Implement Lean Management Practices That Work

  • Buy Link or Shortcode: {j2store}116|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Performance Measurement
  • Parent Category Link: /performance-measurement
  • Service delivery teams do not measure, or have difficulty demonstrating, the value they provide.
  • There is a lack of continuous improvement.
  • There is low morale within the IT teams leading to low productivity.

Our Advice

Critical Insight

  • Create a problem-solving culture. Frequent problem solving is the differentiator between sustaining Lean or falling back to old management methods.
  • Commit to employee growth. Empower teams to problem solve and multiply your organizational effectiveness.

Impact and Result

  • Apply Lean management principles to IT to create alignment and transparency and drive continuous improvement and customer value.
  • Implement huddles and visual management.
  • Build team capabilities.
  • Focus on customer value.
  • Use metrics and data to make better decisions.
  • Systematically solve problems and improve performance.
  • Develop an operating rhythm to promote adherence to Lean.

Implement Lean Management Practices That Work Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out how a Lean management system can help you increase transparency, demonstrate value, engage your teams and customers, continuously improve, and create alignment.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Understand Lean concepts

Understand what a Lean management system is, review Lean philosophies, and examine simple Lean tools and activities.

  • Implement Lean Management Practices That Work – Phase 1: Understand Lean Concepts
  • Lean Management Education Deck

2. Determine the scope of your implementation

Understand the implications of the scope of your Lean management program.

  • Implement Lean Management Practices That Work – Phase 2: Determine the Scope of Your Implementation
  • Lean Management Scoping Tool

3. Design huddle board

Examine the sections and content to include in your huddle board design.

  • Implement Lean Management Practices That Work – Phase 3: Design Huddle Board
  • Lean Management Huddle Board Template

4. Design Leader Standard Work and operating rhythm

Determine the actions required by leaders and the operating rhythm.

  • Implement Lean Management Practices That Work – Phase 4: Design Leader Standard Work and Operating Rhythm
  • Leader Standard Work Tracking Template
[infographic]

Workshop: Implement Lean Management Practices That Work

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Understand Lean Concepts

The Purpose

Understand Lean management.

Key Benefits Achieved

Gain a common understanding of Lean management, the Lean management thought model, Lean philosophies, huddles, visual management, team growth, and voice of customer.

Activities

1.1 Define Lean management in your organization.

1.2 Create training materials.

Outputs

Lean management definition

Customized training materials

2 Understand Lean Concepts (Continued) and Determine Scope

The Purpose

Understand Lean management.

Determine the scope of your program.

Key Benefits Achieved

Understand metrics and performance review.

Understand problem identification and continuous improvement.

Understand Kanban.

Understand Leader Standard Work.

Define the scope of the Lean management program.

Activities

2.1 Develop example operational metrics

2.2 Simulate problem section.

2.3 Simulate Kanban.

2.4 Build scoping tool.

Outputs

Understand how to use operational metrics

Understand problem identification

Understand Kanban/daily tasks section

Defined scope for your program

3 Huddle Board Design and Huddle Facilitation Coaching

The Purpose

Design the sections and content for your huddle board.

Key Benefits Achieved

Initial huddle board design.

Activities

3.1 Design and build each section in your huddle board.

3.2 Simulate coaching conversations.

Outputs

Initial huddle board design

Understanding of how to conduct a huddle

4 Design and Build Leader Standard Work

The Purpose

Design your Leader Standard Work activities.

Develop a schedule for executing Leader Standard Work.

Key Benefits Achieved

Standard activities identified and documented.

Sample schedule developed.

Activities

4.1 Identify standard activities for leaders.

4.2 Develop a schedule for executing Leader Standard Work.

Outputs

Leader Standard Work activities documented

Initial schedule for Leader Standard Work activities

Manage End-User Devices

  • Buy Link or Shortcode: {j2store}307|cart{/j2store}
  • member rating overall impact (scale of 10): 10.0/10 Overall Impact
  • member rating average dollars saved: $45,499 Average $ Saved
  • member rating average days saved: 10 Average Days Saved
  • Parent Category Name: End-User Computing Devices
  • Parent Category Link: /end-user-computing-devices
  • Desktop and mobile device management teams use separate tools and different processes.
  • People at all levels of IT are involved in device management.
  • Vendors are pushing unified endpoint management (UEM) products, and teams struggling with device management are hoping that UEM is their savior.
  • The number and variety of devices will only increase with the continued advance of mobility and emergence of the Internet of Things (IoT).

Our Advice

Critical Insight

  • Many problems can be solved by fixing roles, responsibilities, and process. Standardize so you can optimize.
  • UEM is not a silver bullet. Your current solution can image computers in less than 4 hours if you use lean images.
  • Done with, not done to. Getting input from the business will improve adoption, avoid frustration, and save everyone time.

Impact and Result

  • Define the benefits that you want to achieve and optimize based on those benefits.
  • Take an evolutionary, rather than revolutionary, approach to merging end-user support teams. Process and tool unity comes first.
  • Define the roles and responsibilities involved in end-user device management, and create a training plan to ensure everyone can execute their responsibilities.
  • Stop using device management practices from the era of Windows XP. Create a plan for lean images and app packages.

Manage End-User Devices Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should optimize end-user device management, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Identify the business and IT benefits of optimizing endpoint management

Get your desktop and mobile device support teams out of firefighting mode by identifying the real problem.

  • Manage End-User Devices – Phase 1: Identify the Business and IT Benefits
  • End-User Device Management Standard Operating Procedure
  • End-User Device Management Executive Presentation

2. Improve supporting teams and processes

Improve the day-to-day operations of your desktop and mobile device support teams through role definition, training, and process standardization.

  • Manage End-User Devices – Phase 2: Improve Supporting Teams and Processes
  • End-User Device Management Workflow Library (Visio)
  • End-User Device Management Workflow Library (PDF)

3. Improve supporting technologies

Stop using management tools and techniques from the Windows XP era. Save yourself, and your technicians, from needless pain.

  • Manage End-User Devices – Phase 3: Improve Supporting Technologies
[infographic]

Workshop: Manage End-User Devices

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Identify the Business and IT Benefits of Optimizing End-User Device Management

The Purpose

Identify how unified endpoint management (UEM) can improve the lives of the end user and of IT.

Key Benefits Achieved

Cutting through the vendor hype and aligning with business needs.

Activities

1.1 Identify benefits you can provide to stakeholders.

1.2 Identify business and IT goals in order to prioritize benefits.

1.3 Identify how to achieve benefits.

1.4 Define goals based on desired benefits.

Outputs

Executive presentation

2 Improve the Teams and Processes That Support End-User Device Management

The Purpose

Ensure that your teams have a consistent approach to end-user device management.

Key Benefits Achieved

Developed a standard approach to roles and responsibilities, to training, and to device management processes.

Activities

2.1 Align roles to your environment.

2.2 Assign architect-, engineer-, and administrator-level responsibilities.

2.3 Rationalize your responsibility matrix.

2.4 Ensure you have the necessary skills.

2.5 Define Tier 2 processes, including patch deployment, emergency patch deployment, device deployment, app deployment, and app packaging.

Outputs

List of roles involved in end-user device management

Responsibility matrix for end-user device management

End-user device management training plan

End-user device management standard operating procedure

Workflows and checklists of end-user device management processes

3 Improve the Technologies That Support End-User Device Management

The Purpose

Modernize the toolset used by IT to manage end-user devices.

Key Benefits Achieved

Saving time and resources for many standard device management processes.

Activities

3.1 Define the core image for each device/OS.

3.2 Define app packages.

3.3 Gather action items for improving the support technologies.

3.4 Create a roadmap for improving end-user device management.

3.5 Create a communication plan for improving end-user device management.

Outputs

Core image outline

Application package outline

End-user device management roadmap

End-user device management communication plan

Data Architecture

  • Buy Link or Shortcode: {j2store}17|cart{/j2store}
  • Related Products: {j2store}17|crosssells{/j2store}
  • member rating overall impact (scale of 10): 9.5/10
  • member rating average dollars saved: $30,159
  • member rating average days saved: 5
  • Parent Category Name: Data and Business Intelligence
  • Parent Category Link: /data-and-business-intelligence
Enable the business to achieve operational excellence, client intimacy, and product leadership with an innovative, agile, and fit-for-purpose data architecture practice

Domino – Maintain, Commit to, or Vacate?

If you have a Domino/Notes footprint that is embedded within your business units and business processes and is taxing your support organization, you may have met resistance from the business and been asked to help the organization migrate away from the Lotus Notes platform. The Lotus Notes platform was long used by technology and businesses and a multipurpose solution that, over the years, became embedded within core business applications and processes.

Our Advice

Critical Insight

For organizations that are struggling to understand their options for the Domino platform, the depth of business process usage is typically the biggest operational obstacle. Migrating off the Domino platform is a difficult option for most organizations due to business process and application complexity. In addition, migrating clients have to resolve the challenges with more than one replaceable solution.

Impact and Result

The most common tactic is for the organization to better understand their Domino migration options and adopt an application rationalization strategy for the Domino applications entrenched within the business. Options include retiring, replatforming, migrating, or staying with your Domino platform.

Domino – Maintain, Commit to, or Vacate? Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Domino – Maintain, Commit to, or Vacate? – A brief deck that outlines key migration options for HCL Domino platforms.

This blueprint will help you assess the fit, purpose, and price of Domino options; develop strategies for overcoming potential challenges; and determine the future of Domino for your organization.

  • Domino – Maintain, Commit to, or Vacate? Storyboard

2. Application Rationalization Tool – A tool to understand your business-developed applications, their importance to business process, and the potential underlying financial impact.

Use this tool to input the outcomes of your various application assessments.

  • Application Rationalization Tool

Infographic

Further reading

Domino – Maintain, Commit to, or Vacate?

Lotus Domino still lives, and you have options for migrating away from or remaining with the platform.

Executive Summary

Info-Tech Insight

“HCL announced that they have somewhere in the region of 15,000 Domino customers worldwide, and also claimed that that number is growing. They also said that 42% of their customers are already on v11 of Domino, and that in the year or so since that version was released, it’s been downloaded 78,000 times. All of which suggests that the Domino platform is, in fact, alive and well.”
– Nigel Cheshire in Team Studio

Your Challenge

You have a Domino/Notes footprint embedded within your business units and business processes. This is taxing your support organization; you are meeting resistance from the business, and you are now asked to help the organization migrate away from the Lotus Notes platform. The Lotus Notes platform was long used by technology and businesses as a multipurpose solution that, over the years, became embedded within core business applications and processes.

Common Obstacles

For organizations that are struggling to understand their options for the Domino platform, the depth of business process usage is typically the biggest operational obstacle. Migrating off the Domino platform is a difficult option for most organizations due to business process and application complexity. In addition, migrating clients have to resolve the challenges with more than one replaceable solution.

Info-Tech Approach

The most common tactic is for the organization to better understand their Domino migration options and adopt an application rationalization strategy for the Domino applications entrenched within the business. Options include retiring, replatforming, migrating, or staying with your Domino platform.

Review

Is “Lotus” Domino still alive?

Problem statement

The number of member engagements with customers regarding the Domino platform has, as you might imagine, dwindled in the past couple of years. While many members have exited the platform, there are still many members and organizations that have entered a long exit program, but with how embedded Domino is in business processes, the migration has slowed and been met with resistance. Some organizations had replatformed the applications but found that the replacement target state was inadequate and introduced friction because the new solution was not a low-code/business-user-driven environment. This resulted in returning the Domino platform to production and working through a strategy to maintain the environment.

This research is designed for:

  • IT strategic direction decision-makers
  • IT managers responsible for an existing Domino platform
  • Organizations evaluating migration options for mission-critical applications running on Domino

This research will help you:

  1. Evaluate migration options.
  2. Assess the fit and purpose.
  3. Consider strategies for overcoming potential challenges.
  4. Determine the future of this platform for your organization.

The “everything may work” scenario

Adopt and expand

Believe it or not, Domino and Notes are still options to consider when determining a migration strategy. With HCL still committed to the platform, there are options organizations should seek to better understand rather than assuming SharePoint will solve all. In our research, we consider:

Importance to current business processes

  • Importance of use
  • Complexity in migrations
  • Choosing a new platform

Available tools to facilitate

  • Talent/access to skills
  • Economies of scale/lower cost at scale
  • Access to technology

Info-Tech Insight

With multiple options to consider, take the time to clearly understand the application rationalization process within your decision making.

  • Archive/retire
  • Application migration
  • Application replatform
  • Stay right where you are

Eliminate your bias – consider the advantages

“There is a lot of bias toward Domino; decisions are being made by individuals who know very little about Domino and more importantly, they do not know how it impacts business environment.”

– Rob Salerno, Founder & CTO, Rivet Technology Partners

Domino advantages include:

Modern Cloud & Application

  • No-code/low-code technology

Business-Managed Application

  • Business written and supported
  • Embrace the business support model
  • Enterprise class application

Leverage the Application Taxonomy & Build

  • A rapid application development platform
  • Develop skill with HCL training

HCL Domino is a supported and developed platform

Why consider HCL?

  • Consider scheduling a Roadmap Session with HCL. This is an opportunity to leverage any value in the mission and brand of your organization to gain insights or support from HCL.
  • Existing Domino customers are not the only entities seeking certainty with the platform. Software solution providers that support enterprise IT infrastructure ecosystems (backup, for example) will also be seeking clarity for the future of the platform. HCL will be managing these relationships through the channel/partner management programs, but our observations indicate that Domino integrations are scarce.
  • HCL Domino should be well positioned feature-wise to support low-code/NoSQL demands for enterprises and citizen developers.

Visualize Your Application Roadmap

  1. Focus on the application portfolio and crafting a roadmap for rationalization.
    • The process is intended to help you determine each application’s functional and technical adequacy for the business process that it supports.
  2. Document your findings on respective application capability heatmaps.
    • This drives your organization to a determination of application dispositions and provides a tool to output various dispositions for you as a roadmap.
  3. Sort the application portfolio into a disposition status (keep, replatform, retire, consolidate, etc.)
    • This information will be an input into any cloud migration or modernization as well as consolidation of the infrastructure, licenses, and support for them.

Our external support perspective

by Darin Stahl

Member Feedback

  • Some members who have remaining Domino applications in production – while the retire, replatform, consolidate, or stay strategy is playing out – have concerns about the challenges with ongoing support and resources required for the platform. In those cases, some have engaged external services providers to augment staff or take over as managed services.
  • While there could be existing support resources (in house or on retainer), the member might consider approaching an external provider who could help backstop the single resource or even provide some help with the exit strategies. At this point, the conversation would be helpful in any case. One of our members engaged an external provider in a Statement of Work for IBM Domino Administration focused on one-time events, Tier 1/Tier 2 support, and custom ad hoc requests.
  • The augmentation with the managed services enabled the member to shift key internal resources to a focus on executing the exit strategies (replatform, retire, consolidate), since the business knowledge was key to that success.
  • The member also very aggressively governed the Domino environment support needs to truly technical issues/maintenance of known and supported functionality rather than coding new features (and increasing risk and cost in a migration down the road) – in short, freezing new features and functionality unless required for legal compliance or health and safety.
  • There obviously are other providers, but at this point Info-Tech no longer maintains a market view or scan of those related to Domino due to low member demand.

Domino database assessments

Consider the database.

  • Domino database assessments should be informed through the lens of a multi-value database, like jBase, or an object system.
  • The assessment of the databases, often led by relational database subject matter experts grounded in normalized databases, can be a struggle since Notes databases must be denormalized.
Key/Value Column

Use case: Heavily accessed, rarely updated, large amounts of data
Data Model: Values are stored in a hash table of keys.
Fast access to small data values, but querying is slow
Processor friendly
Based on amazon's Dynamo paper
Example: Project Voldemort used by LinkedIn

this is a Key/Value example

Use case: High availability, multiple data centers
Data Model: Storage blocks of data are contained in columns
Handles size well
Based on Google's BigTable
Example: Hadoop/Hbase used by Facebook and Yahoo

This is a Column Example
Document Graph

Use case: Rapid development, Web and programmer friendly
Data Model: Stores documents made up of tagged elements. Uses Key/Value collections
Better query abilities than Key/Value databases.
Inspired by Lotus Notes.
Example: CouchDB used by BBC

This is a Document Example

Use case: Best at dealing with complexity and relationships/networks
Data model: Nodes and relationships.
Data is processed quickly
Inspired by Euler and graph theory
Can easily evolve schemas
Example: Neo4j

This is a Graph Example

Understand your options

Archive/Retire

Store the application data in a long-term repository with the means to locate and read it for regulatory and compliance purposes.

Migrate

Migrate to a new version of the application, facilitating the process of moving software applications from one computing environment to another.

Replatform

Replatforming is an option for transitioning an existing Domino application to a new modern platform (i.e. cloud) to leverage the benefits of a modern deployment model.

Stay

Review the current Domino platform roadmap and understand HCL’s support model. Keep the application within the Domino platform.

Archive/retire

Retire the application, storing the application data in a long-term repository.

Abstract

The most common approach is to build the required functionality in whatever new application/solution is selected, then archive the old data in PDFs and documents.

Typically this involves archiving the data and leveraging Microsoft SharePoint and the new collaborative solutions, likely in conjunction with other software-as-a-service (SaaS) solutions.

Advantages

  • Reduce support cost.
  • Consolidate applications.
  • Reduce risk.
  • Reduce compliance and security concerns.
  • Improve business processes.

Considerations

  • Application transformation
  • eDiscovery costs
  • Legal implications
  • Compliance implications
  • Business process dependencies

Info-Tech Insights

Be aware of the costs associated with archiving. The more you archive, the more it will cost you.

Application migration

Migrate to a new version of the application

Abstract

An application migration is the managed process of migrating or moving applications (software) from one infrastructure environment to another.

This can include migrating applications from one data center to another data center, from a data center to a cloud provider, or from a company’s on-premises system to a cloud provider’s infrastructure.

Advantages

  • Reduce hardware costs.
  • Leverage cloud technologies.
  • Improve scalability.
  • Improve disaster recovery.
  • Improve application security.

Considerations

  • Data extraction, starting from the document databases in NSF format and including security settings about users and groups granted to read and write single documents, which is a powerful feature of Lotus Domino documents.
  • File extraction, starting from the document databases in NSF format, which can contain attachments and RTF documents and embedded files.
  • Design of the final relational database structure; this activity should be carried out without taking into account the original structure of the data in Domino files or the data conversion and loading, from the extracted format to the final model.
  • Design and development of the target-state custom applications based on the new data model and the new selected development platform.

Application replatform

Transition an existing Domino application to a new modern platform

Abstract

This type of arrangement is typically part of an application migration or transformation. In this model, client can “replatform” the application into an off-premises hosted provider platform. This would yield many benefits of cloud but in a different scaling capacity as experienced with commodity workloads (e.g. Windows, Linux) and the associated application.

Two challenges are particularly significant when migrating or replatforming Domino applications:

  • The application functionality/value must be reproduced/replaced with not one but many applications, either through custom coding or a commercial-off-the-shelf/SaaS solution.
  • Notes “databases” are not relational databases and will not migrate simply to an SQL database while retaining the same business value. Notes databases are essentially NoSQL repositories and are difficult to normalize.

Advantages

  • Leverage cloud technologies.
  • Improve scalability.
  • Align to a SharePoint platform.
  • Improve disaster recovery.
  • Improve application security.

Considerations

  • Application replatform resource effort
  • Network bandwidth
  • New platform terms and conditions
  • Secure connectivity and communication
  • New platform security and compliance
  • Degree of complexity

Info-Tech Insights

There is a difference between a migration and a replatform application strategy. Determine which solution aligns to the application requirements.

Stay with HCL

Stay with HCL, understanding its future commitment to the platform.

Abstract

Following the announced acquisition of IBM Domino and up until around December 2019, HCL had published no future roadmap for the platform. The public-facing information/website at the time stated that HCL acquired “the product family and key lab services to deliver professional services.” Again, there was no mention or emphasis on upcoming new features for the platform. The product offering on their website at the time stated that HCL would leverage its services expertise to advise clients and push applications into four buckets:

  1. Replatform
  2. Retire
  3. Move to cloud
  4. Modernize

That public-facing messaging changed with release 11.0, which had references to IBM rebranded to HCL for the Notes and Domino product – along with fixes already inflight. More information can be found on HCL’s FAQ page.

Advantages

  • Known environment
  • Domino is a supported platform
  • Domino is a developed platform
  • No-code/low-code optimization
  • Business developed applications
  • Rapid application framework

This is the HCL Domino Logo

Understand your tools

Many tools are available to help evaluate or migrate your Domino Platform. Here are a few common tools for you to consider.

Notes Archiving & Notes to SharePoint

Summary of Vendor

“SWING Software delivers content transformation and archiving software to over 1,000 organizations worldwide. Our solutions uniquely combine key collaborative platforms and standard document formats, making document production, publishing, and archiving processes more efficient.”*

Tools

Lotus Notes Data Migration and Archiving: Preserve historical data outside of Notes and Domino

Lotus Note Migration: Replacing Lotus Notes. Boost your migration by detaching historical data from Lotus Notes and Domino.

Headquarters

Croatia

Best fit

  • Application archive and retire
  • Migration to SharePoint

This is an image of the SwingSoftware Logo

* swingsoftware.com

Domino Migration to SharePoint

Summary of Vendor

“Providing leading solutions, resources, and expertise to help your organization transform its collaborative environment.”*

Tools

Notes Domino Migration Solutions: Rivit’s industry-leading solutions and hardened migration practice will help you eliminate Notes Domino once and for all.

Rivive Me: Migrate Notes Domino applications to an enterprise web application

Headquarters

Canada

Best fit

  • Application Archive & Retire
  • Migration to SharePoint

This is an image of the RiVit Logo

* rivit.ca

Lotus Notes to M365

Summary of Vendor

“More than 300 organizations across 40+ countries trust skybow to build no-code/no-compromise business applications & processes, and skybow’s community of customers, partners, and experts grows every day.”*

Tools

SkyBow Studio: The low-code platform fully integrated into Microsoft 365

Headquarters:

Switzerland

Best fit

  • Application Archive & Retire
  • Migration to SharePoint

This is an image of the SkyBow Logo

* skybow.com | About skybow

Notes to SharePoint Migration

Summary of Vendor

“CIMtrek is a global software company headquartered in the UK. Our mission is to develop user-friendly, cost-effective technology solutions and services to help companies modernize their HCL Domino/Notes® application landscape and support their legacy COBOL applications.”*

Tools

CIMtrek SharePoint Migrator: Reduce the time and cost of migrating your IBM® Lotus Notes® applications to Office 365, SharePoint online, and SharePoint on premises.

Headquarters

United Kingdom

Best fit

  • Application replatform
  • Migration to SharePoint

This is an image of the CIMtrek Logo

* cimtrek.com | About CIMtrek

Domino replatform/Rapid application selection framework

Summary of Vendor

“4WS.Platform is a rapid application development tool used to quickly create multi-channel applications including web and mobile applications.”*

Tools

4WS.Platform is available in two editions: Community and Enterprise.
The Platform Enterprise Edition, allows access with an optional support pack.

4WS.Platform’s technical support provides support services to the users through support contracts and agreements.

The platform is a subscription support services for companies using the product which will allow customers to benefit from the knowledge of 4WS.Platform’s technical experts.

Headquarters

Italy

Best fit

  • Application replatform

This is an image of the 4WS PLATFORM Logo

* 4wsplatform.org

Activity

Understand your Domino options

Application Rationalization Exercise

Info-Tech Insight

Application rationalization is the perfect exercise to fully understand your business-developed applications, their importance to business process, and the potential underlying financial impact.

This activity involves the following participants:

  • IT strategic direction decision-makers.
  • IT managers responsible for an existing Domino platform
  • Organizations evaluating platforms for mission-critical applications.

Outcomes of this step:

  • Completed Application Rationalization Tool

Application rationalization exercise

Use this Application Rationalization Tool to input the outcomes of your various application assessments

In the Application Entry tab:

  • Input your application inventory or subset of apps you intend to rationalize, along with some basic information for your apps.

In the Business Value & TCO Comparison tab, determine rationalization priorities.

  • Input your business value scores and total cost of ownership (TCO) of applications.
  • Review the results of this analysis to determine which apps should require additional analysis and which dispositions should be prioritized.

In the Disposition Selection tab:

  • Add to or adapt our list of dispositions as appropriate.

In the Rationalization Inputs tab:

  • Add or adapt the disposition criteria of your application rationalization framework as appropriate.
  • Input the results of your various assessments for each application.

In the Disposition Settings tab:

  • Add or adapt settings that generate recommended dispositions based on your rationalization inputs.

In the Disposition Recommendations tab:

  • Review and compare the rationalization results and confirm if dispositions are appropriate for your strategy.

In the Timeline Considerations tab:

  • Enter the estimated timeline for when you execute your dispositions.

In the Portfolio Roadmap tab:

  • Review and present your roadmap and rationalization results.

Follow the instructions to generate recommended dispositions and populate an application portfolio roadmap.

This image depicts a scatter plot graph where the X axis is labeled Business Value, and the Y Axis is labeled Cost. On the graph, the following datapoints are displayed: SF; HRIS; ERP; ALM; B; A; C; ODP; SAS

Info-Tech Insight

Watch out for misleading scores that result from poorly designed criteria weightings.

Related Info-Tech Research

Build an Application Rationalization Framework

Manage your application portfolio to minimize risk and maximize value.

Embrace Business-Managed Applications

Empower the business to implement their own applications with a trusted business-IT relationship.

Satisfy Digital End Users With Low- and No-Code

Extend IT, automation, and digital capabilities to the business with the right tools, good governance, and trusted organizational relationships.

Maximize the Benefits from Enterprise Applications with a Center of Excellence

Optimize your organization’s enterprise application capabilities with a refined and scalable methodology.

Drive Successful Sourcing Outcomes With a Robust RFP Process

Leverage your vendor sourcing process to get better results.

Research Authors

Darin Stahl, Principal Research Advisor, Info-Tech Research Group

Darin Stahl, Principal Research Advisor,
Info-Tech Research Group

Darin is a Principal Research Advisor within the Infrastructure practice, leveraging 38+ years of experience. His areas of focus include IT operations management, service desk, infrastructure outsourcing, managed services, cloud infrastructure, DRP/BCP, printer management, managed print services, application performance monitoring, managed FTP, and non-commodity servers (zSeries, mainframe, IBM i, AIX, Power PC).

Troy Cheeseman, Practice Lead, Info-Tech Research Group

Troy Cheeseman, Practice Lead,
Info-Tech Research Group

Troy has over 24 years of experience and has championed large enterprise-wide technology transformation programs, remote/home office collaboration and remote work strategies, BCP, IT DRP, IT operations and expense management programs, international right placement initiatives, and large technology transformation initiatives (M&A). Additionally, he has deep experience working with IT solution providers and technology (cloud) startups.

Research Contributors

Rob Salerno, Founder & CTO, Rivit Technology Partners

Rob Salerno, Founder & CTO, Rivit Technology Partners

Rob is the Founder and Chief Technology Strategist for Rivit Technology Partners. Rivit is a system integrator that delivers unique IT solutions. Rivit is known for its REVIVE migration strategy which helps companies leave legacy platforms (such as Domino) or move between versions of software. Rivit is the developer of the DCOM Application Archiving solution.

Bibliography

Cheshire, Nigel. “Domino v12 Launch Keeps HCL Product Strategy On Track.” Team Studio, 19 July 2021. Web.

“Is LowCode/NoCode the best platform for you?” Rivit Technology Partners, 15 July 2021. Web.

McCracken, Harry. “Lotus: Farewell to a Once-Great Tech Brand.” TIME, 20 Nov. 2012. Web.

Sharwood, Simon. “Lotus Notes refuses to die, again, as HCL debuts Domino 12.” The Register, 8 June 2021. Web.

Woodie, Alex. “Domino 12 Comes to IBM i.” IT Jungle, 16 Aug. 2021. Web.

Identify and Manage Financial Risk Impacts on Your Organization

  • Buy Link or Shortcode: {j2store}218|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Vendor Management
  • Parent Category Link: /vendor-management
  • As vendors become more prevalent in organizations, organizations increasingly need to understand and manage the potential financial impacts of vendors’ actions.
  • It is only a matter of time until a vendor mistake impacts your organization. Make sure you are prepared to manage the adverse financial consequences.

Our Advice

Critical Insight

  • Identifying and managing a vendor’s potential financial impact requires multiple people in the organization across several functions – and those people all need educating on the potential risks.
  • Organizational leadership is often unaware of decisions on organizational risk appetite and tolerance, and they assume there are more protections in place against risk impact than there truly are.

Impact and Result

  • Vendor management practices educate organizations on the different potential financial impacts that vendors may incur and suggest systems to help manage them.
  • Prioritize and classify your vendors with quantifiable, standardized rankings.
  • Prioritize focus on your high-risk vendors.
  • Standardize your processes for identifying and monitoring vendor risks to manage financial impacts with our Financial Risk Impact Tool.

Identify and Manage Financial Risk Impacts on Your Organization Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Identify and Manage Financial Risk Impact on Your Organization Deck – Use the research to better understand the negative financial impacts of vendor actions.

Use this research to identify and quantify the potential financial impacts of vendors’ poor performance. Use Info-Tech’s approach to look at the financial impact from various perspectives to better prepare for issues that may arise.

  • Identify and Manage Financial Risk Impacts on Your Organization Storyboard

2. “What If” Financial Risk Impact Tool – Use this tool to help identify and quantify the financial impacts of negative vendor actions.

By playing the “what if” game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

  • Financial Risk Impact Tool
[infographic]

Further reading

Identify and Manage Financial Risk Impacts on Your Organization

Good vendor management practices help organizations understand the costs of negative vendor actions.

Analyst Perspective

Vendor actions can have significant financial consequences for your organization.

Photo of Frank Sewell, Research Director, Vendor Management, Info-Tech Research Group.

Vendors are becoming more influential and essential to the operation of organizations. Often the sole risk consideration of a business is whether the vendor meets a security standard, but vendors can negatively impact organizations’ budgets in various ways. Fortunately, though inherent risk is always present, organizations can offset the financial impacts of high-risk vendors by employing due diligence in their vendor management practices to help manage the overall risks.

Frank Sewell
Research Director, Vendor Management
Info-Tech Research Group

Executive Summary

Your Challenge

As vendors become more prevalent in organizations, organizations increasingly need to understand and manage the potential financial impacts of vendors’ actions.

It is only a matter of time until a vendor mistake impacts your organization. Make sure you are prepared to manage the adverse financial consequences.

Common Obstacles

Identifying and managing a vendor’s potential financial impact requires multiple people in the organization across several functions – and those people all need educating on the potential risks.

Organizational leadership is often unaware of decisions on organizational risk appetite and tolerance, and they assume there are more protections in place against risk impact than there truly are.

Info-Tech’s Approach

Vendor management practices educate organizations on the different potential financial impacts that vendors may incur and suggest systems to help manage them.

Prioritize and classify your vendors with quantifiable, standardized rankings.

Prioritize focus on your high-risk vendors.

Standardize your processes for identifying and monitoring vendor risks to manage financial impacts with our Financial Risk Impact Tool.

Info-Tech Insight

Companies without good vendor management risk initiatives will take on more risk than they should. Solid vendor management practices are imperative –organizations must evolve to ensure that vendors deliver services according to performance objectives and that risks are managed accordingly.

Info-Tech’s multi-blueprint series on vendor risk assessment

There are many individual components of vendor risk beyond cybersecurity.

Cube with each multiple colors on each face, similar to a Rubix cube, and individual components of vendor risk branching off of it: 'Financial', 'Reputational', 'Operational', 'Strategic', 'Security', and 'Regulatory & Compliance'.

This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.

Out of scope:
This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.

Financial risk impact

Potential losses to the organization due to financial risks

In this blueprint, we’ll explore financial risks and their impacts.

Identifying negative actions is paramount to assessing the overall financial impact on your organization, starting in the due diligence phase of the vendor assessment and continuing throughout the vendor lifecycle.

Cube with each multiple colors on each face, similar to a Rubix cube, and the vendor risk component 'Financial' highlighted.

Unbudgeted financial risk impact

The costs of adverse vendor actions, such as a breach or an outage, are increasing. By knowing these potential costs, leaders can calculate how to avoid them throughout the lifecycle of the relationship.

Loss of business represents the largest share of the breach

38%

Avg. $1.59M
Global average cost of a vendor breach

$4.2M

Percentage of breaches in 2020 caused by business associates

40.2%

23.2% YoY
(year over year)
(Source: “Cost of a Data Breach Report 2021,” IBM, 2021) (Source: “Vendor Risk Management – A Growing Concern,” Stern Security, 2021)

Example: Hospital IT System Outage

Hospitals often rely on vendors to manage their data center environments but rarely understand the downstream financial impacts if that vendor fails to perform.

For example, a vendor implements a patch out of cycle with no notice to the IT group. Suddenly all IT systems are down. It takes 12 hours for the IT teams to return systems to normal. The downstream impacts are substantial.

  • There is no revenue capture during outage (patient registration, payments).
    • The financial loss is significant, impacting cash on hand and jeopardizing future projects.
  • Clinicians cannot access the electronic health record (EHR) system and shift to downtime paper processes.
    • This can cause potential risks to patient health, such as unknown drug interactions.
    • This could also incur lawsuits, fines, and penalties.
  • Staff must manually add the paper records into the EHR after the incident is corrected.
    • Staff time is lost on creating paper records and overtime is required to reintroduce those records into EMR.
  • Staff time and overtime pay on troubleshooting and solving issues take away from normal operations and could cause delays, having downstream effects on the timing of other projects.

Insight Summary

Assessing financial impacts is an ongoing, educative, and collaborative multidisciplinary process that vendor management initiatives are uniquely designed to coordinate and manage for organizations.

Insight 1 Vendors are becoming more and more crucial to organizations’ overall operations, and most organizations have a poor understanding of the potential impacts they represent.

Is your vendor solvent? Do they have enough staff to accommodate your needs? Has their long-term planning been affected by changes in the market? Are they unique in their space?

Insight 2 Financial impacts from other risk types deserve just as much focus as security alone, if not more.

Examples include penalties and fines, loss of revenue due to operational impacts, vendor replacement costs, hidden costs in poorly understood contracts, and lack of contractual protections.

Insight 3 There is always an inherent risk in working with a vendor, but organizations should financially quantify how much each risk may impact their budget.

A significant concern for organizations is quantifying different types of risks. When a risk occurs, the financial losses are often poorly understood, with unbudgeted financial impacts.

Three stages of vendor financial risk assessment

Assess risk throughout the complete vendor lifecycle

  1. Pre-Relationship Due Diligence: The initial pre-relationship due diligence stage is a crucial point to establish risk management practices. Vendor management practices ensure that a potential vendor’s risk is categorized correctly by facilitating the process of risk assessment.
  2. Monitor & Manage: Once the relationship is in place, organizations should enact ongoing management efforts to ensure they are both getting their value from the vendor and appropriately addressing any newly identified risks.
  3. Termination: When the termination of the relationship arrives, the organization should validate that adequate protections that were established while forming a contract in the pre-relationship stage remain in place.

Inherent risks from negative actions are pervasive throughout the entire vendor lifecycle. Collaboratively understanding those risks and working together to put proper management in place enables organizations to get the most value out of the relationship with the least amount of risk.

Flowchart for 'Assessing Financial Risk Impacts', beginning with 'New Vendor' to 'Sourcing' to the six components of 'Vendor Management'. After a gamut of assessments such as ''What If' Game' one can either 'Accept' to move on to 'Pre-Relationship', 'Monitor & Manage', and eventually to 'Termination', or not accept and circle back to 'Sourcing'.

Stage 1: Pre-relationship assessment

Do these as part of your due diligence

  • Review and negotiate contract terms and conditions.
    • Ensure that you have the protections to make you whole in the event of an incident, in the event that another entity purchases the vendor, and throughout the entire lifecycle of your relationship with the vendor.
    • Make sure to negotiate your post-termination protections in the initial agreement.
  • Perform a due-diligence financial assessment.
    • Make sure the vendor is positioned in the market to be able to service your organization.
  • Perform an initial risk assessment.
    • Identify and understand all potential factors that may cause financial impacts to your organization.
    • Include total cost of ownership (TCO) and return of investment (ROI) as potential impact offsets.
  • Review case studies – talk to other customers.
    • Research who else has worked with the vendor to get “the good, the bad, and the ugly” stories to form a clear picture of a potential relationship with the vendor.
  • Use proofs of concept.
    • It is essential to know how the vendor and their solutions will work in the environment before committing resources and to incorporate them into organizational strategic plans.
  • Limit vendors’ ability to increase costs over the years. It is not uncommon for a long-term relationship to become more expensive than a new one over time when the increases are unmanaged.
  • Vendor audits can be costly and a significant distraction to your staff. Make sure to contractually limit them.
  • Many vendors enjoy significant revenue from unclear deliverables and vague expectations that lead to change requests at unknown rates – clarifying expectations and deliverables and demanding negotiated rate sheets before engagement will save budget and strengthen the relationship.

Visit Info-Tech’s VMO ROI Calculator and Tracker

The “what if” game

1-3 hours

Input: List of identified potential risk scenarios scored by likelihood and financial impact, List of potential management of the scenarios to reduce the risk

Output: Comprehensive financial risk profile on the specific vendor solution

Materials: Whiteboard/flip charts, Financial Risk Impact Tool to help drive discussion

Participants: Vendor Management – Coordinator, IT Operations, Legal/Compliance/Risk Manager, Finance/Procurement

Vendor management professionals are in an excellent position to collaboratively pull together resources across the organization to determine potential risks. By playing the “what if” game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

  1. Break into smaller groups (or if too small, continue as a single group).
  2. Use the Financial Risk Impact Tool to prompt discussion on potential risks. Keep this discussion flowing organically to explore all potential risks but manage the overall process to keep the discussion on track.
  3. Collect the outputs and ask the subject matter experts for management options for each one in order to present a comprehensive risk strategy. You will use this to educate senior leadership so that they can make an informed decision to accept or reject the solution.

Download the Financial Risk Impact Tool

Stage 2.1: Monitor the financial risk

Ongoing monitoring activities

Never underestimate the value of keeping the relationship moving forward.

Examples of items and activities to monitor include;

Stock photo of a worker being trained on a computer.
  • Fines
  • Data leaks
  • Performance
  • Credit monitoring
  • Viability/solvency
  • Resource capacity
  • Operational impacts
  • Regulatory penalties
  • Increases in premiums
  • Security breaches (infrastructure)

Info-Tech Insight

Many organizations do not have the resources to dedicate to annual risk assessments of all vendors.

Consider timing ongoing risk assessments to align with contract renewal, when you have the most leverage with the vendor.

Visit Info-Tech’s Risk Register Tool

Stage 2.2: Manage the financial risk

During the lifecycle of the vendor relationship

  • Renew risk assessments annually.
  • Focus your efforts on highly ranked risks.
  • Is there a new opportunity to negotiate?
  • Identify and classify individual vendor risk.
  • Are there better existing contracts in place?
  • Review financial health checks at the same time.
  • Monitor and schedule contract renewals and new service/module negotiations.
  • Perform business alignment meetings to reassess the relationship.
  • Ongoing operational meetings should be supplemental, dealing with day-to-day issues.
  • Develop performance metrics and hold vendors accountable to established service levels.
Stock image of a professional walking an uneven line over the words 'Risk Management'.

Stage 3: Termination

An essential and often overlooked part of the vendor lifecycle is the relationship after termination

  • The risk of a vendor keeping your data for “as long as they want” is high.
    • Data retention becomes a “forever risk” in today’s world of cyber issues if you do not appropriately plan.
  • Ensure that you always know where data resides and where people are allowed to access that data.
    • If there is a regulatory need to house data only in specific locations, ensure that it is explicit in agreements.
  • Protect your data through language in initial agreements that covers what needs to happen when the relationship with the vendor terminates.
    • Typically, all the data that the vendor has retained is returned and/or destroyed at your sole discretion.
Stock image of a sign reading 'Closure'.

Related Info-Tech Research

Stock photo of two co-workers laughing. Design and Build an Effective Contract Lifecycle Management Process
  • Achieve measurable savings in contract time processing, financial risk avoidance, and dollar savings
  • Understand how to identify and mitigate risk to save the organization time and money.
Stock image of reports and file folders. Identify and Reduce Agile Contract Risk
  • Manage Agile contract risk by selecting the appropriate level of protections for an Agile project.
  • Focus on the correct contract clauses to manage Agile risk.
Stock photo of three co-workers gathered around a computer screen. Jump Start Your Vendor Management Initiative
  • Vendor management must be an IT strategy. Solid vendor management is an imperative – IT organizations must develop capabilities to ensure that services are delivered by vendors according to service level objectives and that risks are mitigated according to the organization's risk tolerance.
  • Gain visibility into your IT vendor community. Understand how much you spend with each vendor and rank their criticality and risk to focus on the vendors you should be concentrating on for innovative solutions.

COVID-19 Work Status Tracking Guide

  • Buy Link or Shortcode: {j2store}594|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Manage & Coach
  • Parent Category Link: /manage-coach
  • Keeping track of the multiple and frequently changing work arrangements on your team.
  • Ensuring you have a fast and easy way to keep an up-to-date record of where and how employees are working.

Our Advice

Critical Insight

  • During these critical times, keeping track of employees’ work status doesn’t have to be complicated – the right tool is one that does the job.
  • Keeping track of your employees is a health and safety issue – deployed well, it is an aid in keeping the business running and an additional communication channel, not a sign of lack of trust.

Impact and Result

  • An Excel spreadsheet is all you need to ensure you have a way to record work arrangements that can change by the day.
  • An easy-to-use tool means minimal administrative overhead to ensuring you have this critical information at hand.

COVID-19 Work Status Tracking Guide Research & Tools

Start here – read the Work Status Tracking Guide

Read our recommendations and use the accompanying tool to quickly get a handle on your team’s work arrangements.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

  • COVID-19 Work Status Tracking Guide Storyboard
  • COVID-19 Work Status Tracking Tool
[infographic]

The MVP Major Incident Manager

The time has come to hire a new major incident manager. How do you go about that? How do you choose the right candidate? Major incident managers must have several typically conflicting traits, so how do you pick the right person? Let's dive into that.

Continue reading

Create an Agile-Friendly Project Gating and Governance Approach

  • Buy Link or Shortcode: {j2store}162|cart{/j2store}
  • member rating overall impact (scale of 10): 9.0/10 Overall Impact
  • member rating average dollars saved: $33,499 Average $ Saved
  • member rating average days saved: 57 Average Days Saved
  • Parent Category Name: Development
  • Parent Category Link: /development
  • Organizations often apply gating and governance to IT projects to ensure resources are being used efficiently and effectively.
  • Agile project teams often complain that traditional project gating and governance interfere with their ability to delivery because traditional gating and governance were designed for Waterfall delivery methods.

Our Advice

Critical Insight

Imposing a traditional gating and governance approach on an Agile project can eliminate the advantages that Agile delivery methods offer. Make sure to rework your traditional project gating and governance approach to be Agile friendly.

Impact and Result

  • Create a project gating and governance approach that is Agile friendly and helps your organization realize the most benefit from its Agile transformation.
  • Oversee your Agile projects with confidence by adjusting the level of support and oversight they receive based on their Agilometer score.
  • Define a revised set of project gating artifacts that support Agile delivery methods.
  • Adopt a “trust but verify” approach to Agile project gating that will reduce risk and help ensure value delivery.

Create an Agile-Friendly Project Gating and Governance Approach Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Create an Agile-Friendly Project Gating and Governance Approach Deck – A step-by-step guide to creating an Agile-friendly project gating and governance approach that will support Agile delivery methods in your organization.

This deck is a guide to creating your own Agile-friendly project gating and governance approach using Info-Tech’s Agile Gating Framework.

  • Create an Agile-Friendly Project Gating and Governance Approach – Phases 1-3

2. Your Gates 3 and 3A Checklists – The Gates 3 and 3A Checklists are used to determine when a project is ready to enter and exit the Risk Reduction & Value Confirmation phase.

Modify Info-Tech’s Gates 3 and 3A Checklists to meet your organization’s needs, and then use them to determine when Agile projects are ready to enter and exit the RRVC phase.

  • Gates 3 and 3A Checklists

3. Your Agilometer – The Agilometer is used to determine a project’s readiness to use an Agile delivery method.

Modify Info-Tech’s Agilometer to meet your organization’s needs, and then use it to determine the level of support and oversight the project will need.

  • Agilometer

4. Your Agile Project Status Report – An Agile Status Report will be used to monitor project progress.

Modify Info-Tech’s Agile Project Status Report to meet your organization’s needs, and then use it to monitor in-flight Agile projects.

  • Agile Project Status Report

5. Project Burndown Chart – A tool to let you monitor project burndown over time.

Use Info-Tech’s Project Burndown Chart to monitor the progress of your in-flight Agile projects.

  • Project Burndown Chart

6. Traditional to Agile Gating Artifact Mapping – A tool to help you rework your project gating artifacts to be Agile-friendly.

Use Info-Tech’s Traditional to Agile Gating Artifact Mapping tool to modify your gating artifacts for Agile projects.

  • Traditional to Agile Gating Artifact Mapping
[infographic]

Further reading

Create an Agile-Friendly Project Gating and Governance Approach

Use Info-Tech’s Agile Gating Framework as a guide to gating your Agile projects using a “trust but verify” approach.

Table of Contents

Analyst Perspective

Executive Summary

Phase 1: Establish Your Gating and Governance Purpose

Phase 2: Understand and Adapt Info-Tech’s Agile Gating Framework

Phase 3: Complete Your Agile Gating Framework

Where Do I Go Next?

Bibliography

Facilitator Slides

Analyst Perspective

Make your gating and governance process Agile friendly by following a “trust but verify” approach

Most project gating and governance approaches are designed for traditional (Waterfall) delivery methods. However, Agile delivery methods call for a different way of working that doesn’t align well with these approaches.

Applying traditional project gating and governance to Agile projects is like trying to fit a square peg in a round hole. Not only will it make Agile project delivery less efficient, but in the extreme, it can lead to outright project failure and even derail your organization’s Agile transformation.

If you want Agile to successfully take root in your organization, be prepared to rethink your current gating and governance practices. This document presents a framework that you can use to rework your approach to provide both effective oversight and support for your Agile projects.

Photo of Alex Ciraco, Principal Research Director, Application Delivery and Management, Info-Tech Research Group. Alex Ciraco
Principal Research Director,
Application Delivery and Management
Info-Tech Research Group

Executive Summary

Your Challenge
  • Many government organizations are adopting Agile project delivery methods because they have proven to be more effective than traditional delivery approaches at responding to today’s fast pace of change.
  • Government organizations have an obligation to govern projects to ensure effective use of public resources, regardless of the delivery method being used.
Common Obstacles
  • Most government gating and governance frameworks were designed around traditional (often called “Waterfall”) delivery methods.
  • Agile and Waterfall work in completely different ways, so imposing traditional gating and governance frameworks on Agile projects will stifle progress and can even lead to project failure.
  • Government organizations must adjust their gating and governance frameworks to accommodate Agile delivery methods.
Info-Tech’s Approach
  • Begin by understanding the fundamental purpose of project gating and governance.
  • Next, understand the major differences between Agile and Waterfall delivery methods.
  • Then, armed with this knowledge, use Info-Tech’s Agile Gating Framework to redefine your gating and governance approach to be Agile friendly.
Info-Tech Insight

Imposing a traditional governance approach on an Agile project can eliminate the advantages that Agile delivery methods offer. Make sure to rework your project gating and governance approach to be Agile friendly.

Info-Tech’s methodology for Creating an Agile-Friendly Project Gating and Governance Approach

1. Establish Your Gating and Governance Purpose 2. Understand and Adapt Info-Tech’s Agile Gating Framework 3. Complete your Agile Gating Framework
Phase Steps

1.1 Understand How We Gate and Govern Projects

1.2 Compare Traditional to Agile Delivery

1.3 Realize What Traditional Gating Looks Like and Why

2.1 Understand How Agile Manages Risk and Ensures Value Delivery

2.2 Introducing Info-Tech’s Agile Gating Framework

2.3 Create Your Agilometer

2.4 Create an Agile-Friendly Project Status Report

2.5 Select Your Agile Health Check Tool

3.1 Map Your Traditional Gating Artifacts to Agile Delivery

3.2 Determine Your Now, Next, Later Roadmap for Implementation

Phase Outcomes
  1. Your gating/governance purpose statement
  2. A fundamental understanding of the difference between traditional and Agile delivery methods.
  1. An understanding of Info-Tech’s Agile Gating Framework
  2. Your Gates 3 and 3A checklists
  3. Your Agilometer tool
  4. Your Agile project status report template
  5. Your Agile health check tool
  1. Artifact map for your Agile gating framework
  2. Roadmap for Agile gating implementation

Key Deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals, including:

Agilometer Tool

Create your customized Agilometer tool to determine project support and oversight needs.
Sample of the 'Agilometer Tool' deliverable.

Gates 3 and 3A Checklists

Create your customized checklists for projects at Gates 3 and 3A.
Sample of the 'Gates 3 and 3A Checklists' deliverable.

Agile-Friendly Project Status Report

Create your Agile-friendly project status report to monitor progress.
Sample of the 'Agile-Friendly Project Status Report' deliverable.

Artifact Mapping Tool

Map your traditional gating artifacts to their Agile replacements.
Sample of the 'Artifact Mapping Tool' deliverable.

Create an Agile-Friendly Project Gating and Governance Approach

Phase 1

Establish your gating and governance purpose

Phase 1

1.1 Understand How We Gate and Govern Projects

1.2 Compare Traditional to Agile Delivery

1.3 Realize What Traditional Gating Looks Like And Why

Phase 2

2.1 Understand How Agile Manages Risk and Ensures Value Delivery

2.2 Introducing Info-Tech’s Agile Gating Framework

2.3 Create Your Agilometer

2.4 Create Your Agile-Friendly Project Status Report

2.5 Select Your Agile Health Check Tool

Phase 3

3.1 Map Your Traditional Gating Artifacts to Agile Delivery

3.2 Determine Your Now, Next, Later Roadmap for Implementation

This phase will walk you through the following activities:

  • Understand why gating and governance are so important to your organization.
  • Compare and contrast traditional to Agile delivery.
  • Identify what form traditional gating takes in your organization.

This phase involves the following participants:

  • PMO/Gating Body
  • Delivery Managers
  • Delivery Teams
  • Other Interested Parties

Agile gating–related facts and figures

73% of organizations created their project gating framework before adopting or considering Agile delivery practices. (Athens Journal of Technology and Engineering)

71% of survey respondents felt an Agile-friendly gating approach improves both productivity and product quality. (Athens Journal of Technology and Engineering)

Moving to an Agile-friendly gating approach has many benefits:
  • Faster response to change
  • Improved productivity
  • Higher team morale
  • Better product quality
  • Faster releases
(Journal of Product Innovation Management)

Traditional gating approaches can undermine an Agile project

  • Most existing gating and governance frameworks (often referred to as phase-gate) impose requirements on projects that are anti-patterns to an Agile delivery approach
  • For example, any gating approach that requires a project to deliver a detailed requirements document before coding can begin will make it difficult or impossible for the project to use an Agile delivery method.
  • The same can be said for other common phase-gate requirements including:
    • Imposing a formal (and onerous) change control process on project requirements.
    • Requiring a detailed design document and/or detailed user acceptance test plan at the beginning of the project.
    • Asking the project to produce a detailed project plan.
(DZone)
Don’t make the mistake of asking an Agile project to follow a traditional phase-gate approach to project delivery!

Before reworking your gating approach, you need to consider two important questions

Answering these questions will help guide your new gating process to both be Agile friendly and meet your organization’s needs

  1. What is the fundamental purpose of gating? By examining the fundamental purpose of gating, you will be better able to adjust your approach to achieve the desired outcomes in an Agile context.
  2. How does Agile delivery differ from traditional? By understanding how Agile delivery differs from traditional, you will be better able to adjust your gating approach to support Agile delivery methods.

Stock image of speech bubbles hanging on string with a question mark and lightbulb drawn on them.

Make Sense of Strategic Portfolio Management

  • Buy Link or Shortcode: {j2store}447|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Portfolio Management
  • Parent Category Link: /portfolio-management
  • As an IT leader, you’re responsible for steering the realization of business strategy through wise investments in and responsible stewardship of assets, applications, portfolios, programs, products, and projects.
  • You need a tool to help align goals and facilitate processes across business units. You’re aware of a tool space called Strategic Portfolio Management, and it looks like it could help, but you’re unsure of how it’s different from some of the existing tools you already pay for and don’t use to their full functionality.

Our Advice

Critical Insight

As a software space, strategic portfolio management lacks a unified definition. In the same way that it took many years for project portfolio management to stabilize as a concept distinct from traditional enterprise project management, strategic portfolio management is experiencing a similar period of formational uncertainty. Unpacking what’s truly new and valuable in helping to define strategy and drive strategic outcomes versus what’s just repackaged as SPM is an important first step, but it's not an easy undertaking.

Impact and Result

In this concise publication, we will cut through the marketing to unpack what strategic portfolio management is, and what makes it distinct from similar capabilities. We’ll help to situate you in the space and assess the extent to which your tooling needs can be met by a strategic portfolio management offering.

Make Sense of Strategic Portfolio Management Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Make Sense of Strategic Portfolio Management Storyboard – A guide to help you drive strategic outcomes.

In this concise publication we introduce you to strategic portfolio management and consider the extent to which your organization can leverage an SPM application to help drive strategic outcomes.

  • Make Sense of Strategic Portfolio Management Storyboard

2. Strategic Portfolio Management Needs Assessment Tool – Use this tool to determine if your organization can benefit from the features and functionality of an SPM approach.

Use this Excel workbook to determine if your organization can benefit from the features and functionality of an SPM approach or whether you need something more like a traditional project portfolio management tool.

  • Strategic Portfolio Management Needs Assessment
[infographic]

Further reading

Make Sense of Strategic Portfolio Management

Separate what's new and valuable from bloated claims on the hype cycle.

Analyst Perspective

Do you need strategic portfolio management, or do you need to do portfolio management more strategically?

Travis Duncan, Research Director, PPM and CIO Strategy

Travis Duncan
Research Director, PPM and CIO Strategy
Info-Tech Research Group

While the market is eager to get users into what they're calling "strategic portfolio management," there's a lot of uncertainty out there about what this market is and how it's different from other, more established portfolio disciplines – most significantly, project portfolio management.

Indeed, if you look at how the space is covered within the industry, you'll encounter a dog's breakfast of players, a comparison of apples and oranges: Jira in the same quadrants as Planisware, Smartsheets in the same profiles as Planview and ServiceNow. While each of the individual players is impressive, their areas of focus are unique and the extent to which they should be compared together under the category of strategic portfolio management is questionable.

It speaks to some of the grey area within the SPM space more generally, which is at a bit of a crossroads: Will it formally shed the guardrails of its antecedents to become its own space, or will it devolve into a bait and switch through which capabilities that struggled to gain much traction beyond IT settings seek to infiltrate the business and grow their market share under a different name?

Part of it is up to the rest of us as users and potential customers. Clarifying what we need before we jump into something simply because our prior attempts failed will help determine whether we need a unique space for strategic portfolio management or whether we simply need to do portfolio management more strategically.

Executive Summary

Your Challenge Common Obstacles Info-Tech's Approach
  • As an IT leader, you're responsible for steering the realization of business strategy through wise investments in/ and responsible stewardship of: assets, applications, portfolios, programs, products, and projects.
  • You need a tool to help align goals and facilitate processes and communications across business units. You're aware of a tool space called strategic portfolio management, and it looks like it could help, but you're unsure of how it's different from some of the existing tools you already license.
  • As a software space, strategic portfolio management lacks a unified definition. Unpacking what's truly new in helping to define strategy and drive strategic outcomes versus what's just repackaged as SPM is no small undertaking.
  • Because SPM can span different business units, ways of working, and roles, getting buy-in, alignment, and adoption can be even more precarious than it is when implementing other types of solutions.
  • In this concise publication, we will cut through the marketing to unpack what strategic portfolio management is and what makes it distinct from similar capabilities.
  • Assess the extent to which your tooling needs can be met by a strategic portfolio management offering or the extent to which you may need to look at other software categories.
  • With a better understanding of the space, we hope to help facilitate better internal discussions around the value of SPM for your business needs.

Info-Tech Insight
In the same way that it took many years for PPM to stabilize as a concept distinct from traditional enterprise project management, strategic portfolio management is experiencing a similar period of formational uncertainty. In a space that can be all things to all users, clarify your actual needs before jumping onto a bandwagon and ending up with something that you don't need, and that the organization can't adopt.

Strategic portfolio management is enterprise portfolio management

Evolved from various other capabilities and vendor solutions, strategic portfolio management (SPM) seeks to connect strategy to execution.

While the concept of 'strategic portfolio management' has been written about within project portfolio management circles for nearly 20 years, SPM, as a distinct organizational competence and software category, is a relatively new and largely vendor-driven capability.

First emerging in the discourse during the mid-to-late 2010s, SPM has evolved from its roots in traditional enterprise project portfolio management. Though, as we will discuss, it has other antecedents not limited to PPM.

In this publication, we'll unpack what SPM is, how it is distinct (and, in turn, how it is not distinct) from PPM and other capabilities, and we will consider the extent to which your organization can and should leverage an SPM application to help drive strategic outcomes.

–The increasing need to deliver value from digital initiatives is giving rise to strategic portfolio management, a digital investment management discipline that enables strategy realization in complex dynamic environments."
– OnePlan, "Is Strategic Portfolio Management the Future of PPM?"

Only 2% of business leaders are confident that they will achieve 80% to 100% of their strategic objectives.
Source: Smith, 2022

Put strategic portfolio management in context

SPM is a new stage in the history of project portfolio management more generally. While it's emerging as a distinct capability, and it borrows from capabilities beyond PPM, unpacking its distinctiveness is best done by first understanding its source.

Understand the recent triggers for strategic portfolio management

Triggers for the emergence of strategic portfolio management in the discourse include the pace of technology-introduced change, the waning of enterprise project management, and challenges around enterprise PPM tool adoption.

Spot the difference?

Scope, focus, and audience are just a few of the factors distinguishing what the market calls "SPM" from traditional PPM.

Project Portfolio Management Differentiator Strategic Portfolio Management
Work-Level (Tactical) Primary Orientation High-Level (Strategic)
CIO Accountable for Outcomes CxO
Project Manager Responsible for Outcomes Product Management Organization
Project Managers, PMO Staff Targeted Users Business Leaders, ePMO Staff
Project Portfolio(s) Essential Scope Multi-Portfolio (Project, Application, Product, Program, etc.)
IT Project Delivery and Business Results Delivery Core Focus Business Strategy and Change Delivery
Project Scope Change Impact Sensitivity Enterprise Scope
IT and/or Business Benefit Language of Value Value Stream
Project Timelines Main View Strategy Roadmaps
Resource Capacity Primary Currency Money
Work-Assignment Details Modalities of Planning Value Milestones & OKRs
Work Management Modalities of Execution Governance (Project, Product, Strategy, Program, etc.)
Project Completion Definitions of "Done" Business Capability Realization

Info-Tech Insight
The distinction between the two capabilities is not necessarily as black and white as the table above would have it (some "PPM" tools offer what we're identifying above as "SPM" capabilities), but it can be helpful to think in these binaries when trying to distinguish the two capabilities. At the very least, SPM broadens its scope to target more executive and business users, and functions best when it's speaking at a higher level, to a business audience.

Strategic portfolio management offers a more holistic view of the enterprise

At its best, strategic portfolio management can accommodate various paradigms of work management and incorporate different types of portfolio management.

Perhaps the biggest evolution from traditional PPM that strategic portfolio management promises is that it casts a wider net in terms of the types of work it tracks (and how it tracks that work) and the types of portfolios it accommodates.

Not bound to the concepts of "projects" and a "project portfolio" specifically, SPM broadens its scope to encompass capabilities like product and product portfolio management, enterprise architecture management, security and risk management, and more.

  • Where a PPM solution only shows one piece of the puzzle, SPM looks at the entire investment ecosystem, tracking strategic goals, the ideas generated to help achieve those goals, and all the various kinds of investments made in the service of those goals.
  • what's more, where traditional PPM tools required users to adhere to a certain way of working and managing tasks, SPM is more flexible, relying on integrations across various ways of working to provide higher-level insight on the progress of work and the achievement of goals.

Deliver business strategy and change effectively

Info-Tech's Strategic Portfolio Management Framework

"An SPM tool will capture business strategy, business capabilities, operating models, the enterprise architecture and the project portfolio with unmatched visibility into how they all relate. This will give...a robust understanding of the impact of a proposed IT change " and enable IT and business to act like cocreators driving innovation."
– Paula Ziehr

You might need a strategic portfolio management tool if–

If you find yourself facing any of these situations, it might be time to step away from your PPM tool and into an SPM approach:

  • Your organization is facing a large implementation that will cross multiple departmental units and requires alignment across senior leadership (e.g. a digital transformation initiative).
  • You currently have disparate systems tracking different portfolios (project, product, applications, etc.) and types of investments, but lack insight into the whole in terms of how work efforts and investments tie back to strategy realization.
  • You are an ePMO or a strategy realization office that doesn't manage work necessarily, but that rather ensures that the work, assets, and capabilities that are funded connect to strategy and drive the realization of strategy.

Sixty one percent of leaders acknowledge their companies struggle to bridge the gap between creating a strategy and executing on that strategy.
Source: StrategyBlocks, 2020

Get to know your strategic portfolio management stakeholders

In terms of users, SPM's focus is further up the org chart than most applications, relying on high-level but usable outputs to help drive decision making.

ePMO or Strategy Realization Office Senior Leadership and Executive Stakeholders Business Leads and IT Directors and Managers
SPM tools are best facilitated through enterprise PMOs or strategy realization offices. After all, in enterprises, these are the entities charged with the planning, execution, and tracking of strategy.

Their roles within the tool typically entail:

  • Helping to facilitate processes and collect data.
  • Data quality and curation.
  • Report distribution and consumption.
As those with the accountability and authority to drive the organization's strategy, you could argue that these stakeholders are the primary stakeholders for an SPM tool.

Their roles within the tool typically entail:

  • Using strategy map and ideation functionalities.
  • Using reports to steward strategy realization.
SPM targets more business users as well as senior IT managers and directors.

Their roles within the tool typically entail:

  • Using strategy map and ideation functionalities.
  • Providing updates to ePMOs on progress.

What should you look for in a strategic portfolio management tool? (1 of 2)

Standard features for SPM include:

Name Description
Analytics and Reporting SPM should provide access to real-time dashboards and data interpretation, which can be exported as reports in a range of formats.
Strategy Mapping and Road Mapping SPM should provide access to up-to-date timeline views of strategies and initiatives, including the ability to map such things as dependencies, market needs, funding, priorities, governance, and accountabilities.
Value Tracking and Measurement SPM should include the ability to forecast, track, and measure return on investment for strategic investments. This includes accommodations for various paradigms of value delivery (e.g. traditional value delivery and measurement, OKRs, as well as value mapping and value streams).
Ideation and Innovation Management SPM should include the ability to facilitate innovation management processes across the organization, including the ability to support stage gates from ideation through to approval; to articulate, socialize, and test ideas; perform impact assessments; create value canvas and OKR maps; and prioritize.
Multi-Portfolio Management SPM should include the ability to perform various modalities of portfolio management and portfolio optimization, including project portfolio management, applications portfolio management, asset portfolio management, etc.
Interoperability/APIs An SPM tool should enable seamless integration with other applications for data interoperability.

What should you look for in a strategic portfolio management tool? (2 of 2)

Advanced features for SPM can include:

Name Description
Product Management SPM can include product-management-specific functionality, including the ability to connect product families, roadmaps, and backlogs to enterprise goals and priorities, and track team-level activities at the sprint, release, and campaign levels.
Enterprise Architecture Management SPM can include the ability to define and map the structure and operation of an organization in order to effectively coordinate various domains of architecture and governance (e.g. business architecture, data architecture, application architecture, security architecture, etc.) in order to effectively plan and introduce change.
Security and Risk Management SPM can include the ability to identify and track enterprise risks and ensure compliance controls are met.
Lean Portfolio Management SPM can include the ability to plan and report on portfolio performance independent from task level details of product, program, or project delivery.
Investment and Financial Management SPM can include the ability to forecast, track, and report on financials at various levels (strategy, product, program, project, etc.).
Multi-Methodology Delivery SPM can include the ability to plan and execute work in a way that accommodates various planning and delivery paradigms (predictive, iterative, Kanban, lean, etc.).

