program and leader training) can help drive overall experience.

    • 100% of job seekers cite culture as somewhat to very important.
    • Only 40% of employers advertise culture in job postings.
    • 70% of IT departments state voluntary turnover is less than 10%
    • Top reasons for resignation are salary, development, and opportunity for innovative work.
    • Resignation rates were higher in fields that had experienced extreme stress due to the pandemic (HBR, Dec. 2021)
    • Senior leadership is overestimating their own commitment to DEI.
    • Most IT departments are not driving their own DEI initiatives.
    • Without effectively measuring DEI practices, organizations will see 1.6x more turnover. (2022 HR Trends Report)
    • Senior leadership is not open to remote work in 23% of organizations.
    • Without leadership support, employees will not buy into remote work initiatives.
    • A remote work policy will not bring organizational benefits without employee buy-in.
    • 75% of senior managers believe remote team management is highly effective, but only 60% of frontline staff agree.
    • Training focuses on technical skills, to the exclusion of soft skills, including management and leadership.
    Solutions
    Recommendations depending on your department's maturity level.     		Attention is required for candidate experience underpinned by a realistic employee value proposition. Gather and review existing data (e.g. early retirements, demographics) to understand your turnover rate. Use employee engagement tools to gauge employee sentiment among impacted groups and build out an engagement strategy to meet those needs. Conduct a cultural assessment to reveal hidden biases that may stand in the way of remote work efficacy. Provide management training on performance management and development coaching.

    Logo for Info-Tech.Logo for ITRG.

    This report is based on organizations just like yours

    Survey timeline = October 2021
    Total respondents = 245 IT professionals

    Geospatial map of survey responses shaded in accordance with the percentages listed below.
    01 United States 45% 08 Middle East 2%
    02 Canada 23% 09 Other (Asia) 2%
    03 Africa 8% 10 Germany 1%
    04 Great Britain 6% 11 India 1%
    05 Latin America, South America or Caribbean 4% 12 Netherlands 1%
    06 Other (Europe) 4% 13 New Zealand 1%
    07 Australia 2% (N-245)

    A bar chart titled 'Please estimate your organization's revenue in US$ (Use operating budget if you are a public-sector organization)' measuring survey responses. '$0 - less than 1M, 7%', '$1M - less than 5M, 4%', '$5M - less than 10M, 4%', '$10M - less than 25M, 6%', '$25M - less than 50M, 5%', '$50M - less than 100M, 13%', '$100M - less than 500M, 24%', '$500M - less than 1B, 9%', '1B - less than 5B, 22%', '$5B+, 8%'. (n=191)

    This report is based on organizations just like yours

    Industry

    Bar chart measuring percentage of survey respondents by industry. The largest percentages are from 'Government', 'Manufacturing', 'Media, information, Telecom & Technology', and 'Financial Services (including banking & insurance)'.

    Info-Tech IT Maturity Model

    Stacked bar chart measuring percentage of survey respondents by IT maturity level. Innovator is 7.11%, Business Partner is 16.44%, Trusted Operator is 24.89%, Firefighter is 39.11%, and Unstable is 12.44%.
    (n=225)

    Innovator – Transforms the Business
    Reliable Technology Innovation

    Business Partner – Expands the Business
    Effective Execution Projects, Strategic Use of Analytics and Customer Technology

    Trusted Operator – Optimizes Business
    Effective Fulfillment of Work Orders, Functional Business Applications, and Reliable Data Quality

    Firefighter – Supports the Business
    Reliable Infrastructure and IT Service Desk

    Unstable – Struggles to Support
    Inability to Provide Reliable Business Services

    This report is based on people just like you

    Which of the following ethnicities (ethnicity refers to a group with a shared or common identity, culture, and/or language) do you identify with? Select all that apply. What gender do you identify most with?
    A pie chart measuring percentage of survey respondents by ethnicity. Answers are 'White (e.g. European, North America), 59%', 'Asian (e.g. Japan, India, Philippines, Uzbekistan), 12%', 'Black (e.g. Africa, Caribbean, North America), 12%', 'Latin/Hispanic (e.g. Cuba, Guatemala, Spain, Brazil), 7%', 'Middle Eastern (e.g. Lebanon, Libya, Iran), 4%', 'Indigenous (e.g. First Nations, Inuit, Metis, Maori), 3%', 'Indo-Caribbean (e.g. Trinidad & Tobago, Guyana, St. Vincent), 3%'.
    (N=245)     		A pie chart measuring percentage of survey respondents by gender. Answers are 'Male, 67%', 'Female, 24%', 'Prefer not to answer, 5%', 'No Specification, 4%', 'Intersex, 0%'.
    (n=228)

    This report is based on people just like you

    What is your sub-department of IT? Which title best describes your position?
    Bar chart measuring percentage of survey respondents by sub-department. The top three answers are 'Senior Leadership', 'Infrastructure and Operations', and 'Application Development'.
    (n=227)     		Bar chart measuring percentage of survey respondents by title. The top four answers are 'Director-level, 29%', 'Manager, 22%', 'C-Level Officer, 18%', and 'VP-level, 11%.'
    (N=245)

    IT Talent Trends 2022

    Each trend is introduced with key questions you can ask yourself to see how your department fares in that area.

    The report is based on statistics from a survey of 245 of your peers.

    It includes recommendations of next steps and a key metric to track your success.

    It lists Info-Tech resources that you, as a member, can leverage to begin your journey to improve talent management in your department.

    Strategic Recruiting Finds Good Talent

    Finding talent in a strained talent market requires a marketing approach. Posting a job description isn’t enough.

    		The (Not So) Great Resignation

    IT is faring better than other functions; however, specific industries need to pay attention.

    		Grow Your DEI Practices Into Meaningful Actions

    Good intentions are not enough.

    		Remote Work Is Here – Can Your Culture Adapt?

    The Great Experiment is over. Are leaders equipped to capitalize on its promises?

    		Management Skills Drive Success in a Remote World

    Despite the need for remote team management training, it is still not happening.

    The report is based on data gathered from Info-Tech Research Group’s 2022 IT Talent Trends Survey. The data was gathered in September and October of 2021.

    Strategic Recruiting Finds Good Talent

    Trend 1 | The Battle to Find and Keep Talent

    As the economy has stabilized, more jobs have become available, creating a job seeker’s market. This is a clear sign of confidence in the economy, however fragile, as new waves of the pandemic continue.

    Info-Tech Point of View

    Recruiting tactics are an outcome of a well-defined candidate experience and employee value proposition.

    Introduction

    Cross-section of a plant and its roots, above and below ground. During our interviews, members that focused on sharing their culture with a strong employee value proposition were more likely to be successful in hiring their first-choice candidates.
    Questions to ask yourself
    • Do you have a well-articulated employee value proposition?
    • Are you using your job postings to market your company culture?
    • Have you explored multiple channels for posting jobs to increase your talent pool of candidates?

    47% of respondents are hiring external talent to fill existing gaps, with 40% using external training programs to upgrade current employees. (Info-Tech IT Talent Trends 2022 Survey)

    In October, the available jobs (in the USA) unexpectedly rose to 11 million, higher than the 10.4 million experts predicted. (CNN Business, 2021)

    Where has all the talent gone?

    IT faces multiple challenges when recruiting for specialized talent

    Talent scarcity is focused in areas with specialized skill sets such as security and architecture that are dynamic and evolving faster than other skill sets.

    “It depends on what field you work in,” said ADP chief economist Nela Richardson. “There were labor shortages in those fields pre-pandemic and two years forward, there is even more demand for people with those skills” (CNBC, 19 Nov. 2021).

    37% of IT departments are outsourcing roles to fill internal skill shortages. (Info-Tech Talent Trends 2022 Survey)

    Roles Difficult to Fill

    Horizontal bar chart measuring percentage of survey responses about which roles are most difficult to fill. In order from most difficult to least they are 'Security (n=177)', 'Enterprise Architecture (n=172)', 'Senior Leadership (n=169)', 'Data & Business Intelligence (n=171)', 'Applications Development (n=177)', 'Infrastructure & Operations (n=181)', 'Business Relationship Management (n=149)', 'Project Management (n=175)', 'Vendor Management (n=133)', 'Service Desk (n=184)'.(Info-Tech Talent Trends 2022 Survey)

    Case Study: Using culture to drive your talent pool

    This case study is happening in real time. Please check back to learn more as Goddard continues to recruit for the position.

    Recruiting at NASA

    Goddard Space Center is the largest of NASA’s space centers with approximately 11,000 employees. It is currently recruiting for a senior technical role for commercial launches. The position requires consulting and working with external partners and vendors.

    NASA is a highly desirable employer due to its strong culture of inclusivity, belonging, teamwork, learning, and growth. Its culture is anchored by a compelling vision, “For the betterment of Humankind,” and amplified by a strong leadership team that actively lives their mission and vision daily.

    Firsthand lists NASA as #1 on the 50 most prestigious internships for 2022.

    Rural location and no flexible work options add to the complexity of recruiting

    The position is in a rural area of Eastern Shore Virginia with a population of approximately 60,000 people, which translates to a small pool of candidates. Any hire from outside the area will be expected to relocate as the senior technician must be onsite to support launches twice a month. Financial relocation support is not offered and the position is a two-year assignment with the option of extension that could eventually become permanent.

    Photo of Steve Thornton, Acting Division Chief, Solutions Division, Goddard Space Flight Center, NASA.

    “Looking for a Talent Unicorn; a qualified, experienced candidate with both leadership skills and deep technical expertise that can grow and learn with emerging technologies.”

    Steve Thornton
    Acting Division Chief, Solutions Division,
    Goddard Space Flight Center, NASA

    Case Study: Using culture to drive your talent pool

    A good brand overcomes challenges

    Culture takes the lead in NASA's job postings, which attract a high number of candidates. Postings begin with a link to a short video on working at NASA, its history, and how it lives its vision. The video highlights NASA's diversity of perspectives, career development, and learning opportunities.

    NASA's company brand and employer brand are tightly intertwined, providing a consistent view of the organization.

    The employer vision is presented in the best place to reach NASA's ideal candidate: usajobs.gov, the official website of the United States Government and the “go-to” for government job listings. NASA also extends its postings to other generic job sites as well as LinkedIn and professional associations.

    Photo of Robert Leahy, Chief Information Officer, Goddard Space Flight Center, NASA.

    Interview with Robert Leahy
    Chief Information Officer
    Goddard Space Flight Center, NASA

    “Making sure we have the tools and mechanisms are two hiring challenges we are going to face in the future as how we work evolves and our work environment changes. What will we need to consider with our job announcements and the criteria for selecting employees?”

    Liteshia Dennis,
    Office Chief, Headquarter IT Office, Goddard Space Flight Center, NASA

    The ability to attract and secure candidates requires a strategy

    Despite prioritizing recruiting, IT departments see candidate experience as THE last Priority, either not focusing on it or relegating it to HR

    Candidate experience is listed as one of the bottom IT challenges, but without a positive experience, securing the talent you want will be difficult.

    Candidate experience starts with articulating your unique culture, benefits, and opportunities for development and innovative work as well as outlining flexible working options within an employer brand. Defining an employee value proposition is key to marketing your roles to potential employees.

    81% of respondents' rate culture as very important when considering a potential employer. (Info-Tech IT Talent Trends 2022 Survey)

    Tactics Used in Job Postings to Position the Organization Favorably as a Potential Employer

    Horizontal bar chart measuring percentage of survey responses about tactics used in job postings. The top tactics are 'Culture, 40%', 'Benefits, 40%', 'Opportunity for Innovative Work, 30%', and 'Professional Development, 30%'.(Info-Tech IT Talent Trends 2022 Survey)

    Case Study: Increasing talent pool at Info-Tech Research Group

    Strong sales leads to growth in operation capacity

    Info-Tech Research Group is an IT research & advisory firm helping IT leaders make strategic, timely, and well-informed decisions. Our actionable tools and analyst guidance ensure IT organizations achieve measurable results.

    The business has grown rapidly over the last couple of years, creating a need to recruit additional talent who were highly skilled in technical applications and approaches.

    In response, approval was given to expand headcount within Research for fiscal year 2022 and to establish a plan for continual expansion as revenue continues to grow.

    Looking for deep technical expertise with a passion for helping our members

    Hiring for our research department requires talent who are typically subject matter experts within their own respective IT domains and interested in and capable of developing research and advising clients through calls and workshops.

    This combination of skills, experience, and interest can be challenging to find, especially in an IT labor market that is more competitive than ever.

    Photo of Tracy-Lynn Reid, Practice Lead.

    Interview with Practice Lead Tracy-Lynn Reid

    Focus on Candidate Experience increases successful hire rate

    The senior leadership team established a project to focus on recruiting for net-new and open roles. A dedicated resource was assigned and used guidance from our research to enhance our hiring process to reduce time to hire and expand our candidate pool. Senior leaders stayed actively involved to provide feedback.

    The hiring process was improved by including panel interviews with interview protocols and a rubric to evaluate all candidates equitably.

    The initial screening conversation now includes a discussion on benefits, including remote and flexible work offerings, learning and development budget, support for post-secondary education, and our Buy-a-Book program.

    As a result, about 70% of the approved net-new headcount was hired within 12 weeks, with recruitment ongoing.

    Develop the Right Message to Engage Buyers

    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions

    Sixty percent of marketers find it hard to produce high-quality content consistently. SaaS marketers have an even more difficult job due to the technical nature of content production. Without an easy content development strategy, marketers have an insurmountable task of continually creating interesting content for an audience they don’t understand.

    Globally, B2B SaaS marketers without the ability to consistently produce and activate quality content will experience:

    • High website bounce rates and low time on site
    • Low page views
    • A low percentage of return visitors
    • Low conversions
    • Low open and click-through rates on email campaigns

    Our Advice

    Critical Insight

    Marketing content that identifies the benefit of the product along with a deep understanding of the buyer pain points, desired value, and benefit proof points is a key driver in delivering value to a prospect, thereby increasing marketing metrics such as open rates, time on site, page views, and click-through rates.

    Impact and Result

    Marketers that activate the SoftwareReviews message mapping architecture will be able to crack the code on the formula for improving open and click-through rates.

    By applying the SoftwareReviews message mapping architecture, clients will be able to:

    • Quickly diagnose the current state of their content marketing effectiveness compared to industry metrics.
    • Compare their current messaging approach versus the key elements of the Message Map Architecture.
    • Create more compelling and relevant content that aligns with a buyer’s needs and journey.
    • Shrink marketing and sales cycles.
    • Increase the pace of content production.

    Develop the Right Message to Engage Buyers Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Develop the Right Message to Engage Buyers Executive Brief – A mapping architecture to enable marketers to crack the code on the formula for improving open and click-through rates.

    Through this blueprint marketers will learn how to shift content away from low-performing content that only focuses on the product and company to high-performing customer-focused content that answers the “What’s in it for me?” question for a buyer, increasing engagement and conversions.

    Infographic

    Further reading

    Develop the Right Message to Engage Buyers

    Drive higher open rates, time-on-site, and click-through rates with buyer-relevant messaging.

    Analyst Perspective

    Develop the right message to engage buyers.

    Marketers only have seven seconds to capture a visitor's attention but often don't realize that the space between competitors and their company is that narrow. They often miss the mark on content and create reams of product and company-focused messaging that result in high bounce rates, low page views, low return visits, low conversions, and low click-through rates.

    We wouldn't want to sit in a conversation with someone who only speaks about themselves, so why would it be any different when we buy something? Today's marketers must quickly hook their visitors with content that answers the critical question of "What's in it for me?"

    Our research finds that leading content marketers craft messaging that lets their audience ”know they know them,” points out what’s in it for them, and includes proof points of promised value. This simple, yet often missed approach, we call Message Mapping, which helps marketers grab a visitor’s initial attention and when applied throughout the customer journey will turn prospects into customers, lifelong buyers, advocates, and referrals.

    Photo of Terra Higginson, Marketing Research Director, SoftwareReviews.

    Terra Higginson
    Marketing Research Director
    SoftwareReviews

    Executive Summary

    Your Challenge

    Globally, B2B SaaS marketers without the ability to consistently produce and activate quality content will experience:

    • High website bounce rates and low time on site
    • Low page views
    • A low percentage of return visitors
    • Low conversions
    • Low open and click-through rates on email campaigns
    Sixty percent of marketers find it hard to produce high-quality content consistently. SaaS marketers have an even more difficult job due to the technical nature of content production. Without an easy content development strategy, marketers have an insurmountable task of continually creating interesting content for an audience they don’t understand.    		 Common Obstacles

    Marketers struggle to create content that quickly engages the buyer because they lack:

    • Resources to create a high volume of quality content.
    • True buyer understanding.
    • Experience in how to align technical messaging with the buyer persona.
    • Easy-to-deploy content strategy tools.
    Even though most marketers will say that it’s important to produce interesting content, only 58% of B2B markers take the time to ask their customers what’s important to them. Without a true and deep understanding of buyers, marketers continue to invest their time and resources in an uninteresting product and company-focused diatribe.    		 SoftwareReviews’ Approach

    By applying the SoftwareReviews’ message mapping architecture, clients will be able to:

    • Quickly diagnose the current state of their content marketing effectiveness compared to industry metrics.
    • Compare their current messaging approach against the key elements of the Message Map Architecture.
    • Create more compelling and relevant content that aligns with a buyer’s needs and journey.
    • Shrink marketing and sales cycles.
    • Increase the pace of content production.
    Marketers that activate the SoftwareReviews message mapping architecture will be able to crack the code on the formula for improving open and click-through rates.

    SoftwareReviews Insight

    Marketing content that identifies the benefit of the product, along with a deep understanding of the buyer pain points, desired value, and benefit proof-points, is a key driver in delivering value to a prospect, thereby increasing marketing metrics such as open rates, time on site, page views, and click-through rates.

    Your Challenge

    65% of marketers find it challenging to produce engaging content.

    Globally, B2B SaaS marketers without the ability to consistently produce and activate quality content will experience:

    • High website bounce rates and low time on site
    • Low page views
    • A low percentage of return visitors
    • Low conversions
    • Low open and click-through rates on email campaigns

    A staggering 60% of marketers find it hard to produce high-quality content consistently and 62% don’t know how to measure the ROI of their campaigns according to OptinMonster.

    SaaS marketers have an even more difficult job due to the technical nature of content production. Without an easy content development strategy, marketers have an insurmountable task of continually creating interesting content for an audience they don’t understand.


    Over 64% of marketers want to learn how to build a better content     (Source: OptinMonster, 2021)

    Benchmark your content marketing

    Do your content marketing metrics meet the industry-standard benchmarks for the software industry?
    Visualization of industry benchmarks for 'Bounce Rate', 'Organic CTR', 'Pages/Session', 'Average Session Duration', '% of New Sessions', 'Email Open Rate', 'Email CTR', and 'Sales Cycle Length (Days)' with sources linked below.
    GrowRevenue, MarketingSherpa, Google Analytics, FirstPageSage, Google Analytics, HubSpot
    • Leaders will measure content marketing performance against these industry benchmarks.
    • If your content performance falls below these benchmarks, your content architecture may be missing the mark with prospective buyers.

    Common flaws in content messaging

    Why do marketers have a hard time consistently producing messaging that engages the buyer?

    Mistake #1

    Myopic Focus on Company and Product

    Content suffers a low ROI due to a myopic focus on the company and the product. This self-focused content fails to engage prospects and move them through the funnel.

    Mistake #2

    WIIFM Question Unanswered

    Content never answers the fundamental “What’s in it for me?” question due to a lack of true buyer understanding. This leads to an inability to communicate the value proposition to the prospect.

    Mistake #3

    Inability to Select the Right Content Format

    Marketers often guess what kind of content their buyers prefer without any real understanding or research behind what buyers would actually want to consume.

    		 Leaders Will Avoid the “Big Three” Pitfalls
    • While outdated content, poor content organization on your website, and poor SEO are additional strategic factors (outside the scope of this research), poor messaging structure will doom your content marketing strategy.
    • Leaders will be vigilant to diagnose current messaging structure and avoid:
      1. Making messaging all about you and your company.
      2. Failing to describe what’s in it for your prospects.
      3. Often guessing at what approach to use when structuring your messaging.

    Implications of poor content

    Without quality content, the sales and marketing cycles elongate and content marketing metrics suffer.
    • Lost sales: Research shows that B2B buyers are 57-70% done with their buying research before they ever contact sales.(Worldwide Business Research, 2022)
    • The buyer journey is increasingly digital: Research shows that 67% of the buyer's journey is now done digitally.(Worldwide Business Research, 2022)
    • Wasted time: In a Moz study of 750,000 pieces of content, 50% had zero backlinks, indicating that no one felt these assets were interesting enough to reference or share. (Moz, 2015)
    • Wasted money: SaaS companies spend $342,000 to $1,080,000 per year (or more) on content marketing. (Zenpost, 2022) The wrong content will deliver a poor ROI.

    50% — Half of the content produced has no backlinks. (Source: Moz, 2015)

    Content matters more than ever since 67% of the buyer's journey is now done digitally. (Source: Worldwide Business Research, 2022)

    Benefits of good content

    A content mapping approach lets content marketers:
    • Create highly personalized content. Content mapping helps marketers to create highly targeted content at every stage of the buyer’s journey, helping to nurture leads and prospects toward a purchase decision.
    • Describe “What’s in it for me?” to buyers. Remember that you aren’t your customer. Good content quickly answers the question “What’s in it for me?” (WIIFM) developed from the findings of the buyer persona. WIIFM-focused content engages a prospect within seven seconds.
    • Increase marketing ROI. Content marketing generates leads three times greater than traditional marketing (Patel, 2016).
    • Influence prospects. Investing in a new SaaS product isn’t something buyers do every day. In a new situation, people will often look to others to understand what they should do. Good content uses the principles of authority and social proof to build the core message of WIIFM. Authority can be conferred with awards and accolades, whereas social proof is given through testimonials, case studies, and data.
    • Build competitive advantage. Increase competitive advantage by providing content that aligns with the ideal client profile. Fifty-two percent of buyers said they were more likely to buy from a vendor after reading its content (1827 Marketing, 2022).
    		 Avoid value claiming. Leaders will use client testimonials as proof points because buyers believe peers more than they believe you.

    “… Since 95 percent of the people are imitators and only 5 percent initiators, people are persuaded more by the actions of others than by any proof we can offer. (Robert Cialdini, Influence: The Psychology of Persuasion)

    Full slide: 'Message Map Architecture'.

    Full slide: 'Message Map Template' with field descriptions and notes.

    Full slide: 'Message Map Template' with field descriptions, no notes.

    Full slide: 'Message Map Template' with blank fields.

    Full slide: 'Message Map Template' with 'Website Example segment.com' filled in fields.

    Full slide: 'Website Example segment.com' the website as it appears online with labels on the locations of elements of the message map.

    Full slide: 'Website Example segment.com' the website as it appears online with labels on the locations of elements of the message map.

    Full slide: 'Website Example segment.com' the website as it appears online with labels on the locations of elements of the message map.

    Full slide: 'Website Example segment.com' the website as it appears online with labels on the locations of elements of the message map.

    Email & Social Post Example

    Use the message mapping architecture to create other types of content.

    Examples of emails and social media posts as they appear online with labels on the locations of elements of the message map.

    Insight Summary

    Create Content That Matters

    Marketing content that identifies the benefit of the product along with a deep understanding of the buyer pain points, desired value, and benefit proof-points is a key driver in delivering value to a prospect, thereby increasing marketing metrics such as open rates, time on site, page views, and click-through rates.

    What’s in It for Me?

    Most content has a focus on the product and the company. Content that lacks a true and deep understanding of the buyer suffers low engagement and low conversions. Our research shows that all content must answer ”What’s in it for me?” for a prospect.

    Social Proof & Authority

    Buyers that are faced with a new and unusual buying experience (such as purchasing SaaS) look at what others say about the product (social proof) and what experts say about the product (authority) to make buying decisions.

    Scarcity & Loss Framing

    Research shows that scarcity is a strong principle of influence that can be used in marketing messages. Loss framing is a variation of scarcity and can be used by outlining what a buyer will lose instead of what will be gained.

    Unify the Experience

    Use your message map to structure all customer-facing content across Sales, Product, and Marketing and create a unified and consistent experience across all touchpoints.

    Close the Gap

    SaaS marketers often find the gap between product and company-focused content and buyer-focused content to be so insurmountable that they never manage to overcome it without a framework like message mapping.

    Related SoftwareReviews Research

    Sample of 'Create a Buyer Persona and Journey' blueprint.

    Create a Buyer Persona and Journey

    Make it easier to market, sell, and achieve product-market fit with deeper buyer understanding.
    • Reduce time and treasure wasted chasing the wrong prospects.
    • Improve product-market fit.
    • Increase open and click-through rates in your lead gen engine.
    • Perform more effective sales discovery and increase eventual win rates.
    		 Sample of 'Diagnose Brand Health to Improve Business Growth' blueprint.

    Diagnose Brand Health to Improve Business Growth

    Have a significant and well-targeted impact on business success and growth by knowing how your brand performs, identifying areas of improvement, and making data-driven decisions to fix it.
    • Importance of brand is recognized, endorsed, and prioritized.
    • Support and resources allocated.
    • All relevant data and information collected in one place.
    • Ability to make data-driven recommendations and decisions on how to improve.
    		 Sample of 'Build a More Effective Go-to-Market Strategy' blueprint.

    Build a More Effective Go-to-Market Strategy

    Creating a compelling Go-to-Market strategy, and keeping it current, is a critical software company function – as important as financial strategy, sales operations, and even corporate business development – given its huge impact on the many drivers of sustainable growth.
    • Align stakeholders on a common vision and execution plan.
    • Build a foundation of buyer and competitive understanding.
    • Deliver a team-aligned launch plan that enables commercial success.

    Bibliography

    Arakelyan, Artash. “How SaaS Companies Increase Their ROI With Content Marketing.” Clutch.co, 27 July 2018. Accessed July 2022.

    Bailyn, Evan. “Average Session Duration: Industry Benchmarks.” FirstPageSage, 16 March 2022. Accessed July 2022.

    Burstein, Daniel. “Marketing Research Chart: Average clickthrough rates by industry.” MarketingSherpa, 1 April 2014. Accessed July 2022.

    Cahoon, Sam. “Email Open Rates By Industry (& Other Top Email Benchmarks).” HubSpot, 10 June 2021. Accessed July 2022.

    Cialdini, Robert. Influence: Science and Practice. 5th ed. Pearson, 29 July 2008. Print.

    Cialdini, Robert. Influence: The Psychology of Persuasion. Revised ed. Harper Business, 26 Dec. 2006. Print.

    Content Marketing—Statistics, Evidence and Trends.” 1827 Marketing, 7 Jan. 2022. Accessed July 2022.

    Devaney, Erik. “Content Mapping 101: The Template You Need to Personalize Your Marketing.” HubSpot, 21 April 2022. Accessed July 2022.

    Hiscox Business Insurance. “Growing Your Business--and Protecting It Every Step of the Way.” Inc.com. 25 April 2022. Accessed July 2022.

    Hurley Hall, Sharon. “85 Content Marketing Statistics To Make You A Marketing Genius.” OptinMonster, 14 Jan. 2021. Accessed July 2022.

    Patel, Neil. “38 Content Marketing Stats That Every Marketer Needs to Know.” NeilPatel.com, 21 Jan. 2016. Web.

    Prater, Meg. “SaaS Sales: 7 Tips on Selling Software from a Top SaaS Company.” HubSpot, 9 June 2021. Web.

    Polykoff, Dave. “20 SaaS Content Marketing Statistics That Lead to MRR Growth in 2022.” Zenpost blog, 22 July 2022. Web.

    Rayson, Steve. “Content, Shares, and Links: Insights from Analyzing 1 Million Articles.” Moz, 8 Sept. 2015. Accessed July 2022.

    “SaaS Content Marketing: How to Measure Your SaaS Content’s Performance.” Ken Moo, 9 June 2022. Accessed July 2022.

    Taylor Gregory, Emily. “Content marketing challenges and how to overcome them.” Longitude, 14 June 2022. Accessed July 2022.

    Visitors Benchmarking Channels. Google Analytics, 2022. Accessed July 2022.

    WBR Insights. “Here's How the Relationship Between B2B Buying, Content, and Sales Reps Has Changed.” Worldwide Business Research, 2022. Accessed July 2022.

    “What’s a good bounce rate? (Here’s the average bounce rate for websites).” GrowRevenue.io, 24 Feb. 2020. Accessed July 2022.

    Infrastructure and Operations Priorities 2023

    • Buy Link or Shortcode: {j2store}54|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Disruptive & Emerging Technologies
    • Parent Category Link: /disruptive-emerging-technologies
    • Get out of your I&O silo. I&O teams must be expected to work alongside and integrate with cyber security operations.
    • Being unprepared for new ESG reporting mandates without a clear and validated ESG reporting process puts your organization at risk.
    • Get ahead of inflationary pressures with early budgetary planning and identify the gap between the catchup projects and required critical net new investments.

    Our Advice

    Critical Insight

    • Establish I&O within an AI governance program to build trust in AI results, behaviors, and limit legal exposure.
    • Develop data governance program that includes an I&O data steward for oversight.
    • Ready or not, the metaverse is coming to an infrastructure near you. Start expanding I&O technologies and processes to support a metaverse infrastructure.

    Impact and Result

    • Provide a framework that highlight the impacts the threats of an economic slowdown, growing regulatory reporting requirements, cyber security attacks and opportunity that smart governance over AI, data stewardship and the looming explosion of augmented reality and Web 3.0 technologies.
    • Info-Tech can help communicate your I&O priorities into compelling cases for your stakeholders.

    Infrastructure and Operations Priorities 2023 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Infrastructure & Operations Priorities 2023 – A framework to dive deeper into the trends most relevant to you and your organization

    Discover Info-Tech's six priorities for Infrastructure & Operations leaders.

    Infographic

    Further reading

    Infrastructure &Operations Priorities 2023

    Navigate the liminal space between threats and opportunities.

    2023: A liminal space between threats and opportunities

    Over the last several years, successful CEOs turned to their Infrastructure and Operations (I&O) departments to survive the effects of the pandemic. It was I&O leaders who were able to reconfigure critical infrastructure on the fly to support remote work, adapt to critical supply chain shortages, and work with lines of business managers to innovate operational workflows.

    2023 promises to bring a new set of challenges. Building on the credibility established during the pandemic, I&O is in a unique position to influence the direction a business will take to be successful in a time of austerity.

    I&O members are going to be asked to mitigate the threats of volatility from recession pressures, new cybersecurity attacks, and operational process and litigation from regulatory mandates. At the same time, I&O members are being asked for fundamental digital transformation items to realize long-term opportunities to their organizations in 2023.

    Seemingly counter-intuitive in a time of economic slowdown, organizations in 2023 will want to start the groundwork to realizing the I&O opportunities that unstructured data and artificial intelligence have promised, while prepping for what has been mislabeled as the Metaverse.

    If you are in a traditionally risk adverse industry, you’re more likely to be impacted by the threat mitigation.

    Opportunistic I&O members will use 2023 to proactively jumpstart digital transformation.

    Introduction

    Welcome to the Info-Tech 2023 I&O Priorities Report

    If I&O members learned anything from the last few years, it’s how to tactically respond to the disruptive waves often arising from sources external to the organization. The good news is that Info-Tech’s I&O priorities report provides forward-looking insights to help members become more proactive to the tsunami of change predicted in our Trends Report to happen over the next three to five years.

    Info-Tech I&O priorities are generated through a phased approach. The first phase senses and identifies mega and macro tends in the digital landscape to formulate hypotheses about the trends for the next three to five years. These hypotheses are validated by sending out a survey to Info-Tech members. The responses from 813 members was used to produce an Info-Tech Trends Report focused on major long-term trends.

    The I&O Priorities were determined by combining the I&O member responses within the Info-tech Trends Survey with insightful signals from secondary research, economic markets, regulatory bodies, industry organizations, and vendors. The six I&O priorities identified in this report are presented in a framework that highlight the impacts of an economic slowdown, growing regulatory reporting requirements, cybersecurity threats, smart governance of AI, embracing stewardship of data, and the looming explosion of augmented reality and Web 3.0 technologies.

    We also have a challenge exercise to help you communicate which priorities to focus your I&O organization on. Additionally, we linked some Info-tech research and tools related to the priorities that help your I&O organization formulate actionable plans for each area.

    Priorities

    Six forward-looking priorities for the next year.

    Focus

    Activity to help select which priorities are relevant for you.

    Actions

    Actionable Info-tech research and tools to help you deliver.

    Infrastructure & Operations priorities

    The I&O priorities were determined by combining I&O member responses from the Tech Trends and Priorities 2023 survey with insightful signals from secondary research, economic markets, regulatory bodies, industry organizations, and vendors.

    The image contains a screenshot of the Infrastructure & Operations priorities.

    I&O Priorities 2023

    The image contains a screenshot of the I&O Priorities.

    I&O priorities framework

    Threats signals

    Enhance I&O Cybersecurity

    Produce ESG Reporting

    Recession Readiness

    Get out of your silo. Forget your job description and start doing what needs to be done.

    Infrastructure rarely has authority in these areas, but somehow it ends up with many of the responsibilities. You can't afford to be reactive. Forget about your traditional silo and get out in front of these topics. Not in your job description? Find out whose job it is and make them aware. Better yet – take charge! If you're going to be responsible you might as well be in control.

    Opportunities signals

    AI Governance: Watching the Watchers

    Prep for A Brave New Metaverse

    Data Governance: Cornerstone of Value

    Proper stewardship of data is an I&O must. If thought you had problems with your unstructured data, wait until you see the data sprawl coming from the metaverse.

    I&O needs to be so much more than just an order taker for the dev teams and lines of business. The sprawl of unstructured data in Word, Excel, PDF and PowerPoint was bad historically; imagine those same problems at metaverse scale! Simple storage and connectivity is no longer enough – I&O must move upstream with more sophisticated service and product offerings generated through proper governance and stewardship.

    Challenge: Expand the I&O border

    The hidden message in this report is that I&O priorities extend beyond the traditional scope of I&O functions. I&O members need to collaborate across functional areas to successfully address the priorities presented in this report.

    Info-Tech can help! Align your priorities with our material on how to Build a Business-Aligned IT Strategy. Use a modified version of the Strategy Initiative Template (next slide) to convey your strong opinion on the priorities you need your stakeholders to know about. And do so in a way that is familiar so they will easily understand.

    		The image contains a screenshot of Info-Tech's Maturity Ladder.
    Info-Tech 2023 Trends Survey Results

    Call your Executive Advisor or Counselor to help identify the one or two key messages you want to bring forward for success in 2023!

    Info-Tech IT Strategy Initiative Template, from the IT Strategy Presentation Template & Priorities Report Initiative Template

    .
    The image contains a screenshot of a template for your priorities.

    Protect from threats

    Get out of your silo. Forget your job description and just start doing what needs to be done.

    Enhance I&O Cybersecurity

    Produce ESG Reporting

    Recession Readiness

    Enhance cybersecurity response

    SIGNALS

    Cybersecurity incidents are
    a clear and present danger
    to I&O members.

    Cybersecurity incidents have
    a large financial impact
    on organizations.

    Related Info-Tech Research

    Of the surveyed I&O members, 53% identified cybersecurity incidents as the number one threat disrupting their operations in 2023. It’s understandable, as over 18% of surveyed I&O members experienced a cybersecurity incident in 2022. Alarmingly, 10% of surveyed I&O members didn’t know if they had a cybersecurity incident. The impact to the organization was with 14% of those incidents directly impacting their organizations for anywhere from 6 to 60 days.

    The 2022 report “Cost of a Data Breach” was conducted by IBM and the Ponemon Institute using data from 550 companies (across 17 countries) that experienced a security incident during a 12-month period ending in March 2022. It highlighted that the average total organizational cost of a security breach globally was USD 4.35M (locally these numbers expand to USA at USD 9.44M, Canada at USD 5.64, UK at USD 5.05M, Germany at USD 4.85M).

    (Source: IBM, 2022)

    Enhance cybersecurity response

    SIGNALS

    Organizations' exposure comes from internal and external sources.

    The right tools and process can reduce the impact of a cybersecurity incident.

    Related Info-Tech Research

    The IBM/Ponemon Institute report highlighted the following:

    • 59% of organizations didn’t deploy a zero-trust architecture on critical infrastructure to reduce exposure.
    • 19% of the breaches originated from within their business partner eco-system.
    • 45% were cloud-based.

    (Source: IBM, 2022)

    The IBM/Ponemon Institute report also identified technologies and procedures to reduce the fiscal impacts of cybersecurity breaches. Having a dedicated security incident response team with a regularly tested plan reduced the incident cost by an average of USD 2.66M. A fully implemented AI security deduction and response automation system can provide average incident savings of 27.6%.

    Enhance cybersecurity response

    SIGNALS

    Cybersecurity spending is a major and expanding expenditure for our members.

    Cybersecurity is going
    to include brand misinformation.

    For 36% of surveyed I&O members, cybersecurity consumed between 10-20% of their total budget in 2022. Moreover, cybersecurity defense funding is expected to increase for 57% of I&O members.

    A third of surveyed I&O members viewed misinformation as a major risk to their organization for 2023 and 2024. Only 38% of the I&O members reported that they will have software in place to monitor and manage social media posts.

    Increasing environment and regulatory complexity demands more sophisticated cybersecurity operations.

    Infrastructure teams must be expected to work alongside and integrate with cybersecurity operations.

    Enhance cybersecurity response

    CALL TO ACTION

    Get out of your I&O silo and form cross-functional cybersecurity teams.

    I&O priority actions

    Establish a cross-functional security steering committee to coordinate security processes and technologies. The complexity of managing security across modern applications, cloud, IoT, and network infrastructure that members operate is greater than ever before and requires coordinated teamwork.

    Contain the cyber threat with zero trust (ZT) architecture. Extend ZT to network and critical infrastructure to limit exposure.

    Leverage AI to build vigilant security intelligence. Smart I&O operators will make use of AI automation to augment their security technologies to help detect threats and contain security incidents on critical infrastructure.

    Enhance cybersecurity response

    I&O priority actions

    Build specialized cybersecurity incident management protocols with your service desk. Build integrated security focused teams within service desk operations that continually test and improve security incident response protocols internally and with specialized security vendors. In some organizations, security incident response teams extend beyond traditional infrastructure into social media. Work cross-functionally to determine the risk exposure to misinformation and incident response procedures.

    Treat lost or stolen equipment as a security incident. Develop hardware asset management protocols for tracking and reporting on these incidents and keep a record of equipment disposal. Implement tools that allow for remote deletion of data and report on lost or stolen equipment.

    Produce ESG reporting

    SIGNALS

    Government mandates present an operational risk to I&O members.

    ESG reporting is
    often incomplete.

    Related Info-Tech Research

    Surveyed members identified government-enacted policy changes to be a top risk to disrupting to their business operations in 2023. One of the trends identified by Info-Tech is that the impact of regulations on environmental, social, and governance (ESG) reporting are being rolled out by governments worldwide.

    Alarmingly, only 7% of surveyed members responded that they could very accurately report on their carbon footprint and 23% said they were not able to report accurately at all.

    Produce ESG reporting

    SIGNALS

    ESG mandates are being rolled out globally.

    ESG reporting has greatly expanded since a 2017 report by Task Force on Climate-Related Financial Disclosures (TCFD, 2017) which recommended that organizations disclose climate-related financial metrics for investors to appropriately price climate-related risks to share price. In 2021, the Swiss Finance Institute research paper (Sautner, 2021) identified 29 countries that require ESG reporting, primarily for larger public companies, financial institutions, and state-owned corporations.

    Global ESG mandates

    The image contains a screenshot of a world map that demonstrates the Global ESG Mandates.

    29 nations with ESG mandates identified by the Swiss Finance Institute

    Produce ESG reporting

    SIGNALS

    ESG mandates are being rolled out globally.

    The EU has mandated ESG reporting for approximately 11,700 large public companies with more than 500 employees under the Non-Financial Reporting Directive (NFRD), since 2014. The EU is going to replace the NFRD with the Corporate Sustainability Reporting Directive (European Council, 2022), which has set a 3-year timetable for escalating the ESG reporting level to what is estimated to be about 75% of EU total turnover (WorldFavor, 2022).

    • 2024: Companies with 500 or more employees.
    • 2025: Companies with 250 or more employee or 40M EU in revenue/20M in total assets.
    • 2026: SMEs, smaller credit financial, and captive insurance institutions.

    It's been a long time since most enterprises had to report on things like power efficiency factors.

    But don't think that being in the cloud will insulate you from a renewed interest in ESG reporting.

    Produce ESG reporting

    CALL TO ACTION

    Being unprepared for new ESG reporting mandates without a clear and validated ESG reporting process puts your organization at risk.

    I&O priority actions

    Understand ESG risk exposure. Define the gap between what ESG reporting is required in your jurisdiction and current reporting capabilities to meet them. Build the I&O role with responsibility for ESG reporting.

    Include vendors in ESG reporting. Review infrastructure facilities with landlords, utilities, and hosting providers to see if they can provide ESG reporting on sustainable power generation, then map it to I&O power consumption as part of their contractual obligations. Ask equipment vendors to provide ESG reporting on manufacturing materials and energy consumption to boot-strap data collection.

    Implement a HAM process to track asset disposal and other types of e-waste. Update agreements with disposal vendors to get reporting on waste and recycle volumes.

    Produce ESG reporting

    I&O priority actions

    Implement an ESG reporting framework. There are five major ESG reporting frameworks being used globally. Select one of the frameworks below that makes sense for your organization, and implement it.

    ISO 14001 Environmental Management: Part of the ISO Technical Committee family of standards that allows your organization to understand its legal requirements to become certified in ESG.

    Global Reporting Initiative (GRI) Sustainability Reporting Standards: GRI has been developing ESG reporting standards since 1997. GRI provides a modular ESG framework applicable to all sizes and sectors of organizations worldwide.

    Principles for Responsible Investment: UN-developed framework for ESG reporting framework for disclosure in responsible investments.

    Sustainability Accounting Standards Board (SASB): ESG report framework to be used by investors.

    UN Global Compact: ESG reporting framework based on 10 principles that organizations can voluntarily contribute data to.

    Implement a HAM process to track asset disposal and other types of e-waste. Update agreements with disposal vendors to get reports on waste and recycle volumes.

    Recession readiness

    SIGNALS

    Managing accelerated technical debt.

    Recessionary pressures.

    Related Info-Tech Research

    I&O members experienced a spike in technical debt following the global pandemic economic shutdown, workforce displacement, and highly disrupted supply chains. 2023 presents a clear opportunity to work on these projects.

    The shortages in workforce and supply chain have accelerated inflation post pandemic. Central banks have started to slow down inflation in 2022 by raising interest rates. However, the World Bank has forecast a potential 2% rise in interest rates as the battle with inflation continues into 2023 and beyond, which could set off a global slowdown in GDP growth to 0.5%, qualifying as a recession. If interest rates continue to climb, I&O members may struggle with the higher cost of capital for their investments.

    (Source: World Bank Organization, 2022)

    Recession readiness

    SIGNALS

    I&O budgets expected to increase.

    Focused budgetary increases.

    Despite economists’ prediction of a looming recession and inflationary pressures, only 11% of I&O members surveyed indicated that they anticipated any reduction in IT budgets for 2023. In fact, 44% of I&O members expected an increase of IT budgets of between 6% and 30%.

    These increases in budget are not uniform across all investments. Surveyed I&O members indicated that the largest anticipated budget increases (compared to 2022) were in the areas of:

    • AI/machine learning ( +7.5%)
    • 5G (+7%)
    • Data Mesh/Fabric and Data Lake infrastructure (+5.7% and +4.4%, respectively)
    • Mixed reality technologies (augmented or virtual reality) (+3.3%)
    • Next generation cybersecurity (+1.7%)

    "2022 has been the first true opportunity to start getting caught up on technical debt stemming from the post pandemic supply chain and resource shortages. That catch-up is going to continue for some time.

    Unfortunately, the world isn't sitting still while doing that. In fact, we see new challenges around inflationary pressures. 2023 planning is going to be a balancing act between old and new projects."

    Paul Sparks,
    CTO at Brookshire Grocery Company

    Recession readiness

    SIGNALS

    Tough choices on budgetary spends.

    The responses indicated that I&O members expect decreased reinvestment for 2023 for the following:

    • API programming (-21.7%)
    • Cloud computing (-19.4%)
    • 44% of I&O members indicated if 2023 requires costs cutting, 5-20% of their cloud computing investment will be at risk of the chopping block!
    • Workforce management (-9.4%)
    • No-code /low-code infrastructure (-5.3%)

    Make sure you can clearly measure the value of all budgeted I&O activities.

    Anything that can't demonstrate clear value to leadership is potentially on the chopping block.

    Recession readiness

    CALL TO ACTION

    Get ahead of inflationary pressures with early budgetary planning, and identify the gap between the catch-up projects and required critical net new investments.

    II&O priority actions

    Hedge against inflation on infrastructure projects. Develop and communicate value-based strategies to lock in pricing and mitigate inflationary risk with vendors.

    Communicate value-add on all I&O budgeted items. Define an infrastructure roadmap to highlight which projects are technical debt and which are new strategic investments, and note their value to the organization.

    Look for cost saving technologies. Focus on I&O projects that automate services to increase productivity and optimize head count.

    Realize opportunities

    Build on a record of COVID-related innovation success and position the enterprise to take advantage of 2023.

    AI governance: Watching the watchers

    Data stewardship: Cornerstone of value

    Prep for a brave new metaverse

    AI governance: Watching the watchers

    SIGNALS

    Continued investment
    in AI technologies

    AI technology is permeating diverse I&O functional areas.

    Related Info-Tech Research

    About 32% of survey respondents who work in I&O said that they already invest in AI, and 40% intend to invest in 2023.

    I&O members have identified the following areas as the top five focal points for AI uses within their organizations.

    • Automated repetitive, low-level tasks
    • Business analytics or intelligence
    • Identification of risks and improvement of security response
    • Monitoring and governance
    • Sensor data analysis

    AI governance: Watching the watchers

    SIGNALS

    Consequences for misbehaving AI.

    I&O leaders can expect to have silos of AI in pockets scattered across the enterprise. Without oversight on the learning model and the data used for training and analytics there is a risk of overprovisioning, which could reduce the efficiency and effectiveness of AI models and results.

    This scale advantage of AI could result in operational inefficiencies without oversight. For example, bad governance means garbage in / garbage out. Which is worse: getting 100 outputs from a system with a 1% error rate, or getting 10,000 outputs from a system with an 1% error rate?

    These are just the operational issues; legally you can be on the hook, as well. The EU Parliament has issued a civil liability regime for AI (European Parliament, n.d.) which imposes liability to operators of AI systems, regardless of whether they acted with operational due diligence. Additionally, the IEEE (IEEE, 2019) is advocating for legal frameworks and accountability for AI that violates human rights and privacy laws and causes legal harm.

    Who is going to instill standards for AI Operations? Who is going to put in the mechanisms to validate and explain the output of AI black boxes?

    If you said it’s going to end up
    being Infrastructure and Operations – you were right!

    AI governance: Watching the watchers

    CALL TO ACTION

    Establish I&O within an AI governance program to build trust in AI results and behaviors and limit legal exposure.

    I&O priority actions

    Define who has overall AI accountability for AI governance within I&O. This role is responsible for establishing strategic governance metrics over AI use and results, and identifying liability risks.

    Maintain an inventory of AI use. Conduct an audit of where AI is used within I&O, and identify gaps in documentation and alignment with I&O processes and organizational values.

    Define an I&O success map. Provide transparency of AI use by generating pseudo code of AI models, and scorecard AI decision making with expected predictions and behavioral actions taken.

    AI governance: Watching the watchers

    Manage bias in AI decision making. Work with AI technology vendors to identify how unethical bias can enter the results, using operational data sets for validation prior to rollout.

    Protect AI data sets from manipulation. Generate new secure storage for AI technology audit trails on AI design making and results. Work with your security team to ensure data sets used by AI for training can’t be corrupted.

    Data governance: Cornerstone of value

    SIGNALS

    Data volumes grow
    with time.

    Data is seen as a source for generating new value.

    Related Info-Tech Research

    Of surveyed I&O members, 63% expected to see the data storage grow by at least 10% in 2023, and 15% expected a 30% or more growth in data storage volumes.

    I&O members identified the top three ways data brings value to the organization:

    • Helping reduce operational costs.
    • Presenting value-added to existing products and services.
    • Acquiring new customers.

    Data governance: Cornerstone of value

    SIGNALS

    Approach to data analysis is primarily done in-house.

    85% of surveyed I&O members are doing data analysis with custom-made or external tools. Interestingly, 10% of I&O members do not conduct any data analysis.

    Members are missing a formal data governance process.

    81% of surveyed I&O members do not have a formal or automated process for data governance. Ironically, 24% of members responded that they aim to have publicly accessible data-as-a-service or information repositories.

    Despite investment in data initiatives, organizations carry high levels of data debt.

    Info-Tech research, Establish Data Governance, points out that data debt, the accumulated cost associated with sub-optimal governance of data assets, is a problem for 78% of organizations.

    What the enterprise expects out of enterprise storage is much more complicated in 2023.

    Data protection and governance are non-negotiable aspects of enterprise storage, even when it’s unstructured.

    Data governance: Cornerstone of value

    SIGNALS

    Data quality is the primary driver for data governance.

    The data governance market
    is booming.

    Related Info-Tech Research

    In the 2022 Zaloni survey of data governance professionals, 71% indicated that consistent data quality was the top metric for data governance, followed by reduced time to insight and regulatory compliance.

    (Source: Zaloni DATAVERSITY, 2022)

    The Business Research Company determined that the global data governance market is expected to grow from $3.28 billion in 2022 to $7.42 billion in 2026 at a CAGR of 22.7% in response to 74 zettabytes of data in 2021, with a growth rate of 1.145 trillion MB of new data being created every day.

    (Source: Business Research Company, 2022)

    Data governance: Cornerstone of value

    CALL TO ACTION

    Develop a data governance program that includes an I&O data steward for oversight.

    I&O priority actions

    Establish an I&O data steward. Make data governance by establishing a data steward role with accountability for governance. The steward works collaboratively with DataOPs to control access to I&O data, enforce policies, and reduce the time to make use of the data.

    Define a comprehensive storage architecture. If you thought you had a data sprawl problem before, wait until you see the volume of data generated from IoT and Web 3.0 applications. Get ahead of the problem by creating an infrastructure roadmap for structured and unstructured data storage.

    Build a solid backbone for AI Operations using data quality best practices. Data quality is the foundation for generation of operational value from the data and artificial intelligence efforts. Focus on using a methodology to build a culture of data quality within I&O systems and applications that generate data rather than reactive fixes.

    Look to partner with third-party vendors for your master data management (MDM) efforts. Modern MDM vendors can work with your existing data fabrics/lake and help leverage your data governance policies into the cloud.

    Prep for a brave new metaverse

    SIGNALS

    From science fiction to science fact.

    The term metaverse was coined in 1992 by Neal Stephenson and is a common theme in science fiction. For most I&O surveyed professionals, the term metaverse conjures up more confusion than clarity, as it’s not one place, but multiple metaverse worlds. The primordial metaverse was focused on multiplayer gaming and some educational experiences. It wasn’t until recently that it gained a critical mass in the fashion and entertainment industries with the use of non-fungible tokens (NFT). The pandemic created a unique opportunity for metaverse-related technologies to expand Web 3.0.

    Related Info-Tech Research

    Prep for a brave new metaverse

    SIGNALS

    Collaboration and beyond.

    On one hand, metaverse technologies virtual reality(VR)/augmented reality (AR) headsets can be a method of collaborating internally within a single organization. About 10% of our surveyed I&O members engaged this type of collaborative metaverse in 2022, with another 24% looking to run proof of concept projects in 2023. However, there is a much larger terrain for metaverse projects outside of workforce collaboration, which 17% of surveyed I&O members are planning to engage with in 2023.

    These are sophisticated new metaverse worlds, and digital twins of production environments are being created for B2B collaboration, operations, engineering, healthcare, architecture, and education that include the use of block chain, NFTs, smart contracts, and other Web 3.0 technologies

    “They are the audiovisual bodies that people use to communicate with each other in the Metaverse.”

    Neal Stephenson,
    Snow Crash 1992

    Prep for a brave new metaverse

    SIGNALS

    Metaverse requires multidimensional security.

    Security in the context of the metaverse presents new challenges to I&O. The infrastructure that runs the metaverse is still vulnerable to “traditional” security threats. New attack vectors include financial and identity fraud, privacy and data loss, along with new cyber-physical threats which are predicted to occur as the metaverse begins to integrate with IoT and other 3D objects in the physical world.

    The ultimate in "not a product" – the metaverse promises to be a hodgepodge of badly standardized technologies for the near future.

    Be prepared to take care of pets and not cattle for the foreseeable future, but keep putting the fencing around the ranch.

    Prep for a brave new metaverse

    SIGNALS

    Generating new wave of sophisticated engineering coming.

    Economics boom around metaverse set to explode.

    Related Info-Tech Research

    Beyond the current online educational resources, there are reputable universities around the world, including Stanford University, that are offering courses on metaverse and Web 3.0 concepts.

    (Source: Arti, 2022)

    So, what’s providing the impetus for all this activity and investment? Economics. In their 2022 report, Metaverse and Money, Citi estimated that the economic value of the metaverse(s) will have 900M to 1B VR/AR users and 5 billion Web 3.0 users with market sizes of $1-2T and $8-$13T, respectively. Yes, that’s a “T” for Trillions.

    (Source: Ghose, 2022)

    Prep for a brave new metaverse

    CALL TO ACTION

    Ready or not, the metaverse is coming to an infrastructure near you. Start expanding I&O technologies and processes to support a metaverse infrastructure.

    I&O priority actions

    Develop a plan for network upgrades.

    A truly immersive VR/AR experience requires very low latency. Identify gaps and develop a plan to enhance your network infrastructure surrounding your metaverse space(s) and end users.

    Extend security posture into the metaverse.

    Securing the infrastructure that runs your metaverse is going to extend the end-user equipment used to navigate it. More importantly, security policies need to encompass the avatars that navigate it and the spatial web that they interact with, which can include physical world items like IoT.

    Prep for a brave new metaverse

    I&O priority actions

    Metaverse theft prevention

    Leverage existing strategies to identify management in the metaverse. Privacy policies need to extend their focus to data loss prevention within the metaverse.

    Collaborate

    The skill set required to build, deploy, manage, and support the metaverse is complex. Develop a metaverse support organization that extends beyond I&O functions into security, DevOps, and end-user experiences.

    Educate

    Web 3.0 technologies and business models are complex. Education of I&O technical- and commerce-focused team members is going to help prevent you from getting blindsided. Seek out specialized training programs for technical staff and strategic education for executives, like the Wharton School of Business certification program.

    Authors

    John Annand

    Theo Antoniadis

    John Annand

    Principal Research Director

    Theo Antoniadis

    Principal Research Director

    Contributors

    Paul Sparks,
    CTO at Brookshire Grocery Company

    2 Anonymous Contributors

    Figuring out the true nature of the “Turbo” button of his 486DX100 launched John on a 20-year career in managed services and solution architecture, exploring the secrets of HPC, virtualization, and DIY WANs built with banks of USR TotalControl modems. Today he focuses his research and advisory on software-defined infrastructure technologies, strategy, organization, and service design in an increasingly Agile and DevOps world.

    Theo has decades of operational and project management experience with start-ups and multinationals across North America and Europe. He has held various consulting, IT management and operations leadership positions within telecommunications, SaaS, and software companies.

    Bibliography

    “3 Cybersecurity Trends that are Changing Financial Data Management." FIMA US. Accessed August 2022.
    Arti. “While much of the world is just discovering the Metaverse, a number of universities have already established centers for studying Web 3." Analytics Insight. 10 July 2022.
    “Artificial intelligence (AI) for cybersecurity." IBM. Accessed September 2022
    “Business in the Metaverse Economy." Wharton School of University of Pennsylvania. Accessed October 2022.
    “Cost of a data breach 2022: A million-dollar race to detect and respond." IBM. Accessed September 2022.
    “Countries affected by mandatory ESG reporting – here’s the list." New Zealand Ministry of Business, Innovation & Employment. Accessed September 2022.
    “Countries affected by mandatory ESG reporting – here’s the list.” WorldFavor. Accessed September 2022.
    Crenshaw, Caroline A. “SEC Proposes to Enhance Disclosures by Certain Investment Advisers and Investment Companies About ESG Investment Practices." U.S. Securities and Exchange Commission. May 2022.
    “Cutting through the metaverse hype: Practical guidance and use cases for business." Avanade. Accessed October 2022.
    “Data Governance Global Market Sees Growth Rate Of 25% Through 2022." The Business Research Company. August 2022.
    “DIRECTIVE 2014/95/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 22 October 2014 amending Directive 2013/34/EU as regards disclosure of non-financial and diversity information by certain large undertakings and groups." UER-Lex. Accessed September 2022.
    "Ethically Aligned Design: A Vision for Prioritizing Human Well-being with Autonomous and Intelligent Systems." IEEE. March 2019.
    “European Parliament resolution of 20 October 2020 with recommendations to the Commission on a civil liability regime for artificial intelligence." European Parliament. Accessed October 2022.
    Ghose, Ronit et al. "Metaverse and Money." Citi GPS. March 2022.
    Hernandez, Roberto, et al. “Demystifying the metaverse." PWC. Accessed August 2022.
    Info-Tech Trends Report Survey, 2023; N=813.
    “ISO 14000 Family: Environmental Management." ISO. Accessed October 2022.
    Knight, Michelle & Bishop, Annie, ”The 2022 State of Cloud Data Governance.“ Zaloni DATAVERSITY. 2022.

    Bibliography

    Kompella, Kashyap, “What is AI governance and why do you need it?“ TechTarget. March 2022.
    “Management of electronic waste worldwide in 2019, by method." Statista. 2022.
    “Model Artificial Intelligence Governance Framework and Assessment Guide.“ World Economic Forum. Accessed September 2022.
    “Model Artificial Intelligence Governance Framework." PDPC Singapore. Accessed October 2022.
    “New rules on corporate sustainability reporting: provisional political agreement between the Council and the European Parliament.“ European Council. June 2022.
    "OECD Economic Outlook Volume 2022." OECD iLibrary. June 2022.
    "Recommendations of the Task Force on Climate-related Financial Disclosures." TCFD. Accessed August 2022.
    “Risk of Global Recession in 2023 Rises Amid Simultaneous Rate Hikes.” World Bank Organization. September 2022.
    Sautner, Zacharias, et al. “The Effects of Mandatory ESG Disclosure around the World.” SSRN. November 2021.
    Sondergaard, Peter. “AI GOVERNANCE – WHAT ARE THE KPIS? AND WHO IS ACCOUNTABLE?“ The Sondergaard Group. November 2019.
    Srivastavam Sudeep, “How can your business enter the Metaverse?." Appinventiv.
    September 2022.
    “Standards Overview." SASB. Accessed October 2022.
    Stephenson, Neal. Snow Crash. Bantam Books, 1992.
    “Sustainability Reporting Standards." Global Reporting Initiative. Accessed October 2022.
    “The Ten Principles of the UN Global Compact." UN Global Compact. Accessed October 2022.
    Tian Tong Lee, Sheryl. "China Unveils ESG Reporting Guidelines to Catch Peers.” Bloomberg. May 2022.
    “What are the Principles for Responsible Investment?" UNPRI. Accessed October 2022.
    "What is the EU's Corporate Sustainability Reporting Directive (CSRD)?" WorldFavor.
    June 2022.
    West, Darrell M. “Six Steps to Responsible AI in the Federal Government.“ Brookings Institution. March 2022. Web.

    Tell Your Story With Data Visualization

    • Buy Link or Shortcode: {j2store}364|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Business Intelligence Strategy
    • Parent Category Link: /business-intelligence-strategy

    Analysts do not feel empowered to challenge requirements to deliver a better outcome. This alongside underlying data quality issues prevents the creation of accurate and helpful information. Graphic representations do not provide meaningful and actionable insights.

    Our Advice

    Critical Insight

    As organizations strive to become more data-driven, good storytelling with data visualization supports growing corporate data literacy and helps analysts in providing insights that improves organization's decision-making and value-driving processes, which ultimately boosts business performance.

    Impact and Result

    Follow a step-by-step guide to address the business bias of tacet experience over data facts and increase audience's understanding and acceptance toward data solutions.

    Save the lost hours and remove the challenges of reports and dashboards being disregarded due to ineffective usage.

    Gain insights from data-driven recommendations and have decision support to make informed decisions.

    Tell Your Story With Data Visualization Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Tell Your Story With Data Visualization Deck – Solve challenging business problems more effectively and improve communication with audiences by demonstrating significant insights through data storytelling with impactful visuals.

    Here is our step-by-step process of getting value out of effective storytelling with data visualization:

  • Step 1: Frame the business problem and the outcomes required.
  • Step 2: Explore the potential drivers and formulate hypotheses to test.
  • Step 3: Construct a meaningful narrative which the data supports.

    • Tell Your Story With Data Visualization Storyboard

    2. Storytelling Whiteboard Canvas Template – Plan out storytelling using Info-Tech’s whiteboard canvas template.

    This storytelling whiteboard canvas is a template that will help you create your visualization story narrative by:

  • Identifying the problem space.
  • Finding logical relationships and data identification.
  • Reviewing analysis and initial insights.
  • Building the story and logical conclusion.

    • Storytelling Whiteboard Canvas Template
    [infographic]

    Further reading

    Tell Your Story With Data Visualization

    Build trust with your stakeholders.

    Analyst Perspective

    Build trust with your stakeholders.

    Data visualization refers to graphical representations of data which help an audience understand. Without good storytelling, however, these representations can distract an audience with enormous amounts of data or even lead them to incorrect conclusions.

    Good storytelling with data visualization involves identifying the business problem, exploring potential drivers, formulating a hypothesis, and creating meaningful narratives and powerful visuals that resonate with all audiences and ultimately lead to clear actionable insights.

    Follow Info-Tech's step-by-step approach to address the business bias of tacit experience over data facts, improve analysts' effectiveness and support better decision making.

    Ibrahim Abdel-Kader, Research Analyst

    Ibrahim Abdel-Kader
    Research Analyst,
    Data, Analytics, and Enterprise Architecture

    Nikitha Patel, Research Specialist

    Nikitha Patel
    Research Specialist,
    Data, Analytics, and Enterprise Architecture

    Ruyi Sun, Research Specialist

    Ruyi Sun
    Research Specialist,
    Data, Analytics, and Enterprise Architecture

    Our understanding of the problem

    This research is designed for

    • Business analysts, data analysts, or their equivalent who (in either a centralized or federated operating model) look to solve challenging business problems more effectively and improve communication with audiences by demonstrating significant insights through visual data storytelling.

    This research will also assist

    • A CIO or business unit (BU) leader looking to improve reporting and analytics, reduce time to information, and embrace decision making.

    This research will help you

    • Identify the business problem and root causes that you are looking to address for key stakeholders.
    • Improve business decision making through effective data storytelling.
    • Focus on insight generation rather than report production.
    • Apply design thinking principles to support the collection of different perspectives.

    This research will help them

    • Understand the report quickly and efficiently, regardless of their data literacy level.
    • Grasp the current situation of data within the organization.

    Executive Summary

    Your Challenge Common Obstacles Info-Tech's Approach
    As analysts, you may experience some critical challenges when presenting a data story.
    • The graphical representation does not provide meaningful or actionable insights.
    • Difficulty selecting the right visual tools or technologies to create visual impact.
    • Lack of empowerment, where analysts don't feel like they can challenge requirements.
    • Data quality issues that prevent the creation of accurate and helpful information.
    		 Some common roadblocks may prevent you from addressing these challenges.
    • Lack of skills and context to identify the root cause or the insight that adds the most value.
    • Lack of proper design or over-visualization of data will mislead/confuse the audience.
    • Business audience bias, leading them to ignore reliable insights presented.
    • Lack of the right access to obtain data could hinder the process.
    • Understand and dissect the business problem through Info-Tech's guidance on root cause analysis and design thinking process.
    • Explore each potential hypothesis and construct your story's narratives.
    • Manage data visualization using evolving tools and create visual impact.
    • Inform business owners how to proceed and collect feedback to achieve continuous improvement.

    Info-Tech Insight
    As organizations strive to become more data-driven, good storytelling with data visualization supports growing corporate data literacy and helps analysts provide insights that improve organizational decision-making and value-driving processes, which ultimately boosts business performance.

    Glossary

    • Data: Facts or figures, especially those stored in a computer, that can be used for calculating, reasoning, or planning. When data is processed, organized, structured, or presented in a given context to make it useful, it is called information. Data leaders are accountable for certain data domains and sets.
    • Data storytelling: The ability to create a narrative powered by data and analytics that supports the hypothesis and intent of the story. Narrators of the story should deliver a significant view of the message in a way easily understood by the target audience. Data visualization can be used as a tactic to enhance storytelling.
    • Data visualization: The ability to visually represent a complete story to the target audience powered by data & analytics, using data storytelling as an enabling mechanism to convey narratives. Typically, there are two types of visuals used as part of data visualization: explanatory/informative visuals (the entire story or specific aspects delivered to the audience) and exploratory visuals (the collected data used to clarify what questions must be answered).
    • Data literacy: The ability to read, work with, analyze, and argue with data. Easy access to data is essential to exercising these skills. All organizational employees involved with data-driven decisions should learn to think critically about the data they use for analytics and how they assess and interpret the results of their work.
    • Data quality: A measure of the condition of data based on factors such as accuracy, completeness, consistency, reliability, and being up-to-date. This is about how well-suited a data set is to serve its intended purpose, therefore business users and stakeholders set the standards for what is good enough. The governance function along with IT ensures that data quality measures are applied, and corrective actions taken.
    • Analytics/Business intelligence (BI): A technology-driven process for analyzing data and delivering actionable information that helps executives, managers, and workers make informed business decisions. As part of the BI process, organizations collect data from internal IT systems and external sources, prepare it for analysis, run queries against the data, and create data visualizations.
      Note: In some frameworks, analytics and BI refer to different types of analyses (i.e. analytics predict future outcomes, BI describes what is or has been).

    Getting value out of effective storytelling with data visualization

    Data storytelling is gaining wide recognition as a tool for supporting businesses in driving data insights and making better strategic decisions.

    92% of respondents agreed that data storytelling is an effective way of communicating or delivering data and analytics results.

    87% of respondents agreed that if insights were presented in a simpler/clearer manner, their organization's leadership team would make more data-driven decisions.

    93% of respondents agreed that decisions made based on successful data storytelling could potentially help increase revenue.

    Source: Exasol, 2021

    Despite organizations recognizing the value of data storytelling, issues remain which cannot be remedied solely with better technology.

    61% Top challenges of conveying important insights through dashboards are lack of context (61%), over-communication (54%), and inability to customize contents for intended audiences (46%).

    49% of respondents feel their organizations lack storytelling skills, regardless of whether employees are data literate.

    Source: Exasol, 2021

    Info-Tech Insight
    Storytelling is a key component of data literacy. Although enterprises are increasingly investing in data analytics software, only 21% of employees are confident with their data literacy skills. (Accenture, 2020)

    Prerequisite Checklist

    Before applying Info-Tech's storytelling methodology, you should have addressed the following criteria:

    • Select the right data visualization tools.
    • Have the necessary training in statistical analysis and data visualization technology.
    • Have competent levels of data literacy.
    • Good quality data founded on data governance and data architecture best practices.

    To get a complete view of the field you want to explore, please refer to the following Info-Tech resources:

    Select and Implement a Reporting and Analytics Solution

    Build a Data Architecture Roadmap

    Establish Data Governance

    Build Your Data Quality Program

    Foster Data-Driven Culture With Data Literacy

    Info-Tech's Storytelling With Data Visualization Framework

    Data Visualization Framework

    Info-Tech Insight
    As organizations strive to become more data-driven, good storytelling with data visualization supports growing corporate data literacy and helps analysts provide insights that improve organizational decision-making and value-driving processes, which ultimately boosts business performance.

    Research Benefits

    Member Benefits Business Benefits
    • Reduce time spent on getting your audience in the room and promote business involvement with the project.
    • Eliminate ineffectively used reports and dashboards being disregarded for lack of storytelling skills, resulting in real-time savings and monetary impact.
    • Example: A $50k reporting project has a 49% risk of the company being unable to communicate effective data stories (Exasol, 2021). Therefore, a $50k project has an approx. 50% chance of being wasted. Using Info-Tech's methodology, members can remove the risk, saving $25k and the time required to produce each report.
    • Address the common business bias of tacit experience over data-supported facts and increase audience understanding and acceptance of data-driven solutions.
    • Clear articulation of business context and problem.
    • High-level improvement objectives and return on investment (ROI).
    • Gain insights from data-driven recommendations to assist with making informed decisions.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit Guided Implementation Workshop Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Adopt Change Management Practices and Succeed at IT Organizational Redesign

    • Buy Link or Shortcode: {j2store}393|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Organizational Design
    • Parent Category Link: /organizational-design

    Organizational redesigns frequently fail when it comes to being executed. This leads to:

    • The loss of critical talent and institutional knowledge.
    • An inability to deliver on strategic goals and objectives.
    • Financial and time losses to the organization.

    Organizational redesigns fail during implementation primarily because they do not consider the change management required to succeed.

    Our Advice

    Critical Insight

    Implementing your organizational design with good change management practices is more important than defining the new organizational structure.

    Implementation is often negatively impacted due to:

    • Employees not understanding the need to redesign the organizational structure or operating model.
    • Employees not being communicated with or engaged throughout the process, which can cause chaos.
    • Managers not being prepared or trained to have difficult conversations with employees.

    Impact and Result

    When good change management practices are used and embedded into the implementation process:

    • Employees feel respected and engaged, reducing turnover and productivity loss.
    • The desired operating structure can be implemented faster, enabling the delivery of strategic objectives.
    • Gaps and disorganization are avoided, saving the organization time and money.

    Invest change management for your IT redesign.

    Adopt Change Management Practices and Succeed at IT Organizational Redesign Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Adopt Change Management Practices and Succeed at IT Organizational Redesign Deck – Succeed at implementing your IT organizational structure by adopting the necessary change management practices.

    The best IT organizational structure will still fail to be implemented if the organization does not leverage and use good change management practices. Consider practices such as aligning the structure to a meaningful vision, preparing leadership, communicating frequently, including employees, and measuring adoption to succeed at organizational redesign implementation.

    • Adopt Change Management Practices and Succeed at IT Organizational Redesign Storyboard

    2. IT Organizational Redesign Pulse Survey Template – A survey template that can be used to measure the success of your change management practices during organizational redesign implementation.

    Taking regular pulse checks of employees and managers during the transition will enable IT Leaders to focus on the right practices to enable adoption.

    • IT Organizational Redesign Pulse Survey Template
    [infographic]

    Further reading

    Adopt Change Management Practices & Succeed at IT Organizational Redesign

    The perfect IT organizational structure will fail to be implemented if there is no change management.

    Analyst Perspective

    Don’t doom your organizational redesign efforts

    The image contains a picture of Brittany Lutes.

    After helping hundreds of organizations across public and private sector industries redesign their organizational structure, we can say there is one thing that will always doom this effort: A failure to properly identify and implement change management efforts into the process.

    Employees will not simply move forward with the changes you suggest just because you as the CIO are making them. You need to be prepared to describe the individual benefits each employee can expect to receive from the new structure. Moreover, it has to be clear why this change was needed in the first place. Redesign efforts should be driven by a clear need to align to the organization’s vision and support the various objectives that will need to take place.

    Most organizations do a great job defining a new organizational structure. They identify a way of operating that tells them how they need to align their IT capabilities to deliver on strategic objectives. What most organizations do poorly is invest in their people to ensure they can adopt this new way of operating.

    Brittany Lutes
    Research Director, Organizational Transformation

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    Organizational redesigns frequently fail when it comes to being executed. This leads to:

    • The loss of critical talent and institutional knowledge.
    • An inability to deliver on strategic goals and objectives.
    • Financial and time losses to the organization.

    Organizational redesigns fail during implementation primarily because they do not consider the change management required to succeed.

    Implementation of the organizational redesign is often impacted when:

    • Employees do not understand the need to redesign the organizational structure or operating model.
    • Employees are not communicated with or engaged throughout the process, which can cause chaos.
    • Managers are not prepared or trained to have difficult conversations with employees.

    Essentially, implementation is impacted when change management is not included in the redesign process.

    When good change management practices are used and embedded into the implementation process:

    • Employees feel respected and engaged, reducing turnover and productivity loss.
    • The desired operating structure can be implemented faster, enabling the delivery of strategic objectives.
    • Gaps and disorganization are avoided, saving the organization time and money.

    Invest in change management for your IT redesign.

    Info-Tech Insight

    Implementing your organizational design with good change management practices is more important than defining the new organizational structure.

    Your challenge

    This research enables organizations to succeed at their organizational redesign:

    • By implementing the right change management practices. These methods prevent:
      • The loss of critical IT employees who will voluntarily exit the organization.
      • Employees from creating rumors that will be detrimental to the change.
      • Confusion about why the change was needed and how it will benefit the strategic objectives the organization is seeking to achieve.
      • Spending resources (time, money, and people) on the initiative longer than is necessary.

    McKinsey reported less than 25% of organizational redesigns are successful. Which is worse than the average change initiative, which has a 70% failure rate.

    Source: AlignOrg, 2020.

    The value of the organizational redesign efforts is determined by the percentage of individuals who adopt the changes and operate in the desired way of working.

    When organizations properly use organizational design processes, they are:

    4× more likely to delight customers

    13× more effective at innovation

    27× more likely to retain employees

    Source: The Josh Bersin Company, 2022

    Common obstacles

    These barriers make implementing an organizational redesign difficult to address for many organizations:

    • You communicated the wrong message to the wrong audience at the wrong time. Repeatedly.
    • There is a lack of clarity around the drivers for an organizational redesign.
    • A readiness assessment was not completed ahead of the changes.
    • There is no flexibility built into the implementation approach.
    • The structure is not aligned to the strategic goals of IT and the organization.
    • IT leadership is not involved in their staff’s day-to-day activities, making it difficult to suggest realistic changes.

    Don’t doom your organizational redesign with poor change management

    Only 17% of frontline employees believe the lines of communication are open.

    Source: Taylor Reach Group, 2019

    43% Percentage of organizations that are ineffective at the organizational design methodology.

    Source: The Josh Bersin Company, 2022.

    Change management is a must for org design

    Forgetting change management is the easiest way to fail at redesigning your IT organizational structure

    • Change management is not a business transformation.
    • Change management consists of the practices and approaches your organization takes to support your people through a transformation.
    • Like governance, change management happens regardless of whether it is planned or ad hoc.
    • However, good change management will be intentional and agile, using data to help inform the next action steps you will take.
    • Change management is 100% focused on the people and how to best support them as they learn to understand the need for the change, what skills they must have to support and adopt the change, and eventually to advocate for the change.

    "Organizational transformation efforts rarely fail because of bad design, but rather from lack of sufficient attention to the transition from the old organization to the new one."

    – Michael D. Watkins & Janet Spencer. ”10 Reason Why Organizational Change Fails.”

    Info-Tech’s approach

    Redesigning the IT structure depends on good change management

    The image contains a screenshot of Info-Tech's approach, and good change management.

    Common changes in organizational redesigns

    Entirely New Teams

    Additions, reductions, or new creations. The individuals that make up a functional team can shift.

    New Team Members

    As roles become defined, some members might be required to shift and join already established groups.

    New Responsibilities

    The capabilities individuals will be accountable or responsible for become defined.

    New Ways of Operating

    From waterfall to Agile, collaborative to siloed, your operating model provides insight into the ways roles will engage one another.

    Top reasons organizational redesigns fail

    1. The rationale for the redesign is not clear.
    2. Managers do not have the skills to lead their teams through a change initiative like organizational redesign.
    3. You communicated the wrong messages at the wrong times to the wrong audiences.
    4. Frontline employees were not included in the process.
    5. The metrics you have to support the initiative are countering one another – if you have metrics at all.
    6. Change management and project management are being treated interchangeably.

    Case study: restructuring to reduce

    Clear Communication & Continuous Support

    Situation

    On July 26th, 2022, employees at Shopify – an eCommerce platform – were communicated to by their CEO that a round of layoffs was about to take place. Effective that day, 1,000 employees or 10% of the workforce would be laid off.

    In his message to staff, CEO Tobi Lutke admitted he had assumed continual growth in the eCommerce market when the COVID-19 pandemic forced many consumers into online shopping. Unfortunately, it was clear that was not the case.

    In his communications, Tobi let people know what to expect throughout the day, and he informed people what supports would be made available to those laid off. Mainly, employees could expect to see a transparent approach to severance pay; support in finding new jobs through coaching, connections, or resume creation; and ongoing payment for new laptops and internet to support those who depend on this connectivity to find new jobs.

    Results

    Unlike many of the other organizations (e.g. Wayfair and Peloton) that have had to conduct layoffs in 2022, Shopify had a very positive reaction. Many employees took to LinkedIn to thank their previous employer for all that they had learned with the organization and to ask their network to support them in finding new opportunities. Below is a letter from the CEO:

    The image contains a screenshot of a letter from the CEO.

    Shopify, 2022.
    Forbes, 2022.

    Aligned to a Meaningful Vision

    An organizational redesign must be aligned to a clear and meaningful vision of the organization.

    Define the drivers for organizational redesign

    And align the structure to execute on those drivers.

    • Your structure should follow your strategy. However, 83% of people in an organization do not fully understand the strategy (PWC, 2017).
    • How can employees be expected to understand why the IT organization needs to be restructured to meet a strategy if the strategy itself is still vague and unclear?
    • When organizations pursue a structural redesign, there are often a few major reasons:
      • Digital/organizational transformation
      • New organizational strategy
      • Acquisition or growth of products, services, or capabilities
      • The need to increase effectiveness
      • Cost savings
    • Creating a line of sight for your employees and leadership team will increase the likelihood that they want to adopt this structure.

    “The goal is to align your operating model with your strategy, so it directly supports your differentiating capabilities.”

    – PWC, 2017.

    How to align structure to strategy

    Recommended action steps:

    • Describe the end state of the organizational structure and how long you anticipate it will take to reach that state. It's important that employees be able to visualize the end state of the changes being made.
    • Ensure people understand the vision and goals of the IT organization. Are you having discussions about these? Are managers discussing these? Do people understand that their day-to-day job is intended to support those goals?
    • Create a visual:
      • The goals of the organization → align to the initiatives IT → which require this exact structure to deliver.
    • Do not assume people are willing to move forward with this vision. If people are not willing, assess why and determine if there are benefits specific to the individual that can support them in adopting the future state.
    • Define and communicate the risks of not making the organizational structure changes.

    Info-Tech Insight

    A trending organizational structure or operating model should never be the driver for an organizational redesign.

    IT Leaders Are Not Set Up To Succeed

    Empower these leaders to have difficult conversations.

    Lacking key leadership capabilities in managers

    Technical leaders are common in IT, but people leaders are necessary during the implementation of an organizational structure.

    • Managers are important during a transformational change for many reasons:
      • Managers play a critical role in being able to identify the skill gaps in employees and to help define the next steps in their career path.
      • After the sponsor (CIO) has communicated to the group the what and the why, the personal elements of the change fall to managers.
      • Managers’ displays of disapproval for the redesign can halt the transformation.
    • However, many managers (37%) feel uncomfortable talking to employees and providing feedback if they think it will elicit a negative response (Taylor Reach Group, 2019).
    • Unfortunately, organizational redesign is known for eliciting negative responses from employees as it generates fears around the unknown.
    • Therefore, managers must be able to have conversations with employees to further the successful implementation and adoption of the structure.

    “Successful organizational redesign is dependent on the active involvement of different managerial levels."

    – Marianne Livijn, “Managing Organizational Redesign: How Organizations Relate Macro and Micro Design.”

    They might be managers, but are they leaders?

    Recommended action steps:

    • Take time to speak with managers one on one and understand their thoughts, feelings, and understanding of the change.
    • Ensure that middle-managers have an opportunity to express the benefits they believe will be realized through the proposed changes to the organizational chart.
    • Provide IT leaders with leadership training courses (e.g. Info-Tech’s Leadership Programs).
    • Do not allow managers to start sharing and communicating the changes to the organizational structure if they are not demonstrating support for this change. Going forward, the group is all-in or not, but they should never demonstrate not being bought-in when speaking to employees.
    • Ensure IT leaders want to manage people, not just progress to a management position because they cannot climb a technical career ladder within the proposed structure. Provide both types of development opportunities to all employees.
    • Reduce the managers’ span of control to ensure they can properly engage all direct reports and there is no strain on the managers' time.

    Info-Tech Insight

    47% of direct reports do not agree that their leader is demonstrating the change behaviors. Often, a big reason is that many middle-managers do not understand their own attitudes and beliefs about the change.

    Source: McKinsey & Company “How Do We Manage the Change Journey?”

    Check out Info-Tech’s Build a Better Manager series to support leadership development

    These blueprints will help you create strong IT leaders who can manage their staff and themselves through a transformation.

    Build a Better Manager: Basic Management Skills

    Build a Better Manager: Personal Leadership

    Build a Better Manager: Manage Your People

    Build Successful Teams

    Transparent & Frequent Communication

    Provide employees with several opportunities to hear information and ask questions about the changes.

    Communication must be done with intention

    Include employees in the conversation to get the most out of your change management.

    • Whether it is a part of a large transformation or a redesign to support a specific goal of IT, begin thinking about how you will communicate the anticipated changes and who you will communicate those changes to right away.
    • The first group of people who need to understand why this initiative is important are the other IT leaders. If they are not included in the process and able to understand the foundational drivers of the initiative, you should not continue to try and gain the support of other members within IT.
    • Communication is critical to the success of the organizational redesign.
    • Communicating the right information at the right time will make the difference between losing critical talent and emerging from the transition successfully.
    • The sponsor of this redesign initiative must be able to communicate the rationale of the changes to the other members of leadership, management, and employees.
    • The sponsor and their change management team must then be prepared to accept the questions, comments, and ideas that members of IT might have around the changes.

    "Details about the new organization, along with details of the selection process, should be communicated as they are finalized to all levels of the organization.”

    – Courtney Jackson, “7 Reasons Why Organizational Structures Fail.”

    Two-way communication is necessary

    Recommended action steps:

    • Don't allow rumors to disrupt this initiative – be transparent with people as early as possible.
    • If the organizational restructure will not result in a reduction of staff – let them know! If someone's livelihood (job) is on the line, it increases the likelihood of panic. Let's avoid panic.
    • Provide employees with an opportunity to voice their concerns, questions, and recommendations – so long as you are willing to take that information and address it. Even if the answer to a recommendation is "no" or the answer to a question is "I don't know, but I will find out," you've still let them know their voice was heard in the process.
    • As the CIO, ensure that you are the first person to communicate the changes. You are the sponsor of this initiative – no one else.
    • Create communications that are clear and understandable. Imagine someone who does not work for your organization is hearing the information for the first time. Would they be able to comprehend the changes being suggested?
    • Conduct a pulse survey on the changes to identify whether employees understand the changes and feel heard by the management team.

    Info-Tech Insight

    The project manager of the organizational redesign should not be the communicator. The CIO and the employees’ direct supervisor should always be the communicators of key change messages.

    Communication spectrum

    An approach to communication based on the type of redesign taking place

    ← Business-Mandated Organizational Redesign

    Enable Alignment & Increased Effectiveness

    IT-Driven & Strategic Organizational Redesign →

    Reduction in roles

    Cost savings

    Requires champions who will maintain employee morale throughout

    Communicate with key individuals ahead of time

    Restructure of IT roles

    Increase effectiveness

    Lean on managers & supervisors to provide consistent messaging

    Communicate the individual benefits of the change

    Increase in IT Roles

    Alignment to business model

    Frequent and ongoing communication from the beginning

    Collaborate with IT groups for input on best structure

    Include Employees in the Redesign Process

    Stop talking at employees and ensure they are involved in the changes impacting their day-to-day lives.

    Employees will enable the change

    Old-school approaches to organizational redesign have argued employee engagement is a hinderance to success – it’s not.

    • We often fail to include the employees most impacted by a restructuring in the redesign process. As a result, one of the top reasons employees do not support the change is that they were not included in the change.
    • A big benefit of including employees in the process is it mitigates the emergence of a rumor mill.
    • Moreover, being open to suggestions from staff will help the transformation succeed.
    • Employees can best describe what this transition might entail on a day-to-day basis and the supports they will require to succeed in moving from their current state to their future state.
      • CIOs and other IT leaders are often too far removed from the day-to-day to best describe what will or will not work.
    • When employees feel included in the process, they are more likely to feel like they had a choice in what and how things change.

    "To enlist employees, leadership has to be willing to let things get somewhat messy, through intensive, authentic engagement and the involvement of employees in making the transformation work."

    – Michael D. Watkins & Janet Spencer, “10 Reasons Why Organizational Change Fails.”

    Empowering employees as change agents

    Recommended action steps:

    • Do not tell employees what benefits they will gain from this new change. Instead, ask them what benefits they anticipate.
    • Ask employees what challenges they anticipate, and identify actions that can be taken to minimize those challenges.
    • Identify who the social influencers are in the organization by completing an influencer map. The informal social networks in your organization can be powerful drivers of change when the right individuals are brought onboard.
    • Create a change network using those influencers. The change network includes individuals who represent all levels within the organization and can represent the employee perspective. Use them to help communicate the change and identify opportunities to increase the success of adoption: “Engaging influencers in change programs makes them 3.8 times more likely to succeed," (McKinsey & Company, 2020).
    • Ask members of the change network to identify possible resistors of the new IT structure and inform you of why they might be resisting the changes.

    Info-Tech Insight

    Despite the persistent misconceptions, including employees in the process of a redesign reduces uncertainty and rumors.

    Monitor employee engagement & adoption throughout the redesign

    Only 22% of organizations include the employee experience as a part of the design process

    – The Josh Bersin Company, 2022.
    1 2 3
    Monitor IT Employee Experience

    When Prosci designed their Change Impact Analysis, they identified the ways in which roles will be impacted across 10 different components:

    • Location
    • Process
    • Systems
    • Tools
    • Job roles
    • Critical behaviors
    • Mindset/attitudes/beliefs
    • Reporting structure
    • Performance reviews
    • Compensation

    Engaging employees in the process so that they can define how their role might be impacted across these 10 categories not only empowers the employee, but also ensures they are a part of the process.

    Source: Prosci, 2019.

    Conduct an employee pulse survey

    See the next slide for more information on how to create and distribute this survey.

    Employee Pulse Survey

    Conduct mindful and frequent check-ins with employees

    Process to conduct survey:

    1. Using your desired survey solution (e.g. MS Forms, SurveyMonkey, Qualtrics) input the questions into the survey and send to staff. A template of the survey in MS Forms is available here: IT Organizational Redesign Pulse Survey Template.
    2. When sending to staff, ensure that the survey is anonymous and reinforce this message.
    3. Leverage the responses from the survey to learn where there might be opportunities to improve the transformation experience (aligning the structure to the vision, employee inclusion, communication, or managerial support for the change). Review the recommended action steps in this research set for help.
    4. This assessment is intended for frequent but purposeful use. Only send out the survey when you have taken actions in order to improve adoption of the change or have provided communications. The Employee Pulse Survey should be reevaluated on a regular basis until adoption across all four categories reaches the desired state (80-100% adoption is recommended).

    The image contains a screenshot of the employee pulse survey.

    Define Key Metrics of Adoption & Success

    Metrics have a dual benefit of measuring successful implementation and meeting the original drivers.

    Measuring the implementation is a two-pronged approach

    Both employee adoption and the transformation of the IT structure need to be measured during implementation

    • Organizations that are going through any sort of transformation – such as organizational redesign – should be measuring whether they are successfully on track to meet their target or have already met that goal.
    • Throughout the organizational structure transition, a major factor that will impact the success of that goal is employee willingness to move forward with the changes.
    • However, rather than measuring these two components using hard data, we rely on gut checks that let us know if we think we are on track to gaining adoption and operating in the desired future state.
    • Given how fluid employees and their responses to change can be, conducting a pulse survey at a regular (but strategically identified) interval will provide insight into where the changes will be adopted or resisted.

    “Think about intentionally measuring at the moments in the change storyline where feedback will allow leaders to make strategic decisions and interventions.”

    – Bradley Wilson, “Employee Survey Questions: The Ultimate Guide.”

    Report that the organizational redesign for IT was a success

    Recommended action steps:

    • Create clear metrics related to how you will measure the success of the organizational redesign, and communicate those metrics to people. Ensure the metrics are not contrary to the goals of other initiatives or team outcomes.
    • Create one set of metrics related to adoption and another set of metrics tied to the successful completion of the project objective.
      • Are people changing their attitudes and behaviors to reflect the required outcome?
      • Are you meeting the desired outcome of the organizational redesign?
    • Use the metrics to inform how you move forward. Do not attempt the next phase of the organizational transformation before employees have clearly indicated a solid understanding of the changes.
    • Ensure that any metrics used to measure success will not negatively interfere with another team’s progress. The metrics of the group need to work together, not against each other.

    Info-Tech Insight

    Getting 100% adoption from employees is unlikely. However, if employee adoption is not sitting in the 80-90% range, it is not recommended that you move forward with the next phase of the transformation.

    Example sustainment metrics

    Driver Goal Measurement Key Performance Indicator (KPI)
    Workforce Challenges and Increased Effectiveness Employee Engagement The change in employee engagement before, during, and after the new organizational structure is communicated and implemented.
    Increased Effectiveness Alignment of Demand to Resources Does your organization have sufficient resources to meet the demands being placed on your IT organization?
    Increased Effectiveness and Workforce Challenges Role Clarity An increase in role clarity or a decrease in role ambiguity.

    Increased Effectiveness

    Reduction in Silos

    		Employee effectiveness increases by 27% and efficiency by 53% when provided with role clarity (Effectory, 2019).
    Increased Effectiveness Reduction in Silos Frequency of communication channels created (scrum meetings, Teams channels, etc.) specific to the organizational structure intended to reduce silos.
    Operating in a New Org. Structure Change Adoption Rate The percentage of employees who have adopted their defined role within the new organizational chart in 3-, 6-, and 12-month increments.
    Workforce Challenges Turnover Rate The number of employees who voluntarily leave the organization, citing the organizational redesign.
    Workforce Challenges Active Resistors The number of active resistors anticipated related to the change in organizational structure versus the number of active resistors that actually present themselves to the organizational restructuring.
    New Capabilities Needed Gap in Capability Delivery The increase in effectiveness in delivering on new capabilities to the IT organization.
    Operating in a New Org. Structure Change Adoption Rate The percentage of employees who found the communication around the new organizational structure clear, easy to understand, and open to expressing feedback.
    Lack of Business Understanding or Increased Effectiveness Business Satisfaction with IT Increase in business satisfaction toward IT products and services.
    Workforce Challenges Employee Performance Increase in individual employee performances on annual/bi-annual reviews.
    Adoption Pulse Assessment Increase in overall adoption scores on pulse survey.
    Adoption Communication Effectiveness Reduction in the number of employees who are still unsure why the changes are required.
    Adoption Leadership Training Percentage of members of leadership attending training to support their development at the managerial level.

    Change Management ≠ Project Management

    Stop treating the two interchangeably.

    IT organizations struggle to mature their OCM capabilities

    Because frankly they didn’t need it

    • Change management is all about people.
    • If the success of your organization is dependent on this IT restructuring, it is important to invest the time to do it right.
    • This means it should not be something done off the side of someone's desk.
    • Hire a change manager or look to roles that have a responsibility to deliver on organizational change management.
    • While project success is often measured by if it was delivered on time, on budget, and in scope, change management is adaptable. It can move backward in the process to secure people's willingness to adopt the required behaviors.
    • Strategic organizations recognize it’s not just about pushing an initiative or project forward. It’s about making sure that your employees are willing to move that initiative forward too.
    • A major organizational transformation initiative like restructuring requires you lean into employee adoption and buy-in.

    “Only if you have your employees in mind can you implement change effectively and sustainably.”

    – Creaholic Pulse Feedback, “Change Management – And Why It Has to Change.”

    Take the time to educate & communicate

    Recommended action steps:

    • Do not treat change management and project management as synonymous.
    • Hire a change manager to support the organizational redesign transformation.
    • Invest the resources (time, money, people) that can support the change and enable its success. This can look like:
      • Training and development.
      • Hiring the right people.
      • Requesting funds during the redesign process to support the transition.
    • Create a change management plan – and be willing to adjust the timelines or actions of this plan based on the feedback you receive from employees.
    • Implement the new organizational structure in a phased approach. This allows time to receive feedback and address any fears expressed by staff.

    Info-Tech Insight

    OCM is often not included or used due to a lack of understanding of how it differs from project management.

    And an additional five experts across a variety of organizations who wish to remain anonymous.

    Research Contributors and Experts

    Info-Tech Research Group

    Amanda Mathieson Research Director Heather Munoz Executive Counselor Valence Howden Principal Research Director
    Ugbad Farah Research Director Lisa Hager Duncan Executive Counselor Alaisdar Graham Executive Counselor
    Carlene McCubbin Practice Lead

    Related Info-Tech Research

    Redesign Your IT Organizational Structure

    Build a Strategic IT Workforce Plan

    Implement a New IT Organizational Structure

    • Organizational redesign is only as successful as the process leaders engage in.
    • Benchmarking your organizational redesign to other organizations will not work.
    • You could have the best IT employees in the world, but if they aren’t structured well, your organization will still fail in reaching its vision.
    • A well-defined strategic workforce plan (SWP) isn’t just a nice-to-have, it’s a must-have.
    • Integrate as much data as possible into your workforce plan to best prepare you for the future. Without knowledge of your future initiatives, you are filling hypothetical holes.
    • To be successful, you need to understand your strategic initiatives, workforce landscape, and external and internal trends.
    • Organizational design implementations can be highly disruptive for IT staff and business partners. Without a structured approach, IT leaders may experience high turnover, decreased productivity, and resistance to change.
    • CIOs walk a tightrope as they manage operational and emotional turbulence while aiming to improve business satisfaction with IT. Failure to achieve balance could result in irreparable failure.

    Bibliography

    Aronowitz, Steven, et al. “Getting Organizational Design Right,” McKinsey, 2015. Web.
    Ayers, Peg. “5 Ways to Engage Your Front-Line Staff.” Taylor Reach Group, 2019. Web.
    Bushard, Brian, and Carlie Porterfield. “Meta Reportedly Scales Down, Again – Here Are the Major US Layoffs This Year.” Forbes, September 28, 2022. Web.
    Caruci, Ron. “4 Organizational Design Issues that Most Leaders Misdiagnose.” Harvard Business Review, 2019.
    “Change Management – And Why It Has to Change.” Creaholic Pulse Feedback. Web.
    “Communication Checklist for Achieving Change Management.” Prosci, 27 Oct. 2022. Web.
    “Defining Change Impact.” Prosci. 29 May 2019. Web.
    “The Definitive Guide To Organization Design.” The Josh Bersin Company, 2022.
    Deshler, Reed. “Five Reasons Organizational Redesigns Fail to Deliver.” AlignOrg. 28 Jan. 2020. Web.
    The Fit for Growth Mini Book. PwC, 12 Jan. 2017.
    Helfand, Heidi. Dynamic Reteaming: The Art and Wisdom of Changing Teams. 2nd ed., O’Reilly Media, 2020.
    Jackson, Courtney. “7 Reasons Why Organizational Structures Fail.” Scott Madden Consultants. Web.
    Livijn, Marianne. Managing Organizational Redesign: How Organizations Relate Macro and Micro Design. Doctoral dissertation. Department of Management, Aarhus University, 2020.
    Lutke, Tobias. “Changes to Shopify’s Team.” Shopify. 26 July 2022.
    McKinsey & Company. “How Do We Manage the Change Journey?” McKinsey & Company.2020.
    Pijnacker, Lieke. “HR Analytics: Role Clarity Impacts Performance.” Effectory, 29 Sept. 2019. Web.
    Tompkins, Teri C., and Bruce G. Barkis. “Conspiracies in the Workplace: Symptoms and Remedies.” Graziadio Business Review, vol. 21, no. 1, 2021.Web.
    “Understanding Organizational Structures.” SHRM,2022.
    Watkins, Michael D., and Janet Spencer. “10 Reasons Why Organizational Change Fails.” I by IMD, 10 March 2021. Web.
    Wilson, Bradley. “Employee Survey Questions: The Ultimate Guide.” Perceptyx, 1 July 2020. Web.

    Demystify Blockchain: How Can It Bring Value to Your Organization?

    • Buy Link or Shortcode: {j2store}96|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • Most leaders have an ambiguous understanding of blockchain and its benefits, let alone how it impacts their organization.
    • At the same time, with bitcoin drawing most of the media attention, organizations are finding it difficult to translate cryptocurrency usage to business case.

    Our Advice

    Critical Insight

    • Cut through the hype associated with blockchain by focusing on what is relevant to your organization. You have been hearing about blockchain for some time now and want to better understand it. While it is complex, you can beat the learning curve by analyzing its key benefits and purpose. Features such as transparency, efficiency, and security differentiate blockchain from existing technologies and help explain why it has transformative potential.
    • Ensure your use case is actually useful by first determining whether blockchain aligns with your organization. CIOs must take a practical approach to blockchain in order to avoid wasting resources (both time and money) and hurting IT’s image in the eyes of the business. While is easy to get excited and invest in a new technology to help maintain your image as a thought leader, you must ensure that your use case is fully developed prior to doing so.

    Impact and Result

    • Follow Info-Tech’s methodology for simplifying an otherwise complex concept. By focusing on its benefits and how they directly relate to a use case, blockchain technology is made easy to understand for business and IT professionals.
    • Our program will help you understand if blockchain is the optimal solution for your organization by mapping its key benefits (i.e. transparency, integrity, efficiency, and security) to your needs and capabilities.
    • Leverage a repeatable framework for brainstorming blockchain use case ideas and communicate your findings to business stakeholders who may otherwise be confused about the transformative potential of blockchain.

    Demystify Blockchain: How Can It Bring Value to Your Organization? Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why your organization should care about determining whether blockchain aligns with your organization, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. What exactly is blockchain?

    Understand blockchain’s unique feature, benefits, and business use cases.

    • Demystify Blockchain – Phase 1: What Is Blockchain?
    • Blockchain Glossary

    2. What can blockchain do for your organization?

    Envision blockchain’s transformative potential for your organization by brainstorming and validating a use case.

    • Demystify Blockchain – Phase 2: What Can Blockchain Do for Your Organization?
    • Blockchain Alignment Tool
    • Blockchain Alignment Presentation
    [infographic]

    Responsibly Resume IT Operations in the Office

    • Buy Link or Shortcode: {j2store}423|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity

    Having shifted operations almost overnight to a remote work environment, and with the crisis management phase of the COVID-19 pandemic winding down, IT leaders and organizations are faced with the following issues:

    • A reduced degree of control with respect to the organization’s assets.
    • Increased presence of unapproved workaround methods, including applications and devices not secured by the organization.
    • Pressure to resume operations at pre-pandemic cadence while still operating in recovery mode.
    • An anticipated game plan for restarting the organization’s project activities.

    Our Advice

    Critical Insight

    An organization’s shift back toward the pre-pandemic state cannot be carried out in isolation. Things have changed. Budgets, resource availability, priorities, etc., will not be the same as they were in early March. Organizations must ensure that all departments work collaboratively to support office repatriation. IT must quickly identify the must-dos to allow safe return to the office, while prioritizing tasks relating to the repopulation of employees, technical assets, and operational workloads via an informed and streamlined roadmap.

    As employees return to the office, PMO and portfolio leaders must sift through unclear requirements and come up with a game plan to resume project activities mid-pandemic. You need to develop an approach, and fast.

    Impact and Result

    Responsibly resume IT operations in the office:

    • Evaluate risk tolerance
    • Prepare to repatriate people to the office
    • Prepare to repatriate assets to the office
    • Prepare to repatriate workloads to the office
    • Prioritize your tasks and build your roadmap

    Quickly restart the engine of your PPM:

    • Restarting the engine of the project portfolio won’t be as simple as turning a key and hitting the gas. The right path forward will differ for every project portfolio practice.
    • Therefore, in this publication we put forth a multi-pass approach that PMO and portfolio managers can follow depending on their unique situations and needs.
    • Each approach is accompanied by a checklist and recommendations for next steps to get you on right path fast.

    Responsibly Resume IT Operations in the Office Research & Tools

    Start here – read the Executive Brief

    As the post-pandemic landscape begins to take shape, ensure that IT can effectively prepare and support your employees as they move back to the office.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Evaluate your new risk tolerance

    Identify the new risk landscape and risk tolerance for your organization post-pandemic. Determine how this may impact the second wave of pandemic transition tasks.

    • Responsibly Resume IT Operations in the Office – Phase 1: Evaluate Your New Risk Tolerance
    • Resume Operations Information Security Pressure Analysis Tool

    2. Repatriate people to the office

    Prepare to return your employees to the office. Ensure that IT takes into account the health and safety of employees, while creating an efficient and sustainable working environment

    • Responsibly Resume IT Operations in the Office – Phase 2: Repatriate People to the Office
    • Mid-Pandemic IT Prioritization Tool

    3. Repatriate assets to the office

    Prepare the organization's assets for return to the office. Ensure that IT takes into account the off-license purchases and new additions to the hardware family that took place during the pandemic response and facilitates a secure reintegration to the workplace.

    • Responsibly Resume IT Operations in the Office – Phase 3: Repatriate Assets to the Office

    4. Repatriate workloads to the office

    Prepare and position IT to support workloads in order to streamline office reintegration. This may include leveraging pre-existing solutions in different ways and providing additional workstreams to support employee processes.

    • Responsibly Resume IT Operations in the Office – Phase 4: Repatriate Workloads to the Office

    5. Prioritize your tasks and build the roadmap

    Once you've identified IT's supporting tasks, it's time to prioritize. This phase walks through the activity of prioritizing based on cost/effort, alignment to business, and security risk reduction weightings. The result is an operational action plan for resuming office life.

    • Responsibly Resume IT Operations in the Office – Phase 5: Prioritize Your Tasks and Build the Roadmap

    6. Restart the engine of your project portfolio

    Restarting the engine of the project portfolio mid-pandemic won’t be as simple as turning a key and hitting the gas. Use this concise research to find the right path forward for your organization.

    • Restart the Engine of Your Project Portfolio
    [infographic]

    The latest burning platform: Exit Plans in a shifting world

    • Large vertical image:
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Byline body: The new geopolitical reality brings the possibility that we will have to execute our exit plans closer to home. In this research, we delve deeper into exit plans and their implementation and execution.

    The current global situation, marked by significant trade tensions and retaliatory measures between major economic powers, has elevated the importance of more detailed, robust, and executable exit plans for businesses in nearly all industries. The current geopolitical headwinds create an unpredictable environment that can severely impact supply chains, technology partnerships, and overall business operations. What was once a prudent measure is now a critical necessity – a “burning platform” – for ensuring business continuity and resilience.

    Here I will delve deeper into the essential components of an effective exit plan, outline the practical steps for its implementation, and explain the crucial role of testing in validating its readiness.

    exit plan

    Continue reading

    Build a Data Architecture Roadmap

    • Buy Link or Shortcode: {j2store}124|cart{/j2store}
    • member rating overall impact: 8.8/10 Overall Impact
    • member rating average dollars saved: $8,846 Average $ Saved
    • member rating average days saved: 23 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Data architecture involves many moving pieces requiring coordination to provide greatest value from data.
    • Data architects are at the center of this turmoil and must be able to translate high-level business requirements into specific instructions for data workers using complex data models.
    • Data architects must account for the constantly growing data and application complexity, more demanding needs from the business, an ever-increasing number of data sources, and a growing need to integrate components to ensure that performance isn’t compromised.

    Our Advice

    Critical Insight

    • Data architecture needs to evolve with the changing business landscape. There are four common business drivers that put most pressure on archaic architectures. As a result, the organization’s architecture must be flexible and responsive to changing business needs.
    • Data architecture is not just about models. Viewing data architecture as just technical data modeling can lead to structurally unsound data that does not serve the business.
    • Data is used differently across the layers of an organization’s data architecture, and the capabilities needed to optimize use of data change with it. Architecting and managing data from source to warehousing to presentation requires different tactics for optimal use.

    Impact and Result

    • Have a framework in place to identify the appropriate solution for the challenge at hand. Our three-phase practical approach will help you build a custom and modernized data architecture.
      • Identify and prioritize the business drivers in which data architecture changes would create the largest overall benefit, and determine the corresponding data architecture tiers that need to be addressed.
      • Discover the best-practice trends, measure your current state, and define the targets for your data architecture tactics.
      • Build a cohesive and personalized roadmap for restructuring your data architecture. Manage your decisions and resulting changes.

    Build a Data Architecture Roadmap Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why your organization should optimize its data architecture as it evolves with the drivers of the business to get the most from its data.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prioritize your data architecture with business-driven tactics

    Identify the business drivers that necessitate data architecture improvements, then create a tactical plan for optimization.

    • Build a Business-Aligned Data Architecture Optimization Strategy – Phase 1: Prioritize Your Data Architecture With Business-Driven Tactics
    • Data Architecture Driver Pattern Identification Tool
    • Data Architecture Optimization Template

    2. Personalize your tactics to optimize your data architecture

    Analyze how you stack up to Info-Tech’s data architecture capability model to uncover your tactical plan, and discover groundbreaking data architecture trends and how you can fit them into your action plan.

    • Build a Business-Aligned Data Architecture Optimization Strategy – Phase 2: Personalize Your Tactics to Optimize Your Data Architecture
    • Data Architecture Tactical Roadmap Tool
    • Data Architecture Trends Presentation

    3. Create your tactical data architecture roadmap

    Optimize your data architecture by following tactical initiatives and managing the resulting change brought on by those optimization activities.

    • Build a Business-Aligned Data Architecture Optimization Strategy – Phase 3: Create Your Tactical Data Architecture Roadmap
    • Data Architecture Decision Template
    [infographic]

    Workshop: Build a Data Architecture Roadmap

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify the Drivers of the Business for Optimizing Data Architecture

    The Purpose

    Explain approach and value proposition.

    Review the common business drivers and how the organization is driving a need to optimize data architecture.

    Understand Info-Tech’s five-tier data architecture model.

    Determine the pattern of tactics that apply to the organization for optimization.

    Key Benefits Achieved

    Understanding of the current data architecture landscape.

    Priorities for tactical initiatives in the data architecture practice are identified.

    Target state for the data quality practice is defined.

    Activities

    1.1 Explain approach and value proposition.

    1.2 Review the common business drivers and how the organization is driving a need to optimize data architecture.

    1.3 Understand Info-Tech’s five-tier data architecture model.

    1.4 Determine the pattern of tactics that apply to the organization for optimization.

    Outputs

    Five-tier logical data architecture model

    Data architecture tactic plan

    2 Determine Your Tactics For Optimizing Data Architecture

    The Purpose

    Define improvement initiatives.

    Define a data architecture improvement strategy and roadmap.

    Key Benefits Achieved

    Gaps, inefficiencies, and opportunities in the data architecture practice are identified.

    Activities

    2.1 Create business unit prioritization roadmap.

    2.2 Develop subject area project scope.

    2.3 Subject area 1: data lineage analysis, root cause analysis, impact assessment, business analysis

    Outputs

    Business unit prioritization roadmap

    Subject area scope

    Data lineage diagram

    3 Create a Strategy for Data Quality Project 2

    The Purpose

    Define improvement initiatives.

    Define a data quality improvement strategy and roadmap.

    Key Benefits Achieved

    Improvement initiatives are defined.

    Improvement initiatives are evaluated and prioritized to develop an improvement strategy.

    A roadmap is defined to depict when and how to tackle the improvement initiatives.

    Activities

    3.1 Create business unit prioritization roadmap.

    3.2 Develop subject area project scope.

    3.3 Subject area 1: data lineage analysis, root cause analysis, impact assessment, business analysis.

    Outputs

    Business unit prioritization roadmap

    Subject area scope

    Data lineage diagram

    Further reading

    Build a Data Architecture Roadmap

    Optimizing data architecture requires a plan, not just a data model.

    ANALYST PERSPECTIVE

    Integral to an insight-driven enterprise is a modern and business-driven data environment.

    “As business and data landscapes change, an organization’s data architecture needs to be able to keep pace with these changes. It needs to be responsive so as to not only ensure the organization continues to operate efficiently but that it supports the overall strategic direction of the organization.

    In the dynamic marketplace of today, organizations are constantly juggling disruptive forces and are finding the need to be more proactive rather than reactive. As such, organizations are finding their data to be a source of competitive advantage where the data architecture has to be able to not only support the increasing amount, sources, and rate at which organizations are capturing and collecting data but also be able to meet and deliver on changing business needs.

    Data architecture optimization should, therefore, aid in breaking down data silos and creating a more shared and all-encompassing data environment for better empowering the business.” (Crystal Singh, Director, Research, Data and Information Practice, Info-Tech Research Group)

    Our understanding of the problem

    This Research Is Designed For:
    • Data architects or their equivalent, looking to optimize and improve the efficiency of the capture, movement and storage of data for a variety of business drivers.
    • Enterprise architects looking to improve the backbone of the holistic approach of their organization’s structure.
    		 This Research Will Help You:
    • Identify the business drivers that are impacted and improved by best-practice data architecture.
    • Optimize your data architecture using tactical practices to address the pressing issues of the business to drive modernization.
    • Align the organization’s data architecture with the grander enterprise architecture.
    This Research Will Also Assist:
    • CIOs concerned with costs, benefits, and the overall structure of their organizations data flow.
    • Database administrators tasked with overseeing crucial elements of the data architecture.
    		 This Research Will Help Them:
    • Get a handle on the current situation of data within the organization.
    • Understand how data architecture affects the operations of the data sources within the enterprise.

    Executive summary

    Situation

    • The data architecture of a modern organization involves many moving pieces requiring coordination to provide greatest value from data.
    • Data architects are at the center of this turmoil and must be able to translate high-level business requirements into specific instructions for data workers using complex data models.

    Complication

    • Data architects must account for the constantly growing data and application complexity, and more demanding needs from the business.
    • There is an ever-increasing number of data sources and a growing need to integrate components to ensure that performance isn’t compromised.
    • There isn’t always a clearly defined data architect role, yet the responsibilities must be filled to get maximum value from data.

    Resolution

    • To deal with these challenges, a data architect must have a framework in place to identify the appropriate solution for the challenge at hand.
      • Identify and prioritize the business drivers in which data architecture changes would create the largest overall benefit, and determine the corresponding data architecture tiers that need to be addressed to customize your solution.
      • Discover the best practice trends, measure your current state, and define the targets for your data architecture tactics.
      • Build a cohesive and personalized roadmap for restructuring your data architecture. Manage your decisions and resulting changes.

    Info-Tech Insight

    1. Data architecture is not just about models. Viewing data architecture as just technical data modeling can lead to a data environment that does not aptly serve or support the business. Identify the priorities of your business and adapt your data architecture to those needs.
    2. Changes to data architecture are typically driven by four common business driver patterns. Use these as a shortcut to understand how to evolve your data architecture.
    3. Data is used differently across the layers of an organization’s data architecture; therefore, the capabilities needed to optimize the use of data change with it. Architecting and managing data from source to warehousing to presentation requires different tactics for optimal use.

    Your data is the foundation of your organization’s knowledge and ability to make decisions

    Data should be at the foundation of your organization’s evolution.

    The transformational insights that executives are constantly seeking to leverage can be uncovered with a data practice that makes high quality, trustworthy information readily available to the business users who need it.

    50% Organizations that embrace data are 50% more likely to launch products and services ahead of their competitors. (Nesta, 2016)

    Whether hoping to gain a better understanding of your business or trying to become an innovator in your industry, any organization can get value from its data regardless of where you are in your journey to becoming a data-driven enterprise:

    Business Monitoring
    • Data reporting
    • Uncover inefficiencies
    • Monitor progress
    • Track inventory levels
    		 Business Insights
    • Data analytics
    • Expose patterns
    • Predict future trends
    		Business Optimization
    • Data-based apps
    • Build apps to automate actions based on insights
    		 Business Transformation
    • Monetary value of data
    • Create new revenue streams
    (Journey to Data Driven Enterprise, 2015)

    As organizations seek to become more data driven, it is imperative to better manage data for its effective use

    Here comes the zettabyte era.

    A zettabyte is a billion terabytes. Organizations today need to measure their data size in zettabytes, a challenge that is only compounded by the speed at which the data is expected to move.

    Arriving at the understanding that data can be the driving force of your organization is just the first step. The reality is that the true hurdles to overcome are in facing the challenges of today’s data landscape.

    Challenges of The Modern Data Landscape
    Data at rest Data movement
    Greater amounts Different types Uncertain quality Faster rates Higher complexity

    “The data environment is very chaotic nowadays. Legacy applications, data sprawl – organizations are grappling with what their data landscape looks like. Where are our data assets that we need to use?” (Andrew Johnston, Independent Consultant)

    Solution

    Well-defined and structured data management practices are the best way to mitigate the limitations that derive from these challenges and leverage the most possible value from your data.

    Refer to Info-Tech’s capstone Create a Plan For Establishing a Business-Aligned Data Management Practice blueprint to understand data quality in the context of data disciplines and methods for improving your data management capabilities.

    Data architecture is an integral aspect of data management

    Data Architecture

    The set of rules, policies, standards, and models that govern and define the type of data collected and how it is used, stored, managed, and integrated within the organization and its database systems.

    In general, the primary objective of data architecture is the standardization of data for the benefit of the organization.

    54% of leading “analytics-driven” enterprises site data architecture as a required skill for data analytics initiatives. (Maynard 2015)

    MYTH

    Data architecture is purely a model of the technical requirements of your data systems.

    REALITY

    Data architecture is largely dependent on a human element. It can be viewed as “the bridge between defining strategy and its implementation”. (Erwin 2016)

    Functions

    A strong data architecture should:

    • Define, visualize, and communicate data strategy to various stakeholders.
    • Craft a data delivery environment.
    • Ensure high data quality.
    • Provide a roadmap for continuous improvement.

    Business value

    A strong data architecture will help you:

    • Align data processes with business strategy and the overall holistic enterprise architecture.
    • Enable efficient flow of data with a stronger focus on quality and accessibility.
    • Reduce the total cost of data ownership.

    Data architects must maintain a comprehensive view of the organization’s rapidly proliferating data

    The data architect:
    • Acts as a “translator” between the business and data workers to communicate data and technology requirements.
    • Facilitates the creation of the data strategy.
    • Manages the enterprise data model.
    • Has a greater knowledge of operational and analytical data use cases.
    • Recommends data management policies and standards, and maintains data management artifacts.
    • Reviews project solution architectures and identifies cross impacts across the data lifecycle.
    • Is a hands-on expert in data management and warehousing technologies.
    • Is not necessarily it’s own designated position, but a role that can be completed by a variety of IT professionals.

    Data architects bridge the gap between strategic and technical requirements:

    Visualization centering the 'Data Architect' as the bridge between 'Data Workers', 'Business', and 'Data & Applications'.

    “Fundamentally, the role of a data architect is to understand the data in an organization at a reasonable level of abstraction.” (Andrew Johnston, Independent Consultant)

    Many are experiencing the pains of poor data architecture, but leading organizations are proactively tackling these issues

    Outdated and archaic systems and processes limit the ability to access data in a timely and efficient manner, ultimately diminishing the value your data should bring.

    59%

    		 of firms believe their legacy storage systems require too much processing to meet today’s business needs. (Attivio, Survey Big Data decision Makers, 2016)

    48%

    		 of companies experience pains from being reliant on “manual methods and trial and error when preparing data.” (Attivio, Survey Big Data decision Makers, 2016)

    44%
    +
    22%

    		 44% of firms said preparing data was their top hurdle for analytics, with 22% citing problems in accessing data. (Data Virtualization blog, Data Movement Killed the BI Star, 2016)

    Intuitive organizations who have recognized these shortcomings have already begun the transition to modernized and optimized systems and processes.

    28%

    		 of survey respondents say they plan to replace “data management and architecture because it cannot handle the requirements of big data.” (Informatica, Digital Transformation: Is Your Data Management Ready, 2016)

    50%

    		 Of enterprises plan to replace their data warehouse systems and analytical tools in the next few years. (TDWI, End of the Data Warehouse as we know it, 2017)

    Leading organizations are attacking data architecture problems … you will be left behind if you do not start now!

    Once on your path to redesigning your data architecture, neglecting the strategic elements may leave you ineffective

    Focusing on only data models without the required data architecture guidance can cause harmful symptoms in your IT department, which will lead to organization-wide problems.

    IT Symptoms Due to Ineffective Data Architecture

    Poor Data Quality

    • Inconsistent, duplicate, missing, incomplete, incorrect, unstandardized, out of date, and mistake-riddled data can plague your systems.

    Poor Accessibility

    • Delays in accessing data.
    • Limits on who can access data.
    • Limited access to data remotely.

    Strategic Disconnect

    • Disconnect between owner and consumer of data.
    • Solutions address narrow scope problems.
    • System barriers between departments.
    Leads to Poor Organizational Conditions

    Inaccurate Insights

    • Inconsistent and/or erroneous operational and management reports.
    • Ineffective cross-departmental use of analytics.

    Ineffective Decision Making

    • Slow flow of information to executive decision makers.
    • Inconsistent interpretation of data or reports.

    Inefficient Operations

    • Limits to automated functionality.
    • Increased divisions within organization.
    • Regulatory compliance violations.
    You need a solution that will prevent the pains.

    Follow Info-Tech’s methodology to optimize data architecture to meet the business needs

    The following is a summary of Info-Tech’s methodology:

    1
    1. Prioritize your core business objectives and identify your business driver.
    2. Learn how business drivers apply to specific tiers of Info-Tech’s five-tier data architecture model.
    3. Determine the appropriate tactical pattern that addresses your most important requirements.
    		 Visualization of the process described on the left: Business drivers applying to Info-Tech's five-tier data architecture, then determining tactical patterns, and eventually setting targets of your desired optimized state.

    2
    1. Select the areas of the five-tier architecture to focus on.
    2. Measure current state.
    3. Set the targets of your desired optimized state.

    3
    1. Roadmap your tactics.
    2. Manage and communicate change.
    		 A roadmap leading to communication.

    Info-Tech will get you to your optimized state faster by focusing on the important business issues

    First Things First

    1. Info-Tech’s methodology helps you to prioritize and establish the core strategic objectives behind your goal of modernizing data architecture. This will narrow your focus to the appropriate areas of your current data systems and processes that require the most attention.

    Info-Tech has identified these four common drivers that lead to the need to optimize your data architecture.

    • Becoming More Data Driven
    • Regulations and Compliance
    • Mergers and Acquisitions
    • New Functionality or Business Rule

    These different core objectives underline the motivation to optimize data architecture, and will determine your overall approach.

    Use the five-tier architecture to provide a consumable view of your data architecture

    Every organization’s data system requires a unique design and an assortment of applications and storage units to fit their business needs. Therefore, it is difficult to paint a picture of an ideal model that has universal applications. However, when data architecture is broken down in terms of layers or tiers, there exists a general structure that is seen in all data systems.

    Info-Tech's Five Tier Data Architecture. The five tiers being 'Sources' which includes 'Apps', 'Excel and other documents', and 'Access database(s)'; 'Integration and Translation' the 'Movement and transformation of data'; 'Warehousing' which includes 'Data Lakes & Warehouse(s) (Raw Data)'; 'Analytics' which includes 'Data Marts', 'Data Cube', 'Flat Files', and 'BI Tools'; and 'Presentation' which includes 'Reports' and 'Dashboards'.

    Thinking of your data systems and processes in this framework will allow you to see how different elements of the architecture relate to specific business operations.

    1. This blueprint will demonstrate how the business driver behind your redesign requires you to address specific layers of the five-tier data architecture.
    1. Once you’ve aligned your business driver to the appropriate data tiers, this blueprint will provide you with the best practice tactics you should apply to achieve an optimized data architecture.

    Use the five-tier architecture to prioritize tactics to improve your data architecture in line with your pattern

    Info-Tech’s Data Architecture Capability Model
    Info-Tech’s Data Architecture Capability Model featuring the five-tier architecture listing 'Core Capabilities' and 'Advanced Capabilities' within each tier, and a list of 'Cross Capabilities' which apply to all tiers.
    1. Based on your business driver, the relevant data tiers, and your organization’s own specific requirements you will need to establish the appropriate data architecture capabilities.
    2. This blueprint will help you measure how you are currently performing in these capabilities…
    3. And help you define and set targets so you can reach your optimized state.
    1. Once completed, these steps will be provided with the information you will need to create a comprehensive roadmap.
    2. Lastly, this blueprint will provide you with the tools to communicate this plan across your organization and offer change management guidelines to ensure successful adoption.
    		 Info-Tech Insight

    Optimizing data architecture requires a tactical approach, not a passive approach.

    The demanding task of optimization requires the ability to heavily prioritize. After you have identified why, determine how using our pre-built roadmap to address the four common drivers.

    Do not forget: data architecture is not a standalone concept; it fits into the more holistic design of enterprise architecture

    Data Architecture in Alignment

    Data architecture can not be designed to simply address the focus of data specialists or even the IT department.

    It must act as a key component in the all encompassing enterprise architecture and reflect the strategy and design of the entire business.

    Data architecture collaborates with application architecture in the delivery of effective information systems, and informs technology architecture on data related infrastructure requirements/considerations

    Please refer to the following blueprints to see the full picture of enterprise architecture:

    		A diagram titled 'Enterprise Architecture' with multiple forms of architecture interacting with each other. At the top is 'Business Architecture' which feeds into 'Data Architecture' and 'Application Architecture' which feed into each other, and influence 'Infrastructure Architecture' and 'Security Architecture'.
    Adapted from TOGAF
    Refer to Phase C of TOGAF and Bizbok for references to the components of business architecture that are used in data architecture.

    Info-Tech’s data architecture optimization methodology helped a monetary authority fulfill strict regulatory pressures

    CASE STUDY
    Industry: Financial
    Source: Info-Tech Consulting
    		 Symbol for 'Monetary Authority Case Study'. Look for this symbol as you walk through the blueprint for details on how Info-Tech Consulting assisted this monetary authority.

    Situation: Strong external pressures required the monetary authority to update and optimize its data architecture.

    The monetary authority is responsible for oversight of the financial situation of a country that takes in revenue from foreign incorporation. Due to increased pressure from international regulatory bodies, the monetary authority became responsible for generating multiple different types of beneficial ownership reports based on corporation ownership data within 24 hours of a request.

    A stale and inefficient data architecture prevented the monetary authority from fulfilling external pressures.

    Normally, the process to generate and provide beneficial ownership reports took a week or more. This was due to multiple points of stale data architecture, including a dependence on outdated legacy systems and a broken process for gathering the required data from a mix of paper and electronic sources.

    Provide a structured approach to solving the problem

    Info-Tech helped the monetary authority identify the business need that resulted from regulatory pressures, the challenges that needed to be overcome, and actionable tactics for addressing the needs.

    Info-Tech’s methodology was followed to optimize the areas of data architecture that address the business driver.

    • External Requirements
    • Business Driver
        Diagnose Data Architecture Problems
      • Outdated architecture (paper, legacy systems)
      • Stale data from other agencies
      • Incomplete data
          Data Architecture Optimization Tactics
        1. Optimized Source Databases
        2. Improved Integration
        3. Data Warehouse Optimization
        4. Data Marts for Reports
        5. Report Delivery Efficiency

    As you walk through this blueprint, watch for additional case studies that walk through the details of how Info-Tech helped this monetary authority.

    This blueprint’s three-step process will help you optimize data architecture in your organization

    Phase 1
    Prioritize Your Data Architecture With Business-Driven Tactics
    		 Phase 2
    Personalize Your Tactics to Optimize Your Data Architecture
    		 Phase 3
    Create Your Tactical Data Architecture Roadmap
    Step 1: Identify Your Business Driver for Optimizing Data Architecture
    • Learn about what data architecture is and how it must evolve with the drivers of the business.
    • Determine the business driver that your organization is currently experiencing.

      • Data Architecture Driver Pattern Identification Tool

    Step 2: Determine Actionable Tactics to Optimize Data Architecture
    • Create your data architecture optimization plan to determine the high-level tactics you need to follow.

      • Data Architecture Optimization Template

    		 Step 1: Measure Your Data Architecture Capabilities
    • Determine where you currently stand in the data architecture capabilities across the five-tier data architecture.

      • Data Architecture Tactical Roadmap Tool

    Step 2: Set a Target for Data Architecture Capabilities
    • Identify your targets for the data architecture capabilities.

      • Data Architecture Tactical Roadmap Tool

    Step 3: Identify the Tactics that Apply to Your Organization
    • Understand the trends in the field of data architecture and how they can help to optimize your environment.

      • Data Architecture Trends Presentation

    		 Step 1: Personalize Your Data Architecture Roadmap
    • Personalize the tactics across the tiers that apply to you to build your personalized roadmap.

      • Data Architecture Tactical Roadmap Tool

    Step 2: Manage Your Data Architecture Decisions and the Resulting Changes
    • Document the changes in the organization’s data architecture.
    • Data architecture involves change management – learn how data architects should support change management in the organization.

      • Data Architecture Decision Template

    Use these icons to help direct you as you navigate this research

    Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

    A small monochrome icon of a wrench and screwdriver creating an X.

    This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

    A small monochrome icon depicting a person in front of a blank slide.

    This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Build a Business-Aligned Data Architecture Optimization Strategy – project overview

    PHASE 1
    Prioritize Your Data Architecture With Business-Driven Tactics    		 PHASE 2
    Personalize Your Tactics to Optimize Your Data Architecture    		 PHASE 3
    Create Your Tactical Data Architecture Roadmap
    Supporting Tool icon

    Best-Practice Toolkit

    1.1 Identify Your Business Driver for Optimizing Data Architecture

    1.2 Determine Actionable Tactics to Optimize Data Architecture

    2.1 Measure Your Data Architecture Capabilities

    2.2 Set a Target for Data Architecture Capabilities

    2.3 Identify the Tactics that Apply to Your Organization

    3.1 Personalize Your Data Architecture Roadmap

    3.2 Manage Your Data Architecture Decisions and the Resulting Changes

    Guided Implementations
    • Understand what data architecture is, how it aligns with enterprise architecture, and how data architects support the needs of the business.
    • Identify the business drivers that necessitate the optimization of the organization’s data architecture.
    • Create a tactical plan to optimize data architecture across Info-Tech’s five-tier logical data architecture model.
    • Understand Info-Tech’s tactical data architecture capability model and measure the current state of these capabilities at the organization.
    • Determine the target state of data architecture capabilities.
    • Understand the trends in the field of data architecture and identify how they can fit into your environment.
    • Use the results of the data architecture capability gap assessment to determine the priority of activities to populate your personalized data architecture optimization roadmap.
    • Understand how to manage change as a data architect or equivalent.
    Associated Activity icon

    Onsite Workshop

    		 Module 1:
    Identify the Drivers of the Business for Optimizing Data Architecture    		 Module 2:
    Create a Tactical Plan for Optimizing Data Architecture    		 Module 3:
    Create a Personalized Roadmap for Data Architecture Activities

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Preparation

    Workshop Day 1

    Workshop Day 2

    Workshop Day 3

    Workshop Day 4

    Workshop Day 5
    Organize and Plan Workshop Identify the Drivers of the Business for Optimizing Data Architecture Determine the Tactics For Optimizing Data Architecture Create Your Roadmap of Optimization Activities Create Your Personalized Roadmap Create a Plan for Change Management

    Morning Activities
    • Finalize workshop itinerary and scope.
    • Identify workshop participants.
    • Gather strategic documentation.
    • Engage necessary stakeholders.
    • Book interviews.
    • 1.1 Explain approach and value proposition.
    • 1.2 Review the common business drivers and how the organization is driving a need to optimize data architecture.
    • 2.1 Create your data architecture optimization plan.
    • 2.2 Interview key business stakeholders for input on business drivers for data architecture.
    • 3.1 Align with the enterprise architecture by interviewing the enterprise architect for input on the data architecture optimization roadmap.
    • 4.1 As a group, determine the roadmap activities that are applicable to your organization and brainstorm applicable initiatives.
    • 5.1 Use the Data Architecture Decision Documentation Template to document key decisions and updates.

    Afternoon Activities
    • 1.3 Understand Info-Tech’s Five-Tier Data Architecture.
    • 1.4 Determine the pattern of tactics that apply to the organization for optimization.
    • 2.3 With input from the business and enterprise architect, determine the current data architecture capabilities.
    • 3.3 With input from the business and enterprise architect, determine the target data architecture capabilities.
    • 4.2 Determine the timing and effort of the roadmap activities.
    • 5.2 Review best practices for change management.
    • 5.3 Present roadmap and findings to the business stakeholders and enterprise architect.

    Deliverables
    • Workshop Itinerary
    • Workshop Participant List
    1. Five-Tier Logical Data Architecture Model
    2. Data Architecture Tactic Plan
    1. Five-Tier Data Architecture Capability Model
    1. Data Architecture Tactical Roadmap
    1. Data Architecture Tactical Roadmap
    1. Data Architecture Decision Template

    Build a Business-Aligned Data Architecture Optimization Strategy

    PHASE 1

    Prioritize Your Data Architecture With Business-Driven Tactics

    Phase 1 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Prioritize Your Data Architecture With Business-Driven Tactics

    Proposed Time to Completion: 2 weeks
    Step 1.1: Identify Your Business Driver for Optimizing Data Architecture Step 1.2: Determine Actionable Tactics to Optimize Data Architecture
    Start with an analyst kick-off call:
    • Understand what data architecture is, what it is not, and how it fits into the broader enterprise architecture program.
    • Determine the drivers that fuel the need for data architecture optimization.
    		 Review findings with analyst:
    • Understand the Five-Tier Data Architecture Model and how the drivers of the business inform your priorities across this logical model of data architecture.
    Then complete these activities…
    • Complete the Data Architecture Driver Pattern Identification Tool.
    		 Then complete these activities…
    • Create a tactical data architecture optimization plan based on the business driver input.
    With these tools & templates:
    • Data Architecture Driver Pattern Identification Tool
    		 With these tools & templates:
    • Data Architecture Optimization Template

    Phase 1 Results & Insights

    • Data Architecture is not just about data models. The approach that Phase 1 guides you through will help to not only plan where you need to focus your efforts as a data architect (or equivalent) but also give you guidance in how you should go about optimizing the holistic data architecture environment based on the drivers of the business.

    Phase 1 will help you create a strategy to optimize your data architecture using actionable tactics

    In this phase, you will determine your focus for optimizing your data architecture based on the business drivers that are commonly felt by most organizations.

    1. Identify the business drivers that necessitate data architecture optimization efforts.
    2. Understand Info-Tech’s Five-Tier Data Architecture, a logical architecture model that will help you prioritize tactics for optimizing your data architecture environment.
    3. Identify tactics for optimizing the organization’s data architecture across the five tiers.

    “To stay competitive, we need to become more data-driven. Compliance pressures are becoming more demanding. We need to add a new functionality.”

    Info-Tech’s Five-Tier Data Architecture:

    1. Data Sources
    2. Data Integration and Translation
    3. Data Warehousing
    4. Data Analytics
    5. Data Presentation

    Tactical plan for Data Architecture Optimization

    Phase 1, Step 1: Identify Your Business Driver for Optimizing Data Architecture

    PHASE 1
    1.1 1.2
    Identify Your Business Driver for Optimizing Data Architecture Determine Actionable Tactics to Optimize Data Architecture

    This step will walk you through the following activities:

    • Understand how data architecture fits into the organization’s larger enterprise architecture.
    • Understand what data architecture is and how it should be driven by the business.
    • Identify the driver that is creating a need for data architecture optimization.

