Re-Envision Enterprise Printing

Don't settle for printer consolidation; seek the elimination of print

Analystperspective

You're likely not in the printing business.
Prepare your organization for the future by reducing print.

Initiatives to reduce printers are often met with end-user resistance. Don't focus on the idea of taking something away from end users. Instead, focus on how print reduction fits into larger goals of business process improvement, and on opportunities to turn the vendor into a partner who drives business process improvement through ongoing innovation and print reduction.

What are your true print use cases? Except in some legitimate use cases, printing often introduces friction and does not lead to efficiencies. Companies investing in digital transformation and document management initiatives must take a hard look at business processes still reliant on hard copies. Assess your current state to identify what the current print volume and costs are and where there are opportunities to consolidate and reduce.

Change your financial model. The managed print services industry allows you to use a pay-as-you-go approach and right-size your print spend to the organization's needs. However, in order to do printing-as-a-service right, you will need to develop a good RFP and RFP evaluation process to make sure your needs are covered by the vendor, while also baking in assurances the vendor will partner with you for continuous print reduction.

Emily Sugerman
Research Analyst, Infrastructure & Operations
Info-Tech Research Group

Darin Stahl
Principal Research Advisor, Infrastructure & Operations
Info-Tech Research Group

Executive summary

Your Challenge

IT directors and business operations managers face several challenges:

• Too many known unknowns: Enterprises may be overspending on printing, but this spend is often unknown and untracked.
• Opportunity costs: By locking into conventional printer leases and outdated document management, you are locking yourself out of the opportunity to improve business processes.

Common Obstacles

Printer reduction initiatives are stymied by:

• End-user resistance: Though sometimes the use of paper remains necessary, end users often cling to paper processes out of concern about change.
• Lack of governance: You lack insight into legitimate print use cases and lack full control over procurement of devices and consumables.
• Overly generic RFP: Print requirements are not tailored to your organization, and your managed print services RFP does not ask enough of the vendor.

Info-Tech's Approach

Follow these steps to excise superfluous, costly printing:

• Identify reduction opportunities via a thorough inventory and requirements-gathering process, and educate others on the financial and non-financial benefits. Enforce reduced printing through policies.
• Change your printing financial model to print-as-a-service by building an RFP and scoring tool for managed print services that makes the vendor a partner in continuous innovation.
• Leverage durable print management software to achieve vendor-agnostic governance and visibility.

Info-Tech Insight

Don't settle for printer consolidation: seek to eliminate print and enlist your managed print services vendor to help you achieve that goal.

Your challenge

This research is designed to help organizations that aim to reduce printing long term

• Finally understand aggregate printing costs: Not surprisingly, printing has become a large hidden expense in IT. Enterprises may be overspending on printing, but this spend is often unknown and untracked. Printer consumables are purchased independently by each department, non-networked desktop printers are everywhere, and everyone seems to be printing in color.
• Walk the walk when it comes to digital transformation: Outdated document management practices that rely on unnecessary printing are not the foundation upon which the organization can improve business processes.
• Get out of the printing business: Hire a managed print provider and manage that vendor well.

"There will be neither a V-shaped nor U-shaped recovery in demand for printing paper . . . We are braced for a long L-shaped decline."
–Toru Nozawa, President, Nippon Paper Industries (qtd. in Nikkei Asia, 2020).

Weight of paper and paperboard generated in the U.S.*

*Comprises nondurable goods (including office paper), containers, and packaging.

**2020 data not available.

Source: EPA, 2020.

Common obstacles

These barriers make this challenge difficult to address for many organizations:

• Cost-saving opportunities are unclear: In most cases, nobody is accountable for controlling printing costs, so there's a lack of incentive to do so.
• End-user attachment to paper-based processes: For end users who have been relying on paper processes, switching to a new way of working can feel like a big ask, particularly if an optimized alternative has not been provided and socialized.
• Legitimate print use cases are undefined: Print does still have a role in some business processes (e.g. for regulatory reasons). However, these business processes have not been analyzed to determine which print use cases are still legitimate. The WFH experience during the COVID-19 pandemic demonstrated that many workflows that previously incorporated printing could be digitized. Indeed, the overall attachment to office paper is declining (see chart).
• Immature RFP and RFP scoring methods: Outsourcing print to a managed service provider necessitates careful attention to RFP building and scoring. If your print requirements are not properly tailored to your organization and your managed print services RFP does not ask enough of the vendor, it will be harder to hold your vendor to account.

How important is paper in your office?

Quocirca, a printer industry market research firm, found that the number of organizations for whom paper is "fairly or very important to their business" has dropped 10 percentage points between 2019 and 2021.

Source: Quocirca, 2021.

Info-Tech's approach

Permanently change your company's print culture

1. Plan your Project

• Create your project charter, investigate end user printer behavior and reduction opportunities, gather requirements and calculate printer costs

• Protect yourself by building the right requirements into your RFP, evaluating candidates and negotiating from a strong position

• Identify printers to consolidate and eliminate, install them, and communicate updated printer policy

The Info-Tech difference:

1. Use Info-Tech's tracking tools to finally track data on printer inventory and usage.
2. Get to an RFP for managed print services faster through Info-Tech's requirement selection activity, and use Info-Tech's scoring tool template to more quickly compare candidates and identify frontrunners and knockouts.
3. Use Info-Tech's guidance on print management software to decouple your need to govern the fleet from any specific vendor.

Info-Tech's methodology for Re-Envision Enterprise Printing

Insight summary

Keep an eye on the long-term goal of eliminating print

Don't settle for printer consolidation: seek to eliminate print and enlist your managed print services vendor to help you achieve that goal.

Persuading leaders is key

Good metrics and visible improvement are important to strengthen executive support for a long-term printer reduction strategy.

Tie printer reduction into business process improvement

Achieve long-lasting reductions in print through document management and improved workflow processes.

Maintain clarity on what types of printer use are and aren't supported by IT

Modifying and enforcing printing policies can help reduce use of printers.

Print management software allows for vendor-agnostic continuity

Print management software should be vendor-agnostic and allow you to manage devices even if you change vendors or print services.

Secure a better financial model from the provider

Simply changing your managed print services pay model to "pay-per-click" can result in large cost savings.

Blueprint deliverables

Key deliverable:

Managed Print Services RFP

This blueprint's key deliverable is a completed RFP for enterprise managed print services, which feeds into a scoring tool that accelerates the requirements selection and vendor evaluation process.

Managed Print Services Vendor Assessment Questions

Managed Print Services RFP Template

Managed Print Services RFP Vendor Proposal Scoring Tool

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

Enterprise Printing Project Charter

Document the parameters of the print reduction project, your goals, desired business benefits, metrics.

Enterprise Printing Roles and Responsibilities RACI Guide

Assign key tasks for the project across strategy & planning, vendor selection, implementation, and operation.

Printer Policy

Start with a policy template that emphasizes reduction in print usage and adjust as needed for your organization.

Printer Reduction Tool

Track the printer inventory and calculate total printing costs.

End-User Print Requirements Survey

Base your requirements in end user needs and feedback.

Blueprint benefits

IT benefits

• Make the project charter for printer reduction and estimate cost savings
• Determine your organization's current printing costs, usage, and capabilities
• Define your organization's printing requirements and select a solution
• Develop a printer policy and implement the policy

Business benefits

• Understand the challenges involved in reducing printers
• Understand the potential of this initiative to reduce costs
• Accelerate existing plans for modernization of paper-based business processes by reducing printer usage
• Contribute to organizational environmental sustainability targets

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

Guided Implementation

"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

Workshop

"We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

Consulting

"Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation

What does a typical GI on this topic look like?

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is 8 to 12 calls over the course of 4 to 6 months.

Phase 1

Strategy and Planning

Re-Envision Enterprise Printing

• This phase will walk you through the following activities:
• Create a list of enterprise print roles and responsibilities
• Create project charter
• Inventory printer fleet and calculate printing costs
• Examine current printing behavior and identify candidates for device elimination
• Gather requirements, including through end user survey

This phase involves the following participants:

• IT director/CIO
• Business operations manager
• Project manager

Step 1.1

Create project charter and assign roles

Outcomes of this step

Completed Project Charter with RACI chart

Phase 1: Strategy and Planning

• Step 1.1 Create project charter and assign roles
• Step 1.2 Assess current state
• Step 1.3 Gather requirements

This step involves the following participants:

• IT director/CIO
• Business operations manager
• Project manager

Activities in this step

• Create a list of enterprise print roles and responsibilities
• Create project charter

1.1 Create project charter

Use the project charter to clearly define the scope and avoid scope creep

Identify project purpose

• Why is the organization taking on this project? What are you trying to achieve?
• What is the important background you need to document? How old is the fleet? What kinds of printer complaints do you get? What percentage of the IT budget does printing occupy?
• What specific goals should this project achieve? What measurable financial and non-financial benefits do these goals achieve?

Identify project scope

• What functional requirements do you have?
• What outputs are expected?
• What constraints will affect this project?
• What is out of scope for this project?

What are the main roles and responsibilities?

• Who is doing what for this project?

How will you measure success?

• What are the project's success metrics and KPIs?

Enterprise Printing Project Charter

Anticipate stakeholder resistance

Getting management buy-in for printer reduction is often one of the biggest challenges of the project.

Info-Tech Insight

If printer reduction is not driven and enforced from the top down, employees will find ways to work around your policies and changes. Do not attempt to undertake printer reduction initiatives without alerting executives. Ensure visible executive support to achieve higher cost savings.

Align the printer reduction project to org goals to achieve buy-in

A successful IT project demonstrates clear connections to business goals

Which business and organizational goals and drivers are supported by IT's intention to transform its printing ecosystem? For example,

Legislation: In 2009, the Washington House of Representatives passed a bill requiring state agencies to implement a plan to reduce paper consumption by 30% (State of Washington, 2009). The University of Washington cites this directive as one of the drivers for their plans to switch fully to electronic records by 2022 (University of Washington, n.d.).

Health care modernization: Implementing electronic health records; reducing paper charts.

Supply chain risk reduction: In 2021, an Ontario district school board experienced photocopier toner shortages and were forced to request schools to reduce printing and photocopying: "We have recommended to all locations that the use of printing be minimized as much as possible and priority given to the printing of sensitive and confidential documentation" (CBC, 2021).

Identify overall organizational goals in the following places:

• Company mission statements
• Corporate website
• Business strategy documents
• Other IT strategy documents
• Executives

Document financial and non-financial benefits

Financial benefits: Printer reduction can reduce your printing costs and improve printing capabilities.

• Printer reduction creates a controlled print environment; poorly controlled print environments breed unnecessary costs.
• Cost savings can be realized through:
  • Elimination of cost-efficient inkjet desktop printers.
  • Elimination of high-cost, inefficient, or underutilized printers.
  • Sharing of workshop printers between an optimal number of end users.
  • Replacing separate printers, scanners, copiers, and fax machines with. multi-function devices.
• Cost savings can be achieved through a move to managed print services, if you negotiate the contract well and manage the vendor properly. The University of Washington estimated a 20-25% cost reduction under a managed print services model compared to the existing lease (University of Washington, "What is MPS").

Non-financial benefits: Although the main motivation behind printer reduction is usually cost savings, there are also non-financial benefits to the project.

• Printer reduction decreases physical space required for printers
• Printer reduction meets employee and client environmental demands
  • Printer reduction can reduce the electricity and consumables used
  • Reduction in consumables means reduced hazardous waste from consumables and devices
• Printer reduction can result in better printing capabilities
  • Moving to a managed print services model can provide you with better printing capabilities with higher availability

Assign responsibility to track print device costs to IT

Problem:
Managers in many organizations wrongly assume that since IT manages the printer devices, they also already manage costs.

However, end users typically order printer devices and supplies through the supplies/facilities department, bypassing any budget approval process, or through IT, which does not have any authority or incentive to restrict requests (when they're not measured against the controlling of printer costs).

Organization-wide printer usage policies are rarely enforced with any strictness.

Without systematic policy enforcement, end-user print behavior becomes frivolous and generates massive printing costs.

Solution:
Recommend all print device costs be allocated to IT.

• Aggregate responsibility: Recommend that all printer costs be aggregated under IT's budget and tracked by IT staff.
• Assign accountability: Although supplies may continually be procured by the organization's supplies/facilities department, IT should track monthly usage and costs by department.
• Enforce policy: Empower IT with the ability to enforce a strict procurement policy that ensures all devices in the print environment are approved models under IT's control. This eliminates having unknown devices in the printer fleet and allows for economies of scale to be realized from purchasing standardized printing supplies.
• Track metrics: IT should establish metrics to measure and control each department's printer usage and flat departments that exceed their acceptable usage amounts.

Assign accountability for the initiative

Someone needs to have accountability for both the printer reduction tasks and the ongoing operation tasks, or the initiative will quickly lose momentum.

Customize Info-Tech's Enterprise Printing Roles and Responsibilities RACI Guide RACI chart to designate project roles and responsibilities to participants both inside and outside IT.

These tasks fall under the categories of:

• Strategy and planning
• Vendor selection, evaluation, and acquisition
• Implementation
• Operate

Assign a RACI: Remember the meaning of the different roles

• Responsible (does the work on a day-to-day basis)
• Accountable (reviews, signs off on, and is held accountable for outcomes)
• Consulted (input is sought to feed into decision making)
• Informed (is given notification of outcomes)

As a best practice, no more than one person should be responsible or accountable for any given process. The same person can be both responsible and accountable for a given process, or it could be two different people.

Avoid making someone accountable for a process if they do not have full visibility into the process for appropriate oversight, or do not have time to give the process sufficient attention.

The Enterprise Printing Roles and Responsibilities RACI Guide can be used to organize and manage these tasks.

Define metrics to measure success

Track your project success by developing and tracking success metrics

Ensure your metrics relate both to business value and customer satisfaction. "Reduction of print" is a business metric, not an experience metric.

Frame metrics around experience level agreements (XLAs) and experience level objectives (XLOs): What are the outcomes the customer wants to achieve and the benefits they want to achieve? Tie the net promoter score into the reporting from the IT service management system, since SLAs are still needed to tactically manage the achievement of the XLOs.

Use the Metrics Development Workbook from Info-Tech's Develop Meaningful Service Metrics to define:

• Relevant stakeholders
• Their goals and pain points
• The success criteria that must be met to achieve these goals
• The key indicators that must be measured to achieve these goals from an IT perspective
• What the appropriate IT metrics are, based on all of the above

Metrics could include

• User satisfaction
• Print services net promoter model
• Total printing costs
• Printer availability (uptime)
• Printer reliability (mean time between failures)
• Total number of reported incidents
• Mean time for vendor to respond and repair

Info-Tech Insight:

Good metrics and visible improvement are important to strengthen executive support for a long-term printer reduction strategy.

Step 1.2

Assess current state

Outcomes of this step

• Aggregate view of your printer usage and costs

Strategy and Planning

This step involves the following participants:

• IT director/CIO
• Business operations manager
• Project manager

Activities in this step

• 1.2. Inventory your printer fleet: Office walk-around
• 1.2 Inventory your printer fleet: Collect purchase receipts/statements/service records
• 1.3 Calculate printing costs

Create an aggregate view of your printer usage and costs

Problem: Lack of visibility

• Most organizations are unaware of the savings potential in reducing print due to a lack of data.
• Additionally, organizations may have inappropriately sized devices for their workloads.
• Often, nobody is responsible for managing the printers collectively, resulting in a lack of visibility into printing activity. Without this visibility, it is difficult to muster executive commitment and support for printer reduction efforts.
• The first step to eliminating your printers is to inventory all the printers in the organization and look at an aggregate view of the costs. Without understanding the cost saving potential, management will likely continue to avoid printer changes due to the idea's unpopularity with end users.
• Valid use cases for printers will likely still remain, but these use cases should be based on a requirements analysis.

Create visibility through by following these steps:

1. Office walk-around: Most organizations have no idea how many printers they have until they walk around the office and physically count them. This is especially true in cases where management is allowed to purchase personal printers and keep them at their desks. An office walk-around is often necessary to accurately capture all the printers in your inventory.
2. Collect purchase receipts/statements/service records: Double-check your printer inventory by referring to purchase receipts, statements, and service records.
3. Identify other sources of costs: Printer purchases only make up a small fraction of total printing costs. Operating costs typically account for 95% of total printer costs. Make sure to factor in paper, ink/toner, electricity, and maintenance costs.

1.2.1 Inventory your printer fleet: part 1

Office walk-around

1. Methodically walk around the office and determine the following for each printer:
   • Device type
   • Make, model, serial number
   • Location
   • Number of users supported
   • Device owner
   • Type of users supported (department, employee position)
2. Record printer details in Tab 1 of Info-Tech's Printer Reduction Tool. Collaborate with the accounting or purchasing department to determine the following for each printer recorded:
   • Purchase price/date
   • Monthly duty cycle
   • Estimated remaining useful life
   • Page count to date

Download the Printer Reduction Tool

1.2.2 Inventory your printer fleet:
part 2

Collect purchase receipts/statements/service records

1. Ask your purchasing manager for purchase receipts, statements, and service records relating to printing.
2. For documents found, match the printer with your physical inventory. Add any printers found that were not captured in the physical inventory count. Record the following:
   1. Device type
   2. Make, model, serial number
   3. Location
   4. Number of users supported
   5. Device owner
   6. Type of users supported (department, employee position)
3. 3. Collaborate with the accounting or purchasing department to determine the following for each printer recorded:
   1. Purchase price/date
   2. Monthly duty cycle
   3. Estimated remaining useful life
   4. Page count to date
4. Enter the data in Tab 1 of the Printer Reduction Tool

Download the Printer Reduction Tool

1.2.3 Calculate your printing costs

Collect purchase receipts/statements/service records

• Collect invoices, receipts, and service records to sum up the costs of paper, ink or toner, and maintenance for each machine. Estimate electricity costs.
• Record your costs in Tab 2 of the Printer Reduction Tool.
• Review the costs per page and per user to look for particularly expensive printers and understand the main drivers of the cost.
• Review your average monthly cost and annual cost per user. Do these costs surprise you?

Step 1.3

Gather printing requirements

Outcomes of this step

• Understanding of the organization's current printing behavior and habits
• Identification of how industry context and digitization of business processes have impacted current and future requirements

This step involves the following participants:

• IT director
• IT staff
• Rest of organization

Activities in this step

• Examine current printing behavior and habits
• Administer end-user survey
• Identify current requirements
• Identify future requirements

Requirements Gathering Overview

1. Identify opportunities to go paperless
   • Determine where business process automation is occurring
   • Align with environmental and sustainability campaigns
2. Identify current requirements
   • Review the types of document being printed and the corresponding features needed
   • Administer end-user survey to understand user needs and current printer performance
3. Identify future requirements

• Identify future requirements to avoid prematurely refreshing your printer fleet

Stop: Do not click "Print"

The most effective way to achieve durable printing cost reduction is simply to print less.

• Consolidating devices and removing cost-inefficient individual printers is a good first step to yielding savings.
• However, more sustainable success is achieved by working with the printer vendor(s) and the business on continuous innovation via proposals and initiatives that combine hardware, software, and services.
• Sustained print reduction depends on separate but related business process automation and digital innovation initiatives.

Info-Tech Insight:

Achieve long-lasting reductions in print through document management and improved workflow processes.

Leverage Info-Tech research to support your business' digital transformation

Define how changes to enterprise printing fit into digital transformation plans

Identify opportunities to go paperless

The "paperless office" has been discussed since the 1970s. The IT director alone does not have authority to change business processes. Ensure the print reduction effort is tied to other strategies and initiatives around digital transformation. Working on analog pieces of paper is not digital and may be eroding digital transformation process.

Leverage Info-Tech's Assert IT's Relevance During Digital Transformations to remind others that modernization of the enterprise print environment belongs to the discussion around increasing digitized support capabilities.

Eliminate business process friction caused by print

Analyze workflows for where they are still using paper. Ask probing questions about where paper still adds value and where the business process is a candidate for paperless digital transformation

• Is this piece of paper only being used to transfer information from one application to another?
• What kind of digitalization efforts have happened in the business as a result of the COVID-19 pandemic? Which workflows have digitized on their own?
• Where has e-signature been adopted?
• Is this use of paper non-negotiable (e.g. an ER triage that requires a small printer for forms; the need for bank tellers to provide receipts to customers)?
• Do we have compliance obligations that require us to retain a paper process?
• What is getting printed? Who is printing the most? Identify if there are recurring system-generated reports being printed daily/weekly/quarterly that are adding to the volume. Are reports going directly from staff mailboxes to a recycling bin?
• Does our print financial model incentivize the transformation of business processes, or does it reinforce old habits?
• What services, software, and solutions for document management and business process analysis does our managed print services vendor offer? Can we involve the vendor in the business transformation conversation by including an innovation clause in the next contract (re)negotiation to push the vendor to offer proposals for projects that reduce print?

Develop short-term and long-term print reduction strategies

Short-term strategies

• Consolidate the number of printers you have.
• Determine whether to outsource printing to a managed services provider and make the move.
• Enable print roaming and IT verification.
• Require user-queued print jobs to be authenticated at a printer to prevent print jobs that are lost or not picked up.
• Set up user quotas.
• Provide usage records to business managers so they can understand the true cost of printing.
• User quotas may create initial pushback, but they lead users to ask themselves whether a particular print job is necessary.
• Renegotiate print service contracts.
• Revisit contracts and shop around to ensure pricing is competitive.
• Leverage size and centralization by consolidating to a single vendor, and use the printing needs of the entire enterprise to decrease pricing and limit future contractual obligations.
• Train users on self-support.
• Train users to remedy paper jams and move paper in and out of paper trays.

Long-term strategies

• Promote a paperless culture by convincing employees of its benefits (greater cost savings, better security, easier access, centralized repository, greener).
• Educate users to use print area wisely.
• Develop campaigns to promote black and white printing or a paperless culture.

Info-Tech Insight:

One-time consolidation initiatives leave money on the table. The extra savings results from changes in printing culture and end-user behavior.

Examine current printing behavior and habits

It's natural for printer usage and printing costs to vary based on office, department, and type of employee. Certain jobs simply require more printing than others.

However, the printing culture within your organization likely also varies based on

• office
• department
• type of employee

Examine the printing behaviors of your employees based on these factors and determine whether their printing behavior aligns with the nature of their job.

Excessive printing costs attributed to departments or groups of employees that don't require much printing for their jobs could indicate poor printing culture and potentially more employee pushback.