What's promising within the space?

As this space continues to stabilize, the following are some promising associations for business and IT enablement.

1. SPM accommodates various ways of working.
  • Where traditional PPM and work management tools required that users change their processes and tasking paradigms to fit within the tool's rigid task management and data structures, the best SPM tools are those that are adaptable to various ways of working and can accommodate many tasking and work management models.
  • Sometimes this is done through extensive integrations and APIs that pull data from existing work management applications into a single view within the SPM tool, and other times, this is done by abstracting the task-level details into a higher-level reporting structure (it can depend on the solution). In any event, the best SPMs are bound to one work management model.
2. SPM puts the focus on value and change.
  • With its focus on the planning and execution of strategy, SPM can't avoid putting a spotlight on value and value realization. The best SPM tools include the ability to forecast, track, and measure return on investment for strategic investments, and they accommodate for various paradigms of value delivery (e.g. traditional value delivery and measurement, OKRs, as well as value mapping and value streams).
  • Of course, you can't realize value without successfully fostering change. And while SPM tools don't necessarily offer functionality explicitly identifiable as organizational change management, they can act as agents of change in putting the spotlight on the execution of change at the executive level.
3. SPM fosters a coherent approach to demand management.
  • With its goal of ensuring that strategy informs the organization of portfolios and guides the selection of projects and delivery of products, SPM can potentially bring some order to what is often a chaotic demand-management landscape, ensuring that planned and in-progress work is well justified from an ROI perspective.

What's of concern within the space?

As a progeny from other capabilities, SPM has some risks and connotations potential users should be wary of.

1. The space is rife with IT buzzwords and, as a concept, is sometimes used as a repackaging of failing concepts.
  • You don't need to spend too much time engaging with the literature around SPM before you notice the marketing appeals heavily to concepts like "digitalization," "digital transformation," "continual innovation," "agility/Agile," and the like. While these are all important concepts, and the pursuit of them is worthwhile in many cases, there's no denying they're used as consultant and vendor buzzwords, deployed to excite our imaginations, without necessarily providing much meat around what they mean or how they're deployed and successfully sustained.
  • Indeed, many concepts and capabilities that appear in relation to SPM are on the downward swing of industry hype cycles, suggesting that SPM may be being used by vendors and consultants as another attempt to repackage and capitalize on these concepts even as practitioners grow weary and suspicious of the marketing claims built up around them.
2. Some solutions that identify as SPM are not.
  • Because it's on the upward swing of its place in the hype cycle, many established PPM and service management vendors are applying the 'strategic portfolio management" label to their products without necessarily doing anything different from a functionality perspective to fit within the space. As a result, SPM vendor landscapes can compare work management, project management, demand management tools, and more. Users who want SPM functionality need to stay frosty to ensure they get what they pay for.
3. SPM tools may have a capacity blind spot.
  • The biggest barrier to getting things done and done well in modern enterprises is approving more work than you have the capacity to deliver. While SPM offerings can help with better demand management, not many of them cover the capacity side with the same level of improvement.

Does your organization need a strategic portfolio management tool?

Use Info-Tech's Strategic Portfolio Management Needs Assessment to gauge your readiness for SPM.

  • As noted in previous places in this deck, there is often a grey area in the market between project portfolio management tools and strategic portfolio management tools.
  • Some PPM tools offer SPM functionality, while some SPM tools avoid traditional PPM outcomes and stay at a higher, strategic level.
  • Depending on the scope of your PMO or portfolio optimization needs, you may need a tool that has just one, or both, of these capabilities.
  • Use Info-Tech's Strategic Portfolio Management Needs Assessment to help you assess whether you require a high-level strategy management tool, a more low-level project portfolio management tool, or a mix of both.

Download Info-Tech's Strategic Portfolio Management Needs Assessment

1.1 Assess your needs

10 to 20 minutes

  1. The Strategic Portfolio Management Needs Assessment is a 41-question survey broken up into three parts: (1) PMO Type, (2) Features and Functionality, (3) Roles.
  2. Go through each section using the provided dropdowns to help identify the orientation of your PMO, the feature and functionality needs of your office, as well as the roles whose needs will need to be serviced through the potential tool implementation.

This screenshot shows a sample output from the assessment. Based upon your inputs, you'll be grouped within three ranges:

  1. Green: Based upon your inputs, you will benefit from an SPM tool.
  2. Yellow: You may benefit from an SPM tool, but you may also require something more traditional. Clarify your requirements before proceeding.
  3. Red: you're unlikely to leverage many of the benefits of an SPM tool at this time. Look for a more tactical solution.

Sample Output from the assessment tool

Input Output
  • Understanding of existing project management, project portfolio management, and work management applications.
  • Recommendation on PPM/SPM tool type
Materials Participants
  • Strategic Portfolio Management Needs Assessment tool
  • Portfolio managers and/or ePMO directors
  • Project managers and product managers
  • Business stakeholders

Explore the SPM vendor landscape

Use Info-Tech's application selection resources to help find the right solution for your organization.

If the analysis in the previous slides suggested you can benefit from an SPM tool, you can quick-start your vendor evaluation process with SoftwareReviews.

SoftwareReviews has extensive coverage of not just the SPM space, but of the project portfolio management (pictured to the top right) and project management spaces as well. So, from the tactical to the strategic, SoftwareReviews can help you find the right tools.

Further, as you settle in on a shortlist, you can begin your vendor analysis using our rapid application selection methodology (see framework on bottom right). For more information see our The Rapid Application Selection Framework blueprint.

Info-Tech's Rapid Application Selection Framework

Info-Tech's Rapid Application Selection Framework (RASF)

Related Info-Tech Research

Develop a Project Portfolio Management Strategy
Drive IT project throughput by throttling resource capacity.

Prepare an Actionable Roadmap for your PMO
Turn planning into action with a realistic PMO timeline.

Maintain an Organized Portfolio
Align portfolio management practices with COBIT (APO05: Manage Portfolio)

Bibliography

Angliss, Katy, and Pete Harpum. Strategic Portfolio Management: In the Multi-Project and Program Organization. Book. Routledge. 30 Dec. 2022.

Anthony, James. "95 Essential Project Management Statistics: 2022 Market Share & Data Analysis." Finance Online. 2022. Web. Accessed 21 March 2022

Banham, Craig. "Integrating strategic planning with portfolio management." Sopheon. Webinar. Accessed 6 Feb. 2023.

Garfein, Stephen J. "Executive Guide to Strategic Portfolio Management: roadmap for closing the gap between strategy and results." PMI. Conference Paper. Oct. 2007. Accessed 6 Feb. 2023.

Garfein, Stephen J. "Strategic Portfolio Management: A smart, realistic and relatively fast way to gain sustainable competitive advantage." PMI. Conference Paper. 2 March 2005. Accessed 6 Feb. 2023.

Hontar, Yulia. "Strategic Portfolio Management." PPM Express. Blog 16 June 2022. Accessed 6 Feb. 2023.

Milsom, James. "6 Strategic Portfolio Management Trends for 2023." i-nexus. Blog. 25 Jan. 2022. Accessed 6 Feb. 2023.

Milsom, James. "Strategic Portfolio Management 101." i-nexus. 8 Dec. 2021. Blog . Accessed 6 Feb. 2023.

OnePlan, "Is Strategic Portfolio Management the Future of PPM?" YouTube. 17 Nov. 2022. Accessed 6 Feb. 2023.

OnePlan. "Strategic Portfolio Management for Enterprise Agile." YouTube. 27 May 2022. Accessed 6 Feb. 2023.

Piechota, Frank. "Strategic Portfolio Management: Enabling Successful Business Outcomes." Shibumi. Blog . 31 May 2022. Accessed 6 Feb. 2023.

ServiceNow. "Strategic Portfolio Management—The Thing You've Been Missing." ServiceNow. Whitepaper. 2021. Accessed 6 Feb. 2023.

Smith, Shepherd, "50+ Eye-Opening Strategic Planning Statistics" ClearPoint Strategy. Blog. 13 Sept. 2022. Accessed 6 Feb. 2023.

SoftwareAG. "What is Strategic Portfolio Management (SPM)?" SoftwareAG. Blog. Accessed 6 Feb. 2023.

Stickel, Robert. "What It Means to be Adaptive." OnePlan. Blog. 24 May 2021. Accessed 6 Feb. 2023.

UMT360. "What is Strategic Portfolio Management?" YouTube. Webinar. 22 Oct. 2020. Accessed 6 Feb. 2023.

Wall, Caroline. "Elevating Strategy Planning through Strategic Portfolio Management." StrategyBlocks. Blog. 26 Feb. 2020. Accessed 6 Feb. 2023.

Westmoreland, Heather. "What is Strategic Portfolio Management." Planview. Blog. 19 Oct 2002. Accessed 6 Feb. 2023.

Wiltshire, Andrew. "Shibumi Included in Gartner Magic Quadrant for Strategic Portfolio Management for the 2nd Straight Year." Shibumi. Blog. 20 Apr. 2022. Accessed 6 Feb. 2023.

Ziehr, Paula. "Keep your eye on the prize: Align your IT investments with business strategy." SoftwareAG. Blog. 5 Jul. 2022. Accessed 6 Feb. 2023.

The Accessibility Business Case for IT

  • Buy Link or Shortcode: {j2store}519|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Lead
  • Parent Category Link: /lead
  • Laws requiring digital accessibility are changing and differ by location.
  • You need to make sure your digital assets, products, and services (internal and external) are accessible to everyone, but getting buy-in is difficult.
  • You may not know where your gaps in understanding are because conventional thinking is driven by compliance and risk mitigation.

Our Advice

Critical Insight

  • The longer you put off accessibility, the more tech debt you accumulate and the more you risk losing access to new and existing markets. The longer you wait to adopt standards and best practices, the more interest you’ll accumulate on accessibility barriers and costs for remediation.
  • Implementing accessibility feels counterintuitive to IT departments. IT always wants to optimize and move forward, but with accessibility you may stay at one level for what feels like an uncomfortably long period. Don’t worry; building consistency and shifting culture takes time.
  • Accessibility goes beyond compliance, which should be an outcome, not the objective. With 1 billion people worldwide with some form of disability, nearly everyone likely has a connection to disability, whether it be in themselves, family, or colleagues. The market of people with disabilities has a spending power of more than $6 trillion (WAI, 2018).

Impact and Result

  • Take away the overwhelm that many feel when they hear “accessibility” and make the steps for your organization approachable.
  • Clearly communicate why accessibility is critical and how it supports the organization’s key objectives and initiatives.
  • Understand your current state related to accessibility and identify areas for key initiatives to become part of the IT strategic roadmap.

The Accessibility Business Case for IT Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. The Accessibility Business Case for IT – Clearly communicate why accessibility is critical and how it supports the organization’s key objectives and initiatives.

A step-by-step approach to walk you through understanding your current state related to accessibility maturity, identifying your desired future state, and building your business case to seek buy-in. This storyboard will help you figure out what’s right for your organization and build the accessibility business case for IT.

  • The Accessibility Business Case for IT – Phases 1-3

2. Accessibility Business Case Template – A clear, concise, and compelling business case template to communicate the criticality of accessibility.

The business case for accessibility is strong. Use this template to communicate to senior leaders the benefits, challenges, and risks of inaction.

  • Accessibility Business Case Template

3. Accessibility Maturity Assessment – A structured tool to help you identify your current accessibility maturity level and identify opportunities to ensure progress.

This tool uses a capability maturity model framework to evaluate your current state of accessibility. Maturity level is assessed on three interconnected aspects (people, process, and technology) across six dimensions proven to impact accessibility. Complete the assessment to get recommendations based on where you’re at.

  • Accessibility Maturity Assessment

Infographic

Further reading

The Accessibility Business Case for IT

Accessibility goes beyond compliance

Analyst Perspective

Avoid tech debt related to accessibility barriers

Accessibility is important for individuals, businesses, and society. Diverse populations need diverse access, and it’s essential to provide access and opportunity to everyone, including people with diverse abilities. In fact, access to information and communications technologies (ICT) is a basic human right according to the United Nations.

The benefits of ICT accessibility go beyond compliance. Many innovations that we use in everyday life, such as voice activation, began as accessibility initiatives and ended up creating a better lived experience for everyone. Accessibility can improve user experience and satisfaction, and it can enhance your brand, drive innovation, and extend your market reach (WAI, 2022).

Although your organization might be required by law to ensure accessibility, understanding your users’ needs and incorporating them into your processes early will determine success beyond just compliance.

Heather Leier-Murray, Senior Research Analyst, People and Leadership

Heather Leier-Murray
Senior Research Analyst, People and Leadership
Info-Tech Research Group

Executive Summary

Your Challenge Common Obstacles Info-Tech’s Approach

Global IT and business leaders are challenged to make digital products and services accessible because inaccessibility comes with increasing risk to brand reputation, legal ramifications, and constrained market reach.

  • Laws requiring digital accessibility are changing and differ by location.
  • You need to make sure your digital assets, products, and services (internal and external) are accessible to everyone.
  • The cost of inaction is rising.

Understanding where to start, where accessibility lives, and if or when you’re done can be overwhelmingly difficult.

  • Executive leadership buy-in is difficult to get.
  • Conventional thinking is driven by compliance and risk mitigation.
  • You don’t know where your gaps in understanding are.

Conventional approaches to accessibility often fail because users are expected to do the hard work. You have to be doing 80% of the hard work.1

Use Info-Tech’s research and resources to do what’s right for your organization. This framework takes away the overwhelm that many feel when they hear “accessibility” and makes the steps for your organization approachable.

  • Clearly communicate why accessibility is critical and how it supports the organization’s key objectives and initiatives.
  • Understand your current state related to accessibility and identify areas for key initiatives to become part of the IT strategic roadmap.

1. Harvard Business Review, 2021

Info-Tech Insight
The longer you put off accessibility, the more tech debt you accumulate and the more you risk losing access to new and existing markets. The longer you wait to adopt standards and best practices, the more interest you’ll accumulate on accessibility barriers and costs for remediation.

Your challenge

This research is designed to help organizations who are looking to:

  • Build a business case for accessibility.
  • Ensure that digital assets, products, and services are accessible to everyone, internally and externally.
  • Support staff and build skills to support the organization with accessibility and accommodation.
  • Get assistance figuring out where to start on the road to accessibility compliance and beyond.

The cost of inaction related to accessibility is rising. Preparing for accessibility earlier helps prevent tech debt; the longer you wait to address your accessibility obligations, the more costly it gets.

More than 3,500 digital accessibility lawsuits were filed in the US in 2020, up more than 50% from 2018.

Source: UsableNet. Inc.

Common obstacles

These barriers make accessibility difficult to address for many organizations:

  • You don’t know where your gaps in understanding are. Recognizing the importance of accessibility and how it fits into the bigger picture is key to developing buy-in.
  • Too often organizations focus on mitigating risk by being compliance driven. Shifting focus to the user experience, internally and externally, will realize better results.
  • Conventional approaches to accessibility often fail because the expectation is for users to do the hard work. One in five people have a permanent disability, but it’s likely everyone will be faced with some sort of disability at some point in their lives.1 Your organization has to be doing at least 80% of the hard work.2
  • Other types of compliance reside clearly with one area of the organization. Accessibility, however, has many homes: IT, user experience (UX), customer experience (CX), and even HR.

1. Smashing Magazine

2. Harvard Business Review, 2021

90% of companies claim to prioritize diversity.

Source: Harvard Business Review, 2020

Only 4% of those that claim to prioritize diversity consider disability in those initiatives.

Source: Harvard Business Review, 2020

The four principles of accessibility

WCAG (Web Content Accessibility Guidelines) identifies four principles of accessibility. WCAG is the most referenced standard in website accessibility lawsuits.

The four principles of accessibility

Source: eSSENTIAL Accessibility, 2022

Why organizations address accessibility

Top three reasons:

61% 62% 78%
To comply with laws To provide the best UX To include people with disabilities

Source: Level Access

Still, most businesses aren’t meeting compliance standards. Even though legislation has been in place for over 30 years, a 2022 study by WebAIM of 1,000,000 homepages returned a 96.8% WCAG 2.0 failure rate.

Source: Institute for Disability Research, Policy, and Practice

How organizations prioritize digital accessibility

43% rated it as a top priority.

36% rated it as important.

Fewer than 5% rated as either low priority or not even on the radar.

More than 65% agreed or strongly agreed it’s a higher priority than last year.

Source: Angel Business Communications

Organizations expect consumers to do more online

The pandemic led to many businesses going digital and more people doing things online.

Chart of activities performed more often compared to before COVID-19

Chart of activities performed for the first time during COVID-19

Source: Statistics Canada

Disability is part of being human

Merriam-Webster defines disability as a “physical, mental, cognitive, or developmental condition that impairs, interferes with, or limits a person’s ability to engage in certain tasks or actions or participate in typical daily activities and interactions.”1

The World Health Organization (WHO) points out that a crucial part of the definition of disability is that it’s not just a health problem, but the environment impacts the experience and extent of disability. Inaccessibility creates barriers for full participation in society.2

The likelihood of you experiencing a disability at some point in your life is very high, whether a physical or mental disability, seen or unseen, temporary or permanent, severe or mild.2

Many people acquire disabilities as they age yet may not identify as “a person with a disability.”3 Where life expectancies are over 70 years of age, 11.5% of life is spent living with a disability. 4

“Extreme personalization is becoming the primary difference in business success, and everyone wants to be a stakeholder in a company that provides processes, products, and services to employees and customers with equitable, person-centered experiences and allows for full participation where no one is left out.”
– Paudie Healy, CEO, Universal Access

1. Merriam-Webster
2. World Health Organization
3. Digital Leaders, as cited in WAI, 2018
4. Disabled World, as cited in WAI, 2018

Untapped talent resource

Common myths about people with disabilities:

  • They can’t work.
  • They need more time off or are absent more often.
  • Only basic, unskilled work is appropriate for them.
  • Their productivity is lower than that of coworkers.
  • They cost more to recruit, train, and employ.
  • They decrease others’ productivity.
  • They’re not eligible for governmental financial incentives (e.g. apprentices).
  • They don’t fit in.

These assumptions prevent organizations from hiring valuable people into the workforce and retaining them.

Source: Forbes

50% to 70% of people with disabilities are unemployed in industrialized countries. In the US alone, 61 million adults have a disability.

Source: United Nations, as cited in Forbes

Thought Model

Info-Tech’s methodology for the accessibility business case for IT

1. Understand Current State 2. Plan for Buy-in 3. Prepare Your Business Case
Phase Steps
  1. Understand standards and legislation
  2. Build awareness
  3. Understand current accessibility maturity level Define desired future state
  1. Define desired future state
  2. Define goals and objectives
  3. Document roles and responsibilities
  1. Customize and populate the Accessibility Business Case Template and gain approval
  2. Validate post-approval steps and establish timelines
Phase Outcomes
  • Accessibility maturity assessment
  • Accessibility drivers determined
  • Goals defined
  • Objectives identified
  • Roles and responsibilities documented
  • Business case drafted
  • Approval to move forward with implementing your accessibility program
  • Next steps and timelines

Insight Summary

Insight 1 The longer you put off accessibility, the more tech debt you accumulate and the more you risk losing access to new and existing markets. The longer you wait to adopt standards and best practices, the more interest you’ll accumulate on accessibility barriers and costs for remediation.
Insight 2 Implementing accessibility feels counterintuitive to IT departments. IT always wants to optimize and move forward, but with accessibility you may stay at one level for what feels like an uncomfortably long period. Don’t worry; building consistency and shifting culture takes time.
Insight 3 Accessibility goes beyond compliance, which should be an outcome, not the objective. With 1 billion people worldwide with some form of disability, nearly everyone likely has a connection to disability, whether it be in themselves, family, or colleagues. The market of people with disabilities has a spending power of more than $6 trillion.1

1. WAI, 2018

Blueprint deliverables

This blueprint is accompanied by supporting deliverables to help you accomplish your goals.

Accessibility Business Case Template

The business case for accessibility is strong. Use this template to communicate to senior leaders the benefits and challenges of accessibility and the risks of inaction.

Accessibility Maturity Assessment

Use this assessment to understand your current accessibility maturity.

Blueprint benefits

Business Benefits IT Benefits
  • Don’t lose out on a 6-trillion-dollar market.
  • Don’t miss opportunities to work with organizations because you’re not accessible.
  • Enable and empower current employees with disabilities.
  • Minimize potential for negative brand reputation due to a lack of consideration for people with disabilities.
  • Decrease the risk of legal action being brought upon the organization.
  • Understand accessibility and know your role in it for your organization and your team members.
  • Be prepared and able to provide the user experience you want.
  • Decrease tech debt – start early to ensure accessibility for everyone.
  • Access an untapped labor market.
  • Mitigate IT retention challenges.

Measure the value of this blueprint

Improve stakeholder satisfaction and engagement

  • Tracking measures to understand the value of this blueprint is a critical part of the process.
  • Monitor employee engagement, overall stakeholder satisfaction with IT, and the overall end-customer satisfaction.
  • Remember, accessibility is not a one-and-done project – just because measures are positive does not mean your work is done.

In phase 2 of this blueprint, we will help you establish current-state and target-state metrics for your organization.

Suggested Metrics
Overall end-customer satisfaction
Monies saved through cost optimization efforts
Employee engagement
Monies save through application rationalization and standardization

For more metrics ideas, see the Info-Tech IT Metrics Library.

Executive Brief Case Study

INDUSTRY
Technology

SOURCE
W3C Web Accessibility Initiative (WAI), 2018

Google

Investing in accessibility
With an innovative edge, Google invests in accessibility with the objective of making life easier for everyone. Google has created a broad array of accessibility innovations in its products and services so that people with disabilities get as much out of them as anyone else.

Part of Google’s core mission, accessibility means more to Google than implementing fixes. It is viewed positively by the organization and drives it to be more innovative to make information available to everyone. Google approaches accessibility problems not as barriers but as ways to innovate and discover breakthroughs that will become mainstream in the future.

Results
Among Google’s innovations are contrast minimums, auto-complete, voice-control, AI advances, and machine learning auto-captioning. All of these were created for accessibility purposes but have positively impacted the user experience in general for Google.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit Guided Implementation Workshop Consulting
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostics and consistent frameworks are used throughout all four options.

Guided Implementation

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is 4 to 6 calls over the course of 2 to 4 months.

What does a typical GI on this topic look like?

Phase 1 Phase 2 Phase 3

Call #1: Discuss motivation for the initiative and foundational knowledge requirements.

Call #2: Discuss next steps to assess current accessibility maturity.

Call #3: Discuss stakeholder engagement and future-state analysis.

Call #4: Discuss defining goals and objectives, along with roles and responsibilities.

Call #5: Review draft business case presentation.

Call #6: Discuss post-approval steps and timelines.

Phase 1

Understand Your Current State

Phase 1
1.1 Understand standards and legislation
1.2 Build awareness
1.3 Understand maturity level

Phase 2
2.1 Define desired future state
2.2 Define goals and objectives
2.3 Document roles and responsibilities

Phase 3
3.1 Prepare business case template for presentation and approval
3.2 Validate post-approval steps and establish timelines

The Accessibility Business Case for IT

This phase will walk you through the following activities:

  • Identifying and understanding accessibility and compliance requirements and the ramifications of noncompliance.
  • Defining accessibility, disability, and disability inclusion and building awareness of these with senior leaders.
  • Completing the Accessibility Maturity Assessment to help you understand your current state.

Step 1.1

Understand standards and legislation

Activities

1.1.1 Make a list of the legislation you need to comply with

1.1.2 Seek legal and/or professional services’ input on compliance

1.1.3 Detail the risks of inaction for your organization

Understand Your Current State

Outcomes of this step
You will gain foundational understanding of the breadth of the regulation requirements for your organization. You will have reviewed and understand what is applicable to your organization.

The regulatory landscape is evolving

Canada

  • Canadian Human Rights Act
  • Policy on Communications and Federal Identity
  • Canadian Charter of Rights and Freedoms
  • Accessibility for Ontarians with Disabilities Act
  • Accessible Canada Act of 2019 (ACA)

Europe

  • UK Equality Act 2010
  • EU Web and Mobile Accessibility Directive (2016)
  • EN 301 549 European Standard – Accessibility requirements for public procurement of ICT products and services

United States

  • Section 508 of the US Rehabilitation Act of 1973
  • Americans with Disabilities Act of 1990 (ADA)
  • Section 255 of the Telecommunications Act of 1996
  • Air Carrier Access Act of 1986
  • 21st Century Communications and Video Accessibility Act of 2010 (CVAA)

New Zealand

  • Human Rights Act 1993
  • Online Practice Guidelines for Government

Australia

  • Disability Discrimination Act 1992 (DDA)

Regulatory systems are moving toward an international standard.

1.1.1 Make a list of the legislation you need to comply with

  1. Download the Accessibility Business Case Template.
  2. Conduct research and investigate what legislation and standards are applicable to your organization.
  3. a) Start by looking at your local legislation.
    b) Then consider any other regions you conduct business in.
    c) Also account for the various industries you are in.
  4. While researching, build a list of legislation requirements. Document these in your Accessibility Business Case Template as part of the Project Context section.
Input Output
  • Research
  • Websites
  • Articles
  • List of legislation that applies to the organization related to accessibility
Materials Participants
  • Accessibility Business Case Template
  • Project leader/initiator

Download the Accessibility Business Case Template

1.1.2 Seek professional advice on compliance

  1. Have general counsel review your list of regulations and standards related to accessibility or seek legal and/or professional support to review your list.
  2. Review or research further the implications of any suggestions from legal counsel.
  3. Make any updates to the Legal Landscape slide in the Accessibility Business Case Template.
Input Output
  • Compiled list of applicable legislation and standards
  • Confirmed list of regulations that are applicable to your organization related to accessibility
Materials Participants
  • Accessibility Business Case Template
  • Project leader/initiator
  • General counsel/professional services

Download the Accessibility Business Case Template

Ramifications of noncompliance

Go beyond financial consequences

Beyond the costs resulting from a claim, noncompliance can damage your organization in several ways.

Financial Impact

ADA Warning Shot: A complaint often indicates pending legal action to come. Addressing issues on a reactive, ad hoc basis can be quite expensive. It can cost almost $10,000 to address a single complaint, and chances are if you have one complaint, you have many.

Lawsuit Costs: In the US, 265,000 demand letters were sent in 2020 under the ADA for inaccessible websites. On average, a demand letter could cost the company $25,000 (conservatively). These are low-end numbers; another estimate is that a small, quickly settled digital accessibility lawsuit could cost upwards of $350,000 for the defendant.

Non-Financial Impact

Reputational Impact: Claims brought upon a company can bring negative publicity with them. In contrast, having a clear commitment to accessibility demonstrates inclusion and can enhance brand image and reputation. Stakeholder expectations are changing, and consumers, investors, and employees alike want to support businesses with a purpose.

Technology Resource Strains: Costly workarounds and ad hoc accommodation processes take away from efficiency and effectiveness. Updates and redesigns for accessibility and best practices will reduce costs associated with maintenance and service, including overall stakeholder satisfaction improvements.

Access to Talent: 2022 saw a record high number of job openings, over 11.4 million in the US alone. Ongoing labor shortages require eliminating bias and keeping an open mind about who is qualified.

Source: May Hopewell

In the last four years, 83% of the retail 500 have been sued. Since 2018, 417 of the top 500 have received ADA-based digital lawsuits.

Source: UsableNet

1.1.3 Detail the risks of inaction for your organization

  1. Using the information that you’ve gathered through your research and legal/professional advice, detail the risks of inaction for your organization.
  2. a) Consider legal risks, consumer risks, brand risks, and employee risks. (Remember, risks aren’t just monetary.)
  3. Document the risks in your Accessibility Business Case Template.
InputOutput
  • List of applicable legislation and standards
  • Information about risks
  • Identified accessibility maturity level
MaterialsParticipants
  • Accessibility Business Case Template
  • Project leader/initiator

Download the Accessibility Business Case Template

Step 1.2

Build awareness of accessibility and disability inclusion

Activities

1.2.1 Identify gaps in understanding

1.2.2 Brainstorm how to reframe accessibility positively

Understand Your Current State

Outcomes of this step
You’ll have a better understanding of accessibility so that you can effectively implement and promote it.

Where to look for understanding

First-hand experience of how people with disabilities interact with your organization is often eye-opening. It will help you understand the benefits and value of accessibility.

Where to look for understanding

  • Talk with people you know with disabilities that are willing to share.*
  • Find role-specific training that’s appropriate.
  • Research. Articles and videos are easy to find.
  • Set up assistive technology trials.
  • Seek out first-hand experience from people with disabilities and how they work and use digital assets.

Source: WAI, 2016

* Remember, people with disabilities aren't obligated to discuss or explain their disabilities and may not be comfortable sharing. If you're asking for their time, be respectful, only ask if appropriate, and accept a "no" answer if the person doesn't wish to assist.

1.2.1 Identify gaps in understanding

Find out what accessibility is and why it is important. Learn the basics.

  1. Using the information that you’ve gathered through your research and legal counsel, conduct further research to understand the importance of accessibility.
  2. Answer these questions:
  3. a) What is accessibility? Why is it important?
    b) From the legislation and standards identified in step 1.1, what gaps exist?
    c) What is the definition of disability?
    d) How does your organization currently address accessibility?
    e) What are your risks?
    f) Do you have any current employees who have disabilities?
  4. Review the previous slide for suggestions on where to find more information to answer the above questions.
  5. Document any changes to the risks in your Accessibility Business Case Template.
InputOutput
  • Articles
  • Interviews
  • Websites
  • Greater understanding of the lived experience of people with disabilities
MaterialsParticipants
  • Articles
  • Websites
  • Accessibility Business Case Template
  • Project leader/initiator

Download the Accessibility Business Case Template

Reframe accessibility as a benefit, not a burden

A clear understanding of accessibility and the related standards and regulations can turn accessibility from something big and scary to an achievable part of the business.

The benefits of accessibility are:

Market Reach Minimized Legal Risks Innovation Retention
Over 1 billion people with a spending power of $6 trillion make up the global market of people with disabilities.1 Accessibility improves the experience for all users. In addition, many organizations require you to provide proof you meet accessibility standards during the RFP process. Accessibility regulations are changing, and claims are rising. Costs associated with legal proceedings can be more than just financial. Many countries have laws you need to follow. People with disabilities bring diversity of thought, have different lived experiences, and benefit inclusivity, which helps drive engagement. Plus accessibility features often solve unanticipated problems. Employing and supporting people with disabilities can reduce turnover and improve retention, reliability, company image, employee loyalty, ability awareness, and more.

Source 1: WAI, 2018

1.2.2 Brainstorm ways to reframe accessibility positively

  1. Using the information that you’ve gathered through your research, brainstorm additional positives of accessibility for your organization.
  2. Clearly identify the problem you want to solve (e.g., reframing accessibility positively in your organization).
  3. Collect any tools you want to use to during brainstorming (e.g., whiteboard, markers, sticky notes)
  4. Write down all the ideas that come to mind.
  5. Review all the points and group them into themes.
  6. Update the Accessibility Business Case Template with your findings.
InputOutput
  • Research you have gathered
  • List of ways to positively reframe accessibility for your organization
MaterialsParticipants
  • Sticky notes, whiteboard, pens, paper, markers.
  • Accessibility Business Case Template
  • Project leader/initiator

Download the Accessibility Business Case Template

Make it part of the conversation

A first step to disability and accessibility awareness is to talk about it. When it is talked about as freely as other things are in the workplace, this can create a more welcoming workplace.

Accessibility goes beyond physical access and includes technological access and support as well as our attitudes.

Accessibility is making sure everyone (disabled or abled) can access the workplace equally.

Adjustments in the workplace are necessary to create an accessible and welcoming environment. Understanding the three dimensions of accessibility in the workplace is a good place to start.

Source: May Hopewell

Three dimensions of accessibility in the workplace

Three dimensions of accessibility in the workplace

Case Study

INDUSTRY
Professional Services

SOURCE
Accenture

Accenture takes an inclusive approach to increase accessibility.

Accessibility is more than tools

Employee experience was the focus of embarking on the accessibility journey, ensuring inclusivity was built in and every employee was able to use the tools they needed and could achieve their goals.

"We are removing barriers in technology to make all of our employees, regardless of their ability, more productive.”
— Melissa Summers, Managing Director – Global IT, Corporate Technology, Accenture

Accessibility is inclusive

The journey began with formalizing a Global IT Accessibility practice and defining an accessibility program charter. This provided direction and underpinned the strategy used to create a virtual Accessibility Center of Excellence and map out a multiyear plan of initiatives.

The team then identified all the technologies they wanted to enhance by prioritizing ones that were high use and high impact. Involving disability champions gave insight into focus areas.

Accessibility is innovation

Working with partners like Microsoft and over 100 employees, Accenture continues toward the goal of 75% accessibility for all its global high-traffic internal platforms.

Achievements thus far include:

  • 100% of new Accenture video and broadcast content is automatically captioned.
  • Accenture received a perfect Disability Equality Index (US) score of 100 out of 100 for 2017, 2018, and 2019.

Step 1.3

Understand your current accessibility maturity level

Activities

1.3.1 Complete the Accessibility Maturity Assessment

Understand Your Current State

Outcomes of this step
Completed Accessibility Maturity Assessment to inform planning for and building your business case in Phases 2 and 3.

Know where you are to know where to go

Consider accessibility improvements from three interconnected aspects to determine current maturity level

Accessibility Maturity

People

  • Consider employee, customer, and user experience.

Process

  • Review processes to ensure accessibility is considered early.

Technology

  • Whether it’s new or existing, technology is an important tool to increase accessibility.

Accessibility maturity levels

INITIAL DEVELOPING DEFINED MANAGED OPTIMIZE
At this level, accessibility processes are mostly undocumented, if they exist. Accessibility is most likely happening on a reactive, ad hoc basis. No one understands who is responsible for accessibility or what their role is. At this stage the organization is driven by the need for compliance. At the developing level, the organization is taking steps to increase accessibility but still has a lot of opportunity for improvements. The organization is defining and refining processes and is working toward building a library of assistive tools. At this level, processes related to accessibility are repeatable. However, there’s a tendency to resort to old habits under stress. The organization has tools in place to facilitate accommodation requests and technology is compatible with assistive technologies. Accessibility initiatives are driven by the desire to make the user experience better. The managed level is defined by its effective accessibility controls, processes, and metrics. The organization can mostly anticipate preferences of customers, employees, and users. The roles and responsibilities are defined, and disability is included as part of the organization’s diversity, equity, and inclusion (DEI) initiatives. This level is not the goal for all organizations. At this level there is a shift in the organization’s culture to a feeling of belonging. The organization also demonstrates ongoing process improvements. Everyone can experience a seamless interaction with the organization. The focus is on continuous improvement and using feedback to inform future initiatives.

Determine your level of maturity

Use Info-Tech’s Accessibility Maturity Assessment

  • On the accessibility questionnaire, tab 2, choose how much the statements apply to your organization. Answer the questions based on your knowledge of your current state organizationally.
  • Once you’ve answered all the questions, see the results on the tab 3, Accessibility Results. You can see your overall maturity level and the maturity level for each of six dimensions that are necessary to increase the success of an accessibility program.
  • Click through to tab 4, Recommendations, to see specific recommendations based on your results and proven research to progress through the maturity levels. Keep in mind that not all organizations will or should aspire to the “Optimize” maturity level.

1.3.1 Complete the Accessibility Maturity Assessment

  1. Download the Accessibility Maturity Assessment and save it with the date so that as you work on your accessibility program, you can reassess later and track your progress.
  2. Once you have saved the assessment, select the appropriate answer for each statement on tab 2, Accessibility Questions, based on your knowledge of the organization’s approach.
  3. After reviewing all the accessibility statements, see your maturity level results on tab 3, Accessibility Results. Then see tab 4, Recommendations, for suggestions based on your answers.
  4. Document your accessibility maturity results in your Accessibility Business Case Template.
Input Output
  • Assess your current state of accessibility by choosing all the statements that apply to your organization
  • Identified accessibility maturity level
Materials Participants
  • Accessibility Maturity Assessment
  • Accessibility Business Case Template
  • Project leader/sponsor
  • IT leadership team

Download the Accessibility Business Case Template

Phase 2

Plan for Senior Leader Buy-In

Phase 1
1.1 Understand standards and legislation
1.2 Build awareness
1.3 Understand maturity level

Phase 2
2.1 Define desired future state
2.2 Define goals and objectives
2.3 Document roles and responsibilities

Phase 3
3.1 Prepare business case template for presentation and approval
3.2 Validate post-approval steps and establish timelines

The Accessibility Business Case for IT

This phase will walk you through the following activities:

  • Defining your desired future state.
  • Determining your accessibility program goals and objectives.
  • Clarifying and documenting roles and responsibilities related to accessibility in IT.

This phase involves the following participants:

  • Project lead/sponsor
  • IT leadership team
  • Senior leaders/decision makers

Step 2.1

Define the desired future state of accessibility

Activities

2.1.1 Identify key stakeholders

2.1.2 Hold a key stakeholder focus group

2.1.3 Conduct a future-state analysis

Outcomes of this step
Following this step, you will have identified your aspirational maturity level and what your accessibility future state looks like for your organization.

Plan for Senior Leader Buy-In

Cheat sheet: Identify stakeholders

Ask stakeholders, “Who else should I be talking to?” to discover additional stakeholders and ensure you don’t miss anyone.

Identify stakeholders through the following questions:
  • Who in areas of influence will be adversely affected by potential environmental and social impacts of what you are doing?
  • At which stage will stakeholders be most affected (e.g. procurement, implementation, operations, decommissioning)?
  • Will other stakeholders emerge as the phases are started and completed?
  • Who is sponsoring the initiative?
  • Who benefits from the initiative?
  • Who is negatively impacted by the initiative?
  • Who can make approvals?
  • Who controls resources?
  • Who has specialist skills?
  • Who implements the changes?
  • Who are the owners, governors, customers, and suppliers of impacted capabilities or functions?
Take a 360-degree view of potential internal and external stakeholders who might be impacted by the initiative.
  • Executives
  • Peers
  • Direct reports
  • Partners
  • Customers
  • Subcontractors
  • Subcontractors
  • Contractors
  • Lobby groups
  • Regulatory agencies

Categorize your stakeholders with a stakeholder prioritization map

A stakeholder prioritization map helps teams categorize their stakeholders by their level of influence and ownership.

There are four areas in the map, and the stakeholders within each area should be treated differently.

Players – Players have a high interest in the initiative and the influence to effect change over the initiative. Their support is critical, and a lack of support can cause significant impediment to the objectives.

Mediators – Mediators have a low interest but significant influence over the initiative. They can help to provide balance and objective opinions to issues that arise.

Noisemakers – Noisemakers have low influence but high interest. They tend to be very vocal and engaged, either positively or negatively, but have little ability to enact their wishes.

Spectators – Generally, spectators are apathetic and have little influence over or interest in the initiative.

Stakeholder prioritization map

Define strategies for engaging stakeholders by type

Each group of stakeholders draws attention and resources away from critical tasks.

By properly identifying your stakeholder groups, you can develop corresponding actions to manage stakeholders in each group. This can dramatically reduce wasted effort trying to satisfy Spectators and Noisemakers while ensuring the needs of the Mediators and Players are met.

Type Quadrant Actions
Players High influence, high interest Actively Engage
Keep them engaged through continuous involvement. Maintain their interest by demonstrating their value to its success.
Mediators High influence, low interest Keep Satisfied
They can be the game changers in groups of stakeholders. Turn them into supporters by gaining their confidence and trust, and include them in important decision-making steps. In turn, they can help you influence other stakeholders.
Noisemakers Low influence, high interest Keep Informed
Try to increase their influence (or decrease it if they are detractors) by providing them with key information, supporting them in meetings, and using Mediators to help them.
Spectators Low influence, low interest Monitor
They are followers. Keep them in the loop by providing clarity on objectives and status updates.

2.1.1 Identify key stakeholders

Collect this information by:

  1. List direct stakeholders for your area. Include stakeholders across the organization (both IT and business units) and externally.
  2. Create a stakeholder map to capture your stakeholders’ interest in and influence on digital accessibility.
  3. Shortlist stakeholders to invite as focus group participants in activity 2.1.2.
    • Aim for a combination of Players, Mediators, and Noisemakers.
Input Output
  • List of stakeholders
  • Stakeholder requirements
  • A stakeholder map
  • List of stakeholders to include in the focus group in step 2.1.2
Materials Participants
  • Sticky notes, pens, whiteboard, markers (optional)
  • Project leader/sponsor

Hold a focus group to initiate planning

Involve key stakeholders to determine the organizational drivers of accessibility, identify target maturity and key performance indicators (KPIs), and ultimately build the project charter.

Building the project charter as a group will help you to clarify your key messages and secure buy-in from critical stakeholders up-front, which is key.

Executing the business case for accessibility requires significant involvement from your IT leadership team. The challenge is that accessibility can be overwhelming because of inherent bias. Members of your IT leadership team will also need to participate in knowledge transfer, so get them involved up-front. The focus group will help stakeholders feel more engaged in the project, which is pivotal for success.

You may feel like a full project charter isn’t necessary, and depending on your organizational size, it might not be. However, the exercise of building the charter is important regardless. No matter your current climate, some level of socializing the value of and plans for accessibility will be necessary.

Meeting Agenda

  1. Short introduction
    Led by: Project Sponsor
    • Why the initiative is being considered.
  2. Make the case for the project
    Led by: Project Manager
    • Current state: What does the initiative address?
    • Future state: What is our target state of maturity?
  3. Success criteria
    Led by: Project Manager
    • How will success be measured?
  4. Define the project team
    Led by: Project Manager
    • Description of planned approach.
    • Stakeholder assessment.
    • What is required of the sponsor and stakeholders?
  5. Determine next steps
    Led by: Project Manager

2.1.2 Hold a stakeholder focus group

Identify the pain points you want to resolve and some of the benefits that you’d like to see from a program. By doing so, you’ll get a holistic view of what you need to achieve and what your drivers are.

  1. Ask the working group participants (as a whole or in smaller groups) to discuss pain points created by inaccessibility.
    • Challenges related to stakeholders.
    • Challenges created by process issues.
    • Difficulties improving accessibility practices.
  2. Discuss opportunities to be gained from improving these practices.
  3. Have participants write these down on sticky notes and place them on a whiteboard or flip chart.
  4. Review all the points as a group. Group challenges and benefits into themes.
  5. Have the group prioritize the risks and benefits in terms of what the solution must have, should have, could have, and won’t have.
Input Output
  • Reasons for the project
  • Stakeholder requirements
  • Pain points and risks
  • A prioritized list of risks and benefits of the solution
Materials Participants
  • Agenda (see previous slide)
  • Sticky notes, pens, whiteboard, markers (optional)
  • IT leadership
  • Other key stakeholders

While defining future state, consider your drivers

The Info-Tech Accessibility Maturity Framework identifies three key strategic drivers: compliance, experience, and incorporation.

  • Over 30% of organizations are focused on compliance, according to a 2022 survey by Harvard Business Review and Slack’s Future Forum. The survey asked more than 10,000 workers in six countries about their organizations’ approach to DEI.2

Even though 90% of companies claim to prioritize diversity,1 over 30% are focused on compliance.2

1. Harvard Business Review, 2020
2. Harvard Business Review, 2022

31.6% of companies remain in the Compliant stage, where they are focused on DEI compliance and not on integrating DEI throughout the organization or on creating continual improvement.

Source: Harvard Business Review, 2022

Align the benefits of program drivers to organizational goals or outcomes

Although there will be various motivating factors, aligning the drivers of your accessibility program provides direction to the program. Connecting the advantages of program drivers to organizational goals builds the confidence of senior leaders and decision makers, increasing the continued commitment to invest in accessibility programming.

Drivers Compliance Experience Incorporation
Maturity level Initial Developing Defined Managed Optimized
Description Any accessibility initiative is to comply with the minimum legislated requirement. Desire to avoid/decrease legal risk. Accessibility initiatives are focused on improving the experience of everyone from the start. Most organizations will be experience driven. Desire to increase accessibility and engagement. Accessibility is a seamless part of the whole organization and initiatives are focused on impacting social issues.
Advantages Compliance is a good starting place for accessibility. It will reduce legal risk. Being people focused from the start of processes enables the organization to reduce tech debt, provide the best user experience, and realize other benefits of accessibility. There is a sense of belonging in the organization. The entire organization experiences the benefits of accessibility.
Disadvantages Accessibility is about more than just compliance. Being compliance driven won’t give you the full benefits of accessibility. This can mean a culture change for the organization, which can take a long time. IT is used to moving quickly – it might feel counterintuitive to slow down and take time. It takes much longer to reach the associated level of maturity. Not possible for all organizations.

Info-Tech Accessibility Maturity Framework

Info-Tech Accessibility Maturity Framework

After initially ensuring your organization is compliant with regulations and standards, you will progress to building disciplined process and consistent standardized processes. Eventually you will build the ability for predictable process, and lastly, you’ll optimize by continuously improving.

Depending on the level of maturity you are trying to achieve, it could take months or even years to implement. The important thing to understand, however, is that accessibility work is never done.

At all levels of the maturity framework, you must consider the interconnected aspects of people, process, and technology. However, as the organization progresses, the impact will shift from largely being focused on process and technology improvement to being focused on people.

Info-Tech Insight
IT typically works through maturity frameworks from the bottom to the top, progressing at each level until they reach the end. When it comes to digital accessibility initiatives, being especially thorough, thoughtful, and collaborative is critical to success. This will mean spending more time in the Developing, Defined, and Managed levels of maturity rather than trying to reach Optimized as quickly as you can. This may feel contrary to what IT historically considers as a successful implementation.

Accessibility maturity levels

Driver Description Benefits
Initial Compliance
  • Accessibility processes are mostly undocumented.
  • Accessibility happens mostly on a reactive or ad hoc basis.
  • No one is aware of who is responsible for accessibility or what role they play.
  • Heavily focused on complying with regulations and standards to decrease legal risk.
  • The organization is aware of the need for accessibility.
  • Legal risk is decreased.
Developing Experience
  • The organization is starting to take steps to increase accessibility beyond compliance.
  • Lots of opportunity for improvement.
  • Defining and refining processes.
  • Working toward building a library of assistive tools.
  • Awareness of the need for accessibility is growing.
  • Process review for accessibility increases process efficiency through avoiding rework.
Defined Experience
  • Accessibility processes are repeatable.
  • There is a tendency to resort to old habits under stress.
  • Tools are in place to facilitate accommodation.
  • Employees know accommodations are available to them.
  • Accessibility is becoming part of daily work.
Managed Experience
  • Defined by effective accessibility controls, processes, and metrics.
  • Mostly anticipating preferences.
  • Roles and responsibilities are defined.
  • Disability is included as part of DEI.
  • Employees understand their role in accessibility.
  • Engagement is positively impacted.
  • Attraction and retention are positively impacted.
Optimized Incorporation
  • Not the goal for every organization.
  • Characterized by a dramatic shift in organizational culture and a feeling of belonging.
  • Ongoing continuous improvement.
  • Seamless interactions with the organization for everyone.
  • Using feedback to inform future initiatives.
  • More likely to be innovative and inclusive, reach more people positively, and meet emerging global legal requirements.
  • Better equipped for success.

2.1.3 Conduct future-state analysis

Identify your target state of maturity

  1. Provide the group with your maturity assessment results to review as well as the slides on the maturity levels, framework, and drivers.
  2. Compare the benefits listed on the Accessibility maturity levels slide to those that you named in the previous exercise and determine which maturity level best describes your target state.
  3. Discuss as a group and agree on one desired maturity level to reach.
  4. Review the other levels of maturity and determine what is in and out of scope for the project (higher-level benefits would be considered out of scope).
  5. Document your target state of maturity in your Accessibility Business Case Template.
Input Output
  • Accessibility maturity levels chart on previous slide
  • Maturity level assessment results
  • Target maturity level documented
Materials Participants
  • Paper and pens
  • Handouts of maturity levels
  • Accessibility Business Case Template
  • IT leadership team

Download the Accessibility Business Case Template

Case Study

Accessibility as a differentiator

INDUSTRY
Financial

SOURCE
WAI-Engage

Accessibility inside and out

As a financial provider, Barclays embarked on the accessibility journey to engage customers and employees with the goal of equal access for all. One key statement that provided focus was “Essential for some, easier for all. ”

“It's about helping everyone to work, bank and live their lives regardless of their age, situation, abilities or circumstances.”

Embedding into experiences

“The Barclays Accessibility team [supports] digital teams to embed accessibility into our services and culture through effective governance, partnering, training and tools. Establishing an enterprise-wide accessibility strategy, standards and programmes coupled with senior sponsorship helps support our publicly stated ambition of becoming the most accessible and inclusive FTSE company.”

– Paul Smyth, Head of Digital Accessibility, Barclays

It’s a circle, not a roadmap

  • Barclays continues the journey through partnerships with disability charities and accessibility experts and through regularly engaging with customers and colleagues with disabilities directly.
  • More accessible, inclusive products and services engage and attract more people with disabilities. This translates to a more diverse workforce that identifies opportunities for innovation. This leads to being attractive to diverse talent, and the circle continues.
  • Barclays’ mobile banking app was first to be accredited by accessibility consultants AbilityNet.

Step 2.2

Define your accessibility program goals and objectives

Activities

2.2.1 Create a list of goals and objectives

2.2.2 Finalize key metrics

Plan for Senior Leader Buy-In

Outcomes of this step
You will have clear measurable goals and objectives to respond to identified accessibility issues and organizational goals.

What does a good goal look like?

Use the SMART framework to build effective goals.

S Specific: Is the goal clear, concrete, and well defined?
M Measurable: How will you know when the goal is met?
A Achievable: Is the goal possible to achieve in a reasonable time?
R Relevant: Does this goal align with your responsibilities and with departmental and organizational goals?
T Time-based: Have you specified a time frame in which you aim to achieve the goal?

SMART is a common framework for setting effective goals. Make sure your goals satisfy these criteria to ensure you can achieve real results.

2.2.1 Create a list of goals and objectives

Use the outcomes from activity 2.1.2.

  1. Using the prioritized list of what your solution must have, should have, could have, and won’t have from activity 2.1.2, develop goals.
  2. Remember to use the SMART goal framework to build out each goal (see the previous slide for more information on SMART goals).
  3. Ensure each goal supports departmental and organizational goals to ensure it is meaningful.
  4. Document your goals and objectives in your Accessibility Business Case Template.
InputOutput
  • Outcomes of activity 2.1.2
  • Organizational and departmental goals
  • Goals and objectives added to your Accessibility Business Case Template
MaterialsParticipants
  • Accessibility Business Case Template
  • IT leadership team

Download the Accessibility Business Case Template

2.2.1 Create a list of goals and objectives

Use the outcomes from activity 2.1.2.

  1. Using the prioritized list of what your solution must have, should have, could have, and won’t have from activity 2.1.2, develop goals.
  2. Remember to use the SMART goal framework to build out each goal (see the previous slide for more information on SMART goals).
  3. Ensure each goal supports departmental and organizational goals to ensure it is meaningful.
  4. Document your goals and objectives in your Accessibility Business Case Template.

Establish Baseline Metrics

Baseline metrics will be improved through:

  1. Progressing through the accessibility maturity model.
  2. Addressing accessibility earlier in processes to avoid tech debt and rework late in projects or releases.
  3. Making accessibility part of the procurement process as a scoring consideration and vendor choice.
  4. Ensuring compliance with regulations and standards.
Metric Current Goal
Overall end-customer satisfaction 90 120
Monies saved through cost optimization efforts
Employee engagement
Monies save through application rationalization and standardization

For more metrics ideas, see the Info-Tech IT Metrics Library.

2.2.2 Finalize key metrics

Finalize key metrics the organization will use to measure accessibility success

  1. Brainstorm how you would measure the success of each goal based on the benefits, challenges, and risks you previously identified.
  2. Write each of the metric ideas down and finalize three to five key metrics which you will track. The metrics you choose should relate to the key challenges or risks you have identified and match your desired maturity level and driver.
  3. Document your key metrics in the Accessibility Business Case Template.
InputOutput
  • Accessibility challenges and benefits
  • Goals from activity 2.2.1
  • Three to five key metrics to track
MaterialsParticipants
  • Accessibility Business Case Template
  • IT leadership team
  • Project lead/sponsor

Download the Accessibility Business Case Template

Step 2.3

Document accessibility program roles and responsibilities

Activities

2.3.1 Populate a RACI chart

Plan for Senior Leader Buy-In

Outcomes of this step
At the end of this step, you will have a completed RACI chart documenting the roles and responsibilities related to accessibility for your accessibility business case.

2.3.1 Populate a RACI

Populate a RACI chart to identify who should be responsible, accountable, consulted, and informed for each key activity.

Define who is responsible, accountable, consulted, and informed for the project team:

  1. Write out the list of all stakeholders along the top of a whiteboard. Write out the key project steps along the left-hand side.
  2. For each initiative, identify each team member’s role. Are they:
    Responsible: The one responsible for getting the job done.
    Accountable: Only one person can be accountable for each task.
    Consulted: Are involved by providing knowledge.
    Informed: Receive information about execution and quality.
  3. As you proceed, continue to add tasks and assign responsibility to the RACI chart in the appendix of the Accessibility Business Case Template.
InputOutput
  • Stakeholder list
  • Key project steps
  • Project RACI chart
MaterialsParticipants
  • Whiteboard
  • Accessibility Business Case Template
  • IT leadership team

Download the Accessibility Business Case Template

Phase 3

Prepare your business case and get approval

Phase 1
1.1 Understand standards and legislation
1.2 Build awareness
1.3 Understand maturity level

Phase 2
2.1 Define desired future state
2.2 Define goals and objectives
2.3 Document roles and responsibilities

Phase 3
3.1 Prepare business case template for presentation and approval
3.2 Validate post-approval steps and establish timelines

The Accessibility Business Case for IT

This phase will walk you through the following activities:

  • Compiling the work and learning you’ve done so far into a business case presentation.

This phase involves the following participants:

  • Project lead/sponsor
  • Senior leaders/approval authority

There is a business case for accessibility

  • When planning for initiatives, a business case is a necessary tool. Although it can feel like an administrative exercise, it helps create a compelling argument to senior leaders about the benefits and necessity of building an accessibility program.
  • No matter the industry, you need to justify how the budget and effort you require for the initiative support organizational goals. However, senior leaders of different industries might be motivated by different reasons. For example, government is strongly motivated by legal and equity aspects, commercial companies may be attracted to the increase in innovation or market reach, and educational and nonprofit companies are likely motivated by brand enhancement.
  • The organizational focus and goals will guide your business case for accessibility. Highlight the most relevant benefits to your operational landscape and the risk of inaction.

Source: WAI, 2018

“Many organizations are waking up to the fact that embracing accessibility leads to multiple benefits – reducing legal risks, strengthening brand presence, improving customer experience and colleague productivity.”
– Paul Smyth, Head of Digital Accessibility, Barclays
Source: WAI, 2018

Step 3.1

Customize and populate the Accessibility Business Case Template

Activities

3.1.1 Prepare your business case template for presentation and approval

Build Your Business Case

Outcomes of this step
Following this step, you will have a customized business case presentation that you can present to senior leaders.

Use Info-Tech’s template to communicate with stakeholders

Obtain approval for your accessibility program by customizing Info-Tech’s Accessibility Business Case Template, which is designed to effectively convey your key messages. Tailor the template to suit your needs.

It includes:

  • Project context
  • Project scope and objectives
  • Knowledge transfer roadmap
  • Next steps

Info-Tech Insight
The support of senior leaders is critical to the success of your accessibility program development. Remind them of the benefits and impact and the risks associated with inaction.

Download the Accessibility Business Case Template

3.1.1 Prepare a presentation for senior leaders to gain approval

Now that you understand your current and desired accessibility maturity, the next step is to get sign-off to begin planning your initiatives.

Know your audience:

  1. Consider who will be included in your presentation audience.
  2. You want your presentation to be succinct and hard-hitting. Management’s time is tight, and they will lose interest if you drag out the delivery. Impact them hard and fast with the challenges, benefits, and risks of inaction.
  3. Contain the presentation to no more than an hour. Depending on your audience, the actual presentation delivery could be quite short. You want to ensure adequate time for questions and answers.
  4. Schedule a meeting with the key decision makers who will need to approve the initiatives (IT leadership team, executive team, the board, etc.) and present your business case.
InputOutput
  • Activity results
  • Accessibility Maturity Assessment results
  • A completed presentation to communicate your accessibility business case
MaterialsParticipants
  • Accessibility Business Case Template
  • IT leadership team
  • Project sponsor
  • Project stakeholders
  • Senior leaders

Download the Accessibility Business Case Template

Step 3.2

Validate post-approval steps and establish timelines

Activities

3.2.1 Prepare for implementation: Complete the implementation prep to-do list and assign proposed timelines

Build Your Business Case

Outcomes of this step
This step will help you gain leadership’s approval to move forward with building and implementing the accessibility program.

Prepare to implement your program

Complete the to-do list to ensure you are ready to move your accessibility program forward.

To Do Proposed Timeline
Reach out to your change management team for assistance.
Discuss your plan with HR.
Build a project team.
Incorporate any necessary changes from senior leaders into your business case.
[insert your own addition here]
[insert your own addition here]
[insert your own addition here]
[insert your own addition here]

3.2.1 Prep for implementation (action planning)

Use the implementation prep to-do list to make sure you have gathered relevant information and completed critical steps to be ready for success.

Use the list on the previous slide to make sure you are set up for implementation success and that you’re ready to move your accessibility program forward.

  1. Assign proposed timelines to each of the items.
  2. Work through the list, collecting or completing each item.
  3. As you proceed, keep your identified drivers, current state, desired future state, goals, and objectives in mind.
Input Output
  • Accessibility Maturity Assessment
  • Business case presentation and any feedback from senior leaders
  • Goals, objectives, identified drivers, and desired future state
  • High-level action plan
Materials Participants
  • Previous slide containing the checklist
  • Project lead

Related Info-Tech Research

Implement and Mature Your User Experience Design Practice

  • Create a practice that is focused on human outcomes; it starts and ends with the people you are designing for. This includes:
    • Establishing a practice with a common vision.
    • Enhancing the practice through four design factors.
    • Communicating a roadmap to improve your business through design.

Modernize Your Corporate Website to Drive Business Value

  • Users are demanding more valuable web functionalities and improved access to your website services.
  • The criteria of user acceptance and satisfaction involves more than an aesthetically pleasing user interface (UI). It also includes how emotionally attached the user is to the website and how it accommodates user behaviors.

IT Diversity & Inclusion Tactics

  • Although inclusion is key to the success of a diversity and inclusion (D&I) strategy, the complexity of the concept makes it a daunting pursuit.
  • This is further complicated by the fact that creating inclusion is not a one-and-done exercise. Rather, it requires the ongoing commitment of employees and managers to reassess their own behaviors and to drive a cultural shift.

Fix Your IT Culture

  • Go beyond value statements to create a culture that enables the departmental strategy.
  • There is confusion about how to translate culture from an abstract concept to something that is measurable, actionable, and process driven.
  • Organizations lack clarity about who is accountable and responsible for culture, with groups often pointing fingers at each other.

Works cited

“2021 State of Digital Accessibility.” Level Access, n.d. Accessed 10 Aug. 2022

”2022 Midyear Report: ADA Digital Accessibility Lawsuits.” UsableNet, 2022. Accessed 9 Nov. 2022

“Barclay’s Bank Case Study.” WAI-Engage, 12 Sept. 2018. Accessed 7 Nov. 2022.

Bilodeau, Howard, et al. “StatCan COVID-19 Data to Insights for a Better Canada.” Statistics Canada, 24 June 2021. Accessed 10 Aug. 2022.

Casey, Caroline. “Do Your D&I Efforts Include People With Disabilities?” Harvard Business Review, 19 March 2020. Accessed 28 July 2022.

Digitalisation World. “Organisations failing to meet digital accessibility standards.” Angel Business Communications, 19 May 2022. Accessed Oct. 2022.

“disability.” Merriam-Webster.com Dictionary, Merriam-Webster, https://www.merriam-webster.com/dictionary/disability. Accessed 10 Aug. 2022.

“Disability.” World Health Organization, 2022. Accessed 10 Aug 2022.

“Driving the Accessibility Advantage at Accenture.” Accenture, 2022. Accessed 7 Oct. 2022.

eSSENTIAL Accessibility. The Must-Have WCAG 2.1 Checklist. 2022

Hopewell, May. Accessibility in the Workplace. 2022.

“Initiate.” W3C Web Accessibility Initiative (WAI), 31 March 2016. Accessed 18 Aug. 2022.

Kalcevich, Kate, and Mike Gifford. “How to Bake Layers of Accessibility Testing Into Your Process.” Smashing Magazine, 26 April 2021. Accessed 31 Aug. 2022.

Noone, Cat. “4 Common Ways Companies Alienate People with Disabilities.” Harvard Business Review, 29 Nov. 2021. Accessed Jul. 2022.

Taylor, Jason. “A Record-Breaking Year for ADA Digital Accessibility Lawsuits.” UsableNet, 21 December 2020. Accessed Jul. 2022.

“The Business Case for Digital Accessibility.” W3C Web Accessibility Initiative (WAI), 9 Nov. 2018. Accessed 4 Aug. 2022.

“The WebAIM Million.” Web AIM, 31 March 2022. Accessed 28 Jul. 2022.

Washington, Ella F. “The Five Stages of DEI Maturity.” Harvard Business Review, November - December 2022. Accessed 7 Nov. 2022.

Wyman, Nicholas. “An Untapped Talent Resource: People With Disabilities.” Forbes, 25 Feb. 2021. Accessed 14 Sep. 2022.

Minimize the Damage of IT Cost Cuts

  • Buy Link or Shortcode: {j2store}53|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Cost & Budget Management
  • Parent Category Link: /cost-and-budget-management
  • Average growth rates for Opex and Capex budgets are expected to continue to decline over the next fiscal year.
  • Common “quick-win” cost-cutting initiatives are not enough to satisfy the organization’s mandate.
  • Cost-cutting initiatives often take longer than expected, failing to provide cost savings before the organization’s deadline.
  • Cost-optimization projects often have unanticipated consequences that offset potential cost savings and result in business dissatisfaction.

Our Advice

Critical Insight

  • IT costs affect the entire business, not just IT. For this reason, IT must work with the business collaboratively to convey the full implications of IT cost cuts.
  • Avoid making all your cuts at once; phase your cuts by taking into account the magnitude and urgency of your cuts and avoid unintended consequences.
  • Don’t be afraid to completely cut a service if it should not be delivered in the first place.

Impact and Result

  • Take a value-based approach to cost optimization.
  • Reduce IT spend while continuing to deliver the most important services.
  • Involve the business in the cost-cutting process.
  • Develop a plan for cost cutting that avoids unintended interruptions to the business.

Minimize the Damage of IT Cost Cuts Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should take a value-based approach to cutting IT costs, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Understand the mandate and take immediate action

Determine your approach for cutting costs.

  • Minimize the Damage of IT Cost Cuts – Phase 1: Understand the Mandate and Take Immediate Action
  • Cost-Cutting Plan
  • Cost-Cutting Planning Tool

2. Select cost-cutting initiatives

Identify the cost-cutting initiatives and design your roadmap.

  • Minimize the Damage of IT Cost Cuts – Phase 2: Select Cost-Cutting Initiatives

3. Get approval for your cost-cutting plan and adopt change management best practices

Communicate your roadmap to the business and attain approval.

  • Minimize the Damage of IT Cost Cuts – Phase 3: Get Approval for Your Cost-Cutting Plan and Adopt Change Management Best Practices
  • IT Personnel Engagement Plan
  • Stakeholder Communication Planning Tool
[infographic]

Workshop: Minimize the Damage of IT Cost Cuts

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Understand the Mandate and Take Immediate Action

The Purpose

Determine your cost-optimization stance.

Build momentum with quick wins.

Key Benefits Achieved

Understand the internal and external drivers behind your cost-cutting mandate and the types of initiatives that align with it.