    This step involves the following participants:

    • Data Architect
    • Enterprise Architect

    Outcomes of this step

    • A starting point for the many responsibilities of the data architect role. Balancing business and technical requirements can be challenging, and to do so you need to first understand what is driving the need for data architecture improvements.
    • Holistic understanding of the organization’s architecture environment, including enterprise, application, data, and technology architectures and how they interact.

    Data architecture involves planning, communication, and understanding of technology

    Data Architecture

    A description of the structure and interaction of the enterprise’s major types and sources of data, logical data assets, physical data assets, and data management resources (TOGAF 9).

    The subject area of data management that defines the data needs of the enterprise and designs the master blueprints to meet those needs (DAMA DMBOK, 2009).

    IBM (2007) defines data architecture as the design of systems and applications that facilitate data availability and distribution across the enterprise.

    Definitions vary slightly across major architecture and management frameworks.

    However, there is a general consensus that data architecture provides organizations with:

    • Alignment
    • Planning
    • Road mapping
    • Change management
    • A guide for the organization’s data management program

    Data architecture must be based on business goals and objectives; developed within the technical strategies, constraints, and opportunities of the organization in support of providing a foundation for data management.

    Current Data Management
    • Alignment
    • Planning
    • Road mapping
    		 Goal for Data Management

    Info-Tech Insight

    Data Architecture is not just data models. Data architects must understand the needs of the business, as well as the existing people and processes that already exist in the organization to effectively perform their job.

    Review how data architecture fits into the broader architectural context

    A flow diagram starting with 'Business Processes/Activities' to 'Business Architecture' which through a process of 'Integration' flows to 'Data Architecture' and 'Application Architecture', the latter of which also flows into to the former, and they both flow into 'Technology Architecture' which includes 'Infrastructure' and 'Security'.

    Each layer of architecture informs the next. In other words, each layer has components that execute processes and offer services to the next layer. For example, data architecture can be broken down into more granular activities and processes that inform how the organization’s technology architecture should be arranged.

    Data does not exist on its own. It is informed by business architecture and used by other architectural domains to deliver systems, IT services, and to support business processes. As you build your practice, you must consider how data fits within the broader architectural framework.

    The Zachman Framework is a widely used EA framework; within it, data is identified as the first domain.

    The framework aims to standardize artifacts (work-products) within each architectural domain, provides a cohesive view of the scope of EA and clearly delineates data components. Use the framework to ensure that your target DA practice is aligned to other domains within the EA framework.

    		 'The Zachman Framework for Enterprise Architecture: The Enterprise Ontology', a complicated framework with top and bottom column headers and left and right row headers. Along the top are 'Classification Names': 'What', 'How', 'Where', 'Who', 'When', and 'Why'. Along the bottom are 'Enterprise Names': 'Inventory Sets', 'Process Flows', 'Distribution Networks', 'Responsibility Assignments', 'Timing Cycles', and 'Motivation Intentions'. Along the left are 'Audience Perspectives': 'Executive Perspective', 'Business Mgmt. Perspective', 'Architect Perspective', 'Engineer Perspective', 'Technician Perspective', and 'Enterprise Perspective'. Along the right are 'Model Names': 'Scope Contexts', 'Business Concepts', 'System Logic', 'Technology Physics', 'Tool Components', and 'Operations Instances'.
    (Source: Zachman International)

    Data architects operate in alignment with the other various architecture groups

    Data architects operate in alignment with the other various architecture groups, with coordination from the enterprise architect.

    Enterprise Architect
    The enterprise architect provides thought leadership and direction to domain architects.

    They also maintain architectural standards across all the architectural domains and serve as a lead project solution architect on the most critical assignments.

    • Business Architect
      A business subject matter expert who works with the line-of-business team to assist in business planning through capability-based planning.
    • Security Architect
      Plays a pivotal role in formulating the security strategy of the organization, working with the business and CISO/security manager. Recommends and maintains security standards, policies, and best practices.
    • Infrastructure Architect
      Recommends and maintains standards across the compute, storage, and network layers of the organization. Reviews project solution architectures to ensure compliance with infrastructure standards, regulations, and target state blueprints.
    • Application Architect
      Manages the business effectiveness, satisfaction, and maintainability of the application portfolio. Conduct application architecture assessments to document expected quality attribute standards, identify hotspots, and recommend best practices.
    • Data Architect
      Facilitates the creation of data strategy and has a greater understanding of operational and analytical data use cases. Manages the enterprise data model which includes all the three layers of modelling - conceptual, logical, and physical. Recommends data management policies and standards, and maintains data management artefacts. Reviews project solution architectures and identifies cross impacts across the data lifecycle.

    As a data architect, you must maintain balance between the technical and the business requirements

    The data architect role is integral to connecting the long-term goals of the business with how the organization plans to manage its data for optimal use.

    Data architects need to have a deep experience in data management, data warehousing, and analytics technologies. At a high level, the data architect plans and implements an organization’s data, reporting, and analytics roadmap.

    Some of the role’s primary duties and responsibilities include:

    1. Data modeling
    2. Reviewing existing data architecture
    3. Benchmark and improve database performance
    4. Fine tune database and SQL queries
    5. Lead on ETL activities
    6. Validate data integrity across all platforms
    7. Manage underlying framework for data presentation layer
    8. Ensure compliance with proper reporting to bureaus and partners
    9. Advise management on data solutions

    Data architects bridge the gap between strategic and technical requirements:

    Visualization centering the 'Data Architect' as the bridge between 'Data Workers', 'Business', and 'Data & Applications'.

    “Fundamentally, the role of a data architect is to understand the data in an organization at a reasonable level of abstraction.” (Andrew Johnston, Independent Consultant)

    Info-Tech Insight

    The data architect role is not always clear cut. Many organizations do not have a dedicated data architect resource, and may not need one. However, the duties and responsibilities of the data architect must be carried out to some degree by a combination of resources as appropriate to the organization’s size and environment.

    Understand the role of a data architect to ensure that essential responsibilities are covered in the organization

    A database administrator (DBA) is not a data architect, and data architecture is not something you buy from an enterprise application vendor.

    Data Architect Role Description

    • The data architect must develop (along with the business) a short-term and long-term vision for the enterprise’s data architecture.
    • They must be able to create processes for governing the identification, collection, and use of accurate and valid metadata, as well as for tracking data quality, completeness, and redundancy.
    • They need to create strategies for data security, backup, disaster recovery, business continuity, and archiving, and ensure regulatory compliance.

    Skills Necessary

    • Hands-on experience with data architecting and management, data mining, and large-scale data modeling.
    • Strong understanding of relational and non-relational data structures, theories, principles, and practices.
    • Strong familiarity with metadata management.
    • Knowledge of data privacy practices and laws.

    Define Policies, Processes, and Priorities

    • Policies
      • Boundaries of the data architecture.
      • Data architecture standards.
      • Data architecture security.
      • Responsibility of ownership for the data architecture and data repositories.
      • Responsibility for data architecture governance.
    • Processes
      • Data architecture communication.
      • Data architecture change management.
      • Data architecture governance.
      • Policy compliance monitoring.
    • Priorities
      • Align architecture efforts with business priorities.
      • Close technology gaps to meet service level agreements (SLAs).
      • Determine impacts on current or future projects.

    See Info-Tech’s Data Architect job description for a comprehensive description of the data architect role.

    Leverage data architecture frameworks to understand how the role fits into the greater Enterprise Architecture framework

    Enterprise data architectures are available from industry consortiums such as The Open Group (TOGAF®), and open source initiatives such as MIKE2.0.

    Logo for The Open Group.

    The Open Group TOGAF enterprise architecture model is a detailed framework of models, methods, and supporting tools to create an enterprise-level architecture.

    • TOGAF was first developed in 1995 and was based on the Technical Architecture Framework for Information Management (TAFIM) developed by the US Department of Defense.
    • TOGAF includes application, data, and infrastructure architecture domains providing enterprise-level, product-neutral architecture principles, policies, methods, and models.
    • As a member of The Open Group, it is possible to participate in ongoing TOGAF development initiatives.

    The wide adoption of TOGAF has resulted in the mapping of it to several other industry standards including CoBIT and ITIL.

    Logo for MIKE2.0.

    MIKE2.0 (Method for an Integrated Knowledge Environment), is an open source method for enterprise information management providing a framework for information development.

    • SAFE (Strategic Architecture for the Federated Enterprise) provides the technology solution framework for MIKE2.0
    • SAFE includes application, presentation, information, data, Infrastructure, and metadata architecture domains.

    Info-Tech Best Practice

    If an enterprise-level IT architecture is your goal, TOGAF is likely a better model. However, if you are an information and knowledge-based business then MIKE2.0 may be more relevant to your business.

    The data architect must identify what drives the need for data from the business to create a business-driven architecture

    As the business landscape evolves, new needs arise. An organization may undergo new compliance requirements, or look to improve their customer intimacy, which could require a new functionality from an application and its associated database.

    There are four common scenarios that lead to an organization’s need to optimize its data architecture and these scenarios all present unique challenges for a data architect:

    1. Becoming More Data Driven As organizations are looking to get more out of their data, there is a push for more accurate and timely data from applications. Data-driven decision making requires verifiable data from trustworthy sources. Result: Replace decisions made on gut or intuition with real and empirical data - make more informed and data-driven decisions.
    2. New Functionality or Business Rule In order to succeed as business landscapes change, organizations find themselves innovating on products or services and the way they do things. Changes in business rules, product or service offering, and new functionalities can subsequently demand more from the existing data architecture. Result: Prepare yourself to successfully launch new business initiatives with an architecture that supports business needs.
    3. Mergers and Acquisitions If an organization has recently acquired, been acquired, or is merging with another, the technological implications require careful planning to ensure a seamless fit. Application consolidation, retirement, data transfer, and integration points are crucial. Result: Leverage opportunities to incorporate and consolidate new synergistic assets to realize the ROI.
    4. Risk and Compliance Data in highly regulated organizations needs to be kept safe and secure. Architectural decisions around data impact the level of compliance within the organization. Result: Avoid the fear of data audits, regulatory violations, and privacy breaches.

    Info-Tech Best Practice

    These are not the only reasons why data architects need to optimize the organization’s data architecture. These are only four of the most common scenarios, however, other business needs can be addressed using the same concept as these four common scenarios.

    Use the Data Architecture Driver tool to identify your focus for data architecture

    Supporting Tool icon 1.1 Data Architecture Driver Pattern Identification Tool

    Follow Info-Tech’s process of first analyzing the needs of the business, then determining how best to architect your data based on these drivers. Data architecture needs to be able to rapidly evolve to support the strategic goals of the business, and the Data Architecture Driver Pattern Identification Tool will help you to prioritize your efforts to best do this.

    Tab 2. Driver Identification

    Objective: Objectively assess the most pressing business drivers.

    Screenshot of the Data Architecture Driver Pattern Identification Tool, tab 2.

    Tab 3. Tactic Pattern Plan, Section 1

    Purpose: Review your business drivers that require architectural changes in your environment.

    Screenshot of the Data Architecture Driver Pattern Identification Tool, tab 3, section 1.

    Tab 3. Tactic Pattern Plan, Section 2

    Purpose: Determine a list of tactics that will help you address the business drivers.

    Screenshot of the Data Architecture Driver Pattern Identification Tool, tab 3, section 2.
    Step
    • Evaluate business drivers to determine the data architecture optimization priorities and tactics.
    		 Step
    • Understand how each business driver relates to data architecture and how each driver gives rise to a specific pattern across the five-tier data architecture.
    		 Step
    • Review the list of high-level tactics presented to optimize your data architecture across the five tier architecture.

    Identify the drivers for improving your data architecture

    Associated Activity icon 1.1.1 1 hour

    INPUT: Data Architecture Driver tool assessment prompts.

    OUTPUT: Identified business driver that applies to your organization.

    Materials: Data Architecture Driver Pattern Identification Tool

    Participants: Data architect, Enterprise architect

    Instructions

    In Tab 2. Driver Identification of the Data Architecture Driver Pattern Identification Tool, assess the degree to which the organization is feeling the pains of the four most common business drivers:

    1. Is there a present or growing need for the business to be making data-driven decisions?
    2. Does the business want to explore a new functionality and hence require a new application?
    3. Is your organization acquiring or merging with another entity?
    4. Is your organization’s regulatory environment quick to change and require stricter reporting?

    Data architecture improvements need to be driven by business need.

    Screenshot of the Data Architecture Driver Pattern Identification Tool, tab 2 Driver Identification.
    Tab 2. Driver Identification

    “As a data architect, you have to understand the functional requirements, the non-functional requirements, then you need to make a solution for those requirements. There can be multiple solutions and multiple purposes. (Andrew Johnston, Independent Consultant)

    Interview the business to get clarity on business objectives and drivers

    Associated Activity icon 1.1.2 1 hour per interview

    INPUT: Sample questions targeting the activities, challenges, and opportunities of each business unit

    OUTPUT: Sample questions targeting the activities, challenges, and opportunities of each business unit

    Materials: Data Architecture Driver Pattern Identification Tool

    Participants: Data architect, Business representatives, IT representatives

    Identify 2-3 business units that demonstrate enthusiasm for or a positive outlook on improving how organizational data can help them in their role and as a unit.

    Conducting a deep-dive interview process with these key stakeholders will help further identify high-level goals for the data architecture strategy within each business unit. This process will help to secure their support throughout the implementation process by giving them a sense of ownership.

    Key Interview Questions:

    1. What are your primary activities? What do you do?
    2. What challenges do you have when completing your activities?
    3. How is poor data impacting your job?
    4. If [your selected domain]’s data is improved, what business issues would this help solve?

    Request background information and documentation from stakeholders regarding the following:

    • What current data management policies and processes exist (that you know of)?
    • Who are the data owners and end users?
    • Where are the data sources within the department stored?
    • Who has access to these data sources?
    • Are there existing or ongoing data issues within those data sources?

    Interview the enterprise architect to get input on the drivers of the business

    Associated Activity icon 1.1.3 2 hours

    INPUT: Data Architecture Driver tool assessment prompts.

    OUTPUT: Identified business driver that applies to your organization.

    Materials: Data Architecture Driver Pattern Identification Tool

    Participants: Data architect, Enterprise architect

    Data architecture improvements need to be driven by business need.

    Instructions

    As you work through Tab 2. Driver Identification of the Data Architecture Driver Pattern Identification Tool, consult with the enterprise architect or equivalent to assist you in rating the importance of each of the symptoms of the business drivers. This will help you provide greater value to the business and more aligned objectives.

    		 Screenshot of the Data Architecture Driver Pattern Identification Tool, tab 2 Driver Identification.
    Tab 2. Driver Identification

    Once you know what that need is, go to Step 2.

    Phase 1, Step 2: Establish Actionable Tactics to Optimize Data Architecture

    PHASE 1

    1.11.2
    Identify Your Business Driver for Optimizing Data ArchitectureDetermine Actionable Tactics to Optimize Data Architecture

    This step will walk you through the following activities:

    • Understand Info-Tech’s five-tier data architecture to begin focusing your architectural optimization.
    • Create your Data Architecture Optimization Template to plan your improvement tactics.
    • Prioritize your tactics based on the five-tier architecture to plan optimization.

    This step involves the following participants:

    • Data Architect
    • Enterprise Architect
    • DBAs

    Outcomes of this step

    • A tactical and prioritized plan for optimizing the organization’s data architecture according to the needs of the business.

    To plan a business-driven architecture, data architects need to keep the organization’s big picture in mind

    Remember… Architecting an organization involves alignment, planning, road mapping, design, and change management functions.

    Data architects must be heavily involved with:

    • Understanding the short- and long-term visions of the business to develop a vision for the organization’s data architecture.
    • Creating processes for governing the identification, collection, and use of accurate and valid data, as well as for tracking data quality, completeness, and redundancy.
    • They need to create strategies for data security, backup, disaster recovery, business continuity, and archiving, and ensure regulatory compliance.

    To do this, you need a framework. A framework provides you with the holistic view of the organization’s data environment that you can use to design short- and long-term tactics for improving the use of data for the needs of the business.

    Use Info-Tech’s five-tier data architecture to model your environment in a logical, consumable fashion.

    Info-Tech Best Practice

    The more complicated an environment is, the more need there is for a framework. Being able to pick a starting point and prioritize tasks is one of the most difficult, yet most essential, aspects of any architect’s role.

    The five tiers of an organization’s data architecture support the use of data throughout its lifecycle

    Info-Tech’s five-tier data architecture model summarizes an organization’s data environment at a logical level. Data flows from left to right, but can also flow from the presentation layer back to the warehousing layer for repatriation of data.

    Info-Tech's Five Tier Data Architecture. The five tiers being 'Sources' which includes 'App1 ', 'App2', 'Excel and other documents', 'Access database(s)', 'IOT devices', and 'External data feed(s) & social media'; 'Integration and Translation' which includes 'Solutions: SOA, Point to Point, Manual Loading, ESB , ETL, ODS, Data Hub' and 'Functions: Scrambling Masking Encryption, Tokenizing, Aggregation, Transformation, Migration, Modeling'; 'Warehousing' which includes 'Data Lakes & Warehouse(s) (Raw Data)', 'EIM, ECM, DAM', and 'Data Lakes & Warehouse(s) (Derived Data)'; 'Analytics' which includes 'Data Marts', 'Data Cube', 'Flat Files', 'BI Tools', and the 'Protected Zone: Data Marts - BDG Class Ref. MDM'; and 'Presentation' which includes 'Formulas', 'Thought Models', 'Reports', 'Dashboards', 'Presentations', and 'Derived Data (from analytics activities)'.

    Use the Data Architecture Optimization Template to build your improvement roadmap

    Supporting Tool icon 1.2 Data Architecture Optimization Template

    Download the Data Architecture Optimization Template.

    Overview

    Use this template to support your team in creating a tactical strategy for optimizing your data architecture across the five tiers of the organization’s architecture. This template can be used to document your organization’s most pressing business driver, the reasons for optimizing data architecture according to that driver, and the tactics that will be employed to address the shortcomings in the architecture.

    Sample of Info-Tech’s Data Architecture Optimization Template. Info-Tech’s Data Architecture Optimization Template Table of Contents
    1. Build Your Current Data Architecture Logical Model Use this section to document the current data architecture situation, which will provide context for your plan to optimize your data architecture.
    2. Optimization Plan Use this section to document the tactics that will be employed to optimize the current data architecture according to the tactic pattern identified by the business driver.

    Fill out as you go

    As you read about the details of the five-tier data architecture model in the following slides, start building your current logical data architecture model by filling out the sections that correspond to the various tiers. For example, if you identified that the most pressing business driver is becoming compliant with regulations, document the sources of data required for compliance, as well as the warehousing strategy currently being employed. This will help you to understand the organization’s data architecture at a logical level.

    Tier 1 represents all of the sources of your organization’s data

    Tier 1 of Info-Tech's Five Tier Data Architecture, 'Sources', which includes 'App1 ', 'App2', 'Excel and other documents', 'Access database(s)', 'IOT devices', and 'External data feed(s) & social media'.
    –› Data to integration layer

    Tier 1 is where the data enters the organization.

    All applications, data documents such as MS Excel spreadsheets, documents with table entries, manual extractions from other document types, user-level databases including MS Access and MySQL, other data sources, data feeds, big datasets, etc. reside here.

    This tier typically holds the siloed data that is so often not available across the enterprise because the data is held within department-level applications or systems. This is also the layer where transactions and operational activities occur and where data is first created or ingested.

    There are any number of business activities from transactions through business processes that require data to flow from one system to another, so it is often at this layer we see data created more than once, data corruption occurs, manual re-keying of data from system to system, and spaghetti-like point-to-point connections are built that are often fragile. This is usually the single most problematic area within an enterprise’s data environment. Application- or operational-level (siloed) reporting often occurs at this level.

    Info-Tech Best Practice

    An optimized Tier 1 has the following attributes:

    • Rationalized applications
    • Operationalized database administration
    • Databases governed, monitored, and maintained to ensure optimal performance

    Tier 2 represents the movement of data

    Tier 2 of Info-Tech's Five Tier Data Architecture, 'Integration and Translation', which includes 'Solutions: SOA, Point to Point, Manual Loading, ESB , ETL, ODS, Data Hub' and 'Functions: Scrambling Masking Encryption, Tokenizing, Aggregation, Transformation, Migration, Modeling'.
    –› Data to Warehouse Environment

    Find out more

    For more information on data integration, see Info-Tech’s Optimize the Organization’s Data Integration Practices blueprint.

    Tier 2 is where integration, transformation, and aggregation occur.

    Regardless of how you integrate your systems and data stores, whether via ETL, ESB, SOA, data hub, ODS, point-to-point, etc., the goal of this layer is to move data at differing speeds for one of two main purposes:

    1) To move data from originating systems to downstream systems to support integrated business processes. This ensures the data is pristine through the process and improves trustworthiness of outcomes and speed to task and process completion.

    2) To move data to Tier 3 - The Data Warehouse Architecture, where data rests for other purposes. This movement of data in its purest form means we move raw data to storage locations in an overall data warehouse environment reflecting any security, compliance and other standards in our choices for how to store.

    Also, this is where data is transformed for unique business purpose that will also be moved to a place of rest or a place of specific use. Data masking, scrambling, aggregation, cleansing and matching, and other data related blending tasks occur at this layer.

    Info-Tech Best Practice

    An optimized Tier 2 has the following attributes:

    • Business data glossary is leveraged
    • ETL is governed
    • ETL team is empowered
    • Data matching is facilitated
    • Canonical data model is present

    Tier 3 is where data comes together from all sources to be stored in a central warehouse environment

    Tier 3 is where data rests in long-term storage.

    This is where data rests (long-term storage) and also where an enterprise’s information, documents, digital assets, and any other content types are stored. This is also where derived and contrived data creations are stored for re-use, and where formulas, thought models, heuristics, algorithms, report styles, templates, dashboard styles, and presentations-layer widgets are all stored in the enterprise information management system.

    At this layer there may be many technologies and many layers of security to reflect data domains, classifications, retention, compliance, and other data needs. This is also the layer where data lakes exist as well as traditional relational databases, enterprise database systems, enterprise content management systems, and simple user-level databases.

    Info-Tech Best Practice

    An optimized Tier 3 has the following attributes:

    • Data warehouse is governed
    • Data warehouse operations and planning
    • Data library is comprehensive
    • Four Rosetta Stones of data are in place: BDG, data classification, reference data, master data.
    		Data from integration layer –›
    Tier 3 of Info-Tech's Five Tier Data Architecture, 'Data Warehouse Environment' which includes 'Data Lakes & Warehouse(s) (Raw Data)', 'EIM, ECM, DAM'.
    –› Analytics

    Find out more

    For more information on Data Warehousing, see Info-Tech’s Build an Extensible Data Warehouse Foundation and Drive Business Innovation With a Modernized Data Warehouse Environment blueprints.

    Tier 4 is where knowledge and insight is born

    Tier 4 represents data being used for a purpose.

    This is where you build fit-for-purpose data sets (marts, cubes, flat files) that may now draw from all enterprise data and information sources as held in Tier 3. This is the first place where enterprise views of all data may be effectively done and with trust that golden records from systems of record are being used properly.

    This is also the layer where BI tools get their greatest use for performing analysis. Unlike Tier 3 where data is at rest, this tier is where data moves back into action. Data is brought together in unique combinations to support reporting, and analytics. It is here that the following enterprise analytic views are crafted:
    Exploratory, Inferential, Causal, Comparative, Statistical, Descriptive, Diagnostic, Hypothesis, Predictive, Decisional, Directional, Prescriptive

    Info-Tech Best Practice

    An optimized Tier 4 has the following attributes:

    • Reporting meets business needs
    • Data mart operations are in place
    • Governance of data marts, cubes, and BI tools in place
    		Warehouse Environment –›
    Tier 4 of Info-Tech's Five Tier Data Architecture, 'Analytics', which includes 'Data Marts', 'Data Cube', 'Flat Files', and 'BI Tools'.
    –› Presentation

    Find out more

    For more information on BI tools and strategy, see Info-Tech’s Select and Implement a Business Intelligence and Analytics Solution and Build a Next Generation BI with a Game-Changing BI Strategy blueprints.

    The presentation layer, Tier 5, is where data becomes presentable information

    Tier 5 represents data in knowledge form.

    This is where the data and information combine in information insight mapping methods (presentations, templates, etc.). We craft and create new ways to slice and dice data in Tier 4 to be shown and shared in Tier 5.

    Templates for presenting insights are extremely valuable to an enterprise, both for their initial use, and for the ability to build deeper, more insightful analytics. Re-use of these also enables maximum speed for sharing, consuming the outputs, and collective understanding of these deeper meanings that is a critical asset to any enterprise. These derived datasets and the thought models, presentation styles, templates, and other derived and contrived assets should be repatriated into the derived data repositories and the enterprise information management systems respectively as shown in Tier 3.

    Find out more

    For more information on enterprise content management and metadata, see Info-Tech’s Develop an ECM Strategy and Break Open Your DAM With Intuitive Metadata blueprints.

    		Tier 5 of Info-Tech's Five Tier Data Architecture, 'Presentation', which includes 'Formulas', 'Thought Models', 'Reports', 'Dashboards', 'Presentations', and 'Derived Data (from analytics activities)'. The 'Repatriation of data' feeds the derived data back into Warehousing.

    Info-Tech Best Practice

    An optimized Tier 5 has the following attributes:

    • Metadata creation is supervised
    • Metadata is organized
    • Metadata is governed
    • Content management capabilities are present

    Info-Tech Insight

    Repatriation of data and information is an essential activity for all organizations to manage organizational knowledge. This is the activity where information, knowledge, and insights that are stored in content form are moved back to the warehousing layer for long-term storage. Because of this, it is crucial to have an effective ECM strategy as well as the means to find information quickly and efficiently. This is where metadata and taxonomy come in.

    As a data architect, you must prioritize your focus according to business need

    Determine your focus.

    Now that you have an understanding of the drivers requiring data architecture optimization, as well as the current data architecture situation at your organization, it is time to determine the actions that will be taken to address the driver.

    1. Business driver

    		 Screenshot of Data Architecture Driver Pattern Identification Tool, Tab 2. Tactic Pattern Plan.
    Data Architecture Driver Pattern Identification Tool, Tab 2. Tactic Pattern Plan

    3. Documented tactic plan

    Data Architecture Optimization Template

    2. Tactics across the five tiers

    		 Another screenshot of Data Architecture Driver Pattern Identification Tool, Tab 2. Tactic Pattern Plan.

    The next four slides provide an overview of the priorities that accompany the four most common business drivers that require updates to a stale data architecture.

    Business driver #1: Adding a new functionality to an application can have wide impacts on data architecture

    Does the business wants to add a new application or supplement an existing application with a new functionality?

    Whether the business wants to gain better customer intimacy, achieve operational excellence, or needs to change its compliance and reporting strategy, the need for collecting new data through a new application or a new functionality within an existing application can arise. This business driver has the following attributes:

    • Often operational oriented and application driven.
    • An application is changed through an application version upgrade, migration to cloud, or application customization, or as a result of application rationalization or changes in the way that application data is generated.
    • However, not all new functionalities trigger this scenario. Non-data-related changes, such as a new interface, new workflows, or any other application functionality changes that do not involve data, will not have data architecture impacts.
    		 Stock photo of someone using a smartphone with apps.
    Modified icon for Tools & Templates. When this business driver arises, data architects should focus on optimizing architecture at the source tier and the integration of the new functionality. Tactics for this business driver should address the following pattern:
    Tiers 1 and 2 highlighted.

    Business driver #2: Organizations today are looking to become more data driven

    Does the business wants to better leverage its data?

    An organization can want to use its data for multiple reasons. Whether these reasons include improving customer experience or operational excellence, the data architect must ensure that the organization’s data aggregation environment, reporting and analytics, and presentation layer are assessed and optimized for serving the needs of the business.

    “Data-drivenness is about building tools, abilities, and, most crucially, a culture that acts on data.” (Carl Anderson, Creating a Data-Driven Organization)

    Tactics for this business driver should address the following pattern:
    Tiers 3, 4, and 5 highlighted.    		 Modified icon for Tools & Templates. When this business driver arises, data architects should focus on optimizing architecture at the source tier and the integration of the new functionality.
    Stock photo of someone sitting at multiple computers with analytics screens open.
    • This scenario is typically project driven and analytical oriented.
    • The business is looking to leverage data and information by processing data through BI tools and self-service.
    • Example: The organization wants to include new third-party data, and needs to build a new data mart to provide a slice of data for analysis.

    Business driver #3: Risk and compliance demands can put pressure on outdated architectures

    Is there increasing pressure on the business to maintain compliance requirements as per regulations?

    An organization can want to use its data for multiple reasons. Whether these reasons include improving customer experience or operational excellence, the data architect must ensure that the organization’s data aggregation environment, reporting and analytics, and presentation layer are assessed and optimized for serving the needs of the business.

    There are different types of requirements:
    • Can be data-element driven. For example, PII, PHI are requirements around data elements that are associated with personal and health information.
    • Can be process driven. For example, some requirements restrict data read/write to certain groups.
    		 Stock photo of someone pulling a block out of a Jenga tower.
    Modified icon for Tools & Templates. When this business driver arises, data architects should focus on optimizing architecture where data is stored: at the sources, the warehouse environment, and analytics layer. Tactics for this business driver should address the following pattern:
    Tiers 1, 3, and 4 highlighted.

    Business driver #4: Mergers and acquisitions can require a restructuring of the organization’s data architecture

    Is the organization looking to acquire or merge with another organization or line of business?

    There are three scenarios that encompass the mergers and acquisitions business driver for data architecture:

    1. The organization acquires/merges with another organization and wants to integrate the data.
    2. The organization acquires/merges a subset of an organization (a line of business, for example) and wants to integrate the data.
    3. The organization acquires another organization for competitive purposes, and does not need to integrate the data.
    		 Regardless of what scenario your organization falls into, you must go through the same process of identifying the requirements for the new data:
    1. Understand what data you are getting.
      The business may acquire another organization for the data, for the technology, and/or for algorithms (for example). If the goal is to integrate the new data, you must understand if the data is unstructured, structured, how much data, etc.
    2. Plan for the integration of the new data into your environment.
      Do you have the expertise in-house to integrate the data? Database structures and systems are often mismatched (for example, acquired company could have an Oracle database whereas you are an SAP shop) and this may require expertise from the acquired company or a third party.
    3. Integrate the new data.
      Often, the extraction of the new data is the easy part. Transforming and loading the data is the difficult and costly part.
    “As a data architect, you must do due diligence of the acquired firm. What are the workflows, what are the data sources, what data is useful, what is useless, what is the value of the data, and what are the risks of embedding the data?” (Anonymous Mergers and Acquisitions Consultant)
    Modified icon for Tools & Templates. When this business driver arises, data architects should focus on optimizing architecture at the source tier, the warehousing layer, and analytics. Tiers 1, 3, and 4 highlighted.

    Determine your tier priority pattern and the tactics that you should address based on the business drivers

    Associated Activity icon 1.2.1 30 minutes

    INPUT: Business driver assessment

    OUTPUT: Tactic pattern and tactic plan

    Materials: Data Architecture Driver Pattern Identification Tool, Data Architecture Optimization Template

    Participants: Data architect, Enterprise architect

    Instructions
    1. After you have assessed the organization’s business driver on Tab 1. Driver Identification, move to Tab 2. Tactic Pattern Plan.
    2. Here, you will find a summary of the business driver that applies to you, as well as the tier priority pattern that will help you to focus your efforts for data architecture.
    3. Document the Tier Priority Pattern and associated tactics in Section 2. Optimization Plan of the Data Architecture Optimization Plan.
    Screenshot of Data Architecture Driver Tool.
    Data Architecture Driver Tool    		 Arrow pointing right. Sample of Data Architecture Optimization Template
    Data Architecture Optimization Template

    Info-Tech Insight

    Our approach will help you to get to the solution of the organization’s data architecture problems as quickly as possible. However, keep in mind that you should still address the other tiers of your data architecture even if they are not part of the pattern we identified. For example, if you need to become more data driven, don’t completely ignore the sources and the integration of data. However, to deliver the most and quickest value, focus on tiers 3, 4, and 5.

    This phase helped you to create a tactical plan to optimize your data architecture according to business priorities

    Phase 1 is all about focus.

    Data architects and those responsible for updating an organization’s data architecture have a wide-open playing field with which to take their efforts. Being able to narrow down your focus and generate an actionable plan will help you provide more value to the organization quickly and get the most out of your data.

      Phase 1
      • Business Drivers
        • Tactic Pattern
          • Tactical Plan

    Now that you have your prioritized tactical plan, move to Phase 2. This phase will help you map these priorities to the essential capabilities and measure where you stack up in these capabilities. This is an essential step in creating your data architecture roadmap and plan for coming years to modernize the organization’s data architecture.

    To identify what the monetary authority needed from its data architecture, Info-Tech helped determine the business driver

    CASE STUDY

    Industry: Financial
    Source: Info-Tech Consulting
    		Symbol for 'Monetary Authority Case Study'.

    Part 1

    Prior to receiving new external requirements, the monetary Authority body had been operating with an inefficient system. Outdated legacy systems, reports in paper form, incomplete reports, and stale data from other agencies resulted in slow data access. The new requirements demanded speeding up this process.

    Diagram comparing the 'Original Reporting' requirement of 'Up to 7 days' vs the 'New Requirement' of 'As soon as 1 hour'. The steps of reporting in that time are 'Report Request', 'Gather Data', and 'Make Report'.

    Although the organization understood it needed changes, it first needed to establish what were the business objectives, and which areas of their architecture they would need to focus on.

    The business driver in this case was compliance requirements, which directed attention to the sources, aggregation, and insights tiers.

    		 Tiers 1, 3, and 4 highlighted.

    Looking at the how the different tiers relate to certain business operations, the organization uncovered the best practise tactics to achieving an optimized data architecture.

    1. Source Tactics: 3. Warehousing Tactics: 4. Analytics Tactics:
    • Identify data sources
    • Ensure data quality
    • Properly catalogue data
    • Properly index data
    • Provide the means for data accessibility
    • Allow for data reduction/space for report building

    Once the business driver had been established, the organization was able to identify the specific areas it would eventually need to evaluate and remedy as needed.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1.1

    		 Sample of activity 1.1.1 'Identify the drivers for improving your data architecture'. Identify the business driver that will set the direction of your data architecture optimization plan.

    In this activity, the facilitator will guide the team in identifying the business driver that is creating the need to improve the organization’s data architecture. Data architecture needs to adapt to the changing needs of the business, so this is the most important step of any data architecture improvements.

    1.2.1

    		 Sample of activity 1.2.1 'Determine your tier priority pattern and the tactics that you should address based on the business drivers'. Determine the tactics that you will use to optimize data architecture.

    In this activity, the facilitator will help the team create a tactical plan for optimizing the organization’s data architecture across the five tiers of the logical model. This plan can then be followed when addressing the business needs.

    Build a Business-Aligned Data Architecture Optimization Strategy

    PHASE 2

    Personalize Your Tactics to Optimize Your Data Architecture

    Phase 2 will determine your tactics that you should implement to optimize your data architecture

    Business Drivers
    Each business driver requires focus on specific tiers and their corresponding capabilities, which in turn correspond to tactics necessary to achieve your goal.
    New Functionality Risk and Compliance Mergers and Acquisitions Become More Data Driven
    Tiers 1. Data Sources 2. Integration 3. Warehousing 4. Insights 5. Presentation
    Capabilities Current Capabilities
    Target Capabilities
    Example Tactics Leverage indexes, partitions, views, and clusters to optimize performance.

    Cleanse data source.

    		 Leverage integration technology.

    Identify matching approach priorities.

    		 Establish governing principles.

    Install performance enhancing technologies.

    		 Establish star schema and snowflake principles.

    Share data via data mart.

    		 Build metadata architecture:
    • Data lineage
    • Sharing
    • Taxonomy
    • Automatic vs. manual creation

    Phase 2 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Personalize Your Tactics to Optimize Your Data Architecture

    Proposed Time to Completion: 2 weeks
    Step 2.1: Measure Your Data Architecture Capabilities Step 2.2: Set a Target for Data Architecture Capabilities Step 2.3: Identify the Tactics That Apply to Your Organization
    Start with an analyst kick-off call:
    • Understand Info-Tech’s data architecture capability model to begin identifying where to develop tactics for optimizing your data architecture.
    		 Review findings with analyst:
    • Understand Info-Tech’s data architecture capability model to begin identifying where to develop tactics for optimizing your data architecture.
    		 Finalize phase deliverable:
    • Learn about the trends in data architecture that can be leveraged to develop tactics.
    Then complete these activities…
    • Measure your current state across the tiers of the capability model that will help address your business driver.
    		 Then complete these activities…
    • Measure your target state for the capabilities that will address your business driver.
    		 Then complete these activities…
    • Review the tactical roadmap that was created with guidance from the capability gap analysis.
    With these tools & templates:
    • Data Architecture Tactical Roadmap Tool
    		 With these tools & templates:
    • Data Architecture Tactical Roadmap Tool
    		 With these tools & templates:
    • Data Architecture Trends Presentation Template

    Phase 2 Results & Insights

    • Data architecture is not just data models. Understand the essential capabilities that your organization needs from its data architecture to develop a tactical plan for optimizing data architecture across its people, processes, and technology.

    Phase 2, Step 1: Measure Your Data Architecture Capabilities

    PHASE 2
    2.1 2.2 2.3
    Measure Your Data Architecture Capabilities Set a Target for Data Architecture Capabilities Identify the Tactics That Apply to Your Organization

    This step will walk you through the following activities:

    • As you walk through the data architecture capability model, measure your current state in each of the relevant capabilities.
    • Distinguish between essential and nice-to-have capabilities for your organization.

    This step involves the following participants:

    • Data Architect

    Outcomes of this step

    • A framework for generating a tactical plan for data architecture optimization.
    • Knowledge of the various trends in the data architecture field that can be incorporated into your plan.

    To personalize your tactical strategy, you must measure up your base data architecture capabilities

    What is a capability?

    Capabilities represent a mixture of people, technology, and processes. The focus of capability design is on the outcome and the effective use of resources to produce a differentiating capability or an essential supporting capability.

    To personalize your tactics, you have to understand what the essential capabilities are across the five tiers of an organization’s data architecture. Then, assess where you currently stand in these capabilities and where you need to go in order to build your optimization plan.

    'Capability' as a mixture of 'People', 'Technology', 'Process', and 'Assets'.

    Info-Tech’s data architecture capability model can be laid over the five-tier data architecture to understand the essential and advanced capabilities that an organization should have, and to build your tactical strategy for optimizing the organization’s data architecture across the tiers.

    Use Info-Tech’s data architecture capability model as a resource to assess and plan your personalized tactics

    Info-Tech’s data architecture capability model can be laid over the five-tier data architecture to understand the essential and advanced capabilities that an organization should have, and to build your tactical strategy for optimizing the organization’s data architecture across the tiers.

    Info-Tech’s Data Architecture Capability Model featuring the five-tier architecture listing 'Core Capabilities' and 'Advanced Capabilities' within each tier, and a list of 'Cross Capabilities' which apply to all tiers.

    Use the Data Architecture Tactical Roadmap Tool to create a tailored plan of action

    Supporting Tool icon 2.1.1 Data Architecture Tactical Roadmap Tool

    Instructions

    Use the Data Architecture Tactical Roadmap Tool as your central tool to develop a tactical plan of action to optimize the organization’s data architecture.

    This tool contains the following sections:

    1. Business Driver Input
    2. Capability Assessment
    3. Capability Gap Analysis
    4. Tactical Roadmap
    5. Metrics
    6. Initiative Roadmap

    INFO-TECH DELIVERABLE

    Sample of the Info-Tech deliverable Data Architecture Tactical Roadmap Tool.

    Benefits of using this tool:

    • Comprehensive documentation of data architecture capabilities present in leading organizations.
    • Generates an accurate architecture roadmap for your organization that is developed in alignment with the broader enterprise architecture and related architectural domains.

    To create a plan for your data architecture priorities, you must first understand where you currently stand

    Now that you understand the business problem that you are trying to solve, it is time to take action in solving the problem.

    The organization likely has some of the capabilities that are needed to solve the problem, but also a need to improve other capabilities. To narrow down the capabilities that you should focus on, first select the business driver that was identified in Phase 1 in Tab 1. Business Driver Input of the Data Architecture Tactical Roadmap Tool. This will customize the roadmap tool to deselect the capabilities that are likely to be less relevant to your organization.

    For Example: If you identified your business driver as “becoming more data-driven”, you will want to focus on measuring and building out the capabilities within Tiers 3, 4, and 5 of the capability model.

    Data Architecture Capability Model
    Info-Tech’s Data Architecture Capability Model with tiers 3, 4, and 5 highlighted.

    Note

    If you want to assess your organization for all of the capabilities across the data architecture capability model, select “Comprehensive Data Architecture Assessment” in Tab 1. Business Driver Input of the Data Architecture Tactical Roadmap Tool.

    Determine your current state across the related architecture tiers

    Associated Activity icon 2.1.2 1 hour

    INPUT: Current data architecture capabilities.

    OUTPUT: An idea of where you currently stand in the capabilities.

    Materials: Data Architecture Tactical Roadmap Tool

    Participants: Data architect, Enterprise architect, Business representatives

    Use the Data Architecture Tactical Roadmap Tool to evaluate the baseline and target capabilities of your practice in terms of how data architecture is approached and executed.

    Instructions
    1. Invite the appropriate stakeholders to participate in this exercise.
    2. On Tab 2. Practice Components, assess the current and target states of each capability on a scale of 1–5.
      3. Note: “Ad hoc” implies a capability is completed, but randomly, informally, and without a standardized method.
      These results will set the baseline against which you will monitor performance progress and keep track of improvements over time.
    		To assess data architecture maturity, Info-Tech uses the Capability Maturity Model Integration (CMMI) program for rating capabilities on a scale of 1 to 5:

    1 = Initial/Ad hoc

    2 = Developing

    3 = Defined

    4 = Managed and Measurable

    5 = Optimized

    Info-Tech Insight

    Focus on Early Alignment. Assessing capabilities within specific people’s job functions can naturally result in disagreement or debate, especially between business and IT people. Objectively facilitate any debate and only finalize capability assessments when there is full alignment. Remind everyone that data architecture should ultimately serve business needs wherever possible.

    Phase 2, Step 2: Set a Target for Data Architecture Capabilities

    PHASE 2

    2.12.22.3
    Measure Your Data Architecture CapabilitiesSet a Target for Data Architecture CapabilitiesIdentify the Tactics That Apply to Your Organization

    This step will walk you through the following activities:

    • Determine your target state in each of the relevant capabilities.
    • Distinguish between essential and nice-to-have capabilities for your organization.

    This step involves the following participants:

    • Data Architect

    Outcomes of this step

    • A holistic understanding of where the organization’s data architecture currently sits, where it needs to go, and where the biggest gaps lie.

    To create a plan for your data architecture priorities, you must also understand where you need to get to in the future

    Keep the goal in mind by documenting target state objectives. This will help to measure the highest priority gaps in the organization’s data architecture capabilities.

    Example driver = Becoming more data driven Arrow pointing right. Info-Tech’s Data Architecture Capability Model with tiers 3, 4, and 5 highlighted. Arrow pointing right. Current Capabilities Arrow pointing right. Target Capabilities
    Gaps and Priorities
    Stock photo of a hand placing four shelves arranged as stairs. On the first step is a mini-cut-out of a person walking.

    Determine your future state across the relevant tiers of the data architecture capability model

    Associated Activity icon 2.2.1 2 hours

    INPUT: Current state of data architecture capabilities.

    OUTPUT: Target state of data architecture capabilities.

    Materials: Data Architecture Tactical Roadmap Tool

    Participants: Data architect

    The future of data architecture is now.

    Determine the state of data architecture capabilities that the organization needs to reach to address the drivers of the business.

    For example: If you identified your business driver as “becoming more data driven”, you will want to focus on the capabilities within Tiers 3, 4, and 5 of the capability model.

    Driver = Becoming more data driven Arrow pointing right. Info-Tech’s Data Architecture Capability Model with tiers 3, 4, and 5 highlighted. Arrow pointing right. Target Capabilities

    Identify where gaps in your data architecture capabilities lie

    Associated Activity icon 2.2.2 1 hour

    INPUT: Current and target states of data architecture capabilities.

    OUTPUT: Holistic understanding of where you need to improve data architecture capabilities.

    Materials: Data Architecture Tactical Roadmap Tool

    Participants: Data architect

    Visualization of gap assessment of data quality practice capabilities

    To enable deeper analysis on the results of your capability assessment, Tab 4. Capability Gap Analysis in the Data Architecture Tactical Roadmap Tool creates visualizations of the gaps identified in each of your practice capabilities and related data management practices. These diagrams serve as analysis summaries.

    Gap Assessment of Data Source Capabilities

    Sample of the Data Architecture Tactical Roadmap Tool, tab 4. Capability Gap Analysis.

    Use Tab 3. Data Quality Practice Scorecard to enhance your data quality project.

    1. Enhance your gap analyses by forming a relative comparison of total gaps in key practice capability areas, which will help in determining priorities.
    2. Put these up on display to improve discussion in the gap analyses and prioritization sessions.
    3. Improve the clarity and flow of your strategy template, final presentations, and summary documents by copying and pasting the gap assessment diagrams.

    Phase 2, Step 3: Identify the Tactics That Apply to Your Organization

    PHASE 2

    2.12.22.3
    Measure Your Data Architecture CapabilitiesSet a Target for Data Architecture CapabilitiesIdentify the Tactics That Apply to Your Organization

    This step will walk you through the following activities:

    • Before making your personal tactic plan, identify the trends in data architecture that can benefit your organization.
    • Understand Info-Tech’s data architecture capability model.
    • Initiate the Data Architecture Roadmap Tool to begin creating a roadmap for your optimization plan.

    This step involves the following participants:

    • Data Architect

    Outcomes of this step

    • A framework for generating a tactical plan for data architecture optimization.
    • Knowledge of the various trends in the data architecture field that can be incorporated into your plan.

    Capitalize on trends in data architecture before you determine the tactics that apply to you

    Stop here. Before you begin to plan for optimization of the organization’s data environment, get a sense of the sustainability and scalability of the direction of the organization’s data architecture evolution.

    Practically any trend in data architecture is driven by an attempt to solve one or more the common challenges of today’s tumultuous data landscape, otherwise known as “big data.” Data is being produced in outrageous amounts, at very high speeds, and in a growing number of types and structures.

    To meet these demands, which are not slowing down, you must keep ahead of the curve. Consider the internal and external catalysts that might fuel your organization’s need to modernize its data architecture:

    Big Data

    Data Storage

    Advanced analytics

    Unstructured data

    Integration
    Hadoop ecosystem

    The discussion about big data is no longer about what it is, but how do businesses of all types operationalize it.

    Is your organization currently capturing and leveraging big data?

    Are they looking to do so in the near future?

    		 The cloud

    The cloud offers economical solutions to many aspects of data architecture.

    Have you dealt with issues of lack of storage space or difficulties with scalability?

    Do you need remote access to data and tools?

    		 Real-time architecture

    Advanced analytics (machine learning, natural language processing) often require data in real-time. Consider Lambda and Kappa architectures.

    Has your data flow prevented you from automation, advanced analytics, or embracing the world of IoT?

    		 Graph databases

    Self-service data access allows more than just technical users to participate in analytics. NoSQL can uncover buried relationships in your data.

    Has your organization struggled to make sense of different types of unstructured data?

    		 Is ETL enough?

    What SQL is to NoSQL, ETL is to NoETL. Integration techniques are being created to address the high variety and high velocity of data.

    Have your data scientists wasted too much time and resources in the ETL stage?

    Read the Data Architecture Trends Presentation to understand the current cutting edge topics in data architecture

    Supporting Tool icon 2.1 Data Architecture Trends Presentation

    The speed at which new technology is changing is making it difficult for IT professionals to keep pace with best practices, let alone cutting edge technologies.

    The Info-Tech Data Architecture Trends Presentation provides a glance at some of the more significant innovations in technology that are driving today’s advanced data architectures.

    This presentation also explains how these trends relate to either the data challenges you may be facing, or the specific business drivers you are hoping to bring to your organization.

    		 Sample of the Data Architecture Trends Presentation.
    Data Architecture Trends Presentation

    Gaps between your current and future capabilities will help you to determine the tactics that apply to you

    Now that you know where the organization currently stands, follow these steps to begin prioritizing the initiatives:

    1. What are you trying to accomplish? Determine target states that are framed in quantifiable objectives that can be clearly communicated. The more specific the objectives are the better.
    2. Evaluate the “delta,” or difference between where the organization currently stands and where it needs to go. This will be expressed in terms of gap closure strategies, and will help clarify the initiatives that will populate the road map.
    3. Determine the relative business value of each initiative, as well as the relative complexities of successfully implementing them. These scores should be created with stakeholder input, and then plotted in an effort/transition quadrant map to determine where the quickest and most valuable wins lie.
    Current State Gap Closure Strategies Target State Data Architecture Tactical Roadmap
    • Organization objectives
    • Functional needs
    • Current operating models
    • Technology assets
    		 Initiatives involving:
    • Organizational changes
    • Functional changes
    • Technology changes
    • Process changes
    • Performance objectives (revenue growth, customer intimacy, growth of organization)
    • Operating model improvements
    • Prioritized, simplified, and compelling vision of how the organization will optimize data architecture

    (Source: “How to Build a Roadmap”)

    Info-Tech Insight

    Optimizing data architecture requires a tactical approach, not a passive approach. The demanding task of optimization requires the ability to heavily prioritize. After you have identified why, determine how using our pre-built roadmap to address the four common drivers.

    Each of the layers of an organization’s data architecture have associated challenges to optimization

    Stop! Before you begin, recognize these “gotchas” that can present roadblocks to creating an effective data architecture environment.

    Before diving headfirst into creating your tactical data architecture plan, documenting the challenges associated with each aspect of the organization’s data architecture can help to identify where you need to focus your energy in optimizing each tier. The following table presents the common challenges across the five tiers:

    Source Tier

    Integration Tier

    Warehousing Tier

    Analytics Tier

    Presentation Tier
    Inconsistent data models Performance issues Scalability of the data warehouse Data currency, flexibility Model interoperability
    Data quality measures: data accuracy, timeliness, accessibility, relevance Duplicated data Infrastructure needed to support volume of data No business context for using the data in the correct manner No business context for using the data in the correct manner
    Free-form field and data values beyond data domain Tokenization and other required data transformations Performance
    Volume
    Greedy consumers can cripple performance
    Insufficient infrastructure    		 Inefficiencies in building the data mart Report proliferation/chaos (“kitchen sink dashboards”)
    Reporting out of source systems DB model inefficiencies
    Manual errors;
    Application usability    		 Elasticity

    Create metrics before you plan to optimize your data architecture

    Associated Activity icon 2.2.3 1 hour

    INPUT: Tactics that will be used to optimize data architecture.

    OUTPUT: Metrics that can be used to measure optimization success.

    Materials: Data Architecture Tactical Roadmap Tool

    Participants: Data architect

    Metrics will help you to track your optimization efforts and ensure that they are providing value to the organization.

    There are two types of metrics that are useful for data architects to track and measure: program metrics and project metrics. Program metrics represent the activities that the data architecture program, which is the sum of multiple projects, should help to improve. Project metrics are the more granular metrics that track each project.

    Program Metrics

    • TCO of IT
      • Costs associated with applications, databases, data maintenance
      • Should decrease with better data architecture (rationalized apps, operationalized databases)
    • Cost savings:
      • Retiring a legacy system and associated databases
      • Consolidated licensing
      • Introducing shared services
    • Data systems under maintenance (maintenance burden)
    • End-user data requests fulfilled
    • Improvement of time of delivery of reports and insights

    Project Metrics

    • Percent of projects in alignment with EA
    • Percent of projects compliant with the EA governance process (architectural due diligence rate)
    • Reducing time to market for launching new products
      • Reducing human error rates
      • Speeding up order delivery
      • Reducing IT costs
      • Reducing severity and frequency of security incidents

    Use Tab 6. Metrics of the Data Architecture Tactical Roadmap Tool to document and track metrics associated with your optimization tactics.

    Use Info-Tech’s resources to build your data architecture capabilities

    The following resources from Info-Tech can be used to improve the capabilities that were identified as having a gap. Read more about the details of the five-tier architecture in the blueprints below:

    Data Governance

    Data architecture depends on effective data governance. Use our blueprint, Enable Shared Insights With an Effective Data Governance Engine to get more out of your architecture.

    		 Data Quality

    The key to maintaining high data quality is a proactive approach that requires you to establish and update strategies for preventing, detecting, and correcting errors. Find out more on how to improve data quality with Info-Tech’s blueprint, Restore Trust in Your Data Using a Business-Aligned Data Quality Management Approach.
    Master Data Management

    When you start your data governance program, you will quickly realize that you need an effective MDM strategy for managing your critical data assets. Use our blueprint, Develop a Master Data Management Strategy and Roadmap to Better Monetize Data to get started with MDM.

    		 Data Warehouse

    The key to maintaining high data quality is a proactive approach that requires you to establish and update strategies for preventing, detecting, and correcting errors. Find out more on how to improve data quality with Info-Tech’s blueprint, Drive Business Innovation With a Modernized Data Warehouse Environment.

    With the optimal tactics identified, the monetary authority uncovered areas needing improvement

    CASE STUDY

    Industry: Financial
    Source: Info-Tech Consulting
    		Symbol for 'Monetary Authority Case Study'.

    Part 2

    After establishing the appropriate tactics based on its business driver, the monetary authority was able to identify its shortcomings and adopt resolutions to remedy the issues.

    Best Practice Tactic Current State Solution
    Tier 1 - Data Sources Identify data sources Data coming from a number of locations. Create data model for old and new systems.
    Ensure data quality Internal data scanned from paper and incomplete. Data cleansing and update governance and business rules for migration to new system.
    External sources providing conflicting data.
    Tier 3 - Data Warehousing Data catalogue Data aggregated incompletely. Built proper business data glossary for searchability.
    Indexing Data warehouse performance sub-optimal. Architected data warehouse for appropriate use (star schema).
    Tier 4 - Data Analytics Data accessibility Relevant data buried in warehouse. Build data marts for access.
    Data reduction Accurate report building could not be performed in current storage. Built interim solution sandbox, spin up SQL database.

    Establishing these solutions provided the organization with necessary information to build their roadmap and move towards implementing an optimized data architecture.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of a Info-Tech analyst.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1.1 – 2.2.2

    		 Sample of activities 2.1.1 and 2.2.2, the first being 'Determine your current state across the related architecture tiers'. Evaluate your current capabilities and design your target data quality practice from two angles

    In this assessment and planning activity, the team will evaluate the current and target capabilities for your data architecture’s ability to meet business needs based on the essential capabilities across the five tiers of an organization’s architectural environment.

    2.2.3

    		 Sample of activity 2.2.3 'Create metrics before you plan to optimize your data architecture'. Create metrics to track the success of your optimization plan.

    The Info-Tech facilitator will guide you through the process of creating program and project metrics to track as you optimize your data architecture. This will help to ensure that the tactics are helping to improve crucial business attributes.

    Build a Business-Aligned Data Architecture Optimization Strategy

    PHASE 3

    Create Your Tactical Data Architecture Roadmap

    Phase 3 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Create Your Tactical Data Architecture Roadmap

    Proposed Time to Completion: 2 weeks
    Step 3.1: Personalize Your Data Architecture RoadmapStep 3.2: Manage Your Data Architecture Decisions and the Resulting Changes
    Start with an analyst kick-off call:
    • Review the tactical plan that addresses the business drivers by optimizing your data architecture in the relevant focus areas.
    		Review findings with analyst:
    • Discuss and review the roadmap of optimization activities, including dependencies, timing, and ownership of activities.
    • Understand how change management is an integral aspect of any data architecture optimization plan.
    Then complete these activities…
    • Create your detailed data architecture initiative roadmap.
    		Then complete these activities…
    • Create your Data Architecture Decision Template to document the changes that are going to be made to optimize your data architecture environment.
    • Review how change management fits into the data architecture improvement program.
    With these tools & templates:
    • Data Architecture Tactical Roadmap Tool
    		With these tools & templates:
    • Data Architecture Decision Template

    Phase 3 Results & Insights

    • Phase 3 will help you to build a personalized roadmap and plan for optimizing data architecture in your organization. In carrying out this roadmap, changes will, by necessity, occur. Therefore, an integral aspect of a data architect’s role is change management. Use the resources included in Phase 3 to smoothen the change management process.

    Phase 3, Step 1: Personalize Your Data Architecture Roadmap

    PHASE 3
    3.1 3.2
    Personalize Your Data Architecture Roadmap Manage Your Data Architecture Decisions and the Resulting Changes

    This step will walk you through the following activities:

    • Determine the timing, effort, and ownership of the recommended optimization initiatives.
    • Brainstorm initiatives that are not yet on the roadmap but apply to you.

    This step involves the following participants:

    • Data Architect
    • DBAs
    • Enterprise Architect

    Outcomes of this step

    • A roadmap of specific initiatives that map to the tactical plan for optimizing your organization’s data architecture.
    • A plan for communicating high-level business objectives to data workers to address the issues of the business.

    Now that you have tactical priorities, identify the actionable steps that will lead you to an optimized data architecture

    Phase 1 and 2 helped you to identify tactics that address some of the most common business drivers. Phase 3 will bring you through the process of practically planning what those tactics look like in your organization’s environment and create a roadmap to plan how you will generate business value through optimization of your data architecture environment.

    Diagram of the three phases and the goals of each one. The first phase says 'Identify your data architecture business driver' and highlights 'Business Driver 3' out of four to focus on in Phase 2. Phase 2 says 'Optimization tactics across the five-tier logical data architecture' and identifies four of six 'Tactics' to use in Phase 3. Phase 3 is a 'Practical Roadmap of Initiatives' and utilizes a timeline of initiatives in which to apply the chosen tactics.

    Use the Data Architecture Tactic Roadmap Tool to personalize your roadmap

    Supporting Tool icon 3.1.1 Data Architecture Tactic Roadmap Tool
    Generating Your Roadmap
    1. On Tab 5. Tactic and Initiative Planning, you will find a list of tactics that correspond to every capability that applies to your chosen driver and where there is a gap. In addition, each tactic has a sequence of “Suggested Initiatives,” which represent the best-practice steps that you should take to optimize your data architecture according to your priorities and gaps.
    2. Customize this list of initiatives according to your needs.
    3. The Gantt chart is generated in Tab 7. Initiative Roadmap, and can be used to organize your plan and ensure that all of the essential aspects of optimizing data architecture are addressed.
    4. The roadmap can be used as an “executive brief” roadmap and as a communication tool for the business.
    		 Screenshot of the Data Architecture Tactic Roadmap Tool, Tab 5. Tactic and Initiative Planning.
    Tab 5. Tactic and Initiative Planning

    Screenshot of the Data Architecture Tactic Roadmap Tool, Tab 7. Initiative Roadmap.
    Tab 7. Initiative Roadmap

    Determine the details of your data architecture optimization activities

    Associated Activity icon 3.1.2 1 hour

    INPUT: Timing of initiatives for optimizing data architecture.

    OUTPUT: Optimization roadmap

    Materials: Data Architecture Tactic Roadmap Tool

    Participants: Data architect, Enterprise Architect

    Instructions

    1. With the list of suggested activities in place on Tab 5. Tactic and Initiative Planning, select whether or not the initiatives will be included in the roadmap. By default, all of the initiatives are set to “Yes.”
    2. Plan the sequence, starting time, and length of each initiative, as well as the assigned responsibility of the initiative in Tab 5. Tactic and Initiative Planning of the Data Architecture Tactic Roadmap Tool.
    3. The tool will a generate a Gantt chart based on the start and length of your initiatives.
    4. The Gantt chart is generated in Tab 7. Initiative Roadmap.
    Screenshot of the Data Architecture Tactic Roadmap Tool, Tab 5. Tactic and Initiative Planning. Tab 5. Tactic and Initiative Planning Screenshot of the Data Architecture Tactic Roadmap Tool, Tab 7. Initiative Roadmap. Tab 7. Initiative Roadmap

    Info-Tech Insight

    The activities that populate the roadmap can be taken as best practice activities. If you want an actionable, comprehensive, and prescriptive plan for optimizing your data architecture, fill in the timing of the activities and print the roadmap. This can serve as a rapid communication tool for your data architecture plan to the business and other architects.

    Optimizing data architecture relies on communication between the business and data workers

    Remember: Data architects bridge the gap between strategic and technical requirements of data.

    Visualization centering the 'Data Architect' as the bridge between 'Data Workers', 'Business', and 'Data & Applications'.

    Therefore, as you plan the data and its interactions with applications, it is imperative that you communicate the plan and its implications to the business and the data workers. Stock photo of coworkers communicating.
    		Also remember: In Phase 1, you built your tactical data architecture optimization plan.
    Sample 1 of the Data Architecture Optimization Template. Sample 2 of the Data Architecture Optimization Template.
    Use this document to communicate your plan for data architecture optimization to both the business and the data workers. Socialize this document as a representation of your organization’s current data architecture as well as where it is headed in the future.

    Communicate your data architecture optimization plan to the business for approval

    Associated Activity icon 3.1.3 2 hours

    INPUT: Data Architecture Tactical Roadmap

    OUTPUT: Communication plan

    Materials: Data Architecture Optimization Template

    Participants: Data Architect, Business representatives, IT representatives

    Instructions

    Begin by presenting your plan and roadmap to the business units who participated in business interviews in activity 1.1.3 of Phase 1.

    If you receive feedback that suggests that you should make revisions to the plan, consult Info-Tech Research Group for suggestions on how to improve the plan.

    If you gain approval for the plan, communicate it to DBAs and other data workers.

    		 Iterative optimization and communication plan:
    Visualization of the Iterative optimization and communication plan. 'Start here' at 'Communicate Plan and Roadmap to the Business', and then continue in a cycle of 'Receive Approval or Suggested Modifications', 'Get Advice for Improvements to the Plan', 'Revise Plan', and back to the initial step until you receive 'Approval', then 'Present to Data Workers'.

    With a roadmap in place, the monetary authority followed a tactical and practical plan to repair outdated data architecture

    CASE STUDY

    Industry: Financial
    Source: Info-Tech Consulting
    		Symbol for 'Monetary Authority Case Study'.

    Part 3

    After establishing the appropriate tactics based on its business driver, the monetary authority was able to identify its shortcomings and adopt resolutions to remedy the issues.

    Challenge

    A monetary authority was placed under new requirements where it would need to produce 6 different report types on its clients to a regulatory body within a window potentially as short as 1 hour.

    With its current capabilities, it could complete such a task in roughly 7 days.

    The organization’s data architecture was comprised of legacy systems that had poor searchability. Moreover, the data it worked with was scanned from paper, regularly incomplete and often inconsistent.

    Solution

    The solution first required the organization to establish the business driver behind the need to optimize its architecture. In this case, it would be compliance requirements.

    With Info-Tech’s methodology, the organization focused on three tiers: data sources, warehousing, and analytics.

    Several solutions were developed to address the appropriate lacking capabilities. Firstly, the creation of a data model for old and new systems. The implementation of governance principles and business rules for migration of any data. Additionally, proper indexing techniques and business data glossary were established. Lastly, data marts and sandboxes were designed for data accessibility and to enable a space for proper report building.

    Results

    With the solutions established, the monetary authority was given information it needed to build a comprehensive roadmap, and is currently undergoing the implementation of the plan to ensure it will experience its desired outcome – an optimized data architecture built with the capacity to handle external compliance requirements.

    Phase 3, Step 2: Manage Your Data Architecture Decisions and the Resulting Changes

    PHASE 3

    3.13.2
    Personalize Your Data Architecture RoadmapManage Your Data Architecture Decisions and the Resulting Changes

    This step will walk you through the following activities:

    • With a plan in place, document the major architectural decisions that have been and will be made to optimize data architecture.
    • Create a plan for change and release management, an essential function of the data architect role.

    This step involves the following participants:

    • Data Architect
    • Enterprise Architect

    Outcomes of this step

    • Resources for documenting and managing the inevitable change associated with updates to the organization’s data architecture environment.

    To implement data architecture changes, you must plan to accommodate the issues that come with change

    Once you have a plan in place, one the most challenging aspects of improving an organization is yet to come…overcoming change!

    “When managing change, the job of the data architect is to avoid unnecessary change and to encapsulate necessary change.

    You must provide motivation for simplifying change, making it manageable for the whole organization.” (Andrew Johnston, Independent Consultant)

    Stock photo of multiple hands placing app/website design elements on a piece of paper.

    Create roadmap

    Arrow pointing down.

    Communicate roadmap

    Arrow pointing down.

    Implement roadmap

    Arrow pointing down.

    Change management

    Use the Data Architecture Decision Template when architectural changes are made

    Supporting Tool icon 3.2 Data Architecture Decision Template
    Document the architectural decisions made to provide context around changes made to the organization’s data environment.

    The goal of this Data Architecture Decision Template is to provide data architects with a template for managing the changes that accompany major architectural decisions. As you work through the Build a Business-Aligned Data Architecture Optimization Strategy blueprint, you will create a plan for tactical initiatives that address the drivers of the business to optimize your data architecture. This plan will bring about changes to the organization’s data architecture that need change management considerations.

    Document any major changes to the organization’s data architecture that are required to evolve with the organization’s drivers. This will ensure that major architectural changes are documented, tracked, and that the context around the decision is maintained.

    “Environment is very chaotic nowadays – legacy apps, sprawl, ERPs, a huge mix and orgs are grappling with what our data landscape look like? Where are our data assets that we need to use?” (Andrew Johnston, Independent Consultant)

    		 Sample of the Data Architecture Decision Template.

    Use Info-Tech’s Data Architecture Decision Template to document any major changes in the organization’s data architecture.

    Leverage Info-Tech’s resources to smooth change management

    As changes to the architectural environment occur, data architects must stay ahead of the curve and plan the change management considerations that come with major architectural decisions.

    “When managing change, the job of the data architect is to avoid unnecessary change and to encapsulate necessary change.

    You must provide motivation for simplifying change, making it manageable for the whole organization.” (Andrew Johnston, Independent Consultant)

    See Info-Tech’s resources on change management to smooth changes:
    Banner for the blueprint set 'Optimize Change Management' with subtitle 'Turn and face the change with a right-sized change management process'.
    Sample of the Optimize Change Management blueprint.

    Change Management Blueprint

    		 Sample of the Change Management Roadmap Tool.

    Change Management Roadmap Tool

    Use Info-Tech’s resources for effective release management

    As changes to the architectural environment occur, data architects must stay ahead of the curve and plan the release management considerations around new hardware and software releases or updates.

    Release management is a process that encompasses the planning, design, build, configuration, and testing of hardware and software releases to create a defined set of release components (ITIL). Release activities can include the distribution of the release and supporting documentation directly to end users. See Info-Tech’s resources on Release Management to smooth changes:

    Banner for the blueprint set 'Take a Holistic View to Optimize Release Management' with subtitle 'Build trust by right-sizing your process using appropriate governance'.
    Samples of the Release Management blueprint.

    Release Management Blueprint

    		 Sample of the Release Management Process Standard Template.

    Release Management Process Standard Template

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of a Info-Tech analyst.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1.1

    		 Sample of activity 3.1.2 'Determine the timing of your data architecture optimization activities'. Create your personalized roadmap of activities.

    In this activity, the facilitator will guide the team in evaluating practice gaps highlighted by the assessment, and compare these gaps at face value so general priorities can be documented. The same categories as in 3.1.1 are considered.

    3.1.3

    		 Sample of activity 3.1.3 'Communicate your Data Architecture Optimization Plan to the business for approval'. Communicate your data architecture optimization plan.

    The facilitator will help you to identify the optimal medium and timing for communicating your plan for optimizing your data architecture.

    Insight breakdown

    Insight 1

    • Data architecture needs to evolve along with the changing business landscape. There are four common business drivers that put most pressure on archaic architectures. As a result, the organization’s architecture must be flexible and responsive to changing business needs.

    Insight 2

    • Data architecture is not just about models.
      Viewing data architecture as just technical data modeling can lead to structurally unsound data that does not serve the business.

    Insight 3

    • Data is used differently across the layers of an organization’s data architecture, and the capabilities needed to optimize use of data change with it. Architecting and managing data from source to warehousing to presentation requires different tactics for optimal use.

    Summary of accomplishment

    Knowledge Gained

    • An understanding of what data architecture is, how data architects can provide value to the organization, and how data architecture fits into the larger enterprise architecture picture.
    • The capabilities required for optimization of the organization’s data architecture across the five tiers of the logical data architecture model.

    Processes Optimized

    • Prioritization and planning of data architect responsibilities across the five tiers of the five-tier logical data architecture model.
    • Roadmapping of tactics that address the most common business drivers of the organization.
    • Architectural change management.

    Deliverables Completed

    • Data Architecture Driver Pattern Identification Tool
    • Data Architecture Optimization Template
    • Data Architecture Trends Presentation
    • Data Architecture Roadmap Tool
    • Data Architecture Decision Template

    Research contributors and experts

    Photo of Ron Huizenga, Senior Product Manager, Embarcadero Technologies, Inc. Ron Huizenga, Senior Product Manager
    Embarcadero Technologies, Inc.

    Ron Huizenga has over 30 years of experience as an IT executive and consultant in enterprise data architecture, governance, business process reengineering and improvement, program/project management, software development, and business management. His experience spans multiple industries including manufacturing, supply chain, pipelines, natural resources, retail, healthcare, insurance, and transportation.
    Photo of Andrew Johnston, Architect, Independent Consultant. Andrew Johnston, Architect Independent Consultant

    An independent consultant with a unique combination of managerial, commercial, and technical skills, Andrew specializes in the development of strategies and technical architectures that allow businesses to get the maximum benefit from their IT resources. He has been described by clients as a "broad spectrum" architect, summarizing his ability to engage in many problems at many levels.

    Research contributors

    Internal Contributors
    Logo for Info-Tech Research Group.
    • Steven J. Wilson, Senior Director, Research & Advisory Services
    • Daniel Ko, Research Manager
    • Bernie Gilles, Senior Director, Research & Advisory Services
    External Contributors
    Logo for Embarcadero.
    Logo for Questa Computing. Logo for Geha.
    • Ron Huizenga, Embercardo Technologies
    • Andrew Johnston, Independent Consultant
    • Darrell Enslinger, Government Employees Health Association
    • Anonymous Contributors

    Bibliography

    Allen, Mark. “Get the ETL Out of Here.” MarkLogic. Sep, 2016. Web. 25 Apr 2017.[http://www.marklogic.com/blog/get-the-etl-out-of-here/]

    Anadiotis, George. “Streaming hot: Real-time big data architecture matters.” ZDNet. Jan, 2017. Web. 25 Apr 2017. [http://www.zdnet.com/article/streaming-hot-real-time-big-data-architecture-matters/]

    Aston, Dan. “The Economic value of Enterprise Architecture and How to Show It.” Erwin. Aug, 2016. Web. 20 Apr 2017. [http://erwin.com/blog/economic-value-enterprise-architecture-show/]

    Baer, Tony. “2017 Trends to Watch: Big Data.” Ovum. Nov, 2016. Web. 25 Apr 2017.

    Bmc. “Benefits & Advantages of Hadoop.” Bmc. Web. 25 Apr 2017. [http://www.bmcsoftware.ca/guides/hadoop-benefits-business-case.html]

    Boyd, Ryan, et al. “Relational vs. Graph Data Modeling” DZone. Mar 2016. Web. 25 Apr 2017. [https://dzone.com/articles/relational-vs-graph-data-modeling]

    Brahmachar, Satya. “Theme To Digital Transformation - Journey to Data Driven Enterprise” Feb, 2015. Web. 20 Apr 2017. [http://satyabrahmachari-thought-leader.blogspot.ca/2015/02/i-smac-theme-to-digital-transformation.html]

    Capsenta. “NoETL.” Capsenta. Web. 25 Apr 2017. [https://capsenta.com/wp-content/uploads/2015/03/Capsenta-Booklet.pdf]

    Connolly, Shaun. “Implementing the Blueprint for Enterprise Hadoop” Hortonworks. Apr, 2014. Web. 25 Apr 2017. https://hortonworks.com/blog/implementing-the-blue...

    Forbes. “Cloud 2.0: Companies Move From Cloud-First To Cloud-Only.” Forbes. Apr, 2017. Web. 25 Apr 2017. [https://www.forbes.com/sites/vmware/2017/04/07/cloud-2-0-companies-move-from-cloud-first-to-cloud-only/#5cd9d94a4d5e]

    Forgeat, Julien. “Lambda and Kappa.” Ericsson. Nov 2015. Web 25 Apr 2017. [https://www.ericsson.com/research-blog/data-knowledge/data-processing-architectures-lambda-and-kappa/]

    Grimes, Seth. “Is It Time For NoETL?” InformationWeek. Mar, 2010. Web. 25 Apr 2017. [http://www.informationweek.com/software/information-management/is-it-time-for-noetl/d/d-id/1087813]

    Gupta, Manav. et al. “How IB‹ leads in building big data analytics solutions in the cloud.” IBM. Feb, 2016. Web. 25 Apr 2017. [https://www.ibm.com/developerworks/cloud/library/cl-ibm-leads-building-big-data-analytics-solutions-cloud-trs/index.html#N102DE]

    “How To Build A Roadmap.” Hub Designs Magazine. Web 25 Apr 2017. [https://hubdesignsmagazine.com/2011/03/05/how-to-build-a-roadmap/]

    IBM. “Top industry use cases for stream computing.” IBM. Oct, 2015. Web. 25 Apr 2017. [https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=IMW14704USEN]

    Mateos-Garcia, Juan, et al. “Skills Of The Datavores.” Nesta. July. 2015. Web. 8 Aug 2016. [https://www.nesta.org.uk/sites/default/files/skills_of_the_datavores.pdf].

    Maynard, Steven. “Analytics: Don’t Forget The Human Element” Forbes. 2015. Web. 20 Apr. 2017. [http://www.ey.com/Publication/vwLUAssets/EY-Forbes-Insights-Data-and-Analytics-Impact-Index-2015/$FILE/EY-Forbes-Insights-Data-and-Analytics-Impact-Index-2015.pdf]

    Neo4j. “From Relational to Neo4j.” Neo4j. Web. 25 Apr 2017. [https://neo4j.com/developer/graph-db-vs-rdbms/#_from_relational_to_graph_databases]

    NoETL “NoETL.” NoETL. Web. 25 Apr 2017. [http://noetl.org/]

    Nolan, Roger. “Digital Transformation: Is Your Data Management Ready?” Informatica. Jun, 2016. Web. 20 Apr 2017. [https://blogs.informatica.com/2016/06/10/digital-transformation-data-management-ready/#fbid=hmBYQgS6hnm]

    OpsClarity. “2016 State of Fast Data & Streaming Applications.” OpsClarity. Web. 25 Apr 2017. [https://www.opsclarity.com/wp-content/uploads/2016/07/2016FastDataSurvey.pdf]

    Oracle. “A Relational Database Overview.” Oracle. Web. 25 Apr 2017. [https://docs.oracle.com/javase/tutorial/jdbc/overview/database.html]

    Ponemon Institute LLC. “Big Data Cybersecurity Analytics Research Repor.t” Cloudera. Aug, 2016. Web. 25 Apr 2017. [https://www.cloudera.com/content/dam/www/static/documents/analyst-reports/big-data-cybersecurity-analytics-research-report.pdf]

    Sanchez, Jose Juan. “Data Movement Killed the BI Star.” DV Blog. May, 2016. Web. 20 Apr. 2017. [http://www.datavirtualizationblog.com/data-movement-killed-the-bi-star/]

    SAS. “Hadoop; What it is and why does it matter?” SAS. Web. 25 Apr 2017. [https://www.sas.com/en_ca/insights/big-data/hadoop.html#hadoopusers]

    Schumacher, Robin. “A Quick Primer on graph Databases for RDBMS Professionals.” Datastax. Jul, 2016. Web. 25 Apr 2017. [http://www.datastax.com/2016/07/quick-primer-on-graph-databases-for-rdbms-professionals]

    Swoyer, Steve. “It’s the End of the Data Warehouse as We Know It.” TDWI. Jan, 2017. Web. 20 Apr. 2017. [https://upside.tdwi.org/articles/2017/01/11/end-of-the-data-warehouse-as-we-know-it.aspx]

    Webber, Jim, and Ian Robinson. “The Top 5 Use Cases of Graph Databases.” Neo4j. 2015. Web. 25 Apr 2017. [http://info.neo4j.com/rs/773-GON-065/images/Neo4j_Top5_UseCases_Graph%20Databases.pdf]

    Zachman Framework. [https://www.zachman.com/]

    Zupan, Jane. “Survey of Big Data Decision Makers.” Attiv/o. May, 2016. Web. 20 Apr 2017. [https://www.attivio.com/blog/post/survey-big-data-decision-makers]

    M&A Runbook for Infrastructure and Operations

    • Buy Link or Shortcode: {j2store}60|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design
    • I&O is often the last to be informed of an impending M&A deal.
    • The business doesn’t understand the necessary requirements or timeline for integration.
    • It’s hard to prioritize when you’re buried under a mountain of work.
    • Documentation may be lacking or nonexistent, and members of the target organization may be uncooperative.

    Our Advice

    Critical Insight

    • Manage expectations. The business often expects integration in days or weeks, not months or years. You need to set them straight.
    • Open your checkbook and prepare to hire. Integration will require a temporary increase in resources.
    • Tackle organizational and cultural change. People are harder to integrate than technology. Culture change is the hardest part, and the integration plan should address it.

    Impact and Result

    • Tailor your approach based on the business objectives of the merger or acquisition.
    • Separate the must-haves from the nice-to-haves.
    • Ensure adequate personnel and budget.
    • Plan for the integration into normal operations.

    M&A Runbook for Infrastructure and Operations Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how to partner with the business to conquer the challenges in your next merger or acquisition.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish goals

    Partner with the business to determine goals and establish high-level scope.

    • M&A Runbook for Infrastructure and Operations – Phase 1: Establish Goals
    • I&O M&A Project Napkin

    2. Conduct discovery

    Find out what the target organization’s I&O looks like.

    • M&A Runbook for Infrastructure and Operations – Phase 2: Conduct Discovery
    • I&O M&A Discovery Letter Template
    • I&O M&A Discovery Template
    • I&O M&A Workbook
    • I&O M&A Risk Assessment Tool

    3. Plan short-term integration

    Build a plan to achieve a day 1 MVP.

    • M&A Runbook for Infrastructure and Operations – Phase 3: Plan Short-Term Integration
    • I&O M&A Short-Term Integration Capacity Assessment Tool

    4. Map long-term integration

    Chart a roadmap for long-term integration.

    • M&A Runbook for Infrastructure and Operations – Phase 4: Map Long-Term Integration
    • I&O M&A Long-Term Integration Portfolio Planning Tool
    [infographic]

    Workshop: M&A Runbook for Infrastructure and Operations

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 High-Level Scope

    The Purpose

    Establish goals and conduct discovery.

    Key Benefits Achieved

    Alignment with business goals

    Documentation of target organization’s current state

    Activities

    0.1 Consult with stakeholders.

    0.2 Establish M&A business goals.

    0.3 Conduct target discovery.

    0.4 Document own environment.

    0.5 Clarify goals.

    Outputs

    Stakeholder communication plan

    M&A business goals

    I&O M&A Discovery Template

    Current state of organization

    2 Target Assessment

    The Purpose

    Assess risk and value of target organization.

    Key Benefits Achieved

    Accurate scope of I&O integration

    Risk mitigation plans

    Value realization strategies

    Activities

    1.1 Scope I&O M&A project.

    1.2 Assess risks.

    1.3 Assess value.

    Outputs

    I&O M&A Project Napkin

    Risk assessment

    Value assessment

    3 Day 1 Integration Project Plan

    The Purpose

    Establish day 1 integration project plan.

    Key Benefits Achieved

    Smoother day 1 integration

    Activities

    2.1 Determine Day 1 minimum viable operating model post M&A.

    2.2 Identify gaps.

    2.3 Build day 1 project plan.

    2.4 Estimate required resources.

    Outputs

    Day 1 project plan

    4 Long-Term Project Plan

    The Purpose

    Draw long-term integration roadmap.

    Key Benefits Achieved

    Improved alignment with M&A goals

    Greater realization of the deal’s value

    Activities

    3.1 Set long-term future state goals.

    3.2 Create a long-term project plan.

    3.3 Consult with business stakeholders on the long-term plan.

    Outputs

    Long-term integration project plan

    5 Change Management and Continual Improvement

    The Purpose

    Prepare for organization and culture change.

    Refine M&A I&O integration process.

    Key Benefits Achieved

    Smoother change management

    Improved M&A integration process

    Activities

    4.1 Complete a change management plan.

    4.2 Conduct a process post-mortem.

    Outputs

    Change management plan

    Process improvements action items

    Improve Your IT Recruitment Process

    • Buy Link or Shortcode: {j2store}578|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Attract & Select
    • Parent Category Link: /attract-and-select

    Business and IT leaders aiming to recruit and select the best talent need to:

    • Get involved in the talent acquisition process at key moments.
    • Market their organization to top talent through an authentic employer brand.
    • Create engaging and accurate job ads.
    • Leverage purposeful sourcing for anticipated talent needs.
    • Effectively assess candidates with a strong interview process.
    • Set up new employees for success.

    Our Advice

    Critical Insight

    To create a great candidate experience, IT departments must be involved in the process at key points, recruitment and selection is not a job for HR alone!

    Impact and Result

    • Use this how-to guide to articulate an authentic (employee value proposition) EVP and employer brand.
    • Perform an analysis of current sourcing methods and build an action plan to get IT involved.
    • Create an effective and engaging job ad to insure the right people are applying.
    • Train hiring managers to effectively deliver interviews that correctly assess candidate suitability.
    • Get links to in-depth Info-Tech resources and tools.

    Improve Your IT Recruitment Process Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Improve Your IT Recruitment Process – A guide to help you attract and select the best talent.

    Train your IT department to get involved in the recruitment process to attract and select the best talent.

    • Improve Your IT Recruitment Process Capstone Deck

    2. Improve Your IT Recruitment Process Workbook – A tool to document your action plans.

    Use this tool in conjunction with the Improve you IT Recruitment Process to document your action plans

    • Improve Your IT Recruitment Process Workbook

    3. Interview Guide Template – A template to organize interview questions and their rating scales, take notes during the interview, and ensure all interviews follow a similar structure.

    To get useful information from an interview, the interviewer should be focused on what candidates are saying and how they are saying it, not on what the next question will be, what probes to ask, or how they will score the responses. This Interview Guide Template will help interviewers stay focused and collect good information about candidates.

    • Interview Guide Template

    4. IT Behavioral Interview Question Library – A tool that contains a complete list of sample questions aligned with core, leadership, and IT competencies.

    Hiring managers can choose from a comprehensive collection of core, functional, and leadership competency-based behavioral interview questions.

    • IT Behavioral Interview Question Library

    5. Job Ad Template – A template to allow complete documentation of the characteristics, responsibilities, and requirements for a given job posting in IT.

    Use this template to develop a well-written job posting that will attract the star candidates and, in turn, deflect submission of irrelevant applications by those unqualified.

    • Job Ad Template

    6. Idea Catalog – A tool to evaluate virtual TA solutions.

    The most innovative technology isn’t necessarily the right solution. Review talent acquisition (TA) solutions and evaluate the purpose each option serves in addressing critical challenges and replacing critical in-person activities.

    • Idea Catalog: Adapt the Talent Acquisition Process to a Virtual Environment
    [infographic]

    Workshop: Improve Your IT Recruitment Process

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Employee Value Proposition and Employer Branding

    The Purpose

    Establish the employee value proposition (EVP) and employer brand.

    Key Benefits Achieved

    Have a well-defined EVP that you communicate through your employer brand.

    Activities

    1.1 Gather feedback.

    1.2 Build key messages.

    1.3 Assess employer brand.

    Outputs

    Content and themes surrounding the EVP

    Draft EVP and supporting statements

    A clearer understanding of the current employer brand and how it could be improved

    2 Job Ads and Sourcing

    The Purpose

    Develop job postings and build a strong sourcing program.

    Key Benefits Achieved

    Create the framework for an effective job posting and analyze existing sourcing methods.

    Activities

    2.1 Review and update your job ads.

    2.2 Review the effectiveness of existing sourcing programs.

    2.3 Review job ads and sourcing methods for bias.

    Outputs

    Updated job ad

    Low usage sourcing methods identified for development

    Minimize bias present in ads and sourcing methods

    3 Effective Interviewing

    The Purpose

    Create a high-quality interview process to improve candidate assessment.

    Key Benefits Achieved

    Training on being an effective interviewer.

    Activities

    3.1 Create an ideal candidate scorecard.

    3.2 Map out your interview process.

    3.3 Practice behavioral interviews.

    Outputs

    Ideal candidate persona

    Finalized interview and assessment process

    Practice interviews

    4 Onboarding and Action Plan

    The Purpose

    Drive employee engagement and retention with a robust program that acclimates, guides, and develops new hires.

    Key Benefits Achieved

    Evaluation of current onboarding practice.

    Activities

    4.1 Evaluate and redesign the onboarding program.

    Outputs

    Determine new onboarding activities to fill identified gaps.

    Further reading

    Improve Your IT Recruitment Process

    Train your IT department to get involved in the recruitment process to attract and select the best talent.

    Own the IT recruitment process

    Train your IT department to get involved in the recruitment process to attract and select the best talent.

    Follow this blueprint to:

    • Define and communicate the unique benefits of working for your organization to potential candidates through a strong employer brand.
    • Learn best practices around creating effective job postings.
    • Target your job posting efforts on the areas with the greatest ROI.
    • Create and deliver an effective, seamless, and positive interview and offer process for candidates.
    • Acclimate new hires and set them up for success.

    Get involved at key moments of the candidate experience to have the biggest impact


    Employee Value Proposition (EVP) and Employer Brand



    Job Postings and a Strong Sourcing Program

    Effective Interviewing

    Onboarding: Setting up New Hires For Success
    Awareness Research Application Screening Interview and Assessment Follow Up Onboarding

    RECRUIT QUALITY STAFF

    Hiring talent is critical to organizational success

    Talent is a priority for the entire organization:

    Respondents rated “recruitment” as the top issue facing organizations today (McLean & Company 2022 HR Trends Report).

    37% of IT departments are outsourcing roles to fill internal skill shortages (Info-Tech Talent Trends 2022 Survey).

    Yet bad hires are alarmingly common:

    Hiring is one of the least successful business processes, with three-quarters of managers reporting that they have made a bad hire (Robert Half, 2021).

    48% of survey respondents stated improving the quality of hires was the top recruiting priority for 2021 (Jobvite, 2021).

    Workshop overview

    Prework

    Day 1

    Day 2

    Day 3

    Day 4

    Post work

    Current Process and Job Descriptions Documented

    Establish the Employee Value Proposition (EVP) and Employer Brand

    Develop Job Postings and Build a Strong Sourcing Program

    Effective Interviewing

    Onboarding and Action Planning

    Putting the Action Plan Into Action!

    Activities
    • Recruitment Process Mapped Out and Stakeholders Identified
    • Prepare a JD and JP for Four Priority Jobs
    • Collect Information on Where Your Best Candidates Are Coming From

    1.1 Introduce the Concept of an EVP

    1.2 Brainstorm Unique Benefits of Working at Your Organization

    1.2 Employer Brand Introduction

    2.1 What Makes an Attractive Job Posting

    2.2 Create the Framework for Job Posting

    2.3 Improve the Sourcing Process

    2.4 Review Process for Bias

    3.1 Creating an Interview Process

    3.2 Selecting Interview Questions

    3.3 Avoiding Bias During Interviews

    3.4 Practice Interviews

    4.1 Why Onboarding Matters

    4.2 Acclimatize New Hires and Set Them Up for Success

    4.3 Action Plan

    5.1 Review Outputs and Select Priorities

    5.2 Consult With HR and Senior Management to Get Buy-In

    5.3 Plan to Avoid Relapse Behaviors

    Deliverables
    1. EVP draft completed
    2. Employer brand action plan
    1. Organization-specific job posting framework
    2. Sourcing Plan Template for four priority jobs
    3. Sourcing action plan
    1. Completed Interview Guide Template
    2. Managers practice a panel interview
    1. Onboarding best practices
    2. Action plan

    Enhance Your Recruitment Strategies

    The way you position the organization impacts who is likely to apply to posted positions.

    Develop a strong employee value proposition

    What is an employee value proposition?

    And what are the key components?

    The employee value proposition is your opportunity to showcase the unique benefits and opportunities of working at your organization, allowing you to attract a wider pool of candidates.

    AN EMPLOYEE VALUE PROPOSITION IS:

    AN EMPLOYEE VALUE PROPOSITION IS NOT:
    • An authentic representation of the employee experience
    • Aligned with organizational culture
    • Fundamental to all stages of the employee lifecycle
    • A guide to help investment in programs and policies
    • Short and succinct
    • What the employee can do for you
    • A list of programs and policies
    • An annual project

    THE FOUR KEY COMPONENTS OF AN EMPLOYEE VALUE PROPOSITION

    Rewards

    Organizational Elements

    Working Conditions

    Day-to-Day Job Elements
    • Compensation
    • Health Benefits
    • Retirement Benefits
    • Vacation
    • Culture
    • Customer Focus
    • Organization Potential
    • Department Relationships
    • Senior Management Relationships
    • Work/Life Balance
    • Working Environment
    • Employee Empowerment
    • Development
    • Rewards & Recognition
    • Co-Worker Relationships
    • Manager Relationships

    Creating a compelling EVP that presents a picture of your employee experience, with a focus on diversity, will attract a wide pool of diverse candidates to your team. This can lead to many internal and external benefits for your organization.

    How to collect information on your EVP

    Existing Employee Value Proposition: If your organization or IT department has an existing employee value proposition, rather than starting from scratch, we recommend leveraging that and moving to the testing phase to see if the EVP still resonates with staff and external parties.

    Employee Engagement Results: If your organization does an employee engagement survey, review the results to identify the areas in which the IT organization is performing well. Identify and document any key comment themes in the report around why employees enjoy working for the organization or what makes your IT department a great place to work.

    Social Media Sites. Prepare for the good, the bad, and the ugly. Social media websites like Glassdoor and Indeed make it easier for employees to share their experiences at an organization honestly and candidly. While postings on these sites won’t relate exclusively to the IT department, they do invite participants to identify their department in the organization. You can search these to identify any positive things people are saying about working for the organization and potentially opportunities for improvement (which you can use as a starting point in the retention section of this report).

    1.1 Gather feedback

    1. Download the Improve Your IT Recruitment Workbook.
    2. On tab 1.1, brainstorm the top five things you value most about working at the organization. Ask yourself what would fall in each category and identify any key themes. Be sure to take note of any specific quotes you have.
    3. Brainstorm limitations that the organization currently has in each of those areas.

    Download the Recruitment Workbook

    Input

    		 Output
    • Employee opinions
    • Employee responses to four EVP components
    • Content for EVP

    Materials

    Participants
    • Recruitment Workbook
    • Diverse employees
    • Different departments
    • Different role levels

    1.2 Build key messages

    1. Go to tab 1.2 in your workbook
    2. Identify themes from activity 1.1 that would be considered current strengths of you organization.
    3. Identify themes from activity 1.2 that are aspirational elements of your organization.
    4. Identify up to four key statements to focus on for the EVP, ensuring that your EVP speaks to at least one of the five categories above.
    5. Integrate these into one overall statement.

    Examples below.

    Input

    		Output
    • Feedback from focus groups
    • EVP and supporting statements

    Materials

    Participants

    • Workbook handout
    • Pen and paper for documenting responses
    • IT leadership team

    Sample EVPs

    Shopify

    “We’re Shopify. Our mission is to make commerce better for everyone – but we’re not the workplace for everyone. We thrive on change, operate on trust, and leverage the diverse perspectives of people on our team in everything we do. We solve problems at a rapid pace. In short, we get shit done.”

    Bettercloud

    “At Bettercloud, we have a smart, ambitious team dedicated to delighting our customers. Our culture of ownership and transparency empowers our team to achieve goals they didn’t think possible. For all those on board, it’s going to be a challenging and rewarding journey – and we’re just getting started.”

    Ellevest

    “As a team member at Ellevest, you can expect to make a difference through your work, to have a direct impact on the achievement of a very meaningful mission, to significantly advance your career trajectory, and to have room for fun and fulfillment in your daily life. We know that achieving a mission as critical as ours requires incredible talent and teamwork, and team is the most important thing to us.”
    Sources: Built In, 2021; Workology, 2022

    Ensure your EVP resonates with employees and prospects

    Test your EVP with internal and external audiences.

    INTERNAL TEST REVOLVES AROUND THE 3A’s

    EXTERNAL TEST REVOLVES AROUND THE 3C’s

    ALIGNED: The EVP is in line with the organization’s purpose, vision, values, and processes. Ensure policies and programs are aligned with the organization’s EVP.

    CLEAR: The EVP is straightforward, simple, and easy to understand. Without a clear message in the market, even the best intentioned EVPs can be lost in confusion.

    ACCURATE: The EVP is clear and compelling, supported by proof points. It captures the true employee experience, which matches the organization’s communication and message in the market.

    COMPELLING: The EVP emphasizes the value created for employees and is a strong motivator to join this organization. A strong EVP will be effective in drawing in external candidates. The message will resonate with them and attract them to your organization.

    ASPIRATIONAL: The EVP inspires both individuals and the IT organization as a whole. Identify and invest in the areas that are sure to generate the highest returns for employees.

    COMPREHENSIVE: The EVP provides enough information for the potential employee to understand the true employee experience and to self-assess whether they are a good fit for your organization. If the EVP lacks depth, the potential employee may have a hard time understanding the benefits and rewards of working for your organization.

    Want to learn more?

    Recruit IT Talent

    • Improve candidate experience to hire top IT talent.

    Recruit and Retain More Women in IT

    • Gender diversity is directly correlated to IT performance.

    Recruit and Retain People of Color in IT

    • Good business, not just good philanthropy.

    Enhance Your Recruitment Strategies

    The way you position the organization impacts who is likely to apply to posted positions.

    Market your EVP to potential candidates: Employer Brand

    Employer brand includes how you market the EVP internally and externally – consistency is key

    The employer brand is the perception internal and external stakeholders hold of the organization and exists whether it has been curated or not. Curating the employer brand involves marketing the organization and employee experience. Grounding your employer brand in your EVP enables you to communicate and market an accurate portrayal of your organization and employee experience and make you desirable to both current and potential employees.

    The image contains a picture of several shapes. There is a trapezoid that is labelled EVP, and has a an arrow pointing to the text beside it. There is also an arrowing pointing down from it to another trapezoid that is labelled Employer Brand.

    The unique offering an employer provides to employees in return for their effort, motivating them to join or remain at the organization.

    The perception internal and external stakeholders hold of the organization.

    Alignment between the EVP, employer brand, and corporate brand is the ideal branding package. An in-sync marketing strategy ensures stakeholders perceive and experience the brand the same way, creating brand ambassadors.

    The image contains three circles that are connected. The circles are labelled: EVP, Employer Brand, Corporate Brand.

    Ensure your branding material creates a connection

    How you present your employer brand is just as important as the content. Ideally, you want the viewer to connect with and personalize the material for the message to have staying power. Use Marketing’s expertise to help craft impactful promotional materials to engage and excite the viewer.

    Visuals

    Images are often the first thing viewers notice. Use visuals that connect to your employer brand to engage the viewer’s attention and increase the likelihood that your message will resonate. However, if there are too many visuals this may detract from your content – balance is key!

    Language

    Wordsmithing is often the most difficult aspect of marketing. Your message should be accurate, informative, and engaging. Work with Marketing to ensure your wording is clever and succinct – the more concise, the better.

    Composition

    Integrate visuals and language to complete your marketing package. Ensure that the text and images are balanced to draw in the viewer.

    Case Study: Using culture to drive your talent pool

    This case study is happening in real time. Please check back to learn more as Goddard continues to recruit for the position.

    Recruiting at NASA

    Goddard Space Center is the largest of NASA’s space centers with approximately 11,000 employees. It is currently recruiting for a senior technical role for commercial launches. The position requires consulting and working with external partners and vendors.

    NASA is a highly desirable employer due to its strong culture of inclusivity, belonging, teamwork, learning, and growth. Its culture is anchored by a compelling vision, “For the betterment of Humankind,” and amplified by a strong leadership team that actively lives their mission and vision daily.

    Firsthand lists NASA as #1 on the 50 most prestigious internships for 2022.

    Rural location and no flexible work options add to the complexity of recruiting

    The position is in a rural area of Eastern Shore Virginia with a population of approximately 60,000 people, which translates to a small pool of candidates. Any hire from outside the area will be expected to relocate as the senior technician must be onsite to support launches twice a month. Financial relocation support is not offered and the position is a two-year assignment with the option of extension that could eventually become permanent.

    The image contains a picture of Steve Thornton.

    “Looking for a Talent Unicorn: a qualified, experienced candidate with both leadership skills and deep technical expertise that can grow and learn with emerging technologies.”

    Steve Thornton

    Acting Division Chief, Solutions Division, Goddard Space Flight Center, NASA

    Case Study: Using culture to drive your talent pool

    A good brand overcomes challenges.

    Culture takes the lead in NASA's job postings, which attract a high number of candidates. Postings begin with a link to a short video on working at NASA, its history, and how it lives its vision. The video highlights NASA's diversity of perspectives, career development, and learning opportunities.

    NASA's company brand and employer brand are tightly intertwined, providing a consistent view of the organization.

    The employer vision is presented in the best place to reach NASA's ideal candidate: usajobs.gov, the official website of the United States Government and the “go-to” for government job listings. NASA also extends its postings to other generic job sites as well as LinkedIn and professional associations.

    The image contains a picture of Robert Leahy.

    Interview with Robert Leahy

    Chief Information Officer, Goddard Space Flight Center, NASA

    2.1 Assess your organization’s employer brand

    1. Go to tab 2.1 in the Improve Your IT Recruitment Workbook.
    2. Put yourself in the shoes of someone on the outside looking in. If they were to look up your organization, what impression would they be given about what is like to work there?
    3. Run a Google search on your organization with key words “jobs,” “culture,” and “working environment” to see what a potential candidate would see when they begin researching your organization.

      4. You can use sites like:

    • Glassdoor
    • Indeed company pages
    • LinkedIn company pages
    • Social media
    • Your own website
  • Identify what your organization is doing well and record that under the “Continue” box in your workbook.
  • Record anything your organization should stop doing under the “Stop” box.
  • Brainstorm some ideas that your organization should think about implementing to improve the employer brand under the “Start” Box.
    • Input Output
    • Existing branding material on the internet
    • A clearer understanding of the current employer brand and how it could be improved
    Materials Participants
    • Workbook handout
    • Senior IT Leaders

    Want to learn more?

    Recruit IT Talent

    • Improve candidate experience to hire top IT talent.

    Recruit and Retain More Women in IT

    • Gender diversity is directly correlated to IT performance.

    Recruit and Retain People of Color in IT

    • Good business, not just good philanthropy.

    Enhance Your Recruitment Strategies

    The way you position the organization impacts who is likely to apply to posted positions.

    Create engaging job ads to attract talent to the organization

    We have a job description; can I just post that on Indeed?

    A job description is an internal document that includes sections such as general job information, major responsibilities, key relationships, qualifications, and competencies. It communicates job expectations to incumbents and key job data to HR programs.

    A job ad is an externally facing document that advertises a position with the intent of attracting job applicants. It contains key elements from the job description as well as information on the organization and its EVP.

    Write an Effective Job Ad

    • Ensure that your job ad speaks to the audience you are targeting through the language you use.
      • E.g. If you are hiring for a creative role, use creative language and formatting. If you are writing for students, emphasize growth opportunities.
    • Highlight the organization’s EVP.
    • Paint an accurate picture of key aspects of the role but avoid the nitty gritty as it may overwhelm applicants.
    • Link to your organization’s website and social media platforms so applicants can easily find more information.

    A job description informs a job ad, it doesn’t replace it. Don’t be lulled into using a job description as a posting when there’s a time crunch to fill a position. Refer to job postings as job advertisements to reinforce that their purpose is to attract attention and talent.

    An effective job posting contains the following elements:

    Position Title
    • Clearly defined job titles are important for screening applicants as this is one of the first things the candidate will read.
    • Indicating the earnings range that the position pays cuts out time spent on reviewing candidates who may never accept the position and saves them from applying to a job that doesn’t match what they are looking for.
    Company
    • Provide a brief description of the organization including the products or services it offers, the corporate culture, and any training and career development programs.
    Summary Description
    • Describe briefly why the position exists. In other words, what is the position's primary purpose? The statement should include the overall results the job is intended to produce and some of the key means by which the position achieves these results.
    Responsibilities
    • Use bullet points to list the fundamental accountabilities of the position. Candidates want to know what they will be doing on a day-to-day basis.
    • Begin each responsibility or accountability statement with an action word and follow with a brief phrase to describe what is done to accomplish the function.
    Position Characteristics
    • Give examples of key problems and thinking challenges encountered by the position. Describe the type of analysis or creativity required to resolve these problems.
    • Provide examples of final decision-making authority. The examples should reflect the constraints placed on the position by people, policies, and/or procedures.
    Position Requirements
    • List all formal education and certifications required.
    • List all knowledge and experience required.
    • List all personal attributes required.
    Work Conditions
    • List all work conditions that the employee must accommodate. This could include any sensory, physical, or mental requirements of the position or any special conditions of employment, such as hours.
    Process to Apply
    • Include the methods in which the organization wants to receive applications and contact information of who will receive the applications.

    Bottom Line: A truly successful job posting ferrets out those hidden stars that may be over cautious and filters out hundreds of applications from the woefully under qualified.

    The do’s and don’ts of an inclusive job ad

    DON’T overlook the power of words. Avoid phrases like “strong English language skills” as this may deter non-native English speakers from applying and a “clean-shaven” requirement can exclude candidates whose faith requires them to maintain facial hair.

    DON’T post a long requirements list. A study showed that the average jobseeker spends only 49.7 seconds reviewing a listing before deciding it's not a fit.*

    DON’T present a toxic work culture; phrases such as “work hard, play hard” can put off many candidates and play into the “bro- culture” stereotype in tech.

    Position Title: Senior Lorem Ipsum

    Salary Band: $XXX to $XXX

    Diversity is a core value at ACME Inc. We believe that diversity and inclusion is our strength, and we’re passionate about building an environment where all employees are valued and can perform at their best.

    As a … you will …

    Our ideal candidate ….

    Required Education and Experience

    • Bachelor’s degree in …
    • Minimum five (5) years …

    Required Skills

    Preferred Skills

    At ACME Inc. you will find …

    DO promote pay equity by being up front and honest about salary expectations.

    DO emphasize your organization’s commitment to diversity and an inclusive workplace by adding an equity statement.

    DO limit your requirements to “must haves” or at least showcase them first before the “nice-to-haves.”

    DO involve current employees or members of your employee resource groups when creating job descriptions to ensure that they ask for what you really need.

    DO focus on company values and criteria that are important to the job, not just what’s always been done.
    *Source: Ladders, 2013

    Before posting the job ad complete the DEI job posting validation checklist

    Does the job posting highlight your organization’s EVP

    Does the job posting avoid words that might discourage women, people of color, and other members of underrepresented groups from applying?

    Has the position description been carefully reviewed and revised to reflect current and future expectations for the position, rather than expectations informed by the persons who have previously held the job?

    Has the hiring committee eliminated any unnecessary job skills or requirements (college degree, years or type of previous experience, etc.) that might negatively impact recruitment of underrepresented groups?

    Has the hiring committee posted the job in places (job boards, websites, colleges, etc.) where applicants from underrepresented groups will be able to easily view or access it?

    Have members of the hiring committee attended job fairs or other events hosted by underrepresented groups?

    Has the hiring committee asked current employees from underrepresented groups to spread the word about the position?

    Has the hiring committee worked with the marketing team to ensure that people from diverse groups are featured in the organization’s website, publications, and social media?

    es the job description clearly demonstrate the organization’s and leadership’s commitment to DEI?
    *Source: Recruit and Retain People of Color in IT

    3.1 Review and update your job ads

    1. Download the Job Ad Template.
    2. Look online or ask HR for an example of a current job advertisement you are using.
    • If you don’t have one, you can use a job description as a starting point.
  • Review all the elements of the job ad and make sure they align with the list on the previous slide, adding or changing, as necessary. Your job ad should be no more than two pages long.
  • Using the tools on the previous two slides, review your first draft to ensure the job posting is free of language or elements that will discourage diverse candidates from applying.
  • Review your job advertisement with HR to get feedback or to use as a template going forward.
    • Input Output
    • Existing job ad or job description
    • Updated job ad
    Materials Participants
    • Job ad or job description
    • Job Ad Template
    • Hiring Managers

    Want to learn more?

    Recruit IT Talent

    • Improve candidate experience to hire top IT talent.

    Recruit and Retain More Women in IT

    • Gender diversity is directly correlated to IT performance.

    Recruit and Retain People of Color in IT

    • Good business, not just good philanthropy.

    Enhance Your Recruitment Strategies

    Focus on key programs and tactics to improve the effectiveness of your sourcing approach.

    Get involved with sourcing to get your job ad seen

    To meet growing expectations, organizations need to change the way they source

    Social Media

    Social media has trained candidates to expect:

    • Organizations to stay in touch and keep track of them.
    • A personalized candidate experience.
    • To understand organizational culture and a day in the life.

    While the focus on the candidate experience is important throughout the talent acquisition process, social media, technology, and values have made it a critical component of sourcing.

    Technology

    Candidates expect to be able to access job ads from all platforms.

    • Today, close to 90% of candidates use a mobile platform to job hunt (SmartRecruiters, 2022).
    • However, only 36% of organizations are optimizing their job postings for mobile. (The Undercover Recruiter, 2021)

    Job ads must be clear, concise, and easily viewed on a mobile device.

    Candidate Values

    Job candidate’s values are changing.

    • There is a growing focus on work/life balance, purpose, innovation, and career development. Organizations need to understand candidate values and highlight how the EVP aligns with these interests.

    Authenticity remains important.

    • Clearly and accurately represent your organization and its culture.

    Focus on key programs and tactics to improve the effectiveness of your sourcing approach

    Internal Talent Mobility (ITM) Program

    Social Media Program

    Employee Referral Program

    Alumni Program

    Campus Recruiting Program

    Other Sourcing Tactics

    Take advantage of your current talent with an internal talent mobility program

    What is it?

    Positioning the right talent in the right place, at the right time, for the right reasons, and supporting them appropriately.

    Internal Talent Mobility (ITM) Program

    Social Media Program

    Employee Referral Program

    Alumni Program

    Campus Recruiting Program

    Other Sourcing Tactics

    ITM program benefits:

    1. Retention

      2. Provide opportunities to develop professionally, whether in the current role or through promotions/lateral moves. Keep strong performers and high-potential employees committed to the organization.

    2. Close Skills Gap

      3. Address rapid change, knowledge drain due to retiring Baby Boomers, and frustration associated with time to hire or time to productivity.

    3. Cost/Time Savings

      4. Reduce spend on talent acquisition, severance, time to productivity, and onboarding.

    4. Employee Engagement

      5. Increase motivation and productivity by providing increased growth and development opportunities.

    5. EVP

      6. Align with the organization’s offering and what is important to the employees from a development perspective.

    6. Employee & Leadership Development

      7. Support and develop employees from all levels and job functions.

    Leverage social media to identify and connect with talent

    Internal Talent Mobility (ITM) Program

    Social Media Program

    Employee Referral Program

    Alumni Program

    Campus Recruiting Program

    Other Sourcing Tactics

    What is it? The widely accessible electronic tools that enable anyone to publish and access information, collaborate on common efforts, and build relationships.

    Learning to use social media effectively is key to sourcing the right talent.

    • Today, 92% of organizations leverage social media for talent acquisition.
    • 80% of employers find passive candidates through social media – second only to referrals.
    • 86% percent of job seekers used social media for their most recent job search.
    (Ku, 2021)

    Benefits of social media:

    • Provides access to candidates who may not know the organization.
    • Taps extended networks.
    • Facilitates consistent communication with candidates and talent in pipelines.
    • Personalizes the candidate experience.
    • Provides access to extensive data.

    Challenges of social media:

    With the proliferation of social media and use by most organizations, social media platforms have become overcrowded. As a result:

    • Organizations are directly and very apparently competing for talent with competitors.
    • Users are bombarded with information and are tuning out.

    “It is all about how we can get someone’s attention and get them to respond. People are becoming jaded.”

    – Katrina Collier, Social Recruiting Expert, The Searchologist

    Reap the rewards of an employee referral program

    Internal Talent Mobility (ITM) Program

    Social Media Program

    Employee Referral Program

    Alumni Program

    Campus Recruiting Program

    Other Sourcing Tactics

    What is it? Employees recommend qualified candidates. If the referral is hired, the referring employee typically receives some sort of reward.

    Benefits of an employee referral program:

    1. Lower Recruiting Costs

      2. 55% of organizations report that hiring a referral is less expensive that a non-referred candidate (Clutch, 2020).

    2. Decreased time to fill

      3. The average recruiting lifecycle for an employee referral is 29 days, compared with 55 days for a non referral (Betterup, 2022).

    3. Decreased turnover

      4. 46% percent of employees who were referred stay at their organization for a least one year, compared to 33% of career site hires (Betterup, 2022).

    4. Increased quality of hire

      5. High performers are more likely to refer other high performers to an organization (The University of Chicago Press, 2019).

    Avoid the Like Me Bias: Continually evaluate the diversity of candidates sourced from the employee referral program. Unless your workforce is already diverse, referrals can hinder diversity because employees tend to recommend people like themselves.

    Tap into your network of former employees

    Internal Talent Mobility (ITM) Program

    Social Media Program

    Employee Referral Program

    Alumni Program

    Campus Recruiting Program

    Other Sourcing Tactics

    What is it? An alumni referral program is a formalized way to maintain ongoing relationships with former employees of the organization.

    Successful organizations use an alumni program:

    • 98% of the F500 have some sort of Alumni program (LinkedIn, 2019).

    Benefits of an alumni program:

    1. Branding
    • Alumni are regarded as credible sources of information. They can be a valuable resource for disseminating and promoting the employer brand.
  • Source of talent
    • Boomerang employees are doubly valuable as they understand the organization and also have developed skills and industry experience.
      • Recover some of the cost of turnover and cost per hire with a pool of prequalified candidates who will more quickly reach full productivity.
  • Referral potential
    • Developing a robust alumni network provides access to a larger network through referrals.
    • Alumni already know what is required to be successful in the organization so they can refer more suitable candidates.

    Make use of a campus recruiting program

    Internal Talent Mobility (ITM) Program

    Social Media Program

    Employee Referral Program

    Alumni Program

    Campus Recruiting Program

    Other Sourcing Tactics

    What is it? A formalized means of attracting and hiring individuals who are about to graduate from schools, colleges, or universities.

    Almost 70% of companies are looking to employ new college graduates every year (HR Shelf, 2022).

    Campus recruitment benefits:

    • Increases employer brand awareness among talent entering the workforce.
    • Provides the opportunity to interact with large groups of potential candidates at one time.
    • Presents the opportunity to identify and connect with high-quality talent before they graduate and are actively looking for positions.
    • Offers access to a highly diverse audience.

    Info-Tech Insight

    Target schools that align with your culture and needs. Do not just focus on the most prestigious schools: they are likely more costly, have more intense competition, and may not actually provide the right talent.

    Identify opportunities to integrate non-traditional techniques

    Internal Talent Mobility (ITM) Program

    Social Media Program

    Employee Referral Program

    Alumni Program

    Campus Recruiting Program

    Other Sourcing Tactics

    		1. Professional industry associations
    • Tap into candidates who have the necessary competencies.

    5. Not-for-profit intermediaries

    • Partner with not-for-profits to tap into candidates in training or mentorship programs.
    • Example:
      • Year Up (General)
      • Bankwork$ (Banking)
      • Youth Build (Construction)
      • iFoster (Grocery)

    American Expresscreated a boot camp for software engineers in partnership with Year Up and Gateway Community College to increase entry-level IT hires.

    Results:

    • Annually hire 80-100 interns from Year Up.
    • Improved conversion rates: 72% of Year Up interns versus 60% of traditional interns.
    • Increased retention: 44 (Year Up) versus 18 months (traditional).
    (HBR, 2016)

    2. Special interest groups

    • Use for niche role sourcing.
    • Find highly specialized talent.
    • Drive diversity (Women in Project Management).

    6. Gamification

    • Attract curiosity and reaffirm innovation at your organization.
    • Communicate the EVP.
    3. Customers
    • Access those engaged with the organization.
    • Add the employer brand to existing messaging.

    PwC (Hungary) created Multiploy, a two-day game that allows students to virtually experience working in accounting or consulting at the organization.

    Results:

    • 78% of students said they wanted to work for PwC.
    • 92% indicated they had a more positive view of the firm.
    • Increase in the number of job applicants.
    (Zielinski, 2015)

    4. Exit interviews

    • Ask exiting employees “where should we recruit someone to replace you?”
    • Leverage their knowledge to glean insight into where to find talent.

    Partner with other organizational functions to build skills and leverage existing knowledge

    Use knowledge that already exists in the organization to improve talent sourcing capabilities.

    Marketing

    HR

    Marketing knows how to:

    • Build attention-grabbing content.
    • Use social media platforms effectively.
    • Effectively promote a brand.
    • Use creative methods to connect with people.

    HR knows how to:

    • Organize recruitment activities.
    • Identify the capabilities of various technologies available to support sourcing.
    • Solve issues that may arise along the way

    To successfully partner with other departments in your organization:

    • Acknowledge that they are busy. Like IT, they have multiple competing priorities.
    • Present your needs and prioritize them. Create a list of what you are looking for and then be willing to just pick your top need. Work with the other department to decide what needs can and cannot be met.
    • Present the business case. Emphasize how partnering is mutually beneficial. For example, illustrate to Marketing that promoting a strong brand with candidates will improve the organization’s overall reputation because often, candidates are customers.
    • Be reasonable and patient. You are asking for help, so be moderate in your expectations and flexible in working with your partner.

    Info-Tech Insight

    Encourage your team to seek out, and learn from, employees in different divisions. Training sessions with the teams may not always be possible but one-on-one chats can be just as effective and may be better received.

    5.1 Review the effectiveness of existing sourcing programs

    1. As a group review the description of each program as defined on previous slides. Ensure that everyone understands the definitions.
    2. In your workbook, look for the cell Internal Talent Mobility under the title; you will find five rows with the following
    • This program is formally structured and documented.
    • This program is consistently applied across the organization.
    • Talent is sourced this way on an ad hoc basis.
    • Our organization currently does not source talent this way.
    • There are metrics in place to assess the effectiveness of this program.
  • Ask everyone in the group if they agree with the statement for each column; once everyone has had a chance to answer each of the questions, discuss any discrepancies which exist.
  • After coming to a consensus, record the answers.
  • Repeat this process for the other four sourcing programs (social media, employee referral program, alumni network program, and campus recruiting program).
    • InputOutput
    • Existing knowledge on sourcing approach
    • Low usage sourcing methods identified for development
    MaterialsParticipants
    • Workbook
    • Hiring Managers

    Want to learn more?

    Recruit IT Talent

    • Improve candidate experience to hire top IT talent.

    Recruit and Retain More Women in IT

    • Gender diversity is directly correlated to IT performance.

    Recruit and Retain People of Color in IT

    • Good business, not just good philanthropy.

    Enhance Your Recruitment Strategies

    Interviews are the most often used yet poorly executed hiring tool.

    Create a high-quality interview process to improve candidate assessment

    Everyone believes they’re a great interviewer; self-assess your techniques, and “get real” to get better

    If you…

    • Believe everything the candidate says.
    • Ask mostly hypothetical questions: "What would you do in a situation where…"
    • Ask gimmicky questions: "If you were a vegetable, what vegetable would you be?"
    • Ask only traditional interview questions: "What are your top three strengths?”
    • Submit to a first impression bias.
    • Have not defined what you are looking for before the interview.
    • Ignore your gut feeling in an attempt to be objective.
    • Find yourself loving a candidate because they are just like you.
    • Use too few or too many interviewers in the process.
    • Do not ask questions to determine the motivational fit of the candidate.
    • Talk more than the interviewee.
    • Only plan and prepare for the interview immediately before it starts.

    …then stop. Use this research!

    Most interviewers are not effective, resulting in many poor hiring decisions, which is costly and counter-productive

    Most interviewers are not effective…

    • 82% of organizations don’t believe they hire highly talented people (Trost, 2022).
    • Approximately 76% of managers and HR representatives that McLean & Company interviewed agreed that the majority of interviewers are not very effective.
    • 66% of hiring managers come to regret their interview-based hiring decisions (DDI, 2021).

    …because, although everyone knows interviewing is a priority, most don’t make it one.

    • Interviewing is often considered an extra task in addition to an employee’s day-to-day responsibilities, and these other responsibilities take precedence.
    • It takes time to effectively design, prepare for, and conduct an interview.
    • Employees would rather spend this time on tasks they consider to be an immediate priority.

    Even those interviewers who are good at interviewing, may not be good enough.

    • Even a good interviewer can be fooled by a great interviewee.
    • Some interviewees talk the talk, but don’t walk the walk. They have great interviewing abilities but not the skills required to be successful in the specific position for which they are interviewing.
    • Even if the interviewer is well trained and prepared to conduct a strong interview, they can get caught up with an interviewee that seems very impressive on the surface, and end up making a bad hire.

    Preparing the Perfect Interview

    Step 5: Define decision rights

    Establish decision-making authority and veto power to mitigate post-interview conflicts over who has final say over a candidate’s status.

    Follow these steps to create a positive interview experience for all involved.

    Step 1: Define the ideal candidate profile; determine the attributes of the ideal candidate and their relative importance

    Define the attributes of the ideal candidate…

    Ideal candidate = Ability to do the job + Motivation to do the job + Fit

    Competencies

    • Education
    • Credentials
    • Technical skills
    • Career path
    • Salary expectations
    • Passion
    • Potential
    • Personality
    • Managerial style/preference

    Experiences

    • Years of service
    • Specific projects
    • Industry

    Data for these come from:

    • Interviews
    • Personality tests
    • Gut instinct or intuition

    Data for these come from:

    • Resumes
    • Interviews
    • Exercises and tests
    • References

    Caution: Evaluating for “organizational or cultural fit” can lead to interviewers falling into the trap of the “like me” bias, and excluding diverse candidates.

    …then determine the importance of the attributes.

    Non-negotiable = absolutely required for the job!

    Usually attributes that are hard to train, such as writing skills, or expensive to acquire after hire, such as higher education or specific technical skills.

    An Asset

    Usually attributes that can be trained, such as computer skills. It’s a bonus if the new hire has it.

    Nice-to-have

    Attributes that aren’t necessary for the job but beneficial. These could help in breaking final decision ties.

    Deal Breakers: Also discuss and decide on any deal breakers that would automatically exclude a candidate.

    The job description is not enough; meet with stakeholders to define and come to a consensus on the ideal candidate profile

    Definition of the Ideal Candidate

    • The Hiring Manager has a plan for the new hire and knows the criteria that will best fulfill that mandate.
    • The Executive team may have specific directives for what the ideal candidate should look like, depending on the level and critical nature of the position.
    • Industry standards, which are defined by regulatory bodies, are available for some positions. Use these to identify skills and abilities needed for the job.
    • Competitor information such as job descriptions and job reviews could provide useful data about a similar role in other organizations.
    • Exit interviews can offer insight into the most challenging aspects of the job and identify skills or abilities needed for success.
    • Current employees who hold the same or a similar position can explain the nuances of the day-to-day job and what attributes are most needed on the team.

    “The hardest work is accurately defining what kind of person is going to best perform this job. What are their virtues? If you’ve all that defined, the rest is not so tough.”

    – VP, Financial Services

    Use a scorecard to document the ideal candidate profile and help you select a superstar

    1. Download the Workbook and go to tab 6.1.
    2. Document the desired attributes for each category of assessment: Competencies, Experiences, Fit, and Motivation. You can find an Attribute Library on the next tab.
    3. Rank each attribute by level of priority: Required, Asset, or Nice-to-Have.
    4. Identify deal breakers that would automatically disqualify a candidate from moving forward.
    InputOutput
    • Job description
    • Stakeholder input
    • Ideal candidate persona
    MaterialsParticipants
    • Workbook
    • Hiring Managers

    To identify questions for screening interviews, use the Screening Interview Template

    A screening interview conducted by phone should have a set of common questions to identify qualified candidates for in-person interviews.

    The Screening Interview Template will help you develop a screening interview by providing:

    • Common screening questions that can be modified based on organizational needs and interview length.
    • Establishing an interview team.
    • A questionnaire format so that the same questions are asked of all candidates and responses can be recorded.

    Once completed, this template will help you or HR staff conduct candidate screening interviews with ease and consistency. Always do screening interviews over the phone or via video to save time and money.

    Info-Tech Insight

    Determine the goal of the screening interview – do you want to evaluate technical skills, communication skills, attitude, etc.? – and create questions based on this goal. If evaluating technical skill, have someone with technical competency conduct the interview.

    The image contains screenshots of the Screening Interview Template.

    Step 2: Choose interview types and techniques that best assess the ideal candidate attributes listed on the position scorecard

    There is no best interview type or technique for assessing candidates, but there could be a wrong one depending on the organization and job opening.

    • Understanding common interviewing techniques and types will help inform your own interviewing strategy and interview development.
    • Each interview technique and type has its own strengths and weakness and can be better suited for a particular organizational environment, type of job, or characteristic being assessed.
    The image contains a diagram to demonstrate the similarities and differences of Interview Technique and Interview Type. There is a Venn Diagram, the right circle is labelled: Interview Technique, and the right is: Interview Type. There is a double sided arrow below that has the following text: Unstructure, Semi-Structured, and Structured.

    Unstructured: A traditional method of interviewing that involves no constraints on the questions asked, no requirements for standardization, and a subjective assessment of the candidate. This format is the most prone to bias.

    Semi-Structured: A blend of structured and unstructured, where the interviewer will ask a small list of similar questions to all candidates along with some questions pertaining to the resume.

    Structured: An interview consisting of a standardized set of job-relevant questions and a scoring guide. The goal is to reduce interviewer bias and to help make an objective and valid decision about the best candidate.

    No matter which interview types or techniques you use, aim for it to be as structured as possible to increase its validity

    The validity of the interview increases as the degree of interview structure increases.

    Components of a highly structured interview include:

    1. Interview questions are derived from a job analysis (they are job related).
    2. Interview questions are standardized (all applicants are asked the same questions).
    3. Prompting, follow-up questioning, probing, and/or elaboration on questions are limited. Try to identify all prompts, follow-ups, and probes beforehand and include them in the interview guide so that all candidates get the same level of prompting and probing.
    4. Interview questions focus on behaviors or work samples rather than opinions or self-evaluations.
    5. Interviewer access to ancillary information (e.g. resumes, letters of reference, test scores, transcripts) is controlled. Sometimes limiting access to these documents can limit interviewer biases.
    6. Questions from the candidate are not allowed until after the interview. This allows the interviewer to stay on track and not go off the protocol.
    7. Each answer is rated during the interview using a rating scale tailored to the question (this is preferable to rating dimensions at the end of the interview and certainly preferable to just making an overall rating or ranking at the end).
    8. Rating scales are “anchored” with behavioral examples to illustrate scale points (e.g. examples of a “1,” “3,” or “5” answer).
    9. Total interview score is obtained by summing across scores for each of the questions.

    The more of these components your interview has, the more structured it is, and the more valid it will be.

    Step 3: Prepare interview questions to assess the attributes you are looking for in a candidate

    The purpose of interviewing is to assess, not just listen. Questions are what help you do this.

    Preparing questions in advance allows you to:

    • Match each question to a position requirement (included in your scorecard) to ensure that you assess all required attributes. Everything assessed should be job relevant!
    • Determine each question’s weighting, if applicable.
    • Give each candidate a chance to speak to all their job-relevant attributes.
    • Keep records should an unselected candidate decide to contest the decision.

    If you don’t prepare in advance:

    • You’ll be distracted thinking about what you are going to ask next and not be fully listening.
    • You likely won’t ask the same questions of all candidates, which impacts the ability to compare across candidates and doesn’t provide a fair process for everyone.
    • You likely won’t ask the questions you need to elicit the information needed to make the right decision.
    • You could ask illegal questions (see Acquire the Right Hires with Effective Interviewing for a list of questions not to ask in an interview).

    Use the Interview Question Planning Guide tab in the Candidate Interview Strategy and Planning Guide to prepare your interview questions.

    Use these tips to draft interview questions:

    • Use job analysis output, in particular the critical incident technique, to develop structured interview questions.
    • Search online or in books for example interview questions for the target position to inform interview question development. Just remember that candidates access these too, so be sure to ask for specific examples, include probing questions, and adapt or modify questions to change them.
    • Situational questions: The situation should be described in sufficient detail to allow an applicant to visualize it accurately and be followed by “what would you do?” Scoring anchors should reflect effective, typical, and ineffective behaviors.
    • Behavioral questions: Should assess a behavioral dimension (e.g. meeting deadlines) and apply to a variety of situations that share the underlying dimension (e.g. at work or school). Scoring anchors should be applicable to a variety of situations and reflect effective, typical, and ineffective behavior.

    Conduct an effective screening interview by listening to non-verbal cues and probing

    Follow these steps to conduct an effective screening interview:

    Introduce yourself and ask if now is a good time to talk. (Before calling, prepare your sales pitch on the organization and the position.)

    You want to catch candidates off guard so that they don’t have time to prepare scripted answers; however, you must be courteous to their schedule.

    Provide an overview of the position, then start asking pre-set questions. Take a lot of notes.

    It is important to provide candidates with as much information as possible about the position – they are deciding whether they are interested in the role as much as you are deciding whether they are suitable.

    Listen to how the questions are answered. Ask follow-up questions when appropriate and especially if the candidate seems to be holding something back.

    If there are long pauses or the candidate’s voice changes, there may be something they aren’t telling you that you should know.

    Be alert to inconsistencies between the resume and answers to the questions and address them.

    It’s important to get to the bottom of issues before the in-person interview. If dates, titles, responsibilities, etc. seem to be inconsistent, ask more questions.

    Ask candidates about their salary expectations.

    It’s important to ensure alignment of the salary expectations early on. If the expectations are much higher than the range, and the candidate doesn’t seem to be open to the lower range, there is no point interviewing them. This would be a waste of everyone’s time.

    Answer the applicant’s questions and conclude the interview.

    Wait until after the interview to rate the applicant.

    Don’t allow yourself to judge throughout the interview, or it could skew questions. Rate the applicant once the interview is complete.

    When you have a shortlist of candidates to invite to an in-person interview, use the Candidate Communication Template to guide you through proper phone and email communications.

    Don’t just prepare top-level interview questions; also prepare probing questions to probe to gain depth and clarity

    Use probing to drill down on what candidates say as much as possible and go beyond textbook answers.

    Question (traditional): “What would you identify as your greatest strength?”

    Answer: Ability to work on a team.

    Top-level interview questions set the stage for probing.

    Your interview script should contain the top two levels of questions in the pyramid and a few probes that you will likely need to ask. You can then drill down further depending on the candidate’s answers.

    Follow-Up Question:

    “Can you outline a particular example when you were able to exercise your teamwork skills to reach a team goal?”

    Probing questions start with asking what, when, who, why, and how, and gain insight into a candidate’s thought process, experiences, and successes.

    Probing Level 1:

    Probe around the what, how, who, when, and where. “How did you accomplish that?”

    How to develop probes? By anticipating the kinds of responses that candidates from different backgrounds or with different levels of experience are likely to give as a response to an interview question. Probes should provide a clear understanding of the situation, the behavior, and the outcome so that the response can be accurately scored. Common probes include:

    • What did you do? What was the outcome?
    • When did this take place (and how long did it take)?
    • Who was involved?
    • Were you leading or being led?
    • How did you accomplish what you did?
    • Why did you take those steps?

    Tailor probes to the candidate’s answers to evoke meaningful and insightful responses.

    Probing Level 2:

    Allow for some creativity.

    “What would you do differently if you were to do it again?”

    Conduct effective interviews and assessments

    Mitigate inherent biases of assessors by integrating formal assessments with objective anchors and clear criteria to create a more inclusive process.

    Consider leveraging behavioral interview questions in your interview to reduce bias.

    • In the past, companies were pushing the boundaries of the conventional interview, using unconventional questions to find top talent, e.g. “what color is your personality?” The logic was that the best people are the ones who don’t necessarily show perfectly on a resume, and they were intent on finding the best.
    • However, many companies have stopped using these questions after extensive statistical analysis revealed there was no correlation between candidates’ ability to answer them and their future performance on the job.
    • Asking behavioral interview questions based on the competency needs of the role is the best way to uncover if the candidates will be able to execute on the job.

    Assessments are created by people that have biases. This often means that assessments can be biased, especially with preferences towards a Western perspective. Even if the same assessments are administered, the questions will be interpreted differently by candidates with varying cultural backgrounds and lived experiences. If assessments do not account for this, it ultimately leads to favoring the answers of certain demographic groups, often ones similar to those who developed the assessment.

    Creating an interview question scorecard

    Attribute you are evaluating

    Probing questions prepared

    Area to take notes

    		 The image contains a screenshot of an Interview question scorecard.

    Exact question you will ask

    Place to record score

    Anchored scale with definitions of a poor, ok and great answer

    Step 4: Assemble an interview team

    HR and the direct reporting supervisor should always be part of the interview. Make a good impression with a good interview team.

    The must-haves:

    • The Future Manager should always be involved in the process. They should be comfortable with the new hire’s competencies and fit.
    • Human Resources should always be involved in the process – they maintain consistency, legality, and standardization. It’s their job to know the rules and follow them. HR may coordinate and maintain policy standards and/or join in assessing the candidate.
    • There should always be more than just one interviewer, even if it is not at the same time. This helps keep the process objective, allows for different opinions, and gives the interviewee exposure to multiple individuals in the company. But, try to limit the number of panel members to four or less.

    “At the end of the day, it’s the supervisor that has to live with the person, so any decision that does not involve the supervisor is a very flawed process.” – VP, Financial Services

    The nice-to-haves:

    • Future colleagues can offer benefits to both the interviewee and the colleague by:
      • Giving the candidate some insight into what their day-to-day job would be.
      • Relaxing the candidate; allowing for a less formal, less intimidating conversation.
      • Introducing potential teammates for a position that is highly collaborative.
      • Offering the interviewer an excellent professional development opportunity – a chance to present their understanding of what they do.
    • Executives should take part in interviewing for executive hiring, individuals that will report to an executive, or for positions that are extremely important. Executive time is scarce and expensive, so only use it when absolutely necessary.

    Record the interview team details in the Candidate Interview Strategy and Planning Guide template.

    Assign interviewers roles inside and outside the actual interview

    Define Interview Process Roles

    Who Should… Contact candidates to schedule interviews or communicate decisions?

    Who Should… Be responsible for candidate welcomes, walk-outs, and hand-offs between interviews?

    Who Should… Define and communicate each stakeholder’s role?

    Who Should… Chair the preparation and debrief meetings and play the role of the referee when trying to reach a consensus?