Examine current printing behavior and habits, and identify candidates for elimination

1. Go to Tab 3 of your Printer Reduction Tool ("Usage Dashboard Refresh"). Right-click each table and press "Refresh."
2. Go to Tab 4 of your Printer Reduction Tool ("Usage Dashboard") to understand the following:
   1. Average printer utilization by department
   2. Pages printed per month by department
   3. Cost per user by department
3. Take note of the outliers and expensive departments.
4. Review printer inventory and printer use rates on Tab 5.
5. Decide which printers are candidates for elimination and which require more research.
6. If already working in a managed print services model, review the vendor's recommendations for printer elimination and consolidation.
7. Mark printers that could be eliminated or consolidated.

Administer end-user survey

Understand end-user printing requirements and current printer performance through an end-user survey

1. Customize Info-Tech's End-User Print Requirements Survey to help you understand your users' needs and the current performance of your printer fleet.
2. Send the survey to all printer users in the organization.
3. Collect the surveys and aggregate the requirements of users in each department.
4. Record the survey results in the "Survey Results" tab.

Download the End-User Print Requirements Survey

Info-Tech Insight:

Use an end-user printer satisfaction survey before and after any reduction efforts or vendor implementation, both as a requirement-gathering user input and to measure/manage the vendor.

Identify your current requirements

Collect all the surveys and aggregate user requirements. Input the requirements into your Printer Reduction Tool.

Discussion activity:

• Review the requirements for each department and discuss:
• What is this device being used for (e.g. internal documents, external documents, high-quality graphics/color)?
• Based on its use case, what kinds of features are needed (e.g. color printing, scanning to email, stapling)?
• Is this the right type of device for its purpose? Do we need this device, or can it be eliminated?
• Based on its use case, what kinds of security features are needed (e.g. secure print release)?
• Are there any compliance requirements that need to be satisfied (e.g. PCI, ITAR, HIPAA)?
• Based on its use case, what's the criticality of uptime?
• What is this device's place in the organization's workflow? What are its dependencies?
• With which systems is the device compatible? Is it compatible with the newer operating system versions? If not, determine whether the device is a refresh candidate.

Identify your future requirements

Prepare your printer fleet for future needs to avoid premature printer refreshes.

Discussion activity:

• Review the current requirements for each department's printers and discuss whether the requirements will meet the department's printing needs over the next 10 years.
• What is this device going to be used for in the next 10 years?
• Will use of this device be reduced by plans to increase workflow digitization?
• Based on its use case, what kinds of features are needed?
• Is this the right type of device for its purpose?
• Based on its use case, what kinds of security features are needed?
• Based on its use case, what is the criticality of uptime?
• Is this device's place in the organization's workflow going to change? What are its dependencies?
• Reassess your current requirements and make any changes necessary to accommodate for future requirements.

Examine requirements specific to your industry and workflow

Some common examples of industries with specific printing requirements:

• Healthcare
  • Ability to comply with HIPAA requirements
  • High availability and reliability with on-demand support and quick response times
  • Built-in accounting software for billing purposes
  • Barcode printing for hospital wristbands
  • Fax requirements
• Manufacturing
  • Barcoding technology
  • Ability to meet regulations such as FDA requirements for the pharmaceutical industry
  • Ability to integrate with ERP systems
• Education
  • Password protection for sensitive student information
  • Test grading solutions
  • Paper tests for accessibility needs

Phase 2

Vendor Selection, Evaluation, Acquisition

Re-Envision Enterprise Printing

• This phase will walk you through the following activities:
• Define managed print services RFP requirement questions
• Create managed print services RFP and scoring tool
• Score the RFP responses

This phase involves the following participants:

• IT director/CIO
• Business operations manager
• Project manager

Change your financial model

The managed print services industry allows you to use a pay-as-you-go approach and right-size your print spend to the organization's needs.

Avoid being locked into a long lease where the organization pays a fixed monthly fee whether the printer runs or not.

Instead, treat enterprise printing as a service, like the soda pop machine in the break room, where the vendor is paid when the device is used. If the vending machine is broken, the vendor is not paid until the technician restores it to operability. Printers can work the same way.

By moving to a per click/page financial model, the vendor installs and supports the devices and is paid whenever a user prints. Though the organization pays more on a per-click/page basis compared to a lease, the vendor is incentivized to right-size the printer footprint to the organization, and the organization saves on monthly recurring lease costs and maintenance costs.

Right-size commitments: If the organization remains on a lease instead of pay-per-click model, it should right-size the commitment if printing drops below a certain volume. In the agreement, include a business downturn clause that allows the organization to right-size and protect itself in the event of negative growth.

Understand the managed print services model and its cost savings

Outsourcing print services can monitor and balance your printers and optimize your fleet for efficiency. Managed print services are most appropriate for:

• Organizations engaging in high-volume, high-quality print jobs with growing levels of output.
• Organizations with many customer-facing print jobs.

There are three main managed printing service models. Sometimes, an easy switch from a level pay model to a pay-per-click model can result in substantial savings:

Level Pay

• Flat rate per month based on estimates.
• Attempts to flatten IT's budgeting so printing costs are consistent every month or every year (for budgeting purposes). At the end of the year, the amount of supplies used is added up and compared with the initial estimates and adjusted accordingly.
• The customer pays the same predictable fee each month every year, even if you don't meet the maximum print quantity for the pay. Increased upcharge for quantities exceeding maximum print quantity.

Base Plus Click

• Fixed base payment (lease or rental) + pay-per-sheet for services.
• In addition to the monthly recurring base cost, you pay for what you use. This contract may be executed with or without a minimum monthly page commitment. Page count through remote monitoring technologies is typically required.

Pay Per Click

• Payment is solely based on printing usage.
• Printing costs will likely be the lowest with this option, but also the most variable.
• This option requires a minimum monthly page commitment and/or minimum term.

Info-Tech Insight:

Vendors typically do not like the pay-per-click option and will steer businesses away from it. However, this option holds the vendor accountable for the availability and reliability of your printers, and Info-Tech generally recommends this option.

Compare financials of each managed print services option

Your printing costs with a pay-per-click model are most reflective of your actual printer usage. Level pay tends to be more expensive, where you need to pay for overages but don't benefit from printing less than the maximum allocated.

See the below cost comparison example with level pay set at a maximum of 120,000 impressions per month. In the level pay model, the organization was paying for 120,000 sheets in the month it only used 60,000 impressions, whereas it would have been able to pay just for the 60,000 sheets in the pay-per-click model.

Financial comparison case study

This organization compared estimated costs over a 36-month period for the base-plus-click and pay-per-page models for Toshiba E Studio 3515 AC Digital Color Systems.

Results

Though the per-image cost for each image is lower in the base-plus-click model, the added monthly recurring costs for the lease means the "net pay per click" is higher.

Overall, the pay-per-page estimate saved $10,044 over a 36-month period for this device.

Bake continuing innovation into your requirements

Once you are in the operation phase, you will need to monitor and analyze trends in company printing in order to make recommendations for the future and to identify areas for possible savings and/or asset optimization.

Avoid a scenario where the vendor drops the printer in your environment and returns only for repairs. Engage the vendor in this continuous innovation work:

In the managed services agreement, include a proviso for continuous innovation where the vendor has a contractual obligation to continually look at the business process flow and bring yearly proposals to show innovation (e.g. cost reductions; opportunities to reduce print, which allows the vendor to propose document management services and record keeping services). Leverage vendors who are building up capabilities to transform business processes to help with the heavy lifting.

Establish a vision for the relationship that goes beyond devices and toner. The vendor can make a commitment to continuous management and constant improvement, instead of installing the devices and leaving. Ideally, this produces a mutually beneficial situation: The client asks the vendor to sell them ways to mature and innovate the business processes, while the vendor retains the business and potentially sells new services. In order to retain your business, the vendor must continue to learn and know about your business.

The metric of success for your organization is the simple reduction in printed copies overall. The vendor success metric would be proposals that may combine hardware, software, and services that provide cost-effective reductions in print through document management and workflow processes. The vendors should be keen to build this into the relationship since the services delivery has a higher margin for them.

Sample requirement wording:

"Continuing innovation: The contractor initiates at least one (1) project each year of the contract that shows leadership and innovation in solutions and services for print, document management, and electronic recordkeeping. Bidders must describe a sample project in their response, planning for an annual investment of approximately 50 consulting hours and $10,000 in hardware and/or software."

Reward the vendor for performance instead of "punishing" them for service failures

Problem: Printer downtime and poor service is causing friction with your managed service provider (MSP).

MSPs often offer clients credit requests (service credits) for their service failures, which are applied to the previous month's monthly recurring charge. They are applied to the last month's MRC (monthly reoccurring charges) at the end of term and then the vendor pays out the residual.

However, while common, service credits are not always perceived to be a strong incentive for the provider to continually focus on improvement of mean time to respond or mean time to repair.

Solution: Turn your vendor into a true partner by including an "earn back" condition in the contract.

• Engage the vendor as a true partner within a relationship based upon service credits.
• Suggest that the vendor include a minor change to the non-performance processes within the final agreement: the vendor implements an "earn back" condition in the agreement.
• Where a bank of service credits exists because of non-performance, if the provider exceeds the SLA performance metrics for a number of consecutive months (two is common), then a given number of prior credits received by the client are returned to the provider as a reward for improved performance.
• This can be a useful mechanism to drive improved performance.

Leverage enterprise print management software

Printers are commoditized and can come and go, but print management software enables the governance, compliance, savings and visibility necessary for the transformation

• Printer management solutions range from tools bundled with ink-jet printers that track consumables' status, to software suites that track data for thousands of print devices.
• Typically, these solutions arrive in enterprises as part of larger managed services printing engagements, bundled with hardware, financing, maintenance, and "services."
• Bundling print management software means that customers very rarely seek to acquire printing management software alone.
• Owing to the level of customization (billing, reporting, quotas, accounts, etc.) switching print management software solutions is also rare. The work you put into this software will remain with IT regardless of your hardware.
• Durability of print management software is also influenced by the hardware- and technology-agnostic nature of the solutions (e.g. swapping one vendor's devices for another does not trigger anything more than a configuration change in print management software.)

Include enterprise print management requirements in the RFP

Ask respondents to describe their managed services capabilities and an optional on-premises, financed solution with these high-level capabilities.

Select the appropriate type of print management software

Vendor-provided solutions are adequate control for small organizations with simple print environments

• Suitable for small organizations (<100 users).
• Software included with print devices can pool print jobs, secure access, and centralize job administration.
• Dealing with complex sales channels for third-party vendors is likely a waste of resources.

SMBs with greater print control needs can leverage mid-level solutions to manage behavior

• Suitable for mid-size organizations (<500 users).
• Mid-level software can track costs, generate reports, and centralize management.
• Solutions start at $500 but require additional per-device costs.

Full control solutions will only attract large organizations with a mature print strategy

• Full control solutions tend to be suitable for large organizations (>500 users) with complex print environments and advanced needs.
• Full control software allows for absolute enforcement of printing policies and full control of printing.
• Expect to spend thousands for a tailored solution that will save time and guide cost savings.

Enterprise print management software features

The feature set for these tools is long and comprehensive. The feature list below is not exhaustive, as specific tools may have additional product capabilities.

Get to the managed print services RFP quicker

Jumpstart your requirements process using these tools and exercises

Vendor Assessment Questions

Use Info-Tech's catalog of commonly used questions and requirements in successful acquisition processes for managed print services. Ask the right questions to secure an agreement that meets your needs. If you are already in a contract with managed print services, take the opportunity of contract renewal to improve the contract and service.

RFP Template and "Schedule 1" Attachment

Add your finalized assessment questions into this table, which you will attach to your RFP. The vendor answers questions in this "Schedule 1" attachment and returns it to you.

RFP Scoring Tool

Aggregate the RFP responses into this scoring tool to identify the frontrunners and candidates for elimination. Since the vendors are asked to respond in a standard format, it is easier to bring together all the responses to create a complete view of your options.

Define RFP requirement questions

Include the right requirements for your organization, and avoid leaving out important requirements that might have been overlooked.

1. Download the Managed Print Services Vendor Assessment Questions tool. Use this document as a "shopping list" to jumpstart an initial draft of the RFP and, more importantly, scoring requirements.
2. Review the questions in the context of your near- and long-term printer outsourcing needs. Consider your environment, your requirements, and goals. Include other viewpoints from the RACI chart from Phase 1.
3. Place an 'X' in the first column to retain the question. Edit the wording of the question if required, based on your organizational needs.
4. Use the second column to indicate which section of the RFP to include the question in.

Download the Managed Print Services Vendor Assessment Questions tool

Create RFP scoring tool and RFP

1. Enter the requirements questions into the scoring tool on Tabs 2 and 4.
2. Tab 2: Create scoring column for each vendor. You will paste in their responses here.
3. Edit Tabs 3 and 4 so they align with what you want the vendor to see. Copy and paste Tab 3 and Tab 4 into a new document, which will serve as a "Schedule 1" attachment to the RFP package the vendor receives.
4. Complete the RFP template. Describe your current state and current printer hardware (documented in the earlier current-state assessment). Explain the rules of how to respond and how to fill out the Schedule 1 document. Instruct each vendor to fill in their responses to each question along with any notes, and to reply with a zip file that includes the completed RFP package along with any marketing material needed to support their response.
5. Send a copy of the RFP and Schedule 1 to each vendor under consideration.

Download the Managed Print Services RFP Vendor Proposal Scoring Tool

Download the Managed Print Services RFP template

Score RFP responses

1. When the responses are returned, copy and paste each vendor's results from Schedule 1 into Tab 2 of the main scoring tool.
2. Evaluate each RFP response against the RFP criteria based on the scoring scale.
3. Send the completed scoring tool to the CIO.
4. Set up a meeting to discuss the scores and generate shortlist of vendors.
5. Conduct further interviews with shortlisted vendors for due diligence, pricing, and negotiation discussions.
6. Once a vendor is selected, review the SLAs and contract and develop a transition plan.

Info-Tech Insight:

The responses from the low-scoring vendors still have value: these providers will likely provide ideas that you can then leverage with your frontrunner, even if their overall proposal did not score highly.

Phase 3

Implementation & Operation

Re-Envision Enterprise Printing

This phase will walk you through the following activities:

• Update your enterprise printer policies
• Readminister end-user survey to measure project success

This phase involves the following participants:

• IT director/CIO
• Business operations manager
• Project manager

Modify your printer policies

Review and modify Info-Tech's Printer Policy Template to support your print reduction goals

Consider that your goal is to achieve printer reduction. Discuss with your team how strict it needs to be to truly reset behavior with printers. Many organizations struggle with policy enforcement. Firm language in the policy may be required to achieve this goal. For example,

• IT only supports the printers acquired through the managed print service. Personal desktop printers are not supported by IT. Expense statements will not be accepted for non-supported printers.
• Create a procurement policy where all device requests need justification and approval by department managers and IT. Have a debate over what the extreme exceptions would be. Legitimate exceptions must go through a review and approval process.
• Restrict color printing to external or customer-facing use cases.
• Encourage digital or electronic solutions in lieu of hard copies (e.g. e-signatures and approval workflows; scanning; use of integrated enterprise applications like SharePoint).

Download the Printer Policy template

Readminister the end-user survey

You have already run this survey during the requirements-gathering phase. Run it again to measure success.

The survey was run once prior to the changes being implemented to establish a baseline of user satisfaction and to gain insights into additional requirements.

Several months after the initial rollout (90 days is typical to let the dust settle), resurvey the end users and publish or report to the administration success metrics (the current costs vs. the actual costs prior to the change).

User satisfaction survey can be used to manage the vendor, especially if the users are less happy after the vendor touched their environment. Use this feedback to hold the provider to account for improvement.

Measure project success

Revisit the pre-project metrics and goals and compare with your current metrics

• Identify printers to consolidate or eliminate.
• Update asset management system (enter software and hardware serial numbers or identification tags into configuration management system).
• Reallocate/install printers across the organization.
• Develop ongoing printer usage and cost reports for each department.
• Review the end-user survey and compare against baseline.
• Operate, validate, and distribute usage metrics/chargeback to stakeholders.
• Audit and report on environmental performance and sustainability performance to internal and external bodies, as required.
• Write and manage knowledgebase articles.
• Monitor and analyze trends in company printing in order to make recommendations for the future and to identify areas for possible savings and/or asset optimization.

Metrics could include

• User satisfaction
• Print services net promoter model
• Total printing costs
• Printer availability (uptime)
• Printer reliability (mean time between failures)
• Total number of reported incidents
• Mean time for vendor to respond and repair

Support training and adoption

Train users on self-support

Prepare troubleshooting guides and step-by-step visual aid posters for the print areas that guide users to print, release, and find their print jobs and fix common incidents on their own. These may include:

• The name of this printer location and the names of the others on that floor.
• How to enter a PIN to release a print job.
• How to fix a paper jam.
• How to empty the paper tray.
• How to log a service ticket if all other steps are exhausted.

Educate users to use print area wisely

• Inform users what to do if other print jobs appear to be left behind in the printer area.
• Display guidelines on printer location alternatives in case of a long line.
• Display suggestions on maximum recommended time to spend on a job in the event other users are waiting.

Develop campaign to promote paperless culture

Ensure business leadership and end users remain committed to thinking before they print.

• Help your users avoid backsliding by soliciting feedback on the new printer areas.
• Ensure timely escalation of service tickets to the vendor.
• Support efforts by the business to seek out business process modernization opportunities whenever possible.

Plan persuasive communication strategies

Identify cost-saving opportunities and minimize complaints through persuasive communication

Implement a continual improvement plan to achieve long-term enterprise print goals

Implement a continual improvement plan for enterprise printing:

• Develop a vendor management plan:
  • In order to govern SLAs and manage the vendor, ensure that you can track printer-related tickets even if the device is now supported by managed print services.
  • Ensure that printer service tickets sent from the device to the vendor are also reconciled in your ITSM tool. Require the MSP to e-bond the ticket created within their own device and ticketing system back to you so you can track it in your own ITSM tool.
  • Every two months, validate service credits that can be returned to the vendor for exceeding SLA performance metrics.
  • Monitor the impact of their digital transformation strategies. Develop a cadence to review the vendor's suggestions for innovation opportunities.
• Operate, validate, and distribute usage and experience metrics/chargeback to stakeholders.
• Monitor and analyze trends in company printing.

Summary of Accomplishment

Problem Solved

You have now re-envisioned your enterprise print environment by documenting your current printer inventory and current cost and usage. You also have hard inventory and usage data benchmarks that you can use to measure the success of future initiatives around digitalization, going paperless, and reducing print cost.

You have also developed a plan to go to market and become a consumer of managed print services, rather than a provider yourself. You have established a reusable RFP and requirements framework to engage a managed print services vendor who will work with you to support your continuous improvement plans.

Return to the deliverables and advice in this blueprint to reinforce the organization's message to end users on when, where, and how to print. Ideally, this project has helped you go beyond a printer refresh – but rather served as a means to change the printing culture at your organization.

If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

Contact your account representative for more information

workshops@infotech.com
1-888-670-8889

Bibliography

Fernandes, Louella. "Quocirca Managed Services Print Market, 2021." Quocirca, 25 Mar. 2021. Accessed 12 Oct. 2021.

McInnes, Angela. "No More Photocopies, No More Ink: Thames Valley Schools Run Out of Toner." CBC, 21 Oct. 2021. Web.

"Paper and Paperboard: Material-Specific Data." EPA, 15 Dec. 2020. Accessed 15 Oct. 2021.

State of Washington, House of Representatives. "State Agencies – Paper Conservation and Recycling." 61st Legislature, Substitute House Bill 2287, Passed 20 April 2009.

Sugihara, Azusa. "Pandemic Shreds Office Paper Demand as Global Telework Unfolds." Nikkei Asia, 18 July 2020. Accessed 29 Sept. 2021.

"Paper Reduction." University of Washington, n.d. Accessed 28 Oct. 2021.

"What is MPS?" University of Washington, n.d. Accessed 16 Mar. 2022.

Research contributors

Jarrod Brumm
Senior Digital Transformation Consultant

Jacques Lirette
President, Ditech Testing

3 anonymous contributors

Info-Tech Research Group Experts

Allison Kinnaird, Research Director & Research Lead
Frank Trovato, Research Director

Develop Infrastructure & Operations Policies and Procedures

Document what you need to document and forget the rest.

Table of contents

Project Rationale

Project Outlines

• Phase 1: Identify Policy and Procedure Gaps
• Phase 2: Develop Policies
• Phase 3: Document Effective Procedures

Bibliography

ANALYST PERSPECTIVE

Document what you need to document now and forget the rest.

Our understanding of the problem

This Research Is Designed For:

• Infrastructure Managers
• Chief Technology Officers
• IT Security Managers

This Research Will Help You:

• Address policy gaps
• Develop effective procedures and procedure documentation to support policy compliance

This Research Will Also Assist:

• Chief Information Officers
• Enterprise Risk and Compliance Officers
• Chief Human Resources Officers
• Systems Administrators and Engineers

This Research Will Help Them:

• Understand the importance of a coherent approach to policy development
• Understand the importance of Infrastructure & Operations policies
• Support Infrastructure & Operations policy development and enforcement

Info-Tech Best Practice

This blueprint supports templates for key policies and procedures that help Infrastructure & Operations teams to govern and manage internal operations. For security policies, see the NIST SP 800-171 aligned Info-Tech blueprint, Develop and Deploy Security Policies.

Executive Summary

Situation

• Time and money are wasted dealing with mistakes or missteps that should have been addressed by procedures or policies.
• Standard operating procedures are less effective without a policy to provide a clear mandate and direction.

Complication

• Existing policies were written, approved, signed – and forgotten for years because no one has time to maintain them.
• Adhering to policies is rarely a priority, as compliance often feels like an impediment to getting work done.
• Processes aren’t measured or audited to assess policy compliance, which makes enforcing the policies next to impossible.

Resolution

• Start with a comprehensive policy framework to help you identify policy gaps. Prioritize and address those policy gaps.
• Create effective policies that are reasonable, measurable, auditable, and enforceable.
• Create and document procedures to support policy changes.

Info-Tech Insight

1. Document what you need to document and forget the rest.
   Always check if a previously approved policy exists before you create a new one. You may only need to create new guidelines or standards rather than approve a new policy.
2. Support policies with documented procedures.
   Build procedures that embed policy adherence in daily operations. Find opportunities to automate policy adherence (e.g. removing local admin rights from user computers).