Activities

1.1 Develop SMART project metrics.

1.2 Dissect the mandate.

1.3 Identify your cost-cutting stance.

1.4 Select and implement quick wins.

1.5 Plan to report progress to Finance.

Outputs

Project metrics and mandate documentation

List of quick-win initiatives

2 Select Cost-Cutting Initiatives

The Purpose

Create the plan for your cost-cutting initiatives.

Key Benefits Achieved

Choose the correct initiatives for your roadmap.

Create a sensible and intelligent roadmap for the cost-cutting initiatives.

Activities

2.1 Identify cost-cutting initiatives.

2.2 Select initiatives.

2.3 Build a roadmap.

Outputs

High-level cost-cutting initiatives

Cost-cutting roadmap

3 Get Approval for Your Cost-Cutting Plan and Adopt Change Management Best Practices

The Purpose

Finalize the cost-cutting plan and present it to the business.

Key Benefits Achieved

Attain engagement with key stakeholders.

Activities

3.1 Customize your cost-cutting plan.

3.2 Create stakeholder engagement plans.

3.3 Monitor cost savings.

Outputs

Cost-cutting plan

Stakeholder engagement plan

Cost-monitoring plan

Maintain Employee Engagement During the COVID-19 Pandemic

  • Buy Link or Shortcode: {j2store}548|cart{/j2store}
  • member rating overall impact (scale of 10): 10.0/10 Overall Impact
  • member rating average dollars saved: $12,399 Average $ Saved
  • member rating average days saved: 5 Average Days Saved
  • Parent Category Name: Engage
  • Parent Category Link: /engage
  • The uncertainty of the pandemic means that employee engagement is at higher risk.
  • Organizations need to think beyond targeting traditional audiences by considering engagement of onsite, remote, and laid-off employees.

Our Advice

Critical Insight

  • The changing way of work triggered by this pandemic means engagement efforts must be easy to implement and targeted for relevant audiences.

Impact and Result

  • Identify key drivers to leverage during the pandemic to boost engagement as well as at-risk drivers to focus efforts on.
  • Select quick-win tactics to sustain and boost engagement for relevant target audiences.

Maintain Employee Engagement During the COVID-19 Pandemic Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Determine the scope

Evaluate the current state, stakeholder capacity, and target audience of engagement actions.

  • Maintain Employee Engagement During the COVID-19 Pandemic Storyboard
  • Pandemic Engagement Workbook

2. Identify engagement drivers

Review impact to engagement drivers in order to prioritize and select tactics for addressing each.

  • Tactics Catalog: Maintain Employee Engagement During the COVID-19 Pandemic
  • Employee Engagement During COVID-19: Manager Tactics

3. Determine ownership and communicate engagement actions

Designate owners of tactics, select measurement tools and cadence, and communicate engagement actions.

  • Crisis Communication Guide for HR
  • Crisis Communication Guide for Leaders
  • Leadership Crisis Communication Guide Template
  • HR Action and Communication Plan
[infographic]

Considerations for a Move to Virtual Desktops

  • Buy Link or Shortcode: {j2store}69|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: End-User Computing Strategy
  • Parent Category Link: /end-user-computing-strategy
  • Hybrid work environments, remote from anywhere and any device, and the security concerns that go hand-in-hand with these strategies have accelerated the move to VDI and DaaS.
  • IT departments can encounter many obstacles to VDI and DaaS, many of which will be determined by your business model and other factors, including complicated shared infrastructure, inadequate training or insufficient staff, and security and compliance concerns.
  • If you do not consider how your end user will be impacted, you will run into multiple issues that affect end-user satisfaction, productivity, and adoption.
  • How will you manage and navigate the right solution for your organization?

Our Advice

Critical Insight

  • In the world of VDI and DaaS, if you do not get buy-in from the end user, the rate of adoption and the overall success of the implementation will prove difficult to measure. It will be impossible to calculate ROI even as you feel the impact of your TCO.

Impact and Result

  • The dimensions of end-user experience can be broken down into four distinct categories that will impact not only the end user but also the business: performance, availability, functionality, and security.
  • Picturing your landscape in this framework will help clearly define your considerations when deciding on whether a VDI or DaaS solution is right for your business.

Considerations for a Move to Virtual Desktops Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Considerations for a Move to Virtual Desktops Storyboard – A guide to the strategic, technical, and support implications that should be considered in support of a move to VDI or DaaS.

By defining your goals, framing solutions based on end-user workloads, and understanding the pros and cons of various solutions, you can visualize what success looks like for your VDI/DaaS deployment. This includes defining your KPIs by end-user experience, knowing the decision gates for a successful deployment, and defining your hypothesis for value to make your decision more accurate and gain C-suite buy-in.

  • Considerations for a Move to Virtual Desktops Storyboard
[infographic]

Further reading

What strategic, technical, and support implications should be considered in support of a move to VDI or DaaS?

Executive Summary

Insight

End-user experience is your #1 consideration

Virtual desktop infrastructure (VDI)/desktop as a service (DaaS) users expect their user experience to be at least equal to that provided by a physical PC, and they do not care about the underlying infrastructure. If the experience is less, then IT has failed in the considerations for VDI/ DaaS. In this research we analyze the data that the IT industry tracks but doesn't use or sometimes even look at regarding user experience (UX).

Identify the gaps in your IT resources that are critical to success

Understanding the strengths and weaknesses in your in-house technical skills and business requirements will assist you in making the right decision when it comes to VDI or DaaS solutions. In the case of DaaS this will include a managed service provider for small to medium-sized IT teams. Many IT teams lack a seasoned IT project manager who can identify gaps, risks, and weaknesses in the organization's preparedness. Redeploy your IT staff to new roles that impact management and monitoring of UX.

IT should think about VDI and DaaS solutions

Ultimately, IT needs to reduce its complexity, increase user satisfaction, reduce management and storage costs, and maintain a secure and effective environment for both the end user and the business. They must also ensure productivity standards throughout the considerations, strategically, tactically, and in support of a move to a VDI or DaaS solution.

Executive Summary

Your Challenge

With the evolution of VDI over the last 15-plus years, there has been a proliferation of solutions, such as Citrix desktop services, VMware Horizon, and in-house hypervisor solutions (e.g. ESX hosts). There has also been a great deal of growth and competition of DaaS and SaaS solutions in the cloud space. Hybrid work environments, remote from anywhere and any device, and the security concerns that go hand-in-hand with these strategies have certainly accelerated the move to VDI and DaaS.

How will you manage and navigate the right solution for your organization?

Common Obstacles

IT departments can encounter many obstacles to VDI and DaaS, many of which will be determined by your business model and other factors, such as:

  • Complicated shared infrastructure such as federated multitenant partners and legacy app servers.
  • Inadequate in-house training or insufficient staff to execute migration or manage post-migration activates such as governance and retention policies.
  • Security, compliance, legal, and data classification concerns. Some security tools cannot be deployed in the cloud, limiting you to an on-premises solution.
Info-Tech’s Approach

By defining your end goals, framing solutions based on end-user workloads, and understanding the pros and cons of what solution(s) will meet your needs, you can visualize what success looks like.

  1. Define your KPIs by end-user experience.
  2. Knowing what the decision gates are for a successful VDI/DaaS deployment will prove out your selection process.
  3. Define your hypothesis for value. How you determine value will make your decision more accurate and gain C-suite buy-in.

Info-Tech Insight

Every IT organization needs to be asking what success looks like. If you do not consider how your end user will be impacted, whether they are doing something as simple as holding a team meeting with voice and video or working with highly technical workloads on a virtual environment, you will run into multiple issues that affect end-user satisfaction, productivity, and adoption. Understand the tension metrics that may conflict with meeting business objectives and KPIs.

Voice of the customer

Client-Driven Insight

Different industries have different requirements and issues, so they look at solutions differently.

Info-Tech Insight

If end-user experience is at the forefront of business requirements, then any solution that fits the business KPIs can be successful.

Client Pain Point

Description Indicators

Flexible work environmentWhat VDI solution can support a work-from-anywhere scenario? Possible solutions: Azure Virtual Desktop, IGEL client, Citrix virtual apps, and desktop services.
Security concerns Corporate resources need to be secure. Working with untrusted endpoints or unsecured locations. Using VPN-type solution.
End-user experience What performance metrics should be used to evaluate UX? Are there issues around where the endpoint is located? What kind of link do they have to the virtual desktop? What solutions are there?
Optimization of routing What routings need to take place to achieve reduced latency and improved experience?
Multifactor authenticationSecurity features such as a multilayered MFA and corporate data protection.
Business continuity What are the options when dealing with cloud outages, meeting SLAs, and building resilience?
Optimizing app performance and response times Define users based on a multiuser environment. Engineers and designers require more CPU resources, which negatively impacts on other users. Optimize CPU to avoid this situation. MS Teams and video streaming apps are not performing in an optimized manner.
Optimization of cloud costs Scalability and usage schedule. Minimize cloud costs with tools to handle workloads and usage.
Third-party access outsourcingContractors and third parties accessing business resources need to control data and source code along with developer tools in a centrally managed SaaS.

The enterprise end-user compute landscape is changing

Starting on the left are three computer types 'Windows on a PC', 'Mac', and 'VDI on a Thick Client'. In the next part, the first two are combined into 'BYOD', and the tree begins at 'Win11'. Branches from Win11 are: 'DIY' which branches to 'Autopilot & Endpoint Manager (Intune)'; 'Outsource' which branches to 'Device as a Service' which brances to 'Dell', 'Lenovo', and 'HP'; and another branch from 'Outsource', 'Azure Desktop', Which snakes us around to the top of the diagram at 'VDI'. VDI branches to 'VDI on a thin client' and 'VDI on a Browser', then they both branch into 'DIY' which branches to 'Citrix', 'VMware', and 'Azure', and 'Outsource' which branches to 'Desktop as a Service Vendor'.

Surveys are telling us a story

Questions you should be asking before you create your RFP
  • What are the use cases and types of workloads?
  • What is the quality of the network connection and bandwidth for the user base?
  • What are the application requirements?
  • What type of end points does the user have and what is the configuration?
  • Where are the data storage containers, how are they accessed, and are there proximity constraints?
  • What is the business security and identity policy requirements?
  • What are the functional and nonfunctional requirements?
  • Will the virtual desktops be persistent or non-persistent?

How would you rate the user experience on your VDI/DaaS solution?


(Source: Hysolate, 2020)

  • 18% of CISOs say htue employees are happy with their company's VDI/DaaS solution
  • 82% say their employees are neutral or unhappy with their company's VDI/DaaS solution

Info-Tech Insight

Asking critical use-case questions should give you a clear picture of the end-user experience outcome.

End-user KPI metrics are difficult to gather

Security is always quoted as a primary justification for VDI/DaaS, while UX is far down the list of KPIs. WHY?

IT engineers use network and performance metrics to manage end-user complaints of “slowness,” which in reality is not what the user is experiencing.

IT needs to invest in more meaningful metrics to manage end-user pain:

  • Logon duration
  • App load time
  • App response time
  • Session response time
  • Graphic quality and responsiveness and latency
  • Application availability and performance
Bar chart of justifications used for business investment in VDI/DaaS. The most used justification is 'IT Efficiency' at 38%, and highlighted in the 2nd last place is 'Employee Experience' at 11%.
(Source: Enterprise Strategy Group, 2020)

Dimensions of user experience

The dimensions of end-user experience can be broken down into four distinct categories that will impact not only the end user but also the business.

Picturing your landscape in this framework will help clearly define your considerations when deciding on whether a VDI or DaaS solution is right for your business. We will investigate how these scenarios impact the end user, what that means, and how that can guide the questions that you are asking as you move to an RFP.

Info-Tech Insight

In the world of VDI and DaaS, if you do not get buy-in from the end user, the rate of adoption and the overall success of the implementation will prove difficult to measure. It will be impossible to calculate ROI even as you feel the impact of your TCO.

Three arrows pointing right with labels in sequence 'Dimensions', 'Operational Metrics', and 'Technical Capabilities/ Controls'

Cycle diagram with many tiers, titled 'USER EXPERIENCE'. The first tier from the center has four items cycling clockwise 'Availability', 'Functionality', 'Security', and 'Performance'. The second tier is associated to the first tier: under Availability is 'Maintenance', 'Uptime', and 'Degradation'; under Functionality is 'Graphics Quality', 'User Friction', and 'Usability'; under Security is 'Endpoint Monitoring', 'Plane Control', and 'Identity'; under Performance is 'Response Time', 'Reliability', and 'Latency'. Around the edge on the third tier are many different related terms.

KPIs and metrics

  • Understand the types of end-user activities that are most likely to be reported as being slow.
  • You need to know what storage, CPU, memory, and network resources are being used when the user performs those activities. In other words, what is the OS doing behind the scenes and what hardware is it using?
  • Once you have determined which resources are being used by the various activities you will have to monitor the UX metrics to see which OS, network, storage, or server configuration issue is causing the performance issue that the user is reporting.

What IT measures

Most business KPI objectives concentrate on business goals, whether it be cost containment, security, simplification, ease of management, or centralization of apps and data, but rarely is there a KPI for end-user experience.

You can’t fix what you can’t see. Putting a cost benefit to end-user satisfaction may come in the form of productivity.

This may be a central reason why VDI has not been widely adopted as an architecture since it came to the marketplace more than 15 years ago.

Samples of different KPIs and metrics.

VDI processes to monitor

Monitoring end-user metrics will mitigate the tension between business KPIs and end-user satisfaction

Metric

Description

End-User
Experience

PERFORMANCELogon durationOnce the user puts in their password, how long does it take to get to their desktop? What is the measurement and how do you measure?
App load timeWhen an app is launched by the user there should be immediate indication that it is loading.
App response timeWhen the user performs a task, there should be no wait time, or hourglass icon, waiting for the app to catch up to the user input. (There is no succinct way to measure this.)
Session response timeHow does the user’s OS respond to I/O? The user should not experience any latency issues when doing a drag and drop, clicking on a menu item, or doing a search.
AVAILABILITYSLAsWhen something goes wrong in the VDI/DaaS environment, how quickly can the user expect to get back to their tasks?
Geographic locationWhen all other considerations are configured correctly, the user experience may be impacted by their location. So, for example, a user working out of Mexico and logging into a VDI may experience latency based on location compared to a user in California, for example, where the resources are stored, managed, and monitored.
Application availabilityMuch like app load time and response time, the only factor affecting the user experience is the back-end load on the app itself, for example a CAD or heavy resource app not properly resourced.
FUNCTIONALITYConfiguration of user desktopDegradation in functionality is caused by improper allocation of CPU, RAM, and GPU for the tasks at hand, creating a bad UX and end-user satisfaction score.
Graphics quality and responsivenessThe user should have the same experience as if on their own physical machine. A video experience should not have any lag in it, for example. MS Teams should not have latency or sound quality issues.
Predictive analysisContinuous performance and availability monitoring.
END USERBrowser real user monitoring (RUM)A real-time view into how the web application is performing from the point of view of a real end user.
Customer satisfaction scoreSurvey-based metrics on customer satisfaction.

“If employees are the competitive edge and key differentiator for a business, I&O has a duty of care to ensure that the employees’ digital experience enables and does not impede the value of that asset.” (John Annand, Principal Director, Info-Tech Research Group)

The case for VDI today

Is security and data sovereignty the only reason?

Technical capability
AVAILABILITYVDI is a better fit than DaaS in organizations that have limited or unreliable internet connectivity.
FUNCTIONALITYApplication flexibility: Resource-intensive applications may require specific virtual desktop configurations, for example in-house GIS apps, CAD, and gaming software requiring specific GPU configurations.
SECURITYData protection is often stated as a need to maintain an on-premises VDI solution, ensuring sensitive and highly privileged data does not travel across the internet.
AVAILABILITYWhile some cloud providers will allow you to bring your OS licensing along with a cloud migration, many subscriptions already include OS licensing, and you may be paying additional licensing costs.
SECURITYVDI makes sense if security and control are primary business KPIs, the IT resources are experienced virtual infrastructure engineers and administrators, and funding is not a hindrance.
PERFORMANCEWhen processing power is a functional requirement, such as CPU, GPU, and storage capacity, VDI offers performance benefits over a standard PC, reducing the need to deploy high-powered PCs to end users.

“Though the desktops are moving to the cloud, accountability is not.” (Gary Bea, Director of Consulting Services and Technical Operations, Goliath Technologies)

The case for DaaS

Any device anywhere: key benefits of DaaS

Technical capabilityChallenges
AVAILABILITYDelivers a consistent user experience regardless of location or device.

Info-Tech Insight

The total cost of the solution will be higher than you anticipate, and management is complex. Additionally, your ability to set your conditions and controls is limited.

Info-Tech Insight

Depending on your technical abilities and experience with cloud services, you will likely benefit from professional third-party services, technical services, and consulting, which can be critical when deciding if DaaS can fit into your current IT architecture, processes, and security posture.

SECURITYEnhances security posture by eliminating your client VPN and keeping sensitive data off the endpoint device.
FUNCTIONALITYOnboard and offboard users quickly and securely.
FUNCTIONALITYProvides centralize workspace management.
FUNCTIONALITYScale up or down on demand with a consumption- and subscription-based contract.
FUNCTIONALITYSignificantly reduce operational overhead compared to managing a traditional VDI deployment.

Technical capability comparison

Table comparing technical capabilities using a scale of circle quarters: zero quarters being 'Poor' and 4 quarters being 'Good'. There are six columns in the body, three of which are under 'VDI': 'Thin Client', 'Thick Client', and 'Web Client', and the other three are 'Desktop as a service', 'Device as a service', and 'Win11 w/ Autopilot & Intune'. Rows are split into four categories: In 'Performance' are 'Reliability', 'Response Time', and 'Latency'; in 'Availability' are 'Uptime' and 'Degradation'; in 'Functionality' are 'Usability', 'Graphics Quality', and 'User Friction'; in 'Security' are 'Endpoint Mgt.', 'Control Plane', and 'Identity'.

X as an endpoint client

From an end-user experience perspective, what makes sense in terms of usage and cost?

Thin Client
  • ✓ Easy provisioning and simple to use and manage
  • ✓ Easy to secure and update
  • ✓ Less vulnerable to data loss
  • ✓ Easily scaled
  • ✓ Requires less power
  • ✓ Cheaper than PCs
  • x compared to a PC
  • x Not powerful enough to manage loads such as CAD
  • x Infrastructure and network must be robust and up to date to avoid possible network latency
  • Examples: Terminals, Dell Wyse 5070, Lenovo M625, IGEL, HP Thin Client, repurposed PCs, Chromebook
Desktop as a Service
  • ✓ Flexibility: work from anywhere, on any device, collaboratively
  • ✓ Resource scalability not reliant on on-premises server hardware
  • ✓ Easy to configure, install, and maintain
  • ✓ Reliable and easy to provision
  • ✓ Centralized sensitive data cloud security
  • x Requires high-speed internet, especially for remote users
  • x Learning curve can cause user friction
  • x Workload configuration use cases
  • Examples: Citrix, VM Horizon, AWS WorkSpaces, WVD, BYOD
Thick Client
  • ✓ Completely flexible, for use with on-premises or cloud infrastructure
  • ✓ Able to work offline
  • ✓ Multimedia or bandwidth-intensive resource processing
  • ✓ Higher server capacity due to less resource load on servers
  • x Higher maintenance and updates attention
  • x Patching, security, and data migration friction
  • x More security vulnerability
  • x Less cost effective
  • Examples: Windows, MacOS desktops, laptops, smartphones, tablets
Device as a Service
  • ✓ Device supply chain flow fulfillment, services, and recovery
  • ✓ Able to update to new equipment more frequently
  • ✓ Scale up and down as needed
  • ✓ Better device backup, asset tracking , security, and EOL disposal
  • x Challenging risk management, regulatory obligations, and liabilities
  • x Change in helpdesk and business workflows
  • x Vendor may limit selection
  • Examples: PCs, smartphones, mobile computing devices, Lenovo, HP, Microsoft, Dell, Macs, iPads, iPhones
Web Client
  • ✓ Can be accessed from any computer; only requires username and password
  • ✓ Client works with a URL, so browser-based
  • ✓ Updates are easier than on a Windows client
  • x Security risk and information leakage
  • x Dependent on internet access
  • x Unable to work on high-impact resource apps (e.g. CAD, graphics)
  • x Limited user base, less technical operations
  • Examples: Chrome, Edge, HTML5

Security: on-premises versus cloud

Security decisions based on risk tolerance

  • What is your risk tolerance? When deciding between VDI and DaaS, the first consideration is whether the business is better served with an on-premises or a cloud solution.
  • Low risk tolerance: Considerer data sovereignty, complex compliance requirements, and data classification. For example, at the Pentagon, DoD requires heavy compliance with security and data sovereignty. DaaS cloud providers may be in a better position to respond to threats and attacks in a timely manner.
  • Low risk tolerance: If the business mandates security tools that cannot be deployed in cloud solutions, VDI is a better solution.
  • Low risk tolerance: Smaller businesses that don’t have resources with the expertise and skill set to handle security are better served in cloud. Security operations centers (SOCs) are more likely to present in large corporations.
  • Low risk tolerance: When patching requires customization, for example in legacy applications, the ability to test patches is impacted, which may cause possible complications or failures.
  • High risk tolerance: For cloud-based solutions, patching is taken out of the IT team’s hands, and testing is done against the complete cloud solution.

Info-Tech Insight

What is the better security posture and control plane? Clarify your stakeholders’ objectives, then see if VDI is an adequate solution.

Security needs for VDI and DaaS

  • IDENTITY AND ACCESS MANAGEMENT — MFA, authorization, provisioning, SSO, identity federation, data owners, workflows, role-based access control (RBAC), user lifecycle management
  • ENCRYPTION — TLS 1.3, and 256-bit, endpoint encryption, file encryption, AES, PKI, BitLocker
  • DATA LOSS PREVENTION — Centralized policy management, sensitive data detection, HIPAA, GDPR
  • ANTIVIRUS & PATCH MANAGEMENT — Group policy management, AV exclusions, anti-ransomware, keylogger mitigation
  • DDoS protection — HTTP, UDP flood mitigation, content delivery network, always-on services
  • ENDPOINT DETECTION & RESPONSE — Detect and react to advanced active attacks on endpoints

Activity

Define the virtual infrastructure solution for your end users

  1. Define and build your value hypothesis/proposition
    1. What is the business case? Who is championing the investment?
    2. Identify the project management team and stakeholders.
    3. Set goals to be achieved based on value.
    4. Identify KPIs and metrics to measure success.
  2. Identify use cases and personas
    1. Identify possible user friction (e.g. emotional, cognitive, interaction).
    2. Understand current infrastructure shortcomings/capabilities (e.g. network, security posture/tolerance, staffing needs, qualified technicians, end-user devices).
  3. Articulate use cases into functional and nonfunctional requirements
    1. Separate must haves and nice to haves.
    2. Categorize requirements into identifiable functionality capabilities.
    3. Review your outputs and identify “gotchas” using the MECE (mutually exclusive, collectively exhaustive) principle.

Related Info-Tech Research

Stock image of a dashboard.Modernize and Transform Your End-User Computing Strategy

Phase 3.2 of this research set covers virtual desktop infrastructure.

Stock image of a world surrounded by clouds.Implement Desktop Virtualization and Transition to Everything as a Service

Follow Info-Tech’s process for implementing the right desktop virtualization solution to create a project plan that will help ensure that you not only choose the right solution but also implement it effectively.

Stock image of a finger pushing a button.Cloud Strategy Workbook

Use this tool to assess cloud services (desktop-as-a-service).

Stock image of a world surrounded by clouds.Desktop Virtualization TCO Calculator

This tool is designed to help you understand what desktop virtualization looks like from a cost perspective.

Bibliography

Anderson, Joseph. “Five Ways VDI Will Grow in 2022 Thanks to Hybrid Work.” StratoDesk, 28 Feb. 2022. Web.

Bowker, Mark. “Are Desktops Doomed? Trends in Digital Workspaces, VDI, and DaaS.” ESG, May 2020. Web.

“The CISO's Dilemma: How Chief Information Security Officers Are Balancing Enterprise Endpoint Security and Worker Productivity in Response to COVID-19.” Hysolate, Oct. 2020. Web.

King, Val. “Why the End-User Experience Is Not Good for Your Remote Workforce .” Whitehat Virtual Technologies, 2 Dec. 2021. Web.

Perry, Yifat. “VDI vs DaaS: 5 Key Differences and 6 Leading Solutions.” NetApp, 26 Aug. 2020. Web.

Rigg, Christian. “Best virtual desktop services 2022.” TechRadar, 20 Jan. 2022 . Web.

Seget, Vladan. “Key metrics to consider when assessing the performance of your VDI/DaaS environment.” vladan.fr, 19 April 2021. Web.

Spruijt, Ruben. “Why Should You Care About VDI and Desktop-as-a-Service?” Nutanix, 28 Jan. 2020. Web.

Stowers, Joshua. “The Best Desktop as a Service (DaaS) Providers 2022.” business.com, 21 Dec. 2021. Web.

“Virtual Desktop Infrastructure(VDI) Market 2022.” MarketWatch, 5 Jan. 2022. Web. Press release.

Zamir, Tal. “VDI Security Best Practices: Busting the Myths.” Hysolate, 29 Nov. 2021. Web.

Zychowicz, Paul. “Why do virtual desktop deployments fail?” Turbonomic Blog, 16 Dec. 2016. Web.

The governance around resilience

You want to become resilient to cyberattacks, human errors, power outages, and many other causes of service interruptions. Where do you start?

You could ask your IT team and your Operations leaders to take the required measures to ensure "reliability." Do you think that will work without any oversight and guidelines? I can tell you right off the bat: No, And you will have given the same answer in your head already. Moreover, your company's department heads will have the same answer: no. And why? Exactly because they do not know how you want to put the "law" into effect in your company.

Your next question is, of course: "what law?." If you are in Europe, you will have heard about the many laws of the EU, like NIS2, MIFID II, DORA, EMIR, and so many more. You will be subject to other laws if you are in Asia, the US, the Middle East, Africa, or Oceania. And if you deliver services to EU companies governed by the first set, you may be subject to those European laws as well. 

So far, about the laws, let's look at what this gives you.

If you're like me, you want your client to be able to use your services, almost no matter what. That means you must ensure your services are available to your clients under most circumstances. Ok, if WWIII breaks out with nuclear missiles flying all over, all bets are off.  Let's ignore that occurrence. (your contracts include "acts of God" exclusions, right? (if not, let's talk.) That is the real reason you must ensure your services to our clients are resilient. Resilient systems and processes ensure your income, revenue, the livelihood of your employees, the ROI for your shareholders, and your reputation.

 As I said, there are 4 stages. Let's begin with stage 1: governance.

What is governance but telling your staff what you want them to do? Nothing! So, Let's tell them what to do and how to achieve their Key Performance Indicators. That way, you get what you want, being in control, and they get what they want: their bonus.

Resilience governance needs to start at the top of the organization. And for that, you need to know WHY it is being introduced.

  1. To mitigate risks posed by growing vulnerabilities introduced by increased interconnectivity
  2. To address the shift in your risk profile as you adopt increasing digital adoption
  3. To acknowledge that third-party suppliers underpin your ability to supply services to your clients
  4. To adopt a single, consistent approach to operational resilience across markets

Obviously, this is a holistic view of the markets across the US, EU, Oceania, and Africa. Each of these markets has its own interpretations and nuances.
The point, however, stays the same: have a sound company oversight and management view via clear governance rules like ownership, policies, procedures, guidelines, and operational task lists.

In the end, it is all about the ability to build, ensure, and review operational resilience from a technological and business perspective.

 

 

 

Choose Your Mobile Platform and Tools

  • Buy Link or Shortcode: {j2store}281|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Mobile Development
  • Parent Category Link: /mobile-development
  • Organizations see the value of mobile applications in improving productivity and reach of day-to-day business and IT operations. This motivates leaders to begin the planning of their first application.
  • However, organizations often lack the critical foundational knowledge and skills to deliver and maintain high quality and valuable applications that meet business and user priorities and technical requirements.
  • Mobile technologies and trends are continually evolving and maturing. It is hard to predict which trends will make a significant impact and to prepare current mobile investments to harness their value of these trends.

Our Advice

Critical Insight

  • Mobile applications can stress the stability, reliability, and overall quality of your enterprise systems and services. They will also increase your security risks because of the exposure of your enterprise technology assets to unsecured networks and devices.
  • High costs of entry may restrict what built-in features your users can have in their mobile experience. Workarounds may not be sufficient to offset the costs of certain built-in feature needs.
  • Many operating models do not enable or encourage the collaboration required to fully understand user needs and behaviors and evaluate mobile opportunities and underlying operational systems from multiple perspectives.

Impact and Result

  • Establish the right expectations. Understand your mobile users by learning their needs, challenges, and behaviors. Discuss the current state of your systems and your high priority non-functional requirements to determine what to expect from your mobile applications.
  • Choose the right mobile platform approach and shortlist your mobile delivery solutions. Obtain a thorough view of the business and technical complexities of your mobile opportunities, including current mobile delivery capabilities and system compatibilities.
  • Create your mobile roadmap. Describe the gradual rollout of your mobile technologies through minimal valuable products (MVPs).

Choose Your Mobile Platform and Tools Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Choose Your Mobile Platform and Tools Storyboard

This blueprint helps you develop an approach to understand the mobile experience your stakeholders want your users to have and select the appropriate platform and delivery tools to meet these expectations.

  • Choose Your Mobile Platform and Tools Storyboard

2. Mobile Application Delivery Communication Template – Clearly communicate the goal and approach of your mobile application implementation in a language your audience understands.

This template narrates a story to describe the need and expectations of your low- and no-code initiative to get buy-in from stakeholders and interested parties.

  • Mobile Application Delivery Communication Template

Infographic

Workshop: Choose Your Mobile Platform and Tools

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Choose Your Platform and Delivery Solution

The Purpose

Choose the right mobile platform.

Shortlist your mobile delivery solution and desired features and services.

Key Benefits Achieved

A chosen mobile platform that meets user and enterprise needs.

Candidate mobile delivery solutions that meet your delivery needs and capacity of your teams.

Activities

1.1 Select your platform approach.

1.2 Shortlist your mobile delivery solution.

1.3 Build your feature and service lists.

Outputs

Desired mobile platform approach.

Shortlisted mobile delivery solutions.

Desired list of vendor features and services.

2 Create Your Roadmap

The Purpose

Design the mobile application minimal viable product (MVP).

Create your mobile roadmap.

Key Benefits Achieved

An achievable and valuable mobile application that is scalable for future growth.

Clear intent of business outcome delivery and completing mobile delivery activities.

Activities

2.1 Define your MVP release.

2.2 Build your roadmap.

Outputs

MVP design.

Mobile delivery roadmap.

3 Set the Mobile Context

The Purpose

Understand your user’s environment needs, behaviors, and challenges.

Define stakeholder expectations and ensure alignment with the holistic business strategy.

Identify your mobile application opportunities.

Key Benefits Achieved

Thorough understanding of your mobile user and opportunities where mobile applications can help.

Level set stakeholder expectations and establish targeted objectives.

Prioritized list of mobile opportunities.

Activities

3.1 Generate user personas with empathy maps.

3.2 Build your mobile application canvas.

3.3 Build your mobile backlog.

Outputs

User personas.

Mobile objectives and metrics.

Mobile opportunity backlog.

4 Identify Your Technical Needs

The Purpose

Define the mobile experience you want to deliver and the features to enable it.

Understand the state of your current system to support mobile.

Identify your definition of mobile application quality.

List the concerns with mobile delivery.

Key Benefits Achieved

Clear understanding of the desired mobile experience.

Potential issues and risks with enabling mobile on top of existing systems.

Grounded understanding of mobile application quality.

Holistic readiness assessment to proceed with mobile delivery.

Activities

4.1 Discuss your mobile needs.

4.2 Conduct a technical assessment.

4.3 Define mobile application quality.

4.4 Verify your decision to deliver mobile applications.

Outputs

List of mobile features to enable the desired mobile experience.

System current assessment.

Mobile application quality definition.

Verification to proceed with mobile delivery.

Further reading

Choose Your Mobile Platform and Tools

Maximize the value of your mobile investments by prioritizing technology decisions on user experience, business priorities, and system quality.

EXECUTIVE BRIEF

Analyst Perspective

Mobile is the way of working.

Workers require access to enterprise products, data, and services anywhere at anytime on any device. Give them the device-specific features, offline access, desktop-like interfaces, and automation capabilities they need to be productive.

To be successful, you need to instill a collaborative business-IT partnership. Only through this partnership will you be able to select the right mobile platform and tools to balance desired outcomes with enterprise security, performance, integration, quality, and other delivery capacity concerns.

This is a picture of Andrew Kum-Seun Senior Research Analyst, Application Delivery and Application Management Info-Tech Research Group

Andrew Kum-Seun
Senior Research Analyst,
Application Delivery and Application Management
Info-Tech Research Group

Executive Summary

Your Challenge

  • Organizations see the value of mobile applications in improving productivity and reach of day-to-day business and IT operations. This motivates leaders to begin the planning of their first application.
  • However, organizations often lack the critical foundational knowledge and skills to deliver and maintain high quality and valuable applications that meet business and user priorities and technical requirements.
  • Mobile technologies and trends are continually evolving and maturing. It is hard to predict which trends will make a significant impact and to prepare current mobile investments to harness the value of these trends.

Common Obstacles

  • Mobile applications can stress the stability, reliability and overall quality of your enterprise systems and services. They will also increase your security risks because of the exposure of your enterprise technology assets to unsecured networks and devices.
  • High costs of entry may restrict what native features your users can have in their mobile experience. Workarounds may not be sufficient to offset the costs of certain native feature needs.
  • Many operating models do not enable or encourage the collaboration required to fully understand user needs and behaviors and evaluate mobile opportunities and underlying operational systems from multiple perspectives.

Info-Tech's Approach

  • Establish the right expectations. Understand your mobile users by learning their needs, challenges, and behaviors. Discuss the current state of your systems and your high priority non-functional requirements to determine what to expect from your mobile applications.
  • Choose the right mobile platform approach and shortlist your mobile delivery solutions. Obtain a thorough view of the business and technical complexities of your mobile opportunities, including current mobile delivery capabilities and system compatibilities.
  • Create your mobile roadmap. Describe the gradual rollout of your mobile technologies through minimal valuable products (MVPs).

Insight Summary

Overarching Info-Tech Insight

Treat your mobile applications as digital products. Digital products are continuously modernized to ensure they are fit-for-purpose, secured, accessible, and immersive. A successful mobile experience involves more than just the software and supporting system. It involves good training and onboarding, efficient delivery turnaround, and a clear and rational vision and strategy.

Phase 1: Set the Mobile Context

  • Build applications your users need and desire – Design the right mobile application that enables your users to address their frustrations and productivity challenges.
  • Maximize return on your technology investments – Build your mobile applications with existing web APIs, infrastructure, and services as much as possible.
  • Prioritize mobile security, performance and integration requirements – Understand the unique security, performance, and integration influences has on your desired mobile user experience. Find the right balance of functional and non-functional requirements through business and IT collaboration.

Phase 2: Define Your Mobile Approach

  • Start with a mobile web platform - Minimize disruptions to your existing delivery process and technical stack by building against common web standards. Select a hybrid platform or cross-platform if you need device hardware access or have complicated non-functional requirements.
  • Focus your mobile solution decision on vendor support and functional complexity – Verify that your solution is not only compatible with the architecture, data, and policies of existing business systems, but satisfies IT's concerns with access to restricted technology and data, and with IT's ability to manage and operate your applications.
  • Anticipate changes, defects & failures in your roadmap - Quickly shift your mobile roadmaps according to user feedback, delivery challenges, value, and stability.

Mobile is how the business works today

Mobile adoption continues to grow in part due to the need to be a mobile workforce, and the shift in customer behaviors. This reality pushed the industry to transform business processes and technologies to better support the mobile way of working.

Mobile Builds Interests
61%
Mobile devices drove 61% of visits to U.S. websites
Source: Perficient, 2021

Mobile Maintains Engagement
54%
Mobile devices generated 54.4% of global website traffic in Q4 2021.
Source: Statista, 2022

Mobile Drives Productivity
82%
According to 82% of IT executives, smartphones are highly important to employee productivity
Source: Samsung and Oxford Economics, 2022

Mobile applications enable and drive your digital business strategy

Organizations know the criticality of mobile applications in meeting key business and digital transformation goals, and they are making significant investments. Over half (58%) of organizations say their main strategy for driving application adoption is enabling mobile access to critical enterprise systems (Enterprise CIO, 2016). The strategic positioning and planning of mobile applications are key for success.

Mobile Can Motivate, Support and Drive Progress in Key Activities Underpinning Digital Transformation Goals

Goal: Enhance Customer Experience

  • A shift from paper to digital communications
  • Seamless, omni-channel client experiences across devices
  • Create Digital interactive documents with sections that customers can customize to better understand their communications

Goal: Increase Workflow Throughput & Efficiency

  • Digitized processes and use of data to improve process efficiency
  • Modern IT platforms
  • Automation through robotic process automation (RPA) where possible
  • Use of AI and machine learning for intelligent automation

Source: Broadridge, 2022

To learn more, visit Info-Tech's Define Your Digital Business Strategy blueprint.

Well developed mobile applications bring unique opportunities to drive more value

Role

Opportunities With Mobile Applications

Expected Value

Stationary Worker

Design flowcharts and diagrams, while abandoning paper and desktop applications in favor of easy-to-use, drawing tablet applications.

Multitask by checking the application to verify information given by a vendor during their presentation or pitch.

  • Reduce materials cost to complete administrative responsibilities.
  • Digitally and automatically store and archive frequently used documents.

Roaming Worker
(Engineer)

Replace physical copies of service and repair manuals with digital copies, and access them with mobile applications.

Scan or input product bar code to determine whether a replacement part is available or needs to be ordered.

  • Readily access and update corporate data anywhere at anytime.
  • Expand employee responsibilities with minimal skills impact.

Roaming Worker
(Nurse)

Log patient information according to HIPAA standards and complete diagnostics live to propose medication for a patient.

Receive messages from senior staff about patients and scheduling while on-call.

  • Quickly and accurately complete tasks and update patient data at site.
  • Be readily accessible to address urgent issues.

Info-Tech Insight

If you build it, they may not come. Design and build the applications your user wants and needs, and ensure users are properly onboarded and trained. Learn how your applications are leveraged, capture feedback from the user and system dashboards, and plan for enhancements, fixes, and modernizations.

Workers expect IT to deliver against their high mobile expectations

Workers want sophisticated mobile applications like what they see their peers and competitors use.

Why is IT considering building their own applications?

  • Complex and Unique Workflows: Canned templates and shells are viewed as incompatible to the workflows required to complete worker responsibilities outside the office, with the same level of access to corporate data as on premise.
  • Supporting Bring Your Own Device (BYOD): Developing your own mobile applications around your security protocols and standards can help mitigate the risks with personal devices that are already in your workforce.
  • Long-Term Architecture Misalignment: Outsourcing mobile development risks the mobile application misaligned with your quality standards or incompatible with other enterprise and third-party systems.

Continuously meeting aggressive user expectations will not be easy

Value Quickly Wears Off
39.9% of users uninstall an application because it is not in use.
40%
Source: n=2,000, CleverTap, 2021

Low Tolerance to Waiting
Keeping a user waiting for 3 seconds is enough to dissatisfy 43% of users.
43%
Source: AppSamurai, 2018

Quick Fixes Are Paramount
44% of defects are found by users
44%
Source: Perfecto Mobile, 2014

Mobile emphasizes the importance of good security, performance, and integration

Today's mobile workers are looking for new ways to get more work done quickly. They want access to enterprise solutions and data directly on their mobile devices, which can reside on multiple legacy systems and in the cloud and third-party infrastructure. This presents significant performance, integration, and security risks.

Cloud Solutions: Can I use my existing APIs?. Solutions in Corporate Networks: Do my legacy systems have the capacity to support mobile?; How do I integrate solutions and data from multiple sources into a single view?; Third Party Solutions: Will I have a significant performance bottleneck?; Single View on Mobile Devices: How is corporate data stored on the device?; What new technology dependencies must I account for in my architecture and operational support capabilities?

Accept change as the norm

IT is challenged with keeping up with disruptive technologies, such as mobile, which are arriving and changing faster and faster.

What is the issue? Mobile priorities, concepts, and technologies do not remain static. For example, current Google's Pixels benefit from at least three versions of Android updates and at least three years of monthly security patches after their release (NextPit, 2022). Keeping up to date with anything mobile is difficult if you do not have the right delivery and product management practices in place.

What is the impact on IT? Those who fail to prepare for changing requirements and technologies will quickly run into maintainability, extensibility, and flexibility issues. Mobile applications will quickly become stale and misaligned with the maturity of other enterprise infrastructure and applications.

Continuously look at the trends, vendor roadmaps, and your user's feedback to envision where your mobile applications should be. Learning from your past attempts gives you insights on the opportunities and impacts changes will have on your people, process, and technology.

How do I address this issue? A well-defined mobile vision and roadmap ensures your initiatives are aligned with your holistic business and technology strategies, the right problem is being solved, and resources are available to deliver high priority changes.

To learn more, visit Info-Tech's Deliver on Your Digital Product Vision blueprint.

Address the difficulties in managing enterprise mobile technologies

Adaptability During Development

Teams must be ready to alter their mobile approach when new insights and issues arise during and after the delivery of your mobile application and its updates.

High Cybersecurity Standards

Cybersecurity should be a top priority given the high security exposure of mobiles and the sensitive data mobile applications need to operate. Role-based access, back-up systems, advanced scanning, and protection software and encryption should all be implemented.

Integration with Other Systems

Your application will likely be integrated with other systems to expand service offerings and optimize performance and user experience. Your enterprise integration strategy ensures all systems connect against a common pattern with compatible technologies.

Finding the Right Mobile Developers

Enterprise mobile delivery requires a broad skillset to build valuable applications against extensive non-functional requirements in complex and integration environments. The right resources are even harder to find when native applications are preferred over web-based ones.

Source: Radoslaw Szeja, Netguru, 2022.

Build and manage the right experience by treating mobile as digital products

Digital products are continuously modernized to ensure they are fit-for-purpose, secured, insightful, accessible, and interoperable. A good experience involves more than just technology.

First, deliver the experience end users want and expect by designing the application against digital application principles.

Business Value

Continuous modernization

  • Fit for purpose
  • User-centric
  • Adaptable
  • Accessible
  • Private and secured
  • Informative and insightful
  • Seamless application connection
  • Relationship and network building

To learn more, visit Info-Tech's Modernize Your Applications blueprint.

Then, deliver a long-lasting experience by supporting your applications with key governance and management capabilities.

  • Product Strategy and Roadmap
  • External Relationships
  • User Adoption and Organizational Change Management
  • Funding
  • Knowledge Management
  • Stakeholder Management
  • Product Governance
  • Maintenance & Enhancement
  • User Support
  • Managing and Governing Data
  • Requirements Analysis and Design
  • Research & Development

To learn more, visit Info-Tech's Make the Case for Product Delivery blueprint.

Choose Your Mobile Platform and Tools

Maximize the value of your mobile investments by prioritizing technology decisions on user experience, business priorities, and system quality.

WORKFLOW

1. Capture Your User Personas and Journey workflow: Trigger: Step 1; Step 2; Step 3; Step 4; Outcome
2. Select Your Platform Nine datapoints are arranged on a graph where the x axis s labeled: User Centric Needs; and the Y axis is labeled: Enterprise-centric needs. The datapoints are, in order from left to right, top to bottom: Hybrid; Cross- Platform; Native; Web; Hybrid or Cross- Platform; Cros-s Platform; Web; Web; Hybrid or Cross- Platform.
3. Shortlist Your Solutions A quadrant analysis is depicted. the top data is labeled Complex Mobile Features; the right side is labeled Organization-Managed Stack; the bottom is labeled Simple Mobile Features; and the left side is labeled Vendor-Managed Stack. The quadrants are labeled the following, in order from left to right, top to bottom. Vendor- Hosted Mobile Platform; Custom Native Development Solutions; Commercial-Off-the-Shelf Solutions; Custom Web Development Solutions. In the middle of the graph are the following, in order from top to bottom: Cross-Platform Development Solutions; Hybrid Development Solutions

Strategic Perspective
Business and Product Strategies

1. End-User Perspective

End User Needs

  • Productivity
  • Innovation
  • Transformation

Native User Experience

  • Anytime, Anywhere
  • Visually Pleasing & Fulfilling
  • Personalized & Insightful
  • Hands-Off & Automated
  • Integrated Ecosystem

2. Platform Perspective

Technical Requirements

Security

Performance

Integration

Mobile Platform

3. Solution Perspective

Vendor Support

Services

Stack Mgmt.

Quality & Risk

Mobile Delivery Solutions

Make user experience (UX) the standard

User experience (UX) focuses on a user's emotions, beliefs, and physical and psychological responses that occur before, during, or after interacting with a service or product.

For a mobile application to be meaningful, the functions, aesthetics and content must be:

  • Usable
    • Users can intuitively navigate through your mobile application and complete their desired tasks.
  • Desirable
    • The application elements are used to evoke positive emotions and appreciation.
  • Accessible
    • Users can easily use your mobile application, including those with disabilities.
  • Valuable
    • Users find the content useful, and it fulfills a need.

Enable a greater experience with UX-driven thinking

Designing for a high-quality experience requires more than just focusing on the UI. It also requires the merging of multiple business, technical, and social disciplines in order to create an immersive, practical, and receptive application. The image on the right explains the disciplines involved in UX. This is critical for ensuring users have a strong desire to use the mobile application, it is adequately supported technically, and it supports business objectives.

To learn more, visit Info-Tech's Implement and Mature Your User Experience Design Practice blueprint.

A Venn diagram is depicted, demonstrating the inputs that lead to an interactive design, with interactive elements, usability, and accessibility. This work by Mark Roden is licensed under a Creative Commons Attribution 3.0 Unported License.

Source: Marky Roden, Xomino, 2018

Define the mobile experience your end users want

  • Anytime, Anywhere
    • The user can access, update and analyze data and corporate products and services whenever they want, in all networks, and on any device.
  • Hands-Off and Automated
    • The application can perform various workflows and tasks without the user's involvement and notify the user when specific triggers are hit.
  • Personalized and Insightful
    • Content presentation and subject are tailored for the user based on specific inputs from the user, device hardware, or predicted actions.
  • Integrated Ecosystem
    • The application supports a seamless experience across various third-party and enterprise applications and services the user needs.
  • Visually Pleasing and Fulfilling
    • The UI is intuitive and aesthetically gratifying, with little security and performance trade-offs to use the full breadth of its functions and services.

Each mobile platform has its own take on the mobile native experience. The choice ultimately depends on whether the costs and effort are worth the anticipated value.

Mobile value is dependent on the platform you choose

What is a platform?

"A platform is a set of software and a surrounding ecosystem of resources that helps you to grow your business. A platform enables growth through connection: its value comes not only from its own features, but from its ability to connect external tools, teams, data, and processes." (Source: Emilie Nøss Wangen, 2021) In the mobile context, applications in a platform execute and communicate through a loosely-coupled API architecture, whether the supporting system is managed and supported by your organization or by third-party providers.

Web

Mobile web applications are deployed and executed within the mobile web browser. They are often developed with a combination of web and scripting languages, such as HTML, CSS, and JavaScript. Web often takes two forms on mobile:

  • Progressive Web Applications (PWA)
  • Mobile Web Sites

Hybrid

Hybrid applications are developed with web technologies but are deployed as native applications. The code is wrapped using a framework so that it runs locally within a native container. It uses the device's browser runtime engine to support more sophisticated designs and features than to the web approach.

Cross-Platform

Cross-platform applications are developed within a distinct programming or scripting environment that uses its own scripting language (often like web languages) and APIs. The solution compiles the code into device-specific builds for native deployment.

Native

Native applications are developed and deployed to specific devices and OSs using platform-specific software development kits (SDKs) provided by the operating system vendors. The programming language and framework are dictated by the targeted device, such as Java for Android.

Start mobile development on a mobile web platform

Start with what you have: begin with a mobile web platform to minimize impacts to your existing delivery skill sets and technical stack while addressing business needs. Resort to a hybrid first. Then consider a cross-platform application if you require device access or need to meet specific non-functional requirements.

Why choose a mobile web platform?

Pros

The latest versions of the most popular web languages (HTML5, CSS3, JavaScript) abstract away from the granular, physical components of the application, simplifying the development process. HTML5 offer some mobile features (e.g. geolocation, accelerometer) that can meet your desired experience without the need for native development skills. Native look-and-feel, high performance, and full device access are just a few tradeoffs of going with web languages.

Cons

Native mobile platforms depend on device-specific code which follows specific frameworks and leverages unique programming libraries, such as Objective C for iOS and Java for Android. Each language requires a high level of expertise in the coding structure and hardware of specific devices. This requires resources with specific skillsets and different tools to support development and testing.

Other Notable Benefits with Web Languages

  • Modern browsers in most mobile devices can execute and render many mobile features developed in web languages, allowing for greater portability and sophistication of code across multiple devices. However, this flexibility comes at the cost of performance since the browser's runtime engine will not perform as well as a native engine.
  • Web languages are well known by developers, minimizing skills and resourcing impacts. Consequently, changes can be quickly accommodated and updated uniformly across all end users.

Select your mobile platform

Drive your mobile platform selection against user-centric needs (e.g. device access, aesthetics) and enterprise-centric needs (e.g. security, system performance).

When does a platform makes sense to use?

Web

  • Desire to maximize current web technologies investments (people, process, and technologies).
  • Use cases do not require significant computational resources on the device or are tightly constrained by non-functional requirements.
  • Limited budget to acquire mobile development resources.
  • Access to device hardware is not a high priority.

Hybrid / Cross-Platform

  • The need to quickly spin up native-like applications for multiple platforms and devices.
  • Desire to leverage existing web development skills, but also a need for device access and meeting specific non-functional requirements.
  • Vendor support is needed for the entire mobile delivery process.

Native

  • Developers are experts in the target programming language and with the device's hardware.
  • Strong need for high performance, security, and device-specific access and customizations.
  • Application use cases require significant computing resources.

Nine datapoints are arranged on a graph where the x axis s labeled: User Centric Needs; and the Y axis is labeled: Enterprise-centric needs. The datapoints are, in order from left to right, top to bottom: Hybrid; Cross- Platform; Native; Web; Hybrid or Cross- Platform; Cros-s Platform; Web; Web; Hybrid or Cross- Platform.

Understand the common attributes of a mobile delivery solution

  • Source Code Management – Built-in or having the ability to integrate with code management solutions for branching, merging, and versioning. Debugging and coding assistance capabilities may be available.
  • Single Code Base – Capable of programming in a standard coding and scripting language for deployment into several platforms and devices. This code base is aligned to a common industry framework (e.g. AngularJS, Java) or a vendor-defined one.
  • Out-of-the-Box Connectors & Plug-ins – Pre-built APIs enhance the solution's capabilities with third-party tools and systems to deliver and manage high quality and valuable mobile applications.
  • Emulators – Ability to virtualize an application's execution on a target platform and device.
  • Support for Native Features – Supports plug-ins and APIs for access to device-specific features.

What are mobile delivery solutions?

A mobile delivery solution provides the tools, resources, and support to enable or build your mobile application. It can provide pre-built applications, vendor supported components to allow some configurations, or resources for full stack customizations. Solutions can be barebone software development kits (SDKs), or comprehensive suites offering features to support the entire software delivery lifecycle, such as:

  • Mobile application management
  • Testing and publishing to app stores
  • Content management
  • Cloud hosting
  • Application performance management

Info-Tech Insight

Mobile enablement and development capabilities are already embedded in many common productivity tools and enterprise applications, such as Microsoft PowerApps and ERP modules. They can serve as a starting point in the initial rollout of new management and governance practices without the need to acquire new tools.

Select your mobile delivery solutions

  1. Set the scope of your framework.
  • The initial context of this framework is based on the mobile functions needed to support your desired mobile experience and on the current state of your enterprise and 3rd party systems.
  • Define the decision factors for your solution selection.
    • Review the decision factors that will influence the selection of your mobile delivery solution for each mobile opportunity:
    • Stack Management – Who will be hosting and supporting your mobile application stack?
    • Workflows Complexity & Native Experience – How complex is your desired mobile experience and how will native device features be leveraged?
  • Select your solution type.
    • Mobile delivery solutions are broadly defined in the following groups:
    • Commercial-Off-The-Shelf (COTS) – Pre-built mobile applications requiring little to no configurations or implementation effort.
    • Vendor Hosted Mobile Platform – Back-end and mid-tier infrastructure and operational support are managed by a vendor.
    • Cross-Platform Development – Frameworks that transform a single code base into platform-specific builds.
    • Hybrid Development – Tools that wrap a single code base into a locally deployable build.
    • Custom Web Development – Environment enabling full stack development for mobile web applications.
    • Custom Native Development – Environment enabling full stack development for mobile native applications.
  • A quadrant analysis is depicted. the top data is labeled Complex Mobile Features; the right side is labeled Organization-Managed Stack; the bottom is labeled Simple Mobile Features; and the left side is labeled Vendor-Managed Stack. The quadrants are labeled the following, in order from left to right, top to bottom. Vendor- Hosted Mobile Platform; Custom Native Development Solutions; Commercial-Off-the-Shelf Solutions; Custom Web Development Solutions. In the middle of the graph are the following, in order from top to bottom: Cross-Platform Development Solutions; Hybrid Development Solutions

    Optimize your software delivery process

    Mobile brings new delivery and management challenges that are often difficult for organizations that are tied to legacy systems, hindered by rigid and slow delivery lifecycles, and are unable to adopt leading-edge technologies. Many of these challenges stem from the fact that mobile is a significant shift from desktop development:

    • Mobile devices and operating systems are heavily fragmented, especially in the Android space.
    • Test coverage is significantly expanded to include physical environments and multiple network connections.
    • Mobile devices do not have the same performance capabilities and memory storage as their desktop counterparts.
    • The user interface must be strategically designed to accommodate the limited screen size.
    • Mobile applications are highly susceptible to security breaches.
    • Mobile users often expect quick turnaround time on fixes and enhancements due to continuously changing technology, business priorities, and user needs.

    To learn more, visit Info-Tech's Modernize Your SDLC blueprint.

    How should the process change?

    • Cross-functional collaboration – Bringing business and IT together at the most opportune times to clarify user needs and business priorities, and set realistic expectations given technology and capacity constraints. The appropriate tactics and techniques are used to improve decision making and delivery effectiveness according to the type of work.
    • Iterative delivery – Frequent delivery of progressive changes minimizes the risk of low-quality features by containing and simplifying scope, and enables responsive turnarounds of fixes, enhancements, and priority changes.
    • Feedback loops –Mobile application owners constantly review, update and refine their backlog of mobile features and changes to reflect user feedback and system performance metrics. Delivery teams proactively prepare the application for future scaling based on lessons and feedback learned from earlier releases.

    Achieve mobile success with MVPs

    By delivering mobile capabilities in small iterations, teams recognize value sooner and reduce accumulated risk. Both benefits are realized as the iteration enters validation testing and release.

    This image depicts a graph of the learn-build-measure cycle over time, adapted from Managing the Development of Large Software Systems, Dr. Winston W. Royce, 1970

    An MVP focuses on a small set of functions, involves minimal possible effort to deliver a working and valuable solution, and is designed to satisfy a specific user group. Its purpose is to:

    • Maximize learning.
    • Evaluate the value and acceptance of mobile applications.
    • Inform the building of a mobile delivery practice.

    The build-measure-learn loop suggests mobile delivery teams should perpetually take an idea and develop, test, and validate it with the mobile development solution, then expand on the MVP using the lessons learned and evolving ideas. In this sense the MVP is just the first iteration in the loop.

    Gauge the value with the right metrics

    Metrics are a powerful way to drive behavior change in your organization. But metrics are highly prone to creating unexpected outcomes so they must be used with great care. Use metrics judiciously to avoid gaming or ambivalent behavior, productivity loss, and unintended consequences.

    To learn more, visit Info-Tech's Select and Use SDLC Metrics Effectively blueprint.

    What should I measure?

    1. Mobile Application Engagement, Retention and User Satisfaction
      1. The activeness of users on the applications, the number of returning users, and the happiness of the users.
      2. Example: Number of tasks completed, number of active and returning users, session length and intervals, user satisfaction
    2. Value Driven from Mobile Applications
      1. The business value that the user directly or indirectly receives with the mobile application.
      2. Example: Mobile application revenue, business operational costs, worker productivity, business reputation and image
    3. Delivery Throughput and Quality
      1. The health and quality of your mobile applications throughout their lifespan and the speed to deliver working applications that meet stakeholder expectations.
      2. Example: Frequency of release, lead time, request turnaround, escaped defects, test coverage.

    Use Info-Tech's diagnostic to evaluate the reception of your mobile applications

    Info-Tech's Application Portfolio Assessment (APA) Diagnostic is a canned end-user satisfaction survey used to evaluate your application portfolio health to support data-driven decisions.

    This image contains a screenshot from Info-Tech's Application Portfolio Assessment (APA) Diagnostic

    USE THE PROGRAM DIAGNOSTIC TO:

    • Assess the importance and satisfaction of enterprise applications.
    • Solicit feedback from your end users on applications being used.
    • Understand the strengths and weaknesses of your current applications.
    • Perform a high-level application rationalization initiative.

    INTEGRATE DIAGNOSTIC RESULTS TO:

    • Target which applications to analyze in greater detail.
    • Expand on the initial application rationalization results with a more comprehensive and business-value-focused criteria.

    Grow your mobile delivery practice

    Level 1: Mobile Delivery Foundations

    You understand the opportunities and impacts mobile has on your business operations and its disruptive nature on your enterprise systems. Your software delivery lifecycle was optimized to incorporate the specific practices and requirements needed for mobile. A mobile platform was selected based on stakeholder needs that are weighed against current skillsets, high priority non-functional requirements, the available capacity and scalability of your stack, and alignment to your current delivery process.

    Level 2: Scaled Mobile Delivery

    New features and mobile use cases are regularly emerging in the industry. Ensuring your mobile platform and delivery process can easily scale to incorporate constantly changing mobile features and technologies is key. This can help minimize the impact these changes will have on your mobile stack and the resulting experience.

    Achieving this state requires three competencies: mobile security, performance optimization, and integration practices.

    Level 3: Leading-Edge Mobile Delivery

    Many of today's mobile trends involve, in one form or another, hardware components on the mobile device (e.g., NFC receivers, GPS, cameras). You understand the scope of native features available on your end user's mobile device and the required steps and capabilities to enable and leverage them.

    Hit a home run with your stakeholders

    Use a data-driven approach to select the right tooling vendor for your needs – fast.

    Awareness Education & Discovery Evaluation Selection

    Negotiation & Configuration

    1.1 Proactively Lead Technology Optimization & Prioritization 2.1 Understand Marketplace Capabilities & Trends 3.1 Gather & Prioritize Requirements & Establish Key Success Metrics 4.1 Create a Weighted Selection Decision Model 5.1 Initiate Price Negotiation with Top Two Venders
    1.2 Scope & Define the Selection Process for Each Selection Request Action 2.2 Discover Alternate Solutions & Conduct Market Education 3.2 Conduct a Data Driven Comparison of Vendor Features & Capabilities 4.2 Conduct Investigative Interviews Focused on Mission Critical Priorities with Top 2-4 Vendors 5.2 Negotiate Contract Terms & Product Configuration

    1.3 Conduct an Accelerated Business Needs Assessment

    2.3 Evaluate Enterprise Architecture & Application Portfolio Narrow the Field to Four Top Contenders 4.3 Validate Key Issues with Deep Technical Assessments, Trial Configuration & Reference Checks 5.3 Finalize Budget Approval & Project
    1.4 Align Stakeholder Calendars to Reduce Elapsed Time & Asynchronous Evaluation 2.4 Validate the Business Case 5.4 Invest in Training & Onboarding Assistance

    Investing time improving your software selection methodology has big returns.

    Info-Tech Insight

    Not all software selection projects are created equal – some are very small, some span the entire enterprise. To ensure that IT is using the right framework, understand the cost and complexity profile of the application you're looking to select. Info-Tech's Rapid Application Selection Framework approach is best for commodity and mid-tier enterprise applications; selecting complex applications is better handled by the methodology in Info-Tech's Implement a Proactive and Consistent Vendor Selection Process.

    Pitch your mobile delivery approach with Info-Tech's template

    Communicate the justification of your approach to mobile applications with Info-Tech's Mobile Application Delivery Communication Template:

    • Level set your mobile application goals and objectives by weighing end user expectations with technical requirements.
    • Define the high priority opportunities for mobile applications.
    • Educate decision makers of the limitations and challenges of delivering specific mobile experiences with the various mobile platform options.
    • Describe your framework to select the right mobile platform and delivery tools.
    • Lay out your mobile delivery roadmap and initiatives.

    INFO-TECH DELIVERABLE

    This is a screenshot from Info-Tech's Mobile Application Delivery Communication Template

    Info-Tech's methodology for mobile platform and delivery solution selection

    1. Set the Mobile Context

    2. Define Your Mobile Approach

    Phase Steps

    Step 1.1 Build Your Mobile Backlog

    Step 1.2 Identify Your Technical Needs

    Step 1.3 Define Your Non-Functional Requirements

    Step 2.1 Choose Your Platform Approach

    Step 2.2 Shortlist Your Mobile Delivery Solution

    Step 2.3 Create a Roadmap for Mobile Delivery

    Phase Outcomes

    • User personas
    • Mobile objectives and metrics
    • Mobile opportunity backlog
    • List of mobile features to enable the desired mobile experience
    • System current assessment
    • Mobile application quality definition
    • Readiness for mobile delivery
    • Desired mobile platform approach
    • Shortlisted mobile delivery solutions
    • Desired list of vendor features and services
    • MVP design
    • Mobile delivery roadmap

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2

    Call #1: Understand the case and motivators for mobile applications.

    Call #2: Discuss the end user and desired mobile experience.

    Call #5: Discuss the desired mobile platform.

    Call #8: Discuss your mobile MVP.

    Call #3: Review technical complexities and non-functional requirements.

    Call #6: Shortlist mobile delivery solutions and desired features.

    Call #9: Review your mobile delivery roadmap.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 6 to 9 calls over the course of 2 to 3 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Module 1 Module 2 Module 3 Module 4 Post-Workshop
    Activities Set the Mobile Context Identify Your Technical Needs Choose Your Platform & Delivery Solution Create Your Roadmap Next Steps andWrap-Up (offsite)

    1.1 Generate user personas with empathy maps

    1.2 Build your mobile application canvas

    1.3 Build your mobile backlog

    2.1 Discuss your mobile needs

    2.2 Conduct a technical assessment

    2.3 Define mobile application quality

    2.4 Verify your decision to deliver mobile applications

    3.1 Select your platform approach

    3.2 Shortlist your mobile delivery solution

    3.3 Build your feature and service lists

    4.1 Define your MVP release

    4.2 Build your roadmap

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    • User personas
    • Mobile objectives and metrics
    • Mobile opportunity backlog
    • List of mobile features to enable the desired mobile experience
    • System current assessment
    • Mobile application quality definition
    • Verification to proceed with mobile delivery
    • Desired mobile platform approach
    • Shortlisted mobile delivery solutions
    • Desired list of vendor features and services
    • MVP design
    • Mobile delivery roadmap
    • Completed workshop output deliverable
    • Next steps

    Phase 1

    Set the Mobile Context

    Choose Your Mobile Platform and Tools

    This phase will walk you through the following steps:

    • Step 1.1 – Build Your Mobile Backlog
    • Step 1.2 – Identify Your Technical Needs
    • Step 1.3 – Define Your Non-Functional Requirements

    This phase involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Step 1.1

    Build Your Mobile Backlog

    Activities

    1.1.1 Generate user personas with empathy maps

    1.1.2 Build your mobile application canvas

    1.1.3 Build your mobile backlog

    Set the Mobile Context

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Outcomes of this step

    • User personas
    • Mobile objectives and metrics
    • Mobile opportunity backlog

    Users expect your organization to support their mobile way of working

    Today, users expect sophisticated and personalized features, immersive interactions, and cross-platform capabilities from their mobile applications and be able to access information and services anytime, anywhere and on any device. These demands are pushing organizations to become more user-driven, placing greater importance on user experience (UX) with enterprise-grade technologies.