    Define Interview Roles

    • Set a role for each interviewer so they know what to focus on and where they fit into the process (e.g. Interviewer A will assess fit). Don’t ad hoc the process and allow everyone to interview based on their own ideas.
    • Consider interviewer qualifications and the impact of the new employee on each interviewer, when deciding the roles of each interviewer (i.e. who will interview for competency and who will interview for fit).
      • For example, managers may be most impacted by technical competencies and should be the interviewer to evaluate the candidate for technical competency.

    “Unless you’ve got roles within the panel really detailed and agreed upon, for example, who is going to take the lead on what area of questions, you end up with a situation where nobody is in charge or accountable for the final interview assessment." – VP, Financial Services

    Info-Tech Insight

    Try a Two Lens Assessment: One interviewer assesses the candidate as a project leader while another assesses them as a people leader for a question such as “Give me an example of when you exercised your leadership skills with a junior team member.”

    Step 5: Set decision rights in stone and communicate them in advance to manage stakeholder expectations and limit conflict

    All interviewers must understand their decision-making authority prior to the interview. Misunderstandings can lead to resentment and conflict.

    It is typical and acceptable that you, as the direct reporting manager, should have veto power, as do some executives.

    Veto Power

    Direct Supervisor or Manager

    Decision Makers: Must Have Consensus

    Other Stakeholders

    Direct Supervisor’s Boss

    Direct Supervisor

    Contributes Opinion

    HR Representative

    Peer

    After the preliminary interview, HR should not be involved in making the decision unless they have a solid understanding of the position.

    Peers can make an unfair assessment due to perceived competition with a candidate. Additionally, if a peer doesn’t want a candidate to be hired and the direct supervisor does hire the candidate, the peer may hold resentment against that candidate and set the team up for conflict.

    The decision should rest on those who will interact with the candidate on a daily basis and who manage the team or department that the candidate will be joining.

    The decisions being made can include whether or not to move a candidate onto the next phase of the hiring process or a final hiring decision. Deciding decision rights in advance defines accountability for an effective interview process.

    Create your interview team, assessments, and objective anchor scale

    1. Download the Behavioral Interview Question Library as a reference.
    2. On tab 9 of your workbook, document all the members of the team and their respective roles in the interview process. Fill in the decision-making authority section to ensure every team member is held accountable to their assigned tasks and understands how their input will be used.
    3. For each required attribute in the Ideal Candidate Scorecard, chose one to two questions from the library that can properly evaluate that attribute.
    4. Copy and paste the questions and probing questions into the Interview Guide Template.
    5. Create an objective anchor scale and clearly define what a poor, ok, and great answer to each question is.

    Download the Behavioral Interview Question Library

    Input Output
    • List of possible team members
    • Ideal Candidate Scorecard
    • Finalized hiring panel
    • Finalized interview and assessment process
    Materials Participants
    • IT Behavioral Interview Question Library
    • Workbook
    • Interview Guide Template
    • IT leadership team
    • IT staff members

    Conduct an effective, professional, and organized in-person interview

    Give candidates a warm, genuine greeting. Introduce them to other interviewers present. Offer a drink. Make small talk.

    “There are some real advantages to creating a comfortable climate for the candidate; the obvious respect for the individual, but people really let their guard down.”

    – HR Director, Financial Services

    Give the candidate an overview of the process, length, and what to expect of the interview. Indicate to the candidate that notes will be taken during the interview.

    If shorter than an hour, you probably aren’t probing enough or even asking the right questions. It also looks bad to candidates if the interview is over quickly.

    Start with the first question in the interview guide and make notes directly on the interview guide (written or typed) for each question.

    Take lots of notes! You think you’ll remember what was said, but you won’t. It also adds transparency and helps with documentation.

    Ask the questions in the order presented for interview consistency. Probe and clarify as needed (see next slide).

    Keep control of the interview by curtailing any irrelevant or long-winded responses.

    After all interview questions are complete, ask candidates if there was anything about their qualifications that was missed that they want to highlight.

    Lets you know they understand the job and gives them the feeling they’ve put everything on the table.

    Ask if the candidate has any questions. Respond to the questions asked.

    Answer candidate questions honestly because fit works both ways. Ensure candidates leave with a better sense of the job, expectations, and organizational culture.

    Review the compensation structure for the position and provide a realistic preview of the job and organization.

    Provide each candidate with a fair chance by maintaining a consistent interview process.

    Tell interviewees what happens next in the process, the expected time frame, and how they will be informed of the outcome. Escort them out and thank them for the interview.

    The subsequent slides provide additional detail on these eight steps to conducting an effective interview.

    Avoid these common biases and mistakes

    Common Biases

    Like-me effect: An often-unconscious preference for, and unfairly positive evaluation of, a candidate based on shared interests, personalities, and experiences, etc.

    Status effect: Overrating candidates based on the prestige of previously held positions, titles, or schools attended.

    Recency bias: Placing greater emphasis on interviews held closer to the decision-making date.

    Contrast effect: Rating candidates relative to those who precede or follow them during the interview process, rather than against previously determined data.

    Solution

    Assess candidates by using existing competency-based criteria.

    Common Mistakes

    Negative tone: Starting the interview on a negative or stressful note may derail an otherwise promising candidate.

    Poor interview management: Letting the candidate digress may leave some questions unanswered and reduce the interview value.

    Reliance of first impressions: Basing decisions on first impressions undermines the objectivity of competency-based selection.

    Failure to ask probing questions: Accepting general answers without asking follow-up questions reduces the evidentiary value of the interview.

    Solution

    Follow the structured interview process you designed and practiced.

    Ask the questions in the order presented in the interview guide, and probe and clarify as needed

    Do...

    Don’t…

    Take control of the interview by politely interrupting to clarify points or keep the interviewee on topic.

    Use probing to drill down on responses and ask for clarification. Ask who, what, when, why, and how.

    Be cognizant of confidentiality issues. Ask for a sample of work from a past position.

    Focus on knowledge or information gaps from previous interviews that need to be addressed in the interview.

    Ensure each member of a panel interview speaks in turn and the lead is given due respect to moderate.

    Be mean when probing. Intimidation actually works against you and is stressful for candidates. When you’re friendly, candidates will actually open up more.

    Interrupt or undermine other panel members. Their comments and questions are just as valid as yours are, and treating others unprofessionally gives a bad impression to the candidate.

    Ask illegal questions. Questions about things like religion, disability, and marital and family status are off limits.

    When listening to candidate responses, watch for tone, body language, and red flags

    Do...

    While listening to responses, also watch out for red and yellow flags.

    Listen to how candidates talk about their previous bosses – you want it to be mainly positive. If their discussion of past bosses reflects a strong sense of self-entitlement or a consistent theme of victimization, this could be a theme in their behavior and make them hard to work with.

    Red Flag

    A concern about something that would keep you from hiring the person.

    Yellow Flag

    A concern that needs to be addressed, but wouldn’t keep you from hiring the person.

    Pay attention to body language and tone. They can tell you a lot about candidate motivation and interest.

    Listen to what candidates want to improve. It’s an opportunity to talk about development and advancement opportunities in the organization.

    		Not all candidates have red flags, but it is important to keep them in mind to identify potential issues with the candidate before they are hired.

    Don’t…

    Talk too much! You are there to listen. Candidates should do about 80% of the talking so you can adequately evaluate them. Be friendly, but ensure to spend the time allotted assessing, not chatting.

    If you talk too much, you may end up hiring a weak candidate because you didn’t perceive weaknesses or not hire a strong candidate because you didn’t identify strengths.

    What if you think you sense a red or yellow flag?

    Following the interview, immediately discuss the situation with others involved in the recruitment process or those familiar with the position, such as HR, another hiring manager, or a current employee in the role. They can help evaluate if it’s truly a matter of concern.

    Increase hiring success: Give candidates a positive perception of the organization in the interview

    Great candidates want to work at great organizations.

    When the interviewer makes a positive impression on a candidate and provides a positive impression of the organization it carries forward after they are hired.

    In addition, better candidates can be referred over the course of time due to higher quality networking.

    As much as choosing the right candidate is important to you, make sure the right candidate wants to choose you and work for your organization.

    The image contains a screenshot of a graph to demonstrate the percent of successful hires relates strongly to interviewers giving candidates a positive perception of the organization.

    Interview advice seems like common sense, but it’s often not heeded, resulting in poor interviews

    Don’t…

    Believe everything candidates say. Most candidates embellish and exaggerate to find the answers they think you want. Use probing to drill down to specifics and take them off their game.

    Ask gimmicky questions like “what color is your soul?” Responses to these questions won’t give you any information about the job. Candidates don’t like them either!

    Focus too much on the resume. If the candidate is smart, they’ve tailored it to match the job posting, so of course the person sounds perfect for the job. Read it in advance, highlight specific things you want to ask, then ignore it.

    Oversell the job or organization. Obviously you want to give candidates a positive impression, but don’t go overboard because this could lead to unhappy hires who don’t receive what you sold them. Candidates need to evaluate fit just as much as you.

    Get distracted by a candidate’s qualifications and focus only on their ability to do the job. Just because they are qualified does not mean they have the attitude or personality to fit the job or culture.

    Show emotion at any physical handicap. You can’t discriminate based on physical disability, so protect the organization by not drawing attention to it. Even if you don’t say anything, your facial expression may.

    Bring a bad day or excess baggage into the interview, or be abrupt, rushed, or uninterested in the interview. This is rude behavior and will leave a negative impression with candidates, which could impact your chances of hiring them.

    Submit to first impression bias because you’ll spend the rest of the interview trying to validate your first impression, wasting your time and the candidate’s. Remain as objective as possible and stick to the interview guide to stay focused on the task at hand.

    “To the candidate, if you are meeting person #3 and you’re hearing questions that person #1 and #2 asked, the company doesn’t look too hot or organized.” – President, Recruiting Firm

    Practice behavioral interviews

    1. In groups of at least three:
    • Assign one person to act as the manager conducting the interview, a second person to act as the candidate, and a third to observe.
    • The observer will provide feedback to the manager at the end of the role play based on the information you just learned.
    • Observers – please give feedback on the probing questions and body language.
  • Managers, select an interview question from the list your group put together during the previous exercise. Take a few minutes to think about potential probing questions you could follow up with to dig for more information.
  • Candidates, try to act like a real candidate. Please don’t make it super easy on the managers – but don’t make it impossible either!
  • Once the question has been asked and answered:
    • How did it go?
    • Were you able to get the candidate to speak in specifics rather than generalities? What tips do you have for others?
    • What didn’t go so well? Any surprises?
    • What would you do differently next time?
    • If this was a real hiring situation, would the information you got from just that one question help you make a hiring decision for the role?
  • Now switch roles and select a new interview question to use for this round. Repeat until everyone has had a chance to practice.
    • Input Output
    • Interview questions and scorecard
    • Practice interviews
    Materials Participants
    • IT Behavioral Interview Question Library
    • Workbook
    • Hiring Manager
    • Interview Panel Members

    Download the Behavioral Interview Question Library

    Record best practices, effective questions, and candidate insights for future use and current strategy

    Results and insights gained from evaluations need to be recorded and assessed to gain value from them going forward.

    • To optimize evaluation, all feedback should be forwarded to a central point so that the information can be shared with all stakeholders. HR can serve in this role.
    • Peer evaluations should be shared shortly after the interview. Immediate feedback that represents all the positive and negative responses is instructional for interviewers to consider right away.
    • HR can take a proactive approach to sharing information and analyzing and improving the interview process in order to collaborate with hiring departments for better talent management.
    • Collecting information about effective and ineffective interview questions will guide future interview revision and development efforts.

    Evaluations Can Inform Strategic Planning and Professional Development

    Strategic Planning

    • Survey data can be used to inform strategic planning initiatives in recruiting.
    • Use the information to build a case to the executive team for training, public relations initiatives, or better candidate management systems.

    Professional Development

    • Survey data from all evaluations should be used to inform future professional development initiatives.
    • Interview areas where all team members show weaknesses should be training priorities.
    • Individual weaknesses should be integrated into each professional development plan.

    Want to learn more?

    Recruit IT Talent

    • Improve candidate experience to hire top IT talent.

    Recruit and Retain More Women in IT

    • Gender diversity is directly correlated to IT performance.

    Recruit and Retain People of Color in IT

    • Good business, not just good philanthropy.

    Develop a Comprehensive Onboarding Plan

    Drive employee engagement and retention with a robust program that acclimates, guides, and develops new hires.

    Onboarding should pick up where candidate experience leaves off

    Do not confuse onboarding with orientation

    Onboarding ≠ Orientation

    Onboarding is more than just orientation. Orientation is typically a few days of completing paperwork, reading manuals, and learning about the company’s history, strategic goals, and culture. By contrast, onboarding is three to twelve months dedicated to welcoming, acclimating, guiding, and developing new employees – with the ideal duration reflecting the time to productivity for the role.

    A traditional orientation approach provides insufficient focus on the organizational identification, socialization, and job clarity that a new hire requires. This is a missed opportunity to build engagement, drive productivity, and increase organizational commitment. This can result in early disengagement and premature departure.

    Effective onboarding positively impacts the organization and bottom line

    Over the long term, effective onboarding has a positive impact on revenue and decreases costs.

    The benefits of onboarding:

    • Save money and frustration
      • Shorten processing time, reduce administrative costs, and improve compliance.
    • Boost revenue
      • Help new employees become productive faster – also reduce the strain on existing employees who would normally be overseeing them or covering a performance shortfall.
    • Drive engagement and reduce turnover
      • Quickly acclimate new hires to your organization’s environment, culture, and values.
    • Reinforce culture and employer brand
      • Ensure that new hires feel a connection to the organization’s culture.

    Onboarding drives new hire engagement from day one

    The image contains a graph to demonstrate the increase in overall engagement in relation to onboarding.

    When building an onboarding program, retain the core aims: acclimate, guide, and develop

    The image contains a picture of a circle with a smaller circle inside it, and a smaller circle inside that one. The smallest circle is labelled Acclimate, the medium sized circle is labelled Guide, and the biggest circle is labelled Develop.

    Help new hires feel connected to the organization by clearly articulating the mission, vision, values, and what the company does. Help them understand the business model, the industry, and who their competitors are. Help them feel connected to their new team members by providing opportunities for socialization and a support network.

    Help put new hires on the path to high performance by clearly outlining their role in the organization and how their performance will be evaluated.

    Help new hires receive the experience and training they require to become high performers by helping them build needed competencies.

    We recommend a three-to-twelve-month onboarding program, with the performance management aspect of onboarding extending out to meet the standard organizational performance management cycle.

    Info-Tech Insight

    The length of the onboarding program should align with the average time to productivity for the role(s). Consider the complexity of the role, the industry, and the level of the new hire when determining program length.

    For example, call center workers who are selling a straight-forward product may only require a three-month onboarding, while senior leaders may require a year-long program.

    Watch for signs that you aren’t effectively acclimating, guiding, and developing new hires

    Our primary and secondary research identified the following as the most commonly stated reasons why employees leave organizations prematurely. These issues will be addressed throughout the next section.

    Acclimate

    Guide

    Develop
    • Onboarding experience is misaligned from the employer’s brand.
    • Socialization and/or integration into the existing culture is left to the employee.
    • Key role expectations or role usefulness is not clearly communicated.
    • Company strategy is unclear.
    • Opportunities for advancement are unclear.
    • Coaching, counseling, and/or support from co-workers and/or management is lacking.
    • The organization fails to demonstrate that it cares about the new employee’s needs.

    “Onboarding is often seen as an entry-level HR function. It needs to rise in importance because it’s the first impression of the organization and can be much more powerful than we sometimes give it credit for. It should be a culture building and branding program.” – Doris Sims, SPHR, The Succession Consultant, and Author, Creative Onboarding Programs

    Use the onboarding tabs in the workbook to evaluate and redesign the onboarding program

    1. On tab 10, brainstorm challenges that face the organization's current onboarding program. Identify if they fall into the "acclimate," "guide," or "develop" category. Next, record the potential impact of this challenge on the overall effectiveness of the onboarding program.
    2. On tab 11, record each existing onboarding activity. Then, identify if that activity will be kept or if it should be retired. Next, document if the activity fell into the "acclimate," "guide," or "develop" category.
    3. On tab 12, document gaps that currently exist in the onboarding program. Modify the timeline along the side of the tab to ensure it reflects the timeline you have identified.
    4. On tab 13, document the activities that will occur in the new onboarding program. This should be a combination of current activities that you want to retain and new activities that will be added to address the gaps noted on tab 12. For each activity, identify if it will fall in the acclimate, guide, or develop section. Add any additional notes. Before moving on, make sure that there are no categories that have no activities (e.g. no guide activities).
    Input Output
    • Existing onboarding activities
    • Determine new onboarding activities
    • Map out onboarding responsibilities
    Materials Participants
    • Workbook
    • Hiring Managers
    • HR

    Review the administrative aspects of onboarding and determine how to address the challenges

    The image contains tabs, three main large tabs are labelled: Acclimate, Guide, and Develop. There are smaller tabs in between that are in relation to the three main ones.

    Sample challenges

    Potential solutions

    Some paperwork cannot be completed digitally (e.g. I-9 form in the US).

    Where possible, complete forms with digital signatures (e.g. DocuSign). Where not possible, begin the process earlier and mail required forms to employees to sign and return, or scan and email for the employee to print and return.

    Required compliance training material is not available virtually.

    Seek online training options where possible. Determine the most-critical training needs and prioritize the replication of materials in audio/video format (e.g. recorded lecture) and distribute virtually.

    Employees may not have access to their equipment immediately due to shipping or supply issues.

    Delay employee start dates until you can set them up with the proper equipment and access needed to do their job.

    New hires can’t get answers to their questions about benefits information and setup.

    Schedule a meeting with an HR representative or benefits vendor to explain how benefits will work and how to navigate employee self-service or other tools and resources related to their benefits.

    Info-Tech Insight

    One of the biggest challenges for remote new hires is the inability to casually ask questions or have conversations without feeling like they’re interrupting. Until they have a chance to get settled, providing formal opportunities for questions can help address this.

    Review how company information is shared during onboarding and how to address the challenges

    The image contains tabs, three main large tabs are labelled: Acclimate, Guide, and Develop. There are smaller tabs in between that are in relation to the three main ones.

    Sample challenges

    Potential solutions

    Key company information such as organizational history, charts, or the vision, mission, and values cannot be clearly learned by employees on their own.

    Have the new hire’s manager call to walk through the important company information to provide a personal touch and allow the new hire to ask questions and get to know their new manager.

    Keeping new hires up to date on crisis communications is important, but too much information may overwhelm them or cause unnecessary stress.

    Sharing the future of the organization is a critical part of the company information stage of onboarding and the ever-changing nature of the COVID-19 crisis is informing many organizations’ future right now. Be honest but avoid over-sharing plans that may change.

    New hires can’t get answers to their questions about benefits information and setup.

    Schedule a meeting with an HR representative or benefits vendor to explain how benefits will work and how to navigate employee self-service or other tools and resources related to their benefits.

    Review the socialization aspects of onboarding and determine how to address the challenges

    The image contains tabs, three main large tabs are labelled: Acclimate, Guide, and Develop. There are smaller tabs in between that are in relation to the three main ones.

    Sample challenges

    Potential solutions

    Team introductions via a team lunch or welcome event are typically done in person.

    Provide managers with a calendar of typical socialization events in the first few weeks of onboarding and provide instructions and ideas for how to schedule replacement events over videoconferencing.

    New hires may not have a point of contact for informal questions or needs if their peers aren’t around them to help.

    If it doesn’t already exist, create a virtual buddy program and provide instructions for managers to select a buddy from the new hire’s team. Explain that their role is to field informal questions about the company, team, and anything else and that they should book weekly meetings with the new hire to stay in touch.

    New hires will not have an opportunity to learn or become a part of the informal decision-making networks at the organization.

    Hiring managers should consider key network connections that new hires will need by going through their own internal network and asking other team members for recommendations.

    New hires will not be able to casually meet people around the office.

    Provide the employee with a list of key contacts for them to reach out to and book informal virtual coffee chats to introduce themselves.

    Adapt the Guide phase of onboarding to a virtual environment

    The image contains tabs, three main large tabs are labelled: Acclimate, Guide, and Develop. There are smaller tabs in between that are in relation to the three main ones.

    Sample challenges

    Potential solutions

    Performance management (PM) processes have been paused given the current crisis.

    Communicate to managers that new hires still need to be onboarded to the organization’s performance management process and that goals and feedback need to be introduced and the review process outlined even if it’s not currently happening.

    Goals and expectations differ or have been reprioritized during the crisis.

    Ask managers to explain the current situation at the organization and any temporary changes to goals and expectations as a result of new hires.

    Remote workers often require more-frequent feedback than is mandated in current PM processes.

    Revamp PM processes to include daily or bi-weekly touchpoints for managers to provide feedback and coaching for new hires for at least their first six months.

    Managers will not be able to monitor new hire work as effectively as usual.

    Ensure there is a formal approach for how employees will keep their managers updated on what they're working on and how it's going, for example, daily scrums or task-tracking software.

    For more information on adapting performance management to a virtual environment, see Info-Tech’s Performance Management for Emergency Work-From-Home research.

    Take an inventory of training and development in the onboarding process and select critical activities

    The image contains tabs, three main large tabs are labelled: Acclimate, Guide, and Develop. There are smaller tabs in between that are in relation to the three main ones.

    Categorize the different types of formal and informal training in the onboarding process into the following three categories. For departmental and individual training, speak to managers to understand what is required on a department and role basis:

    Organizational

    Departmental

    Individual

    For example:

    • Employee self-service overview
    • Health and safety/compliance training
    • Core competencies

    For example:

    • Software training (e.g. Salesforce)
    • Job shadowing to learn how to work equipment or to learn processes

    For example:

    • Mentoring
    • External courses
    • Support to work toward a certification

    In a crisis, not every training can be translated to a virtual environment in the short term. It’s also important to focus on critical learning activities versus the non-critical. Prioritize the training activities by examining the learning outcomes of each and asking:

    • What organizational training does every employee need to be a productive member of the organization?
    • What departmental or individual training do new hires need to be successful in their role?

    Lower priority or non-critical activities can be used to fill gaps in onboarding schedules or as extra activities to be completed if the new hire finds themselves with unexpected downtime to fill.

    Determine how onboarding training will be delivered virtually

    The image contains tabs, three main large tabs are labelled: Acclimate, Guide, and Develop. There are smaller tabs in between that are in relation to the three main ones.

    Who will facilitate virtual training sessions?

    • For large onboarding cohorts, consider live delivery via web conferencing where possible. This will create a more engaging training program and will allow new hires to interact with and ask questions of the presenter.
    • For individual new hires or small cohorts, have senior leaders or key personnel from across the organization record different trainings that are relevant for their role.
      • For example, training sessions about organizational culture can be delivered by the CEO or other senior leader, while sales training could be delivered by a sales executive.

      If there is a lack of resources, expertise, or time, outsource digital training to a content provider or through your LMS.

    What existing or free tools can be leveraged to immediately support digital training?

    • Laptops and PowerPoint to record training sessions that are typically delivered in-person
    • YouTube/Vimeo to host recorded lecture-format training
    • Company intranet to host links and files needed to complete training
    • Web conferencing software to host live training/orientation sessions (e.g. Webex)
    • LMS to host and track completion of learning content

    Want to learn more?

    Recruit IT Talent

    • Improve candidate experience to hire top IT talent.

    Recruit and Retain More Women in IT

    • Gender diversity is directly correlated to IT performance.

    Recruit and Retain People of Color in IT

    • Good business, not just good philanthropy.

    Adapt Your Onboarding Process to a Virtual Environment

    • Develop short-term solutions with a long-term outlook to quickly bring in new talent.

    Bibliography

    2021 Recruiter Nation Report. Survey Analysis, Jobvite, 2021. Web.

    “5 Global Stats Shaping Recruiting Trends.” The Undercover Recruiter, 2022. Web.

    Barr, Tavis, Raicho Bojilov, and Lalith Munasinghe. "Referrals and Search Efficiency: Who Learns What and When?" The University of Chicago Press, Journal of Labor Economics, vol. 37, no. 4, Oct. 2019. Web.

    “How to grow your team better, faster with an employee referral program.” Betterup, 10 Jan. 2022. Web.

    “Employee Value Proposition: How 25 Companies Define Their EVP.” Built In, 2021. Web.

    Global Leadership Forecast 2021. Survey Report, DDI World, 2021. Web.

    “Connecting Unemployed Youth with Organizations That Need Talent.” Harvard Business Review, 3 November 2016. Web.

    Ku, Daniel. “Social Recruiting: Everything You Need To Know for 2022.” PostBeyond, 26 November 2021. Web.

    Ladders Staff. “Shedding light on the job search.” Ladders, 20 May 2013. Web.

    Merin. “Campus Recruitment – Meaning, Benefits & Challenges.” HR Shelf, 1 February 2022. Web.

    Mobile Recruiting. Smart Recruiters, 2020. Accessed March 2022.

    Roddy, Seamus. “5 Employee Referral Program Strategies to Hire Top Talent.” Clutch, 22 April 2020. Web.

    Sinclair, James. “What The F*dge: That's Your Stranger Recruiting Budget?” LinkedIn, 11 November 2019. Web.

    “Ten Employer Examples of EVPs.” Workology, 2022. Web

    “The Higher Cost of a Bad Hire.” Robert Half, 15 March 2021. Accessed March 2022.

    Trost, Katy. “Hiring with a 90% Success Rate.” Katy Trost, Medium, 8 August 2022. Web.

    “Using Social Media for Talent Acquisition.” SHRM, 20 Sept. 2017. Web.

    Dive Into Five Years of Security Strategies

    • Buy Link or Shortcode: {j2store}247|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting
    • As organizations build their security programs, there is often the question of what are other companies doing.
    • Part of this is a desire to know whether challenges are unique to certain companies, but also to understand how people are tackling some of their security gaps.

    Our Advice

    Critical Insight

    Don’t just wonder what others are doing – use this report to see how companies are faring in their current state, where they want to target in their future state, and the ways they’re planning to raise their security posture.

    Impact and Result

    • Whether you’re building out your security program for the first time or are just interested in how others are faring, review insights from 66 security strategies in this report.
    • This research complements the blueprint, Build an Information Security Program, and can be used as a guide while completing that project.

    Dive Into Five Years of Security Strategies Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Start here – read the Executive Brief

    Read our concise Executive Brief to find out what this report contains.

    [infographic]

    Secrets of SAP S-4HANA Licensing

    • Buy Link or Shortcode: {j2store}231|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $25,000 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • With the relatively slow uptake of the S/4HANA platform, the pressure is immense for SAP to maintain revenue growth.
    • SAP’s definitions and licensing rules are complex and vague, making it extremely difficult to purchase with confidence while remaining compliant.
    • Aggressive audit tactics may be used to speed up the move to HANA.

    Our Advice

    Critical Insight

    • Mapping SAP products to HANA can be highly complex, leading to overspending and an inability to reduce future spend.
    • The deployment model chosen will directly impact commercial pathways forward.
    • Beware of digital (indirect) access licensing and compliance concerns.
    • Without having a holistic negotiation strategy, it is easy to hit a common obstacle and land into SAP’s playbook, requiring further spend.

    Impact and Result

    • Build a business case to evaluate S/4HANA.
    • Understand the S/4HANA roadmap and map current functionality to ensure compatibility.
    • Understand negotiating pricing and commercial terms.
    • Learn the “SAP way” of conducting business, which includes a best-in-class sales structure, unique contracts, and license use policies combined with a hyper-aggressive compliance function.

    Secrets of SAP S/4HANA Licensing Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should explore the secrets of SAP S/4HANA licensing, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish requirements

    Determining SAP’s fit within your organization is critical. Start off by building a business case to assess overarching drivers and justification for change, any net new business benefits and long-term sustainability. Oftentimes the ROI is negative, but the investment sets the stage for long-term growth.

    2. Evaluate licensing options

    Your deployment model is more important than you think. Selecting a deployment model will dictate your licensing options followed by your contractual pathways forward.

    • SAP License Summary and Analysis Tool
    • SAP Digital Access Licensing Pricing Tool

    3. Negotiation and license management

    Know what’s in the contract. Each customer agreement is different and there may be existing terms that are beneficial. Depending on how much is spent, anything can be up for negation.

    • SAP S/4HANA Terms and Conditions Evaluator
    [infographic]

    Establish Effective Data Stewardship

    • Buy Link or Shortcode: {j2store}133|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Data stewardship is a critical function in modern data governance. Every data-driven firm needs stewards who can tackle data issues and challenges rapidly. Data stewards help to reach agreement on data definition, quality, and usage. They direct efforts aimed at completing metadata, improving data quality, and ensuring regulatory compliance.
    • Stewards must also provide recommendations regarding data access, security, distribution, retention, archiving, and disposal.

    Our Advice

    Critical Insight

    • While the data steward role is crucial to establishing and sustaining effective governance of data, it is the role in the data governance operating structure that is often left ambiguous.
    • It is often perceived as requiring incremental IT skills and one with all new or unfamiliar functions.
    • In the ambition and haste to deliver on data governance, the various data governance role titles are communicated out to the wider organization, with data stewards especially left wondering: “Why am I being asked to be a data steward? What is expected of me? How will succeed in this role?”

    Impact and Result

    To establish effective and impactful data stewardship:

    • Clearly articulate the data stewardship value proposition.
    • Formally design and detail the data steward role, including functions, capabilities, etc.
    • Set up your data stewards for success: having a detailed role definition on paper is certainly not enough. Ensure you go the extra mile to deliver relevant training such as data stewardship onboarding, awareness program, etc.

    Establish Effective Data Stewardship Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish Effective Data Stewardship Storyboard – Research that provides a step-by-step approach to aid in the successful establishment of data steward role.

    Use this deck to establish a solid data governance foundation in your organization. Start by defining the value of data stewardship and data governance and demystifying the role.

    • Establish Effective Data Stewardship – Phases 1-3

    2. Data Governance Role Accelerator Kit – A brief deck that defines the clear functions for different roles in data governance.

    This brief guide outlines how to adapt a data governance organizational structure for your organization and defines the roles of data owner, data steward, and data custodian.

    • Data Governance Roles Accelerator Kit
    [infographic]

    Further reading

    Establish Effective Data Stewardship

    Leverage your organization's business subject matter experts to drive impactful data use and handling.

    Analyst perspective

    Leverage your organization's business subject matter experts to drive impactful data use and handling.

    Data stewards bring valuable expertise and knowledge about their business areas: priorities, business capabilities and processes, and challenges and opportunities with respect to data. Because this knowledge cannot be easily replicated, going outside your organization to hire a data steward is not the most effective route.

    While it may seem difficult, organizing internally to harvest the already existing institutional knowledge of your business subject matter experts (SMEs) will give a better – and faster – return when setting up and formalizing data stewardship.

    The role must be well defined and communicated. We cannot expect SMEs to wear a hat without understanding the expectations for their role. They must be set up for success – they must be empowered, recognized, and rewarded.

    Crystal Singh, Director, Research and Advisory, Data and Analytics Practice

    Crystal Singh
    Director, Research and Advisory, Data and Analytics Practice
    Info-Tech Research Group

    Phase breakdown

    Phase 1: Data Stewardship Value Proposition

    • Define the value of data stewardship and data governance, their importance, and the relationship between them.
    • Determine where data stewards fit in the bigger data governance operating structure. The data steward role will not be effective without the other data governance roles.
    • Highlight the gains of effective data stewardship: e.g. data quality management, data definition, data sharing, and the ethical use and handling of data.

    Phase breakdown

    Phase 2: Data Steward Role Design

    • Who makes a good data steward? Important knowledge and skills include subject area expertise, institutional knowledge, collaborative skills, interpersonal, and political skills, an understanding of your organization's culture, and the ability to build good partnerships across business functions and with data management.
    • Seek out SMEs from within your organization. This may require you to mold and shape individuals to step up and into the role. An external hire will give capacity but will be more difficult (and time consuming) to ramp up.
    • Consult internally in your organization. For example, consult and liaise with Human Resources (HR) to determine if job descriptions need to be updated, if there would be any impact to compensation, etc.
    • Determine if this role needs to be a full-time role.
    • Demystify the role. Clarify that this is not an IT role and therefore will not require IT skills.
    • Leverage Info-Tech data governance patterns:
      • Data Stewardship in Action – Sample Data Quality Issue Resolution Process Template and Business Term and Data Definitions
      • Sample Data Steward (and Data Owner) to Data Domain Mapping

    Phase breakdown

    Phase 3: Strategies for Data Stewardship Success

    • Establish a solid data governance foundation in your organization.
    • Develop data stewardship onboarding: e.g. literacy and training, and frequently asked questions (FAQs).
    • Gain support from data owners, the director general (DG) committee, data leadership, and executive leaders/champions.
    • Set up rewards and recognition for the role.
    • Establish a feedback loop/mechanism for data stewards so the stewardship program can be adjusted accordingly.
    • Establish communication and create awareness of the role.

    Establishing effective data stewardship

    Leverage your organization's business SMEs to drive impactful data use and handling.

    Unlock the value of data through people.

    Data Steward Value Proposition
    Clearly articulate the data stewardship value proposition. What's in it for the person, their line of business or mandate, and your organization as a whole.

    Data Steward Role Design
    Formally design and define the role of a data steward, including the functions and capabilities.

    Strategies for Success
    Set up your data stewards for success. Having a detailed role definition on paper is not enough. Ensure that you go the extra mile to deliver the relevant training, such as data stewardship onboarding and an awareness program.

    Executive summary

    Your Challenge Common Obstacles Info-Tech's Approach
    Data stewardship is a critical function in modern data governance. Every data-driven firm needs stewards who can rapidly tackle data issues and challenges. Data stewards help to reach agreement on data definition, quality, and usage. They direct efforts aimed at completing metadata, improving data quality, and ensuring regulatory compliance.
    Stewards must also provide recommendations regarding data access, security, distribution, retention, archiving, and disposal.     		While the data steward role is crucial to establishing and sustaining the effective governance of data, it is the role in the data governance operating structure that is often left unclear, ambiguous, and open to misinterpretation.
    It is often perceived as requiring incremental IT skills and one with all new or unfamiliar functions.
    In the ambition and haste to deliver on data governance, the various data governance role titles are communicated to the wider organization, often leaving data stewards wondering why they are being asked to be a data steward, what is expected of them, and how they will succeed in this role.     		Info-Tech's approach to establish effective and impactful data stewardship:
    • Clearly articulate the data stewardship value proposition.
    • Formally design and define the role of data steward, including the functions and capabilities.
    • Set up your data stewards for success. Having a detailed role definition on paper is not enough. Ensure that you go the extra mile to deliver the relevant training, such as data stewardship onboarding and an awareness program.

    Info-Tech Insight
    Effective data governance requires a solid foundation. Data stewards provide the foundation for data governance. The time and effort to define this role properly will yield sound data governance return.

    Phase 1: Data Stewardship Value Proposition

    What is the VALUE of a DATA STEWARD?

    Value of a Data Steward

    Improved Data Quality Management

    Clear and Consistent Data Definition

    Increased Data Sharing and Collaboration

    Ethical Handling of Data

    Define the strategic value of data in your organization

    Harness the value of data to power intelligent and transformative organizational performance.

    Optimize the way you serve your stakeholders.

    Respond to industry disruption.

    Develop products and services to meet ever-evolving needs.

    Manage operations and mitigate risk.

    Data governance is an enabling framework of decision rights, responsibilities, and accountabilities for data assets across an organization.

    Data governance is:

    • Executed according to agreed-upon models that describe who can take what actions with what information, when, and using what methods (CIO.com, 2021).
    • True business-IT collaboration that leads to increased consistency and confidence in data to support decision making

    If done correctly, data governance is not:

    • An annoying, finger-waving roadblock in the way of getting things done
    • An inhibitor or impediment to using and sharing data

    Data governance is about putting guard rails in place to better support the use and handling of your organization's data.

    Is there a clear definition of data accountability and responsibility in your organization?

    2020 CIO Priorities Report

    • Buy Link or Shortcode: {j2store}97|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • The velocity and magnitude of technology changes today has increased dramatically compared to anything that has come before.
    • The velocity and magnitude of advancements in technology has always seemed unprecedented in every wave of technology change we have experienced over the past 40 years. With each new wave of innovation, “unprecedented” is redefined to a new level, and so it remains true that today’s CIO is faced with unprecedented levels of change as a direct result of emerging technologies.
    • What is different today is that we are at the point where the emerging technology itself is now capable of accelerating the pace of change even more through artificial intelligence capabilities.
    • If we are to realize the business value through the adoption of emerging technologies, CIOs must address significant challenges. We believe addressing these challenges lies in the CIO priorities for 2020.

    Our Advice

    Critical Insight

    • First there was IT/business alignment, then there was IT/business integration – both states characterized as IT “getting on the same page” as the business. In the context of emerging technologies, the CIO should no longer be focused on getting on the same page as the CEO.
    • Today it is about the CEO and the CIO collaborating to write a new book about convergence of all things: technology (infrastructure and applications), people (including vendors), process, and data.
    • Digital transformation and adoption of emerging technologies is not a goal, it is a journey – a means to the end, not the end unto itself.

    Impact and Result

    • Use Info-Tech's 2020 CIO Priorities Report to ascertain, based on our research, what areas of focus for 2020 are critical for success in adopting emerging technologies.
    • Adopting these technologies requires careful planning and consideration for what is critical to your business customers.
    • This report provides focus on the business benefits of the technology and not just the capabilities themselves. It puts the CIO in a position to better understand the true value proposition of any of today’s technology advancements.

    2020 CIO Priorities Report Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to understand the top five priorities for CIOs in 2020 and why these are so critical to success.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Refine and adapt processes

    Learn about how processes can make or break your adoption of emerging technologies.

    • 2020 CIO Priorities Report – Priority 1: Refine and Adapt Processes

    2. Re-invent IT as collaboration engine

    Learn about how IT can transform its role within the organization to optimize business value.

    • 2020 CIO Priorities Report – Priority 2: Re-Invent IT as Collaboration Engine

    3. Acquire and retain talent for roles in emerging technologies

    Learn about how IT can attract and keep employees with the skills and knowledge needed to adopt these technologies for the business.

    • 2020 CIO Priorities Report – Priority 3: Acquire and Retain Talent for Roles in Emerging Technologies

    4. Define and manage cybersecurity and cyber resilience requirements related to emerging technologies

    Understand how the adoption of emerging technologies has created new levels of risk and how cybersecurity and resilience can keep pace.

    • 2020 CIO Priorities Report – Priority 4: Define and Manage Cybersecurity and Cyber Resilience Requirements Related to Emerging Technologies

    5. Leverage emerging technology to create Wow! customer experiences

    Learn how IT can leverage emerging technology for its own customers and those of its business partners.

    • 2020 CIO Priorities Report – Priority 5: Leverage Emerging Technology to Create Wow! Customer Experiences
    [infographic]

    Create an Effective SEO Keyword Strategy

    • Buy Link or Shortcode: {j2store}568|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions

    Digital Marketers working with an outdated or bad SEO strategy often see:

    • Declining keyword ranking and traffic
    • Poor keyword strategy
    • On-page errors

    Our Advice

    Critical Insight

    Most marketers fail in their SEO efforts because they focus on creating content for computers, not people.

    Impact and Result

    Using the SoftwareReviews methodology, digital marketers are able to break up their SEO project and data into bite-sized, actionable steps that focus on long-term improvement. Our methodology includes:

    • Competitive keyword research and identification of opportunities
    • On-page keyword strategy

    Create an Effective SEO Keyword Strategy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create an Effective SEO Keyword Strategy

    Update your on-page SEO strategy with competitively relevant keywords.

    • Create an Effective SEO Keyword Strategy Storyboard
    [infographic]

    Further reading

    Create an Effective SEO Keyword Strategy
    Update your on-page SEO strategy with competitively relevant keywords.

    Analyst Perspective

    Most marketers fail in their SEO efforts because they focus on creating content for computers, not people.

    Leading search engine optimization methods focus on creating and posting relevant keyword-rich content, not just increasing page rank. Content and keywords should move a buyer along their journey, close a sale, and develop long-term relationships. Unfortunately, many SEO specialists focus on computers, not the buyer. What's even more concerning is that up to 70% of SaaS businesses have already been impacted by outdated and inefficient SEO techniques. Poor strategies often focus on ballooning SEO metrics in the short-term instead of building the company's long-term PageRank.

    Best-in-class digital marketers stop chasing the short-term highs and focus on long-term growth. This starts with developing a competitive keyword strategy and updating website content with the new keywords.

    SEO is a large topic, so we have broken the strategy into small, easy-to-implement steps, taking the guesswork out of how to use the data from SEO tools and giving CMOs a solid path to increase their SEO results.

    This is a picture of Terra Higginson

    Terra Higginson
    Marketing Research Director
    SoftwareReviews

    Executive Summary

    Your Challenge

    Digital marketers working with an outdated or bad SEO strategy often see:

    • Declining keyword ranking and traffic
    • Poor keyword strategy
    • On-page errors

    Search algorithms change all the time, which means that the strategy is often sitting on the sifting sands of technology, making SEO strategies quickly outdated.

    Common Obstacles

    Digital marketers are responsible for developing and implementing a competitive SEO strategy but increasingly encounter the following obstacles:

    • SEO practitioners that focus on gaming the system
    • Ever-changing SEO technology
    • Lack of understanding of the best SEO techniques
    • SEO techniques focus on the needs of computers, not people
    • Lack of continued investment

    SoftwareReviews' Approach

    Using the SoftwareReviews methodology, digital marketers are able to break up their SEO project and data into bite-sized, actionable steps that focus on long-term improvement. Our methodology includes:

    • Competitive keyword research and identification of opportunities
    • On-page keyword strategy

    Our methodology will take a focused step-by-step strategy in a series of phases that will increase PageRank and competitive positioning.

    SoftwareReviews' SEO Methodology

    In this blueprint, we will cover:

    Good SEO vs. Poor SEO Techniques

    The difference between good and bad SEO techniques.

    Common Good
    SEO Techniques

    Common Poor
    SEO Techniques

    • Writing content for people, not machines.
    • Using SEO tools to regularly adjust and update SEO content, keywords, and backlinks.
    • Pillar and content cluster strategy in addition to a basic on- and off-page strategy.
    • Keyword stuffing and content duplication.
    • A strategy that focuses on computers first and people second.
    • Low-quality or purchased backlinks.

    Companies With Great SEO…

    Keyword Strategy

    • Have identified a keyword strategy that carves out targets within the white space available between themselves and the competition.

    Error-Free Site

    • Have error-free sites without duplicate content. Their URLs and redirects are all updated. Their site is responsive, and every page loads in under two seconds.

    Pillar & Content Clusters

    • Employ a pillar and content cluster strategy to help move the buyer through their journey.

    Authentic Off-Page Strategy

    • Build an authentic backlink strategy that incorporates the right information on the right sites to move the buyer through their journey.

    SEO Terms Defined

    A glossary to define common Phase 1 SEO terms.

    Search Volume: this measures the number of times a keyword is searched for in a certain time period. Target keywords with a volume of between 100-100,000. A search volume greater than 100,000 will be increasingly difficult to rank (A Beginner's Guide to Keyword Search Volume, 2022, Semrush).

    Keyword Difficulty: the metric that quantifies how difficult it will be to rank for a certain keyword. The keyword difficulty percentage includes the number of competitors attempting to rank for the same keyword, the quality of their content, the search intent, backlinks, and domain authority (Keyword Difficulty: What Is It and Why Is It Important? 2022, Semrush).

    Intent: this metric focuses on the intent of the user's search. All search intent is categorized into Informational, Commercial, Navigational, and Transactional (What Is Search Intent? A Complete Guide, 2022, Semrush).

    On-Page SEO: refers to the practice of search engine optimizing elements of your site such as title tags, internal links, HTML code, URL optimization, on-page content, images, and user experience.

    Off-Page SEO: refers to the practice of optimizing brand awareness (What Is Off-Page SEO? A Comprehensive Guide, 2022, Semrush).

    H1: HTML code that tells a search engine the title of the page (neilpatel.com).

    SEO Tool: A subscription-based all-in-one search engine optimization MarTech tool.

    Google's mission is to organize the world's information and make it universally accessible and useful… We believe Search should deliver the most relevant and reliable information available.
    – An excerpt from Google's mission statement

    Your Challenge

    Google makes over 4.5k algorithm changes per year1, directly impacting digital marketing search engine optimization efforts.

    Digital marketers with SEO problems will often see the following issues:

    • Keyword ranking – A decline in keyword ranking is alarming and results in decreased PageRank.
    • Bounce rate – Attracting the wrong audience to your site will increase the bounce rate because the H1 doesn't resonate with your audience.
    • Outdated keywords – Many companies are operating on a poor keyword strategy, or even worse, no keyword strategy. In addition, many marketers haven't updated their strategy to include pillar and cluster content.
    • Errors – Neglected sites often have a large number of errors.
    • Bad backlinks – Neglected sites often have a large number of toxic backlinks.

    The best place to hide a dead body is on page two of the search results.
    – Huffington Post

    Common Obstacles

    Digital marketers are responsible for developing and executing a competitive SEO strategy but increasingly encounter the following obstacles:

    • Inefficient and ineffective SEO practitioners.
    • Changing SEO technology and search engine algorithms.
    • Lack of understanding of the best-in-class SEO techniques.
    • Lack of a sustainable plan to manage the strategy and invest in SEO.

    SEO is a helpful activity when it's applied to people-first content. However, content created primarily for search engine traffic is strongly correlated with content that searchers find unsatisfying.
    – Google Search Central Blog

    Benefits of Proper SEO

    A good SEO keyword strategy will create long-term, sustainable SEO growth:

    • Write content for people, not algorithms – Good SEO prioritizes the needs of humans over the needs of computers, being ever thoughtful of the meaning of content and keywords.
    • Content that aligns with intent – Content and keyword intent will align with the buyer journey to help move prospects through the funnel.
    • Competitive keyword strategy – Find keyword white space for your brand. Keywords will be selected to optimize your ranking among competition with reasonable and sustainable targets.
    • Actionable and impactful fixes – By following the SoftwareReviews phases of SEO, you will be able to take a very large task and divide it into conquerable actions. Small improvements everyday lead to very large improvements over time.

    Digital Marketing SEO Stats

    61%
    61% of marketers believe that SEO is the key to online success.
    Source: Safari Digital

    437%
    Updating an existing title tag with an SEO optimised one can increase page clicks by more than 437%.
    Source: Safari Digital

    Good SEO Aligns With Search Intent

    What type of content is the user searching for? Align your keyword to the logical search objective.

    Informational

    This term categorizes search intent for when a user wants to inform or educate themselves on a specific topic.

    Commercial

    This term categorizes search intent for when a user wants to do research before making a purchase.

    Transactional

    This term categorizes search intent for when a user wants to purchase something.

    Navigational

    This term categorizes search intent for when a user wants to find a specific page.

    SoftwareReviews' Methodology toCreate an Effective SEO Strategy

    1. Competitive Analysis & Keyword Discovery 2. On-Page Keyword Optimization
    Phase Steps
    1. Make a list of keywords in your current SEO strategy – including search volume, keyword difficulty percentage, intent.
    2. Research the keywords of top competitors.
    3. Make a list of target keywords you would like to own – including the search volume, keyword difficulty percentage, and intent. Make sure that these keywords align with your buyer persona.
    1. List product and service pages, along with the URL and current ranking(s) for the keyword(s) for that URL.
    2. Create a new individual page strategy for each URL. Record the current keyword, rank, title tag, H1 tag, and meta description. Then, with keyword optimization in mind, develop the new title tag, new H1 tag, and new meta description. Build the target keywords into the pages and tags.
    3. Record the current ranking for the pages' keywords then reassess after three to six months.
    Phase Outcomes
    • Understanding of competitive landscape for SEO
    • A list of target new keywords
    • Keyword optimized product and service pages

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2

    Call #1: Identify your current SEO keyword strategy.

    Call #2: Discuss how to start a competitive keyword analysis.

    Call #4: Discuss how to build the list of target keywords.

    Call #6: Discuss keyword optimization of the product & services pages.

    Call #8: (optional)

    Schedule a call to update every three to six months.

    Call #3: Discuss the results of the competitive keyword analysis.

    Call #5: Discuss which pages to update with new target keywords.

    Call #7: Review final page content and tags.

    Call #9: Schedule a call for SEO Phase 2: On-Page Technical Refinement.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 1 to 2 months.

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2

    Call #1: Identify your current SEO keyword strategy.

    Call #2: Discuss how to start a competitive keyword analysis.

    Call #4: Discuss how to build the list of target keywords.

    Call #6: Discuss keyword optimization of the product & services pages.

    Call #8: (optional)

    Schedule a call to update every three to six months.

    Call #3: Discuss the results of the competitive keyword analysis.

    Call #5: Discuss which pages to update with new target keywords.

    Call #7: Review final page content and tags.

    Call #9: Schedule a call for SEO Phase 2: On-Page Technical Refinement.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 1 to 2 months.

    SoftwareReviews offers various levels of support to best suit your needs

    Included Within an Advisory Membership Optional Add-Ons
    DIY Toolkit Guided Implementation Workshop Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Insight Summary

    People-First Content

    Best-in-class SEO practitioners focus on people-first content, not computer-first content. Search engine algorithms continue to focus on how to rank better content first, and a strategy that moves your buyers through the funnel in a logical and cohesive way will beat any SEO trick over the long run.

    Find White Space

    A good SEO strategy uses competitive research to carve out white space and give them a competitive edge in an increasingly difficult ranking algorithm. An understanding of the ideal client profile and the needs of their buyer persona(s) sit as a pre-step to any good SEO strategy.

    Optimize On-Page Keywords

    By optimizing the on-page strategy with competitively relevant keywords that target your ideal client profile, marketers are able to take an easy first step at improving the SEO content strategy.

    Understand the Strategy

    If you don't understand the strategy of your SEO practitioner, you are in trouble. Marketers need to work hand in hand with their SEO specialists to quickly uncover gaps, create a strategy that aligns with the buyer persona(s), and execute the changes.

    Quality Trumps Quantity

    The quality of the prospect that your SEO efforts bring to your site is more important than the number of people brought to your site.

    Stop Here and Ask Yourself:

    • Do I have an updated (completed within the last two years) buyer persona and journey?
    • Do I know who the ICP (ideal client profile) is for my product or company?

    If not, stop here, and we can help you define your buyer persona and journey, as well as your ideal client profile before moving forward with SEO Phase 1.

    The Steps to SEO Phase 1

    The Keyword Strategy

    1. Current Keywords
      • Identify the keywords your SEO strategy is currently targeting.
    2. Competitive Analysis
      • Research the keywords of competitor(s). Identify keyword whitespace.
    3. New Target Keywords
      • Identify and rank keywords that will result in more quality leads and less competition.
    4. Product & Service Pages
      • Identify your current product and service pages. These pages represent the easiest content to update on your site.
    5. Individual Page Update
      • Develop an SEO strategy for each of your product and service pages, include primary target keyword, H1, and title tags, as well as keyword-rich description.

    Resources Needed for Search Engine Optimization

    Consider the working skills required for search engine optimization.

    Required Skills/Knowledge

    • SEO
    • Web development
    • Competitive analysis
    • Content creation
    • Understanding of buyer persona and journey
    • Digital marketing

    Suggested Titles

    • SEO Analyst
    • Competitive Intelligence Analyst
    • Content Marketing Manager
    • Website Developer
    • Digital Marketing Manager

    Digital Marketing Software

    • CMS that allows you to easily access and update your content

    SEO Software

    • SEO tool

    Step 1: Current Keywords

    Use this sheet to record your current keyword research.

    Use your SEO tool to research keywords and find the following:
    Use a quality tool like SEMRush to obtain SEO data.

    1. Keyword difficulty
    2. Search volume
    3. Search intent

    This is a screenshot of the SEO tool SEMRush, which can be used to identify current keywords.

    Step 2: Competitive Analysis

    Use this sheet to guide the research on your competitors' keywords.

    Use your SEO tool to find the following:

    1. Top organic keywords
    2. Ranking of keywords
    3. Domain authority and trust
    4. Position changes

    This is a screenshot of the SEO tool SEMRush, which can be used to perform an competitive analysis

    Step 3: New Target Keywords

    Use this sheet to record target keywords that have a good volume but are less competitive. The new target keywords should align with your buyer persona and their journey.

    Use your SEO tool to research keywords and find the following:
    Use a quality tool like SEMRush to obtain SEO data.

    1. Keyword difficulty
    2. Search volume
    3. Search intent

    This is a screenshot of the SEO tool SEMRush, which can be used to identify new target keywords.

    Step 4: Product & Service Pages

    Duplicate this page so that you have a separate page for each URL from Step 4

    Use this sheet to identify your current product and service pages.

    Use your SEO tool to find the following:

    1. Current rank
    2. Current keywords

    This is a screenshot of the SEO tool SEMRush, showing where you can display product and service pages.

    Step 5: Individual Page Strategy

    Develop a keyword strategy for each of your product and service pages. Use a fresh page for each URL.

    Date last optimized:
    mm/dd/yyyy

    This is a screenshot of the SEO tool SEMRush, with an example of how you can use an individual page strategy to develop a keyword strategy.

    Bibliography

    Council, Y. "Council Post: The Rundown On Black Hat SEO Techniques And Why You Should Avoid Them." Forbes, 2022. Accessed September 2022.

    "Our approach – How Google Search works." Google Search. Accessed September 2022.

    "The Best Place to Hide a Dead Body is Page Two of Google." HuffPost, 2022. Accessed September 2022.

    Patel, Neil. "How to Create the Perfect H1 Tag for SEO." neilpatel.com. Accessed September 2022.

    Schwartz, B. "Google algorithm updates 2021 in review: Core updates, product reviews, page experience and beyond." Search Engine Land, 2022. Accessed September 2022.

    Schwartz, B. "Google algorithm updates 2021 in review: Core updates, product reviews, page experience and beyond." Search Engine Land, 2022. Accessed September 2022.

    Maximize the Benefits from Enterprise Applications with a Center of Excellence

    • Buy Link or Shortcode: {j2store}367|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $129,465 Average $ Saved
    • member rating average days saved: 12 Average Days Saved
    • Parent Category Name: Optimization
    • Parent Category Link: /optimization
    • Processes pertaining to managing the application are inconsistent and do not drive excellence.
    • There is a lack of interdepartmental collaboration between different teams pertaining to the application.
    • There are no formalized roles and responsibilities for governance and support around enterprise applications.

    Our Advice

    Critical Insight

    • Scale the Center of Excellence (CoE) based on business needs. There is flexibility in how extensively the CoE methodology is applied and rigidity in how consistently it should be used.
    • The CoE is a refinery. It takes raw inputs from the business and produces an enhanced product, removing waste and isolating it from re-entering day-to-day operations.
    • Excellence is about people as much as it is about process. Documented best practices should include competencies, key resources, and identified champions to advocate the CoE practice.

    Impact and Result

    • Formalize roles and responsibilities for all application initiatives.
    • Develop a standard process of governance and oversight surrounding the application.
    • Develop a comprehensive support network that consists of IT, the business, and external stakeholders to address issues and problem areas surrounding the application.

    Maximize the Benefits from Enterprise Applications with a Center of Excellence Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should establish a Center of Excellence for your enterprise application, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create a vision for the CoE

    Understand the importance of developing an enterprise application CoE, define its scope, and identify key stakeholders.

    • Maximize the Benefits from Enterprise Applications with a Center of Excellence – Phase 1: Create a Vision for the Center of Excellence
    • Enterprise Application Center of Excellence Project Charter

    2. Design the CoE future state

    Gather high-level requirements to determine the ideal future state.

    • Maximize the Benefits from Enterprise Applications with a Center of Excellence – Phase 2: Design the Center of Excellence Future State
    • Center of Excellence Refinery Model Template

    3. Develop a CoE roadmap

    Assess the required capabilities to reach the ideal state CoE.

    • Maximize the Benefits from Enterprise Applications with a Center of Excellence – Phase 3: Develop a Center of Excellence Roadmap
    • Center of Excellence Exceptions Report
    • Track and Measure Benefits Tool
    • Enterprise Application Center of Excellence Stakeholder Presentation Template
    [infographic]

    Workshop: Maximize the Benefits from Enterprise Applications with a Center of Excellence

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Create a Vision for the CoE

    The Purpose

    Understand the importance of developing a CoE for enterprise applications.

    Determine how to best align the CoE mandate with business objectives.

    Complete a CoE project charter to gain buy-in, build a project team, and track project success. 

    Key Benefits Achieved

    Key stakeholders identified.

    Project team created with defined roles and responsibilities.

    Project charter finalized to gain buy-in.

    Activities

    1.1 Evaluate business needs and priorities.

    1.2 Identify key stakeholders and the project team.

    1.3 Align CoE with business priorities.

    1.4 Map current state CoE.

    Outputs

    Project vision

    Defined roles and responsibilities

    Strategic alignment of CoE and the business

    CoE current state schematic

    2 Design the CoE Future State

    The Purpose

    Gain a thorough understanding of pains related to the lack of application governance.

    Identify and recycle existing CoE practices.

    Visualize the CoE enhancement process.

    Visualize your ideal state CoE. 

    Key Benefits Achieved

    Requirements to strengthen the case for the enterprise application CoE.

    CoE value-add refinery.

    Future potential of the CoE.

    Activities

    2.1 Gather requirements.

    2.2 Map the CoE enhancement process.

    2.3 Sketch future state CoE.

    Outputs

    Classified pains, opportunities, and existing practices

    CoE refinery model

    Future state CoE sketch

    3 Develop a CoE Roadmap

    The Purpose

    Assess required capabilities and resourcing.

    List and prioritize CoE initiatives.

    Track and monitor CoE performance. 

    Key Benefits Achieved

    Next steps for the enterprise application CoE.

    CoE resourcing plan.

    CoE benefits realization tracking.

    Activities

    3.1 Build CoE capabilities.

    3.2 Identify risks and mitigation efforts.

    3.3 Prioritize and track CoE initiatives.

    3.4 Finalize stakeholder presentation.

    Outputs

    CoE potential capabilities

    Risk management plan

    CoE initiatives roadmap

    CoE stakeholder presentation

    Next-Generation InfraOps

    • Buy Link or Shortcode: {j2store}457|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management
    • Traditional IT capabilities, activities, organizational structures, and culture need to adjust to leverage the value of cloud, optimize spend, and manage risk.
    • Different stakeholders across previously separate teams rely on one another more than ever, but rules of engagement do not yet exist.

    Our Advice

    Critical Insight

    • By defining your end goals and framing solutions based on the type of visibility and features you need, you can enable speed and reliability without losing control of the work.

    Impact and Result

    • Understand the xOps spectrum and what approaches benefit your organization.
    • Make sense of the architectural approaches and enablement tools available to you.
    • Evolve from just improving your current operations to a continuous virtuous cycle of development and deployment.

    Next-Generation InfraOps Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Next-Generation InfraOps Storyboard – A deck that will help you use Ops methodologies to build a virtuous cycle.

    This storyboard will help you understand the spectrum of different Agile xOps working modes and how best to leverage them and build an architecture and toolset that support rapid continuous IT operations

    • Next-Generation InfraOps Storyboard
    [infographic]

    Further reading

    Next-Generation InfraOps

    Embrace the spectrum of Ops methodologies to build a virtuous cycle.

    Executive summary

    Your Challenge

    IT Operations continue to be challenged by increasing needs for scale and speed, often in the face of constrained resources and time. For most, Agile methodologies have become a foundational part of tackling this problem. Since then, we've seen Agile evolve into DevOps, which started a trend into different categories of "xOps" that are too many to count. How does one make sense of the xOps spectrum? What is InfraOps and where does it fit in?

    Common Obstacles

    Ultimately, all these methodologies and approaches are there to serve the same purpose: increase effectiveness through automation and improve governance through visibility. The key is to understand what tools and methodologies will deliver actual benefits to your IT operation and to the organization as a whole.

    Info-Tech's Approach

    By defining your end goals and framing solutions based on the type of visibility and features you need, you can enable speed and reliability without losing control of the work.

    1. Understand the xOps spectrum and what approaches will benefit your organization.
    2. Make sense of the architectural approaches and enablement tools available to you.
    3. Evolve from just improving your current operations to a continuous virtuous cycle of development and deployment.

    Info-Tech Insight

    InfraOps, when applied well, should be the embodiment of the governance policies as expressed by standards in architecture and automation.

    Project overview

    Understand the xOps spectrum

    There are as many different types of "xOps" as there are business models and IT teams. To pick the approaches that deliver the best value to your organization and that align to your way of operating, it's important to understand the different major categories in the spectrum and how they do or don't apply to your IT approach.

    How to optimize the Ops in DevOps

    InfraOps is one of the major methodologies to address a key problem in IT at cloud scale: eliminating friction and error from your deliveries and outputs. The good news is there are architectures, tools, and frameworks you can easily leverage to make adopting this approach easier.

    Evolve to integration and build a virtuous cycle

    Ultimately your DevOps and InfraOps approaches should embody your governance needs via architecture and process. As time goes on, however, both your IT footprint and your business environment will shift. Build your tools, telemetry, and governance to anticipate and adapt to change and build a virtuous cycle between development needs and IT Operations tools and governance.

    The xOps spectrum

    This is an image of the xOps spectrum. The three main parts are: Code Acceleration (left), Governance(middle), and Infrastructure Acceleration (right)

    xOps categories

    There is no definitive list of x's in the xOps spectrum. Different organizations and teams will divide and define these in different ways. In many cases, the definitions and domains of various xOps will overlap.

    Some of the commonly adopted and defined xOps models are listed here.

    Shift left? Shift right?

    Cutting through the jargon

    • Shifting left is about focusing on the code and development aspects of a delivery cycle.
    • Shifting right is about remembering that infrastructure and tools still do matter.

    Info-Tech Insight

    Shifting left or right isn't an either/or choice. They're more like opposite sides of the same coin. Like the different xOps approaches, usually more than one shift approach will apply to your IT Operations.

    IT Operations in the left-right spectrum

    Shifting from executing and deploying to defining the guardrails and standards

    This is an image of the left-right spectrum for your XOps position

    Take a middle-out approach

    InfraOps and DevOps aren't enemies; they're opposite sides of the same coin.

    • InfraOps is about the automation and standardization of execution. It's an essential element in any fully automated CI/CD pipeline.
    • Like DevOps, InfraOps is built on similar values (the pillars of DevOps).
    • It builds on the principle of Lean to focus on removing friction, or turn-and-type activities, from the pipeline/process.
    • In InfraOps, one of the key methods for removing friction is through automation of the interstitia between different phases of a DevOps or CI/CD cycle.

    Optimize the Ops in DevOps

    Focus on eliminating friction

    This is an image of an approach to optimizing the ops in DevOps.

    With the shift from execution to governing and validating, the role of deployment falls downstream of IT Operations.

    IT Operations needs to move to a mindset that focuses on creating the guardrails, enforced standards, and compliance rules that need to be used downstream, then apply those standards using automation and tooling to remove friction and error from the interstitia (the white spaces between chevrons) of the various phases.

    InfraOps tools

    Four quadrants in the shape of a human head, in the boxes are the following: Hyperconverged Infrastructure; Composable Infrastructure; Infrastructure as code and; Automation and Orchestration

    Info-Tech Insight

    Your tools can be broken into two categories:

    • Infrastructure Architecture
      • HCI vs. CI
    • Automation Tooling
      • IaC and A&O

    Keep in mind that while your infrastructure architecture is usually an either/or choice, your automation approach should use any and all tooling that helps.

    Infrastructure approach

    • Hyperconverged

    • Composable

    Hyperconverged Infrastructure (HCI)

    Hyperconvergence is the next phase of convergence, virtualizing servers, networks, and storage on a single server/storage appliance. Capacity scales as more appliances are added to a cluster or stack.
    The disruptive departure:

    • Even though servers, networks, and storage were each on their own convergence paths, the three remained separate management domains (or silos). Even single-SKU converged infrastructures like VCE Vblocks are still composed of distinct server, network, and storage devices.
    • In hyperconvergence, the silos collapse into single-software managed devices. This has been disruptive for both the vendors of technology solutions (especially storage) and for infrastructure management.
    • Large storage array vendors are challenged by hyperconvergence alternatives. IT departments need to adapt IT skills and roles away from individual management silos and to more holistic service management.

    A comparison between converged and hyperconverged systems.

    Info-Tech Insight

    HCI follows convergence trends of the past ten years but is also a departure from how IT infrastructure has traditionally been provisioned and managed.

    HCI is at the same time a logical progression of infrastructure convergence and a disruptive departure.

    Hyperconverged (HCI) – SWOT

    HCI can be the foundation block for a fully software defined data center, a prerequisite for private cloud.

    Strengths

    • Potentially lower TCO through further infrastructure consolidation, reducing CapEx and OpEx expenditures through facilities optimization and cost consolidation.
    • Operations in particular can be streamlined, since storage, network connections, and processors/memory are all managed as abstractions via a single control pane.
    • HCI comes with built-in automation and analytics that lead to quicker issue resolution.

    Opportunities

    • Increased business agility by paving the way for a fully software defined infrastructure stack and cloud automation.
    • Shift IT human assets from hardware asset maintainers and controllers to service delivery managers.
    • Better able to compete with external IT service alternatives.
    • Move toward a hybrid cloud service offering where the service catalog contains both internal and external offerings.

    Key attributes of a cloud are automation, resource elasticity, and self-service. This kind of agility is impossible if physical infrastructure needs intervention.

    Info-Tech Insight

    Virtualization alone does not a private cloud make, but complete stack virtualization (software defined) running on a hands-off preconfigured HCI appliance (or group of appliances) provides a solid foundation for building cloud services.

    Hyperconverged (HCI) – SWOT

    Silo-busting and private cloud sound great, but are your people and processes able to manage the change?

    Weaknesses

    • HCI typically scales out linearly (CPU & storage). This does not suit traditional scale-up applications such as high-performance databases and large-capacity data warehouses.
    • Infrastructure stacks are perceived as more flexible for variable growth across segments. For example, if storage is growing but processing is not, storage can scale separately from processing.

    Threats

    • HCI will be disruptive to roles within IT. Internal pushback is a real threat if necessary changes in skills and roles are not addressed.
    • HCI is not a simple component replacement but an adoption of a different kind of infrastructure. Different places in the lifecycles for each of storage, network, and processing devices could make HCI a solution where there is no immediate problem.

    In traditional infrastructure, performance and capacity are managed as distinct though complementary jobs. An all-in-one approach may not work.

    Composable Infrastructure (CI)

    • Composable infrastructure in many ways represents the opposite of an HCI approach. Its focus is on further disaggregating resources and components used to build systems.
      • Unlike traditional cloud virtual systems, composable infrastructure provides virtual bare metal resources, allowing tightly coupled resources like CPU, RAM, and GPU – or any device/card/module – to be released back and forth into the resource pool as required by a given workload.
      • This is enabled by the use of high-speed, low-latency PCI Express (PCI-e) and Compute Express Link (CXL) fabrics that allow these resources to be decoupled.
      • It also supports the ability to present other fabric types critical for building out enterprise systems (e.g. Ethernet, InfiniBand).
    • Accordingly, CI systems are also based on next-generation network architecture that supports moving critical functions to the network layer, which enables more efficient use of the application-layer resources.

    Composable Infrastructure (CI)

    • CI may also leverage network-resident data/infrastructure processing units (DPUs/IPUs), which offload many network, security, and storage functions.
      • As new devices and functions become available, they can be added into the catalog of resources/functions available in a CI pool.

    Use Case Example: Composable AI flow

    Data Ingestion > Data Cleaning/Tagging > Training > Conclusion

    • At each phase of the process, resources, including specialized hardware like memory and GPU cores, can be dynamically allocated and reallocated to the workload on demand

    Composable Infrastructure (CI)

    Use cases and considerations

    Where it's useful

    • Enable even more efficient allocation/utilization of resources for workloads.
    • Very large memory or shared memory requirements can benefit greatly.
    • Decouple purchasing decisions for underlying resources.
    • Leverage the fabric to make it easier to incrementally upgrade underlying resources as required.
    • Build "the Impossible Server."

    Considerations

    • Requires significant footprint/scale to justify in many cases
    • Not necessarily good value for environments that aren't very volatile and heterogeneous in terms of deployment requirements
    • May not be best value for environments where resource-stranding is not a significant issue

    Info-Tech Insight

    Many organizations using a traditional approach report resource stranding as having an impact of 20% or more on efficiency. When focusing specifically on the stranding of memory in workloads, the number can often approach 40%.

    The CI ecosystem

    This is an image of the CI ecosystem.

    • The CI ecosystem has many players, large and small!
    • Note that the CI ecosystem is dependent on a large ecosystem of underlying enablers and component builders to support the required technologies.

    Understanding the differences

    This image shows the similarities and differences between traditional, cloud, hyperconverged, and composable.

    Automation approach

    • Infrastructure as Code
    • Automation & Orchestration
    • Metaorchestration

    Infrastructure as Code (IaC)

    Infrastructure as code (IaC) is the process of managing and provisioning computer data centers through machine-readable definition files rather than physical hardware configuration or interactive configuration tools.

    Before IaC, IT personnel would have to manually change configurations to manage their infrastructure. Maybe they would use throwaway scripts to automate some tasks, but that was the extent of it.

    With IaC, your infrastructure's configuration takes the form of a code file, making it easy to edit, copy, and distribute.

    Info-Tech Insight
    IaC is a critical tool in enabling key benefits!

    • Reduced costs
    • Increased scalability, flexibility, and speed
    • Better consistency and version control
    • Reduced deployment errors

    Infrastructure as Code (IaC)

    1. IaC uses a high-level descriptive coding language to automate the provisioning of IT infrastructure. This eliminates the need to manually provision and manage servers, OS, database connections, storage, and other elements every time we want to develop, test, or deploy an application.
    2. IaC allows us to define the computer systems on which code needs to run. Most commonly, we use a framework like Chef, Ansible, Puppet, etc., to define their infrastructure. These automation and orchestration tools focus on the provisioning and configuring of base compute infrastructure.
    3. IaC is also an essential DevOps practice. It enables teams to rapidly create and version infrastructure in the same way they version source code and to track these versions so as to avoid inconsistency among IT environments that can lead to serious issues during deployment.
    • Idempotence is a principle of IaC. This means a deployment command always sets the target environment into the same configuration, regardless of the environment's starting state.
      • Idempotency is achieved by either automatically configuring an existing target or discarding the existing target and recreating a fresh environment.

    Automation/Orchestration

    Orchestration describes the automated arrangement, coordination, and management of complex computer systems, middleware, and services.

    This usage of orchestration is often discussed in the context of service-oriented architecture, virtualization, provisioning, converged infrastructure, and dynamic data center topics. Orchestration in this sense is about aligning the business request with the applications, data, and infrastructure.

    It defines the policies and service levels through automated workflows,
    provisioning, and change management. This creates an application-aligned infrastructure that can be scaled up or down based on the needs of each application.

    As the requirement for more resources or a new application is triggered, automated tools now can perform tasks that previously could only be done by multiple administrators operating on their individual pieces of the physical stack.

    Orchestration also provides centralized management of the resource pool, including billing, metering, and chargeback for consumption. For example, orchestration reduces the time and effort for deploying multiple instances of a single application.

    Info-Tech Insight

    Automation and orchestration tools can be key components of an effective governance toolkit too! Remember to understand what data can be pulled from your various tools and leveraged for other purposes such as cost management and portfolio roadmapping.

    Automation/Orchestration

    There are a wide variety of orchestration and automation tools and technologies.

    Configuration Management

    Configuration Management

    		The logos for companies which fall in each of the categories in the column to the left of the image.

    CI/CD
    Orchestration

    Container
    Orchestration

    Cloud-Specific
    Orchestration

    PaaS
    Orchestration

    Info-Tech Insight

    Automation and orchestration tools and software offerings are plentiful, and many of them have a different focus on where in the application delivery ecosystem they provide automation functionality.

    Often there are different tools for different deployment and service models as well as for different functional phases for each service model.

    Automation/Orchestration

    Every tool focuses on different aspects or functions of the deployment of resources and applications.

    • Resources
      • Compute
      • Storage
      • Network
    • Extended Services
      • Platforms
      • Infrastructure Services
      • Web Services
    • Application Assets
      • Images
      • Templates
      • Containers
      • Code

    Info-Tech Insight

    Let the large ecosystem of tools be your ally. Leverage the right tools where needed and then address the complexity of tools using a master orchestration scheme.

    Metaorchestration

    A Flow chart for the approach to metaorchestration.

    Additionally, most tools do not cover all aspects required for most automation implementations, especially in hybrid cloud scenarios.

    As such, often multiple tools must be deployed, which can lead to fragmentation and loss of unified controls.

    Many enterprises address this fragmentation using a cloud management platform approach.

    One method of achieving this is to establish a higher layer of orchestration – an "orchestrator of orchestrators," or metaorchestration.

    In complex scenarios, this can be a challenge that requires customization and development.

    InfraOps tools ecosystem

    Toolkit Pros Cons Tips
    HCI Easy scale out Shift in skills required Good for enabling automation and hybridization with current-gen public cloud services
    CI Maximal workload resource efficiency Investment in new fabrics and technologies Useful for very dynamic or highly scalable workloads like AI
    IaC Error reduction and standardization Managing drift in standards and requirements Leverage a standards and exception process to keep track of drift
    A&O Key enabler of DevOps automation within phases Usually requires multiple toolsets/frameworks Use the right tools and stitch together at the metaorchestration layer
    Metaorchestration Reduces the complexity of a diverse A&O and IaC toolkit Requires understanding of the entire ecosystems of tools used Key layer of visibility and control for governance

    Build a virtuous cycle

    Remember, the goal is to increase speed AND reliability. That's why we focus on removing friction from our delivery pipelines.

    • The first step is to identify the points of friction in your cycle and understand the intensity and frequency of these friction points.
    • Depending on your delivery and project management methodology, you'll have a different posture of the different tools that make sense for your pipeline.
    • For example, if you are focused on delivering raw resources for sysadmins and/or you're in a Waterfall methodology where the friction points are large but infrequent, hyperconverged is likely to delivery good value, whereas tools like IaC and orchestration may not be as necessary.

    Info-Tech Insight

    Remember that, especially in modern and rapid methodologies, your IT footprint can drift unexpectedly. This means you need a real feedback mechanism on where the friction moves to next.

    This is particularly important in more Agile methodologies.

    Activity: Map your IT operations delivery

    Identify your high-friction interstitial points

    • Using the table below, or a table modified to your delivery phases, map out the activities and tasks that are not standardized and automated.
    • For the incoming and outgoing sections, think about what resources and activities need to be (or could be) created, destroyed, or repurposed to efficiently manage each cycle and the spaces between cycles.
    Plan Code Test Deploy Monitor
    Incoming Friction
    In-Cycle Friction
    Outgoing Friction

    Info-Tech Insight

    Map your ops groups to the delivery cycles in your pipeline. How many delivery cycles do you have or need?

    Good InfraOps is a reflection of governance policies, expressed by standards in architecture and automation.

    Related Info-Tech Research

    Evaluate Hyperconverged Infrastructure for Your Infrastructure Roadmap

    • This Info-Tech note covers evaluation of HCI platforms.

    Design Your Cloud Operations

    • This Info-Tech blueprint covers organization of operations teams for various deployment and Agile modes.

    Bibliography

    Banks, Ethan, host. "Choosing Your Next Infrastructure." Datanauts, episode 094, Packet Pushers, 26 July 2017. Podcast.
    "Composable Infrastructure Solutions." Hewlett Packard Canada, n.d. Web.
    "Composable Infrastructure Technology." Liqid Inc., n.d. Web.
    "DataOps architecture design." Azure Architecture Center, Microsoft Learn, n.d. Web.
    Tan, Pei Send. "Differences: DevOps, ITOps, MLOps, DataOps, ModelOps, AIOps, SecOps, DevSecOps." Medium, 5 July 2021. Web.

    Configuration management

    • Buy Link or Shortcode: {j2store}4|cart{/j2store}
    • Related Products: {j2store}4|crosssells{/j2store}
    • Up-Sell: {j2store}4|upsells{/j2store}
    • Download01-Title: Harness the power of Configuration Management Executive Brief
    • Download-01: Visit Link
    • member rating overall impact: 8.0/10
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Infra and Operations
    • Parent Category Link: /infra-and-operations
    • byline: Create your configuration management strategy.
    Configuration management is all about being able to manage your assets within the support processes. That means to record what you need. Not less than that, and not more either.

    Asset Management, Configuration Management, Lifecycle Management

    Contact Tymans Group

    We're here to get your IT Operations performant and resilient

    We have the highest respect for your person. We contact you only with responses to your questions. Our company ethics insist on transparency and honesty.

    Continue reading

    Maximize Business Value From IT Through Benefits Realization

    • Buy Link or Shortcode: {j2store}337|cart{/j2store}
    • member rating overall impact: 6.0/10 Overall Impact
    • member rating average dollars saved: 4 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: IT Governance, Risk & Compliance
    • Parent Category Link: /it-governance-risk-and-compliance
    • IT and the business are often misaligned because business value is not well defined or communicated.
    • Decisions are made without a shared perspective of value. This results in cost misallocation and unexploited opportunities to improve efficiency and drive innovation.

    Our Advice

    Critical Insight

    • IT exists to provide business value and is part of the business value chain. Most IT organizations lack a way to define value, which complicates the process of making value-based strategic business decisions.
    • IT must link its spend to business value to justify its investments. IT doesn’t have an established process to govern benefits realization and struggles to demonstrate how it provides value from its investments.
    • Pursue value, not technology. The inability to articulate value leads to IT being perceived as a cost center.

    Impact and Result

    • Ensure there is a common understanding within the organization of what is valuable to drive growth and consistent strategic decision making.
    • Equip IT to evaluate, direct, and monitor investments to support the achievement of organizational values and business benefits.
    • Align IT spend with business value through an enhanced governance structure to achieve cost optimization. Ensure IT visibly contributes to the creation and maintenance of value.

    Maximize Business Value From IT Through Benefits Realization Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should establish a benefits realization process, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand business value

    Ensure that all key strategic stakeholders hold a current understanding of what is valuable to the organization and a sense of what will be valuable based on future needs.

    • Maximize Business Value from IT Through Benefits Realization – Phase 1: Understand Business Value
    • Business Value Statement Template
    • Business Value Statement Example
    • Value Statement Email Communication Template
    • Feedback Consolidation Tool

    2. Incorporate benefits realization into governance

    Establish the process to evaluate spend on IT initiatives based on expected benefits, and implement the methods to monitor how well the initiatives achieve these benefits.

    • Maximize Business Value from IT Through Benefits Realization – Phase 2: Incorporate Benefits Realization into Governance
    • Business Value Executive Presentation Template

    3. Ensure an accurate reference of value

    Re-evaluate, on a consistent basis, the accuracy of the value drivers stated in the value statement with respect to the organization’s current internal and external environments.

    • Maximize Business Value from IT Through Benefits Realization – Phase 3: Ensure an Accurate Reference of Value
    [infographic]

    Workshop: Maximize Business Value From IT Through Benefits Realization

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand Business Value

    The Purpose

    Establish the business value statement.

    Understand the importance of implementing a benefits realization process.

    Key Benefits Achieved

    Unified stakeholder perspectives of business value drivers

    Establish supporters of the initiative

    Activities

    1.1 Understand what governance is and how a benefits realization process in governance will benefit the company.

    1.2 Discuss the mission and vision of the company, and why it is important to establish the target state prior to defining value.

    1.3 Brainstorm and narrow down organization value drivers.

    Outputs

    Stakeholder buy-in on benefits realization process

    Understanding of interrelations of mission, vision, and business value drivers

    Final three prioritized value drivers

    Completed business value statement

    2 Incorporate Benefits Realization Into Governance

    The Purpose

    Establish the intake, assessment and prioritization, and output and monitoring processes that are involved with implementing benefits realization.

    Assign cut-over dates and accountabilities.

    Establish monitoring and tracking processes.

    Key Benefits Achieved

    A thorough implementation plan that can be incorporated into existing governance documents

    Stakeholder understanding of implemented process, process ownership

    Activities

    2.1 Devise the benefits realization process.

    2.2 Establish launch dates, accountabilities, and exception handling on processes.

    2.3 Devise compliance monitoring and exception tracking methods on the benefits realization process.

    Outputs

    Benefits realization process incorporated into governance documentation

    Actionable plan to implement benefits realization process

    Reporting processes to ensure the successful delivery of the improved governance process

    3 Ensure an Accurate Reference of Value

    The Purpose

    Implement a process to ensure that business value drivers remain current to the organization.

    Key Benefits Achieved

    Align IT with the business and business to its environment

    Activities

    3.1 Determine regular review cycle to reassess business value drivers.

    3.2 Determine the trigger events that may cause off-cycle revisits to value.

    3.3 Devise compliance monitoring on value definition.

    Outputs

    Agenda and tools to assess the business context to verify the accuracy of value

    List of possible trigger events specific to your organization

    Reporting processes to ensure the continuous adherence to the business value definition

    Map Technical Skills for a Changing Infrastructure & Operations Organization

    • Buy Link or Shortcode: {j2store}333|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: 5 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design
    • Infrastructure & Operations is changing rapidly. It’s a constant challenge to find the right skills to support the next new technology while at the same time maintaining the skills in house that allow you to support your existing platforms.
    • A lack of clarity around required skills makes finding the right skills difficult, and it’s not clear whether you should train, hire, contract, or outsource to address gaps.
    • You need to keep up with changes and new strategy while continuing to support your existing environment.

    Our Advice

    Critical Insight

    • Take a strategic approach to acquiring skills – looking only as far as the needs of the next project will lead to a constant skills shortage with no plan for it to be addressed.
    • Begin by identifying your future state. Identify needed skills in the organization to support planned projects and initiatives, and to mitigate skills-related risks.

    Impact and Result

    • Leverage your infrastructure roadmap and cloud strategy to identify needed skills in your future state environment.
    • Decide how you’ll acquire needed skills based on the characteristics of need for each skill.
    • Communicate the change and create a plan of action for the skills transformation.

    Map Technical Skills for a Changing Infrastructure & Operations Organization Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should map technical skills for a changing Infrastructure & Operations organization, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify skills needs for the future state environment

    Identify what skills are needed based on where the organization is going.

    • Map Technical Skills for a Changing Infrastructure & Operations Organization – Phase 1: Identify Skills Needs for Your Future State Environment
    • Future State Playbook
    • IT/Cloud Solutions Architect
    • IT/Cloud Engineer
    • IT/Cloud Administrator
    • IT/Cloud Demand Billing & Accounting Analyst

    2. Acquire needed skills

    Ground skills acquisition decisions in the characteristics of need.

    • Map Technical Skills for a Changing Infrastructure & Operations Organization – Phase 2: Acquire Needed Skills
    • Technical Skills Map

    3. Maximize the value of the skills map

    Get stakeholder buy-in; leverage the skills map in other processes.

    • Map Technical Skills for a Changing Infrastructure & Operations Organization – Phase 3: Maximize the Value of Your Skills Map
    • Technical Skills Map Communication Deck Template
    [infographic]

    Workshop: Map Technical Skills for a Changing Infrastructure & Operations Organization

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Review Initiatives and Skills-Related Risks

    The Purpose

    Identify process and skills changes required by the future state of your environment.

    Key Benefits Achieved

    Set foundation for alignment between strategy-defined technology initiatives and needed skills.

    Activities

    1.1 Review the list of initiatives and projects with the group.

    1.2 Identify how key support, operational, and deployment processes will change through planned initiatives.

    1.3 Identify skills-related risks and pain points.

    Outputs

    Future State Playbook

    2 Identify Needed Skills and Roles

    The Purpose

    Identify process and skills changes required by the future state of your environment.

    Key Benefits Achieved

    Set foundation for alignment between strategy-defined technology initiatives and needed skills.

    Activities

    2.1 Identify skills required to support the new environment.

    2.2 Map required skills to roles.

    Outputs

    IT/Cloud Architect Role Description

    IT/Cloud Engineer Role Description

    IT/Cloud Administrator Role Description

    3 Create a Plan to Acquire Needed Skills

    The Purpose

    Create a skills acquisition strategy based on the characteristics of need.

    Key Benefits Achieved

    Optimal skills acquisition strategy defined.

    Activities

    3.1 Modify impact scoring scale for key skills decision factors.

    3.2 Apply impact scoring scales to needed skills

    3.3 Decide whether to train, hire, contract, or outsource to acquire needed skills.

    Outputs

    Technical Skills Map

    4 Develop a Communication Plan

    The Purpose

    Create an effective communication plan for different stakeholders across the organization.

    Identify opportunities to leverage the skills map elsewhere.

    Key Benefits Achieved

    Create a concise, clear, consistent, and relevant change message for stakeholders across the organization.

    Activities

    4.1 Review skills decisions and decide how you will acquire skills in each role.

    4.2 Update roles descriptions.

    4.3 Create a change message.

    4.4 Identify opportunities to leverage the skills map in other processes.

    Outputs

    Technical Skills Map Communication Deck

    Transform Your Field Technical Support Services

    • Buy Link or Shortcode: {j2store}112|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design
    • Redefine the role of deskside or field technicians as demand for service evolves and service teams are restructured.
    • Redefine the role of onsite technicians when the help desk is outsourced.
    • Define requirements when supplementing with outsourced field services teams.
    • Identify barriers to streamlining processes.
    • Look for opportunities to streamline processes and better use technical teams.
    • Communicate and manage change to support roles.

    Our Advice

    Critical Insight

    • Service needs to be defined in a way that considers the organizational need for local, hands-on technicians, the need for customer service, and the need to make the best use of resources that you have.
    • Service level agreements will need to be refined and metrics will need to be analyzed for capacity and skilled planning.
    • Organizational change management will be key to persuade users to engage with the technical team in a way that supports the new structure.

    Impact and Result

    • Many IT teams are struggling to keep up with demand while trying to refocus on customer service. With more remote workers than ever, organizations who have traditionally provided desktop and field services have been revaluating the role of the field service technicians. Add in the price of fuel, and there is even more reason to assess the support model.
    • Often changes to the way IT does support, especially if moving centralized support to an outsourcer, is met with resistance by end users who don’t see the value of phoning someone else when their local technician is still available to problem solve. This speaks to the need to ensure the central group is providing value to end users as well as the technical team.
    • With the challenges of finding the right number of technicians with the right skills, it’s time to rethink remote support and how that can be used to train and upskill the people you have. And it’s time to think about how to use field services tools to make the best use of your technician’s time.

    Transform Your Field Technical Support Services Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Transform Field Services Guide – A brief deck that outlines key migration steps to improve our remote client support services.

    This blueprint will help you:

    • Transform Your Field Technical Services Storyboard

    2. Transform Field Services Template – A template to create a transformation proposal.

    This template will help you to build your proposal to transform your field services.

    • Proposal to Transform Field Technical Services Template
    [infographic]

    Further reading

    Transform Your Field Technical Support Services

    Improve service and reduce costs through digital transformation.

    Analyst Perspective

    Improve staffing challenges through digital transformation.

    Many IT teams are struggling to keep up with demand while trying to refocus on customer service. With more remote workers than ever, organizations who have traditionally provided desktop and field services have been revaluating the role of the field service technicians. Add in the price of fuel, and there is even more reason to assess the support model. Often changes to the way IT does support, especially if moving centralized support to an outsourcer, is met with resistance by end users who don’t see the value of phoning someone else when their local technician is still available to problem solve. This speaks to the need to ensure the central group is providing value to end users as well as the technical team. With the challenges of finding the right number of technicians with the right skills, it’s time to rethink remote support and how that can be used to train and upskill the people you have. And it’s time to think about how to use field services tools to make the best use of your technician’s time.

    The image contains a picture of Sandi Conrad.

    Sandi Conrad

    Principal Research Director

    Infrastructure & Operations Practice

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    With remote work becoming a normal employee offering for many organizations, self-serve/self-solve becoming more prominent, and a common call out to improve customer service, there is a need to re-examine the way many organizations are supplying onsite support. For organizations with a small number of offices, a central desk with remote tools may be enough or can be combined with a concierge service or technical center, but for organizations with multiple offices it becomes difficult to provide a consistent level of service for all customers unless there is a team onsite for each location. This may not be financially possible if there isn’t enough work to keep a technical team busy full-time.

    Common Obstacles

    Where people have a choice between calling a central phone number or talking to the technician down the hall, the in-person experience often wins out. End users may resist changes to in-person support as work is rerouted to a centralized group by choosing to wait for their favorite technician to show up onsite rather than reporting issues centrally. This can make the job of the onsite technician more challenging as they need to schedule time in every visit for unplanned work. And where technicians need to support multiple locations, travel needs to be calculated into lost technician time and costs.

    Info-Tech’s Approach

    • Service needs to be defined in a way that considers the organizational need for local, hands-on technicians, the need for customer service, and the need to make the best use of resources that you have.
    • Service-level agreements will need to be refined and metrics will need to be analyzed for capacity and skilled planning.
    • Organizational change management will be key to persuade users to engage with the technical team in a way that supports the new structure.

    Info-Tech Insight

    Improving process will be helpful for smaller teams, but as teams expand or work gets more complicated, investment in appropriate tools to support field services technicians will enable them to be more efficient, reduce costs, and improve outcomes when visits are warranted.

    Your challenge

    This research is designed to help organizations who are looking to:

    • Redefine the role of deskside or field technicians as demand for service evolves and service teams are restructured.
    • Redefine the role of onsite technicians when the help desk is outsourced.
    • Define requirements when supplementing with outsourced field services teams.
    • Identify barriers to streamlining processes.
    • Look for opportunities to streamline processes and better use technical teams.
    • Communicate and manage change to support roles.

    With many companies having new work arrangements for users, where remote work may be a permanent offering or if your digital transformation is well underway, this provides an opportunity to rethink how field support needs to be done.

    What is field services?

    Field services is in-person support delivered onsite at one or more locations. Management of field service technicians may include queue management, scheduling service and maintenance requests, triaging incidents, dispatching technicians, ordering parts, tracking job status, and billing.

    The image contains a diagram to demonstrate what may be supported by field services and what should be supported by field services.

    What challenges are you trying to solve within your field services offering?

    Focus on the reasons for the change to ensure the outcome can be met. Common goals include improved customer service, better technician utilization, and increased response time and stability.

    • Discuss specific challenges the team feels are contributing to less-than-ideal customer service.
    • Does the team have the skills, knowledge, and tools they need to be successful? Technicians may be solving issues with the customer looking over their shoulder. Having quick access to knowledge articles or to subject matter experts who can provide deeper expertise remotely may be the difference between a single visit to resolve or multiple or extended visits.
    • What percentage of tickets would benefit from triage and troubleshooting done remotely before sending a technician onsite? Where there are a high number of no-fault-found visits, this may be imperative to improving technician availability.
    • Review method for distribution of tickets, including batching criteria and dispatching of technicians. Are tickets being dispatched efficiently? By location and/or priority? Is there an attempt to solve more tickets centrally? Should there be? What SLA adjustment is reasonable for onsite visits?
    • Has the support value been defined?
    The image contains a graph to demonstrate Case Casuals in Field Services, where the highest at 55% is break/fix.

    Field services will see the biggest improvements through technology updates

    Customer Intake

    Provide tools for scheduling technicians, self-serve and self- or assisted-solve through ITSM or CRM-based portal and visual remote tools.

    		 The image contains a picture to demonstrate the different field services.

    Triage and Troubleshoot

    Upgrade remote tools to visual remote solutions to troubleshoot equipment as well as software. Eliminate no-fault-found visits and improve first-time fix rate by visually inspecting equipment before technician deployments.

    Improve Communications

    FSM GPS and SMS updates can be set to notify customers when a technician is close by and can be used for customer sign-off to immediately update service records and launch survey or customer billing where applicable.

    Schedule Technicians

    Field service management (FSM) ITSM modules will allow skills-based scheduling for remote technicians and determine best route for multi-site visits.

    Enable Work From Anywhere

    FSM mobile applications can provide technicians with daily schedules, turn-by-turn directions, access to inventory, knowledge articles, maintenance, and warranty and asset records. Visual remote captures service records and enables access to SMEs.

    Manage Expectations

    Know where technicians are for routing to emergency calls and managing workload using field service management solutions with GPS.

    Digital transformation can dramatically improve customer and technician experience

    The image contains an arrown that dips and rises dramatically to demonstrate how digital transformation can dramatically increase customer and technician experience.
    Sources: 1 - TechSee, 2019; 2 - Glartek; 3 - Geoforce; 4 - TechSee, 2020

    Improve technician utilization and scheduling with field services management software

    Field services management (FSM) software is designed to improve scheduling of technicians by skills and location while reducing travel time and mileage. When integrated with ITSM software, the service record is transferred to the field technician for continuity and to prepare for the job. FSM mobile apps will enable technicians to receive schedule updates through the day and through GPS update the dispatcher as technicians move from site to site.

    FSM solutions are designed to manage large teams of technicians, providing automated dispatch recommendations based on skills matching and proximity.

    Routes can be mapped to reduce travel time and mileage and adjusted to respond to emergency requests by technician skills or proximity. Automation will provide suggestions for work allocation.

    Spare parts management may be part of a field services solution, enabling technicians to easily identify parts needed and update real-time inventory as parts are deployed.

    Push notifications in real-time streamline communications from the field to the office, and enable technicians to close service records while in the field.

    Dispatchers can easily view availability, assign work orders, attach notes to work orders, and immediately receive updates if technicians acknowledge or reject a job.

    Maintenance work can be built into online checklists and forms to provide a technician with step-by-step instructions and to ensure a complete review.

    Skills and location-based routing allow dispatchers to be able to see closest tech for emergency deployments.

    Improve time to resolve while cutting costs by using visual remote support tools

    Visual remote support tools enable live video sessions to clearly see what the client or field service technician sees, enabling the experts to provide real-time assistance where the experts will provide guidance to the onsite person. Getting a view of the technology will reduce issues with getting the right parts, tools, and technicians onsite and dramatically reduce second visits.

    Visual remote tools can provide secure connections through any smartphone, with no need for the client to install an application.

    The technicians can take control of the camera to zoom in, turn on the flashlight for extra lighting, take photos, and save video directly to the tickets.

    Optical character recognition allows automatic text capture to streamline process to check warranty, recalls, and asset history.

    Visual, interactive workflows enhance break/fix and inspections, providing step-by-step guidance visual evidence and using AI and augmented reality to assess the images, and can provide next steps by connecting to a visual knowledgebase.

    Integration with field service management tools will allow information to easily be captured and uploaded immediately into the service record.

    Self-serve is available through many of these tools, providing step-by-step instructions using visual cues. These solutions are designed to work in low-bandwidth environments, using Wi-Fi or cellular service, and sessions can be started with a simple link sent through SMS.

    Identify and Build the Data & Analytics Skills Your Organization Needs

    • Buy Link or Shortcode: {j2store}301|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management

    The rapid technological evolution in platforms, processes, and applications is leading to gaps in the skills needed to manage and use data. Some common obstacles that could prevent you from identifying and building the data & analytics skills your organization needs include:

    • Lack of resources and knowledge to secure professionals with the right mix of D&A skills and right level of experience/skills
    • Lack of well-formulated and robust data strategy
    • Underestimation of the value of soft skills

    Our Advice

    Critical Insight

    Skill deficiency is frequently stated as a roadblock to realizing corporate goals for data & analytics. Soft skills and technical skills are complementary, and data & analytics teams need a combination of both to perform effectively. Identify the essential skills and the gap with current skills that fit your organization’s data strategy to ensure the right skills are available at the right time and minimize pertinent risks.

    Impact and Result

    Follow Info-Tech's advice on the roles and skills needed to support your data & analytics strategic growth objectives and how to execute an actionable plan:

    • Define the skills required for each essential data & analytics role.
    • Identify the roles and skills gaps in alignment with your current data strategy.
    • Establish an action plan to close the gaps and reduce risks.

    Identify and Build the Data & Analytics Skills Your Organization Needs Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and Build the Data & Analytics Skills Your Organization Needs Deck – Use this research to assist you in identifying and building roles and skills that are aligned with the organization’s data strategy.

    To generate business value from data, data leaders must first understand what skills are required to achieve these goals, identify the current skill gaps, and then develop skills development programs to enhance the relevant skills. Use Info-Tech's approach to identify and fill skill gaps to ensure you have the right skills at the right time.

    • Identify and Build the Data & Analytics Skills Your Organization Needs Storyboard

    2. Data & Analytics Skills Assessment and Planning Tool – Use this tool to help you identify the current and required level of competency for data & analytics skills, analyze gaps, and create an actionable plan.

    Start with skills and roles identified as the highest priority through a high-level maturity assessment. From there, use this tool to determine whether the organization’s data & analytics team has the key role, the right combination of skill sets, and the right level competency for each skill. Create an actionable plan to develop skills and fill gaps.

    • Data & Analytics Skills Assessment and Planning Tool
    [infographic]

    Further reading

    Identify and Build the Data & Analytics Skills Your Organization Needs

    Blending soft skills with deep technical expertise is essential for building successful data & analytics teams.

    Analyst Perspective

    Blending soft skills with deep technical expertise is essential for building successful data & analytics teams.

    In today's changing environment, data & analytics (D&A) teams have become an essential component, and it is critical for organizations to understand the skill and talent makeup of their D&A workforce. Chief data & analytics officers (CDAOs) or other equivalent data leaders can train current data employees or hire proven talent and quickly address skills gaps.

    While developing technical skills is critical, soft skills are often left underdeveloped, yet lack of such skills is most likely why the data team would face difficulty moving beyond managing technology and into delivering business value.

    Follow Info-Tech's methodology to identify and address skills gaps in today's data workplace. Align D&A skills with your organization's data strategy to ensure that you always have the right skills at the right time.

    Ruyi Sun
    Research Specialist,
    Data & Analytics, and Enterprise Architecture
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    The rapid technological evolution in platforms, processes, and applications is leading to gaps in the skills needed to manage and use data. Some critical challenges organizations with skills deficiencies might face include:

    • Time loss due to delayed progress and reworking of initiatives
    • Poor implementation quality and low productivity
    • Reduced credibility of data leader and data initiatives

    Common Obstacles

    Some common obstacles that could prevent you from identifying and building the data and analytics (D&A) skills your organization needs are:

    • Lack of resources and knowledge to secure professionals with the right mixed D&A skills and the right experience/skill level
    • Lack of well-formulated and robust data strategy
    • Neglecting the value of soft skills and placing all your attention on technical skills

    Info-Tech's Approach

    Follow Info-Tech's guidance on the roles and skills required to support your D&A strategic growth objectives and how to execute an actionable plan:

    • Define skills required for each essential data and analytics role
    • Identify roles and skills gap in alignment with your current data strategy
    • Establish action plan to close the gaps and reduce risks

    Info-Tech Insight

    Skills gaps are a frequently named obstacle to realizing corporate goals for D&A. Soft skills and technical skills are complementary, and a D&A team needs both to perform effectively. Identify the essential skills and the gap with current skills required by your organization's data strategy to ensure the right skill is available at the right time and to minimize applicable risks.

    The rapidly changing environment is impacting the nature of work

    Scarcity of data & analytics (D&A) skills

    • Data is one of the most valuable organizational assets, and regardless of your industry, data remains the key to informed decision making. More than 75% of businesses are looking to adopt technologies like big data, cloud computing, and artificial intelligence (AI) in the next five years (World Economic Forum, 2023). As organizations pivot in response to industry disruptions and technological advancements, the nature of work is changing, and the demand for data expertise has grown.
    • Despite an increasing need for data expertise, organizations still have trouble securing D&A roles due to inadequate upskilling programs, limited understanding of the skills required, and more (EY, 2022). Notably, scarce D&A skills have been critical. More workers will need at least a base level of D&A skills to adequately perform their jobs.

    Stock image of a data storage center.

    Organizations struggle to remain competitive when skills gaps aren't addressed

    Organizations identify skills gaps as the key barriers preventing industry transformation:

    60% of organizations identify skills gaps as the key barriers preventing business transformation (World Economic Forum, 2023)

    43% of respondents agree the business area with the greatest need to address potential skills gaps is data analytics (McKinsey & Company, 2020)

    Most organizations are not ready to address potential role disruptions and close skills gaps:

    87% of surveyed companies say they currently experience skills gaps or expect them within a few years (McKinsey & Company, 2020)

    28% say their organizations make effective decisions on how to close skills gaps (McKinsey & Company, 2020)

    Neglecting soft skills development impedes CDOs/CDAOs from delivering value

    According to BearingPoint's CDO survey, cultural challenges and limited data literacy are the main roadblocks to a CDO's success. To drill further into the problem and understand the root causes of the two main challenges, conduct a root cause analysis (RCA) using the Five Whys technique.

    Bar Chart of 'Major Roadblocks to the Success of a CDO' with 'Limited data literacy' at the top.
    (Source: BearingPoint, 2020)

    Five Whys RCA

    Problem: Poor data literacy is the top challenge CDOs face when increasing the value of D&A. Why?

    • People that lack data literacy find it difficult to embrace and trust the organization's data insights. Why?
    • Data workers and the business team don't speak the same language. Why?
    • No shared data definition or knowledge is established. Over-extensive data facts do not drive business outcomes. Why?
    • Leaders fail to understand that data literacy is more than technical training, it is about encompassing all aspects of business, IT, and data. Why?
    • A lack of leadership skills prevents leaders from recognizing these connections and the data team needing to develop soft skills.

    Problem: Cultural challenge is one of the biggest obstacles to a CDO's success. Why?

    • Decisions are made from gut instinct instead of data-driven insights, thus affecting business performance. Why?
    • People within the organization do not believe that data drives operational excellence, so they resist change. Why?
    • Companies overestimate the organization's level of data literacy and data maturity. Why?
    • A lack of strategies in change management, continuous improvement & data literacy for data initiatives. Why?
    • A lack of expertise/leaders possessing these relevant soft skills (e.g. change management, etc.).

    As organizations strive to become more data-driven, most conversations around D&A emphasize hard skills. Soft skills like leadership and change management are equally crucial, and deficits there could be the root cause of the data team's inability to demonstrate improved business performance.

    Data cannot be fully leveraged without a cohesive data strategy

    Business strategy and data strategy are no longer separate entities.

    • For any chief data & analytics officer (CDAO) or equivalent data leader, a robust and comprehensive data strategy is the number one tool for generating measurable business value from data. Data leaders should understand what skills are required to achieve these goals, consider the current skills gap, and build development programs to help employees improve those skills.
    • Begin your skills development programs by ensuring you have a data strategy plan prepared. A data strategy should never be formulated independently from the business. Organizations with high data maturity will align such efforts to the needs of the business, making data a major part of the business strategy to achieve data centricity.
    • Refer to Info-Tech's Build a Robust and Comprehensive Data Strategy blueprint to ensure data can be leveraged as a strategic asset of the organization.

    Diagram of 'Data Strategy Maturity' with two arrangements of 'Data Strategy' and 'Business Strategy'. One is 'Aligned', the other is 'Data Centric.'

    Info-Tech Insight

    The process of achieving data centricity requires alignment between the data and business teams, and that requires soft skills.

    Follow Info-Tech's methodology to identify the roles and skills needed to execute a data strategy

    1. Define Key Roles and Skills

      Digital Leadership Skills, Soft Skills, Technical Skills
      Key Output
      • Defined essential competencies, responsibilities for some common data roles

    2. Uncover the Skills Gap

      Data Strategy Alignment, High-Level Data Maturity Assessment, Skills Gap Analysis
      Key Output
      • Data roles and skills aligned with your current data strategy
      • Identified current and target state of data skill sets

    3. Build an Actionable Plan

      Initiative Priority, Skills Growth Feasibility, Hiring Feasibility
      Key Output
      • Identified action plan to address the risk of data skills deficiency

    Info-Tech Insight

    Skills gaps are a frequently named obstacle to realizing corporate goals for D&A. Soft skills and technical skills are complementary, and a D&A team needs both to perform effectively. Identify the essential skills and the gap with current skills that fit your organization's data strategy to ensure the right skill is available at the right time and to minimize applicable risks.

    Research benefits

    Member benefits

    • Reduce time spent defining the target state of skill sets.
    • Gain ability to reassess the feasibility of execution on your data strategy, including resources and timeline.
    • Increase confidence in the data leader's ability to implement a successful skills development program that is aligned with the organization's data strategy, which correlates directly to successful business outcomes.

    Business benefits

    • Reduce time and cost spent hiring key data roles.
    • Increase chance of retaining high-quality data professionals.
    • Reduce time loss for delayed progress and rework of initiatives.
    • Optimize quality of data initiative implementation.
    • Improve data team productivity.

    Insight summary

    Overarching insight

    Skills gaps are a frequently named obstacle to realizing corporate goals for D&A. Soft skills and technical skills are complementary, and a D&A team needs both to perform effectively. Identify the essential skills and the gap with current skills that fit your organization's data strategy to ensure the right skill is available at the right time and to minimize applicable risks.

    Phase 1 insight

    Technological advancements will inevitably require new technical skills, but the most in-demand skills go beyond mastering the newest technologies. Soft skills are essential to data roles as the global workforce navigates the changes of the last few years.

    Phase 2 insight

    Understanding and knowing your organization's data maturity level is a prerequisite to assessing your current skill and determining where you must align in the future.

    Phase 3 insight

    One of the misconceptions that organizations have includes viewing skills development as a one-time effort. This leads to underinvestment in data team skills, risk of falling behind on technological changes, and failure to connect with business partners. Employees must learn to continuously adapt to the changing circumstances of D&A.

    While the program must be agile and dynamic to reflect technological improvements in the development of technical skills, the program should always be anchored in soft skills because data management is fundamentally about interaction, collaboration, and people.

    Tactical insight

    Seeking input and support across your business units can align stakeholders to focus on the right data analytics skills and build a data learning culture.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is four to six calls over the course of two to three months.

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Phase 3
    Call #1: Understand common data & analytics roles and skills, and your specific objectives and challenges. Call #2: Assess the current data maturity level and competency of skills set. Identify the skills gap. Call #3: Identify the relationship between current initiatives and capabilities. Initialize the corresponding roadmap for the data skills development program.

    Call #4: (follow-up call) Touching base to follow through and ensure that benefits have received.

    Identify and Build the Data & Analytics Skills Your Organization Needs

    Phase 1

    Define Key Roles and Skills

    Define Key Roles and Skills Uncover the Skills Gap Build an Actionable Plan

    This phase will walk you through the following activities:

    • 1.1 Review D&A Skill & Role List in Data & Analytics Assessment and Planning Tool

    This phase involves the following participants:

    • Data leads

    Key resources for your data strategy: People

    Having the right role is a key component for executing effective data strategy.

    D&A Common Roles

    • Data Steward
    • Data Custodian
    • Data Owner
    • Data Architect
    • Data Modeler
    • Artificial Intelligence (AI) and Machine Learning (ML) Specialist
    • Database Administrator
    • Data Quality Analyst
    • Security Architect
    • Information Architect
    • System Architect
    • MDM Administrator
    • Data Scientist
    • Data Engineer
    • Data Pipeline Developer
    • Data Integration Architect
    • Business Intelligence Architect
    • Business Intelligence Analyst
    • ML Validator

    AI and ML Specialist is projected to be the fastest-growing occupation in the next five years (World Economic Forum, 2023).

    While tech roles take an average of 62 days to fill, hiring a senior data scientist takes 70.5 days (Workable, 2019). Start your recruitment cycle early for this demand.

    D&A Leader Roles

    • Chief Data Officer (CDO)/Chief Data & Analytics Officer (CDAO)
    • Data Governance Lead
    • Data Management Lead
    • Information Security Lead
    • Data Quality Lead
    • Data Product Manager
    • Master Data Manager
    • Content and Record Manager
    • Data Literacy Manager

    CDOs act as impactful change agents ensuring that the organization's data management disciplines are running effectively and meeting the business' data needs. Only 12.0% of the surveyed organizations reported having a CDO as of 2012. By 2022, this percentage had increased to 73.7% (NewVantage Partners, 2022).

    Sixty-five percent of respondents said lack of data literacy is the top challenge CDOs face today (BearingPoint, 2020). It has become imperative for companies to consider building a data literacy program which will require a dedicated data literacy team.

    Key resources for your data strategy: Skill sets

    Distinguish between the three skills categories.

    • Soft Skills

      Soft skills are described as power skills regarding how you work, such as teamwork, communication, and critical thinking.

    • Digital Leadership Skills

      Not everyone working in the D&A field is expected to perform advanced analytical tasks. To thrive in increasingly data-rich environments, however, every data worker, including leaders, requires a basic technological understanding and skill sets such as AI, data literacy, and data ethics. These are digital leadership skills.

    • Technical Skills

      Technical skills are the practical skills required to complete a specific task. For example, data scientists and data engineers require programming skills to handle and manage vast amounts of data.

    Info-Tech Insight

    Technological advancements will inevitably require new technical skills, but the most in-demand skills go beyond mastering the newest technologies. Soft skills are essential to data roles as the global workforce navigates the changes of the last few years.

    Soft skills aren't just nice to have

    They're a top asset in today's data workplace.

    Leadership

    • Data leaders with strong leadership abilities can influence the organization's strategic execution and direction, support data initiatives, and foster data cultures. Organizations that build and develop leadership potential are 4.2 times more likely to financially outperform those that do not (Udemy, 2022).

    Business Acumen

    • The process of deriving conclusions and insights from data is ultimately utilized to improve business decisions and solve business problems. Possessing business acumen helps provide the business context and perspectives for work within data analytics fields.

    Critical Thinking

    • Critical thinking allows data leaders at every level to objectively assess a problem before making judgment, consider all perspectives and opinions, and be able to make decisions knowing the ultimate impact on results.

    Analytical Thinking

    • Analytical thinking remains the most important skill for workers in 2023 (World Economic Forum, 2023). Data analytics expertise relies heavily on analytical thinking, which is the process of breaking information into basic principles to analyze and understand the logic and concepts.

    Design Thinking & Empathy

    • Design thinking skills help D&A professionals understand and prioritize the end-user experience to better inform results and assist the decision-making process. Organizations with high proficiency in design thinking are twice as likely to be high performing (McLean & Company, 2022).

    Learning Focused

    • The business and data analytics fields continue to evolve rapidly, and the skills, especially technical skills, must keep pace. Learning-focused D&A professionals continuously learn, expanding their knowledge and enhancing their techniques.

    Change Management

    • Change management is essential, especially for data leaders who act as change agents developing and enabling processes and who assist others with adjusting to changes with cultural and procedural factors. Organizations with high change management proficiency are 2.2 times more likely to be high performing (McLean & Company, 2022).

    Resilience

    • Being motivated and adaptable is essential when facing challenges and high-pressure situations. Organizations highly proficient in resilience are 1.8 times more likely to be high performing (McLean & Company, 2022).

    Managing Risk & Governance Mindset

    • Risk management ability is not limited to highly regulated institutions. All data workers must understand risks from the larger organizational perspective and have a holistic governance mindset while achieving their individual goals and making decisions.

    Continuous Improvement

    • Continuously collecting feedback and reflecting on it is the foundation of continuous improvement. To uncover and track the lessons learned and treat them as opportunities, data workers must be able to discover patterns and connections.

    Teamwork & Collaboration

    • Value delivery in a data-centric environment is a team effort, requiring collaboration across the business, IT, and data teams. D&A experts with strong collaborative abilities can successfully work with other teams to achieve shared objectives.

    Communication & Active Listening

    • This includes communicating with relevant stakeholders about timelines and expectations of data projects and associated technology and challenges, paying attention to data consumers, understanding their requirements and needs, and other areas of interest to the organization.

    Technical skills for everyday excellence

    Digital Leadership Skills

    • Technological Literacy
    • Data and AI Literacy
    • Cloud Computing Literacy
    • Data Ethics
    • Data Translation

    Data & Analytics Technical Competencies

    • Data Mining
    • Programming Languages (Python, SQL, R, etc.)
    • Data Analysis and Statistics
    • Computational and Algorithmic Thinking
    • AI/ML Skills (Deep Learning, Computer Vision, Natural Language Processing, etc.)
    • Data Visualization and Storytelling
    • Data Profiling
    • Data Modeling & Design
    • Data Pipeline (ETL/ELT) Design & Management
    • Database Design & Management
    • Data Warehouse/Data Lake Design & Management

    1.1 Review D&A Skill & Role List in the Data & Analytics Assessment and Planning Tool

    Sample of Tab 2 in the Data & Analytics Assessment and Planning Tool.

    Tab 2. Skill & Role List

    Objective: Review the library of skills and roles and customize them as needed to align with your organization's language and specific needs.

    Download the Data & Analytics Assessment and Planning Tool

    Identify and Build the Data & Analytics Skills Your Organization Needs

    Phase 2

    Uncover the Skills Gap

    Define Key Roles and Skills Uncover the Skills Gap Build an Actionable Plan

    This phase will walk you through the following activities:

    • 2.1 High-level assessment of your present data management maturity
    • 2.2 Interview business and data leaders to clarify current skills availability
    • 2.3 Use the Data & Analytics Assessment and Planning Tool to Identify your skills gaps

    This phase involves the following participants:

    • Data leads
    • Business leads and subject matter experts (SMEs)
    • Key business stakeholders

    Identify skills gaps across the organization

    Gaps are not just about assigning people to a role, but whether people have the right skill sets to carry out tasks.

    • Now that you have identified the essential skills and roles in the data workplace, move to Phase 2. This phase will help you understand the required level of competency, assess where the organization stands today, and identify gaps to close.
    • Using the Data & Analytics Assessment and Planning Tool, start with areas that are given the highest priority through a high-level maturity assessment. From there, three levels of gaps will be found: whether people are assigned to a particular position, the right combination of D&A skill sets, and the right competency level for each skill.

    • Lack of talent assigned to a position

    • Lack of the right combination of D&A skill sets

    • Lack of appropriate competency level

    Info-Tech Insight

    Understanding your organization's data maturity level is a prerequisite to assessing the skill sets you have today and determining where you need to align in the future.

    2.1 High-level assessment of your present data management maturity

    Identifying and fixing skills gaps takes time, money, and effort. Focus on bridging the gap in high-priority areas.

    Input: Current state capabilities, Use cases (if applicable), Data culture diagnostic survey results (if applicable)
    Output: High-level maturity assessment, Prioritized list of data management focused area
    Materials: Data Management Assessment and Planning Tool (optional), Data & Analytics Assessment and Planning Tool
    Participants: Data leads, Business leads and subject matter experts (SMEs), Key business stakeholders

    Objectives:

    Prioritize these skills and roles based on your current maturity levels and what you intend to accomplish with your data strategy.

    Steps:

    1. (Optional Step) Refer to the Build a Robust and Comprehensive Data Strategy blueprint. You can assess your data maturity level using the following frameworks and methods:
      • Review current data strategy and craft use cases that represent high-value areas that must be addressed for their teams or functions.
      • Use the data culture assessment survey to determine your organization's data maturity level.
    2. (Optional Step) Refer to the Create a Data Management Roadmap blueprint and Data Management Assessment and Planning Tool to dive deep into understanding and assessing capabilities and maturity levels of your organization's data management enablers and understanding your priority areas and specific gaps.
    3. If you have completed Data Management Assessment and Planning Tool, fill out your maturity level scores for each of the data management practices within it - Tab 3 (Current-State Assessment). Skip Tab 4 (High-Level Maturity Assessment).
    4. If you have not yet completed Data Management Assessment and Planning Tool, skip Tab 3 and continue with Tab 4. Assign values 1 to 3 for each capability and enabler.
    5. You can examine your current-state data maturity from a high level in terms of low/mid/high maturity using either Tabs 3 or 4.
    6. Suggested focus areas along the data journey:
      • Low Maturity = Data Strategy, Data Governance, Data Architecture
      • Mid Maturity = Data Literacy, Information Management, BI and Reporting, Data Operations Management, Data Quality Management, Data Security/Risk Management
      • High Maturity = MDM, Data Integration, Data Product and Services, Advanced Analytics (ML & AI Management).

    Download the Data & Analytics Assessment and Planning Tool

    2.2 Interview business and data leaders to clarify current skills availability

    1-2 hours per interview

    Input: Sample questions targeting the activities, challenges, and opportunities of each unit
    Output: Identified skills availability
    Materials: Whiteboard/Flip charts, Data & Analytics Assessment and Planning Tool
    Participants: Data leads, Business leads and subject matter experts (SMEs), Key business stakeholders

    Instruction:

    1. Conduct a deep-dive interview with each key data initiative stakeholder (data owners, SMEs, and relevant IT/Business department leads) who can provide insights on the skill sets of their team members, soliciting feedback from business and data leaders about skills and observations of employees as they perform their daily tasks.
    2. Populate a current level of competency for each skill in the Data & Analytics Assessment and Planning Tool in Tabs 5 and 6. Having determined your data maturity level, start with the prioritized data management components (e.g. if your organization sits at low data maturity level, start with identifying relevant positions and skills under data governance, data architecture, and data architecture elements).
    3. More detailed instructions on how to utilize the workbook are at the next activity.

    Key interview questions that will help you :

    1. Do you have personnel assigned to the role? What are their primary activities? Do the personnel possess the soft and technical skills noted in the workbook? Are you satisfied with their performance? How would you evaluate their degree of competency on a scale of "vital, important, nice to have, or none"? The following aspects should be considered when making the evaluation:
      • Key Performance Indicators (KPIs): Business unit data will show where the organization is challenged and will help identify potential areas for development.
      • Project Management Office: Look at successful and failed projects for trends in team traits and competencies.
      • Performance Reviews: Look for common themes where employees excel or need to improve.
      • Focus Groups: Speak with a cross section of employees to understand their challenges.
    2. What technology is currently used? Are there requirements for new technology to be bought and/or optimized in the future? Will the workforce need to increase their skill level to carry out these activities with the new technology in place?

    Download the Data & Analytics Assessment and Planning Tool

    2.3 Use the Data & Analytics Assessment and Planning Tool to identify skills gaps

    1-3 hours — Not everyone needs the same skill levels.

    Input: Current skills competency, Stakeholder interview results and findings
    Output: Gap identification and analysis
    Materials: Data & Analytics Assessment and Planning Tool
    Participants: Data leads

    Instruction:

    1. Select your organization's data maturity level in terms of Low/Mid/High in cell A6 for both Tab 5 (Soft Skills Assessment) and Tab 6 (Technical Skills Assessment) to reduce irrelevant rows.
    2. Bring together key business stakeholders (data owners, SMEs, and relevant IT custodians) to determine whether the data role exists in the organization. If yes, assign a current-state value from “vital, important, nice to have, or none” for each skill in the assessment tool. Info-Tech has specified the desired/required target state of each skill set.
    3. Once you've assigned the current-state values, the tool will automatically determine whether there is a gap in skill set.

    Download the Data & Analytics Assessment and Planning Tool

    Identify and Build the Data & Analytics Skills Your Organization Needs

    Phase 3

    Build an Actionable Plan

    Define Key Roles and Skills Uncover the Skills Gap Build an Actionable Plan

    This phase will walk you through the following activities:

    • 3.1 Use the Data & Analytics Assessment and Planning Tool to build your actionable roadmap

    This phase involves the following participants:

    • Data leads
    • Business leads and subject matter experts (SMEs)
    • Key business stakeholders

    Determine next steps and decision points

    There are three types of internal skills development strategies

    • There are three types of internal skills development strategies organizations can use to ensure the right people with the right abilities are placed in the right roles: reskill, upskill, and new hire.

    1. Reskill

      Reskilling involves learning new skills for a different or newly defined position.

    2. Upskill

      Upskilling involves building a higher level of competency in skills to improve the worker's performance in their current role.

    3. New hire

      New hire involves hiring workers who have the essential skills to fill the open position.

    Info-Tech Insight

    One of the misconceptions that organizations have includes viewing skills development as a one-time effort. This leads to underinvestment in data team skills, risk of falling behind on technological changes, and failure to connect with business partners. Employees must learn to continuously adapt to the changing circumstances of D&A. While the program must be agile and dynamic to reflect technological improvements in the development of technical skills, the program should always be anchored in soft skills because data management is fundamentally about interaction, collaboration, and people.

    How to determine when to upskill, reskill, or hire to meet your skills needs

    Reskill

    Reskilling often indicates a change in someone's career path, so this decision requires a goal aligned with both individuals and the organization to establish a mutually beneficial situation.

    When making reskilling decisions, organizations should also consider the relevance of the skill for different positions. For example, data administrators and data architects have similar skill sets, so reskilling is appropriate for these employees.

    Upskill

    Upskilling tends to focus more on the soft skills necessary for more advanced positions. A data strategy lead, for example, might require design thinking training, which enables leaders to think from different perspectives.

    Skill growth feasibility must also be considered. Some technical skills, particularly those involving cutting-edge technologies, require continual learning to maintain operational excellence. For example, a data scientist may require AI/ML skills training to incorporate use of modern automation technology.

    New Hire

    For open positions and skills that are too resource-intensive to reskill or upskill, it makes sense to recruit new employees. Consider, however, time and cost feasibility of hiring. Some positions (e.g. senior data scientist) take longer to fill. To minimize risks, coordinate with your HR department and begin recruiting early.

    Data & Analytics skills training

    There are various learning methods that help employees develop priority competencies to achieve reskilling or upskilling.

    Specific training

    The data team can collaborate with the human resources department to plan and develop internal training sessions aimed at specific skill sets.

    This can also be accomplished through external training providers such as DCAM, which provides training courses on data management and analytics topics.

    Formal education program

    Colleges and universities can equip students with data analytics skills through formal education programs such as MBAs and undergraduate or graduate degrees in Data Science, Machine Learning, and other fields.

    Certification

    Investing time and effort to obtain certifications in the data & analytics field allows data workers to develop skills and gain recognition for continuous learning and self-improvement.

    AWS Data Analytics and Tableau Data Scientist Certification are two popular data analytics certifications.

    Online learning from general providers

    Some companies offer online courses in various subjects. Coursera and DataCamp are two examples of popular providers.

    Partner with a vendor

    The organization can partner with a vendor who brings skills and talents that are not yet available within the organization. Employees can benefit from the collaboration process by familiarizing themselves with the project and enhancing their own skills.

    Support from within your business

    The data team can engage with other departments that have previously done skills development programs, such as Finance and Change & Communications, who may have relevant resources to help you improve your business acumen and change management skills.

    Info-Tech Insight

    Seeking input and support across your business units can align stakeholders to focus on the right data analytics skills and build a data learning culture.

    Data & Analytics skills reinforcement

    Don't assume learners will immediately comprehend new knowledge. Use different methods and approaches to reinforce their development.

    Innovation Space

    • Skills development is not a one-time event, but a continuous process during which innovation should be encouraged. A key aspect of being innovative is having a “fail fast” mentality, which means collecting feedback, recognizing when something isn't working, encouraging experimentation, and taking a different approach with the goal of achieving operational excellence.
    • Human-centered design (HCD) also yields innovative outcomes with a people-first focus. When creating skills development programs for various target groups, organizations should integrate a human-centered approach.

    Commercial Lens

    • Exposing people to a commercial way of thinking can add long-term value by educating people to act in the business' best interest and raising awareness of what other business functions contribute. This includes concepts such as project management, return on investment (ROI), budget alignment, etc.

    Checklists/Rubrics

    • Employees should record what they learn so they can take the time to reflect. A checklist is an effective technique for establishing objectives, allowing measurement of skills development and progress.

    Buddy Program

    • A buddy program helps employees gain and reinforce knowledge and skills they have learned through mutual support and information exchange.

    Align HR programs to support skills integration and talent recruitment

    With a clear idea of skills needs and an executable strategy for training and reinforcing of concepts, HR programs and processes can help the data team foster a learning environment and establish a recruitment plan. The links below will direct you to blueprints produced by McLean & Company, a division of Info-Tech Research Group.

    Workforce Planning

    When integrating the skills of the future into workforce planning, determine the best approach for addressing the identified talent gaps – whether to build, buy, or borrow.

    Integrate the future skills identified into the organization's workforce plan.

    Talent Acquisition

    In cases where employee development is not feasible, the organization's talent acquisition strategy must focus more on buying or borrowing talent. This will impact the TA process. For example, sourcing and screening must be updated to reflect new approaches and skills.

    If you have a talent acquisition strategy, assess how to integrate the new roles/skills into recruiting.

    Competencies/Succession Planning

    Review current organizational core competencies to determine if they need to be modified. New skills will help inform critical roles and competencies required in succession talent pools.

    If no competency framework exists, use McLean & Company's Develop a Comprehensive Competency Framework blueprint.

    Compensation

    Evaluate modified and new roles against the organization's compensation structure. Adjust them as necessary. Look at market data to understand compensation for new roles and skills.

    Reassess your base pay structure according to market data for new roles and skills.

    Learning and Development

    L&D plays a huge role in closing the skills gap. Build L&D opportunities to support development of new skills in employees.

    Design an Impactful Employee Development Program to build the skills employees need in the future.

    3.1 Use the Data & Analytics Assessment and Planning Tool to build an actionable plan

    1-3 hours

    Input: Roles and skills required, Key decision points
    Output: Actionable plan
    Materials: Data & Analytics Assessment and Planning Tool
    Participants: Data leads, Business leads and subject matter experts (SMEs), Key business stakeholders

    Instruction:

    1. On Tab 7 (Next Steps & Decision Points), you will find a list of tasks that correspond to roles that where there is a skills gap.
    2. Customize this list of tasks initiatives according to your needs.
    3. The Gantt chart, which will be generated automatically after assigning start and finish dates for each activity, can be used to structure your plan and guarantee that all the main components of skills development are addressed.

    Sample of Tab 7 in the Data & Analytics Assessment and Planning Tool.

    Download the Data & Analytics Assessment and Planning Tool

    Related Info-Tech Research

    Sample of the Create a Data Management Roadmap blueprint.

    Create a Data Management Roadmap

    • This blueprint will help you design a data management practice that will allow your organization to use data as a strategic enabler.

    Stock image of a person looking at data dashboards on a tablet.

    Build a Robust and Comprehensive Data Strategy

    • Put a strategy in place to ensure data is available, accessible, well-integrated, secured, of acceptable quality, and suitably visualized to fuel organization-wide decision making. Start treating data as strategic and corporate asset.

    Sample of the Foster Data-Driven Culture With Data Literacy blueprint.

    Foster Data-Driven Culture With Data Literacy

    • By thoughtfully designing a data literacy training program appropriate to the audience's experience, maturity level, and learning style, organizations build a data-driven and engaged culture that helps them unlock their data's full potential and outperform other organizations.

    Research Authors and Contributors

    Authors:

    Name Position Company
    Ruyi Sun Research Specialist Info-Tech Research Group

    Contributors:

    Name Position Company
    Steve Wills Practice Lead Info-Tech Research Group
    Andrea Malick Advisory Director Info-Tech Research Group
    Annabel Lui Principal Advisory Director Info-Tech Research Group
    Sherwick Min Technical Counselor Info-Tech Research Group

    Bibliography

    2022 Workplace Learning Trends Report.” Udemy, 2022. Accessed 20 June 2023.

    Agrawal, Sapana, et al. “Beyond hiring: How companies are reskilling to address talent gaps.” McKinsey & Company, 12 Feb. 2020. Accessed 20 June 2023.

    Bika, Nikoletta. “Key hiring metrics: Useful benchmarks for tech roles.” Workable, 2019. Accessed 20 June 2023.

    Chroust, Tomas. “Chief Data Officer – Leaders of data-driven enterprises.” BearingPoint, 2020. Accessed 20 June 2023.

    “Data and AI Leadership Executive Survey 2022.” NewVantage Partners, Jan 2022. Accessed 20 June 2023.

    Dondi, Marco, et al. “Defining the skills citizens will need in the future world of work.” McKinsey & Company, June 2021. Accessed 20 June 2023.

    Futschek, Gerald. “Algorithmic Thinking: The Key for Understanding Computer Science.” Lecture Notes in Computer Science, vol. 4226, 2006.

    Howard, William, et al. “2022 HR Trends Report.” McLean & Company, 2022. Accessed 20 June 2023.

    “Future of Jobs Report 2023.” World Economic Forum, May 2023. Accessed 20 June 2023.

    Knight, Michelle. “What is Data Ethics?” Dataversity, 19 May 2021. Accessed 20 June 2023.

    Little, Jim, et al. “The CIO Imperative: Is your technology moving fast enough to realize your ambitions?” EY, 22 Apr. 2022. Accessed 20 June 2023.

    “MDM Roles and Responsibilities.” Profisee, April 2019. Accessed 20 June 2023.

    “Reskilling and Upskilling: A Strategic Response to Changing Skill Demands.” TalentGuard, Oct. 2019. Accessed 20 June 2023.

    Southekal, Prashanth. “The Five C's: Soft Skills That Every Data Analytics Professional Should Have.” Forbes, 17 Oct. 2022. Accessed 20 June 2023.

    IT Governance

    • Buy Link or Shortcode: {j2store}22|cart{/j2store}
    • Related Products: {j2store}22|crosssells{/j2store}
    • Up-Sell: {j2store}22|upsells{/j2store}
    • member rating overall impact: 9.2/10
    • member rating average dollars saved: $124,127
    • member rating average days saved: 37
    • Parent Category Name: Strategy and Governance
    • Parent Category Link: /strategy-and-governance
    • byline: Avoid bureaucracy and achieve alignment with a practical approach.
    Read our concise Executive Brief to find out why you may want to redesign your IT governance, Review our methodology, and understand how we can support you in completing this process.

    Develop and Deploy Security Policies

    • Buy Link or Shortcode: {j2store}256|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $19,953 Average $ Saved
    • member rating average days saved: 19 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • Employees are not paying attention to policies. Awareness and understanding of what the security policy’s purpose is, how it benefits the organization, and the importance of compliance are overlooked when policies are distributed.
    • Informal, un-rationalized, ad hoc policies do not explicitly outline responsibilities, are rarely comprehensive, and are difficult to implement, revise, and maintain.
    • Data breaches are still on the rise and security policies are not shaping good employee behavior or security-conscious practices.
    • Adhering to security policies is rarely a priority to users as compliance often feels like an interference to daily workflow. For a lot of organizations, security policies are not having the desired effect.

    Our Advice

    Critical Insight

    • Creating good policies is only half the solution. Having a great policy management lifecycle will keep your policies current, effective, and compliant.
    • Policies must be reasonable, auditable, enforceable, and measurable. If the policy items don’t meet these requirements, users can’t be expected to adhere to them. Focus on developing policies to be quantified and qualified for them to be relevant.

    Impact and Result

    • Save time and money using the templates provided to create your own customized security policies mapped to the Info-Tech framework, which incorporates multiple industry best-practice frameworks (NIST, ISO, SOC2SEC, CIS, PCI, HIPAA).

    Develop and Deploy Security Policies Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Develop and Deploy Security Policies Deck – A step-by-step guide to help you build, implement, and assess your security policy program.

    Our systematic approach will ensure that all identified areas of security have an associated policy.

  • Develop the security policy program.
  • Develop and implement the policy suite.
  • Communicate the security policy program.
  • Measure the security policy program.

    • Develop and Deploy Security Policies – Phases 1-4

    2. Security Policy Prioritization Tool – A structured tool to help your organization prioritize your policy suite to ensure that you are addressing the most important policies first.

    The Security Policy Prioritization Tool assesses the policy suite on policy importance, ease to implement, and ease to enforce. The output of this tool is your prioritized list of policies based on our policy framework.

    • Security Policy Prioritization Tool

    3. Security Policy Assessment Tool – A structured tool to assess the effectiveness of policies within your organization and determine recommended actions for remediation.

