CIO Priorities 2022

Info-Tech’s annual CIO priorities are formed from proprietary primary data and consultation with our internal experts with CIO stature

2022 Tech Trends Survey CIO Demographic N=123

Info-Tech’s Tech Trends 2022 survey was conducted between August and September 2021 and collected a total of 475 responses from IT decision makers, 123 of which were at the C-level. Fourteen countries and 16 industries are represented in the survey.

2022 IT Talent Trends Survey CIO Demographic N=44

Info-Tech’s IT Talent Trends 2022 survey was conducted between September and October 2021 and collected a total of 245 responses from IT decision makers, 44 of which were at the C-level. A broad range of countries from around the world are represented in the survey.

Internal CIO Panels’ 125 Years Of Combined C-Level IT Experience

Panels of former CIOs at Info-Tech focused on interpreting tech trends data and relating it to client experiences. Panels were conducted between November 2021 and January 2022.

CEO-CIO Alignment Survey Benchmark Completed By 107 Different Organizations

Info-Tech’s CEO-CIO Alignment program helps CIOs align with their supervisors by asking the right questions to ensure that IT stays on the right path. It determines how IT can best support the business’ top priorities and address the gaps in your strategy. In 2021, the benchmark was formed by 107 different organizations.

Build IT alignment

IT Management & Governance Diagnostic Benchmark Completed By 320 Different Organizations

Info-Tech’s Management and Governance Diagnostic helps IT departments assess their strengths and weaknesses, prioritize their processes and build an improvement roadmap, and establish clear ownership of IT processes. In 2021, the benchmark was formed by data from 320 different organizations.

Assess your IT processes

The CIO priorities are informed by Info-Tech’s trends research reports and surveys

Priority: “The fact or condition of being regarded or treated as more important than others.” (Lexico/Oxford)

Trend: “A general direction in which something is developing or changing.” (Lexico/Oxford)

Visit Info-Tech’s Trends & Priorities Research Center

The Five Priorities

Priorities to compete in the digital economy

1. Reduce Friction in the Hybrid Operating Model
2. Improve Your Ransomware Readiness
3. Support an Employee-Centric Retention Strategy
4. Design an Automation Platform
5. Prepare to Report on New Environmental, Social, and Governance Metrics

Reduce friction in the hybrid operating model

Priority 01 | APO07 Human Resources Management

Deliver solutions that create equity between remote workers and office workers and make collaboration a joy.

Hybrid work is here to stay

CIOs must deal with new pain points related to friction of collaboration

In 2020, CIOs adapted to the pandemic’s disruption to offices by investing in capabilities to enable remote work. With restrictions on gathering in offices, even digital laggards had to shift to an all-remote work model for non-essential workers.

Most popular technologies already invested in to facilitate better collaboration

• 24% Web Conferencing
• 23% Instant Messaging
• 20% Document Collaboration

In 2022, the focus shifts to solving problems created by the new hybrid operating model where some employees are in the office and some are working remotely. Without the ease of collaborating in a central hub, technology can play a role in reducing friction in several areas:

• Foster more connections between employees. Remote workers are less likely to collaborate with people outside of their department and less likely to spontaneously collaborate with their peers. CIOs should provide a digital employee experience that fosters collaboration habits and keeps workers engaged.
• Prevent employee attrition. With more workers reevaluating their careers and leaving their jobs, CIOs can help employees feel connected to the overall purpose of the organization. Finding a way to maintain culture in the new context will require new solutions. While conference room technology can be a bane to IT departments, making hybrid meetings effortless to facilitate will be more important.
• Provide new standards for mediated collaboration. Meeting isn’t as easy as simply gathering around the same table anymore. CIOs need to provide structure around how hybrid meetings are conducted to create equity between all participants. Business continuity processes must also consider potential outages for collaboration services so employees can continue the work despite a major outage.

Three in four organizations have a “hybrid” approach to work. (Tech Trends 2022 Survey)

In most organizations, a hybrid model is being implemented. Only 14.9% of organizations are planning for almost everyone to return to the office, and only 9.9% for almost everyone to work remotely.

Elizabeth Clark CIO, Harvard Business School "I want to create experiences that are sticky. That keep people coming back and engaging with their colleagues."

Listen to the Tech Insights podcast:
Frictionless hybrid working: How the Harvard Business School did it

Internal interpretation: Harvard Business School

• March 2020

  The pandemic disrupts in-class education at Harvard Business School. Their case study method of instruction that depends on in-person, high-quality student engagement is at risk. While students and faculty completed the winter semester remotely, the Dean and administration make the goal to restore the integrity of the classroom experience with equity for both remote and in-person students.

• May 2020

  A cross-functional task force of about 100 people work intensively, conducting seven formal experiments, 80 smaller tests, and hundreds of polling data points, and a technology and facilities solution is designed: two 4K video cameras capturing both the faculty and the in-class students, new ceiling mics, three 85-inch TV screens, and students joining the videoconference from their laptops. A custom Zoom room, combining three separate rooms, integrated all the elements in one place and integrated with the lecture capture system and learning management system.

• October 2020

  Sixteen classrooms are renovated to install the new solution. Students return to the classroom but in lower numbers due to limits on in-room capacity, but students rotate between the in-person and remote experience.

• September 2021

  Renovations for the hybrid solution are complete in 26 classrooms and HBS has determined this will be its standard model for the classroom. The case method of teaching is kept alive and faculty and students are thrilled with the results.

• November 2021

  HBS is adapting its solution for the classroom to its conference rooms and has built out eight different rooms for a hybrid experience. The 4K cameras and TV screens capture all participants in high fidelity as well as the blackboard.

The renovated classrooms integrate all students, whether they are participating remotely or in person. (Image courtesy of Harvard Business School.)

Implications: Organization, Process, Technology

External

• Organization – About half of IT practitioners in the Tech Trends 2022 survey feel that IT leaders, infrastructure and operations teams, and security teams were “very busy” in 2021. Capacity to adapt to hybrid work could be constrained by these factors.
• Process – Organizations that want employees to benefit from being back in the office will have to rethink how workers can get more value out of in-person meetings that also require videoconference participation with remote workers.
• Technology – Fifty-four percent of surveyed IT practitioners say the pandemic raised IT spending compared to the projections they made in 2020. Much of that investment went into adapting to a remote work environment.

Internal

• Organization – HBS added 30 people to its IT staff on term appointments to develop and implement its hybrid classroom solutions. Hires included instructional designers, support technicians, coordinators, and project managers.
• Process – Only 25 students out of the full capacity of 95 could be in the classroom due to COVID-19 regulations. On-campus students rotated through the classroom seats. An app was created to post last-minute seat availability to keep the class full.
• Technology – A Zoom room was created that combines three rooms to provide the full classroom experience: a view of the instructor, a clear view of each student that enlarges when they are speaking, and a view of the blackboard.

Resources Applied

Appetite for Technology

CIOs and their direct supervisors both ranked internal collaboration tools as being a “critical need to adopt” in 2021, according to Info-Tech’s CEO-CIO Alignment Benchmark Report.

Intent to Invest

Ninety-seven percent of IT practitioners plan to invest in technology to facilitate better collaboration between employees in the office and outside the office by the end of 2022, according to Info-Tech’s 2022 Tech Trends survey.

“We got so many nice compliments, which you don’t get in IT all the time. You get all the complaints, but it’s a rare case when people are enthusiastic about something that was delivered.” (Elizabeth Clark, CIO, Harvard Business School)

Harvard Business School

• IT staff were reassigned from other projects to prioritize building a hybrid classroom solution. A cloud migration and other portfolio projects were put on pause.
• The annual capital A/V investment was doubled. The amount of spend on conference rooms was tripled.
• Employees were hired to the media services team at a time when other areas of the organization were frozen.

Outcomes at Harvard Business School

The new normal at Harvard Business School

New normal: HBS has found its new default operating model for the classroom and is extending its solution to its operating environment.

Improved CX: The high-quality experience for students has helped avoid attrition despite the challenges of the pandemic.

Engaged employees: The IT team is also engaged and feels connected to the mission of the school.

A custom Zoom room brings together multiple different views of the classroom into one single experience for remote students. (Image courtesy of Harvard Business School.)

From Priorities to Action

Make hybrid collaboration a joy

Align with your organization’s goals for collaboration and customer interaction, with the target of high satisfaction for both customers and employees. Invest in capital projects to improve the fidelity of conference rooms, develop and test a new way of working, and increase IT capacity to alleviate pressure points.

Foster both asynchronous and synchronous collaboration approaches to avoid calendars filling up with videoconference meetings to get things done and to accommodate workers contributing from across different time zones.

“We’ll always have hybrid now. It’s opened people’s eyes and now we’re thinking about the future state. What new markets could we explore?” (Elizabeth Clark, CIO, Harvard Business School)

Take the next step

Run Better Meetings
Hybrid, virtual, or in person – set meeting best practices that support your desired meeting norms.

Prepare People Leaders for the Hybrid Work Environment
Set hybrid work up for success by providing people leaders with the tools they need to lead within the new model.

Hoteling and Hot-Desking: A Primer
What you need to know regarding facilities, IT infrastructure, maintenance, security, and vendor solutions for desk hoteling and hot-desking.

“Human Resources Management” gap between importance and effectiveness
Info-Tech Research Group Management and Governance Diagnostic Benchmark 2021

Improve your ransomware readiness

Priority 02 | APO13 Security Strategy

Mitigate the damage of successful ransomware intrusions and make recovery as painless as possible.

The ransomware crisis threatens every organization

Prevention alone won’t be enough against the forces behind ransomware.

Cybersecurity is always top of mind for CIOs but tends to be deprioritized due to other demands related to digital transformation or due to cost pressures. That’s the case when we examine our data for this report.

Cybersecurity ranked as the fourth-most important priority by CIOs in Info-Tech’s 2022 Tech Trends survey, behind business process improvement, digital transformation, and modernization. Popular ways to prepare for a successful attack include creating offline backups, purchasing insurance, and deploying new solutions to eradicate ransomware.

CIOs and their direct supervisors ranked “Manage IT-Related Security” as the third-most important top IT priority on Info-Tech’s CEO-CIO Alignment Benchmark for 2021, in support of business goals to manage risk, comply with external regulation, and ensure service continuity.

Most popular ways for organizations to prepare for the event of a successful ransomware attack:

• 25% Created offline backups
• 18% Purchased cyberinsurance
• 19% New tech to eradicate ransomware

Whatever priority an organization places on cybersecurity, when ransomware strikes, it quickly becomes a red alert scenario that disrupts normal operations and requires all hands on deck to respond. Sophisticated attacks executed at wide scale demonstrate that security can be bypassed without creating an alert. After that’s accomplished, the perpetrators build their leverage by exfiltrating data and encrypting critical systems.

CIOs can plan to mitigate ransomware attacks in several constructive ways:

• Business impact analysis. Determine the costs of an outage for specific periods and the system and data recovery points in time.
• Engage a partner for 24/7 monitoring. Gain real-time awareness of your critical systems.
• Review your identity access management (IAM) policies. Use of multi-factor authentication and limiting access to only the roles that need it reduces ransomware risk.

50% of all organizations spent time and money specifically to prevent ransomware in the past year. (Info-Tech Tech Trends 2022 Survey)

John Doe CIO, mid-sized manufacturing firm in the US "I want to create experiences that are sticky. That keep people coming back and engaging with their colleagues."

Listen to the Tech Insights podcast:
Close call with ransomware: a CIO recounts a near security nightmare

Internal interpretation: US-based, mid-sized manufacturing firm

• May 1, 2021

  A mid-sized manufacturing firm (“The Firm”) CIO gets a call from his head of security about odd things happening on the network. A call is made to Microsoft for support. Later that night, the report is that an unwanted crypto-mining application is the culprit. But a couple of hours later, that assessment is proven wrong when it’s realized that hundreds of systems are staged for a ransomware attack. All the attacker has to do is push the button.

• May 2, 2021

  The Firm disconnects all its global sites to cut off new pathways for the malware to infect. All normal operations cease for 24 hours. It launches its cybersecurity insurance process. The CIO engages a new security vendor, CrowdStrike, to help respond. Employees begin working from home if they can so they can make use of their own internet service. The Firm has cut off its public internet connectivity and is severed from cloud services such as Azure storage and collaboration software.

• May 4, 2021

  The hackers behind the attack are revealed by security forensics experts. A state-sponsored agency in Russia set up the ransomware and left it ready to execute. It sold the staged attack to a cybercriminal group, Doppel Spider. According to CrowdStrike, the group uses malware to run “big game hunting operations” and targets 18 different countries including the US and multiple industries, including manufacturing.

• May 10, 2021

  The Firm has totally recovered from the ransomware incident and avoided any serious breach or paying a ransom. The CIO worked more hours than at any other point in his career, logging an estimated 130 hours over the two weeks.

• November 2021

  The Firm never previously considered itself a ransomware target but has now reevaluated that stance. It has hired a service provider to run a security operations center on a 24/7 basis. It's implemented a more sophisticated detection and response model and implemented multi-factor authentication. It’s doubled its security spend in 2021 and will invest more in 2022.

“Now we take the approach that if someone does get in, we're going to find them out.” (John Doe, CIO, “The Firm”)

Implications: Organization, Process, Technology

External

• Organization – Organizations must consider how their employees play a role in preventing ransomware and plan for training to recognize phishing and other common traps. They must make plans for employees to continue their work if systems are disrupted by ransomware.
• Process – Backup processes across multiple systems should be harmonized to have both recent and common points to recover from. Work with the understanding IT will have to take systems offline if ransomware is discovered and there is no time to ask for permission.
• Technology – Organizations can benefit from security services provided by a forensics-focused vendor. Putting cybersecurity insurance in place not only provides financial protection but also guidance in what to do and which vendors to work with to prevent and recover from ransomware.

Internal

• Organization – The Firm was prepared with a business continuity plan to allow many of its employees to work remotely, which was necessary because the office network was incapacitated for ten days during recovery.
• Process – Executives didn’t seek to assign blame for the security incident but took it as a signal there were some new costs involved to stay in business. It initiated new outsource relationships and hired one more full-time employee to shore up security resources.
• Technology – New ransomware eradication software was deployed to 2,000 computers. Scripted processes automated much of the work, but in some cases full system rebuilds were required. Backup systems were disconnected from the network as soon as the malware was discovered.

Resources Applied

Consider the Alternative

Organizations should consider how much a ransomware attack on critical systems would cost them if they were down for a minimum of 24-48 hours. Plan to invest an amount at least equal to the costs of that downtime.

Ask for ID

Implementing across-the-board multi-factor authentication reduces chances of infection and is cheap, with enterprise solutions ranging from $2 to $5 per user on average. Be strict and deny access when connections don’t authenticate.

“You'll never stop everything from getting into the network. You can still focus on stopping the bad actors, but then if they do make it in, make sure they don't get far.” (John Doe, CIO, “The Firm”)

“The Firm” (Mid-Sized Manufacturer)

• During the crisis, The Firm paused all activities and focused solely on isolating and eliminating the ransomware threat.
• New outsourcing relationship with a vendor provides a 24/7 Security Operations Center.
• One more full-time employee on the security team.
• Doubled investment in security in 2021 and will spend more in 2022.

Outcomes at “The Firm” (Mid-Sized Manufacturer)

The new cost of doing business

Real-time security: While The Firm is still investing in prevention-based security, it is also developing its real-time detection and response capabilities. When ransomware makes it through the cracks, it wants to know as soon as possible and stop it.

Leadership commitment: The C-suite is taking the experience as a wake-up call that more investment is required in today’s threat landscape. The Firm rates security more highly as an overall organizational goal, not just something for IT to worry about.

The Firm now uses multi-factor authentication as part of its employee sign-on process. For employees, authenticating is commonly achieved by using a mobile app that receives a secret code from the issuer.

From Priorities to Action

Cybersecurity is everyone’s responsibility

In Info-Tech’s CEO-CIO Alignment Benchmark for 2021, the business goal of “Manage Risk” was the single biggest point of disagreement between CIOs and their direct supervisors. CIOs rank it as the second-most important business goal, while CEOs rank it as sixth-most important.

Organizations should align on managing risk as a top priority given the severity of the ransomware threat. The threat actors and nature of the attacks are such that top leadership must prepare for when ransomware hits. This includes halting operations quickly to contain damage, engaging third-party security forensics experts, and coordinating with government regulators.

Cybersecurity strategies may be challenged to be effective without creating some friction for users. Organizations should look beyond multi-layer prevention strategies and lean toward quick detection and response, spending evenly across prevention, detection, and response solutions.

Take the next step

Create a Ransomware Incident Response Plan
Don’t be the next headline. Determine your current readiness, response plan, and projects to close gaps.

Simplify Identity and Access Management
Select and implement IAM and produce vendor RFPs that will contain the capabilities you need, including multi-factor authentication.

Cybersecurity Series Featuring Sandy Silk
More from Info-Tech’s Senior Workshop Director Sandy Silk in this video series created while she was still at Harvard University.

Gap between CIOs and CEOs in points allocated to “Manage risk” as a top business goal

Support an employee-centric retention strategy

Priority 03 | ITRG02 Leadership, Culture & Values

Avoid being a victim of “The Great Resignation” by putting employees at the center of an experience that will engage them with clear career path development, purposeful work, and transparent feedback.

Defining an employee-first culture that improves retention

The Great resignation isn’t good for firms

In 2021, many workers decided to leave their jobs. Working contexts were disrupted by the pandemic and that saw non-essential workers sent home to work, while essential workers were asked to continue to come into work despite the risks of COVID-19. These disruptions may have contributed to many workers reevaluating their professional goals and weighing their values differently. At the same time, 2021 saw a surging economy and many new job opportunities to create a talent-hungry market. Many workers could have been motivated to take a new opportunity to increase their salary or receive other benefits such as more flexibility.