    How has technologies evolved to easily enable mobile capabilities?

    • Desktop-Like Features
      • Native-like features, such as geolocation and local caching, are supported through web language or third-party plugins and extensions.
    • Extendable & Scalable
      • Plug-and-play architecture is designed to allow software delivery teams to explore new use cases and mobile capabilities with out-of-the-box connectors and/or customizable REST APIs.
    • Low Barrier to Entry
      • Low- and no-code development tools, full-stack solutions, and plug-and-play architectures allow non-technical users to easily build and implement applications without direct IT involvement.
    • Templates & Shells
      • Vendors provide UI templates and application shells that contain pre-built native features and multiple aesthetic layouts in a publishing-friendly and configurable way.
    • Personalized Content
      • Content can be uniquely tailored to a user's preference or be automatically generated based on the user's profile or activity history.
    • Hands-Off Operations
      • Many mobile solutions operate in a as-a-service model where the underlying and integrated technologies are managed by the vendor and abstracted away.

    Make user experience (UX) the standard

    User experience (UX) focuses on a user's emotions, beliefs, and physical and psychological responses that occur before, during, or after interacting with a service or product.

    For a mobile application to be a meaningful experience, the functions, aesthetics and content must be:

    • Usable
      • Users can intuitively navigate through your mobile application and complete their desired tasks.
    • Desirable
      • The application elements are used to evoke positive emotions and appreciation.
    • Accessible
      • Users can easily use your mobile application, including those with disabilities.
    • Valuable
      • Users find the content useful, and it fulfills a need.

    Enable a greater experience with UX-driven thinking

    Designing for a high-quality experience requires more than just focusing on the UI. It also requires the merging of multiple business, technical, and social disciplines in order to create an immersive, practical, and receptive application. The image on the right explains the disciplines involved in UX. This is critical for ensuring users have a strong desire to use the mobile application, it is adequately supported technically, and it supports business objectives.

    To learn more, visit Info-Tech's Implement and Mature Your User Experience Design Practice blueprint.

    A Venn diagram is depicted, demonstrating the inputs that lead to an interactive design, with interactive elements, usability, and accessibility. This work by Mark Roden is licensed under a Creative Commons Attribution 3.0 Unported License.

    Source: Marky Roden, Xomino, 2018

    UX-driven mobile apps bring together a compelling UI with valuable functionality

    Info-Tech Insight

    Organizations often over-rotate on the UI. Receptive and satisfying applications require more than just pretty pictures, bold colors, and flashy animations. UX-driven mobile applications require the seamless merging of enticing design elements and valuable functions that are specifically tailored to the behaviors of the users. Take a deep look at how each design element and function is used and perceived by the user, and how your application can sufficiently support user needs.

    UI-Function Balance to Achieve Highly Satisfying Mobile Applications

    An application's UI and function both contribute to UX, but they do so in different ways.

    • The UI generates the visual, audio, and vocal cues to draw the attention of users to key areas of the application while stimulating the user's emotions.
    • Functions give users the means to satisfy their needs effortlessly.

    Finding the right balance of UI and function is dependent on the organization's understanding of user emotions, needs, and tendencies. However, these factors are often left out of an application's design. Having the right UX competencies is key in assuring user behaviors are appropriately accommodated early in the delivery process.

    To learn more, visit Info-Tech's Modernize Your Corporate Website to Drive Business Value blueprint.

    Focus your efforts on all items that drive high user experience and satisfaction

    UX-driven mobile applications involve all interaction points and system components working together to create an immersive experience while being actively supported by delivery and operations teams. Many organizations commonly focus on visual and content design to improve the experience, but this is only a small fraction of the total UX design. Look beyond the surface to effectively enhance your application's overall UX.

    Typical Focus of Mobile UX

    Aesthetics
    What Are the Colors & Fonts?

    Relevance & Modern
    Will Users Receive Up to Date Content and Trending Features?

    UI Design
    Where Are the Interaction Points?

    Content Layout
    How Is Content Organized?

    Critical Areas of Mobile UX That Are Often Ignored

    Web Infrastructure
    How Will Your Application Be Operationally Supported?

    Human Behavior
    What Do the Users Feel About Your Application?

    Coding Language
    What Is the Best Language to Use?

    Cross-Platform Compatibility
    How Does It Work in a Browser Versus Each Mobile Platform?

    Application Quality
    How are Functional and Non-Functional Needs Balanced?

    Adoption & Retention
    How Do I Promote Adoption and Maintain User Engagement?

    Application Support
    How Will My Requests and Issues Be Handled?

    Use personas to envision who will be using your mobile application

    What Are Personas?

    Personas are detailed descriptions of the targeted audience of your mobile application. It represents a type of user in a particular scenario. Effective personas:

    • Express and focus on the major needs and expectations of the most important user groups.
    • Give a clear picture of the typical user's behavior.
    • Aid in uncovering critical features and functionalities.
    • Describe real people with backgrounds, goals, and values.

    Why Are Personas Important to UX?

    They are important because they help:

    • Focus the development of mobile application features on the immediate needs of the intended audience.
    • Detail the level of customization needed to ensure content is valuable to and resonates with the user.
    • Describe how users may behave when certain audio and visual stimulus are triggered from the mobile application.
    • Outline the special design considerations required to meet user accessibility needs.

    Key Elements of a Persona:

    • Professional and Technical Skills and Experiences (e.g., knowledge of mobile applications, area of expertise)
    • Persona Group (e.g., executives)
    • Technological Environment of User (e.g., devices, browsers, network connection)
    • Demographics (e.g., nationality, age, language spoken)
    • Typical Behaviors and Tendencies (e.g., goes to different website when cannot find information in 20 seconds)
    • Purpose of Using the Mobile Application (e.g., search for information, submit registration form)

    Create empathy maps to gain a deeper understanding of stakeholder personas

    Empathy mapping draws out the characteristics, motivations, and mannerisms of a potential end user.

    This image contains an image of an empathy map from XPLANE, 2017. it includes the following list: 1. Who are we empathizing with; 2. What do they need to DO; 3. What do they SEE; 4. What do they SAY?; 5. What do they DO; 6. What do they HEAR; 7. What do they THINK and FEEL.

    Source: XPLANE, 2017

    Empathy mapping focuses on identifying the problems, ambitions, and frustrations they are looking to resolve and describes their motivations for wanting to resolve them. This analysis helps your teams:

    • Better understand the reason behind the struggles, frustrations and motivators through a user's perspective.
    • Verify the accuracy of assertions made about the user.
    • Pinpoint the specific problem the mobile application will be designed to solve and the constraints to its successful adoption and on-going use.
    • Read more about empathy mapping and download the empathy map PDF template here.

    To learn more, visit Info-Tech's Use Experience Design to Drive Empathy with the Business blueprint.

    1.1.1 Generate user personas with empathy maps

    1-3 hours

    1. Download the Empathy Map Canvas and draw the map on a whiteboard or project it on the screen.
    2. Choose an end user to be the focus of your empathy map. Using sticky notes, fill out the sections of the empathy map in the following order:
      1. Start by filling out the goals section. State who the subject of the empathy map will be and what activity or task you would like them to do.
        1. Focus on activities and tasks that may benefit from mobile.
      2. Next, complete the outer sections in clockwise order (see, say, do, hear). The purpose of this is to think in terms of what the subject of your empathy map is observing, sensing, and experiencing.
        1. Indicate the mobile devices and OS users will likely use and the environments they will likely be in (e.g., places with poor connections)
        2. Discuss accessibility needs and how user prefer to consume content.
      3. Last, complete the inner circle of the empathy map (pains and gains). Since you spent the last step of the exercise thinking about the external influences on your stakeholder, you can think about how those stimuli affect their emotions.
    3. Document your end user persona into Info-Tech's Mobile Application Delivery Communication Template.

    Input

    Output
    • List of potential mobile application users
    • User personas
    Materials Participants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.1.1 cont'd

    This image contains an image of an empathy map from XPLANE, 2017. it includes the following list: 1. Who are we empathizing with; 2. What do they need to DO; 3. What do they SEE; 4. What do they SAY?; 5. What do they DO; 6. What do they HEAR; 7. What do they THINK and FEEL.

    Download the Empathy Map Canvas

    Many business priorities are driving mobile

    Mobile Applications

    • Product Roadmap
      • Upcoming enterprise technology releases and updates offer mobile capabilities to expand its access to a broader userbase.
    • Cost Optimization
      • Maximizing business value in processes and technologies through disciplined and strategic cost and spending reduction practices with mobile applications.
    • Competitive Differentiation
      • Developing and optimizing your organization's distinct products and services quickly with mobile applications.
    • Digital Transformation
      • Transitioning processes, data and systems to a digital environment to broaden access to enterprise data and services anywhere at anytime.
    • Operational Efficiency
      • Improving software delivery and business process throughput by increasing worker productivity with mobile applications.
    • Other Business Priorities
      • New corporate products and services, business model changes, application rationalization and other priorities may require modernization, innovation and a mobile way of working.

    Focus on the mobile business and end user problem, not the solution

    People are naturally solution-focused. The onus isn't on them to express their needs in the form of a problem statement!

    When refining your mobile problem statement, attempt to answer the following four questions:

    • Who is impacted?
    • What is the (user or organizational) challenge that needs to be addressed?
    • Where does it happen?
    • Why does it matter?

    There are many ways of writing problem statements, a clear approach follows the format:

    • "Our (who) has the problem that (what) when (where). Our solution should (why)."
    • Example: "Our system analysts has the problem that new tickets take too long to update when working on user requests. Our approach should enable the analyst to focus on working with customers and not on administration."

    Adapted from: "Design Problem Statements – What and How to Frame Them"

    How to write a vision statement

    It's ok to dream a little!

    When thinking about a vision statement, think about:

    • Who is it for?
    • What does the customer need?
    • What can we do for them?
    • And why is this special?

    There are different statement templates available to help form your vision statements. Some include:

    1. For [our target customer], who [customer's need], the [product] is a [product category or description] that [unique benefits and selling points]. Unlike [competitors or current methods], our product [main differentiators]. (Crossing the Chasm)
    2. "We believe (in) a [noun: world, time, state, etc.] where [persona] can [verb: do, make, offer, etc.], for/by/with [benefit/goal].
    3. To [verb: empower, unlock, enable, create, etc.] [persona] to [benefit, goal, future state].
    4. Our vision is to [verb: build, design, provide], the [goal, future state], to [verb: help, enable, make it easier to...] [persona]."

    (Numbers 2-4 from: How to define a product vision)

    Info-Tech Best Practice

    A vision shouldn't be so far out that it doesn't feel real and so short term that it gets bogged down in minutiae and implementation details. Finding that right balance will take some trial and error and will be different depending on your organization.

    Ensure mobile supports ongoing value delivery and stakeholder expectations

    Success hinges on your team's ability to deliver business value. Well-developed mobile applications instill stakeholder confidence in ongoing business value delivery and stakeholder buy-in, provided proper expectations are set and met.

    Business value defines the success criteria of an organization, and it is interpreted from four perspectives:

    • Profit Generation – The revenue generated from a business capability with mobile applications.
    • Cost Reduction – The cost reduction when performing business capabilities with mobile applications.
    • Service Enablement – The productivity and efficiency gains of internal business operations with mobile applications.
    • Customer and Market Reach – Metrics measuring the improved reach and insights of the business in existing or new markets.

    See our Build a Value Measurement Framework blueprint for more information about business value definition.

    This image contains a quadrant analysis with the following labels: Left - Improved Capabilities; Top - Outward; Right - Financial Benefit; Bottom - Inward. the quadrants are labeled the following, in order from left to right, top to bottom. Customer and Market Reach; Profit Generation; Service Enhancement; Cost Reduction

    Set realistic mobile goals

    Mobile applications enables the exploration of new and different ways to improve worker productivity and deliver business value. However, the realities of mobile applications may limit your ability to meet some of your objectives:

    • On the day of installation, the average retention rate for public-facing applications was 25.3%. By day 30, the retention rate drops to 5.7%. (Source: Statista, 2020)
    • 63% of 3,335 most popular Android mobile applications on the Google Play Store contained open-source components with known security vulnerabilities and other pervasive security concerns including exposing sensitive data (Source: Synopsys, 2021)
    • 62% of users would delete the application because of performance issues, such as crashes, freezes and other errors (Source: Intersog, 2021).

    These realities are not guaranteed to occur or impede your ability to deliver valuable mobile applications, but they can lead to unachievable expectations. Ensure your stakeholders are not oversold on advertised benefits and hold you accountable for unrealistic objectives. Recognize that the organization must also change how it works and operates to see the full benefit and adoption of mobile applications and overcome the known and unknown challenges and hurdles that often come with mobile delivery.

    Benchmarks present enticing opportunities, but should be used to set reasonable expectations

    66%
    Improve Market Reach
    66% of the global population uses a mobile device
    Source: DataReportal, 2021

    20%
    Connected Workers are More Productive
    Nearly 20 percent of mobile professionals estimate they miss more than three hours of working time a week not being able to get connected to the internet
    Source: iPass, 2017

    80%
    Increase Brand Recognition
    80% of smartphone users are more likely to purchase from companies whose mobile sites of apps help them easily find answers to their questions
    Source: Google, 2018

    Gauge the value with the right metrics

    Metrics are a powerful way to drive behavior change in your organization. But metrics are highly prone to creating unexpected outcomes so they must be used with great care. Use metrics judiciously to avoid gaming or ambivalent behavior, productivity loss, and unintended consequences.

    To learn more, visit Info-Tech's Select and Use SDLC Metrics Effectively blueprint.

    What should I measure?

    1. Mobile Application Engagement, Retention and User Satisfaction
      • The activeness of users on the applications, the number of returning users, and the happiness of the users.
      • Example: Number of tasks completed, number of active and returning users, session length and intervals, user satisfaction
    2. Value Driven from Mobile Applications
      • The business value that the user directly or indirectly receives with the mobile application.
      • Example: Mobile application revenue, business operational costs, worker productivity, business reputation and image
    3. Delivery Throughput and Quality
      • The health and quality of your mobile applications throughout their lifespan and the speed to deliver working applications that meet stakeholder expectations.
      • Example: Frequency of release, lead time, request turnaround, escaped defects, test coverage.

    Use Info-Tech's diagnostic to evaluate the reception of your mobile applications

    Info-Tech's Application Portfolio Assessment (APA) Diagnostic is a canned end user satisfaction survey used to evaluate your application portfolio health to support data-driven decisions.

    This image contains a screenshot from Info-Tech's Application Portfolio Assessment (APA) Diagnostic

    USE THE PROGRAM DIAGNOSTIC TO:

    • Assess the importance and satisfaction of enterprise applications.
    • Solicit feedback from your end users on applications being used.
    • Understand the strengths and weaknesses of your current applications.
    • Perform a high-level application rationalization initiative.

    INTEGRATE DIAGNOSTIC RESULTS TO:

    • Target which applications to analyze in greater detail.
    • Expand on the initial application rationalization results with a more comprehensive and business-value-focused criteria.

    Use a canvas to define key elements of your mobile initiative

    Mobile Application Initiative Name

    Owner:
    Parent Initiative:
    Updated:

    NAME
    LINK
    October 05, 2022

    Problem Statement

    Vision

    The problem or need mobile applications are addressing

    Vision, unique value proposition, elevator pitch, or positioning statement

    Business Goals & Metrics

    Capabilities, Processes & Application Systems

    List of business objectives or goals for the mobile application initiative.

    List of business capabilities, processes and application systems related to this initiative.

    Personas/Customers/Users

    Stakeholders

    List of groups who consume the mobile application

    List of key resources, stakeholders, and teams needed to support the process, systems and services

    To learn more, visit Info-Tech's Deliver on Your Digital Product Vision blueprint.

    1.1.2 Build your mobile application canvas

    1-3 hours

    1. Complete the following fields to build your mobile application canvas:
      • Mobile application initiative name
      • Mobile application owner
      • Parent initiative name
      • Problem that mobile applications are intending to solve and your vision. See the outcome from the previous exercise.
      • Mobile application business goals and metrics.
      • Capabilities, processes and application systems involved
      • Primary customers/users (For additional help with your product personas, download and complete to Deliver on Your Digital Product Vision.)
    2. Stakeholders
    3. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    Output
    • User personas
    • Business strategy
    • Problem and vision statements
    • Mobile objectives and metrics
    • Mobile application canvas
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.1.2 cont'd

    Mobile Application Initiative Name

    Owner:
    Parent Initiative:
    Updated:

    NAME
    LINK
    October 05, 2022

    Problem Statement

    Vision

    [Problem Statement]

    [Vision]

    Business Goals & Metrics

    Capabilities, Processes & Application Systems

    [Business Goal 1, Metric]
    [Business Goal 2, Metric]
    [Business Goal 3, Metric]

    [Business Capability]
    [Business Process]
    [Application System]

    Personas/Customers/Users

    Stakeholders

    [User 1]
    [User 2]
    [User 3]

    [Stakeholder 1]
    [Stakeholder 2]
    [Stakeholder 3]

    Create your mobile backlog

    Your backlog gives you a holistic understanding of the demand for mobile applications across your organization.

    Opportunities
    Trends
    MVP

    External Sources

    Internal Sources

    • Market Trends Analysis
    • Competitive Analysis
    • Regulations & Industry Standards
    • Customer & Reputation Analysis
    • Application Rationalization
    • Capability & Value Stream Analysis
    • Business Requests & Incidents
    • Discovery & Mining Capabilities

    A mobile application minimum viable product (MVP) focuses on a small set of functions, involves minimal possible effort to deliver a working and valuable solution, and is designed to satisfy a specific user group. Its purpose is to maximize learning, evaluate value and acceptance, and inform the development of a full-fledged mobile delivery practice.

    Find your mobile opportunities

    Modern mobile technologies enable users to access, analyze and change data anywhere with native device features, which opens the door to enhanced processes and new value sources.

    Examples of Mobile Opportunities:

    • Mobile Payment
      • Cost alternative to credit card transaction fees.
      • Loyalty systems are updated upon payment without need of a physical card.
      • Quicker completion of transactions.
    • Inventory Management
      • Update inventory database when shipments arrive or deliveries are made.
      • Inform retailers and consumers of current stock on website.
      • Alert staff of expired or outdated products.
    • Quick and Small Data Transfer
      • Embed tags into posters to transfer URIs, which sends users to sites containing product or location information.
      • Replace entry tags, fobs, or smart cards at doors.
      • Exchange contact details.
    • Location Sensitive Information
      • Proactively send promotions and other information (e.g. coupons, event details) to users within a defined area.
      • Inform employees of nearby prospective clients.
    • Supply Chain Management
      • Track the movement and location of goods and delivery trucks.
      • Direct drivers to the most optimal route.
      • Location-sensitive billing apps such as train and bus ticket purchases.
    • Education and Learning
      • Educate users about real-world objects and places with augmented books and by pushing relevant learning materials.
      • Visualize theories and other text with dynamic 3D objects.
    • Augmented Reality (AR)
      • Provide information about the user's surroundings and the objects in the environment through the mobile device.
      • Interactive and immersive experiences with the inclusion of virtual reality.
    • Architecture and Planning
      • Visualize historic buildings or the layout of structural projects and development plans.
      • Develop a digital tour with location-based audio initiated with location-based services or a camera.
    • Navigation
      • Provide directions to users to navigate and provide contextual travelling instructions.
      • Push traffic notifications and route changes to travelling users.
    • Tracking User Movement
      • Predict the future location of users based on historic information and traffic modelling.
      • Proactively push information to users before they reach their destination.

    1.1.3 Build your mobile backlog

    1-3 hours

    1. As a group, discuss the use and value mobile already has within your organization for each persona.
      1. What are some of the apps being used?
      2. What enterprise systems and applications are already exposed to the web and accessible by mobile devices?
      3. How critical is mobile to business operations, marketing campaigns, etc.?
    2. Discuss how mobile can bring additional business value to other areas of your organization for each persona.
      1. Can mobile enhance your customer reach? Do your customers care that your services are offered through mobile?
      2. Are employees asking for better access to enterprise systems in order to improve their productivity?
    3. Write your mobile opportunities in the following form: As a [end user persona], I want to [process or capability to enable with mobile applications], so that [organizational benefit]. Prioritize each opportunity against feasibility, desirability, and viability.
    4. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Input

    Output
    • Problem and vision statements
    • Mobile objectives and metrics
    • Mobile application canvas
    • Mobile opportunities backlog
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Manage your mobile backlog

    Your backlog stores and organizes your mobile opportunities at various stages of readiness. It must be continuously refined to address new requests, maintenance and changing priorities.

    3 – IDEAS
    Composed of raw, vague, and potentially large ideas that have yet to go through any formal valuation.

    2 – QUALIFIED
    Researched and qualified opportunities awaiting refinement.

    1 READY
    Discrete, refined opportunities that are ready to be placed in your team's delivery plans.

    Adapted from Essential Scrum

    A well-formed backlog can be thought of as a DEEP backlog

    • Detailed Appropriately: opportunities are broken down and refined as necessary
    • Emergent: The backlog grows and evolves over time as opportunities are added and removed.
    • Estimated: The effort an opportunity requires is estimated at each tier.
    • Prioritized: The opportunity's value and priority are determined at each tier.

    (Source Perforce, 2018)

    See our Deliver on Your Digital Product Vision for more information on backlog practices.

    Step 1.2

    Identify Your Technical Needs

    Activities

    1.2.1 Discuss your mobile needs

    1.2.2 Conduct a technical assessment

    Set the Mobile Context

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Outcomes of this step

    • List of mobile features to enable the desired mobile experience
    • System current assessment

    Describe your desired mobile experiences with journey maps

    A journey map tells the story of the user's experience with an existing or prospective product or service, starting with a trigger, through the process of engagement, to create an outcome. Journey maps can focus on a particular part of the user's or the entire experience with your organization's products or services. All types of maps capture key interactions and motivations of the user in chronological order.

    Why are journey maps an important for mobile application delivery?

    Everyone has their own preferred method for completing their tasks on mobile devices – often, what differentiates one persona from another has to do with how users privately behave. Understand that the activities performed outside of IT's purview develop context for your persona's pain points and position IT to meet their needs with the appropriate solution.

    To learn more, visit Info-Tech's Use Experience Design to Drive Empathy with the Business blueprint.

    Two charts are depicted, the first shows the path from Trigger, through steps 1-4, to the outcome, and the Activities and Touchpoints for each. The second chart shows the Expectation analysis, showing which steps are must-haves, nice-to-haves, and hidden-needs.

    Pinpoint specific mobile needs in your journey map

    Realize that mobile applications may not precisely fit with your personas workflow or align to their expectations due to device and system limitations and restrictions. Flag the mobile opportunities that require significant modifications to underlying systems.

    Consider these workflow scenarios that can influence your persona's desire for mobile:

    Workflow Scenarios Ask Yourself The Key Questions Technology Constraints or Restrictions to Consider Examples of Mobile Opportunities

    Data View – Data is queried, prepared and presented to make informed decisions, but it cannot be edited.

    Where is the data located and can it be easily gathered and prepared?

    Is the data sensitive and can it be locally stored?

    What is the level of detail in my view?

    Multi-factor authentication required.

    Highly sensitive data requires encryption in transit and at rest.

    Minor calculations and preparation needed before data view.

    Generate a status report.

    View social media channels.

    View contact information.

    Data Collection – Data is inputted directly into the application and updates back-end system or integrated 3rd party services.

    Do I need special permission to add, delete and overwrite data?

    How much data can I edit?

    Is the data automatically gathered?

    Bandwidth restrictions.

    Multi-factor authentication required.

    Native device access required (e.g., camera).

    Multiple types and formats of gathered data.

    Manual and automatic data gathering

    Book appointments with clients.

    Update inventory.

    Tracking movement of company assets.

    Data Analysis & Modification – Data is evaluated, manipulated and transformed through the application, back-end system or 3rd party service.

    How complex are my calculations?

    Can computations be offloaded?

    What resources are needed to complete the analysis?

    Memory and processing limitations on device.

    Inability to configure device and enterprise hardware to support system resource demand.

    Scope and precision of analysis and modifications.

    Evaluate and propose trends.

    Gauge user sentiment.

    Propose next steps and directions.

    Define the mobile experience your end users want

    Anytime, Anywhere
    The user can access, update and analyze data, and corporate products and services whenever they want, in all networks, and on any device.

    Hands-Off & Automated
    The application can perform various workflows and tasks without the user's involvement and notify the user when specific triggers are hit.

    Personalized & Insightful
    Content presentation and subject are tailored for the user based on specific inputs from the user, device hardware or predicted actions.

    Integrated Ecosystem
    The application supports a seamless experience across various 3rd party and enterprise applications and services the user needs.

    Visually Pleasing & Fulfilling
    The UI is intuitive and aesthetically gratifying with little security and performance trade-offs to use the full breadth of its functions and services.

    Each mobile platform has its own take on the mobile native experience. The choice ultimately depends on whether the costs and effort are worth the anticipated value.

    1.2.1 Discover your mobile needs

    1-3 hours

    1. Define the workflow of a high priority opportunity in your mobile backlog. This workflow can be pertaining to an existing mobile application or a workflow that can benefit with a mobile application.
      1. Indicate the trigger that will initiate the opportunity and the desired outcome.
      2. Break down the persona's desired outcome into small pieces of value that are realized in each workflow step.
    2. Identify activities and touchpoints the persona will need to complete to finish each step in the workflow. Indicate the technology used to complete the activity or to facilitate the touchpoint.
    3. Indicate which activities and touchpoints can be satisfied, complimented or enhanced with mobile.

    Input

    Output
    • User personas
    • Mobile application canvas
    • Desired mobile experience
    • List of mobile features
    • Journey map
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.2.1 cont'd

    Workflow

    Trigger

    Conduct initial analysis

    Get planning help

    Complete and submit RFP

    Design and implement solution

    Implement changes

    Activities, Channels, and Touchpoints

    Need is recognized in CIO council meeting

    See if we have a sufficient solution internally

    Seek planning help (various channels)

    *Meet with IT shared services business analyst

    Select the appropriate vendor

    Follow action plan

    Compliance rqmt triggered by new law

    See if we have a sufficient solution internally

    *Hold in-person initial meeting with IT shared services

    *Review and approve rqmts (email)

    Seek miscellaneous support

    Implement project and manage change

    Research potential solutions in the marketplace

    Excess budget identified for utilization

    Pick a "favorite" solution

    *Negotiate and sign statement of work (email)

    Prime organization for the change

    Create action plan

    If solution is unsatisfactory, plan remediation

    Current Technology

    • Email
    • Video conferencing
    • Phone
    • Meeting transcripts and recordings
    • ERP
    • IT asset management
    • Internet browser for research
    • Virtual environment to demonstrate solutions
    • Email
    • Vendor assessment and procurement solution
    • Email
    • Video conferencing
    • Phone
    • Meeting transcripts and recordings
    • PDF documents and reader
    • Digital signature
    • Email
    • Video conferencing
    • Phone
    • Meeting transcripts and recordings
    • PDF documents and reader
    • Digital signature
    • Email
    • Video conferencing
    • Phone
    • Vendor assessment and procurement solution
    • Project management solution
    • Team collaboration solution
    • Email
    • Video conferencing
    • Phone
    • Project management solution
    • Team collaboration solution
    • Vendor's solution

    Legend:

    Bold – Touchpoint

    * – Activities or Touchpoints That Can Benefit with Mobile

    1.2.1 cont'd

    1-3 hours

    1. Analyze persona expectations. Identify the persona's must-haves, then nice-to-haves, and then hidden needs to effectively complete the workflow.
      1. Must-haves. The necessary outcomes, qualities, and features of the workflow step.
      2. Nice-to-haves. Desired outcomes, qualities, or features that your persona is able to articulate or express.
      3. Hidden needs. Outcomes, qualities, or features that your persona is not aware they have a desire for; benefits that they are pleasantly surprised to receive. These will usually be unknown for your first-iteration journey map.
    2. Indicate which persona expectations can be satisfied with mobile. Discuss what would the desired mobile experience be.
    3. Discuss feedback and experiences your team has heard from the personas they engage with regularly.
    4. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    1.2.1 cont'd

    Example

    This image contains an example workflow for determining mobile needs.

    1.2.1 cont'd

    Template:

    Workflow

    TriggerStep 1Step 2Step 3Step 4

    Desired Outcome

    Journey Map

    Activities & Touch-points

    <>

    <>

    <>

    <>

    <>

    <>

    Must-Haves

    <>

    <>

    <>

    <>

    <>

    <>

    Nice-to-Haves

    <>

    <>

    <>

    <>

    <>

    <>

    Hidden Needs

    <>

    <>

    <>

    <>

    <>

    <>

    Emotional Journey

    <>

    <>

    <>

    <>

    <>

    <>

    If you need more than four steps in the workflow, duplicate this slide.

    Understand how mobile fits with your current system

    Evaluate the risks and impacts of your desired mobile features by looking at your enterprise system architecture from top to bottom. Is your mobile vision and needs compatible with your existing business capabilities and technologies?

    An architecture is usually represented by one or more architecture views that together provide a coherent description of the application system, including demonstrating the full impact mobile will have. A single, comprehensive model is often too complex to be understood and communicated in its most detailed form, and a model too high level hides the underlying complexity of an application's structure and deployment (The Open Group, TOGAF 8.1.1 - Developing Architecture Views). Obtain a complete understanding of your architecture by assessing it through multiple levels of views to reveal different sets of concerns:

    Application Architecture Views

    1. Use Case View
    • How does your business operate, and how will users interact with your mobile applications?
  • . Process View
    • What is the user workflow impacted by mobile, and how will it change?
  • Component View
    • How are my existing applications structured? What are its various components? How will mobile expand the costs of the existing technical debt?
  • Data View
    • What is the relationship of the data and information consumed, analyzed, and transmitted? Will mobile jeopardize the quality and reliability of the data?
  • Deployment View
    • In what environment are your mobile application components deployed? How will the existing systems operate with your mobile applications?
  • System View
    • How does your mobile application communicate with other internal and external systems? How will dependencies change with mobile?
  • See our Enhance Your Solution Architecture for more information.

    Ask key questions in your current system assessment

    • How do the various components of your system communicate with each other (e.g., web APIs, middleware, and point to point)?
    • What information is exchanged during the conversation?
    • How does the data flow from one component to the next? Is the data read-only or can application and users edit and modify it?
    • What are the access points to your mid- and back-tier systems (e.g., user access through web interface, corporate networks and third-party application access through APIs)?
    • Who has access to your enterprise systems?
    • Which components are managed and operated by third-party providers? What is your level of control?
    • What are the security protocols currently enforced in your system?
    • How often are your databases updated? Is it real-time or periodic extract, transfer, and load (ETL)?
    • What are the business rules?
    • Is your mobile stack dependent on other systems?
    • Is a mobile middleware, web server, or API gateway needed to help facilitate the integration between devices and your back-end support?

    1.2.2 Conduct a technical assessment

    1-3 hours

    1. Evaluate your current systems that will support the journey map of your mobile opportunities based on two categories: system quality and system management. Use the tables on the following slides and modify the questions if needed.
    2. Discuss if the current state of your system will impede your ability to succeed with mobile. Use this discussion to verify the decision to continue with mobile applications in your current state.
    3. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    Output
    • Journey map
    • Understanding of current system
    • Assessment of current system
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.2.2 cont'd

    Current State System Quality Assessment

    Factors Definitions Survey Responses
    Fit-for-Purpose System functionalities, services and integrations are designed and implemented for the purpose of satisfying the end users' needs and technology compatibilities. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Response Rate The system completes computation and processing requests within acceptable timeframes. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Data Quality The system delivers consumable, accurate, and trustworthy data. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Usability The system provides functionalities, services and integrations that are rewarding, engaging, intuitive, and emotionally satisfying. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Reliability The system is resilient or quickly recovers from issues and defects. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Accessible The system is available on demand and on the end user's preferred interface and device. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Secured End-user activity and data is protected from unauthorized access. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Adaptable The system can be quickly tailored to meet changing end-user and technology needs with reusable and customizable components. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)

    1.2.2 cont'd

    Current State System Management Assessment

    Factors Definitions Survey Responses
    Documentation The system is documented, accurate, and shared in the organization. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Measurement The system is continuously measured against clearly defined metrics tied to business value. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Compliance The system is compliant with regulations and industry standards. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Continuous Improvement The system is routinely rationalized and enhanced. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Architecture There is a shared overview of how the process supports business value delivery and its dependencies with technologies and other processes. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Ownership & Accountability The process has a clearly defined owner who is accountable for its risks and roadmap. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Support Resources are available to address adoption and execution challenges. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Organizational Change Management Communication, onboarding, and other change management capabilities are available to facilitate technology and related role and process changes. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)

    Step 1.3

    Define Your Non-Functional Requirements

    Activities

    1.3.1 Define mobile application quality

    1.3.2 Verify your decision to deliver mobile applications

    Set the Mobile Context

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams

    Outcomes of this step

    • Mobile application quality definition
    • Readiness for mobile delivery

    Build a strong foundation of mobile application quality

    Functionality and aesthetics often take front seats in mobile application delivery. Applications are then frequently modified and changed, not because they are functionally deficient or visually displeasing, but because they are difficult to maintain or scale, too slow, vulnerable or compromised. Implementing clear quality principles (i.e., non-functional requirements) and strong quality assurance practices throughout delivery are critical to minimize the potential work of future maintenance and to avoid, mitigate and manage IT risks.

    What is Mobile Application Quality?

    • Quality requirements (i.e., non-functional requirements) are properties of a system or product that dictate how it should behave at runtime and how it should be designed, implemented, and maintained.
    • These requirements should be involved in decision making around architecture, UI and functional design changes.
    • Functionality should not dictate the level of security, availability, or performance of a product, thereby risking system quality. Functionality and quality are viewed orthogonally, and trade-offs are discussed when one impacts the other.
    • Quality attributes should never be achieved in isolation as one attribute can have a negative or positive impact on another (e.g. security and availability).

    Why is Mobile Quality Assurance Critical?

    • Quality assurance (QA) is a necessity for the validation and verification of mobile delivery, whether you are delivering applications in an Agile or Waterfall fashion. Effective QA practices implemented across the software development lifecycle (SDLC) are vital, as all layers of the mobile stack need to readily able to adjust to suddenly evolving and changing business and user needs and technologies without risking system stability and breaking business standards and expectations.
    • However, investments in QA optimizations are often afterthoughts. QA is commonly viewed as a lower priority compared to other delivery capabilities (e.g., design and coding) and is typically the first item cut when delivery is under pressure.

    See our Build a Software Quality Assurance Program for more information.

    Mobile emphasizes the importance of good security, performance and integration

    Today's mobile workforce is looking for new ways to get more work done quickly. They want access to enterprise solutions and data directly on their mobile device, which can reside on multiple legacy systems and in the cloud and third-party infrastructure. This presents significant performance, integration, and security risks.

    Cloud Solutions: Can I use my existing APIs?. Solutions in Corporate Networks: Do my legacy systems have the capacity to support mobile?; How do I integrate solutions and data from multiple sources into a single view?; Third Party Solutions: Will I have a significant performance bottleneck?; Single View on Mobile Devices: How is corporate data stored on the device?; What new technology dependencies must I account for in my architecture and operational support capabilities?

    Mobile risks opening and widening existing security gaps

    New mobile technologies and the continued expansion of the enterprise environment increase the number of entry points attackers to your corporate data and networks. The ever-growing volume, velocity, and variety of new threats puts significant pressure on mobile delivery teams who are responsible for implementing mobile security measures and maintaining alignment to your security policies and those of app stores.

    Mobile attacks can come from various vectors:

    Attack Surface: Mobile Device

    Attack Surface: Network

    Attack Surface: Data Center

    Browser:
    Phishing
    Buffer Overflow
    Data Caching

    System:
    No Passcode
    Jailbroken and Rooted OS
    No/Weak Encryption
    OS Data Caching

    Phone:
    SMSishing
    Radio Frequency Attacks

    Apps:
    Configuration Manipulation
    Runtime Injection
    Improper SSL Validation

    • Packet Sniffing
    • Session Hijacking
    • Man-in-the-Middle (circumvent password verification systems)
    • Fake SSL Certificate
    • Rogue Access Points

    Web Server:
    Cross-Site Scripting (XSS)
    Brute Force Attacks
    Server Misconfigurations

    Database:
    SQL Injection
    Data Dumping

    Understand the top web security risks and vulnerabilities seen in the industry

    Recognize mobile applications are exposed to the same risks and vulnerabilities as web applications. Learn of OWASP's top 10 web security risks.

    • Broken Access Control
      • Failures typically lead to unauthorized information disclosure, modification, or destruction of all data or performing a business function outside the user's limits.
    • Cryptographic Failures
      • Improper and incorrect protection of data in transit and at rest, especially proprietary and confidential data and those that fall under privacy laws.
    • Injection
      • Execution of malicious code and injection of hostile or unfiltered data on the mobile device via the mobile application.
    • Insecure Design
      • Missing or ineffective security controls in the application design. An insecure design cannot be fixed by a perfect implementation,. Needed security controls were never created to defend against specific attacks.
    • Security Misconfiguration
      • The security settings in the application are not securely set or configured, including poor security hardening and inadequate system upgrading practices.
    • Vulnerable and Outdated Components
      • System components are vulnerable because they are unsupported, out of date, untested or not hardened against current security concerns.
    • Identification and Authentication Failures
      • Improper or poor protection against authentication-related attacks, particularly to the user's identity, authentication and session management.
    • Software and Data Integrity Failures
      • Failures related to code and infrastructure that does not protect against integrity violations, such as an application relying upon plugins, libraries, or modules from untrusted sources, repositories, and content delivery networks
    • Security Logging and Monitoring Failures
      • Insufficient logging, detection, monitoring, and active response that hinders the ability to detect, escalate, and respond to active breaches.
    • Server-Side Request Forgery (SSRF)
      • SSRF flaws occur whenever a web application is fetching a remote resource without validating the user-supplied URL.

    Good mobile application performance drives satisfaction and value delivery

    Underperforming mobile applications can cause your users to be unproductive. Your mobile applications should always aim to satisfy the productivity requirements of your end users.

    Users quickly notice applications that are slow and difficult to use. Providing a seamless experience for the user is now heavily dependent on how well your application performs. Optimizing your mobile application's processing efficiency can help your users perform their jobs properly in various environment conditions.

    Productive Users Need
    Performant Mobile Applications

    Persona

    Mobile Application Use Case

    Optimized Mobile Application

    Stationary Worker

    • Design flowcharts and diagrams, while abandoning paper and desktop apps in favor of easy-to-use, drawing tablet applications.
    • Multitask by checking the application to verify information given by a vendor during their presentation or pitch.
    • Flowcharts and diagrams are updated in real time for team members to view and edit
    • Compare vendors under assessment with a quick look-up app feature

    Roaming Worker (Engineer)

    • Replace physical copies of service and repair manuals physically stored with digital copies and access them with mobile applications.
    • Scan or input product bar code to determine whether a replacement part is available or needs to be ordered.
    • Worker is capable of interacting with other features of the mobile web app while product bar code is being verified

    Enhance the performance of the entire mobile stack

    Due to frequently changing mobile hardware, users' high performance expectations and mobile network constraints, mobile delivery teams must focus on the entire mobile stack for optimizing performance.

    Fine tune your enterprise mobile applications using optimization techniques to improve performance across the full mobile stack.

    This image contains a bar graph ranking the importance of the following datapoints: Minimize render blocking resources; Configure the mobile application viewport; Determine the right image file format ; Determine above-the-fold content; Minimize browser reflow; Adopt UI techniques to improve perceived latency; Resource minification; Data compression; Asynchronous programming; Resource HTTP caching; Minimize network roundtrips for first time to render.

    Info-Tech Insight

    Some user performance expectations can be managed with clever UI design (e.g., spinning pinwheels to indicate loading in progress and directing user focus to quick loading content) and operational choices (e.g. graceful degradation and progressive enhancements).

    Create an API-centric integration strategy

    Mobile delivery teams are tasked to keep up with the changing needs of end users and accommodate the evolution of trending mobile features. Ensuring scalable APIs is critical in quickly releasing changes and ensuring availability of corporate services and resources.

    As your portfolio of mobile applications grows, and device platforms and browsers diversify, it will become increasingly complex to provide all the data and service capabilities your mobile apps need to operate. It is important that your APIs are available, reliable, reusable, and secure for multiple uses and platforms.

    Take an API-centric approach to retain control of your mobile development and ensure reliability.

    APIs are the underlying layer of your mobile applications, enabling remote access of company data and services to end users. Focusing design and development efforts on the maintainability, reliability and scalability of your APIs enables your delivery teams to:

    • Reuse tried-and-tested APIs to deliver, test and harden applications and systems quicker by standardizing on the use and structure of REST APIs.
    • Ensure a consistent experience and performance across different applications using the same API.
    • Uniformly apply security and access control to remain compliant to security protocols, industry standards and regulations.
    • Provide reliable integration points when leveraging third-party APIs and services.

    See our Build Effective Enterprise Integration on the Back of Business Process for more information.

    Guide your integration strategy with principles

    Craft your principles around good API management and integration practices

    Expose Enterprise Data And Functionality in API-Friendly Formats
    Convert complex on-premises application services into developer-friendly RESTful APIs

    Protect Information Assets Exposed Via APIs to Prevent Misuse
    Ensure that enterprise systems are protected against message-level attack and hijack

    Authorize Secure, Seamless Access for Valid Identities
    Deploy strong access control, identity federation and social login functionality

    Optimize System Performance and Manage the API Lifecycle
    Maintain the availability of backend systems for APIs, applications and end users

    Engage, Onboard, Educate and Manage Developers
    Give developers the resources they need to create applications that deliver real value

    Source: 5 Pillars of API Management, Broadcom, 2021

    Clarify your definition of mobile quality

    Quality does not mean the same thing to everyone

    Do not expect a universal definition of mobile quality. Each department, person and industry standard will have a different interpretation of quality, and they will perform certain activities and enforce policies that meet those interpretations. Misunderstanding of what is defined as a high quality mobile application within business and IT teams can lead to further confusion behind governance, testing priorities and compliance.

    Each interpretation of quality can lead to endless testing, guardrails and constraints, or lack thereof. Be clear on the priority of each interpretation and the degree of effort needed to ensure they are met.

    For example:

    Mobile Application Owner
    What does an accessible mobile application mean?

    Persona: Customer
    I can access it on mobile phones, tablets and the web browser

    Persona: Developer
    I have access to each layer of the mobile stack including the code & data

    Persona: Operations
    The mobile application is accessible 24/7 with 95% uptime

    Example: A School Board's Quality Definition

    Quality Attribute Definitions
    Usability The product is an intuitive solution. Usability is the ease with which the user accomplishes a desired task in the application system and the degree of user support the system provides. Limited training and documentation are required.
    Performance Usability and performance are closely related. A solution that is slow is not usable. The application system is able to meet timing requirements, which is dependent on stable infrastructure to support it regardless of where the application is hosted. Baseline performance metrics are defined and changes must result in improvements. Performance is validated against peak loads.
    Availability The application system is present, accessible, and ready to carry out its tasks when needed. The application is accessible from multiple devices and platforms, is available 24x7x365, and teams communicate planned downtimes and unplanned outages. IT must serve teachers international student's parents, and other users who access the application outside normal business hours. The application should never be down when it should be up. Teams must not put undue burden on end users accessing the systems. Reasonable access requirements are published.
    Security Applications handle both private and personal data, and must be able to segregate data based on permissions to protect privacy. The application system is able to protect data and information from unauthorized access. Users want it to be secure but seamless. Vendors need to understand and implement the District School Board's security requirements into their products. Teams ensure access is authorized, maintain data integrity, and enforce privacy.
    Reusability Reusability is the capability for components and subsystems to be suitable for use in other applications and in other scenarios. This attribute minimizes the duplication of components and implementation time. Teams ensure a modular design that is flexible and usable in other applications.
    Interoperability The degree to which two or more systems can usefully exchange meaningful information via interfaces in a particular context.

    Scalability

    There are two kinds of scalability:

    • Horizontal scalability (scaling out): Adding more resources to logical units, such as adding another server to a cluster of servers.
    • Vertical scalability (scaling up): Adding more resources to a physical unit, such as adding more memory to a single computer.

    Ease of maintenance and enhancements are critical. Additional care is given to custom code because of the inherent difficulty to make it scale and update.

    Modifiability The capability to manage the risks and costs of change, considering what can be changed, the likelihood of change, and when and who makes the change. Teams minimize the barriers to change, and get business buy in to keep systems current and valuable.
    Testability The ease with which software are made to demonstrate its faults through (typically execution-based) testing. It cannot be assumed that the vendor has already tested the system against District School Board's requirements. Testability applies to all applications, operating systems, and databases.
    Supportability The ability of the system to provide information helpful for identifying and resolving issues when it fails to work correctly. Supportability applies to all applications and systems within the District School Board's portfolio, whether that be custom developed applications or vendor provided solutions. Resource investments are made to better support the system.
    Cost Efficiency The application system is executed and maintained in such a way that each area of cost is reduced to what is critically needed. Cost efficiency is critical (e.g. printers cost per page, TCO, software what does downtime cost us), and everyone must understand the financial impact of their decisions.
    Self-Service End users are empowered to make configurations, troubleshoot and make changes to their application without the involvement of IT. The appropriate controls are in place to manage the access to unauthorized access to corporate systems.
    Modifiability The capability to manage the risks and costs of change, considering what can be changed, the likelihood of change, and when and who makes the change. Teams minimize the barriers to change, and get business buy in to keep systems current and valuable.
    Testability The ease with which software are made to demonstrate its faults through (typically execution-based) testing. It cannot be assumed that the vendor has already tested the system against District School Board's requirements. Testability applies to all applications, operating systems, and databases.
    Supportability The ability of the system to provide information helpful for identifying and resolving issues when it fails to work correctly. Supportability applies to all applications and systems within the District School Board's portfolio, whether that be custom developed applications or vendor provided solutions. Resource investments are made to better support the system.

    1.3.1 Define mobile application quality

    1-3 hours

    1. List 5 quality attributes that your organization sees as important for a successful mobile application.
    2. List the core personas that will support mobile delivery and that will consume the mobile application. Start with development, operations and support, and end user.
    3. Describe each quality attributes from the perspective of each persona by asking, "What does quality mean to you?".
    4. Review each description from each persona to come to an acceptable definition.
    5. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    Output
    • User personas
    • Mobile application canvas
    • Journey map
    • Mobile application quality definition
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.3.1 cont'd

    Example: Info-Tech Guided Implementation with a Legal and Professional Services Organization

    Quality AttributeDeveloperOperations & Support TeamEnd Users

    Usability

    • Architecture and frameworks are aligned with industry best practices
    • Regular feedback through analytics and user feedback
    • Faster development and less technical debt
    • Pride in the product
    • Satisfaction that the product is serving its purpose and is actually being used by the user
    • Increased update of product use and feedback for future lifecycle
    • Standardization and positive perception of IT processes
    • Simpler to train users to adopt products and changes
    • Trust in system and ability to promote the product in a positive light
    • Trusted list of applications
    • Intuitive (easy to use, no training required)
    • Encourage collaboration and sharing ideas between end users and delivery teams
    • The information presented is correct and accurate
    • Users understand where the data came from and the algorithms behind it
    • Users learn features quickly and retain their knowledge longer, which directly correlates to decreased training costs and time
    • High uptake in use of the product
    • Seamless experience, use less energy to work with product

    Security

    • Secure by design approach
    • Testing across all layers of the application stack
    • Security analysis of our source code
    • Good approach to security requirement definition, secure access to databases, using latest libraries and using semantics in code
    • Standardized & clear practices for development
    • Making data access granular (not all or none)
    • Secure mission critical procedures which will reduce operational cost, improve compliance and mitigate risks
    • Auditable artifacts on security implementation
    • Good data classification, managed secure access, system backups and privacy protocols
    • Confidence of protection of user data
    • Encryption of sensitive data
    Availability
    • Good access to the code
    • Good access to the data
    • Good access to APIs and other integration technologies
    • Automatic alerts when something goes wrong
    • Self-repairing/recovering
    • SLAs and uptimes
    • Code documentation
    • Proactive support from the infrastructure team
    • System availability dashboard
    • Access on any end user device, including mobile and desktop
    • 24/7 uptime
    • Rapid response to reported defects or bugs
    • Business continuity

    1.3.2 Verify your decision to deliver mobile applications

    1-3 hours

    1. Review the various end user, business and technical expectations for mobile its achievability given the current state of your system and non-functional requirements.
    2. Complete the list of questions on the following slide as an indication for your readiness for mobile delivery.

    Input

    Output
    • Mobile application canvas
    • Assessment to proceed with mobile
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.3.2 cont'd

    Skill Sets
    Software delivery teams have skills in creating mobile applications that stakeholders are expecting in value and quality. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Architects look for ways to reuse existing technical asset and design for future growth and maturity in mobile. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Resources can be committed to implement and manage a mobile platform. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Software delivery teams and resources are adaptable and flexible to requirements and system changes. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Delivery Process
    My software delivery process can accommodate last minute and sudden changes in mobile delivery tasks. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Business and IT requirements for the mobile are clarified through collaboration between business and IT representatives. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Mobile will help us fill the gaps and standardize our software delivery process process. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    My testing practices can be adapted to verify and validate the mobile functional and non-functional requirements. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Technical Stack
    My mid-tier and back-end support has the capacity to accommodate additional traffic from mobile. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    I have access to my web infrastructure and integration technologies, and I am capable of making configurations. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    My security approaches and capabilities can be enhanced address specific mobile application risks and vulnerabilities. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    I have a sound and robust integration strategy involving web APIs that gives me the flexibility to support mobile applications. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)

    Phase 2

    Define Your Mobile Approach

    Choose Your Mobile Platform and Tools

    This phase will walk you through the following activities:

    • Step 2.1 – Choose Your Platform Approach
    • Step 2.2 – Shortlist Your Mobile Delivery Solution
    • Step 2.3 – Create a Roadmap for Mobile Delivery

    This phase involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Step 2.1

    Choose Your Platform Approach

    Activities

    2.1.1 Select your platform approach

    Define Your Mobile Approach

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Outcomes of this step

    • Desired mobile platform approach

    Mobile value is dependent on the platform you choose

    What is a platform?

    "A platform is a set of software and a surrounding ecosystem of resources that helps you to grow your business. A platform enables growth through connection: its value comes not only from its own features, but from its ability to connect external tools, teams, data, and processes." (Source: Emilie Nøss Wangen, 2021) In the mobile context, applications in a platform execute and communicate through a loosely coupled API architecture whether the supporting system is managed and supported by your organization or by 3rd party providers.

    Web

    The mobile web often takes on one of the following two approaches:

    • Responsive websites – Content, UI and other website elements automatically adjusts itself according to the device, creating a seamless experience regardless of the device.
    • Progressive web applications (PWAs) – PWAs uses the browser's APIs and features to offer native-like experiences.

    Mobile web applications are often developed with a combination of HTML, CSS, and JavaScript languages.

    Hybrid

    Hybrid applications are developed with web technologies but are deployed as native applications. The code is wrapped using a framework so that it runs locally within a native container, and it uses the device's browser runtime engine to support more sophisticated designs and features compared to the web approach. Hybrid mobile solutions allows teams to code once and deploy to multiple platforms.

    Some notable examples:

    • Gmail
    • Instagram

    Cross-Platform

    Cross-platform applications are developed within a distinct programming or scripting environment that uses its own scripting language (often like web languages) and APIs. Then the solution will compile the code into device-specific builds for native deployment.

    Some notable examples:

    • Facebook
    • Skype
    • Slack

    Native

    Native applications are developed and deployed to specific devices and OSs using platform-specific software development kits (SDKs) provided by the operating system vendors. The programming language and framework are dictated by the targeted device, such as Java for Android.

    With this platform, developers have direct access to local device features allowing customized operations. This enables the use of local resources, such as memory and runtime engines, which will achieve a higher performance than hybrid and cross-platform applications.

    Each platform offers unique pros and cons depending on your mobile needs

    WebHybridCross-PlatformNative

    Pros

    Cons

    Pros

    Cons

    Pros

    Cons

    Pros

    Cons

    • Modern browsers support the popular of web languages (HTML, CSS, and JavaScript).
    • Ubiquitous across multiple form factors and devices.
    • Mobile can be easily integrated into traditional web development processes and technical stacks.
    • Installations are not required, and updates are immediate.
    • Sensitive data can be wiped from memory after app is closed.
    • Limited access to local device hardware and software.
    • Local caching is available for limited offline capabilities, but the scope of tasks that can be completed in this scenario is restricted.
    • The browser's runtime engine is limited in computing power.
    • Not all browsers fully support the latest versions of HTML, CSS, or JavaScript.
    • Web languages can be used to develop a complete application.
    • Code can be reused for multiple platforms, including web.
    • Access to commonly-used native features that are not available through the web platform.
    • Quick delivery and maintenance updates compared to native and cross-platform platforms.
    • Consistent internet access is needed due to its reliance heavily reliance on web technologies to operate.
    • Limited ability to support complex workflows and features.
    • Sluggish performance compared to cross-platform and native applications.
    • Certain features may not operate the same across all platforms given the code once, deploy everywhere approach.
    • More cost-effective to develop than using native development approaches to gain similar features. Platform-specific developers are not needed.
    • Common codebase to develop applications on different applications.
    • Enables more complex application functionalities and technical customizations compared to hybrid applications.
    • Code is not portable across cross-platform delivery solutions.
    • The framework is tied to the vendor solution which presents the risk of vendor lock-in.
    • Deployment is dependent on an app store and the delivery solution may not guarantee the application's acceptance into the application store.
    • Significant training and onboarding may be needed using the cross-platform framework.
    • Tight integration with the device's hardware enables high performance and greater use of hardware features.
    • Computationally-intensive and complex tasks can be completed on the device.
    • Available offline access.
    • Apps are available through easy-to-access app stores.
    • Requires additional investments, such as app stores, app-specific support, versioning, and platform-specific extensions.
    • Developers skilled in a device-specific language are difficult to acquire and costly to train.
    • Testing is required every time a new device or OS is introduced.
    • Higher development and maintenance costs are tradeoffs for native device features.

    Start mobile development on a mobile web platform

    Start with what you have: begin with a mobile web platform to minimize impacts to your existing delivery skill sets and technical stack while addressing business needs. Resort to a hybrid first and then consider a cross-platform application if you require device access or the need to meet specific non-functional requirements.

    Why choose a mobile web platform?

    Pros

    The latest versions of the most popular web languages (HTML5, CSS3, JavaScript) abstract away from the granular, physical components of the application, simplifying the development process. HTML5 offer some mobile features (e.g., geolocation, accelerometer) that can meet your desired experience without the need for native development skills. Native look-and-feel, high performance, and full device access are just a few tradeoffs of going with web languages.

    Cons

    Native mobile platforms depend on device-specific code which follows specific frameworks and leverages unique programming libraries, such as Objective C for iOS and Java for Android. Each language requires a high level of expertise in the coding structure and hardware of specific devices requiring resources with specific skillsets and different tools to support development and testing.

    Other Notable Benefits with Web Languages

    • Modern browsers in most mobile devices are capable of executing and rendering many mobile features developed in web languages, allowing for greater portability and sophistication of code across multiple devices. However, this flexibility comes at the cost of performance since the browser's runtime engine will not perform as well as a native engine.
    • Web languages are well known by developers, minimizing skills and resourcing impacts. Consequently, changes can be quickly accommodated and updated uniformly across all end users.

    Do you need a native platform?

    Consider web workarounds if you choose a web platform but require some native experiences.

    The web platform does not give you direct access or sophisticated customizations to local device hardware and services, underlying code and integrations. You may run into the situation where you need some native experiences, but the value of these features may not offset the costs to undertake a native, hybrid or cross-platform application. When developing hybrid and cross-platform applications with a mobile delivery solution, only the APIs of the commonly used device features are available. Note that some vendors may not offer a particular native feature across all devices, inhibiting your ability to achieve feature parity or exploiting device features only available in certain devices. Workarounds are then needed.

    Consider the following workarounds to address the required native experiences on the web platform:

    Native Function Description Web Workaround Impact
    Camera Takes pictures or records videos through the device's camera. Create an upload form in the web with HTML5. Break in workflow leading to poor user experience (UX).
    Geolocation Detects the geographical location of the device. Available through HTML5. Not Applicable.
    Calendar Stores the user's calendar in local memory. Integrate with calendaring system or manually upload contacts. Costly integration initiative. Poor user experience.
    Contacts Stores contact information in local memory. Integrate app with contact system or manually upload contacts. Costly integration initiative. Poor user experience.
    Near Field Communication (NFC) Communication between devices by touching them together or bringing them into proximity. Manual transfer of data. A lot of time is consumed transferring simple information.
    Native Computation Computational power and resources needed to complete tasks on the device. Resource-intensive requests are completed by back-end systems and results sent back to user. Slower application performance given network constraints.

    Info-Tech Insight

    In many cases, workarounds are available when evaluating the gaps between web and native applications. For example, not having application-level access to the camera does not negate the user option to upload a picture taken by the camera through a web form. Tradeoffs like this will come down to assessing the importance of each platform gap for your organization and whether a workaround is good enough as a native-like experience.

    Architect and configure your entire mobile stack with a plan

    • Assess your existing technology stack that will support your mobile platform. Determine if it has the capacity to handle mobile traffic and the necessary integration between devices and enterprise and 3rd party systems are robust and reliable. Reach out to your IT teams and vendors if you are missing key mobile components, such as:
    • The acquisition and provisioning of physical or virtual mobile web servers and middleware from existing vendors.
    • Cloud services [e.g., Mobile Back-end as a Service (mBaaS)] that assists in the mobilization of back-end data sources with API SDKs, orchestration of data from multiple sources, transformation of legacy APIs to mobile formats, and satisfaction of other security, integration and performance needs.
    • Configure the services of your web server or middleware to facilitate the translation, transformation, and transfer of data between your mobile front-end and back-end. If your plan involves scripts, maintenance and other ongoing costs will likely increase.
    • Leverage the APIs or adapters provided by your vendors or device manufacturers to integrate your mobile front-end and back-end support to your web server or middleware. If you are reusing a web server, the back-end integration should already be in place. Remember, APIs implement business rules to maintain the integrity of data exchange within your mobile stack.
    • See Appendix A for examples of reference architectures of mobile platforms.

    See our Enhance Your Solution Architecture for more information.

    Do Not Forget Your Security and Performance Requirements

    Security: New threats from mobile put organizations into a difficult situation beyond simply responding to them in a timely matter. Be careful not to take the benefits of security out of the mobile context. You need to make security a first-order citizen during the scoping, design, and optimization of your systems supporting mobile. It must also be balanced with other functional and non-functional requirements with the right roles taking accountability for these decisions.

    See our Strengthen the SSDLC for Enterprise Mobile Applications for more information.

    Performance: Within a distributed mobile environment, performance has a risk of diminishing due to limited device capacity, network hopping, lack of server scalability, API bottlenecks, and other device, network and infrastructure issues. Mobile web APIs suffer from the same pain points as traditional web browsing and unplanned API call management in an application will lead to slow performance.

    See our Develop Enterprise Mobile Applications With Realistic and Relevant Performance for more information.

    Enterprise platform selection requires a shift in perspective

    Your mobile platform selection must consider both user and enterprise (i.e., non-functional) needs. Use a two-step process for your analysis:

    Begin Platform Selection with a User-Centric Approach

    Organizations appealing to end users place emphasis on the user experience: the look and appeal of the user interface, and the satisfaction, ease of use, and value of its functionalities. In this approach, IT concerns and needs are not high priorities, but many functions are completed locally or isolated from mission critical corporate networks and sensitive data. Some needs include:

    • Performance: quick execution of tasks and calculations made on the device or offloaded to web servers or the cloud.
    • User Interface: cross-platform compatibility and feature-rich design and functionality. The right native experience is critical to the user adoption and satisfaction.
    • Device Access: use of local device hardware and software to complete app use cases, such as camera, calendar, and contact lists.

    Refine Platform Selection with an Enterprise-Centric Approach

    From the enterprise perspective, emphasis is on security, system performance, integration, reuse and other non-functional requirements as the primary motivations in the selection of a mobile platform. User experience is still a contributing factor because of the mobile application's need to drive value but its priority is not exclusive. Some drivers include:

    • Openness: agreed-upon industry standards and technologies that can be applied to serve enterprise needs which support business processes.
    • Integration: increase the reuse of legacy investments and existing applications and services with integration capabilities.
    • Flexibility: support for multiple data types from applications such as JSON format for mobile.
    • Capacity: maximize the utilization of your software delivery resources beyond the initial iteration of the mobile application.

    Info-Tech Insight

    Selecting a mobile platform should not solely be made on business requirements. Key technical stakeholders should be at the table in this discussion to provide insight on the implementation and ongoing costs and benefits of each platform. Both business and technical requirements should be considered when deciding on a final platform.

    Select your mobile platform

    Drive your mobile platform selection against user-centric needs (e.g. device access, aesthetics) and enterprise-centric needs (e.g. security, system performance).

    When does a platform makes sense to use?

    Web

    • Desire to maximize current web technologies investments (people, process, and technologies).
    • Use cases do not require significant computational resources on the device or are tightly constrained by non-functional requirements.
    • Limited budget to acquire mobile development resources.
    • Access to device hardware is not a high priority.

    Hybrid / Cross-Platform

    • The need to quickly spin up native-like applications for multiple platforms and devices.
    • Desire to leverage existing web development skills, but also a need for device access and meeting specific non-functional requirements.
    • Vendor support is needed for the entire mobile delivery process.

    Native

    • Developers are experts in the target programming language and with the device's hardware.
    • Strong need for high performance, security and device-specific access and customizations.
    • Application use cases requiring significant computing resources.

    Nine datapoints are arranged on a graph where the x axis s labeled: User Centric Needs; and the Y axis is labeled: Enterprise-centric needs. The datapoints are, in order from left to right, top to bottom: Hybrid; Cross- Platform; Native; Web; Hybrid or Cross- Platform; Cros-s Platform; Web; Web; Hybrid or Cross- Platform.