    The Security Policy Assessment Tool assesses the policy suite on policy coverage, communication, adherence, alignment, and overlap. The output of this tool is a checklist of remediation actions for each individual policy.

    • Security Policy Assessment Tool

    4. Security Policy Lifecycle Template – A customizable lifecycle template to manage your security policy initiatives.

    The Lifecycle Template includes sections on security vision, security mission, strategic security and policy objectives, policy design, roles and responsibilities for developing security policies, and organizational responsibilities.

    • Security Policy Lifecycle Template

    5. Policy Suite Templates – A best-of-breed templates suite mapped to the Info-Tech framework you can customize to reflect your organizational requirements and acquire approval.

    Use Info-Tech's security policy templates, which incorporate multiple industry best-practice frameworks (NIST, ISO, SOC2SEC, CIS, PCI, HIPAA), to ensure that your policies are clear, concise, and consistent.

    • Acceptable Use of Technology Policy Template
    • Application Security Policy Template
    • Asset Management Policy Template
    • Backup and Recovery Policy Template
    • Cloud Security Policy Template
    • Compliance and Audit Management Policy Template
    • Data Security Policy Template
    • Endpoint Security Policy Template
    • Human Resource Security Policy Template
    • Identity and Access Management Policy Template
    • Information Security Policy Template
    • Network and Communications Security Policy Template
    • Physical and Environmental Security Policy Template
    • Security Awareness and Training Policy Template
    • Security Incident Management Policy Template
    • Security Risk Management Policy Template
    • Security Threat Detection Policy Template
    • System Configuration and Change Management Policy Template
    • Vulnerability Management Policy Template

    6. Policy Communication Plan Template – A template to help you plan your approach for publishing and communicating your policy updates across the entire organization.

    This template helps you consider the budget time for communications, identify all stakeholders, and avoid scheduling communications in competition with one another.

    • Policy Communication Plan Template

    7. Security Awareness and Training Program Development Tool – A tool to help you identify initiatives to develop your security awareness and training program.

    Use this tool to first identify the initiatives that can grow your program, then as a roadmap tool for tracking progress of completion for those initiatives.

    • Security Awareness and Training Program Development Tool

    Infographic

    Workshop: Develop and Deploy Security Policies

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define the Security Policy Program

    The Purpose

    Define the security policy development program.

    Formalize a governing security policy lifecycle.

    Key Benefits Achieved

    Understanding the current state of policies within your organization.

    Prioritizing list of security policies for your organization.

    Being able to defend policies written based on business requirements and overarching security needs.

    Leveraging an executive champion to help policy adoption across the organization.

    Formalizing the roles, responsibilities, and overall mission of the program.

    Activities

    1.1 Understand the current state of policies.

    1.2 Align your security policies to the Info-Tech framework for compliance.

    1.3 Understand the relationship between policies and other documents.

    1.4 Prioritize the development of security policies.

    1.5 Discuss strategies to leverage stakeholder support.

    1.6 Plan to communicate with all stakeholders.

    1.7 Develop the security policy lifecycle.

    Outputs

    Security Policy Prioritization Tool

    Security Policy Prioritization Tool

    Security Policy Lifecycle Template

    2 Develop the Security Policy Suite

    The Purpose

    Develop a comprehensive suite of security policies that are relevant to the needs of the organization.

    Key Benefits Achieved

    Time, effort, and money saved by developing formally documented security policies with input from Info-Tech’s subject-matter experts.

    Activities

    2.1 Discuss the risks and drivers your organization faces that must be addressed by policies.

    2.2 Develop and customize security policies.

    2.3 Develop a plan to gather feedback from users.

    2.4 Discuss a plan to submit policies for approval.

    Outputs

    Understanding of the risks and drivers that will influence policy development.

    Up to 14 customized security policies (dependent on need and time).

    3 Implement Security Policy Program

    The Purpose

    Ensure policies and requirements are communicated with end users, along with steps to comply with the new security policies.

    Improve compliance and accountability with security policies.

    Plan for regular review and maintenance of the security policy program.

    Key Benefits Achieved

    Streamlined communication of the policies to users.

    Improved end user compliance with policy guidelines and be better prepared for audits.

    Incorporate security policies into daily schedule, eliminating disturbances to productivity and efficiency.

    Activities

    3.1 Plan the communication strategy of new policies.

    3.2 Discuss myPolicies to automate management and implementation.

    3.3 Incorporate policies and processes into your security awareness and training program.

    3.4 Assess the effectiveness of security policies.

    3.5 Understand the need for regular review and update.

    Outputs

    Policy Communication Plan Template

    Understanding of how myPolicies can help policy management and implementation.

    Security Awareness and Training Program Development Tool

    Security Policy Assessment Tool

    Action plan to regularly review and update the policies.

    Further reading

    Develop and Deploy Security Policies

    Enhance your overall security posture with a defensible and prescriptive policy suite.

    Analyst Perspective

    A policy lifecycle can be the secret sauce to managing your policies.

    A policy for policy’s sake is useless if it isn’t being used to ensure proper processes are followed. A policy should exist for more than just checking a requirement box. Policies need to be quantified, qualified, and enforced for them to be relevant.

    Policies should be developed based on the use cases that enable the business to run securely and smoothly. Ensure they are aligned with the corporate culture. Rather than introducing hindrances to daily operations, policies should reflect security practices that support business goals and protection.

    No published framework is going to be a perfect fit for any organization, so take the time to compare business operations and culture with security requirements to determine which ones apply to keep your organization secure.

    Photo of Danny Hammond, Research Analyst, Security, Risk, Privacy & Compliance Practice, Info-Tech Research Group. Danny Hammond
    Research Analyst
    Security, Risk, Privacy & Compliance Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge
    • Security breaches are damaging and costly. Trying to prevent and respond to them without robust, enforceable policies makes a difficult situation even harder to handle.
    • Informal, un-rationalized, ad hoc policies are ineffective because they do not explicitly outline responsibilities and compliance requirements, and they are rarely comprehensive.
    • Without a strong lifecycle to keep policies up to date and easy to use, end users will ignore or work around poorly understood policies.
    • Time and money is wasted dealing with preventable security issues that should be pre-emptively addressed in a comprehensive corporate security policy program.
    		 Common Obstacles

    InfoSec leaders will struggle to craft the right set of policies without knowing what the organization actually needs, such as:

    • The security policies needed to safeguard infrastructure and resources.
    • The scope the security policies will cover within the organization.
    • The current compliance and regulatory obligations based on location and industry.
    InfoSec leaders must understand the business environment and end-user needs before they can select security policies that fit.    		 Info-Tech’s Approach

    Info-Tech’s Develop and Deploy Security Policies takes a multi-faceted approach to the problem that incorporates foundational technical elements, compliance considerations, and supporting processes:

    • Assess what security policies currently exist within the organization and consider additional secure policies.
    • Develop a policy lifecycle that will define the needs, develop required documentation, and implement, communicate, and measure your policy program.
    • Draft a set of security policies mapped to the Info-Tech framework, which incorporates multiple industry best-practice frameworks (NIST, ISO, SOC2SEC, CIS, PCI, HIPAA).

    Info-Tech Insight

    Creating good policies is only half the solution. Having a great policy management lifecycle will keep your policies current, effective, and compliant.

    Your Challenge

    This research is designed to help organizations design a program to develop and deploy security policies

    • A security policy is a formal document that outlines the required behavior and security controls in place to protect corporate assets.
    • The development of policy documents is an ambitious task, but the real challenge comes with communication and enforcement.
    • A good security policy allows employees to know what is required of them and allows management to monitor and audit security practices against a standard policy.
    • Unless the policies are effectively communicated, enforced, and updated, employees won’t know what’s required of them and will not comply with essential standards, making the policies powerless.
    • Without a good policy lifecycle in place, it can be challenging to illustrate the key steps and decisions involved in creating and managing a policy.

    The problem with security policies

    29% Of IT workers say it's just too hard and time consuming to track and enforce.

    25% Of IT workers say they don’t enforce security policies universally.

    20% Of workers don’t follow company security policies all the time.

    (Source: Security Magazine, 2020)

    Common obstacles

    The problem with security policies isn’t development; rather, it’s the communication, enforcement, and maintenance of them.

    • Employees are not paying attention to policies. Awareness and understanding of what the security policy’s purpose is, how it benefits the organization, and the importance of compliance are overlooked when policies are distributed.
    • Informal, un-rationalized, ad hoc policies do not explicitly outline responsibilities, are rarely comprehensive, and are difficult to implement, revise, and maintain.
    • Date breaches are still on the rise and security policies are not shaping good employee behavior or security-conscious practices.
    • Adhering to security policies is rarely a priority to users as compliance often feels like an interference to daily workflow. For a lot of organizations, security policies are not having the desired effect.
    		 Bar chart of the 'Average cost of a data breach' in years '2019-20', '20-21', and '21-22'.
    (Source: IBM, 2022 Cost of a Data Breach; n=537)

    Reaching an all-time high, the cost of a data breach averaged US$4.35 million in 2022. This figure represents a 2.6% increase from last year, when the average cost of a breach was US$4.24 million. The average cost has climbed 12.7% since 2020.

    Info-Tech’s approach

    The right policy for the right audience. Generate a roadmap to guide the order of policy development based on organizational policy requirements and the target audience.

    Actions

    1. Develop policy lifecycle
    2. Identify compliance requirements
    3. Understand which policies need to be developed, maintained, or decommissioned
      4.
    		I. Define Security Policy Program

    a) Security policy program lifecycle template

    b) Policy prioritization tool    		 Clockwise cycle arrows at the centre of the table. II. Develop & Implement Policy Suite

    a) Policy template set

    		 Policies must be reasonable, auditable, enforceable, and measurable. Policy items that meet these requirements will have a higher level of adherence. Focus on efficiently creating policies using pre-developed templates that are mapped to multiple compliance frameworks.

    Actions

    1. Differentiate between policies, procedures, standards, and guidelines
    2. Draft policies from templates
    3. Review policies, including completeness
    4. Approve policies
      5.
    Gaining feedback on policy compliance is important for updates and adaptation, where necessary, as well as monitoring policy alignment to business objectives.

    Actions

    1. Enforce policies
    2. Measure policy effectiveness
      3.
    		IV. Measure Policy Program

    a) Security policy tracking tool

    		 III. Communicate Policy Program

    a) Security policy awareness & training tool

    b) Policy communication plan template    		 Awareness and training on security policies should be targeted and must be relevant to the employees’ jobs. Employees will be more attentive and willing to incorporate what they learn if they feel that awareness and training material was specifically designed to help them.

    Actions

    1. Identify any changes in the regulatory and compliance environment
    2. Include policy awareness in awareness and training programs
    3. Disseminate policies
      4.
    Build trust in your policy program by involving stakeholder participation through the entire policy lifecycle.

    Blueprint benefits

    IT/InfoSec Benefits

    • Reduces complexity within the policy creation process by using a single framework to align multiple compliance regimes.
    • Introduces a roadmap to clearly educate employees on the do’s and don’ts of IT usage within the organization.
    • Reduces costs and efforts related to managing IT security and other IT-related threats.

    Business Benefits

    • Identifies and develops security policies that are essential to your organization’s objectives.
    • Integrates security into corporate culture while maximizing compliance and effectiveness of security policies.
    • Reduces security policy compliance risk.

    Key deliverable:

    Security Policy Templates

    Templates for policies that can be used to map policy statements to multiple compliance frameworks.

    Sample of Security Policy Templates.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Security Policy Prioritization Tool

    The Info-Tech Security Policy Prioritization Tool will help you determine which security policies to work on first.    		 Sample of the Security Policy Prioritization Tool.
    Sample of the Security Policy Assessment Tool.

    Security Policy Assessment Tool

    Info-Tech's Security Policy Assessment Tool helps ensure that your policies provide adequate coverage for your organization's security requirements.

    Measure the value of this blueprint

    Phase

    Purpose

    Measured Value
    Define Security Policy Program Understand the value in formal security policies and determine which policies to prepare to update, eliminate, or add to your current suite. Time, value, and resources saved with guidance and templates:
    1 FTE*3 days*$80,000/year = $1,152
    Time, value, and resources saved using our recommendations and tools:
    1 FTE*2 days*$80,000/year = $768
    Develop and Implement the Policy Suite Select from an extensive policy template offering and customize the policies you need to optimize or add to your own policy program. Time, value, and resources saved using our templates:
    1 consultant*15 days*$150/hour = $21,600 (if starting from scratch)
    Communicate Security Policy Program Use Info-Tech’s methodology and best practices to ensure proper communication, training, and awareness. Time, value, and resources saved using our training and awareness resources:
    1 FTE*1.5 days*$80,000/year = $408
    Measure Security Policy Program Use Info-Tech’s custom toolkits for continuous tracking and review of your policy suite. Time, value, and resources saved by using our enforcement recommendations:
    2 FTEs*5 days*$160,000/year combined = $3,840
    Time, value, and resources saved by using our recommendations rather than an external consultant:
    1 consultant*5 days*$150/hour = $7,200

    After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

    Overall Impact

    9.5 /10

    Overall Average $ Saved

    $29,015

    Overall Average Days Saved

    25

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is six to ten calls over the course of two to four months.

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Phase 3

    Phase 4
    Call #1: Scope security policy requirements, objectives, and any specific challenges.

    Call #2: Review policy lifecycle; prioritize policy development.

    		 Call #3: Customize the policy templates.

    Call #4: Gather feedback on policies and get approval.

    		 Call #5: Communicate the security policy program.

    Call #6: Develop policy training and awareness programs.

    		 Call #7: Track policies and exceptions.

    Workshop Overview
    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889
    Day 1 Day 2 Day 3 Day 4 Day 5
    Define the security policy program
    Develop the security policy suite
    Develop the security policy suite
    Implement security policy program
    Finalize deliverables and next steps
    Activities

    1.1 Understand the current state of policies.

    1.2 Align your security policies to the Info-Tech framework for compliance.

    1.3 Understand the relationship between policies and other documents.

    1.4 Prioritize the development of security policies.

    1.5 Discuss strategies to leverage stakeholder support.

    1.6 Plan to communicate with all stakeholders.

    1.7 Develop the security policy lifecycle.

    2.1 Discuss the risks and drivers your organization faces that must be addressed by policies.

    2.2 Develop and customize security policies.

    2.1 Discuss the risks and drivers your organization faces that must be addressed by policies (continued).

    2.2 Develop and customize security policies (continued).

    2.3 Develop a plan to gather feedback from users.

    2.4 Discuss a plan to submit policies for approval.

    3.1 Plan the communication strategy for new policies.

    3.2 Discuss myPolicies to automate management and implementation.

    3.3 Incorporate policies into your security awareness and training program.

    3.4 Assess the effectiveness of policies.

    3.5 Understand the need for regular review and update.

    4.1 Review customized lifecycle and policy templates.

    4.2 Discuss the plan for policy roll out.

    4.3 Schedule follow-up Guided Implementation calls.
    Deliverables
    1. Security Policy Prioritization Tool
    2. Security Policy Lifecycle
    1. Security Policies (approx. 9)
    1. Security Policies (approx. 9)
    1. Policy Communication Plan
    2. Security Awareness and Training Program Development Tool
    3. Security Policy Assessment Tool
    1. All deliverables finalized

    Develop and Deploy Security Policies

    Phase 1

    Define the Security Policy Program

    Phase 1

    1.1 Understand the current state

    1.2 Align your security policies to the Info-Tech framework

    1.3 Document your policy hierarchy

    1.4 Prioritize development of security policies

    1.5 Leverage stakeholders

    1.6 Develop the policy lifecycle

    		 Phase 2

    2.1 Customize policy templates

    2.2 Gather feedback from users on policy feasibility

    2.3 Submit policies to upper management for approval

    		 Phase 3

    3.1 Understand the need for communicating policies

    3.2 Use myPolicies to automate the management of your security policies

    3.3 Design, build, and implement your communications plan

    3.4 Incorporate policies and processes into your training and awareness programs

    		 Phase 4

    4.1 Assess the state of security policies

    4.2 Identify triggers for regular policy review and update

    4.3 Develop an action plan to update policies

    This phase will walk you through the following activities:

    • Understand the current state of your organization’s security policies.
    • Align your security policies to the Info-Tech framework for compliance.
    • Prioritize the development of your security policies.
    • Leverage key stakeholders to champion the policy initiative.
    • Inform all relevant stakeholders of the upcoming policy program.
    • Develop the security policy lifecycle.

    1.1 Understand the current state of policies

    Scenario 1: You have existing policies

    1. Use the Security Policy Prioritization Tool to identify any gaps between the policies you already have and those recommended based on your changing business needs.
    2. As your organization undergoes changes, be sure to incorporate new requirements in the existing policies.
    3. Sometimes, you may have more specific procedures for a domain’s individual security aspects instead of high-level policies.
    4. Group current policies into the domains and use the policy templates to create overarching policies where there are none and improve upon existing high-level policies.

    Scenario 2: You are starting from scratch

    1. To get started on new policies, use the Security Policy Prioritization Tool to identify the policies Info-Tech recommends based on your business needs. See the full list of templates in the Appendix to ensure that all relevant topics are addressed.
    2. Whether you’re starting from scratch or have incomplete/ad hoc policies, use Info-Tech’s policy templates to formalize and standardize security requirements for end users.
    Info-Tech Insight

    Policies are living, evolving documents that require regular review and update, so even if you have policies already written, you’re not done with them.

    1.2 Align your security policies to the Info-Tech framework for compliance

    You have an opportunity to improve your employee alignment and satisfaction, improve organizational agility, and obtain high policy adherence. This is achieved by translating your corporate culture into a policy-based compliance culture.

    Align your security policies to the Info-Tech Security Framework by using Info-Tech’s policy templates.

    Info-Tech’s security framework uses a best-of-breed approach to leverage and align with most major security standards, including:
    • ISO 27001/27002
    • COBIT
    • Center for Internet Security (CIS) Critical Controls
    • NIST Cybersecurity Framework
    • NIST SP 800-53
    • NIST SP 800-171

    Info-Tech Security Framework

    Info-Tech Security Framework with policies grouped into categories which are then grouped into 'Governance' and 'Management'.

    1.3 Document your policy hierarchy

    Structuring policy components at different levels allows for efficient changes and direct communication depending on what information is needed.

    Policy hierarchy pyramid with 'Security Policy Lifecycle' on top, then 'Security Policies', then 'IT and/or Supporting Documentation'.

    Defines the cycle for the security policy program and what must be done but not how to do it. Aligns the business, security program, and policies.
    Addresses the “what,” “who,” “when,” and “where.”

    Defines high-level overarching concepts of security within the organization, including the scope, purpose, and objectives of policies.
    Addresses the high-level “what” and “why.”
    Changes when business objectives change.

    Defines enterprise/technology – specific, detailed guidelines on how to adhere to policies.
    Addresses the “how.”
    Changes when technology and processes change.

    Info-Tech Insight

    Design separate policies for different areas of focus. Policies that are written as single, monolithic documents are resistant to change. A hierarchical top-level document supported by subordinate policies and/or procedures can be more rapidly revised as circumstances change.

    1.3.1 Understand the relationship between policies and other documents

    Policy:
    • Provides emphasis and sets direction.
    • Standards, guidelines, and procedures must be developed to support an overarching policy.
    Arrows stemming from the above list, connecting to the three lists below.

    Standard:

    • Specifies uniform method of support for policy.
    • Compliance is mandatory.
    • Includes process, frameworks, methodologies, and technology.
    		 Two-way horizontal arrow.

    Procedure:

    • Step-by-step instructions to perform desired actions.
    		 Two-way horizontal arrow.

    Guideline:

    Recommended actions to consider in absence of an applicable standard, to support a policy.
    This model is adapted from a framework developed by CISA (Certified Information Systems Auditor).

    Supporting Documentation

    Considerations for standards

    Standards. These support policies by being much more specific and outlining key steps or processes that are necessary to meet certain requirements within a policy document. Ideally standards should be based on policy statements with a target of detailing the requirements that show how the organization will implement developed policies.

    If policies describe what needs to happen, then standards explain how it will happen.

    A good example is an email policy that states that emails must be encrypted; this policy can be supported by a standard such as Transport Layer Security (TLS) encryption that specifically ensures that all email communication is encrypted for messages “in transit” from one secure email server that has TLS enabled to another.

    There are numerous security standards available that support security policies/programs based on the kind of systems and controls that an organization would like to put in place. A good selection of supporting standards can go a long way to further protect users, data, and other organizational assets
    Key Policies Example Associated Standards
    Access Control Policy
    • Password Management User Standard
    • Account Auditing Standard
    Data Security Policy
    • Cryptography Standard
    • Data Classification Standard
    • Data Handling Standard
    • Data Retention Standard
    Incident Response Policy
    • Incident Response Plan
    Network Security Policy
    • Wireless Connectivity Standard
    • Firewall Configuration Standard
    • Network Monitoring Standard
    Vendor Management Policy
    • Vendor Risk Management Standard
    • Third-Party Access Control Standard
    Application Security Policy
    • Application Security Standard

    1.4 Prioritize development of security policies

    The Info-Tech Security Policy Prioritization Tool will help you determine which security policies to work on first.
    • The tool allows you to prioritize your policies based on:
      • Importance: How relevant is this policy to organizational security?
      • Ease to implement: What is the effort, time, and resources required to write, review, approve, and distribute the policy?
      • Ease to enforce: How much effort, time, and resources are required to enforce the policy?
    • Additionally, the weighting or priority of each variable of prioritization can be adjusted.

    Align policies to recent security concerns. If your organization has recently experienced a breach, it may be crucial to highlight corresponding policies as immediately necessary.

    Info-Tech Insight

    If you have an existing policy that aligns with one of the Info-Tech recommended templates weight Ease to Implement and Ease to Enforce as HIGH (4-5). This will decrease the priority of these policies.

    		Sample of the Security Policy Prioritization Tool.

    Download the Security Policy Prioritization Tool

    1.5 Leverage stakeholders to champion policies

    Info-Tech Insight

    While management support is essential to initiating a strong security posture, allow employees to provide input on the development of security policies. This cooperation will lead to easier incorporation of the policies into the daily routines of workers, with less resistance. The security team will be less of a police force and more of a partner.

    Executive champion

    Identify an executive champion who will ensure that the security program and the security policies are supported.

    		 Focus on risk and protection

    Security can be viewed as an interference, but the business is likely more responsive to the concepts of risk and protection because it can apply to overall business operations and a revenue-generating mandate.
    Communicate policy initiatives

    Inform stakeholders of the policy initiative as security policies are only effective if they support the business requirements and user input is crucial for developing a strong security culture.

    		 Current security landscape

    Leveraging the current security landscape can be a useful mechanism to drive policy buy-in from stakeholders.
    Management buy-in

    This is key to policy acceptance; it indicates that policies are accurate, align with the business, and are to be upheld, that funds will be made available, and that all employees will be equally accountable.

    Streamline Your Workforce During a Pandemic

    • Buy Link or Shortcode: {j2store}515|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Lead
    • Parent Category Link: /lead

    Reduced infection rates in compromised areas are providing hope that these difficult times will pass. However, organizations are facing harsh realities in real time. With significant reductions in revenue, employers are facing pressure to quickly implement cost-cutting strategies, resulting in mass layoffs of valuable employees.

    Our Advice

    Critical Insight

    Employees are an organization’s greatest asset. When faced with cost-cutting pressures, look for redeployment opportunities that use talent as a resource to get through hard times before resorting to difficult layoff decisions.

    Impact and Result

    Make the most of your workforce in this unprecedented situation by following McLean & Company’s process to initiate redeployment efforts and reduce costs. If all else fails, follow our guidance on planning for layoffs and considerations when doing so.

    Streamline Your Workforce During a Pandemic Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Meet with leadership

    Set a strategy with senior leadership, brainstorm underused and understaffed employee segments and departments, then determine an approach to redeployments and layoffs.

    • Streamline Your Workforce During a Pandemic Storyboard
    • Redeployment and Layoff Strategy Workbook

    2. Plan individual and department redeployment

    Collect key information, prepare and redeploy, and roll up information across the organization.

    • Short-Term Survival Segment Evaluation Tool
    • Skills Inventory for Redeployment Tool
    • Redeployment Action and Communication Plan
    • Crisis Communication Guide for HR
    • Crisis Communication Guide for Leaders
    • Leadership Crisis Communication Guide Template
    • 3i's of Engaging Management – Manager Guide
    • Feedback and Coaching Guide for Managers
    • Redeployment Communication Roll-up Template

    3. Plan individual and department layoffs

    Plan for layoffs, execute on the layoff plan, and communicate to employees.

    • Employee Departure Checklist Tool
    • 10 Communication Best Practices in the Face of Crisis
    • Termination Logistics Tool
    • Termination Costing Tool
    • COVID-19: Employee-Facing Frequently Asked Questions Template
    • COVID-19: Employee-Facing Frequently Asked Questions
    • Standard Internal Communications Plan

    4. Monitor and manage departmental effectiveness

    Monitor departmental performance, review organizational performance, and determine next steps.

    • HR Metrics Library
    • Standard HR Scorecard
    [infographic]

    Implement Software Asset Management

    • Buy Link or Shortcode: {j2store}313|cart{/j2store}
    • member rating overall impact: 9.3/10 Overall Impact
    • member rating average dollars saved: $107,154 Average $ Saved
    • member rating average days saved: 39 Average Days Saved
    • Parent Category Name: Asset Management
    • Parent Category Link: /asset-management
    • Organizations are aware of the savings that result from implementing software asset management (SAM), but are unsure of where to start the process.
    • Poor data capture procedures and lack of a centralized repository produce an incomplete picture of software assets and licenses, preventing accurate forecasting and license optimization.
    • Audit protocols are ad hoc, resulting in sloppy reporting and time-consuming work and lack of preparedness for external software audits.

    Our Advice

    Critical Insight

    • A strong SAM program will benefit all aspects of the business. Data and reports gained through SAM will enable data-driven decision making for all areas of the business.
    • Don’t just track licenses; manage them to create value from data. Gathering and monitoring license data is just the beginning. What you do with that data is the real test.
    • Win the audit battle without fighting. Conduct internal audits to minimize surprises when external audits are requested.

    Impact and Result

    • Conduct a current state assessment of existing SAM processes to form an appropriate plan for implementing or improving your SAM program.
    • Define standard policies, processes, and procedures for each stage of the software asset lifecycle, from procurement through to retirement.
    • Develop an internal audit policy to mitigate the risk of costly external audits.

    Implement Software Asset Management Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement software asset management, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess & plan

    Assess current state and plan the scope of the SAM program, team, and budget.

    • Implement Software Asset Management – Phase 1: Assess & Plan
    • SAM Maturity Assessment
    • SAM Standard Operating Procedures
    • SAM Budget Workbook

    2. Procure, receive & deploy

    Define processes for software requests, procurement, receiving, and deployment.

    • Implement Software Asset Management – Phase 2: Procure, Receive & Deploy
    • SAM Process Workflows (Visio)
    • SAM Process Workflows (PDF)

    3. Manage, redeploy & retire

    Define processes for software inventory, maintenance, harvest and redeployment, and retirement.

    • Implement Software Asset Management – Phase 3: Manage, Redeploy & Retire
    • Patch Management Policy

    4. Build supporting processes

    Build processes for audits and plan the implementation.

    • Implement Software Asset Management – Phase 4: Build Supporting Processes & Tools
    • Software Audit Scoping Email Template
    • Software Audit Launch Email Template
    • SAM Communication Plan
    • SAM FAQ Template
    • Software Asset Management Policy
    [infographic]

    Workshop: Implement Software Asset Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess & Plan

    The Purpose

    Assess current state and plan the scope of the SAM program, team, and budget.

    Key Benefits Achieved

    Current state assessment

    Defined roles and responsibilities

    SAM budget plan

    Activities

    1.1 Outline SAM challenges and objectives.

    1.2 Assess current state.

    1.3 Identify roles and responsibilities for SAM team.

    1.4 Identify metrics and reports.

    1.5 Identify SAM functions to centralize vs. decentralize.

    1.6 Plan SAM budget process.

    Outputs

    Current State Assessment

    RACI Chart

    Defined metrics and reports

    SAM Budget Workbook

    2 Procure, Receive & Deploy

    The Purpose

    Define processes for software requests, procurement, receiving, and deployment.

    Key Benefits Achieved

    Defined standards for software procurement

    Documented processes for software receiving and deployment

    Activities

    2.1 Determine software standards.

    2.2 Define procurement process for new contracts.

    2.3 Define process for contract renewals and additional procurement scenarios.

    2.4 Design process for receiving software.

    2.5 Design deployment workflow.

    2.6 Define process for non-standard software requests.

    Outputs

    Software standards

    Standard Operating Procedures

    SAM Process Workflows

    3 Manage, Redeploy & Retire

    The Purpose

    Define processes for software inventory, maintenance, harvest and redeployment, and retirement.

    Key Benefits Achieved

    Defined process for conducting software inventory

    Maintenance and patch policy

    Documented workflows for software harvest and redeployment as well as retirement

    Activities

    3.1 Define process for conducting software inventory.

    3.2 Define policies for software maintenance and patches.

    3.3 Map software license harvest and reallocation process.

    3.4 Define policy for retiring software.

    Outputs

    Standard Operating Procedures

    Patch management policy

    SAM Process Workflows

    4 Build Supporting Processes & Tools

    The Purpose

    Build processes for audits, identify tool requirements, and plan the implementation.

    Key Benefits Achieved

    Defined process for internal and external audits

    Tool requirements

    Communication and implementation plan

    Activities

    4.1 Define and document the internal audit process.

    4.2 Define and document the external audit process.

    4.3 Document tool requirements.

    4.4 Develop a communication plan.

    4.5 Prepare an FAQ list.

    4.6 Identify SAM policies.

    4.7 Develop a SAM roadmap to plan your implementation.

    Outputs

    Audit response templates

    Tool requirements

    Communication plan

    End-user FAQ list

    Software Asset Management Policy

    Implementation roadmap

    Further reading

    Implement Software Asset Management

    Go beyond tracking licenses to proactively managing software throughout its lifecycle.

    Table of contents

    1. Title
    2. Executive Brief
    3. Execute the Project/DIY Guide
    4. Next Steps
    5. Appendix

    Analyst Perspective

    “Organizations often conflate software asset management (SAM) with license tracking. SAM is not merely knowing how many licenses you require to be in compliance; it’s asking the deeper budgetary questions to right-size your software spend.

    Software audits are a growing concern for businesses, but proactive reporting and decision making supported by quality data will mitigate audit risks. Value is left on the table through underused or poor-quality data, so active data management must be in play. A dedicated ITAM tool can assist with extracting value from your license data.

    Achieving an optimized SAM program is a transformative effort, but the people, processes, and technology need to be in place before that can happen.” (Sandi Conrad, Senior Director, Infrastructure & Operations Practice, Info-Tech Research Group)

    Software license complexity and audit frequency are increasing: are you prepared to manage the risk?

    This Research Is Designed For:

    • CIOs that want to improve IT’s reputation with the business.
    • CIOs that want to eliminate the threat of a software audit.
    • Organizations that want proactive reporting that benefits the entire business.
    • IT managers who want visibility into their software usage.

    This Research Will Help You:

    • Establish a standardized software management process.
    • Track and manage software throughout its lifecycle, from procurement through to retirement or redeployment.
    • Rationalize your software license estate.
    • Improve your negotiations with software vendors.
    • Improve the quality of your SAM data gathering and reporting.

    Executive summary

    Situation

    • Organizations are aware of the savings that result from implementing software asset management (SAM), but are unsure of where to start the process. With no formal standards in place for managing licenses, organizations are constantly at risk for costly software audits and poorly executed software spends.

    Complication

    • Poor data-capture procedures produce an incomplete picture of software lifecycles.
    • No centralized repository exists, resulting in fragmented reporting.
    • Audit protocols are ad hoc, resulting in sloppy reporting and time-consuming work.

    Resolution

    • Conduct a current state assessment of existing SAM processes to form an appropriate plan for implementing or improving your SAM program.
    • Build and involve a SAM team in the process from the beginning to help embed the change.
    • Define standard policies, processes, and procedures for each stage of the software asset lifecycle, from procurement through to retirement. Pace yourself; a staged implementation will make your ITAM program a success.
    • Develop an internal audit program to mitigate the risk of costly audits.
    • Once a standardized SAM program and data are in place, you will be able to use the data to optimize and rationalize your software licenses.

    Info-Tech Insight

    A strong SAM program will benefit all aspects of the business.
    Data and reports gained through SAM will enable data-driven decision making for all areas of the business.

    Don’t just track licenses; manage them to create value from data.
    Gathering and monitoring license data is just the beginning. What you do with that data is the real test.

    Win the audit battle without fighting.
    Conduct internal audits to minimize surprises when external audits are requested.

    Build the business case for SAM on cost and risk avoidance

    You can estimate the return even without tools or data.

    Benefit Calculate the return
    Compliance

    How many audits did you have in the past three years?

    How much time did you spend in audit response?

    		Suppose you had two audits each year for the last three years, each with an average $250,000 in settlements.

    A team of four with an average salary of $75,000 each took six months to respond each year, allocating 20% of their work time to the audit.

    You could argue annual audits cost on average $530,000. Increasing ITAM maturity stands to reduce that cost significantly.

    Efficiency

    How much do you spend on software and maintenance by supplier?

    		Suppose you spent $1M on software last year. What if you could reduce the spend by just 10% through better practices?

    SAM can help reduce the annual spend by simplifying support, renegotiating contracts based on asset data, reducing redundancy, and reducing spend.

    The Business Benefits of SAM

    • Compliance: Managing audits and meeting legal, contractual, and regulatory obligations.
    • Efficiency: Reducing costs and making the best use of assets while maintaining service.
    • Agility: Anticipate requirements using asset data for business intelligence and analytics.

    Poor software asset management practices increase costs and risks

    Failure to implement SAM can lead to:

    High cost of undiscovered IT assets
    • Needless procurement of software for new hires can be costly.
    Licensing, liability, and legal violations
    • Legal actions and penalties that result from ineffective SAM processes and license incompliance can severely impact an organization’s financial performance and corporate brand image.
    Compromised security
    • Not knowing what assets you have, who is using them and how, can compromise the security of sensitive information.
    Increased management costs
    • Not having up-to-date software license information impacts decision making, with many management teams failing to respond quickly and efficiently to operational demands.
    Increased disruptions
    • Vendors seek out organizations who don’t manage their software assets effectively; it is likely that you could be subject to major operational disruptions as a result of an audit.
    Poor supplier/vendor relationship
    • Most organizations fear communicating with vendors and are anxious about negotiating new licenses.

    54% — A study by 1E found that only 54% of organizations believe they can identify all unused software in their organization.

    28% — On average, 28% of deployed software is unused, with a wasted cost of $224 per PC on unused software (1E, 2014).

    53% — Express Metrix found that 53% of organizations had been audited within the past two years. Of those, 72% had been audited within the last 12 months.

    SAM delivers cost savings beyond the procurement stage

    SAM delivers cost savings in several ways:

    • Improved negotiating position
      • Certainty around software needs and licensing terms can put the organization in a better negotiating position for new contracts or contract renewals.
    • Improved purchasing position
      • Centralized procurement can allow for improved purchasing agreements with better pricing.
    • More accurate forecasting and spend
      • With accurate data on what software is installed vs. used, more accurate decisions can be made around software purchasing needs and budgeting.
    • Prevention of over deployment
      • Deploy software only where it is needed based on what end users actively use.
    • Software rationalization
      • SAM data may reveal multiple applications performing similar functions that can be rationalized into a single standard software that is used across the enterprise.
    • License harvesting
      • Identify unused licenses that can be harvested and redeployed to other users rather than purchasing new licenses.

    SAM delivers many benefits beyond cost savings

    Manage risk. If licensing terms are not properly observed, the organization is at risk of legal and financial exposure, including illegal software installation, loss of proof of licenses purchased, or breached terms and conditions.

    Control and predict spend. Unexpected problems related to software assets and licenses can significantly impact cash flow.

    Less operational interruptions. Poor software asset management processes could lead to failed deployments, software update interruptions, viruses, or a shutdown of unlicensed applications.

    Avoid security breaches. If data is not secure through software patches and security, confidential information may be disclosed.

    More informed decisions. More accurate data on software assets improves transparency and informs decision making.

    Improved contract management. Automated tools can alert you to when contracts are up for renewal to allow time to plan and negotiate, then purchase the right amount of licenses.

    Avoid penalties. Conduct internal audits and track compliance to avoid fees or penalties if an external audit occurs.

    Reduced IT support. Employees should require less support from the service desk with proper, up to date, licensed software, freeing up time for IT Operations to focus on other work.

    Enhanced productivity. By rationalizing and standardizing software offerings, more staff should be using the same software with the same versioning, allowing for better communication and collaboration.

    Asset management is especially correlated with the following processes

    Being highly effective at asset management means that you are more likely to be highly effective at almost all IT processes, especially:

    Icon for process 'BAI10 Configuration Management'. Configuration Management
    76% more effective         		Icon for process 'ITRG03 Manage Service Catalogs'. Service Catalog
    74% more effective
    Icon for process 'APO11 Quality Management'. Quality Management
    63% more effective         		Icon for process 'ITRG08 Data Quality'. Data Quality
    62% more effective
    Icon for process 'MEA01 Performance Measurement'. Performance Measurement
    61% more effective         		Icon for process 'BAI05 Organizational Change Management'. Organizational Change Management
    60% more effective
    Icon for process 'APO05 Portfolio Management'. Portfolio Management
    59% more effective         		Icon for process 'APO03 Enterprise Architecture'. Enterprise Architecture
    58% more effective

    Why? Good SAM processes are integral to both service management and configuration management

    (Source: Info-Tech Research Group, IT Management and Governance Diagnostic; N=972 organizations) (High asset management effectiveness was defined as those organizations with an effectiveness score of 8 or above.)

    To accelerate progress, Info-Tech Research Group parses software asset management into its essential processes

    Focus on software asset management essentials

    Software Procurement:

    • Define procurement standards for software and related warranties and support options.
    • Develop processes and workflows for purchasing and work out financial implications to inform budgeting later.

    Software Deployment and Maintenance:

    • Define policies, processes, and workflows for software receiving, deployment, and maintenance practices.
    • Develop processes and workflows for managing imaging, harvests and redeployments, service requests, and large-scale rollouts.

    Software Harvest and Retirement:

    • Manage the employee termination and software harvest cycle.
    • Develop processes, policies, and workflows for software security and retirement.

    Software Contract and Audit Management:

    • Develop processes for data collection and validation to prepare for an audit.
    • Define metrics and reporting processes to keep asset management processes on track.
    A diagram that looks like a tier circle with 'Implement SAM' at the center. The second ring has 'Request & Procure', 'Receive & Deploy', 'Manage & Maintain', and 'Harvest & Retire'. The third ring seems to be a cycle beginning with 'Plan', 'Request', 'Procure', 'Deploy', 'Manage', 'Retire', and back to 'Plan'.

    Asset management is a key piece of Info-Tech’s COBIT-based IT Management and Governance Framework

    The Info-Tech / COBIT5 IT Management & Governance Framework, a number of IT process icons arranged like a periodic table. A magnifying glass highlights process 'BAI09 Asset Management' in the 'Infrastructure & Operations' category.

    Follow Info-Tech's methodology to build a plan to implement software asset management

    Phase 1
    Assess & Plan     		Phase 2
    Procure, Receive & Deploy     		Phase 3
    Manage, Redeploy & Retire     		Phase 4
    Build supporting processes

    1.1

    		 Assess current state

    2.1

    		 Request & procure

    3.1

    		 Manage & maintain contracts

    4.1

    		 Compliance & audits

    1.2

    		 Build team and define metrics

    2.2

    		 Receive & deploy

    3.2

    		 Harvest or retire

    4.2

    		 Communicate & build roadmap

    1.3

    		 Plan & budget
    Deliverables
    Standard Operating Procedures (SOP)
    SAM maturity assessment Process workflows Process workflows Audit response templates
    RACI chart Software standards Patch management policy Communication plan & FAQ template
    SAM metrics SAM policies
    SAM budget workbook

    Thanks to SAM, Visa saved $200 million in three years

    Logo for VISA.

    Case Study

    Industry: Financial Services
    Source: International Business Software Managers Association

    Visa, Inc.

    Visa, Inc. is the largest payment processing company in the world, with a network that can handle over 40,000 transactions every minute.

    Software Asset Management Program

    In 2006, Visa launched a formal IT asset management program, but it was not until 2011 that it initiated a focus on SAM. Joe Birdsong, the SAM director, first addressed four major enterprise license agreements (ELAs) and compliance issues. The SAM team implemented a few dedicated SAM tools in conjunction with an aggressive approach to training.

    Results

    The proactive approach taken by Visa used a three-pronged strategy: people, process, and tools. The process included ELA negotiations, audit responses, and software license rationalization exercises.

    According to Birdsong, “In the past three years, SAM has been credited with saving Visa over $200 million.”

    An timeline arrow with benchmarks, in order: 'Tool purchases', 'ELA negotiations', 'License rationalization', 'Audit responses', '$200 million in savings in just three years thanks to optimized SAM processes'.

    Info-Tech delivers: Use our tools and templates to accelerate your project to completion

    Thumbnail of Info-Tech's 'SAM Standard Operating Procedures (SOP)'.
    SAM Standard Operating Procedures (SOP)     		Thumbnail of Info-Tech's 'SAM Maturity Assessment'.
    SAM Maturity Assessment     		Thumbnail of Info-Tech's 'SAM Visio Process Workflows'.
    SAM Visio Process Workflows     		Thumbnail of Info-Tech's 'SAM Budget Workbook'.
    SAM Budget Workbook
    Thumbnail of Info-Tech's 'Additional SAM Policy Templates'.
    Additional SAM Policy Templates     		Thumbnail of Info-Tech's 'Software Asset Management Policy'.
    Software Asset Management Policy     		Thumbnail of Info-Tech's 'SAM Communication Plan'.
    SAM Communication Plan     		Thumbnail of Info-Tech's 'SAM FAQ Template'.
    SAM FAQ Template

    Use these insights to help guide your understanding of the project

    • SAM provides value to other processes in IT.
      Data, reports, and savings gained through SAM will enable data-driven decision making for all areas of the business.
    • Don’t just track licenses; manage them to create value from data.
      Gathering and monitoring license data is just the beginning. What you do with that data is the real test.
    • SAM isn’t about managing costs; it’s about understanding your environment to make better decisions.
      Capital tied up in software can impact the progress of other projects.
    • Managing licenses can impact the entire organization.
      Gain project buy-in from stakeholders by articulating the impact that managing licenses can have on other projects and the prevalence of shadow IT.

    Measure the value of a guided implementation (GI)

    Engaging in GIs doesn’t just offer valuable project advice, it also results in significant cost savings.

    GI Measured Value (Assuming 260 workdays in a year)
    Phase 1: Assess & Plan
    • Time, value, and resources saved by using Info-Tech’s methodology to assess current state and create a defined SAM team with actionable metrics
    • For example, 2 FTEs * 5 days * $80,000/year = $6,400
    Phase 2: Procure, Receive & Deploy
    • Time, value, and resources saved by using Info-Tech’s methodology to streamline request, procurement, receiving, and deployment processes for software assets.
    • For example, 2 FTEs * 5 days * $80,000/year = $6,400
    Phase 3: Manage, Redeploy & Retire
    • Time, value, and resources saved by using Info-Tech’s methodology to streamline the maintenance, inventory, license redeployment, and software retiring processes.
    • For example, 2 FTEs * 5 days * $80,000/year = $6,400
    Phase 4: Build Supporting Processes and Tools
    • Time, resources, and potential audit fines saved by using Info-Tech’s methodology to improve audit defense processes ($298,325 average audit penalty (Based on the results of Cherwell Software’s 2013 Software Audit Industry Report)) and design a communication and implementation plan.
    • For example, 2 FTEs * 5days * $80,000/year = $6,400 + $298,325 = $304,725
    Total savings $330,325

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Implement Software Asset Management – project overview

    Phase 1: Assess & plan Phase 2: Procure, receive & deploy Phase 3: Manage, redeploy & retire Phase 4: Build supporting processes
    Supporting Tool icon Best-Practice Toolkit

    Step 1.1: Assess current state

    Step 1.2: Build team and define metrics

    Step 1.3: Plan and budget

    Step 2.1: Request and procure

    Step 2.2: Receive and deploy

    Step 3.1: Manage and maintain contracts

    Step 3.2: Harvest, redeploy, or retire

    Step 4.1: Compliance and audits

    Step 4.2: Communicate and build roadmap

    Guided Implementations
    • Assess current state and challenges.
    • Define roles and responsibilities as well as metrics.
    • Discuss SAM budgeting.
    • Define software standards and procurement process.
    • Build processes for receiving software and deploying software.
    • Define process for conducting software inventory and maintenance and patches.
    • Build software harvest and redeployment processes and retirement.
    • Define process for internal and external audits.
    • Develop communication and implementation plan.
    Associated Activity icon Onsite Workshop Module 1:
    Assess & Plan     		Module 2:
    Map Core Processes: Procure, Receive & Deploy     		Module 3:
    Map Core Processes: Manage, Redeploy & Retire     		Module 4:
    Prepare for audit, build roadmap and communications

    Workshop Overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4
    Activities
    Assess & Plan

    1.1 Outline SAM challenges and objectives

    1.2 Assess current state

    1.3 Identify roles and responsibilities for SAM team

    1.4 Identify metrics and reports

    1.5 Identify SAM functions to centralize vs. decentralize

    1.6 Plan SAM budget process

    Map Core Processes: Procure, Receive & Deploy

    2.1 Determine software standards

    2.2 Define procurement process for new contracts

    2.3 Define process for contract renewals and additional procurement scenarios

    2.4 Design process for receiving software

    2.5 Design deployment workflow

    2.6 Define process for non-standard software requests

    Map Core Processes: Manage, Redeploy & Retire

    3.1 Define process for conducting software inventory

    3.2 Define policies for software maintenance and patches

    3.3 Map software license harvest and reallocation process

    3.4 Define policy for retiring software

    Build Supporting Processes

    4.1 Define and document the internal audit process

    4.2 Define and document the external audit process

    4.3 Develop a communication plan

    4.4 Prepare an FAQ list

    4.5 Identify SAM policies

    4.6 Develop a SAM roadmap to plan your implementation

    Deliverables
    • SAM maturity assessment
    • RACI chart
    • Defined metrics and reports
    • Budget workbook
    • Process workflows
    • Software standards
    • Process workflows
    • Patch management policy
    • Standard operating procedures
    • Audit response templates
    • Communication plan
    • FAQ template
    • Additional policy templates
    • Roadmap of initiatives

    Use these icons to help direct you as you navigate this research

    Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

    A small monochrome icon of a wrench and screwdriver creating an X.

    This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

    A small monochrome icon depicting a person in front of a blank slide.

    This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.

    Phase 1: Assess Current State

    VISA fought fire with fire to combat costly software audits

    Logo for VISA.

    Case Study

    Industry: Financial Services
    Source: SAM Summit 2014

    Challenge

    Visa implemented an IT asset management program in 2006. After years of software audit teams from large firms visiting and leaving expensive software compliance bills, the world’s leading payment processing company decided it was time for a change.

    Upper management recognized that it needed to combat audits. It had the infrastructure in place and the budget to purchase SAM tools that could run discovery and tracking functions, but it was lacking the people and processes necessary for a mature SAM program.

    Solution

    Visa decided to fight fire with fire. It initially contracted the same third-party audit teams to help build out its SAM processes. Eventually, Visa formed a new SAM team that was led by a group of former auditors.

    The former auditors recognized that their role was not technology based, so a group of technical individuals were hired to help roll out various SAM tools.

    The team rolled out tools like BDNA Discover and Normalize, Flexera FlexNet Manager, and Microsoft SCCM.

    Results

    To establish an effective SAM team, diverse talent is key. Visa focused on employees that were consultative but also technical. Their team needed to build relationships with teams within the organization and externally with vendors.

    Most importantly, the leaders of the team needed to think like auditors to better prepare for audits. According to Joe Birdsong, SAM Director at Visa, “we want to be viewed as a team that can go in and help right-size their environment and better understand licensing to help teams make better decisions.”

    The SAM team was only the beginning.

    Step 1.1 Assess current state and plan scope

    Phase 1:
    Assess & Plan    		This step will walk you through the following activities:This step involves the following participants:

    1.1

    		Assess current state
    • 1.1.1 Outline the organization’s SAM challenges
    • 1.1.2 Identify objectives of SAM program
    • 1.1.3 Determine the maturity of your SAM program
    • Project Sponsor
    • IT Director, CIO
    • IT Managers and SAM Manager

    1.2

    		Build team and define metrics

    1.3

    		Plan & budget

    Step Outcomes

    • An outline of the challenges related to SAM
    • A clear direction for the program based on drivers, anticipated benefits, and goals
    • A completed maturity assessment of current SAM processes

    Sketch out challenges related to software asset management to shape the direction of the project

    Common SAM challenges

    • Audits are disruptive, time-consuming, and costly
    • No audit strategy and response in place
    • Software non-compliance risk is too high
    • Lacking data to forecast software needs
    • No central repository of software licenses
    • Untracked or unused software licenses results in wasted spend
    • Software license and maintenance costs account for a large percentage of the budget
    • Lacking data to know what software is purchased and deployed across the organization
    • Lack of software standards make it difficult to collect consistent information about software products
    • New software licenses are purchased when existing licenses remain on the shelf or multiple similar software products are purchased
    • Employees or departments make ad hoc purchases, resulting in overspending and reduced purchasing power
    • License renewal dates come up unexpectedly without time for adequate decision making
    • No communication between departments to coordinate software purchasing
    • Difficult to stay up to date with software licensing rule changes to remain in compliance
    • Processes and policies are unstandardized and undocumented

    Outline the organization’s SAM challenges

    Associated Activity icon 1.1.1 Brainstorm SAM challenges

    Participants: CIO/CFO, IT Director, Asset Manager, Purchasing, Service Desk Manager, Security (optional), Operations (optional)

    1. Distribute sticky notes to participants. Have everyone start by identifying challenges they face as a result of poor software asset management.
    2. As group, discuss and outline the software asset management challenges facing the organization. These may be challenges caused by poor SAM processes or simply by a lack of process. Group the challenges into key pain points to inform the current state discussion and assessment to follow.

    To be effective with software asset management, understand the drivers and potential impact to the organization

    Drivers of effective SAM Results of effective SAM
    Contracts and vendor licensing programs are complex and challenging to administer without data related to assets and their environment. Improved access to accurate data on contracts, licensing, warranties, installed software for new contracts, renewals, and audit requests.
    Increased need to meet compliance requires a formal approach to tracking and managing assets. Encryption, software application controls, and change notifications all contribute to better asset controls and data security.
    Cost cutting is on the agenda, and management is looking to reduce overall IT spend in the organization in any possible way. Reduction of software spend through data for better forecasting, planning, and licensing rationalization and harvesting.
    Audits are time consuming, disruptive to project timelines and productivity, and costly. Respond to audits with a formalized process, accurate data, and minimal disruption using always-available reporting.

    Determine goals to focus the direction of your SAM program

    Associated Activity icon 1.1.2 Identify objectives of the SAM program

    Participants: CIO/CFO, IT Director, Asset Manager, Service Manager (optional)

    Document: Document in the Standard Operating Procedures.

    1. Identify the drivers behind the software asset management implementation or improvement project. List on a whiteboard or flip chart.
    2. Using the project drivers as input, brainstorm the goals of the SAM project. Discuss the goals as a group and finalize into a list of objectives for the SAM program.
    3. Record the objectives in the SOP and keep them in mind as you work through the rest of the project.

    Sample Objectives:

    1. A single data repository to efficiently manage assets for their entire lifecycle.
    2. Formalizing a methodology for documenting assets to make data retrieval easy and accurate.
    3. Defining and documenting processes to determine where improvements can be made.
    4. Improving customer experience in accessing, using, and maintaining assets.
    5. Centralizing contract information.
    6. Providing access to information for all technical teams as needed.

    Implementing SAM processes will support other IT functions

    By improving how you manage your licenses and audit requests, you will not only provide benefits through a mature SAM program, you will also improve your service desk and disaster recovery functions.

    Service Desk Disaster Recovery
    • Effective service desk tickets require a certain degree of technical detail for completion that a SAM program often provides.
    • Many tools are available that can handle both ITSM and ITAM functions. Your SAM data can be integrated into many of your service desk functions.
    • For example, if a particular application is causing a high number of tickets, SAM data could show the application’s license is almost expired and its usage has decreased due to end-user frustrations. The SAM team could review the application and decide to purchase software that better meets end-user needs.
    • If you don’t know what you have, you don’t know what needs to be back online first.
    • The ability to restore system functionality is heavily dependent on the ability to locate or reproduce master media documentation and system configuration information.
    • If systems/software are permanently lost, the ability to recover software licensing information is crucial to preserving compliance.
    • License agreement and software are needed to demonstrate software ownership. Unless the proof of ownership is present, there is no proof of compliance.
    Short description of Info-Tech blueprint 'Standardize the Service Desk'. Short description of Info-Tech blueprint 'Create a Right-Sized Disaster Recovery Plan'.

    Each level of SAM maturity comes with its own unique challenges

    Maturity People & Policies Processes Technology
    Chaos
    • No dedicated staff
    • No policies published
    • Procedures not documented or standardized
    • Licenses purchased randomly
    • Help desk images machines, but users can buy and install software
    • Minimal tracking tools in place
    Reactive
    • Semi-focused SAM manager
    • No policies published
    • Reliance on suppliers to provide reports for software purchases
    • Buy licenses as needed
    • Software installations limited to help desk
    • Discovery tools and spreadsheets used to manage software
    Controlled
    • Full-time SAM manager
    • End-user policies published and requiring sign-off
    • License reviews with maintenance and support renewals
    • SAM manager involved in budgeting and planning sessions
    • Discovery and inventory tools used to manage software
    • Compliance reports run as needed
    Proactive
    • Extended SAM team, including help desk and purchasing
    • Corporate anti-piracy statement in place and enforced
    • Quarterly license reviews
    • Centralized view into software licenses
    • Software requests through service catalog with defined standard and non-standard software
    • Product usage reports and alerts in place to harvest and reuse licenses
    • Compliance and usage reports used to negotiate software contracts
    Optimized
    • SAM manager trained and certified
    • Working with HR, Legal, Finance, and IT to enforce policies
    • Full support and maintenance analysis for all license reviews
    • Quarterly meetings with SAM team to review policies, procedures, upcoming contracts, and rollouts
    • Software deployed automatically through service catalog/apps store
    • Detailed savings reports provided to executive team annually
    • Automated policy enforcement and process workflows

    Determine the maturity of your SAM program

    Supporting Tool icon 1.1.3 Use the SAM Maturity Assessment Tool
    1. Download the SAM Maturity Assessment Tool and go to tab 2.
    2. Complete the self-assessment in all seven categories:
      1. Control Environment
      2. Roles & Responsibilities
      3. Policies & Procedures
      4. Competence
      5. Planning & Implementation Process
      6. Monitoring & Review
      7. Inventory Processes
    3. Go to tab 3 and examine the graphs produced. Identify the areas in your SAM program that require the most attention and which are already relatively mature.
    4. Use the results of this maturity assessment to focus the efforts of the project moving forward. Return to the assessment after a pre-determined time (e.g. one year later) to track improvement in maturity over time.
    Screenshot of the results page from the SAM Maturity Assessment Tool. Screenshot of the processes page from the SAM Maturity Assessment Tool.

    Step 1.2 Build team and define metrics

    Phase 1:
    Assess & Plan    		This step will walk you through the following activities:This step involves the following participants:

    1.1

    		Assess current state
    • 1.2.1 Identify roles and responsibilities for SAM team
    • 1.2.2 Identify metrics and KPIs to track the success of your SAM program
    • 1.2.3 Define SAM reports to track metrics
    • CIO/CFO
    • IT Director
    • SAM Manager
    • SAM Team
    • Service Desk Manager

    1.2

    		Build team and define metrics

    1.3

    		Plan & budget

    Step Outcomes

    • A description of the roles and responsibilities of IT staff involved in SAM
    • A list of metrics and reports to track to measure the success of the software asset management program

    Define roles and responsibilities for the SAM program

    Roles and responsibilities should be adapted to fit specific organizational requirements based on its size, structure, and distribution and the scope of the program. Not all roles are necessary and in small organizations, one or two people may fulfill multiple roles.

    Senior Management Sponsor – Ensures visibility and support for the program.

    IT Asset Manager – Responsible for management of all assets and maintaining asset database.

    Software Asset Manager – Responsible for management of all software assets (a subset of the overall responsibility of the IT Asset Manager).

    SAM Process Owner – Responsible for overall effectiveness and efficiency of SAM processes.

    Asset Analyst – Maintains up-to-date records of all IT assets, including software version control.

    Additional roles that interact with SAM:

    • Security Manager
    • Auditors
    • Procurement Manager
    • Legal Council
    • Change Manager
    • Configuration Manager
    • Release and Deployment Manager
    • Service Desk Manager

    Form a software asset management team to drive project success

    Many organizations simply do not have a large enough staff to hire a full-time software asset manager. The role will need to be championed by an internal employee.

    Avoid filling this position with a temporary contract; one of the most difficult operational factors in SAM implementation and continuity is constant turnover and organizational shifts. Hiring a software asset manager on contract might get the project going faster, but without the knowledge gained by doing the processes, the program won’t have enough momentum to sustain itself.

    Software Asset Manager Duties

    • Gather proof of license.
    • Record and track all assets within the SAM repository.
    • Produce compliance reports.
    • Preparation of budget requests.
    • Administration of software renewal process.
    • Contract and support analysis.
    • Document procedures.
    • Ensure project is on track.

    SAM Team Member Duties

    • Record license and contract data in SAM tool.
    • Assist in production of SAM reports.
    • Data analysis.
    • Match tickets to SAM data.
    • Assist in documentation.
    • Assist in compliance reports.
    • Gather feedback from end users.

    Info-Tech Best Practice

    Make sure your SAM team is diverse. The SAM team will need to be skilled at achieving compliance, but there is also a need for technically skilled individuals to maximize the function of the SAM tool(s) at your organization.

    Identify roles and responsibilities for SAM

    Associated Activity icon 1.2.1 Complete a RACI chart for your organization

    Participants: CIO/CFO, IT Director, SAM Manager, SAM Team, Service Desk Manager

    Document: Document in the Standard Operating Procedures.

    Determine the roles and responsibilities for your SAM program. Record the results in a RACI (responsible, accountable, consulted, informed) chart such as the example below.

    SAM Processes and Tasks CIO CFO SAM Manager IT Director Service Management Team IT Ops Security Finance Legal Project Manager
    Policies/Governance A C R R I I C I R I
    Strategy A C R R I I I I C
    Risk Management/Asset Security A C R R C R C C C
    Data Entry/Quality I I A R R
    Compliance Auditing R C A R I I I I
    Education & Training R I A C I I
    Contract Lifecycle Management R R A R C C C C R C
    Workflows R C A R I I I R I C/I
    Budgeting R R R A C R
    Software Acquisition R I A R I C R C C
    Controls/Reporting R I A R I I C I
    Optimize License Harvesting I I A R I C C

    Identify metrics to form the framework of the project

    Trying to achieve goals without metrics is like trying to cook without measuring your ingredients. You might succeed, but you’ll have no idea how to replicate it.

    SAM metrics should measure one of five categories:

    • Quantity → How many do we have? How many do we want?
    • Compliance → What is the level of compliance in a specific area?
    • Duration → How long does it take to achieve the desired result?
    • Financial → What is the cost/value? What is our comparative spend?
    • Quality → How good was the end result? E.g. Completeness, accuracy, timeliness

    The metrics you track depend on your maturity level. As your organization shifts in maturity, the metrics you prioritize for tracking will shift to reflect that change. Example:

    Metric category Low maturity metric High maturity metric
    Compliance % of software installed that is unauthorized % of vendors in effective licensing position (ELP) report
    Quantity % of licenses documented in ITAM tool % of requests made through unauthorized channels

    Associate KPIs and metrics with SAM goals

    • Identify the critical success factors (CSFs) for your software asset management program based on strategic goals.
    • For each success factor, identify the key performance indicators (KPIs) to measure success, as well as specific metrics that will be tracked and reported on.
    • Sample metrics are below:

    CSF = Goal, or what success looks like

    KPI = How achievement of goal will be defined

    Metric = Numerical measure to determine if KPI has been achieved

    CSF/Goal KPI Metrics
    Improve accuracy of software budget and forecasting
    • Reduce software spend by 5%
    • Total software asset spending
    • Budgeted software spend vs. actual software spend
    Avoid over purchasing software licenses and optimize use of existing licenses
    • Reduce number of unused and underused licenses by 10%
    • Number of unused licenses
    • Money saved from harvesting licenses instead of purchasing new ones
    Improve accuracy of data
    • Data in SAM tool matches what is deployed with 95% accuracy
    • Percentage of entitlements recorded in SAM tool
    • Percentage of software titles recognized by SAM tool
    Improved service delivery
    • Reduce time to deploy new software by 10%
    • Mean time to purchase new software
    • Mean time to fulfill new software requests

    Identify metrics and KPIs to track the success of your SAM program

    Associated Activity icon 1.2.2 Brainstorm metrics and KPIs

    Participants: CIO, IT Director, SAM Manager, SAM Team

    Document: Document in the Standard Operating Procedures.

    1. Discuss the goals and objectives of implementing or improving software asset management, based on challenges identified earlier.
    2. From the goals, identify the critical success factors for the SAM program.
    3. For each CSF, identify one to three key performance indicators (KPIs) to evaluate achievement of the success factor.
    4. For each KPI, identify one to three metrics that can be tracked and reported on to measure success. Ensure that the metrics are tangible and measurable.

    Use the table below as an example.

    Goal/CSF KPI Metric
    Improve license visibility Increase accuracy and completeness of SAM data
    • % of total titles included in ITAM tool
    • % of licenses documented in ITAM tool
    Reduce software costs Reduce number of unused software licenses by 20%
    • % of licenses assigned to ex-employees
    • % of deployed licenses that have not been used in the past six months
    Reduce shadow IT Reduce number of unauthorized software purchases and installations by 10%
    • % of software requests made through unauthorized channels
    • % of software installed that is unauthorized

    Tailor metrics and reports to specific stakeholders

    Asset Managers

    Asset managers require data to manage how licenses are distributed throughout the organization. Are there multiple versions of the same application deployed? What proportion of licenses deployed are assigned to employees who are no longer at the organization? What are the usage patterns for applications?

    Service Desk Technicians

    Service desk technicians need real-time data on licenses currently available to deploy to machines that need to be imaged/updated, otherwise there is a risk of breaching a vendor agreement.

    Business Managers and Executives

    Business managers and executives need reports to make strategic decisions. The reports created for business stakeholders need to help them align business projects or business processes with SAM metrics. To determine which reports will provide the most value, start by looking at business goals and determining the tactical data that will help inform and support these goals and their progress.

    Additional reporting guidelines:

    • Dashboards should provide quick-glance information for daily maintenance.
    • Alerts should be set for all contract renewals to provide enough advanced notice (e.g. 90 days).
    • Reports should be automated to provide actionable information to appropriate stakeholders as needed.

    Define SAM reports to track metrics

    Associated Activity icon 1.2.3 Identify reports and metrics to track regularly

    Participants: CIO, IT Director, SAM Manager, SAM Team

    Document: Document in the Standard Operating Procedures.

    1. Identify key stakeholders requiring SAM reports. For each audience, identify their goals and requirements from reporting.
    2. Using the list of metrics identified previously, sort metrics into reports for each audience based on their requirements and goals. Add any additional metrics required.
    3. Identify a reporting frequency for each report.

    Example:

    Stakeholder Purpose Report Frequency
    Asset Manager
    • Manage budget
    • Manage contracts and cash flow
    • Ensure processes are being followed
    		 Operational budget spent to date Monthly
    Capital budget spent to date Monthly
    Contracts coming due for renewal Quarterly
    Software harvested for redeployment Quarterly
    Number of single applications being managed Annually
    CFO
    • Manage budget
    • Manage cash flow
    		 Software purchased, operational & capital Monthly
    Software accrued for future purchases Monthly
    Contracts coming due for renewal
    • Include dollar value, savings/spend
    		 Quarterly
    CIO
    • Resource planning
    • Progress reporting
    		 Software deployments and redeployments Monthly
    Software rollouts planned Quarterly
    % of applications patched Quarterly
    Money saved Annually
    Number of contracts & apps managed Quarterly

    Step 1.3 Plan the SAM program and budget

    Phase 1:
    Assess & Plan    		This step will walk you through the following activities:This step involves the following participants:

    1.1

    		Assess current state
    • 1.3.1 Identify SAM functions to centralize vs. decentralize
    • 1.3.2 Complete the SAM budget tool
    • Project Sponsor
    • IT Director, CIO
    • IT Managers and SAM Manager
    • CFO

    1.2

    		Build team and define metrics

    1.3

    		Plan & budget

    Step Outcomes

    • Defined scope for the SAM program in terms of the degree of centralization of core functions and contracts
    • A clearer picture of software spend through the use of a SAM budgeting tool.

    Asset managers need to be involved in infrastructure projects at the decision-making stage

    Ensure that your software asset manager is at the table when making key IT decisions.

    Many infrastructure managers and business managers are unaware of how software licensing can impact projects. For example, changes in core infrastructure configuration can have big impacts from a software licensing perspective.

    Mini Case Study

    • When a large healthcare organization’s core infrastructure team decided to make changes to their environment, they failed to involve their asset manager in the decision-making process.
    • When the healthcare organization decided to make changes to their servers, they were running Oracle software on their servers, but the licenses were not being tracked.
    • When the change was being made to the servers, the business contacted Oracle to notify them of the change. What began as a tech services call quickly devolved into a licensing error; the vendor determined that the licenses deployed in the server environment were unauthorized.
    • For breaching the licensing agreement, Oracle fined the healthcare organization $250,000.
    • Had the asset manager been involved in the process, they would have understood the implications that altering the hardware configuration would have on the licensing agreement and a very expensive mistake could have been avoided.

    Decide on the degree of centralization for core SAM functions

    • Larger organizations with multiple divisions or business units will need to decide which SAM functions will be centralized and which, if any, will be decentralized as they plan the scope of their SAM program. Generally, certain core functions should be centralized for the SAM program to deliver the greatest benefits.
    • The degree of centralization may also be broken down by contract, with some contracts centralized and some decentralized.
    • A centralized SAM database gives needed visibility into software assets and licenses across the organization, but operation of the database may also be done locally.

    Centralization

    • Allows for more strategic planning
    • Visibility into software licenses across the organization promotes rationalization and cost savings
    • Ensure common products are used
    • More strategic sourcing of vendors and resellers
    • Centrally negotiate pricing for better deals
    • Easier to manage risk and prepare for audits
    • Greater coordination of resources

    Decentralization

    • May allow for more innovation
    • May be easier to demonstrate local compliance if the organization is geographically decentralized
    • May be easier to procure software if offices are in different countries
    • Deployment and installation of software on user devices may be easier

    Identify SAM functions to centralize vs. decentralize

    Associated Activity icon 1.3.1 Identify functions for centralization

    Participants: CIO, IT Director, SAM Manager, SAM Team

    Document: Document in the Standard Operating Procedures.

    1. If applicable, identify SAM functions that will need to be centralized and evaluate the implications of centralization to ensure it is feasible.
    2. If applicable, identify SAM functions that will be decentralized, if resources are available to manage those functions locally.

    Example:

    Centralized Functions
    • Operation of SAM database
    • SAM budget
    • Vendor selection
    • Contract negotiation and purchasing
    • Data analysis
    • Software receiving and inventory
    • Audits and risk management
    Decentralized functions
    • Procurement
    • Deployment and installation

    Software comprises the largest part of the infrastructure and operations budget

    After employee salaries (38%), the four next largest spend buckets have historically been infrastructure related. Adding salaries and external services, the average annual infrastructure and operations spend is over 50% of all IT spend.

    The largest portion of that spend is on software license and maintenance. As of 2016, software accounted for the roughly the same budget total as voice communications, data communications, and hardware combined. Managing software contracts is a crucial part of any mature budgeting process.

    Graph showing the percentage of all IT spend used for 'Ongoing software license and maintenance' annually. In 2010 it was 17%; in 2018 it was 21%. Graph showing the percentage of all IT spend used for 'Hardware maintenance / upgrades' annually. In 2010 it was 7%; in 2018 it was 8%. Graph showing the percentage of all IT spend used for 'Data communications' annually. In 2010 it was 7%; in 2018 it was 7%. Graph showing the percentage of all IT spend used for 'Voice communications' annually. In 2010 it was 5%; in 2018 it was 7%.

    Gain control of the budget to increase the success of SAM

    A sophisticated software asset management program will be able to uncover hidden costs, identify opportunities for rationalization, save money through reharvesting unused licenses, and improve forecasting of software usage to help control IT spending.

    While some asset managers may not have experience managing budgets, there are several advantages to the ITAM function owning the budget:

    • Be more involved in negotiating pricing with vendors.
    • Build better relationships with stakeholders across the business.
    • Gain greater purchasing power and have a greater influence on purchasing decisions.
    • Forecast software requirements more accurately.
    • Inform benchmarks and metrics with more data.
    • Directly impact the reduction in IT spend.
    • Manage the asset database more easily and have a greater understanding of software needs.
    • Identify opportunities for cost savings through rationalization.

    Examine your budget from a SAM perspective to optimize software spend

    How does examining your budget from a SAM perspective benefit the business?

    • It provides a chance to examine vendor contracts as they break down contracts by projects and services, which gives a clearer picture of where software fits into the budget.
    • It also gives organizations a chance to review vendor agreements and identify any redundancies present in software supporting services.

    Review the budget:

    • When reviewing your budget, implement a contingency fund to mitigate risk from a possible breach of compliance.
    • If your organization incurs compliance issues that relate to specific services, these fines may be relayed back to the departments that own those services, affecting how much money each department has.
    • The more sure you are of your compliance position, the less likely you are to need a contingency fund, and vice versa.

    Info-Tech Best Practice

    Finance needs to be involved. Their questions may cover:

    • Where are the monthly expenditures? Where are our financial obligations? Do we have different spending amounts based on what time of year it is?

    Use the SAM Budget Workbook to uncover insights about your software spend

    Supporting Tool icon 1.3.2 Complete the SAM budget tool

    The SAM Budget Workbook is designed to assist in developing and justifying the budget for software assets for the upcoming year.

    Instructions

    1. Work through tabs 2-6, following the instructions as you go.
    2. Tab 2 involves selecting software vendors and services provided by software.
    3. Tab 3 involves classifying services by vendor and assigning a cost to them. Tab 3 also allows you to classify the contract status.
    4. Tab 4 is a cost variance tracking sheet for software contracts.
    5. Tabs 5 and 6 are monthly budget sheets that break down software costs by vendor and service, respectively.
    6. Tab 7 provides graphs to analyze the data generated by the tool.
    7. Use the results found on tab 7 to analyze your budget: are you spending too much with one service? Is there vendor overlap based on what project or service that software is reporting?
    Screenshots of the 'Budget of Services Supported by Software Vendors' and 'Software Expense cashflow reports by Vendor' pages from the SAM Budget Workbook. Screenshot of the 'Analysis of Data' page from the SAM Budget Workbook.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1.3

    		 Sample of activity 1.1.3 'Determine the maturity of your SAM program'. Determine the maturity of your SAM program

    Using the SAM Maturity Assessment Tool, fill out a series of questions in a survey to assess the maturity of your current SAM program. The survey assesses seven categories that will allow you to align your strategy to your results.

    1.2.3

    		 Sample of activity 1.2.3 'Define SAM reports to track metrics'. Define SAM reports to track metrics

    Identify key stakeholders with reporting needs, metrics to track to fulfill reporting requirements, and a frequency for producing reports.

    Phase 1 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Assess and Plan

    Proposed Time to Completion (in weeks): 4
    Step 1.1: Assess current state Step 1.2: Build team and define metrics Step 1.3: Plan and budget
    Start with an analyst kick-off call:
    • Outline SAM challenges
    • Overview of the project
    • Assess current maturity level
    		 Review findings with analyst:
    • Define roles and responsibilities of SAM staff
    • Identify metrics and reports to track
    		 Review findings with analyst:
    • Plan centralization of SAM program
    • Discuss SAM budgeting
    Then complete these activities…
    • Identify challenges
    • Identify objectives of SAM program
    • Assess maturity of current state
    		 Then complete these activities…
    • Define roles and responsibilities
    • Identify metrics and KPIs
    • Plan reporting
    		 Then complete these activities…
    • Identify SAM functions to centralize
    • Complete the SAM budgeting tool
    With these tools & templates:
    • SAM Maturity Assessment
    • Standard Operating Procedures
    		 With these tools & templates:
    • Standard Operating Procedures
    		 With these tools & templates:
    • SAM Budget Workbook

    Phase 2: Procure, Receive, and Deploy

    VISA used high-quality SAM data to optimize its software licensing

    Logo for VISA.

    Case Study

    Industry: Financial Services
    Source: SAM Summit 2014

    Challenge

    Visa formed a SAM team in 2011 to combat costly software audits.

    The team’s first task was to use the available SAM data and reconcile licenses deployed throughout the organization.

    Organizations as large as Visa constantly run into issues where they are grossly over or under licensed, causing huge financial risk.

    Solution

    Data collection and analysis were used as part of the license rationalization process. Using a variety of tools combined with a strong team allowed Visa to perform the necessary steps to gather license data and analyze usage.

    One of the key exercises was uniting procurement and deployment data and the teams responsible for each.

    End-to-end visibility allowed the data to be uniform. As a result, better decisions about license rationalization can be made.

    Results

    By improving its measurement of SAM data, Visa was able to dedicate more time to analyze and reconcile its licenses. This led to improved license management and negotiations that reflected actual usage.

    By improving license usage through rationalization, Visa reduced the cost of supporting additional titles.

    The SAM team also performed license reclamation to harvest and redistribute licenses to further improve usage. The team’s final task was to optimize audit responses.

    Step 2.1 Request and procure software

    Phase 2:
    Procure, Receive & Deploy    		This step will walk you through the following activities:This step involves the following participants:

    2.1

    		Request & Procure
    • 2.1.1 Determine which software contracts should be centralized vs. localized
    • 2.1.2 Determine your software standards
    • 2.1.3 Define procurement policy
    • 2.1.4 Identify approvals and requests for authorization thresholds
    • 2.1.5 Build software procurement workflow for new contracts
    • 2.1.6 Define process for contract renewals and additional procurement scenarios
    • IT Director, CIO
    • IT Managers and SAM Manager
    • SAM Team

    2.2

    		Receive & Deploy

    Step Outcomes

    • Defined standards for software requests
    • A documented policy for software procurement including authorization thresholds
    • Documented process workflows for new contracts and contract renewals

    Procurement and SAM teams must work together to optimize purchasing

    Procurement and SAM must collaborate on software purchases to ensure software purchases meet business requirements and take into account all data on existing software and licenses to optimize the purchase and contract. Failure to work together can lead to unnecessary software purchases, overspending on purchases, and undesirable contract terms.

    SAM managers must collaborate with Procurement when purchasing software.

    SAM managers should:

    • Receive requests for software licenses
    • Ensure a duplicate license isn’t already purchased before going through with purchase
    • Ensure the correct license is purchased for the correct individuals
    • Ensure the purchasing information is tracked in the ITAM/SAM tool
    • Report on software usage to inform purchases
    		 Two cartoon people in work attire each holding a piece of a puzzle that fits with the other. Procurement must commit to be involved in the asset management process.

    Procurement should:

    • Review requests and ensure all necessary approvals have been received before purchasing
    • Negotiate optimal contract terms
    • Track and manage purchasing information and invoices and handle financial aspects
    • Use data from SAM team on software usage to decide on contract terms and optimize value

    Centralize procurement to decrease the likelihood of overspending

    Centralized negotiation and purchasing of software can ensure that the SAM team has visibility and control over the procurement process to help prevent overspending and uncontrolled agreements.

    Benefits of centralized procurement

    • Ability to easily manage software demand.
    • Provides capability to effectively manage your relationships with suppliers.
    • Allows for decreased contract processing times.
    • Provides easy access to data with a single consolidated system for tracking assets at an early stage.
    • Reduces number of rogue purchases by individual departments.
    • Efficiency through automation and coordinated effort to examine organization’s compliance and license position.
    • Higher degree of visibility and transparency into asset usage in the organization.

    Info-Tech Insights

    It may be necessary to procure some software locally if organizations have multiple locations, but try to centrally procure and manage the biggest contracts from vendors that are likely to audit the organization. Even with a decentralized model, ensure all teams communicate and that contracts remain visible centrally even if managed locally.

    Standards for software procurement help prevent overspending

    Software procurement is often more difficult for organizations than hardware procurement because:

    • Key departments that need to be involved in the purchasing process do not communicate or interact enough.
    • A fear of software auditing causes organizations to overspend to mitigate risk.
    • Standards are often not in place, with most purchases being made outside of the gold imaging standard.
    • A lack of discovery results in gross overspending on software licenses that are already present and underused.

    Info-Tech Insight

    One of the major challenges involved in implementing SAM is uniting multiple datasets and data sources across the enterprise. A conversation with each major business unit will help with the creation of software procurement standards that are acceptable to all.

    Determine which software contracts should be centralized vs. localized (optional)

    Associated Activity icon 2.1.1 Identify central standard enterprise offerings

    Participants: CIO, IT Director, SAM Manager, SAM Team

    Document: Document in the Standard Operating Procedures.

    1. As a group, list as many software contracts that are in place across the organization as can easily be identified, focusing on top vendors.
    2. Identify which existing software contracts are standard enterprise offerings that are procured and managed centrally and which are non-standard or localized applications.
    3. Looking at the list of non-standard software, identify if any can or should be rationalized or replaced with a standard offering.
    Standard enterprise offerings
    • Microsoft
    • IBM
    • Adobe
    • Dell
    • Cisco
    • VMware
    • Barracuda
    Localized or non-standard software

    Classify your approved software into tiers to improve workflow efficiency

    Not all titles are created equal; classifying your pre-approved and approved software titles into a tiered system will provide numerous benefits for your SAM program.

    The more prestigious the asset tier, the higher the degree of data capture, support, and maintenance required.

    • Mission-critical, high-priority applications are classified as gold standard.
    • Secondary applications or high priority are silver standard.
    • Low-usage applications or normal priority are bronze standard.

    E.g. An enterprise application that needs to be available 24/7, such as a learning management system, should be classified as a gold tier to ensure it has 24/7 support.

    Creating tiers assists stakeholders in justifying the following set of decision points:

    • Which assets will require added maintenance (e.g. software assurance for Microsoft)
    • Technical support requirements to meet business requirements
    • Lifecycle and upgrade cycle of the software assets.
    • Monitoring usage to determine whether licenses can be harvested
    • Authorizations required for purchase requests

    Determine your software standards

    Associated Activity icon 2.1.2 Identify standard software images for your organization

    Participants: Asset Manager, Purchasing, Service Desk Manager, Operations (optional)

    Document: Document in the Standard Operating Procedures.

    1. As a group, discuss and identify the relevant software asset tiers and number of tiers.
    2. For each tier, define:
      • Support requirements (hours and payments)
      • Maintenance requirements (mandatory or optional)
      • Lifecycle (when to upgrade, when to patch)
      • Financial requirements (CapEx/OpEx expenses)
      • Request authorizations (requestors and approvers)
    3. Sort the software contracts identified in the previous category into tiers, for example:
      • Mission-critical software (gold tier)
      • High-priority software (silver tier)
      • Normal-priority software (bronze tier)
    4. Use the SOP as an example.

    Determine which licensing options and methodologies fit into future IT strategy

    Not everyone is ready to embrace the cloud for all solutions; make sure to align cloud strategy to business requirements. Work closely with IT executives to determine appropriate contract terms, licensing options, and tracking processes.

    Vendors make changes to bundles and online services terms on a regular basis. Ensure you document your agreed upon terms to save your required functionality as vendor standard offerings change.

    • Any contracts getting moved to the cloud will need to undergo a contract comparison first.
    • The contract you signed last month could be completely different this month. Many cloud contracts are dynamic in nature.
    • Keep a copy of the electronic contract that you signed in a secure, accessible location.
    • Consider reaching a separate agreement with the vendor that they will ensure you maintain the results of the original agreement to prevent scope creep.

    Not all on-premises to cloud options transition linearly:

    • Features of perpetual licenses may not map to subscriptions
    • Product terms may differ from online services terms
    • Licensing may change from per device to per user
    • Vendor migrations may be more complex than anticipated

    Download the Own the Cloud: Strategy and Action Plan blueprint for more guidance

    Understand the three primary models of software usage agreements

    Licensed Open Source Shareware
    License Structure A software supplier is paid for the permission to use their software. The software is provided free of charge, but is still licensed. The software is provided free of charge, but is still licensed. Usage may be on a trial basis, with full usage granted after purchase.
    Source Code The source code is still owned by the supplier. Source code is provided, allowing users to change and share the software to suit their needs. Source code is property of the original developer/supplier.
    Technical Support Technical support is included in the price of the contract. Technical support may be provided, often in a community-based format from other developers of the open-source software in question. Support may be limited during trial of software, but upgraded once a purchase is made.

    Info-Tech Insight

    Open-source software should be managed in the same manner as commercial software to understand licensing requirements and be aware of any changes to these agreements, such as commercialization of such products, as well as any rules surrounding source code.

    Coordinate with purchasing department to define software procurement policy

    Associated Activity icon 2.1.3 Define procurement policy

    Participants: Asset Manager, Purchasing, Service Desk Manager, Operations (optional)

    Document: Document in the Standard Operating Procedures.

    Define and document policies that will apply to IT software purchases, including policies around:

    • Software purchase approvals
    • Licenses for short-term contractors
    • On-premises vs. SaaS purchases
    • Shareware and freeware fees
    • Open-source software

    Use the example below as guidance and document in the SOP.

    • Software will not be acquired through user corporate credit cards, office supply, petty cash, or personal expense budgets. Purchases made outside of the acceptable processes will not be reimbursed and will be removed from company computers.
    • Contractors who are short term and paid through vendor contracts and invoices will supply their own licenses.
    • Software may be purchased as on-premises or as-a-service solutions as IT deems appropriate for the solution.
    • Shareware and freeware authors will be paid the fee they specify for use of their products.
    • Open-source software will be managed in the same manner as commercial software to understand licensing requirements and be aware of any changes to these agreements, such as commercialization of such products.

    Identify approvals and requests for authorization thresholds

    Associated Activity icon 2.1.4 Identify financial thresholds for approvals and requests

    Participants: Asset Manager, Purchasing, CIO, CFO, IT Director

    Document: Document in the Standard Operating Procedures.

    Identify and classify financial thresholds for contracts requiring approval. For each category of contract value, identify who needs to authorize the request. Discuss and document any other approvals necessary. An example is provided below.

    Example:
    Requests for authorization will need to be directed based on the following financial thresholds:

    Contract value Authorization
    <$50,000 IT Director
    $50,000 to $250,000 CIO
    $250,000 to $500,000 CIO and CFO
    >$500,000 Legal review

    Develop a defined process for software procurement

    A poorly defined software procurement workflow can result in overspending on unnecessary software licensing throughout the year. This can impact budgeting and any potential software refreshes, as businesses will often rely on purchasing what they can afford, not what they need.

    Benefits of a defined workflow

    • Standardized understanding of the authorization processes results in reduced susceptibility to errors and quicker processing times.
    • Compliance with legal regulations.
    • Protection from compliance violations.
    • Transparency with the end user by communicating the process of software procurement to the business.

    Elements to include in procurement workflows:

    • RFP
    • Authorizations and approvals
    • Contract review
    • Internal references to numbers, cost centers, locations, POs, etc.

    Four types of procurement workflows:

    1. New contract – Purchasing brand new software
    2. Add to contract – Adding new POs or line items to an existing contract
    3. Contract renewal – Renewing an existing contract
    4. No contract required – Smaller purchases that don’t require a signed contract

    Outline the procurement process for new contracts

    The procurement workflow may involve the Service Desk, procurement team, and asset manager.

    The following elements should be accounted for:

    • Assignee
    • Requestor
    • Category
    • Type
    • Model or version
    • Requisition number
    • Purchase order number
    • Unit price
    A flowchart outlining the procurement process for new contracts. There are three levels, at the top is 'Tier 2 or Tier 3', the middle is 'IT Procurement', the bottom is 'Asset Manager'. It begins in 'Tier 2 or Tier 3' with 'Approved request received', and if it is not declined it moves on to 'Purchasing request forwarded to Procurement' on the 'IT Procurement' level. If an RFP is required, it eventually moves to 'Receives contract' on the 'Asset Manager' level and ends with 'Document license requirements, notify IT Product Owner'.

    Build software procurement workflow for new contracts

    Associated Activity icon 2.1.5 Build new contract procurement workflow

    Participants: Asset Manager, Purchasing, Service Desk Manager, Operations (optional)

    Document: Document in the Standard Operating Procedures.

    1. As a team, outline each of the tasks in the process of procuring a new software asset using cue cards, sticky notes, or a whiteboard.
    2. Use the sample procurement workflow on the previous slide as an example if needed.
    3. Ensure the following elements required for the asset procurement process have been accounted for:
      • Assignee
      • Requestor
      • Category
      • Type
      • Model or version
      • Requisition number
      • Purchase order number
      • Unit price
    4. Review the workflow and make any adjustments necessary to improve the process. Document using Visio and add to the SOP.

    Review vendor contracts to right-size licensing procurement

    Many of your applications come from the same vendor, and a view into the business services provided by each software vendor contract will prove beneficial to the business.

    • You may uncover overlaps in services provided by software across departments.
    • The same service may be purchased from different vendors simply because two departments never compared notes!
    • This leaves a lot of money on the table from a lack of volume discounts.
    A graphic depicting a Venn diagram in which the 'Software' and 'Services' circles overlap, both of which stem from a 'Vendor Contract'.
    • Be cautious about approaching license budgeting strictly from a cost perspective. SAM is designed to right-size your licenses to properly support your organization.
    • One trap organizations often fall into is bundling discounts. Vendors will offer steep discounts if clients purchase multiple titles. On the surface, this might seem like a great offer.
    • However, what often happens is that organizations will bundle titles to get a steep discount on their prize title of the group.
    • The other titles become shelfware, and when the time comes to renew the contract, the maintenance fees on the shelfware titles will often make the contract more expensive than if only the prize title was purchased.

    Additionally, information regarding what licenses are being used for certain services may yield insight into potential redundancies. For example, two separate departments may have each have a different application deployed that supports the same service. This presents an opportunity for savings based on bulk licensing agreements, not to mention a simplified support environment by reducing the number of titles deployed in your environment.

    Define a procedure for tracking and negotiating contract renewals

    Participants: IT Director/CIO, Asset Manager, Purchasing, Service Desk Manager, Operations (optional)

    Document: Document in the Standard Operating Procedures.

    Discuss and document a policy for tracking and negotiating contract renewals. Answer the following questions as guides:

    • How will renewal dates be tracked and monitored?
    • How soon should contracts be reviewed prior to renewal to determine appropriateness for use and compliance?
    • What criteria will be used to determine if the product should be renewed?
    • Who will be consulted for contract renewal decisions for major contracts?
    • How will licensing and support decisions be made?

    Optional contract review:

    1. Take a sample contract to renew. Create a list of services that are supported by the software. Look for overlaps, redundancies, shelfware, and potential bundling opportunities. Recall the issues outlined when purchasing bundled software.
    2. Create a list of action items to bring into the next round of contract negotiations with that vendor and identify a start date to begin reviewing these items.

    Define process for contract renewals and additional procurement scenarios

    Associated Activity icon 2.1.6 Build additional procurement workflows

    Participants: Asset Manager, Purchasing, Service Desk Manager, Operations (optional)

    Document: Document in the Standard Operating Procedures.

    Build procurement workflows and define policies and procedures for additional purchasing scenarios beyond new contracts.

    This may include:

    1. Contract renewals
    2. Single purchase, non-contract procurement
    3. Adding to contracts

    Use the sample workflows in the Standard Operating Procedures as a guide.

    A flowchart outlining the procurement process for 'Software Contract Renewal'.

    A flowchart outlining the procurement process for 'Software single purchase, non-contract'.

    Negotiate for value to ensure quality license agreements

    Approach negotiating from a value-first, price-second perspective.

    Contract negotiations too often come down to a question of price. While you want to avoid overpaying for licenses, a worse offense is getting a steep discount for a bundle of applications where the majority will go unused.

    Vendors will try to sell a full stack of software at a steep discount to give the illusion of value. Often organizations bite off more than they can chew. When auditors come knocking, the business may be in compliance, but being over-licensed is a dangerous state to be in. Organizations end up over-licensed and in possession of numerous “shelfware” apps that sit on the proverbial shelf collecting dust while drawing expensive maintenance and licensing fees from the business.
    • Pressure from the business is also an issue. Negotiations can be rushed in an effort to fulfill an immediate need.
    • Make sure you clearly outline the level of compliance expected from the vendor.
    • Negotiate reduced-fee software support services. Your Service Desk can already handle the bulk of requests, and investing in a mature Service Desk will provide more lasting value than paying for expensive maintenance and support services that largely go unused.

    Learn to negotiate effectively to optimize contract renewals

    Leverage Info-Tech’s research, Master Contract Review and Negotiation for Software Agreements, to review your software contracts to leverage your unique position during negotiations and find substantial cost savings.

    This blueprint includes the following tools and templates:

    • RASCI Chart
    • Vendor Communication Management Plan
    • Software Business Use Case Template
    • SaaS TCO Calculator
    • Software Terms & Conditions Evaluation Tool
    • Software Buyer’s Checklist
    • Controlled Vendor Communications Letter
    • Key Vendor Fiscal Year End Calendar
    • Contract Negotiation Tactics Playbook

    Step 2.2 Receive and deploy software

    Phase 2:
    Procure, Receive & Deploy    		This step will walk you through the following activities:This step involves the following participants:

    2.1

    		Request & Procure
    • 2.2.1 Identify storage locations for software information and media
    • 2.2.2 Design the workflow for receiving software
    • 2.2.3 Design and document the deployment workflow(s)
    • 2.2.4 Create a list of pre-approved, approved, and unapproved software titles
    • 2.2.5 Document the request and deployment process for non-standard software requests
    • IT Director, CIO
    • IT Managers and SAM Manager
    • SAM Team
    • Purchasing (optional)
    • Service Desk Manager (optional)
    • Operations (optional)
    • Release & Deployment manager (optional)

    2.2

    		Receive & Deploy

    Step Outcomes

    • A strategy for storing software information and media in the ITAM database and DML
    • A documented workflow for the software receiving process
    • Documented process workflows for software requests and deployment, including for large quantities of software
    • A list of pre-approved, approved, and unapproved software titles for deployment
    • A process for responding to non-standard software requests

    Verify product and information upon receipt

    Upon receipt of procured software:

    • Verify that the product is correct
    • Reconcile with purchase record to ensure the order has been completed
    • Verify that the invoice is correct
    • Update financial information such as budget and accounting records
    • Update ITAM database to show status as received
    • Record/attach license keys and software codes in ITAM database
    • Attach relevant documents to record in the ITAM database (license reports, invoices, end-user agreement, etc.)
    • Download and store any installation files, DVDs, and CDs
    • Once software has been installed, verify license is matched to discovered installed software within the ITAM database

    Info-Tech Best Practice

    While most software will be received through email and download, in some cases physical software may be received through courier or mail. Ensure processes and procedures are defined for both cases.

    Establish a secure repository for licenses and documentation

    All licenses, documentation, and digital media for authorized and supported software should be collected and stored in a central, secure location to minimize risk of theft, loss, or unauthorized installation or duplication of software.

    Where to store software data?

    The ITAM database should contain an up-to-date record of all software assets, including their associated:

    • Serial numbers
    • License keys and codes
    • Contracts and agreements

    The database allows you to view software that is installed and associated licenses.

    A definitive media library (DML) is a single logical storage area, which may consist of one or more locations in which definitive authorized versions of all software configuration items are securely stored and protected.

    The DML consists of file storage as well as physical storage of CDs and DVDs and must be continually updated to contain the latest information about each configuration item.

    The DML is used to organize content and link to automated deployment to easily install software.

    Use a definitive media library (DML) to assist in storage of software packages for deployment

    The DML will usually contain the most up-to-date versions to minimize errors created by having unauthorized, old, or problematic software releases being deployed into the live IT environment. The DML can be used for both full-packed product (FPP) software and in-house developed software, providing formalized data around releases of in-house software.

    The DML should consist of two main storage areas:

    1. Secure file storage
    2. Secure physical storage for any master CD/DVDs

    Additional Recommendations:

    • The process of building, testing, adapting, and final pre-production testing should provide your IT department with a solid final deployment package, but the archive will enable you to quickly pull in a previous version if necessary.
    • When upgrading software packages to include new patches or configurations, use the DML to ensure you're referencing a problem-free version.
    • Include the DML in your disaster recovery plan (DRP) and include testing of the DML as part of your DRP testing. If you need to rebuild servers from these files, offsite, you'll want to know your backup DML is sound.

    Ensure you have a strategy to create and update your DML

    Your DML should have a way to separate archived, new, and current software to allow for optimal organization of files and code, to ensure the correct software is installed, and to prepare for automated deployment through the service catalog.

    New software hasn’t been tested yet. Make it available for testing, but not widely available.

    Keep a record for archived software, but do not make it available for install.

    Current software is regularly used and should be available for install.

    Deployment

    • Are you using tools to integrate with the DML for deployment?
    • Store files that are ready for automated deployment in a separate location.

    Identify storage locations for software information and media

    Associated Activity icon 2.2.1 Identify software storage locations

    Participants: Asset Manager, IT Director

    Document: Document in the Standard Operating Procedures.

    1. Identify storage locations for asset data that is received (i.e. ITAM database, DML).
    2. Identify information that should be stored with each asset (i.e. license, serial number, invoice, end-user license agreement) and where this information should be stored.
    3. Identify fields that should be populated in the DML for each record:
      • Product name
      • Version
      • Description
      • Authorized by
      • Received by/date
      • Configuration item on which asset is installed
      • Media
      • Physical and backup locations
      • Verified by/date

    Define the standard process for receiving software

    Define the following in your receiving process:

    • Process for software received by email/download
    • Process for physical material received at Service Desk
    • Information to be recorded and where
    • Process following discrepancy of received software
    A flowchart outlining the standard process for receiving software. There are two levels, at the top is 'Desktop Support Team' and the bottom is 'Procurement'. It begins in 'Desktop Support Team' with 'Received at Service Desk' or 'Receive by email/download'. If the reconciliation is correct it eventually moves on to 'Fulfill service request, deliver and close ticket'. If the reconciliation is not correct it moves to 'Contact vendor with discrepancy details' in 'Procurement'. If a return is required 'Repackage and ship', or if not 'Notify Desktop Support Team of resolution'.

    Design the workflow for receiving software

    Associated Activity icon 2.2.2 Design the workflow for receiving software

    Participants: Asset Manager, Purchasing, Service Desk Manager, Operations (optional)

    Document: Document in the Standard Operating Procedures.

    Option 1: Whiteboard

    1. Discuss the workflow and draw it on the whiteboard.
    2. Assess whether you are using the best workflow. Modify it if necessary.
    3. Use the sample workflow from this step as a guide if starting from scratch.
    4. Engage the team in refining the process workflow.
    5. Transfer data to Visio and add to the SOP.

    Option 2: Tabletop Exercise

    1. Distribute index cards to each member of the team.
    2. Have each person write a single task they perform on the index card. Be granular. Include the title or the name of the person responsible.
    3. Mark cards that are decision points. Use a card of a different color or use a marker to make a colored dot.
    4. Arrange the index cards in order, removing duplicates.
    5. Assess whether you are using the best workflow. Engage the team to refine it if necessary.
    6. Transfer data to Visio and add to the SOP.

    Build release management into your software deployment process

    A sound software deployment process is tied to sound release management practices.

    Releases: A collection of authorized changes to an IT service. Releases are divided into:

    • Major software releases/upgrades: Normally containing large areas of new functionality, some of which may make intervening fixes to redundant problems.
    • Minor software releases/upgrades: Normally containing small enhancements and fixes, some of which may have already been issued as emergency fixes.
    • Emergency software fixes: Contain the corrections to a small number of known problems.

    Ensure that release management processes work with SAM processes:

    • If a release will impact licensing, the SAM manager must be made aware to make any necessary adjustments.
    • Deployment models should be in line with SAM strategy (i.e. is software rolled out to everyone or individually when upgrades are needed?).
    • How will user requests for upgrades be managed?
    • Users should be on the same software version to ensure file compatibility and smooth patch management.
    • Ideally, software should be no more than two versions back.

    Document the process workflow for software deployment

    Define the process for deploying software to users.

    Include the following in your workflow:

    • All necessary approvals
    • Source of software
    • Process for standard vs. non-standard software requests
    • Update ITAM database once software has been installed with license data and install information
    A flowchart outlining the process workflow for software deployment. There are four levels, at the top is 'Business', then 'Desktop Support Team', 'Procurement', and the bottom is 'Asset Manager'. It begins in 'Business' with 'Request for software', and if it is approved by the manager it moves to 'Check DB: Can a volume serial # be used?' in 'Desktop Support Team'. If yes, it eventually moves on to 'Close ticket' on the same level, if not it eventually moves to 'Initiate procurement process' in 'Procurement', 'Initiate receiving process' in 'Asset Manager', and finally to 'Run quarterly license review to purchase volume licenses'.

    Large-scale software rollouts should be run as projects

    Rollouts or upgrades of large quantities of software will likely be managed as projects.

    These projects should include project plans, including resources, timelines, and detailed procedures.

    Define the process for large-scale deployment if it will differ from the regular deployment process.

    A flowchart outlining large-scale software rollouts. There are three levels, at the top is 'IT Procurement', then 'Asset Manager', and the bottom is 'Software Packager'. It begins in 'IT Procurement' with 'Project plan approved', and if a bid is not required it skips to 'Sign contract/Create purchase order'. This eventually moves to 'Receive access to eLicense site/receive access to new product' in 'Asset Manager', and either to 'Approve invoice for payment, forward to accounting' on the same level or to 'Download software, license keys' in 'Software Packager' then eventually to 'Deploy'.

    Design and document the deployment workflow(s)

    Associated Activity icon 2.2.3 Document deployment workflows for desktop and large-scale deployment

    Participants: Asset Manager, Service Desk Manager, Release & Deployment Manager

    Document: Document in the Standard Operating Procedures.

    1. Outline each step in the process of software deployment using notecards or on a whiteboard. Be as granular as possible. On each card, describe the step and the individual responsible for each step.
      • Be sure to identify the type of release for standard software releases and patches.
      • Additionally, identify how additional software outside the scope of the base image will be addressed.
    2. When you are satisfied that each step is accurately captured, use a second color of notecard to document any challenges, inefficiencies, or pains associated with each step. Consider further documenting the time on each task.
    3. Examine each challenge or pain point. Discuss whether there is a clear solution to the problem. If so, document the solution and amend the workflow. If not, engage in a broader discussion of possible solutions, considering people, processes, and available technology.
    4. Document separately the process for large-scale software deployment if required.

    Develop standards to streamline your software estate

    Software should be approved and deployed based on approved standards to minimize over-deployed software and manage costs appropriately. A list of standard software improves the efficiency of the software approval process.

    • Pre-approved titles include basic platforms like Office or Adobe Reader that are often available in enterprise-wide license packages.
    • Approved titles include popular titles with license numbers that need to be managed on a role-by-role basis. For example, if most of your marketing team uses the Adobe Creative Suite, a user still needs to get approval before they can get a license.
    • Unapproved titles are managed on a case-by-case basis and are up to the discretion of the asset manager and other involved parties.

    Additionally, create a list of unauthorized software including titles not to be installed under any circumstances. This list should be designed with feedback from your end users and technical support staff. Front-line knowledge is crucial to identifying which titles are causing major problems.

    Create a list of pre-approved, approved, and unapproved software titles

    Associated Activity icon 2.2.4 Determine software categories for deployment

    Participants: IT Director, Asset Manager, Purchasing (optional), Service Desk Manager (optional), Release & Deployment Manager (optional)

    Document: Document in the Standard Operating Procedures.

    1. Define software categories that will be used to build software standards.
    2. Include definitions of each category.
    3. Add examples of software to each category to begin building list of approved software titles for deployment.

    Use the following example as a guide.

    Category Definition Software titles
    Pre-approved/standard
    • Supported and approved for install for all end users
    • Included on most, if not all devices
    • Typically installed as a base image
    • Microsoft Office (Outlook, Word, Excel, PowerPoint)
    • Adobe Reader
    • Windows
    Approved by role
    • Supported and approved for install, but only for certain groups of end users
    • Popular titles with license numbers that need to be managed on a role-by-role basis
    • Pre-approved for purchase with business manager’s approval
    • Adobe Creative Cloud Suite
    • Adobe Acrobat Pro
    • Microsoft Visio
    Unapproved/requires review
    • Not previously approved or installed by IT
    • Special permission required for installation based on demonstrable business need
    • Managed on a case-by-case basis
    • Up to the discretion of the asset manager and other involved parties
    • Dynamics
    • Zoom Text
    • Adaptive Insights
    Unauthorized
    • Not to be installed under any circumstances
    • Privately owned software
    • Pirated copies of any software titles
    • Internet downloads

    Define the review and approval process for non-standard software

    Software requiring review will need to be managed on a case-by-case basis, with approval dependent on software evaluation and business need.

    The evaluation and approval process may require input from several parties, including business analysts, Security, technical team, Finance, Procurement, and the manager of the requestor’s department.

    A flowchart outlining the review and approval process for non-standard software. There are five levels, at the top is 'Business Analyst/Project Manager', then 'Security Team', 'Technical Team', 'Financial & Contract Review' and the bottom is 'Procurement'. It begins in 'Business Analyst/Project Manager' with 'Request for non-standard software', and if the approved product is available it moves to 'Evaluate tool for security, data, and privacy compliance' in 'Security Team'. If more evaluation is necessary it moves to 'Evaluate tool for infrastructure and integration requirements' in 'Technical Team', and then 'Evaluate terms and conditions' in 'Financial & Contract Review'. At any point in the evaluation process it can move back to the 'Business Analyst/Project Manager' level for 'Assemble requirements details', and finally down to the 'Procurement' level for 'Execute purchase'.

    Document the request and deployment process for non-standard software

    Associated Activity icon 2.2.5 Document process for non-standard software requests

    Participants: Asset Manager, Service Desk Manager, Release & Deployment Manager

    Document: Document in the Standard Operating Procedures.

    Define the review and approval process for non-standard software requests.

    Use the workflow on the previous slide as a guide to map your own workflow process and document the steps in the Standard Operating Procedures.

    The following assessments may need to be included in the process:

    • Functionality and use requirements: May include suggestion back to the business before proceeding any further to see if similar, already approved software could be used in its place.
    • Technical specifications: Cloud, data center, hardware, backups, integrations (Active Directory, others), file, and program compatibility.
    • Security: Security team may need to assess to ensure nothing will install that will compromise data or systems security.
    • Privacy policy: Security and compliance team may need to evaluate the solution to ensure data will be secured and accessed only by authorized users.
    • Terms and conditions: The contracts team may evaluate terms and conditions to ensure contracts and end-user agreements do not violate existing standards.
    • Accessibility and compliance: Software may be required to meet accessibility requirements in accordance with company policies.

    BMW deployed a global data centralization program to achieve 100% license visibility

    Logo for BMW.

    Case Study

    Industry: Financial Services
    Source: SAM Summit 2014

    Challenge

    BMW is a large German automotive manufacturer that employs over 100,000 people. It has over 7,000 software products deployed across 106,000 clients and servers in over 150 countries.

    When the global recession hit in 2008, the threat of costly audits increased, so BMW decided to boost its SAM program to cut licensing costs. It sought to centralize inventory data from operations across the globe.

    Solution

    A new SAM office was established in 2009 in Germany. The SAM team at BMW began by processing all the accumulated license and installation data from operations in Germany, Austria, and the UK. Within six months, the team had full visibility of all licenses and software assets.

    Compliance was also a priority. The team successfully identified where they could make substantial reductions in support and maintenance costs as well as remove surplus costs associated with duplicate licensing.

    Results

    BMW overcame a massive data centralization project to achieve 100% visibility of its global licensing estate, an incredible achievement given the scope of the operation.

    BMW experienced efficiency gains due to transparency and centralized management of licenses through the new SAM office.

    Additionally, internal investment in training and technical knowledge has helped BMW continuously improve the program. This has resulted in ongoing cost reductions for the manufacturer.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1.5

    		 Sample of activity 2.1.5 'Build software procurement workflow for new contracts'. Build software procurement workflow for new contracts

    Use the sample workflow to document your own process for procurement of new software contracts.

    2.2.4

    		 Sample of activity 2.2.4 'Create a list of pre-approved, approved, and unapproved software titles'. Create a list of pre-approved, approved, and unapproved software titles

    Build definitions of software categories to inform software standards and brainstorm examples of each category.

    Phase 2 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Procure, receive, and deploy

    Proposed Time to Completion (in weeks): 6
    Step 2.1: Request and procureStep 2.2: Receive and deploy
    Start with an analyst kick-off call:
    • Define standards for software requests
    • Build procurement policy
    • Define procurement processes
    		Review findings with analyst:
    • Build processes for software receiving
    • Build processes for software requests and deployment
    • Define process for non-standard requests
    Then complete these activities…
    • Determine software standards
    • Define procurement policy
    • Identify authorization thresholds
    • Build procurement workflows for new contracts and renewals
    		Then complete these activities…
    • Identify storage locations for software information
    • Design workflow for receiving software
    • Design workflow for software deployment
    • Create a list of approved and non-standard requests
    • Define process for non-standard requests
    With these tools & templates:
    • Standard Operating Procedures
    		With these tools & templates:
    • Standard Operating Procedures

    Phase 3: Manage, Redeploy, and Retire

    Step 3.1 Manage and maintain software contracts

    Phase 3:
    Manage, Redeploy & Retire    		This step will walk you through the following activities:This step involves the following participants:

    3.1

    		Manage & Maintain Software
    • 3.1.1 Define process for conducting software inventory
    • 3.1.2 Define policies for software maintenance and patches
    • 3.1.3 Document your patch management policy
    • IT Director, CIO
    • IT Managers and SAM Manager
    • SAM Team
    • Release Manager (optional)
    • Security (optional)

    3.2

    		Harvest, Redeploy, or Retire

    Step Outcomes

    • A process for conducting regular software inventory checks and analyzing the data to continually manage software assets and license compliance.
    • An understanding of software maintenance requirements
    • A policy for conducting regular software maintenance and patching
    • A documented patch management policy

    Manage your software licenses to decrease your risk of overspending

    Many organizations fail to track their software inventory effectively; the focus often remains on hardware due to its more tangible nature. However, annual software purchases often account for a higher IT spend than annual hardware purchases, so it’s important to track both.

    Benefits of managing software licenses

    • Better control of the IT footprint. Many companies already employ hardware asset management, but when they employ SAM, there is potential to save millions of dollars through optimal use of all technology assets.
    • Better purchasing decisions and negotiating leverage. Enhanced visibility into actual software needs means not only can companies procure and deploy the right increments of software in the right areas, but they can also do so more cost-effectively through tools such as volume purchase agreements or bundled services.
    • No refund policy combined with shelfware (software that sits unused “on the shelf”) is where software companies make their money.
    • Managing licenses will help prevent costly audit penalties. Special attention should be paid to software purchased from large vendors such as Microsoft, Oracle, Adobe, SAP, or IBM.

    Maintain a comprehensive, up-to-date software inventory to manage licenses effectively

    A clearly defined process for inventory management will reduce the risk of over buying licenses and falling out of compliance.

    • A detailed software inventory and tracking system should act as a single point of contact for all your license data.
    • Maintain a comprehensive inventory of installed software through complete and accurate records of all licenses, certifications, and software purchase transactions, storing these in a secure repository.
    • Periodically review installed software and accompanying licenses to ensure only legal and supported software is in use and to ensure ongoing compliance with the software management policy.

    Info-Tech Best Practice

    Have and maintain a list of supported software to guide what new software will be approved for purchase and what current software should be retained on the desktops, servers, and other processing devices.

    Conduct a baseline inventory of deployed software to know what you have

    You have to know what you have before you can manage it.

    A baseline inventory tells you exactly what software you have deployed and where it is being used. This can help to determine how to best optimize software and license usage.

    A software inventory will allow you to:

    • Identify all software residing on computers.
    • Compare existing software to the list of supported software.
    • Identify and delete illegal or unsupported software.
    • Identify and stop software use that violates license agreements, copyright law, or organizational policies.

    Two methods for conducting a software inventory:

    1. If you have several computers to analyze, use automated tools to conduct inventory for greater accuracy and efficiency. Software inventory or discovery tools scan installed software and generate inventory reports, while asset management tools will help you manage that data.
    2. Manual inventory may be possible if your organization has few computers.

    How to conduct a manual software inventory:

    1. Record serial number of device being analyzed.
    2. Record department and employee to whom the computer is assigned.
    3. Inspect contents of hard drive and/or server to identify software as well as hidden files and directories.
    4. Record licensing information for software found on workstation and server.
    5. Compare findings with list of supported software and licenses stored in repository.

    Keep the momentum going through regular inventory and licensing checks

    Take preventive action to avoid unauthorized software usage through regular software inventory and license management:

    • Regularly update the list of supported software and authorized use.
    • Monitor and optimize software license usage.
    • Continually communicate with and train employees around software needs and policies.
    • Maintain a regular inventory schedule to keep data up to date and remain compliant with licensing requirements – your specific schedule will depend on the size of the company and procurement schedule.
    • Conduct random spot inventories – even if you are using a tool, periodic spot checks should still be performed to ensure accuracy of inventory.
    • Periodically review software procurement records and ensure procurement process is being followed.
    • Continuously monitor software installations on networked computers through automated tools.
    • Ensure software licensing documentation and data is secure.

    Define process for conducting software inventory

    Associated Activity icon 3.1.1 Define process for regular software inventory

    Participants: IT Director, Asset Manager

    Document: Document in the Standard Operating Procedures.

    1. If a baseline software inventory has not been conducted, discuss and document a plan for completing the inventory.
      • Will the inventory be conducted manually or through automated tools?
      • If manually, what information will be collected and recorded? Which devices will be analyzed? Where will data be stored?
      • If automatically, which tools will be used? Will any additional information need to be collected? Who will have access to the inventory?
      • When will the inventory be conducted and by whom?
        • Monthly inventory may be required if there is a lot of change and movement, otherwise quarterly is usually sufficient.
    2. Document how inventory data will be analyzed.
      • How will data be compared against supported software?
      • How will software violations be addressed?
    3. Develop a plan for continual inventory spot checks and maintenance.
      • How often will inventory be conducted and/or analyzed?
      • How often will spot checks be performed?

    Don’t forget that software requires maintenance

    While maintenance efforts are typically focused around hardware, software maintenance – including upgrades and patches – must be built into the software asset management process to ensure software remains compliant with security and regulatory requirements.

    Software maintenance guidelines:

    • Maintenance agreements should be stored in the ITAM database.
    • Software should be kept as current as possible. It is recommended that software remain no more than two versions off.
    • Unsupported software should be uninstalled or upgraded as required.
    • Upgrades should be tested, especially for high-priority or critical applications or if integrated with other applications.
    • Change and release management best practices should be applied for all software upgrades and patches.
    • A process should be defined for how often patches will be applied to end-user devices.

    Integrate patch management with your SAM practice to improve security and reduce downtime

    The integration between patch management and asset management is incredibly valuable from a technology point of view. IT asset management (ITAM) tools create reports on the characteristics of deployed software. By combining these reports with a generalized software updater, you can automate most simple patches to save your team’s efforts for more-critical incidents. Usage reports can also help determine which applications should be reviewed and removed from the environment.

    • In recent years, patch management has grown in popularity due to widespread security threats, the resultant downtime, and expenses associated with them.
    • The main objective of patch management is to create a consistently configured environment that is secure against known vulnerabilities in operating systems and application software.

    Assessing new patches should include questions such as:

    • What’s the risk of releasing the patch? What is the criticality of the system? What end users will be affected?
    • How will we manage business disruption during an incident caused by a failed patch deployment?
    • In the event of service outage as a result of a failed patch deployment, how will we recover services effectively in business priority order?
    • What’s the risk of expediting the patch? Of not releasing the patch at all?

    Define policies for software maintenance and patches

    Associated Activity icon 3.1.2 Define software maintenance and patching policies

    Participants: IT Director, Asset Manager, Release Manager (optional), Security (optional)

    Document: Document in the Standard Operating Procedures.

    Software maintenance:

    Review the software maintenance guidelines in this section and in the SOP template. Discuss each policy and revise and document in accordance with your policies.

    Patch management:

    Discuss and document patch management policies:

    1. How often will end-user devices receive patches?
    2. How often will servers be patched?
    3. How will patches be prioritized? See example below.
      • Critical patches will be applied within two days of release, with testing prioritized to meet this schedule.
      • High-priority patches will be applied within 30 days of release, with testing scheduled to meet this requirement.
      • Normal-priority patches will be evaluated for appropriateness and will be installed as needed.

    Document your patch management policy

    Supporting Tool icon 3.1.3 Use the Patch Management Policy template to document your policy

    The patch management policy helps to ensure company computers are properly patched with the latest appropriate updates to reduce system vulnerability and to enhance repair application functionality. The policy aids in establishing procedures for the identification of vulnerabilities and potential areas of functionality enhancements, as well as the safe and timely installation of patches. The patch management policy is key to identifying and mitigating any system vulnerabilities and establishing standard patch management practices.

    Use Info-Tech’s Patch Management Policy template to get started.

    Sample of the 'Patch Management Policy' template.

    Step 3.2 Harvest, Redeploy, or Retire Software

    Phase 3:
    Manage, Redeploy & Retire    		This step will walk you through the following activities:This step involves the following participants:

    3.1

    		Manage & Maintain Software
    • 3.2.1 Map your software license harvest and reallocation process
    • 3.2.2 Define the policy for retiring software
    • IT Director, CIO
    • IT Managers and SAM Manager
    • SAM Team

    3.2

    		Harvest, Redeploy, or Retire

    Step Outcomes

    • A defined process for harvesting and reallocating unused software licenses
    • A defined policy for how and when to retire unused or outdated software

    Harvest and reallocate software to optimize license usage

    Using a defined process for harvesting licenses will yield a crop of savings throughout the organization.

    Unused software licenses are present in nearly every organization and result in wasted resources and software spend. Recycling and reharvesting licenses is a critical process within software asset management to save your organization money.

    Licensing Recycling

    When computers are no longer in use and retired, the software licenses installed on the machines may be able to be reused.

    License recycling involves reusing these licenses on machines that are still in use or for new employees.

    License Harvesting

    License harvesting involves more actively identifying machines with licenses that are either not in use or under utilized, and recovering them to be used elsewhere, thus reducing overall software spend on new licenses.

    Use software monitoring data to identify licenses for reallocation in alignment with policies and agreements

    1. Monitor software usage
      Monitor and track software license usage to gain a clear picture of where and how existing software licenses are being used and identify any unused or underused licenses.
    2. Identify licenses for reharvesting
      Identify software licenses that can be reharvested and reallocated according to your policy.
    3. Uninstall software
      Notify user, schedule a removal time if approved, uninstall software, and confirm it has been removed.
    4. Reallocate license when needed

    Sources of surplus licenses for harvest:

    • Projects that required a license during a particular time period, but now do not require a license (i.e. the free version of the software will suffice)
    • Licenses assigned to users no longer with the organization
    • Software installed on decommissioned hardware
    • Installed software that hasn’t been used by the user in the last 90 days (or other defined period)
    • Over-purchased software due to poorly controlled software request, approval, or provisioning processes

    Info-Tech Insight

    Know the stipulations of your end-user license agreement (EULA) before harvesting and reallocating licenses. There may be restrictions on how often a license can be recycled in your agreement.

    Create a defined process for software license harvesting

    Define a standard reharvest timeline. For example, every 90 days, your SAM team can perform an internal audit using your SAM tool to gather data on software usage. If a user has not used a title in that time period, your team can remove that title from that user’s machine. Depending on the terms and conditions of the contract, the license can either be retired or harvested and reallocated.

    Ensure you have exception rules built in for software that’s cyclical in its usage. For example, Finance may only use tax software during tax season, so there’s no reason to lump it under the same process as other titles.

    It’s important to note that in addition to this process, you will need a software usage policy that supports your license harvest process.

    The value of license harvesting

    • Let’s say you paid for 1,000 licenses of a software title at a price of $200 per license.
    • Of this total, 950 have been deployed, and of that total, 800 are currently being used.
    • This means that 16% of deployed licenses are not in use – at a cost of $30,000.
    • With a defined license harvest process, this situation would have been prevented.

    Build a workflow to document the software harvest process

    Include the following in your process:

    • How will unused software be identified?
    • How often will usage reports be reviewed?
    • How will the user be notified of software to be removed?
    • How will the software be removed?
    A flowchart documenting the software harvest process. There are two levels, at the top is 'IT Asset Manager', and the bottom is 'Desktop Support Team'. It begins in 'IT Asset Manager' with 'Create/Review Usage Report', and if the client agrees to removal it moves to 'License deactivation required?' in 'Desktop Support Team'. Eventually you 'Close ticket' and it moves back up to 'Discovery tool will register change automatically' in 'IT Asset Manager'.

    Map your software license harvest and reallocation process

    Associated Activity icon 3.2.1 Build license harvest and reallocation workflow

    Participants: IT Director, Asset Manager, Service Desk Manager

    Document: Document in the Standard Operating Procedures.

    1. Outline each step in the process of software harvest and reallocation using notecards or a whiteboard. Be as granular as possible. On each card, describe the step and the individual responsible for each step.
    2. When you are satisfied that each step is accurately captured, use a second color of notecard to document any challenges, inefficiencies, or pains associated with each step. Consider further documenting the time on each task.
    3. Examine each challenge or pain point. Discuss whether there is a clear solution to the problem. If so, document the solution and amend the workflow. If not, engage in a broader discussion of possible solutions, considering people, processes, and available technology.
    4. Use the sample workflow on the previous slide as a guide if needed.

    The same flowchart documenting the software harvest process from the previous section.

    Improve your software retirement process to drive savings for the whole business

    Business Drivers for Software Disposal

    • Cost Reduction
      • Application retirement allows the application and the supporting hardware stack to be decommissioned.
      • This eliminates recurring costs such as licensing, maintenance, and application administration costs, representing potentially significant savings
    • Consolidation
      • Many legacy applications are redundant systems. For example, many companies have ten or more legacy financial systems from mergers/acquisitions.
      • Systems can be siloed, running incompatible software. Moving data to a common accessible repository streamlines research, audits, and reporting.
    • Compliance
      • An increased focus on regulations places renewed emphasis on e-discovery policies. Keeping legacy applications active just to retain data is an expensive proposition.
      • During application retirement, data is classified, assigned retention policies, and disposed of according to data/governance initiatives.
    • Risk Mitigation
      • Relying on IT to manage legacy systems is problematic. The lack of IT staff familiar with the application increases the potential risk of delayed responses to audits and e-discovery.
      • Retiring application data to a common platform lets you leverage skills you have current investments in. This enables you to be responsive to audit or litigation results.

    Retire your outdated software to decrease IT spend on redundant applications

    Benefits of software retirement:

    1. Assists the service desk in not having to support every release, version, or edition of software that your company might have used in the past.
    2. Stay current with product releases so your company is better placed to take advantage of improvements built-in to such products, rather than being limited by the lack of a newly introduced function.
    3. Removing software that is no longer of commercial benefit can offer a residual value through assets.

    Consequences of continuing to support outdated software:

    • Budgets are tied up to support existing applications and infrastructure, which leaves little room to invest in new technologies that would otherwise help grow business.
    • Much of this software includes legacy systems that were acquired or replaced when new applications were deployed. The value of these outdated systems decreases with every passing year, yet organizations often continue to support these applications.
      • Fear of compliance and data access are the most common reasons.
    • Unfortunately, the cost of doing so can consume over 50% of an overall IT budget.

    The solution to this situation is to retire outdated software.

    “Time and time again, I keep hearing stories from schools on how IT budgets are constantly being squeezed, but when I dig a little deeper, little or no effort is being made on accounting for software that might be on the kit we are taking away.” (Phil Goldsmith, Managing Director – ScrumpyMacs)

    Define the policy for retiring software

    Associated Activity icon 3.2.2 Document process for software retirement

    Participants: IT Director, Asset Manager, Operations

    Document: Document in the Standard Operating Procedures.

    1. Discuss and document the process for retiring software that has been deemed redundant due to changing business needs or an improvement in competitive options.
    2. Consider the following:
      • What criteria will determine when software is suited for retirement?
      • The contract should always be reviewed before making a decision to ensure proper notice is given to the vendor.
      • Notice should be provided as soon as possible to ensure no additional billing arrives for renewals.
      • How will software be removed from all devices? How soon must the software be replaced, if applicable?
      • How long will records be archived in the ITAM database?
    3. Document decisions in the Standard Operating Procedures.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1.2

    		 Sample of activity 3.1.2 'Define policies for software maintenance and patches'. Define policies for software maintenance and patches

    Discuss best practices and define policies for conducting regular software maintenance and patching.

    3.2.1

    		 Sample of activity 3.3.1 'Assess the maturity of audit management processes and policies'. Map your software license harvest and reallocation process

    Build a process workflow for harvesting and reallocating unused software licenses.

    Phase 3 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Manage, redeploy, and retire

    Proposed Time to Completion (in weeks): 4
    Step 3.1: Manage and maintain softwareStep 3.2: Harvest, redeploy, or retire
    Start with an analyst kick-off call:
    • Define a process for conducting software inventory
    • Define a policy for software maintenance
    • Build a patch management policy
    		Review findings with analyst:
    • Build a process for harvesting and reallocating software licenses
    • Define a software retirement policy
    Then complete these activities…
    • Define process for conducting software inventory
    • Define policies for software maintenance
    • Document patch management policy
    		Then complete these activities…
    • Map software harvest and reallocation process
    • Define software retirement policy
    With these tools & templates:
    • Standard Operating Procedures
    • Patch Management Policy
    		With these tools & templates:
    • Standard Operating Procedures

    Phase 4: Build Supporting Processes & Tools

    Visa used an internal SAM strategy to win the audit battle

    Logo for VISA.

    Case Study

    Industry: Financial Services
    Source: SAM Summit 2014

    Challenge

    The overarching goal of any SAM program is compliance to prevent costly audit fines. The SAM team at Visa was made up of many individuals who were former auditors.

    To deal with audit requests from vendors, “understand how auditors do things and understand their approach,” states Joe Birdsong, SAM Director at Visa.

    Vendors are always on the lookout for telltale signs of a lucrative audit. For Visa, the key was to understand these processes and learn how to prepare for them.

    Solution

    Vendors typically look for the following when evaluating an organization for audit:

    1. A recent decrease in customer spend
    2. How easy the licensed software is to audit
    3. Organizational health

    Ultimately, an audit is an attack on the relationship between the vendor and organization. According to Birdsong: “Maybe they haven’t really touched base with your teams and had good contact and relationship with them, and they don’t really know what’s going on in your enterprise.”

    Results

    By understanding the motivations behind potential audits, Visa was able to form a strategy to increase transparency with the vendor.

    Regular data collection, almost real-time reporting, and open, quick communication with the vendor surrounding audits made Visa a low-risk client for vendors.

    Buy-in from management is also important, and the creation of an official SAM strategy helps maintain support. Thanks to its proactive SAM program, Visa saved $200 million in just three years.

    Step 4.1 Ensure compliance for audits

    Phase 4:
    Build supporting processes & tools    		This step will walk you through the following activities:This step involves the following participants:

    4.1

    		Compliance & audits
    • 4.1.1 Define and document the internal audit process
    • 4.1.2 Define and document the external audit process
    • 4.1.3 Prepare an audit scoping email template
    • 4.1.4 Prepare an audit launch email template
    • IT Director, CIO
    • IT Managers and SAM Manager
    • SAM Team

    4.2

    		Communicate & build roadmap

    Step Outcomes

    • An understanding of the audit process and importance of audit preparation
    • A defined process for conducting regular internal audits to prepare for and defend against external audits
    • A strategy and documented process for responding to external audit requests

    Take a lifecycle approach to your software compliance process

    Internal audits are an effective way for organizations to regularly assess their licensing position in preparation for an audit.

    1. Gather License Data
      Use your SAM tool to run a discovery check to determine the current state of your software estate.
    2. Improve Data Quality
      Scan the data for red flags. Improve its completeness, consistency, and quality.
    3. Identify Audit Risks
      Using corrected license data, examine your reports and identify areas of risk within the organization.
    4. Identify priority titles
      Determine which titles need attention first by using the output of the license rationalization step.
    5. Reconcile to eliminate gaps
      Ensure that the correct number of licenses are deployed for each title.
    6. Draft Vendor Response
      Prepare response to vendor for when an audit has been requested.

    Improve audit response maturity by leveraging technology and contract data

    By improving your software asset management program’s maturity, you will drive savings for the business that go beyond the negotiating table.

    Recognize the classic signs of each stage of audit response maturity to identify where your organization currently stands and where it can go.

    • Optimized: Automated tools generate compliance, usage, and savings reports. Product usage reports and alerts in place to harvest and reuse licenses. Detailed savings reports provided to executive team.
    • Proactive: Best practices enforced. Compliance positions are checked quarterly, and compliance reports are used to negotiate software contracts.
    • Reactive: Best practices identified but unused. Manual tools still primarily in use. Compliance reports are time-consuming and often inaccurate.
    • Chaotic: Purchases are ad hoc and transaction based. Minimal tracking in place, leading to time-consuming manual processes.

    Implement a proactive internal audit strategy to defend against external audits

    Audits – particularly those related to software – have been on the rise as vendors attempt to recapture revenue.

    Being prepared for an audit is critical. Internal preparation will not only help your organization reduce the risk associated with an audit but will also improve daily operations through focusing on diligent documentation and data collection.

    Conducting routine internal audits will help prepare your organization for the real deal and may even prevent the audit from happening altogether. Hundreds of thousands of dollars can be saved through a proactive audit strategy with routine documentation in place.

    In addition to the fines incurred from a failed audit, numerous other negative consequences can arise:

    • Multiple audits: Failing an audit makes the organization more likely to be audited again.
    • Poor perception of IT: Unless non-compliance was previously disclosed to the business, IT can be deemed responsible.
    • Punitive injunctions: If a settlement is not reached, vendors will apply for an injunction, inhibiting use of their software.
    • Inability to justify purchases: IT can have difficulty justifying the purchase of additional resources after a failed audit.
    • Disruption to business: Precious time and resources will be spent dealing with the results of the audit.

    Perform routine internal compliance reports to decrease audit risk

    The intent of an internal audit is to stop the battle from happening before it starts. Waiting for a knock at the door from a vendor can be stressful, and it can do harm beyond a costly fine.

    • Internal audits help to ensure you’re keeping track of any software changes to keep your data and licensing up to date and avoid costly surprises if an external audit is requested.
    • Identify areas where processes are breaking down and address them before there’s a potential negative impact.
    • Identify control points in processes ahead of time to more easily identify access points where information should be verified.

    “You want to get [the] environment to a level where you’re comfortable sharing information with [a] vendor. Inviting them in to have a chat and exposing numbers means there’s no relationship there where they’re coming to audit you. They only come to audit you when they know there’s a gain to be had, otherwise what’s the point of auditing?
    I want customers to get comfortable with licensing and what they’re spending, and then there’s no problem exposing that to vendors. Vendors actually appreciate that.”     (Ben Brand, SAM Practice Manager, Insight)

    Info-Tech Insight

    “The supreme art of war is to subdue the enemy without fighting.” – Sun Tzu

    Performing routine checks on your license compliance will drastically reduce the risk that your organization gets hit with a costly fine. Maintaining transparency and demonstrating compliance will fend off audit-hungry vendors.

    Define and document the internal audit process

    Associated Activity icon 4.1.1 Document process and procedures for internal audits

    Participants: CIO and/or IT Director, Asset Manager, IT Managers

    Document: Document in the Standard Operating Procedures.

    Define and document a process for conducting internal software audits.
    Include the following:

    1. How often will audits be completed for each software published?
    2. When will audits be conducted?
    3. Who will conduct the audit? Who will be consulted?
    4. What will be included in the scope of the audit?

    Example:

    • Annual audits will be completed for each software publisher, scheduled as part of the license or maintenance agreement renewals.
    • Where annual purchases are not required, vendor audits for compliance will be conducted annually, with a date predetermined based on minimizing scheduling conflicts with larger audits.
    • Audit will be completed with input from product managers.
    • Audit will include:
      • Software compliance review: Licenses owned compared to product installed.
      • Version review: Determine if installed versions match company standards. If there is a need for upgrades, does the license permit upgrading?
      • Maintenance review: Does the maintenance match requirements for the next year’s plans and licenses in use?
      • Support review: Is the support contract appropriate for use?
      • Budget: Has budget been allocated; is there an adjustment required due to increases?

    Identify organizational warning signs to decrease audit risk

    Being prepared for an audit is critical. Internal preparation will not only help your organization reduce the risk associated with an audit but will also improve daily operations through focusing on diligent documentation and data collection.

    Certain triggers exist that indicate a higher risk of an audit occurring. It is important to recognize these warning signs so you can prepare accordingly.

    Health of organization
    If your organization is putting out fires and a vendor can sense it, they’ll see an audit as a highly lucrative exercise.

    Decrease in customer spend
    A decrease in spend means that an organization has a high chance of being under-licensed.

    License complexity
    The more complex the license, the harder it is to remain in compliance. Some vendors are infamous for their complex licensing agreements.

    Audit Strategy

    • Audits should neither be feared nor embraced.
    • An audit is an attack on your relationship with your vendor; your vendor needs to defend its best interests, but it would also rather maintain a satisfied relationship with its client.
    • A proactive approach to audits through routine reporting and transparency with vendors will alleviate all fear surrounding the audit process. It provides your vendor with compliance assurance and communicates that an audit won’t net the vendor enough revenue to justify the effort.

    Focus on three key tactics for success before responding to an audit

    Taking these due diligence steps will pay dividends downstream, reducing the risk of negative results such as release of confidential information.

    Form an Audit Team

    • Once an audit letter is received from a vendor or third party, a virtual team needs to be formed.
    • The team should be cross-functional, representing various core areas of the business.
    • Don’t forget legal counsel: they will assist in the review of audit provision(s) to determine your contractual rights and obligations with respect to the audit.

    Sign an NDA

    • An NDA should be signed by all parties, the organization, the vendor, and the auditor.
    • Don’t wait on a vendor to provide its NDA. The organization should have its own and provide it to both parties.
    • If the auditor is a third party, negotiate a three-way NDA. This will prevent data being shared with other third parties.

    Examine Contract History

    • Vendors will attempt to alter terms of contracts when new products are purchased.
    • Maintain your current agreement if they are more favorable by “grandfathering” your original agreement.
    • Oracle master level agreements are an example: master level agreements offer more favorable terms than more recent versions.

    Info-Tech Insight

    Even if you cannot get a third-party NDA signed, the negotiation process should delay the overall audit process by at least a month, buying your organization valuable time to gather license data.