Annual turnover rate for all us employees on the rise

• 20% – Jan.-Aug. 2020, Dipped from 22% in 2019
• 25% Jan.-Aug. 2021, New record high
Data from Visier Inc.

When you can’t pay them, develop them

IT may be less affected than other departments by this trend. Info-Tech’s 2022 IT Talent Trends Report shows that on average, estimated turnover rate in IT is lower than the rest of the organization. Almost half of respondents estimated their organization’s voluntary turnover rate was 10% or higher. Only 30% of respondents estimate that IT’s voluntary turnover rate is in the same range. However, CIOs working in industries with the highest turnover rates will have to work to keep their workers engaged and satisfied, as IT skills are easily transferred to other industries.

49% ranked “enabling learning & development within IT” as high priority, more than any other single challenge. (IT Talent Trends 2022 Survey, N=227)

Jeff Previte Executive Vice-President of IT, CrossCountry Mortgage “We have to get to know the individual at a personal level … Not just talking about the business, but getting to know the person."

Listen to the Tech Insights podcast:
How a financial services company dodged ‘The Great Resignation’

Internal interpretation: CrossCountry Mortgage

• May 2019

  Jeff Previte joins Cleveland, Ohio-based CrossCountry Mortgage in the CIO role. The company faces a challenge with employee turnover, particularly in IT. The firm is a sales-focused organization and saw its turnover rate reach as high as 60%. Yet Previte recognized that IT had some meaningful goals to achieve and would need to attract – and retain – some higher caliber talent. His first objective in his new role was to meet with IT employees and business leadership to set priorities.

• July 2019

  Previte takes a “people-first” approach to leadership and meets his staff face-to-face to understand their personal situations. He sets to work on defining roles and responsibilities in the organization, spending about a fifth of his time on defining the strategy.

• June 2020

  Previte assigned his leadership team to McLean & Company’s Design an Impactful Employee Development Program. From there, the team developed a Salesforce tool called the Career Development Workbook. “We had some very passionate developers and admins that wanted to build a home-grown tool,” he says. It turns McLean & Company’s process into a digital tool employees can use to reflect on their careers and explore their next steps. It helps facilitate development conversations with managers.

• January 2021

  CrossCountry Mortgage changes its approach to career development activities. Going to external conferences and training courses is reduced to just 30% of that effort. The rest is by doing hands-on work at the company. Previte aligned with his executives and road-mapped IT projects annually. Based on employee’s interests, opportunities are found to carve out time from usual day-to-day activities to spend time on a project in a new area. When there’s a business need, someone internally can be ready to transition roles.

• June 2021

  In the two years since joining the company, Previte has reduced the turnover rate to just 12%. The IT department has grown to more adequately meet the needs of the business and employees are engaged with more opportunities to develop their careers. Instead of focusing on compensation, Previte focused more on engaging employees with a developmentally dedicated environment and continuous hands-on learning.

“It’s come down to a culture shift. Folks have an idea of where we’re headed as an organization, where we’re headed as an IT team, and how their role contributes to that.” (Jeff Previte, EVP of IT, CrossCountry Mortgage)

Implications: Organization, Process, Technology

External

• Organization – A high priority is being placed on improving IT’s maturity through its talent. Enabling learning and development in IT, enabling departmental innovation, and recruiting are the top three highest priorities according to IT Talent Trends 2022 survey responses.
• Process – Recruiting is more challenging for industries that operate primarily onsite, according to McLean & Company's 2022 HR Trends Report. They face more challenges attracting applications, more rejected offers, and more candidate ghosting compared to remote-capable industries.
• Technology – Providing a great employee experience through digital tools is more important as many organizations see a mix of workers in the office and at home. These tools can help connect colleagues, foster professional development, and improve the candidate experience.

Internal

• Organization – CrossCountry Mortgage faced a situation where IT employees did not have clarity on their roles and responsibilities. In terms of salary, it wasn’t offering at the high end compared to other employers in Cleveland.
• Process – To foster a culture of growth and development, CrossCountry Mortgage put in place a performance assessment system that encouraged reflection and goal setting, aided by collaboration with a manager.
• Technology – The high turnover rate was limiting CrossCountry Mortgage from achieving the level of maturity it needed to support the company’s goals. It ingrained its new PA process with a custom build of a Salesforce tool.

Resources Applied

Show me the money

Almost six in ten Talent Trends survey respondents identified salary and compensation as the reason that employees resigned in the past year. Organizations looking to engage employees must first pay a fair salary according to market and industry conditions.

Build me up

Professional development and opportunity for innovative work are the next two most common reasons for resignations. Organizations must ensure they create enough capacity to allow workers time to spend on development.

“Building our own solution created an element of engagement. There was a sense of ownership that the team had in thinking through this.” (Jeff Previte, CrossCountry Mortgage)

CrossCountry Mortgage

• Executive time: CIO spends 10-20% of his time on activities related to designing the approach.
• Leveraged memberships with Info-Tech Research Group and McLean & Company to define professional development process.
• Internal IT develops automated workflow in Salesforce.
• Hired additional IT staff to build out overall capacity and create time for development activities.

Outcomes at CrossCountry Mortgage

Engaged IT workforce

The Great Maturation: IT staff turnover rate dropped to 10-12% and IT talent is developing on the job to improve the department’s overall skill level. More IT staff on hand and more engaged workers mean IT can deliver higher maturity level results.

Alignment achieved: Connecting IT’s initiatives to the vision of the C-suite creates a clear purpose for IT in its initiatives. Staff understand what they need to achieve to progress their careers and can grow while they work.

Employees from CrossCountry Mortgage headquarters assist with a drive-thru distribution event for the Cleveland Food Bank on Dec. 17, 2021. (Image courtesy of CrossCountry Mortgage.)

From Priorities to Action

Staff retention is a leadership priority

The Great Resignation trend is bringing attention to employee engagement and staff retention. IT departments are busier than ever during the pandemic as they work overtime to keep up with a remote workforce and new security threats. At the same time, IT talent is among the most coveted on the market.

CIOs need to develop a people-first approach to improve the employee experience. Beyond compensation, IT workers need clarity in terms of their career paths, a direct connection between their work and the goals of the organization, and time set aside for professional development.

Info-Tech’s 2021 benchmark for “Leadership, Culture & Values” shows that most organizations rate this capability very highly (9) but see room to improve on their effectiveness (6.9).

Take the next step

IT Talent Trends 2022
See how IT talent trends are shifting through the pandemic and understand how themes like The Great Resignation has impacted IT.

McLean & Company’s Modernize Performance Management
Customize the building blocks of performance management to best fit organizational needs to impact individual and organizational performance, productivity, and engagement.

Redesign Your IT Organizational Structure
Define future-state work units, roles, and responsibilities that will enable the IT organization to complete the work that needs to be done.

“Leadership, Culture & Values” gap between importance and effectiveness
Info-Tech Research Group Management and Governance Diagnostic Benchmark 2021

Design an automation platform

Priority 04 | APO04 Innovation

Position yourself to buy or build a platform that will enable new automation opportunities through seamless integration.

Build it or buy it, but platform integration can yield great benefits

Necessity is the mother of innovation

When it’s said that digital transformation accelerated during the pandemic, what’s really meant is that processes that were formerly done manually became automated through software. In responses to the Tech Trends survey, CIOs say digital transformation was more of a focus during the pandemic, and eight in ten CIOs also say they shifted more than 20% of their organization’s processes to digital during the pandemic. Automating tasks through software can be called digitalization.

Most organizations became more digitalized during the pandemic. But how they pursued it depends on their IT maturity. For digital laggards, partnering with a technology services platform is the path of least resistance. For sophisticated innovators, they can consider building a platform to address the specific needs of their business process. Doing so requires the foundation of an existing “digital factory” or innovation arm where new technologies can be tested, proofs of concept developed, and external partnerships formed. Patience is key with these efforts, as not every investment will yield immediate returns and some will fail outright.

Build it or buy it, platform participants integrate with their existing systems through application programming interfaces (APIs). Organizations should determine their platform strategies based on maturity, then look to integrate the business processes that will yield the most gains.

What role should you play in the platform ecosystem?

68% of CIOs say digital transformation became much more of a focus for their organization during the pandemic (Info-Tech Tech Trends 2022 Survey)

Bob Crozier Chief Architect, Allianz Technology & Global Head of Blockchain, Allianz Technology SE "Smart contracts are really just workflows between counterparties."

Listen to the Tech Insights podcast:
How Allianz took a blockchain platform from pilot to 1 million transactions

Internal interpretation: Allianz Technology

• 2015

  After smart contracts are demonstrated on the Ethereum blockchain, Allianz and other insurers recognize the business value. There is potential to use the capability to administer a complex, multi-party contract where the presence of the reinsurer in the risk transfer ecosystem is required. Manual contracts could be turned into code and automated. Allianz organized an early proof of concept around a theoretical pandemic excessive loss contract.

• 2018

  Allianz Chief Architect Bob Crozier is leading the Global Blockchain Center of Competence for Allianz. They educate Allianz on the value of blockchain for business. They also partner with a joint venture between the Technology University of Munich and the state of Bavaria. A cohort of Masters students is looking for real business problems to solve with open-source distributed ledger technology. Allianz puts its problem statement in front of the group. A student team presents a proof of concept for an international motor insurance claims settlement and it comes in second place at a pitch day competition.

• 2019

  Allianz brings the concept back in-house, and its business leaders return to the concept. Startup Luther Systems is engaged to build a minimum-viable product for the solution, with the goal being a pilot involving three or four subsidiaries in different countries. The Blockchain Center begins communicating with 25 Allianz subsidiaries that will eventually deploy the platform.

• 2020

  Allianz is in build mode on its international motor insurance claims platform. It leverages its internal Dev/SecOps teams based in Munich and in India.

• May 2021

  Allianz goes live with its new platform on May 17, decommissioning its old system and migrating all live claims data onto the new blockchain platform. It sees 400 concurrent users go live across Europe.

• January 2022

  Allianz mines its one-millionth block to its ledger on Jan. 19, with each block representing a peer-to-peer transaction across its 25 subsidiaries in different countries. The platform has settled hundreds of millions of dollars.

Implications: Organization, Process, Technology

External

• Organization – To explore emerging technologies like blockchain, organizations need staff that are accountable for innovation and have leeway to develop proofs of concept. External partners are often required to bring in fresh ideas and move quickly towards an MVP.
• Process – According to the Tech Trends 2022 survey, 84% of CIOs consider automation a high-value digital capability, and 77% say identity verification is a high-value capability. A blockchain platform using smart contracts can deliver those.
• Technology – The Linux Foundation’s Hyperledger Fabric is an open-source blockchain technology that’s become popular in the financial industry for its method of forming consensus and its modular architecture. It’s been adopted by USAA, MasterCard, and PayPal. It also underpins the IBM Blockchain Platform and is supported by Azure Blockchain.

Internal

• Organization – Allianz is a holding company that owns Allianz Technology and 25 operating entities across Europe. It uses the technology arm to innovate on the business process and creates shared platforms that its entities can integrate with to automate across the value chain.
• Process – Initial interest in smart contracts on blockchain were funneled into a student competition, where a proof of concept was developed. Allianz partnered with a startup to develop an MVP, then developed the platform while aligning with its business units ahead of launch.
• Technology – Allianz built its blockchain platform on Hyperledger Fabric because it was a permissioned system, unlike other public permissionless blockchains such as Ethereum, and because its mining mechanism was much more energy efficient compared to other blockchains using Proof of Work consensus models.

Resources Applied

Time to innovate

Exploring emerging technology for potential use cases is difficult for staff tasked with running day-to-day operations. Organizations serious about innovation create a separate team that can focus on “moonshot” projects and connect with external partners.

Long-term ROI

Automation of new business processes often requires a high upfront initial investment for a long-term efficiency gain. A proof of concept should demonstrate clear business value that can be repeated often and for a long period.

“My next project has to deliver in the tens of millions of value in return. The bar is high and that’s what it should be for a business of our size.” (Bob Crozier, Allianz)

Allianz

• Several operating entities from different countries supplied subject matter expertise and helped with the testing process.
• Allianz Technology team has eight staff members. It is augmented by Luther Systems and the team at industry group B3i.
• Funding of less than $5 million to develop. Dev team continues to add improvements.
• Operating requires just one full-time employee plus infrastructure costs, mostly for public cloud hosting.

Outcomes at Allianz

From insurer to platform provider

Deliver your own SaaS: Allianz Technology built its blockchain-based claims settlement platform and its subsidiaries consume it as software as a service. The platform runs on a distributed architecture across Europe, with each node running the same version of the software. Operating entities can also integrate their own systems to the platform via APIs and further automate business processes such as billing.

Ready to scale: After processing one million transactions, the international claims settlement platform is proven and ready to add more participants. Crozier sees auto repair shops and auto manufacturers as the next logical users.

Allianz is a shareholder of the Blockchain Insurance Industry Initiative (B3i). It is providing a platform used by a group of insurance companies in the commercial and reinsurance space.

When should we use blockchain? THREE key criteria:

• Redundant processes
  Different entities follow the same process to achieve the desired outcome.
• Audit trail
  Accountability in the decision making must be documented.
• Reconciliation
  Parties need to be able to resolve disputes by tracing back to the truth.

From Priorities to Action

It’s a build vs. buy question for platforms

Allianz was able to build a platform for its group of European subsidiaries because of its established digital factory and commitment to innovation. Allianz Technology is at the “innovate” level of IT maturity, allowing it to create a platform that subsidiaries can integrate with via APIs. For firms that are lower on the IT maturity scale, buying a platform solution is the better path to automation. These firms will be concerned with integrating their legacy systems to platforms that can reduce the friction of their operating environments and introduce modern new capabilities.

From Info-Tech’s Build a Winning Business Process Automation Playbook

Take the next step

Accelerate Your Automation Processes
Integrate automation solutions and take the first steps to building an automation suite.

Build Effective Enterprise Integration on the Back of Business Process
From the backend to the frontlines – let enterprise integration help your business processes fly.

Evolve Your Business Through Innovation
Innovation teams are tasked with the responsibility of ensuring that their organizations are in the best position to succeed while the world is in a period of turmoil, chaos, and uncertainty.

“Innovation” gap between importance and effectiveness Info-Tech Research Group Management and Governance Diagnostic Benchmark 2021

Prepare to report on new environmental, social, and governance (ESG) metrics

Priority 05 | ITRG06 Business Intelligence and Reporting

Be ready to either lead or support initiatives to meet the criteria of new ESG reporting mandates and work toward disclosure reporting solutions.

Time to get serious about ESG

What does CSR or ESG mean to a CIO?

Humans are putting increasing pressure on the planet’s natural environment and creating catastrophic risks as a result. Efforts to mitigate these risks have been underway for the past 30 years, but in the decade ahead regulators are likely to impose more strict requirements that will be linked to the financial value of an organization. Various voluntary frameworks exist for reporting on environmental, social, and governance (ESG) or corporate social responsibility (CSR) metrics. But now there are efforts underway to unify and clarify those standards.

The most advanced effort toward a global set of standards is in the environmental area. At the United Nations’ COP26 summit in Scotland last November, the International Sustainability Standards Board (ISSB) announced its headquarters (Frankfurt) and three other international office locations (Montreal, San Francisco, and London) and its roadmap for public consultations. It is working with an array of voluntary standards groups toward a consensus.

In Info-Tech’s 2022 Tech Trends survey, two-thirds of CIOs say their organization is committed to reducing greenhouse gas emissions, yet only 40% say their organizational leadership is very concerned with reducing those emissions. CIOs will need to consider how to align organizational concern with internal commitments and new regulatory pressures. They may investigate new real-time reporting solutions that could serve as a competitive differentiator on ESG.

Standards informing the ISSB’s global set of climate standards

67% of CIOs say their organization is committed to reducing greenhouse gases, with one-third saying that commitment is public. (Info-Tech Tech Trends 2022 Survey)

40% of CIOs say their organizational leadership is very concerned with reducing greenhouse gas emissions.

David W. Dorman Chairman of the board, CVS Health “ESG is a question of what you do in the microcosm of your company to make sure there is a clear, level playing field – that there is a color-blind, gender-blind meritocracy available – that you are aware that not in every case can you achieve that without really focusing on it. It’s not going to happen on its own. That’s why our commitments have real dollars behind them and real focus behind them because we want to be the very best at doing them.”

Listen to the Tech Insights podcast:
CVS Health chairman David Dorman on healthcare's hybrid future

Internal interpretation: CVS Health

CVS Health established a new steering committee of senior leaders in 2020 to oversee ESG commitments. It designs its corporate social responsibility strategy, Transform Health 2030, by aligning company activities in four key areas: healthy people, healthy business, healthy planet, and healthy community. The strategy aligns with the United Nations’ Sustainable Development Goals. In alignment with these goals, CVS identifies material topics where the company has the most ability to make an impact. In 2020, its top three topics were:

1. Access to quality health care
2. Patient and customer safety
3. Data protection and privacy

Implications: Organization, Process, Technology

External

• Organization – Since the mid-2010s, younger investors have demonstrated reliance on ESG data when making investment decisions, resulting in the creation of voluntary standards that offered varied approaches. Organizations in ESG exchange-traded funds are outperforming the overall S&P 500 (S&P Global Market Intelligence).
• Process – Organizations are issuing ESG reports today despite the absence of clear rules to follow for reporting results. With regulators expected to step in to establish more rigid guidelines, many organizations will need to revisit their approach to ESG reports.
• Technology – Real-time reporting of ESG metrics will become a competitive advantage before 2030. Engineering a solution that can alert organizations to poor performance on ESG measures and allow them to respond could avert losing market value.