What are policies, procedures, and processes?

A policy is a governing document that states the long-term goals of the organization and in broad strokes outlines how they will be achieved (e.g. a Data Protection Policy).

In the context of policies, a procedure is composed of the steps required to complete a task (e.g. a Backup and Restore Procedure). Procedures are informed by required standards and recommended guidelines. Processes, guidelines, and standards are three pillars that support the achievement of policy goals.

A process is higher level than a procedure – a set of tasks that deliver on an organizational goal.

Better policies and procedures reduce organizational risk and, by strengthening the ability to execute processes, enhance the organization’s ability to execute on its goals.

Document to improve governance and operational processes

Deliver value

Build, deliver, and support Infrastructure assets in a consistent way, which ultimately reduces costs associated with downtime, errors, and rework. A good manual process is the foundation for a good automated process.

Simplify Training

Use documentation for knowledge transfer. Routine tasks can be delegated to less-experienced staff.

Maintain compliance

Comply with laws and regulations. Policies are often required for compliance, and formally documented and enforced policies help the organization maintain compliance by mandating required due diligence, risk reduction, and reporting activities.

Provide transparency

Build an open kitchen. Other areas of the organization may not understand how Infra & Ops works. Your documentation can provide the answer to the perennial question: “Why does that take so long?”

Info-Tech Best Practice

Governance goals must be supported with effective, well-aligned procedures and processes. Use Info-Tech’s research to support the key Infrastructure & Operations processes that enable your business to create value.

Document what you need to document – and forget the rest

Half of all organizations believe their policy suite is insufficient. (Info-Tech myPolicies Survey Data (N=59))

Too much documentation and a lack of documentation are both ineffective. (Info-Tech myPolicies Survey Data (N=59))

77% of IT professionals believe their policies require improvement. (Kaspersky Lab)

Presenting: A COBIT-aligned policy suite

We’ve developed a suite of effective policy templates for every Infra & Ops manager based on Info-Tech’s IT Management & Governance Framework.

Info-Tech Best Practice

Look for these symbols as you work through the deck. Prioritize and focus on the policies you work on first based on the value of the policy to the enterprise and the existing gaps in your governance structure.

Use these icons to help direct you as you navigate this research

Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.

Info-Tech offers various levels of support to best suit your needs

Diagnostics and consistent frameworks used throughout all four options

Accelerate policy development with a Guided Implementation

Your trusted advisor is just a call away.

• Identify Policy and Procedure Gaps (Calls 1-2)
  Assess current policies, operational challenges, and gaps. Mitigate significant risks first.
• Create and Review Policies (Calls 2-4)
  Modify and review policy templates with an Info-Tech analyst.
• Create and Review Procedures (Calls 4-6)
  Workflow procedures, using templates wherever possible. Review documentation best practices.

Contact Info-Tech to set up a Guided Implementation with a dedicated advisor who will walk you through every stage of your policy development project.

Develop Infrastructure & Operations Policies and Procedures

Phase 1

Identify Policy and Procedure Gaps

PHASE 1: Identify Policy and Procedure Gaps

Step 1.1: Review and right-size the existing policy set

This step will walk you through the following activities:

• Identify gaps in your existing policy suite
• Document challenges to core Infrastructure & Operations processes
• Identify documentation that can close gaps
• Prioritize your documentation effort

This step involves the following participants:

• Infrastructure & Operations Manager
• Infrastructure Supervisors

Results & Insights

• Results: A review of the existing policy suite and identification of opportunities for improvement.
• Insights: Not all gaps necessarily require a fresh policy. Repurpose, refresh, or supplement existing documentation wherever appropriate.

Conduct a policy review

You’ve got time to review your policy suite. Make the most of it.

1. Start with organizational requirements.
   • What initiatives are on the go? What policies or procedures do you have a mandate to create?
2. Weed out expired and dated policies.
   • Gather your existing policies. Identify when each one was published or last reviewed.
   • Decide whether to retire, merge, or update expired or obviously dated policy.
3. Review policy statements.
   • Check that the organization is adequately supporting policy statements with SOPs, standards, and guidelines. Ensure role-related information is up to date.
4. Document and bring any gaps forward to the next activity. If no action is required, indicate that you have completed a review and submit the findings for approval.

But they just want one policy...

• Existing policies may address what you’re trying to do with a new policy. Using or modifying an existing policy avoids overlap and contradiction and saves you the effort required to create, communicate, approve, and maintain a new policy.
• Review the suite to validate that you’re addressing the most important challenges first.

Brainstorm improvements for core Infrastructure & Operations processes

Supplement the list of gaps from your policy review with process challenges.

1. Write out key Infra & Ops–related processes – one piece of flipchart paper per process. You can work through all of these processes or cherry-pick the processes you want to improve first.
2. With participants, write out in point form how you currently execute on these processes (e.g. for Asset Management, you might be tagging hardware, tracking licenses, etc.)
3. Work through a “Start – Stop – Continue” exercise. Ask participants: What should we start doing? What must we stop doing? What do we do currently that’s valuable and must continue? Write ideas on sticky notes.
4. Once you’ve worked through the “Start – Stop – Continue” exercise for all processes, group similar suggestions for improvements.

Asset Management: Manage hardware and software assets across their lifecycle to protect assets and manage costs.

Availability and Capacity Management: Balance current and future availability, capacity, and performance needs with cost-to-serve.

Business Continuity Management: Continue operation of critical business processes and IT services.

Change Management: Deliver technical changes in a controlled manner.

Configuration Management: Define and maintain relationships between technical components.

Problem Management: Identify incident root cause.

Operations Management: Coordinate operations.

Release and Patch Management: Deliver updates and manage vulnerabilities in a controlled manner.

Service Desk: Respond to user requests and all incidents.

PHASE 1: Identify Policy and Procedure Gaps

Step 1.2: Create an action plan to address policy gaps

This step will walk you through the following activities:

• Identify challenges and gaps that can be addressed via documentation
• Prioritize high-value, high-risk gaps

This step involves the following participants:

• Infrastructure & Operations Manager
• Infrastructure Supervisors

Results & Insights

• Results: An action plan to tackle policy and procedures gaps, aligned with business requirements and business value.
• Insights: Not all documentation is equally valuable. Prioritize documentation that delivers value and mitigates risk.

Support policies with procedures, standards, and guidelines

Use a working definition for each type of document.

Policy: Directives, rules, and mandates that support the overarching, long-term goals of the organization.

• Standards: Prescriptive, uniform requirements.
• Procedures: Specific, detailed, step-by-step instructions for completing a task.
• Guidelines: Non-enforceable, recommended best practices.

Info-Tech Best Practice

Take advantage of your Info-Tech advisory membership by scheduling review sessions with an analyst. We provide high-level feedback to ensure your documentation is clear, concise, and consistent and aligns with the governance objectives you’ve identified.

Answer the following questions to decide if governance documentation can help close gaps

1(c) 30 minutes

Documentation supports knowledge sharing, process consistency, compliance, and transparency. Ask the following questions:

1. What is the purpose of the documentation?
   Procedures support task completion. Policies set direction and manage organizational risk.
2. Should it be enforceable?
   Policies and standards are enforceable; guidelines are not. Procedures are enforceable in that they should support policy enforcement.
3. What is the scope?
   To document a task, create a procedure. Set overarching rules with policies. Use standards and guidelines to set detailed rules and best practices.
4. What’s the expected cadence for updates?
   Policies should be revisited and revised less frequently than procedures.

Info-Tech Best Practice

Reinvent the wheel? I don’t think so!

Always check to see if a gap can be addressed with existing tools before drafting a new policy

• Is there an existing policy that could be supported with new or updated procedures, technical standards, or guidelines?
• Is there a technical control you can deploy that would enforce the terms of an existing, approved policy?
• It may be simpler to amend an existing policy instead of creating a new one.

Some problems can’t be solved by better documentation (or by documentation alone). Consider additional strategies that address people, process, and technology.

Tackle high-value, high-risk gaps first

1(d) 30 minutes

Prioritize your documentation effort.

1. List each proposed piece of documentation on the board.
2. Assign a score to the risk posed to the business by the lack of documentation and to the expected benefit of completing the documentation. Use a scoring scale between 1 and 3 such as the one on the right.
3. Prioritize documentation that mitigates risks and maximizes benefits.
4. If you need to break ties, consider effort required to develop, implement, and enforce policies or procedures.

Example Scoring Scale

Info-Tech Insight

Documentation pulls resources away from other important programs and projects, so ultimately it must be a demonstrably higher priority than other work. This exercise is designed to align documentation efforts with business goals.

Phase 1: Review accomplishments

Policy pillars: Standards, Procedures, Guidelines

Summary of Accomplishments

• Identified gaps in the existing policy suite and identified pain points in existing Infra & Ops processes.
• Developed a list of policies and procedures that can address existing gaps and prioritized the documentation effort.

Develop Infrastructure & Operations Policies and Procedures

Phase 2

Develop Policies

PHASE 2: Develop Policies

Step 2.1: Modify policy templates and gather feedback

This step will walk you through the following activities:

• Modify policy templates

This step involves the following participants:

• Infrastructure & Operations Manager
• Technical Writer

Results & Insights

• Results: Your own COBIT-aligned policies built by modifying Info-Tech templates.
• Insights: Effective policies are easy to read and navigate.

Write Good-er: Be Clear, Consistent, and Concise

Effective policies adhere to the three Cs of documentation.

1. Be clear. Make it as easy as possible for a user to learn how to comply with your policy.
2. Be consistent. Write policies that complement each other, not contradict each other.
3. Be concise. Make it as quick and easy as possible to read and understand your policy.

Info-Tech Best Practice

To download the full suite of templates all at once, click the “Download Research” button on the research landing page on the website.

Use the three Cs: Be Clear

Understanding makes compliance possible. Create policy with the goal of making compliance as easy as possible. Use positive, simple language to convey your intentions and rationale to your audience. Staff will make an effort adhere to your policy when they understand the need and are able to comply with the terms.

1. Choose a skilled writer. Select a writer who can write clearly and succinctly.
2. Default to simple language and define key terms. Define scope and key terms upfront. Avoid using technical terms outside of technical documentation; if they’re necessary be sure to define them as well.
3. Use active, positive language. Where possible, tell people what they can do, not what they can’t.
4. Keep the structure simple. Complicated documents are less likely to be understood and read. Use short sentences and paragraphs. Lists are a helpful way to summarize important information. Guide your reader through the document with appropriately named section headers, tables of contents, and numeration.
5. Add a process for handling exceptions. Refer to procedures, standards, and guidelines documentation. Try to keep these links as static as possible. Also, refer to a process for handling exceptions.
6. Manage the integrity of electronic documents. When published electronically, the policy should have restricted editing access or should be published in a non-editable format. Access to the procedure and policy storage database for employees should be read-only.

Info-Tech Insight

Highly effective policies are easy to navigate. Your policies should be “skimmable.” Very few people will fully read a policy before accepting it. Make it easy to navigate so the reader can easily find the policy statements that apply to them.

Use the three Cs: Be Consistent

Ensure that policies are aligned with other organizational policies and procedures. It detracts from compliance if different policies prescribe different behavior in the same situation. Moreover, your policies should reflect the corporate culture and other company standards. Use your policies to communicate rules and get employees aligned with how your company works.

1. Use standard sentences and paragraphs. Policies are usually expressed in short, standard sentences. Lists should also be used when necessary or appropriate.
2. Remember the three Ws. When writing a policy, always be sure to clearly state what the rule is, when it should be applied, and who needs to follow it. Policies should clearly define their scope of application and whether directives are mandatory or recommended.
3. Use an outline format. Using a numbered or outline format will make a document easier to read and will make content easier to look up when referring back to the document at a later time.
4. Avoid amendments. Avoid the use of information that is quickly outdated and requires regular amendment (e.g. names of people).
5. Reference a set of supplementary documents. Codify your tactics outside of the policy document, but make reference to them within the text. This makes it easier to ensure consistency in the behavior prescribed by your policies.

"One of the issues is the perception that policies are rules and regulations. Instead, your policies should be used to say ‘this is the way we do things around here.’" (Mike Hughes CISA CGEIT CRISC, Principal Director, Haines-Watts GRC)

Use the three Cs: Be Concise

Reading and understanding policies shouldn’t be challenging, and it shouldn’t significantly detract from productive time. Long policies are more difficult to read and understand, increasing the work required for employees to comply with them. Put it this way: How often do you read the Terms and Conditions of software you’ve installed before accepting them?

1. Be direct. The quicker you get to the point, the easier it is for the reader to interpret and comply with your policy.
2. Your policy is a rule, not a recipe. Your policy should outline what needs to be accomplished and why – your standards, guidelines, and SOPs address the how.
3. Keep policies short. Nobody wants to read a huge policy book, so keep your policies short.
4. Use additional documentation where needed. In addition to making consistency easier, this shortens the length of your policies, making them easier to read.
5. Policy still too large? Modularize it. If you have an extremely large policy, it’s likely that it’s too widely scoped or that you’re including statements that should be part of procedure documentation. Consider breaking your policy into smaller, focused, more digestible documents.

"If the policy’s too large, people aren’t going to read it. Why read something that doesn’t apply to me?" (Carole Fennelly, Owner and Principal, cFennelly Consulting)

"I always try to strike a good balance between length and prescriptiveness when writing policy. Your policies … should be short and describe the problem and your approach to solving it. Below policies, you write standards, guidelines, and SOPs." (Michael Deskin, Policy and Technical Writer, Canadian Nuclear Safety Commission)

Customize policy documents

Use the policies templates to support key Infrastructure & Operations programs.

INPUT: List of prioritized policies

OUTPUT: Written policy drafts ready for review

Materials: Policy templates

Participants: Policy writer, Signing authority

No policy template will be a perfect fit for your organization. Use Info-Tech’s research to develop your organization’s program requirements. Customize the policy templates to support those requirements.

1. Work through policies from highest to lowest priority as defined in Phase 1.
2. Follow the instructions written in grey text to customize the policy. Follow the three Cs when you write your policy.
3. When your draft is finished, prepare to request signoff from your signing authority by reviewing the draft with an Info-Tech analyst.
4. Complete the highest ranked three or four draft policies. Review all these policies with relevant stakeholders and include all relevant signing authorities in the signoff process.
5. Rinse and repeat. Iterate until all relevant polices are complete.

Request, Incident, and Problem Management

An effective, timely service desk correlates with higher overall end-user satisfaction across all other IT services. (Info-Tech Research Group, 2016 (N=25,998))

Use the following template to create a policy that outlines the goals and mandate for your service and support organization:

• IT Triage and Support Policy

Support the program and associated policy statements using Info-Tech’s research:

• Standardize the Service Desk
• Incident and Problem Management
• Design & Build a User-Facing Service Catalog

Embrace Standardization

• Outline the support and service mandate with the policy. Support the policy with the methodology in Info-Tech’s research.
• Over time, organizations without standardized processes face confusion, redundancies, and cost overruns. Standardization avoids wasting energy and effort building new solutions to solved issues.
• Standard processes for IT services define repeatable approaches to work and sandbox creative activities.
• Create tickets for every task and categorize them using a standard classification system. Use the resulting data to support root-cause analysis and long-term trend management.
• Create a single point of contact for users for all incidents and requests. Escalate and resolve tickets faster.
• Empower end users and technicians with knowledge bases that help them solve problems without intervention.

Change, Release, and Patch Management

Slow turnaround, unauthorized changes, and change-related incidents are all too familiar to many managers.

Use the following templates to create policies that define effective patch, release, and change management:

• Change Management Policy
• Release and Patch Management Policy
• Change Control – Freezes & Risk Evaluation Policy

Ensure the policy is supported by using the following Info-Tech research:

• Optimize Change Management

Embrace Change

• IT system owners resist change management when they see it as slow and bureaucratic.
• At the same time, an increasingly interlinked technical environment may cause issues to appear in unexpected places. Configuration management systems are often not kept up to date, so preventable conflicts get missed.
• No process exists to support the identification and deployment of critical security patches. Tracking down users to find a maintenance window takes significant, dedicated effort and intervention from the management team.
• Create a unified change management process that reduces risk and is balanced in its approach toward deploying changes, while also maintaining throughput of patches, fixes, enhancements, and innovation.

IT Asset Management (ITAM)

A proactive, dynamic ITAM program will pay dividends in support, contract management, appropriate provisioning, and more.

Start by outlining the requirements for effective asset management:

• Hardware Asset Management Policy
• Software Asset Management Policy

Support ITAM policies with the following Info-Tech research:

• Implement IT Asset Management

Leverage Asset Data

• Create effective, directional policies for your asset management program that provide a mandate for action. Support the policies with robust procedures, capable staff, and right-fit technology solutions.
• Poor management of assets generally leads to higher costs due to duplicated purchases, early replacement, loss, and so on.
• Visibility into asset location and ownership improves security and accountability.
• A centralized repository of asset data supports request fulfilment and incident management.
• Asset management is an ongoing program, not a one-off project, and must be resourced accordingly. Organizations often implement an asset management program and let it stagnate.

"Many of the large data breaches you hear about… nobody told the sysadmin the client data was on that server. So they weren’t protecting and monitoring it." (Carole Fennelly, Owner and Principal, cFennelly Consulting)

Business Continuity Management (BCM)

Streamline the traditional approach to make BCM practical and repeatable.

Set the direction and requirements for effective BCM:

• Business Continuity Management Policy

Support the BCM policy with the following Info-Tech research:

• Create a Right-Sized Disaster Recovery Plan
• Develop a Business Continuity Plan

Build Organizational Resilience

• Evidence of disaster recovery and business continuity planning is increasingly required to comply with regulations, mitigate business risk, and meet customer demands.
• IT leaders are often asked to take the lead on business continuity, but overall accountability for business continuity rests with the board of directors, and each business unit must create and maintain its business continuity plan.
• Set an organizational mandate for BCM with the policy.
• Divide the business continuity mandate into manageable parcels of work. Follow Info-Tech’s practical methodology to tackle key disaster recovery and business continuity planning activities one at a time.

Info-Tech Best Practice

Governance goals must be supported with effective, well-aligned procedures and processes. Use Info-Tech’s research to support the key Infrastructure & Operations processes that enable your business to create value.

Availability, Capacity, and Operations Management

What was old is new again. Use time-tested techniques to manage and plan cloud capacity and costs.

Set the direction and requirements for effective availability and capacity management:

• Availability and Capacity Management Policy
• System Maintenance Policy – NIST

Support the policy with the following Info-Tech research:

• Develop an Availability and Capacity Management Plan
• Improve IT Operations Management
• Develop an IT Infrastructure Services Playbook

Mature Service Delivery

• Hybrid IT deployments – managing multiple locations, delivery models, and service providers – are the future of IT. Hybrid deployments significantly complicate capacity planning and operations management.
• Effective operations management practices develop structured processes to automate activities and increase process consistency across the IT organization, ultimately improving IT efficiency.
• Trying to add mature service delivery can feel like playing whack-a-mole. Systematically improve your service capabilities using the tactical, iterative approach outlined in Improve IT Operations Management.

Enhance your overall security posture with a defensible, prescriptive policy suite

Align your security policy suite with NIST Special Publication 800-171.

Security policies support the organization’s larger security program. We’ve created a dedicated research blueprint and a set of templates that will help you build security policies around a robust framework.

• Start with a security charter that aligns the security program with organizational objectives.
• Prioritize security policies that address significant risks.
• Work with technical and business stakeholders to adapt Info-Tech’s NIST SP 800-171–aligned policy templates (at right) to reflect your organizational objectives.

Review and download Info-Tech's blueprint Develop and Deploy Security Policies.

Info-Tech Best Practice

Customize Info-Tech’s policy framework to align your policy suite to NIST SP 800-171. Given NIST’s requirements for the control of confidential information, organizations that align their policies to NIST standards will be in a strong governance position.

PHASE 2: Develop Policies

Step 2.2: Implement, enforce, measure, and maintain new policies

This step will walk you through the following activities:

• Gather stakeholder feedback
• Identify preventive and detective controls
• Identify required supports
• Seek policy approval
• Establish roles and responsibilities for policy maintenance

This step involves the following participants:

• Infrastructure & Operations Manager
• Infrastructure Supervisors
• Technical Writer
• Policy Stakeholders

Results & Insights

• Results: Well-supported policies that have received signoff.
• Insights: If you’re not prepared to enforce the policy, you might not actually need a policy. Use the policy statements as guidelines or standards, create and implement procedures, and build a culture of compliance. Once you can confidently execute on required controls, seek signoff.

Gather feedback from users to assess the feasibility of the new policies

2(b) Review period: 1-2 weeks

Once the policies are drafted, roundtable the drafts with stakeholders.

INPUT: Draft policies

OUTPUT: Reviewed policy drafts ready for approval

Materials: Policy drafts

Participants: Policy stakeholders

1. Form a test group of users who will be affected by the policy in different ways. Keep the group to around five staff.
2. Present new policies to the testers. Allow them to read the documents and attempt to comply with the new policies in their daily routines.
3. Collect feedback from the group.
   • Consider using interviews, email surveys, chat channels, or group discussions.
   • Solicit ideas on how policy statements could be improved or streamlined.
4. Make reasonable changes to the first draft of the policies before submitting them for approval. Policies will only be followed if they’re realistic and user friendly.

Info-Tech Best Practice

Allow staff the opportunity to provide input on policy development. Giving employees a say in policy development helps avoid obstacles down the road. This is especially true if you’re trying to change behavior rather than lock it in.

Develop mechanisms for monitoring and enforcement

Brainstorm preventive and detective controls.

INPUT: Draft policies

OUTPUT: Reviewed policy drafts ready for approval

Materials: Policy drafts

Participants: Policy stakeholders

Preventive controls are designed to discourage or pre-empt policy breaches before they occur. Training, approvals processes, and segregation of duties are examples of preventive controls. (Ohio University)

Detective controls help enforce the policy by identifying breaches after they occur. Forensic analysis and event log auditing are examples of detective controls. (Ohio University)

Not all policies require the same level of enforcement. Policies that are required by law or regulation generally require stricter enforcement than policies that outline best practices or organizational values.

Identify controls and enforcement mechanisms that are in line with policy requirements. Build control and enforcement into procedure documentation as needed.