    Be prepared for external audit requests with a defined process for responding

    1. Vendor-initiated audit request received and brought to attention of IT Asset Manager and CIO.
    2. Acknowledge receipt of audit notice.
    3. Negotiate timing and scope of the audit (including software titles, geographic locations, entities, and completion date).
    4. Notify staff not to remove or acquire licenses for software under audit.
    5. Gather documentation and create report of all licensed software within audit scope.
      • Include original contract, most recent contract, and any addendums, purchase receipts, or reseller invoices, and publisher documentation such as manuals or electronic media.
    6. Compare documentation to installed software according to ITAM database.
    7. Validate any unusual or non-compliant software.
    8. Complete documentation requested by auditor and review results.

    Define and document the external audit process

    Associated Activity icon 4.1.2 Define external audit process

    Participants: CIO and/or IT Director, Asset Manager, IT Managers

    Document: Document in the Standard Operating Procedures.

    Define and document a process for responding to external software audit requests.
    Include the following:

    1. Who must be notified of the audit request when it is received?
    2. When must acknowledgement of the notice be sent and by whom?
    3. What must be defined under the scope of the audit (e.g. software titles, geographic locations, entities, completion date)?
    4. What communications must be sent to IT staff and end users to ensure compliance?
    5. What documentation should be gathered to review?
    6. How will documentation be verified against data?
    7. How will unusual or non-compliant software be identified and validated?
    8. Who needs to be informed of the results?

    Control audit scope with an audit response template

    Supporting Tool icon 4.1.3 Prepare an audit scoping email template

    Use the Software Audit Scoping Email Template to create an email directed at your external (or internal) auditors. Send the audit scoping email several weeks before an audit to determine the audit’s scope and objectives. The email should include:

    • Detailed questions about audit scope and objectives.
    • Critical background information on your organization/program.

    The email will help focus your preparation efforts and initiate your relationship with the auditors.

    Control scope by addressing the following:

    • Products covered by a properly executed agreement
    • Geographic regions
    • User groups
    • Time periods
    • Specific locations
    • A subset of users’ computers
    Sample of the 'Software Audit Scoping Email Template'.

    Keep leadership informed with an audit launch email

    Supporting Tool icon 4.1.4 Prepare an audit launch email template

    Approximately a week before the audit, you should email the internal leadership to communicate information about the start of the audit. Use the Software Audit Launch Email Template to create this email, including:

    • Staffing
    • Functional requirements
    • Audit contact person information
    • Scheduling details
    • Audit report estimated delivery time

    For more guidance on preparing for a software audit, see Info-Tech’s blueprint: Prepare and Defend Against a Software Audit.

    Sample of the 'Software Audit Launch Email Template'.

    A large bank employed proactive, internal audits to experience big savings

    Case Study

    Industry: Banking
    Source: Pomeroy

    Challenge

    A large American financial institution with 1,300 banking centers in 12 states, 28,000 end users, and 108,000 assets needed to improve its asset management program.

    The bank had employed numerous ITAM tools, but IT staff identified that its asset data was still fragmented. There was still incomplete insight into what assets the banked owned, the precise value of those assets, their location, and what they’re being used for.

    The bank decided to establish an asset management program that involved internal audits to gather more-complete data sets.

    Solution

    With the help of a vendor, the bank implemented cradle-to-grave asset tracking and lifecycle management, which provided discovery of almost $80 million in assets.

    The bank also assembled an ITAM team and a dedicated ITAM manager to ensure that routine internal audits were performed.

    The team was instrumental in establishing standardization of IT policies, hardware configuration, and service requirements.

    Results

    • The bank identified and now tracks over 108,000 assets.
    • The previous level of 80% accuracy in inventory tracking was raised to 96%.
    • Nearly $500,000 was saved through asset recovery and repurposing of 600 idle assets.
    • There are hundreds of thousands of dollars in estimated savings as the result of avoiding costly penalties from failed audits thanks to proactive internal audits.

    Step 4.2 Build communication plan and roadmap

    Phase 4:
    Build supporting processes & tools    		This step will walk you through the following activities:This step involves the following participants:

    4.1

    		Compliance & audits
    • 4.2.1 Develop a communication plan to convey the right messages
    • 4.2.2 Anticipate end-user questions by preparing an FAQ list
    • 4.2.3 Build a software asset management policy
    • 4.2.4 Build additional SAM policies
    • 4.2.5 Develop a SAM roadmap to plan your implementation
    • IT Director, CIO
    • IT Managers and SAM Manager
    • SAM Team

    4.2

    		Communicate & build roadmap

    Step Outcomes

    • A documented communications plan for relevant stakeholders to understand the benefits and changes the SAM program will bring
    • A list of anticipated end-user questions with responses
    • Documented software asset management policies
    • An implementation roadmap

    Communicate SAM processes to gain acceptance and support

    Communication is crucial to the integration and overall implementation of your SAM program. If staff and users do not understand the purpose of processes and policies, they will fail to provide the desired value.

    An effective communication plan will:

    • Gain support from management at the project proposal phase.
    • Create end-user buy-in once the program is set to launch.
    • Maintain the presence of the program throughout the business.
    • Instill ownership throughout the business from top-level management to new hires.

    Communicate the following:

    1. Advertise successes

      • Regularly demonstrate the value of the SAM program with descriptive statistics focused on key financial benefits.
      • Share data with the appropriate personnel; promote success to obtain further support from senior management.

    2. Report and share asset data

      • Sharing detailed asset-related reports frequently gives decision makers useful data to aid in their strategy.
      • These reports can help your organization prepare for audits, adjust budgeting, and detect unauthorized software.

    3. Communicate the value of SAM

      • Educate management and end users about how they fit into the bigger picture.
      • Individuals need to know which behaviors may put the organization at risk or adversely affect data quality.

    Educate staff and end users through SAM training to increase program success

    As part of your communication plan and overall SAM implementation, training should be provided to both staff and end users within the organization.

    • ITAM solutions are complex by nature with both business process and technical knowledge required to use them correctly.
    • All facets of the business, from management to new hires, should be provided with training to help them understand their role in the program’s success.
    • Keep the message appropriate to the audience – end users don’t need to know the complete process, but will need to know policy and how to request.
    • Even after the SAM program has been fully implemented, keep employees up to date with policies and processes through ongoing training sessions for both new hires and existing employees:
      • New hires: Provide new hires with all relevant SAM policies and ensure they understand the importance of software asset management.
      • Existing employees: Continually remind them of how SAM is involved in their daily operations and inform them of any changes to policies.

    Create your communications plan to anticipate challenges, remove obstacles, and ensure buy-in

    Provide separate communications to key stakeholder groups

    Why:
    • What problems are you trying to solve?
    What:
    • What processes will it affect (that will affect me)?
    Who:
    • Who will be affected?
    • Who do I go to if I have issues with the new process?
    		 Three circular arrows each linking t the next in a downward daisy chain. The type arrow has 'IT Staff' in the middle, the second 'Management', and the third 'End Users' When:
    • When will this be happening?
    • When will it affect me?
    How:
    • How will these changes manifest themselves?
    Goal:
    • What is the final goal?
    • How will it benefit me?

    Develop a communication plan to convey the right messages

    Associated Activity icon 4.2.1 Develop a communication plan to convey the right messages

    Participants: CIO, IT Director, Asset Manager, Service Desk Manager

    Document: Document in the SAM Communication Plan.

    1. Identify the groups that will be affected by the SAM program.
    2. For each group requiring a communication plan, identify the following:
    3. Benefits of SAM for that group of individuals (e.g. more efficient software requests).
    4. The impact the change will have on them (e.g. change in the way a certain process will work).
    5. Communication method (i.e. how you will communicate).
    6. Timeframe (i.e. when and how often you will communicate the changes).
    7. Complete this information in a table like the one below and document in the Communication Plan.
    Group Benefits Impact Method Timeline
    Executives
    • Improved audit compliance
    • Improved budgeting and forecasting
    • Review and sign off on policies
    End Users
    • Streamlined software request process
    • Follow software installation and security policies
    IT
    • Faster access to data and one source of truth
    • Modified processes
    • Ensure audits are completed regularly

    Anticipate end-user questions by preparing an FAQ list

    Associated Activity icon 4.2.2 Prepare an FAQ list

    Document: Document FAQ questions and answers in the SAM FAQ Template.

    ITAM imposes changes to end users throughout the business and it’s normal to expect questions about the new program. Prepare your team ahead of time by creating a list of FAQs.

    Some common questions include:

    • Why are you changing from the old processes?
    • Why now?
    • What are you going to ask me to do differently?
    • Will I lose any of my software?

    The benefits of preparing a list of answers to FAQs include:

    • A reduction in time spent creating answers to questions. If you focus on the most common questions, you will make efficient use of your team’s time.
    • Consistency in your team’s responses. By socializing the answers to FAQs, you ensure that no one on your team is out of the loop and the message remains consistent across the board.

    Include policy design and enforcement in your communication plan

    • Software asset management policies should define the actions to be taken to support software asset management processes and ensure the effective and efficient management of IT software assets across the asset lifecycle.
    • Implementing asset management policies enforces the notion that the organization takes its IT assets and the management of them seriously and will help ensure the benefits of SAM are achieved.
    • Designing, approving, documenting, and adopting one set of standard SAM policies for each department to follow will ensure the processes are enforced equally across the organization.

    Info-Tech Insight

    Use policy templates to jumpstart your policy development and ensure policies are comprehensive, but be sure to modify and adapt policies to suit your corporate culture or they will not gain buy-in from employees. For a policy to be successful, it must be a living document and have participation and involvement from the committees and departments to whom it will pertain.

    Build a software asset management policy

    Supporting Tool icon 4.2.3 Document a SAM policy

    Use Info-Tech’s Software Asset Management Policy template to define and document the purpose, scope, objectives, and roles and responsibilities for your organization's software asset management program.

    The template allows you to customize policy requirements for:

    • Procurement
    • Installation and Removal
    • Maintenance
    • Mergers and Acquisitions
    • Company Divestitures
    • Audits

    …as well as consequences for non-compliance.

    Sample of the 'Software Asset Management Policy' template.

    Use Info-Tech’s policy templates to build additional policies

    Supporting Tool icon 4.2.4 Build additional SAM policies

    Asset Security Policy
    The IT asset security policy will describe your organization's approach to ensuring the physical and digital security of your IT assets throughout their entire lifecycle.

    End-User Devices Acceptable Use Policy
    This policy should describe how business tools provided to employees are to be used in a responsible, ethical, and compliant manner, as well as the consequences of non-compliance.

    Purchasing Policy
    The purchasing policy helps to establish company standards, guidelines, and procedures for the purchase of all information technology hardware, software, and computer-related components as well as the purchase of all technical services.

    Release Management Policy
    Use this policy template to define and document the purpose, scope, objectives, and roles and responsibilities for your organization's release management program.

    Internet Acceptable Use Policy
    Use this template to help keep the internet use policy up to date. This policy template includes descriptions of acceptable and unacceptable use, security provisions, and disclaimers on the right of the organization to monitor usage and liability.

    		Samples of additional SAM policies, listed to the left.

    Implement SAM in a phased, constructive approach

    One of the most difficult decisions to make when implementing a SAM program is: “where do we start?”

    It’s not necessary to deploy a comprehensive SAM program to start. Build on the essentials to become more mature as you grow.

    SAM Program Maturity (highest to lowest)

    • Audits and reporting
      Gather and analyze data about software assets to ensure compliance for audits and to continually improve the business.
    • Contracts and budget
      Analyze contracts and licenses for software across the enterprise and optimize planning to enable cost reduction.
    • Lifecycle standardization
      Define standards and processes for all asset lifecycle phases from request and procurement through to retirement and redistribution.
    • Inventory and tracking
      Define assets you will procure, distribute, and track. Know what you have, where it is deployed, and keep track of contracts and all relevant data.

    Integrate your SAM program with the organization to assist its implementation

    SAM cannot perform on its own – it must be integrated with other functional areas of the organization to maintain its stability and support.

    • Effective SAM is supported by a comprehensive set of processes as part of its implementation.
    • For example, integration with the procurement team’s processes and tools is required to track software purchases to mitigate software license compliance risk.
    • Integration with Finance is required to support internal cost allocations and chargebacks.
    • Integration with the service desk is required to track and deploy software requests.

    Info-Tech Best Practice

    To integrate SAM effectively, a clear implementation roadmap needs to be designed. Prioritize “quick wins” to demonstrate success to the business early and to gain buy-in from your team. Short-term gains should be designed to support long-term goals of your SAM program.

    Sample short-term goals
    • Identify inventory classification and tool
    • Create basic SAM policies and processes
    • Implement SAM auto-discovery tools
    Sample long-term goals
    • Software contract data integration
    • Continual improvement through review and revision
    • Software compliance reports, internal audits

    Develop a SAM roadmap to plan your implementation

    Associated Activity icon 4.2.5 Build a project roadmap
    1. Identify and review all initiatives that will be taken to implement or improve the software asset management program. These may fall under people, process, or technology-related tasks.
    2. Assign a priority level to each task (Quick Win, Low, Medium, High).
    3. Use the priority to sort tasks into start dates, breaking down by:
      1. Short, medium, or long-term
      2. 1 month, 3 months, 6 months, 12+ months
      3. Q1, Q2, Q3, Q4
    4. Review tasks and adjust start dates for some, if needed to set realistic and achievable timelines.
    5. Transfer tasks to a project plan or Gantt chart to formalize.
    Examples:
    Q1 Q2 Q3 Q4
    • Hire software asset manager
    • Document SOP
    • Define policies
    • Select a SAM tool
    • Create list of approved services and software
    • Define metrics
    • Inventory existing software and contracts
    • Build a patch policy
    • Build a service catalog
    • Contract renewal alignment
    • Run internal audit
    • Security review

    Review and maintain the SAM program to reach optimal maturity

    • SAM is a dynamic process. It must adapt to keep pace with the direction of the organization. New applications, different licensing needs, and a constant stream of new end users all contribute to complicating the licensing process.
    • As part of your organization’s journey to an optimized SAM program, put in place continual improvement practices to maintain momentum.

    A suggested cycle of review and maintenance for your SAM: 'Plan', 'Do', 'Check', 'Act'.

    Info-Tech Insight

    Advertising the increased revenue that is gained from good SAM practices is a powerful way to gain project buy-in.

    Keep the momentum going:

    • Clearly define ongoing responsibilities for each role.
    • Develop a training and awareness program for new employees to be introduced to SAM processes and policies.
    • Continually review and revise existing processes as necessary.
    • Measure the success of the program to identify areas for improvement and demonstrate successes.
    • Measure adherence to process and policies and enforce as needed.

    Reflect on the outcomes of implementing SAM to target areas for improvement and share knowledge gained within and beyond the SAM team. Some questions to consider include:

    1. How did the data compare to our expectations? Was the project a success?
    2. What obstacles were present that impacted the project?
    3. How can we apply lessons learned through this project to others in the future?

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    4.2.1

    		 Sample of activity 4.2.1 'Develop a communication plan to convey the right messages'. Develop a communication plan to convey the right messages

    Identify stakeholders requiring communication and formulate a message and delivery method for each.

    4.2.5

    		 Sample of activity 4.2.5 'Develop a SAM roadmap to plan your implementation'. Develop a SAM roadmap to plan your implementation

    Outline the tasks necessary for the implementation of this project and prioritize to build a project roadmap.

    Phase 4 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 4: Build supporting processes & tools

    Proposed Time to Completion (in weeks): 4
    Step 4.1: Compliance & audits Step 4.2: Communicate & build roadmap
    Start with an analyst kick-off call:
    • Discuss audit process
    • Define a process for internal audits
    • Define a process for external audit response
    		 Review findings with analyst:
    • Build communication plan
    • Discuss policy needs
    • Build a roadmap
    Then complete these activities…
    • Document internal audit process
    • Document external audit process
    • Prepare audit templates
    		 Then complete these activities…
    • Develop communication plan
    • Prepare an FAQ list for end users
    • Build SAM policies
    • Develop a roadmap
    With these tools & templates:
    • Standard Operating Procedures
    • Software Audit Scoping Email Template
    • Software Audit Launch Email Template
    		 With these tools & templates:
    • SAM Communication Plan
    • Software Asset Management FAQ Template
    • Software Asset Management Policy
    • Additional Policy Templates

    Bibliography

    2013 Software Audit Industry Report.” Express Metrix, 2013. Web.

    7 Vital Trends Disrupting Today’s Workplace: Results and Data from 2013 TINYpulse Employee Engagement Survey.” TINYpulse, 2013. Web.

    Beaupoil, Christof. “How to measure data quality and protect against software audits.” Network World, 6 June 2011.

    Begg, Daniel. “Effective Licence Position (ELP) – What is it really worth?” LinkedIn, 19 January 2016.

    Boehler, Bernhard. “Advanced License Optimization: Go Beyond Compliance for Maximum Cost Savings.” The ITAM Review, 24 November 2014.

    Bruce, Warren. “SAM Baseline – process & best practice.” Microsoft. 2013 Australia Partner Conference.

    Case Study Top 20 U.S. Bank Tackles Asset Management.” Pomeroy, 2012. Web.

    Cherwell Software Software Audit Industry Report.” Cherwell Software, 2015. Web.

    Conrad, Sandi. “SAM starter kit: everything you need to get started with software asset management. Conrad & Associates, 2010.

    Corstens, Jan, and Diederik Van der Sijpe. “Contract risk & compliance software asset management (SAM).” Deloitte, 2012.

    Deas, A., T. Markowitzm and E. Black. “Software asset management: high risk, high reward.” Deloitte, 2014.

    Doig, Chris. “Why you should always estimate ROI before buying enterprise software” CIO, 13 August 2015.

    Fried, Chuck. “America Needs An Education On Software Asset Management (SAM).” LinkedIn. 16 June 2015.

    Lyons, Gwen. “Understanding the Drivers Behind Application Rationalization Critical to Success.” Flexera Software Blog, 31 October 2012.

    Bibliography

    Metrics to Measure SAM Success: eight ways to prove your SAM program is delivering business benefits.” Snow Software White Paper, 2015.

    Microsoft. “The SAM Optimization Model.” Microsoft Corporation White Paper, 2010.

    Miller, D. and M. Oliver. “Engaging Stakeholders for Project Success.” Project Management Institute White Paper, 2015.

    Morrison, Dan. “5 Common Misconceptions of Software Asset Management.” SoftwareOne. 12 May 2015.

    O’Neill, Leslie T. “Visa Case Study: SAM in the 21st Century.” International Business Software Managers Association (IBSMA), 30 July 2014.

    Reducing Hidden Operating Costs Through IT Asset Discovery.” NetSupport Inc., 2011.

    SAM Summit 2014, 23-25 June 2014, University of Chicago Gleacher Center Conference Facilities, Chicago, MI.

    Saxby, Heather. “20 Things Every CIO Needs to Know about Software Asset Management.” Crayon Software Experts, 13 May 2015.

    The 2016 State of IT: Managing the money monsters for the coming year.” Spiceworks, 2016.

    The Hidden Cost of Unused Software.” A 1E Report, 1E.com: 2014. Web.

    What does it take to achieve software license optimization?” Flexera White Paper, 2013.

    Research contributors and experts

    Photo of Michael Dean, Director, User Support Services, Des Moines University Michael Dean
    Director, User Support Services
    Des Moines University     		Simon Leuty
    Co-Founder
    Livingstone Tech     		Photo of Simon Leuty, Co-Founder, Livingstone Tech
    Photo of Clare Walsh, PR Consultant, Adesso Tech Ltd. Clare Walsh
    PR Consultant
    Adesso Tech Ltd.     		Alex Monaghan
    Director, Presales EMEA
    Product Support Solutions     		Photo of Alex Monaghan, Director, Presales EMEA, Product Support Solutions

    Research contributors and experts

    Photo of Ben Brand, SAM Practice Manager, Insight Ben Brand
    SAM Practice Manager
    Insight     		Michael Swanson
    President
    ISAM     		Photo of Michael Swanson, President, ISAM
    Photo of Bruce Aboudara, SVP, Marketing & Business Development, Scalable Software Bruce Aboudara
    SVP, Marketing & Business Development
    Scalable Software     		Will Degener
    Senior Solutions Consultant
    Scalable Software     		Photo of Will Degener, Senior Solutions Consultant, Scalable Software

    Research contributors and experts

    Photo of Peter Gregorowicz, Associate Director, Network & Client Services, Vancouver Community College Peter Gregorowicz
    Associate Director, Network & Client Services
    Vancouver Community College     		Peter Schnitzler
    Operations Team Lead
    Toyota Canada     		Photo of Peter Schnitzler, Operations Team Lead, Toyota Canada
    Photo of David Maughan, Head of Service Transition, Mott MacDonald Ltd. David Maughan
    Head of Service Transition
    Mott MacDonald Ltd.     		Brian Bernard
    Infrastructure & Operations Manager
    Lee County Clerk of Court     		Photo of Brian Bernard, Infrastructure & Operations Manager, Lee County Clerk of Court

    Research contributors and experts

    Photo of Leticia Sobrado, IT Data Governance & Compliance Manager, Intercept Pharmaceuticals Leticia Sobrado
    IT Data Governance & Compliance Manager
    Intercept Pharmaceuticals

    Design a Tabletop Exercise to Support Your Security Operation

    • Buy Link or Shortcode: {j2store}319|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $12,599 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Threat Intelligence & Incident Response
    • Parent Category Link: /threat-intelligence-incident-response
    • Threat management has become resource intensive, requiring continuous monitoring, collection, and analysis of massive volumes of security event data.
    • Security incidents are inevitable, but how they are handled is critical.
    • The increasing use of sophisticated malware is making it difficult for organizations to identify the true intent behind the attack campaign.
    • The incident response is often handled in an ad hoc or ineffective manner.

    Our Advice

    Critical Insight

    • Establish communication processes and channels well in advance of a crisis. Don’t wait until a state of panic. Collaborate and share information mutually with other organizations to stay ahead of incoming threats.
    • Security operations is no longer a center, but a process. The need for a physical security hub has evolved into the virtual fusion of prevention, detection, analysis, and response efforts. When all four functions operate as a unified process, your organization will be able to proactively combat changes in the threat landscape.
    • You might experience a negative return on your security control investment. As technology in the industry evolves, threat actors will adopt new tools, tactics, and procedures; a tabletop exercise will help ensure teams are leveraging your security investment properly and providing relevant situational awareness to stay on top of the rapidly evolving threat landscape.

    Impact and Result

    Establish and design a tabletop exercise capability to support and test the efficiency of the core prevention, detection, analysis, and response functions that consist of an organization's threat intelligence, security operations, vulnerability management, and incident response functions.

    Design a Tabletop Exercise to Support Your Security Operation Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should design a tabletop exercise, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Plan

    Evaluate the need for a tabletop exercise.

    • Design a Tabletop Exercise to Support Your Security Operation – Phase 1: Plan

    2. Design

    Determine the topics, scope, objectives, and participant roles and responsibilities.

    • Design a Tabletop Exercise to Support Your Security Operation – Phase 2: Design

    3. Develop

    Create briefings, guides, reports, and exercise injects.

    • Design a Tabletop Exercise to Support Your Security Operation – Phase 3: Develop
    • Design a Tabletop Exercise to Support Your Security Operation – Inject Examples

    4. Conduct

    Host the exercise in a conference or classroom setting.

    • Design a Tabletop Exercise to Support Your Security Operation – Phase 4: Conduct

    5. Evaluate

    Plan to ensure measurement and continued improvement.

    • Design a Tabletop Exercise to Support Your Security Operation – Phase 5: Evaluate
    [infographic]

    Drive Business Value With Off-the-Shelf AI

    • Buy Link or Shortcode: {j2store}205|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Business Intelligence Strategy
    • Parent Category Link: /business-intelligence-strategy
    • Understanding the impact of the machine learning/AI component that is built into most of the enterprise products and tools and its role in the implementation of the solution.
    • Understanding the most important aspects that the organization needs to consider while planning the implementation of the AI-powered product.

    Our Advice

    Critical Insight

    • Organizations are faced with multiple challenges trying to adopt AI solutions. Challenges include data issues, ethics and compliance considerations, business process challenges, and misaligned leadership goals.
    • When choosing the right product to meet business needs, organizations need to know what questions to ask vendors to ensure they fully understand the implications of buying an AI/ML product.
    • To guarantee the success of your off-the-shelf AI implementation and ensure it delivers value, you must start with a clear definition of the business case and an understanding of your data.

    Impact and Result

    To guarantee success of the off-the-shelf AI implementation and deliver value, in addition to formulating a clear definition of the business case and understanding of data, organizations should also:

    • Know what questions to ask vendors while evaluating AI-powered products.
    • Measure the impact of the project on business and IT processes.

    Drive Business Value With Off-the-Shelf AI Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Drive Business Value With Off-the-Shelf AI Deck – A step-by-step approach that will help guarantee the success of your Off-the-Shelf AI implementation and ensure it delivers business value

    Use this practical and actionable framework that will guide you through the planning of your Off-the-Shelf AI product implementation.

    • Drive Business Value With Off-the-Shelf AI Storyboard

    2. Off-the-Shelf AI Analysis – A tool that will guide the analysis and planning of the implementation

    Use this analysis tool to ensure the success of the implementation.

    • Off-the-Shelf AI Analysis

    Infographic

    Further reading

    Drive Business Value With Off-the-Shelf AI

    A practical guide to ensure return on your Off-the-Shelf AI investment

    Executive Summary

    Your Challenge
    • Understanding the impact of the machine learning/AI component that is built into most of the enterprise products and tools and its role in the implementation of the solution.
    • What are the most important aspects that organizations needs to consider while planning the implementation of the AI-powered product?
    		 Common Obstacles
    • Organizations are faced with multiple challenges trying to adopt an AI solution. Challenges include data issues, ethics and compliance considerations, business process challenges, and misaligned leadership goals.
    • When choosing the right product to meet business needs, organizations need to know what questions to ask vendors to ensure they fully understand the implications of buying an AI/ML product.
    		 Info-Tech’s Approach

    Info-Tech’s approach includes a framework that will guide organizations through the process of the Off-the-Shelf AI product selection.

    To guarantee success of the Off-the-Shelf AI implementation and deliver value, organization should start with clear definition of the business case and an understanding of data.

    Other steps include:

    • Knowing what questions to ask vendors to evaluate AI-powered products.
    • Measuring the impact of the project on your business and IT processes.
    • Assessing impact on the organization and ensure team readiness.

    Info-Tech Insight

    To guarantee the success of your Off-the-Shelf AI implementation and ensure it delivers value, you must start with a clear definition of the business case and an understanding of your data.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Getting value out of AI and machine learning investments

    92.1%

    of companies say they are achieving returns on their data and AI investments

    91.7%

    said they were increasing investments in data and AI

    26.0%

    of companies have AI systems in widespread production     		However, CIO Magazine identified nine main hurdles to AI adoption based on the survey results:
    • Data issues
    • Business process challenges
    • Implementation challenges and skill shortages
    • Costs of tools and development
    • Misaligned leadership goals
    • Measuring and proving business value
    • Legal and regulatory risks
    • Cybersecurity
    • Ethics
      • (Source: CIO, 2019)
    “Data and AI initiatives are becoming well established, investments are paying off, and companies are getting more economic value from AI.” (Source: NewVantage, 2022.)

    67% of companies are currently using machine learning, and 97% are using or planning to use it in the next year.” (Source: Deloitte, 2020)

    AI vs. ML

    Machine learning systems learn from experience and without explicit instructions. They learn patterns from data then analyze and make predictions based on past behavior and the patterns learned.

    Artificial intelligence is a combination of technologies and can include machine learning. AI systems perform tasks mimicking human intelligence such as learning from experience and problem solving. Most importantly, AI is making its own decisions without human intervention.

    The AI system can make assumptions, test these assumptions, and learn from the results.

    (Level of decision making required increases from left to right)
    Statistical Reasoning
    Infer relationships between variables

    Statistical models are designed to find relationships between variables and the significance of those relationships.

    		Machine Learning:
    Making accurate predictions

    Machine learning is a subset of AI that discovers patterns from data without being explicitly programmed to do so.

    		Artificial Intelligence
    Dynamic adaptation to novelty

    AI systems choose the optimal combination of methods to solve a problem. They make assumptions, reassess the model, and reevaluate the data.

    “Machine learning is the study of computer algorithms that improve automatically through experience.” (Tom Mitchell, 1997)

    “At its simplest form, artificial intelligence is a field, which combines computer science and robust datasets, to enable problem-solving.” (IBM, “What is artificial intelligence?”)

    Types of Off-the-Shelf AI products and solutions

    ML/AI-Powered Products Off-the-Shelf Pre-built and Pre-trained AI/ML Models
    • AI/ML capabilities built into the product and might require training as part of the implementation.
    • Off-the-Shelf ML/AI Models, pre-built, pre-trained, and pre-optimized for a particular task. For example, language models or image recognition models that can be used to speed up and simplify ML/AI systems development.
    Examples of OTS tools/products: Examples of OTS models:

    The data inputs for these models are defined, the developer has to conform to the provided schema, and the data outputs are usually fixed due to the particular task the OTS model is built to solve.

    Insight summary

    Overarching insight:

    To guarantee the success of your Off-the-Shelf AI implementation and ensure it delivers value, you must start with a clear definition of the business case and an understanding of your data.

    Business Goals

    Question the value that AI adds to the tool you are evaluating. Don’t go after the tool simply because it has an AI label attached to it. AI/ML capabilities might add little value but increase implementation complexity. Define the problem you are solving and document business requirements for the tool or a model.

    Data

    Know your data. Determine data requirements to:

    • Train the model during the implementation and development.
    • Run the model in production.

    People/Skills

    Define the skills required for the implementation and assemble the team that will support the project from requirements to deployment and support, through its entire lifecycle. Don’t forget about production support and maintenance.

    Choosing an AI-Powered Tool

    No need to reinvent the wheel and build a product you can buy, but be prepared to work around tool limitations, and make sure you understand the data and the model the tool is built on.

    Choosing an AI/ML Model

    Using Off-the-Shelf-AI models enables an agile approach to system development. Faster POC and validation of ideas and approaches, but the model might not be customizable for your requirements.

    Guaranteeing Off-the-Shelf AI Implementation Success

    Info-Tech Insight

    To guarantee the success of your Off-the-Shelf AI implementation and ensure it delivers value, you must start with a clear definition of the business case and an understanding of your data.

    Why do you need AI in your toolset?
    Business Goals

    Clearly defined problem statement and business requirements for the tool or a model will help you select the right solution that will deliver business value even if it does not have all the latest bells and whistles.

    		Small chevron pointing right.
    Do you know the data required for implementation?
    Data

    Expected business outcome defines data requirements for implementation. Do you have the right data required to train and run the model?

    		Large chevron pointing right.
    Is your organization ready for AI?
    People/Team/ Skills

    New skills and expertise are required through all phases of the implementation: design, build, deployment, support, and maintenance, as well as post-production support, scaling, and adoption.

    Data Architecture/ Infrastructure

    New tool or model will impact your cloud and integration strategy. It will have to integrate with the existing infrastructure, in the cloud or on prem.

    		Large chevron pointing right.
    What questions do you need to ask when choosing the solution?
    Product/ Tool or Model Selection

    Do you know what model powers the AI tool? What data was used to train the tool and what data is required to run it? Ask the right questions.

    		Small chevron pointing right.
    Are you measuring impact on your processes?
    Business and IT Processes

    Business processes need to be defined or updated to incorporate the output of the tool back into the business processes to deliver value.

    IT governance and support processes need to accommodate the new AI-powered tool.

    		Small chevron pointing right.
    Realize and measure business value of your AI investment
    Value

    Do you have a clear understanding of the value that AI will bring to your organization?Optimization?Increased revenue?Operational efficiency?

    Introduction of Off-the-Shelf AI Requires a Strategic Approach

    Business Goals and Value Data People/Team/ Skills Infrastructure Business and IT Processes
    AI/ML–powered tools
    • Define a business problem that can be solved with either an AI-powered tool or an AI/ML pre-built model that will become part of the solution.
    • Define expectations and assumptions around the value that AI can bring.
    • Document business requirements for the tool or model.
    • Define the scope for a prototype or POC.
    • Define data requirements.
    • Define data required for implementation.
    • Determine if the required data can be acquired or captured/generated.
    • Document internal and external sources of data.
    • Validate data quality (define requirements and criteria for data quality).
    • Define where and how the data is stored and will be stored. Does it have to be moved or consolidated?
    • Define all stakeholders involved in the implementation and support.
    • Define skills and expertise required through all phases of the implementation: design, build, deployment, support, and maintenance.
    • Define skills and expertise required to grow AI practice and achieve the next level of adoption, scaling, and development of the tool or model POC.
    • Define infrastructure requirements for either Cloud, Software-as-a-Service, or on-prem deployment of a tool or model.
    • Define how the tool is integrated with existing systems and into existing infrastructure.
    • Determine the cost to deploy and run the tool/model.
    • Define processes that need to be updated to accommodate new functionality.
    • Define how the outcome of the tool or a model (e.g. predictions) are incorporated back into the business processes.
    • Define new business and IT processes that need to be defined around the tool (e.g. chatbot maintenance; analysis of the data generated by the tool).
    Off-the-shelf AI/ML pre-built models
    • Define the business metrics and KPIs to measure success of the implementation against.
    • Determine if there are requirements for a specific data format required for the tool or a model.
    • Determine if there is a need to classify/label the data (supervised learning).
    • Define privacy and security requirements.
    • Define requirements for employee training. This can be vendor training for a tool or platform training in the case of a pre-built model or service.
    • Define if ML/AI expertise is required.
    • Is the organization ready for ML/AI? Conduct an AI literacy survey and understand team’s concerns, fears, and misconceptions and address them.
    • Define requirements for:
      • Data migration.
      • Security.
      • AI/ML pipeline deployment and maintenance.
    • Define requirements for operation and maintenance of the tool or model.
    • Confirm infrastructure readiness.
    • How AI and its output will be used across the organization.

    Define Business Goals and Objectives

    Why do you need AI in your toolset? What value will AI deliver? Have a clear understanding of business benefits and the value AI delivers through the tool.

    • Define a business problem that can be solved with either an AI-powered tool or AI/ML pre-built model.
    • Define expectations and assumptions around the value that AI can bring.
    • Document business requirements for a tool or model.
    • Start with the POC or a prototype to test assumptions, architecture, and components of the solution.
    • Define business metrics and KPIs to measure success of the implementation.

    Info-Tech Insight

    Question the value that AI adds to the tool you are evaluating. Don’t go after the tool simply because it has an AI label attached to it. AI/ML capabilities might add little value but increase implementation complexity. Define the problem you are solving and document business requirements for the tool or a model.

    		Venn diagram of 'Applied Artificial Intelligence (AAI)' with a larger circle at the top, 'Machine Learning (ML)', and three smaller ovals intersecting, 'Computer Vision', 'Natural Language Processing (NLP)', and 'Robotic Process Automation (RPA)'.

    AAI solutions and technologies are helping organizations make faster decisions and predict future outcomes such as:

    • Business process automation
    • Intelligent integration
    • Intelligent insights
    • Operational efficiency improvement
    • Increase revenue
    • Improvement of existing products and services
    • Product and process innovation

    1. Use Info-Tech’s Off-the-Shelf AI Analysis Tool to define business drivers and document business requirements

    2-3 hours
    Screenshot of the Off-the-Shelf AI Analysis Tool's Business Drivers tab, a table with columns 'AI/ML Tool or Model', 'Use Case', 'Business problem / goal for AI/ML use case', 'Description', 'Business Owner (Primary Stakeholder)', 'Priority', 'Stakeholder Groups Impacted', 'Requirements Defined? Yes/No', 'Related Data Domains', and 'KPIs'. Use the Business Drivers tab to document:
    • Business objectives of the initiative that might drive the AI/ML use case.
    • The business owner or primary stakeholder who will help to define business value and requirements.
    • All stakeholders who will be involved or impacted.
    • KPIs that will be used to assess the success of the POC.
    • Data required for the implementation.
    • Use the Business Requirements tab to document high-level requirements for a tool or model.
    • These requirements will be used while defining criteria for a tool selection and to validate if the tool or model meets your business goals.
    • You can use either traditional BRD format or a user story to document requirements.
    		 Screenshot of the Off-the-Shelf AI Analysis Tool's Business Requirements tab, a table with columns 'Requirement ID', 'Requirement Description / user story', 'Requirement Category', 'Stakeholder / User Role', 'Requirement Priority', and 'Complexity (point estimates)'.

    Download the Off-the-Shelf AI Analysis Tool

    1. Define business drivers and document business requirements

    Input

    • Strategic plan of the organization
    • Data strategy that defines target data capabilities required to support enterprise strategic goals
    • Roadmap of business and data initiatives to support target state of data capabilities

    Output

    • Prioritized list of business use cases where an AI-powered tool or AI/ML can deliver business value
    • List of high-level requirements for the selected use case

    Materials

    • Whiteboard/Flip Charts
    • Off-the-Shelf-AI Analysis Tool, “Business Drivers” and “Business Requirements” tabs

    Participants

    • CIO
    • Senior business and IT stakeholders
    • Data owner(s)
    • Data steward(s)
    • Enterprise Architect
    • Data Architect
    • Data scientist/Data analyst

    Understand data required for implementation

    Do you have the right data to implement and run the AI-powered tool or AI/ML model?

    Info-Tech Insight

    Know your data. Determine data requirements to:

    • Train the model during the implementation and development, and
    • Run the model in production
    AvailabilityArrow pointing rightQualityArrow pointing rightPreparationArrow pointing rightBias, Privacy, SecurityArrow pointing rightData Architecture
    • Define what data is required for implementation, e.g. customer data, financial data, product sentiment.
    • If the data is not available, can it be acquired, gathered, or generated?
    • Define the volume of data required for implementation and production.
    • If the model has to be trained, do you have the data required for training (e.g. dictionary of terms)? Can it be created, gathered, or acquired?
    • Document internal and external sources of data.
    • Evaluate data quality for all data sources based on the requirements and criteria defined in the previous step.
    • For datasets with data quality issues, determine if the data issues can be resolved (e.g. missing values are inferred). If not, can this issue be resolved by using other data sources?
    • Engage a Data Governance organization to address any data quality concerns.
    • Determine if there are requirements for a specific data format required for the tool or model.
    • Determine if there is a need to classify/label or tag the data. What are the metadata requirements?
    • Define whether or not the implementation team needs to aggregate or transform the data before it can be used.
    • Define privacy requirements, as these might affect the availability of the data for ML/AI.
    • Define data bias concerns and considerations. Do you have datasheets for datasets that will be used in this project? What datasets cannot be used to prevent bias?
    • What are the security requirements and how will they affect data storage, product selection, and infrastructure requirements for the tool and overall solution?
    • Define where and how the data is currently stored and will be stored.
    • Does it have to be migrated or consolidated? Does it have to be moved to the cloud or between systems?
    • Is a data lake or data warehouse a requirement for this implementation as defined by the solution architecture?

    2. Use Info-Tech’s Off-the-Shelf AI Analysis Tool to document data requirements

    2-3 hours

    Use the Data tab to document the following for each data source or dataset:
    • Data Domain – e.g. Customer data
    • Data Concept – e.g. Customer
    • Data Internally Accessible – Identify datasets that are required for the implementation even if the data might not be available internally. Work on determining if the data ca be acquired externally or collected internally.
    • Source System – define the primary source system for the data, e.g. Salesforce
    • Target System (if applicable) – Define if the data needs to be migrated/transferred. For example, you might use a datalake or data warehouse for the AI/ML solution or migrate data to the cloud.
    • Classification/Taxonomy/Ontology
    • Data Steward
    • Data Owner
    • Data Quality – Data quality indicator
    • Refresh Rate – Frequency of data refresh. Indicate if the data can be accessed in real time or near-real time
    Screenshot of the Off-the-Shelf AI Analysis Tool's Data tab, a spreadsheet table with the columns listed to the left and below.
    • Retention – Retention policy requirements
    • Compliance Requirements – Define if data has to comply with any of the regulatory requirements, e.g. GDPR
    • Privacy, Bias, and Ethics Considerations – Privacy Act, PIPEDA, etc. Identify if the dataset contains sensitive information that should be excluded from the model, such as gender, age, race etc. Indicate fairness metrics, if applicable.

    Download the Off-the-Shelf AI Analysis Tool

    2. Document data requirements

    Input

    • Documented business use cases from Step 1.
    • High-level business requirements from Step 1.
    • Data catalog, data dictionaries, business glossary
    • Data flows and data architecture

    Output

    • High-level data requirements
    • List of data sources and datasets that can be used for the implementation
    • Datasets that need to be collected or acquired externally

    Materials

    • Whiteboard/Flip Charts
    • Off-the-Shelf AI Analysis Tool, “Data” tab

    Participants

    • CIO
    • Business and IT stakeholders
    • Data owner(s)
    • Data steward(s)
    • Enterprise Architect
    • Data Architect
    • Data scientist/Data analyst

    Is Your Organization Ready for AI?

    Assess organizational readiness and define stakeholders impacted by the implementation. Build the team with the right skillset to drive the solution.

    • Implementation of the AI/ML-powered Off-the-Shelf Tool or an AI/ML model will require a team with a combination of skills through all phases of the project, from design of the solution to build, production, deployment, and support.
    • Document the skillsets required and determine the skills gap. Before you start hiring, depending on the role, you might find talent within the organization to join the implementation team with little to no training.
    • AI/ML resources that may be needed on your team driving AI implementation (you might consider bringing part-time resources to fill the gaps or use vendor developers) are:
      • Data Scientist
      • Machine Learning Engineer
      • Data Engineer
      • Data Architect
      • AI/ML Ops engineer
    • Define training requirements. Consider vendor training for a tool or platform.
    • Plan for future scaling and the growing of the solution and AI practice. Assess the need to apply AI in other business areas. Work with the team to analyze use cases and prioritize AI initiatives. As the practice grows, grow your team expertise.
    • Identify the stakeholders who will be affected by the AI implementation.
    • Work with them to understand and address any concerns, fears, or misconceptions around the role of AI and the consequences of bringing AI into the organization.
    • Develop a communication and change management plan to educate everyone within the organization on the application and benefits of using AI and machine learning.

    Info-Tech Insight:

    Define the skills required for the implementation and assemble the team that will support the project through its entire lifecycle. Don’t forget about production, support, and maintenance.

    3. Build your implementation team

    1-2 hours

    Input: Solution conceptual design, Current resource availability

    Output: Roles required for the implementation of the solution, Resources gap analysis, Training and hiring plan

    Materials: Whiteboard/Flip charts, Off-the-Shelf AI Analysis Tool, “People and Team” tab

    Participants: Project lead, HR, Enterprise Architect

    1. Review your solution conceptual design and define implementation team roles.
    2. Document requirements for each role.
    3. Review current org chart and job descriptions and identify skillset gaps. Draft an action plan to fill in the roles.
    4. Use Info-Tech’s Off-the-Shelf AI Analysis Tool's People and Team tab to document team roles for the entire implementation, including design, build/implement, deployment, support and maintenance, and future development.

    Screenshot of the Off-the-Shelf AI Analysis Tool's People and Team tab, a table with columns 'Design', 'Implement', 'Deployment', 'Support and Maintenance', and 'Future Development'.

    Download the Off-the-Shelf AI Analysis Tool

    Cloud, SaaS or On Prem – what are my options and what is the impact?

    Depending on the architecture of the solution, define the impact on the current infrastructure, including system integration, AI/ML pipeline deployment, maintenance, and data storage

    • Data Architecture: use the current data architecture to design the architecture for an AI-powered solution. Assess changes to the data architecture with the introduction of a new tool to make sure it is scalable enough to support the change.
    • Define infrastructure requirements for either Cloud, Software-as-a-Service, or on-prem deployment of a tool or model.
    • Define how the tool will be integrated with existing systems and into existing infrastructure.
    • Define requirements for:
      • Data migration and data storage
      • Security
      • AI/ML pipeline deployment, production monitoring, and maintenance
    • Define requirements for operation and maintenance of the tool or model.
    • Work with your infrastructure architect and vendor to determine the cost of deploying and running the tool/model.
    • Make a decision on the preferred architecture of the system and confirm infrastructure readiness.

    Download the Create an Architecture for AI blueprint

    4. Use Info-Tech’s Off-the-Shelf AI Analysis Tool to document infrastructure decisions

    2-3 hours

    Input: Solution conceptual design

    Output: Infrastructure requirements, Infrastructure readiness assessment

    Materials: Whiteboard/Flip charts, Off-the-Shelf AI Analysis Tool, “Infrastructure” tab

    Participants: Infrastructure Architect, Solution Architect, Enterprise Architect, Data Architect, ML/AI Ops Engineer

    1. Work with Infrastructure, Data, Solution, and Enterprise Architects to define your conceptual solution architecture.
    2. Define integration and storage requirements.
    3. Document security requirements for the solution in general and the data specifically.
    4. Define MLOps requirements and tools required for ML/AI pipeline deployment and production monitoring.
    5. Use Info-Tech’s Off-the-Shelf AI Analysis Tool's Infrastructure tab to document requirements and decisions around Data and Infrastructure Architecture.

    Screenshot of the Off-the-Shelf AI Analysis Tool's Infrastructure tab, a table with columns 'Cloud, SaaS or On-Prem', 'Data Migration Requirements', 'Data Storage Requirements', 'Security Requirements', 'Integrations Required', and 'AI/ML Pipeline Deployment and Maintenance Requirements'.

    Download the Off-the-Shelf AI Analysis Tool

    What questions do you need to ask vendors when choosing the solution?

    Take advantage of Info-Tech’s Rapid Application Selection Framework (RASF) to guide tool selection, but ask vendors the right questions to understand implications of having AI/ML built into the tool or a model

    Data Model Implementation and Integration Deployment Security and Compliance
    • What data (attributes) were used to train the model?
    • Do you have datasheets for the data used?
    • How was data bias mitigated?
    • What are the data labeling/classification requirements for training the model?
    • What data is required for production? E.g. volume; type of data, etc.
    • Were there any open-source libraries used in the model? If yes, how were vulnerabilities and security concerns addressed?
    • What algorithms are implemented in the tool/model?
    • Can model parameters be configured?
    • What is model accuracy?
    • Level of customization required for the implementation to meet our requirements.
    • Does the model require training? If yes, can you provide details? Can you estimate the effort required?
    • Integration capabilities and requirements.
    • Data migration requirements for tool operation and development.
    • Administrator console – is this functionality available?
    • Implementation timeframe.
    • Is the model or tool deployable on premises or in the cloud? Do you support hybrid cloud and multi-cloud deployment?
    • What cloud platforms are your product/model integrated with (AWS, Azure, GCP)?
    • What are the infrastructure requirements?
    • Is the model containerized/ scalable?
    • What product support and product updates are available?
    • Regulatory compliance (GDPR, PIPEDA, HIPAA, PCI DSS, CCPA, SOX, etc.)?
    • How are data security risks addressed?

    Use Info-Tech’s Off-the-Shelf AI Analysis Tool, “Vendor Questionnaire” tab to track vendor responses to these questions.

    Are you measuring impact on your processes?

    Make sure that you understand the impact of the new technology on the existing business and IT processes.

    And make sure your business processes are ready to take advantage of the benefits and new capabilities enabled by AI/ML.

    Process automation, optimization, and improvement enabled by the technology and AI/ML-powered tools allow organizations to reduce manual work, streamline existing business processes, improve customer satisfaction, and get critical insights to assist decision making.

    To take full advantage of the benefits and new capabilities enabled by the technology, make sure that business and IT processes reflect these changes:

    • Processes that need to be updated.
    • How the outcome of the tool or a model (e.g. predictions) is incorporated into the existing business processes and the processes that will monitor the accuracy of the outcome and monitor performance of the tool or model.
    • New business and IT processes that need to be defined for the tool (e.g. chatbot maintenance, analysis of the data generated by the tool, etc.).

    5. Document the Impact on Business and IT Processes

    2-3 hours

    Input: Solution design, Existing business and IT processes

    Output: Documented updates to the existing processes, Documented new business and IT processes

    Materials: Whiteboard/Flip charts, Off-the-Shelf AI Analysis Tool, “Business and IT Processes” tab

    Participants: Project lead, Business stakeholders, Business analyst

    1. Review current business processes affected by the implementation of the AI/ML- powered tool or model. Define the changes that need to be made. The changes might include simplification of the process due to automation of some of the steps. Some processes will need to be redesigned and some processes might become obsolete.
    2. Document high-level steps for any new processes that need to be defined around the AI/ML-powered tool. An example of such a process would be defining new IT and business processes to support a new chatbot.
    3. Use Info-Tech’s Off-the-Shelf AI Analysis Tool's Business and IT Processes tab, to document process changes.

    Screenshot of the Off-the-Shelf AI Analysis Tool's Business and IT Processes tab, a table with columns 'Existing business process affected', 'New business process', 'Stakeholders involved', 'Changes to be made', and 'New Process High-Level Steps'.

    Download the Off-the-Shelf AI Analysis Tool

    AI-powered Tools – Considerations

    PROS:
    • Enhanced functionality, allows the power of AI without specialized skills (e.g., Mathematica – recognizing patterns in data).
    • Might be a cheaper option compared to building a solution in-house (chatbot, for ex.).

    Info-Tech Insight:

    No need to reinvent the wheel and build the product you can buy, but be prepared to work around tool limitations, and make sure you understand the data and the model the tool is built on.

    		CONS:
    • Dependency on the service provider.
    • The tool might not meet all the business requirements without customization.
    • Bias can be built into the tool:
      • Work with the vendor to understand what data was used to train the model.
      • From the perspective of ethics and bias, learn what model is implemented in the tool and what data attributes the model uses.

    Pre-built/pre-trained models – what to keep in mind when choosing

    PROS:
    • Lower cost and less time to development compared to creating and training models from scratch (e.g. using image recognition models or pre-trained language models like BERT).
    • If the pre-trained and optimized model perfectly fits your needs, the model accuracy might be high and sufficient for your scenario.
    • Off-the-Shelf AI models are useful for creating prototypes or POCs, for testing a hypothesis, and for validating ideas and requirements.
    • Usage of Off-the-Shelf models shortens the development cycle and reduces investment risks.
    • Language models are particularly useful if you don’t have data to train your own model (a “small data” scenario).
    • Infrastructure and model training cost reduction.
    		 CONS:
    • Might be a challenge to deploy and maintain the system in production.
    • Lack of flexibility: you might not be able to configure input or output parameters to your requirements. For example, a pre-built sentiment analysis model might return four values (“positive,” “negative,” “neutral,” and “mixed”), but your solution will require only two or three values.
    • Might be a challenge to comply with security and privacy requirements.
    • Compliance with privacy and fairness requirements and considerations: what data was used to pretrain the model?
    • If open-source libraries were used to create the model, how will vulnerabilities, risks, and security concerns be addressed?

    Info-Tech Insight:

    Using Off-the-Shelf AI models enables an agile approach to system development – faster POC and validation of ideas and approaches, but the model might not be customizable for your requirements.

    Metrics

    Metrics and KPIs for this project will depend on the business goals and objectives that you will identify in Step 1 of the tool selection process.

    Metrics might include:

    • Reduction of time spent on a specific business process. If the tool is used to automate certain steps of a business process, this metric will measure how much time was saved, in minutes/hours, compared to the process time before the introduction of the tool.
    • Accuracy of prediction. This metric would measure the accuracy of estimations or predictions compared to the same estimations done before the implementation of the tool. It can be measured by generating the same prediction or estimation using the AI-powered tool or using any methods used before the introduction of the tool and comparing the results.
    • Accuracy of the search results. If the AI-powered tool is a search engine, compare a) how much time it would take a user to find an article or a piece of content they were searching for using new tool vs. previous techniques, b) how many steps it took the user to locate the required article in the search results, and c) the location of the correct piece of content in the search result list (at the top of the search result list or on the tenth page).
    • Time spent on manual tasks and activities. This metric will measure how much time, in minutes/hours, is spent by the employees or users on manual tasks if the tool automates some of these tasks.
    • Reduction of business process steps (if the steps are being automated). To derive this metric, create a map of the business process before the introduction of the AI-powered tool and after, and determine if the tool helped to simplify the process by reducing the number of process steps.

    Bibliography

    Adryan, Boris. “Is it all machine learning?” Badryan, Oct. 20, 2015. Accessed Feb. 2022.

    “AI-Powered Data Management Platform.” Informatica, N.d. Accessed Feb 2022.

    Amazon Rekognition. “Automate your image and video analysis with machine learning.” AWS. N.d. Accessed Feb 2022.

    “Artificial Intelligence (AI).” IBM Cloud Education, 3 June 2020. Accessed Feb 2022.

    “Artificial intelligence (AI) vs machine learning (ML).” Microsoft Azure Documentation. Accessed Feb. 2022.

    “Avante Garde in the Realm of AI” SearchUnify Cognitive Platform. Accessed Feb 2022.

    “Azure Cognitive Services.” Microsoft. N.d. Accessed Feb 2022.

    “Becoming an AI-fueled organization. State of AI in the enterprise, 4th edition,” Deloitte, 2020. Accessed Feb. 2022.

    “Coveo Predictive Search.” Coveo, N.d. Accessed Feb 2022.

    ”Data and AI Leadership. Executive Survey 2022. Executive Summary of Findings.” NewVantage Partners. Accessed Feb 2022.

    “Einstein Discovery in Tableau.” Tableau, N.d. Accessed Feb 2022.

    Korolov, Maria. “9 biggest hurdles to AI adoption.” CIO, Feb 26, 2019. Accessed Feb 2022.

    Meel, Vidushi. “What Is Deep Learning? An Easy to Understand Guide.” visio.ai. Accessed Feb. 2022.

    Mitchell, Tom. “Machine Learning,” McGraw Hill, 1997.

    Stewart, Matthew. “The Actual Difference Between Statistics and Machine Learning.” Towards Data Science, Mar 24, 2019. Accessed Feb 2022.

    “Sentiment analysis with Cognitive Services.” Microsoft Azure Documentation. Accessed February 2022.

    “Three Principles for Designing ML-Powered Products.” Spotify Blog. Oct 2019, Accessed Feb 2022.

    “Video Intelligence API.” Google Cloud Platform. N.d. Accessed Feb 2022

    Prepare for Post-Quantum Cryptography

    • Buy Link or Shortcode: {j2store}268|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security Processes & Operations
    • Parent Category Link: /security-processes-and-operations
    • Fault-tolerant quantum computers, capable of breaking existing encryption algorithms and cryptographic systems, are widely expected to be available sooner than originally projected.
    • Data considered secure today may already be at risk due to the threat of harvest-now-decrypt-later schemes.
    • Many current security controls will be completely useless, including today's strongest encryption techniques.

    Our Advice

    Critical Insight

    The advent of quantum computing is closer than you think: some nations have already demonstrated capability with the potential to break current asymmetric-key encryption. Traditional encryption methods will no longer provide sufficient protection. You need to act now to begin your transformation to quantum-resistant encryption.

    Impact and Result

    • Developing quantum-resistant cryptography capabilities is crucial to maintaining data security and integrity for critical applications.
    • Organizations need to act now to begin their transformation to quantum-resistant encryption.
    • Data security (especially for sensitive data) should be an organization’s top priority. Organizations with particularly critical information need to be on top of this quantum movement.

    Prepare for Post-Quantum Cryptography Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prepare for Post-Quantum Cryptography Storyboard – Research to help organizations to prepare and implement quantum-resistance cryptography solutions.

    Developing quantum-resistant cryptography capabilities is crucial to maintaining data security and integrity for critical applications. Organizations need to act now to begin their transformation to quantum-resistant encryption.

    • Prepare for Post-Quantum Cryptography Storyboard
    [infographic]

    Further reading

    Prepare for Post-Quantum Cryptography

    It is closer than you think, and you need to act now.

    Analyst Perspective

    It is closer than you think, and you need to act now.

    The quantum realm presents itself as a peculiar and captivating domain, shedding light on enigmas within our world while pushing the boundaries of computational capabilities. The widespread availability of quantum computers is expected to occur sooner than anticipated. This emerging technology holds the potential to tackle valuable problems that even the most powerful classical supercomputers will never be able to solve. Quantum computers possess the ability to operate millions of times faster than their current counterparts.

    As we venture further into the era of quantum mechanics, organizations relying on encryption must contemplate a future where these methods no longer suffice as effective safeguards. The astounding speed and power of quantum machines have the potential to render many existing security measures utterly ineffective, including the most robust encryption techniques used today. To illustrate, a task that currently takes ten years to crack through a brute force attack could be accomplished by a quantum computer in under five minutes.

    Amid this transition into a quantum future, the utmost priority for organizations remains data security, particularly safeguarding sensitive information. Organizations must proactively prepare for the development of countermeasures and essential resilience measures to attain a state of being "quantum safe."

    This is a picture of Alan Tang

    Alan Tang
    Principal Research Director, Security and Privacy
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Anticipated advancements in fault-tolerant quantum computers, surpassing existing encryption algorithms and cryptographic systems, are expected to materialize sooner than previously projected. The timeframe for their availability is diminishing daily.
    • Data that is presently deemed secure faces potential vulnerability due to the emergence of harvest-now-decrypt-later strategies.
    • Numerous contemporary security controls, including the most robust encryption techniques, have become obsolete and offer little efficacy.

    Common Obstacles

    • The complexity involved makes it challenging for organizations to incorporate quantum-resistant cryptography into their current IT infrastructure.
    • The endeavor of transitioning to quantum-resilient cryptography demands significant effort and time, with the specific requirements varying for each organization.
    • A lack of comprehensive understanding regarding the cryptographic technologies employed in existing IT systems poses difficulties in identifying and prioritizing systems for upgrading to post-quantum cryptography.

    Info-Tech's Approach

    • The development of quantum-resistant cryptography capabilities is essential for safeguarding the security and integrity of critical applications.
    • Organizations must proactively initiate their transition toward quantum-resistant encryption to ensure data protection.
    • Ensuring the security of corporate data assets should be of utmost importance for organizations, with special emphasis on those possessing highly critical information in light of the advancements in quantum technology.

    Info-Tech Insight

    The advent of quantum computing (QC) is closer than you think: some nations have demonstrated capability with the potential to break current asymmetric-key encryption. Traditional encryption methods will no longer be sufficient as a means of protection. You need to act now to begin your transformation to quantum-resistant encryption.

    Evolvement of QC theory and technologies

    1900-1975

    1976-1997

    1998-2018

    2019-Now

    1. 1900: Max Planck – The energy of a particle is proportional to its frequency: E = hv, where h is a relational constant.
    2. 1926: Erwin Schrödinger – Since electrons can affect each other's states, their energies change in both time and space. The total energy of a particle is expressed as a probability function.
    1. 1976: Physicist Roman Stanisław Ingarden publishes the paper "Quantum Information Theory."
    2. 1980: Paul Benioff describes the first quantum mechanical model of a computer.
    3. 1994: Peter Shor publishes Shor's algorithm.
    1. 1998: A working 2-qubit NMR quantum computer is used to solve Deutsch's problem by Jonathan A. Jones and Michele Mosca at Oxford University.
    2. 2003: DARPA Quantum Network becomes fully operational.
    3. 2011: D-Wave claims to have developed the first commercially available quantum computer, D-Wave One.
    4. 2018: the National Quantum Initiative Act was signed into law by President Donald Trump.
    1. 2019: A paper by Google's quantum computer research team was briefly available, claiming the project has reached quantum supremacy.
    2. 2020: Chinese researchers claim to have achieved quantum supremacy, using a photonic peak 76-qubit system known as Jiuzhang.
    3. 2021: Chinese researchers reported that they have built the world's largest integrated quantum communication network.
    4. 2022: The Quantinuum System Model H1-2 doubled its performance claiming to be the first commercial quantum computer to pass quantum volume 4096.

    Info-Tech Insight

    The advent of QC will significantly change our perception of computing and have a crucial impact on the way we protect our digital economy using encryption. The technology's applicability is no longer a theory but a reality to be understood, strategized about, and planned for.

    Fundamental physical principles and business use cases

    Unlike conventional computers that rely on bits, quantum computers use quantum bits or qubits. QC technology surpasses the limitations of current processing powers. By leveraging the properties of superposition, interference, and entanglement, quantum computers have the capacity to simultaneously process millions of operations, thereby surpassing the capabilities of today's most advanced supercomputers.

    A 2021 Hyperion Research survey of over 400 key decision makers in North America, Europe, South Korea, and Japan showed nearly 70% of companies have some form of in-house QC program.

    Three fundamental QC physical principles

    1. Superposition
    2. Interference
    3. Entanglement

    This is an image of two headings, Optimization; and Simulation. there are five points under each heading, with an arrow above pointing left to right, labeled Qbit Count.

    Info-Tech Insight

    Organizations need to reap the substantial benefits of QC's power, while simultaneously shielding against the same technologies when used by cyber adversaries.

    Percentage of Surveyed Companies That Have QC Programs

    • 31% Have some form of in-house QC program
    • 69% Have no QC program

    Early adopters and business value

    QC early adopters see the promise of QC for a wide range of computational workloads, including machine learning applications, finance-oriented optimization, and logistics/supply chain management.

    This is an image of the Early Adopters, and the business value drivers.

    Info-Tech Insight

    Experienced attackers are likely to be the early adopters of quantum-enabled cryptographic solutions, harnessing the power of QC to exploit vulnerabilities in today's encryption methods. The risks are particularly high for industries that rely on critical infrastructure.

    The need of quantum-safe solution is immediate

    Critical components of classical cryptography will be at risk, potentially leading to the exposure of confidential and sensitive information to the general public. Business, technology, and security leaders are confronted with an immediate imperative to formulate a quantum-safe strategy and establish a roadmap without delay.

    Case Study – Google, 2019

    In 2019, Google claimed that "Our Sycamore processor takes about 200 seconds to sample one instance of a quantum circuit a million times—our benchmarks currently indicate that the equivalent task for a state-of-the-art classical supercomputer would take approximately 10,000 years."
    Source: Nature, 2019

    Why You Should Start Preparation Now

    • The complexity with integrating QC technology into existing IT infrastructure.
    • The effort to upgrade to quantum-resilient cryptography will be significant.
    • The amount of time remaining will decrease every day.

    Case Study – Development in China, 2020

    On December 3, 2020, a team of Chinese researchers claim to have achieved quantum supremacy, using a photonic peak 76-qubit system (43 average) known as Jiuzhang, which performed calculations at 100 trillion times the speed of classical supercomputers.
    Source: science.org, 2020

    Info-Tech Insight

    The emergence of QC brings forth cybersecurity threats. It is an opportunity to regroup, reassess, and revamp our approaches to cybersecurity.

    Security threats posed by QC

    Quantum computers have reached a level of advancement where even highly intricate calculations, such as factoring large numbers into their primes, which serve as the foundation for RSA encryption and other algorithms, can be solved within minutes.

    Threat to data confidentiality

    QC could lead to unauthorized decryption of confidential data in the future. Data confidentiality breaches also impact improperly disposed encrypted storage media.

    Threat to authentication protocols and digital governance

    A recovered private key, which is derived from a public key, can be used through remote control to fraudulently authenticate a critical system.

    Threat to data integrity

    Cybercriminals can use QC technology to recover private keys and manipulate digital documents and their digital signatures.

    Example:

    Consider RSA-2048, a widely used public-key cryptosystem that facilitates secure data transmission. In a 2021 survey, a majority of leading authorities believed that RSA-2048 could be cracked by quantum computers within a mere 24 hours.
    Source: Quantum-Readiness Working Group, 2022

    Info-Tech Insight

    The development of quantum-safe cryptography capabilities is of utmost importance in ensuring the security and integrity of critical applications' data.

    US Quantum Computing Cybersecurity Preparedness Act

    The US Congress considers cryptography essential for the national security of the US and the functioning of the US economy. The Quantum Computing Cybersecurity Preparedness Act was introduced on April 18, 2022, and became a public law (No: 117-260) on December 21, 2022.

    Purpose

    The purpose of this Act is to encourage the migration of Federal Government information technology systems to quantum-resistant cryptography, and for other purposes.

    Scope and Exemption

    • Scope: Systems of government agencies.
    • Exemption: This Act shall not apply to any national security system.

    Main Obligations

    Responsibilities

    		Requirements
    Inventory Establishment Not later than 180 days after the date of enactment of this Act, the Director of OMB, shall issue guidance on the migration of information technology to post-quantum cryptography.
    Agency Reports "Not later than 1 year after the date of enactment of this Act, and on an ongoing basis thereafter, the head of each agency shall provide to the Director of OMB, the Director of CISA, and the National Cyber Director— (1) the inventory described in subsection (a)(1); and (2) any other information required to be reported under subsection (a)(1)(C)."
    Migration and Assessment "Not later than 1 year after the date on which the Director of NIST has issued post-quantum cryptography standards, the Director of OMB shall issue guidance requiring each agency to— (1) prioritize information technology described under subsection (a)(2)(A) for migration to post-quantum cryptography; and (2) develop a plan to migrate information technology of the agency to post-quantum cryptography consistent with the prioritization under paragraph (1)."

    "It is the sense of Congress that (1) a strategy for the migration of information technology of the Federal Government to post-quantum cryptography is needed; and (2) the government wide and industry-wide approach to post- quantum cryptography should prioritize developing applications, hardware intellectual property, and software that can be easily updated to support cryptographic agility." – Quantum Computing Cybersecurity Preparedness Act

    The development of post-quantum encryption

    Since 2016, the National Institute of Standards and Technology (NIST) has been actively engaged in the development of post-quantum encryption standards. The objective is to identify and establish standardized cryptographic algorithms that can withstand attacks from quantum computers.

    NIST QC Initiative Key Milestones

    Date Development
    Dec. 20, 2016 Round 1 call for proposals: Announcing request for nominations for public-key post-quantum cryptographic algorithms
    Nov. 30, 2017 Deadline for submissions – 82 submissions received
    Dec. 21, 2017 Round 1 algorithms announced (69 submissions accepted as "complete and proper")
    Jan. 30, 2019 Second round candidates announced (26 algorithms)

    July 22, 2020

    		Third round candidates announced (7 finalists and 8 alternates)

    July 5, 2022

    		Announcement of candidates to be standardized and fourth round candidates
    2022/2024 (Plan) Draft standards available

    Four Selected Candidates to be Standardized

    CRYSTALS – Kyber

    CRYSTALS – Dilithium

    FALCON

    SPHINCS+

    NIST recommends two primary algorithms to be implemented for most use cases: CRYSTALS-KYBER (key-establishment) and CRYSTALS-Dilithium (digital signatures). In addition, the signature schemes FALCON and SPHINCS+ will also be standardized.

    Info-Tech Insight

    There is no need to wait for formal NIST PQC standards selection to begin your post-quantum mitigation project. It is advisable to undertake the necessary steps and allocate resources in phases that can be accomplished prior to the finalization of the standards.

    Prepare for post-quantum cryptography

    The advent of QC is closer than you think: some nations have demonstrated capability with the potential to break current asymmetric-key encryption. Traditional encryption methods will no longer be sufficient as a means of protection. You need to act now to begin your transformation to quantum-resistant encryption.

    This is an infographic showing the three steps: Threat is Imminent; Risks are Profound; and Take Acton Now.

    Insight summary

    Overarching Insight

    The advent of QC is closer than you think as some nations have demonstrated capability with the potential to break current asymmetric-key encryption. Traditional encryption methods will no longer be sufficient as a means of protection. You need to act now to begin your transformation to quantum-resistant encryption.

    Business Impact Is High

    The advent of QC will significantly change our perception of computing and have a crucial impact on the way we protect our digital economy using encryption. The technology's applicability is no longer a theory but a reality to be understood, strategized about, and planned for.

    It's a Collaborative Effort

    Embedding quantum resistance into systems during the process of modernization requires collaboration beyond the scope of a Chief Information Security Officer (CISO) alone. It is a strategic endeavor shaped by leaders throughout the organization, as well as external partners. This comprehensive approach involves the collective input and collaboration of stakeholders from various areas of expertise within and outside the organization.

    Leverage Industry Standards

    There is no need to wait for formal NIST PQC standards selection to begin your post-quantum mitigation project. It is advisable to undertake the necessary steps and allocate resources in phases that can be accomplished prior to the finalization of the standards.

    Take a Holistic Approach

    The advent of QC poses threats to cybersecurity. It's a time to regroup, reassess, and revamp.

    Blueprint benefits

    IT Benefits

    Business Benefits

    • This blueprint will help organizations to discover and then prioritize the systems to be upgraded to post-quantum cryptography.
    • This blueprint will enable organizations to integrate quantum-resistant cryptography into existing IT infrastructure.
    • Developing quantum-resistant cryptography capabilities is crucial to maintaining data security and integrity for critical applications.
    • This blueprint will help organizations to save effort and time needed upgrade to quantum-resilient cryptography.
    • Organizations will reap the substantial benefits of QC's power, while simultaneously shielding against the same technologies when used by cyber adversaries.
    • Avoid reputation and brand image by preventing data breach and leakage.
    • This blueprint will empower organizations to protect corporate data assets in the post-quantum era.
    • Be compliant with various security and privacy laws and regulations.

    Info-Tech Project Value

    Time, value, and resources saved to obtain buy-in from senior leadership team using our research material:

    1 FTEs*10 days*$100,000/year = $6,000

    Time, value, and resources saved to implement quantum-resistant cryptography using our research guidance:

    2 FTEs* 30 days*$100,000/year = $24,000

    Estimated cost and time savings from this blueprint:

    $6,000 + $24,000 =$30,000

    Get prepared for a post-quantum world

    The advent of sufficiently powerful quantum computers poses a risk of compromising or weakening traditional forms of asymmetric and symmetric cryptography. To safeguard data security and integrity for critical applications, it is imperative to undertake substantial efforts in migrating an organization's cryptographic systems to post-quantum encryption. The development of quantum-safe cryptography capabilities is crucial in this regard.

    Phase 1 - Prepare

    • Obtain buy-in from leadership team.
    • Educate your workforce about the upcoming transition.
    • Create defined projects to reduce risks and improve crypto-agility.

    Phase 2 - Discover

    • Determine the extent of your exposed data, systems, and applications.
    • Establish an inventory of classical cryptographic use cases.

    Phase 3 - Assess

    • Assess the security and data protection risks posed by QC.
    • Assess the readiness of transforming existing classical cryptography to quantum-resilience solutions.

    Phase 4 - Prioritize

    • Prioritize transformation plan based on criteria such as business impact, near-term technical feasibility, and effort, etc.
    • Establish a roadmap.

    Phase 5 - Mitigate

    • Implement post-quantum mitigations.
    • Decommissioning old technology that will become unsupported upon publication of the new standard.
    • Validating and testing products that incorporate the new standard.

    Phase 1 – Prepare: Protect data assets in the post-quantum era

    The rise of sufficiently powerful quantum computers has the potential to compromise or weaken conventional asymmetric and symmetric cryptography methods. In anticipation of a quantum-safe future, it is essential to prioritize crypto-agility. Consequently, organizations should undertake specific tasks both presently and in the future to adequately prepare for forthcoming quantum threats and the accompanying transformations.

    Quantum-resistance preparations must address two different needs:

    Reinforce digital transformation initiatives

    To thrive in the digital landscape, organizations must strengthen their digital transformation initiatives by embracing emerging technologies and novel business practices. The transition to quantum-safe encryption presents a unique opportunity for transformation, allowing the integration of these capabilities to evolve business transactions and relationships in innovative ways.

    Protect data assets in the post-quantum era

    Organizations should prioritize supporting remediation efforts aimed at ensuring the quantum safety of existing data assets and services. The implementation of crypto-agility enables organizations to respond promptly to cryptographic vulnerabilities and adapt to future changes in cryptographic standards. This proactive approach is crucial, as the need for quantum-safe measures existed even before the complexities posed by QC emerged.

    Preparation for the post-quantum world has been recommended by the US government and other national bodies since 2016.

    In 2016, NIST, the National Security Agency (NSA), and Central Security Service stated in their Commercial National Security Algorithm Suite and QC FAQ: "NSA believes the time is now right [to start preparing for the post-quantum world] — consistent with advances in quantum computing."
    Source: Cloud Security Alliance, 2021

    Phase 1 – Prepare: Key tasks

    Preparing for quantum-resistant cryptography goes beyond simply acquiring knowledge and conducting experiments in QC. It is vital for senior management to receive comprehensive guidance on the challenges, risks, and potential mitigations associated with the post-quantum landscape. Quantum and post-quantum education should be tailored to individuals based on their specific roles and the impact of post-quantum mitigations on their responsibilities. This customized approach ensures that individuals are equipped with the necessary knowledge and skills relevant to their respective roles.

    Leadership Buy-In

    • Get senior management commitment to post-quantum project.
    • Determine the extent of exposed data, systems, and applications.
    • Identify near-term, achievable cryptographic maturity goals, creating defined projects to reduce risks and improve crypto-agility.

    Roles and Responsibilities

    • The ownership should be clearly defined regarding the quantum-resistant cryptography program.
    • This should be a cross-functional team within which members represent various business units.

    Awareness and Education

    • Senior management needs to understand the strategic threat to the organization and needs to adequately address the cybersecurity risk in a timely fashion.
    • Educate your workforce about the upcoming transition. All training and education should seek to achieve awareness of the following items with the appropriate stakeholders.

    Info-Tech Insight

    Embedding quantum resistance into systems during the process of modernization requires collaboration beyond the scope of a CISO alone. It is a strategic endeavor shaped by leaders throughout the organization, as well as external partners. This comprehensive approach involves the collective input and collaboration of stakeholders from various areas of expertise within and outside the organization.

    Phase 2 – Discover: Establish a data protection inventory

    During the discovery phase, it is crucial to locate and identify any critical data and devices that may require post-quantum protection. This step enables organizations to understand the algorithms in use and their specific locations. By conducting this thorough assessment, organizations gain valuable insights into their existing infrastructure and cryptographic systems, facilitating the implementation of appropriate post-quantum security measures.

    Inventory Core Components

    1. Description of devices and/or data
    2. Location of all sensitive data and devices
    3. Criticality of the data
    4. How long the data or devices need to be protected
    5. Effective cryptography in use and cryptographic type
    6. Data protection systems currently in place
    7. Current key size and maximum key size
    8. Vendor support timeline
    9. Post-quantum protection readiness

    Key Things to Consider

    • The accuracy and thoroughness of the discovery phase are critical factors that contribute to the success of a post-quantum project.
    • It is advisable to conduct this discovery phase comprehensively across all aspects, not solely limited to public-key algorithms.
    • Performing a data protection inventory can be a time-consuming and challenging phase of the project. Breaking it down into smaller subtasks can help facilitate the process.
    • Identifying all information can be particularly challenging since data is typically scattered throughout an organization. One approach to begin this identification process is by determining the inputs and outputs of data for each department and team within the organization.
    • To ensure accountability and effectiveness, it is recommended to assign a designated individual as the ultimate owner of the data protection inventory task. This person should have the necessary responsibilities and authority to successfully accomplish the task.

    Phase 3 – Assess: The workflow

    Quantum risk assessment entails evaluating the potential consequences of QC on existing security measures and devising strategies to mitigate these risks. This process involves analyzing the susceptibility of current systems to attacks by quantum computers and identifying robust security measures that can withstand QC threats.

    Risk Assessment Workflow

    This is an image of the Risk Assessment Workflow

    By identifying the security gaps that will arise with the advent of QC, organizations can gain insight into the substantial vulnerabilities that core business operations will face when QC becomes a prevalent reality. This proactive understanding enables organizations to prepare and implement appropriate measures to address these vulnerabilities in a timely manner.

    Phase 4 – Prioritize: Balance business value, security risks, and effort

    Organizations need to prioritize the mitigation initiatives based on various factors such as business value, level of security risk, and the effort needed to implement the mitigation controls. In the diagram below, the size of the circle reflects the degree of effort. The bigger the size, the more effort is needed.

    This is an image of a chart where the X axis represents Security Risk level, and the Y axis is Business Value.

    QC Adopters Anticipated Annual Budgets

    This is an image of a bar graph showing the Anticipated Annual Budgets for QC Adopters.
    Source: Hyperion Research, 2022

    Hyperion's survey found that the range of expected budget varies widely.

    • The most selected option, albeit by only 38% of respondents, was US$5 million to US$15 million.
    • About one-third of respondents foresaw annual budgets that exceeded US$15 million, and one-fifth expected budgets to exceed US$25 million.

    Build your risk mitigation roadmap

    2 hours

    1. Review the quantum-resistance initiatives generated in Phase 3 – Assessment.
    2. With input from all stakeholders, prioritize the initiatives based on business value, security risks, and effort using the 2x2 grid.
    3. Review the position of all initiatives and adjust accordingly considering other factors such as dependency, etc.
    4. Place prioritized initiatives to a wave chart.
    5. Assign ownership and target timeline for each initiative.

    This is an image the Security Risk Vs. Business value graph, above an image showing Initiatives Numbered 1-7, divided into Wave 1; Wave 2; and Wave 3.

    Input

    • Data protection inventory created in phase 2
    • Risk assessment produced in phase 3
    • Business unit leaders' and champions' understanding (high-level) of challenges posed by QC

    Output

    • Prioritization of quantum-resistance initiatives

    Materials

    • Whiteboard/flip charts
    • Sticky notes
    • Pen/whiteboard markers

    Participants

    • Quantum-resistance program owner
    • Senior leadership team
    • Business unit heads
    • Chief security officer
    • Chief privacy officer
    • Chief information officer
    • Representatives from legal, risk, and governance

    Phase 5 – Mitigate: Implement quantum-resistant encryption solutions

    To safeguard against cybersecurity risks and threats posed by powerful quantum computers, organizations need to adopt a robust defense-in-depth approach. This entails implementing a combination of well-defined policies, effective technical defenses, and comprehensive education initiatives. Organizations may need to consider implementing new cryptographic algorithms or upgrading existing protocols to incorporate post-quantum encryption methods. The selection and deployment of these measures should be cost-justified and tailored to meet the specific needs and risk profiles of each organization.

    Governance

    Implement solid governance mechanisms to promote visibility and to help ensure consistency

    • Update policies and documents
    • Update existing acceptable cryptography standards
    • Update security and privacy audit programs

    Industry Standards

    • Stay up to date with newly approved standards
    • Leverage industry standards (i.e. NIST's post-quantum cryptography) and test the new quantum-safe cryptographic algorithms

    Technical Mitigations

    Each type of quantum threat can be mitigated using one or more known defenses.

    • Physical isolation
    • Replacing quantum-susceptible cryptography with quantum-resistant cryptography
    • Using QKD
    • Using quantum random number generators
    • Increasing symmetric key sizes
    • Using hybrid solutions
    • Using quantum-enabled defenses

    Vendor Management

    • Work with key vendors on a common approach to quantum-safe governance
    • Assess vendors for possible inclusion in your organization's roadmap
    • Create acquisition policies regarding quantum-safe cryptography

    Research Contributors and Experts

    This is a picture of Adib Ghubril

    Adib Ghubril
    Executive Advisor, Executive Services
    Info-Tech Research Group

    This is a picture of Erik Avakian

    Erik Avakian
    Technical Counselor
    Info-Tech Research Group

    This is a picture of Alaisdar Graham

    Alaisdar Graham
    Executive Counselor
    Info-Tech Research Group

    This is a picture of Carlos Rivera

    Carlos Rivera
    Principal Research Advisor
    Info-Tech Research Group

    This is a picture of Hendra Hendrawan

    Hendra Hendrawan
    Technical Counselor
    Info-Tech Research Group

    This is a picture of Fritz Jean-Louis

    Fritz Jean-Louis
    Principal Cybersecurity Advisor
    Info-Tech Research Group

    Bibliography

    117th Congress (2021-2022). H.R.7535 - Quantum Computing Cybersecurity Preparedness Act. congress.gov, 21 Dec 2022.
    Arute, Frank, et al. Quantum supremacy using a programmable superconducting processor. Nature, 23 Oct 2019.
    Bernhardt, Chris. Quantum Computing for Everyone. The MIT Press, 2019.
    Bob Sorensen. Quantum Computing Early Adopters: Strong Prospects For Future QC Use Case Impact. Hyperion Research, Nov 2022.
    Candelon, François, et al. The U.S., China, and Europe are ramping up a quantum computing arms race. Here's what they'll need to do to win. Fortune, 2 Sept 2022.
    Curioni, Alessandro. How quantum-safe cryptography will ensure a secure computing future. World Economic Forum, 6 July 2022.
    Davis, Mel. Toxic Substance Exposure Requires Record Retention for 30 Years. Alert presented by CalChamber, 18 Feb 2022.
    Eddins, Andrew, et al. Doubling the size of quantum simulators by entanglement forging. arXiv, 22 April 2021.
    Gambetta, Jay. Expanding the IBM Quantum roadmap to anticipate the future of quantum-centric supercomputing. IBM Research Blog, 10 May 2022.
    Golden, Deborah, et al. Solutions for navigating uncertainty and achieving resilience in the quantum era. Deloitte, 2023.
    Grimes, Roger, et al. Practical Preparations for the Post-Quantum World. Cloud Security Alliance, 19 Oct 2021.
    Harishankar, Ray, et al. Security in the quantum computing era. IBM Institute for Business Value, 2023.
    Hayat, Zia. Digital trust: How to unleash the trillion-dollar opportunity for our global economy. World Economic Forum, 17 Aug 2022.
    Mateen, Abdul. What is post-quantum cryptography? Educative, 2023.
    Moody, Dustin. Let's Get Ready to Rumble—The NIST PQC 'Competition.' NIST, 11 Oct 2022.
    Mosca, Michele, Dr. and Dr. Marco Piani. 2021 Quantum Threat Timeline Report. Global Risk Institute, 24 Jan 2022.
    Muppidi, Sridhar and Walid Rjaibi. Transitioning to Quantum-Safe Encryption. Security Intelligence, 8 Dec 2022.
    Payraudeau, Jean-Stéphane, et al. Digital acceleration: Top technologies driving growth in a time of crisis. IBM Institute for Business Value, Nov 2020.
    Quantum-Readiness Working Group (QRWG). Canadian National Quantum-Readiness- Best Practices and Guidelines. Canadian Forum for Digital Infrastructure Resilience (CFDIR), 17 June 2022.
    Rotman, David. We're not prepared for the end of Moore's Law. MIT Technology Review, 24 Feb 2020.
    Saidi, Susan. Calculating a computing revolution. Roland Berger, 2018.
    Shorter., Ted. Why Companies Must Act Now To Prepare For Post-Quantum Cryptography. Forbes.com, 11 Feb 2022.
    Sieger, Lucy, et al. The Quantum Decade, Third edition. IBM, 2022.
    Sorensen, Bob. Broad Interest in Quantum Computing as a Driver of Commercial Success. Hyperion Research, 17 Nov 2021.
    Wise, Jason. How Much Data is Created Every Day in 2022? Earthweb, 22 Sept 2022.
    Wright, Lawrence. The Plague Year. The New Yorker, 28 Dec 2020.
    Yan, Bao, et al. Factoring integers with sublinear resources on a superconducting quantum processor. arXiv, 23 Dec 2022.
    Zhong, Han-Sen, et al. Quantum computational advantage using photons. science.org, 3 Dec 2020.

    Reduce Time to Consensus With an Accelerated Business Case

    • Buy Link or Shortcode: {j2store}286|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $12,999 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Business Analysis
    • Parent Category Link: /business-analysis
    • Enterprise application initiatives are complex, expensive, and require a significant amount of planning before initiation.
    • A financial business case is sometimes used to justify these initiatives.
    • Once the business case (and benefits therein) are approved, the case is forgotten, eliminating a critical check and balance of benefit realization.

    Our Advice

    Critical Insight

    1. Frame the conversation.

    Understand the audience and forum for the business case to best frame the conversation.

    2. Time-box the process of building the case.

    More time should be spent on performing the action rather than building the case.

    3. The business case is a living document.

    The business case creates the basis for review of the realization of the proposed business benefits once the procurement is complete.

    Impact and Result

    • Understand the drivers for decision making in your organization, and the way initiatives are evaluated.
    • Compile a compelling business case that provides decision makers with sufficient information to make decisions confidently.
    • Evaluate proposed enterprise application initiatives “apples-to-apples” using a standardized and repeatable methodology.
    • Provide a mechanism for tracking initiative performance during and after implementation.

    Reduce Time to Consensus With an Accelerated Business Case Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a business case for enterprise application investments, review Info-Tech’s methodology, and understand how we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Gather the required information

    Complete the necessary preceding tasks to building the business case. Rationalize the initiative under consideration, determine the organizational decision flow following a stakeholder assessment, and conduct market research to understand the options.

    • Reduce Time to Consensus With an Accelerated Business Case – Phase 1: Gather the Required Information
    • Business Case Readiness Checklist
    • Business Case Workbook
    • Request for Information Template
    • Request for Quotation Template

    2. Conduct the business case analysis

    Conduct a thorough assessment of the initiative in question. Define the alternatives under consideration, identify tangible and intangible benefits for each, aggregate the costs, and highlight any risks.

    • Reduce Time to Consensus With an Accelerated Business Case – Phase 2: Conduct the Business Case Analysis

    3. Make the case

    Finalize the recommendation based on the analysis and create a business case presentation to frame the conversation for key stakeholders.

    • Reduce Time to Consensus With an Accelerated Business Case – Phase 3: Make the Case
    • Full-Form Business Case Presentation Template
    • Summary Business Case Presentation Template
    • Business Case Change Log
    • Business Case Close-Out Form
    [infographic]

    Workshop: Reduce Time to Consensus With an Accelerated Business Case

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Plan for Business Case Development

    The Purpose

    Complete the necessary preceding tasks to building a strong business case.

    Key Benefits Achieved

    Alignment with business objectives.

    Stakeholder buy-in.

    Activities

    1.1 Map the decision flow in your organization.

    1.2 Define the proposed initiative.

    1.3 Define the problem/opportunity statement.

    1.4 Clarify goals and objectives expected from the initiative.

    Outputs

    Decision traceability

    Initiative summary

    Problem/opportunity statement

    Business objectives

    2 Build the Business Case Model

    The Purpose

    Put together the key elements of the business case including alternatives, benefits, and costs.

    Key Benefits Achieved

    Rationalize the business case.

    Activities

    2.1 Design viable alternatives.

    2.2 Identify the tangible and intangible benefits.

    2.3 Assess current and future costs.

    2.4 Create the financial business case model.

    Outputs

    Shortlisted alternatives

    Benefits tracking model

    Total cost of ownership

    Impact analysis

    3 Enhance the Business Case

    The Purpose

    Determine more integral factors in the business case such as ramp-up time for benefits realization as well as risk assessment.

    Key Benefits Achieved

    Complete a comprehensive case.

    Activities

    3.1 Determine ramp-up times for costs and benefits.

    3.2 Identify performance measures and tracking.

    3.3 Assess initiative risk.

    Outputs

    Benefits realization schedule

    Performance tracking framework

    Risk register

    4 Prepare the Business Case

    The Purpose

    Finalize the recommendation and formulate the business case summary and presentation.

    Key Benefits Achieved

    Prepare the business case presentation.

    Activities

    4.1 Choose the alternative to be recommended.

    4.2 Create the detailed and summary business case presentations.

    4.3 Present and incorporate feedback.

    4.4 Monitor and close out.

    Outputs

    Final recommendation

    Business case presentation

    Final sign-off

    Info-Tech Quarterly Research Agenda Outcomes Q2-Q3 2023

    • Buy Link or Shortcode: {j2store}297|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy

    At Info-Tech, we take pride in our research and have established the most rigorous publication standards in the industry. However, we understand that engaging with all our analysts to gauge the future may not always be possible. Hence, we have curated some compelling recently published research along with forthcoming research insights to assist you in navigating the next quarter.

    Our Advice

    Critical Insight

    We offer a quarterly Research Agenda Outcomes deck that thoroughly summarizes our recently published research, supplying decision makers with valuable insights and best practices to make informed and effective decisions. Our research is supported by our team of seasoned analysts with decades of experience in the IT industry.

    By leveraging our research, you can stay updated with the latest trends and technologies, giving you an edge over the competition and ensuring the optimal performance of your IT department. This way, you can make confident decisions that lead to remarkable success and improved outcomes.

    Impact and Result

    • Enhance preparedness for future market trends and developments: Keep up to date with the newest trends and advancements in the IT sector to be better prepared for the future.
    • Enhance your decision making: Acquire valuable information and insights to make better-informed, confident decisions.
    • Promote innovation: Foster creativity, explore novel perspectives, drive innovation, and create new products or services.

    Info-Tech Quarterly Research Agenda Outcomes Q2/Q3 2023 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Info-Tech Quarterly Research Agenda Q3 2023 Deck – An overview of our Research Agenda Outcome for Q2 and Q3 of 2023.

    A guide to our top research published to date for 2023 (Q2/Q3).

    • Info-Tech Quarterly Research Agenda Outcomes for Q2/Q3 2023
    [infographic]

    Further reading

    Featured Research Projects 2023 (Q2/Q3)

    “Here are my selections for the top research projects of the last quarter.”

    Photo of Gord Harrison, Head of Research & Advisory, Info-Tech Research Group.

    Gord Harrison
    Head of Research & Advisory
    Info-Tech Research Group

    CIO

    01
    Build Your Generative AI Roadmap

    Generative AI is here, and it's time to find its best uses – systematically and responsibly.

    02
    CIO Priorities 2023

    Engage cross-functional leadership to seize opportunity while protecting the organization from volatility.

    03
    Build an IT Risk Taxonomy

    If integrated risk is your destination, your IT risk taxonomy is the road to get you there.

    04
    Navigate the Digital ID Ecosystem to Enhance Customer Experience

    Beyond the hype: How it can help you become more customer-focused?

    05
    Effective IT Communications

    Generative AI is here, and it's time to find its best uses – systematically and responsibly.

    06
    Develop a Targeted Flexible Work Program for IT

    Select flexible work options that balance organizational and employee needs to drive engagement and improve attraction and retention.

    07
    Effectively Manage CxO Relations

    Make relationship management a daily habit with a personalized action plan.

    08
    Establish High-Value IT Performance Dashboards and Metrics

    Spend less time struggling with visuals and more time communicating about what matters to your executives.

    Applications

    09
    Build Your Enterprise Application Implementation Playbook

    Your implementation doesn't start with technology but with an effective plan that the team can align on.

    10
    Develop Your Value-First Business Process Automation Strategy

    As you scale your business automations, focus on what matters most.

    11
    Manage Requirements in an Agile Environment

    Agile and requirements management are complementary, not competitors.

    Security

    12
    Assess Your Cybersecurity Insurance Policy

    Adapt to changes in the cyber insurance market.

    13
    Design and Implement a Business-Aligned Security Program

    Focus first on business value.

    Infrastructure & Operations

    14
    Automate IT Asset Data Collection

    Acquire and use discovery tools wisely to populate, update, and validate the data in your ITAM database.

    Industry | Retail

    15
    Leveraging AI to Create Meaningful Insights and Visibility in Retail

    AI prominence across the enterprise value chain.

    Industry | Education

    16
    Understand the Implications of Generative AI in Education

    Bans aren't the answer, but what is?

    Industry | Wholesale

    17
    Wholesale Industry Business Reference Architecture

    Business capability maps, value streams, and strategy maps for the wholesale industry.

    Industry | Retail Banking

    18
    Mainframe Modernization for Retail Banking

    A strategy for modernizing mainframe systems to meet the needs of modern retail banking.

    Industry | Utilities

    19
    Data Analytics Use Cases for Utilities

    Building upon the collective wisdom for the art of the possible.

    Build Your Generative AI Roadmap

    Generative AI is here, and it's time to find its best uses – systematically and responsibly.

    CIO
    Strategy & Governance

    Photo of Bill Wong, Principal Research Director, Info-Tech Research Group.

    Bill Wong
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Build Your Generative AI Roadmap' research.

    Sample of the 'Build Your Generative AI Roadmap' research.

    Logo for Info-Tech.

    CIO Priorities 2023

    Engage cross-functional leadership to seize opportunity while protecting the organization from volatility.

    CIO
    Strategy & Governance

    Photo of Brian Jackson, Principal Research Director, Info-Tech Research Group.

    Brian Jackson
    Principal Research Director

    Download this report or book an analyst call on this topic

    Sample of the 'CIO Priorities 2023' report.

    Sample of the 'CIO Priorities 2023' report.

    Logo for Info-Tech.

    Build an IT Risk Taxonomy

    If integrated risk is your destination, your IT risk taxonomy is the road to get you there.

    CIO
    Strategy & Governance

    Photo of Donna Bales, Principal Research Director, Info-Tech Research Group.

    Donna Bales
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Build an IT Risk Taxonomy' research.

    Sample of the 'Build an IT Risk Taxonomy' research.

    Logo for Info-Tech.

    Navigate the Digital ID Ecosystem to Enhance Customer Experience

    Beyond the hype: How it can help you become more customer-focused?

    CIO
    Strategy & Governance

    Photo of Manish Jain, Principal Research Director, Info-Tech Research Group.

    Manish Jain
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Navigate the Digital ID Ecosystem to Enhance Customer Experience' research.

    Sample of the 'Navigate the Digital ID Ecosystem to Enhance Customer Experience' research.

    Logo for Info-Tech.

    Effective IT Communications

    Empower IT employees to communicate well with any stakeholder across the organization.

    CIO
    People & Leadership

    Photo of Brittany Lutes, Research Director, Info-Tech Research Group.

    Brittany Lutes
    Research Director

    Photo of Diana MacPherson, Senior Research Analyst, Info-Tech Research Group.

    Diana MacPherson
    Senior Research Analyst

    Download this research or book an analyst call on this topic

    Effective IT Communications' research.

    Sample of the 'Effective IT Communications' research.

    Logo for Info-Tech.

    Develop a Targeted Flexible Work Program for IT

    Select flexible work options that balance organizational and employee needs to drive engagement and improve attraction and retention.

    CIO
    People & Leadership

    Photo of Jane Kouptsova, Research Director, Info-Tech Research Group.

    Jane Kouptsova
    Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Develop a Targeted Flexible Work Program for IT' research.

    Sample of the 'Develop a Targeted Flexible Work Program for IT' research.

    Logo for Info-Tech.

    Effectively Manage CxO Relations

    Make relationship management a daily habit with a personalized action plan.

    CIO
    Value & Performance

    Photo of Mike Tweedle, Practice Lead, Info-Tech Research Group.

    Mike Tweedle
    Practice Lead

    Download this research or book an analyst call on this topic

    Sample of the 'Effectively Manage CxO Relations' research.

    Sample of the 'Effectively Manage CxO Relations' research.

    Logo for Info-Tech.

    Establish High-Value IT Performance Dashboards and Metrics

    Spend less time struggling with visuals and more time communicating about what matters to your executives.

    CIO
    Value & Performance

    Photo of Diana MacPherson, Senior Research Analyst, Info-Tech Research Group.

    Diana MacPherson
    Senior Research Analyst

    Download this research or book an analyst call on this topic

    Sample of the 'Establish High-Value IT Performance Dashboards and Metrics' research.

    Sample of the 'Establish High-Value IT Performance Dashboards and Metrics' research.

    Logo for Info-Tech.

    Build Your Enterprise Application Implementation Playbook

    Your implementation doesn't start with technology but with an effective plan that the team can align on.

    Applications
    Business Processes

    Photo of Ricardo de Oliveira, Research Director, Info-Tech Research Group.

    Ricardo de Oliveira
    Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Build Your Enterprise Application Implementation Playbook' research.

    Sample of the 'Build Your Enterprise Application Implementation Playbook' research.

    Logo for Info-Tech.

    Develop Your Value-First Business Process Automation Strategy

    As you scale your business automations, focus on what matters most.

    Applications
    Business Processes

    Photo of Andrew Kum-Seun, Research Director, Info-Tech Research Group.

    Andrew Kum-Seun
    Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Develop Your Value-First Business Process Automation Strategy' research.

    Sample of the 'Develop Your Value-First Business Process Automation Strategy' research.

    Logo for Info-Tech.

    Manage Requirements in an Agile Environment

    Agile and requirements management are complementary, not competitors.

    Applications
    Application Development

    Photo of Vincent Mirabelli, Principal Research Director, Info-Tech Research Group.

    Vincent Mirabelli
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Manage Requirements in an Agile Environment' research.

    Sample of the 'Manage Requirements in an Agile Environment' research.

    Logo for Info-Tech.

    Assess Your Cybersecurity Insurance Policy

    Adapt to changes in the cyber insurance market.

    Security
    Security Risk, Strategy & Governance

    Photo of Logan Rohde, Senior Research Analyst, Info-Tech Research Group.

    Logan Rohde
    Senior Research Analyst

    Download this research or book an analyst call on this topic

    Sample of the 'Assess Your Cybersecurity Insurance Policy' research.

    Sample of the 'Assess Your Cybersecurity Insurance Policy' research.

    Logo for Info-Tech.

    Design and Implement a Business-Aligned Security Program

    Focus first on business value.

    Security
    Security Risk, Strategy & Governance

    Photo of Michel Hébert, Research Director, Info-Tech Research Group.

    Michel Hébert
    Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Design and Implement a Business-Aligned Security Program' research.

    Sample of the 'Design and Implement a Business-Aligned Security Program' research.

    Logo for Info-Tech.

    Automate IT Asset Data Collection

    Acquire and use discovery tools wisely to populate, update, and validate the data in your ITAM database.

    Infrastructure & Operations
    I&O Process Management

    Photo of Andrew Sharp, Research Director, Info-Tech Research Group.

    Andrew Sharp
    Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Automate IT Asset Data Collection' research.

    Sample of the 'Automate IT Asset Data Collection' research.

    Logo for Info-Tech.

    Leveraging AI to Create Meaningful Insights and Visibility in Retail

    AI prominence across the enterprise value chain.

    Industry Coverage
    Retail

    Photo of Rahul Jaiswal, Principal Research Director, Info-Tech Research Group.

    Rahul Jaiswal
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Leveraging AI to Create Meaningful Insights and Visibility in Retail' research.

    Sample of the 'Leveraging AI to Create Meaningful Insights and Visibility in Retail' research.

    Logo for Info-Tech.

    Understand the Implications of Generative AI in Education

    Bans aren't the answer, but what is?

    Industry Coverage
    Education

    Photo of Mark Maby, Research Director, Info-Tech Research Group.

    Mark Maby
    Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Understand the Implications of Generative AI in Education' research.

    Sample of the 'Understand the Implications of Generative AI in Education' research.

    Logo for Info-Tech.

    Wholesale Industry Business Reference Architecture

    Business capability maps, value streams, and strategy maps for the wholesale industry.

    Industry Coverage
    Wholesale

    Photo of Rahul Jaiswal, Principal Research Director, Info-Tech Research Group.

    Rahul Jaiswal
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Wholesale Industry Business Reference Architecture' research.

    Sample of the 'Wholesale Industry Business Reference Architecture' research.

    Logo for Info-Tech.

    Mainframe Modernization for Retail Banking

    A strategy for modernizing mainframe systems to meet the needs of modern retail banking.

    Industry Coverage
    Retail Banking

    Photo of David Tomljenovic, Principal Research Director, Info-Tech Research Group.

    David Tomljenovic
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Mainframe Modernization for Retail Banking' research.

    Sample of the 'Mainframe Modernization for Retail Banking' research.

    Logo for Info-Tech.

    Data Analytics Use Cases for Utilities

    Building upon the collective wisdom for the art of the possible.

    Industry Coverage
    Utilities

    Photo of Jing Wu, Principal Research Director, Info-Tech Research Group.

    Jing Wu
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Data Analytics Use Cases for Utilities' research.

    Sample of the 'Data Analytics Use Cases for Utilities' research.

    Sneak Peaks: Research coming in next quarter!

    “Next quarter we have a big lineup of reports and some great new research!”

    Photo of Gord Harrison, Head of Research & Advisory, Info-Tech Research Group.

    Gord Harrison
    Head of Research & Advisory
    Info-Tech Research Group

    1. Build MLOps and Engineering for AI and ML

      Enabling you to develop your Engineering and ML Operations to support your current & planned use cases for AI and ML.

    2. Leverage Gen AI to Improve Your Test Automation Strategy

      Enabling you to embed Gen AI to assist your team during testing broader than Gen AI compiling code.

    3. Make Your IT Financial Data Accessible, Reliable, and Usable

      This project will provide a recipe for bringing IT's financial data to a usable state through a series of discovery, standardization, and policy-setting actions.

    4. Implement Integrated AI Governance

      Enabling you to implement best-practice governance principles when implementing Gen AI.

    5. Develop Exponential IT Capabilities

      Enabling you to understand and develop your strategic Exponential IT capabilities.

    6. Build Your AI Strategy and Roadmap

      This project will provide step-by-step guidance in development of your AI strategy with an AI strategy exemplar.

    7. Priorities for Data Leaders in 2024 and Beyond

      This report will detail the top five challenges expected in the upcoming year and how you as the CDAO can tackle them.

    8. Deploy AIOps More Effectively

      This research is designed to assess the process maturity of your IT operations and help identify pain pains and opportunities for AI deployment within your IT operations.

    9. Design Your Edge Computing Architecture

      This research will provide deployment guidelines and roadmap to address your edge computing needs.

    10. Manage Change in the AI-Enabled Enterprise

      Managing change is complex with the disruptive nature of emerging tech like AI. This research will assist you from an organizational change perspective.

    11. Assess the Security and Privacy Impacts of Your AI Vendors

      This research will allow you to enhance transparency, improve risk management, and ensure the security and privacy of data when working with AI vendors.

    12. Prepare Your Board for AI Disruption

      This research will arm you with tools to educate your board on the impact of Gen AI, addressing the potential risks and the potential benefits.

    Info-Tech Research Leadership Team

    “We have a world-class team of experts focused on providing practical, cutting-edge IT research and advice.”

    Photo of Gord Harrison, Head of Research & Advisory, Info-Tech Research Group.

    Gord Harrison
    Head of Research & Advisory
    Info-Tech Research Group

    Photo of Jack Hakimian, Senior Vice President, Research Development, Info-Tech Research Group.

    Jack Hakimian
    Senior Vice President
    Research Development

    Photo of Aaron Shum, Vice President, Security & Privacy Research, Info-Tech Research Group.

    Aaron Shum
    Vice President
    Security & Privacy Research

    Photo of Larry Fretz, Vice President, Industry Research, Info-Tech Research Group.

    Larry Fretz
    Vice President
    Industry Research

    Photo of Mark Tauschek, Vice President, Research Fellowships, Info-Tech Research Group.

    Mark Tauschek
    Vice President
    Research Fellowships

    Photo of Tom Zehren, Chief Product Officer, Info-Tech Research Group.

    Tom Zehren
    Chief Product Officer

    Photo of Rick Pittman, Vice President, Advisory Quality & Delivery, Info-Tech Research Group.

    Rick Pittman
    Vice President
    Advisory Quality & Delivery

    Photo of Nora Fisher, Vice President, Shared Services, Info-Tech Research Group.

    Nora Fisher
    Vice President
    Shared Services

    Photo of Becca Mackey, Vice President, Workshops, Info-Tech Research Group.

    Becca Mackey
    Vice President
    Workshops

    Photo of Geoff Nielson, Senior Vice President, Global Services & Delivery, Info-Tech Research Group.

    Geoff Nielson
    Senior Vice President
    Global Services & Delivery

    Photo of Brett Rugroden, Senior Vice President, Global Market Programs, Info-Tech Research Group.

    Brett Rugroden
    Senior Vice President
    Global Market Programs

    Photo of Hannes Scheidegger, Senior Vice President, Global Public Sector, Info-Tech Research Group.

    Hannes Scheidegger
    Senior Vice President
    Global Public Sector

    About Info-Tech Research Group

    Info-Tech Research Group produces unbiased and highly relevant research to help leaders make strategic, timely, and well-informed decisions. We partner closely with your teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for the organization.

    Sample of the IT Management & Governance Framework.

    Drive Measurable Results

    Our world-class leadership team is continually focused on building disruptive research and products that drive measurable results and save money.

    Info-Tech logo.

    Better Research Than Anyone

    Our team of experts is composed of the optimal mix of former CIOs, CISOs, PMOs, and other IT leaders and IT and management consultants as well as academic researchers and statisticians.

    Dramatically Outperform Your Peers

    Leverage Industry Best Practices

    We enable over 30,000 members to share their insights and best practices that you can use by having direct access to over 100 analysts as an extension of your team.

    Become an Info-Tech influencer:

    • Help shape our research by talking with our analysts.
    • Discuss the challenges, insights, and opportunities in your chosen areas.
    • Suggest new topic ideas for upcoming research cycles.

    Contact
    Jack Hakimian
    jhakimian@infotech.com

    We interview hundreds of experts and practitioners to help ensure our research is practical and focused on key member challenges.

    Why participate in expert interviews?

    • Discuss market trends and stay up to date.
    • Influence Info-Tech's research direction with your practical experience.
    • Preview our analysts' perspectives and preliminary research.
    • Build on your reputation as a thought leader and research contributor.
    • See your topic idea transformed into practical research.

    Thank you!

    Join us at our webinars to discuss more topics.

    For information on Info-Tech's products and services and to participate in our research process, please contact:

    Jack Hakimian
    jhakimian@infotech.com

    Build a Vendor Security Assessment Service

    • Buy Link or Shortcode: {j2store}318|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $17,501 Average $ Saved
    • member rating average days saved: 17 Average Days Saved
    • Parent Category Name: Threat Intelligence & Incident Response
    • Parent Category Link: /threat-intelligence-incident-response
    • Vendor security risk management is a growing concern for many organizations. Whether suppliers or business partners, we often trust them with our most sensitive data and processes.
    • More and more regulations require vendor security risk management, and regulator expectations in this area are growing.
    • However, traditional approaches to vendor security assessments are seen by business partners and vendors as too onerous and are unsustainable for information security departments.

    Our Advice

    Critical Insight

    • An efficient and effective assessment process can only be achieved when all stakeholders are participating.
    • Security assessments are time-consuming for both you and your vendors. Maximize the returns on your effort with a risk-based approach.
    • Effective vendor security risk management is an end-to-end process that includes assessment, risk mitigation, and periodic re-assessments.

    Impact and Result

    • Develop an end-to-end security risk management process that includes assessments, risk treatment through contracts and monitoring, and periodic re-assessments.
    • Base your vendor assessments on the actual risks to your organization to ensure that your vendors are committed to the process and you have the internal resources to fully evaluate assessment results.
    • Understand your stakeholder needs and goals to foster support for vendor security risk management efforts.

    Build a Vendor Security Assessment Service Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a vendor security assessment service, review Info-Tech’s methodology, and understand the three ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define governance and process

    Determine your business requirements and build your process to meet them.

    • Build a Vendor Security Assessment Service – Phase 1: Define Governance and Process
    • Vendor Security Policy Template
    • Vendor Security Process Template
    • Vendor Security Process Diagram (Visio)
    • Vendor Security Process Diagram (PDF)

    2. Develop assessment methodology

    Develop the specific procedures and tools required to assess vendor risk.

    • Build a Vendor Security Assessment Service – Phase 2: Develop Assessment Methodology
    • Service Risk Assessment Questionnaire
    • Vendor Security Questionnaire
    • Vendor Security Assessment Inventory

    3. Deploy and monitor process

    Implement the process and develop metrics to measure effectiveness.

    • Build a Vendor Security Assessment Service – Phase 3: Deploy and Monitor Process
    • Vendor Security Requirements Template
    [infographic]

    Workshop: Build a Vendor Security Assessment Service

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Governance and Process

    The Purpose

    Understand business and compliance requirements.

    Identify roles and responsibilities.

    Define the process.

    Key Benefits Achieved

    Understanding of key goals for process outcomes.

    Documented service that leverages existing processes.

    Activities

    1.1 Review current processes and pain points.

    1.2 Identify key stakeholders.

    1.3 Define policy.

    1.4 Develop process.

    Outputs

    RACI Matrix

    Vendor Security Policy

    Defined process

    2 Define Methodology

    The Purpose

    Determine methodology for assessing procurement risk.

    Develop procedures for performing vendor security assessments.

    Key Benefits Achieved

    Standardized, repeatable methodologies for supply chain security risk assessment.

    Activities

    2.1 Identify organizational security risk tolerance.

    2.2 Develop risk treatment action plans.

    2.3 Define schedule for re-assessments.

    2.4 Develop methodology for assessing service risk.

    Outputs

    Security risk tolerance statement

    Risk treatment matrix

    Service Risk Questionnaire

    3 Continue Methodology

    The Purpose

    Develop procedures for performing vendor security assessments.

    Establish vendor inventory.

    Key Benefits Achieved

    Standardized, repeatable methodologies for supply chain security risk assessment.

    Activities

    3.1 Develop vendor security questionnaire.

    3.2 Define procedures for vendor security assessments.

    3.3 Customize the vendor security inventory.

    Outputs

    Vendor security questionnaire

    Vendor security inventory

    4 Deploy Process

    The Purpose

    Define risk treatment actions.

    Deploy the process.

    Monitor the process.

    Key Benefits Achieved

    Understanding of how to treat different risks according to the risk tolerance.

    Defined implementation strategy.

    Activities

    4.1 Define risk treatment action plans.

    4.2 Develop implementation strategy.

    4.3 Identify process metrics.

    Outputs

    Vendor security requirements

    Understanding of required implementation plans

    Metrics inventory

    Improve your core processes

    Improve your core processes

    We have over 45 fully detailed
    and interconnected process guides
    for you to improve your operations

    Managing and improving your processes is key to attaining commercial success

    Our practical guides help you to improve your operations

    We have hundreds of practical guides, grouped in many processes in our model. You may not need all of them. I suggest you browse within the belo top-level categories below and choose where to focus your attention. And with Tymans Group's help, you can go one process area at a time.

    If you want help deciding, please use the contact options below or click here.

    Check out our guides

    Our research and guides are priced from €299,00

    • Gert Taeymans Guidance

      Tymans Group Guidance & Consulting

      Tymans Group guidance and (online) consulting using both established and forward-looking research and field experience in our management domains.

      Contact

    • Tymans Group
      & Info-Tech
      Combo

      Get both inputs, all of the Info-tech research (with cashback rebate), and Tymans Group's guidance.

      Contact

    • Info-Tech Research

      Info-Tech offers a vast knowledge body, workshops, and guided implementations. You can buy Info-Tech memberships here at Tymans Group with cashback, reducing your actual outlay.

      Contact

    Register to read more …

    Find Value With Cloud Asset Management

    • Buy Link or Shortcode: {j2store}61|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Asset Management
    • Parent Category Link: /asset-management
    • Spending on cloud platforms and software-as-a-service (SaaS) is growing, and with spending comes waste.
    • The barriers are drastically lower for purchasing SaaS and cloud services as compared to traditional IT components.
    • Skills gap: IT asset managers tend not to have the skills to optimize spending on cloud platforms.
    • New space, new tools: The IT asset management market space is still developing cloud asset management and SaaS management capabilities. Practitioners must rely on cloud optimization tools in the meantime.

    Our Advice

    Critical Insight

    • IT asset managers are uniquely suited to provide value here. They already optimize costs and manage assets.
    • Scope creep is a killer. Focus first on your highest value, highest risk cloud instances.
    • Don’t completely centralize. Central oversight is powerful, but outsource some responsibility to the business.

    Impact and Result

    • Introduce governance: Work with developers, power business users, and infrastructure groups to define a governance approach to cloud assets and to SaaS.
    • Standardize high-impact, low-effort cloud services: Focus your efforts where they will have the most value and in places where you can provide early value.
    • Update your processes: Ensure that your asset registers and your configuration management database is up to date when cloud assets are provisioned and quiesced.

    Find Value With Cloud Asset Management Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement IT asset management for cloud instances and SaaS, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define cloud asset management

    Define when a cloud instance is an asset, and what it means for the asset to be managed.

    • Find Value With Cloud Asset Management – Phase 1: Define Cloud Asset Management
    • Cloud Asset Management Standard Operating Procedures
    • Cloud Instance Provisioning Standards Checklist

    2. Build cloud asset management practices

    Develop an approach to auditing and optimizing cloud assets.

    • Find Value With Cloud Asset Management – Phase 2: Build Cloud Asset Management Practices
    • Cloud Asset Management Policy
    • Monthly Cloud Asset Optimization Checklist
    • Strategic Infrastructure Roadmap Tool
    [infographic]

    Reduce Risk With Rock-Solid Service-Level Agreements

    • Buy Link or Shortcode: {j2store}365|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management

    Organizations can struggle to understand what service-level agreements (SLAs) are required and how they can differ depending on the service type. In addition, these other challenges can also cloud an organization’s knowledge of SLAs:

    • No standardized SLAs documents, service levels, or metrics
    • Dealing with lost productivity and revenue due to persistent downtime
    • Not understanding SLAs components and what service levels are required for a particular service
    • How to manage the SLA and hold the vendor accountable

    Our Advice

    Critical Insight

    SLAs need to have clear, easy-to-measure objectives, to meet expectations and service level requirements, including meaningful reporting and remedies to hold the provider accountable to its obligations.

    Impact and Result

    This project will provide several benefits and learnings for almost all IT workers:

    • Better understanding of an SLA framework and required SLA elements
    • Standardized service levels and metrics aligned to the organization’s requirements
    • Reduced time in reviewing, evaluating, and managing service provider SLAs

    Reduce Risk With Rock-Solid Service-Level Agreements Research & Tools

    Start here – Read our Executive Brief

    Understand how to resolve your challenges with SLAs and their components and ensuring adequate metrics. Learn how to create meaningful SLAs that meet your requirements and manage them effectively.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand SLA elements – Understand the elements of SLAs, service types, service levels, metrics/KPIs, monitoring, and reporting

    • SLA Checklist
    • SLA Evaluation Tool

    2. Create requirements – Create your own SLA criteria and templates that meet your organization’s requirements

    • SLA Template & Metrics Reference Guide

    3. Manage obligations – Learn the SLA Management Framework to track providers’ performance and adherence to their commitments.

    • SLO Tracker & Trending Tool

    Infographic

    Workshop: Reduce Risk With Rock-Solid Service-Level Agreements

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand the Elements of SLAs

    The Purpose

    Understand key components and elements of an SLA.

    Key Benefits Achieved

    Properly evaluate an SLA for required elements.

    Activities

    1.1 SLA overview, objectives, SLA types, service levels

    1.2 SLA elements and objectives

    1.3 SLA components: monitoring, reporting, and remedies

    1.4 SLA checklist review

    Outputs

    SLA Checklist 

    Evaluation Process

    SLA Checklist

    Evaluation Process

    SLA Checklist

    Evaluation Process

    SLA Checklist

    Evaluation Process

    2 Create SLA Criteria and Management Framework

    The Purpose

    Apply knowledge of SLA elements to create internal SLA requirements.

    Key Benefits Achieved

    Templated SLAs that meet requirements.

    Framework to manage SLOs.

    Activities

    2.1 Creating SLA criteria and requirements

    2.2 SLA templates and policy

    2.3 SLA evaluation activity

    2.4 SLA Management Framework

    2.5 SLA monitoring, tracking, and remedy reconciliation

    Outputs

    Internal SLA Management Framework

    Evaluation of current SLAs

    SLA tracking and trending

    Internal SLA Management Framework

    Evaluation of current SLAs

    SLA tracking and trending

    Internal SLA Management Framework

    Evaluation of current SLAs

    SLA tracking and trending

    Internal SLA Management Framework

    Evaluation of current SLAs

    SLA tracking and trending

    Internal SLA Management Framework

    Evaluation of current SLAs

    SLA tracking and trending

    Further reading

    Reduce Risk With Rock-Solid Service-Level Agreements

    Hold Service Providers more accountable to their contractual obligations with meaningful SLA components & remedies

    EXECUTIVE BRIEF

    Analyst Perspective

    Reduce Risk With Rock-Solid Service-Level Agreements

    Every year organizations outsource more and more IT infrastructure to the cloud, and IT operations to managed service providers. This increase in outsourcing presents an increase in risk to the CIO to save on IT spend through outsourcing while maintaining required and expected service levels to internal customers and the organization. Ensuring that the service provider constantly meets their obligations so that the CIO can meet their obligation to the organization can be a constant challenge. This brings forth the importance of the Service Level Agreement.

    Research clearly indicates that there is a general lack of knowledge when comes to understanding the key elements of a Service Level Agreement (SLA). Even less understanding of the importance of the components of Service Levels and the Service Level Objectives (SLO) that service provider needs to meet so that the outsourced service consistently meets requirements of the organization. Most service providers are very good at providing the contracted service and they all are very good at presenting SLOs that are easy to meet with very few or no ramifications if they don’t meet their objectives. IT leaders need to be more resolute in only accepting SLOs that are meaningful to their requirements and have meaningful, proactive reporting and associated remedies to hold service providers accountable to their obligations.

    Ted Walker

    Principal Research Director, Vendor Practice

    Info-Tech Research Group

    Executive Brief

    Vendors provide service level commitments to customers in contracts to show a level of trust, performance, availability, security, and responsiveness in an effort create a sense of confidence that their service or platform will meet your organization’s requirements and expectations. Sifting through these promises can be challenging for many IT Leaders. Customers struggle to understand and evaluate what’s in the SLA – are they meaningful and protect your investment? Not understanding the details of SLAs applicable to various types of Service (SaaS, MSP, Service Desk, DR, ISP) can lead to financial and compliance risk for the organization as well as poor customer satisfaction.

    This project will provide IT leadership the knowledge & tools that will allow them to:

    • Understand what SLAs are and why they need them.
    • Develop standard SLAs that meet the organization’s requirements.
    • Negotiate meaningful remedies aligned to Service Levels metrics or KPIs.
    • Create SLA monitoring & reporting and remedies requirements to hold the provider accountable.

    This research:

    1. Is designed for:
    • The CIO or CFO who needs to better understand their provider’s SLAs.
    • The CIO or BU that could benefit from improved service levels.
    • Vendor management who needs to standardize SLAs for the organization IT leadership that needs consistent service levels to the business
    • The contract manager who needs a better understanding of contact SLAs
  • Will help you:
    • Understand what a Service Level Agreement is and what it’s for
    • Learn what the components are of an SLA and why you need them
    • Create a checklist of required SLA elements for your organization
    • Develop standard SLA template requirements for various service types
    • Learn the importance of SLA management to hold providers accountable
  • Will also assist:
    • Vendor management
    • Procurement and sourcing
    • Organizations that need to understand SLAs within contract language
    • With creating standardized monitoring & reporting requirements
    • Organizations get better position remedies & credits to hold vendors accountable to their commitments

    • Reduce Risk With Rock-Solid Service-Level Agreements (SLAs)

    Hold service providers more accountable to their contractual obligations with meaningful SLA components and remedies

    The Problem

    IT Leadership doesn't know how to evaluate an SLA.

    Misunderstanding of obligations given the type of service provided (SAAS, IAAS, DR/BCP, Service Desk)

    Expectations not being met, leading to poor service from the provider.

    No way to hold provider accountable.

    Why it matters

    SLAS are designed to ensure that outsourced IT services meet the requirements and expectations of the organization. Well-written SLAs with all the required elements, metrics, and remedies will allow IT departments to provide the service levels to their customer and avoid financial and contractual risk to the organization.

    The Solution

    1. Understand the key service elements within an SLA
    • Develop a solid understanding of the key elements within an SLA and why they're important.
  • Establish requirements to create SLA criteria
    • Prioritize contractual services and establish concise SLA checklists and performance metrics.
  • Manage SLA obligations to ensure commitments are met
    • Review the five steps for effective SLA management to track provider performance and deal with chronic issues.

    • Service types

    • Availability/Uptime
    • Response Times
    • Resolution Time
    • Accuracy
    • First-Call Resolution

    Agreement Types

    • SaaS/IaaS
    • Service Desk
    • MSP
    • Co-Location
    • DR/BCP
    • Security Ops

    Performance Metrics

    • Reporting
    • Remedies & Credits
    • Monitoring
    • Exclusion

    Example SaaS Provider

    • Response Times ✓
    • Availability/Uptime ✓
    • Resolution Time ✓
    • Update Times ✓
    • Coverage Time ✓
    • Monitoring ✓
    • Reporting ✓
    • Remedies/Credits ✓

    SLA Management Framework

    1. SLO Monitoring
    • SLOs must be monitored by the provider, otherwise they can't be measured.
  • Concise Reporting
    • This is the key element for the provider to validate their performance.
  • Attainment Tracking
    • Capturing SLO metric attainment provides performance trending for each provider.
  • Score carding
    • Tracking details provide input into overall vendor performance ratings.
  • Remedy Reconciliation
    • From SLO tracking, missed SLOs and associated credits needs to be actioned and consumed.

    • Executive Summary

    Your Challenge

    To understand which SLAs are required for your organization and how they can differ depending on the service type. In addition, these other challenges can also cloud your knowledge of SLAs

    • No standardized SLA documents, Service levels, or metrics
    • Dealing with lost productivity & revenue due to persistent downtime
    • Understanding SLA components and what service levels are requires for a particular service
    • How to manage the SLA and hold the vendor accountable

    Common Obstacles

    There are several unknowns that SLA can present to different departments within the organization:

    • Little knowledge of what service levels are required
    • Not knowing SLO standards for a service type
    • Lack of resources to manage vendor obligations
    • Negotiating required metrics/KPIs with the provider
    • Low understanding of the risk that poor SLAs can present to the organization

    Info-Tech's Approach

    Info-Tech has a three-step approach to effective SLAs

    • Understand the elements of an SLA
    • Create Requirements for your organization
    • Manage the SLA obligations

    There are some basic components that every SLA should have – most don’t have half of what is required

    Info-Tech Insight

    SLAs need to have clear, easy to measure objectives to meet your expectations and service level requirements, including meaningful reporting and remedies to hold the provider accountable to their obligations.

    Your challenge

    This research is designed to help organizations gain a better understanding of what an SLA is, understand the importance of SLAs in IT contracts, and ensure organizations are provided with rock-solid SLAs that meet their requirements and not just what the vendor wants to provide.

    • Vendors can make SLAs weak and difficult to understand; sometimes the metrics are meaningless. Not fully understanding what makes up a good SLA can bring unknown risks to the organization.
    • Managing vendor SLA obligations effectively is important. Are adequate resources available? Does the vendor provide manual vs. automated processes and which do you need? Is the process proactive from the vendor or reactive from the customer?

    SLAs come in many variations and for many service types. Understanding what needs to be in them is one of the keys to reducing risk to your organization.

    “One of the biggest mistakes an IT leader can make is ignoring the ‘A’ in SLA,” adds Wendy M. Pfeiffer, CIO at Nutanix. “

    An agreement isn’t a one-sided declaration of IT capabilities, nor is it a one-sided demand of business requirements,” she says. “An agreement involves creating a shared understanding of desired service delivery and quality, calculating costs related to expectations, and then agreeing to outcomes in exchange for investment.” (15 SLA mistakes IT leaders still make | CIO)

    Common obstacles

    There are typically a lot of unknowns when it comes to SLAs and how to manage them.

    Most organizations don’t have a full understanding of what SLAs they require and how to ensure they are met by the vendor. Other obstacles that SLAs can present are:

    • Inadequate resources to create and manage SLAs
    • Poor awareness of standard or required SLA metrics/KPIs
    • Lack of knowledge about each provider’s commitment as well as your obligations
    • Low vendor willingness to provide or negotiate meaningful SLAs and credits
    • The know-how or resources to effectively monitor and manage the SLA’s performance

    SLAs need to address your requirements

    55% of businesses do not find all of their service desk metrics useful or valuable (Freshservice.com)

    27% of businesses spend four to seven hours a month collating metric reports (Freshservice.com)

    Executive Summary

    Info-Tech’s Approach

    • Understand the elements of an SLA
      • Availability
      • Monitoring
      • Response Times
      • SLO Calculation
      • Resolution Time
      • Reporting
      • Milestones
      • Exclusions
      • Accuracy
      • Remedies & Credits
    • Create standard SLA requirements and criteria
      • SLA Element Checklist
      • Corporate Requirements and Standards
      • SLA Templates and Policy
    • Effectively Manage the SLA Obligations
      • SLA Management Framework
        • SLO Monitoring
        • Concise Reporting
        • Attainment Tracking
        • Score Carding
        • Remedy Reconciliation

    Info-Tech’s three phase approach

    Reduce Risk With Rock-Solid Service-Level Agreements

    Phase 1

    Understand SLA Elements

    Phase Content:

    • 1.1 What are SLAs, types of SLAs, and why are they needed?
    • 1.2 Elements of an SLA
    • 1.3 Obligation management monitoring, Reporting requirements
    • 1.4 Exclusions
    • 1.5 SLAs vs. SLOs vs. SLIs

    Outcome:

    This phase will present you with an understanding of the elements of an SLA: What they are, why you need them, and how to validate them.

    Phase 2

    Create Requirements

    Phase Content:

    • 2.1 Create a list of your SLA criteria
    • 2.2 Develop SLA policy & templates
    • 2.3 Create a negotiation strategy
    • 2.4 SLA Overachieving discussion

    Outcome:

    This phase will leverage knowledge gained in Phase 1 and guide you through the creation of SLA requirements, criteria, and templates to ensure that providers meet the service level obligations needed for various service types to meet your organization’s service expectations.

    Phase 3

    Manage Obligations

    Phase Content:

    • 3.1 SLA Monitoring, Tracking
    • 3.2 Reporting
    • 3.3 Vendor SLA Reviews & Optimizing
    • 3.4 Performance management

    Outcome:

    This phase will provide you with an SLA management framework and the best practices that will allow you to effectively manage service providers and their SLA obligations.

    Insight summary

    Overarching insight

    SLAs need to have clear, easy-to-measure objectives to meet your expectations and service level requirements, including meaningful reporting and remedies to hold the provider accountable to their obligations.

    Phase 1 insight

    Not understanding the required elements of an SLA and not having meaningful remedies to hold service providers accountable to their obligations can present several risk factors to your organization.

    Phase 2 insight

    Creating standard SLA criteria for your organization’s service providers will ensure consistent service levels for your business units and customers.

    Phase 3 insight

    SLAs can have appropriate SLOs and remedies but without effective management processes they could become meaningless.

    Tactical insight

    Be sure to set SLAs that are easily measurable from regularly accessible data and that are straight forward to interpret.

    Tactical insight

    Beware of low, easy to attain service levels and metrics/KPIs. Service levels need to meet your expectations and needs not the vendor’s.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    SLA Tracker & Trending Tool

    Track the provider’s SLO attainment and see how their performance is trending over time

    SLA Evaluation Tool

    Evaluate SLA service levels, metrics, credit values, reporting, and other elements

    SLA Template & Metrics Reference Guide

    Reference guide for typical SLA metrics with a generic SLA Template

    Service-Level Agreement Checklist

    Complete SLA component checklist for core SLA and contractual elements.

    Key deliverable:

    Service-Level Agreement Evaluation Tool

    Evaluate each component of the SLA , including service levels, metrics, credit values, reporting, and processes to meet your requirements

    Blueprint objectives

    Understand the components of an SLA and effectively manage their obligations

    • To provide an understanding of different types of SLAs, their required elements, and what they mean to your organization. How to identify meaningful service levels based on service types. We will break down the elements of the SLA such as service types and define service levels such as response times, availability, accuracy, and associated metrics or KPIs to ensure they are concise and easy to measure.
    • To show how important it is that all metrics have remedies to hold the service provider accountable to their SLA obligations.

    Once you have this knowledge you will be able to create and negotiate SLA requirements to meet your organization’s needs and then manage them effectively throughout the term of the agreement.

    InfoTech Insight:

    Right-size your requirements and create your SLO criteria based on risk mitigation and create measurements that motivate the desired behavior from the SLA.

    Blueprint benefits

    IT Benefits

    • An understanding of standard SLA service levels and metrics
    • Reduced financial risk through clear and concise easy-to-measure metrics and KPIs
    • Improved SLA commitments from the service provider
    • Meaningful reporting and remedies to hold the provider accountable
    • Service levels and metrics that meet your requirements to support your customers

    Business Benefits

    • Better understanding of an SLA framework and required SLA elements
    • Improved vendor performance
    • Standardized service levels and metrics aligned to your organization’s requirements
    • Reduced time in reviewing and comprehending vendor SLAs
    • Consistent performance from your service providers

    Measure the value of this blueprint

    1. Dollars Saved
    • Improved performance from your service provider
    • Reduced financial risk through meaningful service levels & remedies
    • Dollars gained through:
      • Reconciled credits from obligation tracking and management
      • Savings due to automated processes
  • Time Saved
    • Reduced time in creating effective SLAs through requirement templates
    • Time spent tracking and managing SLA obligations
    • Reduced negotiation time
    • Time spent tracking and reconciling credits
  • Knowledge Gained
    • Understanding of SLA elements, service levels, service types, reporting, and remedies
    • Standard metrics and KPIs required for various service types and levels
    • How to effectively manage the service provider obligations
    • Tactics to negotiate appropriate service levels to meet your requirements

    • Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way wound help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between three to six calls over the course of two to three months.

    Phase 1 - Understand

    • Call #1: Scope requirements, objectives, and your specific SLA challenges

    Phase 2 - Create Requirements

    • Call #2: Review key SLA and how to identify them
    • Call #3: Deep dive into SLA elements and why you need them
    • Call #4: Review your service types and SLA criteria
    • Call #5: Create internal SLA requirements and templates

    Phase 3 - Management

    • Call #6: Review SLA Management Framework
    • Call #7: Review and create SLA Reporting and Tracking

    Workshop Overview

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Day 1 Day 2
    Understanding SLAs SLA Templating & Management
    Activities

    1.1 SLA overview, objectives, SLA types, service levels

    1.2 SLA elements and objectives

    1.3 SLA components – monitoring, reporting, remedies

    1.4 SLA Checklist review

    2.1 Creating SLA criteria and requirements

    2.2 SLA policy & template

    2.3 SLA evaluation activity

    2.4 SLA management framework

    2.5 SLA monitoring, tracking, remedy reconciliation

    Deliverables
    1. SLA Checklist
    2. SLA policy & template creation
    3. SLA management gap analysis
    1. Evaluation of current SLAs
    2. SLA tracking and trending
    3. Create internal SLA management framework

    Reduce Risk With Rock-Solid Service-Level Agreements

    Phase 1

    Phase 1

    Understand SLA Elements

    Phase Steps

    • 1.1 What are SLAs, the types of SLAs, and why are they needed?
    • 1.2 Elements of an SLA
    • 1.3 Obligation management monitoring, Reporting requirements
    • 1.4 Exclusions and exceptions
    • 1.5 SLAs vs. SLOs vs. SLIs

    Create Requirements

    Manage Obligations

    1.1 What are SLAs, the types of SLAs, and why are they needed?

    SLA Overview

    What is a Service Level Agreement?

    An SLA is an overarching contractual agreement between a service provider and a customer (can be external or internal) that describes the services that will be delivered by the provider. It describes the service levels and associated performance metrics and expectations, how the provider will show it has attained the SLAs, and defines any remedies or credits that would apply if the provider fails to meet its commitments. Some SLAs also include a change or revision process.

    SLAs come in a few forms. Some are unique, separate, standalone documents that define the service types and levels in more detail and is customized to your needs. Some are separate documents that apply to a service and are web posted or linked to an MSA or SSA. The most common is to have them embedded in, or as an appendix to an MSA or SSA. When negotiating an MSA it’s generally more effective to negotiate better service levels and metrics at the same time.

    Objectives of an SLA

    To be effective, SLAs need to have clearly described objectives that define the service type(s) that the service provider will perform, along with commitment to associated measurable metrics or KPIs that are sufficient to meet your expectations. The goal of these service levels and metrics is to ensure that the service provider is committed to providing the service that you require, and to allow you to maintain service levels to your customers whether internal or external.