Internal

• Organization – CVS Health established an ESG Steering Committee in 2020 composed of senior leaders including its chief governance officers, chief sustainability officer, chief risk officer, and controller and SVP of investor relations. It is supported by the ESG Operating Committee.
• Process – CVS conducts a materiality assessment in accordance with Global Reporting Initiative standards to determine the most significant ESG impacts it can make and what topics most influence the decisions of stakeholders. It engages with various stakeholder groups on CSR topics.
• Technology – CVS technology initiatives during the pandemic focused on supporting patients and employees in collaborating on health care delivery using virtual solutions, providing rich digital experiences that are easily accessible while upholding high security and privacy standards.

Resources Applied

Lack of commitment

While 83% of businesses state support for the Sustainable Development Goals outlined by the Global Reporting Initiative (GRI), only 40% make measurable commitments to their goals.

Show your work

The GRI recommends organizations not only align their activities with sustainable development goals but also demonstrate contributions to specific targets in reporting on the positive actions they carry out. (GRI, “State of Progress: Business Contributions to the SDGS.”)

“We end up with a longstanding commitment to diversity because that’s what our customer base looks like.” (David Dorman, CVS Health)

CVS Health

• The MinuteClinic Virtual Collaboration solution was piloted in Houston, demonstrated success, and won additional $50,000 funding from the Pathway to Excellence Award to scale the program across the country (Wolters Kluwer Health, Inc.).
• The Next-Gen Authentication solution is provided by the vendor HYPR. It is deployed to ten million users and looking to scale to 30 million more. Pricing for enterprises is quoted at $1 per user, but volume pricing would apply to CVS (HYPR).

Outcomes at CVS Health

Delivering on hybrid healthcare solutions

iPads for collaboration: Healthcare practitioners in the MinuteClinic Virtual Collaboration initiative agreed that it improved the use of interprofessional teams, working well virtually with others, and improved access to professional resources (Wolters Kluwer Health, Inc.)

Remote healthcare: Saw a 400% increase in MinuteClinic virtual visits in 2020 (CVS Health).

Verified ID: The Next Generation Authentication platform allowed customers to register for a COVID-19 vaccination appointment. CVS has delivered more than 50 million vaccines (LinkedIn).

CVS Health is making use of digital channels to connect its customers and health practitioners to a services platform that can supplement visits to a retail or clinic location to receive diagnostics and first-hand care.

From Priorities to Action

Become your organization’s ESG Expert

The risks posed to organizations and wider society are becoming more severe, driving a transition from voluntary frameworks for ESG goals to a mandatory one that’s enforced by investors and governments. Organizations will be expected to tie their core activities to a defined set of ESG goals and maintain a balance sheet of their positive and negative impacts. CIOs should become experts in ESG disclosure requirements and recommend the steps needed to meet or exceed competitors’ efforts. If a leadership vacuum for ESG accountability exists, CIOs can either seek to support their peers that are likely to become accountable or take a leadership role in overseeing the area. CIOs should start working toward solutions that deliver real-time reporting on ESG goals to make reporting frictionless.

“If you don’t have ESG oversight at the highest levels of the company, it won’t wind up getting the focus. That’s why we review it at the Board multiple times per year. We have an annual report, we compare how we did, what we intended to do, where did we fall short, where did we exceed, and where we can run for daylight to do more.” (David Dorman, CVS Health)

Take the next step

ESG Disclosures: How Will We Record Status Updates on the World We Are Creating?
Prepare for the era of mandated environmental, social, and governance disclosures.

Private Equity and Venture Capital Growing Impact of ESG Report
Learn about how the growing impact of ESG affects both your organization and IT specifically, including challenges and opportunities, with expert assistance.

“Business Intelligence and Reporting” gap between importance and effectiveness
Info-Tech Research Group Management and Governance Diagnostic Benchmark 2021

The Five Priorities

Priorities to compete in the digital economy

1. Reduce Friction in the Hybrid Operating Model
2. Improve Your Ransomware Readiness
3. Support an Employee-Centric Retention Strategy
4. Design an Automation Platform
5. Prepare to Report on New Environmental, Social, and Governance Metrics

Contributing Experts

Elizabeth Clark CIO, Harvard Business School			Jeff Previte Executive Vice-President of IT, CrossCountry Mortgage
Bob Crozier Chief Architect, Allianz Technology & Global Head of Blockchain, Allianz Technology SE			David W. Dorman Chairman of the Board, CVS Health

Info-Tech’s internal CIO panel contributors

Bryan Tutor John Kemp Mike Schembri Janice Clatterbuck Sandy Silk Sallie Wright David Wallace Ken McGee Mike Tweedie Cole Cioran Kevin Tucker Angelina Atkins Yakov Kofner

Thank you for your support

Blockchain Research Institute

Bibliography – CIO Priorities 2022

“2020 Corporate Social Responsibility Report.” CVS Health, 2020, p. 127. Web.

“Adversary: Doppel Spider - Threat Actor.” Crowdstrike Adversary Universe, 2021. Accessed 29 Dec. 2021.

“Aetna CVS Health Success Story.” HYPR, n.d. Accessed 6 Feb. 2022.

Baig, Aamer. “The CIO agenda for the next 12 months: Six make-or-break priorities.” McKinsey Digital, 1 Nov. 2021. Web.

Ball, Sarah, Kristene Diggins, Nairobi Martindale, Angela Patterson, Anne M. Pohnert, Jacinta Thomas, Tammy Todd, and Melissa Bates. “2020 ANCC Pathway Award® winner.” Wolters Kluwer Health, Inc., 2021. Accessed 6 Feb. 2022.

“Canadian Universities Propose Designs for a Central Bank Digital Currency.” Bank of Canada, 11 Feb. 2021. Accessed 14 Dec. 2021.

“Carbon Sequestration in Wetlands.” MN Board of Water and Soil Resources, n.d. Accessed 15 Nov. 2021.

“CCM Honored as a NorthCoast 99 Award Winner.” CrossCountry Mortgage, 1 Dec. 2021. Web.

Cheek, Catherine. “Four Things We Learned About the Resignation Wave–and What to Do Next.” Visier Inc. (blog), 5 Oct. 2021. Web.

“Companies Using Hyperledger Fabric, Market Share, Customers and Competitors.” HG Insights, 2022. Accessed 25 Jan. 2022.

“IFRS Foundation Announces International Sustainability Standards Board, Consolidation with CDSB and VRF, and Publication of Prototype Disclosure Requirements.” IFRS, 3 Nov. 2021. Web.

“IT Priorities for 2022: A CIO Report.” Mindsight, 28 Oct. 2021. Web.

“Job Openings and Labor Turnover Survey.” Databases, Tables & Calculators by Subject, U.S. Bureau of Labor Statistics, 2022. Accessed 9 Feb. 2022.

Kumar, Rashmi, and Michael Krigsman. “CIO Planning and Investment Strategy 2022.” CXOTalk, 13 Sept. 2021. Web.

Leonhardt, Megan. “The Great Resignation Is Hitting These Industries Hardest.” Fortune, 16 Nov. 2021. Accessed 7 Jan. 2022.

“Most companies align with SDGs – but more to do on assessing progress.” Global Reporting Initiative (GRI), 17 Jan. 2022. Web.

Navagamuwa, Roshan. “Beyond Passwords: Enhancing Data Protection and Consumer Experience.” LinkedIn, 15 Dec. 2020.

Ojo, Oluwaseyi. “Achieving Digital Business Transformation Using COBIT 2019.” ISACA, 19 Aug. 2019. Web.

“Priority.” Lexico.com, Oxford University Press, 2021. Web.

Riebold, Jan, and Yannick Bartens. “Reinventing the Digital IT Operating Model for the ‘New Normal.’” Capgemini Worldwide, 3 Nov. 2020. Web.

Samuels, Mark. “The CIO’s next priority: Using the tech budget for growth.” ZDNet, 1 Sept. 2021. Accessed 1 Nov. 2021.

Sayer, Peter. “Exclusive Survey: CIOs Outline Tech Priorities for 2021-22.” CIO, 5 Oct. 2021. Web.

Shacklett, Mary E. “Where IT Leaders Are Likely to Spend Budget in 2022.” InformationWeek, 10 Aug. 2021. Web.

“Table 4. Quits Levels and Rates by Industry and Region, Seasonally Adjusted - 2021 M11 Results.” U.S. Bureau of Labor Statistics, Economic News Release, 1 Jan. 2022. Accessed 7 Jan. 2022.

“Technology Priorities CIOs Must Address in 2022.” Gartner, 19 Oct. 2021. Accessed 1 Nov. 2021.

Thomson, Joel. Technology, Talent, and the Future Workplace: Canadian CIO Outlook 2021. The Conference Board of Canada, 7 Dec. 2021. Web.

“Trend.” Lexico.com, Oxford University Press, 2021. Web.

Vellante, Dave. “CIOs signal hybrid work will power tech spending through 2022.” SiliconANGLE, 25 Sept. 2021. Web.

Whieldon, Esther, and Robert Clark. “ESG funds beat out S&P 500 in 1st year of COVID-19; how 1 fund shot to the top.” S&P Global Market Intelligence, April 2021. Accessed Dec. 2021.

SoftwareReviews — A Division of INFO~TECH RESEARCH GROUP

Optimize Software Pricing in a Volatile Competitive Market

Leading SaaS product managers align pricing strategy to company financial goals and refresh the customer price/value equation to avoid leaving revenues uncaptured.

Table of Contents

Optimize Software Pricing in a Volatile Competitive Market

Leading SaaS product managers align pricing strategy to company financial goals and refresh the customer price/value equation to avoid leaving revenues uncaptured.

EXECUTIVE BRIEF

Analyst Perspective

Optimized Pricing Strategy

Product managers without well-documented and repeatable pricing management processes often experience pressure from “Agile” management to make gut-feel pricing decisions, resulting in poor product revenue results. When combined with a lack of customer, competitor, and internal cost understanding, these process and timing limitations drive most product managers into suboptimal software pricing decisions. And, adding insult to injury, the poor financial results from bad pricing decisions aren’t fully measured for months, which further compounds the negative effects of poor decision making.

A successful product pricing strategy aligns finance, marketing, product management, and sales to optimize pricing using a solid understanding of the customer perception of price/value, competitive pricing, and software production costs.

Success for many SaaS product managers requires a reorganization and modernization of pricing tools, techniques, and data. Leaders will develop the science of tailored price changes versus across-the-board price actions and account for inflation exposure and the customers’ willingness to pay.

This blueprint will build your skills on how to price new products or adjust pricing for existing products. The discipline you build using our pricing strategy methodology will strengthen your team’s ability to develop repeatable pricing and will build credibility with senior management and colleagues in marketing and sales.

Joanne Morin Correia Principal Research Director SoftwareReviews

Executive Summary

SoftwareReviews Insight

Product leaders will price products based on a deep understanding of the buyer price/value equation and alignment with financial and competitive pricing strategies, and they will make ongoing adjustments based on an ability to monitor buyers, competitors, and product cost changes.

What is an optimized price strategy?

SoftwareReviews Insight

An optimized pricing strategy establishes the “best” price for a product or service that maximizes profits and shareholder value while considering customer business value vs. the cost to purchase and implement – the total cost of ownership (TCO).

Challenging environment

Pricing skills are declining

Key considerations for more effective pricing decisions

New product price approach

Is Your Pricing Strategy Optimized? With the right pricing strategy, you can invest more money into your product, service, or growth. A 1% price increase will improv revenues by: Price monetization will almost double the revenue increases over customer acquisition and retention. (Pricing Strategies, Growth Ramp, March 2022)	DIAGNOSE PRICE CHALLENGES Prices of today's cloud-based services/products are often misaligned against competition and customers' perceived value, leaving more revenues on the table. Do you struggle to price new products with confidence? Do you really know your SaaS product's costs? Have you lost pricing power to stronger competitors? Has cost focus eclipsed customer value focus? If so, you are likely skipping steps and missing key outputs in your pricing strategy.
OPTIMIZE THESE STEPS ALIGNMENT Assign Team Responsibilities Set Timing for Project Deliverables Clarify Financial Expectations Collect Customer Contacts Determine Competitors BEFORE RESEARCH, HAVE YOU Documented your executive's financial expectations? If "No," return. RESEARCH & VALIDATE Research Competitors Interview Customers Test Pricing vs. Financials Create Pricing Presentation BEFORE PRESENTING, HAVE YOU: Clarified your customer and competitive positioning to validate pricing? If "No," return. BUY-IN Executive Pricing Presentation Post-Mortem of Presentation Document New Processes Monitor the Pricing Changes BEFORE RESEARCH, HAVE YOU: Documented your executive's financial expectations? If "No," return.
DELIVER KEY OUTPUTS Sponsoring executive(s) signs-offs require a well-articulated pricing plan and business case for investment that includes: Competitive features and pricing financial templates Customer validation of price value Optimized price presentation Repeatable pricing processes to monitor changes REAP THE REWARDS Product pricing is better aligned to achieve financial goals Improved pricing skills or professional development Stronger team reputation for reliable price management

Key Insights

1. Gain a competitive edge by using market and customer information to optimize product financials, refine pricing, and speed up decisions.
2. Product leaders will best set software product price based on a deep understanding of buyer/price value equation, alignment with financial strategy, and an ongoing ability to monitor buyer, competitor, and product costs.

SoftwareReviews’ methodology for optimizing your pricing strategy

Insight summary

Modernize your price planning

Blueprint deliverables

Guided Implementation

A Guided Implementation (GI) is a series of calls with a SoftwareReviews analyst to help implement our best practices in your organization.

A typical GI is 4 to 8 calls over the course of 2 to 4 months.

What does a typical GI on optimizing software pricing look like?

SoftwareReviews Offers Various Levels of Support to Meet Your Needs

Desire a Guided Implementation?

• A GI is where your SoftwareReviews engagement manager and executive advisor/counselor will work with SoftwareReviews research team members to craft with you a Custom Key Initiative Plan (CKIP).
• A CKIP guides your team through each of the major steps, outlines responsibilities between members of your team and SoftwareReviews, describes expected outcomes, and captures actual value delivered.
• A CKIP also provides you and your team with analyst/advisor/counselor feedback on project outputs, helps you communicate key principles and concepts to your team, and helps you stay on project timelines.
• If Guided Implementation assistance is desired, contact your engagement manager.

1.0 Assign team responsibilities

Input: Steering committee roles and responsibilities, Steering committee interest and role

Output: List of new pricing strategy steering committee and workstream members, roles, and timelines, Updated Software Pricing Strategy presentation

Materials: Optimize Software Pricing in a Volatile Competitive Market Presentation Template

Participants: CFO, sponsoring executive, Functional leads – development, product marketing, product management, marketing, sales, customer success/support

1. The product manager/member running this pricing/repricing program should review the entire Optimize Software Pricing in a Volatile Competitive Market blueprint and each blueprint attachment.
2. The product manager should also refer to slide 19 of the Optimize Software Pricing in a Volatile Competitive Market blueprint and decide if help via a Guided Implementation (GI) is of value. If desired, alert your SoftwareReviews engagement manager.

3. The product manager should meet with the chief product officer/CPO and functional leaders, and set the meeting agenda to:
   1. Nominate steering committee members.
   2. Nominate work-stream leads.
   3. Establish key pricing project milestones.
   4. Schedule both the steering committee (suggest monthly) and workstream lead meetings (suggest weekly) through the duration of the project.
   5. Ask the CPO to craft, outside this meeting, his/her version of the "Message from the chief product officer.”
   6. If a Guided Implementation is selected, inform the meeting attendees that a SoftwareReviews analyst will join the next meeting to share his/her Executive Brief on Pricing Strategy.
4. Record all above findings in the Optimize Software Pricing in a Volatile Competitive Market Presentation Template.

Download the Optimize Software Pricing in a Volatile Competitive Market Presentation Template

SoftwareReviews Advisory Insight:

Pricing steering committees are needed to steer overall product, pricing, and packaging decisions. Some companies include the CEO and CFO on this committee and designate it as a permanent body that meets monthly to give go/no-go decisions to “all things product and pricing related” across all products and business units.

2.0 Educate the team

Input: Typically, a joint recognition that pricing strategies need upgrading and have not been fully documented, Steering committee and working team members

Output: Communication of team members involved and the makeup of the steering committee and working team, Alignment of team members on a shared vision of “why a new price strategy is critical” and what key attributes define both the need and impact on business

Materials: Optimize Your Software Strategy Executive Brief PowerPoint presentation

Participants: Initiative manager – individual leading the new pricing strategy, CFO/sponsoring executive, Working team – typically representatives in product marketing, product management, and sales, SoftwareReviews marketing analyst (optional)

1. Walk the team through the Optimize Software Pricing in a Volatile Competitive Market Executive Brief PowerPoint presentation.
2. Optional – Have the SoftwareReviews Advisory (SRA) analyst walk the team through the Optimize Software Pricing in a Volatile Competitive Market Executive Brief PowerPoint presentation as part of your session. Contact your engagement manager to schedule.
3. Walk the team through the current version of the Optimize Software Pricing in a Volatile Competitive Market Presentation Template outlining project goals, steering committee and workstream make-up and responsibilities, project timeline and key milestones, and approach to arriving at new product pricing.
4. Set expectations among team members of their specific roles and responsibilities for this project, review the frequency of steering committee and workstream meetings to set expectations of key milestones and deliverable due dates.

Download the Optimize Software Pricing in a Volatile Competitive Market Executive Brief

3.0 Document portfolio and target products for pricing update

Input: List of entire product portfolio

Output: Prioritized list of product candidates that should be repriced

Materials: Optimize Software Pricing in a Volatile Competitive Market Executive Brief presentation, Optimize Software Pricing in a Volatile Competitive Market Workbook

Participants: Initiative manager – individual leading the new pricing strategy, CFO/sponsoring executive, Working team – typically representatives in product marketing, product management, and sales

1. Walk the team through the current version of Optimize Software Pricing in a Volatile Competitive Market workbook, tab 2: “Product Portfolio Organizer.” Modify sample attributes to match your product line where necessary.
2. As a group, record the product attributes for your entire portfolio.
3. Prioritize the product price optimization candidates for repricing with the understanding that it might change after meeting with finance.