Suggestions:

1. Have staff sign off on policies. Disclose any monitoring/surveillance.
2. Ensure consequences match the severity of the infraction. Document infractions and ensure that enforcement is applied consistently across all infractions.
3. Automatic controls shouldn’t get in the way of people’s ability to do their jobs. Test controls with users before you roll them out widely.

Support the policy before seeking approval

A policy is only as strong as its supporting pillars.

Create Standards

Standards are requirements that support policy adherence. Server builds and images, purchase approval criteria, and vulnerability severity definitions can all be examples of standards that improve policy adherence.

Where reasonable, use automated controls to enforce standards. If you automate the control, consider how you’ll handle exceptions.

Create Guidelines

If no standards exist – or best practices can’t be monitored and enforced, as standards require – write guidelines to help users remain in compliance with the policy.

Create Procedures: We’ll cover procedure development and documentation in Phase 3.

Info-Tech Insight

In general, failing to follow or strictly enforce a policy creates a risk for the business. If you’re not confident a policy will be followed or enforced, consider using policy statements as guidelines or standards as an interim measure as you update procedures and communicate and roll out changes that support adherence and enforcement.

Seek approval and communicate the policy

Policies ultimately need to be accepted by the business.

• Once the drafts are completed, identify who is in charge of approving the policies.
• Ensure all stakeholders understand the importance, context, and repercussions of the policies.
• The approvals process is about appropriate oversight of the drafted policies. For example:
  • Do the policies satisfy compliance and regulatory requirements?
  • Do the policies work with the corporate culture?
  • Do the policies address the underlying need?

If the draft is rejected:

• Acquire feedback and make revisions.
• Resubmit for approval.

If the draft is approved:

• Set the effective date and a review date.
• Begin communication, training, and implementation.

• Employees must know that there are new policies and understand the steps they must take to comply with the policies in their work.
• Employees must be able to interpret, understand, and know how to act upon the information they find in the policies.
• Employees must be informed on where to get help or ask questions and from whom to request policy exceptions.

"A lot of board members and executive management teams… don’t understand the technology and the risks posed by it." (Carole Fennelly, Owner and Principal, cFennelly Consulting)

Identify policy management roles and responsibilities

Discuss and assign roles and responsibilities for ongoing policy management.

"Whether at the level of a government, a department, or a sub-organization: technology and policy expertise complement one another and must be part of the conversation." (Peter Sheingold, Portfolio Manager, Cybersecurity, MITRE Corporation)

Phase 2: Review accomplishments

Effective Policies: Clear, Consistent, and Concise

Summary of Accomplishments

• Built priority policies based on templates aligned with the IT Management & Governance Framework and COBIT 5.
• Reviewed controls and policy supports.
• Assigned roles and responsibilities for ongoing policy maintenance.

Develop Infrastructure & Operations Policies and Procedures

Phase 3

Document Effective Procedures

PHASE 3: Document Effective Procedures

Step 3.1: Scope and outline procedures

This step will walk you through the following activities:

• Prioritize SOP documentation
• Draft workflows using a tabletop exercise
• Modify templates, as applicable

This step involves the following participants:

• Infrastructure & Operations Manager
• Technical Writer
• Infrastructure Supervisors

Results & Insights

• Results: An action plan for SOP documentation and an outline of procedure workflows.
• Insights: Don’t let tools get in the way of documentation – low-tech solutions are often the most effective way to build and analyze workflows.

Prioritize your SOP documentation effort

Build SOP documentation that gets used and doesn’t just check a box.

1. Review the list of procedure gaps from Phase 1. Are any other procedures needed? Are some of the procedures now redundant?
2. Establish the scope of the proposed procedures. Who are the stakeholders? What policies do they support?
3. Run a basic prioritization exercise using a three-point scale. Higher scores mean greater risks or greater benefits. Score the risk of the undocumented procedure to the business (e.g. potential effect on data, productivity, goodwill, health and safety, or compliance). Score the benefit to the business of documenting the procedure (e.g. throughput improvements or knowledge transfer).
4. Different procedures require different formats. Decide on one or more formats that can help you effectively document the procedure:
   • Flowcharts: Depict workflows and decision points. Provide an at-a-glance view that is easy to follow. Can be supported by checklists and diagrams where more detail is required.
   • Checklists: A reminder of what to do, rather than how to do it. Keep instructions brief.
   • Diagrams: Visualize objects, topologies, and connections for reference purposes.
   • Tables: Establish relationships between related categories.
   • Prose: Use full-text instructions where other documentation strategies are insufficient.

Modify the following Info-Tech templates for larger SOPs

Support these processes...	...with these blueprints...	...to create SOPs using these templates.
	Create a Right-Sized Disaster Recovery Plan	DRP Summary
	Implement IT Asset Management	HAM SOP and SAM SOP
	Optimize Change Management	Change Management SOP
	Standardize the Service Desk	Service Desk SOP

Use tabletop planning or whiteboards to draft workflows

3(b) 30 minutes

Tabletop planning is a paper-based exercise in which your team walks through a particular process and maps out what happens at each stage.

OUTPUT: Steps in the current process for one SOP

Materials: Tabletop, pen, and cue cards

Participants: Process owners, SMEs

1. For this exercise, choose one particular process to document.
2. Document each step of the process on cue cards, which can be arranged on the table in sequence.
3. Be sure to include task ownership in your steps.
4. Map out the process as it currently happens – we’ll think about how to improve it later.
5. Keep focused. Stay on task and on time.

Example:

• Step 3: PM reviews new defects daily
• Step 4: PM assigns defects to tech leads
• Step 5: Assigned resource updates status – frequency is based on ticket priority

Info-Tech Insight

Don’t get weighed down by tools. Relying on software or other technological tools can detract from the exercise. Use simple tools such as cue cards to record steps so that you can easily rearrange steps or insert steps based on input from the group.

Collaborate to optimize the SOP

Review the tabletop exercise. What gaps exist in current processes?
How can the processes be made better? What are the outputs and checkpoints?

OUTPUT: Identify steps to optimize the SOP

Materials: Tabletop, pen, and cue cards

Participants: Process owners, SMEs

Example:

• Step 3: PM reviews new defects daily
• NEW STEP: Schedule 10-minute daily defect reviews with PM and tech leads to evaluate ticket priority
• Step 4: PM assigns defects to tech leads
• Step 5: Assigned resource updates status – frequency is based on ticket priority
  • Step 5 Subprocess: Ticket status update
  • Step 5 Output: Ticket status moved to OPEN by assigned resource – acknowledges receipt by assigned resource

A note on colors: Use white cards to record steps. Record gaps on yellow cards (e.g. a process step not documented) and risks on red cards (e.g. only one person knows how to execute a step) to highlight your gaps/to-dos and risks to be mitigated or accepted.

If it’s necessary to clarify complex process flows during the exercise, you can also use green cards for decision diamonds, purple for document/report outputs, and blue for subprocesses.

PHASE 3: Document Effective Procedures

Step 3.2: Document effective procedures

This step will walk you through the following activities:

• Document workflows, checklists, and diagrams
• Establish a cadence for document review and updates

This step involves the following participants:

• Infrastructure Manager
• Technical Writer

Results & Insights

• Results: Improved SOP documentation and document management practices.
• Insights: It’s possible to keep up with changes if you put the right cues and accountabilities in place. Include document review in project and change management procedures and hold staff accountable for completion.

Document workflows with flowcharting software

Suggestions for workflow documentation

• Whether you draft the workflow on a whiteboard or using cue cards, the first iteration is usually messy. Clean up the flow as you document the results of the exercise.
• Make the workflow as simple as possible and no simpler. Eliminate any decision points that aren’t strictly necessary to complete the procedure.
• Use standard flowchart shapes (see next slide).
• Use links to connect to related documentation.
• Review the documented workflow with participants.

Download the following workflow examples:

• XMPL Recovery Workflows
• Workflow Library

Establish flowcharting standards

If you don’t have existing flowchart standards, then keep it simple and stick to basic flowcharting conventions as described below.

	Start, End, and Connector: Traditional flowcharting standards reserve this shape for connectors to other flowcharts or other points in the existing flowchart. Unified Modeling Language (UML) also uses the circle for start and end points.
	Start and End: Traditional flowcharting standards use this for start and end. However, Info-Tech recommends using the circle shape to reduce the number of shapes and avoid confusion with other similar shapes.
	Process Step: Individual process steps or activities (e.g. create ticket or escalate ticket). If it’s a series of steps, then use the subprocess symbol and flowchart the subprocess separately.
	Subprocess: A series of steps. For example, a critical incident SOP might reference a recovery process as one of the possible actions. Marking it as a subprocess, rather than listing each step within the critical incident SOP, streamlines the flowchart and avoids overlap with other flowcharts (e.g. the recovery process).
	Decision: Represents decision points, typically with Yes/No branches, but you could have other branches depending on the question (e.g. a “Priority?” question could branch into separate streams for Priority 1, 2, 3, 4, and 5 issues).
	Document/Report Output: For example, the output from a backup process might include an error log.

Support workflows with checklists and diagrams

Diagrams

• Diagrams are a visual representation of real-world phenomena and the connections between them.
• Be sure to use standard shapes. Clearly label elements of the diagram. Use standard practices, including titles, dates, authorship, and versioning.
• IT systems and interconnections are layered. Include physical, logical, protocol, and data flow connections.

Examples:

• XMPL Recovery Workflows
• Workflow Library

Checklists

• Checklists are best used as short-form reminders on how to complete a particular task.
• Remember the audience. If the process will be carried out by technical staff, there’s technical background material you won’t need to spell out in detail.

Examples:

• Employee Termination Process Checklist
• XMPL Systems Recovery Playbook

Establish a cadence for documentation review and maintenance

Lock-in the work with strong document management practices.

• Identify documentation requirements as part of project planning.
• Require a manager or supervisor to review and approve SOPs.
• Check documentation status as part of change management.
• Hold staff accountable for documentation.

"It isn’t unusual for us to see infrastructure or operations documentation that is wildly out of date. We’re talking months, even years. Often it was produced as one big effort and then not reliably maintained." (Gary Patterson, Consultant, Quorum Resources)

Only a quarter of organizations update SOPs as needed

Info-Tech Best Practice

Use Info-Tech’s research Create Visual SOP Documents to further evaluate document management practices and toolsets.

Phase 3: Review accomplishments

Workflow documentation: Cue cards into flowcharts

Summary of Accomplishments

• Identified priority procedures for documentation activities.
• Created procedure documentation in the appropriate format and level of granularity to support Infra & Ops policies.
• Published and maintained procedure documentation.

Research contributors and experts

Carole Fennelly, Owner
cFennelly Consulting

Carole Fennelly provides pragmatic cyber security expertise to help organizations bridge the gap between technical and business requirements. She authored the Center for Internet Security (CIS) Solaris and Red Hat benchmarks, which are used globally as configuration standards to secure IT systems. As a consultant, Carole has defined security strategies, and developed policies and procedures to implement them, at numerous Fortune 500 clients. Carole is a Certified Information Security Manager (CISM), Certified Security Compliance Specialist (CSCS), and Certified HIPAA Professional (CHP).

Marko Diepold, IT Audit Manager
audit2advise

Marko is an IT Audit Manager at audit2advise, where he delivers audit, risk advisory, and project management services. He has worked as a Security Officer, Quality Manager, and Consultant at some of Germany’s largest companies. He is a CISA and is ITIL v3 Intermediate and ITGCP certified.

Research contributors and experts

Martin Andenmatten, Founder & Managing Director
Glenfis AG

Martin is a digital transformation enabler who has been involved in various fields of IT for more than 30 years. At Glenfis, he leads large Governance and Service Management projects for various customers. Since 2002, he has been the course manager for ITIL® Foundation, ITIL® Service Management, and COBIT training. He has published two books on ISO 20000 and ITIL.

Myles F. Suer, CIO Chat Facilitator
CIO.com/Dell Boomi

Myles Suer, according to LeadTails, is the number 9 influencer of CIOs. He is also the facilitator for the CIOChat, which has executive-level participants from around the world in such industries as banking, insurance, education, and government. Myles is also the Industry Solutions Marketing Manager at Dell Boomi.

Research contributors and experts

Peter Sheingold, Portfolio Manager
Cybersecurity, Homeland Security Center, The MITRE Corporation

Peter leads tasks that involve collaboration with the Department of Homeland Security (DHS) sponsors and MITRE colleagues and connect strategy, policy, organization, and technology. He brings a deep background in homeland security and strategic analysis to his work with DHS in the immigration, border security, and cyber mission spaces. Peter came to MITRE in 2005 but has worked with DHS from its inception.

Robert D. Austin, Professor
Ivey Business School

Dr. Austin is a professor of Information Systems at Ivey Business School and an affiliated faculty member at Harvard Medical School. Before his appointment at Ivey, he was a professor of Innovation and Digital Transformation at Copenhagen Business School, and, before that, a professor of Technology and Operations Management at the Harvard Business School.

Research contributors and experts

Ron Jones, Director of IT Infrastructure and Service Management
DATA Communications

Ron is a senior IT leader with over 20 years of management experiences from engineering to IT Service Management and operations support. He is known for joining organizations and leading enhanced process efficiency and has improved software, hardware, infrastructure, and operations solution delivery and support. Ron has worked for global and Canadian firms including BlackBerry, DoubleClick, Cogeco, Infusion, Info-Tech Research Group, and Data Communications Management.

Scott Genung, Executive Director of Networking, Infrastructure, and Service Operations
University of Chicago

Scott is an accomplished IT executive with 26 years of experience in technical and leadership roles. In his current role, Scott provides strategic leadership, vision, and oversight for an IT portfolio supporting 31,000 users consisting of services utilized by campuses located in North America, Asia, and Europe; oversees the University’s Command Center; and chairs the UC Cyberinfrastructure Alliance (UCCA), a group of research IT providers that collectively deliver services to the campus and partners.

Research contributors and experts

Steve Weil, CISSP, CISM, CRISC, Information Security Director, Cybersecurity Principal Consultant
Point B

Steve has 20 years of experience in information security design, implementation, and assessment. He has provided information security services to a wide variety of organizations, including government agencies, hospitals, universities, small businesses, and large enterprises. With his background as a systems administrator, security consultant, security architect, and information security director, Steve has a strong understanding of both the strategic and tactical aspects of information security. Steve has significant hands-on experience with security controls, operating systems, and applications. Steve has a master's degree in Information Science from the University of Washington.

Tony J. Read, Senior Program/Project Lead & Interim IT Executive
Read & Associates

Tony has over 25 years of international IT leadership experience, within high tech, computing, telecommunications, finance, banking, government, and retail industries. Throughout his career, Tony has led and successfully implemented key corporate initiatives, contributing millions of dollars to the top and bottom line. He established Read & Associates in 2002, an international IT management and program/project delivery consultancy practice whose aim is to provide IT value-based solutions, realizing stakeholder economic value and network advantage. These key concepts are presented in his new book: The IT Value Network: From IT Investment to Stakeholder Value, published by J. Wiley, NJ.

Related Info-Tech research

• Develop and Deploy Security Policies
• Develop an Availability and Capacity Management Plan
• Improve IT Operations Management
• Develop an IT Infrastructure Services Playbook
• Create a Right-Sized Disaster Recovery Plan
• Develop a Business Continuity Plan
• Implement IT Asset Management
• Optimize Change Management
• Standardize the Service Desk
• Incident and Problem Management
• Design & Build a User-Facing Service Catalog

Bibliography

“About Controls.” Ohio University, ND. Web. 2 Feb 2018.

England, Rob. “How to implement ITIL for a client?” The IT Skeptic. Two Hills Ltd, 4 Feb. 2010. Web. 2018.

“Global Corporate IT Security Risks: 2013.” Kaspersky Lab, May 2013. Web. 2018.

“Information Security and Technology Policies.” City of Chicago, Department of Innovation and Technology, Oct. 2014. Web. 2018.

ISACA. COBIT 5: Enabling Processes. International Systems Audit and Control Association. Rolling Meadows, IL.: 2012.

“IT Policy & Governance.” NYC Information Technology & Telecommunications, ND. Web. 2018.

King, Paula and Kent Wada. “IT Policy: An Essential Element of IT Infrastructure”. EDUCAUSE Review. May-June 2001. Web. 2018.

Luebbe, Max. “Simplicity.” Site Reliability Engineering. O’Reilly Media. 2017. Web. 2018.

Swartout, Shawn. “Risk assessment, acceptance, and exception with a process view.” ISACA Charlotte Chapter September Event, 2013. Web. 2018.

“User Guide to Writing Policies.” Office of Policy and Efficiency, University of Colorado, ND. Web. 2018.

“The Value of Policies and Procedures.” New Mexico Municipal League, ND. Web. 2018.

Establish Data Governance

Deliver measurable business value.

Analyst Perspective

Establish a data governance program that brings value to your organisation.

Data governance does not sit as an island on its own in the organisation – it must align with and be driven by your enterprise governance. As you build out data governance in your organisation, it's important to keep in mind that this program is meant to be an enabling framework of oversight and accountabilities for managing, handling, and protecting your company's data assets. It should never be perceived as bureaucratic or inhibiting to your data users. It should deliver agreed-upon models that are conducive to your organisation's operating culture, offering clarity on who can do what with the data and via what means. Data governance is the key enabler for bringing high-quality, trusted, secure, and discoverable data to the right users across your organisation. Promote and drive the responsible and ethical use of data while helping to build and foster an organisational culture of data excellence.

Crystal Singh

Director, Research & Advisory, Data & Analytics Practice

Info-Tech Research Group

Executive Summary

Your Challenge

The amount of data within organisations is growing at an exponential rate, creating a need to adopt a formal approach to governing data. However, many organisations remain uninformed on how to effectively govern their data. Comprehensive data governance should define leadership, accountability, and responsibility related to data use and handling and be supported by a well-oiled operating model and relevant policies and procedures. This will help ensure the right data gets to the right people at the right time, using the right mechanisms.

Common Obstacles

Organisations are faced with challenges associated with changing data landscapes, evolving business models, industry disruptions, regulatory and compliance obligations, and changing and maturing user landscape and demand for data. Although the need for a data governance program is often evident, organisations miss the mark when their data governance efforts are not directly aligned to delivering measurable business value. Initiatives should support key strategic initiatives, as well as value streams and their underlying business capabilities.

Info-Tech's Approach

Info-Tech's approach to establishing and sustaining effective data governance is anchored in the strong alignment of organisational value streams and their business capabilities with key data governance dimensions and initiatives. Organisations should:

• Align their data governance with enterprise governance, business strategy and value streams to ensure the program delivers measurable business value.
• Understand their current data governance capabilities so as to build out a future state that is right-sized and relevant.
• Define data leadership, accountability, and responsibility. Support these with an operating model that effectively manages change and communication and fosters a culture of data excellence.

Info-Tech Insight

Your organisation's value streams and the associated business capabilities require effectively governed data. Without this, you face elevated operating costs, missed opportunities, eroded stakeholder satisfaction, and increased business risk.

Your challenge

This research is designed to help organisations build and sustain an effective data governance program.

• Your organisation has recognised the need to treat data as a corporate asset for generating business value and/or managing and mitigating risk.
• This has brought data governance to the forefront and highlighted the need to build a performance-driven enterprise program for delivering quality, trusted, and readily consumable data to users.
• An effective data governance program is one that defines leadership, accountability. and responsibility related to data use and handling. It's supported by a well-oiled operating model and relevant policies and procedures, all of which help build and foster a culture of data excellence where the right users get access to the right data at the right time via the right mechanisms.

As you embark on establishing data governance in your organisation, it's vital to ensure from the get-go that you define the drivers and business context for the program. Data governance should never be attempted without direction on how the program will yield measurable business value.

'Data processing and cleanup can consume more than half of an analytics team's time, including that of highly paid data scientists, which limits scalability and frustrates employees.' – Petzold, et al., 2020

'The productivity of employees across the organisation can suffer.' – Petzold, et al., 2020

Respondents to McKinsey's 2019 Global Data Transformation Survey reported that an average of 30% of their total enterprise time was spent on non-value-added tasks because of poor data quality and availability. – Petzold, et al., 2020

Common obstacles

Some of the barriers that make data governance difficult to address for many organisations include:

• Gaps in communicating the strategic value of data and data governance to the organisation. This is vital for securing senior leadership buy-in and support, which, in turn, is crucial for sustained success of the data governance program.
• Misinterpretation or a lack of understanding about data governance, including what it means for the organisation and the individual data user.
• A perception that data governance is inhibiting or an added layer of bureaucracy or complication rather than an enabling and empowering framework for stakeholders in their use and handling of data.
• Embarking on data governance without firmly substantiating and understanding the organisational drivers for doing so. How is data governance going to support the organisation's value streams and their various business capabilities?
• Neglecting to define and measure success and performance. Just as in any other enterprise initiative, you have to be able to demonstrate an ROI for time, resources and funding. These metrics must demonstrate the measurable business value that data governance brings to the organisation.
• Failure to align data governance with enterprise governance.

78% of companies (and 92% of top-tier companies) have a corporate initiative to become more data-driven. – Alation, 2020.

But despite these ambitions, there appears to be a 'data culture disconnect' – 58% of leaders overestimate the current data culture of their enterprises, giving a grade higher than the one produced by the study. – Fregoni, 2020.

The strategic value of data

Power intelligent and transformative organisational performance through leveraging data.

Respond to industry disruptors

Optimise the way you serve your stakeholders and customers

Develop products and services to meet ever-evolving needs

Manage operations and mitigate risk

Harness the value of your data

The journey to being data-driven

The journey to declaring that you are a data-driven organisation requires a pit stop at data enablement.

The Data Economy

Data Disengaged

You have a low appetite for data and rarely use data for decision making.

Data Enabled

Technology, data architecture, and people and processes are optimised and supported by data governance.

Data Driven

You are differentiating and competing on data and analytics; described as a 'data first' organisation. You're collaborating through data. Data is an asset.

Data governance is essential for any organisation that makes decisions about how it uses its data.

Data governance is an enabling framework of decision rights, responsibilities, and accountabilities for data assets across the enterprise.

Data governance is:

• Executed according to agreed-upon models that describe who can take what actions with what information, when, and using what methods (Olavsrud, 2021).
• True business-IT collaboration that will lead to increased consistency and confidence in data to support decision making. This, in turn, helps fuel innovation and growth.

If done correctly, data governance is not:

• An annoying, finger-waving roadblock in the way of getting things done.
• Meant to solve all data-related business or IT problems in an organisation.
• An inhibitor or impediment to using and sharing data.