    1.1 What are SLAs, the types of SLAs, and why are they needed?

    Key Elements of an SLA

    Principle service elements of an SLA

    There are several more common service-related elements of an SLA. These generally include:

    • The Agreement – the document that defines service levels and commitments.
    • The service types – the type of service being provided by the vendor. These can include SaaS, MSP, Service Desk, Telecom/network, PaaS, Co-Lo, BCP, etc.
    • The service levels – these are the measurable performance objectives of the SLA. They include availability (uptime), response times, restore times, priority level, accuracy level, resolution times, event prevention, completion time, etc.
    • Metrics/KPIs – These are the targets or commitments associated to the service level that the service provider is obligated to meet.
    • Other elements – Reporting requirements, monitoring, remedies/credit values and process.

    Contractual Construct Elements

    These are construct components of an SLA that outline their roles and responsibilities, T&Cs, escalation process, etc.

    In addition, there are several contractual-type elements including, but not limited to:

    • A statement regarding the purpose of the SLA.
    • A list of services being supplied (service types).
    • An in-depth description of how services will be provided and when.
    • Vendor and customer requirements.
    • Vendor and customer obligations.
    • Acknowledgment/acceptance of the SLA.
    • They also list each party’s responsibilities and how issues will be escalated and resolved.

    Common types of SLAs explained

    Service-level SLA

    • This service-level agreement construct is the Service-based SLA. This SLA covers an identified service for all customers in general (for example, if an IT service provider offers customer response times for a service to several customers). In a service-based agreement, the response times would be the same and apply to all customers using the service. Any customer using the service would be provided the same SLA – in this case the same defined response time.

    Customer-based SLA

    • A customer-based SLA is a unique agreement with one customer. The entire agreement is defined for one or all service levels provided to a particular customer (for example, you may use several services from one telecom vendor). The SLAs for these services would be covered in one contract between you and the vendor, creating a unique customer-based vendor agreement. Another scenario could be where a vendor offers general SLAs for its services but you negotiate a specific SLA for a particular service that is unique or exclusive to you. This would be a customer-based SLA as well.

    Multi-level SLA

    • This service-level agreement construct is the multi-level SLA. In a multi-level SLA, components are defined to the organizational levels of the customer with cascading coverage to sublevels of the organization. The SLA typically entails all services and is designed to the cover each sub-level or department within the organization. Sometimes the multi-level SLA is known as a master organization SLA as it cascades to several levels of the organization.

    InfoTech Insight: Beware of low, easy to attain Service levels and metrics/KPIs. Service levels need to meet your requirements, expectations, and needs not the vendor’s.

    1.2 Elements of SLA-objectives, service types, and service levels

    Objectives of Service Levels

    The objective of the service levels and service credits are to:

    • Ensure that the services are of a consistently high quality and meet the requirements of the customer
    • Provide a mechanism whereby the customer can attain meaningful recognition of the vendors failure to deliver the level of service for which it was contracted to deliver
    • Incentivize the vendor or service provider to comply with and to expeditiously provide a remedy for any failure to attain the service levels committed to in the SLA
    • To ensure that the service provider fulfills the defined objectives of the outsourced service

    Service types

    There are several service types that can be part of an SLA. Service types are the different nature of services associated with the SLA that the provider is performing and being measured against. These can include:

    Service Desk, SaaS, PaaS, IaaS, ISP/Telecom/Network MSP, DR & BCP, Co-location security ops, SOW.

    Each service type should have standard service level targets or obligations that can vary depending on your requirements and reliance on the service being provided.

    Service levels

    Service levels are measurable targets, metrics, or KPIs that the service provider has committed to for the particular service type. Service levels are the key element of SLAs – they are the performance expectations set between you and the provider. The service performance of the provider is measured against the service level commitments. The ability of the provider to consistently meet these metrics will allow your organization to fully benefit from the objectives of the service and associated SLAs. Most service levels are time related but not all are.

    Common service levels are:

    Response times, resolution times per percent, restore/recovery times, accuracy, availability/uptime, completion/milestones, updating/communication, latency.

    Each service level has standard or minimum metrics for the provider. The metrics, or KPIs, should be relatively easy to measure and report against on a regular basis. Service levels are generally negotiable to meet your requirements.

    1.2.1 Activity SLA Checklist Tool

    1-2 hours

    Input

    • SLA content, Service elements
    • Contract terms & exclusions
    • Service metrices/KPIs

    Output

    • A concise list of SLA components
    • A list of missing SLA elements
    • Evaluation of the SLA

    Materials

    • Comprehensive checklist
    • Service provider SLA
    • Internal templates or policies

    Participants

    • Vendor or contract manager
    • IT or business unit manager
    • Legal
    • Finance

    Using this checklist will help you review a provider’s SLA to ensure it contains adequate service levels and remedies as well as contract-type elements.

    Instructions:

    Use the checklist to identify the principal service level elements as well as the contractual-type elements within the SLA.

    Review the SLA and use the dropdowns in the checklist to verify if the element is in the SLA and whether it is within acceptable parameters as well the page or section for reference.

    The checklist contains a list of service types that can be used for reference of what SLA elements you should expect to see in that service type SLA.

    Download the SLA Checklist Tool

    1.3 Monitoring, reporting requirements, remedies/credit process

    Monitoring & Reporting

    As mentioned, well-defined service levels are key to the success of the SLA. Validating that the metrics/KPIs are being met on a consistent basis requires regular monitoring and reporting. These elements of the SLA are how you hold the provider accountable to the SLA commitments and obligations. To achieve the service level, the service must be monitored to validate that timelines are met and accuracy is achieved.

    • Data or details from monitoring must then be presented in a report and delivered to the customer in an agreed-upon format. These formats can be in a dashboard, portal, spreadsheet, or csv file, and they must have sufficient criteria to validate the service-level metric. Reports should be kept for future review and to create historical trending.
    • Monitoring and reporting should be the responsibility of the service provider. This is the only way that they can validate to the customer that a service level has been achieved.
    • Reporting criteria and delivery timelines should be defined in the SLA and can even have a service level associated with it, such as a scheduled report delivery on the fifth day of the following month.
    • Reports need to be checked and balanced. When defining report criteria, be sure to define data source(s) that can be easily validated by both parties.
    • Report criteria should include compliance requirements, target metric/KPIs, and whether they were attained.
    • The report should identify any attainment shortfall or missed KPIs.

    Too many SLAs do not have these elements as often the provider tries to put the onus on the customer to monitor their performance of the service levels. .

    1.3.1 Monitoring, reporting requirements, remedies/credit process

    Remedies and Credits

    Service-level reports validate the performance of the service provider to the SLA metrics or KPIs. If the metrics are met, then by rights, the service provider is doing its job and performing up to expectations of the SLA and your organization.

    • What if the metrics are not being met either periodically or consistently? Solving this is the goal of remedies. Remedies are typically monetary costs (in some form) to the provider that they must pay for not meeting a service-level commitment. Credits can vary significantly and should be aligned to the severity of the missed service level. Sometimes there no credits offered by the vendor. This is a red flag in an SLA.
    • Typically expressed as a monetary credit, the SLA will have service levels and associated credits if the service-level metric/KPI is not met during the reporting period. Credits can be expressed in a dollar format, often defined as a percentage of a monthly fee or prorated annual fee. Although less common, some SLAs offer non-financial credits. These could include: an extension to service term, additional modules, training credits, access to a higher support level, etc.
    • Regardless of how the credit is presented, this is typically the only way to hold your provider accountable to their commitments and to ensure they perform consistently to expectations. You must do a rough calculation to validate the potential monetary value and if the credit is meaningful enough to the provider.

    Research shows that credit values that equate to just a few dollars, when you are paying the provider tens of thousands of dollars a month for a service or product, the credit is insignificant and therefore doesn’t incent the provider to achieve or maintain a service level.

    1.3.2 Monitoring, reporting requirements, remedies/credit process

    Credit Process

    Along with meaningful credit values, there must be a defined credit calculation method and credit redemption process in the SLA.

    Credit calculation. The credit calculation should be simple and straight forward. Many times, we see providers define complicated methods of calculating the credit value. In some cases complicated service levels require higher effort to monitor and report on, but this shouldn’t mean that the credit for missing the service level needs to require the same effort to calculate. Do a sample credit calculation to validate if the potential credit value is meaningful enough or meets your requirements.

    Credit redemption process. The SLA should define the process of how a credit is provided to the customer. Ideally the process should be fairly automated by the service provider. If the report shows a missed service level, that should trigger a credit calculation and credit value posted to account followed by notification. In many SLAs that we review, the credit process is either poorly defined or not defined at all. When it is defined, the process typically requires the customer to follow an onerous process and submit a credit request that must then be validated by the provider and then, if approved, posted to your account to be applied at year end as long as you are in complete compliance with the agreement and up-to-date on your account etc. This is what we need to avoid in provider-written SLAs. You need a proactive process where the service provider takes responsibility for missing an SLA and automatically assigns an accurate credit to your account with an email notice.

    Secondary level remedies. These are remedies for partial performance. For example, the platform is accessible but some major modules are not working (i.e.: the payroll platform is up and running and accessible but the tax table is not working properly so you can’t complete your payroll run on-time). Consider the requirement of a service level, metric, and remedy for critical components of a service and not just the platform availability.

    Info-Tech Insight SLA’s without adequate remedies to hold the vendor accountable to their commitments make the SLAs essentially meaningless.

    1.4 Exclusions indemnification, force majeure, scheduled maintenance

    Contract-Related Exclusions

    Attaining service-level commitments by the provider within an SLA can depend on other factors that could greatly influence their performance to service levels. Most of these other factors are common and should be defined in the SLA as exclusions or exceptions. Exceptions/exclusions can typically apply to credit calculations as well. Typical exceptions to attaining service levels are:

    • Denial of Service (DoS) attacks
    • Communication/ISP outage
    • Outages of third-party hosting
    • Actions or inactions of the client or third parties
    • Scheduled maintenance but not emergency maintenance
    • Force majeure events which can cover several different scenarios

    Attention should be taken to review the exceptions to ensure they are in fact not within the reasonable control of the provider. Many times the provider will list several exclusions. Often these are not reasonable or can be avoided, and in most cases, they allow the service provider the opportunity to show unjustified service-level achievements. These should be negotiated out of the SLA.

    1.5 Activity SLA Evaluation Tool

    1-2 hours

    Input

    • SLA content
    • SLA elements
    • SLA objectives
    • SLO calculation methods

    Output

    • Rating of the SLA service levels and objectives
    • Overall rating of the SLA content
    • Targeted list of required improvements

    Materials

    • SLA comprehensive checklist
    • Service provider SLA

    Participants

    • Vendor or contract manager
    • IT manager or leadership
    • Application or business unit manager

    The SLA Evaluation Tool will allow you evaluate an SLA for content. Enter details into the tool and evaluate the service levels and SLA elements and components to ensure the agreement contains adequate SLOs to meet your organization’s service requirements.

    Instructions:

    Review and identify SLA elements within the service provider’s SLA.

    Enter service-level details into the tool and rate the SLOs.

    Enter service elements details, validate that all required elements are in the SLA, and rate them accordingly.

    Capture and evaluate service-level SLO calculations.

    Review the overall rating for the SLA and create a targeted list for improvements with the service provider.

    Download the SLA Evaluation Tool

    1.5 Clarification: SLAs vs. SLOs vs. SLIs

    SLA – Service-Level Agreement The promise or commitment

    • This is the formal agreement between you and your service provider that contains their service levels and obligations with measurable metrics/KPIs and associated remedies. SLAs can be a separate or unique document, but are most commonly embedded within an MSA, SOW, SaaS, etc. as an addendum or exhibit.

    SLO – Service-Level Objective The goals or targets

    • This service-level agreement construct is the customer-based SLA. A Customer-based SLA is a unique agreement with one customer. The entire agreement is defined for one or all service levels provided to a particular customer. For example, you may use several services from one telecom vendor. The SLAs for these services would be covered in one contract between you and the Telco vendor, creating a unique customer-based to vendor agreement. Another scenario: a vendor offers general SLAs for its services and you negotiate a specific SLA for a particular service that is unique or exclusive to you. This would be a customer-based SLA as well.

    Other common names are Metrics and Key Performance Indicators (KPIs )

    SLI – Service-Level Indicator How did we do? Did we achieve the objectives?

    • An SLI is the actual metric attained after the measurement period. SLI measures compliance with an SLO (service level objective). So, for example, if your SLA specifies that your systems will be available 99.95% of the time, your SLO is 99.95% uptime and your SLI is the actual measurement of your uptime. Maybe it’s 99.96%. maybe 99.99% or even 99.75% For the vendor to be compliant to the SLA, the SLI(s) must meet or exceed the SLOs within the SLA document.

    Other common names: attainment, results, actual

    Info-Tech Insight:

    Web-posted SLAs that are not embedded within a signed MSA, can present uncertainty and risk as they can change at any time and typically without direct notice to the customer

    Reduce Risk With Rock-Solid Service-Level Agreements

    Phase 2

    Understand SLA Elements

    Phase 2

    Create Requirements

    Phase Steps

    • 2.1 Create a list of your SLA criteria
    • 2.2 Develop SLA policy & templates
    • 2.3 Create a negotiation strategy
    • 2.4 SLA overachieving discussion

    Manage Obligations

    2.1 Create a list of your SLA criteria

    Principle Service Elements

    With your understanding of the types of SLAs and the elements that comprise a well-written agreement

    • The next step is to start to create a set of SLA criteria for service types that your organization outsources or may require in the future.
    • This criteria should define the elements of the SLA with tolerance levels that will require the provider to meet your service expectations.
    • Service levels, metrics/KPIs, associated remedies and reporting criteria. This criteria could be captured into table-like templates that can be referenced or inserted into service provider SLAs.
    • Once you have defined minimum service-level criteria, we recommend that you do a deeper review of the various service provider types that your organization has in place. The goal of the review is to understand the objective of the service type and associated service levels and then compare them to your requirements for the service to meet your expectations. Service levels and KPIs should be no less than if your IT department was providing the service with its own resources and infrastructure.
    • Most IT departments have service levels that they are required to meet with their infrastructure to the business units or organization, whether it’s App delivery, issue or problem resolution, availability etc. When any of these services are outsourced to an external service provider, you need to make all efforts to ensure that the service levels are equal to or better than the previous or existing internal expectations.
    • Additionally, the goal is to identify service levels and metrics that don’t meet your requirements or expectations and/or service levels that are missing.

    2.2 Develop SLA policies and templates

    Contract-type Elements

    After creating templates for minimum-service metrics & KPIs, reporting criteria templates, process, and timing, the next step should be to work on contract-type elements and additional service-level components. These elements should include:

    • Reporting format, criteria, and timelines
    • Monitoring requirements
    • Minimum acceptable remedy or credits process; proactive by provider vs. reactive by customer
    • Roles & responsibilities
    • Acceptable exclusion details
    • Termination language for persistent failure to meet SLOs

    These templates or criteria minimums can be used as guidelines or policy when creating or negotiating SLAs with a service provider.

    Start your initial element templates for your strategic vendors and most common service types: SaaS, IaaS, Service Desk, SecOps, etc. The goal of SLA templates is to create simple minimum guidelines for service levels that will allow you to meet your internal SLAs and expectations. Having SLA templates will show the service provider that you understand your requirements and may put you in a better negotiating position when reviewing with the provider.

    When considering SLO metrics or KPIs consider the SMART guidance:

    Simple: A KPI should be easy to measure. It should not be complicated, and the purpose behind recording it must be documented and communicated.

    Measurable: A KPI that cannot be measured will not help in the decision-making process. The selected KPIs must be measurable, whether qualitatively or quantitatively. The procedure for measuring the KPIs must be consistent and well-defined.

    Actionable: KPIs should contribute to the decision-making process of your organization. A KPI that does not make any such contributions serves no purpose.

    Relevant: KPIs must be related to operations or functions that a security team seeks to assess.

    Time-based: KPIs should be flexible enough to demonstrate changes over time. In a practical sense, an ideal KPI can be grouped together by different time intervals.

    (Guide for Security Operations Metrics)

    2.2.1 Activity: Review SLA Template & Metrics Reference Guide

    1-2 hours

    Input

    • Service level metrics
    • List of who is accountable for PPM decisions

    Output

    • SLO templates for service types
    • SLA criteria that meets your organization’s requirements

    Materials

    • SLA Checklist
    • SLA criteria list with SLO & credit values
    • PPM Decision Review Workbook

    Participants

    • Vendor manager
    • IT leadership
    • Procurement or contract manager
    1. Review the SLA Template and Metrics Reference Guide for common metrics & KPIs for the various service types. Each Service Type tab has SLA elements and SLO metrics typically associated with the type of service.
    2. Some service levels have common or standard credits* that are typically associated with the service level or metric.
    3. Use the SLA Template to enter service levels, metrics, and credits that meet your organization’s criteria or requirements for a given service type.

    Download the SLA Template & Metrics Reference Guide

    *Credit values are not standard values, rather general ranges that our research shows to be the typical ranges that credit values should be for a given missed service level

    2.3 Create a negotiation strategy

    Once you have created service-level element criteria templates for your organization’s requirements, it’s time to document a negotiation position or strategy to use when negotiating with service providers. Not all providers are flexible with their SLA commitments, in fact most are reluctant to change or create “unique” SLOs for individual customers. Particularly cloud vendors providing IaaS, SaaS, or PaaS, SLAs. ISP/Telcom, Co-Lo and DR/BU providers also have standard SLOs that they don’t like to stray far from. On the other hand, security ops (SIEM), service desk, hardware, and SOW/PS providers who are generally contracted to provide variable services are somewhat more flexible with their SLAs and more willing to meet your requirements.

    • Service providers want to avoid being held accountable to SLOs, and their SLAs are typically written to reflect that.

    The goal of creating internal SLA templates and policies is to set a minimum baseline of service levels that your organization is willing to accept, and that will meet their requirements and expectations for the outsourced service. Using these templated SLOs will set the basis for negotiating the entire SLA with the provider. You can set the SLA purpose, objectives, roles, and responsibilities and then achieve these from the service provider with solid SLOs and associated reporting and remedies.

    Info-Tech Insight

    Web-posted SLAs that are not embedded within a signed MSA can present uncertainty and risk as they can change at any time and typically without direct notice to the customer

    2.3.1 Negotiating strategy guidance

    • Be prepared. Create a negotiating plan and put together a team that understands your organization’s requirements for SLA.
    • Stay informed. Request provider’s recent performance data and negotiate SLOs to the provider’s average performance.
    • Know what you need. Corporate SLA templates or policies should be positioned to service providers as baseline minimums.
    • Show some flexibility. Be willing to give up some ground on one SLO in exchange for acceptance of SLOs that may be more important to your organization.
    • Re-group. Have a fallback position or Plan B. What if the provider can’t or won’t meet your key SLOs? Do you walk?
    • Do your homework. Understand what the typical standard SLOs are for the type of service level.

    2.4 SLO overachieving incentive discussion

    Monitoring & Reporting

    • SLO overachieving metrics are seen in some SLAs where there is a high priority for a service provider to meet and or exceed the SLOs within the SLA. These are not common terms but can be used to improve the overall service levels of a provider. In these scenarios the provider is sometimes rewarded for overachieving on the SLOs, either consistently or on a monthly or quarterly basis. In some cases, it can make financial sense to incent the service provider to overachieve on their commitments. Incentives can drive behaviors and improved performance by the provider that can intern improve the benefits to your organization and therefore justify an incent of some type.
    • Example: You could have an SLO for invoice accuracy. If not achieved, it could cost the vendor if they don’t meet the accuracy metric, however if they were to consistently overachieve the metric it could save accounts payable hours of time in validation and therefore you could pass on some of these measurable savings to the provider.
    • Overachieving incentives can add complexity to the SLA so they need to be easily measurable and simple to manage.
    • Overachieving incentives can also be used in provider performance improvement plans, where a provider might have poor trending attainment and you need to have them improve their performance in a short period of time. Incentives typically will motivate provider improvement and generally will cost much less than replacing the provider.
    • There is another school of thought that you shouldn’t have to pay a provider for doing their job; however, others are of the opinion that incentives or bonuses improve the overall performance of individuals or teams and are therefore worth consideration if both parties benefit from the over performance.

    Reduce Risk With Rock-Solid Service-Level Agreements

    Phase 3

    Understand SLA Elements

    Create Requirements

    Phase 3

    Manage Obligations

    Phase Steps

    • 3.1 SLA monitoring and tracking
    • 3.2 Reporting
    • 3.3 Vendor SLA reviews & optimizing
    • 3.4 Performance management

    3.1 SLA monitoring, tracking, and remedy reconciliation

    The next step to effective SLAs is the management component. It could be fruitless if you were to spend your time and efforts negotiating your required service levels and metrics and don’t have some level of managing the SLA. In that situation you would have no way of knowing if the service provider is attaining their SLOs.

    There are several key elements to effective SLA management:

    • SLO monitoring
    • Simple, concise reporting
    • SLO attainment tracking
    • Score carding & trending
    • Remedy reconciliation

    SLA Management framework

    SLA Monitoring → Concise Reporting → Attainment Tracking → Score Carding →Remedy Reconciliation

    “A shift we’re beginning to see is an increased use of data and process discovery tools to measure SLAs,” says Borowski of West Monroe. “While not pervasive yet, these tools represent an opportunity to identify the most meaningful metrics and objectively measure performance (e.g., cycle time, quality, compliance). When provided by the client, it also eliminates the dependency on provider tools as the source-of-truth for performance data.” – Stephanie Overby

    3.1 SLA management framework

    SLA Performance Management

    • SLA monitoring provides data for SLO reports or dashboards. Reports provide attainment data for tacking over time. Attainment data feeds scorecards and allows for trending analysis. Missed attainment data triggers remedies.
    • All service providers monitor their systems, platforms, tickets, agents, sensors etc. to be able to do their jobs. Therefore, monitoring is readily available from your service provider in some form.
    • One of the key purposes of monitoring is to generate data into internal reports or dashboards that capture the performance metrics of the various services. Therefore, service-level and metric reports are readily available for all of the service levels that a service provider is contracted or engaged to provide.
    • Monitoring and reporting are the key elements that validate how your service provider is meeting its SLA obligations and thus are very important elements of an SLA. SLO report data becomes attainment data once the metric or KPI has been captured.
    • As a component of effective SLA management, this attainment data needs to be tracked/recorded in an easy-to-read format or table over a period of time. Attainment data can then be used to generate scorecards and trending reports for your review both internally and with the provider as required.
    • If attainment data shows that the service provider is meeting their SLA obligations, then the SLA is meeting your requirements and expectations. If on the other hand, attainment data shows that obligations are not being met, then actions must be taken to hold the service provider accountable. The most common method is through remedies that are typically in the form of a credit through a defined process (see Sec. 1.3). Any credits due for missed SLOs should also be tracked and reported to stakeholders and accounting for validation, reconciliation, and collection.

    3.2 Reporting

    Monitoring & Reporting

    • Many SLAs are silent on monitoring and reporting elements and require that the customer, if aware or able, to monitor the providers service levels and attainment and create their own KPI and reports. Then if SLOs are not met there is an arduous process that the customer must go through to request their rightful credit. This manual and reactive method creates all kinds of risk and cost to the customer and they should make all attempts to ensure that the service provider proactively provides SLO/KPI attainment reports on a regular basis.
    • Automated monitoring and reporting is a common task for many IT departments. There is no reason that a service provider can’t send reports proactively in a format that can be easily interpreted by the customer. The ideal state would be to capture KPI report data into a customer’s internal service provider scorecard.
    • Automated or automatic credit posting is another key element that service providers tend to ignore, primarily in hopes that the customer won’t request or go through the trouble of the process. This needs to change. Some large cloud vendors already have automated processes that automatically post a credit to your account if they miss an SLO. This proactive credit process should be at the top of your negotiation checklist. Service providers are avoiding thousands of credit dollars every year based on the design of their credit process. As more customers push back and negotiate more efficient credit processes, vendors will soon start to change and may use it as a differentiator with their service.

    3.2.1 Performance tracking and trending

    What gets measured gets done

    SLO Attainment Tracking

    A primary goal of proactive and automated reporting and credit process is to capture the provider’s attainment data into a tracker or vendor scorecard. These tracking scorecards can easily create status reports and performance trending of service providers, to IT leadership as well as feed QBR agenda content.

    Remedy Reconciliation

    Regardless of how a credit is processed it should be tracked and reconciled with internal stakeholders and accounting to ensure credits are duly applied or received from the provider and in a timely manner. Tracking and reconciliation must also align with your payment terms, whether monthly or annually.

    “While the adage, ‘You can't manage what you don't measure,’ continues to be true, the downside for organizations using metrics is that the provider will change their behavior to maximize their scores on performance benchmarks.” – Rob Lemos

    3.2.1 Activity SLA Tracker and Trending Tool

    1-2 hours setup

    Input

    • SLO metrics/KPIs from the SLA
    • Credit values associated with SLO

    Output

    • Monthly SLO attainment data
    • Credit tracking
    • SLO trending graphs

    Materials

    • Service provider SLO reports
    • Service provider SLA
    • SLO Tracker & Trending Tool

    Participants

    • Contract or vendor managers
    • Application or service managers
    • Service provider

    An important activity in the SLA management framework is to track the provider’s SLO attainment on a monthly or quarterly basis. In addition, if an SLO is missed, an associated credit needs to be tracked and captured. This activity allows you to capture the SLOs from the SLA and track them continually and provide data for trending and review at vendor performance meetings and executive updates.

    Instructions: Enter SLOs from the SLA as applicable.

    Each month, from the provider’s reports or dashboards, enter the SLO metric attainment.

    When an SLO is met, the cell will turn green. If the SLO is missed, the cell will turn red and a corresponding cell in the Credit Tracker will turn green, meaning that a credit needs to be reconciled.

    Use the Trending tab to view trending graphs of key service levels and SLOs.

    Download the SLO Tracker and Trending Tool

    3.3 Vendor SLA reviews and optimizing

    Regular reviews should be done with providers

    Collecting attainment data with scorecards or tracking tools provides summary information on the performance of the service provider to their SLA obligations. This information should be used for regular reviews both internally and with the provider.

    Regular attainment reviews should be used for:

    • Performance trending upward or downward
    • Identifying opportunities to revise or improve SLOs
    • Optimizing SLO and processes
    • Creating a Performance Improvement Plan (PIP) for the service provider

    Some organizations choose to review SLA performance with providers at regular QBRs or at specific SLA review meetings

    This should be determined based on the criticality, risk, and strategic importance of the provider’s service. Providers that provide essential services like ERP, payroll, CRM, HRIS, IaaS etc. should be reviewed much more regularly to ensure that any decline in service is identified early and addressed properly in accordance with the service provider. Negative trending performance should also be documented for consideration at renewal time.

    3.4 Performance management

    Dealing with persistent poor performance and termination

    Service providers that consistently miss key service level metrics or KPIs present financial and security risk to the organization. Poor performance of a service provider reflects directly on the IT leadership and will affect many other business aspects of the organization including:

    • Ability to conduct day-to-day business activities
    • Meet internal obligations and expectations
    • Employee productivity and satisfaction
    • Maintain corporate policies or industry compliance
    • Meet security requirements

    Communication is key. Poor performance of a service provider needs to be dealt with in a timely manner in order to avoid more critical impact of the poor performance. Actions taken with the provider can also vary depending again on the criticality, risk, and strategic importance of the provider’s service.

    Performance reviews should provide the actions required with the goal of:

    • Making the performance problems into opportunities
    • Working with the provider to create a PIP with aggressive timelines and ramifications if not attained
    • Non-renewal or termination consideration, if feasible including provider replacement options, risk, costs, etc.
    • SLA renegotiation or revisions
    • Warning notifications to the service provider with concise issues and ramifications

    To avoid the issues and challenges of dealing with chronic poor performance, consider a Persistent or Chronic Failure clause into the SLA contract language. These clauses can define chronic failure, scenarios, ramifications there of, and defined options for the client including increased credit values, non-monetary remedies, and termination options without liability.

    Info-Tech Insight

    It’s difficult to prevent chronic poor performance but you can certainly track it and deal with it in a way that reduces risk and cost to your organization.

    SLA Hall of Shame

    Crazy service provider SLA content collection

    • Excessive list of unreasonable exclusions
    • Subcontractors’ behavior could be excluded
    • Downtime credit, equal to downtime percent x the MRC
    • Controllable FM events (internal labor issues, health events)
    • Difficult downtime or credit calculations that don’t make sense
    • Credits are not valid if agreement is terminated early or not renewed
    • Customer is not current on their account, SLA or credits do not count/apply
    • Total downtime = to prorated credit value (down 3 hrs = 3/720hrs = 0.4% credit)
    • SLOs don’t apply if customer fails to report the issue or request a trouble ticket
    • Downtime during off hours (overnight) do not count towards availability metrics
    • Different availability commitments based on different support-levels packages
    • Extending the agreement term by the length of downtime as a form of a remedy

    SLA Dos and Don’ts

    Dos

    • Do negotiate SLOs to vendor’s average performance
    • Do strive for automated reporting and credit processes
    • Do right-size and create your SLO criteria based on risk mitigation
    • Do review SLA attainment results with strategic service providers on a regular basis
    • Do ensure that all key elements and components of an SLA are present in the document or appendix

    Don'ts

    • Don’t accept the providers response that “we can’t change the SLOs for you because then we’d have to change them for everyone”
    • Don’t leave SLA preparation to the last minute. Give it priority as you negotiate with the provider
    • Don’t create complex SLAs with numerous service levels and SLOs that need to be reported and managed
    • Don’t aim for absolute perfection. Rather, prioritize which service levels are most important to you for the service

    Summary of Accomplishment

    Problem Solved

    Knowledge Gained

    • Understanding of the elements and components of an SLA
    • A list of SLO metrics aligned to service types that meet your organization’s criteria
    • SLA metric/KPI templates
    • SLA Management process for your provider’s service objectives
    • Reporting and tracking process for performance trending

    Deliverables Completed

    • SLA component and contract element checklist
    • Evaluation or service provider SLAs
    • SLA templates for strategic service types
    • SLA tracker for strategic service providers

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com

    1-888-670-8889

    Related Info-Tech Research

    Improve IT-Business Alignment Through an Internal SLA

    • Understand business requirements, clarify current capabilities, and enable strategies to close service-level gaps.

    Data center Co-location SLA & Service Definition Template

    • In essence, the SLA defines the “product” that is being purchased, permitting the provider to rationalize resources to best meet the needs of varied clients, and permits the buyer to ensure that business requirements are being met.

    Ensure Cloud Security in IaaS, PaaS, and SaaS Environments

    • Keep your information security risks manageable when leveraging the benefits of cloud computing.

    Bibliography

    Henderson, George. “3 Most Common Types of Service Level Agreement (SLA).” Master of Project Academy. N.d. Web.

    “Guide to Security Operations Metrics.” Logsign. Oct 5, 2020. Web.

    Lemos, Rob. “4 lessons from SOC metrics: What your SpecOps team needs to know.” TechBeacon. N.d. Web.

    “Measuring and Making the Most of Service Desk Metrics.” Freshworks. N.d. Web.

    Overby, Stephanie. “15 SLA Mistakes IT Leaders Still Make.” CIO. Jan 21, 2021.

    Adapt Your Customer Experience Strategy to Successfully Weather COVID-19

    • Buy Link or Shortcode: {j2store}536|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Customer Relationship Management
    • Parent Category Link: /customer-relationship-management
    • COVID-19 is an unprecedented global pandemic. It’s creating significant challenges across every sector.
    • Collapse of financial markets and a steep decline in consumer confidence has most firms nervous about revenue shortfalls and cash burn rates.
    • The economic impact of COVID-19 is freezing IT budgets and sharply changing IT priorities.
    • The human impact of COVID-19 is likely to lead to staffing shortfalls and knowledge gaps.
    • COVID-19 may be in play for up to two years.

    Our Advice

    Critical Insight

    The challenges posed by the virus are compounded by the fact that consumer expectations for strong service delivery remain high:

    • Customers still expect timely, on-demand service from the businesses they engage with.
    • There is uncertainty about how to maintain strong, revenue-driving experiences when faced with the operational challenges posed by the virus.
    • COVID-19 is changing how organizations prioritize spending priorities within their CXM strategies.

    Impact and Result

    • Info-Tech recommends rapidly updating your strategy for customer experience management to ensure it can rise to the occasion.
    • Start by assessing the risk COVID-19 poses to your CXM approach and how it’ll impact marketing, sales, and customer service functions.
    • Implement actionable measures to blunt the threat of COVID-19 while protecting revenue, maintaining consistent product and service delivery, and improving the integrity of your brand. We’ll dive into five proven techniques in this brief!

    Adapt Your Customer Experience Strategy to Successfully Weather COVID-19 Research & Tools

    Start here

    Read our concise Executive Brief to find out why you should examine the impact of COVID-19 on customer experience strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Adapt Your Customer Experience Strategy to Successfully Weather COVID-19 Storyboard

    1. Assess the impact of COVID-19 on your CXM strategy

    Create a consolidated, updated view of your current customer experience management strategy and identify which elements can be capitalized on to dampen the impact of COVID-19 and which elements are vulnerabilities that the pandemic may threaten to exacerbate.

    2. Blunt the damage of COVID-19 with new CXM tactics

    Create a roadmap of business and technology initiatives through the lens of customer experience management that can be used to help your organization protect its revenue, maintain customer engagement, and enhance its brand integrity.

    [infographic]

    Slash Spending by Optimizing Your Software Maintenance and Support

    • Buy Link or Shortcode: {j2store}217|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • Perpetual software maintenance (SW M&S) is an annual budget cost that increases almost yearly. You don’t really know if there is value in it, if its required by the vendor, or if there are opportunities for cost savings.
    • Most organizations never reap the full benefits of software M&S. They blindly send renewal fees to the vendor every year without validating their needs or the value of the maintenance. In addition, your vendor maintenance may be under contract and you aren’t sure what the obligations are for both parties.

    Our Advice

    Critical Insight

    • Analyzing the benefits contained within a vendor’s software M&S will provide the actual cost value of the M&S and whether there are critical support requirements vs. “nice to have” benefits.
    • Understanding the value and your requirement for M&S will allow you to make an informed decision on how best to optimize and reduce your annual software M&S spend.
    • Use a holistic approach when looking to reduce your software M&S spend. Review the entire portfolio for targeted reduction that will result in short- and long-term savings.
    • When targeting vendors to negotiate M&S price or coverage reduction, engaging them three to six months in advance of renewal will provide you with more time to effectively negotiate and not fall to the pressure of time.

    Impact and Result

    • Reduce annual costs for software maintenance and support.
    • Complete a value of investment (VOI) analysis of your software M&S for strategic vendors.
    • Maximize value of the software M&S by using all the benefits being paid for.
    • Right-size support coverage for your requirements.
    • Prioritize software vendors to target for cost reduction and optimization.

    Slash Spending by Optimizing Your Software Maintenance and Support Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how to prioritize your software vendors and effectively target M&S for reduction, optimization, or elimination.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Evaluate

    Evaluate what software maintenance you are spending money.

    • Slash Spending by Optimizing Your Software Maintenance and Support – Phase 1: Evaluate
    • Software M&S Inventory and Prioritization Tool

    2. Establish

    Establish your software M&S requirements and coverage.

    • Slash Spending by Optimizing Your Software Maintenance and Support – Phase 2: Establish
    • Software Vendor Classification Tool

    3. Optimize

    Optimize your M&S spend, reduce or eliminate, where applicable.

    • Slash Spending by Optimizing Your Software Maintenance and Support – Phase 3: Optimize
    • Software M&S Value of Investment Tool
    • Software M&S Cancellation Decision Guide
    • Software M&S Executive Summary Template
    • Software M&S Cancellation Support Template
    [infographic]

    Adopt Design Thinking in Your Organization

    • Buy Link or Shortcode: {j2store}327|cart{/j2store}
    • member rating overall impact: 9.6/10 Overall Impact
    • member rating average dollars saved: $23,245 Average $ Saved
    • member rating average days saved: 13 Average Days Saved
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • End users often have a disjointed experience while interacting with your organization in using its products and services.
    • You have been asked by your senior leadership to start a new or revive an existing design or innovation function within your organization. However, your organization has dismissed design thinking as the latest “management fad” and does not buy into the depth and rigor that design thinking brings.
    • The design or innovation function lives on the fringes of your organization due to its apathy towards design thinking or tumultuous internal politics.
    • You, as a CIO, want to improve the user satisfaction with the IT services your team provides to both internal and external users.

    Our Advice

    Critical Insight

    • A user’s perspective while interacting with the products and services is very different from the organization’s internal perspective while implementing and provisioning those. A design-based organization balances the two perspectives to drive user-satisfaction over end-to-end journeys.
    • Top management must have a design thinker – the guardian angel of the balance between exploration (i.e. discovering new business models) and exploitation (i.e. leveraging existing business models).
    • Your approach to adopt design thinking must consider your organization’s specific goals and culture. There’s no one-size-fits-all approach.

    Impact and Result

    • User satisfaction, with the end-to-end journeys orchestrated by your organization, will significantly increase.
    • Design-centric organizations enjoy disproportionate financial rewards.

    Adopt Design Thinking in Your Organization Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should adopt design thinking in your organization, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. What is design thinking?

    The focus of this phase is on revealing what designers do during the activity of designing, and on building an understanding of the nature of design ability. We will formally examine the many definitions of design thinking from experts in this field. At the core of this phase are several case studies that illuminate the various aspects of design thinking.

    • Adopt Design Thinking in Your Organization – Phase 1: What Is Design Thinking?
    • Victor Scheinman's Experiment for Design

    2. How does an organization benefit from design thinking?

    This phase will illustrate the relevance of design in strategy formulation and in service-design. At the core of this phase are several case studies that illuminate these aspects of design thinking. We will also identify the trends impacting your organization and establish a baseline of user-experience with the journeys orchestrated by your organization.

    • Adopt Design Thinking in Your Organization – Phase 2: How Does an Organization Benefit From Design Thinking?
    • Trends Matrix (Sample)

    3. How do you build a design organization?

    The focus of this phase is to:

  • Measure the design-centricity of your organization and subsequently, identify the areas for improvement.
  • Define an approach for a design program that suites your organization’s specific goals and culture.

    • Adopt Design Thinking in Your Organization – Phase 3: How Do You Build a Design Organization?
    • Report on How Design-Centric Is Your Organization (Sample)
    • Approach for the Design Program (Sample)
    • Interview With David Dunne on Design Thinking
    • Interview With David Dunne on Design Thinking (mp3)
    [infographic]

    Workshop: Adopt Design Thinking in Your Organization

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 What Is Design Thinking?

    The Purpose

    The focus of this module is on revealing what designers do during the activity of designing, and on building an understanding of the nature of design ability. We will also review the report on the design-centricity of your organization and subsequently, earmark the areas for improvement.

    Key Benefits Achieved

    An intimate understanding of the design thinking

    An assessment of design-centricity of your organization and identification of areas for improvement

    Activities

    1.1 Discuss case studies on how designers think and work

    1.2 Define design thinking

    1.3 Review report from Info-Tech’s diagnostic: How design-centric is your organization?

    1.4 Earmark areas for improvement to raise the design-centricity of your organization

    Outputs

    Report from Info-Tech’s diagnostic: ‘How design-centric is your organization?’ with identified areas for improvement.

    2 How Does an Organization Benefit From Design Thinking?

    The Purpose

    In this module, we will discuss the relevance of design in strategy formulation and service design. At the core of this module are several case studies that illuminate these aspects of design thinking. We will also identify the trends impacting your organization. We will establish a baseline of user experience with the journeys orchestrated by your organization.

    Key Benefits Achieved

    An in-depth understanding of the relevance of design in strategy formulation and service design

    An understanding of the trends that impact your organization

    A taxonomy of critical customer journeys and a baseline of customers’ satisfaction with those

    Activities

    2.1 Discuss relevance of design in strategy through case studies

    2.2 Articulate trends that impact your organization

    2.3 Discuss service design through case studies

    2.4 Identify critical customer journeys and baseline customers’ satisfaction with those

    2.5 Run a simulation of design in practice

    Outputs

    Trends that impact your organization.

    Taxonomy of critical customer journeys and a baseline of customers’ satisfaction with those.

    3 How to Build a Design Organization

    The Purpose

    The focus of this module is to define an approach for a design program that suits your organization’s specific goals and culture.

    Key Benefits Achieved

    An approach for the design program in your organization. This includes aspects of the design program such as its objectives and measures, its model (one of the five archetypes or a hybrid one), and its governance.

    Activities

    3.1 Identify objectives and key measures for your design thinking program

    3.2 Structure your program after reviewing five main archetypes of a design program

    3.3 Balance between incremental and disruptive innovation

    3.4 Review best practices of a design organization

    Outputs

    An approach for your design thinking program: objectives and key measures; structure of the program, etc.

    Prepare for Negotiations More Effectively

    • Buy Link or Shortcode: {j2store}224|cart{/j2store}
    • member rating overall impact: 8.0/10 Overall Impact
    • member rating average dollars saved: $6,000 Average $ Saved
    • member rating average days saved: 4 Average Days Saved
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • IT budgets are increasing, but many CIOs feel their budgets are inadequate to accomplish what is being asked of them.
    • Eighty percent of organizations don’t have a mature, repeatable, scalable negotiation process.
    • Training dollars on negotiations are often wasted or ineffective.

    Our Advice

    Critical Insight

    • Negotiations are about allocating risk and money – how much risk is a party willing to accept at what price point?
    • Using a cross-functional/cross-insight team structure for negotiation preparation yields better results.
    • Soft skills aren’t enough and theatrical negotiation tactics aren’t effective.

    Impact and Result

    A good negotiation process can help:

    • Maximize budget dollars.
    • Improve vendor performance.
    • Enhance relationships internally and externally.

    Prepare for Negotiations More Effectively Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should create and follow a scalable process for preparing to negotiate with vendors, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Before

    Throughout this phase, the 12 steps for negotiation preparation are identified and reviewed.

    • Prepare for Negotiations More Effectively – Phase 1: Before
    • Before Negotiating Tool
    [infographic]

    Workshop: Prepare for Negotiations More Effectively

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 12 Steps to Better Negotiation Preparation

    The Purpose

    Improve negotiation preparation.

    Understand how to use the Info-Tech Before Negotiating Tool.

    Key Benefits Achieved

    A scalable framework for negotiation preparation will be created.

    The Before Negotiating Tool will be configured for the customer’s environment.

    Activities

    1.1 Establish specific negotiation goals and ranges.

    1.2 Identify and assess alternatives to a negotiated agreement.

    1.3 Identify and evaluate assumptions made by the parties.

    1.4 Conduct research.

    1.5 Identify and evaluate relationship issues.

    1.6 Identify and leverage the team structure.

    1.7 Identify and address leverage issues.

    1.8 Evaluate timeline considerations.

    1.9 Create a strategy.

    1.10 Draft a negotiation agenda.

    1.11 Draft and answer questions.

    1.12 Rehearse (informal and formal).

    Outputs

    Sample negotiation goals and ranges will be generated via a case study to demonstrate the concepts and how to use the Before Negotiating Tool (this will apply to each Planned Activity)

    Sample alternatives will be generated

    Sample assumptions will be generated

    Sample research will be generated

    Sample relationship issues will be generated

    Sample teams will be generated

    Sample leverage items will be generated

    Sample timeline issues will be generated

    A sample strategy will be generated

    A sample negotiation agenda will be generated

    Sample questions and answers will be generated

    Sample rehearsals will be conducted

    Cookie Notice

    Gert Taeymans BV wants to inform you about our cookie notice on the Gert Taeymans BV websites via this document. Please also see the privacy policy which you can find here.

    This website is owned by Gert Taeymans BV

    Contact details:
    Gert Taeymans BV
    Koning Albertstraat 136
    2070 Burcht
    Belgium
    Company number: 0685974694
    Phone: +32 3 289 41 09
    email: gtbvba@gerttaeymans.com

    Site Scope

    The websites in scope of this notice are:

    • tymansgroup.com
    • gerttaeymans.consulting
    • gerttaeymans.site
    • gerttaeymans.audio

    Cookie Types

    We differentiate 4 types of cookies

    • Necessary cookies
      Necessary cookies help make our website usable by enabling basic functions like page navigation and access to secure areas of the website. While you can decline them, The website cannot function properly without these cookies.
    • Preferences cookies
      Preference cookies enable our website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in. They may include cookies from 3rd party providers whose content we show or reference on our site. Those cookies are outside of our control and these providers may change their terms and policies at any time.
    • Statistics cookies
      Statistic cookies help our company to understand how visitors interact with our website by collecting and reporting statistical information pseudonymously. That means that eg. your IP address is scrambled in such a way that it will always be the same upon each subsequent visit to our site, so that Google can process the visit as a return visit. This helps with basic statistics, but also is a factor in how well we rank in future searches. Many returning visitors means that you like our site and that is a ranking element.
      Due to the ECJ striking down the  EU-US Privacy Shield agreement, this leaves us with a open gap. The resulting implications and actions to take are not yet clear. However, when agreeing to statistics cookies, you agree that your data may be processed in the United States under less strict privacy laws and that your data will be exposed to all associated risks. Such risks include the US government being able to investigate you, simply for being a non-US citizen due to provision 702 of the FISA act, which they are able to do anyway, with or without the cookie. Also, the laws in the United States are less strict with regards to selling information to third parties.
    • Marketing cookies
      Marketing cookies are used to track you across websites. The intention is to display ads that are relevant and engaging for you and thereby more valuable for publishers and third party advertisers. At this point we do not allow ads to display on our site, so no third-party trackers are defined on our site. We may add a 1st party (us) tracker to our site at any time.

    Actual cookies used

    Necessary cookies (all sites in site scope)

    Name     Contents Expiration Reason for the cookie
    Session cookie (displayed as a long series of numbers and letters) The active session ID When you close your broser, clear your cookie's cache in your browser or after 60 minutes of inactivity on the site. The cookie may remain in your machine but is no longer valid after the mentioned tile of inactivity    

    The browser cookie is simply a random string of characters to identify the visitor. There are no personally identifable details in the cookie and no real data of use at all. The cookie is marked as a 'session' type of cookie, which means it will expire (be deleted automatically) when the browser is closed or cleaned by the browser after a set period of non-use; for instance, you haven't visited a page on the site that has used the cookie for 1 week. This latter case is useful for people that leave their computer running and never close their browser.

    The use of a cookie is what gives your website a short-term memory. By providing it with each request, Joomla can look up the history of the current viewing session in the database record below.
    cookieconsent_status allow 1 year This cookie stores that you have consented to the use of cookies on our site. It is there to avoid that you have to give your consent again at every page load.

    Preferences cookies

    Site Name     Contents Expiration Reason for the cookie
    gerttaeymans.consulting None at this stage N/A N/A   N/A
    tymansgroup.com None at this stage N/A N/A N/A
             
             

    Statistical cookies

    Site Name     Contents Expiration Reason for the cookie
    All Scope _ga Google Analytics type and account identifier 2 years This cookie identifies our domain (gerttaeymans.consulting) and sends visit information to Google. information may include, but not limited to: browser identifiable information, page visited, visit duration, etc. This information does not contain user identifiable information
    All Scope _gat_gtag_UA_140807308_3 Google Analytics type and account identifier 2 years This cookie also identifies our domain (gerttaeymans.consulting) and sends visit information to Google. information may include, but not limited to: browser identifiable information, page visited, visit duration, etc. This information does not contain user identifiable information
    All Scope _gid Google Analytics type and account identifier 1 day This cookie also identifies our domain (gerttaeymans.consulting) and sends visit information to Google. information may include, but not limited to: browser identifiable information, page visited, visit duration, etc. This information does not contain user identifiable information
             
             

    Marketing cookies

    Name     Contents Expiration Reason for the cookie
    None at this stage N/A N/A N/A
           
           

     

    Managing cookies

    You are not required to accept any cookies . Our cookies toolbar allows you to fine tune which cookies you accespt or want to revoke consent for. The resulting experience may however be affected by your decision not to accept cookies.

    Eg. not accepting or revoking consent for the “Necessary” category cookies will result in your inability to log into the site, even if you have previously accepted the cookies and paid for service.

    Not accepting or revoking consent for “Preference” category cookies may impede on your ability to watch instructional videos on our site, even if you have previously accepted the cookies and paid for service.

    Not accepting or revoking consent for ‘Statistical” category cookies will result in us not seeing where visitors stay longer or shorter on our site. While the immediate experience will not degrade for you, it may impede us in better understanding where we need to improve our service, thereby denying you a potentially improved experience in the future.

    Not accepting or revoking consent for “Marketing” category cookies may result in you seeing irrelevant ads, if we make the decision to allow carefully selected partners to offer their services through our site.

    Removing cookies from your device

    You can delete all cookies that are already on your device by clearing the browsing history of your browser. This will remove all cookies from all websites you have visited.

    Be aware though that you may also lose some saved information (e.g. saved login details, site preferences).

    Managing site-specific cookies

    For more detailed control over site-specific cookies, check the privacy and cookie settings in your preferred browser

    Blocking cookies

    You can set most modern browsers to prevent any cookies being placed on your device, but you may then have to manually adjust some preferences every time you visit a site/page. And some services and functionalities may not work properly at all (e.g. profile logging-in).

    Build an Application Rationalization Framework

    • Buy Link or Shortcode: {j2store}173|cart{/j2store}
    • member rating overall impact: 9.2/10 Overall Impact
    • member rating average dollars saved: $39,942 Average $ Saved
    • member rating average days saved: 23 Average Days Saved
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Almost two-thirds of organizations report that they have too many or far too many applications due to sprawl from poorly managed portfolios, and application managers are spending too much time supporting non-critical applications and not enough time on their most vital ones.
    • The necessary pieces of rationalization are rarely in one place. You need to assemble the resources to collect vital rationalization criteria.
    • There is a lack of standard practices to define the business value that the applications in a portfolio provide, and without value rationalization, decisions are misaligned to business needs.

    Our Advice

    Critical Insight

    There is no “one size fits all.” Applying a rigid approach to rationalization with inflexible inputs can delay or prevent you from realizing value. Play to your strengths and build a framework that aligns to your goals and limitations.

    Impact and Result

    • Define the roles, responsibilities, and outputs for application rationalization within your application portfolio management practice.
    • Build a tailored application rationalization framework (ARF) aligned with your motivations, goals, and limitations.
    • Apply the various application assessments to produce the information that your dispositions will be based on.
    • Initiate an application portfolio roadmap that will showcase your rationalization decisions to key stakeholders.

    Build an Application Rationalization Framework Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should rationalize your applications and why you need a framework that is specific to your goals and limitations, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Lay your foundations

    Define the motivations, goals, and scope of your rationalization effort. Build the action plan and engagement tactics to roll out the rationalization activities.

    • Build an Application Rationalization Framework – Phase 1: Lay Your Foundations
    • Application Rationalization Tool

    2. Plan your application rationalization framework

    Understand the core assessments performed in application rationalizations. Define your application rationalization framework and degree of rigor in applying these assessments based on your goals and limitations.

    • Build an Application Rationalization Framework – Phase 2: Plan Your Application Rationalization Framework

    3. Test and adapt your application rationalization framework

    Test your application rationalization framework using Info-Tech’s tool set on your first iteration. Perform a retrospective and adapt your framework based on that experience and outcomes.

    • Build an Application Rationalization Framework – Phase 3: Test and Adapt Your Application Rationalization Framework
    • Application TCO Calculator
    • Value Calculator

    4. Initiate your roadmap

    Review, determine, and prioritize your dispositions to ensure they align to your goals. Initiate an application portfolio roadmap to showcase your rationalization decisions to key stakeholders.

    • Build an Application Rationalization Framework – Phase 4: Initiate Your Roadmap
    • Disposition Prioritization Tool
    [infographic]

    Workshop: Build an Application Rationalization Framework

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Lay Your Foundations

    The Purpose

    Define the goals, scope, roles, and responsibilities of your rationalization effort.

    Key Benefits Achieved

    Defined motivations, long and short-term goals, and metrics for your rationalization effort.

    Definition of application.

    Defined roles and responsibilities for your rationalization effort.

    Activities

    1.1 Define motivations and goals for rationalization.

    1.2 Define “application.”

    1.3 Identify team and responsivities.

    1.4 Adapt target dispositions.

    1.5 Initiate Application Rationalization Framework (ARF).

    Outputs

    Goals, motivations, and metrics for rationalizations

    Definition of “Application”

    Defined dispositions

    Defined core APM team and handoffs

    2 Assess Business Value

    The Purpose

    Review and adapt Info-Tech’s methodology and toolset.

    Assess business value of applications.

    Key Benefits Achieved

    Tailored application rationalization framework

    Defined business value drivers

    Business value scores for applications

    Activities

    2.1 Review Application Rationalization Tool.

    2.2 Review focused apps, capabilities, and areas of functionality overlap.

    2.3 Define business value drivers.

    2.4 Determine the value score of focused apps.

    Outputs

    Application Rationalization Tool

    List of functional overlaps

    Weighed business value drivers

    Value scores for focused application

    Value Calculator

    3 Gather Application Information

    The Purpose

    Continue to review and adapt Info-Tech’s methodology and toolset.

    Key Benefits Achieved

    Tailored application rationalization framework

    TCO values for applications

    Technical health review of applications

    Recommended dispositions for applications

    Activities

    3.1 Determine TCO for focused apps.

    3.2 Determine technical health of focused apps.

    3.3 Review APA.

    3.4 Review recommended dispositions.

    3.5 Perform retrospective of assessments and adapt ARF.

    Outputs

    TCO of focused applications

    TCO Calculator

    Technical health of focused apps

    Defined rationalization criteria

    Recommended disposition for focused apps

    4 Gather, Assess, and Select Dispositions

    The Purpose

    Review and perform high-level prioritization of dispositions.

    Build a roadmap for dispositions.

    Determine ongoing rationalization and application portfolio management activities.

    Key Benefits Achieved

    Application Portfolio Roadmap

    Prioritized Dispositions

    Activities

    4.1 Determine dispositions.

    4.2 Prioritize dispositions.

    4.3 Initiate portfolio roadmap.

    4.4 Build an action plan for next iterations and ongoing activities.

    4.5 Finalize ARF.

    Outputs

    Disposition Prioritization Tool

    Application portfolio roadmap

    Action plan for next iterations and ongoing activities

    Further reading

    Build an Application Rationalization Framework

    Manage your application portfolio to minimize risk and maximize value.

    Analyst Perspective

    "You're not rationalizing for the sake of IT, you’re rationalizing your apps to create better outcomes for the business and your customers. Consider what’s in it for delivery, operations, the business, and the customer." – Cole Cioran, Senior Director – Research, Application Delivery and Management

    Our understanding of the problem

    This Research Is Designed For:

    • Application portfolio managers, application portfolio management (APM) teams, or any application leaders who are tasked with making application portfolio decisions.
    • Application leaders looking to align their portfolios to the organization’s strategy.
    • Application leaders who need a process for rationalizing their applications.

    This Research Will Help You:

    • Measure the business value of your applications.
    • Rationalize your portfolio to determine the best disposition for each application.
    • Initiate a roadmap that will showcase the future of your applications.

    This Research Will Also Assist:

    • CIOs and other business leaders who need to understand the applications in their portfolio, the value they contribute to the business, and their strategic direction over a given timeline.
    • Steering committees and/or the PMO that needs to understand the process by which application dispositions are generated.

    This Research Will Help Them:

    • Build their reputation as an IT leader who drives the business forward.
    • Define the organization’s value statement in the context of IT and their applications.
    • Visualize the roadmap to the organization’s target application landscape.

    Executive Summary

    Situation

    • Almost two-thirds of organizations report that they have too many or far too many applications due to sprawl from poorly managed portfolios (Flexera, 2015).
    • Application managers are spending too much time supporting non-critical applications and not enough time on their most vital ones.
    • Application managers need their portfolios to be current and effective and evolve continuously to support the business or risk being marginalized.

    Complication

    • The necessary pieces of rationalization are rarely in one place. You need to assemble the resources to collect vital rationalization criteria.
    • There is a lack of standard practices to define the business value that the applications in a portfolio provide and, without value rationalization, decisions are misaligned to business needs.

    Resolution

    • Define the roles, responsibilities, and outputs for application rationalization within your application portfolio management (APM) and other related practices.
    • Build a tailored application rationalization framework (ARF) aligned with your motivations, goals, and limitations.
    • Apply the various application assessments to produce the information, which your dispositions will be based on, and adapt your ARF based on the experiences of your first iteration.
    • Review, determine, and prioritize your application dispositions to create a portfolio strategy aligned to your goals.
    • Initiate an application portfolio roadmap, which will showcase your rationalization decisions to key stakeholders.

    Info-Tech Insight

    There is no one size fits all.

    Applying a rigid approach with inflexible inputs can delay or prevent you from realizing value. Play to your strengths and build a framework that aligns to your goals and limitations.

    Business value must drive your decisions.

    Of the 11 vendor capabilities asked about by Info-Tech’s SoftwareReviews, “business value created” has the second highest relationship with overall software satisfaction.

    Take an iterative approach.

    Larger approaches take longer and are more likely to fail. Identify the applications that best address your strategic objectives, then: rationalize, learn, repeat.

    Info-Tech recommends a disciplined, step-by-step approach as outlined in our Application Portfolio Strategy Program

    Step 1 "No Knowledge": Define application capabilities and visualize lifecycle stages

    Application Discovery

    1. Build in Application Portfolio Management Principles.
    2. Conduct Application Alignment.
    3. Build Detailed Application Inventory

    Step 2 "No Strategy": Rationalize application portfolio and visualize strategic directions

    Application Rationalization

    1. Set Your Rationalization Framework
    2. Conduct Assessment & Assign Dispositions
    3. Create an Application Portfolio Roadmap

    Step 3 "No Plan": Build a product roadmap and visualize the detailed plan

    Detailed Disposition Planning

    1. Conduct an Impact Assessment
    2. Determine the Details of the Disposition
    3. Create Detailed Product Roadmaps

    This blueprint focuses on step 2 of Info-Tech's Application Portfolio Strategy Program. Our methodology assumes you have completed the following activities, which are outlined in Discover Your Applications.

    • Collected your full application inventory (including Shadow IT)
    • Aligned applications to business capabilities
    • Determined redundant applications
    • Identified appropriate subject matter experts (business and technical) for your applications

    Info-Tech's four-phase methodology

    Phase 1

    Lay Your Foundations

    • Define Motivations, Goals, and Scope
    • Iteration and Engagement Planning

    This phase is intended to establish the fundamentals in launching either a rationalization initiative or ongoing practice.

    Here we define goals, scope, and the involvement of various roles from both IT and the business.

    Phase 2

    Plan Your ARF

    • Establish Rationalization Inputs and Current Gaps

    This phase is intended to review a high-level approach to rationalization and determine which analyses are necessary and their appropriate level of depth.

    Here we produce an initial ARF and discuss any gaps in terms of the availability of necessary data points and additional collection methods that will need to be applied.

    Phase 3

    Test and Adapt Your ARF

    • Perform First Iteration Analysis
    • First Iteration Retrospective and Adaptation

    This phase is intended to put the ARF into action and adapt as necessary to ensure success in your organization.

    If appropriate, here we apply Info-Tech’s ARF and toolset and test it against a set of applications to determine how best to adapt these materials for your needs.

    Phase 4

    Initiate Your Roadmap

    • Prioritize and Roadmap Applications
    • Ongoing Rationalization and Roadmapping

    This phase is intended to capture results of rationalization and solidify your rationalization initiative or ongoing practice.

    Here we aim to inject your dispositions into an application portfolio roadmap and ensure ongoing governance of APM activities.

    There is an inconsistent understanding and ownership of the application portfolio

    What can I discover about my portfolio?

    Application portfolios are misunderstood.

    Portfolios are viewed as only supportive in nature. There is no strategy or process to evaluate application portfolios effectively. As a result, organizations build a roadmap with a lack of understanding of their portfolio.

    72% of organizations do not have an excellent understanding of the application portfolio (Capgemini).

    How can I improve my portfolio?

    Misalignment between Applications and Business Operations

    Applications fail to meet their intended function, resulting in duplication, a waste of resources, and a decrease in ROI. This makes it harder for IT to justify to the business the reasons to complete a roadmap.

    48% of organizations believe that there are more applications than the business requires (Capgemini).

    How can my portfolio help transform the business?

    IT's budget is to keep the lights on.

    The application portfolio is complex and pervasive and requires constant support from IT. This makes it increasingly difficult for IT to adopt or develop new strategies since its immediate goal will always be to fix what already exists. This causes large delays and breaks in the timeline to complete a roadmap.

    68% of IT directors have wasted time and money because they did not have better visibility of application roadmaps (ComputerWeekly).

    Roadmaps can be the solution, but stall when they lack the information needed for good decision making

    An application portfolio roadmap provides a visual representation of your application portfolio, is used to plan out the portfolio’s strategy over a given time frame, and assists management in key decisions. But…

    • You can’t change an app without knowing its backend.
    • You can't rationalize what you don't know.
    • You can’t confirm redundancies without knowing every app.
    • You can’t rationalize without the business perspective.

    A roadmap is meaningless if you haven’t done any analysis to understand the multiple perspectives on your applications.

    Application rationalization ensures roadmaps reflect what the business actually wants and needs

    Application rationalization is the practice of strategically identifying business applications across an organization to determine which applications should be kept, replaced, retired, or consolidated (TechTarget).

    Discover, Improve, and Transform Through Application Rationalization

    Your application rationalization effort increases the maturity of your roadmap efforts by increasing value to the business. Go beyond the discover phase – leverage application rationalization insights to reach the improve and transform phases.

    Strong Apps Are Key to Business Satisfaction

    79% of organizations with high application suite satisfaction believe that IT offers the organization a competitive edge over others in the industry. (Info-Tech Research Group, N=230)

    Info-Tech Insight

    Companies with an effective portfolio are twice as likely to report high-quality applications, four times as likely to report high proficiency in legacy apps management, and six times as likely to report strong business alignment.

    Rationalization comes at a justified cost

    Rationalization can reduce costs and drive innovation

    Projecting the ROI of application rationalization is difficult and dangerous when used as the only marker for success.

    However, rationalization, when done effectively, will help drop operational or maintenance costs of your applications as well as provide many more opportunities to add value to the business.

    A graph with Time on the X-axis and Cost on the Y axis. The graph compares cost before rationalization, where the cost of the existing portfolio is high, with cost after rationalization, where the cost of the existing portfolio is reduced. The graph demonstrates a decrease in overall portfolio spend after rationalization

    Organizations lack a strategic approach to application rationalization, leading to failure

    IT leaders strive to push the business forward but are stuck in a cycle of reaction where they manage short-term needs rather than strategic approaches.

    Why Is This the Case?

    Lack of Relevant Information

    Rationalization fails without appropriately detailed, accurate, and up-to-date information. You need to identify what information is available and assemble the teams to collect and analyze it.

    Failure to Align With Business Objectives

    Rationalization fails when you lack a clear list of strategic and collaborative priorities; priorities need to be both IT and non-IT related to align with the business objectives and provide value.

    IT Leaders Fails to Justify Projects

    Adhering to a rigid rationalization process can be complex and costly. Play to your strengths and build an ARF based on your goals and limitations.

    Info-Tech Insight

    Misaligned portfolio roadmaps are known to lead teams and projects into failure!
    Building an up-to-date portfolio roadmap that aligns business objectives to IT objectives will increase approval and help the business see the long-term value of roadmapping.

    Don’t start in the middle; ensure you have the basics down

    Application portfolio strategy practice maturity stages

    1. Discover Your Applications
    2. Improve
    3. Transform
    A graph with Rigor of APM Practice on the X-axis and Value to the Business on the Y-axis. The content of the graph is split into the 3 maturity stages, Discover, Improve, and Transform. With each step, the Value to the Business and Rigor of APM Practice increase.

    Disambiguate your systems and clarify your scope

    Define the items that make up your portfolio.

    Broad or unclear definitions of “application” can complicate the scope of rationalization. Take the time to define an application and come to a common understanding of the systems which will be the focus of your rationalization effort.

    Bundling systems under common banner or taking a product view of your applications and components can be an effective way to ensure you include your full collection of systems, without having to perform too many individual assessments.

    Scope

    Single... Capability enabled by... Whole...
    Digital Product + Service Digital Platform Platform Portfolio Customer Facing
    Product (one or more apps) Product Family Product Portfolio

    Application Application Architecture Application Portfolio Internal

    A graphic listing the following products: UI, Applications, Middleware, Data, and Infrastructure. A banner reading APIs runs through all products, and UI, Applications, and Middleware are bracketed off as Application

    Info-Tech’s framework can be applied to portfolios of apps, products, and their related capabilities or services.

    However you organize your tech stack, Info-Tech’s application rationalization framework can be applied.

    Understand the multiple lenses of application rationalization and include in your framework

    There are many lenses to view your applications. Rationalize your applications using all perspectives to assess your portfolio and determine the most beneficial course of action.

    Application Alignment - Architect Perspective

    How well does the entire portfolio align to your business capabilities?

    Are there overlaps or redundancies in your application features?

    Covered in Discover Your Applications.

    Business Value - CEO Perspective

    Is the application producing sufficient business value?

    Does it impact profitability, enable capabilities, or add any critical factor that fulfills the mission and vision?

    TCO - CIO Perspective

    What is the overall cost of the application?

    What is the projected cost as your organization grows? What is the cost to maintain the application?

    End User

    How does the end user perceive the application?

    What is the user experience?

    Do the features adequately support the intended functions?

    Is the application important or does it have high utilization?

    Technical Value - App Team Perspective

    What is the state of the backend of the application?

    Has the application maintained sufficient code quality? Is the application reliable? How does it fit into your application architecture?

    Each perspective requires its own analysis and is an area of criteria for rationalization.

    Apply the appropriate amount of rigor for your ARF based on your specific goals and limitations

    Ideally, the richer the data the better the results, but the reality is in-depth analysis is challenging and you’ll need to play to your strengths to be successful.

    Light-Weight Assessment

    App to capability alignment.

    Determine overlaps.

    Subjective 1-10 scale

    Subjective T-shirt size (high, med., low)

    End-user surveys

    Performance temperature check

    Thorough Analysis

    App to process alignment.

    Determine redundancies.

    Apply a value measurement framework.

    Projected TCO with traceability to ALM & financial records.

    Custom build interviews with multiple end users

    Tool and metric-based analysis

    There is no one-size-fits all rationalization. The primary goal of this blueprint is to help you determine the appropriate level of analysis given your motivations and goals for this effort as well as the limitations of resources, timeline, and accessible information.

    Rationalize and build your application portfolio strategy the right way to ensure success

    Big-Bang Approach

    • An attempt to assess the whole portfolio at once.
    • The result is information overload.
    • Information gathered is likely incomplete and/or inaccurate.
    • Tangible benefits are a long time away.

    Covert Approach

    • Information is collected behind the scenes and whenever information sources are available.
    • Assumptions about the business use of applications go unconfirmed.

    Corner-of-the-Desk Approach

    • No one is explicitly dedicated to building a strategy or APM practices.
    • Information is collected whenever the application team has time available.
    • Benefits are pushed out and value is lost.

    Iterative Approach

    • Carried out in phases, concentrating on individual business units or subsets of applications.
    • Priority areas are completed first.
    • The APM practice strengthens through experience.

    Sponsored Mandate Approach

    • The appropriate business stakeholders participate.
    • Rationalization is given project sponsors who champion the practice and communicate the benefits across the organization.

    Dedicated Approach

    • Rationalization and other APM activities are given a budget and formal agenda.
    • Roles and responsibilities are assigned to team members.

    Use Info-Tech’s Application Portfolio Assessment Diagnostic to add the end users’ perspective to your decision making

    Prior to Blueprint: Call 1-888-670-8889 to inquire about or request the Application Portfolio Assessment.

    Info-Tech Best Practice

    The approach in this blueprint has been designed in coordination with Info-Tech’s Application Portfolio Assessment (APA) Diagnostic. While it is not a prerequisite, your project will experience the best results and be completed much quicker by taking advantage of our diagnostic offering prior to initiating the activities in this blueprint.

    Use the program diagnostic to:

    • Assess the importance and satisfaction of enterprise applications.
    • Solicit feedback from your end users on applications being used.
    • Understand the strengths and weaknesses of your current applications.
    • Perform a high-level application rationalization initiative.

    Integrate diagnostic results to:

    • Target which applications to analyze in greater detail.
    • Expand on the initial application rationalization results with a more comprehensive and business-value-focused criteria.

    Use Info-Tech’s Application Rationalization Tool to determine and then visualize your application portfolio strategy

    At the center of this project is an Application Rationalization Tool that is used as a living document of your:

      1. Customizable Application Rationalization Framework

      2. Recommendation Dispositions

      3. Application Portfolio Roadmap (seen below)

    Use the step-by-step advice within this blueprint to rationalize your application portfolio and build a realistic and accurate application roadmap that drives business value.

    Central to our approach to application rationalization are industry-leading frameworks

    Info-Tech uses the APQC and COBIT5 frameworks for certain areas of this research. Contextualizing application rationalization within these frameworks clarifies its importance and role and ensures that our assessment tool is focused on key priority areas. The APQC and COBIT5 frameworks are used as a starting point for assessing application effectiveness within specific business capabilities of the different components of application rationalization.

    APQC is one of the world's leading proponents of business benchmarking, best practices, and knowledge management research.

    COBIT 5 is the leading framework for the governance and management of enterprise IT.

    In addition to industry-leading frameworks, our best-practice approach is enhanced by the insights and guidance from our analysts, industry experts, and our clients.

    Our peer network of over 33,000 happy clients proves the effectiveness of our research.

    Our team conducts 1,000+ hours of primary and secondary research to ensure that our approach is enhanced by best practices.

    A public utility organization is using Info-Tech’s approach for rationalization of its applications for reduced complexity

    Case Study

    Industry: Public Sector

    Source: Info-Tech Research Group

    Challenge

    • The public utility has a complex application portfolio, with a large number of applications custom-built that provide limited functionality to certain business groups.
    • The organization needed to move away from custom point solutions and adopt more hosted solutions to cater to larger audiences across business domains.
    • The organization required a comprehensive solution for the following:
      • Understanding how applications are being used by business users.
      • Unraveling the complexity of its application landscape using a formal rationalization process.

    Solution

    • The organization went through a rationalization process with Info-Tech in a four-day onsite engagement to determine the following:
      • Satisfaction level and quality evaluation of end users’ perception of application functionality.
      • Confirmation on what needs to be done with each application under assessment.
      • The level of impact the necessary changes required for a particular application would have on the greater app ecosystem.
      • Prioritization methodology for application roadmap implementation.

    Results

    • Info-Tech’s Application Portfolio Assessment Diagnostic report helped the public utility understand what applications users valued and found difficult to use.
    • The rationalization process gave insight into situations where functionality was duplicated across multiple applications and could be consolidated within one application.
    • The organization determined that its application portfolio was highly complex, and Info-Tech provided a good framework for more in-depth analysis.
    • The organization now has a rationalization process that it can take to other business domains.

    Key Metrics for Every CIO

    • Buy Link or Shortcode: {j2store}119|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Performance Measurement
    • Parent Category Link: /performance-measurement
    • As a CIO, you are inundated with data and information about how your IT organization is performing based on the various IT metrics that exist.
    • The information we receive from metrics is often just that – information. Rarely is it used as a tool to drive the organization forward.
    • CIO metrics need to consider the goals of key stakeholders in the organization.

    Our Advice

    Critical Insight

    • The top metrics for CIOs don’t have anything to do with IT.
    • CIOs should measure and monitor metrics that have a direct impact on the business.
    • Be intentional with the metric and number of metrics that you monitor on a regular basis.
    • Be transparent with your stakeholders on what and why you are measuring those specific metrics.

    Impact and Result

    • Measure fewer metrics, but measure those that will have a significant impact on how your deliver value to your organization.
    • Focus on the metrics that you can take action against, rather than simply monitor.
    • Ensure your metrics tie to your top priorities as a CIO.

    Key Metrics for Every CIO Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Key Metrics for Every CIO deck – The top metrics every CIO should measure and act on

    Leverage the top metrics for every CIO to help focus your attention and provide insight into actionable steps.

    • Key Metrics for Every CIO Storyboard
    [infographic]

    Further reading

    Key Metrics for Every CIO

    The top six metrics for CIOs – and they have very little to do with IT

    Analyst Perspective

    Measure with intention

    Be the strategic CIO who monitors the right metrics relevant to their priorities – regardless of industry or organization. When CIOs provide a laundry list of metrics they are consistently measuring and monitoring, it demonstrates a few things.

    First, they are probably measuring more metrics than they truly care about or could action. These “standardized” metrics become something measured out of expectation, not intention; therefore, they lose their meaning and value to you as a CIO. Stop spending time on these metrics you will be unable or unwilling to address.

    Secondly, it indicates a lack of trust in the IT leadership team, who can and should be monitoring these commonplace operational measures. An empowered IT leader will understand the responsibility they have to inform the CIO should a metric be derailing from the desired outcome.

    Photo of Brittany Lutes, Senior Research Analyst, Organizational Transformation Practice, Info-Tech Research Group. Brittany Lutes
    Senior Research Analyst
    Organizational Transformation Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    CIOs need to measure a set of specific metrics that:

    • Will support the organization’s vision, their career, and the IT function all in one.
    • Can be used as a tool to make informed decisions and take appropriate actions that will improve the IT function’s ability to deliver value.
    • Consider the influence of critical stakeholders, especially the end customer.
    • Are easily measured at any point in time.
    		 Common Obstacles

    CIOs often cannot define these metrics because:

    • We confuse the operational metrics IT leaders need to monitor with strategic metrics CIOs need to monitor.
    • Previously monitored metrics did not deliver value.
    • It is hard to decide on a metric that will prove both insightful and easily measurable.
    • We measure metrics without any method or insight on how to take actionable steps forward.
    		 Info-Tech’s Approach

    For every CIO, there are six areas that should be a focus, no matter your organization or industry. These six priorities will inform the metrics worth measuring:

    • Risk management
    • Delivering on business objectives
    • Customer satisfaction
    • Employee engagement
    • Business leadership relations
    • Managing to a budget

    Info-Tech Insight

    The top metrics for a CIO to measure and monitor have very little to do with IT and everything to do with ensuring the success of the business.

    Your challenge

    CIOs are not using metrics as a personal tool to advance the organization:
    • Metrics should be used as a tool by the CIO to help inform the future actions that will be taken to reach the organization’s strategic vision.
    • As a CIO, you need to have a defined set of metrics that will support your career, the organization, and the IT function you are accountable for.
    • CIO metrics must consider the most important stakeholders across the entire ecosystem of the organization – especially the end customer.
    • The metrics for a CIO are distinctly different from the metrics you use to measure the operational effectiveness of the different IT functions.
    		 “CIOs are businesspeople first and technology people second.” (Myles Suer, Source: CIO, 2019.)

    Common obstacles

    These barriers make this challenge difficult to address for many CIOs:
    • CIOs often do not measure metrics because they are not aware of what should or needs to be measured.
    • As a result of not wanting to measure the wrong thing, CIOs can often choose to measure nothing at all.
    • Or they get too focused on the operational metrics of their IT organization, leaving the strategic business metrics forgotten.
    • Moreover, narrowing the number of metrics that are being measured down to an actionable number is very difficult.
    • We rely only on physical data sets to help inform the measurements, not considering the qualitative feedback received.
    		 CIO priorities are business priorities

    46% of CIOs are transforming operations, focused on customer experiences and employee productivity. (Source: Foundry, 2022.)

    Finances (41.3%) and customers (28.1%) remain the top two focuses for CIOs when measuring IT effectiveness. All other focuses combine for the remaining 30.6%. (Source: Journal of Informational Technology Management, 2018.)

    Info-Tech’s approach

    Organizational goals inform CIO metrics

    Diagram with 'CIO Metrics' at the center surrounded by 'Directive Goals', 'Product/Service Goals', 'IT Goals', and 'Operations Goals', each of which are connected to eachother by 'Customers'.

    		The Info-Tech difference:
    1. Every CIO has the same set of priorities regardless of their organization or industry given that these metrics are influenced by similar goals of organizations.
    2. CIO metrics are a tool to help inform the actions that will support each core area in reaching their desired goals.
    3. Be mindful of the goals different business units are using to reach the organization’s strategic vision – this includes your own IT goals.
    4. Directly or indirectly, you will always influence the ability to acquire and retain customers for the organization.

    CIO priorities

    MANAGING TO A BUDGET
    Reducing operational costs and increasing strategic IT spend.     		Table centerpiece for CIO Priorities. DELIVERING ON BUSINESS OBJECTIVES
    Aligning IT initiatives to the vision of the organization.
    CUSTOMER SATISFACTION
    Directly and indirectly impacting customer experience.     		EMPLOYEE ENGAGEMENT
    Creating an IT workforce of engaged and purpose-driven people.
    RISK MANAGEMENT
    Actively knowing and mitigating threats to the organization.     		BUSINESS LEADERSHIP RELATONS
    Establishing a network of influential business leaders.

    High-level process flow

    How do we use the CIO metrics?
    Process flow that starts at 'Consider - Identify and analyze CIO priorities', and is followed by 'Select priorities - Identify the top priorities for CIOs (see previous slide)', 'Create a measure - Determine a measure that aligns to each priority', 'Make changes & improvements - Take action to improve the measure and reach the goal you are trying to achieve', 'Demonstrate progress - Use the metrics to demonstrate progress against priorities'. Using priority-based metrics allows you to make incremental improvements that can be measured and reported on, which makes program maturation a natural process.

    Example CIO dashboard

    Example CIO dashboard.
    * Arrow indicates month-over-month trend

    Harness the value of metric data

    Metrics are rarely used accurately as a tool
    • When you have good metrics, you can:
      • Ensure employees are focused on the priorities of the organization
      • Have insight to make better decisions
      • Communicate with the business using language that resonates with each stakeholder
      • Increase the performance of your IT function
      • Continually adapt to meet changing business demands
    • Metrics are tools that quantifiably indicate whether a goal is on track to being achieved (proactive) or if the goal was successfully achieved (retroactive)
    • This is often reflected through two metric types:
      • Leading Metrics: The metric indicates if there are actions that should be taken in the process of achieving a desired outcome.
      • Lagging Metrics: Based on the desired outcome, the metric can indicate where there were successes or failures that supported or prevented the outcome from being achieved.
    • Use the data from the metrics to inform your actions. Do not collect this data if your intent is simply to know the data point. You must be willing to act.
    		 "The way to make a metric successful is by understanding why you are measuring it." (Jeff Neyland CIO)

    CIOs measure strategic business metrics

    Keep the IT leadership accountable for operational metrics
    • Leveraging the IT leadership team, empower and hold each leader accountable for the operational metrics specific to their functional area
    • As a CIO, focus on the metrics that are going to impact the business. These are often tied to people or stakeholders:
      • The customers who will purchase the product or service
      • The decision makers who will fund IT initiatives
      • The champions of IT value
      • The IT employees who will be driven to succeed
      • The owner of an IT risk event
    • By focusing on these priority areas, you can regularly monitor aspects that will have major business impacts – and be able to address those impacts.
    		 As a CIO, avoid spending time on operational metrics such as:
    • Time to deliver
    • Time to resolve
    • Project delivery (scope, time, money)
    • Application usage
    • User experiences
    • SLAs
    • Uptime/downtime
    • Resource costs
    • Ticket resolution
    • Number of phishing attempts
    Info-Tech Insight

    While operational metrics are important to your organization, IT leaders should be empowered and responsible for their management.

    SECTION 1

    Actively Managing IT Risks

    Actively manage IT risks

    The impact of IT risks to your organization cannot be ignored any further
    • Few individuals in an organization understand IT risks and can proactively plan for the prevention of those threats, making the CIO the responsible and accountable individual when it comes to IT risks – especially the components that tie into cybersecurity.
    • When the negative impacts of an IT threat event are translated into terms that can be understood and actioned by all in the organization, it increases the likelihood of receiving the sponsorship and funding support necessary.
    • Moreover, risk management can be used as a tool to drive the organization toward its vision state, enabling informed risk decisions.

    Risk management metric:

    Number of critical IT threats that were detected and prevented before impact to the organization.

    Beyond risk prevention
    Organizations that have a clear risk tolerance can use their risk assessments to better inform their decisions.
    Specifically, taking risks that could lead to a high return on investment or other key organizational drivers.

    Protect the organization from more than just cyber threats

    Other risk-related metrics:
    • Percentage of IT risks integrated into the organization’s risk management approach.
    • Number of risk management incidents that were not identified by your organization (and the potential financial impact of those risks).
    • Business satisfaction with IT actions to reduce impact of negative IT risk events.
    • Number of redundant systems removed from the organizations portfolio.
    Action steps to take:
    • Create a risk-aware culture, not just with IT folks. The entire organization needs to understand how IT risks are preventable.
    • Clearly demonstrate the financial and reputational impact of potential IT risks and ensure that this is communicated with decision-makers in the organization.
    • Have a single source of truth to document possible risk events and report prevention tactics to minimize the impact of risks.
    • Use this information to recommend budget changes and help make risk-informed decisions.

    49%

    Investing in Risk

    Heads of IT “cited increasing cybersecurity protections as the top business initiative driving IT investments this year” (Source: Foundry, 2022.)

    SECTION 2

    Delivering on Business Objectives

    Delivering on business objectives

    Deliver on initiatives that bring value to your organization and stop benchmarking
    • CIOs often want to know how they are performing in comparison to their competitors (aka where do you compare in the benchmarking?)
    • While this is a nice to know, it adds zero value in demonstrating that you understand your business, let alone the goals of your business
    • Every organization will have a different set of goals it is striving toward, despite being in the same industry, sector, or market.
    • Measuring your performance against the objectives of the organization prevents CIOs from being more technical than it would do them good.

    Business Objective Alignment Metric:

    Percentage of IT metrics have a direct line of impact to the business goals

    Stop using benchmarks to validate yourself against other organizations. Benchmarking does not provide:
    • Insight into how well that organization performed against their goals.
    • That other organizations goals are likely very different from your own organization's goals.
    • It often aggregates the scores so much; good and bad performers stop being clearly identified.

    Provide a clear line of sight from IT metrics to business goals

    Other business alignment metrics:
    • Number of IT initiatives that have a significant impact on the success of the organization's goals.
    • Number of IT initiatives that exceed the expected value.
    • Positive impact ($) of IT initiatives on driving business innovation.
    Action steps to take:
    • Establish a library or dashboard of all the metrics you are currently measuring as an IT organization, and align each of them to one or more of the business objectives your organization has.
    • Leverage the members of the organization’s executive team to validate they understand how your metric ties to the business objective.
    • Any metric that does not have a clear line of sight should be reconsidered.
    • IT metrics should continue to speak in business terms, not IT terms.

    50%

    CIOs drive the business

    The percentage of CEOs that recognize the CIO as the main driver of the business strategy in the next 2-3 years. (Source: Deloitte, 2020.)

    SECTION 3

    Impact on Customer Satisfaction

    Influencing end-customer satisfaction

    Directly or indirectly, IT influences how satisfied the customer is with their product or service
    • Now more than ever before, IT can positively influence the end-customer’s satisfaction with the product or service they purchase.
    • From operational redundancies to the customer’s interaction with the organization, IT can and should be positively impacting the customer experience.
    • IT leaders who take an interest in the customer demonstrate that they are business-focused individuals and understand the intention of what the organization is seeking to achieve.
    • With the CIO role becoming a strategic one, understanding why a customer would or would not purchase your organization’s product or service stops being a “nice to have.”

    Customer satisfaction metric:

    What is the positive impact ($ or %) of IT initiatives on customer satisfaction?

    Info-Tech Insight

    Be the one to suggest new IT initiatives that will impact the customer experience – stop waiting for other business leaders to make the recommendation.

    Enhance the end-customer experience with I&T

    Other customer satisfaction metrics:
    • Amount of time CIO spends interacting directly with customers.
    • Customer retention rate.
    • Customer attraction rate.
    Action steps to take:
    • Identify the core IT capabilities that support customer experience. Automation? Mobile application? Personal information secured?
    • Suggest an IT-supported or-led initiative that will enhance the customer experience and meet the business goals. Retention? Acquisition? Growth in spend?
    • This is where operational metrics or dashboards can have a real influence on the customer experience. Be mindful of how IT impacts the customer journey.

    41%

    Direct CX interaction

    In 2022, 41% of IT heads were directly interacting with the end customer. (Source: Foundry, 2022.)

    SECTION 4

    Keeping Employees Engaged

    Keeping employees engaged

    This is about more than just an annual engagement survey
    • As a leader, you should always have a finger on the pulse of how engaged your employees are
    • Employee engagement is high when:
      • Employees have a positive disposition to their place of work
      • Employees are committed and willing to contribute to the organization's success
    • Employee engagement comprises three types of drivers: organizational, job, and retention. As CIO, you have a direct impact on all three drivers.
    • Providing employees with a positive work environment where they are empowered to complete activities in line with their desired skillset and tied to a clear purpose can significantly increase employee engagement.

    Employee engagement metric:

    Number of employees who feel empowered to complete purposeful activities related to their job each day

    Engagement leads to increases in:
    • Innovation
    • Productivity
    • Performance
    • Teamwork
    While reducing costs associated with high turnover.

    Employees daily tasks need to have purpose

    Other employee engagement metrics:
    • Tenure of IT employees at the organization.
    • Number of employees who seek out or use a training budget to enhance their knowledge/skills.
    • Degree of autonomy employees feel they have in their work on a daily basis.
    • Number of collaboration tools provided to enable cross-organizational work.
    Action steps to take:
    • If you are not willing to take actionable steps to address engagement, don’t bother asking employees about it.
    • Identify the blockers to empowerment. Common blockers include insufficient team collaboration, bureaucracy, inflexibility, and feeling unsupported and judged.
    • Ensure there is a consistent understanding of what “purposeful” means. Are you talking about “purposeful” to the organization or the individual?
    • Provide more clarity on what the organization’s purpose is and the vision it is driving toward. Just because you understand does not mean the employees do.

    26%

    Act on engagement

    Only 26% of leaders actually think about and act on engagement every single day. (Source: SHRM, 2022.)

    SECTION 5

    Establishing Trusted Business Relationships

    Establishing trusted business partnerships

    Leverage your relationships with other C-suite executives to demonstrate IT’s value
    • Your relationship with other business peers is critical – and, funny enough, it is impacted by the use of good metrics and data.
    • The performance of your IT team will be recognized by other members of the executive leadership team (ELT) and is a direct reflection of you as a leader.
    • A good relationship with the ELT can alleviate issues if concerns about IT staff surface.
      • Of the 85% of IT leaders working on transformational initiatives, only 30% are trying to cultivate an IT/business partnership (Foundry, 2022).
    • Don’t let other members of the organizations ELT overlook you or the value IT has. Build the key relationships that will drive trust and partnerships.

    Business leadership relationship metric:

    Ability to influence business decisions with trusted partners.

    Some key relationships that are worth forming with other C-suite executives right now include:
    • Chief Sustainability Officer
    • Chief Revenue Officer
    • Chief Marketing Officer
    • Chief Data Officer

    Influence business decisions with trusted partners

    Other business relations metrics:
    • The frequency with which peers on the ELT complain about the IT organization to other ELT peers.
    • Percentage of business leaders who trust IT to make the right choices for their accountable areas.
    • Number of projects that are initiated with a desired solution versus problems with no desired solution.
    Action steps to take:
    • From lunch to the boardroom, it is important you make an effort to cultivate relationships with the other members of the ELT.
    • Identify who the most influential members of the ELT are and what their primary goals or objectives are.
    • Follow through on what you promise you will deliver – if you do not know, do not promise it!
    • What will work for one member of the ELT will not work for another – personalize your approach.

    60%

    Enterprise-wide collaboration

    “By 2023, 60% of CIOs will be primarily measured for their ability to co-create new business models and outcomes through extensive enterprise and ecosystem-wide collaboration.” (Source: IDC, 2021.)

    SECTION 6

    Managing to a Budget

    Managing to a budget

    Every CIO needs to be able to spend within budget while increasing their strategic impact
    • From security, to cloud, to innovating the organization's products and services, IT has a lot of initiatives that demand funds and improve the organization.
    • Continuing to demonstrate good use of the budget and driving value for the organization will ensure ongoing recognition in the form of increased money.
    • 29% of CIOs indicated that controlling costs and expense management was a key duty of a functional CIO (Foundry, 2022).
    • Demonstrating the ability to spend within a defined budget is a key way to ensure the business trusts you.
    • Demonstrating an ability to spend within a defined budget and reducing the cost of operational expenses while increasing spend on strategic initiatives ensures the business sees the value in IT.

    Budget management metric:

    Proportion of IT budget that is strategic versus operational.

    Info-Tech Insight

    CIOs need to see their IT function as its own business – budget and spend like a CEO.

    Demonstrate IT’s ability to spend strategically

    Other budget management metrics:
    • Cost required to lead the organization through a digital transformation.
    • Reduction in operational spend due to retiring legacy solutions.
    • Percentage of budget in the run, grow, and transform categories.
    • Amount of money spent keeping the lights on versus investing in new capabilities.

    Action steps to take:

    • Consider opportunities to automate processes and reduce the time/talent required to spend.
    • Identify opportunities and create the time for resources to modernize or even digitize the organization to enable a better delivery of the products or services to the end customer.
    • Review the previous metrics and tie it back to running the business. If customer satisfaction will increase or risk-related threats decrease through an initiative IT is suggesting, you can make the case for increased strategic spend.

    90%

    Direct CX interaction

    Ninety percent of CIOs expect their budget to increase or remain the same in their next fiscal year. (Source: Foundry, 2022.)

    Research contributors and experts

    Photo of Jeff Neyland. Jeff Neyland
    Chief Information Officer – University of Texas at Arlington     		Photo of Brett Trelfa. Brett Trelfa
    SVP and CIO – Arkansas Blue Cross Blue Shield     		Blank photo template. Lynn Fyhrlund
    Chief Information Officer – Milwaukee County Department of Administrative Services

    Info-Tech Research Group

    Vicki Van Alphen Executive Counselor Ibrahim Abdel-Kader Research Analyst
    Mary Van Leer Executive Counselor Graham Price Executive Counselor
    Jack Hakimian Vice President Research Valence Howden Principal Research Director
    Mike Tweedie CIO Practice Lead Tony Denford Organization Transformation Practice Lead

    Related Info-Tech Research

    Sample of the 'IT Metrics Library'. IT Metrics Library
    • Use this tool to review commonly used KPIs for each practice area
    • Identify KPI owners, data sources, baselines, and targets. It also suggests action and research for low-performing KPIs.
    • Use the "Action Plan" tab to keep track of progress on actions that were identified as part of your KPI review.
    Sample of 'Define Service Desk Metrics That Matter'. Define Service Desk Metrics That Matter
    • Consolidate your metrics and assign context and actions to those currently tracked.
    • Establish tension metrics to see and tell the whole story.
    • Split your metrics for each stakeholder group. Assign proper cadences for measurements as a first step to building an effective dashboard.
    Sample of 'CIO Priorities 2022'. CIO Priorities 2022
    • Understand how to respond to trends affecting your organization.
    • Determine your priorities based on current state and relevant internal factors.
    • Assign the right resources to accomplish your vision.
    • Consider what new challenges outside of your control will demand a response.

    Bibliography

    “Developing and Sustaining Employee Engagement.” SHRM, 2022.

    Dopson, Elise. “KPIs Vs. Metrics: What’s the Difference & How Do You Measure Both?” Databox, 23 Jun. 2021.

    Shirer, Michael, and Sarah Murray. “IDC Unveils Worldwide CIO Agenda 2022 Predictions.” IDC, 27 Oct. 2021.

    Suer, Myles. “The Most Important Metrics to Drive IT as a Business.” CIO, 19 Mar. 2019.

    “The new CIO: Business Savvy.” Deloitte Insights. Deloitte, 2020.

    “2022 State of the CIO: Rebalancing Act: CIO’s Operational Pandemic-Era Innovation.” Foundry, 2022.

    “Why Employee Engagement Matters for Leadership at all Levels.” Walden University, 20 Dec. 2019.

    Zhang, Xihui, et al. “How to Measure IT Effectiveness: The CIO’s Perspective.” Journal of Informational Technology Management, 29(4). 2018.

    Perform an Agile Skills Assessment

    • Buy Link or Shortcode: {j2store}153|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $32,166 Average $ Saved
    • member rating average days saved: 15 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Your organization is trying to address the key delivery challenges you are facing. Early experiments with Agile are starting to bear fruit.
    • As part of maturing your Agile practice, you want to evaluate if you have the right skills and capabilities in place.

    Our Advice

    Critical Insight

    • Focusing on the non-technical skills can yield significant returns for your products, your team, and your organization. These skills are what should be considered as the real Agile skills.

    Impact and Result

    • Define the skills and values that are important to your organization to be successful at being Agile.
    • Put together a standard criterion for measurement of the attainment of given skills.
    • Define the roadmap and communication plan around your agile assessment.

    Perform an Agile Skills Assessment Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should perform an agile skills assessment. review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Take stock of the Agile skills and values important to you

    Confirm the list of Agile skills that you wish to measure.

    • Perform an Agile Skills Assessment – Phase 1: Take Stock of the Agile Skills and Values Important to You
    • Agile Skills Assessment Tool
    • Agile Skills Assessment Tool Example

    2. Define an assessment method that works for you

    Define what it means to attain specific agile skills through a defined ascension path of proficiency levels, and standardized skill expectations.

    • Perform an Agile Skills Assessment – Phase 2: Define an Assessment Method That Works for You

    3. Plan to assess your team

    Determine the roll-out and communication plan that suits your organization.

    • Perform an Agile Skills Assessment – Phase 3: Plan to Assess Your Team
    • Agile Skills Assessment Communication and Roadmap Plan
    • Agile Skills Assessment Communication and Roadmap Plan Example
    [infographic]

    Workshop: Perform an Agile Skills Assessment

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Agile Skills and Maturity Levels

    The Purpose

    Learn about and define the Agile skills that are important to your organization.

    Define the different levels of attainment when it comes to your Agile skills.

    Define the standards on a per-role basis.

    Key Benefits Achieved

    Get a clear view of the Agile skills important into meet your Agile transformation goals in alignment with organizational objectives.

    Set a clear standard for what it means to meet your organizational standards for Agile skills.

    Activities

    1.1 Review and update the Agile skills relevant to your organization.

    1.2 Define your Agile proficiency levels to evaluate attainment of each skill.

    1.3 Define your Agile team roles.

    1.4 Define common experience levels for your Agile roles.

    1.5 Define the skill expectations for each Agile role.

    Outputs

    A list of Agile skills that are consistent with your Agile transformation

    A list of proficiency levels to be used during your Agile skills assessment

    A confirmed list of roles that you wish to measure on your Agile teams

    A list of experience levels common to Agile team roles (example: Junior, Intermediate, Senior)

    Define the skill expectations for each Agile role

    Domino – Maintain, Commit to, or Vacate?

    • Buy Link or Shortcode: {j2store}113|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design

    If you have a Domino/Notes footprint that is embedded within your business units and business processes and is taxing your support organization, you may have met resistance from the business and been asked to help the organization migrate away from the Lotus Notes platform. The Lotus Notes platform was long used by technology and businesses and a multipurpose solution that, over the years, became embedded within core business applications and processes.

    Our Advice

    Critical Insight

    For organizations that are struggling to understand their options for the Domino platform, the depth of business process usage is typically the biggest operational obstacle. Migrating off the Domino platform is a difficult option for most organizations due to business process and application complexity. In addition, migrating clients have to resolve the challenges with more than one replaceable solution.

    Impact and Result

    The most common tactic is for the organization to better understand their Domino migration options and adopt an application rationalization strategy for the Domino applications entrenched within the business. Options include retiring, replatforming, migrating, or staying with your Domino platform.

    Domino – Maintain, Commit to, or Vacate? Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Domino – Maintain, Commit to, or Vacate? – A brief deck that outlines key migration options for HCL Domino platforms.

    This blueprint will help you assess the fit, purpose, and price of Domino options; develop strategies for overcoming potential challenges; and determine the future of Domino for your organization.

    • Domino – Maintain, Commit to, or Vacate? Storyboard

    2. Application Rationalization Tool – A tool to understand your business-developed applications, their importance to business process, and the potential underlying financial impact.

    Use this tool to input the outcomes of your various application assessments.

    • Application Rationalization Tool
    [infographic]

    Further reading

    Domino – Maintain, Commit to, or Vacate?

    Lotus Domino still lives, and you have options for migrating away from or remaining with the platform.

    Executive Summary

    Info-Tech Insight

    “HCL announced that they have somewhere in the region of 15,000 Domino customers worldwide, and also claimed that that number is growing. They also said that 42% of their customers are already on v11 of Domino, and that in the year or so since that version was released, it’s been downloaded 78,000 times. All of which suggests that the Domino platform is, in fact, alive and well.”
    – Nigel Cheshire in Team Studio

    Your Challenge

    You have a Domino/Notes footprint embedded within your business units and business processes. This is taxing your support organization; you are meeting resistance from the business, and you are now asked to help the organization migrate away from the Lotus Notes platform. The Lotus Notes platform was long used by technology and businesses as a multipurpose solution that, over the years, became embedded within core business applications and processes.

    Common Obstacles

    For organizations that are struggling to understand their options for the Domino platform, the depth of business process usage is typically the biggest operational obstacle. Migrating off the Domino platform is a difficult option for most organizations due to business process and application complexity. In addition, migrating clients have to resolve the challenges with more than one replaceable solution.

    Info-Tech Approach

    The most common tactic is for the organization to better understand their Domino migration options and adopt an application rationalization strategy for the Domino applications entrenched within the business. Options include retiring, replatforming, migrating, or staying with your Domino platform.

    Review

    Is “Lotus” Domino still alive?

    Problem statement

    The number of member engagements with customers regarding the Domino platform has, as you might imagine, dwindled in the past couple of years. While many members have exited the platform, there are still many members and organizations that have entered a long exit program, but with how embedded Domino is in business processes, the migration has slowed and been met with resistance. Some organizations had replatformed the applications but found that the replacement target state was inadequate and introduced friction because the new solution was not a low-code/business-user-driven environment. This resulted in returning the Domino platform to production and working through a strategy to maintain the environment.

    This research is designed for:

    • IT strategic direction decision-makers
    • IT managers responsible for an existing Domino platform
    • Organizations evaluating migration options for mission-critical applications running on Domino

    This research will help you:

    1. Evaluate migration options.
    2. Assess the fit and purpose.
    3. Consider strategies for overcoming potential challenges.
    4. Determine the future of this platform for your organization.

    The “everything may work” scenario

    Adopt and expand

    Believe it or not, Domino and Notes are still options to consider when determining a migration strategy. With HCL still committed to the platform, there are options organizations should seek to better understand rather than assuming SharePoint will solve all. In our research, we consider:

    Importance to current business processes

    • Importance of use
    • Complexity in migrations
    • Choosing a new platform

    Available tools to facilitate

    • Talent/access to skills
    • Economies of scale/lower cost at scale
    • Access to technology

    Info-Tech Insight

    With multiple options to consider, take the time to clearly understand the application rationalization process within your decision making.

    • Archive/retire
    • Application migration
    • Application replatform
    • Stay right where you are

    Eliminate your bias – consider the advantages

    “There is a lot of bias toward Domino; decisions are being made by individuals who know very little about Domino and more importantly, they do not know how it impacts business environment.”

    – Rob Salerno, Founder & CTO, Rivet Technology Partners

    Domino advantages include:

    Modern Cloud & Application

    • No-code/low-code technology

    Business-Managed Application

    • Business written and supported
    • Embrace the business support model
    • Enterprise class application

    Leverage the Application Taxonomy & Build

    • A rapid application development platform
    • Develop skill with HCL training

    HCL Domino is a supported and developed platform

    Why consider HCL?

    • Consider scheduling a Roadmap Session with HCL. This is an opportunity to leverage any value in the mission and brand of your organization to gain insights or support from HCL.
    • Existing Domino customers are not the only entities seeking certainty with the platform. Software solution providers that support enterprise IT infrastructure ecosystems (backup, for example) will also be seeking clarity for the future of the platform. HCL will be managing these relationships through the channel/partner management programs, but our observations indicate that Domino integrations are scarce.
    • HCL Domino should be well positioned feature-wise to support low-code/NoSQL demands for enterprises and citizen developers.

    Visualize Your Application Roadmap

    1. Focus on the application portfolio and crafting a roadmap for rationalization.
      • The process is intended to help you determine each application’s functional and technical adequacy for the business process that it supports.
    2. Document your findings on respective application capability heatmaps.
      • This drives your organization to a determination of application dispositions and provides a tool to output various dispositions for you as a roadmap.
    3. Sort the application portfolio into a disposition status (keep, replatform, retire, consolidate, etc.)
      • This information will be an input into any cloud migration or modernization as well as consolidation of the infrastructure, licenses, and support for them.

    Our external support perspective

    by Darin Stahl

    Member Feedback

    • Some members who have remaining Domino applications in production – while the retire, replatform, consolidate, or stay strategy is playing out – have concerns about the challenges with ongoing support and resources required for the platform. In those cases, some have engaged external services providers to augment staff or take over as managed services.
    • While there could be existing support resources (in house or on retainer), the member might consider approaching an external provider who could help backstop the single resource or even provide some help with the exit strategies. At this point, the conversation would be helpful in any case. One of our members engaged an external provider in a Statement of Work for IBM Domino Administration focused on one-time events, Tier 1/Tier 2 support, and custom ad hoc requests.
    • The augmentation with the managed services enabled the member to shift key internal resources to a focus on executing the exit strategies (replatform, retire, consolidate), since the business knowledge was key to that success.
    • The member also very aggressively governed the Domino environment support needs to truly technical issues/maintenance of known and supported functionality rather than coding new features (and increasing risk and cost in a migration down the road) – in short, freezing new features and functionality unless required for legal compliance or health and safety.
    • There obviously are other providers, but at this point Info-Tech no longer maintains a market view or scan of those related to Domino due to low member demand.

    Domino database assessments

    Consider the database.

    • Domino database assessments should be informed through the lens of a multi-value database, like jBase, or an object system.
    • The assessment of the databases, often led by relational database subject matter experts grounded in normalized databases, can be a struggle since Notes databases must be denormalized.
    Key/Value Column

    Use case: Heavily accessed, rarely updated, large amounts of data
    Data Model: Values are stored in a hash table of keys.
    Fast access to small data values, but querying is slow
    Processor friendly
    Based on amazon's Dynamo paper
    Example: Project Voldemort used by LinkedIn

    		 this is a Key/Value example

    Use case: High availability, multiple data centers
    Data Model: Storage blocks of data are contained in columns
    Handles size well
    Based on Google's BigTable
    Example: Hadoop/Hbase used by Facebook and Yahoo

    		 This is a Column Example
    Document Graph

    Use case: Rapid development, Web and programmer friendly
    Data Model: Stores documents made up of tagged elements. Uses Key/Value collections
    Better query abilities than Key/Value databases.
    Inspired by Lotus Notes.
    Example: CouchDB used by BBC

    		 This is a Document Example

    Use case: Best at dealing with complexity and relationships/networks
    Data model: Nodes and relationships.
    Data is processed quickly
    Inspired by Euler and graph theory
    Can easily evolve schemas
    Example: Neo4j

    		 This is a Graph Example

    Understand your options

    Archive/Retire

    Store the application data in a long-term repository with the means to locate and read it for regulatory and compliance purposes.

    Migrate

    Migrate to a new version of the application, facilitating the process of moving software applications from one computing environment to another.

    Replatform

    Replatforming is an option for transitioning an existing Domino application to a new modern platform (i.e. cloud) to leverage the benefits of a modern deployment model.

    Stay

    Review the current Domino platform roadmap and understand HCL’s support model. Keep the application within the Domino platform.

    Archive/retire

    Retire the application, storing the application data in a long-term repository.

    Abstract

    The most common approach is to build the required functionality in whatever new application/solution is selected, then archive the old data in PDFs and documents.

    Typically this involves archiving the data and leveraging Microsoft SharePoint and the new collaborative solutions, likely in conjunction with other software-as-a-service (SaaS) solutions.

    Advantages

    • Reduce support cost.
    • Consolidate applications.
    • Reduce risk.
    • Reduce compliance and security concerns.
    • Improve business processes.

    Considerations

    • Application transformation
    • eDiscovery costs
    • Legal implications
    • Compliance implications
    • Business process dependencies

    Info-Tech Insights

    Be aware of the costs associated with archiving. The more you archive, the more it will cost you.

    Application migration

    Migrate to a new version of the application

    Abstract

    An application migration is the managed process of migrating or moving applications (software) from one infrastructure environment to another.

    This can include migrating applications from one data center to another data center, from a data center to a cloud provider, or from a company’s on-premises system to a cloud provider’s infrastructure.

    Advantages

    • Reduce hardware costs.
    • Leverage cloud technologies.
    • Improve scalability.
    • Improve disaster recovery.
    • Improve application security.

    Considerations

    • Data extraction, starting from the document databases in NSF format and including security settings about users and groups granted to read and write single documents, which is a powerful feature of Lotus Domino documents.
    • File extraction, starting from the document databases in NSF format, which can contain attachments and RTF documents and embedded files.
    • Design of the final relational database structure; this activity should be carried out without taking into account the original structure of the data in Domino files or the data conversion and loading, from the extracted format to the final model.
    • Design and development of the target-state custom applications based on the new data model and the new selected development platform.

    Application replatform

    Transition an existing Domino application to a new modern platform

    Abstract

    This type of arrangement is typically part of an application migration or transformation. In this model, client can “replatform” the application into an off-premises hosted provider platform. This would yield many benefits of cloud but in a different scaling capacity as experienced with commodity workloads (e.g. Windows, Linux) and the associated application.

    Two challenges are particularly significant when migrating or replatforming Domino applications:

    • The application functionality/value must be reproduced/replaced with not one but many applications, either through custom coding or a commercial-off-the-shelf/SaaS solution.
    • Notes “databases” are not relational databases and will not migrate simply to an SQL database while retaining the same business value. Notes databases are essentially NoSQL repositories and are difficult to normalize.

    Advantages

    • Leverage cloud technologies.
    • Improve scalability.
    • Align to a SharePoint platform.
    • Improve disaster recovery.
    • Improve application security.

    Considerations

    • Application replatform resource effort
    • Network bandwidth
    • New platform terms and conditions
    • Secure connectivity and communication
    • New platform security and compliance
    • Degree of complexity

    Info-Tech Insights

    There is a difference between a migration and a replatform application strategy. Determine which solution aligns to the application requirements.

    Stay with HCL

    Stay with HCL, understanding its future commitment to the platform.

    Abstract

    Following the announced acquisition of IBM Domino and up until around December 2019, HCL had published no future roadmap for the platform. The public-facing information/website at the time stated that HCL acquired “the product family and key lab services to deliver professional services.” Again, there was no mention or emphasis on upcoming new features for the platform. The product offering on their website at the time stated that HCL would leverage its services expertise to advise clients and push applications into four buckets:

    1. Replatform
    2. Retire
    3. Move to cloud
    4. Modernize

    That public-facing messaging changed with release 11.0, which had references to IBM rebranded to HCL for the Notes and Domino product – along with fixes already inflight. More information can be found on HCL’s FAQ page.

    Advantages

    • Known environment
    • Domino is a supported platform
    • Domino is a developed platform
    • No-code/low-code optimization
    • Business developed applications
    • Rapid application framework

    This is the HCL Domino Logo

    Understand your tools

    Many tools are available to help evaluate or migrate your Domino Platform. Here are a few common tools for you to consider.

    Notes Archiving & Notes to SharePoint

    Summary of Vendor

    “SWING Software delivers content transformation and archiving software to over 1,000 organizations worldwide. Our solutions uniquely combine key collaborative platforms and standard document formats, making document production, publishing, and archiving processes more efficient.”*

    Tools

    Lotus Notes Data Migration and Archiving: Preserve historical data outside of Notes and Domino

    Lotus Note Migration: Replacing Lotus Notes. Boost your migration by detaching historical data from Lotus Notes and Domino.

    Headquarters

    Croatia

    Best fit

    • Application archive and retire
    • Migration to SharePoint

    This is an image of the SwingSoftware Logo

    * swingsoftware.com

    Domino Migration to SharePoint

    Summary of Vendor

    “Providing leading solutions, resources, and expertise to help your organization transform its collaborative environment.”*

    Tools

    Notes Domino Migration Solutions: Rivit’s industry-leading solutions and hardened migration practice will help you eliminate Notes Domino once and for all.

    Rivive Me: Migrate Notes Domino applications to an enterprise web application

    Headquarters

    Canada

    Best fit

    • Application Archive & Retire
    • Migration to SharePoint

    This is an image of the RiVit Logo

    * rivit.ca

    Lotus Notes to M365

    Summary of Vendor

    “More than 300 organizations across 40+ countries trust skybow to build no-code/no-compromise business applications & processes, and skybow’s community of customers, partners, and experts grows every day.”*

    Tools

    SkyBow Studio: The low-code platform fully integrated into Microsoft 365

    Headquarters:

    Switzerland

    Best fit

    • Application Archive & Retire
    • Migration to SharePoint

    This is an image of the SkyBow Logo

    * skybow.com | About skybow

    Notes to SharePoint Migration

    Summary of Vendor

    “CIMtrek is a global software company headquartered in the UK. Our mission is to develop user-friendly, cost-effective technology solutions and services to help companies modernize their HCL Domino/Notes® application landscape and support their legacy COBOL applications.”*

    Tools

    CIMtrek SharePoint Migrator: Reduce the time and cost of migrating your IBM® Lotus Notes® applications to Office 365, SharePoint online, and SharePoint on premises.

    Headquarters

    United Kingdom

    Best fit

    • Application replatform
    • Migration to SharePoint

    This is an image of the CIMtrek Logo

    * cimtrek.com | About CIMtrek

    Domino replatform/Rapid application selection framework

    Summary of Vendor

    “4WS.Platform is a rapid application development tool used to quickly create multi-channel applications including web and mobile applications.”*

    Tools

    4WS.Platform is available in two editions: Community and Enterprise.
    The Platform Enterprise Edition, allows access with an optional support pack.

    4WS.Platform’s technical support provides support services to the users through support contracts and agreements.

    The platform is a subscription support services for companies using the product which will allow customers to benefit from the knowledge of 4WS.Platform’s technical experts.

    Headquarters

    Italy

    Best fit

    • Application replatform

    This is an image of the 4WS PLATFORM Logo

    * 4wsplatform.org

    Activity

    Understand your Domino options

    Application Rationalization Exercise

    Info-Tech Insight

    Application rationalization is the perfect exercise to fully understand your business-developed applications, their importance to business process, and the potential underlying financial impact.

    This activity involves the following participants:

    • IT strategic direction decision-makers.
    • IT managers responsible for an existing Domino platform
    • Organizations evaluating platforms for mission-critical applications.

    Outcomes of this step:

    • Completed Application Rationalization Tool

    Application rationalization exercise

    Use this Application Rationalization Tool to input the outcomes of your various application assessments

    In the Application Entry tab:

    • Input your application inventory or subset of apps you intend to rationalize, along with some basic information for your apps.

    In the Business Value & TCO Comparison tab, determine rationalization priorities.

    • Input your business value scores and total cost of ownership (TCO) of applications.
    • Review the results of this analysis to determine which apps should require additional analysis and which dispositions should be prioritized.

    In the Disposition Selection tab:

    • Add to or adapt our list of dispositions as appropriate.

    In the Rationalization Inputs tab:

    • Add or adapt the disposition criteria of your application rationalization framework as appropriate.
    • Input the results of your various assessments for each application.

    In the Disposition Settings tab:

    • Add or adapt settings that generate recommended dispositions based on your rationalization inputs.

    In the Disposition Recommendations tab:

    • Review and compare the rationalization results and confirm if dispositions are appropriate for your strategy.

    In the Timeline Considerations tab:

    • Enter the estimated timeline for when you execute your dispositions.

    In the Portfolio Roadmap tab:

    • Review and present your roadmap and rationalization results.

    Follow the instructions to generate recommended dispositions and populate an application portfolio roadmap.

    This image depicts a scatter plot graph where the X axis is labeled Business Value, and the Y Axis is labeled Cost. On the graph, the following datapoints are displayed: SF; HRIS; ERP; ALM; B; A; C; ODP; SAS

    Info-Tech Insight

    Watch out for misleading scores that result from poorly designed criteria weightings.

    Related Info-Tech Research

    Build an Application Rationalization Framework

    Manage your application portfolio to minimize risk and maximize value.

    Embrace Business-Managed Applications

    Empower the business to implement their own applications with a trusted business-IT relationship.

    Satisfy Digital End Users With Low- and No-Code

    Extend IT, automation, and digital capabilities to the business with the right tools, good governance, and trusted organizational relationships.

    Maximize the Benefits from Enterprise Applications with a Center of Excellence

    Optimize your organization’s enterprise application capabilities with a refined and scalable methodology.

    Drive Successful Sourcing Outcomes With a Robust RFP Process

    Leverage your vendor sourcing process to get better results.

    Research Authors

    Darin Stahl, Principal Research Advisor, Info-Tech Research Group

    Darin Stahl, Principal Research Advisor,
    Info-Tech Research Group

    Darin is a Principal Research Advisor within the Infrastructure practice, leveraging 38+ years of experience. His areas of focus include IT operations management, service desk, infrastructure outsourcing, managed services, cloud infrastructure, DRP/BCP, printer management, managed print services, application performance monitoring, managed FTP, and non-commodity servers (zSeries, mainframe, IBM i, AIX, Power PC).

    Troy Cheeseman, Practice Lead, Info-Tech Research Group

    Troy Cheeseman, Practice Lead,
    Info-Tech Research Group

    Troy has over 24 years of experience and has championed large enterprise-wide technology transformation programs, remote/home office collaboration and remote work strategies, BCP, IT DRP, IT operations and expense management programs, international right placement initiatives, and large technology transformation initiatives (M&A). Additionally, he has deep experience working with IT solution providers and technology (cloud) startups.

    Research Contributors

    Rob Salerno, Founder & CTO, Rivit Technology Partners

    Rob Salerno, Founder & CTO, Rivit Technology Partners

    Rob is the Founder and Chief Technology Strategist for Rivit Technology Partners. Rivit is a system integrator that delivers unique IT solutions. Rivit is known for its REVIVE migration strategy which helps companies leave legacy platforms (such as Domino) or move between versions of software. Rivit is the developer of the DCOM Application Archiving solution.

    Bibliography

    Cheshire, Nigel. “Domino v12 Launch Keeps HCL Product Strategy On Track.” Team Studio, 19 July 2021. Web.

    “Is LowCode/NoCode the best platform for you?” Rivit Technology Partners, 15 July 2021. Web.

    McCracken, Harry. “Lotus: Farewell to a Once-Great Tech Brand.” TIME, 20 Nov. 2012. Web.

    Sharwood, Simon. “Lotus Notes refuses to die, again, as HCL debuts Domino 12.” The Register, 8 June 2021. Web.

    Woodie, Alex. “Domino 12 Comes to IBM i.” IT Jungle, 16 Aug. 2021. Web.

    Make Sense of Strategic Portfolio Management

    • Buy Link or Shortcode: {j2store}447|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Portfolio Management
    • Parent Category Link: /portfolio-management
    • As an IT leader, you’re responsible for steering the realization of business strategy through wise investments in and responsible stewardship of assets, applications, portfolios, programs, products, and projects.
    • You need a tool to help align goals and facilitate processes across business units. You’re aware of a tool space called Strategic Portfolio Management, and it looks like it could help, but you’re unsure of how it’s different from some of the existing tools you already pay for and don’t use to their full functionality.

    Our Advice

    Critical Insight

    As a software space, strategic portfolio management lacks a unified definition. In the same way that it took many years for project portfolio management to stabilize as a concept distinct from traditional enterprise project management, strategic portfolio management is experiencing a similar period of formational uncertainty. Unpacking what’s truly new and valuable in helping to define strategy and drive strategic outcomes versus what’s just repackaged as SPM is an important first step, but it's not an easy undertaking.

    Impact and Result

    In this concise publication, we will cut through the marketing to unpack what strategic portfolio management is, and what makes it distinct from similar capabilities. We’ll help to situate you in the space and assess the extent to which your tooling needs can be met by a strategic portfolio management offering.

    Make Sense of Strategic Portfolio Management Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Make Sense of Strategic Portfolio Management Storyboard – A guide to help you drive strategic outcomes.

    In this concise publication we introduce you to strategic portfolio management and consider the extent to which your organization can leverage an SPM application to help drive strategic outcomes.

    • Make Sense of Strategic Portfolio Management Storyboard

    2. Strategic Portfolio Management Needs Assessment Tool – Use this tool to determine if your organization can benefit from the features and functionality of an SPM approach.

    Use this Excel workbook to determine if your organization can benefit from the features and functionality of an SPM approach or whether you need something more like a traditional project portfolio management tool.

    • Strategic Portfolio Management Needs Assessment
    [infographic]

    Further reading

    Make Sense of Strategic Portfolio Management

    Separate what's new and valuable from bloated claims on the hype cycle.

    Analyst Perspective

    Do you need strategic portfolio management, or do you need to do portfolio management more strategically?

    Travis Duncan, Research Director, PPM and CIO Strategy

    Travis Duncan
    Research Director, PPM and CIO Strategy
    Info-Tech Research Group

    While the market is eager to get users into what they're calling "strategic portfolio management," there's a lot of uncertainty out there about what this market is and how it's different from other, more established portfolio disciplines – most significantly, project portfolio management.

    Indeed, if you look at how the space is covered within the industry, you'll encounter a dog's breakfast of players, a comparison of apples and oranges: Jira in the same quadrants as Planisware, Smartsheets in the same profiles as Planview and ServiceNow. While each of the individual players is impressive, their areas of focus are unique and the extent to which they should be compared together under the category of strategic portfolio management is questionable.

    It speaks to some of the grey area within the SPM space more generally, which is at a bit of a crossroads: Will it formally shed the guardrails of its antecedents to become its own space, or will it devolve into a bait and switch through which capabilities that struggled to gain much traction beyond IT settings seek to infiltrate the business and grow their market share under a different name?

    Part of it is up to the rest of us as users and potential customers. Clarifying what we need before we jump into something simply because our prior attempts failed will help determine whether we need a unique space for strategic portfolio management or whether we simply need to do portfolio management more strategically.

    Executive Summary

    Your Challenge Common Obstacles Info-Tech's Approach
    • As an IT leader, you're responsible for steering the realization of business strategy through wise investments in/ and responsible stewardship of: assets, applications, portfolios, programs, products, and projects.
    • You need a tool to help align goals and facilitate processes and communications across business units. You're aware of a tool space called strategic portfolio management, and it looks like it could help, but you're unsure of how it's different from some of the existing tools you already license.
    • As a software space, strategic portfolio management lacks a unified definition. Unpacking what's truly new in helping to define strategy and drive strategic outcomes versus what's just repackaged as SPM is no small undertaking.
    • Because SPM can span different business units, ways of working, and roles, getting buy-in, alignment, and adoption can be even more precarious than it is when implementing other types of solutions.
    • In this concise publication, we will cut through the marketing to unpack what strategic portfolio management is and what makes it distinct from similar capabilities.
    • Assess the extent to which your tooling needs can be met by a strategic portfolio management offering or the extent to which you may need to look at other software categories.
    • With a better understanding of the space, we hope to help facilitate better internal discussions around the value of SPM for your business needs.

    Info-Tech Insight
    In the same way that it took many years for PPM to stabilize as a concept distinct from traditional enterprise project management, strategic portfolio management is experiencing a similar period of formational uncertainty. In a space that can be all things to all users, clarify your actual needs before jumping onto a bandwagon and ending up with something that you don't need, and that the organization can't adopt.

    Strategic portfolio management is enterprise portfolio management

    Evolved from various other capabilities and vendor solutions, strategic portfolio management (SPM) seeks to connect strategy to execution.

    While the concept of 'strategic portfolio management' has been written about within project portfolio management circles for nearly 20 years, SPM, as a distinct organizational competence and software category, is a relatively new and largely vendor-driven capability.

    First emerging in the discourse during the mid-to-late 2010s, SPM has evolved from its roots in traditional enterprise project portfolio management. Though, as we will discuss, it has other antecedents not limited to PPM.

    In this publication, we'll unpack what SPM is, how it is distinct (and, in turn, how it is not distinct) from PPM and other capabilities, and we will consider the extent to which your organization can and should leverage an SPM application to help drive strategic outcomes.

    –The increasing need to deliver value from digital initiatives is giving rise to strategic portfolio management, a digital investment management discipline that enables strategy realization in complex dynamic environments."
    – OnePlan, "Is Strategic Portfolio Management the Future of PPM?"

    Only 2% of business leaders are confident that they will achieve 80% to 100% of their strategic objectives.
    Source: Smith, 2022

    Put strategic portfolio management in context

    SPM is a new stage in the history of project portfolio management more generally. While it's emerging as a distinct capability, and it borrows from capabilities beyond PPM, unpacking its distinctiveness is best done by first understanding its source.

    Understand the recent triggers for strategic portfolio management

    Triggers for the emergence of strategic portfolio management in the discourse include the pace of technology-introduced change, the waning of enterprise project management, and challenges around enterprise PPM tool adoption.

    Spot the difference?

    Scope, focus, and audience are just a few of the factors distinguishing what the market calls "SPM" from traditional PPM.

    Project Portfolio Management Differentiator Strategic Portfolio Management
    Work-Level (Tactical) Primary Orientation High-Level (Strategic)
    CIO Accountable for Outcomes CxO
    Project Manager Responsible for Outcomes Product Management Organization
    Project Managers, PMO Staff Targeted Users Business Leaders, ePMO Staff
    Project Portfolio(s) Essential Scope Multi-Portfolio (Project, Application, Product, Program, etc.)
    IT Project Delivery and Business Results Delivery Core Focus Business Strategy and Change Delivery
    Project Scope Change Impact Sensitivity Enterprise Scope
    IT and/or Business Benefit Language of Value Value Stream
    Project Timelines Main View Strategy Roadmaps
    Resource Capacity Primary Currency Money
    Work-Assignment Details Modalities of Planning Value Milestones & OKRs
    Work Management Modalities of Execution Governance (Project, Product, Strategy, Program, etc.)
    Project Completion Definitions of "Done" Business Capability Realization

    Info-Tech Insight
    The distinction between the two capabilities is not necessarily as black and white as the table above would have it (some "PPM" tools offer what we're identifying above as "SPM" capabilities), but it can be helpful to think in these binaries when trying to distinguish the two capabilities. At the very least, SPM broadens its scope to target more executive and business users, and functions best when it's speaking at a higher level, to a business audience.

    Strategic portfolio management offers a more holistic view of the enterprise

    At its best, strategic portfolio management can accommodate various paradigms of work management and incorporate different types of portfolio management.

    Perhaps the biggest evolution from traditional PPM that strategic portfolio management promises is that it casts a wider net in terms of the types of work it tracks (and how it tracks that work) and the types of portfolios it accommodates.

    Not bound to the concepts of "projects" and a "project portfolio" specifically, SPM broadens its scope to encompass capabilities like product and product portfolio management, enterprise architecture management, security and risk management, and more.

    • Where a PPM solution only shows one piece of the puzzle, SPM looks at the entire investment ecosystem, tracking strategic goals, the ideas generated to help achieve those goals, and all the various kinds of investments made in the service of those goals.
    • what's more, where traditional PPM tools required users to adhere to a certain way of working and managing tasks, SPM is more flexible, relying on integrations across various ways of working to provide higher-level insight on the progress of work and the achievement of goals.

    Deliver business strategy and change effectively

    Info-Tech's Strategic Portfolio Management Framework

    "An SPM tool will capture business strategy, business capabilities, operating models, the enterprise architecture and the project portfolio with unmatched visibility into how they all relate. This will give...a robust understanding of the impact of a proposed IT change " and enable IT and business to act like cocreators driving innovation."
    – Paula Ziehr

    You might need a strategic portfolio management tool if–

    If you find yourself facing any of these situations, it might be time to step away from your PPM tool and into an SPM approach:

    • Your organization is facing a large implementation that will cross multiple departmental units and requires alignment across senior leadership (e.g. a digital transformation initiative).
    • You currently have disparate systems tracking different portfolios (project, product, applications, etc.) and types of investments, but lack insight into the whole in terms of how work efforts and investments tie back to strategy realization.
    • You are an ePMO or a strategy realization office that doesn't manage work necessarily, but that rather ensures that the work, assets, and capabilities that are funded connect to strategy and drive the realization of strategy.

    Sixty one percent of leaders acknowledge their companies struggle to bridge the gap between creating a strategy and executing on that strategy.
    Source: StrategyBlocks, 2020

    Get to know your strategic portfolio management stakeholders

    In terms of users, SPM's focus is further up the org chart than most applications, relying on high-level but usable outputs to help drive decision making.

    ePMO or Strategy Realization Office Senior Leadership and Executive Stakeholders Business Leads and IT Directors and Managers
    SPM tools are best facilitated through enterprise PMOs or strategy realization offices. After all, in enterprises, these are the entities charged with the planning, execution, and tracking of strategy.

    Their roles within the tool typically entail:

    • Helping to facilitate processes and collect data.
    • Data quality and curation.
    • Report distribution and consumption.
    		 As those with the accountability and authority to drive the organization's strategy, you could argue that these stakeholders are the primary stakeholders for an SPM tool.

    Their roles within the tool typically entail:

    • Using strategy map and ideation functionalities.
    • Using reports to steward strategy realization.
    		 SPM targets more business users as well as senior IT managers and directors.

    Their roles within the tool typically entail:

    • Using strategy map and ideation functionalities.
    • Providing updates to ePMOs on progress.

    What should you look for in a strategic portfolio management tool? (1 of 2)

    Standard features for SPM include:

    Name Description
    Analytics and Reporting SPM should provide access to real-time dashboards and data interpretation, which can be exported as reports in a range of formats.
    Strategy Mapping and Road Mapping SPM should provide access to up-to-date timeline views of strategies and initiatives, including the ability to map such things as dependencies, market needs, funding, priorities, governance, and accountabilities.
    Value Tracking and Measurement SPM should include the ability to forecast, track, and measure return on investment for strategic investments. This includes accommodations for various paradigms of value delivery (e.g. traditional value delivery and measurement, OKRs, as well as value mapping and value streams).
    Ideation and Innovation Management SPM should include the ability to facilitate innovation management processes across the organization, including the ability to support stage gates from ideation through to approval; to articulate, socialize, and test ideas; perform impact assessments; create value canvas and OKR maps; and prioritize.
    Multi-Portfolio Management SPM should include the ability to perform various modalities of portfolio management and portfolio optimization, including project portfolio management, applications portfolio management, asset portfolio management, etc.
    Interoperability/APIs An SPM tool should enable seamless integration with other applications for data interoperability.

    What should you look for in a strategic portfolio management tool? (2 of 2)

    Advanced features for SPM can include:

    Name Description
    Product Management SPM can include product-management-specific functionality, including the ability to connect product families, roadmaps, and backlogs to enterprise goals and priorities, and track team-level activities at the sprint, release, and campaign levels.
    Enterprise Architecture Management SPM can include the ability to define and map the structure and operation of an organization in order to effectively coordinate various domains of architecture and governance (e.g. business architecture, data architecture, application architecture, security architecture, etc.) in order to effectively plan and introduce change.
    Security and Risk Management SPM can include the ability to identify and track enterprise risks and ensure compliance controls are met.
    Lean Portfolio Management SPM can include the ability to plan and report on portfolio performance independent from task level details of product, program, or project delivery.
    Investment and Financial Management SPM can include the ability to forecast, track, and report on financials at various levels (strategy, product, program, project, etc.).
    Multi-Methodology Delivery SPM can include the ability to plan and execute work in a way that accommodates various planning and delivery paradigms (predictive, iterative, Kanban, lean, etc.).

    What's promising within the space?

    As this space continues to stabilize, the following are some promising associations for business and IT enablement.

    1. SPM accommodates various ways of working.
    • Where traditional PPM and work management tools required that users change their processes and tasking paradigms to fit within the tool's rigid task management and data structures, the best SPM tools are those that are adaptable to various ways of working and can accommodate many tasking and work management models.
    • Sometimes this is done through extensive integrations and APIs that pull data from existing work management applications into a single view within the SPM tool, and other times, this is done by abstracting the task-level details into a higher-level reporting structure (it can depend on the solution). In any event, the best SPMs are bound to one work management model.
    2. SPM puts the focus on value and change.
    • With its focus on the planning and execution of strategy, SPM can't avoid putting a spotlight on value and value realization. The best SPM tools include the ability to forecast, track, and measure return on investment for strategic investments, and they accommodate for various paradigms of value delivery (e.g. traditional value delivery and measurement, OKRs, as well as value mapping and value streams).
    • Of course, you can't realize value without successfully fostering change. And while SPM tools don't necessarily offer functionality explicitly identifiable as organizational change management, they can act as agents of change in putting the spotlight on the execution of change at the executive level.
    3. SPM fosters a coherent approach to demand management.
    • With its goal of ensuring that strategy informs the organization of portfolios and guides the selection of projects and delivery of products, SPM can potentially bring some order to what is often a chaotic demand-management landscape, ensuring that planned and in-progress work is well justified from an ROI perspective.

    What's of concern within the space?

    As a progeny from other capabilities, SPM has some risks and connotations potential users should be wary of.

    1. The space is rife with IT buzzwords and, as a concept, is sometimes used as a repackaging of failing concepts.
    • You don't need to spend too much time engaging with the literature around SPM before you notice the marketing appeals heavily to concepts like "digitalization," "digital transformation," "continual innovation," "agility/Agile," and the like. While these are all important concepts, and the pursuit of them is worthwhile in many cases, there's no denying they're used as consultant and vendor buzzwords, deployed to excite our imaginations, without necessarily providing much meat around what they mean or how they're deployed and successfully sustained.
    • Indeed, many concepts and capabilities that appear in relation to SPM are on the downward swing of industry hype cycles, suggesting that SPM may be being used by vendors and consultants as another attempt to repackage and capitalize on these concepts even as practitioners grow weary and suspicious of the marketing claims built up around them.
    2. Some solutions that identify as SPM are not.
    • Because it's on the upward swing of its place in the hype cycle, many established PPM and service management vendors are applying the 'strategic portfolio management" label to their products without necessarily doing anything different from a functionality perspective to fit within the space. As a result, SPM vendor landscapes can compare work management, project management, demand management tools, and more. Users who want SPM functionality need to stay frosty to ensure they get what they pay for.
    3. SPM tools may have a capacity blind spot.
    • The biggest barrier to getting things done and done well in modern enterprises is approving more work than you have the capacity to deliver. While SPM offerings can help with better demand management, not many of them cover the capacity side with the same level of improvement.

    Does your organization need a strategic portfolio management tool?

    Use Info-Tech's Strategic Portfolio Management Needs Assessment to gauge your readiness for SPM.

    • As noted in previous places in this deck, there is often a grey area in the market between project portfolio management tools and strategic portfolio management tools.
    • Some PPM tools offer SPM functionality, while some SPM tools avoid traditional PPM outcomes and stay at a higher, strategic level.
    • Depending on the scope of your PMO or portfolio optimization needs, you may need a tool that has just one, or both, of these capabilities.
    • Use Info-Tech's Strategic Portfolio Management Needs Assessment to help you assess whether you require a high-level strategy management tool, a more low-level project portfolio management tool, or a mix of both.

    Download Info-Tech's Strategic Portfolio Management Needs Assessment

    1.1 Assess your needs

    10 to 20 minutes

    1. The Strategic Portfolio Management Needs Assessment is a 41-question survey broken up into three parts: (1) PMO Type, (2) Features and Functionality, (3) Roles.
    2. Go through each section using the provided dropdowns to help identify the orientation of your PMO, the feature and functionality needs of your office, as well as the roles whose needs will need to be serviced through the potential tool implementation.