    2.1.1 Select your platform approach

    1-3 hours

    1. Review your mobile objectives, end user needs and non-functional requirements.
    2. Determine which mobile platform is appropriate for each mobile opportunity or use case by answering the following questions on the following slides against two factors: user-centric and enterprise-centric needs.
    3. Calculate an average score for user-centric and one for enterprise-centric. Then, map them on the matrix to indicate possible platform options. Consider all options around the plotted point.
    4. Further discuss which platforms should be the preferred choice.
    5. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    Output
    • Desired mobile experience
    • List of desired mobile features
    • Current state assessments
    • Mobile platform approach
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    2.1.1 cont'd

    User-Centric Needs: Functional Requirements

    Factors Definitions Survey Responses
    Device Hardware Access The scope of access to native device hardware features. Basic features include those that are available through current web languages (e.g., geolocation) whereas comprehensive features are those that are device-specific. 1 (Basic) – 2 – 3 (Moderate) – 4 – 5 (Comprehensive)
    Customized Execution of Device Hardware The degree of changes to the execution of local device hardware to satisfy functional needs. 1 (Use as Is) – 2 – 3 (Configure) – 4 – 5 (Customize)
    Device Software Access The scope of access to software on the user's device, such as calendars and contact. 1 (Basic) – 2 – 3 (Moderate) – 4 – 5 (Comprehensive)
    Customized Execution of Device Software The degree of changes to the execution of local device software to satisfy functional needs. 1 (Use as Is) – 2 – 3 (Configure) – 4 – 5 (Customize)
    Use Case Complexity Workflow tasks and decisions are simple and straightforward. Complex computation is not needed to acquire the desired outcome. 1 (Strongly Agree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Disagree)
    Computational Resources The resources needed on the device to complete desired functional needs. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Use Case Ambiguity The mobile use case and technical requirements are well understood and documented. Changes to the mobile application is likely. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Mobile Application Access Enterprise systems and data are accessible to the broader organization through the mobile application. This factor does not necessarily mean that anyone can access it untracked. You may still need to identify yourself or log in, etc. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Scope of Adoption & Impact The extent to which the mobile application is leveraged in the organization. 1 (Enterprise) – 2 – 3 (Department) – 4 – 5 (Team)
    Installable The need to locally install the mobile application. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Targeted Devices & Platforms Mobile applications are developed for a defined set of mobile platform versions and types and device. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Output Audience The mobile application transforms an input into a valuable output for high-priority internal or external stakeholders. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)

    2.1.1 cont'd

    User-Centric Needs: Native User Experience Factors

    Factors Definitions Survey Responses
    Immersive Experience The need to bridge physical world with the virtual and digital environment, such as geofencing and NFC. 1 (Internally Delivered) – 2 – 3 (3rd Party Supported) – 4 – 5 (Business Implemented)
    Timeliness of Content and Updates The speed of which the mobile application (and supporting system) responds with requested information, data and updates from enterprise systems and 3rd party services. 1 (Reasonable Delayed Response) – 2 – 3 (Partially Outsourced) – 4 – 5 (Fully Outsourced)
    Application Performance The speed of which the mobile application completes tasks is critical to its success. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Network Accessibility The needed ability to access and use the mobile application in various network conditions. 1 (Only Available When Online) – 2 – 3 (Partially Available When Online) – 4 – 5 (Available Online)
    Integrated Ecosystem The approach to integrate the mobile application with enterprise or 3rd party systems and services. 1 (Out-of-the-Box Connectors) – 2 – 3 (Configurable Connectors) – 4 – 5 (Customized Connectors)
    Desire to Have a Native Look-and-Feel The aesthetics and UI features (e.g., heavy animations) that are only available through native and cross-platform applications. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    User Tolerance to Change The degree of willingness and ableness for a user to change their way of working to maximize the value of the mobile application. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Mission Criticality The business could not execute its main strategy if the mobile application was removed. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Business Value The mobile application directly adds business value to the organization. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Industry Differentiation The mobile application provides a distinctive competitive advantage or is unique to your organization. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)

    2.1.1 cont'd

    Enterprise-Centric Needs: Non-Functional Requirements

    Factors Definitions Survey Responses
    Legacy Compatibility The need to integrate and operate with legacy systems. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Code Portability The need to enable the "code once and deploy everywhere" approach. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Vendor & Technology Lock-In The tolerance to lock into a vendor mobile delivery solution or technology framework. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Data Sensitivity The data used by the mobile application does not fall into the category of sensitive data – meaning nothing financial, medical, or personal identity (GDPR and worldwide equivalents). The disclosure, modification, or destruction of this data would cause limited harm to the organization. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Data Policies Policies of the mobile application's data are mandated by internal departmental standards (e.g. naming standards, backup standards, data type consistency). Policies only mandated in this way usually have limited use in a production capacity. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Security Risks Mobile applications are connected to private data sources and its intended use will be significant if underlying data is breached. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Business Continuity & System Integrity Risks The mobile application in question does not have much significance relative to the running of mission critical processes in the organization. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    System Openness Openness of enterprise systems to enable mobile applications from the user interface to the business logic and backend integrations and database. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Mobile Device Management The organization's policy for the use of mobile devices to access and leverage enterprise data and services. 1 (Bring-Your-Own-Device) – 2 – 3 (Hybrid) – 4 – 5 (Corporate Devices)

    2.1.1 cont'd

    Enterprise-Centric Needs: Delivery Capacity

    Factors Definitions Survey Responses
    Ease of Mobile Delivery The desire to have out-of-the-box and packaged tools to expedite mobile application delivery using web technologies. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Solution Competency The capability for internal staff to and learn how to implement and administer mobile delivery tools and deliver valuable, high-quality applications. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Ease of Deployment The desire to have the mobile applications delivered by the team or person without specialized resources from outside the team. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Delivery Approach The capability to successfully deliver mobile applications given budgetary and costing, resourcing, and supporting services constraints. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Maintenance & Operational Support The capability of the resources to responsibly maintain and operate mobile applications, including defect fixes and the addition and extension of modules to base implementations of the digital product. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Domain Knowledge Support The availability and accessibility of subject and domain experts to guide facilitate mobile application implementation and adoption. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Delivery Urgency The desire to have the mobile application delivered quickly. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Reusable Components The desire to reuse UI elements and application components. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)

    2.1.1 cont'd

    Example:

    Score Factors (Average) Mobile Opportunity 1: Inventory Management Mobile Opportunity 2: Remote Support
    User-Centric Needs 4.25 3
    Functional Requirements 4.5 2.25
    Native User Experience Factors 4 1.75
    Enterprise-Centric Needs 4 2
    Non-Functional Requirements 3.75 3.25
    Delivery Capacity 4.25 2.75
    Possible Mobile Platform Cross-Platform Native PWA Hybrid

    Nine datapoints are arranged on a graph where the x axis s labeled: User Centric Needs; and the Y axis is labeled: Enterprise-centric needs. The datapoints are, in order from left to right, top to bottom: Hybrid; Cross- Platform; Native; Web; Hybrid or Cross- Platform; Cros-s Platform; Web; Web; Hybrid or Cross- Platform. Two yellow circles are overlaid, one containing the phrase: Remote Support - over the box containing Progressive Web Applications (PWA) or Hybrid; and a yellow circle containing the phrase Inventory MGMT, partly covering the box containing Native; and the box containing Cross-Platform.

    Build a scalable and manageable platform

    Long-term mobile success depends on the efficiency and reliability of the underlying operational platform. This platform must support the computational and performance demands in a changing business environment, whether it is composed of off-the-self or custom-developed solutions, or a single vendor or best-of-breed.

    • Application
      • The UI design and content language is standardized and consistently applied
      • All mobile configurations and components are automatically versioned
      • Controlled administration and tooling access, automation capabilities, and update delivery
      • Holistic portfolio management
    • Data
      • Automated data management to preserve data quality (e.g. removal of duplications)
      • Defined single source of truth
      • Adherence to data governance, and privacy and security policies
      • Good content management practices, governance and architecture
    • Infrastructure
      • Containers and sandboxes are available for development and testing
      • Self-healing and self-service environments
      • Automatic system scaling and load balancing
      • Comply to budgetary and licensing constraints
    • Integration
      • Backend database and system updates are efficient
      • Loosely coupled architecture to minimize system regressions and delivery effort
      • Application, system and data monitoring

    Step 2.2

    Shortlist Your Mobile Delivery Solution

    Activities

    2.2.1 Shortlist your mobile delivery solution

    2.2.2 Build your feature and service lists

    Define Your Mobile Approach

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Outcomes of this step

    • Shortlisted mobile delivery solutions
    • Desired list of vendor features and services

    Ask yourself: should I build or buy?

    Build Buy

    Multi-Source Best-of-Breed

    Vendor Add-Ons & Integrations

    Integrate various technologies that provide subset(s) of the features needed for supporting the business functions.

    Enhance an existing vendor's offerings by using their system add-ons either as upgrades, new add-ons or integrations.

    Pros

    • Flexibility in choice of tools.
    • In some cases, cost may be lower.
    • Easier to enhance with in-house teams.

    Cons

    • Introduces tool sprawl.
    • Requires resources to understand tools and how they integrate.
    • Some of the tools necessary may not be compatible with each other.

    Pros

    • Reduces tool sprawl.
    • Supports consistent tool stack.
    • Vendor support can make enhancement easier.
    • Total cost of ownership may be lower.

    Cons

    • Vendor Lock-In.
    • The processes to enhance may require tweaking to fit tool capability.

    Multi-Source Custom

    Single Source

    Integrate systems built in-house with technologies developed by external organizations.

    Buy an application/system from one vendor only.

    Pros

    • Flexibility in choice of tools.
    • In some cases, cost may be lower.
    • Easier to enhance with in-house teams.

    Cons

    • May introduce tool sprawl.
    • Requires resources to have strong technical skills
    • Some of the tools necessary may
    • not be compatible with each other.

    Pros

    • Reduces tool sprawl.
    • Supports consistent tool stack.
    • Vendor support can make enhancement easier.
    • Total cost of ownership may be lower.

    Cons

    • Vendor Lock-In.
    • The processes to enhance may require tweaking to fit tool capability.

    Weigh the pros and cons of mobile enablement versus development

    Mobile Enablement

    Mobile Development

    Description Mobile interfaces that heavily rely on enterprise or 3rd party systems to operate. Mobile does not expand the functionality of the system but complements it with enhanced access, input and consumption capabilities. Mobile applications that are custom built or configured in a way that can operate as a standalone entity, whether they are locally deployed to a user's device or virtually hosted.
    Mobile Platform Mobile web, locally installed mobile application provided by vendor Mobile web, hybrid, cross-platform, native
    Typical Audience Internal staff, trusted users Internal and external users, general public
    Examples of Tooling Flavors Enterprise applications, point solutions, robotic & process automation Mobile enterprise application platform, web development, low and no code development, software development kits (SDKs)
    Technical Skills Required Little to no mobile delivery experience and skillsets are needed, but teams must be familiar with the supporting system to understand how a mobile interface can improve the value of the system. Have good UX-driven and quality-first practices in the mobile context. In-depth coding, networking, system and UX design, data management and security skills are needed for complex designs, functions, and architectures.
    Architecture & Integration Architecture is standardized by the vendor or enterprise with UI elements that are often minimally configurable. Extensions and integrations must be done through the system rather than the mobile interface. Much of application stack and integration approach can be customized to meet the specific functional and non-functional needs. It should still leverage web and design standards and investments currently used.
    Functional Scope Functionality is limited to the what the underlying system allows the interface to do. This often is constrained to commodity web application features (e.g., reporting) or tied to minor configurations to the vendor-provided point solution Functionality is only constrained by the platform and the targeted mobile devices whether it is performance, integration, access or security related. Teams should consider feature and content parity across all products within the organization portfolio.
    Delivery Pipeline End-to-end delivery and automated pipeline is provided by the vendor to ensure parity across all interfaces. Many vendors provide cloud-based services for hosting. Otherwise, it is directly tied to the SDLC of the supporting system. End-to-end delivery and automated pipeline is directly tied to enterprise SDLC practices or through the vendor. Some vendors provide cloud-based services for hosting. Updates are manually or automatically (through a vendor) published to app stores and can be automatically pushed to corporate users through mobile application management capabilities.
    Standards & Guardrails Quality standards and technology governance are managed by the vendor or IT with limited capabilities to tailor them to be mobile specific. Quality standards and technology governance are managed by the mobile delivery teams. The degree of customizations to these standards and guardrails is dependent on the chosen platform and delivery team competencies.

    Understand the common attributes of a mobile delivery solution

    • Source Code Management – Built-in or having the ability to integrate with code management solutions for branching, merging, and versioning. Debugging and coding assistance capabilities may be available.
    • Single Code Base – Capable of programming in a standard coding and scripting language for deployment into several platforms and devices. This code base is aligned to a common industry framework (e.g., AngularJS, Java) or a vendor-defined one.
    • Out-of-the-Box Connectors & Plug-ins – Pre-built APIs enhance the solution's capabilities with 3rd party tools and systems to deliver and manage high quality and valuable mobile applications.
    • Emulators – Ability to virtualize an application's execution on a target platform and device.
    • Support for Native Features – Supports plug-ins and APIs for access to device-specific features.

    What are mobile delivery solutions?

    A mobile delivery solution gives you the tools, resources and support to enable or build your mobile application. They can provide pre-built applications, vendor supported components to allow some configurations, or resources for full stack customizations. Some solutions can be barebone software development kits (SDKs) or comprehensive suites offering features to support the entire software delivery lifecycle, such as:

    • Mobile application management
    • Testing and publishing to app stores
    • Content management
    • Cloud hosting
    • Application performance management

    Info-Tech Insight

    Mobile enablement and development capabilities are already embedded in many common productivity tools and enterprise applications, such as Microsoft PowerApps and ERP modules. They can serve as a starting point in the initial rollout of new management and governance practices without the need of acquiring new tools.

    Select your mobile delivery solutions

    1. Set the scope of your framework.
    • The initial context of this framework is based on the mobile functions needed to support your desired mobile experience and on the current state of your enterprise and 3rd party systems.
  • Define the decision factors for your solution selection.
    • Review the decision factors that will influence the selection of your mobile delivery solution for each mobile opportunity:
    • Stack Management – Who will be hosting and supporting your mobile application stack?
    • Workflows Complexity & Native Experience – How complex is your desired mobile experience and how will native device features be leveraged?
  • Select your solution type.
    • Mobile delivery solutions are broadly defined in the following groups:
    • Commercial-Off-The-Shelf (COTS) – Pre-built mobile applications requiring little to no configurations or implementation effort.
    • Vendor Hosted Mobile Platform – Back-end and mid-tier infrastructure and operational support are managed by a vendor.
    • Cross-Platform Development – Frameworks that transform a single code base into platform-specific builds.
    • Hybrid Development – Tools that wrap a single code base into a locally deployable build.
    • Custom Web Development – Environment enabling full stack development for mobile web applications.
    • Custom Native Development – Environment enabling full stack development for mobile native applications.
  • A quadrant analysis is depicted. the top data is labeled Complex Mobile Features; the right side is labeled Organization-Managed Stack; the bottom is labeled Simple Mobile Features; and the left side is labeled Vendor-Managed Stack. The quadrants are labeled the following, in order from left to right, top to bottom. Vendor- Hosted Mobile Platform; Custom Native Development Solutions; Commercial-Off-the-Shelf Solutions; Custom Web Development Solutions. In the middle of the graph are the following, in order from top to bottom: Cross-Platform Development Solutions; Hybrid Development Solutions

    Explore the various solution options

    Vendor Hosted Mobile Platform

    • Cloud Services (Mobile Backend-as-a-Service) (Amazon Amplify, Kinvey, Back4App, Google Firebase, Apache Usergrid)
    • Low Code Mobile Platforms (Outsystems, Mendix, Zoho Creator, IBM Mobile Foundation, Pega Mobile, HCL Volt MX, Appery)
    • Mobile Development via Enterprise Application (SalesForce Heroku, Oracle Application Accelerator MAX, SAP Mobile Development Kit, NetSuite Mobile)
    • Mobile Development via Business Process Automation (PowerApps, Appian, Nintex, Quickbase)

    Cross-Platform Development SDKs

    React Native, NativeScript, Xamarin Forms, .NET MAUI, Flutter, Kotlin Multiplatform Mobile, jQuery Mobile, Telerik, Temenos Quantum

    Custom Native Development Solutions

    • Native Development Languages and Environments (Swift, Java, Objective-C, Kotlin, Xcode, NetBeans, Android Studio, AppCode, Microsoft Visual Studio, Eclipse, DriodScript, Compose, Atom)
    • Mobile Application Utilities (Unity, MonoGame, Blender, 3ds Max Design, Maya, Unreal Engine, Amazon Lumberyard, Oculus)

    Commercial-Off-the-Shelf Solutions

    • No Code Mobile Platforms (Swiftic, Betty Blocks, BuildFire, Appy Pie, Plant an App, Microsoft Power Apps, AppSheet, Wix, Quixy)
    • Mobile Application Point Solutions and Enablement via Enterprise Applications

    Hybrid Development SDKs

    Cordova Project, Sencha Touch, Electron, Ionic, Capacitor, Monaca, Voltbuilder

    Custom Web Development Solutions

    Web Development Frameworks (React, Angular, Vue, Express, Django, Rails, Spring, Ember, Backbone, Bulma, Bootstrap, Tailwind CSS, Blade)

    Get the most out of your solutions by understanding their core components

    While most of the heavy lifting is handled by the vendor or framework, understanding how the mobile application is built and operates can identify where further fine-tuning is needed to increase its value and quality.

    Platform Runtime

    Automatic provisioning, configurations, and tuning of organizational and 3rd party infrastructure for high availability, performance, security and stability. This can include cloud management and non-production environments.

    Extensions

    • Mobile delivery solutions can be extended to allow:
    • Custom development of back-end code
    • Customizable integrations and hooks where needed
    • Integrations with CI/CD pipelines and administrative services
    • Integrations with existing databases and authentication services

    Platform Services

    The various services needed to support mobile delivery and enable continuous delivery, such as:

    • Configuration & Change Management – Verifies, validates, and monitors builds, deployments and changes across all components.
    • Code Generator – Transforms UI and data models into native application components that are ready to be deployed.
    • Deployment Services – Deploys application components consistently across all target environments and app stores.
    • Application Services – Manages the mobile application at runtime, including executing scheduled tasks and instrumentation.

    Application Architecture

    Fundamentally, mobile application architecture is no different than any other application architecture so much of your design standards still applies. The trick is tuning it to best meet your mobile functional and non-functional needs.

    This image contains an example of mobile application architecture.

    Source: "HCL Volt MX", HCL.

    Build your shortlist decision criteria

    The decision on which type of mobile delivery solution to use is dependent on several key questions?

    Who is the Mobile Delivery Team?

    • Is it a worker, business or IT?
    • What skills and knowledge does this person have?
    • Who is supporting mobile delivery and management?
    • Are other skills and tools needed to support, extend or mature mobile delivery adoption?

    What are the Use Cases?

    • What is the value and priority of the use cases?
    • What native features do we need?
    • Who is the audience of the output and who is impacted?
    • What systems, data and services do I need access?
    • Is it best to build it or buy it?
    • What are the quality standards?
    • How strategic is the use case?

    How Complex is the System?

    • Is the mobile application a standalone or integrated with enterprise systems?
    • What is the system's state and architecture?
    • What 3rd party services do we need integrated?
    • Are integrations out-of-the-box or custom?
    • Is the data standardized and who can edit its definition?
    • Is the system monolithic or loosely coupled?

    How Much Can We Tolerate?

    • Risks: What are the business and technical risks involved?
    • Costs: How much can we invest in implementation, training and operations?
    • Change: What organizational changes am I expecting to make? Will these changes be accepted and adopted?

    2.2.1 Shortlist your mobile delivery solution

    1-3 hours

    1. Determine which mobile delivery solutions is appropriate for each mobile opportunity or use case by answering the following questions on the following slides against two factors: complexity of mobile workflows and native features and management of the mobile stack.
      1. Take the average of the enterprise-centric and user-centric scores from step 2.1 for your complexity of mobile workflows and native features scores.
    2. Calculate an average score for the management of the mobile stack. Then, map them on the matrix to indicate possible solution options alongside your user-centric scores. Consider all options around the plotted point.
    3. Further discuss which solution should be the preferred choice and compare those options with your selected platform approach.
    4. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    Output
    • Current state assessment
    • Mobile platform approach
    • Shortlist of mobile delivery solution
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    2.2.1 cont'd

    Stack Management

    Factors Definitions Survey Responses
    Cost of Delayed Delivery The expected cost if a vendor solution or update is delayed. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Vendor Negotiation Organization's ability to negotiate favorable terms from vendors. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Controllable Delivery Timeline Organization's desire to control when solutions and updates are delivered. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Solution Hosting The desired approach to host the mobile application. 1 (Fully Outsourced) – 2 – 3 (Partially Outsourced) – 4 – 5 (Internally Hosted)
    Vendor Lock-In The tolerance to be locked into a specific technology stack or vendor ecosystem. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Operational Cost Target The primary target of the mobile application's operational budget. 1 (External Resources) – 2 – 3 (Hybrid) – 4 – 5 (Internal Resources)
    Platform Management The desired approach to manage the mobile delivery solution, platform or underlying technology. 1 (Decentralized) – 2 – 3 (Federated) – 4 – 5 (Centralized)
    Skill & Competency of Mobile Delivery Team The ability of the team to create and manage valuable and high-quality mobile applications. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Current Investment in Enterprise Technologies The need to maximize the ROI of current enterprise technologies or integrate with legacy technologies. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Ease of Extensibility Need to have out-of-the-box connectors and plug-ins to extend the mobile delivery solution beyond its base implementation. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Holistic Application Strategy Organizational priorities on the types of applications the portfolio should be comprised. 1 (Buy) – 2 – 3 (Hybrid) – 4 – 5 (Build)
    Control of Delivery Pipeline The desire to control the software delivery pipeline from design to development, testing, publishing and support. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Specific Quality Requirements Software and mobile delivery is constrained to your unique quality standards (e.g., security, performance, availability) 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)

    2.2.1 cont'd

    Example:

    Score Factors (Average) Mobile Opportunity 1: Inventory Management Mobile Opportunity 2: Remote Support
    User-Centric & Enterprise Centric Needs (From Step 2.1) 4.125 2.5
    Stack Management 2 2.5
    Desired Mobile Delivery Solution Vendor-Hosted Mobile Platform

    Commercial-Off-the-Shelf Solution

    Hybrid Development Solution

    A quadrant analysis is depicted. the top data is labeled Complex Mobile Features; the right side is labeled Organization-Managed Stack; the bottom is labeled Simple Mobile Features; and the left side is labeled Vendor-Managed Stack. The quadrants are labeled the following, in order from left to right, top to bottom. Vendor- Hosted Mobile Platform; Custom Native Development Solutions; Commercial-Off-the-Shelf Solutions; Custom Web Development Solutions. In the middle of the graph are the following, in order from top to bottom: Cross-Platform Development Solutions; Hybrid Development Solutions.

    Consider the following in your solution selection and implementation

    • Vendor lock in – Each solution has its own approach, frameworks, and data schemas to convert designs and logic into an executable build that is stable in the targeted environment. Consequently, moving application artifacts (e.g., code and designs) from one solution or environment to another may not be easily accomplished without significant modifications or the use of application modernization or migration services.
    • Conflicting priorities and viewpoints of good delivery practices – Mobile delivery solutions are very particular on how they generate applications from designs and configurations. The solution's approach may not accommodate your interpretation of high-quality code (e.g., scalability, maintainability, extensibility, security). Technical experts should be reviewing and refactoring the generated code.
    • Incompatibility with enterprise applications and systems – The true benefit of mobile delivery solutions is their ability to connect your mobile application to enterprise and 3rd party technologies and services. This capability often requires enterprise technologies and services to be architected in a way that is compatible with your delivery solution while ensuring data, security protocols and other standards and policies are consistently enforced.
    • Integration with current application development and management tools – Mobile delivery solutions should be extensions from your existing application development and management tools that provides the versioning, testing, monitoring, and deployment capabilities to sustain a valuable application portfolio. Without this integration, IT will be unable to:
      • Root cause issues found on IT dashboards or reported to help desk.
      • Rollback defective applications to a previous stable state.
      • Obtain a complete application portfolio inventory.
      • Execute comprehensive testing for high-risk applications.
      • Trace artifacts throughout the development lifecycle.
      • Generate reports of the status of releases.

    Enhance your SDLC to support mobile delivery

    What is the SDLC?

    The software development lifecycle (SDLC) is a process that ensures valuable software products are efficiently delivered to customers. It contains a repeatable set of activities needed to intake and analyze requirements to design, build, test, deploy, and maintain software products.

    How will mobile delivery influence my SDLC?

    • Cross-functional collaboration – Bringing business and IT together at the most opportune times to clarify user needs and business priorities, and set realistic expectations given technology and capacity constraints. The appropriate tactics and techniques are used to improve decision making and delivery effectiveness according to the type of work.
    • Iterative delivery – Frequent delivery of progressive changes minimizes the risk of low-quality features by containing and simplifying scope, and enables responsive turnarounds of fixes, enhancements, and priority changes.
    • Feedback loops –Mobile application owners constantly review, update and refine their backlog of mobile features and changes to reflect user feedback and system performance metrics. Delivery teams proactively prepare the application for future scaling based on lessons and feedback learned from earlier releases.

    To learn more, visit Info-Tech's Modernize Your SDLC blueprint.

    Example: Low- & No-Code Mobile Delivery Pipeline

    Low Code

    Data Modeling & Configuration

    No Code

    Visual Interface with Complex Data Models

    Data Modeling & Configuration

    Visual Interfaces with Simple Data Models

    GUI Designer with Customizable Components & Entities

    UI Definition & Design

    GUI Designer with Canned Templates

    Visual Workflow and Custom Scripting

    Business Logic Rules and Workflow Specification

    Visual Workflow and Natural Language Scripting

    Out-of-the-Box Plugins & Custom Integrations

    Integration of External Services (via 3rd Party APIs)

    Out-of-the-Box Plugins

    Automated and Manual Build & Packaging

    Build & Package

    Automated Build & Packaging

    Automated & Manual Testing

    Test

    Automated Testing

    One-Click Push or IT Push to App Store

    Publish to App Store

    One-Click Push to App Store

    Use Info-Tech's research to address your delivery gaps

    Mobile success requires more than a set of good tools.

    Overcome the Common Challenges Faced with Building Mobile Applications

    Common Challenges with Digital Applications

    Suggested Solutions

    • Time & Resource Constraints
    • Buy-In From Internal Stakeholders
    • Rapidly Changing Requirements
    • Legacy Systems
    • Low-Priority for Internal Tools
    • Insufficient Data Access

    Source: DronaHQ, 2021

    Learn the differentiators of mobile delivery solutions

    • Native Program Languages – Supports languages other than web (Java, Ruby, C/C++/C#, Objective-C).
    • IDE Integration – Available plug-ins for popular development suites and editors.
    • Debugging Tools – Finding and eliminating bugs (breakpoints, single stepping, variable inspection, etc.).
    • Application Packaging via IDE – Digitally sign applications through the IDE for it to be packaged and published in app stores.
    • Automated Testing Tools – Native or integration with automated functional and unit testing tools.
    • Low- and No- Code Designer – Tools for designing graphical user interfaces and features and managing data with drag-and-drop functionalities.
    • Publishing and Deployment Capabilities – Automated deployment to mobile device management (MDM) systems, mobile application management (MAM) systems, mobile application stores, and web servers.
    • Third-Party and Open-Source Integration – Integration with proprietary and open-source third-party modules, development tools, and systems.
    • Developer Marketplace – Out-of-the-box plug-ins, templates, and integration are available through a marketplace.
    • Mobile Application Support Capabilities – Ability to gather, manage, and address application issues and defects.
    • API Gateway, Monitoring, and Management – Services that enable the creation, publishing, maintenance, monitoring, and securing of APIs through a common interface.
    • Mobile Analytics and Monitoring – View the adoption, usage, and performance of deployed mobile applications through graphical dashboards.
    • Mobile Content Management – Publish and manage mobile content through a centralized system.
    • Mobile Application Security – Supports the securing of application access and usage, data encryption, and testing of security controls.

    Define your mobile delivery vendor selection criteria

    Focus on the key vendor attributes and capabilities that enable mobile delivery scaling and growth in your organization

    Considerations in Mobile Delivery Vendor Selection
    Platform Features & Capabilities Price to Implement & Operate Platform
    Types of Mobile Applications That Can Be Developed Ease of IT Administration & Management
    User Community & Marketplace Size Security, Privacy & Access Control Capabilities
    SME in Industry Verticals & Business Functions Vendor Product Roadmap & Corporate Strategy
    Pre-Built Designs, Templates & Application Shells Scope of Device- and OS-Specific Compatibilities
    Regulatory & Industry Compliance Integration & Technology Partners
    Importing Artifacts From and Exporting to Other Solutions Platform Architecture & Underlying Technology
    End-to-End Support for the Entire Mobile SDLC Relevance to Current Mobile Trends & Practices

    Build your features list

    Incorporate different perspectives when defining the list of mandatory and desired features of your target solution.

    Appendix B contains a list of features for low- and no-code solutions that can be used as a starting point.

    Visit Info-Tech's Implement a Proactive and Consistent Vendor Selection Process blueprint.

    Mobile Developer

    • Visual, drag-and-drop models to define data models, business logic, and user interfaces.
    • One-click deployment.
    • Self-healing capabilities.
    • Vendor-managed infrastructure.
    • Active community and marketplace.
    • Pre-built templates and libraries.
    • Optical character recognition and natural language processing.
    • Knowledgebase and document management.
    • Business value, operational costs, and other KPI monitoring.
    • Business workflow automation.

    Mobile IT Professional

    • Audit and change logs.
    • Theme and template builder.
    • Template management.
    • Role-based access.
    • Regulatory compliance.
    • Consistent design and user experience across applications.
    • Application and system performance monitoring.
    • Versioning and code management.
    • Automatic application and system refactoring and recovery.
    • Exception and error handling.
    • Scalability (e.g. load balancing) and infrastructure management.
    • Real-time debugging.
    • Testing capabilities.
    • Security management.
    • Application integration management.

    2.2.2 Build your feature and service lists

    1-3 hours

    Review the key outcomes in the previous exercises to help inform the features and vendor support you require to support your mobile delivery needs:

    End user personas and desired mobile experience

    Objectives and expectations

    Desired mobile features and platform

    Mobile delivery solutions

    Brainstorm a list of features and functionalities you require from your ideal solution vendors. Prioritize these features and functionalities. See our Implement a Proactive and Consistent Vendor Selection Process blueprint for more information on vendor procurement.

    Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    Output
    • Shortlist of mobile solutions
    • Quality definitions
    • Mobile objectives and metrics
    • List of desired features and services of mobile delivery solution vendors
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Hit a home run with your stakeholders

    Use a data-driven approach to select the right tooling vendor for your needs – fast.

    AwarenessEducation & DiscoveryEvaluationSelection

    Negotiation & Configuration

    1.1 Proactively Lead Technology Optimization & Prioritization2.1 Understand Marketplace Capabilities & Trends3.1 Gather & Prioritize Requirements & Establish Key Success Metrics4.1 Create a Weighted Selection Decision Model5.1 Initiate Price Negotiation with Top Two Venders
    1.2 Scope & Define the Selection Process for Each Selection Request Action2.2 Discover Alternate Solutions & Conduct Market Education3.2 Conduct a Data Driven Comparison of Vendor Features & Capabilities4.2 Conduct Investigative Interviews Focused on Mission Critical Priorities with Top 2-4 Vendors5.2 Negotiate Contract Terms & Product Configuration

    1.3 Conduct an Accelerated Business Needs Assessment

    2.3 Evaluate Enterprise Architecture & Application PortfolioNarrow the Field to Four Top Contenders4.3 Validate Key Issues with Deep Technical Assessments, Trial Configuration & Reference Checks5.3 Finalize Budget Approval & Project
    1.4 Align Stakeholder Calendars to Reduce Elapsed Time & Asynchronous Evaluation2.4 Validate the Business Case5.4 Invest in Training & Onboarding Assistance

    Investing time improving your software selection methodology has big returns.

    Info-Tech Insight

    Not all software selection projects are created equal – some are very small, some span the entire enterprise. To ensure that IT is using the right framework, understand the cost and complexity profile of the application you're looking to select. Info-Tech's Rapid Application Selection Framework approach is best for commodity and mid-tier enterprise applications; selecting complex applications is better handled by the methodology in Info-Tech's Implement a Proactive and Consistent Vendor Selection Process.

    Step 2.3

    Create a Roadmap for Mobile Delivery

    Activities

    2.3.1 Define your MVP release

    2.3.2 Build your roadmap

    Define Your Mobile Approach

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Outcomes of this step

    • MVP design
    • Mobile delivery roadmap

    Achieve mobile success with MVPs

    By delivering mobile capabilities in small iterations, teams recognize value sooner and reduce accumulated risk. Both benefits are realized as the iteration enters validation testing and release.

    This image depicts a graph of the learn-build-measure cycle over time, adapted from Managing the Development of Large Software Systems, Dr. Winston W. Royce, 1970

    An MVP focuses on a small set of functions, involves minimal possible effort to deliver a working and valuable solution, and is designed to satisfy a specific user group. Its purpose is to:

    • Maximize learning.
    • Evaluate the value and acceptance of mobile applications.
    • Inform the building of a mobile delivery practice.

    The build-measure-learn loop suggests mobile delivery teams should perpetually take an idea and develop, test, and validate it with the mobile development solution, then expand on the MVP using the lessons learned and evolving ideas. In this sense the MVP is just the first iteration in the loop.

    Leverage a canvas to detail your MVP

    Use the release canvas to organize and align the organization around your MVP!

    This is an example of a release canvas which can be used to detail your MVP.

    2.3.1 Define your MVP release

    1-3 hours

    1. Create a list of high priority use cases slated for mobile application delivery. Brainstorm the various supporting activities required to implement your use cases including the shortlisting of mobile delivery tools.
    2. Prioritize these use cases based on business priority (from your canvas). Size the effort of these use cases through collaboration.
    3. Define your MVPs using a release canvas as shown on the following slide.
    4. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Input

    Output
    • High priority mobile opportunities
    • Mobile platform approach
    • Shortlist of mobile solutions
    • List of potential MVPs
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    2.3.1 cont'd

    MVP Name

    Owner:
    Parent Initiative:
    Updated:

    NAME
    LINK
    October 05, 2022

    MVP Theme/Goals

    [Theme / Goal]

    Use Cases

    Value

    Costs

    [Use Case 1]
    [Use Case 2]
    [Use Case 3]

    [Business Value 1]
    [Business Value 2]
    [Business Value 3]

    [Cost Item 1]
    [Cost Item 2]
    [Cost Item 3]

    Impacted Personas

    Impacted Workflows

    Stakeholders

    [Persona 1]
    [Persona 2]
    [Persona 3]

    [Workflow 1]
    [Workflow 2]
    [Workflow 3]

    [Stakeholder 1]
    [Stakeholder 2]
    [Stakeholder 3]

    Build your mobile roadmap

    It's more than a set of colorful boxes. It's the map to align everyone to where you are going

    Your mobile roadmap

    • Lays out a strategy for your mobile application, platform and practice implementation and scaling.
    • Is a statement of intent for your mobile adoption.
    • Communicates direction for the implementation and use of mobile delivery tools, mobile applications and supporting technologies.
    • Directly connects to the organization's goals

    However, it is not:

    • Representative of a hard commitment.
    • A simple combination of your current product roadmaps

    Roadmap your MVPs against your milestones and release dates

    This is an image of an example of a roadmap for your MVPS, with milestones across Jan 2022, Feb 2022, Mar 2022, Apr 2022. under milestones, are the following points: Points in the timeline when an established set of artifacts is complete (feature-based), or to check status at a particular point in time (time-based); Typically assigned a date and used to show progress; Plays an important role when sequencing different types of artifacts. Under Release Dates are the following points: Releases mark the actual delivery of a set of artifacts packaged together in a new version of processes and applications or new mobile application and delivery capabilities. ; Release dates, firm or not, allow stakeholders to anticipate when this is coming.

    To learn more, visit Info-Tech's Deliver on Your Digital Product Vision blueprint.

    Understand what is communicated in your roadmap

    WHY is the work being done?

    Explains the overarching goal of work being done to a specific audience.

    WHO is doing the work?

    Categorizes the different groups delivering the work on the product.

    WHAT is the work being done?

    Explains the artifacts, or items of work, that will be delivered.

    WHEN is the work being done?

    Explains when the work will be delivered within your timeline.

    To learn more, visit Info-Tech's Deliver on Your Digital Product Vision blueprint.

    Pay attention to organizational changes

    Be prepared to answer:

    "How will mobile change the way I do my job?"

    • Plan how workers will incorporate mobile applications into their way of working and maximize the features it offers.
    • Address the human concerns regarding the transition to a digital world involving modern and mobile technologies and automation.
    • Accept changes, challenges and failures with open arms and instill tactics to quickly address them.
    • Build and strengthen business-IT trust, empowerment, and collaborative culture by adopting the right practices throughout the mobile delivery process.
    • Ensure continuous management and leadership support for business empowerment, operational changes, and shifts in role definitions to best support mobile delivery.
    • Establish a committee to manage the growth, adoption, and delivery of mobile as part of a grandeur digital application portfolio and address conflicts among business units and IT.

    Anticipate and prepare for changes and issues

    Verify and validate the flexibility and adaptability of your mobile applications, strategy and roadmap against various scenarios

    • Scenarios
      • Application Stores Rejecting the Application
      • Security Incidents & Risks
      • Low User Adoption, Retention & Satisfaction
      • Incompatibility with User's Device & Other Systems
      • Device & OS Patches & Updates
      • Changes in Industry Standards & Regulations

    Use the "Now, Next, Later" roadmap

    Use this when deadlines and delivery dates are not strict. This is best suited for brainstorming a product plan when dependency mapping is not required.

    Now

    What are you going to do now?

    Next

    What are you going to do very soon?

    Later

    What are you going to do in the future?

    This is a roadmap showing various points in the following categories: Now; Next; Later

    Adapted From: "Tips for Agile product roadmaps & product roadmap examples," Scrum.org, 2017

    2.3.2 Build your roadmap

    1-3 hours

    1. Identify the business outcomes your mobile application delivery and MVP is expected to deliver.
    2. Build your strategic roadmap by grouping each business outcome by how soon you need to deliver it:
      1. Now: Let's achieve this ASAP.
      2. Next: Sometime very soon, let's achieve these things.
      3. Later: Much further off in the distance, let's consider these things.
    3. Identify what the critical steps are for the organization to embrace mobile application delivery and deliver your MVP.
    4. Build your tactical roadmap by grouping each critical step by how soon you need to address it:
      1. Now: Let's do this ASAP.
      2. Next: Sometime very soon, let's do these things.
      3. Later: Much further off in the distance, let's consider these things.
    5. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Input

    Output
    • List of potential MVPs
    • Mobile roadmap
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    2.3.2 cont'd

    Example: Tactical Roadmap

    Milestone 1

    • Modify the business processes of the MVP to best leverage mobile technologies. Streamline the business processes by removing the steps that do not directly support value delivery.
    • Develop UI templates using the material design framework and the organization's design standards. Ensure it is supported on mobile devices through the mobile browser and satisfy accessibility design standards.
    • Verify and validate current security controls against latest security risks using the W3C as a starting point. Install the latest security patches to maintain compliance.
    • Acquire the Ionic SDK and upskill delivery teams.

    Milestone 2

    • Update the current web framework and third-party libraries with the latest version and align web infrastructure to latest W3C guidelines.
    • Verify and validate functionality and stability of APIs with third-party applications. Begin transition to REST APIs where possible.
    • Make minor changes to the existing data architecture to better support the data volume, velocity, variety, and veracity the system will process and deliver.
    • Update the master data management with latest changes. Keep changes to a minimum.
    • Develop and deliver the first iteration of the MVP with Ionic.

    Milestone 3

    • Standardize the initial mobile delivery practice.
    • Continuously monitor the system and proactively address business continuity, system stability and performance, and security risks.
    • Deliver a hands-on and facilitated training session to end users.
    • Develop intuitive user manuals that are easily accessible on SharePoint.
    • Consult end users for their views and perspectives of suggested business model and technology changes.
    • Regularly survey end users and the media to gauge industry sentiment toward the organization.

    Pitch your roadmap initiatives

    There are multiple audiences for your pitch, and each audience requires a different level of detail when addressed. Depending on the outcomes expected from each audience, a suitable approach must be chosen. The format and information presented will vary significantly from group to group.

    Audience

    Key Contents

    Outcome

    Outcome

    • Costs or benefits estimates

    Sign off on cost and benefit projections

    Executives and decision makers

    • Business value and financial benefits
    • Notable business risks and impacts
    • Business rationale and strategic roadmap

    Revisions, edits, and approval

    IT teams

    • Notable technical and IT risks
    • IT rationale and tactical roadmap
    • Proposed resourcing and skills capacity

    Clarity of vision and direction and readiness for delivery

    Business workers

    • Business rationale
    • Proposed business operations changes
    • Application roadmap

    Verification on proposed changes and feedback

    Continuously measure the benefits and value realized in your mobile applications

    Success hinges on your team's ability to deliver business value. Well-developed mobile applications instill stakeholder confidence in ongoing business value delivery and stakeholder buy-in, provided proper expectations are set and met.

    Business value defines the success criteria of an organization, and it is interpreted from four perspectives:

    • Profit Generation – The revenue generated from a business capability with mobile applications.
    • Cost Reduction – The cost reduction when performing business capabilities with mobile applications.
    • Service Enablement – The productivity and efficiency gains of internal business operations with mobile applications.
    • Customer and Market Reach – Metrics measuring the improved reach and insights of the business in existing or new markets.

    See our Build a Value Measurement Framework blueprint for more information about business value definition.

    Business Value Matrix

    This image contains a quadrant analysis with the following labels: Left - Improved Capabilities; Top - Outward; Right - Financial Benefit; Bottom - Inward. the quadrants are labeled the following, in order from left to right, top to bottom. Customer and Market Reach; Profit Generation; Service Enhancement; Cost Reduction

    Grow your mobile delivery practice

    We are Here
    Level 1: Mobile Delivery Foundations Level 2: Scaled Mobile Delivery Level 3: Leading-Edge Mobile Delivery

    You understand the opportunities and impacts mobile has on your business operations and its disruptive nature on your enterprise systems. Your software delivery lifecycle was optimized to incorporate the specific practices and requirements needed for mobile. A mobile platform was selected based on stakeholder needs that are weighed against current skillsets, high priority non-functional requirements, the available capacity and scalability of your stack, and alignment to your current delivery process.

    New features and mobile use cases are regularly emerging in the industry. Ensuring your mobile platform and delivery process can easily scale to incorporate constantly changing mobile features and technologies is key. This can help minimize the impact these changes will have on your mobile stack and the resulting experience.

    Achieving this state requires three competencies: mobile security, performance optimization, and integration practices.

    Many of today's mobile trends involve, in one form or another, hardware components on the mobile device (e.g., NFC receivers, GPS, cameras). You understand the scope of native features available on your end user's mobile device and the required steps and capabilities to enable and leverage them.

    Grow your mobile delivery practice (cont'd)

    Ask yourself the following questions:
    Level 1: Mobile Delivery Foundations Level 2: Scaled Mobile Delivery Level 3: Leading-Edge Mobile Delivery

    Checkpoint questions shown at the end of step 1.2 of this blueprint

    You should be at this point upon the successful delivery of your first mobile application.

    Security

    • Your mobile stack (application, data, and infrastructure) is updated to incorporate the security risks mobile apps will have on your systems and business operations.
    • Leading edge encryption, authentication management (e.g., multi-factor), and access control systems are used to bolster existing mobile security infrastructure.
    • Network traffic to and from mobile application is monitored and analyzed.

    Performance Optimization

    • Performance enhancements are made with the entire mobile stack in mind.
    • Mobile performance is monitored and assessed with both proactive (data flow) and retroactive (instrumentation) approaches.
    • Development and testing practices and technologies accommodate the performance differences between mobile and desktop applications.

    API Development

    • Existing web APIs are compatible with mobile applications, or a gateway / middleware is used to facilitate communication with backend and third-party services.
    • APIs are secured to prevent unauthorized access and misuse.
    • Web APIs are documented and standardized for reuse in multiple mobile applications.
    • Implementing APIs of native features in native and/or cross-platform and/or hybrid platforms is well understood.
    • All leading-edge mobile features are mapped to and support business requirements and objectives.
    • The new mobile use cases are well understood and account for the various scenarios/environments a user may encounter with the leading-edge mobile features.
    • The relevant non-mobile devices, readers, sensors, and other dependent systems are shortlisted and acquired to enable and support your new mobile capabilities.
    • Delivery teams are prepared to accommodate the various security, performance, and integration risks associated with implementing leading-edge mobile features. Practices and mechanisms are established to minimize the impact to business operations.
    • Metrics are used to measure the success of your leading-edge mobile features implementation by comparing its performance and acceptance against past projects.
    • Business stakeholders and development teams are up to date with the latest mobile technologies and delivery techniques.

    Summary of Accomplishment

    Choose Your Mobile Platform and Tools

    • User personas
    • Mobile objectives and metrics
    • Mobile opportunity backlog
    • List of mobile features to enable the desired mobile experience
    • System current assessment
    • Mobile application quality definition
    • Readiness for mobile delivery
    • Desired mobile platform approach
    • Shortlisted mobile delivery solutions
    • Desired list of vendor features and services
    • MVP design
    • Mobile delivery roadmap

    If you would like additional support, have our analysts guide you through other phases as part of Info-Tech workshop.

    Contact your account representative for more information

    workshops@infotech.com

    1-888-670-8889

    Research Contributors and Experts

    This is a picture of Chaim Yudkowsky, Chief Information Officer for The American Israel Public Affairs Committee

    Chaim Yudkowsky
    Chief Information Officer
    The American Israel Public Affairs Committee

    Chaim Yudkowsky is currently Chief information Officer for American Israel Public Affairs Committee (AIPAC), the DC headquartered not-for-profit focused on lobbying for a strong US-Israel relationship. In that role, Chaim is responsible for all traditional IT functions including oversight of IT strategy, vendor relationships, and cybersecurity program. In addition, Chaim also has primary responsibility for all physical security technology and strategy for US offices and event technology for the many AIPAC events.

    Bibliography

    "5 Pillars of API Management". Broadcom, 2021. Web.

    Bourne, James. "Apperian research shows more firms pushing larger numbers of enterprise apps". Enterprise CIO, 17 Feb 2016. Web.

    Ceci, L. "Mobile app user retention rate worldwide 2020, by vertical". Statista, 6 Apr 2022. Web.

    Clement, J. "Share of global mobile website traffic 2015-2021". Statista, 18 Feb 2022. Web

    DeVos, Jordan. "Design Problem Statements – What They Are and How to Frame Them." Toptal, n.d. Web.

    Enge, Eric. "Mobile vs. Desktop Usage in 2020". Perficient, 23 March 2021. Web.

    Engels, Antoine. "How many Android updates does Samsung, Xiaomi or OnePlus offer?" NextPit, Mar 2022. Web.

    "Fast-tracking digital transformation through next-gen technologies". Broadridge, 2022. Web.

    Gayatri. "The Pulse of Digital Transformation 2021 – Survey Results." DronaHQ, 2021. Web.

    Gray, Dave. "Updated Empathy Map Canvas." The XPLANE Collection, 15 July 2017. Web.

    "HCL Volt MX". HCL, n.d. Web.

    "iPass Mobile Professional Report 2017". iPass, 2017. Web.

    Karlsson, Johan. "Backlog Grooming: Must-Know Tips for High-Value Products." Perforce, 2019. Web.

    Karnes, KC. "Why Users Uninstall Apps: 28% of People Feel Spammed [Survey]". CleverTap, 27 July 2021. Web.

    Kemp, Simon. "Digital 2021: Global Overview Report". DataReportal, 27 Jan 2021. Web.

    Kleinberg, Sara. "Consumers are always shopping and eager for your help". Google, Aug 2018. Web.

    MaLavolta, Ivano. "Anatomy of an HTML 5 mobile web app". University of L'Aquila, 16 Apr 2012. Web.

    "Maximizing Mobile Value: To BYOD or not to BYOD?" Samsung and Oxford Economics, 2022. Web.

    "Mobile App Performance Metrics For Crash-Free Apps." AppSamurai, 27 June 2018. Web.

    "Mobile Application Development Statistics: 5 Facts". Intersog, 23 Nov 2021. Web.

    Moore, Geoffrey A. "Crossing the Chasm, 3rd Edition: Marketing and Selling Disruptive Products to Mainstream Customers." Harper Business, 3rd edition, 2014. Book.

    "OWASP Top Ten". OWASP, 2021. Web.

    "Personas". Usability.gov, n.d. Web.

    Roden, Marky. "PSC Tech Talk: UX Design – Not just making things pretty". Xomino, 18 Mar 2018. Web.

    Royce, Dr. Winston W. "Managing the Development of Large Software Systems." USC Student Computing Facility, 1970. Web.

    Rubin, Kenneth S. Essential Scrum: A Practical Guide to the Most Popular Agile Process. Pearson Education, 2012. Book.

    Sahay, Apurvanand et al. "Supporting the understanding and comparison of low-code development platforms." Universit`a degli Studi dell'Aquila, 2020. Web.

    Schuurman, Robbin. "Tips for Agile product roadmaps & product roadmap examples." Scrum.org, 2017. Web.

    Strunk, Christian. "How to define a product vision (with examples)." Christian Strunk. n.d. Web.

    Szeja, Radoslaw. "14 Biggest Challenges in Mobile App Development in 2022". Netguru, 4 Jan 2022. Web.

    "Synopsys Research Reveals Significant Security Concerns in Popular Mobile Apps Amid Pandemic". Synopsys, 25 Mar 2021. Web.

    "TOGAF 8.1.1 Online, Part IV: Resource Base, Developing Architecture Views." The Open Group, n.d. Web.

    Wangen, Emilie Nøss. "What Is a Software Platform & How Is It Different From a Product?" HubSpot, 2021. Web.

    "Mobile App Retention Rate: What's a Good Retention Rate?" Localytics, July 2021. Web.

    "Why Mobile Apps Fail: Failure to Launch". Perfecto Mobile, 26 Jan 2014. Web.

    Appendix A

    Sample Reference Frameworks

    Reference Framework: Web Platform

    Most of the operations of the applications on a web platform are executed in the mid-tier or back-end servers. End users interact with the platform through the presentation layer, developed with web languages, in the browser.

    This is an image of the Reference Framework: Web Platform

    Reference Framework: Mobile Web Application

    Many mobile web applications are composed of JavaScript (the muscle of the app), HTML5 (the backbone of the app), and CSS (the aesthetics of the app). The user will make a request to the web server which will interact with the application to provide a response. Since each device has unique attributes, consider a device detection service to help adjust content for each type of device.

    this is an image of the Reference Framework: Mobile Web Application

    Source: MaLavolta, Ivono, 2012.

    Web Platform: Anatomy of a Web Server

    Web Server Services

    • Mediation Services: Perform transformation of data/messages.
    • Boundary Services: Provide interface protocol and data/message conversion capabilities.
    • Event Distribution: Provides for the enterprise-wide adoption of content and topic-based publish/subscribe event distribution.
    • Transport Services: Facilitate data transmission across the middleware/server.
    • Service Directory: Manages multiple service identifiers and locations.

    This image shows the relationships of the various web server services listed above

    Reference Framework: Hybrid Platform

    Unlike the mobile web platform, most of an application's operations on the hybrid platform is on the device within a native container. The container leverages the device browser's runtime engine and is based on the framework of the mobile delivery solution.

    This is an image of the Reference Framework: Hybrid Platform

    Reference Framework: Native Platform

    Applications on a native platform are installed locally on the device giving it access to native device hardware and software. The programming language depends on the operating system's or device's SDK.

    This is an image of the Reference Framework: Native Platform

    Appendix B

    List of Low- and No- Code Software Delivery Solution Features

    Supplementary List of Features

    Graphical user interface

    • Drag-and-drop designer - This feature enhances the user experience by permitting to drag all the items involved in making an app including actions, responses, connections, etc.
    • Point and click approach - This is similar to the drag-and-drop feature except it involves pointing on the item and clicking on the interface rather than dragging and dropping the item.
    • Pre-built forms/reports - This is off-the-shelf and most common reusable editable forms or reports that a user can use when developing an application.
    • Pre-built dashboards - This is off-the-shelf and most common dashboards that a user can use when developing an application.
    • Forms - This feature helps in creating a better user interface and user experience when developing applications. A form includes dashboards, custom forms, surveys, checklists, etc. which could be useful to enhance the usability of the application being developed.
    • Progress tracking - This features helps collaborators to combine their work and track the development progress of the application.
    • Advanced Reporting - This features enables the user to obtain a graphical reporting of the application usage. The graphical reporting includes graphs, tables, charts, etc.
    • Built-in workflows - This feature helps to concentrate the most common reusable workflows when creating applications.
    • Configurable workflows - Besides built-in workflows, the user should be able to customize workflows according to their needs.

    Interoperability support

    • Interoperability with external services - This feature is one of the most important features to incorporate different services and platforms including that of Microsoft, Google, etc. It also includes the interoperability possibilities among different low-code platforms.
    • Connection with data sources - This features connects the application with data sources such as Microsoft Excel, Access and other relational databases such as Microsoft SQL, Azure and other non-relational databases such as MongoDB.

    Security Support

    • Application security - This feature enables the security mechanism of an application which involves confidentiality, integrity and availability of an application, if and when required.
    • Platform security - The security and roles management is a key part in developing an application so that the confidentiality, integrity and authentication (CIA) can be ensured at the platform level.

    Collaborative development support

    • Off-line collaboration - Different developers can collaborate on the specification of the same application. They work off-line locally and then they commit to a remote server their changes, which need to be properly merged.
    • On-line collaboration - Different developers collaborate concurrently on the specification of the same application. Conflicts are managed at run-time.

    Reusability support

    • Built-in workflows - This feature helps to concentrate the most common reusable workflows in creating an application.
    • Pre-built forms/reports - This is off-the-shelf and most common reusable editable forms or reports that a user might want to employ when developing an application.
    • Pre-built dashboards - This is off-the-shelf and most common dashboards that a user might want to employ when developing an application.

    Scalability

    • Scalability on number of users - This features enables the application to scale-up with respect to the number of active users that are using that application at the same time.
    • Scalability on data traffic - This features enables the application to scale-up with respect to the volume of data traffic that are allowed by that application in a particular time.
    • Scalability on data storage - This features enables the application to scale-up with respect to the data storage capacity of that application.

    Business logic specification mechanisms

    • Business rules engine - This feature helps in executing one or more business rules that help in managing data according to user's requirements.
    • Graphical workflow editor - This feature helps to specify one or more business rules in a graphical manner.
    • AI enabled business logic - This is an important feature which uses Artificial Intelligence in learning the behavior of an attributes and replicate those behaviors according to learning mechanisms.

    Application build mechanisms

    • Code generation - According to this feature, the source code of the modeled application is generated and subsequently deployed before its execution.
    • Models at run-time - The model of the specified application is interpreted and used at run-time during the execution of the modeled application without performing any code generation phase.

    Deployment support

    • Deployment on cloud - This features enables an application to be deployed online in a cloud infrastructure when the application is ready to deployed and used.
    • Deployment on local infrastructures - This features enables an application to be deployed locally on the user organization's infrastructure when the application is ready to be deployed and used.

    Kinds of supported applications

    • Event monitoring - This kind of applications involves the process of collecting data, analyzing the event that can be caused by the data, and signaling any events occurring on the data to the user.
    • Process automation - This kind of applications focuses on automating complex processes, such as workflows, which can take place with minimal human intervention.
    • Approval process control - This kind of applications consists of processes of creating and managing work approvals depending on the authorization of the user. For example, payment tasks should be managed by the approval of authorized personnel only.
    • Escalation management - This kind of applications are in the domain of customer service and focuses on the management of user viewpoints that filter out aspects that are not under the user competences.
    • Inventory management - This kind of applications is for monitoring the inflow and outflow of goods and manages the right amount of goods to be stored.
    • Quality management - This kind of applications is for managing the quality of software projects, e.g., by focusing on planning, assurance, control and improvements of quality factors.
    • Workflow management - This kind of applications is defined as sequences of tasks to be performed and monitored during their execution, e.g., to check the performance and correctness of the overall workflow.

    Source: Sahay, Apurvanand et al., 2020

    Develop and Deploy Security Policies

    • Buy Link or Shortcode: {j2store}256|cart{/j2store}
    • member rating overall impact (scale of 10): 9.5/10 Overall Impact
    • member rating average dollars saved: $19,953 Average $ Saved
    • member rating average days saved: 19 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • Employees are not paying attention to policies. Awareness and understanding of what the security policy’s purpose is, how it benefits the organization, and the importance of compliance are overlooked when policies are distributed.
    • Informal, un-rationalized, ad hoc policies do not explicitly outline responsibilities, are rarely comprehensive, and are difficult to implement, revise, and maintain.
    • Data breaches are still on the rise and security policies are not shaping good employee behavior or security-conscious practices.
    • Adhering to security policies is rarely a priority to users as compliance often feels like an interference to daily workflow. For a lot of organizations, security policies are not having the desired effect.

    Our Advice

    Critical Insight

    • Creating good policies is only half the solution. Having a great policy management lifecycle will keep your policies current, effective, and compliant.
    • Policies must be reasonable, auditable, enforceable, and measurable. If the policy items don’t meet these requirements, users can’t be expected to adhere to them. Focus on developing policies to be quantified and qualified for them to be relevant.

    Impact and Result

    • Save time and money using the templates provided to create your own customized security policies mapped to the Info-Tech framework, which incorporates multiple industry best-practice frameworks (NIST, ISO, SOC2SEC, CIS, PCI, HIPAA).

    Develop and Deploy Security Policies Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Develop and Deploy Security Policies Deck – A step-by-step guide to help you build, implement, and assess your security policy program.

    Our systematic approach will ensure that all identified areas of security have an associated policy.

  • Develop the security policy program.
  • Develop and implement the policy suite.
  • Communicate the security policy program.
  • Measure the security policy program.
    • Develop and Deploy Security Policies – Phases 1-4

    2. Security Policy Prioritization Tool – A structured tool to help your organization prioritize your policy suite to ensure that you are addressing the most important policies first.

    The Security Policy Prioritization Tool assesses the policy suite on policy importance, ease to implement, and ease to enforce. The output of this tool is your prioritized list of policies based on our policy framework.

    • Security Policy Prioritization Tool

    3. Security Policy Assessment Tool – A structured tool to assess the effectiveness of policies within your organization and determine recommended actions for remediation.

    The Security Policy Assessment Tool assesses the policy suite on policy coverage, communication, adherence, alignment, and overlap. The output of this tool is a checklist of remediation actions for each individual policy.

    • Security Policy Assessment Tool

    4. Security Policy Lifecycle Template – A customizable lifecycle template to manage your security policy initiatives.

    The Lifecycle Template includes sections on security vision, security mission, strategic security and policy objectives, policy design, roles and responsibilities for developing security policies, and organizational responsibilities.

    • Security Policy Lifecycle Template

    5. Policy Suite Templates – A best-of-breed templates suite mapped to the Info-Tech framework you can customize to reflect your organizational requirements and acquire approval.

    Use Info-Tech's security policy templates, which incorporate multiple industry best-practice frameworks (NIST, ISO, SOC2SEC, CIS, PCI, HIPAA), to ensure that your policies are clear, concise, and consistent.

    • Acceptable Use of Technology Policy Template
    • Application Security Policy Template
    • Asset Management Policy Template
    • Backup and Recovery Policy Template
    • Cloud Security Policy Template
    • Compliance and Audit Management Policy Template
    • Data Security Policy Template
    • Endpoint Security Policy Template
    • Human Resource Security Policy Template
    • Identity and Access Management Policy Template
    • Information Security Policy Template
    • Network and Communications Security Policy Template
    • Physical and Environmental Security Policy Template
    • Security Awareness and Training Policy Template
    • Security Incident Management Policy Template
    • Security Risk Management Policy Template
    • Security Threat Detection Policy Template
    • System Configuration and Change Management Policy Template
    • Vulnerability Management Policy Template

    6. Policy Communication Plan Template – A template to help you plan your approach for publishing and communicating your policy updates across the entire organization.

    This template helps you consider the budget time for communications, identify all stakeholders, and avoid scheduling communications in competition with one another.

    • Policy Communication Plan Template

    7. Security Awareness and Training Program Development Tool – A tool to help you identify initiatives to develop your security awareness and training program.

    Use this tool to first identify the initiatives that can grow your program, then as a roadmap tool for tracking progress of completion for those initiatives.

    • Security Awareness and Training Program Development Tool

    Infographic

    Workshop: Develop and Deploy Security Policies

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define the Security Policy Program

    The Purpose

    Define the security policy development program.

    Formalize a governing security policy lifecycle.

    Key Benefits Achieved

    Understanding the current state of policies within your organization.

    Prioritizing list of security policies for your organization.

    Being able to defend policies written based on business requirements and overarching security needs.

    Leveraging an executive champion to help policy adoption across the organization.

    Formalizing the roles, responsibilities, and overall mission of the program.

    Activities

    1.1 Understand the current state of policies.

    1.2 Align your security policies to the Info-Tech framework for compliance.

    1.3 Understand the relationship between policies and other documents.

    1.4 Prioritize the development of security policies.

    1.5 Discuss strategies to leverage stakeholder support.

    1.6 Plan to communicate with all stakeholders.

    1.7 Develop the security policy lifecycle.

    Outputs

    Security Policy Prioritization Tool

    Security Policy Prioritization Tool

    Security Policy Lifecycle Template

    2 Develop the Security Policy Suite

    The Purpose

    Develop a comprehensive suite of security policies that are relevant to the needs of the organization.

    Key Benefits Achieved

    Time, effort, and money saved by developing formally documented security policies with input from Info-Tech’s subject-matter experts.

    Activities

    2.1 Discuss the risks and drivers your organization faces that must be addressed by policies.

    2.2 Develop and customize security policies.

    2.3 Develop a plan to gather feedback from users.

    2.4 Discuss a plan to submit policies for approval.

    Outputs

    Understanding of the risks and drivers that will influence policy development.

    Up to 14 customized security policies (dependent on need and time).

    3 Implement Security Policy Program

    The Purpose

    Ensure policies and requirements are communicated with end users, along with steps to comply with the new security policies.

    Improve compliance and accountability with security policies.

    Plan for regular review and maintenance of the security policy program.

    Key Benefits Achieved

    Streamlined communication of the policies to users.

    Improved end user compliance with policy guidelines and be better prepared for audits.

    Incorporate security policies into daily schedule, eliminating disturbances to productivity and efficiency.

    Activities

    3.1 Plan the communication strategy of new policies.

    3.2 Discuss myPolicies to automate management and implementation.

    3.3 Incorporate policies and processes into your security awareness and training program.

    3.4 Assess the effectiveness of security policies.

    3.5 Understand the need for regular review and update.

    Outputs

    Policy Communication Plan Template

    Understanding of how myPolicies can help policy management and implementation.

    Security Awareness and Training Program Development Tool

    Security Policy Assessment Tool

    Action plan to regularly review and update the policies.

    Further reading

    Develop and Deploy Security Policies

    Enhance your overall security posture with a defensible and prescriptive policy suite.

    Analyst Perspective

    A policy lifecycle can be the secret sauce to managing your policies.

    A policy for policy’s sake is useless if it isn’t being used to ensure proper processes are followed. A policy should exist for more than just checking a requirement box. Policies need to be quantified, qualified, and enforced for them to be relevant.

    Policies should be developed based on the use cases that enable the business to run securely and smoothly. Ensure they are aligned with the corporate culture. Rather than introducing hindrances to daily operations, policies should reflect security practices that support business goals and protection.

    No published framework is going to be a perfect fit for any organization, so take the time to compare business operations and culture with security requirements to determine which ones apply to keep your organization secure.

    Photo of Danny Hammond, Research Analyst, Security, Risk, Privacy & Compliance Practice, Info-Tech Research Group. Danny Hammond
    Research Analyst
    Security, Risk, Privacy & Compliance Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge
    • Security breaches are damaging and costly. Trying to prevent and respond to them without robust, enforceable policies makes a difficult situation even harder to handle.
    • Informal, un-rationalized, ad hoc policies are ineffective because they do not explicitly outline responsibilities and compliance requirements, and they are rarely comprehensive.
    • Without a strong lifecycle to keep policies up to date and easy to use, end users will ignore or work around poorly understood policies.
    • Time and money is wasted dealing with preventable security issues that should be pre-emptively addressed in a comprehensive corporate security policy program.
    Common Obstacles

    InfoSec leaders will struggle to craft the right set of policies without knowing what the organization actually needs, such as:

    • The security policies needed to safeguard infrastructure and resources.
    • The scope the security policies will cover within the organization.
    • The current compliance and regulatory obligations based on location and industry.
    InfoSec leaders must understand the business environment and end-user needs before they can select security policies that fit.
    Info-Tech’s Approach

    Info-Tech’s Develop and Deploy Security Policies takes a multi-faceted approach to the problem that incorporates foundational technical elements, compliance considerations, and supporting processes:

    • Assess what security policies currently exist within the organization and consider additional secure policies.
    • Develop a policy lifecycle that will define the needs, develop required documentation, and implement, communicate, and measure your policy program.
    • Draft a set of security policies mapped to the Info-Tech framework, which incorporates multiple industry best-practice frameworks (NIST, ISO, SOC2SEC, CIS, PCI, HIPAA).

    Info-Tech Insight

    Creating good policies is only half the solution. Having a great policy management lifecycle will keep your policies current, effective, and compliant.

    Your Challenge

    This research is designed to help organizations design a program to develop and deploy security policies

    • A security policy is a formal document that outlines the required behavior and security controls in place to protect corporate assets.
    • The development of policy documents is an ambitious task, but the real challenge comes with communication and enforcement.
    • A good security policy allows employees to know what is required of them and allows management to monitor and audit security practices against a standard policy.
    • Unless the policies are effectively communicated, enforced, and updated, employees won’t know what’s required of them and will not comply with essential standards, making the policies powerless.
    • Without a good policy lifecycle in place, it can be challenging to illustrate the key steps and decisions involved in creating and managing a policy.