Info-Tech's Data Governance Framework

Create impactful data governance by embedding it within enterprise governance

Organisational drivers for data governance

Data governance personas:

Conformance: Establishing data governance to meet regulations and compliance requirements.

Performance: Establishing data governance to fuel data-driven decision making for driving business value and managing and mitigating business risk.

Data Governance is not a one-person show

• Data governance needs a leader and a home. Define who is going to be leading, driving, and steering data governance in your organisation.
• Senior executive leaders play a crucial role in championing and bringing visibility to the value of data and data governance. This is vital for building and fostering a culture of data excellence.
• Effective data governance comes with business and IT alignment, collaboration, and formally defined roles around data leadership, ownership, and stewardship.

Traditional data governance organisational structure

A traditional structure includes committees and roles that span across strategic, tactical, and operational duties. There is no one-size-fits-all data governance structure. However, most organisations follow a similar pattern when establishing committees, councils, and cross-functional groups. Most organisations strive to identify roles and responsibilities at a strategic and operational level. Several factors will influence the structure of the program, such as the focus of the data governance project and the maturity and size of the organisation.

A healthy data culture is key to amplifying the power of your data.

'Albert Einstein is said to have remarked, "The world cannot be changed without changing our thinking." What is clear is that the greatest barrier to data success today is business culture, not lagging technology.' – Randy Bean, 2020

What does it look like?

• Everybody knows the data.
• Everybody trusts the data.
• Everybody talks about the data.

'It is not enough for companies to embrace modern data architectures, agile methodologies, and integrated business-data teams, or to establish centres of excellence to accelerate data initiatives, when only about 1 in 4 executives reported that their organisation has successfully forged a data culture.'– Randy Bean, 2020

Data literacy is an essential part of a data-driven culture

• In a data-driven culture, decisions are made based on data evidence, not on gut instinct.
• Data often has untapped potential. A data-driven culture builds tools and skills, builds users' trust in the condition and sources of data, and raises the data skills and understanding among their people on the front lines.
• Building a data culture takes an ongoing investment of time, effort, and money. This investment will not achieve the transformation you want without data literacy at the grassroots level.

Data-driven culture = 'data matters to our company'

Despite investments in data initiative, organisations are carrying high levels of data debt

Data debt is 'the accumulated cost that is associated with the sub-optimal governance of data assets in an enterprise, like technical debt.'

Data debt is a problem for 78% of organisations.

40% of organisations say individuals within the business do not trust data insights.

66% of organisations say a backlog of data debt is impacting new data management initiatives.

33% of organisations are not able to get value from a new system or technology investment.

30% of organisations are unable to become data-driven.

Source: Experian, 2020

Absent or sub-optimal data governance leads to data debt

Only 3% of companies' data meets basic quality standards. (Source: Nagle, et al., 2017)

Organisations suspect 28% of their customer and prospect data is inaccurate in some way. (Source: Experian, 2020)

Only 51% of organisations consider the current state of their CRM or ERP data to be clean, allowing them to fully leverage it. (Source: Experian, 2020)

35% of organisations say they're not able to see a ROI for data management initiatives. (Source: Experian, 2020)

Embrace the technology

Make the available data governance tools and technology work for you:

• Data catalogue
• Business data glossary
• Data lineage
• Metadata management

While data governance tools and technologies are no panacea, leverage their automated and AI-enabled capabilities to augment your data governance program.

Measure success to demonstrate tangible business value

Put data governance into the context of the business:

• Tie the value of data governance and its initiatives back to the business capabilities that are enabled.
• Leverage the KPIs of those business capabilities to demonstrate tangible and measurable value. Use terms and language that will resonate with senior leadership.

Don't let measurement be an afterthought:

Start substantiating early on how you are going to measure success as your data governance program evolves.

Build a right-sized roadmap

Formulate an actionable roadmap that is right-sized to deliver value in your organisation.

Key considerations:

• When building your data governance roadmap, ensure you do so through an enterprise lens. Be cognizant of other initiatives that might be coming down the pipeline that may require you to align your data governance milestones accordingly.
• Apart from doing your planning with consideration for other big projects or launches that might be in-flight and require the time and attention of your data governance partners, also be mindful of the more routine yet still demanding initiatives.
• When doing your roadmapping, consider factors like the organisation's fiscal cycle, typical or potential year-end demands, and monthly/quarterly reporting periods and audits. Initiatives such as these are likely to monopolise the time and focus of personnel key to delivering on your data governance milestones.

Sample milestones:

Data Governance Leadership & Org Structure Definition

Define the home for data governance and other key roles around ownership and stewardship, as approved by senior leadership.

Data Governance Charter and Policies

Create a charter for your program and build/refresh associated policies.

Data Culture Diagnostic

Understand the organisation's current data culture, perception of data, value of data, and knowledge gaps.

Use Case Build and Prioritisation

Build a use case that is tied to business capabilities. Prioritise accordingly.

Business Data Glossary

Build and/or refresh the business' glossary for addressing data definitions and standardisation issues.

Tools & Technology

Explore the tools and technology offering in the data governance space that would serve as an enabler to the program. (e.g. RFI, RFP).

Key takeaways for effective business-driven data governance

Data governance leadership and sponsorship is key.

Ensure strategic business alignment.

Build and foster a culture of data excellence.

Evolve along the data journey.

Make data governance an enabler, not a hindrance.

Insight summary

Overarching insight

Your organisation's value streams and the associated business capabilities require effectively governed data. Without this, you face the impact of elevated operational costs, missed opportunities, eroded stakeholder satisfaction, and exposure to increased business risk.

Insight 1

Data governance should not sit as an island in your organisation. It must continuously align with the organisation's enterprise governance function. It shouldn't be perceived as a pet project of IT, but rather as an enterprise-wide, business-driven initiative.

Insight 2

Ensure your data governance program delivers measurable business value by aligning the associated data governance initiatives with the business architecture. Leverage the measures of success or KPIs of the underlying business capabilities to demonstrate the value data governance has yielded for the organisation.

Insight 3

Data governance remains the foundation of all forms of reporting and analytics. Advanced capabilities such as AI and machine learning require effectively governed data to fuel their success.

Tactical insight

Tailor your data literacy program to meet your organisation's needs, filling your range of knowledge gaps and catering to your different levels of stakeholders. When it comes to rolling out a data literacy program, there is no one-size-fits-all solution. Your data literacy program is intended to fill the knowledge gaps about data, as they exist in your organisation. It should be targeted across the board – from your executive leadership and management through to the subject matter experts across different lines of the business in your organisation.

Info-Tech's methodology for establishing data governance

Blueprint deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

Data Governance Planning and Roadmapping Workbook

Use the Data Governance Planning and Roadmapping Workbook as you plan, build, roll out, and scale data governance in your organisation.

Data Use Case Framework Template

This template takes you through a business needs gathering activity to highlight and create relevant use cases around the organisation's data-related problems and opportunities.

Business Data Glossary

Use this template to document the key data assets that are to be governed and create a data flow diagram for your organisation.

Data Culture Diagnostic and Scorecard

Leverage Info-Tech's Data Culture Diagnostic to understand how your organisation scores across 10 areas relating to data culture.

Key deliverable:

Data Governance Planning and Roadmapping Workbook

Blueprint deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

Data Governance Initiative Planning and Roadmap Tool

Leverage this tool to assess your current data governance capabilities and plot your target state accordingly.

This tool will help you plan the sequence of activities, capture start dates and expected completion dates, and create a roadmap that can be effectively communicated to the organisation.

Data Governance Program Charter Template

This template will help get the backing required to get a data governance project rolling. The program charter will help communicate the project purpose, define the scope, and identify the project team, roles, and responsibilities.

Data Governance Policy

This policy establishes uniformed data governance standards and identifies the shared responsibilities for assuring the integrity of the data and that it efficiently and effectively serves the needs of your organisation

Other Deliverables:

• Data Governance Initiative Planning and Roadmap Tool
• Data Governance Program Charter Template
• Data Governance Policy

Blueprint benefits

Defined data accountability & responsibility

Shared knowledge & common understanding of data assets

Elevated trust & confidence in traceable data

Improved data ROI & reduced data debt

Support for ethical use and handling of data in a culture of excellence

Measure the value of this blueprint

Leverage this blueprint's approach to ensure your data governance initiatives align and support your key value streams and their business capabilities.

• Aligning your data governance program and its initiatives to your organisation's business capabilities is vital for tracing and demonstrating measurable business value for the program.
• This alignment of data governance with value streams and business capabilities enables you to use business-defined KPIs and demonstrate tangible value.

In phases 1 and 2 of this blueprint, we will help you establish the business context, define your business drivers and KPIs, and understand your current data governance capabilities and strengths.

In phase 3, we will help you develop a plan and a roadmap for addressing any gaps and improving the relevant data governance capabilities so that data is well positioned to deliver on those defined business metrics.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

'Our team, has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.'

Guided Implementation

'Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keeps us on track.'

Workshop

'We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.'

Consulting

'Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.'

Diagnostics and consistent frameworks are used throughout all four options.

Establish Data Governance project overview

Contact your account representative for more information. workshops@infotech.com 1-888-670-8889

Guided Implementation

What does a typical GI on this topic look like?

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organisation. A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

Workshop overview

Contact your account representative for more information. workshops@infotech.com 1-888-670-8889

Phase 1

Build Business and User Context

'When business users are invited to participate in the conversation around data with data users and IT, it adds a fundamental dimension — business context. Without a real understanding of how data ties back to the business, the value of analysis and insights can get lost.' – Jason Lim, Alation

This phase will guide you through the following activities:

• Identify Your Business Capabilities
• Define your Organisation's Key Business Capabilities
• Develop a Strategy Map that Aligns Business Capabilities to Your Strategic Focus

This phase involves the following participants:

• Data Governance Leader/Data Leader (CDO)
• Senior Business Leaders
• Business SMEs
• Data Leadership, Data Owners, Data Stewards and Custodians

Step 1.1

Substantiate Business Drivers

Activities

1.1.1 Identify Your Business Capabilities

1.1.2 Categorise Your Organisation's Key Business Capabilities

1.1.3 Develop a Strategy Map Tied to Data Governance

This step will guide you through the following activities:

• Leverage your organisation's existing business capability map or initiate the formulation of a business capability map, guided by Info-Tech's approach
• Determine which business capabilities are considered high priority by your organisation
• Map your organisation's strategic objectives to value streams and capabilities to communicate how objectives are realised with the support of data

Outcomes of this step

• A foundation for data governance initiative planning that's aligned with the organisation's business architecture: value streams, business capability map, and strategy map

Info-Tech Insight

Gaining a sound understanding of your business architecture (value streams and business capabilities) is a critical foundation for establishing and sustaining a data governance program that delivers measurable business value.

1.1.1 Identify Your Business Capabilities

Confirm your organisation's existing business capability map or initiate the formulation of a business capability map:

1. If you have an existing business capability map, meet with the relevant business owners/stakeholders to confirm that the content is accurate and up to date. Confirm the value streams (how your organisation creates and captures value) and their business capabilities are reflective of the organisation's current business environment.
2. If you do not have an existing business capability map, follow this activity to initiate the formulation of a map (value streams and related business capabilities):
   1. Define the organisation's value streams. Meet with senior leadership and other key business stakeholders to define how your organisation creates and captures value.
   2. Define the relevant business capabilities. Meet with senior leadership and other key business stakeholders to define the business capabilities.

Note: A business capability defines what a business does to enable value creation. Business capabilities are business terms defined using descriptive nouns such as 'Marketing' or 'Research and Development.' They represent stable business functions, are unique and independent of each other, and typically will have a defined business outcome.

Input

• List of confirmed value streams and their related business capabilities

Output

• Business capability map with value streams for your organisation

Materials

• Your existing business capability map or the template provided in the Data Governance Planning and Roadmapping Workbook accompanying this blueprint

Participants

• Key business stakeholders
• Data stewards
• Data custodians
• Data Governance Working Group

For more information, refer to Info-Tech's Document Your Business Architecture.

Define or validate the organisation's value streams

Value streams connect business goals to the organisation's value realisation activities. These value realisation activities, in turn, depend on data.

If the organisation does not have a business architecture function to conduct and guide Activity 1.1.1, you can leverage the following approach:

• Meet with key stakeholders regarding this topic, then discuss and document your findings.
• When trying to identify the right stakeholders, consider: Who are the decision makers and key influencers? Who will impact this piece of business architecture related work? Who has the relevant skills, competencies, experience, and knowledge about the organisation?
• Engage with these stakeholders to define and validate how the organisation creates value.
• Consider:
  • Who are your main stakeholders? This will depend on the industry in which you operate. For example, customers, residents, citizens, constituents, students, patients.
  • What are your stakeholders looking to accomplish?
  • How does your organisation's products and/or services help them accomplish that?
  • What are the benefits your organisation delivers to them and how does your organisation deliver those benefits?
  • How do your stakeholders receive those benefits?

Align data governance to the organisation's value realisation activities.

Value streams enable the organisation to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

Info-Tech Insight

Your organisation's value streams and the associated business capabilities require effectively governed data. Without this, you face the possibilities of elevated operational costs, missed opportunities, eroded stakeholder satisfaction, negative impact to reputation and brand, and/or increased exposure to business risk.

Example of value streams – Retail Banking

Value streams connect business goals to the organisation's value realisation activities.

Example value stream descriptions for: Retail Banking

Value streams enable the organisation to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

For this value stream, download Info-Tech's Info-Tech's Industry Reference Architecture for Retail Banking.

Example of value streams – Higher Education

Value streams connect business goals to the organisation's value realisation activities.

Example value stream descriptions for: Higher Education

Value streams enable the organisation to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

For this value stream, download Info-Tech's Industry Reference Architecture for Higher Education.

Example of value streams – Local Government

Value streams connect business goals to the organisation's value realisation activities.

Example value stream descriptions for: Local Government

Value streams enable the organisation to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

For this value stream, download Info-Tech's Industry Reference Architecture for Local Government.

Example of value streams – Manufacturing

Value streams connect business goals to the organisation's value realisation activities.

Example value stream descriptions for: Manufacturing

Value streams enable the organisation to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

For this value stream, download Info-Tech's Industry Reference Architecture for Manufacturing.

Example of value streams – Retail

Value streams connect business goals to the organisation's value realisation activities.

Example value stream descriptions for: Retail

Value streams enable the organisation to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

For this value stream, download Info-Tech's Industry Reference Architecture for Retail.

Define the organisation's business capabilities in a business capability map

A business capability defines what a business does to enable value creation. Business capabilities represent stable business functions and typically will have a defined business outcome.

Business capabilities can be thought of as business terms defined using descriptive nouns such as 'Marketing' or 'Research and Development.'

If your organisation doesn't already have a business capability map, you can leverage the following approach to build one. This initiative requires a good understanding of the business. By working with the right stakeholders, you can develop a business capability map that speaks a common language and accurately depicts your business.

Working with the stakeholders as described above:

• Analyse the value streams to identify and describe the organisation's capabilities that support them.
• Consider: What is the objective of your value stream? (This can highlight which capabilities support which value stream.)
• As you initiate your engagement with your stakeholders, don't start a blank page. Leverage the examples on the next slides as a starting point for your business capability map.
• When using these examples, consider: What are the activities that make up your particular business? Keep the ones that apply to your organisation, remove the ones that don't, and add any needed.

Align data governance to the organisation's value realisation activities.

Info-Tech Insight

A business capability map can be thought of as a visual representation of your organisation's business capabilities and hence represents a view of what your data governance program must support.

For more information, refer to Info-Tech's Document Your Business Architecture.

Example business capability map – Retail Banking

A business capability map can be thought of as a visual representation of your organisation's business capabilities and hence represents a view of what your data governance program must support.

Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

Info-Tech Tip:

Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realisation capabilities under discussion. This will help to build awareness and visibility of the data governance program.

Example business capability map for: Retail Banking

For this business capability map, download Info-Tech's Industry Reference Architecture for Retail Banking.

Example business capability map – Higher Education

A business capability map can be thought of as a visual representation of your organisation's business capabilities and hence represents a view of what your data governance program must support.

Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

Info-Tech Tip:

Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realisation capabilities under discussion. This will help to build awareness and visibility of the data governance program.

Example business capability map for: Higher Education

For this business capability map, download Info-Tech's Industry Reference Architecture for Higher Education.

Example business capability map – Local Government

A business capability map can be thought of as a visual representation of your organisation's business capabilities and hence represents a view of what your data governance program must support.

Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

Info-Tech Tip:

Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realisation capabilities under discussion. This will help to build awareness and visibility of the data governance program.

Example business capability map for: Local Government

For this business capability map, download Info-Tech's Industry Reference Architecture for Local Government.

Example business capability map – Manufacturing

A business capability map can be thought of as a visual representation of your organisation's business capabilities and hence represents a view of what your data governance program must support.

Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

Info-Tech Tip:

Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realisation capabilities under discussion. This will help to build awareness and visibility of the data governance program.

Example business capability map for: Manufacturing

For this business capability map, download Info-Tech's Industry Reference Architecture for Manufacturing.

Example business capability map - Retail

A business capability map can be thought of as a visual representation of your organisation's business capabilities and hence represents a view of what your data governance program must support.

Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

Info-Tech Tip:

Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realisation capabilities under discussion. This will help to build awareness and visibility of the data governance program.

Example business capability map for: Retail

For this business capability map, download Info-Tech's Industry Reference Architecture for Retail.

1.1.2 Categorise Your Organisation's Key Capabilities

Determine which capabilities are considered high priority in your organisation.

1. Categorise or heatmap the organisation's key capabilities. Consult with senior and other key business stakeholders to categorise and prioritise the business' capabilities. This will aid in ensuring your data governance future state planning is aligned with the mandate of the business. One approach to prioritising capabilities with business stakeholders is to examine them through the lens of cost advantage creators, competitive advantage differentiators, and/or by high value/high risk.
2. Identify cost advantage creators. Focus on capabilities that drive a cost advantage for your organisation. Highlight these capabilities and prioritise programs that support them.
3. Identify competitive advantage differentiators. Focus on capabilities that give your organisation an edge over rivals or other players in your industry.

This categorisation/prioritisation exercise helps highlight prime areas of opportunity for building use cases, determining prioritisation, and the overall optimisation of data and data governance.

Input

• Strategic insight from senior business stakeholders on the business capabilities that drive value for the organisation

Output

• Business capabilities categorised and prioritised (e.g. cost advantage creators, competitive advantage differentiators, high value/high risk)

Materials

• Your existing business capability map or the business capability map derived in the previous activity

Participants

• Key business stakeholders
• Data stewards
• Data custodians
• Data Governance Working Group

For more information, refer to Info-Tech's Document Your Business Architecture.

Example of business capabilities categorisation or heatmapping – Retail

This exercise is useful in ensuring the data governance program is focused and aligned to support the priorities and direction of the business.

• Depending on the mandate from the business, priority may be on developing cost advantage. Hence the capabilities that deliver efficiency gains are the ones considered to be cost advantage creators.
• The business' priority may be on maintaining or gaining a competitive advantage over its industry counterparts. Differentiation might be achieved in delivering unique or enhanced products, services, and/or experiences, and the focus will tend to be on the capabilities that are more end-stakeholder-facing (e.g. customer-, student-, patient,- and/or constituent-facing). These are the organisation's competitive advantage creators.

Example: Retail

For this business capability map, download Info-Tech's Industry Reference Architecture for Retail.

1.1.3 Develop a Strategy Map Tied to Data Governance

Identify the strategic objectives for the business. Knowing the key strategic objectives will drive business-data governance alignment. It's important to make sure the right strategic objectives of the organisation have been identified and are well understood.

1. Meet with senior business leaders and other relevant stakeholders to help identify and document the key strategic objectives for the business.
2. Leverage their knowledge of the organisation's business strategy and strategic priorities to visually represent how these map to value streams, business capabilities, and, ultimately, to data and data governance needs and initiatives. Tip: Your map is one way to visually communicate and link the business strategy to other levels of the organisation.
3. Confirm the strategy mapping with other relevant stakeholders.

Guide to creating your map: Starting with strategic objectives, map the value streams that will ultimately drive them. Next, link the key capabilities that enable each value stream. Then map the data and data governance to initiatives that support those capabilities. This is one approach to help you prioritise the data initiatives that deliver the most value to the organisation.

Input

• Strategic objectives as outlined by the organisation's business strategy and confirmed by senior leaders

Output

• A strategy map that maps your organisational strategic objectives to value streams, business capabilities, and, ultimately, to data program

Materials

• Your existing business capability map or the one created in the previous step
• The strategy map template provided in the Data Governance Planning and Roadmapping Workbook
• Business strategy

Participants

• Key business stakeholders
• Data stewards
• Data custodians
• Data Governance Working Group

Download Info-Tech's Data Governance Planning and Roadmapping Workbook

Example of a strategy map tied to data governance

• Strategic objectives are the outcomes that the organisation is looking to achieve.
• Value streams enable an organisation to create and capture value in the market through interconnected activities that support strategic objectives.
• Business capabilities define what a business does to enable value creation in value streams.
• Data capabilities and initiatives are descriptions of action items on the data and data governance roadmap and which will enable one or multiple business capabilities in its desired target state.

Info-Tech Tip:

Start with the strategic objectives, then map the value streams that will ultimately drive them. Next, link the key capabilities that enable each value stream. Then map the data and data governance initiatives that support those capabilities. This process will help you prioritise the data initiatives that deliver the most value to the organisation.

Example: Retail

For this strategy map, download Info-Tech's Industry Reference Architecture for Retail.

Step 1.2

Build High-Value Use Cases for Data Governance

Activities

1.2.1 Build High-Value Use Cases

This step will guide you through the following activities:

• Leveraging your categorised business capability map to conduct deep-dive sessions with key business stakeholders for creating high-value uses cases
• Discussing current challenges, risks, and opportunities associated with the use of data across the lines of business
• Exploring which other business capabilities, stakeholder groups, and business units will be impacted

Outcomes of this step

• Relevant use cases that articulate the data-related challenges, needs, or opportunities that are clear and contained and, if addressed ,will deliver value to the organisation

Info-Tech Tip

One of the most important aspects when building use cases is to ensure you include KPIs or measures of success. You have to be able to demonstrate how the use case ties back to the organisational priorities or delivers measurable business value. Leverage the KPIs and success factors of the business capabilities tied to each particular use case.

1.2.1 Build High-Value Use Cases

This business needs-gathering activity will highlight and create relevant use cases around data-related problems or opportunities that are clear and contained and, if addressed, will deliver value to the organisation.