Download the Optimize Software Pricing in a Volatile Competitive Market Workbook

4.0 Clarify product target margins

2-3 sessions of 1 Hour each

Input: Finance partner/CFO knowledge of target product current and future margins, Finance partner/CFO who has information on underlying costs with details that illustrate supplier contributions

Output: Product finance markup target percentage margins and revenues

Materials: Finance data on the product family, Optimize Software Pricing in a Volatile Competitive Market Workbook, Optimize Software Pricing in a Volatile Competitive Market Presentation Template

Participants: Initiative manager, Finance partner/CFO

1. Schedule a meeting with your finance partner/CFO to validate expectations for product margins. The goal is to understand the detail of underlying costs/margins and if the impacts of supplier costs affect the product family. The information will be placed into the Optimize Software Pricing in a Volatile Competitive Market Workbook on tab 2, Product Portfolio Organizer under the “Unit Margins” heading.
2. Arrive at a final “Cost-Plus New Price” based on underlying costs and target margins for each of the products. Record results in the Optimize Software Pricing in a Volatile Competitive Market Workbook, tab 2, under the “Cost-Plus New Price” heading.
3. Record product target finance markup price under “Cost-Plus” in Optimize Software Pricing in a Volatile Competitive Market Presentation Template, slide 9, and details in Appendix, “Cost-Plus Analysis,” slide 11.
4. Repeat this process for any other products to be repriced.

Download the Optimize Software Pricing in a Volatile Competitive Market Workbook

Download the Optimize Software Pricing in a Volatile Competitive Market Presentation Template

5.0 Establish customer price to value

1-4 weeks

Input: Identify segments within which you require price-to-value information, Understand your persona insight gaps, Review Sample Interview Guide using the Optimize Software Pricing in a Volatile, Competitive Market Workbook, Tab 4. Interview Guide.

Output: List of interviewees, Updated Interview Guide

Materials: Optimize Software Pricing in a Volatile Competitive Market Workbook, Optimize Software Pricing in a Volatile Competitive Market Presentation Template

Participants: Initiative manager, Customer success to help identify interviewees, Customers, prospects

1. Identify a list of customers and prospects that best represent your target persona when interviewed. Choose interviewees who will inform key differences among key segments (geographies, company size, a mix of customers and prospects, etc.) and who are decision makers and can best inform insights on price/value and competitors.
2. Recruit interviewees and schedule 30-minute interviews.
3. Keep track of interviewees using the Optimize Software Pricing in a Volatile Competitive Market Workbook, tab 3: “Interviewee Tracking.”
4. Review the Optimize Software Pricing in a Volatile Competitive Market Workbook, tab 4: “Interview Guide,” and modify/update it where appropriate.
5. Record interviewee perspectives on the “price they are willing to pay for the value received” (price/value equation) using the Optimize Software Pricing in a Volatile Competitive Market Workbook, tab 4: “Interview Guide.”
6. Summarize findings to result in an average “customer’s value price.” Record product target ”customer’s value price” in Optimize Software Pricing in a Volatile Competitive Market Presentation Template, slide 9 and supporting details in Appendix, “Customer Pricing Analysis,” slide 12.

Download the Optimize Software Pricing in a Volatile Competitive Market Workbook

Download the Optimize Software Pricing in a Volatile Competitive Market Presentation Template

6.0 Identify competitive pricing

1-2 weeks

Input: Identify price candidate competitors, Your product pricing, contract type, and product attribute information to compare against, Knowledge of existing competitor information, websites, and technology research sites to guide questions

Output: Competitive product average pricing

Materials: Optimize Software Pricing in a Volatile Competitive Market Workbook, Optimize Software Pricing in a Volatile Competitive Market Presentation Template

Participants: Initiative manager, Customers, prospects

1. Identify the top 3-5 competitors’ products that you most frequently compete against with your selected product.
2. Perform competitive intelligence research on deals won or lost that contain competitive pricing insights by speaking with your sales force.
3. Use the interviews with key customers to also inform competitive pricing insights. Include companies which you may have lost to a competitor in your customer interviewee list.
4. Modify and add key competitive pricing, contract, or product attributes in the Optimize Software Pricing in a Volatile Competitive Market Workbook, tab 5: “Competitive Information.”
5. Place your product’s information into the Optimize Software Pricing in a Volatile Competitive Market Workbook, tab 5: “Competitive Information.”
6. Research your competitors’ summarized pricing and product attribute insights into the workbook.
7. Record research in the Summarize research on competitors to arrive at an average “Competitors Avg. Price”. Record in ”Customer’s Value Price” in Optimize Software Pricing in a Volatile Competitive Market Presentation Template, slide 9, and details in Appendix, “Competitor Pricing Analysis,” slide 13.

Download the Optimize Software Pricing in a Volatile Competitive Market Workbook

Download the Optimize Software Pricing in a Volatile Competitive Market Presentation Template

7.0 Establish new price and gain buy-in

2-3 hours

Input: Findings from competitive, cost-plus, and customer price/value analysis

Output: Approvals for price change

Materials: Optimize Software Pricing in a Volatile Competitive Market Presentation Template

Participants: Initiative manager, Steering committee, Working team – typically representatives in product marketing, product management, sales

1. Using prior recorded findings of Customer’s Value Price, Competitors’ Avg. Price, and Finance Markup Price, arrive at a recommended “New Price” and record in Optimize Software Pricing in a Volatile Competitive Market Presentation Template, slide 9 and the Appendix for Project Analysis Details.
2. Present findings to steering committee. Be prepared to show customer interviews and competitive analysis results to support your recommendation.
3. Plan internal and external communications and discuss the timing of when to “go live” with new pricing. Discuss issues related to migration to a new price, how to handle currently low-priced customers, and how to migrate them over time to the new pricing.
4. Identify if it makes sense to target a date to launch the new pricing in the future, so customers can be alerted in advance and therefore take advantage of “current pricing” to drive added revenues.
5. Confer with IT to assess times required to implement within CPQ systems and with product marketing for time to change sales proposals, slide decks, and any other affected assets and systems.

Download the Optimize Software Pricing in a Volatile Competitive Market Presentation Template

Bibliography

“Chapter 4 Reasons for Project Failure.” Kissflow's Guide to Project Management. Kissflow, n.d. Web.

Edie, Naomi. “Microsoft Is Raising SaaS Prices, and Other Vendors Will, Too.” CIO Dive, 8 December 2021. Web.

Gruman, Galen, Alan S. Morrison, and Terril A. Retter. “Software Pricing Trends.” PricewaterhouseCoopers, 2018. Web.

Hargrave, Marshall. “Example of Economic Exposure.” Investopedia, 12 April 2022. Web.

Heaslip, Emily. “7 Smart Pricing Strategies to Attract Customers.” CO—, 17 November 2021. Web.

Higgins, Sean. “How to Price a Product That Your Sales Team Can Sell.” HubSpot, 4 April 2022. Web.

“Pricing Strategies.” Growth Ramp, March 2022. Web.

“Product Management Skills Benchmark Report 2021.” 280 Group, 9 November 2021. Web.

Quey, Jason. “Price Increase: How to Do a SaaS Pricing Change in 8 Steps.” Growth Ramp, 22 March 2021. Web.

Steenburg, Thomas, and Jill Avery. “Marketing Analysis Toolkit: Pricing and Profitability Analysis.” Harvard Business School, 16 July 2010. Web.

“2021 State of Competitive Intelligence.” Crayon and SCIO, n.d. Web.

Valchev, Konstantin. “Cost of Goods Sold (COGS) for Software-as-a-Service (SaaS) Business.” OpenView Venture Partners, OV Blog, 20 April 2020. Web.

“What Is Price Elasticity?” Market Business News, n.d. Web.

Related SoftwareReviews Research

Create a Buyer Persona Journey Marketing leaders possess well-researched and up-to-date buyer personas and journeys dramatically improve product-market fit, lead gen, and sales results. Success starts with product, marketing, and sales alignment on targeted personas.

Build a More Effective Go-to-Market Strategy Maximize go-to-market success through a deep market and buyer understanding, competitive differentiation, and launch team readiness that delivers targeted revenues. With a sound GTM strategy, marketers give themselves a 50% greater chance of product launch success.

Unexpected Cloud Costs Are Rocking the Enterprise Inaccurate forecasts resulted in the under-purchase of highly discounted reserved capacity usually paid in advance. Lift and shift of legacy applications to the cloud without refactoring those applications leads to wasteful resource consumption.

Document and Maintain Your Disaster Recovery Plan

Put your DRP on a diet – keep it fit, trim, and ready for action.

ANALYST PERSPECTIVE

The traditional disaster recovery plan (DRP) “red binder” is dead. It takes too long to create, it’s too hard to maintain, and it’s not usable in a crisis.

“This blueprint outlines the following key tactics to streamline your documentation effort and produce a better result:

• Write for an IT audience and focus on how to recover. You don’t need 30 pages of fluff describing the purpose of the document.
• Use flowcharts, checklists, and diagrams over traditional manuals. This drives documentation that is more concise, easier to maintain, and effective in a crisis.
• Create your DRP in layers to get tangible results faster, starting with a recovery workflow that outlines your DR strategy, and then build out the specific documentation needed to support recovery.”

This project is about DRP documentation after you have clarified your DR strategy; create these necessary inputs first

These artifacts are the cornerstone for any disaster recovery plan.

• Business Impact Analysis
• DR Roles and Responsibilities
• Recovery Workflow

Missing a component? Start here. ➔ Create a Right-Sized Disaster Recovery Plan

This blueprint walks you through building these inputs.
Our approach saves clients on average US$16,825.22. (Clients self-reported an average saving of US$16,869.21 while completing the Create a Right-Sized Disaster Recovery Plan blueprint through advisory calls, guided implementations, or workshops (Info-Tech Research Group, 2017, N=129).)

How this blueprint will help you document your DRP

This Research is Designed For:

• IT managers in charge of disaster recovery planning (DRP) and execution.
• Organizations seeking to optimize their DRP using best-practice methodology.
• Business continuity professionals that are involved with disaster recovery.

This Research Will Help You:

• Divide the process of creating DR documentation into manageable chunks, providing a defined scope for you to work in.
• Identify an appropriate DRP document management and distribution strategy.
• Ensure that DR documentation is up to date and accessible.

This Research Will Also Assist:

• IT managers preparing for a DR audit.
• IT managers looking to incorporate components of DR into an IT operations document.

This Research Will Help Them:

• Follow a structured approach in building DR documentation using best practices.
• Integrate DR into day-to-day IT operations.

Executive summary

Situation

• DR documentation is often driven by audit or compliance requirements, rather than aimed at the team that would need to execute recovery.
• Traditional DRPs are text-heavy, 300+ page manuals that are simply not usable in a crisis.
• Compounding the problem, DR documentation is rarely updated, so it’s just shelf-ware.

Complication

• DRP is often given lower priority as day-to-day IT projects displace DR documentation efforts.
• Inefficient publishing strategies result in your DRP not being accessible during disasters or key staff not knowing where to find the latest version.
• Organizations that create traditional DRPs end up with massive manuals that are difficult to maintain, so they quickly become unreliable.

Resolution

• Create visual and concise DR documentation that strips out unnecessary content and is written for an IT audience – the team that would actually be executing the recovery. Your business leaders can take the same approach to create separate business response plans – don’t mix the two into an all-in-one plan that is not effective for either audience.
• Determine a documentation distribution strategy that supports ease of maintenance and accessibility during a disaster.
• Incorporate DRP maintenance into change management and project intake procedures to systematically update and refine the DR documentation. Don’t save up changes for a year-end blitz, which turns document maintenance into an onerous project.

Info-Tech Insight

1. DR documentation fails when organizations try to boil the ocean with an all-in-one plan aimed at auditors, business leaders, and IT. It’s too long, too hard to maintain, and ends up being little more than shelf-ware.
2. Using flowcharts, checklists, and diagrams aimed at an IT audience is more concise and effective in a disaster, quicker to create, and easier to maintain.
3. Create your DRP in layers to keep the work manageable. Start with a recovery workflow to ensure a coordinated response, and build out supporting documentation over time.

An effective DRP that mitigates a wide range of potential outages is critical to minimizing the impact of downtime

The criticality of having an effective DRP is underestimated.

Cost of Downtime for the Fortune 1000

• Cost of unplanned apps downtime per year: $1.25B to $2.5B
• Cost of critical apps failure per hour: $500,000 to $1M
• Cost of infrastructure failure per hour: $100,000
• 35% reported to have recovered within 12 hours.
• 17% of infrastructure failures took more than 24 hours to recover.
• 13% of application failures took more than 24 hours to recover.

Size of Impact Increasing Across Industries

• The cost of downtime is rising across the board and not just for organizations that traditionally depend on IT (e.g. e-commerce).
• Downtime cost increase since 2010:
  • Hospitality: 129% increase
  • Transportation: 108% increase
  • Media organizations: 104% increase

Potential Lost Revenue

The impact of downtime increases significantly over time, not just in terms of lost revenue (as illustrated here) but also goodwill/reputation and health/safety. An effective DR solution and overall resiliency that mitigate a wide range of potential outages are critical to minimizing the impact of downtime.

Without an effective DRP, your organization is gambling on being able to define and implement a recovery strategy during a time of crisis. At the very least, this means extended downtime – potentially weeks – and substantial impact.

Only 38% of those with a full or mostly complete DRP believe their DRPs would be effective in a real crisis

Organizations continue to struggle with creating DRPs, let alone making them actionable.

Why are so many living with either an incomplete or ineffective DRP? For the same reasons that IT documentation in general continues to be a pain point:

• It is an outdated model of what documentation should be – the traditional manual with detailed (lengthy) descriptions and procedures.
• Despite the importance of DR, low priority is placed on creating a DRP and the day-to-day SOPs required to support a recovery.
• There is a lack of effective processes for ensuring documentation stays up to date.

(Source: Info-Tech Research Group, N=165)

(Source: Info-Tech Research Group, N=69 (includes only those who indicated DRP is mostly completed or completed))

Improve usability and effectiveness with visual-based and more-concise documentation

Choose flowcharts over process guides, checklists over lengthy procedures, and diagrams over descriptions.

If you need a three-inch binder to hold your DRP, imagine having to flip through it to determine next steps during a crisis.

DR documentation needs to be concise, scannable, and quickly understood to be effective. Visual-based documentation meets these requirements, so it’s no surprise that it also leads to higher DR success.

DR success scores are based on:

• Meeting recovery time objectives (RTOs).
• Meeting recovery point objectives (RPOs).
• IT staff’s confidence in their ability to meet RTOs/RPOs.

“Without question, 300-page DRPs are not effective. I mean, auditors love them because of the detail, but give me a 10-page DRP with contact lists, process flows, diagrams, and recovery checklists that are easy to follow.” (Bernard Jones, MBCI, CBCP, CORP, Manager Disaster Recovery/BCP, ActiveHealth Management)

Maintainability is another argument for visual-based, concise documentation

There are two end goals for your DR documentation: effectiveness and maintainability. Without either, you will not have success during a disaster.

Organizations using a visual-based approach were 30% more likely to find that DR documentation is easy to maintain.	➔	“Easy to maintain” leads to a 46% higher rate of DR success.

Not only are visual-based disaster recovery plans more effective, but they are also easier to maintain.

Overcome documentation inertia with a tiered model that allows you to eat the elephant one bite at a time

Start with a recovery workflow to at least ensure a coordinated response. Then use that workflow to determine required supporting documentation.

Recovery Workflow: Starting the project with overly detailed documentation can slow down the entire process. Overcome planning inertia by starting with high-level incident response plans in a flowchart format. For examples and additional information, see XMPL Medical’s Recovery Workflows.

Recovery Procedures (Systems Recovery Playbook): For each step in the high-level flowchart, create recovery procedures where necessary using additional flowcharts, checklists, and diagrams as appropriate. Leverage Info-Tech’s Systems Recovery Playbook example as a starting point.

Additional Reference Documentation: Reference existing IT documentation, such as network diagrams and configuration documents, as well as more detailed step-by-step procedures where necessary (e.g. vendor documentation), particularly where needed to support alternate recovery staff who may not be as well versed as the primary system owners.

Info-Tech Insight

Organizations that use flowcharts, checklist, and diagrams over traditional, dense DRP manuals are far more likely to meet their RTOs/RPOs because their documentation is more usable and easier to maintain.

Use a DRP summary document to satisfy executives, auditors, and clients

Stakeholders don’t have time to sift through a pile of paper. Summarize your overall continuity capabilities in one, easy-to-read place.

DRP Summary Document

• Summarize BIA results
• Summarize DR strategy (including DR sites)
• Summarize backup strategy
• Summarize testing and maintenance plans

Follow Info-Tech’s methodology to make DRP documentation efficient and effective

Follow XMPL Medical’s journey through DR documentation

CASE STUDY

Industry Healthcare
Source Created by amalgamating data from Info-Tech’s client base

Streamline your documentation and maintenance process by following the approach outlined in XMPL Medical’s journey to an end-to-end DRP.

Outline of the Disaster Recovery Plan

XMPL’s disaster recovery plan includes its business impact analysis and a subset of tier 1 and tier 2 patient care applications.

Its DRP includes incident response flowcharts, system recovery checklists, and a communication plan. Its DRP also references IT operations documentation (e.g. asset management documents, system specs, and system configuration docs), but this material is not published with the example documentation.

Resulting Disaster Recovery Plan

XMPL’s DRP includes actionable documents in the form of high-level disaster response plan flowcharts and system recovery checklists. During an incident, the DR team is able to clearly see the items for which they are responsible.