    This screenshot shows a sample output from the assessment. Based upon your inputs, you'll be grouped within three ranges:

    1. Green: Based upon your inputs, you will benefit from an SPM tool.
    2. Yellow: You may benefit from an SPM tool, but you may also require something more traditional. Clarify your requirements before proceeding.
    3. Red: you're unlikely to leverage many of the benefits of an SPM tool at this time. Look for a more tactical solution.

    Sample Output from the assessment tool

    Input Output
    • Understanding of existing project management, project portfolio management, and work management applications.
    • Recommendation on PPM/SPM tool type
    Materials Participants
    • Strategic Portfolio Management Needs Assessment tool
    • Portfolio managers and/or ePMO directors
    • Project managers and product managers
    • Business stakeholders

    Explore the SPM vendor landscape

    Use Info-Tech's application selection resources to help find the right solution for your organization.

    If the analysis in the previous slides suggested you can benefit from an SPM tool, you can quick-start your vendor evaluation process with SoftwareReviews.

    SoftwareReviews has extensive coverage of not just the SPM space, but of the project portfolio management (pictured to the top right) and project management spaces as well. So, from the tactical to the strategic, SoftwareReviews can help you find the right tools.

    Further, as you settle in on a shortlist, you can begin your vendor analysis using our rapid application selection methodology (see framework on bottom right). For more information see our The Rapid Application Selection Framework blueprint.

    Info-Tech's Rapid Application Selection Framework

    Info-Tech's Rapid Application Selection Framework (RASF)

    Related Info-Tech Research

    Develop a Project Portfolio Management Strategy
    Drive IT project throughput by throttling resource capacity.

    Prepare an Actionable Roadmap for your PMO
    Turn planning into action with a realistic PMO timeline.

    Maintain an Organized Portfolio
    Align portfolio management practices with COBIT (APO05: Manage Portfolio)

    Bibliography

    Angliss, Katy, and Pete Harpum. Strategic Portfolio Management: In the Multi-Project and Program Organization. Book. Routledge. 30 Dec. 2022.

    Anthony, James. "95 Essential Project Management Statistics: 2022 Market Share & Data Analysis." Finance Online. 2022. Web. Accessed 21 March 2022

    Banham, Craig. "Integrating strategic planning with portfolio management." Sopheon. Webinar. Accessed 6 Feb. 2023.

    Garfein, Stephen J. "Executive Guide to Strategic Portfolio Management: roadmap for closing the gap between strategy and results." PMI. Conference Paper. Oct. 2007. Accessed 6 Feb. 2023.

    Garfein, Stephen J. "Strategic Portfolio Management: A smart, realistic and relatively fast way to gain sustainable competitive advantage." PMI. Conference Paper. 2 March 2005. Accessed 6 Feb. 2023.

    Hontar, Yulia. "Strategic Portfolio Management." PPM Express. Blog 16 June 2022. Accessed 6 Feb. 2023.

    Milsom, James. "6 Strategic Portfolio Management Trends for 2023." i-nexus. Blog. 25 Jan. 2022. Accessed 6 Feb. 2023.

    Milsom, James. "Strategic Portfolio Management 101." i-nexus. 8 Dec. 2021. Blog . Accessed 6 Feb. 2023.

    OnePlan, "Is Strategic Portfolio Management the Future of PPM?" YouTube. 17 Nov. 2022. Accessed 6 Feb. 2023.

    OnePlan. "Strategic Portfolio Management for Enterprise Agile." YouTube. 27 May 2022. Accessed 6 Feb. 2023.

    Piechota, Frank. "Strategic Portfolio Management: Enabling Successful Business Outcomes." Shibumi. Blog . 31 May 2022. Accessed 6 Feb. 2023.

    ServiceNow. "Strategic Portfolio Management—The Thing You've Been Missing." ServiceNow. Whitepaper. 2021. Accessed 6 Feb. 2023.

    Smith, Shepherd, "50+ Eye-Opening Strategic Planning Statistics" ClearPoint Strategy. Blog. 13 Sept. 2022. Accessed 6 Feb. 2023.

    SoftwareAG. "What is Strategic Portfolio Management (SPM)?" SoftwareAG. Blog. Accessed 6 Feb. 2023.

    Stickel, Robert. "What It Means to be Adaptive." OnePlan. Blog. 24 May 2021. Accessed 6 Feb. 2023.

    UMT360. "What is Strategic Portfolio Management?" YouTube. Webinar. 22 Oct. 2020. Accessed 6 Feb. 2023.

    Wall, Caroline. "Elevating Strategy Planning through Strategic Portfolio Management." StrategyBlocks. Blog. 26 Feb. 2020. Accessed 6 Feb. 2023.

    Westmoreland, Heather. "What is Strategic Portfolio Management." Planview. Blog. 19 Oct 2002. Accessed 6 Feb. 2023.

    Wiltshire, Andrew. "Shibumi Included in Gartner Magic Quadrant for Strategic Portfolio Management for the 2nd Straight Year." Shibumi. Blog. 20 Apr. 2022. Accessed 6 Feb. 2023.

    Ziehr, Paula. "Keep your eye on the prize: Align your IT investments with business strategy." SoftwareAG. Blog. 5 Jul. 2022. Accessed 6 Feb. 2023.

    Customer Relationship Management Platform Selection Guide

    • Buy Link or Shortcode: {j2store}529|cart{/j2store}
    • member rating overall impact: 9.2/10 Overall Impact
    • member rating average dollars saved: $14,719 Average $ Saved
    • member rating average days saved: 32 Average Days Saved
    • Parent Category Name: Customer Relationship Management
    • Parent Category Link: /customer-relationship-management
    • Customer relationship management (CRM) suites are an indispensable part of a holistic strategy for managing end-to-end customer interactions.
    • After defining an approach to CRM, selection and implementation of the right CRM suite is a critical step in delivering concrete business value for marketing, sales, and customer service.
    • Despite the importance of CRM selection and implementation, many organizations struggle to define an approach to picking the right vendor and rolling out the solution in an effective and cost-efficient manner.
    • IT often finds itself in the unenviable position of taking the fall for CRM platforms that don't deliver on the promise of the CRM strategy.

    Our Advice

    Critical Insight

    • IT needs to be a trusted partner in CRM selection and implementation, but the business also needs to own the requirements and be involved from the beginning.
    • CRM requirements dictate the components of the target CRM architecture, such as deployment model, feature focus, and customization level. Savvy application directors recognize the points in the project where the CRM architecture model necessitates deviations from a "canned" roll-out plan.
    • CRM selection is a multi-step process that involves mapping target capabilities for marketing, sales, and customer service, assigning requirements across functional categories, determining the architecture model to prioritize criteria, and developing a comprehensive RFP that can be scored in a weighted fashion.
    • Companies that succeed with CRM implementation create a detailed roadmap that outlines milestones for configuration, security, points of implementation, data migration, training, and ongoing application maintenance.

    Impact and Result

    • A CRM platform that effectively meets the needs of marketing, sales, and customer service and delivers value.
    • Reduced costs during CRM selection.
    • Reduced implementation costs and time frame.
    • Faster time to results after implementation.

    Customer Relationship Management Platform Selection Guide Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Customer Relationship Management Platform Selection Guide – Speed up the process to build your business case and select your CRM solution.

    This blueprint will help you build a business case for selecting the right CRM platform, defining key requirements, and conducting a thorough analysis and scan of the ever-evolving CRM market space.

    • Customer Relationship Management Platform Selection Guide — Phases 1-3

    2. CRM Business Case Template – Document the key drivers for selecting a new CRM platform.

    Having a sound business case is essential for succeeding with a CRM. This template will allow you to document key drivers and impact, in line with the CRM Platform Selection Guide blueprint.

    • CRM Business Case Template

    3. CRM Request for Proposal Template

    Create your own request for proposal (RFP) for your customer relationship management (CRM) solution procurement process by customizing the RFP template created by Info-Tech.

    • CRM Request for Proposal Template

    4. CRM Suite Evaluation and RFP Scoring Tool

    The CRM market has many strong contenders and differentiation may be difficult. Instead of relying solely on reputation, organizations can use this RFP tool to record and objectively compare vendors according to their specific requirements.

    • CRM Suite Evaluation and RFP Scoring Tool

    5. CRM Vendor Demo Script

    Use this template to support your business's evaluation of vendors and their solutions. Provide vendors with scenarios that prompt them to display not only their solution's capabilities, but also how the tool will support your organization's particular needs.

    • CRM Vendor Demo Script

    6. CRM Use Case Fit Assessment Tool

    Use this tool to help build a CRM strategy for the organization based on the specific use case that matches your organizational needs.

    • CRM Use-Case Fit Assessment Tool
    [infographic]

    Further reading

    Customer Relationship Management Platform Selection Guide

    Speed up the process to build your business case and select your CRM solution.

    Table of Contents

    1. Analyst Perspective
    2. Executive Summary
    3. Blueprint Overview
    4. Executive Brief
    5. Phase 1: Understand CRM Functionality
    6. Phase 2: Build the Business Case and Elicit CRM requirements
    7. Phase 3: Discover the CRM Marketspace and Prepare for Implementation
    8. Conclusion

    Analyst Perspective

    A strong CRM platform is paramount to succeeding with customer engagement.

    Modern CRM platforms are the workhorses that provide functional capabilities and data curation for customer experience management. The market for CRM platforms has seen an explosion of growth over the last five years, as organizations look to mature their ability to deliver strong capabilities across marketing, sales, and customer service.

    IT needs to be a trusted partner in CRM selection and implementation, but the business also needs to own the requirements and be involved from the get-go.

    CRM selection must be a multistep process that involves defining target capabilities for marketing, sales, and customer service, prioritizing requirements across functional categories, determining the architecture model for the CRM environment, and developing a comprehensive RFP that can be scored in a weighted fashion.

    To succeed with CRM implementation, create a detailed roadmap that outlines milestones for configuration, security, points of implementation, data migration, training, and ongoing application maintenance.

    Photo of Ben Dickie, Research Lead, Customer Experience Strategy, Info-Tech Research Group. Ben Dickie
    Research Lead, Customer Experience Strategy
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Customer Relationship Management (CRM) suites are an indispensable part of a holistic strategy for managing end-to-end customer interactions. Selecting the right platform that aligns with your requirements is a significant undertaking.

    After defining an approach to CRM, selection and implementation of the right CRM suite is a critical step in delivering concrete business value for marketing, sales, and customer service.     		Common Obstacles

    Despite the importance of CRM selection and implementation, many organizations struggle to define an approach to picking the right vendor and rolling out the solution in an effective and cost-efficient manner.

    The CRM market is rapidly evolving and changing, making it tricky to stay on top of the space.

    IT often finds itself in the unenviable position of taking the fall for CRM platforms that don’t deliver on the promise of the CRM strategy.     		Info-Tech’s Approach

    CRM platform selection must be driven by your overall customer experience management strategy: link your CRM selection to your organization’s CXM framework.

    Determine if you need a CRM platform that skews toward marketing, sales, or customer service; leverage use cases to help guide selection.

    Ensure strong points of integration between CRM and other software such as MMS. A CRM should not live in isolation; it must provide a 360-degree view.

    Info-Tech Insight

    IT must work in lockstep with its counterparts in marketing, sales, and customer service to define a unified vision for the CRM platform.

    Info-Tech’s methodology for selecting the right CRM platform

    1. Understand CRM Features 2. Build the Business Case & Elicit CRM Requirements 3. Discover the CRM Market Space & Prepare for Implementation
    Phase Steps
    1. Define CRM platforms
    2. Classify table stakes & differentiating capabilities
    3. Explore CRM trends
    1. Build the business case
    2. Streamline requirements elicitation for CRM
    3. Construct the RFP
    1. Discover key players in the CRM landscape
    2. Engage the shortlist & select finalist
    3. Prepare for implementation
    Phase Outcomes
    • Consensus on scope of CRM and key CRM capabilities
    • CRM selection business case
    • Top-level use cases and requirements
    • Completed CRM RFP
    • CRM market analysis
    • Shortlisted vendor
    • Implementation considerations

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    The CRM purchase process should be broken into segments:

    1. CRM vendor shortlisting with this buyer’s guide
    2. Structured approach to selection
    3. Contract review

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Phase 3
    Call #1: Understand what a CRM platform is and the “art of the possible” for sales, marketing, and customer service. Call #2: Build the business case to select a CRM.

    Call #3: Define your key CRM requirements.

    Call #4: Build procurement items such as an RFP.     		Call #5: Evaluate the CRM solution landscape and shortlist viable options.

    Call #6: Review implementation considerations.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    INFO~TECH RESEARCH GROUP

    Customer Relationship Management Platform Selection Guide

    Speed up the process to build your business case and select your CRM solution.

    EXECUTIVE BRIEF

    Info-Tech Research Group Inc. is a global leader in providing IT research and advice. Info-Tech’s products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns.
    © 1997-2022 Info-Tech Research Group Inc.

    What exactly is a CRM platform?

    Our Definition: A customer relationship management (CRM) platform (or suite) is a core enterprise application that provides a broad feature set for supporting customer interaction processes, typically across marketing, sales and customer service. These suites supplant more basic applications for customer interaction management (such as the contact management module of an enterprise resource planning (ERP) platform or office productivity suite).

    A customer relationship management suite provides many key capabilities, including but not limited to:

    • Account management
    • Order history tracking
    • Pipeline management
    • Case management
    • Campaign management
    • Reports and analytics
    • Customer journey execution

    A CRM suite provides a host of native capabilities, but many organizations elect to tightly integrate their CRM solution with other parts of their customer experience ecosystem to provide a 360-degree view of their customers.

    		Stock image of a finger touching a screen showing a stock chart.

    Info-Tech Insight

    CRM feature sets are rapidly evolving. Focus on the social component of sales, marketing, and service management features, as well as collaboration, to get the best fit for your requirements. Moreover, consider investing in best-of-breed social media management platforms (SMMPs) and internal collaboration tools to ensure sufficient functionality.

    Build a cohesive CRM selection approach that aligns business goals with CRM capabilities.

    Info-Tech Insight

    Customers expect to interact with organizations through the channels of their choice. Now more than ever, you must enable your organization to provide tailored customer experiences.

    Customer expectations are on the rise: meet them!

    A CRM platform is a crucial system for enabling good customer experiences.

    CUSTOMER EXPERIENCE IS EVOLVING

    1. Thoughtfulness is in
        Connect with customers on a personal level
    2. Service over products
        The experience is more important than the product
    3. Culture is now number one
        Culture is the most overlooked piece of customer experience strategy
    4. Engineering and service finally join forces
        Companies are combining their technology and service efforts to create strong feedback loops
    5. The B2B world is inefficiently served
        B2B needs to step up with more tools and a greater emphasis placed on customer experience

    (Source: Forbes, 2019)

    Identifying organizational objectives of high priority will assist in breaking down business needs and CRM objectives. This exercise will better align the CRM systems with the overall corporate strategy and achieve buy-in from key stakeholders.

    A strong CRM platform supports a range of organizational objectives for customer engagement.

    Increase Revenue Enable lead scoring Deploy sales collateral management tools Improve average cost per lead via a marketing automation tool
    Enhance Market Share Enhance targeting effectiveness with a CRM Increase social media presence via an SMMP Architect customer intelligence analysis
    Improve Customer Satisfaction Reduce time-to-resolution via better routing Increase accessibility to customer service with live chat Improve first contact resolution with customer KB
    Increase Customer Retention Use a loyalty management application Improve channel options for existing customers Use customer analytics to drive targeted offers
    Create Customer-Centric Culture Ensure strong training and user adoption programs Use CRM to provide 360-degree view of all customer interactions Incorporate the voice of the customer into product development

    Succeeding with CRM selection and implementation has a positive effect on driving revenues and decreasing costs

    There are three buckets of metrics and KPIs where CRM will drive improvements

    The metrics of a smooth CRM selection and implementation process include:

    • Better alignment of CRM functionality to business needs.
    • Better functionality coverage of the selected platform.
    • Decreased licensing costs via better vendor negotiation.
    • Improved end-user satisfaction with the deployed solution.
    • Fewer errors and rework during implementation.
    • Reduced total implementation costs.
    • Reduced total implementation time.

    A successful CRM deployment drives revenue

    • Increased customer acquisition due to enhanced accuracy of segmentation and targeting, superior lead qualification, and pipeline management.
    • Increased customer satisfaction and retention due to targeted campaigns (e.g. customer-specific deals), quicker service incident resolution, and longitudinal relationship management.
    • Increased revenue per customer due to comprehensive lifecycle management tools, social engagement, and targeted upselling of related products and services (enabled by better reporting/analytics).

    A successful CRM deployment decreases cost

    • Deduplication of effort across business domains as marketing, sales, and service now have a common repository of customer information and interaction tools.
    • Increased sales and service agent efficiency due to their focus on selling and resolution, rather than administrative tasks and overhead.
    • Reduced cost-to-sell and cost-to-serve due to automation of activities that were manually intensive.
    • Reduced cost of accurate data due to embedded reporting and analytics functionality.

    CRM platforms sit at the core of a well-rounded customer engagement ecosystem

    At the center is 'Customer Relationship Management Platform' surrounded by 'Web Experience Management Platform', 'E-Commerce & Point-of-Sale Solutions', 'Social Media Management Platform', 'Customer Intelligence Platform', 'Customer Service Management Tools', and 'Marketing Management Suite'.

    Customer Experience Management (CXM) Portfolio

    		Customer relationship management platforms are increasingly expansive in functional scope and foundational to an organization’s customer engagement strategy. Indeed, CRMs form the centerpiece for a comprehensive CXM system, alongside tools such as customer intelligence platforms and adjacent point solutions for sales, marketing, and customer service.

    Review Info-Tech’s CXM blueprint below to build a complete, end-to-end customer interaction solution portfolio that encompasses CRM alongside other critical components. The CXM blueprint also allows you to develop strategic requirements for CRM based on customer personas and external market analysis.

    Build a Strong Technology Foundation for Customer Experience Management

    Sample of the 'Build a Strong Technology Foundation for Customer Experience Management' blueprint. Design an end-to-end technology strategy to drive sales revenue, enhance marketing effectiveness, and create compelling experiences for your customers.

    View the blueprint

    Considering a CRM switch? Switching software vendors drives high satisfaction

    Eighty percent of organizations are more satisfied after changing their software vendor.

    • Most organizations see not only a positive change in satisfaction with their new vendor, but also a substantial change in satisfaction.
    • What matters is making sure your organization is well-positioned to make a switch.
    • When it comes to switching software vendors, the grass really can be greener on the other side.

    Over half of organizations are 60%+ more satisfied after changing their vendor.

    (Source: Info-Tech Research Group, "Switching Software Vendors Overwhelmingly Drives Increased Satisfaction", 2020.)

    IT is critical to the success of your CRM selection and rollout

    Today’s shared digital landscape of the CIO and CMO

    Info-Tech Insight

    Technology is the key enabler of building strong customer experiences: IT must stand shoulder to shoulder with the business to develop a technology framework for customer relationship management.

    CIO

    IT Operations

    Service Delivery and Management

    IT Support

    IT Systems and Application

    IT Strategy and Governance

    Cybersecurity     		Collaboration and Partnership

    Digital Strategy = Transformation
    Business Goals | Innovation | Leadership | Rationalization

    Customer Experience
    Architecture | Design | Omnichannel Delivery | Management

    Insight (Market Facing)
    Analytics | Business Intelligence | Machine Learning | AI

    Marketing Integration + Operating Model
    Apps | Channels | Experiences | Data | Command Center

    Master Data
    Customer | Audience | Industry | Digital Marketing Assets     		CMO

    PEO Media

    Brand Management

    Campaign Management

    Marketing Tech

    Marketing Ops

    Privacy, Trust, and Regulatory Requirements

    (Source: ZDNet, 2020)

    CRM by the numbers

    1/3

    Statistical analysis of CRM projects indicates failures vary from 18% to 69%. Taking an average of those analyst reports, about one-third of CRM projects are considered a failure. (Source: CIO Magazine, 2017)

    92%

    92% of organizations report that CRM use is important for accomplishing revenue objectives. (Source: Hall, 2020)

    40%

    In 2019, 40% of executives name customer experience the top priority for their digital transformation. (Source: CRM Magazine, 2019)

    Case Study

    Align strategy and technology to meet consumer demand.
    INDUSTRY
    Entertainment
    SOURCE
    Forbes, 2017
    Challenge

    Beginning as a mail-out service, Netflix offered subscribers a catalog of videos to select from and have mailed to them directly. Customers no longer had to go to a retail store to rent a video. However, the lack of immediacy of direct mail as the distribution channel resulted in slow adoption.

    Blockbuster was the industry leader in video retail but was lagging in its response to industry, consumer, and technology trends around customer experience.

    		Solution

    In response to the increasing presence of tech-savvy consumers on the internet, Netflix invested in developing its online platform as its primary distribution channel. The benefit of doing so was two-fold: passive brand advertising (by being present on the internet) and meeting customer demands for immediacy and convenience. Netflix also recognized the rising demand for personalized service and created an unprecedented, tailored customer experience.

    		Results

    Netflix’s disruptive innovation is built on the foundation of great customer experience management. Netflix is now a $28-billion company, which is tenfold what Blockbuster was worth.

    Netflix used disruptive technologies to innovatively build a customer experience that put it ahead of the long-time video rental industry leader, Blockbuster.

    CRM Buyer’s Guide

    Phase 1

    Understand CRM Features

    Phase 1

    1.1 Define CRM platforms

    1.2 Classify table stakes & differentiating capabilities

    1.3 Explore CRM trends

    		Phase 2

    2.1 Build the business case

    2.2 Streamline requirements elicitation for CRM

    2.3 Construct the RFP

    		Phase 3

    3.1 Discover key players in the CRM landscape

    3.2 Engage the shortlist & select finalist

    3.3 Prepare for implementation

    This phase will walk you through the following activities:

    • Set a level of understanding of CRM technology.
    • Define which CRM features are table stakes (standard) and which are differentiating.
    • Identify the “Art of the Possible” in a modern CRM from a sales, marketing, and service lens.

    This phase involves the following participants:

    • CIO
    • Applications manager
    • Project manager
    • Sales executive
    • Marketing executive
    • Customer service executive

    Understand CRM table stakes features

    Organizations can expect nearly all CRM vendors to provide the following functionality.

    Lead Management Pipeline Management Contact Management Campaign Management Customer Service Management
    • Tracks and captures a lead’s information, automatically building a profile. Leads are then qualified through contact scoring models. Assigning leads to sales is typically automated.
    • Enables oversight over future sales. Includes revenue forecasting based on past/present trends, tracking sales velocity, and identifying ineffective sales processes.
    • Tracks and stores customer data, including demography, account and billing history, social media, and contact information. Typically, records and fields can be customized.
    • Provides integrated omnichannel campaign functionality and data analysis of customer intelligence. Data insights can be used to drive new and effective marketing campaigns.
    • Provides integrated omnichannel customer experiences to provide convenient service. Includes case and ticket management, automated escalation rules, and third-party integrations.

    Identify differentiating CRM features

    While not always “must-have” functionality, these features may be the final dealbreaker when deciding between two CRM vendors.

    Image of clustered screens with various network and business icons surounding them.
    • Workflow Automation
      Automate repetitive tasks by creating workflows that trigger actions or send follow-up reminders for next steps.
    • Advanced Analytics and Reporting
      Provides customized dashboard visualizations, detailed reporting, AI-driven virtual assistants, data extraction & analysis, and ML forecasting.
    • Customizations and Open APIs
      Broad range of available customizations (e.g. for dashboards and fields), alongside ease of integration (e.g. via plugins or APIs).
    • Document Management
      Out-of-the-box centralized content repository for storing, uploading, and sharing documents.
    • Mobile Support
      Ability to support mobile devices, OSes, and platforms with a native application or HTML-based web-access.
    • Project and Task Management
      Native project and task management functionality, enhancing cross-team organization and communication.
    • Configure, Price, Quote (CPQ)
      Create and send quotes or proposals to prospective and current customers.

    Features aren’t everything – be wary of common CRM selection pitfalls

    You can have all the right features, but systemic problems will lead to poor CRM implementation. Dig out these root causes first to ensure a successful CRM selection.

    50% of organizations believe the quality of their CRM data is “very poor” or “neutral.”

    Without addressing data governance issues, CRMs will only be as good as your data.

    Source: (Validity 2020)     		27% of organizations report that bad data costs them 10% or more in lost revenue annually.
    42% rate the trust that users have in their data as “high” or “very high.”
    54% believe that sales forecasts are accurate or very accurate.
    69% attribute poor CRM governance to missing or incomplete data, followed by duplicate data, incorrect data, and expired data. Other data issues include siloed data or disparate systems.
    73% believe that they do not have a 360-degree view of their customers.

    Ensure you understand the “art of the possible” in the CRM landscape

    Knowing what is possible will help funnel which features are most suitable for your organization – having all the bells and whistles does not always equal strong ROI.

    Holistically examine the potential of any CRM solution through three main lenses: Stock image of a person working with dashboards.

    Sales

    Identify sales opportunities through recording customers’ interactions, generating leads, nurturing contacts, and forecasting revenues.     		Stock image of people experiencing digital ideas.

    Marketing

    Analyze customer interactions to identify upsell and cross-sell opportunities, drive customer loyalty, and use customer data for targeted campaigns.     		Stock image of a customer service representative.

    Customer Service

    Improve and optimize customer engagement and retention, leveraging customer data to provide round-the-clock omnichannel experiences.

    Art of the possible: Sales

    Stock image of a person working with dashboards.

    TRACK PROSPECT INTERACTIONS

    		 Want to engage with a prospect but don’t know what to lead with? CRM solutions can track and analyze many of the interactions a prospect has with your organization, including with fellow staff, their clickthrough rate on marketing material, and what services they are downloading on your website. This information can then auto-generate tasks to begin lead generation.

    COORDINATE LEAD SCORING

    		 Information captured from a prospect is generated into contact cards; missing data (such as name and company) can be auto-captured by the CRM via crawling sites such as LinkedIn. The CRM then centralizes and scores (according to inputted business rules) a lead’s potential, ensuring sales teams coordinate and keep a track of the lead’s journey without wrongful interference.

    AI-DRIVEN REVENUE FORECASTING

    		 Generate accurate forecasting reports using AI-driven “virtual assistants” within the CRM platform. These assistants are personal data scientists, quickly noting discrepancies, opportunities, and what-if scenarios – tasks that might take weeks to do manually. This pulled data is then auto-forecasted, with the ability to flexibly adjust to real-time data.

    Art of the possible: Marketing

    Stock image of people experiencing digital ideas.

    DRIVE LOYALTY

    		 Data captured and analyzed in the CRM from customer interactions builds profiles and a deeper understanding of customers’ interests. With this data, marketing teams can deliver personalized promotions and customer service to enhance loyalty – from sending a discount on a product the customer was browsing on the website, to providing notifications about delivery statuses.

    AUTOMATE WORKFLOWS

    		 Building customer profiles, learning spending habits, and charting a customer’s journey for upselling or cross-selling can be automated through workflows, saving hours of manual work. These workflows can immediately respond to customer enquiries or deliver offers to the customer’s preferred channel based on their prior usage.

    TARGETED CAMPAIGNING

    		 Information attained through a CRM platform directly informs any marketing strategy: identifying customer segments, spending habits, building a better product based on customer feedback, and identifying high-spending customers. With any new product or offering, it is straightforward for marketing teams to understand where to target their next campaign for highest impact.

    Art of the possible: Customer service

    Stock image of a customer service representative.

    OMNICHANNEL SUPPORT

    		 Rapidly changing demographics and modes of communications require an evolution toward omnichannel engagement. Many customers now expect to communicate with contact centers not just by voice, but via social media. Agents need customer information synced across each channel they use, meeting the customer’s needs where they are.

    INTELLIGENT SELF-SERVICE PORTALS

    		 Customers want their issues resolved as quickly as possible. Machine-learning self-service options deliver personalized customer experiences, which also reduce both agent call volume and support costs for the organization.

    LEVERAGING ANALYTICS

    		 The future of customer service is tied up with analytics. This not only entails AI-driven capabilities that fetch the agent relevant information, skills-based routing, and using biometric data (e.g. speech) for security. It also feeds operations leaders’ need for easy access to real insights about how their customers and agents are doing.

    Best-of-Breed Point Solutions

    Full CRM Suite
    Blue smiley face. Benefits
    • Features may be more advanced for specific functional areas and a higher degree of customization may be possible.
    • If a potential delay in real-time customer data transfer is acceptable, best-of-breeds provide a similar level of functionality to suites for a lower price.
    • Best-of-breeds allow value to be realized faster than suites, as they are easier and faster to implement and configure.
    • Rip and replace is easier, and vendor updates are relatively quick to market.
    		Benefits
    • Everyone in the organization works from the same set of customer data.
    • There is a “lowest common denominator” for agent learning as consistent user interfaces lower learning curves and increase efficiency in usage.
    • There is a broader range of functionality using modules.
    • Integration between functional areas will be strong and the organization will be in a better position to enable version upgrades without risking invalidation of an integration point between separate systems.
    		 Green smiley face.
    Purple frowny face. Challenges
    • Best-of-breeds typically cover less breadth of functionality than suites.
    • There is a lack of uniformity in user experience across best-of-breeds.
    • Data integrity risks are higher.
    • Variable infrastructure may be implemented due to multiple disparate systems, which adds to architecture complexity and increased maintenance.
    • There is potential for redundant functionality across multiple best-of-breeds.
    		 Challenges
    • Suites exhibit significantly higher costs compared to point solutions.
    • Suite module functionality may not have the same depth as point solutions.
    • Due to high configuration availability and larger-scale implementation requirements, the time to deploy is longer than point solutions.
    		 Orange frowny face.
    Info-Tech Insight

    Even if a suite is missing a potential module, the proliferation of app extensions, integrations, and services could provide a solution. Salesforce’s AppExchange, for instance, offers a plethora of options to extend its CRM solution – from telephony integration, to gamification.

    CRM Buyer’s Guide

    Phase 2

    Build the Business Case & Elicit CRM Requirements

    Phase 1

    1.1 Define CRM platforms

    1.2 Classify table stakes & differentiating capabilities

    1.3 Explore CRM trends

    		Phase 2

    2.1 Build the business case

    2.2 Streamline requirements elicitation for CRM

    2.3 Construct the RFP

    		Phase 3

    3.1 Discover key players in the CRM landscape

    3.2 Engage the shortlist & select finalist

    3.3 Prepare for implementation

    This phase will walk you through the following activities:

    • Identify goals, objectives, challenges, and costs to inform the business case for a new CRM platform.
    • Elicit and prioritize key requirements for your platform.
    • Port the requirements into Info-Tech’s CRM RFP Template.

    This phase involves the following participants:

    • CIO
    • Applications manager
    • Project manager
    • Sales executive
    • Marketing executive
    • Customer service executive

    Right-size the CRM selection team to ensure you get the right information but are still able to move ahead quickly

    Full-Time Resourcing: At least one of these five team members must be allocated to the selection initiative as a full-time resource.

    A silhouetted figure.

    IT Leader

    		 A silhouetted figure.

    Technical Lead

    		 A silhouetted figure.

    Business Analyst/
    Project Manager

    		 A silhouetted figure.

    Business Lead

    		 A silhouetted figure.

    Process Expert(s)
    This team member is an IT director or CIO who will provide sponsorship and oversight from the IT perspective. This team member will focus on application security, integration, and enterprise architecture. This team member elicits business needs and translates them into technology requirements. This team member will provide sponsorship from the business needs perspective. Typically, a CMO or SVP of sales. These team members are the sales, marketing, and service process owners who will help steer the CRM requirements and direction.

    Info-Tech Insight

    It is critical for the selection team to determine who has decision rights. Organizational culture will play the largest role in dictating which team member holds the final say for selection decisions. For more information on stakeholder management and involvement, see this guide.

    Be prepared to define what issues you are trying to address and why a new CRM is the right approach

    Identify the current state and review the background of what you’ve done leading up to this point, goals you’ve been asked to meet, and challenges in solving known problems to help to set the stage for why your proposed solution is needed. If your process improvements have taken you as far as you can go without improved workflows or data, specify where the gaps are.
    Arrows with icons related to the text on the right merging into one arrow. Alignment

    Alignment to strategic goals is always important, but that is especially true with CRM because customer relationship management platforms are at the intersection of your organization and your customers. What are the strategic marketing, sales and customer service goals that you want to realize (in whole or in part) by improving your CRM ecosystem?

    Impact to your business

    Identify areas where your customers may be impacted by poor experiences due to inadequate or aging technology. What’s the impact on customer retention? On revenue?

    Impact to your organization

    Define how internal stakeholders within the organization are impacted by a sub-optimal CRM experience – what are their frustrations and pain points? How do issues with your current CRM environment prevent teams in sales, marketing, or service from doing their jobs?

    Impact to your department

    Describe the challenges within IT of using disparate systems, workarounds, poor data and reporting, lack of automation, etc., and the effect these challenges have on IT’s goals.

    Align the CRM strategy with the corporate strategy

    Corporate Strategy Unified Strategy CRM Strategy
    Spectrum spanning all columns.
    Your corporate strategy:
    • Conveys the current state of the organization and the path it wants to take.
    • Identifies future goals and business aspirations.
    • Communicates the initiatives that are critical for getting the organization from its current state to the future state.
    • The CRM strategy and the rationale for deploying a new CRM can be and should be linked, with metrics, to the corporate strategy and ultimate business objectives (such as improving customer acquisition, entering new segments, or improving customer lifetime value).
    		Your CRM strategy:
    • Communicates the organization’s budget and spending on CRM.
    • Identifies IT initiatives that will support the business and key CRM objectives.
    • Outlines staffing and resourcing for CRM initiatives.
    CRM projects are more successful when the management team understands the strategic importance and the criticality of alignment. Time needs to be spent upfront aligning business strategies with CRM capabilities. Effective alignment between sales, marketing, customer service, operations, IT, and the business should happen daily. Alignment doesn’t just need to occur at the executive level, but also at each level of the organization.

    2.1 Create your list of goals and milestones for CRM

    1-3 hours

    Input: Corporate strategy, Target key performance indicators, End-user satisfaction results (if applicable)

    Output: Prioritized list of goals with milestones that can be met with a new or improved CRM solution

    Materials: Whiteboard/flip charts, CRM Business Case Template

    Participants: CIO, Application managers, CMO/SVP sales, Marketing, sales or service SMEs

    1. Review strategic goals to identify alignment to your CRM selection project. For example, digital transformation may be enhanced or enabled with a CRM solution that supports better outreach to key customer segments through improved campaign management.
    2. Next, brainstorm tactical goals with your colleagues.
    3. Identify specific goals the organization has set for the business that may be supported by improved customer prospecting, customer service, or analytics functionality through a better CRM solution.
    4. Identify specific goals your organization will be able to make possible with a new or improved CRM solution.
    5. Prioritize this list and lead with the most important goal that can be reached at the one-year, six-month, and three-month milestones.
    6. Document in the goals section of your business case.

    Download the CRM Business Case Template and record the outputs of this exercise in the strategic business goals, business drivers, and technical drivers slides.

    Identify what challenges exist with the current environment

    Ensure you are identifying issues at a high level, so as not to drown in detail, but still paint the right picture. Identify technical issues that are impacting customer experience or business goals. Typical complaints for CRM solutions that are old or have been outgrown include:

    1.

    Lack of a flexible, configurable customer data model that supports complex relationships between accounts and contacts.

    2.

    Lack of a flexible, configurable customer data model that supports complex relationships between accounts and contacts.

    3.

    Lack of meaningful reports and useable dashboards, or difficulty in surfacing them.

    4.

    		 Poor change enablement resulting in business interruptions.

    5.

    		 Inability to effectively automate routine sales, marketing, or service tasks at scale via a workflow tool.

    6.

    		 Lack of proper service management features, such as service knowledge management.

    7.

    Inability to ingest customer data at scale (for example, no ability to automatically log e-mails or calls).

    8.

    Major technical deficiencies and outages – the incumbent CRM platform goes down, causing business disruption.

    9.

    The platform itself doesn’t exist in the current state – everything is done in Microsoft Excel!

    Separate business issues from technical issues, but highlight where they’re connected and where technical issues are causing business issues or preventing business goals from being reached.

    Before switching vendors, evaluate your existing CRM to see if it’s being underutilized or could use an upgrade

    The cost of switching vendors can be challenging, but it will depend entirely on the quality of data and whether it makes sense to keep it.
    • Achieving success when switching vendors first requires reflection. We need to ask why we are dissatisfied with our incumbent software.
    • If the product is old and inflexible, the answer may be obvious, but don’t be afraid to include your incumbent in your evaluation if your issues might be solved with an upgrade.
    • Look at your use-case requirements to see where you want to take the CRM solution and compare them to your incumbent’s roadmap. If they don’t match, switching vendors may be the only solution. If your roadmaps align, see if you’re fully leveraging the solution or will be able to start working through process improvements.
    Pie graph with a 20% slice. Pie graph with a 25% slice.

    20%

    		 Small/Medium Enterprises

    25%

    		 Large Enterprises
    only occasionally or rarely/never use their software (Source: Software Reviews, 2020; N = 45,027)
    Fully leveraging your current software now will have two benefits:
    1. It may turn out that poor leveraging of your incumbent software was the problem all along; switching vendors won’t solve the problem by itself. As the data to the right shows, a fifth of small/medium enterprises and a quarter of large enterprises do not fully leverage their incumbent software.
    2. If you still decide to switch, you’ll be in a good negotiating position. If vendors can see you are engaged and fully leveraging your software, they will be less complacent during negotiations to win you over.
    Info-Tech Insight

    Switching vendors won’t improve poor internal processes. To be fully successful and meet the goals of the business case, new software implementations must be accompanied by process review and improvement.

    2.2 Create your list of challenges as they relate to your goals and their impacts

    1-2 hours

    Input: Goals lists, Target key performance indicators, End-user satisfaction results (if applicable)

    Output: Prioritized list of challenges preventing or hindering customer experiences

    Materials: Whiteboard/flip charts, CRM Business Case Template

    Participants: CIO, Application managers, CMO/SVP sales, Marketing, sales, or service SMEs

    1. Brainstorm with your colleagues to discuss your challenges with CRM today from an application and process lens.
    2. Identify how these challenges are impacting your ability to meet the goals and identify any that are creating customer-facing issues.
    3. Group together like areas and arrange in order of most impactful. Identify which of these issues will be most relevant to the business case for a new CRM platform.
    4. Document in the current-state section of your business case.
    5. Discuss and determine if the incumbent solution can meet your needs or if you’ll need to replace it with a different product.

    Download the CRM Business Case Template and document the outputs of this exercise in the current-state section of your business case.

    Determine costs of the solution

    Ensure the business case includes both internal and external costs related to the new CRM platform, allocating costs of project managers to improve accuracy of overall costs and level of success.

    CRM solutions include application costs and costs to design processes, install, and configure. These start-up costs can be a significant factor in whether the initial purchase is feasible.

    CRM Vendor Costs

    • Application licensing
    • Implementation and configuration
    • Professional services
    • Maintenance and support
    • Training
    • 3rd Party add-ons
    • Data transformation
    • Integration
    When thinking about vendor costs, also consider the matching internal cost associated with the vendor activity (e.g. data cleansing, internal support).

    Internal Costs

    • Project management
    • Business readiness
    • Change management
    • Resourcing (user groups, design/consulting, testing)
    • Training
    • Auditors (if regulatory requirements need vetting)
    Project management is a critical success factor at all stages of an enterprise application initiative from planning to post-implementation. Ensuring that costs for such critical areas are accurately represented will contribute to success.

    Download the blueprint Improve Your Statements of Work to Hold Your Vendors Accountable to define requirements for installation and configuration.

    		Bring in the right resources to guarantee success. Work with the PMO or project manager to get help with creating the SOW.

    60% of IT projects are NOT finished “mostly or always” on time (Wellingtone, 2018).

    55% of IT personnel feel that the business objectives of their software projects are clear to them (Geneca, 2017).

    Document costs and expected benefits of the new CRM

    The business case should account for the timing of both expenditures and benefits. It is naïve to expect straight-line benefit realization or a big-bang cash outflow related to the solution implementation. Proper recognition and articulation of ramp-up time will make your business case more convincing.

    Make sure your timelines are realistic for benefits realization, as these will be your project milestones and your metrics for success.

    Example:
    Q1-Q2 Q3-Q6 Q6 Onwards

    Benefits at 25%

    At the early stages of an implementation, users are still learning the new system and go-live issues are being addressed. Most of the projected process improvements are likely to be low, zero, or even negative.

    Benefits at 75%

    Gradually, as processes become more familiar, an organization can expect to move closer to realizing the forecasted benefits or at least be in a position to recognize a positive trend toward their realization.

    Benefits at 100%

    In an ideal world, all projected benefits are realized at 100% or higher. This can be considered the stage where processes have been mastered, the system is operating smoothly, and change has been broadly adopted. In reality, benefits are often overestimated.

    Costs at 50%

    As with benefits, some costs may not kick in until later in the process or when the application is fully operational. In the early phases of implementation, factor in the cost of overlapping technology where you’ll need to run redundant systems and transition any data.

    Costs at 100%

    Costs are realized quicker than benefits as implementation activities are actioned, licensing and maintenance costs are introduced, and resourcing is deployed to support vendor activities internally. Costs that were not live in the early stages are an operational reality at this stage.

    Costs at 100%+

    Costs can be expected to remain relatively static past a certain point, if estimates accurately represented all costs. In many instances, costs can exceed original estimates in the business case, where costs were either underestimated, understated, or missed.

    2.3 Document your costs and expected benefits

    1-2 hours

    Input: Quotes with payment schedule, Budget

    Output: Estimated payment schedule and cost breakdown

    Materials: Spreadsheet or whiteboard, CRM Business Case Template

    Participants: CIO, Application managers, CMO/SVP sales, Marketing, sales, or service SMEs

    1. Estimate costs for the CRM solution. If you’re working with a vendor, provide the initial requirements to quote; otherwise, estimate as closely as you’re able.
    2. Calculate the five-year total cost for the solution to ensure the long-term budget is calculated.
    3. Break down costs for licenses, implementation, training, internal support, and hardware or hosting fees.
    4. Determine a reasonable breakdown of costs for the first year.
    5. Identify where residual costs of the old system may factor in if there are remaining contract obligations during the technology transition.
    6. Create a list of benefits expected to be realized within the same timeline.

    Sample of the table on the previous slide.

    Download the CRM Business Case Template and document the outputs of this exercise in the current-state section of your business case.

    Identify risks and dependencies to mitigate barriers to success as you look to roll out a CRM suite

    A risk assessment will be helpful to better understand what risks need to be mitigated to make the project a success and what risks are pending should the solution not be approved or be delayed.

    Risk Criteria Relevant Questions
    Timeline Uncertainty
    • How much risk is associated with the timeline of the CRM project?
    • Is this timeline realistic and can you reach some value in the first year?
    Success of Similar Projects
    • Have we undertaken previous projects that are similar?
    • Were those successful?
    • Did we note any future steps for improvement?
    Certainty of Forecasts
    • Where have the numbers originated?
    • How comfortable are the sponsors with the revenue and cost forecasts?
    Chance of Cost Overruns
    • How likely is the project to have cost overruns?
    • How much process and design work needs to be done prior to implementation?
    Resource Availability
    • Is this a priority project?
    • How likely are resourcing issues from a technical and business perspective?
    • Do we have the right resources?
    Change During Delivery
    • How volatile is the area in which the project is being implemented?
    • Are changes in the environment likely?
    • How complex are planned integrations?

    2.4 Identify risks to the success of the solution rollout and mitigation plan

    1-2 hours

    Input: List of goals and challenges, Target key performance indicators

    Output: Prioritized list of challenges preventing or hindering improvements for the IT teams

    Materials: Whiteboard/flip charts, CRM Business Case Template

    Participants: CIO, Application managers, CMO/SVP sales, Marketing, sales, or service SMEs

    1. Brainstorm with your colleagues to discuss potential roadblocks and risks that could impact the success of the CRM project.
    2. Identify how these risks could impact your project.
    3. Document the ones that are most likely to occur and derail the project.
    4. Discuss potential solutions to mitigate risks.

    Download the CRM Business Case Template and document the outputs of this exercise in the risk and dependency section of your business case. If the risk assessment needs to be more complex, complete the Risk Indicator Analysis in Info-Tech’s Business Case Workbook.

    Start requirements gathering by identifying your most important use cases across sales, marketing, and service

    Add to your business case by identifying which top-level use cases will meet your goals.

    Examples of target use cases for a CRM project include:

    • Enhance sales acquisition capabilities (i.e. via pipeline management)
    • Enhance customer upsell and cross-sell capabilities
    • Improve customer segmentation and targeting capabilities for multi-channel marketing campaigns
    • Strengthen customer care capabilities to improve customer satisfaction and retention (i.e. via improved case management and service knowledge management)
    • Create actionable insights via enhanced reporting and analytics

    Info-Tech Insight

    Lead with the most important benefit and consider the timeline. Can you reach that goal and report success to your stakeholders within the first year? As you look toward that one-year goal, you can consider secondary benefits, some of which may be opportunities to bring early value in the solution.

    		Benefits of a successful deployment of use cases will include:
    • Improved customer satisfaction
    • Improved operational efficiencies
    • Reduced customer turnover
    • Increased platform uptime
    • License or regulatory compliance
    • Positioned for growth

    Typically, we see business benefits in this order of importance. Lead with the outcome that is most important to your stakeholders.

    • Net income increases
    • Revenue generators
    • Cost reductions
    • Improved customer service

    Consider perspectives of each stakeholder to ensure functionality needs are met and high satisfaction results

    Best of breed vs. “good enough” is an important discussion and will feed your success.

    Costs can be high when customizing an ill-fitting module or creating workarounds to solve business problems, including loss of functionality, productivity, and credibility.

    • Start with use cases to drive the initial discussion, then determine which features are mandatory and which are nice-to-haves. Mandatory features will help determine high success for critical functionality and identify where “good enough” is an acceptable state.
    • Consider the implications to implementation and all use cases of buying an all-in-one solution, integration of multiple best-of-breed solutions, or customizing features that were not built into a solution.
    • Be prepared to shelve a use case for this solution and look to alternatives for integration where mandatory features cannot meet highly specialized needs that are outside of traditional CRM solutions.

    Pros and Cons

    Build vs. Buy

    Multi-Source Best of Breed

    Flexibility
    vs.
    architectural complexity

    Vendor Add-Ons & Integrations

    Lower support costs
    vs.
    configuration

    Multi-source Custom

    Flexibility
    vs.
    high skills requirements

    Single Source

    Lower support costs
    vs.
    configuration

    2.5 Define use cases and high-level features for meeting business and technical goals

    1-2 hours

    Input: List of goals and challenges

    Output: Use cases to be used for determining requirements

    Materials: Whiteboard/flip charts, CRM Business Case Template

    Participants: CIO, Application managers, CMO/SVP sales, Marketing, sales, or service SMEs

    1. Identify the key customer engagement use cases that will support your overall goals as defined in the previous section.
    2. The following slide has examples of use case domains that will be enhanced from a CRM platform.
    3. Define high-level goals you wish to achieve in the first year and longer term. If you have more specific KPIs to add, and it is a requirement for your organization’s documentation, add them to this section.
    4. Take note of where processes will need to be improved to benefit from these use-case solutions – the tools are only as good as the process behind them.

    Download the CRM Business Case Template and document the outputs from this exercise in the current-state section of your business case.

    Understand the dominant use-case scenarios across organizations to narrow the list of potential CRM solutions

    Sales
    Enablement

    • Generate leads through multiple channels.
    • Rapidly sort, score, and prioritize leads based on multiple criteria.
    • Create in-depth sales forecasts segmented by multiple criteria (territory, representative, etc.).

    Marketing
    Management

    • Manage marketing campaigns across multiple channels (web, social, email, etc.).
    • Aggregate and analyze customer data to generate market intelligence.
    • Build and deploy customer-facing portals.

    Customer Service
    Management

    • Generate tickets, and triage customer service requests through multiple channels.
    • Track customer service interactions with cases.
    • There is a need to integrate customer records with contact center infrastructure.
    Info-Tech Insight

    Use your understanding of the CRM use case to accelerate the vendor shortlisting process. Since the CRM use case has a direct impact on the prioritization of a platform’s features and capabilities, you can rapidly eliminate vendors from contention or designate superfluous modules as out-of-scope.

    2.5.1 Use Info-Tech’s CRM Use-Case Fit Assessment Tool to align your CRM requirements to the vendor use cases

    30 min

    Input: Understanding of business objectives for CRM project, Use-Case Fit Assessment Tool

    Output: Use-case suitability

    Materials: Use-Case Fit Assessment Tool

    Participants: Core project team, Project managers

    1. Use the Use-Case Fit Assessment Tool to understand how your unique business requirements map into which CRM use case.
    2. This tool will assess your answers and determine your relative fit against the use-case scenarios.
    3. Fit will be assessed as “Weak,” “Moderate,” or “Strong.”
      1. Consider the common pitfalls, which were mentioned earlier, that can cause IT projects to fail. Plan and take clear steps to avoid or mitigate these concerns.
      2. Note: These use-case scenarios are not mutually exclusive, meaning your organization can align with one or more scenarios based on your answers. If your organization shows close alignment to multiple scenarios, consider focusing on finding a more robust solution and concentrate your review on vendors that performed strongly in those scenarios or meet the critical requirements for each.

    Download the CRM Use-Case Fit Assessment Tool

    Once you’ve identified the top-level use cases a CRM must support, elicit, and prioritize granular platform requirements.

    Understanding business needs through requirements gathering is the key to defining everything about what is being purchased, yet it is an area where people often make critical mistakes.

    Info-Tech Insight

    To avoid creating makeshift solutions, an organization needs to gather requirements with the desired future state in mind.

    Risks of poorly scoped requirements

    • Fail to be comprehensive and miss certain areas of scope
    • Focus on how the solution should work instead of what it must accomplish
    • Have multiple levels of detail within the requirements, which are inconsistent and confusing
    • Drill all the way down into system-level detail
    • Add unnecessary constraints based on what is done today rather than focusing on what is needed for tomorrow
    • Omit constraints or preferences that buyers think are “obvious”

    Best practices

    • Get a clear understanding of what the system needs to do and what it is expected to produce
    • Test against the principle of MECE – requirements should be “mutually exclusive and collectively exhaustive”
    • Explicitly state the obvious and assume nothing
    • Investigate what is sold on the market and how it is sold. Use language that is consistent with that of the market and focus on key differentiators – not table stakes
    • Contain the appropriate level of detail – the level should be suitable for procurement and sufficient for differentiating vendors

    Prioritize requirements to assist with vendor selection: focus on priority requirements linked to differentiated capabilities

    Prioritization is the process of ranking each requirement based on its importance to project success. Hold a meeting for the domain SMEs, implementation SMEs, project managers, and project sponsors to prioritize the requirements list. At the conclusion of the meeting, each requirement should be assigned a priority level. The implementation SMEs will use these priority levels to ensure efforts are targeted toward the proper requirements and to plan features available on each release. Use the MoSCoW Model of Prioritization to effectively order requirements.


    Pyramid of the MoSCoW Model.
    The MoSCoW model was introduced by Dai Clegg of Oracle UK in 1994.

    		The MoSCoW Model of Prioritization

    Requirements must be implemented for the solution to be considered successful.

    Requirements that are high priority should be included in the solution if possible.

    Requirements are desirable but not necessary and could be included if resources are available.

    Requirements won’t be in the next release, but will be considered for the future releases.

    Base your prioritization on the right set of criteria

    Effective Prioritization Criteria

    Criteria

    Description
    Regulatory & Legal Compliance These requirements will be considered mandatory.
    Policy Compliance Unless an internal policy can be altered or an exception can be made, these requirements will be considered mandatory.
    Business Value Significance Give a higher priority to high-value requirements.
    Business Risk Any requirement with the potential to jeopardize the entire project should be given a high priority and implemented early.
    Likelihood of Success Especially in “proof of concept” projects, it is recommended that requirements have good odds.
    Implementation Complexity Give a higher priority to low implementation difficulty requirements.
    Alignment With Strategy Give a higher priority to requirements that enable the corporate strategy.
    Urgency Prioritize requirements based on time sensitivity.
    Dependencies A requirement on its own may be low priority, but if it supports a high-priority requirement, then its priority must match it.

    2.6 Identify requirements to support your use cases

    1-2 hours

    Input: List of goals and challenges

    Output: Use cases to be used for determining requirements

    Materials: Whiteboard/flip charts, Vendor Evaluation Workbook

    Participants: CIO, Application managers, CMO/SVP sales, Marketing, sales, or service SMEs

    1. Work with the team to identify which features will be most important to support your use cases. Keep in mind there will be some features that will require more effort to implement fully. Add that into your project plan.
    2. Use the features lists on the following slides as a guide to get started on requirements.
    3. Prioritize your requirements list into mandatory features and nice-to-have features (or use the MoSCoW model from the previous slides). This will help you to eliminate vendors who don’t meet bare minimums and to score remaining vendors.
    4. Use this same list to guide your vendor demos.

    Our Improve Requirements Gathering blueprint provides a deep dive into the process of eliciting, analyzing, and validating requirements if you need to go deeper into effective techniques.

    CRM features

    Table stakes vs. differentiating

    What is a table stakes/standard feature?

    • Certain features are standard for all CRM tools, but that doesn’t mean they are all equal.
    • The existence of features doesn’t guarantee their quality or functionality to the standards you need. Never assume that “Yes” in a features list means you don’t need to ask for a demo.
    • If Table Stakes are all you need from your CRM solution, the only true differentiator for the organization is price. Otherwise, dig deeper to find the best price to value for your needs.

    What is a differentiating/additional feature?

    • Differentiating features take two forms:
      • Some CRM platforms offer differentiating features that are vertical specific.
      • Other CRM platforms offer differentiating features that are considered cutting edge. These cutting-edge features may become table stakes over time.

    Table stakes features for CRM

    Account Management Flexible account database that stores customer information, account history, and billing information. Additional functionality includes: contact deduplication, advanced field management, document linking, and embedded maps.
    Interaction Logging and Order History Ability to view all interactions that have occurred between sales teams and the customer, including purchase order history.
    Basic Pipeline Management View of all opportunities organized by their current stage in the sales process.
    Basic Case Management The ability to create and manage cases (for customer service or order fulfilment) and associate them with designated accounts or contacts.
    Basic Campaign Management Basic multi-channel campaign management (i.e. ability to execute outbound email campaigns). Budget tracking and campaign dashboards.
    Reports and Analytics In-depth reports on CRM data with dashboards and analytics for a variety of audiences.
    Mobile Support Mobile access across multiple devices (tablets, smartphones and/or wearables) with access to CRM data and dashboards.

    Additional features for CRM

    Customer Information Management Customizable records with detailed demographic information and the ability to created nested accounts (accounts with associated sub-accounts or contact records).
    Advanced Case Management Ability to track detailed interactions with members or constituents through a case view.
    Employee Collaboration Capabilities for employee-to-employee collaboration, team selling, and activity streams.
    Customer Collaboration Capabilities for outbound customer collaboration (i.e. the ability to create customer portals).
    Lead Generation Capabilities for generating qualified leads from multiple channels.
    Lead Nurturing/Lead Scoring The ability to evaluate lead warmth using multiple customer-defined criteria.
    Pipeline and Deal Management Managing deals through cases, providing quotes, and tracking client deliverables.

    Additional features for CRM (Continued)

    Marketing Campaign Management Managing outbound marketing campaigns via multiple channels (email, phone, social, mobile).
    Customer Intelligence Tools for in-depth customer insight generation and segmentation, predictive analytics, and contextual analytics.
    Multi-Channel Support Capabilities for supporting customer interactions across multiple channels (email, phone, social, mobile, IoT, etc.).
    Customer Service Workflow Management Capabilities for customer service resolution, including ticketing and service management.
    Knowledge Management Tools for capturing and sharing CRM-related knowledge, especially for customer service.
    Customer Journey Mapping Visual workflow builder with automated trigger points and business rules engine.
    Document Management The ability to curate assets and attachments and add them to account or contact records.
    Configure, Price, Quote The ability to create sales quotes/proposals from predefined price lists and rules.

    2.7 Put it all together – port your requirements into a robust RFP template that you can take to market!

    1-2 hours
    1. Once you’ve captured and prioritized your requirements – and received sign-off on them from key stakeholders – it’s time to bake them into a procurement vehicle of your choice.
    2. For complex enterprise systems like a CRM platform, Info-Tech recommends that this should take the form of a structured RFP document.
    3. Use our CRM RFP Template and associated CRM RFP Scoring Tool to jump-start the process.
    4. The next step will be conducting a market scan to identify contenders, and issuing the RFP to a shortlist of viable vendors for further evaluation.

    Need additional guidance on running an effective RFP process? Our Drive Successful Sourcing Outcomes with a Robust RFP Process has everything you need to ace the creation, administration and assessment of RFPs!

    		Samples of the CRM Request for Proposal Template and CRM Suite Evaluation and RFP Scoring Tool.

    Download the CRM Request for Proposal Template

    Download the CRM Suite Evaluation and RFP Scoring Tool

    Identify whether vertical-specific CRM platforms are a best fit

    In mature vendor landscapes (like CRM) vendors begin to differentiate themselves by offering vertical-specific platforms, modules, or feature sets. These feature sets accelerate the implantation, decrease the platform’s learning curve, and drive user adoption. The three use cases below cover the most common industry-specific offerings:

    Public Sector

    • Constituent management and communication.
    • Constituent portal deployment for self-service.
    • Segment constituents based on geography, needs and preferences.

    Education

    • Top-level view into the student journey from prospect to enrolment.
    • Track student interactions with services across the institution.
    • Unify communications across different departments.

    Financial Services

    • Determine customer proclivity for new services.
    • Develop self-service banking portals.
    • Track longitudinal customer relationships from first account to retirement management.
    Info-Tech Insight

    Vertical-specific solutions require less legwork to do upfront but could cost you more in the long run. Interoperability and vendor viability must be carefully examined. Smaller players targeting niche industries often have limited integration ecosystems and less funding to keep pace with feature innovation.

    Rein-in ballooning scope for CRM selection projects

    Stretching the CRM beyond its core capabilities is a short-term solution to a long-term problem. Educate stakeholders about the limits of CRM technology.

    Common pitfalls for CRM selection

    • Tangential capabilities may require separate solutions. It is common for stakeholders to list features such as “content management” as part of the new CRM platform. While content management goes hand in hand with the CRM’s ability to manage customer interactions, document management is best handled by a standalone platform.

    Keeping stakeholders engaged and in line

    • Ballooning scope leads to stakeholder dissatisfaction. Appeasing stakeholders by over-customizing the platform will lead to integration and headaches down the road.
    • Make sure stakeholders feel heard. Do not turn down ideas in the midst of an elicitation session. Once the requirements-gathering sessions are completed, the project team has the opportunity to mark requirements as “out of scope” and communicate the reasoning behind the decision.
    • Educate stakeholders on the core functionality of CRM. Many stakeholders do not know the best-fit use cases for CRM platforms. Help end users understand what CRM is good at and where additional technologies will be needed.
    		 Stock image of a man leaping with a balloon.

    CRM Buyer’s Guide

    Phase 3

    Discover the CRM Market Space & Prepare for Implementation

    Phase 1

    1.1 Define CRM platforms

    1.2 Classify table stakes & differentiating capabilities

    1.3 Explore CRM trends

    		Phase 2

    2.1 Build the business case

    2.2 Streamline requirements elicitation for CRM

    2.3 Construct the RFP

    		Phase 3

    3.1 Discover key players in the CRM landscape

    3.2 Engage the shortlist & select finalist

    3.3 Prepare for implementation

    This phase will walk you through the following activities:

    • Dive into the key players of the CRM vendor landscape.
    • Understand best practices for building a vendor shortlist.
    • Understand key implementation considerations for CRM.

    This phase involves the following participants:

    • CIO
    • Applications manager
    • Project manager
    • Sales executive
    • Marketing executive
    • Customer service executive

    Consolidating the Vendor Shortlist Up-Front Reduces Downstream Effort

    Put the “short” back in shortlist!

    • Radically reduce effort by narrowing the field of potential vendors earlier in the selection process. Too many organizations don’t funnel their vendor shortlist until nearing the end of the selection process. The result is wasted time and effort evaluating options that are patently not a good fit.
    • Leverage external data (such as SoftwareReviews) and expert opinion to consolidate your shortlist into a smaller number of viable vendors before the investigative interview stage and eliminate time spent evaluating dozens of RFP responses.
    • Having fewer RFP responses to evaluate means you will have more time to do greater due diligence.
    		 Stock image of river rapids.

    Review your use cases to start your shortlist

    Your Info-Tech analysts can help you narrow down the list of vendors that will meet your requirements.

    Next steps will include:
    1. Reviewing your requirements
    2. Checking out SoftwareReviews
    3. Shortlisting your vendors
    4. Conducting demos and detailed proposal reviews
    5. Selecting and contracting with a finalist!
    		 Image of a person presenting a dashboard of the steps on the left.

    Get to know the key players in the CRM landscape

    The proceeding slides provide a top-level overview of the popular players you will encounter in the CRM shortlisting process.

    Logos of the key players in the CRM landscape (Salesforce, Microsoft, Oracle, HubSpot, etc).

    Evaluate software category leaders through vendor rankings and awards

    SoftwareReviews
    Sample of SoftwareReviews' Data Quadrant Report. Title page of SoftwareReviews' Data Quadrant Report. The Data Quadrant is a thorough evaluation and ranking of all software in an individual category to compare platforms across multiple dimensions.

    Vendors are ranked by their Composite Score, based on individual feature evaluations, user satisfaction rankings, vendor capability comparisons, and likeliness to recommend the platform.

    Sample of SoftwareReviews' Emotional Footprint. Title page of SoftwareReviews' Emotional Footprint. The Emotional Footprint is a powerful indicator of overall user sentiment toward the relationship with the vendor, capturing data across five dimensions.

    Vendors are ranked by their Customer Experience (CX) Score, which combines the overall Emotional Footprint rating with a measure of the value delivered by the solution.

    Speak with category experts to dive deeper into the vendor landscape

    SoftwareReviews

    Icon of a person.


    Fact-based reviews of business software from IT professionals.

    		Icon of a magnifying glass over a chart.


    Top-tier data quality backed by a rigorous quality assurance process.

    		CLICK HERE to ACCESS

    Comprehensive software reviews to make better IT decisions

    We collect and analyze the most detailed reviews on enterprise software from real users to give you an unprecedented view into the product and vendor before you buy.

    Icon of a tablet.


    Product and category reports with state-of-the-art data visualization.

    		Icon of a phone.


    User-experience insight that reveals the intangibles of working with a vendor.

    SoftwareReviews is powered by Info-Tech

    Technology coverage is a priority for Info-Tech, and SoftwareReviews provides the most comprehensive unbiased data on today’s technology. Combined with the insights of our expert analysts, our members receive unparalleled support in their buying journey.

    Logo for Salesforce.
    Est. 1999 | CA, USA | NYSE: CRM

    bio

    		 Link for their Twitter account. Link for their LinkedIn profile. Link for their website.
    Sales Cloud Enterprise allows you to be more efficient, more productive, more everything than ever before as it allows you to close more deals, accelerate productivity, get more leads, and make more insightful decisions.

    SoftwareReviews’ Enterprise CRM Rankings

    Strengths:
    • Breadth of features
    • Quality of features
    • Sales management functionality
    Areas to Improve:
    • Cost of service
    • Ease of implementation
    • Telephony and contact center management
    Logo gif for SoftwareReviews.
    8.0
    COMPOSITE SCORE     		8.3
    CX SCORE     		+77
    EMOTIONAL FOOTPRINT     		83%
    LIKELINESS TO RECOMMEND
    DOWNLOAD REPORT 600
    REVIEWS
    Vendor scores are driven by real-world practitioner reviews via SoftwareReviews. Composite, CX, EF and NPS scores pulled from live data as of June 2022. Rankings and ”strengths” and ”areas to improve” pulled from January 2022 Category Report.
    Sample of a Salesforce screen. Vendor Pulse rating. How often do we hear about Salesforce from our members for CRM? 'Very Frequently'.
    History of Salesforce in a vertical timeline.
    *Pricing correct as of August 2021. Listed in USD and absent discounts.
    See pricing on vendor’s website for latest information.     		Logo for Salesforce.

    “Salesforce is the pre-eminent vendor in the CRM marketplace and is a force to be reckoned with in terms of the breadth and depth of its capabilities. The company was an early disruptor in the category, placing a strong emphasis from the get-go on a SaaS delivery model and strong end-user experience. This allowed them to rapidly gain market share at the expense of more complacent enterprise application vendors. A series of savvy acquisitions over the years has allowed Salesforce to augment their core Sales and Service Clouds with a wide variety of other solutions, from e-commerce to marketing automation to CPQ. Salesforce is a great fit for any organization looking to partner with a market leader with excellent functional breadth, strong interoperability, and a compelling technology and partner ecosystem. All of this comes at a price, however – Salesforce prices at a premium, and our members routinely opine that Salesforce’s commercial teams are overly aggressive – sometimes pushing solutions without a clear link to underpinning business requirements.”

    Ben Dickie
    Research Practice Lead, Info-Tech Research Group

    Sales Cloud Essentials Sales Cloud Professional Sales Cloud Enterprise Sales Cloud Ultimate
    • Starts at $25*
    • Per user/mo
    • Small businesses after basic functionality
    • Starts at $75*
    • Per user/mo
    • Mid-market target
    • Starts at $150*
    • Per user/mo
    • Enterprise target
    • Starts at $300*
    • Per user/mo
    • Strong upmarket feature additions
    Logo for Microsoft.


    Est. 1975 | WA, USA | NYSE: MSFT

    bio

    		Link for their Twitter account.Link for their LinkedIn profile.Link for their website.
    Dynamics 365 Sales is an adaptive selling solution that helps your sales team navigate the realities of modern selling. At the center of the solution is an adaptive, intelligent system – prebuilt and ready to go – that actively monitors myriad signals and distills them into actionable insights.

    SoftwareReviews’ Enterprise CRM Rankings

    Strengths:

    • Business value created
    • Analytics and reporting
    • Lead management

    Areas to Improve:

    • Quote, contract, and proposals
    • Vendor support
    Logo gif for SoftwareReviews.
    8.1
    COMPOSITE SCORE     		8.3
    CX SCORE     		+84
    EMOTIONAL FOOTPRINT     		82%
    LIKELINESS TO RECOMMEND
    DOWNLOAD REPORT 198
    REVIEWS
    Vendor scores are driven by real-world practitioner reviews via SoftwareReviews. Composite, CX, EF and NPS scores pulled from live data as of June 2022. Rankings and ”strengths” and ”areas to improve” pulled from January 2022 Category Report.
    Sample of a Microsoft screen.Vendor Pulse rating. How often do we hear about Microsoft Dynamics from our Members? 'Very Frequently'.

    History of Microsoft in a vertical timeline.

    *Pricing correct as of June 2022. Listed in USD and absent discounts.
    See pricing on vendor’s website for latest information.     		Logo for Microsoft.
    “”

    “Microsoft Dynamics 365 is a strong and compelling player in the CRM arena. While Microsoft is no stranger to the CRM space, their offerings here have seen steady and marked improvement over the last five years. Good functional breadth paired with a modern user interface and best-in-class Microsoft stack compatibility ensures that we consistently see them on our members’ shortlists, particularly when our members are looking to roll out CRM capabilities alongside other components of the Dynamics ecosystem (such as Finance, Operations, and HR). Today, Microsoft segments the offering into discrete modules for sales, service, marketing, commerce, and CDP. While Microsoft Dynamics 365 is a strong option, it’s occasionally mired by concerns that the pace of innovation and investment lags Salesforce (its nearest competitor). Additionally, the marketing module of the product is softer than some of its competitors, and Microsoft themselves points organizations with complex marketing requirements to a strategic partnership that they have with Adobe.”

    Ben Dickie
    Research Practice Lead, Info-Tech Research Group

    D365 Sales Professional D365 Sales Enterprise D365 Sales Premium
    • Starts at $65*
    • Per user/mo
    • Midmarket focus
    • Starts at $95*
    • Per user/mo
    • Enterprise focus
    • Starts at $135*
    • Per user/mo
    • Enterprise focus with customer intelligence
    Logo for Oracle.


    Est. 1977 | CA, USA | NYSE: ORCL

    bio

    		Link for their Twitter account.Link for their LinkedIn profile.Link for their website.
    Oracle Engagement Cloud (CX Sales) provides a set of capabilities to help sales leaders transition smoothly from sales planning and execution through customer onboarding, account management, and support services.

    SoftwareReviews’ Enterprise CRM Rankings

    Strengths:

    • Quality of features
    • Activity and workflow management
    • Analytics and reporting

    Areas to Improve:

    • Marketing management
    • Product strategy & rate of improvement
    Logo gif for SoftwareReviews.
    7.8
    COMPOSITE SCORE     		7.9
    CX SCORE     		+77
    EMOTIONAL FOOTPRINT     		78%
    LIKELINESS TO RECOMMEND
    DOWNLOAD REPORT 140
    REVIEWS
    Vendor scores are driven by real-world practitioner reviews via SoftwareReviews. Composite, CX, EF and NPS scores pulled from live data as of June 2022. Rankings and ”strengths” and ”areas to improve” pulled from January 2022 Category Report.
    Sample of an Oracle screen.Vendor Pulse rating. How often do we hear about Oracle from our members for CRM? 'Frequently'.

    History of Oracle in a vertical timeline.

    Logo for Oracle.

    “Oracle is long-term juggernaut of the enterprise applications space. Their CRM portfolio is diverse – rather than a single stack, there are multiple Oracle solutions (many made by acquisition) that support CRM capabilities – everything from Siebel to JD Edwards to NetSuite to Oracle CX applications. The latter constitute Oracle’s most modern stab at CRM and are where the bulk of feature innovation and product development is occurring within their portfolio. While historically seen as lagging behind other competitors like Salesforce and Microsoft, Oracle has made excellent strides in improving their user experience (via their Redwoods design paradigm) and building new functional capabilities within their CRM products. Indeed, SoftwareReviews shows Oracle performing well in our most recent peer-driven reports. Nonetheless, we most commonly see Oracle as a pricier ecosystem play that’s often subordinate to a heavy Oracle footprint for ERP. Many of our members also express displeasure with Oracle as a vendor and highlight their heavy-handed “threat of audit” approach. ”

    Ben Dickie
    Research Practice Lead, Info-Tech Research Group

    Oracle CX Sales - Pricing Opaque:

    “Request a Demo”

    Logo for SAP.


    Est. 1972 | Germany | NYSE: SAP

    bio

    		Link for their Twitter account.Link for their LinkedIn profile.Link for their website.
    SAP is the third-largest independent software manufacturer in the world, with a presence in over 120 countries. Having been in the industry for over 40 years, SAP is perhaps best known for its ERP application, SAP ERP.

    SoftwareReviews’ Enterprise CRM Rankings

    Strengths:

    • Ease of data integration

    Areas to Improve:

    • Lead management
    • Marketing management
    • Collaboration
    • Usability & intuitiveness
    • Analytics & reporting
    Logo gif for SoftwareReviews.
    7.4
    COMPOSITE SCORE     		7.8
    CX SCORE     		+74
    EMOTIONAL FOOTPRINT     		75%
    LIKELINESS TO RECOMMEND
    DOWNLOAD REPORT 108
    REVIEWS
    Vendor scores are driven by real-world practitioner reviews via SoftwareReviews. Composite, CX, EF and NPS scores pulled from live data as of June 2022. Rankings and ”strengths” and ”areas to improve” pulled from January 2022 Category Report.
    Sample of a SAP screen.Vendor Pulse rating. How often do we hear about SAP from our members for CRM? 'Occasionally'.

    History of SAP in a vertical timeline.

    *Pricing correct as of August 2021. Listed in USD and absent discounts.
    See pricing on vendor’s website for latest information.     		Logo for SAP.

    “SAP is another mainstay of the enterprise applications market. While they have a sound breadth of capabilities in the CRM and customer experience space, SAP consistently underperforms in many of our relevant peer-driven SoftwareReviews reports for CRM and adjacent areas. CRM seems decidedly a secondary focus for SAP, behind their more compelling play in the enterprise resource planning (ERP) space. Indeed, most instances where we see SAP in our clients’ shortlists, it’s as an ecosystem play within a broader SAP strategy. If you’re blue on the ERP side, looking to SAP’s capabilities on the CRM front makes logical sense and can help contain costs. If you’re approaching a CRM selection from a greenfield lens and with no legacy vendor baggage for SAP elsewhere, experience suggests you’ll be better served by a vendor that places a higher degree of primacy on the CRM aspect of their portfolio.”

    Ben Dickie
    Research Practice Lead, Info-Tech Research Group

    SAP CRM - Pricing Opaque:

    “Request a Demo”

    Logo for pipedrive.


    Est. 2010 | NY, USA | Private

    bio

    		Link for their Twitter account.Link for their LinkedIn profile.Link for their website.
    Pipedrive brings together the tools and data, the platform focuses sales professionals on fundamentals to advance deals through their pipelines. Pipedrive's goal is to make sales success inevitable - for salespeople and teams.

    SoftwareReviews’ Enterprise CRM Rankings

    Strengths:

    • Sales Management
    • Account & Contact Management
    • Lead Management
    • Usability & Intuitiveness
    • Ease of Implementation

    Areas to Improve:

    • Customer Service Management
    • Marketing Management
    • Product Strategy & Rate of Improvement
    Logo gif for SoftwareReviews.
    8.3
    COMPOSITE SCORE     		8.4
    CX SCORE     		+85
    EMOTIONAL FOOTPRINT     		85%
    LIKELINESS TO RECOMMEND
    DOWNLOAD REPORT 262
    REVIEWS
    Vendor scores are driven by real-world practitioner reviews via SoftwareReviews. Composite, CX, EF and NPS scores pulled from live data as of June 2022. Rankings and ”strengths” and ”areas to improve” pulled from January 2022 Category Report.
    Sample of a Pipedrive screen.Vendor Pulse rating. How often do we hear about Pipedrive from our members for CRM? 'Occasionally'.

    History of Pipedrive in a vertical timeline.

    *Pricing correct as of June 2022. Listed in USD and absent discounts.
    See pricing on vendor’s website for latest information.     		Logo for Pipedrive.

    “A relatively new offering, Pipedrive has seen explosive growth over the last five years. They’re a vendor that has gone from near-obscurity to popping up frequently on our members’ shortlists. Pipedrive’s secret sauce has been a relentless focus on high-velocity sales enablement. Their focus on pipeline management, lead assessment and routing, and a good single pane of glass for sales reps has driven significant traction for the vendor when sales enablement is the driving rationale behind rolling out a new CRM platform. Bang for your buck is also strong with Pipedrive, with the vendor having a value-driven licensing and implementation model.

    Pipedrive is not without some shortcomings. It’s laser-focus on sales enablement is at the expense of deep capabilities for marketing and service management, and its profile lends itself better to SMBs and lower midmarket than it does large organizations looking for enterprise-grade CRM.”

    Ben Dickie
    Research Practice Lead, Info-Tech Research Group

    Essential Advanced Professional Enterprise
    • Starts at $12.50*
    • Per user/mo
    • Small businesses after basic functionality
    • Starts at $24.90*
    • Per user/mo
    • Small/mid-sized businesses
    • Starts at $49.90*
    • Per user/mo
    • Lower mid-market focus
    • Starts at $99*
    • Per user/mo
    • Enterprise focus
    Logo for SugarCRM.


    Est. 2004 | CA, USA | Private

    bio

    		Link for their Twitter account.Link for their LinkedIn profile.Link for their website.
    Produces Sugar, a SaaS-based customer relationship management application. SugarCRM is backed by Accel-KKR.

    SoftwareReviews’ Enterprise CRM Rankings

    Strengths:

    • Ease of customization
    • Product strategy and rate of improvement
    • Ease of IT administration

    Areas to Improve:

    • Marketing management
    • Analytics and reporting
    Logo gif for SoftwareReviews.
    8.4
    COMPOSITE SCORE     		8.8
    CX SCORE     		+92
    EMOTIONAL FOOTPRINT     		84%
    LIKELINESS TO RECOMMEND
    DOWNLOAD REPORT 97
    REVIEWS
    Vendor scores are driven by real-world practitioner reviews via SoftwareReviews. Composite, CX, EF and NPS scores pulled from live data as of June 2022. Rankings and ”strengths” and ”areas to improve” pulled from January 2022 Category Report.
    Sample of a SugarCRM screen.Vendor Pulse rating. How often do we hear about SugarCRM from our members for CRM? 'Frequently'.
    History of SugarCRM in a vertical timeline.
    *Pricing correct as of August 2021. Listed in USD and absent discounts.
    See pricing on vendor’s website for latest information.     		Logo for SugarCRM.

    “SugarCRM offers reliable baseline capabilities at a lower price point than other large CRM vendors. While SugarCRM does not offer all the bells and whistles that an Enterprise Salesforce plan might, SugarCRM is known for providing excellent vendor support. If your organization is only after standard features, SugarCRM will be a good vendor to shortlist.

    However, ensure you have the time and labor power to effectively implement and train on SugarCRM’s solutions. SugarCRM does not score highly for user-friendly experiences, with complaints centering on outdated and unintuitive interfaces. Setting up customized modules takes time to navigate, and SugarCRM does not provide a wide range of native integrations with other applications. To effectively determine whether SugarCRM does offer a feasible solution, it is recommended that organizations know exactly what kinds of integrations and modules they need.”

    Thomas Randall
    Research Director, Info-Tech Research Group

    Sugar Professional Sugar Serve Sugar Sell Sugar Enterprise Sugar Market
    • Starts at $52*
    • Per user/mo
    • Min. 3 users
    • Small businesses
    • Starts at $80*
    • Per user/mo
    • Min. 3 users
    • Focused on customer service
    • Starts at $80*
    • Per user/mo
    • Min. 3 users
    • Focused on sales automation
    • Starts at $80*
    • Per user/mo
    • Min. 3 users
    • On-premises, mid-sized businesses
    • Starts at $1000*
    • Priced per month
    • Min. 10k contacts
    • Large enterprise
    Logo for .


    Est. 2006 | MA, USA | HUBS (NYSE)

    bio

    		Link for their Twitter account.Link for their LinkedIn profile.Link for their website.
    Develops software for inbound customer service, marketing, and sales. Software includes CRM, SMM, lead gen, SEO, and web analytics.

    SoftwareReviews’ Enterprise CRM Rankings

    Strengths:

    • Breadth of features
    • Product strategy and rate of improvement
    • Ease of customization

    Areas to Improve:

    • Ease of data integration
    • Customer service management
    • Telephony and call center management
    Logo gif for SoftwareReviews.
    8.3
    COMPOSITE SCORE     		8.4
    CX SCORE     		+84
    EMOTIONAL FOOTPRINT     		86%
    LIKELINESS TO RECOMMEND
    DOWNLOAD REPORT 97
    REVIEWS
    Vendor scores are driven by real-world practitioner reviews via SoftwareReviews. Composite, CX, EF and NPS scores pulled from live data as of June 2022. Rankings and ”strengths” and ”areas to improve” pulled from January 2022 Category Report.
    Sample of a HubSpot screen.Vendor Pulse rating. How often do we hear about HubSpot from our members for CRM? 'Frequently'.

    History of HubSpot in a vertical timeline.

    *Pricing correct as of August 2021. Listed in USD and absent discounts
    See pricing on vendor’s website for latest information.     		Logo for HubSpot.

    “ HubSpot is best suited for small to mid-sized organizations that need a range of CRM tools to enable growth across sales, marketing campaigns, and customer service. Indeed, HubSpot offers a content management solution that offers a central storage location for all customer and marketing data. Moreover, HubSpot offers plenty of freemium tools for users to familiarize themselves with the software before buying. However, though HubSpot is geared toward growing businesses, smaller organizations may not see high ROI until they begin to scale. The “Starter” and “Professional” plans’ pricing is often cited by small organizations as a barrier to commitment, and the freemium tools are not a sustainable solution. If organizations can take advantage of discount behaviors from HubSpot (e.g. a startup discount), HubSpot will be a viable long-term solution. ”

    Thomas Randall
    Research Director, Info-Tech Research Group

    Starter Professional Enterprise
    • Starts at $50*
    • Per month
    • Min. 2 users
    • Small businesses
    • Starts at $500*
    • Per month
    • Min. 5 users
    • Small/mid-sized businesses
    • Starts at $1200*
    • Billed yearly
    • Min. 10 users
    • Mid-sized/small enterprise
    Logo for Zoho.


    Est. 1996 | India | Private

    bio

    		Link for their Twitter account.Link for their LinkedIn profile.Link for their website.
    Zoho Corporation offers a cloud software suite, providing a full operating system for CRM, alongside apps for finance, productivity, HR, legal, and more.

    SoftwareReviews’ Enterprise CRM Rankings

    Strengths:

    • Business value created
    • Breadth of features
    • Collaboration capabilities

    Areas to Improve:

    • Usability and intuitiveness
    Logo gif for SoftwareReviews.
    8.7
    COMPOSITE SCORE     		8.9
    CX SCORE     		+92
    EMOTIONAL FOOTPRINT     		85%
    LIKELINESS TO RECOMMEND
    DOWNLOAD REPORT 152
    REVIEWS
    Vendor scores are driven by real-world practitioner reviews via SoftwareReviews. Composite, CX, EF and NPS scores pulled from live data as of June 2022. Rankings and ”strengths” and ”areas to improve” pulled from January 2022 Category Report.
    Sample of a Zoho screen.Vendor Pulse rating. How often do we hear about Zoho from our members for CRM? 'Occasionally'.

    History of Zoho in a vertical timeline.

    *
    See pricing on vendor’s website for latest information.     		Logo for Zoho.

    “Zoho has a long list of software solutions for businesses to run end to end. As one of Zoho’s earliest software releases, though, ZohoCRM remains a flagship product. ZohoCRM’s pricing is incredibly competitive for mid/large enterprises, offering high business value for its robust feature sets. For those organizations that already utilize Zoho solutions (such as its productivity suite), ZohoCRM will be a natural extension.

    However, small/mid-sized businesses may wonder how much ROI they can get from ZohoCRM, when much of the functionality expected from a CRM (such as workflow automation) cannot be found until one jumps to the “Enterprise” plan. Given the “Enterprise” plan’s pricing is on par with other CRM vendors, there may not be much in a smaller organization’s eyes that truly distinguishes ZohoCRM unless they are already invested Zoho users.”

    Thomas Randall
    Research Director, Info-Tech Research Group

    Standard Professional Enterprise Ultimate
    • Starts at $20*
    • Per user/mo
    • Small businesses after basic functionality
    • Starts at $35*
    • Per user/mo
    • Small/mid-sized businesses
    • Adds inventory management
    • Starts at $50*
    • Per user/mo
    • Mid-sized/small enterprise
    • Adds Zia AI
    • Starts at $65*
    • Per user/mo
    • Enterprise
    • Bundles Zoho Analytics
    Logo for Zendesk.


    Est. 2009 | CA, USA | ZEN (NYSE)

    bio

    		Link for their Twitter account.Link for their LinkedIn profile.Link for their website.
    Software developer for customer service. Founded in Copenhagen but moved to San Francisco after $6 million Series B funding from Charles River Ventures and Benchmark Capital.

    SoftwareReviews’ Enterprise CRM Rankings

    Strengths:

    • Quality of features
    • Breadth of features
    • Vendor support

    Areas to Improve:

    • Business value created
    • Ease of customization
    • Usability and intuitiveness
    Logo gif for SoftwareReviews.
    7.8
    COMPOSITE SCORE     		7.9
    CX SCORE     		+80
    EMOTIONAL FOOTPRINT     		72%
    LIKELINESS TO RECOMMEND
    DOWNLOAD REPORT 50
    REVIEWS
    Vendor scores are driven by real-world practitioner reviews via SoftwareReviews. Composite, CX, EF and NPS scores pulled from live data as of June 2022. Rankings and ”strengths” and ”areas to improve” pulled from January 2022 Category Report.
    Sample of a Zendesk screen.Vendor Pulse rating. How often do we hear about Zendesk from our members for CRM? 'Rarely'.

    History of Zendesk in a vertical timeline.

    *Pricing correct as of August 2021. Listed in USD and absent discounts
    See pricing on vendor’s website for latest information.     		Logo for Zendesk.

    “Zendesk’s initial growth was grounded in word-of-mouth advertising, owing to the popularity of its help desk solution’s design and functionality. Zendesk Sell has followed suit, receiving strong feedback for the breadth and quality of its features. Organizations that have already reaped the benefits of Zendesk’s customer service suite will find Zendesk Sell a straightforward fit for their sales teams.

    However, it is important to note that Zendesk Sell is predominantly focused on sales. Other key components of a CRM, such as marketing, are less fleshed out. Organizations should ensure they verify what requirements they have for a CRM before choosing Zendesk Sell – if sales process requirements (such as forecasting, call analytics, and so on) are but one part of what the organization needs, Zendesk Sell may not offer the highest ROI for the pricing offered.”

    Thomas Randall
    Research Director, Info-Tech Research Group

    Sell Team Sell Professional Sell Enterprise
    • Starts at $19*
    • Per user/mo
    • Max. 3 users
    • Small businesses
    • Basic functionality
    • Starts at $49*
    • Per user/mo
    • Small/mid-sized businesses
    • Advanced analytics
    • Starts at $99*
    • Per user/mo
    • Mid-sized/small enterprise
    • Task automation

    Speak with category experts to dive deeper into the vendor landscape

    Icon of a person.
    Fact-based reviews of business software from IT professionals.     		Icon of a magnifying glass over a chart.
    Top-tier data quality backed by a rigorous quality assurance process.     		CLICK HERE to ACCESS

    Comprehensive software reviews to make better IT decisions

    We collect and analyze the most detailed reviews on enterprise software from real users to give you an unprecedented view into the product and vendor before you buy.

    Icon of a tablet.
    Product and category reports with state-of-the-art data visualization.     		Icon of a phone.
    User-experience insight that reveals the intangibles of working with a vendor.

    SoftwareReviews is powered by Info-Tech

    Technology coverage is a priority for Info-Tech, and SoftwareReviews provides the most comprehensive unbiased data on today’s technology. Combined with the insights of our expert analysts, our members receive unparalleled support in their buying journey.

    Conduct a day of rapid-fire vendor demos

    Zoom in on high-value use cases and answers to targeted questions

    Make sure the solution will work for your business

    Give each vendor 90 to 120 minutes to give a rapid-fire presentation. We suggest the following structure:

    • 30 minutes: company introduction and vision
    • 60 minutes: walk-through of two or three high-value demo scenarios
    • 30 minutes: targeted Q&A from the business stakeholders and procurement team
      •
    To ensure a consistent evaluation, vendors should be asked analogous questions, and a tabulation of answers should be conducted.     		How to challenge the vendors in the investigative interview
    • Change the visualization/presentation.
    • Change the underlying data.
    • Add additional data sets to the artifacts.
    • Collaboration capabilities.
    • Perform an investigation in terms of finding BI objects and identifying previous changes, and examine the audit trail.
    		 Rapid-fire vendor investigative interview

    Invite vendors to come onsite (or join you via video conference) to demonstrate the product and to answer questions. Use a highly targeted demo script to help identify how a vendor’s solution will fit your organization’s particular business capability needs.

    Graphic of an alarm clock.
    To kick-start scripting your demo scenarios, leverage our CRM Demo Script Template.

    A vendor scoring model provides a clear anchor point for your evaluation of CRM vendors based on a variety of inputs

    A vendor scoring model is a systematic method for effectively assessing competing vendors. A weighted-average scoring model is an approach that strikes a strong balance between rigor and evaluation speed.

    Info-Tech Insight

    Even the best scoring model will still involve some “art” rather than science – scoring categories such as vendor viability always entails a degree of subjective interpretation.

    How do I build a scoring model?

    • Start by shortlisting the key criteria you will use to evaluate your vendors. Functional capabilities should always be a critical category, but you’ll also want to look at criteria such as affordability, architectural fit, and vendor viability.
    • Depending on the complexity of the project, you may break down some criteria into sub-categories to assist with evaluation (for example, breaking down functional capabilities into constituent use cases so you can score each one).
    • Once you’ve developed the key criteria for your project, the next step is weighting each criterion. Your weightings should reflect the priorities for the project at hand. For example, some projects may put more emphasis on affordability, others on vendor partnership.
    • Using the information collected in the subsequent phases of this blueprint, score each criterion from 1-100, then multiply by the weighting factor. Add up the weighted scores to arrive at the aggregate evaluation score for each vendor on your shortlist.

    What are some of the best practices?

    • While the criteria for each project may vary, it’s helpful to have an inventory of repeatable criteria that can be used across application selection projects. The next slide contains an example that you can add or subtract from.
    • Don’t go overboard on the number of criteria: five to 10 weighted criteria should be the norm for most projects. The more criteria (and sub-criteria) you must score against, the longer it will take to conduct your evaluation. Always remember, link the level of rigor to the size and complexity of your project! It’s possible to create a convoluted scoring model that takes significant time to fill out but yields little additional value.
    • Creation of the scoring model should be a consensus-driven activity among IT, procurement, and the key business stakeholders – it should not be built in isolation. Everyone should agree on the fundamental criteria and weights that are employed.
    • Consider using not just the outputs of investigative interviews and RFP responses to score vendors, but also third-party review services like SoftwareReviews.

    Define how you’ll score CRM proposals and demos

    Define key CRM selection criteria for your organization – this should be informed by the following goals, use cases, and requirements covered in the blueprint.

    Criteria

    Description

    Functional CapabilitiesHow well does the vendor align with the top-priority functional requirements identified in your accelerated needs assessment? What is the vendor’s functional breadth and depth?
    AffordabilityHow affordable is this vendor? Consider a three-to-five-year total cost of ownership (TCO) that encompasses not just licensing costs, but also implementation, integration, training, and ongoing support costs.
    Architectural FitHow well does this vendor align with our direction from an enterprise architecture perspective? How interoperable is the solution with existing applications in our technology stack? Does the solution meet our deployment model preferences?
    ExtensibilityHow easy is it to augment the base solution with native or third-party add-ons as our business needs may evolve?
    ScalabilityHow easy is it to expand the solution to support increased user, data, and/or customer volumes? Are there any capacity constraints of the solution?
    Vendor ViabilityHow viable is this vendor? Are they an established player with a proven track record, or a new and untested entrant to the market? What is the financial health of the vendor? How committed are they to the particular solution category?
    Vendor VisionDoes the vendor have a cogent and realistic product roadmap? Are they making sensible investments that align with your organization’s internal direction?
    Emotional FootprintHow well does the vendor’s organizational culture and team dynamics align to yours?
    Third-Party Assessments and/or ReferencesHow well-received is the vendor by unbiased, third-party sources like SoftwareReviews? For larger projects, how well does the vendor perform in reference checks (and how closely do those references mirror your own situation)?

    Decision Point: Select the Finalist

    After reviewing all vendor responses to your RFP, conducting vendor demos, and running a pilot project (if applicable), the time has arrived to select your finalist.

    All core selection team members should hold a session to score each shortlisted vendor against the criteria enumerated on the previous slide – based on an in-depth review of proposals, the demo sessions, and any pilots or technical assessments.

    The vendor that scores the highest in aggregate is your finalist.

    Congratulations – you are now ready to proceed to final negotiation and inking a contract. This blueprint provides a detailed approach on the mechanics of a major vendor negotiation.

    Leverage Info-Tech’s research to plan and execute your CRM implementation

    Use Info-Tech Research Group’s three phase implementation process to guide your own planning.
    The three phases of software implementation: 'Assess', 'Prepare', 'Govern & Course Correct'. Sample of the 'Governance and Management of Enterprise Software Implementation' blueprint.

    Establish and execute an end-to-end, agile framework to succeed with the implementation of a major enterprise application.

    Visit this link

    Prepare for implementation: establish a clear resourcing plan

    Organizations rarely have sufficient internal staffing to resource a CRM project on their own. Consider the options for closing the gap in internal resource availability.

    The most common project resourcing structures for enterprise projects are:
    Your own staff +
    1. Management consultant
    2. Vendor consultant
    3. System integrator
    Info-Tech Insight

    When contemplating a resourcing structure, consider:

    • Availability of in-house implementation competencies and resources.
    • Timeline and constraints.
    • Integration environment complexity.

    Consider the following:

    Internal vs. External Roles and Responsibilities

    Clearly delineate between internal and external team responsibilities and accountabilities, and communicate this to your technology partner up front.

    Internal vs. External Accountabilities

    Accountability is different than responsibility. Your vendor or SI partner may be responsible for completing certain tasks, but be careful not to outsource accountability for the implementation – ultimately, the internal team will be accountable.

    Partner Implementation Methodologies

    Often vendors and/or SIs will have their own preferred implementation methodology. Consider the use of your partner's implementation methodology; however, you know what will work for your organization.

    Establish team composition

    1 – 2 hours

    Input: Skills assessment, Stakeholder analysis, Vendor partner selection

    Output: Team composition

    Materials: Sticky notes, Whiteboard, Markers

    Participants: Project team

    Use Info-Tech’s Governance and Management of Enterprise Software Implementation to establish your team composition. Within that blueprint:

    1. Assess the skills necessary for an implementation. Inventory the competencies required for the implementation project team. Map your internal resources to each competency as applicable.
    2. Select your internal implementation team. Determine who needs to be involved closely with the implementation. Key stakeholders should also be considered as members of your implementation team.
    3. Identify the number of external consultants/support required for implementation. Consider your in-house skills, timeline considerations, integration environment complexity, and cost constraints as you make your team composition plan. Be sure to dedicate an internal resource to managing the vendor and partner relationships.
    4. Document the roles and responsibilities, accountabilities, and other expectations of your team as they relate to each step of the implementation.

    Governance and Management of Enterprise Software Implementation

    Sample of the 'Governance and Management of Enterprise Software Implementation' blueprint.Follow our iterative methodology with a task list focused on the business must-have functionality to achieve rapid execution and to allow staff to return to their daily work sooner.

    Visit this link

    Ensure your implementation team has a high degree of trust and communication

    If external partners are needed, dedicate an internal resource to managing the vendor and partner relationships.

    Communication

    Teams must have some type of communication strategy. This can be broken into:
    • Regularity: Having a set time each day to communicate progress and a set day to conduct retrospectives.
    • Ceremonies: Injecting awards and continually emphasizing delivery of value can encourage relationship-building and constructive motivation.
    • Escalation: Voicing any concerns and having someone responsible for addressing those concerns.

    Proximity

    Distributed teams create complexity as communication can break down. This can be mitigated by:
    • Location: Placing teams in proximity can close the barrier of geographical distance and time zone differences.
    • Inclusion: Making a deliberate attempt to pull remote team members into discussions and ceremonies.
    • Communication tools: Having the right technology (e.g. video conference) can help bring teams closer together virtually.

    Trust

    Members should trust other members are contributing to the project and completing their required tasks on time. Trust can be developed and maintained by:
    • Accountability: Having frequent quality reviews and feedback sessions. As work becomes more transparent, people become more accountable.
    • Role clarity: Having a clear definition of what everyone’s role is.

    Plan for your implementation of CRM based on deployment model

    Place your CRM application into your IT landscape by configuring and adjusting the tool based on your specific deployment method.

    Icon of a housing development.
    On-Premises

    1. Identify custom features and configuration items
    2. Train developers and IT staff on new software investment
    3. Install software
    4. Configure software
    5. Test installation and configuration
    6. Test functionality

    Icon of a cloud upload.
    SaaS-based

    1. Train developers and IT staff on new software investment
    2. Set up connectivity
    3. Identify VPN or internal solution
    4. Check firewalls
    5. Validate bandwidth regulations

    Integration is a top IT challenge and critical to the success of the CRM suite

    CRM suites are most effective when they are integrated with ERP and MarTech solutions.

    Data interchange between the CRM solution and other data sources is necessary

    		 Formulate a comprehensive map of the systems, hardware, and software with which the CRM solution must be able to integrate. Customer data needs to constantly be synchronized: without this, you lose out on one of the primary benefits of CRM. These connections must be bidirectional for maximum value (i.e. marketing data to the CRM, customer data to MMS).
    Specialized projects that include an intricate prospect or customer list and complex rules may need to be built by IT The more custom fields you have in your CRM suite and point solutions, the more schema mapping you will have to do. Include this information in the RFP to receive guidance from vendors on the ease with which integration can be achieved.

    Pay attention to legacy apps and databases

    		 If you have legacy CRM, POS, or customer contact software, more custom code will be required. Many vendors claim that custom integration can be performed for most systems, but custom comes at a cost. Don’t just ask if they can integrate; ask how long it will take and for references from organizations which have been successful in this.
    When assessing the current application portfolio that supports CRM, the tendency will be to focus on the applications under the CRM umbrella, relating mostly to marketing, sales, and customer service. Be sure to include systems that act as inputs to, or benefit due to outputs from, the CRM or similar applications.

    CRM data flow

    Example of a CRM data flow.

    Be sure to include enterprise applications that are not included in the CRM application portfolio. Popular systems to consider for POIs include billing, directory services, content management, and collaboration tools.

    Sample CRM integration map

    Sample of a CRM integration map.

    Scenario: Failure to address CRM data integration will cost you in the long run

    A company spent $15 million implementing a new CRM system in the cloud and decided NOT to spend an additional $1.5 million to do a proper cloud DI tool procurement. The mounting costs followed.

    Cost Element – Custom Data Integration

    $
    2 FTEs for double entry of sales order data $ 100,000/year
    One-time migration of product data to CRM $ 240,000 otc
    Product data maintenance $ 60,000/year
    Customer data synchronization interface build $ 60,000 otc
    Customer data interface maintenance $ 10,000/year
    Data quality issues $ 100,000/year
    New SaaS integration built in year 3 $ 300,000 otc
    New SaaS integration maintenance $ 150,000/year

    Cost Element – Data Integration Tool

    $
    DI strategy and platform implementation $1,500,000 otc
    DI tool maintenance $ 15,000/year
    New SaaS integration point in year 3 $ 300,000 otc
    Thumbs down color coded red to the adjacent chart. Custom integration is costing this organization $300,000/year for one SaaS solution.
    Thumbs up color coded blue to the adjacent chart.

    The proposed integration solution would have paid for itself in 3-4 years and saved exponential costs in the long run.

    Proactively address data quality in the CRM during implementation

    Data quality is a make-or-break issue in a CRM platform; garbage in is garbage out.
    • CRM suites are one of the leading offenders for generating poor-quality data. As such, it’s important to have a plan in place for structuring your data architecture in such a way the poor data quality is minimized from the get-go.
    • Having a plan for data quality should precede data migration efforts; some types of poor data quality can be mitigated prior to migration.
    • There are five main types of poor-quality data found in CRM platforms.
      • Duplicate data: Duplicate records can be a major issue. Leverage dedicated deduplication tools to eliminate them.
      • Stale data: Out-of-date customer information can reduce the usefulness of the platform. Use automated social listening tools to help keep data fresh.
      • Incomplete data: Records with missing info limit platform value. Specify data validation parameters to mandate that all fields are filled in.
      • Invalid and conflicting data: These can create cascading errors. Establishing conflict resolution rules in ETL tools for data integration can lessen issues.
    Info-Tech Insight

    If you have a complex POI environment, appoint data stewards for each major domain and procure a deduplication tool. As the complexity of CRM system-to-system integrations increases, so will the chance that data quality errors will crop up – for example, bidirectional POI with other sources of customer information dramatically increase the chances of conflicting/duplicate data.

    Profile data, eliminate dead weight, and enforce standards to protect data

    Identify and eliminate dead weight

    		 Poor data can originate in the firm’s CRM system. Custom queries, stored procedures, or profiling tools can be used to assess the key problem areas.

    Loose rules in the CRM system may lead to records of no significant value in the database. Those rules need to be fixed, but if changes are made before the data is fixed, users could encounter database or application errors, which will reduce user confidence in the system.

    • Conduct a data flow analysis: map the path that data takes through the organization.
    • Use a mass cleanup to identify and destroy dead weight data. Merge duplicates either manually or with the aid of software tools. Delete incomplete data, taking care to reassign related data.
    • COTS packages typically allow power users to merge records without creating orphaned records in related tables, but custom-built applications typically require IT expertise.

    Create and enforce standards and policies

    		 Now that the data has been cleaned, it’s important to protect the system from relapsing.

    Work with business users to find out what types of data require validation and which fields should have changes audited. Whenever possible, implement drop-down lists to standardize values and make programming changes to ensure that truncation ceases.

    • Truncated data is usually caused by mismatches in data structures during either one-time data loads or ongoing data integrations.
    • Don’t go overboard on assigning required fields; users will just put key data in note fields.
    • Discourage the use of unstructured note fields: the data is effectively lost except if it gets subpoenaed.
    Info-Tech Insight

    Data quality concerns proliferate with the customization level of your platform. The more extensive the custom integration points and module/database extensions that you have made, the more you will need to have a plan in place for managing data quality from a reactive and proactive standpoint.

    Create a formal communication process throughout the CRM implementation

    Establish a comprehensive communication process around the CRM enterprise roll-out to ensure that end users stay informed.

    The CRM kick-off meeting(s) should encompass: 'The high-level application overview', 'Target business-user requirements', 'Target quality of service (QoS) metrics', 'Other IT department needs', 'Tangible business benefits of application', 'Special consideration needs'. The overall objective for interdepartmental CRM kick-off meetings is to confirm that all parties agree on certain key points and understand platform rationale and functionality.

    The kick-off process will significantly improve internal communications by inviting all affected internal IT groups, including business units, to work together to address significant issues before the application process is formally activated.

    Department groups or designated trainers should take the lead and implement a process for:

    • Scheduling CRM platform roll-out/kick-off meetings.
    • Soliciting preliminary input from the attending groups to develop further training plans.
    • Establishing communication paths and the key communication agents from each department who are responsible for keeping lines open moving forward.

    Ensure requirements are met with robust user acceptance testing

    User acceptance testing (UAT) is a test procedure that helps to ensure end-user requirements are met. Test cases can reveal bugs before the suite is implemented.

    Five Secrets of UAT Success

    		 Bracket with colors corresponding the adjacent list items.

    1

    		 Create the plan With the information collected from requirements gathering, create the plan. Make sure this information is added to the main project plan documentation.

    2

    		 Set the agenda The time allotted will vary depending on the functionality being tested. Ensure that the test schedule allows for the resolution of issues and discussion.

    3

    		 Determine who will participate Work with the relevant stakeholders to identify the people who can best contribute to system testing. Look for experienced power users who have been involved in earlier decision making about the system.

    4

    		 Highlight acceptance criteria Together with the UAT group, pinpoint the criteria to determine system acceptability. Refer back to requirements specified in use cases in the initial requirements-gathering stages of the project.

    5

    		 Collect end user feedback Weaknesses in resolution workflow design, technical architecture, and existing customer service processes can be highlighted and improved on with ongoing surveys and targeted interviews.

    Calculate post-deployment metrics to assess measurable value of the project

    Track the post-deployment results from the project and compare the metrics to the current state and target state.

    CRM Selection and Implementation Metrics
    Description Formula Current or Estimated Target Post-Deployment
    End-User Satisfaction # of Satisfied Users
    # of End Users     		70% 90% 85%
    Percentage Over/Under Estimated Budget Amount Spent - 100%
    Budget     		5% 0% 2%
    Percentage Over/Under Estimated Timeline Project Length - 100%
    Estimated Timeline     		10% -5% -10%

    CRM Strategy Metrics
    Description Formula Current or Estimated Target Post-Deployment
    Number of Leads Generated (per month) # of Leads Generated 150 200 250
    Average Time to Resolution (in minutes) Time Spent on Resolution
    # of Resolutions     		30 minutes 10 minutes 15 minutes
    Cost per Interaction by Campaign Total Campaign Spending
    # of Customer Interactions     		$17.00 $12.00 $12.00

    Select the Right CRM Platform

    CRM technology is critical to facilitate an organization’s relationships with customers, service users, employees, and suppliers. Having a structured approach to building a business case, defining key requirements, and engaging with the right shortlist of vendors to pick the best finalist is crucial.

    This selection guide allows organizations to execute a structured methodology for picking a CRM that aligns with their needs. This includes:
    • Alignment and prioritization of key business and technology drivers for a CRM selection business case.
    • Identification of key use cases and requirements for CRM.
    • Construction of a robust CRM RFP.
    • A strong market scan of key players.
    • A survey of crucial implementation considerations.
    This formal CRM selection initiative will drive business-IT alignment, identify sales and marketing automation priorities, and allow for the rollout of a platform that’s highly likely to satisfy all stakeholder needs.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.
    workshops@infotech.com
    1-888-670-8889

    Insight summary

    Stakeholder satisfaction is critical to your success

    Choosing a solution for a single use case and then expanding it to cover other purposes can be a way to quickly gain approvals and then make effective use of dollars spent. However, this can also be a nightmare if the product is not fit for purpose and requires significant customization effort for future use cases. Identify use cases early, engage stakeholders to define success, and recognize where you need to find balance between a single off-the-shelf CRM platform and adjacent MarTech or sales enablement systems.

    Build a business case

    An effective business case isn’t a single-purpose document for obtaining funding. It can also be used to drive your approach to product selection, requirements gathering, and ultimately evaluating stakeholder and user satisfaction.

    Use your business case to define use cases and milestones as well as success.

    Balance process with technology

    A new solution with old processes will result in incremental increased value. Evaluate existing processes and identify opportunities to improve and remove workarounds. Then define requirements.

    You may find that the tools you have would be adequate with an upgrade and tool optimization. If not, this exercise will prepare you to select the right solution for your current and future needs.

    Drive toward early value

    Lead with the most important benefit and consider the timeline. Most stakeholders will lose interest if they don’t realize benefits within the fist year. Can you reach your goal and report success within that timeline?

    Identify secondary, incremental customer engagement improvements that can be made as you work toward the overall goal to be achieved at the one-year milestone.

    Related Info-Tech Research

    Stock image of an office worker. Build a Strong Technology Foundation for Customer Experience Management
    • Any CRM project needs to be guided by the broader strategy around customer engagement. This blueprint explores how to create a strong technology enablement approach for CXM using voice of the customer analysis.
    Stock image of a target with arrows. Improve Requirements Gathering
    • 70% of projects that fail do so because of poor requirements. If you need to double-click on best practices for eliciting, analyzing, and validating requirements as you build up your CRM picklist and RFP, this blueprint will equip you with the knowledge and tools you need to hit the ground running.
    Stock image of a pen on paper. Drive Successful Sourcing Outcomes with a Robust RFP Process
    • Managing a complex RFP process for an enterprise application like a CRM platform can be a challenging undertaking. This blueprint zooms into how to build, run, administer, and evaluate RFP responses effectively.

    Bibliography

    “Doomed From the Start? Why a Majority of Business and IT Teams Anticipate Their Software Development Projects Will Fail.” Geneca, 25 Jan. 2017. Web.

    Hall, Kerrie. “The State of CRM Data Management 2020.” Validity. 27 April 2020. Web.

    Hinchcliffe, Dion. “The Evolving Role of the CIO and CMO in Customer Experience.” ZDNet, 22 Jan. 2020. Web.

    Klie, L. “CRM Still Faces Challenges, Most Speakers Agree: CRM Systems Have Been Around for Decades, but Interoperability and Data Siloes Still Have to Be Overcome.” CRM Magazine, vol. 23, no. 5, 2019, pp. 13-14.

    Markman, Jon. "Netflix Knows What You Want... Before You Do." Forbes. 9 Jun. 2017. Web.

    Morgan, Blake. “50 Stats That Prove The Value Of Customer Experience.” Forbes, 24 Sept. 2019. Web.

    Taber, David. “What to Do When Your CRM Project Fails.” CIO Magazine, 18 Sept. 2017. Web.

    “The State of Project Management Annual Survey 2018.” Wellingtone, 2018. Web.

    “The History of Microsoft Dynamics.” Eswelt. 2021. Accessed 8 June 2022.

    “Unlock the Mysteries of Your Customer Relationships.” Harvard Business Review. 1 July 2014. Accessed 30 Mar. 2016.

    2024 Tech Trends

    Tymans Group 2024 tech trends
    • Buy Link or Shortcode: {j2store}289|cart{/j2store}
    • member rating overall impact: 10
    • Parent Category Name: Innovation
    • Parent Category Link: /improve-your-core-processes/strategy-and-governance/innovation

    AI has revolutionized the landscape, placing the spotlight firmly on the generative enterprise.

    The far-reaching impact of generative AI across various sectors presents fresh prospects for organizations to capitalize on and novel challenges to address as they chart their path for the future. AI is more than just a fancy auto-complete. At this point it may look like that, but do not underestimate the evolutive power.

    In this year's Tech Trends report, we explore three key developments to capitalize on these opportunities and three strategies to minimize potential risks.

    Generative AI will take the lead.

    As AI transforms industries and business processes, IT and business leaders must adopt a deliberate and strategic approach across six key domains to ensure their success.

    Seize Opportunities:

    • Business models driven by AI
    • Automation of back-office functions
    • Advancements in spatial computing

    Mitigate Risks:

    • Ethical and responsible AI practices
    • Incorporating security from the outset
    • Ensuring digital sovereignty

    Select and Prioritize Digital Initiatives

    • Buy Link or Shortcode: {j2store}102|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation

    The business has embarked on its digital transformation journey. As CIO, you are being relied on to help triage what is most important – initiatives that will move the needle to achieve and fulfill the digital goals and ambitions of the organization.

    • If selection criteria are not identified and well defined, then digital initiatives risk being misprioritized or, worse yet, incorrectly labelled as having high ROI.
    • Like any other project, net-new digital initiatives must be triaged according to the value they bring to the organization.
    • Just as importantly, the complexity of each initiative must also be weighed as a critical factor of success.

    Our Advice

    Critical Insight

    Once the scope of the digital strategy and its goals are finalized, the heavy lifting begins. CIOs must prepare for this change by evaluating opportunities and prioritizing which will become digital initiatives.

    Impact and Result

    By using an appropriate selection process, CIOs can prioritize the digital initiatives that will matter most to the organization and drive business value.

    Select and Prioritize Digital Initiatives Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Select and Prioritize Digital Initiatives Storyboard – A step-by-step document that walks you through how to prepare an IT department to embrace innovation and support the organization’s digital initiatives.

    Part of Info-Tech’s seven-phase approach for aligning IT with the business’ digital strategy, this deck focuses the core and enabling initiatives that define IT’s innovation goals. By the end of this deck, the IT leader will have a roadmap of prioritized initiatives that enable the organization’s digital business initiatives.

    • Select and Prioritize Digital Initiatives Storyboard
    [infographic]

    Further reading

    Select and Prioritize Digital Initiatives

    Build your digital investment business case.

    Info-Tech Research Group

    Info-Tech is a provider of best-practice IT research advisory services that make every IT leader’s job easier.
    35,000 members sharing best practices you can leverage. Millions spent annually developing tools and templates. Leverage direct access to over 100 analysts as an extension of your team. Use our massive database of benchmarks and vendor assessments. Get up to speed in a fraction of the time.

    Key Concepts

    Digital initiative

    A project – or a group of interdependent projects – whose primary purpose is to enable digital technologies and/or digital business models. These technologies and models may be net new to the organization, or they may be existing ones that are optimized and improved by the initiative itself.

    The feasibility of any initiative is gauged by answering:

    • What amount of return on investment (ROI) or value does it bring to the organization?
    • What level of complexity does it pose to project execution?
    • To what extent does it solve a problem or leverage an opportunity?
    • To what degree is it aligned with digital business goals?

    Digital strategy

    The plan to deploy existing/emerging technologies to look at developing new products and services, new business models, and operational efficiency to meet or exceed performance targets.

    IT strategy

    The plan for deploying and maintaining applications, hardware, infrastructure, and IT services that support the business goals in a secure/regulatory-compliant manner to ensure reliability.

    Digital transformation

    Digital transformation is an at-scale change program – planned and executed over a finite time period – with the aspiration of creating material and sustainable improvement in the performance of an organization. Techniques include deploying a programmatic approach to innovation along with enabling technologies, capabilities, and practices that drive efficiency and create new products, markets, and business models.

    Your Challenge

    • Once the scope of the digital strategy and its goals are finalized, the heavy lifting begins.
    • The CIO must prepare for this change by evaluating opportunities and prioritizing which will become digital initiatives.
    • But where to start with prioritization? What should the selection criteria be?
    • To answer these all-important questions, the CIO must identify what success actually looks like.

    Common Obstacles

    • If selection criteria are not identified and well-defined, then digital initiatives risk being neglected or worse yet, incorrectly labelled as having high ROI.
    • Like any other project, net-new digital initiatives must be triaged according to the value they bring to the organization.
    • Just as importantly, the complexity of each initiative must also be weighed as a critical factor of success.

    Solution

    • Determine and set your selection criteria by leveraging the matrix provided in this deck.
    • Evaluate each proposed initiative against this repeatable process in order to test your assumptions.
    • Develop a business case for each high priority digital initiative that captures its benefits and business value.
    • Assemble your prioritized list of digital initiatives to present to stakeholders.

    Info-Tech Insight

    The business has embarked on its digital transformation journey. As CIO, you are being relied on to help triage what is most important – initiatives that will move the needle to achieve and fulfill the digital goals and ambitions of the organization.

    Analyst Perspective

    Prioritization follows ideation, and it’s not always easy.

    Ross Armstrong

    Your stakeholders have spent considerable time and effort identifying and articulating a digital business strategy. Now that ideas have turned into opportunities, the CIO must prioritize those opportunities as actual initiatives. Where to begin?

    Your first task is to identify the criteria that will be used to conduct prioritization activities. These criteria should be immutable and rigorously applied.

    Your second task will be to develop business cases for each opportunity that passes muster. But don’t worry, you won’t need an MBA to get the job done properly.

    Ross Armstrong

    Principal Research Director
    Info-Tech Research Group

    Info-Tech’s digital transformation journey

    Info-Tech’s digital transformation journey: 1 - Visualize the art of the digitally possible, 2 - Evolve your digital business strategy, 3 - Execute with confidence

    Info-Tech's digital transformation journey for industry members. Table shows the stakeholders, advisory support and deliverables for each industry members

    By now, you have established your current strategic context

    You have reviewed trends to reimagine the future of your industry and undertaken a digital maturity assessment to validate your business objectives and innovation goals. Now you need to evolve the current scope of your digital vision and opportunities.

    • Phase 1.1: Industry Trends Report

    • Phase 1.2: Digital Maturity Assessment

    • Phase 2.1: Zero In on Business Objectives

    By this point you have leveraged industry roundtables to better understand the art of the possible – exploring global trends, shifts in market forces or industry, customer needs, emerging technologies, and economic forecasts and creating opportunities out of these disruptions.

    In Phase 2.1, you identified your business and innovation goals and documented your current capabilities, prioritized for transformation.

    Business and innovation goals have been established through stakeholder interviews and business document review.

    Current capabilities have been prioritized for transformation and heat mapped.

    You have also formalized your digital strategy

    Throughout the course of Phase 2.2, you identified new digital opportunities, identified the business capabilities required to capitalize those opportunities, and updated the digital goals of your organization, accordingly.

    An example of a formalized digital strategy from Phase 2.2.

    The end result of this exercise is a new goals cascade that aligns digital goals and capabilities with those of the business. Digital initiatives were also identified but not yet selected or prioritized for execution at the project level.

    Now you will select and prioritize digital initiatives

    The goal of this phase is to ensure that initiatives that are green-lit for execution have been successfully assessed against your chosen criteria and that the business case for each initiative is firmly established and documented.

    Info-Tech’s digital transformation journey for industry members.

    There are three key activities outlined here that describe the actions that can be undertaken by industry members to help select and prioritize digital initiatives for the business.

    1. Identify your selection criteria

    2. Evaluate initiatives against criteria

    3. Determine a prioritized list of initiatives

    Info-Tech’s approach

    1

    Identify your selection criteria

    • Define what viability actually looks like.
    • Conduct an evaluation session to test your assumptions
    2

    Evaluate initiatives against criteria

    • Evaluate and validate an initiative to determine its viability.
    • Map the benefits and value proposition for each initiative.
    • Build a business case and profile for each selected initiative.
    3

    Determine a prioritized list of initiatives

    • Finalize your initiatives list and compile all relevant information.
    • Communicate the list to stakeholders.

    Step 1: Identify Your Selection Criteria

    Understand which conditions must be met in order to turn an opportunity into a digital initiative.

    Step 1: Identify Your Selection Criteria

    Step 1

    Identify Your Selection Criteria

    1.1

    Define what "viable" looks like

    Set criteria types and thresholds.

    It is impossible to gauge whether or not an opportunity is worthwhile if you don’t have a yardstick to measure it by. However, what is viable for one organization in a particular industry may not be viable for a company elsewhere.

    Consider:
    • Use the criteria already set forth in this deck.
    • If for any reason you cannot use these criteria, work with stakeholders to establish viability factors that suit both the business and IT.
    Avoid:
    • Vague language when establishing your own criteria.
    • Ambiguity in both measures and their definitions. Be crystal clear.

    1.2

    Conduct an evaluation session

    Test your assumptions by piloting prioritization.

    Select an initiative from one of the opportunity profiles from Phase 2.2 and run it through the selection criteria. From there, determine if your assumptions are sound. If not, tweak the criteria and test again until all stakeholders have confidence in the process.

    Consider:
    • Most if not all projects must go through the IT project management office (PMO) or project management leader, so why not create a “digital-only” track for digital business initiatives?
    • Which digital initiatives also represent a sound strategic fit to the organization?
    • Have we undertaken previous projects that are similar? Were those successful? Why or why not?
    Avoid:
    • Making too many initiatives high priority. IT resources are limited, so be ruthless.
    • Taking on too many initiatives at once. Most IT organizations can only work on a small number at any given time.

    Use these selection criteria to prioritize initiatives

    Ideas matter, but not all ideas are created equal. Now that you have elicited ideas and identified opportunities, discuss the assumptions, risks, and benefits associated with each proposed digital business initiative.

    Complexity versus Impact. Shows initiatives that have a business Must Prioritize (High value/low complexity), Should Plan (High value/high complexity), Could Have (Low Value/ Low complexity), and Don't need (Low value/high complexity)

    Prioritize opportunities into initiatives

    Recall that the opportunities identified in Phase 2.2 also became proposed digital initiatives demonstrated in your goals cascade.

    In your discussion, evaluate each opportunity through a matrix to create tension between value and complexity or other dimensions. Capture the information based on measurable business benefits-realization; risks or considerations; assumptions; and competencies, talent, and assets needed to deliver.

    Prioritize opportunities into Initiatives. For example: new digital products and services, intelligent fleet management via automation, ERP automation etc.

    Leverage opportunity profiles from your digital strategy

    To start, take one of the opportunity profiles you created in Phase 2.2, Build Your Digital Vision and Strategy, and use it throughout the following steps. Once done, repeat with the next opportunity profile until all have been vetted against criteria. If you did not use Info-Tech’s approach, simply use whatever list of digital business opportunities provided to you from stakeholders.

    Robotic process automation Template.

    Prioritization Criteria

    Run each initiative through the following evaluation criteria. When finished, any opportunities that appear in the top left quadrant (high value/low complexity) are now your highest priority digital initiatives.

    Instructions:

    Assign each initiative a letter. As you decide on each one, move a copy of the circled letter to its appropriate place on the 2x2 selection matrix.

    List of digital opportunities.

    Complexity versus Impact. Shows initiatives that have a business Must Prioritize (High value/low complexity), Should Plan (High value/high complexity), Could Have (Low Value/ Low complexity), and Don't need (Low value/high complexity)

    Info-Tech Insight

    Evaluation should be based on the insights from analysis across all criteria. Leverage group discussion to help contextualize and challenge assumptions when validating opportunities.

    Digital initiative ≠ IT project

    Every idea is a good one, unless you need one that works. What “works” as a digital initiative is not the same thing as a straightforward IT project that would be typically managed by a project manager or PMO. These latter projects will be addressed in Phase 3.1 of the digital journey.

    Opportunities and business needs > Business model > Impact > Mandatory > Innovation path forward

    Digital Track

    Focus: Transform the business and operations

    1. Problem may not be well defined.
    2. “Initiative” is not clear.
    3. Based on market research, customer needs, trend analysis, and economic forecast, risk to the business if fit-for-purpose initiative is not identified.
    4. Previous delivery results not as expected, or uncertain how to continue the project.
    5. Highly complex with significant impact to transform the business or operations.
    6. Execution approach is not clear.
    7. Capabilities may not exist within IT.

    IT PMO

    1. Emerging technology trends create opportunities to modernize IT, not transform business.
    2. Problem is well defined and understood.
    3. Initiative is clearly identified.
    4. New IT project.
    5. Can be complex but does not transform the business.
    6. Standard PMP approach is a good fit.
    7. Capabilities exist to execute within IT.
    8. Software vendor or systems integrator is initiative provider.

    Step 2: Evaluate Initiatives Against Criteria

    Ruthlessly prioritize which opportunities will deliver the greatest business value and pose the best chance of success.

    Step 2: Evaluate initiatives against criteria.

    Step 2

    Evaluate Initiatives Against Criteria

    2.1

    Evaluate and validate

    Evaluate and validate (or invalidate) opportunities.

    Now that you have tested and refined the selection criteria, take each opportunity profile from Phase 2.2 and run it through its paces. Once plotted on the 2x2 matrix, you will have a clear and concise view of high priority digital initiatives.

    Consider:
    • What are the timing, relevance, and impact of each initiative being evaluated?
    • What are the merits of each opportunity?
    • What are the extent and reach of their impacts?
    Avoid:
    • Guesswork. Stick with what you know based on the available information and data at hand.

    2.2

    Determine benefits

    Document benefits and value proposition.

    Identify and determine the benefits of each high priority initiative, including the benefit type (e.g. observable, financial, etc.). In addition, discuss and articulate the value proposition for each high priority initiative.

    Consider:
    • Tangible and intangible benefits.
    • Creating a vision statement for each initiative selected as high priority.
    Avoid:
    • Don’t reach too much when identifying benefits. Be realistic.

    2.3

    Make your case

    Build a business case for each initiative.

    Once you have enunciated the value and benefits of each high priority initiative, create a business case and profile for each one that includes known costs, risks, and so on. These materials will be crucial for project execution and IT capability planning in Phase 2.3 of your digital journey.

    Consider:
    • All forms of costs, both in terms of time, labor, and physical assets and resources.
    • Stick with a short-form business case for now to save time. You can always expand it into full-form business case later on, if necessary.
    Avoid:
    • Generalities. Be conservative in your estimates and keep them grounded in what has transpired in past initiatives at the organization.

    Exemplar: Prioritization criteria

    Your prioritization matrix should look something like this. Initiatives B and C will now have short-form business cases developed for them. Initiatives in the “Should Plan” quadrant can be dealt with later.

    List of initiatives for digital opportunities. Complexity versus Impact. Shows initiatives that have a business Must Prioritize (High value/low complexity), Should Plan (High value/high complexity), Could Have (Low Value/ Low complexity), and Don't need (Low value/high complexity)

    Draw information from the opportunity profiles

    You created opportunity profiles in Phase 2.2 to clarify, validate and evaluate specific ideas for digital initiatives. In these profiles, you considered the timing, relevance, and impact of those opportunities.

    Some prioritized initiatives will have an immediate and significant impact on your business. Some may have a significant impact, but on a longer timeline. Understanding this is important context for your overall digital business strategy.

    Above all, you must be able to communicate to stakeholders how the newly prioritized digital initiatives are relevant to driving the strategic growth of the business.

    Start by elucidating further on initiative benefits and business value as outlined in the opportunity profile. This will become crucial for completing your next step – building a short-form business case for each prioritized initiative.

    Robotics Process Automation Template. Benefits and outcomes as well as incremental value are highlighted. The next slide is a template for the short-form business case, while the slides after that contain instructions on how to fill out each section of the business case.

    Short-Form Business Case Template

    Short form business case template. Shows value proposition, initiative benefits and initiative roadmap.

    Prepare your business case for each initiative

    Tasks:

    1. On a whiteboard, draw the visual initiative canvas supplied below.
    2. For each prioritized initiative, leverage its opportunity profile (if used) to list the resulting customer or stakeholder products/services and its pain relievers and gain creators in the associated sections of the canvas.
    3. Ensure that the top pains, gains, and jobs are addressed by products/services, pain relievers, and gain creators.
    4. Use this information as a basis for further exercises in this section, such as defining benefits, articulating value proposition and vision, and cost estimates.
    Initiative canvas example.

    Input

    • The initiative’s opportunity profile from Phase 2.2 of the Digital Journey series (if used)

    Output

    • Short-form initiative business case

    Materials

    • Whiteboard and markers

    Participants

    • Opportunity owner
    • Opportunity group/team

    Expand on the key benefits of each initiative

    Business cases are not just a vehicle with which to acquire resources for investments, they are a mechanism that helps ensure the benefits of an investment are realized. To accomplish this, a business case must have a set of clearly defined benefits, combined with an understanding of how they will be measured and an explicitly stated beneficiary who can corroborate that the benefit has been realized.

    What is a benefit?

    Benefits are the advantages, or outcomes, that specific groups or individuals realize as a result of the proposed initiative’s implementation.

    Initiative inputs

    Initiative inputs are the time, resources, and scope dedicated to the endeavor of implementing an initiative.

    Benefits of initiative and initiative inputs diagram.

    Identify how to measure benefit achievement

    Benefits are realized when an organization either starts doing something new, stops doing something, or improves the way something is already being done. The impact of these changes must be measured in order to determine whether the change is positive and if the case warrants more resources in order to scale.

    Types of benefits

    • Observable: These are measured by opinion or judgement.
    • Measurable: These can be identified when there is an existing measure in place for the benefit (or when one can be easily created).
    • Quantifiable: Similar to measurable benefits; however, these benefits additionally feature size or magnitude (if it can be reliably estimated).
    • Financial: These are benefits that can be communicated in monetary terms. A benefit should only be classified as financial when sufficient evidence is available to show that the stated value is likely to be achieved.

    Benefit owners and responsibilities

    1. Each benefit should have assigned to it an explicit owner who gains an advantage as a result of the initiative’s implementation.
    2. For most benefits, the owner will be the primary beneficiary of the initiative.
    3. These individuals are the ones who must corroborate that a benefit has been realized.
    4. Assigning an owner to each benefit will foster a sense of accountability in terms of benefits realization and will also create a traceable path that helps track the success of the initiative.

    Complete the benefits section of the business case

    Tasks:

    1. Use the Short-Form Business Case Template included in this deck.
    2. Arrange a meeting with the key beneficiary or beneficiaries of your initiative. Refer back to the benefits and outcomes section of the initiative’s opportunity profile (if used) as a starting point.
    3. Clearly define what the key benefits of your initiative will be and list them in the Short-Form Business Case Template.
    4. Assign an owner to each benefit – the individual who will corroborate that the benefit has accrued.
    5. Come to a mutual agreement with the beneficiaries as to whether each benefit is:
      • Financial
      • Quantifiable
      • Measurable
      • Observable
    6. Discuss and list the methods that will be used to measure each benefit and list them in the Short-Form Business Case Template.

    Input

    • Key benefits of the initiative, how they will be measured, and who owns the benefits

    Output

    • Completed benefits section of the Short-Form Business Case Template

    Materials

    • Short-Form Business Case Template

    Participants

    • Opportunity owner
    • Key beneficiary

    Craft value proposition and vision statements

    The way one articulates the value an initiative provides is just as important as the initiative itself. Use the previous exercises as inputs to craft a statement that reflects the value your initiative will provide, but also describes how the initiative will create value. Specifically, a value proposition should answer the following questions:

    1. Who is the initiative for?
    2. What is the initiative?
    3. What does the initiative do?
    4. How is the initiative different from others?

    Complete value prop and vision statement sections of the business case

    Tasks:

    1. Having already completed the benefits section of the Short-Form Business Case Template, turn your attention to the value proposition section.
    2. Using your problem and initiative canvases, in addition to the benefits section, craft a value proposition statement that answers the following questions in one or two sentences:
      • Who is the initiative for?
      • What is the initiative?
      • What does the initiative do?
      • How is the initiative different?
    3. Input the value proposition statement into the value proposition section of the Short-Form Business Case Template.

    Input

    • Initiative canvas
    • Benefits section of the Short-Form Business Case Template

    Output

    • Completed value proposition section of the Short-Form Business Case Template

    Materials

    • Short-Form Business Case Template

    Participants

    • Opportunity owner
    • Opportunity group/team

    Identify initiative steps and add to business case

    Tasks:

    Turn your attention to the roadmap section of the Short-Form Business Case Template and fill it in through the following steps:

    1. Select which scope, resource, and/or time reduction tactics to apply given the context of the project.
    2. Use the test, run, gauge, and collect framework supplied, unless you elect to generate your own project phases. If that is the case, ensure that phases are mutually exclusive and completely exhaustive (MECE).
    3. For each phase, supply a brief description of the activities to be undertaken for that phase.
    4. Map the benefits to be accrued within each phase.
    5. For each phase, supply a set of two to three potential factors that create risk toward the benefits listed.
    6. For each risk, supply a mitigation tactic that could be employed to diffuse the risk or to mitigate it completely.

    Input

    • Project benefits
    • Scope, resource, and time reduction tactics

    Output

    • Roadmap section of the Short-Form Business Case Template

    Materials

    • Short-Form Business Case Template

    Participants

    • Opportunity owner

    Fill out the cost section of the business case

    Tasks:

    1. Having already completed the roadmap part of the Short-Form Business Case Template, turn your attention to the cost section.
    2. Use the scope, resource, and time reduction tactics and roadmap to estimate the cost necessary to execute the project. Remember that costs are a factor of the resources required and the cost type.
      • Resources:
        • Hardware
        • Software
        • Human
        • Network and communications
        • Facilities
      • Cost Types:
        • Acquisition
        • Operation
        • Growth and change
    3. Complete the cost section of the Short-Form Business Case Template with the cost estimate for the project.

    Input

    • Roadmap
    • Scope, resource, and time reduction tactics

    Output

    • Cost section of the Short-Form Business Case Template

    Materials

    • Short-Form Business Case Template

    Participants

    • Opportunity owner
    • Opportunity group/team

    Exemplar: Short-Form Business Case

    Short form business case template. Shows value proposition, initiative benefits and initiative roadmap.

    Step 3: Determine a Prioritized List of Initiatives

    Green-light opportunities for digital investment and create your list of high-priority digital initiatives.

    Step 3: Determine a prioritized list of initiatives.

    Step 3

    Determine a Prioritized List of Initiatives

    3.1

    Compile information

    Finalize your list of high priority initiatives.

    This list should also include the short-form business cases that you completed in the previous step. This compilation of initiative information will be used in the next phase of your digital journey and is critical for its successful completion.

    Consider:
    • Checking your work. Does it ring true? Does it create excitement? People will be working on these initiatives in the near future, so it’s ideal if they feel good about the outcomes.
    • Integrating with your IT strategy, if you have one. These digital initiatives will figure prominently in the fiscal quarters to come.
    Avoid:
    • Dramatic effect. While you want stakeholders and IT staff to be enthusiastic about the work ahead, don’t dress up the initiatives as something they’re not.

    3.2

    Communicate

    It’s time to communicate with stakeholders.

    By now you should have a relatively short yet potent list of digital business initiatives – plus a business case for each – that has been thoroughly vetted and prioritized. Stakeholders are eager to learn more about these initiatives, though the details that matter most may differ from stakeholder to stakeholder.