1. Bring together key business stakeholders (data owner, stewards, SMEs) from a particular line of business as well as the relevant data custodian(s) to build cases for their units. Leverage the business capability map you created for facilitating this act.
2. Leverage Info-Tech's framework for data requirements and methodology for creating use cases, as outlined in the Data Use Case Framework Template and seen on the next slide.
3. Have the stakeholders move through each breakout session outlined in the Use Case Worksheet. Use flip charts or a whiteboard to brainstorm and document their thoughts.
4. Debrief and document results in the Data Use Case Framework Template.
5. Repeat this exercise with as many lines of the business as possible, leveraging your business capability map to guide your progress and align with business value.

Tip: Don't conclude these use case discussions without substantiating what measures of success will be used to demonstrate the business value of the effort to produce the desired future state, as relevant to each particular use case.

This business needs-gathering activity will highlight and create relevant use cases around data-related problems or opportunities that are clear and contained and, if addressed, will deliver value to the organisation.

1. Bring together key business stakeholders (data owner, stewards, SMEs) from a particular line of business as well the relevant data custodian(s) to build cases for their units. Leverage the business capability map you created for facilitating this act.
2. Leverage Info-Tech's framework for data requirements and methodology for creating use cases, as outlined in the Data Use Case Framework Template and seen on the next slide.
3. Have the stakeholders move through each breakout session outlined in the Use Case Worksheet. Use flip charts or a whiteboard to brainstorm and document their thoughts.
4. Debrief and document results in the Data Use Case Framework Template
5. Repeat this exercise with as many lines of the business as possible, leveraging your business capability map to guide your progress and align with business value.

Tip: Don't conclude these use case discussions without substantiating what measures of success will be used to demonstrate the business value of the effort to produce the desired future state, as relevant to each particular use case.

Input

• Value streams and business capabilities as defined by business leaders
• Business stakeholders' subject area expertise
• Data custodian systems, integration, and data knowledge

Output

• Use cases that articulate data-related challenges, needs or opportunities that are tied to defined business capabilities and hence if addressed will deliver measurable value to the organisation.

Materials

• Your business capability map from activity 1.1.1
• Info-Tech's Data Use Case Framework Template
• Whiteboard or flip charts (or shared screen if working remotely)
• Markers/pens

Participants

• Key business stakeholders
• Data stewards and business SMEs
• Data custodians
• Data Governance Working Group

Download Info-Tech's Data Use Case Framework Template

Info-Tech's Framework for Building Use Cases

Objective: This business needs-gathering activity will highlight and create relevant use cases around data-related problems or opportunities that are clear and contained and, if addressed, will deliver value to the organisation.

Leveraging your business capability map, build use cases that align with the organisation's key business capabilities.

Consider:

• Is the business capability a cost advantage creator or an industry differentiator?
• Is the business capability currently underserved by data?
• Does this need to be addressed? If so, is this risk- or value-driven?

Info-Tech's Data Requirements and Mapping Methodology for Creating Use Cases

1. What business capability (or capabilities) is this use case tied to for your business area(s)?
2. What are your data-related challenges in performing this today?
3. What are the steps in this process/activity today?
4. What are the applications/systems used at each step today?
5. What data domains are involved, created, used, and/or transformed at each step today?
6. What does an ideal or improved state look like?
7. What other business units, business capabilities, activities, and/or processes will be impacted or improved if this issue was solved?
8. Who are the stakeholders impacted by these changes? Who needs to be consulted?
9. What are the risks to the organisation (business capability, revenue, reputation, customer loyalty, etc.) if this is not addressed?
10. What compliance, regulatory, and/or policy concerns do we need to consider in any solution?
11. What measures of success or change should we use to prove the value of the effort (such as KPIs, ROI)? What is the measurable business value of doing this?

The resulting use cases are to be prioritised and leveraged for informing the business case and the data governance capabilities optimisation plan.

Taken from Info-Tech's Data Use Case Framework Template

Phase 2

Understand Your Current Data Governance Capabilities

This phase will guide you through the following activities:

• Understand the Key Components of Data Governance
• Gauge Your Organisation's Current Data Culture

This phase involves the following participants:

• Data Leadership
• Data Ownership & Stewardship
• Policies & Procedures
• Data Literacy & Culture
• Operating Model
• Data Management
• Data Privacy & Security
• Enterprise Projects & Services

Step 2.1

Understand the Key Components of Data Governance

This step will guide you through the following activities:

• Understanding the core components of an effective data governance program and determining your organisation's current capabilities in these areas:
  • Data Leadership
  • Data Ownership & Stewardship
  • Policies & Procedures
  • Data Literacy & Culture
  • Operating Model
  • Data Management
  • Data Privacy & Security
  • Enterprise Projects & Services

Outcomes of this step

• An understanding of the core components of an effective data governance program
• An understanding your organisation's current data governance capabilities

Leverage Info-Tech's: Data Governance Initiative Planning and Roadmap Tool to assess your current data governance capabilities and plot your target state accordingly.

This tool will help your organisation plan the sequence of activities, capture start dates and expected completion dates, and create a roadmap that can be effectively communicated to the organisation.

Review: Info-Tech's Data Governance Framework

Key components of data governance

A well-defined data governance program will deliver:

• Defined accountability and responsibility for data.
• Improved knowledge and common understanding of the organisation's data assets.
• Elevated trust and confidence in traceable data.
• Improved data ROI and reduced data debt.
• An enabling framework for supporting the ethical use and handling of data.
• A foundation for building and fostering a data-driven and data-literate organisational culture.

The key components of establishing sustainable enterprise data governance, taken from Info-Tech's Data Governance Framework:

• Data Leadership
• Data Ownership & Stewardship
• Operating Model
• Policies & Procedures
• Data Literacy & Culture
• Data Management
• Data Privacy & Security
• Enterprise Projects & Services

Data Leadership

• Data governance needs a dedicated head or leader to steer the organisation's data governance program.
• For organisations that do have a chief data officer (CDO), their office is the ideal and effective home for data governance.
• Heads of data governance also have titles such as director of data governance, director of data quality, and director of analytics.
• The head of your data governance program works with all stakeholders and partners to ensure there is continuous enterprise governance alignment and oversight and to drive the program's direction.
• While key stakeholders from the business and IT will play vital data governance roles, the head of data governance steers the various components, stakeholders, and initiatives, and provides oversight of the overall program.
• Vital data governance roles include: data owners, data stewards, data custodians, data governance steering committee (or your organisation's equivalent), and any data governance working group(s).

The role of the CDO: the voice of data

The office of the chief data officer (CDO):

• Has a cross-organisational vision and strategy for data.
• Owns and drives the data strategy; ensures it supports the overall organisational strategic direction and business goals.
• Leads the organisational data initiatives, including data governance
• Is accountable for the policy, strategy, data standards, and data literacy necessary for the organisation to operate effectively.
• Educates users and leaders about what it means to be 'data-driven.'
• Builds and fosters a culture of data excellence.

'Compared to most of their C-suite colleagues, the CDO is faced with a unique set of problems. The role is still being defined. The chief data officer is bringing a new dimension and focus to the organisation: "data." '
– Carruthers and Jackson, 2020

Who does the CDO report to?

• The CDO should be a true C- level executive.
• Where the organisation places the CDO role in the structure sends an important signal to the business about how much it values data.

'The title matters. In my opinion, you can't have a CDO without executive authority. Otherwise no one will listen.'

– Anonymous European CDO

'The reporting structure depends on who's the 'glue' that ties together all these uniquely skilled individuals.'

– John Kemp, Senior Director, Executive Services, Info-Tech Research Group

Data Ownership & Stewardship

Who are best suited to be data owners?

• Wherever they may sit in your organisation, data owners will typically have the highest stake in that data.
• Data owners needs to be suitably senior and have the necessary decision-making power.
• They have the highest interest in the related business data domain, whether they are the head of a business unit or the head of a line of business that produces data or consumes data (or both).
• If they are neither of these, it's unlikely they will have the interest in the data (in terms of its quality, protection, ethical use, and handling, for instance) necessary to undertake and adopt the role effectively.

Data owners are typically senior business leaders with the following characteristics:

• Positioned to accept accountability for their data domain.
• Hold authority and influence to affect change, including across business processes and systems, needed to improve data quality, use, handling, integration, etc.
• Have access to a budget and resources for data initiatives such as resolving data quality issues, data cleansing initiatives, business data catalogue build, related tools and technology, policy management, etc.
• Hold the influence needed to drive change in behaviour and culture.
• Act as ambassadors of data and its value as an organisational strategic asset.

Right-size your data governance organisational structure

• Most organisations strive to identify roles and responsibilities at a strategic, and operational level. Several factors will influence the structure of the program such as the focus of the data governance project as well as the maturity and size of the organisation.
• Your data governance structure has to work for your organisation, and it has to evolve as the organisation evolves.
• Formulate your blend of data governance roles, committees, councils, and cross-functional groups, that make sense for your organisation.
• Your data governance organisational structure should not add complexity or bureaucracy to your organisation's data landscape; it should support and enable your principle of treating data as an asset.

There is no one-size-fits-all data governance organisational structure.

Critical roles and responsibilities for data governance

Data Governance Working Groups

Data governance working groups:

• Are cross-functional teams
• Deliver on data governance projects, initiatives, and ad hoc review committees.

Data Stewards

Traditionally, data stewards:

• Serve on an operational level addressing issues related to adherence to standards/procedures, monitoring data quality, raising issues identified, etc.
• Are responsible for managing access, quality, escalating issues, etc.

Data Custodians

• Traditionally, data custodians:

• Serve on an operational level addressing issues related to data and database administration.
• Support the management of access, data quality, escalating issues, etc.
• Are SMEs from IT and database administration.

Example: Business capabilities to data owner and data stewards mapping for a selected data domain

Info-Tech Insight

Your organisation's value streams and the associated business capabilities require effectively governed data. Without this, you face elevated operational costs, missed opportunities, eroded stakeholder satisfaction, and exposure to increased business risk.

Enabling business capabilities with data governance role definitions

Operating Model

Your operating model is the key to designing and operationalizing a form of data governance that delivers measurable business value to your organisation.

'Generate excitement for data: When people are excited and committed to the vision of data enablement, they're more likely to help ensure that data is high quality and safe.' – Petzold, et al., 2020

Operating Model

Defining your data governance operating model will help create a well-oiled program that sustainably delivers value to the organisation and manages risks while building and fostering a culture of data excellence along the way. Some organisations are able to establish a formal data governance office, whether independent or attached to the office of the chief data officer. Regardless of how you are organised, data governance requires a home, a leader, and an operating model to ensure its sustainability and evolution.

Examples of focus areas for your operating model:

• Delivery: While there are core tenets to every data governance program, there is a level of variability in the implementation of data governance programs across organisations, sectors, and industries. Every organisation has its own particular drivers and mandates, so the level and rigour applied will also vary.

The key is to determine what style will work best in your organisation, taking into consideration your organisational culture, executive leadership support (present and ongoing), catalysts such as other enterprise-wide transformative and modernisation initiatives, and/or regulatory and compliances drivers.

• Communication: Communication is vital across all levels and stakeholder groups. For instance, there needs to be communication from the data governance office up to senior leadership, as well as communication within the data governance organisation, which is typically made up of the data governance steering committee, data governance council, executive sponsor/champion, data stewards, and data custodians and working groups.

Furthermore, communication with the wider organisation of data producers, users, and consumers is one of the core elements of the overall data governance communications plan.

Communication is vital for ensuring acceptance of new processes, rules, guidelines, and technologies by all data producers and users as well as for sharing success stories of the program.

Operating Model

Tie the value of data governance and its initiatives back to the business capabilities that are enabled.

'Leading organisations invest in change management to build data supporters and convert the sceptics. This can be the most difficult part of the program, as it requires motivating employees to use data and encouraging producers to share it (and ideally improve its quality at the source)[.]' – Petzold, et al., 2020

Operating Model

Examples of focus areas for your operating model (continued):

• Change management and issue resolution: Data governance initiatives will very likely bring about a level of organisational disruption, with governance recommendations and future state requiring potentially significant business change. This may include a redesign of a substantial number of data processes affecting various business units, which will require tweaking the organisation's culture, thought processes, and procedures surrounding its data.

Preparing people for change well in advance will allow them to take the steps necessary to adapt and reduce potential confrontation. By planning for and efficiently communicating any changes that a data governance initiative may bring, many initial issues can be resolved from the outset.

Attempting to implement change without an effective communications plan can result in disagreements over data control and stalemates between stakeholder units. The recommendations of the governance group must reflect the needs of all stakeholders or there will be pushback.

• Performance measuring, monitoring and reporting: Measuring and reporting on performance, successes, and realisation of tangible business value are a must for sustaining, growing, and scaling your data governance program.

Aligning your data governance to the organisation's value realisation activities enables you to leverage the KPIs of those business capabilities to demonstrate tangible and measurable value. Use terms and language that will resonate with your senior business leadership.

Info-Tech Tip:

Launching a data governance program will bring with it a level of disruption to the culture of the organisation. That disruption doesn't have to be detrimental if you are prepared to manage the change proactively and effectively.

Policies, Procedures & Standards

'Data standards are the rules by which data are described and recorded. In order to share, exchange, and understand data, we must standardise the format as well as the meaning.' – U.S. Geological Survey

Policies, Procedures & Standards

• When defining, updating, or refreshing your data policies, procedures, and standards, ensure they are relevant, serve a purpose, and/or support the use of data in the organisation.
• Avoid the common pitfall of building out a host of policies, procedures, and standards that are never used or followed by users and therefore don't bring value or serve to mitigate risk for the organisation.
• Data policies can be thought of as formal statements and are typically created, approved, and updated by the organisation's data decision-making body (such as a data governance steering committee).
• Data standards and procedures function as actions, or rules, that support the policies and their statements.
• Standards and procedures are designed to standardise the processes during the overall data lifecycle. Procedures are instructions to achieve the objectives of the policies. The procedures are iterative and will be updated with approval from your data governance committee as needed.
• Your organisation's data policies, standards, and procedures should not bog down or inhibit users; rather, they should enable confident data use and handling across the overall data lifecycle. They should support more effective and seamless data capture, integration, aggregation, sharing, and retention of data in the organisation.

Examples of data policies:

• Data Classification Policy
• Data Retention Policy
• Data Entry Policy
• Data Backup Policy
• Data Provenance Policy
• Data Management Policy

See Info-Tech's Data Governance Policy Template: This policy establishes uniformed data governance standards and identifies the shared responsibilities for assuring the integrity of the data and that it efficiently and effectively serves the needs of your organisation.

Data Domain Documentation

Select the correct granularity for your business need

Sources: Dataversity; Atlan; Analytics8

Data Domain Documentation Examples

Data Culture

'Organisational culture can accelerate the application of analytics, amplify its power, and steer companies away from risky outcomes.' – Petzold, et al., 2020

A healthy data culture is key to amplifying the power of your data and to building and sustaining an effective data governance program.

What does a healthy data culture look like?

• Everybody knows the data.
• Everybody trusts the data.
• Everybody talks about the data.

Building a culture of data excellence.

Leverage Info-Tech's Data Culture Diagnostic to understand your organisation's culture around data.

Contact your Info-Tech Account Representative for more information on the Data Culture Diagnostic

Cultivating a data-driven culture is not easy

'People are at the heart of every culture, and one of the biggest challenges to creating a data culture is bringing everyone into the fold.' – Lim, Alation

It cannot be purchased or manufactured,

It must be nurtured and developed,

And it must evolve as the business, user, and data landscapes evolve.

'Companies that have succeeded in their data-driven efforts understand that forging a data culture is a relentless pursuit, and magic bullets and bromides do not deliver results.' – Randy Bean, 2020

Hallmarks of a data-driven culture

There is a trusted, single source of data the whole company can draw from.

There's a business glossary and data catalogue and users know what the data fields mean.

Users have access to data and analytics tools. Employees can leverage data immediately to resolve a situation, perform an activity, or make a decision – including frontline workers.

Data literacy, the ability to collect, manage, evaluate, and apply data in a critical manner, is high.

Data is used for decision making. The company encourages decisions based on objective data and the intelligent application of it.

A data-driven culture requires a number of elements:

• High-quality data
• Broad access and data literacy
• Data-driven decision-making processes
• Effective communication

Data Literacy

Data literacy is an essential part of a data-driven culture.

• Building a data-driven culture takes an ongoing investment of time, effort, and money.
• This investment will not realise its full return without building up the organisation's data literacy.
• Data literacy is about filling data knowledge gaps across all levels of the organisation.
• It's about ensuring all users – senior leadership right through to core users – are equipped with appropriate levels of training, skills, understanding, and awareness around the organisation's data and the use of associated tools and technologies. Data literacy ensures users have the data they need and they know how to interpret and leverage it.
• Data literacy drives the appetite, demand, and consumption for data.
• A data-literate culture is one where the users feel confident and skilled in their use of data, leveraging it for making informed or evidence-based decisions and generating insights for the organisation.

Data Management

• Data governance serves as an enabler to all of the core components that make up data management:
  • Data quality management
  • Data architecture management
  • Data platform
  • Data integration
  • Data operations management
  • Data risk management
  • Reference and master data management (MDM)
  • Document and content management
  • Metadata management
  • Business intelligence (BI), reporting, analytics and advanced analytics, artificial intelligence (AI), machine learning (ML)
• Key tools such as the business data glossary and data catalogue are vital for operationalizing data governance and in supporting data management disciplines such as data quality management, metadata management, and MDM as well as BI, reporting, and analytics.

Enterprise Projects & Services

• Data governance serves as an enabler to enterprise projects and services that require, use, share, sell, and/or rely on data for their viability and, ultimately, their success.
• Folding or embedding data governance into the organisation's project management function or project management office (PMO) serves to ensure that, for any initiative, suitable consideration is given to how data is treated.
• This may include defining parameters, following standards and procedures around bringing in new sources of data, integrating that data into the organisation's data ecosystem, using and sharing that data, and retaining that data post-project completion.
• The data governance function helps to identify and manage any ethical issues, whether at the start of the project and/or throughout.
• It provides a foundation for asking relevant questions as it relates to the use or incorporation of data in delivering the specific project or service. Do we know where the data obtained from? Do we have rights to use that data? Are there legislations, policies, or regulations that guide or dictate how that data can be used? What are the positive effects, negative impacts, and/or risks associated with our intended use of that data? Are we positioned to mitigate those risks?
• Mature data governance creates organisations where the above considerations around data management and the ethical use and handling of data is routinely implemented across the business and in the rollout and delivery of projects and services.

Data Privacy & Security

• Data governance supports the organisation's data privacy and security functions.
• Key tools include the data classification policy and standards and defined roles around data ownership and data stewardship. These are vital for operationalizing data governance and supporting data privacy, security, and the ethical use and handling of data.
• While some organisations may have a dedicated data security and privacy group, data governance provides an added level of oversight in this regard.
• Some of the typical checks and balances include ensuring:
  • There are policies and procedures in place to restrict and monitor staff's access to data (one common way this is done is according to job descriptions and responsibilities) and that these comply with relevant laws and regulations.
  • There's a data classification scheme in place where data has been classified on a hierarchy of sensitivity (e.g. top secret, confidential, internal, limited, public).
  • The organisation has a comprehensive data security framework, including administrative, physical, and technical procedures for addressing data security issues (e.g. password management and regular training).
  • Risk assessments are conducted, including an evaluation of risks and vulnerabilities related to intentional and unintentional misuse of data.
  • Policies and procedures are in place to mitigate the risks associated with incidents such as data breaches.
  • The organisation regularly audits and monitors its data security.

Ethical Use & Handling of Data

Data governance will support your organisation's ethical use and handling of data by facilitating definition around important factors, such as:

• What are the various data assets in the organisation and what purpose(s) can they be used for? Are there any limitations?
• Who is the related data owner? Who holds accountability for that data? Who will be answerable?
• Where was the data obtained from? What is the intended use of that data? Do you have rights to use that data? Are there legislations, policies, or regulations that guide or dictate how that data can be used?
• What are the positive effects, negative impacts, and/or risks associated with the use of that data?

Ethical Use & Handling of Data

• Data governance serves as an enabler to the ethical use and handling of an organisation's data.
• The Open Data Institute (ODI) defines data ethics as: 'A branch of ethics that evaluates data practices with the potential to adversely impact on people and society – in data collection, sharing and use.'
• Data ethics relates to good practice around how data is collected, used and shared. It's especially relevant when data activities have the potential to impact people and society, whether directly or indirectly (Open Data Institute, 2019).
• A failure to handle and use data ethically can negatively impact an organisation's direct stakeholders and/or the public at large, lead to a loss of trust and confidence in the organisation's products and services, lead to financial loss, and impact the organisation's brand, reputation, and legal standing.
• Data governance plays a vital role is building and managing your data assets, knowing what data you have, and knowing the limitations of that data. Data ownership, data stewardship, and your data governance decision-making body are key tenets and foundational components of your data governance. They enable an organisation to define, categorise, and confidently make decisions about its data.

Step 2.2

Gauge Your Organisation's Current Data Culture

Activities

2.2.1 Gauge Your Organisation's Current Data Culture

This step will guide you through the following activities:

• Conduct a data culture survey or leverage Info-Tech's Data Culture Diagnostic to increase your understanding of your organisation's data culture

Outcomes of this step

• An understanding of your organisational data culture

2.2.1 Gauge Your Organisation's Current Data Culture

Conduct a Data Culture Survey or Diagnostic

The objectives of conducting a data culture survey are to increase the understanding of the organisation's data culture, your users' appetite for data, and their appreciation for data in terms of governance, quality, accessibility, ownership, and stewardship. To perform a data culture survey:

1. Identify members of the data user base, data consumers, and other key stakeholders for surveying.
2. Conduct an information session to introduce Info-Tech's Data Culture Diagnostic survey. Explain the objective and importance of the survey and its role in helping to understand the organisation's current data culture and inform the improvement of that culture.
3. Roll out the Info-Tech Data Culture Diagnostic survey to the identified users and stakeholders.
4. Debrief and document the results and scorecard in the Data Strategy Stakeholder Interview Guide and Findings document.