    The problem with security policies

    29% Of IT workers say it's just too hard and time consuming to track and enforce.

    25% Of IT workers say they don’t enforce security policies universally.

    20% Of workers don’t follow company security policies all the time.

    (Source: Security Magazine, 2020)

    Common obstacles

    The problem with security policies isn’t development; rather, it’s the communication, enforcement, and maintenance of them.

    • Employees are not paying attention to policies. Awareness and understanding of what the security policy’s purpose is, how it benefits the organization, and the importance of compliance are overlooked when policies are distributed.
    • Informal, un-rationalized, ad hoc policies do not explicitly outline responsibilities, are rarely comprehensive, and are difficult to implement, revise, and maintain.
    • Date breaches are still on the rise and security policies are not shaping good employee behavior or security-conscious practices.
    • Adhering to security policies is rarely a priority to users as compliance often feels like an interference to daily workflow. For a lot of organizations, security policies are not having the desired effect.
    Bar chart of the 'Average cost of a data breach' in years '2019-20', '20-21', and '21-22'.
    (Source: IBM, 2022 Cost of a Data Breach; n=537)

    Reaching an all-time high, the cost of a data breach averaged US$4.35 million in 2022. This figure represents a 2.6% increase from last year, when the average cost of a breach was US$4.24 million. The average cost has climbed 12.7% since 2020.

    Info-Tech’s approach

    The right policy for the right audience. Generate a roadmap to guide the order of policy development based on organizational policy requirements and the target audience.

    Actions

    1. Develop policy lifecycle
    2. Identify compliance requirements
    3. Understand which policies need to be developed, maintained, or decommissioned
    I. Define Security Policy Program

    a) Security policy program lifecycle template

    b) Policy prioritization tool
    Clockwise cycle arrows at the centre of the table. II. Develop & Implement Policy Suite

    a) Policy template set

    Policies must be reasonable, auditable, enforceable, and measurable. Policy items that meet these requirements will have a higher level of adherence. Focus on efficiently creating policies using pre-developed templates that are mapped to multiple compliance frameworks.

    Actions

    1. Differentiate between policies, procedures, standards, and guidelines
    2. Draft policies from templates
    3. Review policies, including completeness
    4. Approve policies
    Gaining feedback on policy compliance is important for updates and adaptation, where necessary, as well as monitoring policy alignment to business objectives.

    Actions

    1. Enforce policies
    2. Measure policy effectiveness
    IV. Measure Policy Program

    a) Security policy tracking tool

    III. Communicate Policy Program

    a) Security policy awareness & training tool

    b) Policy communication plan template
    Awareness and training on security policies should be targeted and must be relevant to the employees’ jobs. Employees will be more attentive and willing to incorporate what they learn if they feel that awareness and training material was specifically designed to help them.

    Actions

    1. Identify any changes in the regulatory and compliance environment
    2. Include policy awareness in awareness and training programs
    3. Disseminate policies
    Build trust in your policy program by involving stakeholder participation through the entire policy lifecycle.

    Blueprint benefits

    IT/InfoSec Benefits

    • Reduces complexity within the policy creation process by using a single framework to align multiple compliance regimes.
    • Introduces a roadmap to clearly educate employees on the do’s and don’ts of IT usage within the organization.
    • Reduces costs and efforts related to managing IT security and other IT-related threats.

    Business Benefits

    • Identifies and develops security policies that are essential to your organization’s objectives.
    • Integrates security into corporate culture while maximizing compliance and effectiveness of security policies.
    • Reduces security policy compliance risk.

    Key deliverable:

    Security Policy Templates

    Templates for policies that can be used to map policy statements to multiple compliance frameworks.

    Sample of Security Policy Templates.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Security Policy Prioritization Tool

    The Info-Tech Security Policy Prioritization Tool will help you determine which security policies to work on first.
    Sample of the Security Policy Prioritization Tool.
    Sample of the Security Policy Assessment Tool.

    Security Policy Assessment Tool

    Info-Tech's Security Policy Assessment Tool helps ensure that your policies provide adequate coverage for your organization's security requirements.

    Measure the value of this blueprint

    Phase

    Purpose

    Measured Value

    Define Security Policy Program Understand the value in formal security policies and determine which policies to prepare to update, eliminate, or add to your current suite. Time, value, and resources saved with guidance and templates:
    1 FTE*3 days*$80,000/year = $1,152
    Time, value, and resources saved using our recommendations and tools:
    1 FTE*2 days*$80,000/year = $768
    Develop and Implement the Policy Suite Select from an extensive policy template offering and customize the policies you need to optimize or add to your own policy program. Time, value, and resources saved using our templates:
    1 consultant*15 days*$150/hour = $21,600 (if starting from scratch)
    Communicate Security Policy Program Use Info-Tech’s methodology and best practices to ensure proper communication, training, and awareness. Time, value, and resources saved using our training and awareness resources:
    1 FTE*1.5 days*$80,000/year = $408
    Measure Security Policy Program Use Info-Tech’s custom toolkits for continuous tracking and review of your policy suite. Time, value, and resources saved by using our enforcement recommendations:
    2 FTEs*5 days*$160,000/year combined = $3,840
    Time, value, and resources saved by using our recommendations rather than an external consultant:
    1 consultant*5 days*$150/hour = $7,200

    After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

    Overall Impact

    9.5 /10

    Overall Average $ Saved

    $29,015

    Overall Average Days Saved

    25

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is six to ten calls over the course of two to four months.

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    Call #1: Scope security policy requirements, objectives, and any specific challenges.

    Call #2: Review policy lifecycle; prioritize policy development.

    Call #3: Customize the policy templates.

    Call #4: Gather feedback on policies and get approval.

    Call #5: Communicate the security policy program.

    Call #6: Develop policy training and awareness programs.

    Call #7: Track policies and exceptions.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889
    Day 1 Day 2 Day 3 Day 4 Day 5
    Define the security policy program
    Develop the security policy suite
    Develop the security policy suite
    Implement security policy program
    Finalize deliverables and next steps
    Activities

    1.1 Understand the current state of policies.

    1.2 Align your security policies to the Info-Tech framework for compliance.

    1.3 Understand the relationship between policies and other documents.

    1.4 Prioritize the development of security policies.

    1.5 Discuss strategies to leverage stakeholder support.

    1.6 Plan to communicate with all stakeholders.

    1.7 Develop the security policy lifecycle.

    2.1 Discuss the risks and drivers your organization faces that must be addressed by policies.

    2.2 Develop and customize security policies.

    2.1 Discuss the risks and drivers your organization faces that must be addressed by policies (continued).

    2.2 Develop and customize security policies (continued).

    2.3 Develop a plan to gather feedback from users.

    2.4 Discuss a plan to submit policies for approval.

    3.1 Plan the communication strategy for new policies.

    3.2 Discuss myPolicies to automate management and implementation.

    3.3 Incorporate policies into your security awareness and training program.

    3.4 Assess the effectiveness of policies.

    3.5 Understand the need for regular review and update.

    4.1 Review customized lifecycle and policy templates.

    4.2 Discuss the plan for policy roll out.

    4.3 Schedule follow-up Guided Implementation calls.

    Deliverables
    1. Security Policy Prioritization Tool
    2. Security Policy Lifecycle
    1. Security Policies (approx. 9)
    1. Security Policies (approx. 9)
    1. Policy Communication Plan
    2. Security Awareness and Training Program Development Tool
    3. Security Policy Assessment Tool
    1. All deliverables finalized

    Develop and Deploy Security Policies

    Phase 1

    Define the Security Policy Program

    Phase 1

    1.1 Understand the current state

    1.2 Align your security policies to the Info-Tech framework

    1.3 Document your policy hierarchy

    1.4 Prioritize development of security policies

    1.5 Leverage stakeholders

    1.6 Develop the policy lifecycle

    Phase 2

    2.1 Customize policy templates

    2.2 Gather feedback from users on policy feasibility

    2.3 Submit policies to upper management for approval

    Phase 3

    3.1 Understand the need for communicating policies

    3.2 Use myPolicies to automate the management of your security policies

    3.3 Design, build, and implement your communications plan

    3.4 Incorporate policies and processes into your training and awareness programs

    Phase 4

    4.1 Assess the state of security policies

    4.2 Identify triggers for regular policy review and update

    4.3 Develop an action plan to update policies

    This phase will walk you through the following activities:

    • Understand the current state of your organization’s security policies.
    • Align your security policies to the Info-Tech framework for compliance.
    • Prioritize the development of your security policies.
    • Leverage key stakeholders to champion the policy initiative.
    • Inform all relevant stakeholders of the upcoming policy program.
    • Develop the security policy lifecycle.

    1.1 Understand the current state of policies

    Scenario 1: You have existing policies

    1. Use the Security Policy Prioritization Tool to identify any gaps between the policies you already have and those recommended based on your changing business needs.
    2. As your organization undergoes changes, be sure to incorporate new requirements in the existing policies.
    3. Sometimes, you may have more specific procedures for a domain’s individual security aspects instead of high-level policies.
    4. Group current policies into the domains and use the policy templates to create overarching policies where there are none and improve upon existing high-level policies.

    Scenario 2: You are starting from scratch

    1. To get started on new policies, use the Security Policy Prioritization Tool to identify the policies Info-Tech recommends based on your business needs. See the full list of templates in the Appendix to ensure that all relevant topics are addressed.
    2. Whether you’re starting from scratch or have incomplete/ad hoc policies, use Info-Tech’s policy templates to formalize and standardize security requirements for end users.
    Info-Tech Insight

    Policies are living, evolving documents that require regular review and update, so even if you have policies already written, you’re not done with them.

    1.2 Align your security policies to the Info-Tech framework for compliance

    You have an opportunity to improve your employee alignment and satisfaction, improve organizational agility, and obtain high policy adherence. This is achieved by translating your corporate culture into a policy-based compliance culture.

    Align your security policies to the Info-Tech Security Framework by using Info-Tech’s policy templates.

    Info-Tech’s security framework uses a best-of-breed approach to leverage and align with most major security standards, including:
    • ISO 27001/27002
    • COBIT
    • Center for Internet Security (CIS) Critical Controls
    • NIST Cybersecurity Framework
    • NIST SP 800-53
    • NIST SP 800-171

    Info-Tech Security Framework

    Info-Tech Security Framework with policies grouped into categories which are then grouped into 'Governance' and 'Management'.

    1.3 Document your policy hierarchy

    Structuring policy components at different levels allows for efficient changes and direct communication depending on what information is needed.

    Policy hierarchy pyramid with 'Security Policy Lifecycle' on top, then 'Security Policies', then 'IT and/or Supporting Documentation'.

    Defines the cycle for the security policy program and what must be done but not how to do it. Aligns the business, security program, and policies.
    Addresses the “what,” “who,” “when,” and “where.”

    Defines high-level overarching concepts of security within the organization, including the scope, purpose, and objectives of policies.
    Addresses the high-level “what” and “why.”
    Changes when business objectives change.

    Defines enterprise/technology – specific, detailed guidelines on how to adhere to policies.
    Addresses the “how.”
    Changes when technology and processes change.

    Info-Tech Insight

    Design separate policies for different areas of focus. Policies that are written as single, monolithic documents are resistant to change. A hierarchical top-level document supported by subordinate policies and/or procedures can be more rapidly revised as circumstances change.

    1.3.1 Understand the relationship between policies and other documents

    Policy:
    • Provides emphasis and sets direction.
    • Standards, guidelines, and procedures must be developed to support an overarching policy.
    Arrows stemming from the above list, connecting to the three lists below.

    Standard:

    • Specifies uniform method of support for policy.
    • Compliance is mandatory.
    • Includes process, frameworks, methodologies, and technology.
    Two-way horizontal arrow.

    Procedure:

    • Step-by-step instructions to perform desired actions.
    Two-way horizontal arrow.

    Guideline:

    Recommended actions to consider in absence of an applicable standard, to support a policy.
    This model is adapted from a framework developed by CISA (Certified Information Systems Auditor).

    Supporting Documentation

    Considerations for standards

    Standards. These support policies by being much more specific and outlining key steps or processes that are necessary to meet certain requirements within a policy document. Ideally standards should be based on policy statements with a target of detailing the requirements that show how the organization will implement developed policies.

    If policies describe what needs to happen, then standards explain how it will happen.

    A good example is an email policy that states that emails must be encrypted; this policy can be supported by a standard such as Transport Layer Security (TLS) encryption that specifically ensures that all email communication is encrypted for messages “in transit” from one secure email server that has TLS enabled to another.

    There are numerous security standards available that support security policies/programs based on the kind of systems and controls that an organization would like to put in place. A good selection of supporting standards can go a long way to further protect users, data, and other organizational assets
    Key Policies Example Associated Standards
    Access Control Policy
    • Password Management User Standard
    • Account Auditing Standard
    Data Security Policy
    • Cryptography Standard
    • Data Classification Standard
    • Data Handling Standard
    • Data Retention Standard
    Incident Response Policy
    • Incident Response Plan
    Network Security Policy
    • Wireless Connectivity Standard
    • Firewall Configuration Standard
    • Network Monitoring Standard
    Vendor Management Policy
    • Vendor Risk Management Standard
    • Third-Party Access Control Standard
    Application Security Policy
    • Application Security Standard

    1.4 Prioritize development of security policies

    The Info-Tech Security Policy Prioritization Tool will help you determine which security policies to work on first.
    • The tool allows you to prioritize your policies based on:
      • Importance: How relevant is this policy to organizational security?
      • Ease to implement: What is the effort, time, and resources required to write, review, approve, and distribute the policy?
      • Ease to enforce: How much effort, time, and resources are required to enforce the policy?
    • Additionally, the weighting or priority of each variable of prioritization can be adjusted.

    Align policies to recent security concerns. If your organization has recently experienced a breach, it may be crucial to highlight corresponding policies as immediately necessary.

    Info-Tech Insight

    If you have an existing policy that aligns with one of the Info-Tech recommended templates weight Ease to Implement and Ease to Enforce as HIGH (4-5). This will decrease the priority of these policies.

    Sample of the Security Policy Prioritization Tool.

    Download the Security Policy Prioritization Tool

    1.5 Leverage stakeholders to champion policies

    Info-Tech Insight

    While management support is essential to initiating a strong security posture, allow employees to provide input on the development of security policies. This cooperation will lead to easier incorporation of the policies into the daily routines of workers, with less resistance. The security team will be less of a police force and more of a partner.

    Executive champion

    Identify an executive champion who will ensure that the security program and the security policies are supported.

    Focus on risk and protection

    Security can be viewed as an interference, but the business is likely more responsive to the concepts of risk and protection because it can apply to overall business operations and a revenue-generating mandate.

    Communicate policy initiatives

    Inform stakeholders of the policy initiative as security policies are only effective if they support the business requirements and user input is crucial for developing a strong security culture.

    Current security landscape

    Leveraging the current security landscape can be a useful mechanism to drive policy buy-in from stakeholders.

    Management buy-in

    This is key to policy acceptance; it indicates that policies are accurate, align with the business, and are to be upheld, that funds will be made available, and that all employees will be equally accountable.

    Define a Sourcing Strategy for Your Development Team

    • Buy Link or Shortcode: {j2store}161|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Hiring quality development team resources is becoming increasingly difficult and costly in most domestic markets.
    • Firms are seeking to do more with less and increase their development team throughput.
    • Globalization and increased competition are driving a need for more innovation in your applications.
    • Firms want more cost certainty and tighter control of their development investment.

    Our Advice

    Critical Insight

    • Choosing the right sourcing strategy is not just a question of technical skills! Successful sourcing is based on matching your organization’s culture, knowledge, and experiences to the right choice of internal or external partnership.

    Impact and Result

    • We will help you build a sourcing strategy document for your application portfolio.
    • We will examine your portfolio and organization from three different perspectives to enable you to determine the right approach:
      • From a business perspective, reliance on the business, strategic value of the product, and maturity of product ownership are critical.
      • From an organizational perspective, you must examine your culture for communication processes, conflict resolution methods, vendor management skills, and geographic coverage.
      • From a technical perspective, consider integration complexity, environmental complexity, and testing processes.

    Define a Sourcing Strategy for Your Development Team Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define a Sourcing Strategy for Your Development Team Storyboard – A guide to help you choose the right resourcing strategy to keep pace with your rapidly changing application and development needs.

    This project will help you define a sourcing strategy for your application development team by assessing key factors about your products and your organization, including critical business, technical, and organizational factors. Use this analysis to select the optimal sourcing strategy for each situation.

    • Define a Sourcing Strategy for Your Development Team Storyboard

    2. Define a Sourcing Strategy Workbook – A tool to capture the results of activities to build your sourcing strategy.

    This workbook is designed to capture the results of the activities in the storyboard. Each worksheet corresponds with an activity from the deck. The workbook is also a living artifact that should be updated periodically as the needs of your team and organization change.

    • Define a Sourcing Strategy Workbook
    [infographic]

    Further reading

    Define a Sourcing Strategy for Your Development Team

    Choose the right resourcing strategy to keep pace with your rapidly changing application and development needs.

    Analyst Perspective

    Choosing the right sourcing strategy for your development team is about assessing your technical situation, your business needs, your organizational culture, and your ability to manage partners!

    Photo of Dr. Suneel Ghei, Principal Research Director, Application Development, Info-Tech Research Group

    Firms today are under continuous pressure to innovate and deliver new features to market faster while at the same time controlling costs. This has increased the need for higher throughput in their development teams along with a broadening of skills and knowledge. In the face of these challenges, there is a new focus on how firms source their development function. Should they continue to hire internally, offshore, or outsource? How do they decide which strategy is the right fit?

    Info-Tech’s research shows that the sourcing strategy considerations have evolved beyond technical skills and costs. Identifying the right strategy has become a function of the characteristics of the organization, its culture, its reliance on the business for knowledge, its strategic value of the application, its vendor management skills, and its ability to internalize external knowledge. By assessing these factors firms can identify the best sourcing mix for their development portfolios.

    Dr. Suneel Ghei
    Principal Research Director, Application Development
    Info-Tech Research Group

    Executive Summary

    Your Challenge
    • Hiring quality development team resources is becoming increasingly difficult and costly in most domestic markets.
    • Firms are seeking to do more with less and increase their development team throughput.
    • Globalization and increased competition is driving a need for more innovation in your applications.
    • Firms want more cost certainty and tighter control of their development investment.
    Common Obstacles
    • Development leaders are encouraged to manage contract terms and SLAs rather than build long-term relationships.
    • People believe that outsourcing means you will permanently lose the knowledge around solutions.
    • Moving work outside of the current team creates motivational and retention challenges that can be difficult to overcome.
    Info-Tech’s Approach
    • Looking at this from these three perspectives will enable you to determine the right approach:
      1. From a business perspective, reliance on the business, strategic value of the product, and maturity of product ownership are critical.
      2. From an organizational perspective, you must examine your culture for communication processes, conflict resolution methods, vendor management skills, and geographic coverage
      3. From a technical perspective, consider integration complexity, environment complexity, and testing processes.

    Info-Tech Insight

    Choosing the right sourcing strategy is not just a question of technical skills! Successful sourcing is based on matching your organization’s culture, knowledge, and experiences to the right choice of internal or external partnership.

    Define a sourcing strategy for your development team

    Business
    • Business knowledge/ expertise required
    • Product owner maturity
    Technical
    • Complexity and maturity of technical environment
    • Required level of integration
    Organizational
    • Company culture
    • Desired geographic proximity
    • Required vendor management skills
    1. Assess your current delivery posture for challenges and impediments.
    2. Decide whether to build or buy a solution.
    3. Select your desired sourcing strategy based on your current state and needs.
    Example sourcing strategy with initiatives like 'Client-Facing Apps' and 'ERP Software' assigned to 'Onshore Dev', 'Outsource Team', 'Offshore Dev', 'Outsource App (Buy)', 'Outsource Dev', or 'Outsource Roles'.

    Three Perspectives +

    Three Steps =

    Your Sourcing Strategy

    Diverse sourcing is used by many firms

    Many firms across all industries are making use of different sourcing strategies to drive innovation and solve business issues.

    According to a report by ReportLinker the global IT services outsourcing market reached US$413.8 billion in 2021.

    In a recent study of Canadian software firms, it was found that almost all firms take advantage of outside knowledge in their application development process. In most cases these firms also use outside resources to do development work, and about half the time they use externally built software packages in their products (Ghei, 2020)!

    Info-Tech Insight

    In today’s diverse global markets, firms that wish to stay competitive must have a defined ability to take advantage of external knowledge and to optimize their IT services spend.

    Modeling Absorptive Capacity for Open Innovation in the Canadian Software Industry (Source: Ghei, 2020; n=54.)

    56% of software development firms are sourcing applications instead of resources.

    68% of firms are sourcing external resources to develop software products.

    91% of firms are leveraging knowledge from external sources.

    Internal sourcing models

    Insourcing comes in three distinct flavors

    Geospatial map giving example locations for the three internal sourcing models. In this example, 'Head Office' is located in North America, 'Onshore' is 'Located in the same area or even office as your core business resources. Relative Cost: $$$', 'Near Shore' is 'Typically, within 1-3 time zones for ease of collaboration where more favorable resource costs exist. Relative Cost: $$', and 'Offshore' is 'Located in remote markets where significant labor cost savings can be realized. Relative Cost: $'.

    Info-Tech Insight

    Insourcing allows you to stay close to more strategic applications. But choosing the right model requires a strong look inside your organization and your ability to provide business knowledge support to developers who may have different skills and cultures and are in different geographies.

    Outsourcing models

    External sourcing can be done to different degrees

    Outsource Roles
    • Enables resource augmentation
    • Typically based on skills needs
    • Short-term outsourcing with eventual integration or dissolution
    Outsource Teams (or Projects)
    • Use of a full team or multiple teams of vendor resources
    • Meant to be temporary, with knowledge transfer at the end of the project
    Outsource Products
    • Use of a vendor to build, maintain, and support the full product
    • Requires a high degree of contract management skill

    Info-Tech Insight

    Outsourcing represents one of the most popular ways for organizations to source external knowledge and skills. The choice of model is a function of the organization’s ability to support the external resources and to absorb the knowledge back into the organization.

    Defining your sourcing strategy

    Follow the steps below to identify the best match for your organization

    Review Your Current Situation

    Review the issues and opportunities related to application development and categorize them based on the key factors.

    Arrow pointing right. Assess Build Versus Buy

    Before choosing a sourcing model you must assess whether a particular product or function should be bought as a package or developed.

    Arrow pointing right. Choose the Right Sourcing Strategy

    Based on the research, use the modeling tool to match the situation to the appropriate sourcing solution.

    Step 1.1

    Review Your Current Situation

    Activities
    • 1.1.1 Identify and categorize your challenges

    This step involves the following participants:

    • Product management team
    • Software development leadership team
    • Key stakeholders
    Outcomes of this step

    Review your current delivery posture for challenges and impediments.

    Define a Sourcing Strategy for Your Development Team
    Step 1.1 Step 1.2 Step 1.3

    Review your situation

    There are three key areas to examine in your current situation:

    Business Challenges
    • Do you need to gain new knowledge to drive innovation?
    • Does your business need to enhance its software to improve its ability to compete in the market?
    • Do you need to increase your speed of innovation?

    Technology Challenges

    • Are you being asked to take tighter control of your development budgets?
    • Does your team need to expand their skills and knowledge?
    • Do you need to increase your development speed and capacity?

    Market Challenges

    • Is your competition seen as more innovative?
    • Do you need new features to attract new clients?
    • Are you struggling to find highly skilled and knowledgeable development resources?
    Stock image of multi-colored arrows travelling in a line together before diverging.

    Info-Tech Insight

    Sourcing is a key tool to solve business and technical challenges and enhance market competitiveness when coupled with a robust definition of objectives and a way to measure success.

    1.1.1 Identify and categorize your challenges

    60 minutes

    Output: List of the key challenges in your software lifecycle. Breakdown of the list into categories to identify opportunities for sourcing

    Participants: Product management team, Software development leadership team, Key stakeholders

    1. What challenge is your firm is facing with respect to your software that you think sourcing can address? (20 minutes)
    2. Is the challenge related to a business outcome, development methodology, or technology challenge? (10 minutes)
    3. Is the challenge due to a skills gap, budget or resource challenge, throughput issue, or a broader organizational knowledge or process issue? (10 minutes)
    4. What is the specific objective for the team/leader in addressing this challenge? (15 minutes)
    5. How will you measure progress and achievement of this objective? (5 minutes)

    Document results in the Define a Sourcing Strategy Workbook

    Identify and categorize your challenges

    Sample table for identifying and categorizing challenges, with column groups 'Challenge' and 'Success Measures' containing headers 'Issue, 'Category', 'Breadth', and 'Stakeholder' in the former, and 'Objective' and 'Measurement' in the latter.

    Step 1.2

    Assess Build Versus Buy

    Activities
    • 1.2.1 Understand the benefits and drawbacks of build versus buy in your organizational context

    This step involves the following participants:

    • Product management team
    • Software development leadership team
    • Key stakeholders

    Outcomes of this step

    Understand in your context the benefits and drawbacks of build versus buy, leveraging Info-Tech’s recommended definitions as a starting point.

    Define a Sourcing Strategy for Your Development Team

    Step 1.1 Step 1.2 Step 1.3

    Look vertically across the IT hierarchy to assess the impact of your decision at every level

    IT Hierarchy with 'Enterprise' at the top, branching out to 'Portfolio', then to 'Solution' at the bottom. The top is 'Strategic', the bottom 'Operational'.

    Regardless of the industry, a common and challenging dilemma facing technology teams is to determine when they should build software or systems in-house versus when they should rely wholly on an outside vendor for delivering on their technology needs.

    The answer is not as cut and dried as one would expect. Any build versus buy decision may have an impact on strategic and operational plans. It touches every part of the organization, starting with individual projects and rolling up to the enterprise strategy.

    Info-Tech Insight

    Do not ignore the impact of a build or buy decision on the various management levels in an IT organization.

    Deciding whether to build or buy

    It is as much about what you gain as it is about what problem you choose to have

    BUILD BUY

    Multi-Source Best of Breed

    Integrate various technologies that provide subset(s) of the features needed for supporting the business functions.

    Vendor Add-Ons & Integrations

    Enhance an existing vendor’s offerings by using their system add-ons either as upgrades, new add-ons, or integrations.
    Pros
    • Flexibility in choice of tools
    • In some cases, cost may be lower
    • Easier to enhance with in-house teams
    Cons
    • Introduces tool sprawl
    • Requires resources to understand tools and how they integrate
    • Some of the tools necessary may not be compatible with one another
    Pros
    • Reduces tool sprawl
    • Supports consistent tool stack
    • Vendor support can make enhancement easier
    • Total cost of ownership may be lower
    Cons
    • Vendor lock-in
    • The processes to enhance may require tweaking to fit tool capability

    Multi-Source Custom

    Integrate systems built in-house with technologies developed by external organizations.

    Single Source

    Buy an application/system from one vendor only.
    Pros
    • Flexibility in choice of tools
    • In some cases, cost may be lower
    • Easier to enhance with in-house teams
    Cons
    • May introduce tool sprawl
    • Requires resources to have strong technical skills
    • Some of the tools necessary may not be compatible with one another
    Pros
    • Reduces tool sprawl
    • Supports consistent tool stack
    • Vendor support can make enhancement easier
    • Total cost of ownership may be lower
    Cons
    • Vendor lock-in
    • The processes to enhance may require tweaking to fit tool capability

    1.2.1 Understand the benefits and drawbacks of build versus buy in your organizational context

    30 minutes

    Output: A common understanding of the different approaches to build versus buy applied to your organizational context

    Participants: Product management team, Software development leadership team, Key stakeholders

    1. Look at the previous slide, Deciding whether to build or buy.
    2. Discuss the pros and cons listed for each approach.
      1. Do they apply in your context? Why or why not?
      2. Are there some approaches not applicable in terms of how you wish to work?
    3. Record the curated list of pros and cons for the different build/buy approaches.
    4. For each approach, arrange the pros and cons in order of importance.

    Document results in the Define a Sourcing Strategy Workbook

    Step 1.3

    Choose the Right Sourcing Strategy

    Activities
    • 1.3.1 Determine the right sourcing strategy for your needs

    This step involves the following participants:

    • Product management team
    • Software development leadership team
    • Key stakeholders

    Outcomes of this step

    Choose your desired sourcing strategy based on your current state and needs.

    Define a Sourcing Strategy for Your Development Team

    Step 1.1 Step 1.2 Step 1.3

    Choose the right sourcing strategy

    • Based on our research, finding the right sourcing strategy for a particular situation is a function of three key areas:
      • Business drivers
      • Organizational drivers
      • Technical drivers
    • Each area has key characteristics that must be assessed to confirm which strategy is best suited for the situation.
    • Once you have assessed the factors and ranked them from low to high, we can then match your results with the best-fit strategy.
    Business
    • Business knowledge/ expertise required
    • Product owner maturity

    Technical

    • Complexity and maturity of technical environment
    • Required level of integration

    Organizational

    • Your culture
    • Desired geographic proximity
    • Required vendor management skills

    Business drivers

    To choose the right sourcing strategy, you need to assess your key drivers of delivery

    Product Knowledge
    • The level of business involvement required to support the development team is a critical factor in determining the sourcing model.
    • Both the breadth and depth of involvement are critical factors.
    Strategic Value
    • The strategic value of the application to the company is also a critical component.
    • The more strategic the application is to the company, the closer the sourcing should be maintained.
    • Value can be assessed based on the revenue derived from the application and the depth of use of the application by the organization.
    Product Ownership Maturity
    • To support sourcing models that move further from organizational boundaries a strong product ownership function is required.
    • Product owners should ideally be fully allocated to the role and engaged with the development teams.
    • Product owners should be empowered to make decisions related to the product, its vision, and its roadmap.
    • The higher their allocation and empowerment, the higher the chances of success in external sourcing engagements.
    Stock image of a person running up a line with a positive trend.

    Case Study: The GoodLabs Studio Experience Logo for GoodLabs Studio.

    INDUSTRY: Software Development | SOURCE: Interview with Thomas Lo, Co-Founder, GoodLabs Studio
    Built to Outsource Development Teams
    • GoodLabs is an advanced software innovation studio that provides bespoke team extensions or turnkey digital product development with high-caliber software engineers.
    • Unlike other consulting firms, GoodLabs works very closely with its customers as a unified team to deliver the most significant impact on clients’ projects.
    • With this approach, it optimizes the delivery of strong software engineering skills with integrated product ownership from the client, enabling long-term and continued success for its clients.
    Results
    • GoodLabs is able to attract top engineering talent by focusing on a variety of complex projects that materially benefit from technical solutions, such as cybersecurity, fraud detection, and AI syndrome surveillance.
    • Taking a partnership approach with the clients has led to the successful delivery of many highly innovative and challenging projects for the customers.

    Organizational drivers

    To choose the right sourcing strategy for a particular problem you need to assess the organization’s key capabilities

    Stock photo of someone placing blocks with illustrated professionals one on top of the other. Vendor Management
    • Vendor management is a critical skill for effective external sourcing.
    • This can be assessed based on the organization’s ability to cultivate and grow long-term relationships of mutual value.
    • The longevity and growth of existing vendor relationships can be a good benchmark for future success.
    Absorptive Capacity
    • To effectively make use of external sourcing models, the organization must have a well-developed track record of absorbing outside knowledge.
    • This can be assessed by looking at past cases where external knowledge was sourced and internalized, such as past vendor development engagements or use of open-source code.
    Organizational Culture
    • Another factor in success of vendor engagements and long-term relationships is the matching of organizational cultures.
    • It is key to measure the organization’s current position on items like communication strategy, geographical dispersal, conflict resolution strategy, and hierarchical vs flat management.
    • These factors should be documented and matched with partners to determine the best fit.

    Case Study: WCIRB California Logo for WCIRB California.

    INDUSTRY: Workers Compensation Insurance | SOURCE: Interview with Roger Cottman, Senior VP and CIO, WCIRB California
    Trying to Find the Right Match
    • WCIRB is finding it difficult to hire local resources in California.
    • Its application is a niche product. Since no off-the-shelf alternatives exist, the organization will require a custom application.
    • WCIRB is in the early stages of a digital platform project and is looking to bring in a partner to provide a full development team, with the goal of ideally bringing the application back in-house once it is built.
    • The organization is looking for a local player that will be able to integrate well with the business.
    • It has engaged with two mid-sized players but both have been slow to respond, so it is now considering alternative approaches.
    Info-Tech’s Recommended Approach
    • WCIRB is finding that mid-sized players don’t fit its needs and is now looking for a larger player
    • Based on our research we have advised that WCIRB should ensure the partner is geographically close to its location and can be a strategic partner, not simply work on an individual project.

    Technical drivers

    To choose the right sourcing strategy for a particular problem you need to assess your technical situation and capabilities

    Environment Complexity
    • The complexity of your technical environment is a hurdle that must be overcome for external sourcing models.
    • The number of environments used in the development lifecycle and the location of environments (physical, virtual, on-premises, or cloud) are key indicators.
    Integration Requirements
    • The complexity of integration is another key technical driver.
    • The number of integrations required for the application is a good measuring stick. Will it require fewer than 5, 5-10, or more than 10?
    Testing Capabilities
    • Testing of the application is a key technical driver of success for external models.
    • Having well-defined test cases, processes, and shared execution with the business are all steps that help drive success of external sourcing models.
    • Test automation can also help facilitate success of external models.
    • Measure the percentage of test cases that are standardized, the level of business involvement, and the percentage of test cases that are automated.
    Stock image of pixelated light.

    Case Study: Management Control Systems (MC Systems) Logo for MC Systems.

    INDUSTRY: Technology Services | SOURCE: Interview with Kathryn Chin See, Business Development and Research Analyst, MC Systems
    Seeking to Outsource Innovation
    • MC Systems is seeking to outsource its innovation function to get budget certainty on innovation and reduce costs. It is looking for a player that has knowledge of the application areas it is looking to enhance and that would augment its own business knowledge.
    • In previous outsourcing experiences with skills augmentation and application development the organization had issues related to the business depth and product ownership it could provide. The collaborations did not lead to success as MC Systems lacked product ownership and the ability to reintegrate the outside knowledge.
    • The organization is concerned about testing of a vendor-built application and how the application will be supported.
    Info-Tech’s Recommended Approach
    • To date MC Systems has had success with its outsourcing approach when outsourcing specific work items.
    • It is now looking to expand to outsourcing an entire application.
    • Info-Tech’s recommendation is to seek partners who can take on development of the application.
    • MC Systems will still need resources to bring knowledge back in-house for testing and to provide operational support.

    Choosing the right model


    Legend for the table below using circles with quarters to represent Low (0 quarters) to High (4 quarters).
    Determinant Key Questions to Ask Onshore Nearshore Offshore Outsource Role(s) Outsource Team Outsource Product(s)
    Business Dependence How much do you rely on business resources during the development cycle? Circle with 4 quarters. Circle with 3 quarters. Circle with 1 quarter. Circle with 2 quarters. Circle with 1 quarter. Circle with 0 quarters.
    Absorptive Capacity How successful has the organization been at bringing outside knowledge back into the firm? Circle with 0 quarters. Circle with 1 quarter. Circle with 1 quarter. Circle with 2 quarters. Circle with 1 quarter. Circle with 4 quarters.
    Integration Complexity How many integrations are required for the product to function – fewer than 5, 5-10, or more than 10? Circle with 4 quarters. Circle with 3 quarters. Circle with 3 quarters. Circle with 2 quarters. Circle with 1 quarter. Circle with 0 quarters.
    Product Ownership Do you have full-time product owners in place for the products? Do product owners have control of their roadmaps? Circle with 1 quarter. Circle with 2 quarters. Circle with 3 quarters. Circle with 2 quarters. Circle with 4 quarters. Circle with 4 quarters.
    Organization Culture Fit What are your organization’s communication and conflict resolution strategies? Is your organization geographically dispersed? Circle with 1 quarter. Circle with 1 quarter. Circle with 3 quarters. Circle with 1 quarter. Circle with 3 quarters. Circle with 4 quarters.
    Vendor Mgmt Skills What is your skill level in vendor management? How long are your longest-standing vendor relationships? Circle with 0 quarters. Circle with 1 quarter. Circle with 1 quarter. Circle with 2 quarters. Circle with 3 quarters. Circle with 4 quarters.

    1.3.1 Determine the right sourcing strategy for your needs

    60 minutes

    Output: A scored matrix of the key drivers of the sourcing strategy

    Participants: Development leaders, Product management team, Key stakeholders

    Choose one of your products or product families and assess the factors below on a scale of None, Low, Medium, High, and Full.

    • 3.1 Assess the business factors that drive selection using these key criteria (20 minutes):
      • 3.1.1 Product knowledge
      • 3.1.2 Strategic value
      • 3.1.3 Product ownership
    • 3.2 Assess the organizational factors that drive selection using these key criteria (20 minutes):
      • 3.2.1 Vendor management
      • 3.2.2 Absorptive capacity
      • 3.2.3 Organization culture
    • 3.3 Assess the technical factors that drive selection using these key criteria (20 minutes):
      • 3.3.1 Environments
      • 3.3.2 Integration
      • 3.3.3 Testing

    Document results in the Define a Sourcing Strategy Workbook

    Things to Consider When Implementing

    Once you have built your strategy there are some additional things to consider

    Things to Consider Before Acting on Your Strategy

    By now you understand what goes into an effective sourcing strategy. Before implementing one, there are a few key items you need to consider:

    Example 'Sourcing Strategy for Your Portfolio' with initiatives like 'Client-Facing Apps' and 'ERP Software' assigned to 'Onshore Dev', 'Outsource Team', 'Offshore Dev', 'Outsource App (Buy)', 'Outsource Dev', or 'Outsource Roles'. Start with a pilot
    • Changing sourcing needs to start with one team.
    • Grow as skills develop to limit risk.
    Build an IT workforce plan Enhance your vendor management skills Involve the business early and often
    • The business should feel they are part of the discussion.
    • See our Agile/DevOps Research Center for more information on how the business and IT can better work together.
    Limit sourcing complexity
    • Having too many different partners and models creates confusion and will strain your ability to manage vendors effectively.

    Bibliography

    Apfel, Isabella, et al. “IT Project Member Turnover and Outsourcing Relationship Success: An Inverted-U Effect.” Developments, Opportunities and Challenges of Digitization, 2020. Web.

    Benamati, John, and Rajkumar, T.M. “The Application Development Outsourcing Decision: An Application of the Technology Acceptance Model.” Journal of Computer Information Systems, vol. 42, no. 4, 2008, pp. 35-43. Web.

    Benamati, John, and Rajkumar, T.M. “An Outsourcing Acceptance Model: An Application of TAM to Application Development Outsourcing Decisions.” Information Resources Management Journal, vol. 21, no. 2, pp. 80-102, 2008. Web.

    Broekhuizen, T. L. J., et al. “Digital Platform Openness: Drivers, Dimensions and Outcomes.” Journal of Business Research, vol. 122, July 2019, pp. 902-914. Web.

    Brook, Jacques W., and Albert Plugge. “Strategic Sourcing of R&D: The Determinants of Success.” Business Information Processing, vol. 55, Aug. 2010, pp. 26-42. Web.

    Delen, G. P A.J., et al. “Foundations for Measuring IT-Outsourcing Success and Failure.” Journal of Systems and Software, vol. 156, Oct. 2019, pp. 113-125. Web.

    Elnakeep, Eman, et al. “Models and Frameworks for IS Outsourcing Structure and Dimensions: A Holistic Study.” Lecture notes in Networks and Systems, 2019. Web.

    Ghei, Suneel. Modeling Absorptive Capacity for Open Innovation in the Software Industry. 2020. Faculty of Graduate Studies, Athabasca University, 2020. DBA Dissertation.

    “IT Outsourcing Market Research Report by Service Model, Organization Sizes, Deployment, Industry, Region – Global Forecast to 2027 – Cumulative Impact of COVID-19.” ReportLinker, April 2022. Web.

    Jeong, Jongkil Jay, et al. “Enhancing the Application and Measurement of Relationship Quality in Future IT Outsourcing Studies.” 26th European Conference on Information Systems: Beyond Digitization – Facets of Socio-Tehcnical Change: Proceedings of ECIS 2018, Portsmouth, UK, June 23-28, 2018. Edited by Peter Bednar, et al., 2018. Web.

    Könning, Michael. “Conceptualizing the Effect of Cultural Distance on IT Outsourcing Success.” Proceedings of Australasian Conference on Information Systems 2018, Sydney, Australia, Dec. 3-5, 2018. Edited by Matthew Noble, UTS ePress, 2018. Web.

    Lee, Jae-Nam, et al. “Holistic Archetypes of IT Outsourcing Strategy: A Contingency Fit and Configurational Approach.” MIS Quarterly, vol. 43, no. 4, Dec. 2019, pp. 1201-1225. Web.

    Loukis, Euripidis, et al. “Determinants of Software-as-a-Service Benefits and Impact on Firm Performance.” Decision Support Systems, vol. 117, Feb. 2019, pp. 38-47. Web.

    Martensson, Anders. “Patterns in Application Development Sourcing in the Financial Industry.” Proceedings of the 13th European Conference of Information Systems, 2004. Web.

    Martínez-Sánchez, Angel, et al. “The Relationship Between R&D, the Absorptive Capacity of Knowledge, Human Resource Flexibility and Innovation: Mediator Effects on Industrial Firms.” Journal of Business Research, vol. 118, Sept. 2020, pp. 431-440. Web.

    Moreno, Valter, et al. “Outsourcing of IT and Absorptive Capacity: A Multiple Case Study in the Brazilian Insurance Sector.” Brazilian Business Review, vol. 17, no. 1, Jan.-Feb. 2020, pp. 97-113. Web.

    Ozturk, Ebru. “The Impact of R&D Sourcing Strategies on Basic and Developmental R&D in Emerging Economies.” European Journal of Innovation Management, vol. 21, no. 7, May 2018, pp. 522-542. Web.

    Ribas, Imma, et al. “Multi-Step Process for Selecting Strategic Sourcing Options When Designing Supply Chains.” Journal of Industrial Engineering and Management, vol. 14, no. 3, 2021, pp. 477-495. Web.

    Striteska, Michaela Kotkova, and Viktor Prokop. “Dynamic Innovation Strategy Model in Practice of Innovation Leaders and Followers in CEE Countries – A Prerequisite for Building Innovative Ecosystems.” Sustainability, vol. 12, no. 9, May 2020. Web.

    Thakur-Wernz, Pooja, et al. “Antecedents and Relative Performance of Sourcing Choices for New Product Development Projects.” Technovation, 2020. Web.

    Build a Vendor Security Assessment Service

    • Buy Link or Shortcode: {j2store}318|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $17,501 Average $ Saved
    • member rating average days saved: 17 Average Days Saved
    • Parent Category Name: Threat Intelligence & Incident Response
    • Parent Category Link: /threat-intelligence-incident-response
    • Vendor security risk management is a growing concern for many organizations. Whether suppliers or business partners, we often trust them with our most sensitive data and processes.
    • More and more regulations require vendor security risk management, and regulator expectations in this area are growing.
    • However, traditional approaches to vendor security assessments are seen by business partners and vendors as too onerous and are unsustainable for information security departments.

    Our Advice

    Critical Insight

    • An efficient and effective assessment process can only be achieved when all stakeholders are participating.
    • Security assessments are time-consuming for both you and your vendors. Maximize the returns on your effort with a risk-based approach.
    • Effective vendor security risk management is an end-to-end process that includes assessment, risk mitigation, and periodic re-assessments.

    Impact and Result

    • Develop an end-to-end security risk management process that includes assessments, risk treatment through contracts and monitoring, and periodic re-assessments.
    • Base your vendor assessments on the actual risks to your organization to ensure that your vendors are committed to the process and you have the internal resources to fully evaluate assessment results.
    • Understand your stakeholder needs and goals to foster support for vendor security risk management efforts.

    Build a Vendor Security Assessment Service Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a vendor security assessment service, review Info-Tech’s methodology, and understand the three ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define governance and process

    Determine your business requirements and build your process to meet them.

    • Build a Vendor Security Assessment Service – Phase 1: Define Governance and Process
    • Vendor Security Policy Template
    • Vendor Security Process Template
    • Vendor Security Process Diagram (Visio)
    • Vendor Security Process Diagram (PDF)

    2. Develop assessment methodology

    Develop the specific procedures and tools required to assess vendor risk.

    • Build a Vendor Security Assessment Service – Phase 2: Develop Assessment Methodology
    • Service Risk Assessment Questionnaire
    • Vendor Security Questionnaire
    • Vendor Security Assessment Inventory

    3. Deploy and monitor process

    Implement the process and develop metrics to measure effectiveness.

    • Build a Vendor Security Assessment Service – Phase 3: Deploy and Monitor Process
    • Vendor Security Requirements Template
    [infographic]

    Workshop: Build a Vendor Security Assessment Service

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Governance and Process

    The Purpose

    Understand business and compliance requirements.

    Identify roles and responsibilities.

    Define the process.

    Key Benefits Achieved

    Understanding of key goals for process outcomes.

    Documented service that leverages existing processes.

    Activities

    1.1 Review current processes and pain points.

    1.2 Identify key stakeholders.

    1.3 Define policy.

    1.4 Develop process.

    Outputs

    RACI Matrix

    Vendor Security Policy

    Defined process

    2 Define Methodology

    The Purpose

    Determine methodology for assessing procurement risk.

    Develop procedures for performing vendor security assessments.

    Key Benefits Achieved

    Standardized, repeatable methodologies for supply chain security risk assessment.

    Activities

    2.1 Identify organizational security risk tolerance.

    2.2 Develop risk treatment action plans.

    2.3 Define schedule for re-assessments.

    2.4 Develop methodology for assessing service risk.

    Outputs

    Security risk tolerance statement

    Risk treatment matrix

    Service Risk Questionnaire

    3 Continue Methodology

    The Purpose

    Develop procedures for performing vendor security assessments.

    Establish vendor inventory.

    Key Benefits Achieved

    Standardized, repeatable methodologies for supply chain security risk assessment.

    Activities

    3.1 Develop vendor security questionnaire.

    3.2 Define procedures for vendor security assessments.

    3.3 Customize the vendor security inventory.

    Outputs

    Vendor security questionnaire

    Vendor security inventory

    4 Deploy Process

    The Purpose

    Define risk treatment actions.

    Deploy the process.

    Monitor the process.

    Key Benefits Achieved

    Understanding of how to treat different risks according to the risk tolerance.

    Defined implementation strategy.

    Activities

    4.1 Define risk treatment action plans.

    4.2 Develop implementation strategy.

    4.3 Identify process metrics.

    Outputs

    Vendor security requirements

    Understanding of required implementation plans

    Metrics inventory

    Right-Size the Service Desk for Small Enterprise

    • Buy Link or Shortcode: {j2store}487|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk

    The service desk is a major function within IT. Small enterprises with constrained resources need to look at designing a service desk that enables consistency in supporting the business and finds the right balance of documentation.

    Determining the right level of documentation to provide backup and getting the right level of data for good reporting may seem like a waste of time when the team is small, but this is key to knowing when to invest in more people, upgraded technology, and whether your efforts to improve service are successful.

    Our Advice

    Critical Insight

    It’s easy to lose sight of the client experience when working as a small team supporting a variety of end users. Changing from a help desk to a service desk requires a focus on what it means to be a customer centric service desk and a change to the way the technicians think about providing support.

    • Make the best use of the team. Clearly define roles and responsibilities and monitor those wearing multiple hats to make sure they don’t burn out.
    • Build cross training and documentation into your culture to preserve service levels while giving team members time off to recharge.
    • Don’t discount the benefit of good tools. As volume increases, so does the likelihood of issues and requests getting missed. Look for tools that will help to keep a customer focus.

    Impact and Result

    • Improved workload distribution for technicians and enable prioritization based on work type, urgency, and impact.
    • Improved communications methods and messaging will help the technicians to set expectations appropriately and reduce friction between each other and their supported end users.
    • Best practices and use of industry standard tools will reduce administrative overhead while improving workload management.

    Right-Size the Service Desk for Small Enterprise Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Right-Size the Service Desk for Small Enterprise Storyboard – A step-by-step guide to help you identify and prioritize initiatives to become more customer centric.

    This blueprint provides a framework to quickly identify a plan for service desk improvements. It also provides references to build out additional skills and functionality as a continual improvement initiative.

    • Right-Size the Service Desk for Small Enterprise Storyboard

    2. Maturity Assessment – An assessment to determine baseline maturity.

    The maturity assessment will provide a baseline and identify areas of focus based on level of current and target maturity.

    • IT Service Desk Maturity Assessment for Small Enterprise

    3. Standard Operating Procedure – A template to build out a clear, concise SOP right-sized for a small enterprise.

    The SOP provides an excellent guide to quickly inform new team members or contractors of your support approach.

    • Incident Management and Service Desk SOP for Small Enterprise

    4. Categorization Scheme – A template to build out an effective categorization scheme.

    The categorization scheme template provides examples of asset-based categories, resolution codes and status.

    • Service Desk Asset-Based Categories Template

    5. Improvement Plan – A template to present the improvement plan to stakeholders.

    This template provides a starting point for building your communications on planned improvements.

    • Service Desk Improvement Initiative
    [infographic]

    Further reading

    Right-Size the Service Desk for Small Enterprise

    Turn your help desk into a customer-centric service desk.

    Analyst Perspective

    Small enterprises have many of the same issues as large ones, but with far fewer resources. Focus on the most important aspects to improve customer service.

    The service desk is a major function within IT. Small enterprises with constrained resources need to look at designing a service desk that enables consistency in supporting the business and finds the right balance of documentation.

    Evaluate documentation to ensure there is always redundancy built in to cover absences. Determining coverage will be an important factor, especially if vendors will be brought into the organization to assist during shortages. They will not have the same level of knowledge as teammates and may have different requirements for documentation.

    It is important to be customer centric, thinking about how services are delivered and communicated with a focus on providing self-serve at the appropriate level for your users and determining what information the business needs for expectation-setting and service level agreements, as well as communications on incidents and changes.

    And finally, don’t discount the value of good reporting. There are many reasons to document issues besides just knowing the volume of workload and may become more important as the organization evolves or grows. Stakeholder reporting, regulatory reporting, trend spotting, and staff increases are all good reasons to ensure minimum documentation standards are defined and in use.

    Photo of Sandi Conrad, Principal Research Director, Info-Tech Research Group. Sandi Conrad
    Principal Research Director
    Info-Tech Research Group

    Table of Contents

    Title Page Title Page
    Blueprint benefits 6 Incident management 25
    Start / Stop / Continue exercise 10 Prioritization scheme 27
    Complete a maturity assessment 11 Define SLAs 29
    Select an ITSM tool 13 Communications 30
    Define roles & responsibilities 15 Reporting 32
    Queue management 17 What can you do to improve? 33
    Ticket handling best practices 18 Staffing 34
    Customer satisfaction surveys 19 Knowledge base & self-serve 35
    Categorization 20 Customer service 36
    Separate ticket types 22 Ticket analysis 37
    Service requests 23 Problem management 38
    Roadmap 39

    Insight summary

    Help desk to service desk

    It’s easy to lose sight of the client experience when working as a small team supporting a variety of end users. Changing from a help desk to a service desk requires a focus on what it means to be a customer-centric service desk and a change to the way the technicians think about providing support.

    Make the best use of the team

    • Clearly define primary roles and responsibilities, and identify when and where escalations should occur.
    • Divide the work in a way that makes the most sense based on intake patterns and categories of incidents or service requests.
    • Recognize who is wearing multiple hats, and monitor to make sure they don’t burn out or struggle to keep up.
    • Determine the most appropriate areas to outsource based on work type and skills required.

    Build cross-training into your culture

    • Primary role holders need time off and need to know the day-to-day work won’t be waiting for them when they come back.
    • The knowledge base is your first line of defense to make sure incidents don’t have to wait for resolution and to avoid having technicians remote in on their day off.
    • When volumes spike for incidents and service requests, everyone needs to be prepared to pitch in. Train the team to recognize and step up to the call to action.

    Don’t discount the benefit of good tools

    • When volume increases, so does the likelihood of missing issues and requests.
    • Designate a single solution to manage the workload, so there is one place to go for work orders, incident reporting, asset data, and more.
    • Set up self-serve for users so they have access to how-to articles and can check the status of tickets themselves.
    • Create a service catalog to make it easy for them to request the most frequent items easily.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Standard Operating Procedures

    Sample of the Standard Operating Procedures deliverable.

    Maturity Assessment

    Sample of the Maturity Assessment deliverable.

    Categorization scheme

    Sample of the Categorization scheme deliverable.

    Improvement Initiative

    Sample of the Improvement Initiative deliverable.
    Create a standard operating procedure to ensure the support team has a consistent understanding of how they need to engage with the business.

    Blueprint benefits

    IT benefits

    • Improve workload distribution for technicians and enable prioritization based on work type, urgency, and impact.
    • Improved communications methods and messaging will help the technicians set expectations appropriately and reduce friction between each other and their supported end users.
    • Best practices and use of industry-standard tools will reduce administrative overhead while improving workload management.

    Business benefits

    • IT taking a customer-centric approach will improve access to support and reduce interruptions to the way they do business.
    • Expectation setting and improved communications will allow the business to better plan their work around new requests and will have a better understanding of service level agreements.

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is six to ten calls over the course of three to four months.

    The current state discussion will determine the path.

    What does a typical GI on this topic look like?

    Current State & Vision

    Best Practices

    Service Requests & Incidents

    Communications

    Next Steps & Roadmap

    Call #1: Discuss current state & create a vision

    Call #2: Document roles & responsibilities

    Call #3:Review and define best practices for ticket handling Call #4: Review categorization

    Call #5: Discuss service requests & self-serve

    Call #6: Assess incident management processes
    Call #7: Assess and document reporting and metrics

    Call #8: Discuss communications methods

    Call #9: Review next steps

    Call #10: Build roadmap for updates

    For a workshop on this topic, see the blueprint Standardize the Service Desk

    Executive Brief Case Study

    Southwest CARE Center
    Logo for Southwest Care.
    INDUSTRY
    Healthcare

    Service Desk Project

    After relying on a managed service provider (MSP) for a number of years, the business hired Kevin to repatriate IT. As part of that mandate, his first strategic initiative was to build a service desk. SCC engaged Info-Tech Research Group to select and build a structure; assign roles and responsibilities; implement incident management, request fulfilment, and knowledge management processes; and integrate a recently purchased ITSM tool.

    Over the course of a four-day onsite engagement, SCC’s IT team worked with two Info-Tech analysts to create and document workflows, establish ticket handling guidelines, and review their technological requirements.

    Results

    The team developed a service desk standard operating procedure and an implementation roadmap with clear service level agreements.

    Southwest CARE Center (SCC) is a leading specialty healthcare provider in New Mexico. They offer a variety of high-quality services with a focus on compassionate, patient-centered healthcare.

    “Info-Tech helped me to successfully rebrand from an MSP help desk to an IT service desk. Sandi and Michel provided me with a customized service desk framework and SOP that quickly built trust within the organization. By not having to tweak and recalibrate my service desk processes through trial and error, I was able to save a year’s worth of work, resulting in cost savings of $30,000 to $40,000.” (Kevin Vigil, Director of Information Technology, Southwest CARE Center)

    The service desk is the cornerstone for customer satisfaction

    Bar charts comparing 'Dissatisfied' vs 'Satisfied End Users' in both 'Service Desk Effectiveness' and 'Timeliness'.
    N=63, small enterprise organizations from the End-User Satisfaction Diagnostic, at December 2021
    Dissatisfied was classified as those organizations with an average score less than 7.
    Satisfied was classified as those organizations with an average score greater or equal to 8.
    • End users who were satisfied with service desk effectiveness rated all other IT processes 36% higher than dissatisfied end users.
    • End users who were satisfied with service desk timeliness rated all other IT processes 34% higher than dissatisfied end-users.

    Improve the service desk with a Start, Stop, Continue assessment

    Use this exercise as an opportunity to discuss what’s working and what isn’t with your current help desk. Use this to define your goals for the improvement project, with a plan to return to the results and rerun the exercise on a regular basis.

    STOP

    • What service desk processes are counterproductive?
    • What service blockers exist that consistently undermine good results?
    • Are end-user relationships with individual team members negatively impacting satisfaction?
    • Make notes on initial ideas for improvement.

    START

    • What service process improvements could be implemented immediately?
    • What technical qualifications do individual staff members need to improve?
    • What opportunities exist to improve service desk communications with end users?
    • How can escalation and triage be more efficient?

    CONTINUE

    • What aspects of your current service desk are positive?
    • What processes are efficient and can be emulated elsewhere?
    • Where can you identify high levels of end-user satisfaction?

    Complete a maturity assessment to create a baseline and areas of focus

    The Service Desk Maturity Assessment tool helps organizations assess their service desk process maturity and focus the project on the activities that matter most.

    The tool will help guide improvement efforts and measure your progress.

    • The second tab of the tool walks through a qualitative assessment of your service desk practices. Questions will prompt you to evaluate how you are executing key activities. Select the answer in the drop-down menus that most closely aligns with your current state.
    • The third tab displays your rate of process completeness and maturity. You will receive a score for each phase, an overall score, and advice based on your performance.
    • Document the results of the efficiency assessment in the Service Desk Improvement Initiative.
    • The tool is intended for periodic use. Review your answers each year and devise initiatives to improve the process performance where you need it most.
    Sample of the Service Desk Maturity Assessment.

    Define your vision for the support structure

    Use this vision for communicating with the business and your IT team

    Consider service improvements and how those changes can be perceived by the organization. For example, offering multiple platforms, such as adding Macs to end-user devices, could translate to “Providing the right IT solutions for the way our employees want to work.”

    To support new platforms, you might need to look at the following steps to get there:
    • Evaluate skills needed – can you upskill generalists quickly, or will specialists be required? Determine training needs for support staff on new platforms.
    • Estimate uptake of the new platform and adjusting budgets – will these mostly be role-based decisions?
    • Determine what applications will work on the new platform and which will have a parity offering, which will require a solution like Parallels or VirtualBox, and which might need substitute applications.
    • What utilities will be needed to secure your solutions such as for encryption, antivirus, and firewalls?
    • What changes in the way you deploy and patch machines?
    • What level of support do you need to provide – just platform, or applications as well? What self-serve training can be made available?
    If you need to change the way you deploy equipment, you may want to review the blueprint Simplify Remote Deployment With Zero-Touch Provisioning

    Info-Tech Insight

    Identify some high-level opportunities and plan out how these changes will impact the way you provide support today. Document steps you’ll need to follow to make it happen. This may include new offerings and product sourcing, training, and research.

    Facilitate service desk operations with an ITSM tool

    You don’t need to spend a fortune. Many solutions are free or low-cost for a small number of users, and you don’t necessarily have to give up functionality to save money.

    Encourage users to submit requests through email or self-serve to keep organized. Ensure that reporting will provide you with the basics without effort, but ensure report creation is easy enough if you need to add more.

    Consider tools that do more than just store tickets. ITSM tools for small enterprises can also assist with:
    • Equipment and software license management
    • Self-serve for password reset and improving the experience for end users to submit tickets
    • Software deployment
    • Onboarding and offboarding workflows
    • Integration with monitoring tools
    Info-Tech Insight Buying rather than building allows you the greatest flexibility and can provide enterprise-level functionality at small-enterprise pricing. Use Info-Tech’s IT Service Management Selection Guide to create a business case and list of requirements for your ITSM purchase.
    Logo for Spiceworks.
    Logo for ZenDesk. Logo for SysAid.
    Logo for ManageEngine.
    Logo for Vector Networks.
    Logo for Freshworks.
    Logo for Squadcast.
    Logo for Jira Software.
    Logos contain links

    ITSM implementations are the perfect time to fix processes

    Consider engaging a partner for the installation and setup as they will have the expertise to troubleshoot and get you to value quickly.

    Even with a partner, don’t rely on them to set up categories, prioritizations, and workflows. If you have unique requirements, you will need to bring your design work to the table to avoid getting a “standard install” that will need to be modified later.

    When we look at what makes a strong and happy product launch, it boils down to a few key elements:
    • Improving customer service, or at least avoiding a decline
    • Improving access to information for technical team and end users
    • Successfully taking advantage of workflows, templates, and other features designed to improve the technician and user experience
    • Using existing processes with the new tools, without having to completely reengineer how things are done
    For a complete installation guide, visit the blueprint Build an ITSM Implementation Plan
    To prepare for a quick time to value in setting up the new ITSM tool, prioritize in this order:
    1. Categorization and status codes
    2. Prioritization
    3. Divide tickets into incidents and service requests
    4. Create workflows for onboarding and offboarding (automate where you can)
    5. Track escalations to vendors
    6. Reporting
    7. Self-serve
    8. Equipment inventory (leading to hardware asset management)

    Define roles looking to balance between customer service and getting things done

    The team will need to provide backfill for each other with high volume, vacations, and leave, but also need to proactively manage interruptions appropriately as they work on projects.
    Icon of a bullseye. First contact – customer service, general knowledge
    Answers phones, chats, responds to email, troubleshooting, creates knowledge articles for end users.
    Icon of a pie chart. Analyst – experienced troubleshooter, general knowledge
    Answers phone when FC isn’t available, responds to email, troubleshooting, creates knowledge articles for first contact, escalates to other technicians or vendors.
    Icon of a lightbulb. Analyst – experienced troubleshooter, specialist
    Answers phones only when necessary, troubleshooting, creates knowledge articles for anyone in IT, consults with peers, escalates to vendors.
    Icon of gear on a folder. Engineer – deep expertise, specialist
    Answers phones only when necessary, troubleshooting, creates knowledge articles for anyone in IT, consults with peers, escalates to vendors.
    Icon of a handshake. Vendor, Managed Service Providers
    Escalation point per contract terms, must meet SLAs, communicate regularly with analysts and management as appropriate. Who escalates and who manages them?
    Row of colorful people.

    Note roles in the Incident Management and Service Desk – Standard Operating Procedure Template

    Keep customers happy and technicians calm by properly managing your queue

    If ticket volume is too high or too dispersed to effectively have teams self-select tickets, assign a queue manager to review tickets throughout the day to ensure they’re assigned and on the technician’s schedule. This is particularly important for technicians who don’t regularly work out of the ticketing system. Follow up on approaching or missed SLAs.

    • Separate incidents (break fix) and service requests: Prioritize incidents over service requests to focus on getting users doing business as soon as possible. Schedule service requests for slower times or assign to technicians who are not working the front lines.
    • First in/first out…mostly: We typically look to prioritize incidents over service requests and only prioritize incidents if there are multiple people or VIPs affected. Where everything is equal, deal with the oldest first. Pause occasionally to deal with quick wins such as password resets.
    • Update ticket status and notes: Knowing what tickets are in progress and which ones are waiting on information or parts is important for anyone looking to pick up the next ticket. Make sure everyone is aware of the benefits of keeping this information up to date, so technicians know what to work on next without duplicating each other’s work.
    • Implement solutions quickly by using knowledge articles: Continue to build out the knowledge base to be able to resolve end-user issues quickly, check to see if additional information is needed before escalating tickets to other technicians.
    • Encourage end users to create tickets through the portal: Issues called in are automatically moved to the front of the queue, regardless of urgency. Make it easy for users to report issues using the portal and save the phone for urgent issues to allow appropriate prioritization of tickets.
    • Create a process to add additional resources on a regular basis to keep control of the backlog: A few extra hours once a week may be enough if the team is focused without interruptions.
    • Determine what backlog is acceptable to your users: Set that as a maximum time to resolve. Ideally, set up automated escalations for tickets that are approaching target SLAs, and build flexibility into schedules to have an “all hands on deck” option if the volume gets too high.

    Info-Tech Insight

    Make sure your queue manager has an accurate escalation list and has the authority to assign tickets and engage with the technical team to manage SLAs; otherwise, SLAs will never be consistently managed.