Disaster Recovery Plan

• Recovery Workflow
• Business Impact Analysis
• DRP Summary
• System Recovery Checklists
• Communication, Assessment, and Disaster Declaration Plan

Info-Tech Best Practice

XMPL Medical’s disaster recovery plan illustrates an effective DRP. Model your end-to-end disaster recovery plan after XMPL’s completed templates. The specific data points will differ from organization to organization, but the structure of each document will be similar.

Model your disaster recovery documentation off of our example

CASE STUDY

Industry Healthcare
Source Created by amalgamating data from Info-Tech’s client base

Recovery Workflow:

• Recovery Workflows (PDF, VSDX)

Recovery Procedures (Systems Recovery Playbook):

• DR Notification, Assessment, and Disaster Declaration Plan
• Systems Recovery Playbook
• Network Topology Diagrams

Additional Reference Documentation:

• DRP Workbook
• Business Impact Analysis
• DRP Summary Document

Use Info-Tech’s DRP Maturity Scorecard to evaluate your progress

Info-Tech offers various levels of support to best suit your needs

Diagnostics and consistent frameworks used throughout all four options

Document and Maintain Your Disaster Recovery Plan – Project Overview

	1. Streamline DRP Documentation	2. Select the Optimal DRP Publishing Strategy	3. Keep Your DRP Relevant
Best-Practice Toolkit	1.1 Start with a recovery workflow 1.2 Create supporting DRP documentation 1.3 Write the DRP summary	2.1 Create Committee Profiles	3.1 Build Governance Structure Map 3.2 Create Committee Profiles
Guided Implementations	Review Info-Tech’s approach to DRP documentation. Create a high-level recovery workflow. Create supporting DRP documentation. Write the DRP summary.	Identify criteria for selecting a DRP publishing strategy. Select a DRP publishing strategy. Optional: Select requirements for a BCM tool and issue an RFP. Optional: Review responses to RFP.	Learn best practices for integrating DRP maintenance into day-to-day IT processes. Learn best practices for DRP-focused reviews.
Onsite Workshop	Module 1: Streamline DRP documentation	Module 2: Select the optimal DRP publishing strategy	Module 3: Learn best practices for keeping your DRP relevant
	Phase 1 Outcome: A complete end-to-end DRP	Phase 2 Outcome: Selection of a publishing and management tool for your DRP documentation	Phase 3 Outcome: Strategy for maintaining your DRP documentation

Workshop Overview

Contact your account representative or email Workshops@InfoTech.com for more information.

Workshop Goal: Learn how to document and maintain your DRP.

Use these icons to help direct you as you navigate this research

Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.

Phase 1: Streamline DRP Documentation

Step 1.1: Start with a recovery workflow

This step will walk you through the following activities:

• Review a model DRP.
• Review your recovery workflow.
• Identify documentation required to support the recovery workflow.

This step involves the following participants:

• DRP Owner
• System SMEs
• Alternate DR Personnel

Outcomes of this step

• Understanding the visual-based, concise approach to DR documentation.
• Creating a recovery workflow that provides a roadmap for coordinating incident response and identifying required supporting documentation.

Info-Tech Insights

A DRP is a collection of procedures and supporting documents that allow an organization to recover its IT services to minimize system downtime for the business.

1.1 — Start with a recovery workflow to ensure a coordinated response and identify required supporting documentation

The recovery workflow clarifies your DR strategy and ensures the DR team is on the same page.

“We use flowcharts for our declaration procedures. Flowcharts are more effective when you have to explain status and next steps to upper management.” (Assistant Director-IT Operations, Healthcare Industry)

Review business impact analysis (BIA) results to plan your recovery workflow

The BIA defines system criticality from the business’s perspective. Use it to guide system recovery order.

Specifically, review the following from your BIA:

• The list of tier 1, 2, and 3 applications. This will dictate the recovery order in your recovery workflow.
• Application dependencies. This will outline what needs to be included as part of an application recovery workflow.
• The recovery time objective (RTO) and recovery point objective (RPO) for each application. This will also guide the recovery, and enable you to identify gaps where the recovery workflow does not meet RTOs and RPOs.

CASE STUDY: The XMPL DRP documentation is based on this Business Impact Analysis Tool.

Haven’t conducted a BIA? Use Info-Tech’s streamlined approach.

Info-Tech’s publication Create a Right-Sized Disaster Recovery Plan takes a very practical approach to BIA work. Our process gives IT leaders a mechanism to quickly get agreement on system recovery order and DR investment priorities.

Conduct a tabletop planning exercise to determine your recovery workflow

1.1.1 Tabletop Planning Exercise

1. Define a scenario to drive the tabletop planning exercise:
   • Use a scenario that forces a full failover to your DR environment, so you can capture an end-to-end recovery workflow.
   • Avoid scenarios that impact health and safety such as tornados or a fire. You want to focus on IT recovery.
   • Example scenarios: Burst water pipe that causes data-center-wide damage or a gas leak that forces evacuation and power to be shut down for at least two days.

Note: You may have already completed this exercise as part of Create a Right-Sized Disaster Recovery Plan.

Info-Tech Insight

Use scenarios to provide context for DR planning, and to test your plans, but don’t create a separate plan for every possibility.

The high-level recovery plan will be the same whether the incident is a fire, flood, or tornado. While there might be some variances and outliers, these scenarios can be addressed by adding decision points and/or separate, supplementary instructions.

Walk through the scenario and capture the recovery workflow

2. Capture the following information for tier 1, tier 2, and tier 3 systems:
   1. On white cue cards, record the steps and track start and end times for each step (where 00:00 is when the incident occurred).
   2. On yellow cue cards, document gaps in people, process, and technology requirements to complete the step.
   3. On red cue cards, indicate risks (e.g. no backup person for a key staff member).

Note:

• Ensure the language is sufficiently genericized (e.g. refer to events, not specifically a burst water pipe).
• Review isolated failures (e.g. hardware, software). Typically, the recovery procedure documented for individual systems covers the essence of the recovery workflow whether it’s just the one system that failed or it’s part of a site-wide recovery.

Note: You may have already completed this exercise as part of Create a Right-Sized Disaster Recovery Plan.

Document your current-state recovery workflow based on the results of the tabletop planning

After you finish the tabletop planning exercise, the steps on the set of cue cards define your recovery workflow. Capture this in a flowchart format.

Use the sample DRP to guide your own flowchart. Some notes on the example are:

• XMPL’s Incident Management to DR flowchart shows the connection between its standard Service Desk processes and DR processes.
• XMPL’s high-level workflows outline its recovery of tier 1, 2, and 3 systems.
• Where more detail is required, include links to supporting documentation. In this example, XMPL Medical includes links to its Systems Recovery Playbook.

This sample flowchart is included in XMPL Recovery Workflows.

Step 1.2: Create Supporting DRP Documentation

This step will walk you through the following activities:

• Create checklists for your playbook.
• Document more complex procedures with flowcharts.
• Gather and/or write network topology diagrams.
• Compile a contact list.
• Ensure there is enough material for backup personnel.

This step involves the following participants:

• DRP Owner
• System SMEs
• Backup DR Personnel

Outcomes of this step

• Actionable supporting documentation for your disaster recovery plan.
• Contact list for IT personnel, business personnel, and vendor support.

1.2 — Create supporting documentation for your disaster recovery plan

Now that you have a high-level incident response plan, collect the information you need for executing that plan.

Info-Tech Insight

Write for your audience. The playbook is for IT; include only the information they need to execute the plan. DRP summaries are for executives and auditors; do not include information intended for IT. Similarly, your disaster recovery plan is not for business units; keep BCP content out of your DRP.

Use checklists to streamline step-by-step procedures

Checklists are ideal when staff just need a reminder of what to do, not how to do it.

XMPL Medical used its high-level flowcharts as a roadmap for creating its Systems Recovery Playbook.

• Since its Playbook is intended for experienced IT staff, the writing style in the checklists is concise. XMPL includes links to reference material to support recovery, especially for alternate staff who might need additional instruction.
• XMPL includes key parameters (e.g. IP addresses) rather than assume those details would be memorized, especially in a stressful DR scenario.
• Similarly, include links to other useful resources such as VM templates.

Included in the XMPL Systems Recovery Playbook are checklists for recovering XMPL’s virtual desktop infrastructure, mission-critical applications, and core infrastructure components.

Use flowcharts to document processes with concurrent tasks not easily captured in a checklist

Recovery procedures can consist of flowcharts, checklists, or both, as well as diagrams. The main goal is to be clear and concise.

• XMPL Medical created a flowchart to capture its phone services recovery procedure to capture concurrent tasks.
• Additional instructions, where required, could still be captured in a Playbook checklist or other supporting documentation.
• The flowchart could have also included key settings or other details as appropriate, particularly if the DR team chose to maintain this recovery procedure just in a flowchart format.

Included in the XMPL DR documentation is an example flowchart for recovering phone systems. This flowchart is in Recovery Workflows.

Reference this blueprint for more SOP flowchart examples: Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind

Use topology diagrams to capture network layout, integrations, and system information

Topology diagrams, key checklists, and configuration settings are often enough for experienced networking staff to carry out their DR tasks.

• XMPL Medical includes these diagrams with its DRP. Instead of recreating these diagrams, the XMPL Medical DR Manager asked their network team for these diagrams:
  • Primary data center diagram
  • DR site diagram
  • High-level network diagrams
• Often, organizations already have network topology diagrams for reference purposes.

“Our network engineers came to me and said our standard SOP template didn't work for them. They're now using a lot of diagrams and flowcharts, and that has worked out better for them.” (Assistant Director-IT Operations, Healthcare Industry)

You can download a PDF and a VSD version of these Data Center and Network Diagrams from Info-Tech’s website.

Create a list of organizational, IT, and vendor contacts that may be required to assist with recovery

If there is something strange happening to your IT infrastructure, who you gonna call?

Many DR managers have their team on speed dial. However, having the contact info of alternate staff, BCP leads, and vendors can be very helpful during a disaster. XMPL Medical lists the following information in its DRP Workbook:

• The DR Teams, SMEs critical to disaster recovery, their backups, and key contacts (e.g. BC Management team leads, vendor contacts) that would be involved in:
  • Declaring a disaster.
  • Coordinating a response at an organizational level.
  • Executing recovery.
• The people that have authority to declare a disaster.
• Each person’s spending authority.
• The rules for delegating authority.
• Primary and alternate staff for each role.

Confirm with your DR team that you have all of the documentation that you need to recover during a disaster

DISCUSS: Is there enough information in your DRP for both primary and backup DR personnel?

• Is it clear who is responsible for each DR task, including notification steps?
• Have alternate staff for each role been identified?
• Does the recovery workflow capture all of the high-level steps?
• Is there enough documentation for alternate staff (e.g. network specs)?

Step 1.3: Write the DRP Summary

This step will walk you through the following activities:

• Write a DRP summary document.

This step involves the following participants:

• DRP Owner

Outcomes of this step

• High-level outline of your DRP capabilities for stakeholders such as executives, auditors, and clients.

Summarize your DR capabilities using a DRP summary document

1.3.1 DRP Summary Document

The sample included on Info-Tech’s website is customized for the XMPL Medical Case Study – use the download as a starting point for your own summary document.

• Business Impact Analysis
• DRP Recovery Workflows
• Supporting Documentation
• Outputs from Reduce Costly Downtime Through DR Testing

DRP Summary Document

XMPL’s DRP Summary is organized into the following categories:

• DR requirements: This includes a summary of scope, business impact analysis (BIA), risk assessment, and high-level RTOs and achievable RTOs.
• DR strategy: This includes a summary of XMPL’s recovery procedures, DR site, and backup strategy.
• Testing and maintenance: This includes a summary of XMPL’s DRP testing and maintenance strategy.

Be transparent about existing business risks in your DRP summary

The DRP summary document is business facing. Include information of which business leaders (and other stakeholders) need to be aware.

• Discrepancies between desired and achievable RTOs? Organizational leadership needs to know this information. Only then can they assign the resources and budget that IT needs to achieve the desired DR capabilities.
• What is the DRP’s scope? XMPL Medical lists the IT components that will be recovered during a disaster, and components which will not. For instance, XMPL’s DRP does not recover medical equipment, and XMPL has separate plans for business continuity and emergency response coordination.

The above table to is a snippet from the XMPL DR Summary Document (section 2.1.3.2).

In the example, the DR team is unable to recover tier 1, 2, and 3 systems within the desired RTO. As such, they clearly communicate this information in the DRP summary, and include action items to address these gaps.

Phase 2: Select the Optimal DRP Publishing Strategy

Step 2.1: Select a DRP Publishing Strategy

This step will walk you through the following activities:

• Select criteria for assessing DRP tools.
• Evaluate categories for DRP tools.
• Optional: Write an RFP for a BCM tool.

This step involves the following participants:

• DRP Owner

Outcomes of this step

• Identified strategies for publishing your DRP (i.e. making it available to your DR team).

Info-Tech Insights

Diversify your publishing strategy to ensure you can access your DRP in a disaster. For example, if you are using a BCM tool or SharePoint Online as your primary documentation repository, also push the DRP to your DR team’s smartphones as a backup in case the disaster affects internet access.

2.1 — Select a DR publishing and document management strategy that fits your organization

Publishing and document management considerations:

Portability/External Access: Assume your primary site is down and inaccessible. Can you still access your documentation? As shown in this chart, traditional strategies of either keeping a copy at another location (e.g. at the failover site) or with staff (e.g. on a USB drive) still dominate, but these aren’t necessarily the best options.	➔	Note: Percentages total more than 100% due to respondents using more than one portability strategy. (Source: Info-Tech Research Group, N=118)
Maintainability/Usability: How easy is it to create, update, and use the documentation? Is it easy to link to other documents as shown in the flowchart and checklist examples? Is there version control? Lack of version control can create a maintenance nightmare as well as issues in a crisis if staff are questioning whether they have the right version.
Cost/Effort: Is the cost and effort appropriate? For example, a large enterprise may need a formal solution (e.g. DRP tools or SharePoint), but the cost might be hard to justify for a smaller company.

Pros and cons of potential strategies

This section will review the following strategies, their pros and cons, and how they meet publishing and document management requirements:

• DRP tools (e.g. eBRP, Recovery Planner, LDRPS)
• In-house solutions combining SharePoint and MS Office (or equivalent)
• Wiki site
• “Manual” approaches such as storing documents on a USB drive

Avoid 42 hours of downtime due to a non-diversified publishing strategy

CASE STUDY

Industry Municipality
Source Interview

Situation

• A municipal government has recently completed an end-to-end disaster recovery plan.
• The team is feeling good about the fact that they were able to identify:
  • Relative criticality of applications.
  • Dependencies for each application.
  • Incident response plans for the current state and desired state.
  • System recovery procedures.

Challenge

• While the DR plan itself was comprehensive, the team only published the DR onto the government’s network drives.
• A power generation issue caused power to be shut down, which in turn cascaded into downtime for the network.
• Once the network was down, their DRP was inaccessible.

Insights

• Each piece of documentation that was created could have contributed to recovery efforts. However, because they were inaccessible, there was a delayed response to the incident. The result was 42 hours of downtime for end users.
• Having redundant publishing strategies is just like having redundant IT infrastructure. In the event of downtime, not only do you need to have DR documentation, but you also need to make sure that it is accessible.

Decide on a DR publishing strategy by looking at portability, maintainability, cost, and required effort

Use the information included in Step 2.1 to guide your analysis of DRP publishing solutions.

The tool enables you to compare two possible solutions based on these key considerations discussed in this section:

• Portability/external access
• Maintainability/usability
• Cost
• Effort

The right choice will depend on factors such as current in-house tools, maturity around document management, the size of your IT department, and so on.

For example, a small shop may do very well with the USB drive strategy, whereas a multi-national company will need a more formal strategy to manage consistent DRP distribution.

The DRP Publishing and Management Solution Evaluation Tool helps you to evaluate the tools included in this section.

Don’t think of a business continuity management (BCM) tool as a silver bullet; know what you’re getting out of it

Portability/External Access:

• Pros: Typically a SaaS option provides built-in external access with appropriate security and user administration to vary access rights.
• Cons: Degree of external access is often dependent on the vendor.

Maintainability/Usability:

• Pros: Built-in templates encourage consistency and guide initial content development by indicating what details need to be captured.
• Pros: Built-in document management (e.g. version control, metadata support), centralized access/navigation to required documents, and some automation (e.g. update contacts throughout the system).
• Cons: Not a silver bullet. You still have to do the work to define and capture your processes.
• Cons: Requires end-user and administrator training.

Cost/Effort:

• Pros: For large enterprises, the convenience of built-in document management and templates can outweigh the cost.
• Cons: Expect leading DRP tools to cost $20K or more per year.

About this approach:
BCM tools are solutions that provide templates, tools, and document management to create BC and DR documentation.

Info-Tech Insight

The business case for a BCM tool is built by answering the following questions:

• Will the BCM tool solve an unmet need?
• Will the tool be more effective and efficient than an in-house solution?
• Will the solution provide enhanced capabilities that an in-house solution cannot provide?

If you cannot get a satisfactory answer to each of these questions, then opt for an in-house solution.

“We explored a DRP tool, and it was something we might have used, but it was tens of thousands of pounds per year, so it didn’t stack up financially for us at all.” (Rik Toms, Head of Strategy – IP and IT, Cable and Wireless Communications)

For in-house solutions, leverage tools such as SharePoint to provide document management capabilities

Portability/External Access:

• Pros: SharePoint is commonly web-enabled and supports external access with appropriate security and user administration.
• Cons: Must be installed at redundant sites or be cloud-based to be effective in a crisis that takes down your primary data center.

Maintainability/Usability:

• Pros: Built-in document management (e.g. version control, metadata support) as well as centralized access/navigation to required documents.
• Pros: No tool learning curve – SharePoint and MS Office would be existing solutions already used on a daily basis.
• Cons: No built-in automation (e.g. automated updates to contacts throughout the system).
• Cons: Consistency depends on creating templates and implementing processes for document updates, review, and approval.