Input

• Email addresses of participants in your organisation who should receive the survey

Output

• Your organisation's Data Culture Scorecard for understanding current data culture as it relates to the use and consumption of data
• An understanding of whether data is currently perceived to be an asset to the organisation

Materials

• Info-Tech's Data Culture Diagnostic service

Participants

• Participants include those at the senior leadership level through to middle management, as well as other business stakeholders at varying levels across the organisation
• Data owners, stewards, and custodians
• Core data users and consumers

Contact your Info-Tech Account Representative for details on launching a Data Culture Diagnostic.

Phase 3

Build a Target State Roadmap and Plan

'Achieving data success is a journey, not a sprint. Companies that set a clear course, with reasonable expectations and phased results over a period of time, get to the destination faster.' – Randy Bean, 2020

This phase will guide you through the following activities:

• Build your Data Governance Roadmap
• Develop a target state plan comprising of prioritised initiatives

This phase involves the following participants:

• Data Governance Leadership
• Data Owners/Data Stewards
• Data Custodians
• Data Governance Working Group(s)

Step 3.1

Formulate an Actionable Roadmap and Right-Sized Plan

This step will guide you through the following activities:

• Build your data governance roadmap
• Develop a target state plan comprising of prioritised initiatives

Download Info-Tech's Data Governance Planning and Roadmapping Workbook

See Info-Tech's Data Governance Program Charter Template: A program charter template to sell the importance of data governance to senior executives.

This template will help get the backing required to get a data governance project rolling. The program charter will help communicate the project purpose, define the scope, and identify the project team, roles, and responsibilities.

Outcomes of this step

• A foundation for data governance initiative planning that's aligned with the organisation's business architecture: value streams, business capability map, and strategy map

Build a right-sized roadmap

Formulate an actionable roadmap that is right sized to deliver value in your organisation.

Key considerations:

• When building your data governance roadmap, ensure you do so through an enterprise lens. Be cognizant of other initiatives that might be coming down the pipeline that may require you to align your data governance milestones accordingly.
• Apart from doing your planning with consideration for other big projects or launches that might be in-flight and require the time and attention of your data governance partners, also be mindful of the more routine yet still demanding initiatives.
• When doing your roadmapping, consider factors like the organisation's fiscal cycle, typical or potential year-end demands, and monthly/quarterly reporting periods and audits. Initiatives such as these are likely to monopolise the time and focus of personnel key to delivering on your data governance milestones.

Sample milestones:

Data Governance Leadership & Org Structure Definition

Define the home for data governance and other key roles around ownership and stewardship, as approved by senior leadership.

Data Governance Charter and Policies

Create a charter for your program and build/refresh associated policies.

Data Culture Diagnostic

Understand the organisation's current data culture, perception of data, value of data, and knowledge gaps.

Use Case Build and Prioritisation

Build a use case that is tied to business capabilities. Prioritise accordingly.

Business Data Glossary/catalogue

Build and/or refresh the business' glossary for addressing data definitions and standardisation issues.

Tools & Technology

Explore the tools and technology offering in the data governance space that would serve as an enabler to the program. (e.g. RFI, RFP).

Recall: Info-Tech's Data Governance Framework

Build an actionable roadmap

Data Governance Leadership & Org Structure Division

Define key roles for getting started.

Use Case Build & Prioritisation

Start small and then scale – deliver early wins.

Literacy Program

Start understanding data knowledge gaps, building the program, and delivering.

Tools & Technology

Make the available data governance tools and technology work for you.

Key components of your data governance roadmap

Data Governance Program Charter Template – A program charter template to sell the importance of data governance to senior executives.

This template will help get the backing required to get a data governance project rolling. The program charter will help communicate the project purpose, define the scope, and identify the project team, roles, and responsibilities.

By now, you have assessed current data governance environment and capabilities. Use this assessment, coupled with the driving needs of your business, to plot your data Governance roadmap accordingly.

Sample data governance roadmap milestones:

• Define data governance leadership.
• Define and formalise data ownership and stewardship (as well as the role IT/data management will play as data custodians).
• Build/confirm your business capability map and data domains.
• Build business data use cases specific to business capabilities.
• Define business measures/KPIs for the data governance program (i.e. metrics by use case that are relevant to business capabilities).
• Data management:
  • Build your data glossary or catalogue starting with identified and prioritised terms.
  • Define data domains.
• Design and define the data governance operating model (oversight model definition, communication plan, internal marketing such as townhalls, formulate change management plan, RFP of data governance tool and technology options for supporting data governance and its administration).
• Data policies and procedures:
  • Formulate, update, refresh, consolidate, rationalise, and/or retire data policies and procedures.
  • Define policy management and administration framework (i.e. roll-out, maintenance, updates, adherence, system to be used).
• Conduct Info-Tech's Data Culture Diagnostic or survey (across all levels of the organisation).
• Define and formalise the data literacy program (build modules, incorporate into LMS, plan lunch and learn sessions).
• Data privacy and security: build data classification policy, define classification standards.
• Enterprise projects and services: embed data governance in the organisation's PMO, conduct 'Data Governance 101' for the PMO.

Defining data governance roles and organisational structure at Organisation

The approach employed for defining the data governance roles and supporting organisational structure for .

Key Considerations:

• The data owner and data steward roles are formally defined and documented within the organisation. Their involvement is clear, well-defined, and repeatable.
• There are data owners and data stewards for each data domain within the organisation. The data steward role is given to someone with a high degree of subject matter expertise.
• Data owners and data stewards are effective in their roles by ensuring that their data domain is clean and free of errors and that they protect the organisation against data loss.
• Data owners and data stewards have the authority to make final decisions on data definitions, formats, and standard processes that apply to their respective data sets. Data owners and data stewards have authority regarding who has access to certain data.
• Data owners and data stewards are not from the IT side of the organisation. They understand the lifecycle of the data (how it is created, curated, retrieved, used, archived, and destroyed) and they are well-versed in any compliance requirements as it relates to their data.
• The data custodian role is formally defined and is given to the relevant IT expert. This is an individual with technical administrative and/or operational responsibility over data (e.g. a DBA).
• A data governance steering committee exists and is comprised of well-defined roles, responsibilities, executive sponsors, business representatives, and IT experts.
• The data governance steering committee works to provide oversight and enforce policies, procedures, and standards for governing data.
• The data governance working group has cross-functional representation. This comprises business and IT representation, as well as project management and change management where applicable: data stewards, data custodians, business subject matter experts, PM, etc.).
• Data governance meetings are coordinated and communicated about. The meeting agenda is always clear and concise, and meetings review pressing data-related issues. Meeting minutes are consistently documented and communicated.

Sample: Business capabilities to data owner and data stewards mapping for a selected data domain

Info-Tech Insight

Your organisation's value streams and the associated business capabilities require effectively governed data. Without this, you face elevated operational costs, missed opportunities, eroded stakeholder satisfaction, and exposure to increased business risk.

Enable business capabilities with data governance role definitions.

Consider your technology options:

Make the available data governance tools and technology work for you:

• Data catalogue
• Business data glossary
• Data lineage
• Metadata management

These are some of the data governance tools and technology players. Check out SoftwareReviews for help making better software decisions.

Make the data steward the catalyst for organisational change and driving data culture

The data steward must be empowered and backed politically with decision-making authority, or the role becomes stale and powerless.

Ensuring compliance can be difficult. Data stewards may experience pushback from stakeholders who must deliver on the policies, procedures, and processes that the data steward enforces.

Because the data steward must enforce data processes and liaise with so many different people and departments within the organisation, the data steward role should be their primary full-time job function – where possible.

However, in circumstances where budget doesn't allow a full-time data steward role, develop these skills within the organisation by adding data steward responsibilities to individuals who are already managing data sets for their department or line of business.

Info-Tech Tip

A stewardship role is generally more about managing the cultural change that data governance brings. This requires the steward to have exceptional interpersonal skills that will assist in building relationships across departmental boundaries and ensuring that all stakeholders within the organisation believe in the initiative, understand the anticipated outcomes, and take some level of responsibility for its success.

Changes to organisational data processes are inevitable; have a communication plan in place to manage change

Create awareness of your data governance program. Use knowledge transfer to get as many people on board as possible.

Data governance initiatives must contain a strong organisational disruption component. A clear and concise communication strategy that conveys milestones and success stories will address the various concerns that business unit stakeholders may have.

By planning for and efficiently communicating any changes that a data governance initiative may bring, many initial issues can be resolved from the outset.

Governance recommendations will require significant business change. The redesign of a substantial number of data processes affecting various business units will require an overhaul of the organisation's culture, thought processes, and procedures surrounding its data. Preparing people for change well in advance will allow them to take the necessary steps to adapt and reduce potential confrontation.

Because a data governance initiative will involve data-driven business units across the organisation, the governance team must present a compelling case for data governance to ensure acceptance of new processes, rules, guidelines, and technologies by all data producers and users.

Attempting to implement change without an effective communication plan can result in disagreements over data control and stalemates between stakeholder units. The recommendations of the governance group must reflect the needs of all stakeholders or there will be pushback.

Info-Tech Insight

Launching a data governance initiative is guaranteed to disrupt the culture of the organisation. That disruption doesn't have to be detrimental if you are prepared to manage the change proactively and effectively.

Create a common data governance vision that is consistently communicated to the organisation

A data governance program should be an enterprise-wide initiative.

To create a strong vision for data governance, there must be participation from the business and IT. A common vision will articulate the state the organisation wishes to achieve and how it will reach that state. Visioning helps to develop long-term goals and direction.

Once the vision is established, it must be effectively communicated to everyone, especially those who are involved in creating, managing, disposing, or archiving data.

The data governance program should be periodically refined. This will ensure the organisation continues to incorporate best methods and practices as the organisation grows and data needs evolve.

Info-Tech Tips

• Use information from the stakeholder interviews to derive business goals and objectives.
• Work to integrate different opinions and perspectives into the overall vision for data governance.
• Brainstorm guiding principles for data and understand the overall value to the organisation.

Develop a compelling data governance communications plan to get all departmental lines of business on board

A data governance program will impact all data-driven business units within the organisation.

A successful data governance communications plan involves making the initiative visible and promoting staff awareness. Educate the team on how data is collected, distributed, and used, what internal processes use data, and how that data is used across departmental boundaries.

By demonstrating how data governance will affect staff directly, you create a deeper level of understanding across lines of business, and ultimately, a higher level of acceptance for new processes, rules, and guidelines.

A clear and concise communications strategy will raise the profile of data governance within the organisation, and staff will understand how the program will benefit them and how they can share in the success of the initiative. This will end up providing support for the initiative across the board.

A proactive communications plan will:

• Assist in overcoming issues with data control, stalemates between stakeholder units, and staff resistance.
• Provide a formalised process for implementing new policies, rules, guidelines, and technologies, and managing organisational data.
• Detail data ownership and accountability for decision making, and identify and resolve data issues throughout the organisation.
• Encourage acceptance and support of the initiative.

Info-Tech Tip

Focus on literacy and communication: include training in the communication plan. Providing training for data users on the correct procedures for updating and verifying the accuracy of data, data quality, and standardised data policies will help validate how data governance will benefit them and the organisation.

Leverage the data governance program to communicate and promote the value of data within the organisation

The data governance program is responsible for continuously promoting the value of data to the organisation. The data governance program should seek a variety of ways to educate the organisation and data stakeholders on the benefit of data management.

Even if data policies and procedures are created, they will be highly ineffective if they are not properly communicated to the data producers and users alike.

There needs to be a communication plan that highlights how the data producer and user will be affected, what their new responsibilities are, and the value of that change.

To learn how to manage organisational change, refer to Info-Tech's Master Organisational Change Management Practices.

Understand what makes for an effective policy for data governance

It can be difficult to understand what a policy is, and what it is not. Start by identifying the differences between a policy and standards, guidelines, and procedures.

The following are key elements of a good policy:

Leverage myPolicies, Info-Tech's web-based application for managing your policies and procedures

Most organisations have problems with policy management. These include:

1. Policies are absent or out of date
2. Employees largely unaware of policies in effect
3. Policies are unmonitored and unenforced
4. Policies are in multiple locations
5. Multiple versions of the same policy exist
6. Policies managed inconsistently across different silos
7. Policies are written poorly by untrained authors
8. Inadequate policy training program
9. Draft policies stall and lose momentum
10. Weak policy support from senior management

Technology should be used as a means to solve these problems and effectively monitor, enforce, and communicate policies.

Product Overview

myPolicies is a web-based solution to create, distribute, and manage corporate policies, procedures, and forms. Our solution provides policy managers with the tools they need to mitigate the risk of sanctions and reduce the administrative burden of policy management. It also enables employees to find the documents relevant to them and build a culture of compliance.

Some key success factors for policy management include:

• Store policies in a central location that is well known and easy to find and access. A key way that technology can help communicate policies is by having them published on a centralised website.
• Link this repository to other policies' taxonomies of your organisation. E.g. HR policies to provide a single interface for employees to access guidance across the organisation.
• Reassess policies annually at a minimum. myPolicies can remind you to update the organisation's policies at the appropriate time.
• Make the repository searchable and easily navigable.
• myPolicies helps you do all this and more.

Enforce data policies to promote consistency of business processes

Data policies are short statements that seek to manage the creation, acquisition, integrity, security, compliance, and quality of data. These policies vary amongst organisations, depending on your specific data needs.

• Policies describe what to do, while standards and procedures describe how to do something.
• There should be few data policies, and they should be brief and direct. Policies are living documents and should be continuously updated to respond to the organisation's data needs.
• The data policies should highlight who is responsible for the data under various scenarios and rules around how to manage it effectively.

Examples of Data Policies

Trust

• Data Cleansing and Quality Policy
• Data Entry Policy

Availability

• Acceptable Use Policy
• Data Backup Policy

Security

• Data Security Policy
• Password Policy Template
• User Authorisation, Identification, and Authentication Policy Template
• Data Protection Policy

Compliance

• Archiving Policy
• Data Classification Policy
• Data Retention Policy

Leverage data management-related policies to standardise your data management practices

Info-Tech's Data Management Policy:

This policy establishes uniform data management standards and identifies the shared responsibilities for assuring the integrity of the data and that it efficiently and effectively serves the needs of the organisation. This policy applies to all critical data and to all staff who may be creators and/or users of such data.

Info-Tech's Data Entry Policy:

The integrity and quality of data and evidence used to inform decision making is central to both the short-term and long-term health of an organisation. It is essential that required data be sourced appropriately and entered into databases and applications in an accurate and complete manner to ensure the reliability and validity of the data and decisions made based on the data.

Info-Tech's Data Provenance Policy:

Create policies to keep your data's value, such as:

• Only allow entry of data from reliable sources.
• Employees entering and accessing data must observe requirements for capturing/maintaining provenance metadata.
• Provenance metadata will be used to track the lifecycle of data from creation through to disposal.

Info-Tech's Data Integration and Virtualisation Policy:

This policy aims to assure the organisation, staff, and other interested parties that data integration, replication, and virtualisation risks are taken seriously. Staff must use the policy (and supporting guidelines) when deciding whether to integrate, replicate, or virtualise data sets.

Select the right mix of metrics to successfully supervise data policies and processes

Policies are only as good as your level of compliance. Ensure supervision controls exist to oversee adherence to policies and procedures.

Although they can be highly subjective, metrics are extremely important to data governance success.

• Establishing metrics that measure the performance of a specific process or data set will:
  • Create a greater degree of ownership from data stewards and data owners.
  • Help identify underperforming individuals.
  • Allow the steering committee to easily communicate tailored objectives to individual data stewards and owners.
• Be cautious when establishing metrics. The wrong metrics can have negative repercussions.
  • They will likely draw attention to an aspect of the process that doesn't align with the initial strategy.
  • Employees will work hard and grow frustrated as their successes aren't accurately captured.

Policies are great to have from a legal perspective, but unless they are followed, they will not benefit the organisation.

• One of the most useful metrics for policies is currency. This tracks how up to date the policy is and how often employees are informed about the policy. Often, a policy will be introduced and then ignored. Policies must be continuously reviewed by management and employees.
• Some other metrics include adherence (including performance in tests for adherence) and impacts from non-adherence.

Review metrics on an ongoing basis with those data owners/stewards who are accountable, the data governance steering committee, and the executive sponsors.

Establish data standards and procedures for use across all organisational lines of business

A data governance program will impact all data-driven business units within the organisation.

• Data management procedures are the methods, techniques, and steps to accomplish a specific data objective. Creating standard data definitions should be one of the first tasks for a data governance steering committee.
• Data moves across all departmental boundaries and lines of business within the organisation. These definitions must be developed as a common set of standards that can be accepted and used enterprise wide.
• Consistent data standards and definitions will improve data flow across departmental boundaries and between lines of business.
• Ensure these standards and definitions are used uniformly throughout the organisation to maintain reliable and useful data.

Data standards and procedural guidelines will vary from company to company.

Examples include:

• Data modelling and architecture standards.
• Metadata integration and usage procedures.
• Data security standards and procedures.
• Business intelligence standards and procedures.

Info-Tech Tip

Have a fundamental data definition model for the entire business to adhere to. Those in the positions that generate and produce data must follow the common set of standards developed by the steering committee and be accountable for the creation of valid, clean data.

Changes to organisational data processes are inevitable; have a communications plan in place to manage change

Create awareness of your data governance program, using knowledge transfer to get as many people on board as possible.

By planning for and efficiently communicating any changes that a data governance initiative may bring, many initial issues can be resolved from the outset.

Governance recommendations will require significant business change. The redesign of a substantial number of data processes affecting various business units will require an overhaul of the organisation's culture, thought processes, and procedures surrounding its data. Preparing people for change well in advance will allow them to take the necessary steps to adapt and reduce potential confrontation.

Because a data governance initiative will involve data-driven business units across the organisation, the governance team must present a compelling case for data governance to ensure acceptance of new processes, rules, guidelines, and technologies by all data producers and users.

Attempting to implement change without an effective communications plan can result in disagreements over data control and stalemates between stakeholder units. The recommendations of the governance group must reflect the needs of all stakeholders or there will be pushback.

Data governance initiatives will very likely bring about a level of organisational disruption. A clear and concise communications strategy that conveys milestones and success stories will address the various concerns that business unit stakeholders may have.

Info-Tech Tip

Launching a data governance program will bring with it a level of disruption to the culture of the organisation. That disruption doesn't have to be detrimental if you are prepared to manage the change proactively and effectively.

Other Deliverables:

The list of supporting deliverables will help to kick start on some of the Data Governance initiatives

• Data Classification Policy, Standard, and Procedure
• Data Quality Policy, Standard, and Procedure
• Metadata Management Policy, Standard, and Procedure
• Data Retention Policy and Procurement

Data Classification Policy, Standard, and Procedure

Data Retention Policy and Procedure

Metadata Management Policy, Standard, and Procedure

Data Quality Policy, Standard, and Procedure

Additional Support

If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

Contact your account representative for more information.

workshops@infotech.com 1-888-670-8889

To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team. Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.

The following are sample activities that will be conducted by Info-Tech analysts with your team:

Build Your Business and User Context

Work with your core team of stakeholders to build out your data governance strategy map, aligning data governance initiatives with business capabilities, value streams, and, ultimately, your strategic priorities.

Formulate a Plan to Get to Your Target State

Develop a data governance future state roadmap and plan based on an understanding of your current data governance capabilities, your operating environment, and the driving needs of your business.

Related Info-Tech Research

Build a Robust and Comprehensive Data Strategy

Key to building and fostering a data-driven culture.

Create a Data Management Roadmap

Streamline your data management program with our simplified framework.

The First 100 Days as CDO

Be the voice of data in a time of transformation.

Research Contributors

Bibliography

Alation. “The Alation State of Data Culture Report – Q3 2020.” Alation, 2020. Accessed 25 June 2021.

Allott, Joseph, et al. “Data: The Next Wave in Forestry Productivity.” McKinsey & Company, 27 Oct. 2020. Accessed 25 June 2021.

Bean, Randy. “Why Culture Is the Greatest Barrier to Data Success.” MIT Sloan Management Review, 30 Sept. 2020. Accessed 25 June 2021.

Brence, Thomas. “Overcoming the Operationalization Challenge With Data Governance at New York Life.” Informatica, 18 March 2020. Accessed 25 June 2021.

Bullmore, Simon, and Stuart Coleman. “ODI Inside Business – A Checklist for Leaders.” Open Data Institute, 19 Oct. 2020. Accessed 25 June 2021.

Canadian Institute for Health Information. “Developing and Implementing Accurate National Standards for Canadian Health Care Information.” Canadian Institute for Health Information. Accessed 25 June 2021.

Carruthers, Caroline, and Peter Jackson. “The Secret Ingredients of the Successful CDO.” IRM UK Connects, 23 Feb. 2017.

Dashboards. “Useful KPIs for Healthy Hospital Quality Management.” Dashboards. Accessed 25 June 2021.

Dashboards. “Why (and How) You Should Improve Data Literacy in Your Organization Today.” Dashboards. Accessed 25 June 2021.

Datapine. “Healthcare Key Performance Indicators and Metrics.” Datapine. Accessed 25 June 2021.

Datapine. “KPI Examples & Templates: Measure what matters the most and really impacts your success.” Datapine. Accessed 25 June 2021.

Diaz, Alejandro, et al. “Why Data Culture Matters.” McKinsey Quarterly, Sept. 2018. Accessed 25 June 2021.

Everett, Dan. “Chief Data Officer (CDO): One Job, Four Roles.” Informatica, 9 Sept. 2020. Accessed 25 June 2021.

Experian. “10 Signs You Are Sitting On A Pile Of Data Debt.” Experian. Accessed 25 June 2021.

Fregoni, Silvia. “New Research Reveals Why Some Business Leaders Still Ignore the Data.” Silicon Angle, 1 Oct. 2020

Informatica. Holistic Data Governance: A Framework for Competitive Advantage. Informatica, 2017. Accessed 25 June 2021.

Knight, Michelle. “What Is a Data Catalog?” Dataversity, 28 Dec. 2017. Web.

Lim, Jason. “Alation 2020.3: Getting Business Users in the Game.” Alation, 2020. Accessed 25 June 2021.

McDonagh, Mariann. “Automating Data Governance.” Erwin, 29 Oct. 2020. Accessed 25 June 2021.

NewVantage Partners. Data-Driven Business Transformation: Connecting Data/AI Investment to Business Outcomes. NewVantage Partners, 2020. Accessed 25 June 2021.

Olavsrud, Thor. “What Is Data Governance? A Best Practices Framework For Managing Data Assets.” CIO.com, 18 March 2021. Accessed 25 June 2021.