    Best practices for ticket handling

    Accurate data leads to good decisions. If working toward adding staff members, reducing recurring incidents, gaining access to better tools, or demonstrating value to the business, tickets will enable reporting and dashboards to manage your day-to-day business and provide reports to stakeholders.
    • Provide an easy way for end users to electronically submit tickets and encourage them to do so. This doesn’t mean you shouldn’t still accept phone calls, but that should be encouraged for time sensitive issues.
    • Create and update tickets, but not at the expense of good customer service. Agents can start the ticket but shouldn’t spend five minutes creating the ticket when they should be troubleshooting the problem.
    • Update the ticket when the issue is resolved or needs to be escalated. If agents are escalating, they should make sure all relevant information is passed along to the next technician.
    • Update user of ETA if issue cannot be resolved quickly.
    • Update categories to reflect the actual issue and resolution.
    • Reference or link to the knowledge base article as the documented steps taken to resolve the incident.
    • Validate incident is resolved with client. Automate this process with ticket closure after a certain time.
    • Close or resolve the ticket on time.
    Ticket templates (or quick tickets) for common incidents can lead to fast creation, data input, and categorizations. Templates can reduce the time it takes to create tickets from two minutes to 30 seconds.
    Sample ticket template.

    Create a right-sized self-service portal

    Review tickets and talk to the team to find out the most frequent requests and the most frequent incidents that could be solved by the end user if there were clear instructions. Check with your user community to see what they would like to see in the portal.

    A portal is only as attractive as it is useful. Enabling ticket creation and review is the bare minimum and may not entice users to the portal if email is just as easy to use for ticket creation.

    Consider opening the portal to groups other than IT. HR, finance, and others may have information they want to share or forms to fill in or download where an employee portal rather than an IT portal could be helpful. Work with other departments to see if they would find value. Make sure your solution is easy to use when adding content. Low-code options are useful for this.

    Portals could be built in the ITSM solution or SharePoint/Teams and should include:

    • Easy ways to create and see status on all tickets
    • Manuals, how-to articles, links to training
    • Answers to common questions, could be a wiki or Q&A for users to help each other as well as IT
    • Could have a chatbot to help people find documents or to create a ticket

    Info-Tech Insight

    Consider using video capture software to create short how-to videos for common questions. Vendors such as TechSmith Snagit , Vimeo Screen Recorder, Screencast-O-Matic Video Recording, and Movavi Screen Recording may be quick and easy to learn.

    49%

    49% of employees have trouble finding information at work

    35%

    Employees can cut time spent looking for information by 35% with quality intranet

    (Source: Liferay)

    Use customer satisfaction surveys to monitor service levels

    Transactional surveys are tied to specific interactions and provide a means of communication to help users communicate satisfaction or dissatisfaction with single interactions.
    • Keep it simple: One question to rate the service with opportunity to add a comment is enough to understand the sentiment and potential issues, and it will be more likely that the user will fill it out.
    • Follow up: Feedback will only be provided if customers think it’s being read and actioned. Set an alert to receive notification of any negative feedback and follow up within one or two business days to show you’re listening.

    A simple customer feedback form with smiley face scale.

    Relationship surveys can be run annually to obtain feedback on the overall customer experience.

    Inform yourself of how well you are doing or where you need improvement in the broad services provided.

    Provide a high-level perspective on the relationship between the business and IT.

    Help with strategic improvement decisions.

    Should be sent over a duration of time and to the entire customer base after they’ve had time to experience all the services provided by the service desk. This can be done on an annual basis.

    For example: Info-Tech’s End User Satisfaction Diagnostic. Included in your membership.

    Keep categorizations simple

    Asset categorization provides reports that are straightforward and useful for IT and that are typically used where the business isn’t demanding complex reports.

    Too many options can cause confusion; too few options provide little value. Try to avoid using “miscellaneous” – it’s not useful information. Test your tickets against your new scheme to make sure it works for you. Effective classification schemes are concise, easy to use correctly, and easy to maintain.

    Build out the categories with these questions:
    • What kind of asset am I working on? (type)
    • What general asset group am I working on? (category)
    • What particular asset am I working on? (sub-category)

    Create resolution codes to further modify the data for deeper reporting. This is typically a separate field, as you could use the same code for many categories. Keep it simple, but make sure it’s descriptive enough to understand the type of work happening in IT.

    Create and define simple status fields to quickly review tickets and know what needs to be actioned. Don’t stop the clock for any status changes unless you’re waiting on users. The elapsed time is important to measure from a customer satisfaction perspective.

    Info-Tech Insight

    Think about how you will use the data to determine which components need to be included in reports. If components won’t be used for reporting, routing, or warranty, reporting down to the component level adds little value.

    Example table of categorizations.


    Need to make quick progress? Use Info-Tech Research Group’s Service Desk Asset-Based Categories template.

    1.1 Build or review your categories

    1-3 hours

    Input: Existing tickets

    Output: Categorization scheme

    Materials: Whiteboard/Flip charts, Markers, Sample categorization scheme

    Participants: CIO, Service desk manager, Technicians

    Discuss:

    • How can you use categories and resolution information to enhance reporting?
    • What level of detail do you need to be able to understand the data and take action? What level of detail is too much?
    • Are current status fields allowing you to accurately assess pending work at a glance?

    Draft:

    1. Start with existing categories and review, identifying duplicates and areas of inconsistency.
    2. Write out proposed resolution codes and status fields and critically assess their value.
    3. Test categories and resolution codes against a few recent tickets.
    4. Record the ticket categorization scheme in the Incident Management and Service Desk – Standard Operating Procedure.

    Download the Incident Management and Service Desk – Standard Operating Procedure Template

    Separate tickets into service requests and incidents

    Tickets should be separated into different ticket types to be able to see briefly what needs to be prioritized. This may seem like a non-issue if you have a small team, but if you ever need to report how quickly you’re solving break-fix issues or whether you’re doing root cause analysis, this will save on future efforts. Separating ticket types may make it easier to route tickets automatically or to a new provider in the future.

    INCIDENTS

    SERVICE REQUESTS

    Icon of a bullseye.

    PRIORITIZATION

    Incidents will be prioritized based on urgency and impact to the organization. Service requests will be scheduled and only increase in prioritization if there is an issue with the request process (e.g. new hire start).
    Icon of a handshake.

    SLAs

    Did incidents get resolved according to prioritization rules? REPONSE & RESOLUTION Did service requests get completed on time? SCHEDULING & FULFILMENT
    Icon of a lightbulb.

    TRIAGE & ROOT CAUSE ANALYSIS

    Incidents will typically need triage at the service desk unless something is set up to go directly to a specialist. Service requests don’t need triage and can be routed automatically for approvals and fulfillment.

    “For me, the first key question is, is this keeping you from doing business? Is this a service request? Is it actually something that's broken? Well, okay. Now let's have the conversation about what's broken and keeping you from doing business.” (Anonymous CIO)

    Determine how service requests will be fulfilled

    Process steps for service requests: 'Request, Approve, Schedule, Fulfill, Notify requester, Close ticket'.

    • Identify standard requests, meaning any product approved for use and deployment in the organization.
    • Determine whether this should be published and how. Consider a service catalog with the ability to create tickets right from the request page. If there is an opportunity to automate fulfillment, build that into your workflow and project plans.
    • Create workflows for complicated requests such as onboarding, and build them into a template in the service desk tool. This will allow you to reduce the administrative work to deploy tasks.
    • Who will fulfill requests? There may be a need for more than one technician to be able to fulfill if volume dictates, but it’s important to determine what will be done by each level to quickly assign those tickets for scheduling. Define what will be done by each group of technicians.
    • Determine reasonable SLAs for most service requests. Identify which ones will not meet “normal” SLAs. As you build out a service catalog or automate fulfillment, SLAs can be refined.

    Info-Tech Insight

    Service requests are not as urgent as incidents and should be scheduled.

    Set the SLA based on time to fulfill, plus a buffer to schedule around more urgent service requests.

    1.2 Identify service requests and routing needs

    2-3 hours

    Input: Ticket data, Existing workflow diagrams

    Output: Workflow diagrams

    Materials: Whiteboard/Flip charts, Markers, Visio

    Participants: CIO, Service desk manager, Technicians

    Identify:

    1. Create your list of typical service requests and identify the best person to fulfill, based on complexity, documentation, specialty, access rights.
    2. Review service requests which include multiple people or departments, such as onboarding and offboarding
    3. Draw existing processes.
    4. Discuss challenges and critique existing process.
    5. Document proposed changes and steps that will need to be taken to improve the process.

    Download the Incident Management and Service Desk – Standard Operating Procedure Template

    Incident management

    Critical incidents and normal incidents

    Even with a small team, it’s important to define a priority for response and resolution time for SLA and uptime reporting and extracting insights for continual improvement efforts.

    • Mission-critical systems or problems that affect many people should always come first (i.e. Severity Level 1).
    • The bulk of reported problems, however, are often individual problems with desktop PCs (i.e. Severity Level 3 or 4).
    • Some questions to consider when deciding on problem severity include:
      • How is productivity affected?
      • How many users are affected?
      • How many systems are affected?
      • How critical are the affected systems to the organization?
    • Decide how many severity levels the organization needs the service desk to have. Four levels of severity is ideal for most organizations.
    Go to incident management for SE

    Super-specialization of knowledge is also a common factor in smaller teams and is caused by complex architectures. While helpful, if that knowledge isn’t documented, it can walk out the door with the resource and the rest of the team is left scrambling.

    Lessons learned may be gathered for critical incidents but often are not propagated, which impacts the ability to solve recurring incidents.

    Over time, repeated incidents can have a negative impact on the customer’s perception that the service desk is a credible and essential service to the business.

    Cover image for 'Incident Management for Small Enterprise'.
    Click picture for a link to the blueprint

    1.3 Activity: Identify critical systems

    1 hour

    Input: Ticket data, Business continuity plan

    Output: Service desk SOP

    Materials: Whiteboard/Flip charts, Markers

    Participants: CIO, Service desk manager, Technicians

    Discuss and document:

    1. Create a list of the most critical systems, and identify and document the escalation path.
    2. Review inventory of support documents for critical systems and identify any that require runbooks to ensure quick resolution in the event of an outage or major performance issue. Refer to the blueprint Incident Management for Small Enterprise to prioritize and document runbooks as needed.
    3. Review vendor agreements to determine if SLAs are appropriate to support needs. If there is a need for adjustments, determine options for modifying or renegotiating SLAs.

    Download the Incident Runbook Prioritization Tool

    Prioritization scheme

    Keep the priority scheme simple and meaningful, using this framework to communicate and report to stakeholders and set SLAs for response and resolution.
    1. Focus primarily on incidents. Service requests should always be medium urgency, unless there is a valid reason to move one to high level.
    2. Separate major outages from all other tickets as these are a major factor in business impact.
    3. Decide how many levels of severity are appropriate for your organization.
    4. Build a prioritization matrix, breaking down priority levels by impact and urgency.
    5. Build out the definitions of “impact” and “urgency” to complete the prioritization matrix.
    6. Run through examples of each priority level to make sure everyone is on the same page.
    A matrix of prioritization with rows as levels of 'IMPACT' and columns as levels of 'URGENCY'. Ratings range from 'Critical' at 'Extensive/Critical' to 'Low' at 'Low Impact/Low'.

    Document escalation rules and contacts

    Depending on the size of the team, escalations may be mostly to internal technical colleagues or could be primarily to vendors.

    • Ensure the list of escalation rules and contacts is accurate and available, adding expected SLAs for quick reference
    • If tickets are being escalated but shouldn’t be, ensure knowledge articles and training materials are up to date
    • Follow up on all external escalations, ensuring SLAs are respected
    • Publish an escalation path for clients if service is not meeting their needs (for internal and external providers) and automate escalations for tickets breaching SLAs
    Escalation rules strung together.
    User doesn’t know who will fix the issue but expects to see it done in a reasonable time. If issue cannot be resolved right away, set expectations for resolution time.
    • Document information so next technician doesn’t need to ask the same questions.
    • Escalate to the right technician the first time.
    • Check notes to catch up on the issue.
    • Run tests if necessary.
    • Contact user to troubleshoot and fix.
    • Meet SLAs or update client on new ETA.
    • Provide complete information to vendor.
    • Monitor resolution.
    • Follow up with vendor if delays.
    • Update client as needed.
    • Vendor will provide support according to agreement.
    • Encourage vendor to provide regular updates to IT.
    • Review vendor performance regularly.
    • IT will validate issue is resolved and close ticket.
    Validate user is happy with the experience

    Define, measure, and report on service level agreements

    Improving communications is the most effective way to improve customer service
    1. Set goals for time to respond and time to resolve for different incident levels, communicate to the technical team, and test ability to meet these goals.
    2. Set goals for time to fulfil for most service requests, document exceptions (e.g. onboarding).
    3. Create reports to measure against goals and determine what information will be most effective for reporting to the business.
    4. Management: Communicate expectations to the business leaders and end users.
    5. Management: Set regular cadence to meet with stakeholders to discuss expectations and review relevant metrics.
    6. Management: Determine how metrics will be tracked and reviewed to manage technical partners.
    Keep messaging simple
    • Be prepared with detailed reporting if needed, but focus on a few key metrics to inform stakeholders of progress against goals.
    • Use trending to tell a story, especially when presenting success stories.
    • Use appropriate media for each type of message. For example: SLAs can be listed on automated ticket responses or in a banner on the portal.

    Determine what communications are most important and who will do them

    Icon of a bperson ascending a staircase.

    PROACTIVE, PLANNED CHANGES

    From: Service Desk

    Messaging provided by engineer or director, sent to all employees; proactive planning with business unit leaders.

    Icon of a bullseye.

    OUTAGES & UPDATES

    From: Service Desk

    Use templates to send out concise messaging and updates hourly, with input from technical team working on restoring services to all; director to liaise with business stakeholders.

    Icon of a lightbulb.

    UPDATES TO SERVICES, SELF-SERVE

    From: Director

    Send announcements no more than monthly about new services and processes.

    Icon of a handshake.

    REGULAR STAKEHOLDER COMMUNICATIONS

    From: Director

    Monthly reporting to business and IT stakeholders on strategic and project goals, manage escalations.

    1.4 Create communications plan

    2 hours

    Input: Sample past communications

    Output: Communications templates

    Materials: Whiteboard/flip charts, Markers

    Participants: CIO, Service desk manager, Technicians

    Determine where templates are needed to ensure quick and consistent communications. Review sample templates and modify to suit your needs:

    1. Proactive, planned changes
    2. Outages and updates
    3. Updates to services, self-serve
    4. Regular stakeholder communications

    Download the communications templates

    Create reports that are useful and actionable

    Reporting serves two purposes:

    1. Accountability to stakeholders
    2. Identification of items that need action

    To determine what reports are needed, ask yourself:

    • What are your goals?
    • What story are you trying to tell?
    • What do you need to manage day to day?
    • What do you need to report to get funding?
    • What do you need to report to your stakeholders for service updates?

    Determine which metrics will be most useful to suit your strategic and operational goals

    STRATEGIC GOAL (stakeholders): Improve customer service evidenced by:

    TIME

    • Aged backlog
    • Service requests solved within SLA (could also look for quick ones, e.g. tickets solved in one day, % solved within one hour)
    • Volume of incidents and time to solve each type
    • Critical incidents solved in 4 hours
    • Incidents solved same day

    QUALITY

    • Percentage of tickets solved at first contact
    • SLAs missed
    • Percentage of services available to request through catalog
    • Percentage of tickets created through portal (speaks to quality of experience)
    • Customer satisfaction survey results – transactional and annual

    RESOURCES

    • Knowledge articles used by technicians
    • Knowledge articles used by end users
    • Tickets resolved at each technician level (volume)
    • Non-standard requests evaluated and fulfilled by volume & time served
    • Volume of recurring incidents
    OPERATIONAL GOALS: Report to director & technicians

    What else can you do to improve service?

    Review the next few pages to see if you need additional blueprints to help you:
    • Evaluate staffing and training needs to ensure the right number of resources are available and they have the skills they need for your environment.
    • Create self-service for end users to get quick answers and create tickets.
    • Create a knowledge base to ensure backup for technical expertise.
    • Develop customer service skills through training.
    • Perform ticket analysis to better understand your technical environment.

    Be agile in your approach to service

    It’s easy for small teams to get overwhelmed when covering for vacations, illness, or leave. Determine where priorities may be adjusted during busy or short-staffed times.

    • Have a plan to cross-train technicians and create comprehensive knowledge articles for coverage during vacations and unexpected absences.
    • Know where it makes sense to bring in vendors, such as for managed print services, or to cover for extended absences.
    • Look for opportunities to automate functions or reduce administrative overhead through workflows.
    • Identify any risks and determine how to mitigate, such as managing or changing administrative passwords.
    • Create self-serve to enable ticket creation and self-solve for those users who wish to use it.

    Staff the service desk to meet demand

    • With increasing complexity of support and demand on service desks, staff are often left feeling overwhelmed and struggling to keep up with ticket volume, resulting in long resolution times and frustrated end users.
    • However, it’s not as simple as hiring more staff to keep up with ticket volume. IT managers must have the data to support their case for increasing resources or even maintaining their current resources in an environment where many executives are looking to reduce headcount.
    • Without changing resources to match demand, IT managers will need to determine how to maximize the use of their resources to deliver better service.

    Cover image for 'Staff the Service Desk to Meet Demand'.
    Click picture for a link to the blueprint

    Create and manage a knowledge base

    With a small team, it may seem redundant to create a knowledge base, but without key system and process workflows and runbooks, an organization is still at risk of bottlenecks and knowledge failure.

    • Use a knowledge base to document pre-escalation troubleshooting steps, known errors and workarounds, and runbook solutions.
    • Where incidents may have many root causes, document which are the most frequent solutions and where variations are typically used.
    • Start with an inventory of personal documents, compare and consolidate into the knowledge base, and ensure they are accurate and up to date.
    • Assign someone to review articles on a regular basis and flag for editing and archiving as the technical environment changes.
    • Supplement with vendor-provided or purchased content. Two options for purchased content include RightAnswers or Netformx.

    Info-Tech Insight

    Appeal to a broad audience. Use non-technical language whenever possible to help less technical readers. Identify error messages and use screenshots where it makes sense. Take advantage of social features like voting buttons to increase use.

    Optimize the service desk with a shift-left strategy

    • “Shift left” is a strategy which moves appropriate technical work to users through knowledge articles, automation and service catalogs, freeing up time for technicians to work on more complex issues.
    • Many organizations have built a great knowledge base but fail to see the value of it over time as it becomes overburdened with overlapping and out-of-date information. Knowledge capture, updating, and review must be embedded into your processes if you want to keep the knowledge base useful.
    • Similarly, the self-service portal is often deployed out of the box with little input from end users and fails to deliver its intended benefits. The portal needs to be designed from the end user’s point of view with the goal of self-resolution if it will serve its purpose of deflecting tickets.

    Cover image for 'Optimize the Service Desk With a Shift-Left Strategy'.
    Click picture for a link to the blueprint

    Customer service isn’t just about friendliness

    Your team will all need to deal with end users at some point, and that may occur in times of high stress. Ensure the team has the skills they need to actively listen, stay positive, and de-escalate.

    Info-Tech’s customer service program is a modular approach to improve skills one area at a time. Delivering good customer service means being effective in these areas:
    • Customer focus – Focus on the customer and use a positive, caring, and helpful attitude.
    • Listening and verbal communication skills – Demonstrate empathy and patience, actively listen, and speak in user-friendly ways to help get your point across.
    • Written communication skills – Use appropriate tone, language, and terms in writing (whether via chat, email, or other).
    • Manage difficult situations – Remain calm and in control when dealing with difficult customers and situations.
    • Go the extra mile – Go beyond simply resolving the request to make each interaction positive and memorable.

    Deliver a customer service training program to your IT department

    • There’s a common misconception that customer service skills can’t be taught, so no effort is made to improve those skills.
    • Even when there is a desire to improve customer service, it’s hard for IT teams to make time for training and improvement when they’re too busy trying to keep up with tickets.
    • A talented service desk agent with both great technical and customer service skills doesn’t have to be a rare unicorn, and an agent without innate customer service skills isn’t a lost cause. Relevant and impactful customer service habits, techniques, and skills can be taught through practical, role-based training.
    • IT leaders can make time for this training through targeted, short modules along with continual on-the-job coaching and development.

    Cover image for 'Deliver Customer Service Training Program to Your IT Department'.
    Click picture for a link to the blueprint

    Improve your ticket analysis

    Once you’ve got great data coming into the ticketing system, it’s important to rethink your metrics and determine if there are more insights to be found.

    Analyzing ticket data involves:
    • Collecting ticket data and keeping it clean. Based on the metrics you’re analyzing, define ticket expectations and keep the data up to date.
    • Showing the value of the service desk. SLAs are meaningless if they are not met consistently. The prerequisite to implementing proper SLAs is fully understanding the proper workload of the service desk.
    • Understanding – and improving – the user experience. You cannot improve the user experience without meaningful metrics that allow you to understand the user experience. Different user groups will have different needs and different expectations of the level of service. Your metrics should reflect those needs and expectations.

    Analyze your service desk ticket data

    Properly analyzing ticket data is challenging for the following reasons:
    • Poor ticket hygiene and unclear ticket handling
    • Service desk personnel are not sure where to start with analysis
    • Too many metrics are tracked to parse actionable data from the noise
    Ticket data won’t give you a silver bullet, but it can help point you in the right direction.

    Cover image for 'Analyze Your Service Desk Ticket Data'.
    Click picture for a link to the blueprint

    Start doing problem management

    Proactively focusing on root cause analysis will reduce the most disruptive incidents to the organization.

    • A focus on elimination of critical incidents and the more disruptive recurring incidents will reduce future workloads for the team and improve customer satisfaction.
    • This can be challenging when the team is already struggling with workload; however, setting a regular cadence to review tickets, looking for trends, and identifying at least one focus area a month can be a positive outcome for everyone.
    • Focus on the most impactful ticket or service first. The initial goal should be to reduce or eliminate critical and high-impact incidents. Once the high-stress situations are reduced, proactively scheduling the smaller but still time-consuming repeatable incidents can be done.
    • Where you have vendors involved, work with them to determine when root cause analysis must happen and where they’ll need to coordinate with your team or other supporting vendors.

    Problem management

    Problem management can be challenging because it requires skills and knowledge to go deep into a problem and troubleshoot the root cause of an issue, but it also requires uninterrupted time.
    • Problem management, however, can be taught, and the issue isn’t always hard to spot if you have time to look.
    • Using tried and true methods for walking through an issue step by step will enable the team to improve their investigative and troubleshooting skills.
    • Reduction of one or two major incidents and recurring incidents per month will pay off quickly in reducing reactive ticket volume and improve customer satisfaction.

    Cover image for 'Problem Management'.
    Click picture for a link to the blueprint

    Create your roadmap with high-level requirements

    Determine what tasks and projects need to be completed to meet your improvement goals. Create a high-level project plan and balance with existing resources.

    Roadmap of high-level requirements with 'Goals' as row headers and their timelines mapped out across fiscal quarters.

    Bibliography

    Taylor, Sharon and Ivor Macfarlane. ITIL Small Scale Implementation. Office of Government Commerce, 2005.

    “Share, Collaborate, and Communicate on One Consistent Platform.” Liferay, n.d. Accessed 19 July 2022.

    Rodela, Jimmy. “A Beginner’s Guide to Customer Self-Service.” The Ascent, 18 May 2022. Web.

    Establish an Effective Data Protection Plan

    • Buy Link or Shortcode: {j2store}504|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $6,850 Average $ Saved
    • member rating average days saved: 9 Average Days Saved
    • Parent Category Name: Storage & Backup Optimization
    • Parent Category Link: /storage-and-backup-optimization
    • Business requirements can be vague. Not knowing the business needs often results in overspending and overexposure to liability through data hoarding.
    • Backup options are abundant. Disk, tape, or cloud? Each has drawbacks, efficiencies, and cost factors that should be considered.
    • Backup infrastructure is never greenfield. Any organization with a history has been doing backup. Existing software was likely determined by past choices and architecture.

    Our Advice

    Critical Insight

    • Don’t let failure be your metric.
      The past is not an indication of future performance! Quantify the cost of your data being unavailable to demonstrate value to the business.
    • Stop offloading backup to your most junior staff.
      Data protection should not exist in isolation. Get key leadership involved to ensure you can meet organizational requirements.
    • A lot of data is useless. Neglecting to properly tag and classify data will lead to a costly data protection solution that protects redundant, useless, or outdated data

    Impact and Result

    • Determine the current state of your data protection strategy by identifying the pains and gains of the solution and create a business-facing diagram to present to relevant stakeholders.
    • Quantify the value of data to the business to properly understand the requirements for data protection through a business impact analysis.
    • Identify the attributes and necessary requirements for your data tiers to procure a fit-for-purpose solution.

    Establish an Effective Data Protection Plan Research & Tools

    Start here – read the Executive Brief

    Read this Executive Brief to understand why the business should be involved in your data protection plan, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define the current state of your data protection plan

    Define the current state of your data protection practices by documenting the backup process and identifying problems and opportunities for the desired state.

    • Establish an Effective Data Protection Plan – Phase 1: Define the Current State of Your Data Protection Plan
    • Data Protection Value Proposition Canvas Template

    2. Conduct a business impact analysis to understand requirements for restoring data

    Understand the business priorities.

    • Establish an Effective Data Protection Plan – Phase 2: Conduct a Business Impact Analysis to Understand Requirements for Restoring Data
    • DRP Business Impact Analysis Tool
    • Legacy DRP Business Impact Analysis Tool
    • Data Protection Recovery Workflow

    3. Propose the future state of your data protection plan

    Determine the desired state.

    • Establish an Effective Data Protection Plan – Phase 3: Propose the Future State of Your Data Protection Plan

    4. Establish proper governance for your data protection plan

    Explore the component of governance required.

    • Establish an Effective Data Protection Plan – Phase 4: Establish Proper Governance for Your Data Protection Plan
    • Data Protection Proposal Template
    [infographic]

    Purchase Storage Without Buyer's Remorse

    • Buy Link or Shortcode: {j2store}505|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Storage & Backup Optimization
    • Parent Category Link: /storage-and-backup-optimization
    • Storage is a big ticket item that often only gets purchased every three to five years. Many buyers focus on capital costs and rely on vendors for scoping of requirements leading to overspending and buyer’s remorse.
    • Three-quarters of storage buyers are dissatisfied with at least one aspect of their most recent storage purchase, and over 40% of organizations switched vendors, making it critical to understand the market and the important factors to avoiding buyer’s remorse.

    Our Advice

    Critical Insight

    • Know where to negotiate on price. Many organizations spend as much or more effort on negotiating a better price as they do on assessing current and future requirements; yet, more than 35% of organizations report dissatisfaction with hardware, software, and/or maintenance and support costs from their most recent purchase.
    • Understand support agreements and vendor offerings. Organizations satisfied with their storage purchase spent more effort evaluating support capabilities of vendors and assessing current and future requirements.
    • Determine costs to scale-up your storage. More than 35% of organizations report dissatisfaction with costs to scale their solutions by adding disks or disk trays, following their initial contract, making it crucial to establish scaling costs with your vendor.

    Impact and Result

    • Get peace of mind knowing that the quote you’re about to sign delivers the solution and capabilities around software and support that you think you are getting.
    • Understand contract discounting levels and get advice around where further discounting can be negotiated with the reseller.
    • Future-proof your purchase by capitalizing on Info-Tech’s exposure to other clients’ past experiences.

    Purchase Storage Without Buyer's Remorse Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Purchase storage without buyer's remorse

    Ensure the purchase is the lowest cost with fewest future headaches.

    • Storyboard: Purchase Storage Without Buyer's Remorse

    2. Evaluate storage vendors and their product capabilities

    Select the most appropriate offering for business needs at a competitive price point.

    3. Ensure vendors reveal all details regarding strengths and weaknesses

    Get the lowest priced feature set for the selected product.

    • Storage Reseller Interrogation Script
    [infographic]

    Recruit and Retain People of Color in IT

    • Buy Link or Shortcode: {j2store}546|cart{/j2store}
    • member rating overall impact (scale of 10): 9.7/10 Overall Impact
    • member rating average dollars saved: $19,184 Average $ Saved
    • member rating average days saved: 21 Average Days Saved
    • Parent Category Name: Engage
    • Parent Category Link: /engage
    • Organizations have been trying to promote equality for many years. Diversity and inclusion strategies and a myriad of programs have been implemented in companies across the world. Despite the attempts, many organizations still struggle to ensure that their workforce is representative of the populations they support or want to support.
    • IT brings another twist. Many IT companies and departments are based on the culture of white males, and underrepresented ethnic communities find it more of a challenge to fit in.
    • This sometimes means that talented minorities are less incentivized to join or stay in technology.

    Our Advice

    Critical Insight

    • Diversity and inclusion cannot be a one-time campaign or a one-off initiative.
    • For real change to happen, every leader needs to internalize the value of creating and retaining diverse teams.

    Impact and Result

    • To stay competitive, IT leaders need to be more involved and commit to a plan to recruit and retain people of color in their departments and organizations. A diverse team is an answer to innovation that can differentiate your company.
    • Treat recruiting and retaining a diverse team as a business challenge that requires full engagement. Info-Tech offers a targeted solution that will help IT leaders build a plan to attract, recruit, engage, and retain people of color.

    Recruit and Retain People of Color in IT Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should recruit and retain people of color in your IT department or organization, review Info-Tech’s methodology, and understand the ways we can support you in this endeavor.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Recruit people of color in IT

    Diverse teams are necessary to foster creativity and guide business strategies. Overcome limitations by recruiting people of color and creating a diverse workforce.

    • Recruit and Retain People of Color in IT – Phase 1: Recruit People of Color in IT
    • Support Plan
    • IT Behavioral Interview Question Library

    2. Retain people of color in IT

    Underrepresented employees benefit from an expansive culture. Create an inclusive environment and retain people of color and promote value within your organization.

    • Recruit and Retain People of Color in IT – Phase 2: Retain People of Color in IT

    Infographic

    Workshop: Recruit and Retain People of Color in IT

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Setting the Stage

    The Purpose

    Introduce challenges and concerns around recruiting and retaining people of color.

    Key Benefits Achieved

    Gain a sense of direction.

    Activities

    1.1 Introduction to diversity conversations.

    1.2 Assess areas to focus on and determine what is right, wrong, missing, and confusing.

    1.3 Obtain feedback from your team about the benefits of working at your organization.

    1.4 Establish your employee value proposition (EVP).

    1.5 Discuss and establish your recruitment goals.

    Outputs

    Current State Analysis

    Right, Wrong, Missing, Confusing Quadrant

    Draft EVP

    Recruitment Goals

    2 Refine Your Recruitment Process

    The Purpose

    Identify areas in your current recruitment process that are preventing you from hiring people of color.

    Establish a plan to make improvements.

    Key Benefits Achieved

    Optimized recruitment process

    Activities

    2.1 Brainstorm and research community partners.

    2.2 Review current job descriptions and equity statement.

    2.3 Update job description template and equity statement.

    2.4 Set team structure for interview and assessment.

    2.5 Identify decision-making structure.

    Outputs

    List of community partners

    Updated job description template

    Updated equity statement

    Interview and assessment structure

    Behavioral Question Library

    3 Culture and Management

    The Purpose

    Create a plan for an inclusive culture where your managers are supported.

    Key Benefits Achieved

    Awareness of how to better support employees of color.

    Activities

    3.1 Discuss engagement and belonging.

    3.2 Augment your onboarding materials.

    3.3 Create an inclusive culture plan.

    3.4 Determine how to support your management team.

    Outputs

    List of onboarding content

    Inclusive culture plan

    Management support plan

    4 Close the Loop

    The Purpose

    Establish mechanisms to gain feedback from your employees and act on them.

    Key Benefits Achieved

    Finalize the plan to create your diverse and inclusive workforce.

    Activities

    4.1 Ask and listen: determine what to ask your employees.

    4.2 Create your roadmap.

    4.3 Wrap-up and next steps.

    Outputs

    List of survey questions

    Roadmap

    Completed support plan

    Transform Your Field Technical Support Services

    • Buy Link or Shortcode: {j2store}112|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design
    • Redefine the role of deskside or field technicians as demand for service evolves and service teams are restructured.
    • Redefine the role of onsite technicians when the help desk is outsourced.
    • Define requirements when supplementing with outsourced field services teams.
    • Identify barriers to streamlining processes.
    • Look for opportunities to streamline processes and better use technical teams.
    • Communicate and manage change to support roles.

    Our Advice

    Critical Insight

    • Service needs to be defined in a way that considers the organizational need for local, hands-on technicians, the need for customer service, and the need to make the best use of resources that you have.
    • Service level agreements will need to be refined and metrics will need to be analyzed for capacity and skilled planning.
    • Organizational change management will be key to persuade users to engage with the technical team in a way that supports the new structure.

    Impact and Result

    • Many IT teams are struggling to keep up with demand while trying to refocus on customer service. With more remote workers than ever, organizations who have traditionally provided desktop and field services have been revaluating the role of the field service technicians. Add in the price of fuel, and there is even more reason to assess the support model.
    • Often changes to the way IT does support, especially if moving centralized support to an outsourcer, is met with resistance by end users who don’t see the value of phoning someone else when their local technician is still available to problem solve. This speaks to the need to ensure the central group is providing value to end users as well as the technical team.
    • With the challenges of finding the right number of technicians with the right skills, it’s time to rethink remote support and how that can be used to train and upskill the people you have. And it’s time to think about how to use field services tools to make the best use of your technician’s time.

    Transform Your Field Technical Support Services Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Transform Field Services Guide – A brief deck that outlines key migration steps to improve our remote client support services.

    This blueprint will help you:

    • Transform Your Field Technical Services Storyboard

    2. Transform Field Services Template – A template to create a transformation proposal.

    This template will help you to build your proposal to transform your field services.

    • Proposal to Transform Field Technical Services Template
    [infographic]

    Further reading

    Transform Your Field Technical Support Services

    Improve service and reduce costs through digital transformation.

    Analyst Perspective

    Improve staffing challenges through digital transformation.

    Many IT teams are struggling to keep up with demand while trying to refocus on customer service. With more remote workers than ever, organizations who have traditionally provided desktop and field services have been revaluating the role of the field service technicians. Add in the price of fuel, and there is even more reason to assess the support model. Often changes to the way IT does support, especially if moving centralized support to an outsourcer, is met with resistance by end users who don’t see the value of phoning someone else when their local technician is still available to problem solve. This speaks to the need to ensure the central group is providing value to end users as well as the technical team. With the challenges of finding the right number of technicians with the right skills, it’s time to rethink remote support and how that can be used to train and upskill the people you have. And it’s time to think about how to use field services tools to make the best use of your technician’s time.

    The image contains a picture of Sandi Conrad.

    Sandi Conrad

    Principal Research Director

    Infrastructure & Operations Practice

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    With remote work becoming a normal employee offering for many organizations, self-serve/self-solve becoming more prominent, and a common call out to improve customer service, there is a need to re-examine the way many organizations are supplying onsite support. For organizations with a small number of offices, a central desk with remote tools may be enough or can be combined with a concierge service or technical center, but for organizations with multiple offices it becomes difficult to provide a consistent level of service for all customers unless there is a team onsite for each location. This may not be financially possible if there isn’t enough work to keep a technical team busy full-time.

    Common Obstacles

    Where people have a choice between calling a central phone number or talking to the technician down the hall, the in-person experience often wins out. End users may resist changes to in-person support as work is rerouted to a centralized group by choosing to wait for their favorite technician to show up onsite rather than reporting issues centrally. This can make the job of the onsite technician more challenging as they need to schedule time in every visit for unplanned work. And where technicians need to support multiple locations, travel needs to be calculated into lost technician time and costs.

    Info-Tech’s Approach

    • Service needs to be defined in a way that considers the organizational need for local, hands-on technicians, the need for customer service, and the need to make the best use of resources that you have.
    • Service-level agreements will need to be refined and metrics will need to be analyzed for capacity and skilled planning.
    • Organizational change management will be key to persuade users to engage with the technical team in a way that supports the new structure.

    Info-Tech Insight

    Improving process will be helpful for smaller teams, but as teams expand or work gets more complicated, investment in appropriate tools to support field services technicians will enable them to be more efficient, reduce costs, and improve outcomes when visits are warranted.

    Your challenge

    This research is designed to help organizations who are looking to:

    • Redefine the role of deskside or field technicians as demand for service evolves and service teams are restructured.
    • Redefine the role of onsite technicians when the help desk is outsourced.
    • Define requirements when supplementing with outsourced field services teams.
    • Identify barriers to streamlining processes.
    • Look for opportunities to streamline processes and better use technical teams.
    • Communicate and manage change to support roles.

    With many companies having new work arrangements for users, where remote work may be a permanent offering or if your digital transformation is well underway, this provides an opportunity to rethink how field support needs to be done.

    What is field services?

    Field services is in-person support delivered onsite at one or more locations. Management of field service technicians may include queue management, scheduling service and maintenance requests, triaging incidents, dispatching technicians, ordering parts, tracking job status, and billing.

    The image contains a diagram to demonstrate what may be supported by field services and what should be supported by field services.

    What challenges are you trying to solve within your field services offering?

    Focus on the reasons for the change to ensure the outcome can be met. Common goals include improved customer service, better technician utilization, and increased response time and stability.

    • Discuss specific challenges the team feels are contributing to less-than-ideal customer service.
    • Does the team have the skills, knowledge, and tools they need to be successful? Technicians may be solving issues with the customer looking over their shoulder. Having quick access to knowledge articles or to subject matter experts who can provide deeper expertise remotely may be the difference between a single visit to resolve or multiple or extended visits.
    • What percentage of tickets would benefit from triage and troubleshooting done remotely before sending a technician onsite? Where there are a high number of no-fault-found visits, this may be imperative to improving technician availability.
    • Review method for distribution of tickets, including batching criteria and dispatching of technicians. Are tickets being dispatched efficiently? By location and/or priority? Is there an attempt to solve more tickets centrally? Should there be? What SLA adjustment is reasonable for onsite visits?
    • Has the support value been defined?
    The image contains a graph to demonstrate Case Casuals in Field Services, where the highest at 55% is break/fix.

    Field services will see the biggest improvements through technology updates

    Customer Intake

    Provide tools for scheduling technicians, self-serve and self- or assisted-solve through ITSM or CRM-based portal and visual remote tools.

    The image contains a picture to demonstrate the different field services.

    Triage and Troubleshoot

    Upgrade remote tools to visual remote solutions to troubleshoot equipment as well as software. Eliminate no-fault-found visits and improve first-time fix rate by visually inspecting equipment before technician deployments.

    Improve Communications

    FSM GPS and SMS updates can be set to notify customers when a technician is close by and can be used for customer sign-off to immediately update service records and launch survey or customer billing where applicable.

    Schedule Technicians

    Field service management (FSM) ITSM modules will allow skills-based scheduling for remote technicians and determine best route for multi-site visits.

    Enable Work From Anywhere

    FSM mobile applications can provide technicians with daily schedules, turn-by-turn directions, access to inventory, knowledge articles, maintenance, and warranty and asset records. Visual remote captures service records and enables access to SMEs.

    Manage Expectations

    Know where technicians are for routing to emergency calls and managing workload using field service management solutions with GPS.

    Digital transformation can dramatically improve customer and technician experience

    The image contains an arrown that dips and rises dramatically to demonstrate how digital transformation can dramatically increase customer and technician experience.
    Sources: 1 - TechSee, 2019; 2 - Glartek; 3 - Geoforce; 4 - TechSee, 2020

    Improve technician utilization and scheduling with field services management software

    Field services management (FSM) software is designed to improve scheduling of technicians by skills and location while reducing travel time and mileage. When integrated with ITSM software, the service record is transferred to the field technician for continuity and to prepare for the job. FSM mobile apps will enable technicians to receive schedule updates through the day and through GPS update the dispatcher as technicians move from site to site.

    FSM solutions are designed to manage large teams of technicians, providing automated dispatch recommendations based on skills matching and proximity.

    Routes can be mapped to reduce travel time and mileage and adjusted to respond to emergency requests by technician skills or proximity. Automation will provide suggestions for work allocation.

    Spare parts management may be part of a field services solution, enabling technicians to easily identify parts needed and update real-time inventory as parts are deployed.

    Push notifications in real-time streamline communications from the field to the office, and enable technicians to close service records while in the field.

    Dispatchers can easily view availability, assign work orders, attach notes to work orders, and immediately receive updates if technicians acknowledge or reject a job.

    Maintenance work can be built into online checklists and forms to provide a technician with step-by-step instructions and to ensure a complete review.

    Skills and location-based routing allow dispatchers to be able to see closest tech for emergency deployments.

    Improve time to resolve while cutting costs by using visual remote support tools

    Visual remote support tools enable live video sessions to clearly see what the client or field service technician sees, enabling the experts to provide real-time assistance where the experts will provide guidance to the onsite person. Getting a view of the technology will reduce issues with getting the right parts, tools, and technicians onsite and dramatically reduce second visits.

    Visual remote tools can provide secure connections through any smartphone, with no need for the client to install an application.

    The technicians can take control of the camera to zoom in, turn on the flashlight for extra lighting, take photos, and save video directly to the tickets.

    Optical character recognition allows automatic text capture to streamline process to check warranty, recalls, and asset history.

    Visual, interactive workflows enhance break/fix and inspections, providing step-by-step guidance visual evidence and using AI and augmented reality to assess the images, and can provide next steps by connecting to a visual knowledgebase.

    Integration with field service management tools will allow information to easily be captured and uploaded immediately into the service record.

    Self-serve is available through many of these tools, providing step-by-step instructions using visual cues. These solutions are designed to work in low-bandwidth environments, using Wi-Fi or cellular service, and sessions can be started with a simple link sent through SMS.

    CIO Priorities 2023

    • Buy Link or Shortcode: {j2store}84|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $10,000 Average $ Saved
    • member rating average days saved: 9 Average Days Saved
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy

    CIOs are facing these challenges in 2023:

    • Trying to understand the implications of external trends.
    • Determining what capabilities are most important to support the organization.
    • Understanding how to help the organization pursue new opportunities.
    • Preparing to mitigate new sources of organizational risk.

    Our Advice

    Critical Insight

    • While functional leaders may only see their next move, as head of the organization with a complete view of all the pieces, the CIO has full context awareness. It's up to them to assess their gaps, consider the present scenario, and then make their next move.
    • Each priority carries new opportunities for organizations that pursue them.
    • There are also different risks to mitigate as each priority is explored.

    Impact and Result

    • Inform your IT strategy for the year ahead.
    • Identify which capabilities you need to improve.
    • Add initiatives that support your priorities to your roadmap.

    CIO Priorities 2023 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. CIO Priorities 2023 Report – Read about the priorities on IT leaders' agenda.

    Understand the five priorities that will help navigate the opportunities and risks of the year ahead.

    • CIO Priorities 2023 Report

    Infographic

    Further reading

    CIO Priorities 2023

    Engage cross-functional leadership to seize opportunity while protecting the organization from volatility.

    Analyst Perspective

    Take a full view of the board and use all your pieces to win.

    In our Tech Trends 2023 report, we called on CIOs to think of themselves as chess grandmasters. To view strategy as playing both sides of the board, simultaneously attacking the opponent's king while defending your own. In our CIO Priorities 2023 report, we'll continue with that metaphor as we reflect on IT's capability to respond to trends.

    If the trends report is a study of the board state that CIOs are playing with, the priorities report is about what move they should make next. We must consider all the pieces we have at our disposal and determine which ones we can afford to use to seize on opportunity. Other pieces are best used by staying put to defend their position.

    In examining the different capabilities that CIOs will require to succeed in the year ahead, it's apparent that a siloed view of IT isn't going to work. Just like a chess player in a competitive match would never limit themselves to only using their knights or their rooks, a CIO's responsibility is to deploy each of their pieces to win the day. While functional leaders may only see their next move, as head of the organization with a complete view of all the pieces, the CIO has full awareness of the board state.

    It's up to them to assess their gaps, consider the present scenario, and then make their next move.

    This is a picture of Brian Jackson

    Brian Jackson
    Principal Research Director, Research – CIO
    Info-Tech Research Group

    CIO Priorities 2023 is informed by Info-Tech's primary research data of surveys and benchmarks

    Info-Tech's Tech Trends 2023 report and State of Hybrid Work in IT: A Trend Report inform the externalities faced by organizations in the year ahead. They imply opportunities and risks that organizations face. Leadership must determine if they will respond and how to do so. CIOs then determine how to support those responses by creating or improving their IT capabilities. The priorities are the initiatives that will deliver the most value across the capabilities that are most in demand. The CIO Priorities 2023 report draws on data from several different Info-Tech surveys and diagnostic benchmarks.

    2023 Tech Trends and Priorities Survey; N=813 (partial), n=521 (completed)
    Info-Tech's Trends and Priorities 2023 Survey was conducted between August 9 and September 9, 2022. We received 813 total responses with 521 completed surveys. More than 90% of respondents work in IT departments. More than 84% of respondents are at a manager level of seniority or higher.

    2023 The State of Hybrid Work in IT Survey; N=518
    The State of Hybrid Work in IT Survey was conducted between July 11 and July 29 and received 518 responses. Nine in ten respondents were at a manager level of seniority or higher.

    Every organization will have its own custom list of priorities based on its internal context. Organizational goals, IT maturity level, and effectiveness of capabilities are some of the important factors to consider. To provide CIOs with a starting point for their list of priorities for 2023, we used aggregate data collected in our diagnostic benchmark tools between August 1, 2021, and October 31, 2022.

    Info-Tech's CEO-CIO Alignment Program is intended to be completed by CIOs and their supervisors (CEO or other executive position [CxO]) and will provide the average maturity level and budget expectations (N=107). The IT Management and Governance Diagnostic will provide the average capability effectiveness and importance ranking to CIOs (N=271). The CIO Business Vision Diagnostic will provide stakeholder satisfaction feedback (N=259).

    The 2023 CIO priorities are based on that data, internal collaboration sessions at Info-Tech, and external interviews with CIOs and subject matter experts.

    Build IT alignment

    Assess your IT processes

    Determine stakeholder satisfaction

    Most IT departments should aim to drive outcomes that deliver better efficiency and cost savings

    Slightly more than half of CIOs using Info-Tech's CEO-CIO Alignment Program rated themselves at a Support level of maturity in 2022. That aligns with IT professionals' view of their organizations from our Tech Trends and Priorities Survey, where organizations are rated at the Support level on average. At this level, IT departments can provide reliable infrastructure and support a responsive IT service desk that reasonably satisfies stakeholders.

    In the future, CIOs aspire to attain the Transform level of maturity. Nearly half of CIOs select this future state in our diagnostic, indicating a desire to deliver reliable innovation and lead the organization to become a technology-driven firm. However, we see that fewer CxOs aspire for that level of maturity from IT. CxOs are more likely than CIOs to say that IT should aim for the Optimize level of maturity. At this level, IT will help other departments become more efficient and lower costs across the organization.

    Whether a CIO is aiming for the top of the maturity scale in the future or not, IT maturity is achieved one step at a time. Aiming for outcomes at the Optimize level will be a realistic goal for most CIOs in 2023 and will satisfy many stakeholders.

    Current and future state of IT maturity

    This image depicts a table showing the Current and future states of IT maturity.

    Trends indicate a need to focus on leadership and change management

    Trends imply new opportunities and risks that an organization must decide on. Organizational leadership determines if action will be taken to respond to the new external context based on its importance compared to current internal context. To support their organizations, IT must use its capabilities to deliver on initiatives. But if a capability's effectiveness is poor, it could hamper the effort.

    To determine what capabilities IT departments may need to improve or create to support their organizations in 2023, we conducted an analysis of our trends data. Using the opportunities and risks implied by the Tech Trends 2023 report and the State of Hybrid Work in IT: A Trend Report, we've determined the top capabilities IT will need to respond. Capabilities are defined by Info-Tech's IT Management and Governance Framework.

    Tier 1: The Most Important Capabilities In 2023

    Enterprise Application Selection & Implementation

    Manage the selection and implementation of enterprise applications, off-the-shelf software, and software as a service to ensure that IT provides the business with the most appropriate applications at an acceptable cost.

    Effectiveness: 6.5; Importance: 8.8

    Leadership, Culture, and Values

    Ensure that the IT department reflects the values of your organization. Improve the leadership skills of your team to generate top performance.

    Effectiveness: 6.9; Importance: 9

    Data Architecture

    Manage the business' databases, including the technology, the governance processes, and the people that manage them. Establish the principles, policies, and guidelines relevant to the effective use of data within the organization.

    Effectiveness: 6.3; Importance: 8.8

    Organizational Change Management

    Implement or optimize the organization's capabilities for managing the impact of new business processes, new IT systems, and changes in organizational structure or culture.

    Effectiveness: 6.1; Importance: 8.8

    External Compliance

    Ensure that IT processes and IT-supported business processes are compliant with laws, regulations, and contractual requirements.

    Effectiveness: 7.4; Importance: 8.8

    Info-Tech's Management and Diagnostic Benchmark

    Tier 2: Other Important Capabilities In 2023

    Ten more capabilities surfaced as important compared to others but not as important as the capabilities in tier 1.

    Asset Management

    Track IT assets through their lifecycle to make sure that they deliver value at optimal cost, remain operational, and are accounted for and physically protected. Ensure that the assets are reliable and available as needed.

    Effectiveness: 6.4; Importance: 8.5

    Business Intelligence and Reporting

    Develop a set of capabilities, including people, processes, and technology, to enable the transformation of raw data into meaningful and useful information for the purpose of business analysis.

    Effectiveness: 6.3; Importance: 8.8

    Business Value

    Secure optimal value from IT-enabled initiatives, services, and assets by delivering cost-efficient solutions and services and by providing a reliable and accurate picture of costs and benefits.

    Effectiveness: 6.5; Importance: 8.7

    Cost and Budget Management

    Manage the IT-related financial activities and prioritize spending through the use of formal budgeting practices. Provide transparency and accountability for the cost and business value of IT solutions and services.

    Effectiveness: 6.5; Importance: 8.8

    Data Quality

    Put policies, processes, and capabilities in place to ensure that appropriate targets for data quality are set and achieved to match the needs of the business.

    Effectiveness: 6.4; Importance: 8.9

    Enterprise Architecture

    Establish a management practice to create and maintain a coherent set of principles, methods, and models that are used in the design and implementation of the enterprise's business processes, information systems, and infrastructure.

    Effectiveness: 6.8; Importance: 8.8

    IT Organizational Design

    Set up the structure of IT's people, processes, and technology as well as roles and responsibilities to ensure that it's best meeting the needs of the business.

    Effectiveness: 6.8; Importance: 8.8

    Performance Measurement

    Manage IT and process goals and metrics. Monitor and communicate that processes are performing against expectations and provide transparency for performance and conformance.

    Effectiveness: 6; Importance: 8.4

    Stakeholder Relations

    Manage the relationship between the business and IT to ensure that the stakeholders are satisfied with the services they need from IT and have visibility into IT processes.

    Effectiveness: 6.7; Importance: 9.2

    Vendor Management

    Manage IT-related services provided by all suppliers, including selecting suppliers, managing relationships and contracts, and reviewing and monitoring supplier performance.

    Effectiveness: 6.6; Importance: 8.4

    Defining the CIO Priorities for 2023

    Understand the CIO priorities by analyzing both how CIOs respond to trends in general and how a specific CIO responded in the context of their organization.

    This is an image of the four analyses: 1: Implications; 2: Opportunities and risks; 3: Case examples; 4: Priorities to action.

    The Five CIO Priorities for 2023

    Engage cross-functional leadership to seize opportunity while protecting the organization from volatility.

    1. Adjust IT operations to manage for inflation
      • Business Value
      • Vendor Management
      • Cost and Budget Management
    2. Prepare your data pipeline to train AI
      • Business Intelligence and Reporting
      • Data Quality
      • Data Architecture
    3. Go all in on zero-trust security
      • Asset Management
      • Stakeholder Relations
      • External Compliance
    4. Engage employees in the digital age
      • Leadership, Culture, and Values
      • Organizational Change Management
      • Enterprise Architecture
    5. Shape the IT organization to improve customer experience
      • Enterprise Application Selection & Implementation
      • Performance Measurement
      • IT Organizational Design

    Adjust IT operations to manage for inflation

    Priority 01

    • APO06 Cost and Budget Management
    • APo10 Vendor Management
    • EDM02 Business Value

    Recognize the relative impact of higher inflation on IT's spending power and adjust accordingly.

    Inflation takes a bite out of the budget

    Two-thirds of IT professionals are expecting their budgets to increase in 2023, according to our survey. But not every increase is keeping up with the pace of inflation. The International Monetary Fund forecasts that global inflation rose to 8.8% in 2022. It projects it will decline to 6.5% in 2023 and 4.1% by 2024 (IMF, 2022).

    CIOs must account for the impact of inflation on their IT budgets and realize that what looks like an increase on paper is effectively a flat budget or worse. Applied to our survey takers, an IT budget increase of more than 6.5% would be required to keep pace with inflation in 2023. Only 40% of survey takers are expecting that level of increase. For the 27% expecting an increase between 1-5%, they are facing an effective decrease in budget after the impact of inflation. Those expecting no change in budget or a decrease will be even worse off.

    Looking ahead to 2023, how do you anticipate your IT spending will change compared to spending in 2022?

    Global inflation estimates by year

    2022 8.8%
    2023 6.5%
    2024 4.1%

    International Monetary Fund, 2022

    CIOs are more optimistic about budgets than their supervisors

    Data from Info-Tech's CEO-CIO Alignment Diagnostic benchmark also shows that CIOs and their supervisors are planning for increases to the budget. This diagnostic is designed for a CIO to use with their direct supervisor, whether it's the CEO or otherwise (CxO). Results show that on average, CIOs are more optimistic than their supervisors that they will receive budget increases and headcount increases in the years ahead.

    While 14% of CxOs estimated the IT budget would see no change or a decrease in the next three to five years, only 3% of CIOs said the same. A larger discrepancy is seen in headcount, where nearly one-quarter of CXOs estimated no change or decrease in the years ahead, versus only 10% of CIOs estimating the same.

    When we account for the impact of inflation in 2023, this misalignment between CIOs and their supervisors increases. When adjusting for inflation, we need to view the responses projecting an increase of between 1-5% as an effective decrease. With the inflation adjustment, 26% of CXOs are predicting IT budgets to stay flat or see a decrease compared to only 10% of CIOs.

    CIOs should consider how inflation has affected their projected spending power over the past year and take into account projected inflation rates over the next couple of years. Given that the past decade has seen inflation rates between 2-3%, the higher rates projected will have more of an impact on organizational budgets than usual.

    Expect headcount to stay flat or decline over 3-5 years

    CIO: 10%; CXO: 24%

    IT budget expectations to stay flat or decrease before inflation

    CIO: 13.6 %; CXO: 3.2%

    IT budget expectations to stay flat or decrease adjusted for inflation

    CIO: 25.8%; CXO: 9.7%

    Info-Tech's CEO-CIO Alignment Program

    Opportunities

    Appoint a "cloud economist"

    Organizations that migrated from on-premises data centers to infrastructure as a service shifted their capital expenditures on server racks to operational expenditures on paying the monthly service bill. Managing that monthly bill so that it is in line with desired performance levels now becomes crucial. The expected benefit of the cloud is that an organization can turn the dial up to meet higher demand and turn it down when demand slows. In practice this is sometimes more difficult to execute than anticipated. Some IT departments realize their cloud-based data flows aren't always connected to the revenue-generating activity seen in the business. As a result, a "cloud economist" is needed to closely monitor cloud usage and adjust it to financial expectations. Especially during any recessionary period, IT departments will want to avoid a "bill shock" incident.

    Partner with technology providers

    Keep your friends close and your vendors closer. Look for opportunities to create leverage with your strategic vendors to unlock new opportunities. Identify if a vendor you work with is not entrenched in your industry and offer them the credibility of working with you in exchange for a favorable contract. Offering up your logo for a website listing clients or giving your own time to speak in a customer session at a conference can go a long way to building up some goodwill with your vendors. That's goodwill you'll need when you ask for a new multi-year contract on your software license without annual increases built into the structure.

    Demonstrate IT projects improve efficiency

    An IT department that operates at the Optimize level of Info-Tech's maturity scale can deliver outcomes that lower costs for other departments. IT can defend its own budget if it's able to demonstrate that its initiatives will automate or augment business activities in a way that improves margins. The argument becomes even more compelling if IT can demonstrate it is supporting a revenue-generating initiative or customer-facing experience. CIOs will need to find business champions to vouch for the important contributions IT is making to their area.

    Risks

    Imposition of non-financial reporting requirements

    In some jurisdictions, the largest companies will be required to start collecting information on carbon emissions emitted as a result of business activities by the end of next year. Smaller sized organizations will be next on the list to determine how to meet new requirements issued by various regulators. Risks of failure include facing fines or being shunned by investors. CIOs will need to support their financial reporting teams in collecting the new required data accurately. This will incur new costs as well.

    Rising asset costs

    Acquiring IT equipment is becoming more expensive due to overall inflation and specific pressures around semiconductor supply chains. As a result, more CIOs are extending their device refresh policies to last another year or two. Still, demands for new devices to support new hybrid work models could put pressure on budgets as IT teams are asked to modernize conferencing rooms. For organizations adopting mixed reality headsets, cutting-edge capabilities will come at a premium. Operating costs of devices may also increase as inflation increases costs of the electricity and bandwidth they depend on.

    CASE STUDY
    Leverage your influence in vendor negotiations

    Denise Cornish, Associate VP of IT and Deputy COO,
    Western University of Health Sciences

    Since taking on the lead IT role at Western University in 2020, Denise Cornish has approached vendor management like an auditable activity. She evaluates the value she gets from each vendor relationship and creates a list of critical vendors that she relies upon to deliver core business services. "The trick is to send a message to the vendor that they also need us as a customer that's willing to act as a reference," she says. Cornish has managed to renegotiate a contract with her ERP vendor, locking in a multi-year contract with a very small escalator in exchange for presenting as a customer at conferences. She's also working with them on developing a new integration to another piece of software popular in the education space.

    Western University even negotiated a partnership approach with Apple for a program run with its College of Osteopathic Medicine of the Pacific (COMP) called the Digital Doctor Bag. The partnership saw Apple agree to pre-package a customer application developed by Western that delivered the curriculum to students and facilitated communications across students and faculty. Apple recognized Western as an Apple Distinguished School, a program that recognizes innovative schools that use Apple products.

    "I like when negotiations are difficult.
    I don't necessarily expect a zero-sum game. We each need to get something out of this and having the conversation and really digging into what's in it for you and what's in it for me, I enjoy that. So usually when I negotiate a vendor contract, it's rare that it doesn't work out."

    CASE STUDY
    Control cloud costs with a simplified approach

    Jim Love, CIO, IT World Canada

    As an online publisher and a digital marketing platform for technology products and services companies, IT World Canada (ITWC) has observed that there are differences in how small and large companies adopt the cloud as their computing infrastructure. For smaller companies, even though adoption is accelerating, there may still be some reluctance to fully embrace cloud platforms and services. While larger companies often have a multi-cloud approach, this might not be practical for smaller IT shops that may struggle to master the skills necessary to effectively manage one cloud platform. While Love acknowledges that the cloud is the future of corporate computing, he also notes that not all applications or workloads may be well suited to run in the cloud. As well, moving data into the cloud is cheap but moving it back out can be more expensive. That is why it is critical to understand your applications and the data you're working with to control costs and have a successful cloud implementation.

    "Standardization is the friend of IT. So, if you can standardize on one platform, you're going to do better in terms of costs."

    From priorities to action

    Go deeper on pursuing your priorities by improving the associated capabilities.

    Improve Cost and Budget Management

    Take control of your cloud costs by providing central financial oversight on the infrastructure-as-a-service provider your organization uses. Create visibility into your operational costs and define policies to control them. Right-size the use of cloud services to stay within organizational budget expectations.

    Take Control of Cloud Costs on AWS

    Take Control of Cloud Costs on Microsoft Azure

    Improve Business Value

    Reduce the funds allocated to ongoing support and impose tougher discipline around change requests to lighten your maintenance burden and make room for investment in net-new initiatives to support the business.

    Free up funds for new initiatives

    Improve Vendor Management

    Lay the foundation for a vendor management process with long-term benefits. Position yourself as a valuable client with your strategic vendors and leverage your position to improve your contract terms.

    Elevate Your Vendor Management Initiative

    Prepare your data pipeline to train AI

    Priority 02

    • ITRG06 BUSINESS INTELLIGENCE AND REPORTING
    • ITRG07 DATA ARCHITECTURE
    • ITRG08 DATA QUALITY

    Keep pace as the market adopts AI capabilities, and be ready to create competitive advantage.

    Today's innovation is tomorrow's expectation

    During 2022, some compelling examples of generative-AI-based products took the world by storm. Images from AI-generating bots Midjourney and Stable Diffusion went viral, flooding social media and artistic communities with images generated from text prompts. Exchanges with OpenAI's ChatGPT bot also caught attention, as the bot was able to do everything from write poetry, to provide directions on a cooking recipe and then create a shopping list for it, to generate working code in a variety of languages. The foundation models are trained with AI techniques that include generative adversarial networks, transformers, and variational autoencoders. The end result is an algorithm that can produce content that's meaningful to people based on some simple direction. The industry is only beginning to come to grips with how this sort of capability will disrupt the enterprise.

    Slightly more than one-third of IT professionals say their organization has already invested in AI or machine learning. It's the sixth-most popular technology to have already invested in after cloud computing (82%), application programming interfaces (64%), workforce management solutions (44%), data lakes (36%), and next-gen cybersecurity (36%). It's ahead of 12 other technologies that IT is already invested in.

    When we asked what technologies organizations planned to invest in for next year, AI rocketed up the list to second place, as it's selected by 44% of IT professionals. It falls behind only cloud computing. This jump up the list makes AI the fastest growing technology for new investment from organizations.

    Many AI capabilities seem cutting edge now, but organizations are prioritizing it as a technology investment. In a couple of years, access to foundational models that produce images, text, or code will become easy to access with a commercial license and an API integration. AI will become embedded in off-the-shelf software and drive many new features that will quickly become commonplace.

    To stay even with the competition and meet customer expectations, organizations will have to work to at least adopt these AI-enhanced products and services. For those that want to create a competitive advantage, they will have to build a data pipeline that is capable of training their own custom AI models based on their unique data sets.

    Which of the following technology categories has your organization already invested in?

    A bar graph is depicted the percentage of organizations which already had invested in the following Categories: Cloud Computing; Application Programming; Next-Gen Cybersecurity; Workforce Management Solutions; Data Lake/Lakehouse; Artificial Intelligence or Machine Learning.

    Which of those same technologies does your organization plan to invest in by the end of 2023?

    A bar graph is depicted the percentage of organizations which plan to invest in the following categories by the end of 2023: No-Code / Low-Code Platforms; Next-Gen Cybersecurity; Application Programming Interfaces (APIs); Data Lake / Lakehouse; Artificial Intelligence (AI) or Machine Learning; Cloud Computing

    Tech Trends 2023 Survey

    Data quality and governance will be critical to customize generative AI

    Data collection and analysis are on the minds of both CIOs and their supervisors. When asked what technologies the business should adopt in the next three to five years, big data (analytics) ranked as most critical to adopt among CIOs and their supervisors. Big data (collection) ranked fourth out of 11 options.

    Organizations that want to drive a competitive advantage from generative AI will need to train these large, versatile models on their own data sets. But at the same time, IT organizations are struggling to provide clean data. The second-most critical gap for IT organizations on average is data quality, behind only organizational change management. Organizations know that data quality is important to support analytics goals, as algorithms can suffer in their integrity if they don't have reliable data to work with. As they say, garbage in, garbage out.

    Another challenge to overcome is the gap seen in IT governance, the sixth largest gap on average. Using data toward training custom generative models will hold new compliance and ethical implications for IT departments to contend with. How user data can be leveraged is already the subject of privacy legislation in many different jurisdictions, and new AI legislation is being developed in various places around the world that could create further demands. In some cases, users are reacting negatively to AI-generated content.

    Biggest capability gaps between rated importance and effectiveness

    This is a Bar graph showing the capability gaps between rated importance and effectiveness.