Cost/Effort:

• Pros: Using existing tools, so this is a sunk cost in terms of capex.
• Cons: Additional effort required to create templates and manage the documentation library.

About this approach:
DRPs and SOPs most often start as MS Office documents, even if there is a DRP tool available. For organizations that elect to bypass a formal DRP tool, and most do, the biggest gap they have to overcome is document management.

Many organizations are turning to SharePoint to meet this need. For those that already have SharePoint in place, it makes sense to further leverage SharePoint for DR documentation and day-to-day SOPs.

For SharePoint to be a practical solution, the documentation must still be accessible if the primary data center is down, e.g. by having redundant SharePoint instances at multiple in-house locations, or using a cloud-based SharePoint solution.

“Just about everything that a DR planning tool does, you can do yourself using homegrown solutions or tools that you're already familiar with such as Word, Excel, and SharePoint.” (Allen Zuk, President and CEO, Sierra Management Consulting)

A healthcare company uses SharePoint as its DRP and SOP documentation management solution

CASE STUDY Healthcare

• This organization is responsible for 50 medical facilities across three states.
• It explored DRP tools, but didn’t find the right fit, so it has developed an in-house solution based in SharePoint. While DRP tools have improved, the organization no longer needs that type of solution. Its in-house solution is meeting its needs.
• It has SharePoint instances at multiple locations to ensure availability if one site is down.

Documentation Strategy

• Created an IT operations library in SharePoint for DR and SOPs, from basic support to bare-metal restore procedures.
• SOPs are linked from SharePoint to the virtual help desk for greater accessibility.
• Where practical, diagrams and flowcharts are used, e.g. DR process flowcharts and network services SOPs dominated by diagrams and flowcharts.

Management Strategy

• Directors and the CIO have made finishing off SOPs their performance improvement objective for the year. The result is staff have made time to get this work done.
• Status updates are posted monthly, and documentation is a regular agenda item in leadership meetings.
• Regular tabletop testing validates documentation and ensures familiarity with procedures, including where to find required information.

Results

• Dependency on a few key individuals has been reduced. All relevant staff know what they need to do and where to access required documentation.
• SOPs are enabling DR training as well as day-to-day operations training for new staff.
• The organization has a high confidence in its ability to recovery from a disaster within established timelines.

Explore using a wiki site as an inexpensive alternative to SharePoint and other content management solutions

Portability/External Access:

• Pros: Wiki sites can support external access as with any web solution.
• Cons: Must be installed at redundant sites, hosted, or cloud-based to be effective in a crisis that takes down your primary data center.

Maintainability/Usability:

• Pros: Built-in document management (version control, metadata support, etc.) as well as centralized access/navigation to required information.
• Pros: Authorized users can make updates dynamically, depending on how much restriction you have on the site.
• Cons: No built-in automation (e.g. automated updates to contacts throughout the system).
• Cons: Consistency depends on creating templates and implementing processes for document updates, review, and approval.

Cost/Effort:

• Pros: An inexpensive option compared to traditional content management solutions such as SharePoint.
• Cons: Learning curve if wikis are new to your organization.

About this approach:
Wiki sites are websites where users collaborate to create and edit the content. Wikipedia is an example.

While wiki sites are typically used for collaboration and dynamic content development, the traditional collaborative authoring model can be restricted to provide structure and an approval process.

Several tools are available to create and manage wiki sites (and other collaboration solutions), as outlined in the following research:

• Modernize Communications and Collaboration infrastructure
• Vendor Landscape: Collaboration Platforms

Info-Tech Insight

If your organization is not already using wiki sites, this technology can introduce a culture shock. Start slow by using a wiki site within a specific department or for a particular project. Then evaluate how well your staff adapt to this technology as well as its potential effectiveness in your organization. Refer to our collaboration strategy research for additional guidance.

For small IT shops, distributing documentation to key staff (e.g. via a USB drive) can still be effective

Portability/External Access:

• Pros: Appropriate staff have the documentation with them; there is no need to log into a remote site or access a tool to get at the information.
• Cons: Relies on staff to be diligent about ensuring they have the latest documentation and keep it with them (not leave it in their desk drawer).

Maintainability/Usability:

• Pros: With this strategy, MS Office (or equivalent) is used to create and maintain the documentation, so there is no learning curve.
• Pros: Simple, straightforward methodology – keep the master on a network drive, and download a copy to your USB drive.
• Cons: No built-in automation (e.g. automated updates to contact information) or document management (e.g. version control).
• Cons: Consistency depends on creating templates and implementing rigid processes for document updates, review, and approval.

Cost/Effort:

• Pros: Little to no cost and no tool management required.
• Cons: “Manual” document management requires strict attention to process for version control, updates, approvals, and distribution.

About this approach:
With this strategy, your ERT and key IT staff keep a copy of your DRP and relevant documentation with them (e.g. on a USB drive). If the primary site experiences a major event, they have ready access to the documentation.

Fifty percent of respondents in our recent survey use this strategy. A common scenario is to use a shared network drive or a solution such as SharePoint as the master centralized repository, but distribute a copy to key staff.

Info-Tech Insight

This approach can have similar disadvantages as using hard copies. Ensuring the USB drives are up to date, and that all staff who might need access have a copy, can become a burdensome process. More often, USB drives are updated periodically, so there is the risk that the information will be out of date or incomplete.

Avoid extensive use of paper copies of DR documentation

DR documents need to be easy to update, accessible from anywhere, and searchable. Paper doesn’t meet these needs.

Portability/External Access:

• Pros: Does not rely on technology or power.
• Cons: Requires all staff who might be involved in a DR to have a copy, and to have it with them at all times, to truly have access at any time from anywhere.

Maintainability/Usability:

• Pros: In terms of usability, again there is no dependence on technology.
• Cons: Updates need to be printed and distributed to all relevant staff every time there is a change to ensure staff have access to the latest, most accurate documentation if a disaster occurred. You can’t schedule disasters, so information needs to be current all the time.
• Cons: Navigation to other information is manual – flipping through pages, etc. No searching or hyperlinks.

Cost/Effort:

• Pros: No technology system to maintain, aside from what you use for printing.
• Cons: Printing expenses are actually among the highest incurred by organizations, and this adds to it.
• Cons: Labor intensive due to need to print and physically distribute documentation updates.

About this approach:
Traditionally DRPs are printed and distributed to managers and/or kept in a central location at both the primary site and a secondary site. In addition, wallet cards are distributed that contain key information such as contact numbers.

A wallet card or even a few printed copies of your high-level DRP for general reference can be helpful, but paper is not a practical solution for your overall DR documentation library, particularly when you include SOPs for recovery procedures.

One argument in favor of paper is there is no dependency on power during a crisis. However, in a power outage, staff can use smartphones and potentially laptops (with battery power) to access electronically stored documentation to get through first response steps. In addition, your DR site should have backup power to be an appropriate recovery site.

Optional: Partial list of BCM tool vendors

The list is only a partial list of BCM tool vendors. The order in which vendors are presented, and inclusion in this list, does not represent an endorsement.

Optional: Use our list of requirements as a foundation for selecting and reviewing BCM tools

If a BCM tool is the best option for your environment, expedite the evaluation process with our BCM Tool – RFP Selection Criteria.

Through advisory services, workshops, and consulting engagements, we have created this BCM Tool Requirements List. The featured requirements includes the following categories:

1. Integrations
2. Planning and Monitoring
3. Administration
4. Architecture
5. Security
6. Support and Training

This BCM Tool – RFP Selection Criteria can be appended to an RFP. You can leverage Info-Tech’s RFP Template if your organization does not have one.

Info-Tech can write full RFPs

As part of a consulting engagement, Info-Tech can write RFPs for BCM tools and provide a customized scoring tool based on your environment’s unique requirements.

Phase 3: Keep Your DRP Relevant Through Maintenance Best Practices

Step 3.1: Integrate DRP maintenance into core IT processes

This step will walk you through the following activities:

• Integrate DRP maintenance with Project Management.
• Integrate DRP considerations into Change Management.
• Integrate with Performance Management.

This step involves the following participants:

• DRP Owner
• Head of Project Management Office
• Head of Change Advisory Board
• CIO

Outcomes of this step

• Updated project intake form.
• Updated change management practice.
• Updated performance appraisals.

3.1 — Incorporate DRP maintenance into core IT processes

Focusing on these three processes will help ensure that your plan stays current, accurate, and usable.

Info-Tech Best Practice

Prioritize quick wins that will have large benefits. The advice presented in this section offers easy ways to help keep your DRP up to date. These simple solutions can save a lot of time and effort for your DRP team as opposed to more intricate changes to the processes above.

Assess how new projects impact service criticality and DR requirements upfront during project intake

Understand the RTO/RPO requirements and IT impacts for new or enhanced services to ensure appropriate provisioning and overall DRP updates.

• Have submitters include service continuity requirements. This information can be inserted into your business impact analysis. Use similar language that you use in your own BIA.
  • The submitter should know how critical the resulting project will be. Any items that the submitter doesn’t know, the Project Steering Committee should investigate.
• Have IT assess the impact on the DRP. The submitter will not know how the DRP will be impacted directly. Ask the project committee to consider how DRP documentation and the DR environment will need to be changed due to the project under consideration.

Note: The goal is not to make DR a roadblock, but rather to ensure project requirements will be met – including availability and DR requirements.

This Project Intake Form asks the submitter to fill out the availability and criticality requirements for the project.

Leverage your change management process to identify required DRP updates as they occur

Avoid the year-end rush to update your DRP. Keeping it up to date as changes occur saves time in the long run and ensures your plan is accurate when you need it.

• As part of your change management process, identify potential updates to:
  • System documentation (e.g. configuration settings).
  • Recovery procedures (e.g. if a system has been virtualized, that changes the recovery procedure).
  • Your DR environment (e.g. system configuration updates for standby systems).
• Keep track of how often a system has changed. Relevant DRP documentation might be due for a deeper review:
  • After a system has been changed ten times (even from routine changes), notify your DRP Manager to flag the relevant DRP documentation for review.
  • As part of formal DRP reviews, pay closer attention to DRP documentation for the flagged systems.

This template asks the submitter to fill out the availability and criticality requirements for the project.

For change management best practices beyond DRP considerations, please see Optimize Change Management.

Integrate documentation into performance measurement and performance management

Documentation is a necessary evil – few like to create it and more immediate tasks take priority. If it isn’t scheduled and prioritized, it won’t happen.

“Our directors and our CIO have tied SOP work to performance evaluations, and SOP status is reviewed during management meetings. People have now found time to get this work done.” (Assistant Director – IT Operations, Healthcare Industry)

Step 3.2: Conduct an Annual Focused Review

This step will walk you through the following activities:

1. Identify components of your DRP to refresh.
2. Identify organizational changes requiring further focus.
3. Test your DRP and identify problems.
4. Correct problems identified with DRP.

This step involves the following participants:

• DRP Owner
• System SMEs
• Backup DR Personnel

Outcomes of this step

• An actionable, up-to-date DRP.

Info-Tech Insight

Testing is a waste of time and resources if you do not fix what’s broken. Tabletop testing is effective at uncovering gaps in your DR processes, but if you don’t address those gaps, then your DRP will still be unusable in a disaster.

Set up a safety net to capture changes that slipped through the cracks with a focused review process

Evaluate documentation supporting high-priority systems, as well as documentation supporting IT systems that have been significantly changed.

• Ideally you’re maintaining documentation as you go along. But you need to have an annual review to catch items that may have slipped through.
• Don’t review everything. Instead, review:
  • IT systems that have had 10+ changes: small changes and updates can add up over time. Ensure:
    • The plans for these systems are updated for changes (e.g. configuration changes).
    • SMEs and backup personnel are familiar with the changes.
  • Tier 1 / Gold Systems: Ensure that you can still recover tier 1 systems with your existing DRP documentation.
• Track documentation issues that you discovered with your ticketing system or service desk tool to ensure necessary documentation changes are made.

1. Annual Focused Review
2. Tier 1 Systems
3. Significantly Changed Systems
4. Organizational Changes

Identify larger changes, both organizational and within IT, that necessitate DRP updates

During your focused review, consider how organizational changes have impacted your DRP.

The COBIT 5 Enablers provide a foundation for this analysis. Consider:

• Changes in regulatory requirements: Are there new requirements for IT that are not reflected in your DRP? Is the organization required to comply with any additional regulations?
• Changes to organizational structures, business processes, and how employees work: Can employees still be productive once tier 1 services are restored or have RTOs changed? Has organizational turnover impacted your DRP?
• SMEs leaving or changing roles: Can IT still execute your DRP? Are there still people for all the key roles?
• Changes to IT infrastructure and applications: Can the business still access the information they need during a disaster? Is your BIA still accurate? Do new services need to be considered tier 1?

Info-Tech Best Practice

COBIT 5 Enablers
What changes need to be reflected in your DRP?

Create a plan during your annual focused review to test your DRP throughout the year

Regardless of your documentation approach, training and familiarity with relevant procedures is critical.

• Start with tabletop exercises and progress to technology-based testing (simulation, parallel, and full-scale testing).
• Ask staff to reference documentation while testing, even if they do not need to. This practice helps to confirm documentation accuracy and accessibility.
• Incorporate cross-training in DR testing. This gives important experience to backup personnel and will further validate that documents are complete and accurate.
• Track any discovered documentation issues with your ticketing system or project tracking tools to ensure necessary documentation changes are made.

Example Test Schedule:

1. Q1: Tabletop testing shadowed by backup personnel
2. Q2: Tabletop testing led by backup personnel
3. Q3: Technology-based testing
4. Annual Focused Review: Review Results

Reference this blueprint for guidance on DRP testing plans: Reduce Costly Downtime Through DR Testing

Appendix A: XMPL Case Study

Follow XMPL Medical’s journey through DR documentation

CASE STUDY

Industry Healthcare
Source Created by amalgamating data from Info-Tech’s client base

Streamline your documentation and maintenance process by following the approach outlined in XMPL Medical’s journey to an end-to-end DRP.

Outline of the Disaster Recovery Plan

XMPL’s disaster recovery plan includes its business impact analysis and a subset of tier 1 and tier 2 patient care applications.

Its DRP includes incident response flowcharts, system recovery checklists, and a communication plan. Its DRP also references IT operations documentation (e.g. asset management documents, system specs, and system configuration docs), but this material is not published with the example documentation.

Resulting Disaster Recovery Plan

XMPL’s DRP includes actionable documents in the form of high-level disaster response plan flowcharts and system recovery checklists. During an incident, the DR team is able to clearly see the items for which they are responsible.

Disaster Recovery Plan

• Recovery Workflow
• Business Impact Analysis
• DRP Summary
• System Recovery Checklists
• Communication, Assessment, and Disaster Declaration Plan

Info-Tech Best Practice

XMPL Medical’s disaster recovery plan illustrates an effective DRP. Model your end-to-end disaster recovery plan after XMPL’s completed templates. The specific data points will differ from organization to organization, but the structure of each document will be similar.

Model your disaster recovery documentation off of our example

CASE STUDY

Industry Healthcare
Source Created by amalgamating data from Info-Tech’s client base

Recovery Workflow:

• Recovery Workflows (PDF, VSDX)

Recovery Procedures (Systems Recovery Playbook):

• DR Notification, Assessment, and Disaster Declaration Plan
• Systems Recovery Playbook
• Network Topology Diagrams

Additional Reference Documentation:

• DRP Workbook
• Business Impact Analysis
• DRP Summary Document

Use our structure to create your practical disaster recovery plan.

Appendix B: Summary, Next Steps, and Bibliography

Insight breakdown

Use visual-based documentation instead of a traditional DRP manual.

• Flowcharts, checklists, and diagrams are more concise, easier to maintain, and more effective in a crisis.
• Write for an IT audience and focus on how to recover. You don’t need 30 pages of fluff describing the purpose of the document.

Create your DRP in layers to keep the work manageable.

• Start with a recovery workflow to ensure a coordinated response, and build out supporting documentation over time.

Prioritize quick wins to make DRP maintenance easier and more likely to happen.

• Incorporate DRP maintenance into change management and project intake procedures to systematically update and refine the DR documentation. Don’t save up changes for a year-end blitz, which turns document maintenance into an onerous project.

Summary of accomplishment

Knowledge Gained

• How to create visual-based DRP documentation
• How to integrate DRP maintenance into core IT processes

Processes Optimized

• DRP documentation creation
• DRP publishing tool selection
• DRP documentation maintenance

Deliverables Completed

• DRP documentation
• Strategy for publishing your DRP
• Modified project-intake form
• Change management checklist for DR considerations

Project step summary

Client Project: Document and Maintain Your Disaster Recovery Plan

• Create a recovery workflow.
• Create supporting DRP documentation.
• Write a summary for your DRP.
• Decide on a publishing strategy.
• Incorporate DRP maintenance into core IT processes.
• Conduct an annual focused review.

Info-Tech Insight

This project has the ability to fit the following formats:

• Onsite workshop by Info-Tech Research Group consulting analysts.
• Do-it-yourself with your team.
• Remote delivery (Info-Tech Guided Implementation).

Related Info-Tech research

Create a Right-Sized Disaster Recovery Plan
Close the gap between your DR capabilities and service continuity requirements.

Reduce Costly Downtime Through DR Testing
Improve the accuracy of your DRP and your team’s ability to efficiently execute recovery procedures through regular DR testing.

Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind
Go beyond satisfying auditors to drive process improvement, consistent IT operations, and effective knowledge transfer.

Prepare for a DRP Audit
Assess your current DRP maturity, identify required improvements, and complete an audit-ready DRP summary document.

Bibliography

A Structured Approach to Enterprise Risk Management (ERM) and the Requirements of ISO 31000. The Association of Insurance and Risk Managers, Alarm: The Public Risk Management Association, and The Institute of Risk Management, 2010.