    Consider:
    • Socializing the business cases before formally presenting to stakeholders for approval.
    • You will want to first elicit feedback and make any recommended changes to messaging.
    • Tailoring your message depending on stakeholder type, their priorities and concerns, and so on.
    Avoid:
    • Sugar coating. Many, if not all, of these stakeholders have the authority to invalidate or disapprove any business case that fails to pass muster. Give it to them straight.

    Compile your prioritized initiatives

    There are two follow-up actions to do with your newly prioritized list of digital initiative business cases: present them to stakeholders for approval and then add them to your IT strategic roadmap.

    Compile prioritized initiatives. Present to stakeholders and then add them to your IT strategic roadmap.

    Present business cases to stakeholders

    For most high-profile digital business initiatives, the short-form business case will not be the first time stakeholders hear about them. By this point, securing approval should only be a formality if the initiative has been effectively socialized beforehand. If this is not the case, one must build an adequate understanding of the stakeholder landscape and then use this understanding to effectively present business cases for digital initiative and receive approval to proceed with them.

    Gauge the importance of various stakeholders and tailor your message according to their concerns and the requirements of their role. Consider the following important questions about each stakeholder:

    • Authority: How much influence does the stakeholder have? Enough to drive the initiative forward?
    • Involvement: How interested is the stakeholder? How involved is the stakeholder in the initiative already?
    • Impact: To what degree will the stakeholder be impacted? Will this significantly change how they do their job?
    • Support: Is the stakeholder a supporter of the initiative? Neutral? A resistor?

    Develop a stakeholder map

    A stakeholder map helps visualize the importance of various stakeholders and their concerns so you can prioritize your time according to those stakeholders who are most impacted by a digital initiative, as well as those who have the authority to green-light them.

    1. Evaluate each stakeholder in terms of authority, involvement, impact, and support, as discussed in the previous slide.
    2. Map each stakeholder to an area on the right template (slide four) based upon the level of their authority and involvement (high or low).
      • Vary the size of the circle to distinguish stakeholders that are highly impacted by the IT strategy from those who are not. Color each circle to show each stakeholder’s estimated or gauged level of support for the project.
    3. Ask yourself if the stakeholder map looks accurate. Is there someone who has no involvement in digital initiatives, but should?
      • A) For example, if a CFO who has the authority to disapprove project funding is heavily impacted and not involved, the success of the business cases will be put at risk.
    4. Draw a dotted circle to show where that stakeholder needs to be located (increased involvement and support), and an arrow with a dotted line to signify the needed change. Some stakeholders may have influence over others.
      • B) For example, a COO who highly values the opinion of the director of operations would be influenced by that director. Draw an arrow from one stakeholder to another to signify this relationship.

    Focus on key players: Relevant stakeholders who have high power are highly impacted and should have high involvement. Engage the stakeholders that are impacted most and have the authority to influence digital initiatives and approve business cases.

    Stakeholder map. Authority versus involvement of key players.

    Summary of key insights

    By now, you should have a firm understanding of the principles and desired actions, behaviors, and outcomes that have been presented in this methodology. Furthermore:

    1. Prioritization of digital opportunities can be a relatively straightforward task as long as the correct stakeholders are involved and use a common and agreed upon set of criteria.
    2. Developing a business case for a digital initiative in an agile manner need not be a grueling exercise provided that a vetted and repeatable process is used.
    3. Above all, remember that this is a journey. Going from an intangible (macro-trend, problem, or opportunity) to a tangible (actual project or initiative) does not happen all at once.

    Related Info-Tech Research

    Understand Industry Trends

    Assess how the external environment presents opportunities or threats to your organization.

    Build a Business-Aligned IT Strategy

    Align with the business by creating an IT strategy that documents the business context, key initiatives, and a strategic roadmap.

    Define Your Digital Business Strategy

    Design a strategy that applies innovation to your business model, streamlines and transforms processes, and makes use of technologies to enhance interactions with customers and employees.

    Research Contributors and Experts

    Ross Armstrong

    Ross Armstrong

    Principal Research Director, CIO Advisory
    Info-Tech Research Group

    Ross Armstrong is a Principal Research Director in the CIO Advisory practice at Info-Tech Research Group, covering the areas of IT strategic planning, digital strategy, digital transformation, and IT innovation.

    Ross has worked in a variety of public and private sector industries including automotive, IT, mobile/telecom, and higher education. All of his roles over the years have centered around data-driven market research – in pursuit of insightful and successful product development and product management – at their core.

    In addition to his long tenure as an Info-Tech Research Group analyst, Ross has worked in research and product innovation positions at Autodata initiatives (J.D. Power), BlackBerry, and Ivey Business School (Western University).

    Ross holds a Master of Arts degree in English Language and Literature from Western University (UWO) and has served as an advisory board member for a number of not-for-profit and educational institutions.

    Joanne Lee

    Joanne Lee

    Principal Research Director, CIO Advisory
    Info-Tech Research Group

    Joanne is an executive with over 25 years of experience providing leadership in digital technology and management consulting across both public and private entities from initiative delivery to organizational redesign across BC, Ontario, and Globally.

    A Director within KPMG’s CIO Advisory Management Consulting services and practice lead for Digital Health in BC, Joanne has led various client engagements from ERP Cloud Strategy, IT Operating Models, Data and Analytics maturity, to process redesign. More recently, Joanne was the Chief Program Officer and Executive Director responsible for leading the implementation of a $450M technology and business transformation initiative across 13 hospitals and community services for one of the largest health authorities in BC.

    A former clinician, Joanne has held progressive leadership roles in healthcare with accountabilities across IT operations and service management, data analytics, project management office (PMO), clinical informatics, and privacy and contract management. Joanne is passionate about connecting people, concepts, and capital.

    Bibliography

    “AI: From Data to ROI.” Cognizant, September 2020. Accessed November 2022.

    Bughin, Jacques, et al. “The Case for Digital Reinvention.” McKinsey Quarterly, February 2017. Accessed November 2022.

    “The Business Case for Digital Transformation.” CPA Canada, June 2021. Accessed November 2022.

    “The Case for Digital Transformation.” The National Center for the Middle Market, Ohio State University, 2020. Accessed October 2022.

    “Digital Transformation in Government Case Study.” Ionology, April 2020. Accessed October 2022.

    Louis, Peter, et al. “Internet of Things – From Buzzword to Business Case.” Siemens, 11 January 2021. Accessed December 2022.

    Miesen, Nick. “Case Studies of Digital Transformations in Process and Aerospace Industries.” Jugaad, 2018. Accessed November 2022.

    Proff, Harald, and Claudia Bittrich. “The Digital Business Case - Done Right!” Deloitte, August 2019. Accessed October 2022.

    “Propelling an Aerospace Innovator.” Accenture, 2021. Accessed October 2022.

    Schmidt-Subramanian, Maxie. “The ROI of CX Transformation.” Forrester, 15 August 2019. Accessed November 2022.

    Ward, John, et al. “Building Better Business Cases for IT Investments.” California Management Review, Sept. 2007. Web.

    Voka 2025 Resilience Scores

     

    Test uw digitale slagkracht!

    Jammer! U bent te laat.

    De VOKA Bedrijven Contact Dagen 2025 zijn voorbij en onze winnaars zijn bekend!

    Liguris: 80 points
    Keiretsu: 71 points
    Staffler: 69 points
    Xpo group: 67 points
    Actief: 66 points

    Continue reading

    Change Management

    • Buy Link or Shortcode: {j2store}3|cart{/j2store}
    • Related Products: {j2store}3|crosssells{/j2store}
    • Up-Sell: {j2store}3|upsells{/j2store}
    • Download01-Title: Change Management Executive Brief
    • Download-01: Visit Link
    • member rating overall impact: 9.6/10
    • member rating average dollars saved: $35,031
    • member rating average days saved: 34
    • Parent Category Name: Infra and Operations
    • Parent Category Link: /infra-and-operations
    • byline: Optimize your change management
    Every company needs some change management. Both business and IT teams benefit from knowing what changes when.

    incident, problem, problemchange

    Project Management

    • Buy Link or Shortcode: {j2store}48|cart{/j2store}
    • Related Products: {j2store}48|crosssells{/j2store}
    • member rating overall impact: 9.7/10
    • member rating average dollars saved: $303,499
    • member rating average days saved: 42
    • Parent Category Name: Project Portfolio Management and Projects
    • Parent Category Link: /ppm-and-projects
    • byline: Right-size the project management body of knowledge for all your IT projects.

    The challenge

    • Ill-defined or even lack of upfront project planning will increase the perception that your IT department cannot deliver value because most projects will go over time and budget.
    • The perception is those traditional ways of delivering projects via the PMBOK only increase overhead and do not have value. This is less due to the methodology and more to do with organizations trying to implement best-practices that far exceed their current capabilities.
    • Typical best-practices are too clinical in their approach and place unrealistic burdens on IT departments. They fail to address the daily difficulties faces by staff and are not sized to fit your organization.
    • Take a flexible approach and ensure that your management process is a cultural and capacity fit for your organization. Take what fits from these frameworks and embed them tailored into your company.

    Our advice

    Insight

    • The feather-touch is often the right touch. Ensure that you have a lightweight approach for most of your projects while applying more rigor to the more complex and high-risk developments.
    • Pick the right tools. Your new project management processes need the right tooling to be successful. Pick a tool that is flexible enough o accommodate projects of all sizes without imposing undue governance onto smaller projects.
    • Yes, take what fits within your company from frameworks, but there is no cherry-picking. Ensure your processes stay in context: If you do not inform for effective decision-making, all will be in vain. Develop your methods such that guide the way to big-picture decision taking and support effective portfolio management.

    Impact and results 

    • The right amount of upfront planning is a function of the type of projects you have and your company. The proper levels enable better scope statements, better requirements gathering, and increased business satisfaction.
    • An investment in a formal methodology is critical to projects of all sizes. An effective process results in more successful projects with excellent business value delivery.
    • When you have a repeatable and consistent approach to project planning and execution, you can better communicate between the IT project managers and decision-makers.
    • Better communication improves the visibility of the overall project activity within your company.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started.

    Read our executive brief to understand why you should tailor project management practices to the type of projects you do and your company and review our methodology. We show you how we can support you.

    Lay the groundwork for project management success

    Assess your current capabilities to set the right level of governance.

    • Tailor Project Management Processes to Fit Your Projects – Phase 1: Lay the Groundwork for PM Success (ppt)
    • Project Management Triage Tool (xls)
    • COBIT BAI01 (Manage Programs and Projects) Alignment Workbook (xls)
    • Project Level Definition Matrix (xls)
    • Project Level Selection Tool (xls)
    • Project Level Assessment Tool (xls)
    • Project Management SOP Template (doc)

    Small project require a lightweight framework

    Increase small project's throughput.

    • Tailor Project Management Processes to Fit Your Projects – Phase 2: Build a Lightweight PM Process for Small Initiatives (ppt)
    • Level 1 Project Charter Template (doc)
    • Level 1 Project Status Report Template (doc)
    • Level 1 Project Closure Checklist Template (doc)

    Build the standard process medium and large-scale projects

    The standard process contains fully featured initiation and planning.

    • Tailor Project Management Processes to Fit Your Projects – Phase 3: Establish Initiation and Planning Protocols for Medium-to-Large Projects (ppt)
    • Project Stakeholder and Impact Assessment Tool (xls)
    • Level 2 Project Charter Template (doc)
    • Level 3 Project Charter Template (doc)
    • Kick-Off Meeting Agenda Template (doc)
    • Scope Statement Template (doc)
    • Project Staffing Plan(xls)
    • Communications Management Plan Template (doc)
    • Customer/Sponsor Project Status Meeting Template (doc)
    • Level 2 Project Status Report Template (doc)
    • Level 3 Project Status Report Template (doc)
    • Quality Management Workbook (xls)
    • Benefits Management Plan Template (xls)
    • Risk Management Workbook (xls)

    Build a standard process for the execution and closure of medium to large scale projects

    • Tailor Project Management Processes to Fit Your Projects – Phase 4: Develop Execution and Closing Procedures for Medium-to-Large Projects (ppt)
    • Project Team Meeting Agenda Template (doc)
    • Light Project Change Request Form Template (doc)
    • Detailed Project Change Request Form Template (doc)
    • Light Recommendation and Decision Tracking Log Template (xls)
    • Detailed Recommendation and Decision Tracking Log Template (xls)
    • Deliverable Acceptance Form Template (doc)
    • Handover to Operations Template (doc)
    • Post-Mortem Review Template (doc)
    • Final Sign-Off and Acceptance Form Template (doc)

    Implement your project management standard operating procedures (SOP)

    Develop roll-out and training plans, implement your new process and track metrics.

    • Tailor Project Management Processes to Fit Your Projects – Phase 5: Implement Your PM SOP (ppt)
    • Level 2 Project Management Plan Template (doc)
    • Project Management Process Costing Tool (xls)
    • Project Management Process Training Plan Template (doc)
    • Project Management Training Monitoring Tool (xls)
    • Project Management Process Implementation Timeline Tool (MS Project)
    • Project Management Process Implementation Timeline Tool (xls)

     

     

    Manage an IT Budget

    • Buy Link or Shortcode: {j2store}70|cart{/j2store}
    • member rating overall impact: 8.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Cost & Budget Management
    • Parent Category Link: /cost-and-budget-management
    • IT is viewed as a cost center without a clear understanding of the value it provides.
    • After completing the budget, the CIO is faced with changing expectations, disruptions, new risks, and new threats.
    • IT departments often lack a reliable budget management process to keep itself on track towards its budget goals.
    • Over budgeting risks credibility if projects are not all delivered, while under budgeting risks not being able to execute important projects.

    Our Advice

    Critical Insight

    • Managing your budget is not just about numbers; it’s also about people and processes. Better relationships and a proper process leads to better management of your budget. Understand how your relationships and current processes might be leveraged to manage your budget.
    • No one likes to be over budget, but being under budget isn’t necessarily good either. Coming in under budget may mean that you are not accomplishing the initiatives that you promised you would, reflecting poor job performance.

    Impact and Result

    • Implement a formal budget management process that documents your planned budget and actual expenditures, tracks variances, and responds to those variances to stay on track towards budget goals.
    • Manage the expectations of business stakeholders by communicating the links between IT spend and business value in a way that is easily understood by the business.
    • Control for under- or overspending by using Info Tech’s budget management tool and tactics.

    Manage an IT Budget Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to understand the increasing expectations for IT departments to better manage their budgets, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Document

    Create a streamlined documentation process that also considers the elements of people and technology.

    • Manage an IT Budget – Phase 1: Document
    • Manage Your IT Budget Tool

    2. Track

    Track your planned budget against actual expenditures to catch areas of over- and underspending in a timely manner.

    • Manage an IT Budget – Phase 2: Track

    3. Control

    Leverage control mechanisms to manage variances in your budget.

    • Manage an IT Budget – Phase 3: Control
    [infographic]

    Workshop: Manage an IT Budget

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Document Budget

    The Purpose

    The first step of managing your IT budget is to make sure there is a properly documented budget that everyone agrees upon.

    Key Benefits Achieved

    A properly documented budget facilitates management and communication of the budget.

    Activities

    1.1 Review budget for the year.

    1.2 Document each budget in the tool.

    1.3 Review CAPEX vs. OPEX.

    1.4 Customize accounts to match your organization.

    Outputs

    Budget broken out into monthly increments and by each account.

    Budget documented in tool.

    Tool customized to reflect organization's specific accounts and terminology.

    2 Optimize Documentation Process

    The Purpose

    A proper documentation process forms the backbone for effective budget management.

    Key Benefits Achieved

    A streamlined documentation process with accurate inputs that also considers the elements of people and technology.

    Activities

    2.1 Draw out process flow of current documentation.

    2.2 Identify bottlenecks.

    2.3 Discuss and develop roadmap to solving bottlenecks.

    Outputs

    Process flow of current documentation process with identified bottlenecks.

    Plan to mitigate bottlenecks.

    3 Track and Control for Over- and Underspending

    The Purpose

    Track your planned budget against actual expenditures to catch areas of over- and underspending in a timely manner. Then, leverage control mechanisms to manage variances in your budget.

    Key Benefits Achieved

    Tracking and controlling for variances will help the IT department stay on track towards its budget goals. It will also help with communicating IT’s value to the business.

    Activities

    3.1 Walk through the “Overview Bar.”

    3.2 Document actual expenses incurred in fiscal to date.

    3.3 Review the risk of over- and underspending.

    3.4 Use the reforecast column to control for over- and underspend.

    Outputs

    Assess the “Overview Bar.”

    Document actual expenditures and committed expenses up to the current date.

    Develop a strategy and roadmap for how you will mitigate any current under- or overspends.

    Reforecast expenditures for each account for each month for the remainder of the fiscal year.

    Service Management

    • Buy Link or Shortcode: {j2store}46|cart{/j2store}
    • Related Products: {j2store}46|crosssells{/j2store}
    • Parent Category Name: Service Planning and Architecture
    • Parent Category Link: /service-planning-and-architecture
    • byline: Implement service management in a way that makes sense.

    The challenge

    • We have good, holistic practices, but inconsistent adoption leads to chaotic service delivery and low customer satisfaction.
    • You may have designed your IT services with little structure, formalization, or standardization.
    • That makes the management of these services more difficult and also leads to low business satisfaction.

    Continue reading

    Drive Customer Convenience by Enabling Text-Based Customer Support

    • Buy Link or Shortcode: {j2store}531|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Customer Relationship Management
    • Parent Category Link: /customer-relationship-management
    • Text messaging services and applications (such as SMS, iMessage, WhatsApp, and Facebook Messenger) have seen explosive growth over the last decade. They are an entrenched part of consumers’ daily lives. For many demographics, text messaging rather than audio calls is the preferred medium of communication via smartphone.
    • Despite the popularity of text messaging services and applications with consumers, organizations have been slow to adequately incorporate these channels into their customer service strategy.
    • The result is a major disconnect between the channel preferences of consumers and the customer service options being offered by businesses.

    Our Advice

    Critical Insight

    • IT must work with their counterparts in customer service to build a technology roadmap that incorporates text messaging services and apps as a core channel for customer interaction. Doing so will increase IT’s stature as an innovator in the eyes of the business, while allowing the broader organization to leapfrog competitors that have not yet added text-based support to their repertoire of service channels. Incorporating text messaging as a customer service channel will increase customer satisfaction, improve retention, and reduce cost-to-serve.
    • A prudent strategy for text-based customer service begins with defining the value proposition and creating objectives: is there a strong fit with the organization’s customers and service use cases? Next, organizations must create a technology enablement roadmap for text-based support that incorporates the right tools and applications to deliver it. Finally, the strategy must address best practices for text-based customer service workflows and appropriate resourcing.

    Impact and Result

    • Understand the value and use cases for text-based customer support.
    • Create a framework for enabling technologies that will support scalable text-based customer service.
    • Improve underlying business metrics such as customer satisfaction, retention, and time to resolution by having a plan for text-based support.
    • Better align IT with customer service and support needs.

    Drive Customer Convenience by Enabling Text-Based Customer Support Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should be leveraging text-based services for customer support, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create the business case for text-based customer support

    Understand the use cases and benefits of using text-based services for customer support, and establish how they align to the organization’s current service strategy.

    • Drive Customer Convenience by Enabling Text-Based Customer Support – Phase 1: Create the Business Case for Text-Based Customer Support
    • Text-Based Customer Support Strategic Summary Template
    • Text-Based Customer Support Project Charter Template
    • Text-Based Customer Support Business Case Assessment

    2. Create a technology enablement framework for text-based customer support

    Identify the right applications that will be needed to adequately support a text-based support strategy.

    • Drive Customer Convenience by Enabling Text-Based Customer Support – Phase 2: Create a Technology Enablement Framework for Text-Based Customer Support
    • Text-Based Customer Support Requirements Traceability Matrix

    3. Create customer service workflows for text-based support

    Create repeatable workflows and escalation policies for text-centric support.

    • Drive Customer Convenience by Enabling Text-Based Customer Support – Phase 3: Create Customer Service Workflows for Text-Based Support
    • Text-Based Customer Support TCO Tool
    • Text-Based Customer Support Acceptable Use Policy
    [infographic]

    Workshop: Drive Customer Convenience by Enabling Text-Based Customer Support

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Create the Business Case for Text-Based Support

    The Purpose

    Create the business case for text-based support.

    Key Benefits Achieved

    A clear direction on the drivers and value proposition of text-based customer support for your organization.

    Activities

    1.1 Identify customer personas.

    1.2 Define business and IT drivers.

    Outputs

    Identification of IT and business drivers.

    Project framework and guiding principles for the project.

    2 Create a Technology Enablement Framework for Text-Based Support

    The Purpose

    Create a technology enablement framework for text-based support.

    Key Benefits Achieved

    Prioritized requirements for text-based support and a vetted shortlist of the technologies needed to enable it.

    Activities

    2.1 Determine the correct migration strategy based on the current version of Exchange.

    2.2 Plan the user groups for a gradual deployment.

    Outputs

    Exchange migration strategy.

    User group organization by priority of migration.

    3 Create Service Workflows for Text-Based Support

    The Purpose

    Create service workflows for text-based support.

    Key Benefits Achieved

    Customer service workflows and escalation policies, as well as risk mitigation considerations.

    Present final deliverable to key stakeholders.

    Activities

    3.1 Review the text channel matrix.

    3.2 Build the inventory of customer service applications that are needed to support text-based service.

    Outputs

    Extract requirements for text-based customer support.

    4 Finalize Your Text Service Strategy

    The Purpose

    Finalize the text service strategy.

    Key Benefits Achieved

    Resource and risk mitigation plan.

    Activities

    4.1 Build core customer service workflows for text-based support.

    4.2 Identify text-centric risks and create a mitigation plan.

    4.3 Identify metrics for text-based support.

    Outputs

    Business process models assigned to text-based support.

    Formulation of risk mitigation plan.

    Key metrics for text-based support.

    Present Security to Executive Stakeholders

    • Buy Link or Shortcode: {j2store}262|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $2,000 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • There is a disconnect between security leaders and executive stakeholders on what information is important to present.
    • Security leaders find it challenging to convey the necessary information to obtain support for security objectives.
    • Changes to the threat landscape and shifts in organizational goals exacerbate the issue, as they impact security leaders' ability to prioritize topics to be communicated.
    • Security leaders struggle to communicate the importance of security to a non-technical audience.

    Our Advice

    Critical Insight

    Security presentations are not a one-way street. The key to a successful executive security presentation is having a goal for the presentation and ensuring that you have met your goal.

    Impact and Result

    • Developing a thorough understanding of the security communication goals.
    • Understanding the importance of leveraging highly relevant and understandable data.
    • Developing and delivering presentations that will keep your audience engaged and build trust with your executive stakeholders.

    Present Security to Executive Stakeholders Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Present Security to Executive Stakeholders – A step-by-step guide to communicating security effectively to obtain support from decision makers.

    Use this as a guideline to assist you in presenting security to executive stakeholders.

    • Present Security to Executive Stakeholders Storyboard

    2. Security Presentation Templates – A set of security presentation templates to assist you in communicating security to executive stakeholders.

    The security presentation templates are a set of customizable templates for various types of security presentation including:

    • Present Security to Executive Stakeholders Templates

    Infographic

    Further reading

    Present Security to Executive Stakeholders

    Learn how to communicate security effectively to obtain support from decision makers.

    Analyst Perspective

    Build and deliver an effective security communication to your executive stakeholders.

    Ahmad Jowhar

    As a security leader, you’re tasked with various responsibilities to ensure your organization can achieve its goals while its most important assets are being protected.

    However, when communicating security to executive stakeholders, challenges can arise in determining what topics are pertinent to present. Changes in the security threat landscape coupled with different business goals make identifying how to present security more challenging.

    Having a communication framework for presenting security to executive stakeholders will enable you to effectively identify, develop, and deliver your communication goals while obtaining the support you need to achieve your objectives.

    Ahmad Jowhar
    Research Specialist, Security & Privacy

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach
    • Many security leaders struggle to decide what to present and how to present security to executive stakeholders.
    • Constant changes in the security threat landscape impacts a security leader’s ability to prioritize topics to be communicated.
    • There is a disconnect between security leaders and executive stakeholders on what information is important to present.
    • Security leaders struggle to communicate the importance of security to a non-technical audience.
    • Developing a thorough understanding of security communication goals.
    • Understanding the importance of leveraging highly relevant and understandable data.
    • Developing and delivering presentations that will keep your audience engaged and build trust with your executive stakeholders.

    Info-Tech Insight

    Security presentations are not a one-way street. The key to a successful executive security presentation is having a goal for the presentation and verifying that you have met your goal.

    Your challenge

    As a security leader, you need to communicate security effectively to executive stakeholders in order to obtain support for your security objectives.

    • When it comes to presenting security to executive stakeholders, many security leaders find it challenging to convey the necessary information in order to obtain support for security objectives.
    • This is attributed to various factors, such as an increase in the threat landscape, changes to industry regulations and standards, and new organizational goals that security has to align with.
    • Furthermore, with the limited time to communicate with executive stakeholders, both in frequency and duration, identifying the most important information to address can be challenging.

    76% of security leaders struggle in conveying the effectiveness of a cybersecurity program.

    62% find it difficult to balance the risk of too much detail and need-to-know information.

    41% find it challenging to communicate effectively with a mixed technical and non-technical audience.

    Source: Deloitte, 2022

    Common obstacles

    There is a disconnect between security leaders and executive stakeholders when it comes to the security posture of the organization:

    • Executive stakeholders are not confident that their security leaders are doing enough to mitigate security risks.
    • The issue has been amplified, with security threats constantly increasing across all industries.
    • However, security leaders don’t feel that they are in a position to make themselves heard.
    • The lack of organizational security awareness and support from cross-functional departments has made it difficult to achieve security objectives (e.g. education, investments).
    • Defining an approach to remove that disconnect with executive stakeholders is of utmost importance for security leaders, in order to improve their organization’s security posture.

    9% of boards are extremely confident in their organization’s cybersecurity risk mitigation measures.

    77% of organizations have seen an increase in the number of attacks in 2021.

    56% of security leaders claimed their team is not involved when leadership makes urgent security decisions.

    Source: EY, 2021
    The image contains a screenshot of an Info-Tech Thoughtmodel titled: Presenting Security to Executive Stakeholders.

    Info-Tech’s methodology for presenting security to executive stakeholders

    1. Identify communication goals

    2. Collect information to support goals

    3. Develop communication

    4. Deliver communication

    Phase steps
    1. Identify drivers for communicating to executives
    2. Define your goals for communicating to executives
    1. Identify data to collect
    2. Plan how to retrieve data
    1. Plan communication
    2. Build a compelling communication document
    1. Deliver a captivating presentation
    2. Obtain/verify goals

    Phase outcomes

    A defined list of drivers and goals to help you develop your security presentations

    A list of data sources to include in your communication

    A completed communication template

    A solidified understanding of how to effectively communicate security to your stakeholders

    Develop a structured process for communicating security to your stakeholders

    Security presentations are not a one-way street
    The key to a successful executive security presentation is having a goal for the presentation and verifying that you have met your goal.

    Identifying your goals is the foundation of an effective presentation
    Defining your drivers and goals for communicating security will enable you to better prepare and deliver your presentation, which will help you obtain your desired outcome.

    Harness the power of data
    Leveraging data and analytics will help you provide quantitative-based communication, which will result in a more meaningful and effective presentation.

    Take your audience on a journey
    Developing a storytelling approach will help engage with your audience.

    Win your audience by building a rapport
    Establishing credibility and trust with executive stakeholders will enable you to obtain their support for security objectives.

    Tactical insight
    Conduct background research on audience members (i.e. professional background) to help understand how best to communicate with them and overcome potential objections.

    Tactical insight
    Verifying your objectives at the end of the communication is important, as it ensures you have successfully communicated to executive stakeholders.

    Project deliverables

    This blueprint is accompanied by a supporting deliverable which includes five security presentation templates.

    Report on Security Initiatives
    Template showing how to inform executive stakeholders of security initiatives.

    		 Report on Security Initiatives.

    Security Metrics
    Template showing how to inform executive stakeholders of current security metrics that would help drive future initiatives.

    		 Security Metrics.

    Security Incident Response & Recovery
    Template showing how to inform executive stakeholders of security incidents, their impact, and the response plan.

    		 Security Incident Response & Recovery

    Security Funding Request
    Template showing how to inform executive stakeholders of security incidents, their impact, and the response plan.

    		 Security Funding Request

    Key template:

    Security and Risk Update

    Template showing how to inform executive stakeholders of proactive security and risk initiatives.

    Blueprint benefits

    IT/InfoSec benefits

    Business benefits
    • Reduce effort and time spent preparing cybersecurity presentations for executive stakeholders by having templates to use.
    • Enable security leaders to better prepare what to present and how to present it to their executive stakeholders, as well as driving the required outcomes from those presentations.
    • Establish a best practice for communicating security and IT to executive stakeholders.
    • Gain increased awareness of cybersecurity and the impact executive stakeholders can have on improving an organization’s security posture.
    • Understand how security’s alignment with the business will enable the strategic growth of the organization.
    • Gain a better understanding of how security and IT objectives are developed and justified.

    Measure the value of this blueprint

    Phase

    Measured Value (Yearly)

    Phase 1: Identify communication goals

    Cost to define drivers and goals for communicating security to executives:

    16 FTE hours @ $233K* =$1,940

    Phase 2: Collect information to support goals

    Cost to collect and synthesize necessary data to support communication goals:

    16 FTE hours @ $233K = $1,940

    Phase 3: Develop communication

    Cost to develop communication material that will contextualize information being shown:

    16 FTE hours @ $233K = $1,940

    Phase 4: Deliver communication

    Potential Savings:

    Total estimated effort = $5,820

    Our blueprint will help you save $5,820 and over 40 FTE hours

    * The financial figure depicts the annual salary of a CISO in 2022

    Source: Chief Information Security Officer Salary.” Salary.com, 2022

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Phase 1

    Identify communication goals

    Phase 1 Phase 2 Phase 3 Phase 4

    1.1 Identify drivers for communicating to executives

    1.2 Define your goals for communicating to executives

    2.1 Identify data to collect

    2.2 Plan how to retrieve data

    3.1 Plan communication

    3.2 Build a compelling communication document

    4.1 Deliver a captivating presentation

    4.2 Obtain/verify support for security goals

    This phase will walk you through the following activities:

    • Understanding the different drivers for communicating security to executive stakeholders
    • Identifying different communication goals

    This phase involves the following participants:

    • Security leader

    1.1. Identify drivers for communicating to executive stakeholders

    As a security leader, you meet with executives and stakeholders with diverse backgrounds, and you aim to showcase your organization’s security posture along with its alignment with the business’ goals.

    However, with the constant changes in the security threat landscape, demands and drivers for security could change. Thus, understanding potential drivers that will influence your communication will assist you in developing and delivering an effective security presentation.

    39% of organizations had cybersecurity on the agenda of their board’s quarterly meeting.

    Source: EY, 2021.

    Info-Tech Insight

    Not all security presentations are the same. Keep your communication strategy and processes agile.

    Know your drivers for security presentations

    By understanding the influences for your security presentations, you will be able to better plan what to present to executive stakeholders.

    • These meetings, which are usually held once per quarter, provide you with less than one hour of presentation time.
    • Hence, it is crucial to know why you need to present security and whether these drivers are similar across the other presentations.

    Understanding drivers will also help you understand how to present security to executive stakeholders.

    • These drivers will shape the structure of your presentation and help determine your approach to communicating your goals.
    • For example, financial-based presentations that are driven by budget requests might create a sense of urgency or assurance about investment in a security initiative.

    Identify your communication drivers, which can stem from various initiatives and programs, including:

    • Results from internal or external audit reports.
    • Upcoming budget meetings.
    • Briefing newly elected executive stakeholders on security.

    When it comes to identifying your communication drivers, you can collaborate with subject matter experts, like your corporate secretary or steering committees, to ensure the material being communicated will align with some of the organizational goals.

    Examples of drivers for security presentations

    Audit
    Upcoming internal or external audits might require updates on the organization’s compliance

    Organizational restructuring
    Restructuring within an organization could require security updates

    Merger & Acquisition
    An M&A would trigger presentations on organization’s current and future security posture

    Cyber incident
    A cyberattack would require an immediate presentation on its impact and the incident response plan

    Ad hoc
    Provide security information requested by stakeholders

    1.2. Define your goals for communicating to executives

    After identifying drivers for your communication, it’s important to determine what your goals are for the presentation.

    • Communication drivers are mainly triggers for why you want to present security.
    • Communication goals are the potential outcomes you are hoping to obtain from the presentation.
    • Your communication goals would help identify what data and metrics to include in your presentation, the structure of your communication deck, and how you deliver your communication to executive stakeholders.

    Identifying your communication goals could require the participation of the security team, IT leadership, and other business stakeholders.

    • As a group, brainstorm the security goals that align with your business goals for the coming year.
      • Aim to have at least two business goals that align with each security goal.
    • Identify what benefits and value the executive stakeholders will gain from the security goal being presented.
      • E.g. Increased security awareness, updates on organization's security posture.
    • Identify what the ask is for this presentation.
      • E.g. Approval for increasing budget to support security initiatives, executive support to implement internal security programs.

    Info-Tech Insight

    There can be different reasons to communicate security to executive stakeholders. You need to understand what you want to get out of your presentation.

    Examples of security presentation goals

    Educate
    Educate the board on security trends and/or latest risks in the industry

    Update
    Provide updates on security initiatives, relevant security metrics, and compliance posture

    Inform
    Provide an incident response plan due to a security incident or deliver updates on current threats and risks

    Investment
    Request funding for security investments or financial updates on past security initiatives

    Ad hoc
    Provide security information requested by stakeholders

    Phase 2

    Collect information to support goals

    Phase 1Phase 2Phase 3Phase 4

    1.1 Identify drivers for communicating to executives

    1.2 Define your goals for communicating to executives

    2.1 Identify data to collect

    2.2 Plan how to retrieve data

    3.1 Plan communication

    3.2 Build a compelling communication document

    4.1 Deliver a captivating presentation

    4.2 Obtain/verify support for security goals

    This phase will walk you through the following activities:

    • Understanding what types of data to include in your security presentations
    • Defining where and how to retrieve data

    This phase involves the following participants:

    • Security leader
    • Network/security analyst

    2.1 Identify data to collect

    After identifying drivers and goals for your communication, it’s important to include the necessary data to justify the information being communicated.

    • Leveraging data and analytics will assist in providing quantitative-based communication, which will result in a more meaningful and effective presentation.
    • The data presented will showcase the visibility of an organization’s security posture along with potential risks and figures on how to mitigate those risks.
    • Providing analysis of the quantitative data presented will also showcase further insights on the figures, allow the audience to better understand the data, and show its relevance to the communication goals.

    Identifying data to collect doesn’t need to be a rigorous task; you can follow these steps to help you get started:

    • Work with your security team to identify the main type of data applicable to the communication goals.
      • E.g. Financial data would be meaningful to use when communicating a budget presentation.
    • Identify supporting data linked to the main data defined.
      • E.g. If a financial investment is made to implement a security initiative, then metrics on improvements to the security posture will be relevant.
    • Show how both the main and supporting data align with the communication goals.
      • E.g. Improvement in security posture would increase alignment with regulation standards, which would result in additional contracts being awarded and increased revenue.

    Info-Tech Insight

    Understand how to present your information in a way that will be meaningful to your audience, for instance by quantifying security risks in financial terms.

    Examples of data to present

    Educate
    Number of organizations in industry impacted by data breaches during past year; top threats and risks affecting the industries

    Update
    Degree of compliance with standards (e.g. ISO-27001); metrics on improvement of security posture due to security initiatives

    Inform
    Percentage of impacted clients and disrupted business functions; downtime; security risk likelihood and financial impact

    Investment
    Capital and operating expenditure for investment; ROI on past and future security initiatives

    Ad hoc
    Number of security initiatives that went over budget; phishing test campaign results

    2.2 Plan how to retrieve the data

    Once the data that is going to be used for the presentation has been identified, it is important to plan how the data can be retrieved, processed, and shared.

    • Most of the data leveraged for security presentations are structured data, which are highly organized data that are often stored in a relational and easily searchable database.
      • This includes security log reports or expenditures for ongoing and future security investments.
    • Retrieving the data, however, would require collaboration and cooperation from different team members.
    • You would need to work with the security team and other appropriate stakeholders to identify where the data is stored and who the data owner is.

    Once the data source and owner has been identified, you need to plan how the data would be processed and leveraged for your presentation

    • This could include using queries to retrieve the relevant information needed (e.g. SQL, Microsoft Excel).
    • Verify the accuracy and relevance of the data with other stakeholders to ensure it is the most appropriate data to be presented to the executive stakeholders.

    Info-Tech Insight

    Using a data-driven approach to help support your objectives is key to engaging with your audience.

    Plan where to retrieve the data

    Identifying the relevant data sources to retrieve your data and the appropriate data owner enables efficient collaboration between departments collecting, processing, and communicating the data and graphics to the audience.

    Examples of where to retrieve your data

    Data Source

    Data

    Data Owner

    Communication Goal

    Audit & Compliance Reports

    Percentage of controls completed to be certified with ISO 27001; Number of security threats & risks identified.

    Audit Manager;

    Compliance Manager;

    Security Leader

    Ad hoc, Educate, Inform

    Identity & Access Management (IAM) Applications

    Number of privileged accounts/department; Percentage of user accounts with MFA applied

    Network/Security Analyst

    Ad hoc, Inform, Update

    Security Information & Event Management (SIEM)

    Number of attacks detected and blocked before & after implementing endpoint security; Percentage of firewall rules that triggered a false positive

    Network/Security Analyst

    Ad hoc, Inform, Update

    Vulnerability Management Applications

    Percentage of critical vulnerabilities patched; Number of endpoints encrypted

    Network/Security Analyst

    Ad hoc, Inform, Update

    Financial & Accounting Software

    Capital & operating expenditure for future security investments; Return on investment (ROI) on past and current security investments

    Financial and/or Accounting Manager

    Ad hoc, Educate, Investments

    Phase 3

    Develop communication

    Phase 1Phase 2Phase 3Phase 4

    1.1 Identify drivers for communicating to executives

    1.2 Define your goals for communicating to executives

    2.1 Identify data to collect

    2.2 Plan how to retrieve data

    3.1 Plan communication

    3.2 Build a compelling communication document

    4.1 Deliver a captivating presentation

    4.2 Obtain/verify support for security goals

    This phase will walk you through the following activities:

    • Identifying a communication strategy for presenting security
    • Identifying security templates that are applicable to your presentation

    This phase involves the following participants:

    • Security leader

    3.1 Plan communication: Know who your audience is

    • When preparing your communication, it's important to understand who your target audience is and to conduct background research on them.
    • This will help develop your communication style and ensure your presentation caters to the expected audience in the room.

    Examples of two profiles in a boardroom

    Formal board of directors

    The executive team
    • In the private sector, this will include an appointed board of shareholders and subcommittees external to the organization.
    • In the public sector, this can include councils, commissions, or the executive team itself.
    • In government, this can include mayors, ministers, and governors.
    • The board’s overall responsibility is governance.
    • This audience will include your boss and your peers internal to the organization.
    • This category is primarily involved in the day-to-day operations of the organization and is responsible for carrying out the strategic direction set by the board.
    • The executive team’s overall responsibility is operations.

    3.1.1 Know what your audience cares about

    • Understanding what your executive stakeholders value will equip you with the right information to include in your presentations.
    • Ensure you conduct background research on your audience to assist you in knowing what their potential interests are.
    • Your background research could include:
      • Researching the audience’s professional background through LinkedIn.
      • Reviewing their comments from past executive meetings.
      • Researching current security trends that align with organizational goals.
    • Once the values and risks have been identified, you can document them in notes and share the notes with subject matter experts to verify if these values and risks should be shared in the coming meetings.

    A board’s purpose can include the following:

    • Sustaining and expanding the organization’s purpose and ability to execute in a competitive market.
    • Determining and funding the organization’s future and direction.
    • Protecting and increasing shareholder value.
    • Protecting the company’s exposure to risks.

    Examples of potential values and risks

    • Business impact
    • Financial impact
    • Security and incidents

    Info-Tech Insight
    Conduct background research on audience members (e.g. professional background on LinkedIn) to help understand how best to communicate to them and overcome potential objections.

    Understand your audience’s concerns

    • Along with knowing what your audience values and cares about, understanding their main concerns will allow you to address those items or align them with your communication.
    • By treating your executive stakeholders as your project sponsors, you would build a level of trust and confidence with your peers as the first step to tackling their concerns.
    • These concerns can be derived from past stakeholder meetings, recent trends in the industry, or strategic business alignments.
    • After capturing their concerns, you’ll be equipped with the necessary understanding on what material to include and prioritize during your presentations.

    Examples of potential concerns for each profile of executive stakeholders

    Formal board of directors

    The executive team

    • Business impact (What is the impact of IT in solving business challenges?)
    • Investments (How will it impact organization’s finances and efficiency?)
    • Cybersecurity and risk (What are the top cybersecurity risks, and how is IT mitigating those risks to the business?)
    • Business alignment (How do IT priorities align to the business strategy and goals?)
    • IT operational efficiency (How is IT set up for success with foundational elements of IT’s operational strategy?)
    • Innovation & transformation priorities (How is IT enabling the organization’s competitive advantage and supporting transformation efforts as a strategic business partner?)

    Build your presentation to tackle their main concerns

    Your presentation should be well-rounded and compelling when it addresses the board’s main concerns about security.

    Checklist:

    • Research your target audience (their backgrounds, board composition, dynamics, executive team vs. external group).
    • Include value and risk language in your presentation to appeal to your audience.
    • Ensure your content focuses on one or more of the board’s main concerns with security (e.g. business impact, investments, or risk).
    • Include information about what is in it for them and the organization.
    • Research your board’s composition and skillsets to determine their level of technical knowledge and expertise. This helps craft your presentation with the right amount of technology vs. business-facing information.

    Info-Tech Insight
    The executive stakeholder’s main concerns will always boil down to one important outcome: providing a level of confidence to do business through IT products, services, and systems – including security.

    3.1.2 Take your audience through a security journey

    • Once you have defined your intended target and their potential concerns, developing the communication through a storytelling approach will be the next step to help build a compelling presentation.
    • You need to help your executive stakeholders make sense of the information being conveyed and allow them to understand the importance of cybersecurity.
    • Taking your audience through a story will allow them to see the value of the information being presented and better resonate with its message.
    • You can derive insights for your storytelling presentation by doing the following:
      • Provide a business case scenario on the topic you are presenting.
      • Identify and communicate the business problem up front and answer the three questions (why, what, how).
      • Quantify the problems in terms of business impact (money, risk, value).

    Info-Tech Insight
    Developing a storytelling approach will help keep your audience engaged and allow the information to resonate with them, which will add further value to the communication.

    Identify the purpose of your presentation

    You should be clear about your bottom line and the intent behind your presentation. However, regardless of your bottom line, your presentation must focus on what business problems you are solving and why security can assist in solving the problem.

    Examples of communication goals

    To inform or educate

    To reach a decision
    • In this presentation type, it is easy for IT leaders to overwhelm a board with excessive or irrelevant information.
    • Focus your content on the business problem and the solution proposed.
    • Refrain from too much detail about the technology – focus on business impact and risk mitigated. Ask for feedback if applicable.
    • In this presentation type, there is a clear ask and an action required from the board of directors.
    • Be clear about what this decision is. Once again, don’t lead with the technology solution: Start with the business problem you are solving, and only talk about technology as the solution if time permits.
    • Ensure you know who votes and how to garner their support.

    Info-Tech Insight
    Nobody likes surprises. Communicate early and often. The board should be pre-briefed, especially if it is a difficult subject. This also ensures you have support when you deliver a difficult message.

    Gather the right information to include in your boardroom presentation

    Once you understand your target audience, it’s important to tailor your presentation material to what they will care about.

    Typical IT boardroom presentations include:

    • Communicating the value of ongoing business technology initiatives.
    • Requesting funds or approval for a business initiative that IT is spearheading.
    • Security incident response/Risk/DRP.
    • Developing a business program or an investment update for an ongoing program.
    • Business technology strategy highlights and impacts.
    • Digital transformation initiatives (value, ROI, risk).

    Info-Tech Insight
    You must always have a clear goal or objective for delivering a presentation in front of your board of directors. What is the purpose of your board presentation? Identify your objective and outcome up front and tailor your presentation’s story and contents to fit this purpose.

    Info-Tech Insight
    Telling a good story is not about the message you want to deliver but the one the executive stakeholders want to hear. Articulate what you want them to think and what you want them to take away, and be explicit about it in your presentation. Make your story logically flow by identifying the business problem, complication, the solution, and how to close the gap. Most importantly, communicate the business impacts the board will care about.

    Structure your presentation to tell a logical story

    To build a strong story for your presentation, ensure you answer these three questions:

    WHY

    Why is this a business issue, or why should the executive stakeholders care?

    WHAT

    What is the impact of solving the problem and driving value for the company?

    HOW

    How will we leverage our resources (technology, finances) to solve the problem?

    Examples:

    Scenario 1: The company has experienced a security incident.

    Intent: To inform/educate the board about the security incident.

    WHY

    The data breach has resulted in a loss of customer confidence, negative brand impact, and a reduction in revenue of 30%.

    WHAT

    Financial, legal, and reputational risks identified, and mitigation strategies implemented. IT is working with the PR team on communications. Incident management playbook executed.

    HOW

    An analysis of vulnerabilities was conducted and steps to address are in effect. Recovery steps are 90% completed. Incident management program reviewed for future incidents.

    Scenario 2: Security is recommending investments based on strategic priorities.

    Intent: To reach a decision with the board – approve investment proposal.

    WHY

    The new security strategy outlines two key initiatives to improve an organization’s security culture and overall risk posture.

    WHAT

    Security proposed an investment to implement a security training & phishing test campaign, which will assist in reducing data breach risks.

    HOW

    Use 5% of security’s budget to implement security training and phishing test campaigns.

    Time plays a key role in delivering an effective presentation

    What you include in your story will often depend on how much time you have available to deliver the message.

    Consider the following:

    • Presenting to executive stakeholders often means you have a short window of time to deliver your message. The average executive stakeholder presentation is 15 minutes, and this could be cut short due to other unexpected factors.
    • If your presentation is too long, you risk overwhelming or losing your audience. You must factor in the time constraints when building your board presentation.
    • Your executive stakeholders have a wealth of experience and knowledge, which means they could jump to conclusions quickly based on their own experiences. Ensure you give them plenty of background information in advance. Provide your presentation material, a brief, or any other supporting documentation before the meeting to show you are well prepared.
    • Be prepared to have deep conversations about the topic, but respect that the executive stakeholders might not be interested in hearing the tactical information. Build an elevator pitch, a one-pager, back-up slides that support your ask and the story, and be prepared to answer questions within your allotted presentation time to dive deeper.

    Navigating through Q&A

    Use the Q&A portion to build credibility with the board.

    • It is always better to say, “I’m not certain about the answer but will follow up,” than to provide false or inaccurate information on the spot.
    • When asked challenging or irrelevant questions, ensure you have an approach to deflect them. Questions can often be out of scope or difficult to answer in a group. Find what works for you to successfully navigate through these questions:
      • “Let’s work with the sub-committee to find you an answer.”
      • “Let’s take that offline to address in more detail.”
      • “I have some follow-up material I can provide you to discuss that further after our meeting.”
    • And ensure you follow up! Make sure to follow through on your promise to provide information or answers after the meeting. This helps build trust and credibility with the board.

    Info-Tech Insight
    The average board presentation is 15 minutes long. Build no more than three or four slides of content to identify the business problem, the business impacts, and the solution. Leave five minutes for questions at the end, and be prepared with back-up slides to support your answers.

    Storytelling checklist

    Checklist:

    • Tailor your presentation based on how much time you have.
    • Find out ahead of time how much time you have.
    • Identify if your presentation is to inform/educate or reach a decision.
    • Identify and communicate the business problem up front and answer the three questions (why, what, how).
    • Express the problem in terms of business impact (risk, value, money).
    • Prepare and send pre-meeting collateral to the members of the board and executive team.
    • Include no more than 5-6 slides for your presentation.
    • Factor in Q&A time at the end of your presentation window.
    • Articulate what you want them to think and what you want them to take away – put it right up front and remind them at the end.
    • Have an elevator speech handy – one or two sentences and a one-pager version of your story.
    • Consider how you will build your relationship with the members outside the boardroom.

    3.1.3 Build a compelling communication document

    Once you’ve identified your communication goals, data, and plan to present to your stakeholders, it’s important to build the compelling communication document that will attract all audiences.

    A good slide design increases the likelihood that the audience will read the content carefully.

    • Bad slide structure (flow) = Audience loses focus
      • You can have great content on a slide, but if a busy audience gets confused, they’ll just close the file or lose focus. Structure encompasses horizontal and vertical logic.
    • Good visual design = Audience might read more
      • Readers will probably skim the slides first. If the slides look ugly, they will already have a negative impression. If the slides are visually appealing, they will be more inclined to read carefully. They may even use some slides to show others.
    • Good content + Good structure + Visual appeal = Good presentation
      • A presentation is like a house. Good content is the foundation of the house. Good structure keeps the house strong. Visual appeal differentiates houses.

    Slide design best practices

    Leverage these slide design best practices to assist you in developing eye-catching presentations.

    • Easy to read: Assume reader is tight on time. If a slide looks overwhelming, the reader will close the document.
    • Concise and clear: Fewer words = more skim-able.
    • Memorable: Use graphics and visuals or pithy quotes whenever you can do so appropriately.
    • Horizontal logic: Good horizontal logic will have slide titles that cascade into a story with no holes or gaps.
    • Vertical logic: People usually read from left to right, top to bottom, or in a Z pattern. Make sure your slide has an intuitive flow of content.
    • Aesthetics: People like looking at visually appealing slides, but make sure your attempts to create visual appeal do not detract from the content.

    Your presentation must have a logical flow

    Horizontal logic

    Vertical logic
    • Horizontal logic should tell a story.
    • When slide titles are read in a cascading manner, they will tell a logical and smooth story.
    • Title & tagline = thesis (best insight).
    • Vertical logic should be intuitive.
    • Each step must support the title.
    • The content you intend to include within each slide is directly applicable to the slide title.
    • One main point per slide.

    Vertical logic should be intuitive

    The image contains a screenshot example of a bad design layout for a slide. The image contains a screenshot example of a good design layout for a slide.

    The audience is unsure where to look and in what order.

    The audience knows to read the heading first. Then look within the pie chart. Then look within the white boxes to the right.

    Horizontal and vertical logic checklists

    Horizontal logic

    Vertical logic

    • List your slide titles in order and read through them.
    • Good horizontal logic should feel like a story. Incomplete horizontal logic will make you pause or frown.
    • After a self-test, get someone else to do the same exercise with you observing them.
    • Note at which points they pause or frown. Discuss how those points can be improved.
    • Now consider each slide title proposed and the content within it.
    • Identify if there is a disconnect in title vs. content.
    • If there is a disconnect, consider changing the title of the slide to appropriately reflect the content within it, or consider changing the content if the slide title is an intended path in the story.

    Make it easy to read

    The image contains a screenshot that demonstrates an uneasy to read slide. The image contains a screenshot that demonstrates an easy to read slide.
    • Unnecessary coloring makes it hard on the eyes
    • Margins for title at top is too small
    • Content is not skim-able (best to break up the slide)

    Increase skim-ability:

    • Emphasize the subheadings
    • Bold important words

    Make it easier on the eyes:

    • Declutter and add sections
    • Have more white space

    Be concise and clear

    1. Write your thoughts down
      • This gets your content documented.
      • Don’t worry about clarity or concision yet.
    2. Edit for clarity
      • Make sure the key message is very clear.
      • Find your thesis statement.
    3. Edit for concision
      • Remove unnecessary words.
      • Use the active voice, not passive voice (see below for examples).

    Passive voice

    Active voice

    “There are three things to look out for” (8 words)

    “Network security was compromised by hackers” (6 words)

    “Look for these three things” (5 words)

    “Hackers compromised network security” (4 words)

    Be memorable

    The image contains a screenshot of an example that demonstrates a bad example of how to be memorable. The image contains a screenshot of an example that demonstrates a good example of how to be memorable.

    Easy to read, but hard to remember the stats.

    The visuals make it easier to see the size of the problem and make it much more memorable.

    Remember to:

    • Have some kind of visual (e.g. graphs, icons, tables).
    • Divide the content into sections.
    • Have a bit of color on the page.

    Aesthetics

    The image contains a screenshot of an example of bad aesthetics. The image contains a screenshot of an example of good aesthetics.

    This draft slide is just content from the outline document on a slide with no design applied yet.
    • Have some kind of visual (e.g. graphs, icons, tables) as long as it’s appropriate.
    • Divide the content into sections.
    • Have a bit of color on the page.
    • Bold or italicize important text.

    Why use visuals?

    How graphics affect us

    Cognitively

    • Engage our imagination
    • Stimulate the brain
    • Heighten creative thinking
    • Enhance or affect emotions

    Emotionally

    • Enhance comprehension
    • Increase recollection
    • Elevate communication
    • Improve retention

    Visual clues

    • Help decode text
    • Attract attention
    • Increase memory

    Persuasion

    • 43% more effective than text alone
    Source: Management Information Systems Research Center

    Presentation format

    Often stakeholders prefer to receive content in a specific format. Make sure you know what you require so that you are not scrambling at the last minute.

    • Is there a standard presentation template?
    • Is a hard-copy handout required?
    • Is there a deadline for draft submission?
    • Is there a deadline for final submission?
    • Will the presentation be circulated ahead of time?
    • Do you know what technology you will be using?
    • Have you done a dry run in the meeting room?
    • Do you know the meeting organizer?

    Checklist to build compelling visuals in your presentation

    Leverage this checklist to ensure you are creating the perfect visuals and graphs for your presentation.

    Checklist:

    • Do the visuals grab the audience’s attention?
    • Will the visuals mislead the audience/confuse them?
    • Do the visuals facilitate data comparison or highlight trends and differences in a more effective manner than words?
    • Do the visuals present information simply, cleanly, and accurately?
    • Do the visuals display the information/data in a concentrated way?
    • Do the visuals illustrate messages and themes from the accompanying text?

    3.2 Security communication templates

    Once you have identified your communication goals and plans for building your communication document, you can start building your presentation deck.

    These presentation templates highlight different security topics depending on your communication drivers, goals, and available data.

    Info-Tech has created five security templates to assist you in building a compelling presentation.

    These templates provide support for presentations on the following five topics:

    • Security Initiatives
    • Security & Risk Update
    • Security Metrics
    • Security Incident Response & Recovery
    • Security Funding Request

    Each template provides instructions on how to use it and tips on ensuring the right information is being presented.

    All the templates are customizable, which enables you to leverage the sections you need while also editing any sections to your liking.

    		 The image contains screenshots of the Security Presentation Templates.

    Download the Security Presentation Templates

    Security template example

    It’s important to know that not all security presentations for an organization are alike. However, these templates would provide a guideline on what the best practices are when communicating security to executive stakeholders.

    Below is an example of instructions to complete the “Security Risk & Update” template. Please note that the security template will have instructions to complete each of its sections.

    The image contains a screenshot of the Executive Summary slide. The image contains a screenshot of the Security Goals & Objectives slide.

    The first slide following the title slide includes a brief executive summary on what would be discussed in the presentation. This includes the main security threats that would be addressed and the associated risk mitigation strategies.

    This slide depicts a holistic overview of the organization’s security posture in different areas along with the main business goals that security is aligning with. Ensure visualizations you include align with the goals highlighted.

    Security template example (continued)

    The image contains a screenshot example of the Top Threats & Risks. The image contains a screenshot example of the Top Threats & Risks.

    This slide displays any top threats and risks an organization is facing. Each threat consists of 2-3 risks and is prioritized based on the negative impact it could have on the organization (i.e. red bar = high priority; green bar = low priority). Include risks that have been addressed in the past quarter, and showcase any prioritization changes to those risks.

    This slide follows the “Top Threats & Risks” slide and focuses on the risks that had medium or high priority. You will need to work with subject matter experts to identify risk figures (likelihood, financial impact) that will enable you to quantify the risks (Likelihood x Financial Impact). Develop a threshold for each of the three columns to identify which risks require further prioritization, and apply color coding to group the risks.

    Security template example (continued)

    The image contains a screenshot example of the slide, Risk Analysis. The image contains a screenshot example of the slide, Risk Mitigation Strategies & Roadmap.

    This slide showcases further details on the top risks along with their business impact. Be sure to include recommendations for the risks and indicate whether further action is required from the executive stakeholders.

    The last slide of the “Security Risk & Update” template presents a timeline of when the different initiatives to mitigate security risks would begin. It depicts what initiatives will be completed within each fiscal year and the total number of months required. As there could be many factors to a project’s timeline, ensure you communicate to your executive stakeholders any changes to the project.

    Phase 4

    Deliver communication

    Phase 1Phase 2Phase 3Phase 4

    1.1 Identify drivers for communicating to executives

    1.2 Define your goals for communicating to executives

    2.1 Identify data to collect

    2.2 Plan how to retrieve data

    3.1 Plan communication

    3.2 Build a compelling communication document

    4.1 Deliver a captivating presentation

    4.2 Obtain/verify support for security goals

    This phase will walk you through the following activities:

    • Identifying a strategy to deliver compelling presentations
    • Ensuring you follow best practices for communicating and obtaining your security goals

    This phase involves the following participants:

    • Security leader

    4.1 Deliver a captivating presentation

    You’ve gathered all your data, you understand what your audience is expecting, and you are clear on the outcomes you require. Now, it’s time to deliver a presentation that both engages and builds confidence.

    Follow these tips to assist you in developing an engaging presentation:

    • Start strong: Give your audience confidence that this will be a good investment of their time. Establish a clear direction for what’s going to be covered and what the desired outcome is.
    • Use your time wisely: Odds are, your audience is busy, and they have many other things on their minds. Be prepared to cover your content in the time allotted and leave sufficient time for discussion and questions.
    • Be flexible while presenting: Do not expect that your presentation will follow the path you have laid out. Anticipate jumping around and spending more or less time than you had planned on a given slide.

    Keep your audience engaged with these steps

    • Be ready with supporting data. Don’t make the mistake of not knowing your content intimately. Be prepared to answer questions on any part of it. Senior executives are experts at finding holes in your data.
    • Know your audience. Who are you presenting to? What are their specific expectations? Are there sensitive topics to be avoided? You can’t be too prepared when it comes to understanding your audience.
    • Keep it simple. Don’t assume that your audience wants to learn the details of your content. Most just want to understand the bottom line, the impact on them, and how they can help. More is not always better.
    • Focus on solving issues. Your audience members have many of their own problems and issues to worry about. If you show them how you can help make their lives easier, you’ll win them over.

    Info-Tech Insight
    Establishing credibility and trust with executive stakeholders is important to obtaining their support for security objectives.

    Be honest and straightforward with your communication

    • Be prepared. Being properly prepared means not only that your update will deliver the value that you expect, but also that you will have confidence and the flexibility you require when you’re taken off track.
    • Don’t sugarcoat it. These are smart, driven people that you are presenting to. It is neither beneficial nor wise to try to fool them. Be open and transparent about problems and issues. Ask for help.
    • No surprises. An executive stakeholder presentation is not the time or the place for a surprise. Issues seen as unexpected or contentious should always be dealt with prior to the meeting with those most impacted.

    Hone presentation skills before meeting with the executive stakeholders

    Know your environment

    Be professional but not boring

    Connect with your audience
    • Your organization has standards for how people are expected to dress at work. Make sure that your attire meets this standard – don’t be underdressed.
    • Think about your audience – would they appreciate you starting with a joke, or do they want you to get to the point as quickly as possible?
    • State the main points of your presentation confidently. While this should be obvious, it is essential. Your audience should be able to clearly see that you believe the points you are stating.
    • Present with lots of energy, smile, and use hand gestures to support your speech.
    • Look each member of the audience in the eye at least once during your presentation. Avoid looking at the ceiling, the back wall, or the floor. Your audience should feel engaged – this is essential to keeping their attention on you.
    • Never read from your slides. If there is text on a slide, paraphrase it while maintaining eye contact.

    Checklist for presentation logistics

    Optimize the timing of your presentation:

    • Less is more: Long presentations are detrimental to your cause – they lead to your main points being diluted. Keep your presentation short and concise.
    • Keep information relevant: Only present information that is important to your audience. This includes the information that they are expecting to see and information that connects to the business.
    • Expect delays: Your audience will likely have questions. While it is important to answer each question fully, it will take away from the precious time given to you for your presentation. Expect that you will not get through all the information you have to present.

    Script your presentation:

    • Use a script to stay on track: Script your presentation before the meeting. A script will help you present your information in a concise and structured manner.
    • Develop a second script: Create a script that is about half the length of the first script but still contains the most important points. This will help you prepare for any delays that may arise during the presentation.
    • Prepare for questions: Consider questions that may be asked and script clear and concise answers to each.
    • Practice, practice, practice: Practice your presentation until you no longer need the script in front of you.

    Checklist for presentation logistics (continued)

    Other considerations:

    • After the introduction of your presentation, clearly state the objective – don’t keep people guessing and consequently lose focus on your message.
    • After the presentation is over, document important information that came up. Write it down or you may forget it soon after.
    • Rather than create a long presentation deck full of detailed slides that you plan to skip over during the presentation, create a second, compact deck that contains only the slides you plan to present. Send out the longer deck after the presentation.

    Checklist for delivering a captivating presentation

    Leverage this checklist to ensure you are prepared to develop and deliver an engaging presentation.

    Checklist:

    • Start with a story or something memorable to break the ice.
    • Go in with the end state in mind (focus on the outcome/end goal and work back from there) – What’s your call to action?
    • Content must compliment your end goal, filter out any content that doesn’t compliment the end goal.
    • Be prepared to have less time to speak. Be prepared with shorter versions of your presentation.
    • Include an appendix with supporting data, but don’t be data heavy in your presentation. Integrate the data into a story. The story should be your focus.

    Checklist for delivering a captivating presentation (continued)

    • Be deliberate in what you want to show your audience.
    • Ensure you have clean slides so the audience can focus on what you’re saying.
    • Practice delivering your content multiple times alone and in front of team members or your Info-Tech counselor, who can provide feedback.
    • How will you handle being derailed? Be prepared with a way to get back on track if you are derailed.
    • Ask for feedback.
    • Record yourself presenting.

    4.2 Obtain and verify support on security goals

    Once you’ve delivered your captivating presentation, it’s imperative to communicate with your executive stakeholders.

    • This is your opportunity to open the floor for questions and clarify any information that was conveyed to your audience.
    • Leverage your appendix and other supporting documents to justify your goals.
    • Different approaches to obtaining and verifying your goals could include:
      • Acknowledgment from the audience that information communicated aligns with the business’s goals.
      • Approval of funding requests for security initiatives.
      • Written and verbal support for implementation of security initiatives.
      • Identifying next steps for information to communicate at the next executive stakeholder meeting.

    Info-Tech Insight
    Verifying your objectives at the end of the presentation is important, as it ensures you have successfully communicated to executive stakeholders.

    Checklist for obtaining and verify support on security goals

    Follow this checklist to assist you in obtaining and verifying your communication goals.

    Checklist:

    • Be clear about follow-up and next steps if applicable.
    • Present before you present: Meet with your executive stakeholders before the meeting to review and discuss your presentation and other supporting material and ensure you have executive/CEO buy-in.
    • “Be humble, but don’t crumble” – demonstrate to the executive stakeholders that you are an expert while admitting you don’t know everything. However, don’t be afraid to provide your POV and defend it if need be. Strike the right balance to ensure the board has confidence in you while building a strong relationship.
    • Prioritize a discussion over a formal presentation. Create an environment where they feel like they are part of the solution.

    Summary of Accomplishment

    Problem Solved

    A better understanding of security communication drivers and goals

    • Understanding the difference between communication drivers and goals
    • Identifying your drivers and goals for security presentation

    A developed a plan for how and where to retrieve data for communication

    • Insights on what type of data can be leveraged to support your communication goals
    • Understanding who you can collaborate with and potential data sources to retrieve data from

    A solidified communication plan with security templates to assist in better presenting to your audience

    • A guideline on how to prepare security presentations to executive stakeholders
    • A list of security templates that can be customized and used for various security presentations

    A defined guideline on how to deliver a captivating presentation to achieve your desired objectives

    • Clear message on best practices for delivering security presentations to executive stakeholders
    • Understanding how to verify your communication goals have been obtained

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com

    1-888-670-8889

    Related Info-Tech Research

    Build an Information Security Strategy
    This blueprint will walk you through the steps of tailoring best practices to effectively manage information security.

    Build a Security Metrics Program to Drive Maturity
    This blueprint will assist you in identifying security metrics that can tie to your organizational goals and build those metrics to achieve your desired maturity level.

    Bibliography

    Bhadauriya, Amit S. “Communicating Cybersecurity Effectively to the Board.” Metricstream. Web.
    Booth, Steven, et al. “The Biggest Mistakes Made When Presenting Cyber Security to Senior Leadership or the Board, and How to Fix Them.” Mandiant, May 2019. Web.
    Bradford, Nate. “6 Slides Every CISO Should Use in Their Board Presentation.” Security Boulevard, 9 July 2020. Web.
    Buckalew, Lauren, et al. “Get the Board on Board: Leading Cybersecurity from the Top Down.” Newsroom, 2 Dec. 2019. Web.
    Burg, Dave, et al. “Cybersecurity: How Do You Rise above the Waves of a Perfect Storm?” EY US - Home, EY, 22 July 2021. Web.
    Carnegie Endowment for International Peace. Web.
    “Chief Information Security Officer Salary.” Salary.com, 2022. Web.
    “CISO's Guide to Reporting to the Board - Apex Assembly.” CISO's Guide To Reporting to the Board. Web.
    “Cyber Security Oversight in the Boardroom” KPMG, Jan. 2016. Web.
    “Cybersecurity CEO: My 3 Tips for Presenting in the Boardroom.” Cybercrime Magazine, 31 Mar. 2020. Web.
    Dacri , Bryana. Do's & Don'ts for Security Professionals Presenting to Executives. Feb. 2018. Web.
    Froehlich, Andrew. “7 Cybersecurity Metrics for the Board and How to Present Them: TechTarget.” Security, TechTarget, 19 Aug. 2022. Web.
    “Global Board Risk Survey.” EY. Web.
    “Guidance for CISOs Presenting to the C-Suite.” IANS, June 2021. Web.
    “How to Communicate Cybersecurity to the Board of Directors.” Cybersecurity Conferences & News, Seguro Group, 12 Mar. 2020. Web.
    Ide, R. William, and Amanda Leech. “A Cybersecurity Guide for Directors” Dentons. Web.
    Lindberg, Randy. “3 Tips for Communicating Cybersecurity to the Board.” Cybersecurity Software, Rivial Data Security, 8 Mar. 2022. Web.
    McLeod, Scott, et al. “How to Present Cybersecurity to Your Board of Directors.” Cybersecurity & Compliance Simplified, Apptega Inc, 9 Aug. 2021. Web.
    Mickle, Jirah. “A Recipe for Success: CISOs Share Top Tips for Successful Board Presentations.” Tenable®, 28 Nov. 2022. Web.
    Middlesworth, Jeff. “Top-down: Mitigating Cybersecurity Risks Starts with the Board.” Spiceworks, 13 Sept. 2022. Web.
    Mishra, Ruchika. “4 Things Every CISO Must Include in Their Board Presentation.” Security Boulevard, 17 Nov. 2020. Web.
    O’Donnell-Welch, Lindsey. “CISOs, Board Members and the Search for Cybersecurity Common Ground.” Decipher, 20 Oct. 2022. Web.

    Bibliography

    “Overseeing Cyber Risk: The Board's Role.” PwC, Jan. 2022. Web.
    Pearlson, Keri, and Nelson Novaes Neto. “7 Pressing Cybersecurity Questions Boards Need to Ask.” Harvard Business Review, 7 Mar. 2022. Web.
    “Reporting Cybersecurity Risk to the Board of Directors.” Web.
    “Reporting Cybersecurity to Your Board - Steps to Prepare.” Pondurance ,12 July 2022. Web.
    Staynings, Richard. “Presenting Cybersecurity to the Board.” Resource Library. Web.
    “The Future of Cyber Survey.” Deloitte, 29 Aug. 2022. Web.
    “Top Cybersecurity Metrics to Share with Your Board.” Packetlabs, 10 May 2022. Web.
    Unni, Ajay. “Reporting Cyber Security to the Board? How to Get It Right.” Cybersecurity Services Company in Australia & NZ, 10 Nov. 2022. Web.
    Vogel, Douglas, et al. “Persuasion and the Role of Visual Presentation Support.” Management Information Systems Research Center, 1986.
    “Welcome to the Cyber Security Toolkit for Boards.” NCSC. Web.

    Research Contributors

    • Fred Donatucci, New-Indy Containerboard, VP, Information Technology
    • Christian Rasmussen, St John Ambulance, Chief Information Officer
    • Stephen Rondeau, ZimVie, SVP, Chief Information Officer

    Measure and Manage Customer Satisfaction Metrics That Matter the Most

    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • Lack of understanding of what is truly driving customer satisfaction or dissatisfaction.
    • Lack of insight into who our satisfied and dissatisfied customers are.
    • Lack of a system for early detection of declines in satisfaction.
    • Lack of clarity on what to improve and how resources should be allocated.

    Our Advice

    Critical Insight

    • All software companies measure satisfaction in some way, but many lack understanding of what’s truly driving customers to stay or leave. By understanding the true drivers of satisfaction, solution providers can measure and monitor satisfaction more effectively, pull actionable insights and feedback, and make changes to products and services that customers really care about and will keep them coming back to you to have their needs met.
    • Obstacles:
      • Use of metrics that don’t provide the insight needed to make impactful changes that will boost satisfaction and ultimately, retention and profit.
      • Lack of a clear definition of what satisfaction means to customers, metric definitions and/or standard methods of measurement, and a consistent monitoring cadence.

    Impact and Result

    • Understanding of who your satisfied and dissatisfied customers are.
    • Understanding of the true drivers of satisfaction and dissatisfaction among your customer segments.
    • Establishment of a repeatable process and cadence for effective satisfaction measurement and monitoring.
    • Development of an executable customer satisfaction improvement plan that identifies customer journey pain points and areas of dissatisfaction, and outlines how to improve them.
    • Knowledge of where money, time, and other resources are needed most to improve satisfaction levels and ultimately increase retention.

    Measure and Manage Customer Satisfaction Metrics That Matter the Most Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Measure and Manage the Customer Satisfaction Metrics that Matter the Most Deck – An overview of how to understand what drives customer satisfaction and how to measure and manage it for improved business outcomes.

    Understand the true drivers of customer satisfaction and build a process for managing and improving customer satisfaction.

    [infographic]

    Further reading

    Measure and Manage the Customer Satisfaction Metrics that Matter the Most

    Understand what truly keeps your customer satisfied. Start to measure what matters to improve customer experience and increase satisfaction and advocacy. 

    EXECUTIVE BRIEF

    Analyst perspective

    Understanding and measuring the true drivers of satisfaction enable the delivery of real customer value

    The image contains a picture of Emily Wright.

    “Healthy customer relationships are the paramount to long-term growth. When customers are satisfied, they remain loyal, spend more, and promote your company to others in their network. The key to high satisfaction is understanding and measuring the true drivers of satisfaction to enable the delivery of real customer value.

    Most companies believe they know who their satisfied customers are and what keeps them satisfied, and 76% of B2B buyers expect that providers understand their unique needs (Salesforce Research, 2020). However, on average B2B companies have customer experience scores of less than 50% (McKinsey, 2016). This disconnect between customer expectations and provider experience indicates that businesses are not effectively measuring and monitoring satisfaction and therefore are not making meaningful enhancements to their service, offerings, and overall experience.

    By focusing on the underlying drivers of customer satisfaction, organizations develop a truly accurate picture of what is driving deep satisfaction and loyalty, ensuring that their company will achieve sustainable growth and stay competitive in a highly competitive market.”

    Emily Wright

    Senior Research Analyst, Advisory

    SoftwareReviews

    Executive summary

    Your Challenge

    Common Obstacles

    SoftwareReviews’ Approach

    Getting a truly accurate picture of satisfaction levels among customers, and where to focus efforts to improve satisfaction, is challenging. Providers often find themselves reacting to customer challenges and being blindsided when customers leave. More effective customer satisfaction measurement is possible when providers self-assess for the following challenges:

    • Lack of understanding of what is truly driving customer satisfaction or dissatisfaction.
    • Lack of insight into who our satisfied and dissatisfied customers are.
    • Lack of a system for early detection of declines in satisfaction.
    • Lack of clarity of what needs to be improved and how resources should be allocated.
    • Lack of reliable internal data for effective customer satisfaction monitoring.

    What separates customer success leaders from developing a full view of their customers are several nagging obstacles:

    • Use of metrics that don’t provide the insight needed to make impactful changes that will boost satisfaction and ultimately, retention and profit.
    • Friction from customers participating in customer satisfaction studies.
    • Lack of data, or integrated databases from which to track, pull, and analyze customer satisfaction data.
    • Lack a clear definition of what satisfaction means to customers, metric definitions, and/or standard methods of measurement and a consistent monitoring cadence.
    • Lack of time, resources, or technology to uncover and effectively measure and monitor satisfaction drivers.

    Through the SoftwareReviews’ approach, customer success leaders will:

    • Understand who your satisfied and dissatisfied customers are.
    • Understand the true drivers of satisfaction and dissatisfaction among your customer segments.
    • Establish a repeatable process and cadence for effective satisfaction measurement and monitoring.
    • Develop an executable customer satisfaction improvement plan that identifies customer journey pain points and areas of dissatisfaction, and outlines how to improve them.
    • Know where money, time, and resources are needed most to improve satisfaction levels and ultimately retention.

    Overarching SoftwareReviews Advisory Insight:

    All companies measure satisfaction in some way, but many lack understanding of what’s truly driving customers to stay or leave. By understanding the true drivers of satisfaction, solution providers can measure and monitor satisfaction more effectively, pull actionable insights and feedback, and make changes to products and services that customers really care about. This will keep them coming back to you to have their needs met.

    Healthy Customer Relationships are vital for long-term success and growth

    Measuring customer satisfaction is critical to understanding the overall health of your customer relationships and driving growth.

    Through effective customer satisfaction measurement, organizations can:

    Improve Customer Experience

    Increase Retention and CLV

    Increase Profitability

    Reduce Costs
    • Provide insight into where and how to improve.
    • Enhance experience, increase loyalty.
    • By providing strong CX, organizations can increase revenue by 10-15% (McKinsey, 2014).
    • Far easier to retain existing customers than to acquire new ones.
    • Ensuring high satisfaction among customers increases Customer Lifetime Value (CLV) through longer tenure and higher spending.
    • NPS Promoter score has a customer lifetime value that's 600%-1,400% higher than a Detractor (Bain & Company, 2015).
    • Highly satisfied customers spend more through expansions and add-ons, as well as through their long tenure with your company.
    • They also spread positive word of mouth, which brings in new customers.
    • “Studies demonstrate a strong correlation between customer satisfaction and increased profits — with companies with high customer satisfaction reporting 5.7 times more revenue than competitors.” (Matthew Loper, CEO and Co-Founder of WELLTH, 2022)
    • Measuring, monitoring, and maintaining high satisfaction levels reduces costs across the board.
    • “Providing a high-quality customer experience can save up to 33% of customer service costs” (Deloitte, 2018).
    • Satisfied customers are more likely to spread positive word of mouth which reduces acquisition / marketing costs for your company.

    “Measuring customer satisfaction is vital for growth in any organization; it provides insights into what works and offers opportunities for optimization. Customer satisfaction is essential for improving loyalty rate, reducing costs and retaining your customers.”

    -Ken Brisco, NICE, 2019

    Poor customer satisfaction measurement is costly

    Virtually all companies measure customer satisfaction, but few truly do it well. All too often, customer satisfaction measurement consists of a set of vanity metrics that do not result in actionable insight for product/service improvement. Improper measurement can result in numerous consequences:

    Direct and Indirect Costs

    Being unaware of true drivers of satisfaction that are never remedied costs your business directly through customer churn, service costs, etc.

    Tarnished Brand

    Tarnished brand through not resolving issues drives dissatisfaction; dissatisfied customers share their negative experiences, which can damage brand image and reputation.

    Waste Limited Resources

    Putting limited resources towards vanity programs and/or fixes that have little to no bearing on core satisfaction drivers wastes time and money.

    “When customer dissatisfaction goes unnoticed, it can slowly kill a company. Because of the intangible nature of customer dissatisfaction, managers regularly underestimate the magnitude of customer dissatisfaction and its impact on the bottom line.”

    - Lakshmiu Tatikonda, “The Hidden Costs of Customer Dissatisfaction”, 2013

    SoftwareReviews Advisory Insight:

    Most companies struggle to understand what’s truly driving customers to stay or leave. By understanding the true satisfaction drivers, tech providers can measure and monitor satisfaction more effectively, avoiding the numerous harmful consequences that result from average customer satisfaction measurement.

    Does your customer satisfaction measurement process need improvement?

    Getting an accurate picture of customer satisfaction is no easy task. Struggling with any of the following means you are ready for a detailed review of your customer satisfaction measurement efforts:

    • Not knowing who your most satisfied customers are.
    • Lacking early detection for declining satisfaction – either reactive, or unaware of dissatisfaction as it’s occurring.
    • Lacking a process for monitoring changes in satisfaction and lack ability to be proactive; you feel blindsided when customers leave.
    • Inability to fix the problem and wasting money on the wrong areas, like vanity metrics that don’t bring value to customers.
    • Spending money and other resources towards fixes based on a gut feeling, without quantifying the real root cause drivers and investing in their improvement.
    • Having metrics and data but lacking context; don’t know what contributed to the metrics/results, why people are dissatisfied or what contributes to satisfaction.
    • Lacking clear definition of what satisfaction means to customers / customer segments.
    • Difficulty tying satisfaction back to financial results.

    Customers are more satisfied with software vendors who understand the difference between surface level and short-term satisfaction, and deep or long-term satisfaction

    Surface-level satisfaction

    Surface-level satisfaction has immediate effects, but they are usually short-term or limited to certain groups of users. There are several factors that contribute to satisfaction including:

    • Novelty of new software
    • Ease of implementation
    • Financial savings
    • Breadth of features

    Software Leaders Drive Deep Satisfaction

    Deep satisfaction has long-term and meaningful impacts on the way that organizations work. Deep satisfaction has staying power and increases or maintains satisfaction over time, by reducing complexity and delivering exceptional quality for end-users and IT alike. This report found that the following capabilities provided the deepest levels of satisfaction:

    • Usability and intuitiveness
    • Quality of features
    • Ease of customization
    • Vendor-specific capabilities

    The above solve issues that are part of everyday problems, and each drives satisfaction in deep and meaningful ways. While surface-level satisfaction is important, deep and impactful capabilities can sustain satisfaction for a longer time.

    Deep Customer Satisfaction Among Software Buyers Correlates Highly to “Emotional Attributes”

    Vendor Capabilities and Product Features remain significant but are not the primary drivers

    The image contains a graph to demonstrate a correlation to Satisfaction, all Software Categories.
    Source: SoftwareReviews buyer reviews (based on 82,560 unique reviews).

    Driving deep satisfaction among software customers vs. surface-level measures is key

    Vendor capabilities and product features correlate significantly to buyer satisfaction

    Yet, it’s the emotional attributes – what we call the “Emotional Footprint”, that correlate more strongly

    Business-Value Created and Emotional Attributes are what drives software customer satisfaction the most

    The image contains a screenshot of a graph to demonstrate Software Buyer Satisfaction Drivers and Emotional Attributes are what drives software customer satisfaction.

    Software companies looking to improve customer satisfaction will focus on business value created and the Emotional Footprint attributes outlined here.

    The essential ingredient is understanding how each is defined by your customers.

    Leaders focus on driving improvements as described by customers.

    SoftwareReviews Insight:

    These true drivers of satisfaction should be considered in your customer satisfaction measurement and monitoring efforts. The experience customers have with your product and brand is what will differentiate your brand from competitors, and ultimately, power business growth. Talk to a SoftwareReviews Advisor to learn how users rate your product on these satisfaction drivers in the SoftwareReviews Emotional Footprint Report.

    Benefits of Effective Customer Satisfaction Measurement

    Our research provides Customer Success leaders with the following key benefits:

    • Ability to know who is satisfied, dissatisfied, and why.
    • Confidence in how to understand or uncover the factors behind customer satisfaction; understand and identify factors driving satisfaction, dissatisfaction.
    • Ability to develop a clear plan for improving customer satisfaction.
    • Knowledge of how to establish a repeatable process for customer satisfaction measurement and monitoring that allows for proactivity when declines in satisfaction are detected.
    • Understanding of what metrics to use, how to measure them, and where to find the right information/data.
    • Knowledge of where money, time, and other resources are needed most to drive tangible customer value.

    “81% of organizations cite CX as a competitive differentiator. The top factor driving digital transformation is improving CX […] with companies reporting benefits associated with improving CX including:

    • Increased customer loyalty (92%)
    • An uplift in revenue (84%)
    • Cost savings (79%).”

    – Dan Cote, “Advocacy Blooms and Business Booms When Customers and Employees Engage”, Influitive, 2021

    The image contains a screenshot of a thought model that focuses on Measure & Manage the Customer Satisfaction Metrics That Matter the Most.

    Who benefits from improving the measurement and monitoring of customer satisfaction?

    This Research Is Designed for:

    • Customer Success leaders and marketers who are:
      • Responsible for understanding how to benchmark, measure, and understand customer satisfaction to improve satisfaction, NPS, and ROI.
      • Looking to take a more proactive and structured approach to customer satisfaction measurement and monitoring.
      • Looking for a more effective and accurate way to measure and understand how to improve customer satisfaction around products and services.

    This Research Will Help You:

    • Understand the factors driving satisfaction and dissatisfaction.
    • Know which customers are satisfied/dissatisfied.
    • Know where time, money, and resources are needed the most in order to improve or maintain satisfaction levels.
    • Develop a formal plan to improve customer satisfaction.
    • Establish a repeatable process for customer satisfaction measurement and monitoring that allows for proactivity when declines in satisfaction are detected.

    This Research Will Also Assist:

    • Customer Success Leaders, Marketing and Sales Directors and Managers, Product Marketing Managers, and Advocacy Managers/Coordinators who are responsible for:
      • Product improvements and enhancements
      • Customer service and onboarding
      • Customer advocacy programs
      • Referral/VoC programs

    This Research Will Help Them:

    • Coordinate and align on customer experience efforts and actions.
    • Gather and make use of customer feedback to improve products, solutions, and services provided.
    • Provide an amazing customer experience throughout the entirety of the customer journey.

    SoftwareReviews’ methodology for measuring the customer satisfaction metrics that matter the most

    1. Identify true customer satisfaction drivers

    2. Develop metrics dashboard

    3. Develop customer satisfaction measurement and management plan

    Phase Steps
    1. Identify data sources, documenting any gaps in data
    2. Analyze all relevant data on customer experiences and outcomes
    3. Document top satisfaction drivers
    1. Identify business goals, problems to be solved / define business challenges and marketing/customer success goals
    2. Use SR diagnostic to assess current state of satisfaction measurement, assessing metric alignment to satisfaction drivers
    3. Define your metrics dashboard
    4. Develop common metric definitions, language for discussing, and standards for measuring customer satisfaction
    1. Determine committee structure to measure performance metrics over time
    2. Map out gaps in satisfaction along customer journey/common points in journey where customers are least dissatisfied
    3. Build plan that identifies weak areas and shows how to fix using SR’s emotional footprint, other measures
    4. Create plan and roadmap for CSat improvement
    5. Create communication deck

    Phase Outcomes
    1. Documented satisfaction drivers
    2. Documented data sources and gaps in data
    1. Current state customer satisfaction measurement analysis
    2. Common metric definitions and measurement standards
    3. Metrics dashboard
    1. Customer satisfaction measurement plan
    2. Customer satisfaction improvement plan
    3. Customer journey maps
    4. Customer satisfaction improvement communication deck
    5. Customer Satisfaction Committee created

    Insight summary

    Understanding and measuring the true drivers of satisfaction enable the delivery of real customer value

    All software companies measure satisfaction in some way, but many lack understanding of what’s truly driving customers to stay or leave. By understanding the true drivers of satisfaction, solution providers can measure and monitor satisfaction more effectively, pull actionable insights and feedback, and make changes to products and services that customers really care about and which will keep them coming back to you to have their needs met.

    Positive experiences drive satisfaction more so than features and cost

    According to our analysis of software buyer reviews data*, the biggest drivers of satisfaction and likeliness to recommend are the positive experiences customers have with vendors and their products. Customers want to feel that:

    1. Their productivity and performance is enhanced, and the vendor is helping them innovate and grow as a company.
    2. Their vendor inspires them and helps them to continually improve.
    3. They can rely on the vendor and the product they purchased.
    4. They are respected by the vendor.
    5. They can trust that the vendor will be on their side and save them time.
    *8 million data points across all software categories

    Measure Key Relationship KPIs to gauge satisfaction

    Key metrics to track include the Business Value Created score, Net Emotional Footprint, and the Love/Hate score (the strength of emotional connection).

    Orient the organization around customer experience excellence

    1. Arrange staff incentives around customer value instead of metrics that are unrelated to satisfaction.
    2. Embed customer experience as a core company value and integrate it into all functions.
    3. Make working with your organization easy and seamless for customers.

    Have a designated committee for customer satisfaction measurement

    Best in class organizations create customer satisfaction committees that meet regularly to measure and monitor customer satisfaction, resolve issues quickly, and work towards improved customer experience and profit outcomes.

    Use metrics that align to top satisfaction drivers

    This will give you a more accurate and fulsome view of customer satisfaction than standard satisfaction metrics alone will.

    Guided Implementation

    What is our GI on measuring and managing the customer satisfaction metrics that matter most?

    Identify True Customer Satisfaction Drivers

    		 Develop Metrics Dashboard Develop Customer Satisfaction Measurement and Management Plan

    Call #1: Discuss current pain points and barriers to successful customer satisfaction measurement, monitoring and maintenance. Plan next call – 1 week.

    Call #2: Discuss all available data, noting any gaps. Develop plan to fill gaps, discuss feasibility and timelines. Plan next call – 1 week.

    Call #3: Walk through SoftwareReviews reports to understand EF and satisfaction drivers. Plan next call – 3 days.

    Call #4: Segment customers and document key satisfaction drivers. Plan next call – 2 week.

    Call #5: Document business goals and align them to metrics. Plan next call – 1 week.

    Call #6: Complete the SoftwareReviews satisfaction measurement diagnostic. Plan next call – 3 days.

    Call #7: Score list of metrics that align to satisfaction drivers. Plan next call – 2 days.

    Call #8: Develop metrics dashboard and definitions. Plan next call – 2 weeks.

    Call #9: Finalize metrics dashboard and definitions. Plan next call – 1 week.

    Call #10: Discuss committee and determine governance. Plan next call – 2 weeks.

    Call #11: Map out gaps in satisfaction along customer journey as they relate to top satisfaction drivers. Plan next call –2 weeks.

    Call #12: Develop plan and roadmap for satisfaction improvement. Plan next call – 1 week.

    Call #13: Finalize plan and roadmap. Plan next call – 1 week.

    Call # 14: Review and coach on communication deck.

    A Guided Implementation (GI) is series of calls with a SoftwareReviews Advisory analyst to help implement our best practices in your organization.

    For guidance on marketing applications, we can arrange a discussion with an Info-Tech analyst.

    Your engagement managers will work with you to schedule analyst calls.

    Software Reviews offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting
    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.” “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.” “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.” “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
    Included within Advisory Membership Optional add-ons

    Bibliography

    “Are you experienced?” Bain & Company, Apr. 2015. Accessed 6 June. 2022.

    Brisco, Ken. “Measuring Customer Satisfaction and Why It’s So Important.” NICE, Feb. 2019. Accessed 6 June. 2022.

    CMO.com Team. “The Customer Experience Management Mandate.” Adobe Experience Cloud Blog, July 2019. Accessed 14 June. 2022.

    Cote, Dan. “Advocacy Blooms and Business Booms When Customers and Employees Engage.” Influitive, Dec. 2021. Accessed 15 June. 2022.

    Fanderl, Harald and Perrey, Jesko. “Best of both worlds: Customer experience for more revenues and lower costs.” McKinsey & Company, Apr. 2014. Accessed 15 June. 2022.

    Gallemard, Jeremy. “Why – And How – Should Customer Satisfaction Be Measured?” Smart Tribune, Feb. 2020. Accessed 6 June. 2022.

    Kumar, Swagata. “Customer Success Statistics in 2021.” Customer Success Box, 2021. Accessed 17 June. 2022.

    Lakshmiu Tatikonda, “The Hidden Costs of Customer Dissatisfaction”, Management Accounting Quarterly, vol. 14, no. 3, 2013, pp 38. Accessed 17 June. 2022.

    Loper, Matthew. “Why ‘Customer Satisfaction’ Misses the Mark – And What to Measure Instead.” Newsweek, Jan. 2022. Accessed 16 June. 2022.

    Maechler, Nicolas, et al. “Improving the business-to-business customer experience.” McKinsey & Company, Mar. 2016. Accessed 16 June.

    “New Research from Dimension Data Reveals Uncomfortable CX Truths.” CISION PR Newswire, Apr. 2017. Accessed 7 June. 2022.

    Sheth, Rohan. 75 Must-Know Customer Experience Statistics to move Your Business Forward in 2022.” SmartKarrot, Feb. 2022. Accessed 17 June. 2022.

    Smith, Mercer. “111 Customer Service Statistics and Facts You Shouldn’t Ignore.” HelpScout, May 2022. Accessed 17 June. 2022.

    “State of the Connected Customer.” Salesforce, 2020. Accessed 14 June. 2022

    “The true value of customer experiences.” Deloitte, 2018. Accessed 15 June. 2022.

    Streamline Application Maintenance

    • Buy Link or Shortcode: {j2store}402|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: 20 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Maintenance
    • Parent Category Link: /maintenance
    • Application maintenance teams are accountable for the various requests and incidents coming from a variety business and technical sources. The sheer volume and variety of requests create unmanageable backlogs.
    • The increasing complexity and reliance on technology within the business has set unrealistic expectations on maintenance teams. Stakeholders expect teams to accommodate maintenance without impact on project schedules.

    Our Advice

    Critical Insight

    • Improving maintenance’s focus and attention may mean doing less but more valuable work. Teams need to be realistic about what can be committed and be prepared to justify why certain requests have to be pushed down the backlog (e.g. lack of business value, high risks).
    • Maintenance must be treated like any other development activity. The same intake and prioritization practices and quality standards must be upheld, and best practices followed.

    Impact and Result

    • Justify the necessity of streamlined maintenance. Gain a grounded understanding of stakeholder objectives and concerns, and validate their achievability against the current state of the people, process, and technologies involved in application maintenance.
    • Strengthen triaging and prioritization practices. Obtain a holistic picture of the business and technical impacts, risks, and urgencies of each accepted maintenance requests in order to justify its prioritization and relevance within your backlog. Identify opportunities to bundle requests together or integrate them within project commitments to ensure completion.
    • Establish and govern a repeatable process. Develop a maintenance process with well-defined stage gates, quality controls, and roles and responsibilities, and instill development best practices to improve the success of delivery.

    Streamline Application Maintenance Research & Tools

    Start here – read the Executive Brief

    Read our Executive Brief to understand the common struggles found in application maintenance, their root causes, and the Info-Tech methodology to overcoming these hurdles.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand your maintenance priorities

    Understand the stakeholder priorities driving changes in your application maintenance practice.

    • Streamline Application Maintenance – Phase 1: Assess the Current Maintenance Landscape
    • Application Maintenance Operating Model Template
    • Application Maintenance Resource Capacity Assessment
    • Application Maintenance Maturity Assessment

    2. Instill maintenance governance

    Identify the appropriate level of governance and enforcement to ensure accountability and quality standards are upheld across maintenance practices.

    • Streamline Application Maintenance – Phase 2: Develop a Maintenance Release Schedule

    3. Enhance triaging and prioritization practices

    Build a maintenance triage and prioritization scheme that accommodates business and IT risks and urgencies.

    • Streamline Application Maintenance – Phase 3: Optimize Maintenance Capabilities

    4. Streamline maintenance delivery

    Define and enforce quality standards in maintenance activities and build a high degree of transparency to readily address delivery challenges.

    • Streamline Application Maintenance – Phase 4: Streamline Maintenance Delivery
    • Application Maintenance Business Case Presentation Document
    [infographic]

    Workshop: Streamline Application Maintenance

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand Your Maintenance Priorities

    The Purpose

    Understand the business and IT stakeholder priorities driving the success of your application maintenance practice.

    Understand any current issues that are affecting your maintenance practice.

    Key Benefits Achieved

    Awareness of business and IT priorities.

    An understanding of the maturity of your maintenance practices and identification of issues to alleviate.

    Activities

    1.1 Define priorities for enhanced maintenance practices.

    1.2 Conduct a current state assessment of your application maintenance practices.

    Outputs

    List of business and technical priorities

    List of the root-cause issues, constraints, and opportunities of current maintenance practice

    2 Instill Maintenance Governance

    The Purpose

    Define the processes, roles, and points of communication across all maintenance activities.

    Key Benefits Achieved

    An in-depth understanding of all maintenance activities and what they require to function effectively.

    Activities

    2.1 Modify your maintenance process.

    2.2 Define your maintenance roles and responsibilities.

    Outputs

    Application maintenance process flow

    List of metrics to gauge success

    Maintenance roles and responsibilities

    Maintenance communication flow

    3 Enhance Triaging and Prioritization Practices

    The Purpose

    Understand in greater detail the process and people involved in receiving and triaging a request.

    Define your criteria for value, impact, and urgency, and understand how these fit into a prioritization scheme.

    Understand backlog management and release planning tactics to accommodate maintenance.

    Key Benefits Achieved

    An understanding of the stakeholders needed to assess and approve requests.

    The criteria used to build a tailored prioritization scheme.

    Tactics for efficient use of resources and ideal timing of the delivery of changes.

    A process that ensures maintenance teams are always working on tasks that are valuable to the business.

    Activities

    3.1 Review your maintenance intake process.

    3.2 Define a request prioritization scheme.

    3.3 Create a set of practices to manage your backlog and release plans.

    Outputs

    Understanding of the maintenance request intake process

    Approach to assess the impact, urgency, and severity of requests for prioritization

    List of backlog management grooming and release planning practices

    4 Streamline Maintenance Delivery

    The Purpose

    Understand how to apply development best practices and quality standards to application maintenance.

    Learn the methods for monitoring and visualizing maintenance work.

    Key Benefits Achieved

    An understanding of quality standards and the scenarios for where they apply.

    The tactics to monitor and visualize maintenance work.

    Streamlined maintenance delivery process with best practices.

    Activities

    4.1 Define approach to monitor maintenance work.

    4.2 Define application quality attributes.

    4.3 Discuss best practices to enhance maintenance development and deployment.

    Outputs

    Taskboard structure and rules

    Definition of application quality attributes with user scenarios

    List of best practices to streamline maintenance development and deployment

    5 Finalize Your Maintenance Practice

    The Purpose

    Create a target state built from appropriate metrics and attainable goals.

    Consider the required items and steps for the implementation of your optimization initiatives.

    Key Benefits Achieved

    A realistic target state for your optimized application maintenance practice.

    A well-defined and structured roadmap for the implementation of your optimization initiatives.

    Activities

    5.1 Refine your target state maintenance practices.

    5.2 Develop a roadmap to achieve your target state.

    Outputs

    Finalized application maintenance process document

    Roadmap of initiatives to achieve your target state

    Train Managers to Strengthen Employee Relationships to Improve Engagement

    • Buy Link or Shortcode: {j2store}545|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Engage
    • Parent Category Link: /engage
    • The responsibility of employee engagement has been on the shoulders of HR and the executive team for years, but managers, not HR or executives, should be primarily responsible for employee engagement.
    • Managers often fail to take steps to improve due to the following reasons:
      • They don’t understand the impact they can have on engagement.
      • They don’t understand the value of an engaged workforce.
      • They don’t feel that they are responsible for engagement.
      • They don’t know what steps they can personally take to improve engagement levels.

    Our Advice

    Critical Insight

    • Managers have a large impact on employee engagement and retention. According to McLean & Company’s engagement data, every 10% increase in the category “my manager inspires me to improve” resulted in a 3.6% increase in an employee’s intent to stay.
    • To improve the manager relationship driver, managers cannot abdicate the responsibility of strengthening relationships with employees to HR – they must take the ownership role.

    Impact and Result

    • When an organization focuses on strengthening manager relationships with employees, managers should be the owner and IT leadership should be the facilitator.
    • Info-Tech recommends starting with the three most important actions to improve employee trust and therefore engagement: inform employees of the why behind decisions, interact with them on a personal level, and involve them in decisions that affect them (also known as the “3 I’s”).
    • Use this blueprint to prepare to train managers on how to apply the 3 I principles and improve the score on this engagement driver.

    Train Managers to Strengthen Employee Relationships to Improve Engagement Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Make the case

    Educate managers on the impact they have on engagement.

    • Train Managers to Strengthen Employee Relationships to Improve Engagement Storyboard

    2. Prepare for the training session by understanding key concepts

    Learn the 3 I’s of engagement and understand IT leaders as role models for engagement.

    • Training Deck: Train Managers to Build Trusting Relationships to Improve Engagement

    3. Plan the training session and customize the materials

    Determine the logistics of the training session: the who, what, and where.

    • Participant Notebook: Take Ownership of Manager Relationships

    4. Track training success metrics and follow up

    Determine ways to track the impact the training has on employee engagement.

    • Training Evaluation: Manager Relationships
    [infographic]

    Workshop: Train Managers to Strengthen Employee Relationships to Improve Engagement

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Make the Case for Strengthening Manager Relationships

    The Purpose

    Educate managers on the impact they have on engagement and the relationship between employee trust and engagement.

    Identify reasons why managers fail to positively impact employee engagement.

    Inform managers of their responsibility for employee engagement.

    Key Benefits Achieved

    Increased awareness of managers regarding their impact on employee engagement.

    Improved understanding of manager role.

    Creation of plan to increase employee trust and engagement.

    Activities

    1.1 Describe relationship between trust and engagement.

    1.2 Review data on manager’s impact on engagement.

    Outputs

    Gain an understanding of the 3 I’s of building trust.

    Address key objections managers might have.

    2 Prepare for the Training Session by Understanding Key Concepts and Your Role as HR

    The Purpose

    Understand key concepts for engagement, such as inform, interact, and involve.

    Use McLean & Company’s advice to get past pain points with managers.

    Key Benefits Achieved

    Understand the key principles and activities in the manager training deck.

    Gain advice for dealing with pushback from managers.

    Learn about actions that you can take to adopt the 3 I’s principle and act as a role model.

    Activities

    2.1 Practice manager training exercises on informing, interacting with, and involving employees.

    Outputs

    Become familiar with and prepared to take managers through key training exercises.

    3 Plan the Training Session and Customize the Materials

    The Purpose

    Determine who will participate in the manager training session.

    Become familiar with the content in the training deck and ensure the provided examples are appropriate.

    Key Benefits Achieved

    Logistics planned for your own training session.

    Your own case made more powerful by adding your engagement data to the training deck slides.

    Improved delivery of training, making it more effective and engaging for participants.

    Activities

    3.1 Consider your audience for delivering the training.

    3.2 Plan out logistics for the training session—the who, where, and when.

    Outputs

    Ensure that your training sessions include the appropriate participants.

    Deliver a smooth and successful training session.

    4 Track Training Success Metrics and Follow Up

    The Purpose

    Determine ways to track the impact the training has on employee engagement.

    Understand how to apply the 3 I’s principle across HR functions. 

    Key Benefits Achieved

    Measure the value of engagement training.

    Gain immediate feedback on employee engagement with the McLean Leadership Index.

    Determine how HR can support managers in building stronger relationships with employees.

    Activities

    4.1 Determine how HR can support management in strengthening employee relationships.

    Outputs

    Create a culture of trust throughout the organization.

    Master Your Security Incident Response Communications Program

    • Buy Link or Shortcode: {j2store}321|cart{/j2store}
    • member rating overall impact: 8.0/10 Overall Impact
    • member rating average dollars saved: $2,339 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Threat Intelligence & Incident Response
    • Parent Category Link: /threat-intelligence-incident-response
    • When a significant security incident is discovered, usually very few details are known for certain. Nevertheless, the organization will need to say something to affected stakeholders.
    • Security incidents tend to be ongoing situations that last considerably longer than other types of crises, making communications a process rather than a one-time event.
    • Effective incident response communications require collaboration from: IT, Legal, PR, and HR – groups that often speak “different languages.”

    Our Advice

    Critical Insight

    • There’s no such thing as successful incident response communications; strive instead for effective communications. There will always be some fallout after a security incident, but it can be effectively mitigated through honesty, transparency, and accountability.
    • Effective external communications begin with effective internal communications. Security Incident Response Team members come from departments that don’t usually work closely with each other. This means they often have different ways of thinking and speaking about issues. Be sure they are familiar with each other before a crisis occurs.
    • You won’t save face by withholding embarrassing details. Lying only makes a bad situation worse, but coming clean and acknowledging shortcomings (and how you’ve fixed them) can go a long way towards restoring stakeholders’ trust.

    Impact and Result

    • Effective and efficient management of security incidents involves a formal process of preparation, detection, analysis, containment, eradication, recovery, and post-incident activities: communications must be integrated into each of these phases.
    • Understand that prior planning helps to take the guesswork out of incident response communications. By preparing for several different types of security incidents, the communications team will get used to working with each other, as well as learning what strategies are and are not effective. Remember, the communications team contains diverse members from various departments, and each may have different ideas about what information is important to release.

    Master Your Security Incident Response Communications Program Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement a security incident response communications plan, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Dive into communications planning

    This phase addresses the benefits and challenges of incident response communications and offers advice on how to assemble a communications team and develop a threat escalation protocol.

    • Master Your Security Incident Response Communications Program – Phase 1: Dive Into Communications Planning
    • Security Incident Management Plan

    2. Develop your communications plan

    This phase focuses on creating an internal and external communications plan, managing incident fallout, and conducting a post-incident review.

    • Master Your Security Incident Response Communications Program – Phase 2: Develop Your Communications Plan
    • Security Incident Response Interdepartmental Communications Template
    • Security Incident Communications Policy Template
    • Security Incident Communications Guidelines and Templates
    • Security Incident Metrics Tool
    • Tabletop Exercises Package
    [infographic]

    Identify and Manage Strategic Risk Impacts on Your Organization

    • Buy Link or Shortcode: {j2store}219|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management

    Moreso than any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their strategic plans to accommodate risk on an unprecedented level.

    A new global change will impact your organizational strategy at any given time. So, make sure your plans are flexible enough to manage the inevitable consequences.

    Our Advice

    Critical Insight

    • Identifying and managing a vendor’s potential strategic impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes affect strategic plans.
    • Organizational leadership is often taken unaware during crises, and their plans lack the flexibility needed to adjust to significant market upheavals.

    Impact and Result

    • Vendor management practices educate organizations on the different potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.
    • Prioritize and classify your vendors with quantifiable, standardized rankings.
    • Prioritize focus on your high-risk vendors.
    • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your strategic plan with our Strategic Risk Impact Tool.

    Identify and Manage Strategic Risk Impacts on Your Organization Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and Manage Strategic Risk Impacts to Your Organization Deck – Use the research to better understand the negative impacts of vendor actions on your strategic plans.

    Use this research to identify and quantify the potential strategic impacts caused by vendors. Use Info-Tech’s approach to look at the strategic impact from various perspectives to better prepare for issues that may arise.

    • Identify and Manage Strategic Risk Impacts on Your Organization Storyboard

    2. What If Vendor Strategic Impact Tool – Use this tool to help identify and quantify the strategic impacts of negative vendor actions

    By playing the “what if” game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    • Strategic Risk Impact Tool
    [infographic]

    Further reading

    Identify and Manage Strategic Risk Impacts on Your Organization

    The world is in a perpetual state of change. Organizations need to build adaptive resiliency into their strategic plans to adjust to ever-changing market dynamics.

    Analyst perspective

    Organizations need to build flexible resiliency into their strategic plans to be able to adjust to ever-changing market dynamics.

    This is a picture of Frank Sewell, Research Director, Vendor Management at Info-Tech Research Group

    Like most people, organizations are poor at assessing the likelihood of risk. If the past few years have taught us anything, it is that the probability of a risk occurring is far more flexible in the formula Risk = Likelihood * Impact than we ever thought possible. The impacts of these risks have been catastrophic, and organizations need to be more adaptive in managing them to strengthen their strategic plans.

    Frank Sewell,
    Research Director, Vendor Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Moreso than any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their strategic plans to accommodate risk on an unprecedented level.

    A new global change will impact your organizational strategy at any given time. So, make sure your plans are flexible enough to manage the inevitable consequences.

    Common Obstacles

    Identifying and managing a vendor’s potential strategic impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes affect strategic plans.

    Organizational leadership is often taken unaware during crises, and their plans lack the flexibility needed to adjust to significant market upheavals.

    Info-Tech’s Approach

    Vendor management practices educate organizations on the different potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.

    Prioritize and classify your vendors with quantifiable, standardized rankings.

    Prioritize focus on your high-risk vendors.

    Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your strategic plan with our Strategic Impacts Tool.

    Info-Tech Insight

    Organizations must evolve their strategic risk assessments to be more adaptive to respond to global changes in the market. Ongoing monitoring of the market and the vendors tied to company strategies is imperative to achieving success.

    Info-Tech’s multi-blueprint series on vendor risk assessment

    There are many individual components of vendor risk beyond cybersecurity.

    This image depicts a cube divided into six different coloured sections. The sections are labeled: Financial; Reputational; Operational; Strategic; Security; Regulatory & Compliance.

    This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.

    Out of Scope:

    This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.

    Strategic risk impacts

    Potential losses to the organization due to risks to the strategic plan

    • In this blueprint, we’ll explore strategic risks (risks to the Strategic Plans of the organization) and their impacts.
    • Identify potentially disruptive events to assess the overall impact on organizations and implement adaptive measures to correct strategic plans.
    This image depicts a cube divided into six different coloured sections. The section labeled Strategic is highlighted.

    The world is constantly changing

    The IT market is constantly reacting to global influences. By anticipating changes, leaders can set expectations and work with their vendors to accommodate them.

    When the unexpected happens, being able to adapt quickly to new priorities ensures continued long-term business success.

    Below are some things no one expected to happen in the last few years:

    62%

    of IT professionals are more concerned about being a victim of ransomware than they were a year ago.

    82%

    of Microsoft’s non-essential employees shifted to working from home in 2020, joining the 18% already remote.

    89%

    of organizations invested in web conferencing technology to facilitate collaboration.

    Source: Info-Tech Tech Trends Survey 2022

    Strategic risks on a global scale

    Odds are at least one of these is currently affecting your strategic plans

    • Vendor Acquisitions
    • Global Pandemic
    • Global Shortages
    • Gas Prices
    • Poor Vendor Performance
    • Travel Bans
    • War
    • Natural Disasters
    • Supply Chain Disruptions
    • Security Incidents

    Make sure you have the right people at the table to identify and plan to manage impacts.

    Identify & manage strategic risks

    Global Pandemic

    Very few people could have predicted that a global pandemic would interrupt business on the scale experienced today. Organizations should look at their lessons learned and incorporate adaptable preparations into their strategic planning moving forward.

    Vendor Acquisitions

    The IT market is an ever-shifting environment. Larger companies often gobble up smaller ones to control their sectors. Incorporating plans to manage those shifts in ownership will be key to many strategic plans that depend on niche vendor solutions for success. Be sure to monitor the potentially affected markets on an ongoing cadence.

    Global Shortages

    Organizations need to accept that shortages will recur periodically and that preparing for them will significantly increase the success potential of long-term strategic plans. Understand what your business needs to stock for project needs and where those supplies are located, and plan how to rapidly access and distribute them as required if supply chain disruptions occur.

    What to look for in vendors

    Identify strategic risk impacts

    • A vendor acquires many smaller, seemingly irrelevant IT products. Suddenly their revenue model includes aggressive license compliance audits.
      • Ensure that your installed software meets license compliance requirements with good asset management practices.
      • Monitor the market for such acquisitions or news of audits hitting companies.
    • A vendor changes their primary business model from storage and hardware to becoming a self-proclaimed “professional services guru,” relying almost entirely on their name recognition to build their marketing.
      • Be wary of self-proclaimed experts and review their successes and failures with other organizations before adopting them into your business strategy.
      • Review the backgrounds their “experts” have and make sure they have the industry and technical skill sets to perform the services to the required level.

    Not preparing for your growth can delay your goals

    Why can’t I get a new laptop?

    For example:

    • An IT professional services organization plans to take advantage of the growing work-from-home trend to expand its staff by 30% over the coming year.
    • Logically, this should include a review of the necessary tasks involved, including onboarding.
      • Suppose the company does not order enough equipment in preparation to cover the new staff plus routine replacement. In that case, this will delay the output of the new team members immeasurably as they wait for their company equipment and will delay existing staff whose equipment breaks, preventing them from getting back to work efficiently.

    Sometimes an organization has the right mindset to take advantage of the changes in the market but can fail to plan for the particulars.

    When your strategic plan changes, you need to revisit all the steps in the processes to ensure a successful outcome.

    Strategic risks

    Poor or uninformed business decisions can lead to organizational strategic failures

    • Supply chain disruptions and global shortages
      • Geopolitical disruptions and natural disasters have caused unprecedented interruptions to business. Incorporate forecasting of product and ongoing business continuity planning into your strategic plans to adapt as events unfold.
    • Poor vendor performance
      • Consider the impact of a vendor that fails to perform midway through the implementation. Organizations need to be able to manage the impact of replacing that vendor and cutting their losses rather than continuing to throw good money away after bad performance.
    • Vendor acquisitions
      • A lot of acquisition is going on in the market today. Large companies are buying competitors and either imposing new terms on customers or removing the competing products from the market. Prepare options for any strategy tied to a niche product.

    It is important to identify potential risks to strategic plans to manage the risk and be agile enough in planning to adapt to the changing environments.

    Info-Tech Insight
    Few organizations are good at identifying risks to their strategic plan. As a result, almost none realistically plan to monitor, manage, and adapt their strategies to those risks.

    Prepare your strategic risk management for success

    Due diligence will enable successful outcomes

    1. Obtain top-level buy-in; it is critical to success.
    2. Build enterprise risk management (ERM) through incremental improvement.
    3. Focus initial efforts on the “big wins” to prove the process works.
    4. Use existing resources.
    5. Build on any risk management activities that already exist in the organization.
    6. Socialize ERM throughout the organization to gain additional buy‑in.
    7. Normalize the process long term with ongoing updates and continuing education for the organization.

    (Adapted from COSO)

    How to assess strategic risk

    1. Review Organizational Strategy
      Understand the organizational strategy to prepare for the “What If” game exercise.
    2. Identify & Understand Potential Strategic Risks
      Play the “What If” game with the right people at the table.
    3. Create a Risk Profile Packet for Leadership
      Pull all the information together in a presentation document.
    4. Validate the Risks
      Work with leadership to ensure that the proposed risks are in line with their thoughts.
    5. Plan to Manage the Risks
      Lower the overall risk potential by putting mitigations in place.
    6. Communicate the Plan
      It is important not only to have a plan but also to socialize it in the organization for awareness.
    7. Enact the Plan
      Once the plan is finalized and socialized, put it in place with continued monitoring for success.

    Insight summary

    Insight 1

    Organizations build portions of their strategies around chosen vendors and should protect those plans against the risks of unforeseen acquisitions in the market.
    Is your vendor solvent? Does it have enough staff to accommodate your needs? Has its long-term planning been affected by changes in the market? Is it unique in its space?

    Insight 2

    Organizations’ strategic plans need to be adaptable to avoid vendors’ negative actions causing an expedited shift in priorities.
    For example, Philip's recall of ventilators impacted its products and the availability of its competitor’s products as demand overwhelmed the market.

    Insight 3

    Organizations need to become better at risk assessment and actively manage the identified risks to their strategic plans.
    Few organizations are good at identifying risks to their strategic plan. As a result, almost none realistically plan to monitor, manage, and adapt their strategies to those risks.

    Strategic risk impacts are often unanticipated, causing unforeseen downstream effects. Anticipating the potential changes in the global IT market and continuously monitoring vendors’ risk levels can help organizations modify their strategic alignment with the new norms.

    Identifying strategic risk

    Who should be included in the discussion

    • While it is true that executive-level leadership defines the strategy for an organization, it is vital for those making decisions to make informed decisions.
    • Getting input from operational experts at your organization will enhance the long-term potential for success of your strategies.
    • Involving those who directly manage vendors and understand the market will aid operational experts in determining the forward path for relationships with your current vendors and identifying new emerging potential strategic partners.

    Review your strategic plans for new risks and evolving likelihood on a regular basis.

    Keep in mind Risk = Likelihood x Impact (R=L*I).

    Impact (I) tends to remain the same, while Likelihood (L) is a very flexible variable.

    See the blueprint Build an IT Risk Management Program

    Managing strategic risk impacts

    What can we realistically do about the risks?

    • Review business continuity plans and disaster recovery testing.
    • Institute proper contract lifecycle management.
    • Re-evaluate corporate policies frequently.
    • Develop IT governance and change control.
    • Ensure strategic alignment in contracts.
    • Introduce continual risk assessment to monitor the relevant vendor markets.
      • Regularly review your strategic plans for new risks and evolving likelihood.
      • Risk = Likelihood x Impact (R=L*I)
        • Impact (I) tends to remain the same and be well understood, while Likelihood (L) turns out to be highly variable.
    • Be adaptable and allow for innovations that arise from the current needs.
      • Capture lessons learned from prior incidents to improve over time, and adjust your strategy based on the lessons.

    Organizations need to be reviewing their strategic risk plans considering the likelihood of incidents in the global market.

    Pandemics, extreme weather, and wars that affect global supply chains are a current reality, not unlikely scenarios.

    Ongoing Improvement

    Incorporating lessons learned

    • Over time, despite everyone’s best observations and plans, incidents will catch us off guard.
    • When it happens, follow your incident response plans and act accordingly.
    • An essential step is to document what worked and what did not – collectively known as the “lessons learned.”
    • Use the lessons learned document to devise, incorporate, and enact a better risk management process.

    Sometimes disasters occur despite our best plans to manage them.

    When this happens, it is important to document the lessons learned and improve our plans going forward.

    The “what if” game

    1-3 hours

    Vendor management professionals are in an excellent position to help senior leadership identify and pull together resources across the organization to determine potential risks. By playing the "what if" game and asking probing questions to draw out – or eliminate – possible adverse outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    1. Break into smaller groups (or if too small, continue as a single group).
    2. Use the Strategic Risk Impact Tool to prompt discussion on potential risks. Keep this discussion flowing organically to explore all potentials but manage the overall process to keep the discussion pertinent and on track.
    3. Collect the outputs and ask the subject matter experts (SMEs) for management options for each one in order to present a comprehensive risk strategy. You will use this to educate senior leadership so that they can make an informed decision to accept or reject the solution.

    Download the Strategic Risk Impact Tool

    Input Output
    • List of identified potential risk scenarios scored by likelihood and financial impact
    • List of potential management of the scenarios to reduce the risk
    • Comprehensive strategic risk profile on the specific vendor solution
    Materials Participants
    • Whiteboard/flip charts
    • Strategic Risk Impact Tool to help drive discussion
    • Vendor Management – Coordinator
    • Organizational Leadership
    • Operations Experts (SMEs)
    • Legal/Compliance/Risk Manager

    Case Study

    Airline Industry Strategic Adaptation

    Industry: Airline

    Impact categories: Pandemic, Lockdowns, Travel Bans, Increased Fuel Prices

    • In 2019 the airline industry yielded record profits of $35.5 billion.
    • In 2020 the pandemic devastated the industry with losses around $371 billion.
    • The industry leaders engaged experts to conduct a study on how the pandemic impacted them and propose measures to ensure the survival of their industry in the future after the pandemic.
    • They determined that “[p]recise decision-making based on data analytics is essential and crucial for an effective Covid-19 airline recovery plan.”

    Results

    The pandemic prompted systemic change to the overall strategic planning of the airline industry.

    Summary

    Be vigilant and adaptable to change

    • Organizations need to learn how to assess the likelihood of potential risks in the changing global world.
    • Those organizations that incorporate adaptive risk management processes can prepare their strategic plans for greater success.
    • Bring the right people to the table to outline potential risks in the market.
    • Socialize the risk management process throughout the organization to heighten awareness and enable employees to help protect the strategic plan.
    • Incorporate lessons learned from incidents into your risk management process to build better plans for future issues.

    Organizations must evolve their strategic risk assessments to be more adaptive to respond to global changes in the market.

    Ongoing monitoring of the market and the vendors tied to company strategies is imperative to achieving success.

    Related Info-Tech Research

    Identify and Manage Financial Risk Impacts on Your Organization

    This image contains a screenshot from Info-Tech's Identify and Manage Financial Risk Impacts on Your Organization.
    • Vendor management practices educate organizations on the different potential financial impacts that vendors may incur and suggest systems to help manage them.
    • Prioritize and classify your vendors with quantifiable, standardized rankings.
    • Prioritize focus on your high-risk vendors.
    • Standardize your processes for identifying and monitoring vendor risks to manage financial impacts with our Financial Risk Impact Tool.

    Identify and Reduce Agile Contract Risk

    This image contains a screenshot from Info-Tech's Identify and Reduce Agile Contract Risk
    • Customer maturity levels with Agile are low, with 67% of organizations using Agile for less than five years.
    • Customer competency levels with Agile are also low, with 84% of organizations stating they are below a high level of competency.
    • Contract disputes are the number one or two types of disputes faced by organizations across all industries.

    Build an IT Risk Management Program

    This image contains a screenshot from Info-Tech's Build an IT Risk Management Program
    • Transform your ad hoc IT risk management processes into a formalized, ongoing program, and increase risk management success.
    • Take a proactive stance against IT threats and vulnerabilities by identifying and assessing IT’s greatest risks before they occur.
    • Involve key stakeholders including the business senior management team to gain buy-in and to focus on IT risks most critical to the organization.

    Bibliography

    Olaganathan, Rajee. “Impact of COVID-19 on airline industry and strategic plan for its recovery with special reference to data analytics technology.” Global Journal of Engineering and Technology Advances, vol 7, no 1, 2021, pp. 033-046.

    Tonello, Matteo. “Strategic Risk Management: A Primer for Directors.” Harvard Law School Forum on Corporate Governance, 23 Aug. 2012.

    Frigo, Mark L., and Richard J. Anderson. “Embracing Enterprise Risk Management: Practical Approaches for Getting Started.” COSO, 2011.

    Research Contributors and Experts

    • Frank Sewell
      Research Director, Info-Tech Research Group
    • Steven Jeffery
      Principal Research Director, Info-Tech Research Group
    • Scott Bickley
      Practice Lead, Info-Tech Research Group
    • Donna Glidden
      Research Director, Info-Tech Research Group
    • Phil Bode
      Principal Research Director, Info-Tech Research Group
    • David Espinosa
      Senior Director, Executive Services, Info-Tech Research Group
    • Rick Pittman
      Vice President, Research, Info-Tech Research Group
    • Patrick Philpot
      CISSP
    • Gaylon Stockman
      Vice President, Information Security
    • Jennifer Smith
      Senior Director

    Run Better Meetings

    • Buy Link or Shortcode: {j2store}287|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Voice & Video Management
    • Parent Category Link: /voice-video-management

    Your newly hybrid workplace will include virtual, hybrid, and physical meetings, presenting several challenges:

    • The experience for onsite and remote attendees is not equal.
    • Employees are experiencing meeting and video fatigue.
    • Meeting rooms are not optimized for hybrid meetings.
    • The fact is that many people have not successfully run hybrid meetings before.

    Our Advice

    Critical Insight

    • Successful hybrid workplace plans must include planning around hybrid meetings. Seamless hybrid meetings are the result of thoughtful planning and documented best practices.

    Impact and Result

    • Identify your current state and the root cause of unsatisfactory meetings.
    • Review and identify meetings best practices around meeting roles, delivery models, and training.
    • Improve the technology that supports meetings.
    • Use Info-Tech’s quick checklists and decision flowchart to accelerate meeting planning and cover your bases.

    Run Better Meetings Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should run better meetings, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify the current state of meetings

    Understand the problem before you try to fix it. Before you can improve meetings, you need to understand what your norms and challenges currently are.

    • Checklist: Run a Virtual or Hybrid Meeting

    2. Publish best practices for how meetings should run

    Document meeting roles, expectations, and how meetings should run. Decide what kind of meeting delivery model to use and develop a training program.

    • Meeting Challenges and Best Practices
    • Meeting Type Decision Flowchart (Visio)
    • Meeting Type Decision Flowchart (PDF)

    3. Improve meeting technology

    Always be consulting with users: early in the process to set a benchmark, during and after every meeting to address immediate concerns, and quarterly to identify trends and deeper issues.

    • Team Charter
    • Communications Guide Poster Template
    [infographic]

    Workshop: Run Better Meetings

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Current State of Meetings

    The Purpose

    Understand the current state of meetings in your organization.

    Key Benefits Achieved

    What you need to keep doing and what you need to change

    Activities

    1.1 Brainstorm meeting types.

    1.2 Document meeting norms.

    1.3 Document and categorize meeting challenges.

    Outputs

    Documented challenges with meetings

    Meeting norms

    Desired changes to meeting norms

    2 Review and Identify Best Practices

    The Purpose

    Review and implement meeting best practices.

    Key Benefits Achieved

    Defined meeting best practices for your organization

    Activities

    2.1 Document meeting roles and expectations.

    2.2 Review common meeting challenges and identify best practices.

    2.3 Document when to use a hybrid meeting, virtual meeting, or an in-person meeting.

    2.4 Develop a training program.

    Outputs

    Meeting roles and expectations

    List of meeting best practices

    Guidelines to help workers choose between a hybrid, virtual, or in-person meeting

    Training plan for meetings

    3 Improve Meeting Technology

    The Purpose

    Identify opportunities to improve meeting technology.

    Key Benefits Achieved

    A strategy for improving the underlying technologies and meeting spaces

    Activities

    3.1 Empower virtual meeting attendees.

    3.2 Optimize spaces for hybrid meetings.

    3.3 Build a team of meeting champions.

    3.4 Iterate to build and improve meeting technology.

    3.5 Guide users toward each technology.

    Outputs

    Desired improvements to meeting rooms and meeting technology

    Charter for the team of meeting champions

    Communications Guide Poster

    Build a Software Quality Assurance Program

    • Buy Link or Shortcode: {j2store}284|cart{/j2store}
    • member rating overall impact: 9.6/10 Overall Impact
    • member rating average dollars saved: $20,972 Average $ Saved
    • member rating average days saved: 14 Average Days Saved
    • Parent Category Name: Testing, Deployment & QA
    • Parent Category Link: /testing-deployment-and-qa
    • Today’s rapidly scaling and increasingly complex products create mounting pressure on delivery teams to release new systems and changes quickly and with sufficient quality.
    • Many organizations lack the critical capabilities and resources needed to satisfy their growing testing backlog, risking product success.

    Our Advice

    Critical Insight

    • Testing is often viewed as a support capability rather than an enabler of business growth. It receives focus and investment only when it becomes a visible problem.
    • The rise in security risks, aggressive performance standards, constantly evolving priorities, and misunderstood quality policies further complicate QA as it drives higher expectations for effective practices.
    • QA starts with good requirements. Tests are only as valuable as the requirements they are validating and verifying. Early QA improves the accuracy of downstream tests and reduces costs of fixing defects late in delivery.
    • Quality is an organization-wide accountability. Upstream work can have extensive ramifications if all roles are not accountable for the decisions they make.
    • Quality must account for both business and technical requirements. Valuable change delivery is cemented in a clear understanding of quality from both business and IT perspectives.

    Impact and Result

    • Standardize your definition of a product. Come to an organizational agreement of what attributes define a high-quality product. Accommodate both business and IT perspectives in your definition.
    • Clarify the role of QA throughout your delivery pipeline. Indicate where and how QA is involved throughout product delivery. Instill quality-first thinking in each stage of your pipeline to catch defects and issues early.
    • Structure your test design, planning, execution, and communication practices to better support your quality definition and business and IT environments and priorities. Adopt QA good practices to ensure your tests satisfy your criteria for a high-quality and successful product.

    Build a Software Quality Assurance Program Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a strong foundation for quality, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define your QA process

    Standardize your product quality definition and your QA roles, processes, and guidelines according to your business and IT priorities.

    • Build a Strong Foundation for Quality – Phase 1: Define Your QA Process
    • Test Strategy Template

    2. Adopt QA good practices

    Build a solid set of good practices to define your defect tolerances, recognize the appropriate test coverage, and communicate your test results.

    • Build a Strong Foundation for Quality – Phase 2: Adopt QA Good Practices
    • Test Plan Template
    • Test Case Template
    [infographic]

    Workshop: Build a Software Quality Assurance Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Your QA Process

    The Purpose

    Discuss your quality definition and how quality is interpreted from both business and IT perspectives.

    Review your case for strengthening your QA practice.

    Review the standardization of QA roles, processes, and guidelines in your organization.

    Key Benefits Achieved

    Grounded understanding of quality that is accepted across IT and between the business and IT.

    Clear QA roles and responsibilities.

    A repeatable QA process that is applicable across the delivery pipeline.

    Activities

    1.1 List your QA objectives and metrics.

    1.2 Adopt your foundational QA process.

    Outputs

    Quality definition and QA objectives and metrics.

    QA guiding principles, process, and roles and responsibilities.

    2 Adopt QA Good Practices

    The Purpose

    Discuss the practices to reveal the sufficient degree of test coverage to meet your acceptance criteria, defect tolerance, and quality definition.

    Review the technologies and tools to support the execution and reporting of your tests.

    Key Benefits Achieved

    QA practices aligned to industry good practices supporting your quality definition.

    Defect tolerance and acceptance criteria defined against stakeholder priorities.

    Identification of test scenarios to meet test coverage expectations.

    Activities

    2.1 Define your defect tolerance.

    2.2 Model and prioritize your tests.

    2.3 Develop and execute your QA activities.

    2.4 Communicate your QA activities.

    Outputs

    Defect tolerance levels and courses of action.

    List of test cases and scenarios that meet test coverage expectations.

    Defined test types, environment and data requirements, and testing toolchain.

    Test dashboard and communication flow.

    Advisory Call Outline: Software Selection Engagement

    • Buy Link or Shortcode: {j2store}609|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Selection & Implementation
    • Parent Category Link: /selection-and-implementation
    • Selection takes forever. Traditional software selection drags on for years, sometimes in perpetuity.
    • IT is viewed as a bottleneck and the business has taken control of software selection.
    • “Gut feel” decisions rule the day. Intuition, not hard data, guides selection, leading to poor outcomes.
    • Negotiations are a losing battle. Money is left on the table by inexperienced negotiators.
    • Overall: Poor selection processes lead to wasted time, wasted effort, and applications that continually disappoint.

    Our Advice

    Critical Insight

    • Adopt a formal methodology to accelerate and improve software selection results.
    • Improve business satisfaction by including the right stakeholders and delivering new applications on a truly timely basis.
    • Kill the “sacred cow” requirements that only exist because “it’s how we’ve always done it.”
    • Forget about “RFP” overload and hone in on the features that matter to your organization.
    • Skip the guesswork and validate decisions with real data.
    • Take control of vendor “dog and pony shows” with single-day, high-value, low-effort, rapid-fire investigative interviews.
    • Master vendor negotiations and never leave money on the table.

    Impact and Result

    • Improving software selection is a critical project that will deliver huge value.
    • Hit a home run with your business stakeholders: use a data-driven approach to select the right application vendor for their needs – fast.
    • Shatter stakeholder expectations with truly rapid application selections.
    • Boost collaboration and crush the broken telephone with concise and effective stakeholder meetings.
    • Lock in hard savings and do not pay list price by using data-driven tactics.

    Advisory Call Outline: Software Selection Engagement Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Advisory Call Outline

    Info-Tech's expert analyst guidance will help you save money, align stakeholders, and speed up the application selection process.

    • Advisory Call Outline: Software Selection Engagement Deck

    2. Workshop Overview

    Info-Tech's workshop will help you implement a repeatable, data-driven approach that accelerates software selection efforts.

    • Rapid Software Selection Workshop Overview
    [infographic]

    2020 IT Talent Trend Report

    • Buy Link or Shortcode: {j2store}512|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Lead
    • Parent Category Link: /lead
    • IT is an employee’s market.
    • Automation, outsourcing, and emerging technologies are widening the skill gap and increasing the need for skilled staff.
    • IT departments must find new ways to attract and retain top talent.

    Our Advice

    Critical Insight

    • Improving talent management is the way forward, but many IT leaders are approaching it the wrong way.
    • Among the current climate of automating everything in the workplace, we need to bring the human element back into talent management.

    Impact and Result

    • Using talent management strategies that speak to employees as individuals, rather than cogs in a machine, produces more effective IT departments.
    • IT leaders who make use of these strategies see benefits across the talent lifecycle – from hiring, to training, to retention.

    2020 IT Talent Trend Report Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should focus on talent management and get an overview of what successful IT leaders are doing differently heading into 2020 – the six new talent management trends.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. IT takes ownership of talent acquisition

    IT leaders who get personally involved in recruitment see better results. Read this section to learn how leader are getting involved, and how to take the first steps.

    • 2020 IT Talent Trend Report – Trend 1: IT Takes Ownership of Talent Acquisition

    2. Flexible work becomes fluid work

    Heading into 2020, flexible work is table stakes. Read this section to learn what organizations offer and how you can take advantage of opportunities your competitors are missing.

    • 2020 IT Talent Trend Report – Trend 2: Flexible Work Becomes Fluid Work

    3. The age of radical transparency

    Ethics and transparency are emerging as key considerations for employees. How can you build a culture that supports this? Read this section to learn how.

    • 2020 IT Talent Trend Report – Trend 3: The Age of Radical Transparency

    4. People analytics is business analytics

    Your staff is the biggest line item in your budget, but are you using data to make decisions about your people they way you do in other areas of the business? Read this section to learn how analytics can be applied to the workforce no matter what level you are starting at.

    • 2020 IT Talent Trend Report – Trend 4: People Analytics Is Business Analytics

    5. IT departments become their own universities

    With the rapid pace of technological change, it is becoming increasingly harder to hire skilled people for critical roles. Read this section to learn how some IT departments are turning to in-house training to fill the skill gap.

    • 2020 IT Talent Trend Report – Trend 5: IT Departments Become Their Own Universities

    6. Offboarding: The missed opportunity

    What do an employee's last few days with your company look like? For most organizations, they are filled with writing rushed documentation, hosting last-minute training sessions and finishing up odd jobs. Read this section to understand the crucial opportunity most IT departments are missing when it comes to departing staff.

    • 2020 IT Talent Trend Report – Trend 6: Offboarding: The Missed Opportunity
    [infographic]

    Cybersecurity in Healthcare 2024

    Healthcare cybersecurity is a major concern for healthcare organizations and patients alike. In 2024, the healthcare industry faces several cybersecurity challenges, including the growing threat of ransomware, the increasing use of mobile devices in healthcare, and the need to comply with new regulations.

    Continue reading

    More Articles …