Open Data Institute. “Introduction to Data Ethics and the Data Ethics Canvas.” Open Data Institute, 2020. Accessed 25 June 2021.

Open Data Institute. “The UK National Data Strategy 2020: Doing Data Ethically.” Open Data Institute, 17 Nov. 2020. Accessed 25 June 2021.

Open Data Institute. “What Is the Data Ethics Canvas?” Open Data Institute, 3 July 2019. Accessed 25 June 2021.

Pathak, Rahul. “Becoming a Data-Driven Enterprise: Meeting the Challenges, Changing the Culture.” MIT Sloan Management Review, 28 Sept. 2020. Accessed 25 June 2021.

Petzold, Bryan, et al. “Designing Data Governance That Delivers Value.” McKinsey & Company, 26 June 2020. Accessed 25 June 2021.

Redman, Thomas, et al. “Only 3% of Companies’ Data Meets Basic Quality Standards.” Harvard Business Review. 11 Sept 2017.

Smaje, Kate. “How Six Companies Are Using Technology and Data To Transform Themselves.” McKinsey & Company, 12 Aug. 2020. Accessed 25 June 2021.

Talend. “The Definitive Guide to Data Governance.” Talend. Accessed 25 June 2021.

“The Powerfully Simple Modern Data Catalog.” Atlan, 2021. Web.

U.S. Geological Survey. “Data Management: Data Standards.” U.S. Geological Survey. Accessed 25 June 2021.

Waller, David. “10 Steps to Creating a Data-Driven Culture.” Harvard Business Review, 6 Feb. 2020. Accessed 25 June 2021.

“What Is the Difference Between A Business Glossary, A Data Dictionary, and A Data Catalog, and How Do They Play A Role In Modern Data Management?” Analytics8, 23 June 2021. Web.

Wikipedia. “RFM (Market Research).” Wikipedia. Accessed 25 June 2021.

Windheuser, Christoph, and Nina Wainwright. “Data in a Modern Digital Business.” Thoughtworks, 12 May 2020. Accessed 25 June 2021.

Wright, Tom. “Digital Marketing KPIs - The 12 Key Metrics You Should Be Tracking.” Cascade, 3 March 2021. Accessed 25 June 2021.

Foster Data-Driven Culture With Data Literacy

Data literacy is an essential part of a data-driven culture, bridging the data knowledge gaps across all levels of the organization.

Analyst Perspective

Data literacy is the missing link to becoming a data-driven organization.

“Digital transformation” and “data driven” are two terms that are inseparable. With organizations accelerating in their digital transformation roadmap implementation, organizations need to invest in developing data skills with their people. Talent is scarce and the demand for data skills is huge, with 70% of employees expected to work heavily with data by 2025. There is no time like the present to launch an organization-wide data literacy program to bridge the data knowledge gap and foster a data-driven culture.

Data literacy training is as important as your cybersecurity training. It impacts all levels of the organization. Data literacy is critical to success with digital transformation and AI analytics.

Annabel Lui

Principal Advisory Director, Data & Analytics Practice
Info-Tech Research Group

Executive Summary

Info-Tech Insight

By thoughtfully designing a data literacy training program for the audience's own experience, maturity level, and learning style, organizations build the data-driven and engaged culture that helps them to unlock their data's full potential and outperform other organizations.

Your Challenge

Data literacy is the missing link to drive business outcomes from data.

• Having a data-driven culture as an organization’s mission statement without implementing a data literacy program is like making an empty promise and leaving the value unrealized and unattainable.
• A study conducted by the Data Literacy Project clearly indicates that organizations with aggressive data literacy programs will outperform those who do not have such programs. By 2030, data literacy will be one of the most sought-after skill sets. All employees require data literacy skills.
• Everyone has a role in data. From employees who are actively involved in data collection to operational teams who create reports with analytics tools and finally to executives who use data to make business decisions – they all require continuous data literacy training in a data-driven organization. Because of differences in maturity, data literacy strategies cannot be one-size-fits-all.

“Data literacy is the ability to read, work with, analyze, and communicate with data. It's a skill that empowers all levels of workers to ask the right questions of data and machines, build knowledge, make decisions, and communicate meaning to others.” – Qlik, n.d.

75% of organizational employees have access to data tools – only 21% demonstrated confidence in their data skills.

Source: Accenture, 2020.

89% of C-level executives expect team members to explain how data has informed their decisions, but only 11% employees are fully confident in their ability to read, analyze, work with, and communicate with data

Source: Qlik, 2022.

Data debt or data asset?

Manage your data as strategic assets.

“[Data debt is] when you have undocumented, unused, incomplete, and inconsistent data,” according to Secoda (2023). “When … data debt is not solved, data teams could risk wasting time managing reports no one uses and producing data that no one understands.”

Signs of data debt when considering investing in data literacy:

• Lack of definition and understanding of data terms, therefore they don’t speak the same language. Without data literacy, an organization will not succeed in becoming a data-driven organization.
• Putting data literacy as a low priority. Organization sees this as “another” training to put on the list and keeps it on the back burner.
• Data literacy is not seen as the number one skill set needed in the organization. However, anyone who works with data requires data skills.
• End users are not trained on self-serve features and tools.
• Focusing on a minority group of people rather than everyone in the organization or seeing it as a one-off exercise.
• Delays or failure to deliver digital transformation projects due to lack of data skills and data access issues.

66%

of organizations say a backlog of data debt is impacting new data management initiatives.

40%

of organizations say individuals within the business do not trust data insights.

30%

of organizations are unable to become data-driven.

Source: Experian, 2020

Info-Tech’s Approach

Data literacy is critical to success with digital transformation and AI analytics.

The Info-Tech difference:

1. More than just technical training. Data literacy program isn’t just about data but rather encompasses aspects of business, IT, and data.
2. More than a one-off exercise. To keep literacy skills alive, the program must be routine and sustainable, tailored to different needs across all levels of the organization.
3. More than one delivery format. Different delivery methods need to be considered to suit various learning styles.

Data needs to be processed

Data – facts – are organized, processed, and given meaning to become insights.

Image source: Welocalize, 2020.

Data represents a discrete fact or event without relation to other things (e.g. it is raining). Data is unorganized and not useful on its own.

Information organizes and structures data so that it is meaningful and valuable for a specific purpose (i.e. it answers questions). Information is a refined form of data.

When information is combined with experience and intuition, it results in knowledge. It is our personal map/model of the world.

Knowledge set with context generates insight. We become knowledgeable as a result of reading, researching, and memorizing (i.e. accumulating information).

Wisdom means the ability to make sound judgments. Wisdom synthesizes knowledge and experiences into insights.

Investment in data literacy is a game changer.

Data literacy is the ability to collect, manage, evaluate, and apply data in a critical manner.

A data-driven culture is “an operating environment that seeks to leverage data whenever and wherever possible to enhance business efficiency and effectiveness” (Forbes).

Info-Tech Insight

Data-driven culture refers to a workplace where decisions are made based on data evidence, not on gut instinct.

Info-Tech’s methodology for building a data literacy program

Insight Summary

“In a world of more data, the companies with more data-literate people are the ones that are going to win.”

– Miro Kazakoff, senior lecturer, MIT Sloan, in MIT Sloan School of Management, 2021

Overarching insight

By thoughtfully designing a data literacy training program personalized to each audience's maturity level, learning style, and experience, organizations can develop and grow a data-driven culture that unlocks the data's full potential for competitive differentiation.

Module 1 insight

We can learn a lot from each other. Literacy works both ways – business data stewards learn to “speak data” while IT data custodians understand the business context and value. Everyone should strive to exchange knowledge.

Module 2 insight

Avoid traditional classroom teaching – create a data literacy program that is learner-centric to allow participants to learn and experiment with data.

Aligning program design to those learning styles will make participants more likely to be receptive to learning a new skill.

Module 3 insight

A data literacy program isn’t just about data but rather encompasses aspects of business, IT, and data. With executive support and partnership with business, running a data literacy program means that it won’t end up being just another technical training. The program needs to address why, what, how questions.

Tactical insight

A lot of programs don’t include the fundamentals. To get data concepts to stick, focus on socializing the data/information/knowledge/wisdom foundation.

Tactical insight

Many programs speak in abstract terms. We present case studies and tangible use cases to personalize training to the audience’s world and showcase opportunities enabled through data.

Key performance indicators (KPIs) for your data literacy program

How do you know if your data literacy program is successful? Here are some useful KPIs:

Program Adoption Metrics

• Percentage of employees attending data literacy training
• Percentage of participants who report gains in data management knowledge after training sessions
• Maturity assessment result
• Survey and diagnostic feedback before and after training
• Trend analysis of overall data literacy program

Operational Metrics

• Number of requests for analytics/reporting services
• Number of reports created by users
• Speed and quality of business decisions
• User satisfaction with reports and analytics services
• Improved business performance (customer satisfaction)
• Improved valuation of organization data

A data-driven culture builds tools and skills, builds users’ trust in the quality of data across sources, and raises the skills and understanding among the frontlines by encouraging everyone to leverage data for critical thinking and innovation.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

Guided Implementation

"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

Workshop

"We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

Consulting

"Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of the project."

Diagnostics and consistent frameworks are used throughout all four options.

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

Phase 1

Define Data Literacy Objectives

Foster Data-Driven Culture With Data Literacy

This phase will walk you through the following activities:

• Understand the organization’s needs.
• Create vision and objective for data literacy program.

This phase involves the following participants:

• Data governance sponsor
• Data owners
• Data stewards
• Data custodians

1.1 Gauge your organization’s current data culture

Conduct data culture survey or diagnostic.

1. Identify members of the data user base, data consumers, and other key stakeholders for surveying.
2. Conduct an information session to introduce Info-Tech’s Data Culture Diagnostic survey. Explain the objective and importance of the survey and its role in helping to understand the organization’s current data culture and inform the improvement of that culture.
3. Roll out the Info-Tech Data Culture Diagnostic survey to the identified users and stakeholders.
4. Debrief and document the results and scorecard in the Data Strategy Stakeholder Interview Guide and Findings document.

Contact your Info-Tech Account Representative for details on launching a Data Culture Diagnostic.

1.2 Define data literacy objectives

1. Understand the organization’s needs by identifying opportunities and challenges relating to data. Document the described real-life examples.
2. Categorize the list and identify areas where data literacy can address the business problem.
3. Create a vision statement for the data literacy program, ensuring that it covers all levels of the organization.
4. Articulate the intended targets and goals in planning for a data literacy program.

Quick wins for improving data literacy

Data collected through Info-Tech’s Data Culture Diagnostic suggests three ways to improve data literacy:

87%

think more can be done to define and document commonly used terms with methods such as a business data glossary.

68%

think they can have a better understanding of the meaning of all data elements that are being captured or managed.

86%

feel that they can have more training in terms of tools as well as on what data is available at the organization.

Source: Info-Tech Research Group's Data Culture Diagnostic, 2022; N=2,652

Quick Wins

• Create a business data glossary to document and define common terms.
• Provide easy access to the business data glossary and procedures on how data is captured and managed.
• Launch an organization-wide data literacy program.

Delivering value is a means and the goal

Start with real business problems in a hands-on format to demonstrate the value of data.

Identify business problem:

• Business decisions without facts are just guesses.
• Management spends a lot of time finding and fixing data.
• Unknown challenges on data assets and risk.
• Incomplete view of customer/client and industry.
• Not ready for modern data opportunities (e.g. artificial intelligence).

Create an objective

Treat data as a strategic asset to gain insight into our customers for all levels of organization.

The solution: Data-driven culture powered by people who speak data.

• Data dictionary
• Data literacy
• Trusted single source
• Access to analytics tools
• Decision making

"According to Forrester, 91% of organizations find it challenging to improve the use of data insights for decision-making – even though 90% see it as a priority. Why the disconnect? A lack of data literacy."

– Alation, 2020

Fundamental data literacy

Data literacy is more than just a technical training or a one-off exercise.

Info-Tech provides various topics suited for a data literacy program that can accommodate different data skill requirements and encompasses relevant aspects of business, IT, and data.

Info-Tech Research Group’s Data Literacy Program

Use discovery and diagnostics to understand users’ comfort level and maturity with data.

Data lunch 'n' learn

• The power and value of data
• Everyone is a data steward
• Becoming data literate
• Data 101
• The future is data

1 hour

Speak data

• What is data
• Meet the data team
• Day in the life of a steward
• How data impacts you
• Tools of the trade

1/2 day

Your data story

• Ask the right questions
• Find the top five data elements
• Understand your data
• Present your data story
• Lessons from COVID-19

1/2 day

Phase 2

Assess Learning Style and Align to Program Design

Foster Data-Driven Culture With Data Literacy

This phase will walk you through the following activities:

• Identify your audience.
• Assess learning styles and align them to the data program design.
• Determine the right delivery method.

This phase involves the following participants:

• Data governance sponsor
• Data owners
• Data stewards
• Data custodians

Avoid common pitfalls

75%

feel that training was too long to remember or to apply in their day-to-day work.

21%

find training had insufficient follow-up to help them apply on the job.

Source: Grovo, 2018.

1. Information Overload

   Trying to cover too much useful information results in overwhelm and does not deliver on key training objectives.

2. Limited Implementation

   Learning is only the beginning. The real results are obtained when learning is followed by practice, which turns new knowledge into reliable habits.

3. Lack of Organizational Alignment

   Implementing training without a clear link to organizational objectives leaves you unable to clearly communicate its value, undermines your ability to secure buy-in from attendees and executives, and leaves you unable to verify that the training is actually improving effectiveness.

2.1 Understand learning style

1. Create persona and identify the audiences and their roles in data across all levels of the organization.
2. Identify the data program initiatives and assign the best delivery method to each initiative.
3. Assign participants to each program initiative based on their skill gap and learning style.

You and data

Is data an integral part of your work?

Do you feel comfortable finding and using data in your organization?

• Many people feel intimidated by data and therefore miss out on what data can do for them.
• Often the obstacle is language. If you don’t understand the semantics around data, you will not feel confident to contribute to discussions around data.
• You use data every day but need additional vocabulary to understand how to handle it properly.
• Data literacy is the ability to “speak data” and to understand what data means (i.e. how to read charts and graphs, draw valid conclusions, and recognize when data is misinterpreted or used inappropriately to be misleading).
• The business often doesn’t understand its role in data governance and how it informs and assists IT in responsible data management.

Info-Tech Insight

IT and data professionals need to understand the business as much as business needs to talk about data. Bidirectional learning and feedback improves the synergy between business and IT.

Create personas

Persona creation is a way to brainstorm ideas for the data literacy program.

Choose a data role (e.g. data steward, data owner, data scientist).

Describe the persona based on goals, priorities, tenures, preferred learning style, type of work with data.

Identify data skill and level of skills required.

Consider these other ways to brainstorm:

• Review current in-flight projects.
• Analyze types of data requests.
• Understand needs by department.
• Share learnings in a community of practice.

Program design

Categorize into six data skill areas

Not everyone needs the same level of skill sets

Map the personas to the program

Bridging the data knowledge gap.

• Each component will promote the value of data to all levels of employees when demonstrating the right way for data to be understood, managed, and consumed in the organization.
• Categorizing the data literacy program into six areas and levels of skill sets will provide clarity into which areas to focus on.
• The program is intended to be implemented in stages, allowing the audience to learn and adopt the new skills. Leveraging in-flight projects for rolling out training will have a higher success because the need is already built into the project.

Align program design to learning styles

Info-Tech Insight

Tailor your data literacy program to meet your organization’s needs, filling your range of knowledge gaps and catering to different levels of users.

When it comes to rolling out a data literacy program, there is no one-size-fits-all solution. Your data literacy program is intended to spread knowledge throughout your organization. It should target everyone from executive leadership to management to subject matter experts across all functions of the business.

Discussion method

Delivery Method

• Interactive format between instructor and learner
• Instructor empowers and motivates learner through dialogues and exercises

The imaginative learner

The imaginative learner group likes to engage in feelings and spend time on reflection. This type of learner desires personal meaning and involvement. They focus on personal values for themselves and others and make connections quickly.

For this group of learners, their question is: why should I learn this?

Learning characteristics

• Seek meaning
• Need to be personally involved
• Learn by listening and sharing ideas
• Function through social interaction

Information method

Delivery Method

• Instructor does most of the talking in the training
• Instructor is teaching the content, delivering the training content, and demonstrating

Analytical learner

The analytical learner group likes to listen, to think about information, and to come up with ideas. They are interested in acquiring facts and delving into concepts and processes. They can learn effectively and enjoy doing independent research.

For this group of learners, their question is: what should I learn?

Learning characteristics

• Seek and examine the facts
• Need to know what experts think
• Interested in ideas and concepts
• Critique information and collect data
• Function by adapting to experts

Coaching method

Delivery Method

• Learning has on-the-job training or learning through role-play exercises
• Instructor is coaching and facilitating learner

Common sense learner

The common sense learner group likes thinking and doing. They are satisfied when they can carry out experiments, build and design, and create usability. They like tinkering and applying useful ideas.

For this group of learners, their question is: how should I learn?

Learning characteristics

• Seek usability
• Need to know how things work
• Learn by testing theories using practical methods
• Use factual data to build concepts
• Enjoy hands-on experience

Self-discovery method

Delivery Method

• Interactive format between instructor and learner
• Instructor provides evaluation and remedial instruction

Common sense learner

The dynamic learner group learns through doing and experiencing. They are continually looking for hidden possibilities and researching ideas to make original adjustments. They learn through trial and error and self-discovery.

For this group of learners, their question is: what if I learn this?

Learning characteristics

• Seek hidden possibilities
• Need to know what can be done with things
• Learn by trial and error
• Enjoy variety and excel in being flexible

Delivery method considerations

There are four common ways to learn a new skill: by watching, conceptualizing, doing, and experiencing. The following are some suggestions on ways to implement your data literacy program through different delivery methods.

Phase 3

Map Out Data Literacy Roadmap and Milestones

Foster Data-Driven Culture With Data Literacy

This phase will walk you through the following activities:

• Complete a roadmap exercise.
• Set key performance metrics and milestones.

This phase involves the following participants:

• Data governance sponsor
• Data owners
• Data stewards
• Data custodians

3.1 Build the data literacy roadmap and milestones

1-3 hours

1. Gather the data literacy objectives and list of program initiatives with their assigned groups.
2. Discuss each program initiative with the data literacy creation team, assigning content owners and estimating effort required to build the content.

For the Gantt chart:

• Input the roadmap start year.
• List each data literacy topic and delivery method.
• Populate the planned start and end dates for the prepopulated list of program initiatives.

Data literacy journey mapping

Making it sustainable

• Deliver the literacy program in stages to make it easier for the audience to consume the content.
• Allow opportunities to apply the learnings at work.
• Map out the data literacy trainings as they get delivered and identify gaps, if any. Continue to refine and adjust the program and delivery method for better outcome.
• Set clear goals and KPIs measurement up front.
• Conduct Info-Tech Research Group’s Data Culture Diagnostics to set the baseline and repeat the assessment in 12 to 18 months.
• Assign champions to lead change and influence end users to adopt better processes.

Research contributors

Info-Tech’s Data Literacy Program

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

Related Info-Tech Research

Establish Data Governance

Deliver measurable business value.

Build a Robust and Comprehensive Data Strategy

Key to building and fostering a data-driven culture.

Create a Data Management Roadmap

Streamline your data management program with our simplified framework.

Bibliography

About Learning. “4MAT overview.” About Learning., 16 Aug. 2001. Web.

Accenture. “The Human Impact of Data Literacy,” Accenture, 2020. Web.

Anand, Shivani. “IDC Reveals India Data and Content Technologies Predictions for 2022 and onwards; Focus on Data Literacy for an Elevated data Culture.” IDC, 14 Mar. 2022. Web.

Belissent, Jennifer, and Aaron Kalb. “Data Literacy: The Key to Data-Driven Decision Making.” Alation, April 2020. Web.

Brown, Sara. “How to build data literacy in your company.” MIT Sloan School of Management, 9 Feb 2021. Web.

---. “How to build a data-driven company.” MIT Sloan School of Management, 24 Sept. 2020. Web.

Domo. “Data Never Sleeps 9.0.” Domo, 2021. Web.

Dykes, Brent. “Creating A Data-Driven Culture: Why Leading By Example Is Essential.” Forbes, 26 Oct. 2017. Web.

Experian. “10 signs you are sitting on a pile of data debt.” Experian, 2020. Accessed 25 June 2021. Web.

Experian. “2019 Global Data Management Research.” Experian, 2019. Web.

Knight, Michelle. “Data Literacy Trends in 2023: Formalizing Programs.” Dataversity, 3 Jan. 2023. Web.

Ghosh, Paramita. “Data Literacy Skills Every Organization Should Build.” Dataversity, 2 Nov. 2022. Web.

Johnson, A., et al., “How to Build a Strategy in a Digital World,” Compact, 2018, vol. 2. Web.

LifeTrain. “Learning Style Quiz.” EMTrain, Web.

Lambers, E., et al. “How to become data literate and support a data-drive culture.” Compact, 2018, vol. 4. Web.

Marr, Benard. “Why is data literacy important for any business?” Bernard Marr & Co., 16 Aug. 2022. Web.

Marr, Benard. “8 simple ways to enhance your data literacy skills.” Bernard Marr & Co., 16 Aug. 2022. Web/

Mendoza, N.F. “Data literacy: Time to cure data phobia” Tech Republic, 27 Sept. 2022. Web.

Mizrahi, Etai. “How to stay ahead of data debt and downtime?” Secoda, 17 April 2023. Web.

Needham, Mass., “IDC FutureScape: Top 10 Predictions for the Future of Intelligence.” IDC, 5 Dec. 2022. Web.

Paton, J., and M.A.P. op het Veld. “Trusted Analytics.” Compact, 2017, vol. 2. Web.

Qlik. “Data Literacy to be Most In-Demand Skill by 2030 as AI Transforms Global Workplaces.” Qlik., 16 Mar 2022. Web.

Qlik. “What is data literacy?” Qlik, n.d. Web.

Reed, David. Becoming Data Literate. Harriman House Publishing, 1 Sept. 2021. Print.

Salomonsen, Summer. “Grovo’s First-Time Manager Microlearning® Program Will Help Your New Managers Thrive in 2018.” Grovos Blog, 5 Dec. 2018. Web.

Webb, Ryan. “More Than Just Reporting: Uncovering Actionable Insights From Data.” Welocalize, 1 Sept. 2020. Web.