“APO012: Manage Risk.” COBIT 5: Enabling Processes. ISACA, 2012.

Bird, Lyndon, Ian Charters, Mel Gosling, Tim Janes, James McAlister, and Charlie Maclean-Bristol. Good Practice Guidelines: A Guide to Global Good Practice in Business Continuity. Global ed. Business Continuity Institute, 2013.

COBIT 5: A Business Framework for the Governance and Management of Enterprise IT. ISACA, 2012.

“EDM03: Ensure Risk Optimisation.” COBIT 5: Enabling Processes. ISACA, 2012.

Risk Management. ISO 31000:2009.

Rothstein, Philip Jan. Disaster Recovery Testing: Exercising Your Contingency Plan. Rothstein Associates: 1 Oct. 2007.

Societal Security – Business continuity management systems – Guidance. ISO 22313:2012.

Societal Security – Business continuity management systems – Requirements. ISO 22301:2012.

Understanding and Articulating Risk Appetite. KPMG, 2008.

Analyst Perspective

The key is in anticipation.

“We all encounter unexpected changes and our responses are often determined by how we perceive and understand those changes. We react according to the unexpected occurrence. Business organizations are no different.

When a company faces a major technology disruption in its markets – one that could fundamentally change the business or impact its processes and technology – the way its management perceive and understand the disruption influences how they describe and plan for it. In other words, the way management sets the context of a disruption – the way they frame it – shapes the strategy they adopt. Technology leaders can vastly influence business strategy by adopting a proactive approach to understanding disruptive and innovative technologies by simply adopting a process to review and evaluate technology impacts to the company’s lines of business.”

Troy Cheeseman
Practice Lead, Infrastructure & Operations Research
Info-Tech Research Group

Executive Summary

Your Challenge

• New technology can hit like a meteor. Not only disruptive to IT, technology provides opportunities for organization-wide advantage.
• Your role is endangered. If you don’t prepare for the most disruptive technologies, you could be overshadowed. Don’t let the chief marketing officer (CMO) set the technological innovation agenda.

Common Obstacles

• Predicting the future isn’t easy. Most IT leaders fail to realize how quickly technology increases in capability. Even for the tech savvy, predicting which specific technologies will become disruptive is difficult.
• Communication is difficult when the sky is falling. Even forward-looking IT leaders struggle with convincing others to devote time and resources to monitoring technologies with a formal process.

Info-Tech’s Approach

• Identify, resolve, and evaluate. Use an annual process as described in this blueprint: a formal evaluation of new technology that turns analysis into action.
• Lead the analysis from IT. Establish a team to carry out the annual process as a cure for the causes of “airline magazine syndrome” and to prevent it from happening in the future.
• Train your team on the patterns of progress, track technology over time in a central database, and read Info-Tech’s analysis of upcoming technology.
• Create your KPIs. Establish your success indicators to create measurable value when presenting to your executive.
• Produce a comprehensive proof-of-concept plan that will allow your company to minimize risk and maximize reward when engaging with new technology.

Info-Tech Insight

Proactively monitoring, evaluating, and exploiting disruptive tech isn’t optional.
This will protect your role, IT’s role, and the future of the organization.

A diverse working group maximizes the insight brought to bear.
An IT background is not a prerequisite.

The best technology is only the best when it brings immediate value.
Good technology might not be ready; ready technology might not be good.

Review

We help IT leaders make the most of disruptive impacts.

This research is designed for:

Target Audience: CIO, CTO, Head of Infrastructure

This research will help you:

• Develop a process for anticipating, analyzing, and exploiting disruptive technology.
• Communicate the business case for investing in disruptive technology.
• Categorize emerging technologies to decide what to do with them.
• Develop a plan for taking action to exploit the technology that will most affect your organization.

Problem statement:

As a CIO, there is a need to move beyond day-to-day technology management with an ever-increasing need to forecast technology impacts. Not just from a technical perspective but to map out the technical understandings aligned to potential business impacts and improvements. Technology transformation and innovation is moving more quickly than ever before and as an innovation champion, the CIO or CTO should have foresight in specific technologies with the understanding of how the company could be disrupted in the near future. Foresight + Current Technology + Business Understanding = Understanding the Business Disruption. This should be a repeatable process, not an exception or reactionary response.

Insight Summary

Establish the core working group, select a leader, and select a group of visionaries to help brainstorm emerging technologies.

The right team matters. A core working group will keep focus through the process and a leader will keep everyone accountable. Visionaries are out-of-the-box thinkers and once they understand how to think like a "futurists," they will drive the longlist and shortlist actions.

Train the group to think like futurists

To keep up with exponential technology growth you need to take a multi-threaded approach.

Brainstorm about creating a better future; begin brainstorming an initial longlist

Establish the longlist. The longlist helps create a holistic view of most technologies that could impact the business. Assigning values and quadrant scoring will shortlist the options and focus your PoC option.

Converge everyone’s longlists

Long to short...that's the short of it. Using SWOT, value readiness, and quadrant mapping review sessions will focus the longlist, creating a shortlist of potential POC candidates to review and consider.

Evaluate the shortlist

There is no such thing as a risk-free endeavor. Use a systematic process to ensure that the risks your organization takes have the potential to produce significant rewards.

Define your PoC list and schedule

Don’t be afraid to fail! Inevitably, some proof-of-concept projects will not benefit the organization. The projects that are successful will more than cover the costs of the failed projects. Roll out small scale and minimize losses.

Finalize, present the plan to stakeholders, and repeat!

Don't forget the C-suite. Effectively communicate and present the working group’s finding with a well-defined and succinct presentation. Start the process again!

1. Identify
   • Establish the core working group and select a leader; select a group of visionaries
   • Train the group to think like futurists
   • Hold your initial meeting
2. Resolve

• Create and winnow a longlist
• Assess and create the shortlist

The Key Is in Anticipation!

Use Info-Tech’s approach for analyzing disruptive technology in your own disruptive tech working group

Four key challenges make it essential for you to become a champion for exploiting disruptive technology

1. New technology can hit like a meteor. It doesn’t only disrupt IT; technology provides opportunities for organization-wide advantage.
2. Your role is endangered. If you don’t prepare for the most disruptive technologies, you could be overshadowed. Don’t let the CMO rule technological innovation.
3. Predicting the future isn’t easy. Most IT leaders fail to realize how quickly technology increases in capability. Even for the tech savvy, predicting which specific technologies will become disruptive is difficult.
4. Communication is difficult when the sky is falling. Even forward-looking IT leaders struggle with convincing others to devote time and resources to monitoring emerging technologies with a formal process.

“Look, you have never had this amount of opportunity for innovation. Don’t forget to capitalize on it. If you do not capitalize on it, you will go the way of the dinosaur.”
– Dave Evans, Co-Founder and CTO, Stringify

Technology can hit like a meteor

“ By 2025:

• 38.6 billion smart devices will be collecting, analyzing, and sharing data.
• The web hosting services market is to reach $77.8 billion in 2025.
• 70% of all tech spending is expected to go for cloud solutions.
• There are 1.35 million tech startups.
• Global AI market is expected to reach $89.8 billion.”

– Nick Gabov

IT Disruption

Technology disrupts IT by:

• Affecting the infrastructure and applications that IT needs to use internally.
• Affecting the technology of end users that IT needs to support and deploy, especially for technologies with a consumer focus.
• Allowing IT to run more efficiently and to increase the efficiency of other business units.
• Example: The rise of the smartphone required many organizations to rethink endpoint devices.

Business Disruption

Technology disrupts the business by:

• Affecting the viability of the business.
• Affecting the business’ standing in relation to competitors that better deal with disruptive technology.
• Affecting efficiency and business strategy. IT should have a role in technology-related business decisions.
• Example: BlackBerry failed to anticipate the rise of the apps ecosystem. The company struggled as it was unable to react with competitive products.

Senior IT leaders are expected to predict disruptions to IT and the business, while tending to today’s needs

You are expected to be both a firefighter and a forecaster

• Anticipating upcoming disruptions is part of your job, and you will be blamed if you fail to anticipate future business disruptions because you are focusing on the present.
• However, keeping IT running smoothly is also part of your job, and you will be blamed if today’s IT environment breaks down because you are focusing on the future.

You’re caught between the present and the future

• You don’t have a process that anticipates future disruptions but runs alongside and integrates with operations in the present.
• You can’t do it alone. Tending to both the present and the future will require a team that can help you keep the process running.

Info-Tech Insight

Be prepared when disruptions start coming down, even though it isn’t easy. Use this research to reduce the effort to a simple process that can be performed alongside everyday firefighting.

Make disruptive tech analysis and exploitation part of your innovation agenda

Organizations without high satisfaction with IT innovation leadership are only 20% likely to be highly satisfied with IT

“You rarely see a real-world correlation of .86!”
– Mike Battista, Staff Scientist, Cambridge Brain Sciences, PhD in Measurement

There is a clear relationship between satisfaction with IT and the IT department’s innovation leadership.

Prevent “airline magazine syndrome” by proactively analyzing disruptive technologies

“The last thing the CIO needs is an executive saying ‘I don’t what it is or what it does…but I want two of them!”
– Tim Lalonde

Airline magazine syndrome happens to IT leaders caught between the business and IT. It usually occurs in this manner:

1. While on a flight, a senior executive reads about an emerging technology that has exciting implications for the business in an airline magazine.
2. The executive returns and approaches IT, demanding that action be taken to address the disruptive technology – and that it should have been (ideally) completed already.

Without a Disruptive Technology Exploitation Plan:

“I don’t know”

With a Disruptive Technology Exploitation Plan:

“Here in IT, we have already considered that technology and decided it was overhyped. Let me show you our analysis and invite you to join our working group.”

OR

“We have already considered that technology and have started testing it. Let me show you our testing lab and invite you to join our working group.”

Info-Tech Insight

Airline magazine syndrome is a symptom of a wider problem: poor CEO-CIO alignment. Solve this problem with improved communication and documentation. Info-Tech’s disruptive tech iterative process will make airline magazine syndrome a thing of the past!

IT leaders who do not keep up with disruptive technology will find their roles diminished

“Today’s CIO dominion is in a decaying orbit with CIOs in existential threat mode.”
– Ken Magee

Protect your role within IT

• IT is threatened by disruptive technology:
  • Trends like cloud services, increased automation, and consumerization reduce the need for IT to be involved in every aspect of deploying and using technology.
  • In the long term, machines will replace even intellectually demanding IT jobs, such as infrastructure admin and high-level planning.
• Protect your role in IT by:
  • Anticipating new technology that will disrupt the IT department and your place within it.
  • Defining new IT roles and responsibilities that accurately reflect the reality of technology today.
  • Having a process for the above that does not diminish your ability to keep up with everyday operations that remain a priority today.

Protect your role against other departments

• Your role in the business is threatened by disruptive technology:
  • The trends that make IT less involved with technology allow other executives – such as the CMO – to make IT investments.
  • As the CMO gains the power and data necessary to embrace new trends, the CIO and IT managers have less pull.
• Protect your role in the business by:
  • Being the individual to consult about new technology. It isn’t just a power play; IT leaders should be the ones who know technology thoroughly.
  • Becoming an indispensable part of the entire business’ innovation strategy through proposing and executing a process for exploiting disruptive technology.

IT leaders who do keep up have an opportunity to solidify their roles as experts and aggregators

“The IT department plays a critical role in [innovation]. What they can do is identify a technology that potentially might introduce improvements to the organization, whether it be through efficiency, or through additional services to constituents.”
– Michael Maguire, Management Consultant

The contemporary CIO is a conductor, ensuring that IT works in harmony with the rest of the business.

The new CIO is a conductor, not a musician. The CIO is taking on the role of a business engineer, working with other executives to enable business innovation.

The new CIO is an expert and an aggregator. Conductor CIOs increasingly need to keep up on the latest technologies. They will rely on experts in each area and provide strategic synthesis to decide if, and how, developments are relevant in order to tune their IT infrastructure.

The pace of technological advances makes progress difficult to predict

“An analysis of the history of technology shows that technological change is exponential, contrary to the common-sense ‘intuitive linear’ view. So we won’t experience 100 years of progress in the 21st century – it will be more like 20,000 years of progress (at today’s rate).”
– Ray Kurzweil

Technology advances exponentially. Rather than improving by the same amount of capability each year, it multiplies in capability each year.

Think like a futurist to anticipate technology before it goes mainstream.

Exponential growth happens much faster than linear growth, especially when it hits the knee of the curve. Even those who acknowledge exponential growth underestimate how capabilities can improve.

To predict new advances, turn innovation into a process

“We spend 70 percent of our time on core search and ads. We spend 20 percent on adjacent businesses, ones related to the core businesses in some interesting way. Examples of that would be Google News, Google Earth, and Google Local. And then 10 percent of our time should be on things that are truly new.”
– Eric Schmidt, Google

• Don’t get caught in the trap of refining your core processes to the exclusion of innovation. You should always be looking for new processes to improve, new technology to pilot, and where possible, new businesses to get into.
• Devote about 10% of your time and resources to exploring new technology: the potential rewards are huge.

You and your team need to analyze technology every year to predict where it’s going.

Foundational technologies, such as computing power, storage, and networks, are improving exponentially. Disruptive technologies are specific manifestations of foundational advancements. Advancements of greater magnitude give rise to more manifestations; therefore, there will be more disruptive technologies every year. There is a lot of noise to cut through. Remember Google Glasses? As technology becomes ubiquitous and consumerization reigns, everybody is a technology expert. How do you decide which technologies to focus on?

Protect IT and the business from disruption by implementing a simple, repeatable disruptive technology exploitation process

“One of the most consistent patterns in business is the failure of leading companies to stay at the top of their industries when technologies or markets change […] Managers must beware of ignoring new technologies that can’t initially meet the needs of their mainstream customers.”
– Joseph L. Bower and Clayton M. Christensen

Info-Tech Insight

Use Info-Tech’s tools and templates, along with this storyboard, to walk you through creating and executing an exploitation process in six steps.

Create measurable value by using Info-Tech’s process for evaluating the disruptive potential of technology

No business process is perfect. Use Info-Tech’s Proof of Concept Template to create a disruptive technology proof of concept implementation plan. Harness your company’s internal wisdom to systematically vet new technology. Engage only in calculated risk and maximize potential benefit.

Info-Tech Insight

Inevitably, some proof of concept projects will not benefit the organization. The projects that are successful will more than cover the costs of the failed projects. Roll out small scale and minimize losses.

Establish your key performance indicators (KPIs)

Key performance indicators allow for rigorous analysis, which generates insight into utilization by platform and consumption by business activity.

• Brainstorm metrics that indicate when process improvement is actually taking place.
• Have members of the group pitch KPIs; the facilitator should record each suggestion on a whiteboard.
• Make sure to have everyone justify the inclusion of each metric: how does it relate to the improvement that the proof of concept project is intended to drive? How does it relate to the overall goals of the business?
• Include a list of KPIs, along with a description and a target (ensuring that it aligns with SMART metrics).

Communicate your plan with the Disruptive Technology Exploitation Plan Template

Use the Disruptive Technology Exploitation Plan Template to summarize everything that the group does. Update the report continuously and use it to show others what is happening in the world of disruptive technology.

Whether you need a process for exploiting disruptive technology, or an analysis of current trends, Info-Tech can help

Two sets of research make up Info-Tech’s disruptive technology coverage:

This storyboard, and the associated tools and templates, will walk you through creating a disruptive technology working group of your own.

Blueprint deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

Key deliverable:

The Disruptive Technology Exploitation Plan Template acts as an implementation plan for developing a long-term strategy for monitoring and implementing disruptive technologies.

Proof of Concept Template

The Proof of Concept Template will guide you through the creation of a minimum-viable proof-of-concept project.

Executive Presentation

The Disruptive Technology Executive Presentation Template will assist you to present an overview of the disruptive technology process, outlining the value to your company.

Disruptive Technology Value Readiness & SWOT Analysis Tool

The Disruptive Technology Value Readiness & SWOT Analysis Tool will assist you to systematize notional evaluations of the value and readiness of potential disruptive technologies.

Disruptive Technology Research Database Tool

The Disruptive Technology Research Database Tool will help you to keep track of the independent research that is conducted by members of the disruptive technology exploitation working group.

Disruptive Technology Shortlisting Tool

The Disruptive Technology Shortlisting Tool will help you to codify the results of the disruptive technology working group's longlist winnowing process.

Disruptive Technology Look to the Past Tool

The Disruptive Technology Look to the Past Tool will assist you to collect reasonability test notes when evaluating potential disruptive technologies.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

Guided Implementation

“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

Workshop

“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

Consulting

“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation

What does a typical GI on this topic look like?

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is 8 to 12 calls over the course of 4 to 6 months.

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

Exploit Disruptive Infrastructure Technology

Disrupt or be disrupted.

Identify

Create your working group.

PHASE 1

Use Info-Tech’s approach for analyzing disruptive technology in your own disruptive tech working group

1. Identify
   1. Establish the core working group and select a leader; select a group of visionaries
   2. Train the group to think like futurists
   3. Hold your initial meeting
2. Resolve
   1. Create and winnow a longlist
   2. Assess and create the shortlist
3. Evaluate
   1. Create process maps
   2. Develop proof of concept charter

The Key Is in Anticipation!

Phase 1: Identify

Create your working group.

Activities:

Step 1.1: Establish the core working group and select a leader; select a group of visionaries
Step 1.2: Train the group to think like futurists
Step 1.3: Hold the initial meeting

This step involves the following participants:

IT Infrastructure Manager

CIO or CTO

Potential members and visionaries of the working group

Outcomes of this step:

• Establish a team of subject matter experts that will evaluate new, emerging, and potentially disruptive technologies.
• Establish a process for including visionaries from outside of the working group who will provide insight and direction.
• Introduce the core working group members.
• Gain a better understanding of how technology advances.
• Brainstorm a list of organizational processes.
• Brainstorm an initial longlist.

Step 1.1

Establish the core working group and select a leader; select a group of visionaries.

Activities:

• Articulate the long- and short-term benefits and costs to the entire organization
• Gain support by articulating the long- and short-term benefits and costs to the IT department
• Gain commitment from key stakeholders and executives
• Help stakeholders understand what goes into formally exploiting disruptive tech by reviewing this process
• Establish the core working group and select a leader
• Create a schedule with a time commitment appropriate to your organization’s size; it doesn’t need to take long
• Select a group of visionaries external to IT to help the working group brainstorm disruptive technologies

This step involves the following participants:

• IT Infrastructure Manager
• CIO or CTO
• Potential members and visionaries of the working group

Outcomes of this step

• Establish a team of subject matter experts that will evaluate new, emerging, and potentially disruptive technologies.
• Establish a process for including visionaries from outside of the working group that will provide insight and direction.

1.1.A Articulate the long- and short-term benefits and costs to the entire organization

A cost/benefit analysis will give stakeholders a picture of how disruptive technology could affect the business. Use the chart as a starting point and customize it based on your organization.

1.1.B Gain support by articulating the long- and short-term benefits and costs to the IT department

A cost/benefit analysis will give stakeholders a picture of how disruptive technology could affect the business. Use the chart as a starting point and customize it based on your organization.

1.1.C Gain commitment from key stakeholders and executives

Gaining approval from executives and key stakeholders is the final obstacle. Ensure that you cover the following items to have the best chance for project approval.

• Use a sample deck similar to this section for gaining buy-in, ensuring that you add/remove information to make it specific to your organization. Cover this section, including:
  • Who: Who will lead the team and who will be on it (working group)?
  • What: What resources will be required by the team (costs)?
  • Where/When: How often and where will the team meet (meeting schedule)?
  • Why: Why is there a need to exploit disruptive technology (benefits and examples)?
  • How: How is the team going to exploit disruptive technology (the process)?
• Go through this blueprint prior to presenting the plan to stakeholders so that you have a strong understanding of the details behind each process and tool.
• Frame the first iteration of the cycle as a pilot program. Use the completed results of the pilot to establish exploiting disruptive technology as a necessary company initiative.

Insert the resources required by the disruptive tech exploitation team into Section 1.5 of the Disruptive Technology Exploitation Plan Template. Have executives sign-off on the project in Section 1.6.

Disruption has undermined some of the most successful tech companies

“The IT department plays a critical role in [innovation]. What they can do is identify a technology that potentially might introduce improvements to the organization, whether it be through efficiency or through additional services to constituents.”
- Michael Maguire, Management Consultant

VoIP’s transformative effects

Disruptive technology:
Voice over Internet Protocol (VoIP) is a modern means of making phone calls through the internet by sending voice packets using data, as opposed to the traditional circuit transmissions of the PSTN.

Who won:
Organizations that realized the cost savings that VoIP provided for businesses with a steady internet connection saved as much as 60% on telephony expenses. Even in the early stages, with a few more limitations, organizations were able to save a significant amount of money and the technology has continued to improve.

Who lost?
Telecom-related companies that failed to realize VoIP was a potential threat to their market, and organizations that lacked the ability to explore and implement the disruptive technology early.

Digital photography — the new norm

Disruptive technology:
Digital photography refers to the storing of photographs in a digital format, as opposed to traditional photography, which exposes light to sensitive photographic film.

Who won:
Photography companies and new players that exploited the evolution of data storage and applied it to photography succeeded. Those that were able to balance providing traditional photography and exploiting and introducing digital photography, such as Nikon, left competitors behind. Smartphone manufacturers also benefited by integrating digital cameras.

Who lost?
Photography companies, such as Kodak, that failed to respond to the digital revolution found themselves outcompeted and insolvent.

1.1.D Help stakeholders understand what goes into formally exploiting disruptive tech by reviewing this process

There are five steps to formally exploiting disruptive technology, each with its own individual outputs and tools to take analysis to the next level.

Info-Tech Insight

Before going to stakeholders, complete the entire blueprint to better understand the tools and outputs of the process.

1.1.E Establish the core working group and select a leader

• Selecting your core membership for the working group is a critical step to the group’s success. Ensure that you satisfy the following criteria:
  • This is a team of subject matter experts. They will be overseeing the learning and piloting of disruptive technologies. Their input will also be valuable for senior executives and for implementing these technologies.
  • Choose members that can take time away from firefighting tasks to dedicate time to meetings.
  • It may be necessary to reach outside of the organization now or in the future for expertise on certain technologies. Use Info-Tech as a source of information.

• Once the team is established, you must decide who will lead the group. Ensure that you satisfy the following criteria:
  • A leader should be credible, creative, and savvy in both technology and business.
  • The leader should facilitate, acting as both an expert and an aggregator of the information gathered by the team.

Choose a compelling name

The working group needs a name. Be sure to select one with a positive connotation within your organization.

Section 1.3 of the Disruptive Technology Exploitation Plan Template

1.1.F Create a schedule with a time commitment appropriate to your organization’s size; it doesn’t need to take long

Time the disruptive technology working group’s meetings to coincide and integrate with your organization’s strategic planning — at least annually.

“Regardless of size, it’s incumbent upon every organization to have some familiarity of what’s happening over the next few years, [and to try] to anticipate what some of those trends may be. […] These trends are going to accelerate IT’s importance in terms of driving business strategy.”
– Vern Brownell, CEO, D-Wave

Section 1.4 of the Disruptive Technology Exploitation Plan Template

1.1.G Select a group of visionaries external to IT to help the working group brainstorm disruptive technologies

Selecting advisors for your group is an ongoing step, and the roster can change.

Ensure that you satisfy the following criteria:

• Look beyond IT to select a team representing several business units.
• Check for self-professed “geeks” and fans of science fiction that may be happy to join.
• Membership can be a reward for good performance.

This group does not have to meet as regularly as the core working group. Input from external advisors can occur between meetings. You can also include them on every second or third iteration of the entire process.

However, the more input you can get into the group, the more innovative it can become.

“It is … important to develop design fictions based on engagement with directly or indirectly implicated publics and not to be designed by experts alone.”
– Emmanuel Tsekleves, Senior Lecturer in Design Interactions, University of Lancaster

Section 1.3 of the Disruptive Technology Exploitation Plan Template

The following case study illustrates the innovative potential that is created when you include a diverse group of people

INDUSTRY - Chip Manufacturing
SOURCE - Clayton Christensen, Intel

To achieve insight, you need to collaborate with people from outside of your department.

Challenge

• Headquartered in California, through the 1990s, Intel was the largest microprocessor chip manufacturer in the world, with revenue of $25 billion in 1997.
• All was not perfect, however. Intel faced a challenge from Cyrix, a manufacturer of low-end chips. In 18 months, Cyrix’s share of the low-margin entry-level chip manufacturing business mushroomed from 10% to 70%.

Solution

• Troubled by the potential for significant disruption of the microprocessor market, Intel brought in external consultants to hold workshops to educate managers about disruptive innovation.
• Managers would break into groups and discuss ways Intel could facilitate the disruption of its competitors. In one year, Intel hosted 18 workshops, and 2,000 managers went through the process.

Results

• Intel launched the Celeron chip to serve the lower end of the PC market and win market share back from Cyrix (which no longer exists as an independent company) and other competitors like AMD.
• Within one year, Intel had captured 35% of the market.

“[The models presented in the workshops] gave us a common language and a common way to frame the problem so that we could reach a consensus around a counterintuitive course of action.” – Andy Grove, then-CEO, Intel Corporation

Phase 1: Identify

Create your working group.

Activities:

Step 1.1: Establish the core working group and select a leader; select a group of visionaries
Step 1.2: Train the group to think like futurists
Step 1.3: Hold the initial meeting

This step involves the following participants:

• IT Infrastructure Manager
• CIO or CTO
• Potential members and visionaries of the working group

Outcomes of this phase:

• Establish a team of subject matter experts that will evaluate new, emerging, and potentially disruptive technologies.
• Establish a process for including visionaries from outside of the working group who will provide insight and direction.
• Introduce the core working group members.
• Gain a better understanding of how technology advances.
• Brainstorm a list of organizational processes.
• Brainstorm an initial longlist.

Step 1.2

Train the group to think like futurists

Activities:

1. Look to the past to predict the future:
   • Step 1: Review the technology opportunities you missed
   • Step 2: Review and record what you liked about the tech
   • Step 3: Review and record your dislikes
   • Step 4: Record and test the reasonability
2. Crash course on futurology principles
3. Peek into the future

This step involves the following participants:

• IT Infrastructure Manager
• CIO or CTO
• Core working group members
• Visionaries

Outcomes of this step

• Team members thinking like futurists
• Better understanding of how technology advances
• List of past examples and characteristics

Info-Tech Insight

Business buy-in is essential. Manage your business partners by providing a summary of the EDIT methodology and process. Validate the process value, which will allow you create a team of IT and business representatives.

1.2 Train the group to think like futurists

1 hour

Ensure the team understands how technology advances and how they can identify patterns in upcoming technologies.

1. Lead the group through a brainstorming session.
2. Follow the next phases and steps.
3. This session should be led by someone who can facilitate a thought-provoking discussion.
4. This training deck finishes with a video.

Input

• Facilitated creativity
• Training deck [following slides]

Output

• Inspiration
• Anonymous ideas

Materials

• Futurist training “steps”
• Pen and paper

Participants

• Core working group
• Visionaries
• Facilitator

1.2.A Look to the past to predict the future

30 minutes

Use the Disruptive Technology Research Look to the Past Tool to record your output.

Input

• Facilitated creativity
• Speaker’s notes

Output

• Inspiration
• Anonymous ideas
• Recorded missed opportunities
• Recorded positive points
• Recorded dislikes
• Reasonability test list

Materials

• Futurist training “steps”
• Pen and paper
• “Look to the Past” tool

Participants

• Core working group
• Visionaries
• Facilitator

Understand how the difference between linear and exponential growth will completely transform many organizations in the next decade

“The last ten years have seen exponential growth in research on disruptive technologies and their impact on industries, supply chains, resources, training, education and employment markets … The debate is still open on who will be the winners and losers of future industries, but what is certain is that change has picked up pace and we are now in a new technology revolution whose impact is potentially greater than the industrial revolution.”
– Gary L. Evans

Exponential advancement will ensure that life in the next decade will be very different from life today.

• Linear growth happens one step at a time.
• The difference between linear and exponential is hard to notice, at first.
• We are now at the knee of the curve.

What about email?

• Consider the amount of email you get daily
• Double it
• Triple it

Exponential growth happens much faster than linear growth, especially when it hits the knee of the curve. Technology grows exponentially, and we are approaching the knee of the curve.

This graph is adapted from research by Ray Kurzweil.

Growth: Linear vs. Exponential

1.2.B Crash course on futurology principles

1 hour

“An analysis of the history of technology shows that technological change is exponential, contrary to the common-sense ‘intuitive linear’ view. So we won’t experience 100 years of progress in the 21st century — it will be more like 20,000 years of progress (at today’s rate).”
- Ray Kurzweil

Review the differences between exponential and linear growth

The pace of technological advances makes progress difficult to predict.

Technology advances exponentially. Rather than improving by the same amount of capability each year, it multiplies in capability each year.

Think like a futurist to anticipate technology before it goes mainstream.

Exponential growth happens much faster than linear growth, especially when it hits the knee of the curve. Even those who acknowledge exponential growth underestimate how capabilities can improve.

The following case study illustrates the rise of social media providers

“There are 7.7 billion people in the world, with at least 3.5 billion of us online. This means social media platforms are used by one in three people in the world and more than two-thirds of all internet users.”
– Esteban Ortiz-Ospina

The following case study illustrates the rapid growth of Machine to Machine (M2M) connections

Ray Kurzweil’s Law of Accelerating Returns

“Ray Kurzweil has been described as ‘the restless genius’ by The Wall Street Journal, and ‘the ultimate thinking machine’ by Forbes. He was ranked #8 among entrepreneurs in the United States by Inc Magazine, calling him the ‘rightful heir to Thomas Edison,’ and PBS included Ray as one of 16 ‘revolutionaries who made America,’ along with other inventors of the past two centuries.”
Source: KurzweilAI.net

Growth is linear?

“Information technology is growing exponentially. That’s really my main thesis, and our intuition about the future is not exponential, it’s really linear. People think things will go at the current pace …1, 2, 3, 4, 5, and 30 steps later, you’re at 30.”

Better IT strategy enables future business innovation

“The reality of information technology like computers, like biological technologies now, is it goes exponentially … 2, 4, 8, 16. At step 30, you’re at a billion, and this is not an idle speculation about the future.” [emphasis added]

“When I was a student at MIT, we all shared a computer that cost tens of millions of dollars. This computer [pulling his smartphone out of his pocket] is a million times cheaper, a thousand times more powerful — that’s a billion-fold increase in MIPS per dollar, bits per dollar… and we’ll do it again in 25 years.”
Source: “IT growth and global change: A conversation with Ray Kurzweil,” McKinsey & Company

1.2.C Peak into the future

1 hour

Leverage industry roundtables and trend reports to understand the art of the possible

• Uncover important business and industry trends that can inform possibilities for technology disruption.
• Market research is critical in identifying factors external to your organization and identifying technology innovation that will provide a competitive edge. It’s important to evaluate the impact each trend or opportunity will have in your organization and market.

Visit Info-Tech’s Trends & Priorities Research Center

Visit Info-Tech’s Industry Coverage Research to get started.

Phase 1: Identify

Create your working group

Activities:

Step 1.1: Establish the core working group and select a leader; select a group of visionaries
Step 1.2: Train the group to think like futurists
Step 1.3: Hold the initial meeting

This step involves the following participants:

• IT Infrastructure Manager
• CIO or CTO
• Potential members and visionaries of the working group

Outcomes of this phase:

• Establish a team of subject matter experts that will evaluate new, emerging, and potentially disruptive technologies.
• Establish a process for including visionaries from outside of the working group who will provide insight and direction.
• Introduce the core working group members.
• Gain a better understanding of how technology advances.
• Brainstorm a list of organizational processes.
• Brainstorm an initial longlist.

Info-Tech Insight

Establish the longlist. The longlist help create a holistic view of most technologies that could impact the business. Assigning values and quadrant scoring will shortlist the options and focus your PoC option.

Step 1.3

Hold the initial meeting

Activities:

1. Create an agenda for the meeting
2. Start the kick-off meeting with introductions and a recap
3. Brainstorm about creating a better future
4. Begin brainstorming an initial longlist
5. Have team members develop separate longlists for their next meeting

This step involves the following participants:

• IT Infrastructure Manager
• CIO or CTO
• Core working group members
• Visionaries

Outcomes of this step

• Introduce the core working group members
• Gain a better understanding of how technology advances
• Brainstorm a list of organizational processes
• Brainstorm an initial longlist

1.3.A Create an agenda for the meeting

1 hour

Kick-off this cycle of the disruptive technology process by welcoming your visionaries and introducing your core working group.

The purpose of the initial meeting is to brainstorm where new technology will be the most disruptive within the organization. You’ll develop two longlists: one of business processes and one of disruptive technology. These longlists are in addition to the independent research your core working group will perform before Phase 2.

• Find an outgoing facilitator. Sitting back will let you focus more on ideating, and an engaging presenter will help bring out ideas from your visionaries.
• The training deck (see step 1.2c) includes presenting a video. We’ve included some of our top choices for you to choose from.
  • Feel free to find your own video or bring in a keynote speaker.
  • The object of the video is to get the group thinking about the future.
  • Customize the training deck as needed.
• If a cycle has been completed, present your findings and all of the group’s completed deliverables in the first section.
• This session is the only time you have with your visionaries. Get their ideas on what technologies will be disruptive to start forming a longlist.

Info-Tech Insight

The disruptive tech team is prestigious. If your organization is large enough or has the resources, consider having this meeting in an offsite location. This will drive excitement to join the working group if the opportunity arises and incentivize good work.

Info-Tech Insight

The disruptive tech team is prestigious. If your organization is large enough or has the resources, consider having this meeting in an offsite location. This will drive excitement to join the working group if the opportunity arises and incentivize good work.

1.3.B Start the kick-off meeting with introductions and a summary of what work has been done so far

30 minutes

1. Start the meeting off with an icebreaker activity. This isn’t an ordinary business meeting – or even group – so we recommend starting off with an activity that will emphasize this unique nature. To get the group in the right mindset, try this activity:
   1. Go around the group and have people present:
   2. Their names and roles
   3. Pose some or all of the following questions/prompts to the group:
      • “Tell me about something you have created.”
      • “Tell me about a time you created a process or program considered risky.”
      • “Tell me about a situation in which you had to come up with several new ideas in a hurry. Were they accepted? Were they successful?”
      • “Tell me about a time you took a risk.”
      • “Tell me about one of your greatest failures and what you learned from it.”
2. Once everyone has been introduced, present any work that has already been completed.
   1. If you have already completed a cycle, give a summary of each technology that you investigated and the results from any piloting.
   2. If this is the first cycle for the working group, present the information decided in Step 1.1.

Input

• Disruptive technology exploitation plan

Output

• Networking
• Brainstorming

Materials

• Meeting agenda

Participants

• Core working group
• Visionaries
• Facilitator

1.3.C Brainstorm about creating a better future for the company, the stakeholders, and the employees

30 minutes

1. Have everyone put up at least two ideas for each chart paper.
2. Go around the room and discuss their ideas. You may generate some new ideas here.

These generated ideas are organizational processes that can be improved or disrupted with emerging technologies. This list will be referenced throughout Phases 2 and 3.

Input

• Inspiration
• Anonymous ideas

Output

• List of processes

Materials

• Chart paper and markers
• Pen and paper