    IT Management and Governance Diagnostic

    Most critical technologies to adopt rated by CIOs and their supervisors

    This is a Bar graph showing the most critical technologies to adopt as rated by CIO's and their supervisors

    CEO-CIO Alignment Program

    Opportunities

    Enterprise content discovery

    Many organizations still cobble together knowledgebases in SharePoint or some other shared corporate drive, full of resources that no one quite knows how to find. A generative AI chatbot holds potential to be trained on an organization's content and produce content based on an employee's queries. Trained properly, it could point employees to the right resource they need to answer their question or just provide the answer directly.

    Supply chain forecasts

    After Hurricane Ian shut down a Walmart distribution hub, the retailer used AI to simulate the effects on its supply chain. It rerouted deliveries from other hubs based on the predictions and planned for how to respond to demand for goods and services after the storm. Such forecasts would typically take a team of analysts days to compose, but thanks to AI, Walmart had it done in a matter of hours (The Economist, 2022).

    Reduce the costs of AI projects

    New generative AI models of sufficient scale offer advantages over previous AI models in their versatility. Just as ChatGPT can write poetry or dialogue for a play or perhaps a section of a research report (not this one, this human author promises), large models can be deployed for multiple use cases in the enterprise. One AI researcher says this could reduce the costs of an AI project by 20-30% (The Economist, 2022).

    Risks

    Impending AI regulation

    Multiple jurisdictions around the world are pursuing new legislation that imposes requirements on organizations that use AI, including the US, Europe, and Canada. Some uses of AI will be banned outright, such as the real-time use of facial recognition in public spaces, while in other situations people can opt out of using AI and work with a human instead. Regulations will take the risk of the possible outcomes created by AI into consideration, and organizations will often be required to disclose when and how AI is used to reach decisions (Science | Business, 2022). Questions around whether creators can prevent their content from being used for training AI are being raised, with some efforts already underway to collect a list of those who want to opt out. Organizations that adopt a generative AI model today may find it needs to be amended for copyright reasons in the future.

    Bias in the algorithms

    Organizations using a large AI model trained by a third party to complete their tasks or as a foundation to further customize it with their own data will have to contend with the inherent bias of the algorithm. This can lead to unintended negative experiences for users, as it did for MIT Technology Review journalist Melissa Heikkilä when she uploaded her images to AI avatar app Lensa, only to have it render a collection of sexualized portraits. Heikkilä contends that her Asian heritage overly influenced the algorithm to associate her with video-game characters, anime, and adult content (MIT Technology Review, 2022).

    Convincing nonsense

    Many of the generative AI bots released so far often create very good responses to user queries but sometimes create nonsense that at first glance might seem to be accurate. One example is Meta's Galactica bot – intended to streamline scientific research discovery and aid in text generation – which was taken down only three days after being made available. Scientists found that it generated fake research that sounded convincing or failed to do math correctly (Spiceworks, 2022).

    CASE STUDY
    How MLSE enhances the Toronto Raptors' competitiveness with data-driven practices

    Christian Magsisi, Vice President of Venue and Digital Technology, MLSE

    At the Toronto Raptors practice facility, the OVO Athletic Centre, a new 120-foot custom LG video screen towers over the court. The video board is used to playback game clips so coaches can use them to teach players, but it also displays analytics from algorithmic models that are custom-made for each player. Data on shot-making or defensive deflections are just a couple examples of what might inform the players.

    Vice President of Digital Technology Christian Magsisi leads a functional Digital Labs technical group at MLSE. The in-house team builds the specific data models that support the Raptors in their ongoing efforts to improve. The analytics are fed by Noah Analytics, which uses cognitive vision to provide real-time feedback on shot accuracy. SportsVU is a motion capture system that represents how players are positioned on the court, with detail down to which way they are facing and whether their arms are up or down. The third-party vendors provide the solutions to generate the analytics, but it's up to MLSE's internal team to shape them to be actionable for players during a practice.

    "All the way from making sure that a specific player is achieving the results that they're looking for and showing that through data, or finding opportunities for the coaching staff. This is the manifestation of it in real life. Our ultimate goal with the coaches was to be able to take what was on emails or in a report and sometimes even in text message and actually implement it into practice."

    Read the full story on Spiceworks Insights.

    How MLSE enhances the Toronto Raptors' competitiveness with data-driven practices (cont.)

    Humza Teherany, Chief Technology Officer, MLSE

    MLSE's Digital Labs team architects its data insights pipeline on top of cloud services. Amazon Web Services Rekognition provides cognitive vision analysis from video and Amazon Kinesis provides the video processing capabilities. Beyond the court, MLSE uses data to enhance the fan experience, explains CTO Humza Teherany. It begins with having meaningful business goals about where technology can provide the most value. He starts by engaging the leadership of the organization and considering the "art of the possible" when it comes to using technology to unlock their goals.

    Humza Teherany (left) and Christian Magsisi lead MLSE's digital efforts for the pro sports teams owned by the group, including the Toronto Raptors, Toronto Maple Leafs, and Toronto Argonauts. (Photo by Brian Jackson).

    Read the full story on Spiceworks Insights.

    "Our first goal in the entire buildup of the Digital Labs organization has been to support MLSE and all of our teams. We like to do things first. We leverage our own technology to make things better for our fans and for our teams to complete and find incremental advantages where possible."
    Humza Teherany,
    Chief Technology Officer, MLSE

    From priorities to action

    Go deeper on pursuing your priorities by improving the associated capabilities.

    Improve Data Quality

    The performance of AI-assisted tools depends on mature IT operations processes and reliable data sets. Standardize service management processes and build a knowledgebase of structured content to prepare for AI-assisted IT operations.

    Prepare for Cognitive Service Management

    Improve Business Intelligence and Reporting

    Explore the enterprise chatbots that are available to not only assist with customer interactions but also help your employees find the resources they need to do their jobs and retrieve data in real time.

    Explore the best chatbots software

    Improve Data Architecture

    Understand if you are ready to embark on the AI journey and what business use cases are appropriate for AI. Plan around the organization's maturity in people, tools, and operations for delivering the correct data, model development, and model deployment and managing the models in the operational areas.

    Create an Architecture for AI

    Go all in on zero-trust security

    Priority 03

    • BAI09 ASSET MANAGEMENT
    • APO08 STAKEHOLDER RELATIONS
    • MEA03 EXTERNAL COMPLIANCE

    Adopt zero-trust architecture as the new security paradigm across your IT stack and from an organizational risk management perspective.

    Putting faith in zero trust

    The push toward a zero-trust security framework is becoming necessary for organizations for several different reasons over the past couple of years. As the pandemic forced workers away from offices and into their homes, perimeter-based approaches to security were challenged by much wider network footprints and the need to identify users external to the firewall. Supply-chain security became more of a concern with notable attacks affecting many thousands of firms, some with severe consequences. Finally, the regulatory pressure to implement zero trust is rising following President Joe Biden's 2021 Executive Order on Improving the Nation's Cybersecurity. It directs federal agencies to implement zero trust. That will impact any company doing business with the federal government, and it's likely that zero trust will propagate through other government agencies in the years ahead. Zero-trust architecture can also help maintain compliance around privacy-focused regulations concerned about personal data (CSO Online, 2022).

    IT professionals are modestly confident that they can meet new government legislation regarding cybersecurity requirements. When asked to rank their confidence on a scale of one to five, the most common answer was 3 out of 5 (38.5%). The next most common answer was 4 out of 5 (33.3%).

    Zero-trust barriers:
    Talent shortage and lack of leadership involvement

    Out of a list of challenges, IT professionals are most concerned with talent shortages leading to capacity constraints in cybersecurity. Fifty-four per cent say they are concerned or very concerned with this issue. Implementing a new zero-trust framework for security will be difficult if capacity only allows for security teams to respond to incidents.

    The next most pressing concern is that cyber risks are not on the radar of executive leaders or the board of directors, with 46% of IT pros saying they are concerned or very concerned. Since zero-trust requires that organizations take an enterprise risk management approach to cybersecurity and involve top decision makers, this reveals another area where organizations may fall short of achieving a zero-trust environment.

    How confident are you that your organization is prepared to meet current and future government legislation regarding cybersecurity requirements? A circle graph is shown with 68.6% colored dark green, and the words: AVG 3.43 written inside the graph.
    a bar graph showing the confidence % for numbers 1-5
    54%

    of IT professionals are concerned with talent shortages leading to capacity constraints in cybersecurity.

    46%

    of IT professionals are concerned that cyber risks are not on the radar of executive leaders or the board of directors.

    Zero trust mitigates risk while removing friction

    A zero-trust approach to security requires organizations to view cybersecurity risk as part of its overall risk framework. Both CIOs and their supervisors agree that IT-related risks are a pain point. When asked to rate the severity of pain points, 58% of CIOs rated IT-related business risk incidents as a minor pain or major pain. Their supervisors were more concerned, with 61% rating it similarly. Enterprises can mitigate this pain point by involving top levels of leadership in cybersecurity planning.

    Organizations can be wary about implementing new security measures out of concern it will put barriers between employees and what they need to work. Through a zero-trust approach that focuses on identity verification, friction can be avoided. Overall, IT organizations did well to provide security without friction for stakeholders over the past 18 months. Results from Info-Tech's CIO Business Vision Diagnostic shows that stakeholders almost all agree friction due to security practices are acceptable. The one area that stands to be improved is remote/mobile device access, where 78.3% of stakeholders view the friction as acceptable.

    A zero-trust approach treats user identity the same regardless of device and whether it is inside or outside of the corporate network. This can remove friction when workers are looking to connect remotely from a mobile device.

    IT-related business risk incidents viewed as a pain point

    CXO 61%
    CIO 58%

    Business stakeholders rate security friction levels as acceptable

    A bar graph is depicted with the following dataset: Regulatory Compliance: 93.80%; Office/Desktop Computing:	86.50%;Data Access/Integrity: 86.10%; Remote/Mobile Device Access:	78.30%;

    CIO Business Vision Diagnostic, N=259

    Opportunities

    Move to identity-driven access control

    Today's approach to access control on the network is to allow every device to exchange data with every other device. User endpoints and servers talk to each other directly without any central governance. In a zero-trust environment, a centralized zero-trust network access broker provides one-to-one connectivity. This allows servers to rest offline until needed by a user with the right access permissions. Users verify their identity more often as they move throughout the network. The user can access the resources and data they need with minimal friction while protecting servers from unauthorized access. Log files are generated for analysis to raise alerts about when an authorized identity has been compromised.

    Protect data with just-in-time authentication

    Many organizations put process in place to make sure data at rest is encrypted, but often when users copy that data to their own devices, it becomes unencrypted, allowing attackers opportunities to exfiltrate sensitive data from user endpoints. Moving to a zero-trust environment where each data access is brokered by a central broker allows for encryption to be preserved. Parties accessing a document must exchange keys to gain access, locking out unauthorized users that don't have both sets of keys to decrypt the data (MIT Lincoln Laboratory, 2022).

    Harness free and open-source tools to deploy zero trust

    IT teams may not be seeing a budget infusion to invest in a new approach to security. By making use of the many free and open-source tools available, they can bootstrap their strategy into reality. Here's a list to get started:

    PingCastle Wrangle your Active Directory and find all the domains that you've long since forgotten about and manage the situation appropriately. Also builds a spoke-and-hub map of your Active Directory.

    OpenZiti Create an overlay network to enable programmable networking that supports zero trust.

    Snyk Developers can automatically find and fix vulnerabilities before they commit their code. This vendor offers a free tier but users that scale up will need to pay.

    sigstore Open-source users and maintainers can use this solution to verify the code they are running is the code the developer intended. Works by stitching together free services to facilitate software signing, verify against a transparent ledger, and provide auditable logs.

    Microsoft's SBOM generation tool A software bill of materials is a requirement in President Biden's Executive Order, intended to provide organizations with more transparency into their software components by providing a comprehensive list. Microsoft's tool will work with Windows, Linux, and Mac and auto-detect a longlist of software components, and it generates a list organized into four sections that will help organizations comprehend their software footprint.

    Risks

    Organizational culture change to accommodate zero trust

    Zero trust requires that top decision makers get involved in cybersecurity by treating it as an equal consideration of overall enterprise risk. Not all boards will have the cybersecurity expertise required, and some executives may not prioritize cybersecurity despite the warnings. Organizations that don't appoint a chief information security officer (CISO) role to drive the cybersecurity agenda from the top will be at risk of cybersecurity remaining an afterthought.

    Talent shortage

    No matter what industry you're in or what type of organization you run, you need cybersecurity. The demand for talent is very high and organizations are finding it difficult to hire in this area. Without the talent needed to mature cybersecurity approaches to a zero-trust model, the focus will remain on foundational principles of patch management to eliminate vulnerabilities and intrusion prevention. Smaller organizations may want to consider a "virtual CISO" that helps shape the organizational strategy on a part-time basis.

    Social engineering

    Many enterprise security postures remain vulnerable to an attack that commandeers an employee's identity to infiltrate the network. Hosted single sign-on models provide low friction and continuity of identity across applications but also offer a single point of failure that hackers can exploit. Phishing scams that are designed to trick an employee into providing their credentials to a fake website or to just click on a link that delivers a malware payload are the most common inroads that criminals take into the corporate network. Being aware of how user behavior influences security is crucial.

    CASE STUDY
    Engage the entire organization with cybersecurity awareness

    Serge Suponitskiy, CIO, Brosnan Risk Consultants

    Brosnan provides private security services to high-profile clients and is staffed by security experts with professional backgrounds in intelligence services and major law enforcement agencies. Safe to say that security is taken seriously in this culture and CIO Serge Suponitskiy makes sure that extends to all back-office staff that support the firm's activities. He's aware that people are often the weakest link in a cybersecurity posture and are prone to being fooled by a phishing email or even a fraudulent phone call. So cybersecurity training is an ongoing activity that takes many forms. He sends out a weekly cybersecurity bulletin that features a threat report and a story about the "scam of the week." He also uses KnowBe4, a tool that simulates phishing attacks and trains employees in security awareness. Suponitskiy advises reaching out to Marketing or HR for help with engaging employees and finding the right learning opportunities.

    "What is financially the best solution to protect yourself? It's to train your employees. … You can buy all of the tools and it's expensive. Some of the prices are going up for no reason. Some by 20%, some by 50%, it's ridiculous. So, the best way is to keep training, to keep educating, and to reimagine the training. It's not just sending this video that no one clicks on or posting a poster no one looks at. … Given the fact we're moving into this recession world, and everyone is questioning why we need to spend more, it's time to reimagine the training approach."

    CASE STUDY
    Focus on micro-segmentation as the foundation of zero trust

    David Senf, National Cybersecurity Strategist, Bell

    As a cybersecurity analyst and advisor that works with Bell's clients, David Senf sees zero-trust security as an opportunity for organizations to put a strong set of mitigating controls in place to defend against the thorny challenge of reducing vulnerabilities in their software supply chain. With major breaches being linked to widely used software in the past couple of years, security teams might find it effective to focus on a different layer of security to prevent certain breaches. With security policy being enforced at a narrow point/perimeter, attacks are in essence blocked from exploiting application vulnerabilities (e.g. you can't exploit what you can see). Organizations must still ensure there is a solid vulnerability management program in place, but surrounding applications with other controls is critical. One aspect of zero trust, micro-segmentation, which is an approach to network management, can limit the damage caused by a breach. The solutions help to map out and protect the different connections between applications that could otherwise be abused for discovery or lateral movement. Senf advises that knowing your inventory of software and the interdependencies between applications is the first step on a zero-trust journey, before putting protection and detection in place.

    "Next year will be a year of a lot more ZTNA, zero-trust network access, being deployed. So, I think that will give organizations more of an understanding of what zero trust is as well, from a really basic perspective. If I can just limit what applications you can see and no one can even see that application, it's undiscoverable because I've got that ZTNA solution in place. … I would see that as a leading area of deployment and coming to understand what zero trust is in 2023."

    From priorities to action

    Go deeper on pursuing your priorities by improving the associated capabilities.

    Improve Asset Management

    Enable reduced friction in the remote user experience by underpinning it with a hardware asset management program. Creating an inventory of devices and effectively tracking them will aid in maintaining compliance, result in stronger policy enforcement, and reduce the harm of a lost or stolen device.

    Implement Hardware Asset Management

    Improve Stakeholder Relations

    Communicate the transition from a perimeter-based security approach to an "Always Verify" approach with a clear roadmap toward implementation. Map key protect surfaces to business goals to demonstrate the importance of zero-trust security in helping the organization succeed. Help the organization's top leadership build awareness of cybersecurity risk.

    Build a Zero Trust Roadmap

    Improve External Compliance

    Manage the challenge of meeting new government requirements to implement zero-trust security and other data protection and cybersecurity regulations with a compliance program. Create a control environment that aligns multiple compliance regimes, and be prepared for IT audits.

    Build a Security Compliance Program

    Engage employees in the digital age

    Priority 04

    • ITRG02 LEADERSHIP, CULTURE, AND VALUES
    • BAI05 ORGANIZATIONAL CHANGE MANAGEMENT
    • APO03 ENTERPRISE ARCHITECTURE

    Lead a strong culture through digital means to succeed in engaging the hybrid workforce.

    The new deal for employers in a hybrid work world

    Necessity is the mother of innovation.

    The pandemic's disruption for non-essential workers looks to have a long-lasting, if not permanent, effect on the relationship between employer and employee. The new bargain for almost all organizations is a hybrid work reality, with employees splitting time between the office and working remotely, if not working remotely full-time. IT is in a unique position in the organization as it must not only contend with the shift to this new deal with its own employees but facilitate it for the entire organization.

    With 90% of organizations embracing some form of hybrid work, IT leaders have an opportunity to shift from coping with the new work reality to finding opportunities to improve productivity. Organizations that embrace a hybrid model for their IT departments see a more effective IT department. Organizations that offered no remote work for IT rated their IT effectiveness on average 6.2 out of 10, while organizations with at least 10% of IT roles in a hybrid model saw significantly higher effectiveness. At minimum, organizations with between 50%-70% of IT roles in a hybrid model rated their effectiveness at 6.9 out of 10.

    IT achieved this increase in effectiveness during a disruptive time that often saw IT take on a heavier burden. Remote work required IT to support more users and be involved in facilitating more work processes. Thriving through this challenging time is a win that's worth sharing with the rest of the organization.

    90% of organizations are embracing some form of hybrid work.

    IT's effectiveness compared to % working hybrid or remotely

    A bar graph is shown which compares the effectiveness of IT work with hybrid and full remote work, compared to No Remote Work for IT.

    High effectiveness doesn't mean high engagement

    Despite IT's success with hybrid work, CIOs are more concerned about their staff sufficiency, skill, and engagement than their supervisors. Among clients using our CEO-CIO Alignment Diagnostic, 49% of CIOs considered this issue a major pain point compared to only 32% of CXOs. While IT staff are more effective than ever, even while carrying more of a burden in the digital age, CIOs are still looking to improve staff engagement.

    Info-Tech's State of Hybrid Work Survey illuminates further details about where IT leaders are concerned for their employee engagement. About four in ten IT leaders say they are concerned for employee wellbeing, and almost the same amount say they are concerned they are not able to see signs that employees are demotivated (N=518).

    Boosting IT employees' engagement levels to match their effectiveness will require IT leaders to harness all the tools at their disposal. Communicating culture and effectively managing organizational change in the digital age is a real test of leadership.

    Staff sufficiency, skill, and engagement issues as a major pain point

    CXO 32%
    CIO 49%

    CEO-CIO Alignment Diagnostic

    Opportunities

    Drive effectiveness with a hybrid environment

    IT leaders concerned about the erosion of culture and connectedness due to hybrid work can mitigate those effects with increased and improved communication. Among highly effective IT departments, 55% of IT leaders made themselves highly available through instant messaging chat. Another 54% of highly effective leaders increased team meetings (State of Hybrid Work Survey, n=213). The ability to adapt to the team's needs and use a number of tactics to respond is the most important factor. The greater the number of tactics used to overcome communication barriers, the more effective the IT department (State of Hybrid Work Survey, N=518).

    Modernize the office conference room

    A hybrid work approach emphasizes the importance of not only the technology in the office conference room but the process around how meetings are conducted. Creating an equal footing for all participants regardless of how they join is the goal. In pursuit of that, 63% of organizations say they have made changes or upgrades to their conference room technology (n=496). The conferencing experience can influence employee engagement and work culture and enhance collaboration. IT should determine if the business case exists for upgrades and work to decrease the pain of using legacy solutions where possible (State of Hybrid Work in IT: A Trend Report).

    Understand the organizational value chain

    Map out the value chain from the customer perspective and then determine the organizational capabilities involved in delivering on that experience. It is a useful tool for helping IT staff understand how they're connected to the customer experience and organizational mission. It's crucial to identify opportunities to resolve pain points and create more efficiency throughout the organization.

    Risks

    Talent rejects the working model

    Many employees that experienced hybrid work over the past couple of years are finding it's a positive development for work/life balance and aren't interested in a full-time return to the office. Organizations that insist on returning all employees to the office all the time may find that employees choose to leave the organization. Similarly, it could be hard to hire IT talent in a competitive market if the position is required to be onsite every day. Most organizations are providing flexible options to employees and finding ways to manage work in the new digital age.

    Wasted expense on facilities

    Organizations may choose to keep their physical office only to later realize that no one is going to work there. While providing an office space can help foster positive culture through valuable face time, it has to be used intentionally. Managers should plan for specific days that their teams will meet in the office and make sure that work activities take advantage of everyone being in the same place at the same time. Asking everyone to come in so that they can be on a videoconference meeting in their cubicle isn't the point.

    Isolated employees and teams

    Studies on a remote work environment show it has an impact on how many connections each employee maintains within the company. Employees still interact well within their own teams but have fewer interactions across departments. Overall, workers are likely to collaborate just as often as they did when working in the office but with fewer other individuals at the company. Keep the isolating effect of remote work in mind and foster collaboration and networking opportunities across different departments (BBC News, 2022).

    CASE STUDY
    Equal support of in-office and remote work

    Roberto Eberhardt, CIO, Ontario Legislative Assembly

    Working in the legislature of the Ontario provincial government, CIO Roberto Eberhardt's staff went from a fully onsite model to a fully remote model at the outset of the pandemic. Today he's navigating his path to a hybrid model that's somewhere in the middle. His approach is to allow his business colleagues to determine the work model that's needed but to support a technology environment that allows employees to work from home or in the office equally. Every new process that's introduced must meet that paradigm, ensuring it will work in a hybrid environment. For his IT staff, he sees a culture of accountability and commitment to metrics to drive performance measurement as key to the success of this new reality.

    "While it's good in a way, the challenge for us is it became a little more complex because you have to account for all those things in the office environment and in the remote work approach. Everything you do now, you have to say OK well how is this going to work in this world and how will it work in the other world?"

    Creating purpose for IT through strategy

    Mike Russell, Virginia Community College System

    At the Virginia Community College System (VCCS), CIO Mike Russell's IT team supports an organization that governs and delivers services to all community colleges in the state. Russell sees his IT team's purpose as being driven by the organization's mission to ensure success throughout the entire student journey, from enrolment to becoming employed after graduation. That customer-focused mindset starts from the top-level leadership, the chancellor, and the state governor. The VCCS maintains a six-year business plan that informs IT's strategic plan and aligns IT with the mission, and both plans are living documents that get refreshed every two years. Updating the plans provides opportunities for the chancellor to engage the organization and remind everyone of the purpose of their work.

    "The outcome isn't the degree. The outcome we're trying to measure is the job. Did you get the job that you wanted? Whether it's being re-employed or first-time employment, did you get what you were after?"

    From priorities to action

    Go deeper on pursuing your priorities by improving the associated capabilities.

    Improve Leadership, Culture, and Values

    Help leaders manage their teams effectively in a hybrid environment by providing them with the right tools and tactics to manage the challenges of hybrid work. Focus on promoting teamwork and fostering connection.

    Prepare People Leaders for the Hybrid Work Environment

    Improve Organizational Change Management

    Assign accountability for managing the changes that the organization is experiencing in the digital age. Make a people-centric approach that takes human behavior into account and plans to address different needs in different ways. Be proactive about change.

    Master Organizational Change Management Practices

    Improve Enterprise Architecture

    Develop a foundation for aligning IT's activities with business value by creating a right-sized enterprise architecture approach that isn't heavy on bureaucracy. Drive IT's purpose by illustrating how their work contributes to the overall mission and the customer experience.

    Create a Right-Sized Enterprise Architecture Governance Framework

    Shape the IT organization to improve customer experience

    PRIORITY 05

    • BAI03 ENTERPRISE APPLICATION SELECTION & IMPLEMENTATION
    • MEA01 PERFORMANCE MEASUREMENT
    • ITRG01 IT ORGANIZATIONAL DESIGN

    Tightly align the IT organization with the organization's value chain from a customer perspective.

    IT's value is defined by faster, better, bigger

    The pandemic motivated organizations to accelerate their digital transformation efforts, digitalizing more of their tasks and organizing the company's value chain around satisfying the customer experience. Now we see organizations taking their foot off the gas pedal of digitalization and shifting their focus to extracting the value from their investments. They want to execute on the digital transformation in their operations and realize the vision they set out to achieve.

    In our Trends Report we compared the emphasis organizations are putting on digitalization to last year. Overall, we see that most organizations shifted fewer of their processes to digital in the past year.

    We also asked organizations what motivated their push toward automation. The most common drivers are to improve efficiency, with almost seven out of ten organizations looking to increase staff on high-level tasks by automating repetitive tasks, 67% also wanting to increase productivity without increasing headcount, and 59% wanting to reduce errors being made by people. In addition, more than half of organizations pursued automation to improve customer satisfaction.

    What best describes your main motivation to pursue automation, above other considerations?

    A bar graph is depicted showing the following dataset: Increase staff focus on high-level tasks by automating repetitive tasks:	69%; Increase productivity of existing staff to avoid increasing headcount:	67%; Reduce errors made by people:	59%; Improve customer satisfaction:	52%; Achieve cost savings through reduction in headcount:	35%; Increase revenue by enabling higher volume of work:	30%

    Tech Trends 2023 Survey

    To what extent did your organization shift its processes from being manually completed to digitally completed during past year?

    A bar graph is depicted showing the extent to which organizations shifted processes from manual to digital during the past year for 2022 and 2023, from Tech Trends 2023 Survey

    With the shift in focus from implementing new applications to support digital transformation to operating in the new environment, IT must shift its own focus to help realize the value from these systems. At the same time, IT must reorganize itself around the new value chain that's defined by a customer perspective.

    IT struggles to deliver business value or support innovation

    Many current IT departments are structured around legacy processes that hinder their ability to deliver business value. CIOs are trying to grapple with the misalignment between the modern business structure and keep up with the demands for innovation and agility.

    Almost nine in ten CIOs say that business frustration with IT's failure to deliver value is a pain point. Their supervisors have a slightly more favorable opinion, with 76% agreeing that it is a pain point.

    Similarly, nine in ten CIOs say that IT limits affecting business innovation and agility is a pain point, while 81% of their supervisors say the same.

    Supervisors say that IT should "ensure benefits delivery" as the most important process (CEO-CIO Alignment Program). This underlines the need to achieve alignment, optimize service delivery, and facilitate innovation. The pain points identified here will need to be resolved to make this possible.

    IT departments will need to contend with a tight labor market and economic volatility in the year ahead. If this drives down resource capacity, it will be even more critical to tightly align with the organization.

    Views business frustration with IT failure to deliver value as a pain point

    CXO 76%
    CIO 88%

    Views IT limits affecting business innovation and agility as a pain point

    CXO 81%
    CIO

    90%

    CEO-CIO Alignment Program

    Opportunities

    Define IT's value by its contributions to enterprise value

    Communicate the performance of IT to stakeholders by attributing positive changes in enterprise value to IT initiatives. For example, if a digital channel helped increase sales in one area, then IT can claim some portion of that revenue. If optimization of another process resulted in cost savings, then IT can claim that as a contribution toward the bottom line. CIOs should develop their handle on how KPIs influence revenues and costs. Keeping tabs on normalized year-over-year revenue comparisons can help demonstrate that IT contributions are making an impact on driving profitability.

    Go with buy versus build if it's a commodity service

    Most back-office functions common to operating a company can be provided by cloud-based applications accessed through a web browser. There's no value in having IT spend time maintaining on-premises applications that require hosting and ongoing maintenance. Organizations that are still accruing technical debt and are unable to modernize will increasingly find it is negatively impacting employee experience, as users expect their working experience to be similar to their experience with consumer applications. In addition, IT will continue to have capacity challenges as resources will be consumed by maintenance. As they seek to outsource some applications, IT will need to consider the geopolitical risk of certain jurisdictions in selecting a provider.

    Redefine how employee performance is tracked

    The concept of "clocking in" for a shift and spending eight hours a day on the job doesn't help guide IT toward its objectives or create any higher sense of purpose. Leaders must work to create a true sense of accountability by reaching consensus on what key performance indicators are important and tasking staff to improve them. Metrics should clearly link back to business outcomes and IT should understand the role they play in delivering a good customer experience.

    Risks

    Lack of talent available to drive transformation

    CIOs are finding it difficult to hire the talent needed to create the capacity they need as digital demands of their organizations increase. This could slow the pace of change as new positions created in IT go unfilled. CIOs may need to consider reskilling and rebalancing workloads of existing staff in the short term and tap outsourcing providers to help make up shortfalls.

    Resistance to change

    New processes may have been given the official rubber stamp, but that doesn't mean staff are adhering to them. Organizations that reorganize themselves must take steps to audit their processes to ensure they're executed the way they intend. Some employees may feel they are being made obsolete or pushed out of their jobs and become disengaged.

    Short-term increased costs

    Restructuring the organization can come with the need for new tools and more training. It may be necessary to operate with redundant staff for the transitional period. Some additional expenses might be incurred for a brief period as the new structure is being put in place.

    Emphasize the value of IT in driving revenue

    Salman Ali, CIO, McDonald's Germany

    As the new CIO to McDonald's Germany, Salman Ali came on board with an early mandate to reorganize the IT department. The challenge is to merge two organizations together: one that delivers core technology services of infrastructure, security, service desk, and compliance and one that delivers customer-facing technology such as in-store touchscreen kiosks and the mobile app for food delivery. He is looking to organize this new-look department around the technology in the hands of both McDonald's staff and its customers. In conversations with his stakeholders, Ali emphasizes the value that IT is driving rather than discussing the costs that go into it. For example, there was a huge cost in integrating third-party meal delivery apps into the point-of-sales system, but the seamless experience it delivers to customers looking to place an order helps to drive a large volume of sales. He plans to reorganize his department around this value-driven approach. The organization model will be executed with clear accountability in place and key performance indicators to measure success.

    "Technology is no longer just an enabler. It's now a strategic business function. When they talk about digital, they are really talking about what's in the customers' hands and what do they use to interact with the business directly? Digital transformation has given technology a new front seat that's really driving the business."

    CASE STUDY
    Overhauling the "heartbeat" of the organization

    Ernest Solomon, Former CIO, LAWPRO

    LAWPRO is a provider of professional liability insurance and title insurance in Canada. The firm is moving its back-office applications from a build approach to a buy approach and focusing its build efforts on customer-facing systems tied to revenue generation. CIO Ernest Solomon says his team has been developing on a legacy platform for two decades, but it's time to modernize. The firm is replacing its legacy platform and moving to a cloud-based system to address technical debt and improve the experience for staff and customers. The claims and policy management platform, the "heartbeat" of the organization, is moving to a software-as-a-service model. At the same time, the firm's customer-facing Title Plus application is being moved to a cloud-native, serverless architecture. Solomon doesn't see the need for IT to spend time building services for the back office, as that doesn't align with the mission of the organization. Instead, he focuses his build efforts on creating a competitive advantage.

    "We're redefining the customer experience, which is how do we move the needle in a positive direction for all the lawyers that interact with us? How do we generate that value-based proposition and improve their interactions with our organization?"

    From priorities to action

    Go deeper on pursuing your priorities by improving the associated capabilities.

    Improve Enterprise Application Selection & Implementation

    Help leaders manage their teams effectively in a hybrid environment by providing them with the right tools and tactics to manage the challenges of hybrid work. Focus on promoting teamwork and fostering connection.

    Embrace Business-Managed Applications

    Improve Performance Measurement

    Drive the most important IT process in the eyes of supervisors by defining business value and linking IT spend to it. Make benefits realization part of your IT governance.

    Maximize Business Value From IT Through Benefits Realization

    Improve IT Organizational Design

    Showcase IT's value to the business by aligning IT spending and staffing to business functions. Provide transparency into business consumption of IT and compare your spending to your peers'.

    IT Spend & Staffing Benchmarking

    The Five Priorities

    Engage cross-functional leadership to seize opportunity while protecting the organization from volatility.

    1. Adjust IT operations to manage for inflation
    2. Prepare your data pipeline to train AI
    3. Go all in on zero-trust security
    4. Engage employees in the digital age
    5. Shape the IT organization to improve customer experience

    Expert Contributors

    In order of appearance

    Denise Cornish, Associate VP of IT and Deputy COO, Western University of Health Sciences

    Jim Love, CIO, IT World Canada

    Christian Magsisi, Vice President of Venue and Digital Technology, MLSE

    Humza Teherany, Chief Technology Officer, MLSE

    Serge Suponitskiy, CIO, Brosnan Risk Consultants

    David Senf, National Cybersecurity Strategist, Bell

    Roberto Eberhardt, CIO, Ontario Legislative Assembly

    Mike Russell, Virginia Community College System

    Salman Ali, CIO, McDonald's Germany

    Ernest Solomon, Former CIO, LAWPRO

    Bibliography

    Anderson, Brad, and Seth Patton. "In a Hybrid World, Your Tech Defines Employee Experience." Harvard Business Review, 18 Feb. 2022. Accessed 12 Dec. 2022.
    "Artificial Intelligence Is Permeating Business at Last." The Economist, 6 Dec. 2022. Accessed 12 Dec. 2022.
    Badlani, Danesh Kumar, and Adrian Diglio. "Microsoft Open Sources Its Software Bill
    of Materials (SBOM) Generation Tool." Engineering@Microsoft, 12 July 2022. Accessed
    12 Dec. 2022.
    Birch, Martin. "Council Post: Equipping Employees To Succeed In Digital Transformation." Forbes, 9 Aug. 2022. Accessed 7 Dec. 2022.
    Bishop, Katie. "Is Remote Work Worse for Wellbeing than People Think?" BBC News,
    17 June 2022. Accessed 7 Dec. 2022.
    Carlson, Brian. "Top 5 Priorities, Challenges For CIOs To Recession-Proof Their Business." The Customer Data Platform Resource, 19 July 2022. Accessed 7 Dec. 2022.
    "CIO Priorities: 2020 vs 2023." IT PRO, 23 Sept. 2022. Accessed 2 Nov. 2022.
    cyberinsiders. "Frictionless Zero Trust Security - How Minimizing Friction Can Lower Risks and Boost ROI." Cybersecurity Insiders, 9 Sept. 2021. Accessed 7 Dec. 2022.
    Garg, Sampak P. "Top 5 Regulatory Reasons for Implementing Zero Trust."
    CSO Online, 27 Oct. 2022. Accessed 7 Dec. 2022.
    Heikkilä, Melissa. "The Viral AI Avatar App Lensa Undressed Me—without My Consent." MIT Technology Review, 12 Dec. 2022. Accessed 12 Dec. 2022.
    Jackson, Brian. "How the Toronto Raptors Operate as the NBA's Most Data-Driven Team." Spiceworks, 1 Dec. 2022. Accessed 12 Dec. 2022.
    Kiss, Michelle. "How the Digital Age Has Transformed Employee Engagement." Spiceworks,16 Dec. 2021. Accessed 7 Dec. 2022.
    Matthews, David. "EU Hopes to Build Aligned Guidelines on Artificial Intelligence with US." Science|Business, 22 Nov. 2022. Accessed 12 Dec. 2022.
    Maxim, Merritt. "New Security & Risk Planning Guide Helps CISOs Set 2023 Priorities." Forrester, 23 Aug. 2022. Accessed 7 Dec. 2022.
    Miller, Michael J. "Gartner Surveys Show Changing CEO and Board Concerns Are Driving a Different CIO Agenda for 2023." PCMag, 20 Oct. 2022. Accessed 2 Nov. 2022.
    MIT Lincoln Laboratory. "Overview of Zero Trust Architectures." YouTube,
    2 March 2022. Accessed 7 Dec. 2022.
    MIT Technology Review Insights. "CIO Vision 2025: Bridging the Gap between BI and AI." MIT Technology Review, 20 Sept. 2022. Accessed 1 Nov. 2022.
    Paramita, Ghosh. "Data Architecture Trends in 2022." DATAVERSITY, 22 Feb. 2022. Accessed 7 Dec. 2022.
    Rosenbush, Steven. "Cybersecurity Tops the CIO Agenda as Threats Continue to Escalate - WSJ." The Wall Street Journal, 17 Oct. 2022. Accessed 2 Nov. 2022.
    Sacolick, Isaac. "What's in the Budget? 7 Investments for CIOs to Prioritize." StarCIO,
    22 Aug. 2022. Accessed 2 Nov. 2022.
    Singh, Yuvika. "Digital Culture-A Hurdle or A Catalyst in Employee Engagement." International Journal of Management Studies, vol. 6, Jan. 2019, pp. 54–60. ResearchGate, https://doi.org/10.18843/ijms/v6i1(8)/08.
    "Talent War Set to Become Top Priority for CIOs in 2023, Study Reveals." CEO.digital,
    8 Sept. 2022. Accessed 7 Dec. 2022.
    Tanaka, Rodney. "WesternU COMP and COMP-Northwest Named Apple Distinguished School." WesternU News. 10 Feb. 2022. Accessed 12 Dec. 2022.
    Wadhwani, Sumeet. "Meta's New Large Language Model Galactica Pulled Down Three Days After Launch." Spiceworks, 22 Nov. 2022. Accessed 12 Dec. 2022.
    "World Economic Outlook." International Monetary Fund (IMF), 11 Oct. 2022. Accessed
    14 Dec. 2022.

    Secrets of SAP S-4HANA Licensing

    • Buy Link or Shortcode: {j2store}231|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $25,000 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • With the relatively slow uptake of the S/4HANA platform, the pressure is immense for SAP to maintain revenue growth.
    • SAP’s definitions and licensing rules are complex and vague, making it extremely difficult to purchase with confidence while remaining compliant.
    • Aggressive audit tactics may be used to speed up the move to HANA.

    Our Advice

    Critical Insight

    • Mapping SAP products to HANA can be highly complex, leading to overspending and an inability to reduce future spend.
    • The deployment model chosen will directly impact commercial pathways forward.
    • Beware of digital (indirect) access licensing and compliance concerns.
    • Without having a holistic negotiation strategy, it is easy to hit a common obstacle and land into SAP’s playbook, requiring further spend.

    Impact and Result

    • Build a business case to evaluate S/4HANA.
    • Understand the S/4HANA roadmap and map current functionality to ensure compatibility.
    • Understand negotiating pricing and commercial terms.
    • Learn the “SAP way” of conducting business, which includes a best-in-class sales structure, unique contracts, and license use policies combined with a hyper-aggressive compliance function.

    Secrets of SAP S/4HANA Licensing Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should explore the secrets of SAP S/4HANA licensing, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish requirements

    Determining SAP’s fit within your organization is critical. Start off by building a business case to assess overarching drivers and justification for change, any net new business benefits and long-term sustainability. Oftentimes the ROI is negative, but the investment sets the stage for long-term growth.

    2. Evaluate licensing options

    Your deployment model is more important than you think. Selecting a deployment model will dictate your licensing options followed by your contractual pathways forward.

    • SAP License Summary and Analysis Tool
    • SAP Digital Access Licensing Pricing Tool

    3. Negotiation and license management

    Know what’s in the contract. Each customer agreement is different and there may be existing terms that are beneficial. Depending on how much is spent, anything can be up for negation.

    • SAP S/4HANA Terms and Conditions Evaluator
    [infographic]

    Get the Best Discount Possible With a Data-Driven Negotiation Approach

    • Buy Link or Shortcode: {j2store}610|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Selection & Implementation
    • Parent Category Link: /selection-and-implementation
    • Vendors have well-honed negotiation strategies that don’t prioritize the customer’s best interest, and they will take advantage of your weaknesses to extract as much money as they can from the deal.
    • IT teams are often working with time pressure and limited resources or experience in negotiation. Even those with an experienced procurement team aren’t evenly matched with the vendor when it comes to the ins and outs of the product.
    • As a result, many have a poor negotiation experience and fail to get the discount they wanted, ultimately leading to dissatisfaction with the vendor.

    Our Advice

    Critical Insight

    • Requirements should always come first, but IT leaders are under pressure to get discounts and cost ends up playing a big role in decision making.
    • Cost is one of the top factors influencing satisfaction with software and the decision to leave a vendor.
    • The majority of software customers are receiving a discount. If you’re in the minority who are not, there are strategies you can and should be using to improve your negotiating skills. Discounts of up to 40% off list price are available to those who enter negotiations prepared.

    Impact and Result

    • SoftwareReviews data shows that there are multiple benefits to taking a concerted approach to negotiating a discount on your software.
    • The most common ways of getting a discount (e.g. volume purchasing) aren’t necessarily the best methods. Choose a strategy that is appropriate for your organization and vendor relationship and that focuses on maximizing the value of your investment for the long term. Optimizing usage or licenses as a discount strategy leads to the highest software satisfaction.
    • Using a vendor negotiation service or advisory group was one of the most successful strategies for receiving a discount. If your team doesn’t have the right negotiation expertise, Info-Tech can help.

    Get the Best Discount Possible With a Data-Driven Negotiation Approach Research & Tools

    Prepare to negotiate

    Leverage insights from SoftwareReviews data to best position yourself to receive a discount through your software negotiations.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Get the Best Discount Possible with a Data-Driven Negotiation Approach Storyboard
    [infographic]

    Evolve Your Business Through Innovation

    • Buy Link or Shortcode: {j2store}330|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • Innovation teams are tasked with the responsibility of ensuring that their organizations are in the best position to succeed while the world is in a period of turmoil, chaos, and uncertainty.
    • CIOs have been expected to help the organization transition to remote work and collaboration instantaneously.
    • CEOs are under pressure to redesign, and in some cases reinvent, their business model to cope with and compete in a new normal.

    Our Advice

    Critical Insight

    It is easy to get swept up during a crisis and cling to past notions of normal. Unfortunately, there is no controlling the fact that things have changed fundamentally, and it is now incumbent upon you to help your organization adapt and evolve. Treat this as an opportunity because that is precisely what this is.

    Impact and Result

    There are some lessons we can learn from innovators who have succeeded through past crises and from those who are succeeding now.

    There are a number of tactics an innovation team can employ to help their business evolve during this time:

    1. Double down on digital transformation (DX)
    2. Establish a foresight capability
    3. Become a platform for good

    Evolve Your Business Through Innovation Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Evolve your business through innovation

    Download our guide to learn what you can do to evolve your business and innovate your way through uncertainty.

    • Evolve Your Business Through Innovation Storyboard
    [infographic]

    Adapt Your Customer Experience Strategy to Successfully Weather COVID-19

    • Buy Link or Shortcode: {j2store}536|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Customer Relationship Management
    • Parent Category Link: /customer-relationship-management
    • COVID-19 is an unprecedented global pandemic. It’s creating significant challenges across every sector.
    • Collapse of financial markets and a steep decline in consumer confidence has most firms nervous about revenue shortfalls and cash burn rates.
    • The economic impact of COVID-19 is freezing IT budgets and sharply changing IT priorities.
    • The human impact of COVID-19 is likely to lead to staffing shortfalls and knowledge gaps.
    • COVID-19 may be in play for up to two years.

    Our Advice

    Critical Insight

    The challenges posed by the virus are compounded by the fact that consumer expectations for strong service delivery remain high:

    • Customers still expect timely, on-demand service from the businesses they engage with.
    • There is uncertainty about how to maintain strong, revenue-driving experiences when faced with the operational challenges posed by the virus.
    • COVID-19 is changing how organizations prioritize spending priorities within their CXM strategies.

    Impact and Result

    • Info-Tech recommends rapidly updating your strategy for customer experience management to ensure it can rise to the occasion.
    • Start by assessing the risk COVID-19 poses to your CXM approach and how it’ll impact marketing, sales, and customer service functions.
    • Implement actionable measures to blunt the threat of COVID-19 while protecting revenue, maintaining consistent product and service delivery, and improving the integrity of your brand. We’ll dive into five proven techniques in this brief!

    Adapt Your Customer Experience Strategy to Successfully Weather COVID-19 Research & Tools

    Start here

    Read our concise Executive Brief to find out why you should examine the impact of COVID-19 on customer experience strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Adapt Your Customer Experience Strategy to Successfully Weather COVID-19 Storyboard

    1. Assess the impact of COVID-19 on your CXM strategy

    Create a consolidated, updated view of your current customer experience management strategy and identify which elements can be capitalized on to dampen the impact of COVID-19 and which elements are vulnerabilities that the pandemic may threaten to exacerbate.

    2. Blunt the damage of COVID-19 with new CXM tactics

    Create a roadmap of business and technology initiatives through the lens of customer experience management that can be used to help your organization protect its revenue, maintain customer engagement, and enhance its brand integrity.

    [infographic]

    Define a Release Management Process to Deliver Lasting Value

    • Buy Link or Shortcode: {j2store}158|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $12,999 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Your software platforms are a key enabler of your brand. When there are issues releasing, this brand suffers. Client confidence and satisfaction erode.
    • Your organization has invested significant capital in creating a culture product ownership, Agile, and DevOps. Yet the benefits from these investments are not yet fully realized.
    • Customers have more choices than ever when it comes to products and services. They require features and capabilities delivered quickly, consistently, and of sufficient quality otherwise they will look elsewhere.

    Our Advice

    Critical Insight

    • Eliminate the need for dedicating time for off-hour or weekend release activities. Use a release management framework for optimizing release-related tasks, making them predictable and of high quality.

    Impact and Result

    • Develop a release management framework that efficiently and effectively orchestrates the different functions supporting a software’s release.
    • Use the release management framework and turn release-related activities into non-events.
    • Use principles of continuous delivery for converting your release processes from an overarching concern to a feature of a high-performing software practice.

    Define a Release Management Process to Deliver Lasting Value Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define a Release Management Process to Deliver Lasting Value Deck – A step-by-step document that walks you through how to develop and implement a release management framework that takes advantage of continuous delivery.

    This presentation documents the Info-Tech approach to defining your application release management framework.

    • Define a Release Management Process to Deliver Lasting Value – Phases 1-4

    2. Define a Release Management Process to Deliver Lasting Value Template – Use this template to help you define, detail, and make a reality your strategy in support of your application release management framework.

    The template gives the user a guide to the development of their application release management framework.

    • Define a Release Management Process to Deliver Lasting Value Template

    3. Define a Release Management Process to Deliver Lasting Value Workbook – This workbook documents the results of the exercises contained in the blueprint and offers the user a guide to development of their release management framework.

    This workbook is designed to capture the results of your exercises from the Define a Release Management Process to Deliver Lasting Value blueprint.

    • Define a Release Management Process to Deliver Lasting Value Workbook
    [infographic]

    Workshop: Define a Release Management Process to Deliver Lasting Value

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define the Current Situation

    The Purpose

    Document the existing release management process and current pain points and use this to define the future-state framework.

    Key Benefits Achieved

    Gain an understanding of the current process to confirm potential areas of opportunity.

    Understand current pain points so that we can build resolution into the new process.

    Activities

    1.1 Identify current pain points with your release management process. If appropriate, rank them in order of most to least disruptive.

    1.2 Use the statement of quality and current pain points (in addition to other considerations) and outline the guiding principles for your application release management framework.

    1.3 Brainstorm a set of metrics that will be used to assess the success of your aspired-to application release management framework.

    Outputs

    Understanding of pain points, their root causes, and ranking.

    Built guiding principles for application release management framework.

    Created set of metrics to measure the effectiveness of the application release management framework.

    2 Define Standard Release Criteria

    The Purpose

    Build sample release criteria, release contents, and standards for how it will be integrated in production.

    Key Benefits Achieved

    Define a map to what success will look like once a new process is defined.

    Develop standards that the new process must meet to ensure benefits are realized.

    Activities

    2.1 Using an example of a product known to the team, list its criteria for release.

    2.2 Using an example of a product known to the team, develop a list of features and tasks that are directly and indirectly important for either a real or hypothetical upcoming release.

    2.3 Using an example of product known to the team, map out the process for its integration into the release-approved code in production. For each step in the process, think about how it satisfies guiding principles, releasability and principles of continuous anything.

    Outputs

    Completed Workbook example highlighting releasability.

    Completed Workbook example defining and detailing feature and task selection.

    Completed Workbook example defining and detailing the integration step.

    3 Define Acceptance and Deployment Standards

    The Purpose

    Define criteria for the critical acceptance and deployment phases of the release.

    Key Benefits Achieved

    Ensure that releases will meet or exceed expectations and meet user quality standards.

    Ensure release standards for no / low risk deployments are recognized and implemented.

    Activities

    3.1 Using an example of product known to the team, map out the process for its acceptance. For each step in the process, think about how it satisfies guiding principles, releasability and principles of continuous anything.

    3.2 Using an example of product known to the team, map out the process for its deployment. For each step in the process, think about how it satisfies guiding principles, releasability and principles of continuous anything.

    Outputs

    Completed Workbook example defining and detailing the acceptance step.

    Completed Workbook example defining and detailing the deployment step.

    4 Implement the Strategy

    The Purpose

    Define your future application release management process and the plan to make the required changes to implement.

    Key Benefits Achieved

    Build a repeatable process that meets the standards defined in phases 2 and 3.

    Ensure the pain points defined in Phase 1 are resolved.

    Show how the new process will be implemented.

    Activities

    4.1 Develop a plan and roadmap to enhance the integration, acceptance, and deployment processes.

    Outputs

    List of initiatives to reach the target state

    Application release management implementation roadmap

    Further reading

    Define a Release Management Process for Your Applications to Deliver Lasting Value

    Use your releases to drive business value and enhance the benefits delivered by your move to Agile.

    Analyst Perspective

    Improving your release management strategy and practices is a key step to fully unlock the value of your portfolio.

    As firms invest in modern delivery practices based around product ownership, Agile, and DevOps, organizations assume that’s all that is necessary to consistently deliver value. As organizations continue to release, they continue to see challenges delivering applications of sufficient and consistent quality.

    Delivering value doesn’t only require good vision, requirements, and technology. It requires a consistent and reliable approach to releasing and delivering products and services to your customer. Reaching this goal requires the definition of standards and criteria to govern release readiness, testing, and deployment.

    This will ensure that when you deploy a release it meets the high standards expected by your clients and delivers the value you have intended.

    Dr. Suneel Ghei

    Principal Research Director, Application Development

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Your software platforms are a key enabler of your brand. When there are issues releasing, the brand suffers. Client confidence and satisfaction erode.
    • Your organization has invested significant capital in creating a culture of product ownership, Agile, and DevOps. Yet the benefits from these investments are not yet fully realized.
    • Customers have more choices than ever when it comes to products and services. They require features and capabilities delivered quickly, consistently, and of sufficient quality, otherwise they will look elsewhere.

    Common Obstacles

    • Development teams are moving faster but then face delays waiting for testing and deployment due to a lack of defined release cycle and process.
    • Individual stages in your software development life cycle (SDLC), such as code collaboration, testing, and deployment, have become leaner, but the overall complexity has increased since many products and services are composed of many applications, platforms, and processes.
    • The specifics of releasing products is (wrongly) classified as a technical concern and not a business concern, hindering the ability to prioritize improved release practices.

    Info-Tech's Approach

    • Develop a release management framework that efficiently and effectively orchestrates the different functions supporting a software’s release.
    • Use the release management framework and turn release-related activities into non-events.
    • Use principles of continuous delivery for converting your release processes from an overarching concern to a feature of a high-performing software practice.

    Executive Summary

    Info-Tech Insights

    Turn release-related activities into non-events.

    Eliminate the need for dedicating time for off-hour or weekend release activities. Use a release management framework for optimizing release-related tasks, making them predictable and of high quality.

    Release management is NOT a part of the software delivery life cycle.

    The release cycle runs parallel to the software delivery life cycle but is not tightly coupled with it. The act of releasing begins at the point requirements are confirmed and ends when user satisfaction is measurable. In contrast, the software delivery life cycle is focused on activities such as building, architecting, and testing.

    All releases are NOT created equal.

    Barring standard guiding principles, each release may have specific nuances that need to be considered as part of release planning.

    Your release management journey

    1. Optimize Applications Release Management - Set a baseline release management process and organization.
    2. Modernize Your SDLC - Move your organization to Agile and increase throughput to feed releases.
    3. Deliver on Your Digital Product Vision - Understand the practices that go into delivering products, including articulating your release plans.
    4. Automate Testing to Get More Done - Create the ability to do more testing quickly and ensure test coverage.
    5. Implement DevOps Practices That Work - Build in tools and techniques necessary for release deployment automation.
    6. Define a Release Management Process to Deliver Lasting Value (We Are Here)

    Define a Release Management Process for Your Applications to Deliver Lasting Value

    Use your releases to drive business value and enhance the benefits delivered by your move to Agile.

    Executive Brief

    Your software delivery teams are expected to deliver value to stakeholders in a timely manner and with high quality

    Software delivery teams must enable the organization to react to market needs and competitive changes to improve the business’ bottom line. Otherwise, the business will question the team’s competencies.

    The business is constantly looking for innovative ways to do their jobs better and they need support from your technical teams.

    The increased stress from the business is widening the inefficiencies that already exist in application release management, risking poor product quality and delayed releases.

    Being detached from the release process, business stakeholders do not fully understand the complexities and challenges of completing a release, which complicates the team’s communication with them when issues occur.

    IT Stakeholders Are Also Not Satisfied With Their Own Throughput

    • Only 29% of IT employees find application development throughput highly effective.
    • Only 9% of organizations were classified as having highly effective application development throughput.
    • Application development throughput ranked 37th out of 45 core IT processes in terms of effectiveness.

    (Info-Tech’s Management and Governance Diagnostic, N=3,930)

    Your teams, however, struggle with core release issues, resulting in delayed delivery (and disappointed stakeholders)

    Implementing tools on top of an inefficient pipeline can significantly magnify the existing release issues. This can lead to missed deadlines, poor product quality, and business distrust with software delivery teams.

    COMMON RELEASE ISSUES

    1. Local Thinking: Release decisions and changes are made and approved without consideration of the holistic system, process, and organization.
    2. No Release Cadence: Lack of process governance and oversight generates unpredictable bottlenecks and load and ill-prepared downstream teams.
    3. Mismanagement of Releases: Program management does not accommodate the various integrated releases completed by multiple delivery teams.
    4. Poor Scope Management: Teams are struggling to effectively accommodate changes during the project.

    The bottom line: The business’ ability to operate is dictated by the software delivery team’s ability to successfully complete releases. If the team performs poorly, then the business will do poorly as well. Application release management is critical to ensure business expectations are within the team’s constraints.

    As software becomes more embedded in the business, firms are discovering that the velocity of business change is now limited by how quickly they can deploy.” – Five Ways To Streamline Release Management, J.S. Hammond

    Historically, managing releases has been difficult and complicated…

    Typically, application release management has been hard to coordinate because…

    • Software has multiple dependencies and coordinating their inclusion into a deployable whole was not planned.
    • Teams many be spending too much time on features that are not needed any longer.
    • Software development functions (such as application architecture, test-first or test-driven design, source code integration, and functional testing) are not optimized.
    • There are no agreed upon service-level contracts (e.g. expected details in requirements, adequate testing, source control strategy) between development functions.
    • The different development functions are not integrated in a holistic style.
    • The different deployment environments have variability in their configuration, reducing the reliability of testing done in different environments.
    • Minimum thresholds for acceptable quality of development functions are either too low (leading to adverse outcomes down stream) or too high (leading to unnecessary delays).

    …but research shows being effective at application release management increases your throughput

    Research conducted on Info-Tech's members shows overwhelming evidence that application throughput is strongly tied to an effective application release management approach.

    The image shows a scatter plot, with Release Management Effectiveness on the x-axis and Application Development Throughput Effectiveness on the Y-axis. The graph shows a steady increase.

    (Info-Tech Management & Governance Diagnostic, since 2019; N=684 organizations)

    An application release management framework is critical for effective and timely delivery of software

    A well-developed application release management framework is transformative and changes...

    From To
    Short-lived projects Ongoing enhancements supporting a product strategy
    Aiming for mandated targets Flexible roadmaps
    Manual execution of release processes Automating a release pipeline as much as possible and reasonable
    Manual quality assurance Automated assessment of quality
    Centralized decision making Small, independent release teams, orchestrated through an optimized value stream

    Info-Tech Insight: Your application release management framework should turn a system release into a non-event. This is only possible through the development of a holistic, low-risk and standardized approach to releasing software, irrespective of their size or complexity.

    Robust continuous “anything” requires proficiency in five core practices

    A continuous anything evaluation should not be a “one-and-done” event. As part of ongoing improvements, keep evolving it to make it a fundamental component of a strong operational strategy.

    Continuous Anything

    • Automate where appropriate
      • Automation is not a silver bullet. All processes are not created equal; and therefore, some are not worthy of being automated.
    • Control system variables
      • Deploying and testing in environments that are apple to apple in comparison reduces the risk of unintended outcomes from production release.
    • Measure process outcomes
      • A process not open to being measured is a process bound to fail. If it can be measured, it should be, and insights found should be used for improving the system.
    • Select smaller features batches
      • Smaller release packages reduce the chances of cognitive load associated with finding root causes for defects and issues that may result as post-production incidents.
    • Reduction of cycle time
      • Identification of waste in each stage of the continuous anything process helps in lowering cost of operations and results in quicker generation of value for stakeholders.

    Invest time in developing an application release management framework for your development team(s) with a continuous anything mindset

    An application release management framework converts a set of features and make them ready for releasability in a low-risk, standardized, and high-quality process.

    The image shows a diagram titled Application Release Engineering From Idea to Product, which illustrates the process.

    A continuous anything (integration, delivery, and deployment) mindset is based on a growth and improvement philosophy, where every event is considered a valid data point for investigation of process efficiency.

    Diagram adapted from Continuous Delivery in the Wild, Pete Hodgson, Published by O'Reilly Media, Inc., 2020

    Related Info-Tech Research

    Streamline Application Maintenance

    • Justify the necessity of streamlined maintenance. Gain a grounded understanding of stakeholder objectives and concerns and validate their achievability against the current state of the people, process, and technologies involved in application maintenance.
    • Strengthen triaging and prioritization practices. Obtain a holistic picture of the business and technical impacts, risks, and urgencies of each accepted maintenance request to justify its prioritization and relevance within your backlog. Identify opportunities to bundle requests together or integrate them within project commitments to ensure completion.
    • Establish and govern a repeatable process. Develop a maintenance process with well-defined stage gates, quality controls, and roles and responsibilities, and instill development best practices to improve the success of delivery.

    “Releasability” (or release criteria) of a system depends upon the inclusion of necessary building blocks and proof that they were worked on

    There is no standard definition of a system’s releasability. However, there are common themes around completions or assessments that should be investigated as part of a release:

    • The range of performance, technical, or compliance standards that need to be assessed.
    • The full range of test types required for business approval: unit tests, acceptance tests, security test, data migration tests, etc.
    • The volume-criticality mix of defects the organization is willing to accept as a risk.
    • The best source and version control strategy for the development team. This is mostly a function of the team's skill with using release branches and coordinating their work artifacts.
    • The addition of monitoring points and measures required for evaluations and impact analysis.
    • The documentation required for audit and compliance.
    • External and internal dependencies and integrations.
    • Validations, approvals, and sign-offs required as part of the business’ operating procedure.
    • Processes that are currently carried out outside and should be moved into the pipeline.
    • Manual processes that may be automated.
    • Any waste activities that do not directly contribute to releasability that can be eliminated from the development process.
    • Knowledge the team has regarding challenges and successes with similar software releases in the past.

    Releasability of a system is different than governing principles for application release management

    Governing principles are fundamental ways of doing something, which in this case is application release management, while releasability will generally have governing principles in addition to specific needs for a successful release.

    Example of Governing Principles

    • Approval from Senior Director is necessary before releasing to production
    • Production deployments can only be done in off-hours
    • We will try to automate processes whenever it is possible for us to do so
    • We will use a collaborative set of metrics to measure our processes

    Examples of Releasability Criteria

    • For the upcoming release, add performance testing for Finance and Budget Teams’ APIs
    • Audit and compliance documentation is required for this release
    • Automation of manual deployment
    • Use trunk-based source code management instead of feature-based

    Regulated industries are not more stable despite being less nimble

    A pervasive myth in industry revolves around the misperception that continuous anything and nimble and non-event application release management is not possible in large bureaucratic and regulated organizations because they are risk-averse.

    "We found that external approvals were negatively correlated with lead-time, deployment frequency and restore time, and had no correlation with change failure rate. In short, approval by an external body (such as a manager or Change Approval Board) simply doesn’t work to increase the stability of production systems…However, it certainly slows things down. It is in fact worse than having no change approval process at all." – Accelerate by Gene Kim, Jez Humble, and Nicole Forsgren

    Many organizations reduce risk in their product release by adopting a paternalistic stance by:

    • Requiring manual sign-offs from senior personnel who are external to the organization.
    • Increasing the number and level of authorization gates.
    • Staying away from change and preferring to stick with what has worked in the past.

    Despite the prevalence of these types of responses to risk, the evidence is that they do not work and are in fact counter-productive because they:

    • Create blocks to frequent releases.
    • Introduce procedural complexity to each release and in effect make them “bigger.”
    • Prefer process over people (and trusting them). Increase non-value-add scrutiny and reporting.

    There is a persistent misunderstanding about continuous anything being only an IT engineering practice

    01

    At the enterprise level, continuous anything focuses on:

    • Visibility of final value being provided in a high-quality and expedited manner
    • Ensuring efficiency in the organization’s delivery framework
    • Ensuring adherence to established governance and risk mitigation strategy

    02

    Focus of this blueprint

    At the product level, continuous anything focuses on:

    • Reliability of the product delivery system
    • Use of scientific evidence for continuous improvement of the product’s delivery system
    • Orchestration of different artifacts into a single whole

    03

    At the functional level, continuous anything focuses on*:

    • Local functional optimization (functions = software engineering, testing, application design)
    • Automation of local functions
    • Use of patterns for standardizing inputs and functional areas

    *Where necessary, practices at this level have been mentioned.

    Related Info-Tech Research

    Implement DevOps Practices That Work

    • Be DevOps, rather than do DevOps. DevOps is a philosophy, not an industry framework. Your organization’s culture must shift toward system-wide thinking, cross-function collaboration, and empathy.
    • Culture, learning, automation, integrated teams, and metrics and governance (CLAIM) are all critical components of effective DevOps.

    Automate Testing to Get More Done

    • Optimize and automate SDLC stages to recover team capacity. Recognize that automation without optimization is a recipe for long-term pain. Do it right the first time.
    • Optimization and automation are not one-hit wonders. Technical debt is a part of software systems and never goes away. The only remedy is constant vigilance and enhancements to the processes.

    The seeds of a good release are sown even before work on it begins

    Pre-release practices such as requirements intake and product backlog management are important because:

    • A standard process for documentation of features and requirements helps reduce “cognitive dissonance” between business and technology teams. Clearly articulated and well-understood business needs are fundamental ingredients of a high-quality product.
    • Product backlog management done right ensures the prioritized delivery of value to stakeholders. Features can become stale or get a bump in importance, depending upon evolving circumstances. Prioritizing the backlog is, therefore, critical for ensuring time, effort, and budget are spent on things that matter.

    Document and Maintain Your Disaster Recovery Plan

    • Buy Link or Shortcode: {j2store}417|cart{/j2store}
    • member rating overall impact (scale of 10): 9.3/10 Overall Impact
    • member rating average dollars saved: $52,224 Average $ Saved
    • member rating average days saved: 38 Average Days Saved
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity
    • Disaster recovery plan (DRP) documentation is often driven by audit or compliance requirements rather than aimed at the team that would need to execute recovery.
    • Between day-to-day IT projects and the difficulty of maintaining 300+ page manuals, DRP documentation is not updated and quickly becomes unreliable.
    • Inefficient publishing strategies result in your DRP not being accessible during disaster or key staff not knowing where to find the latest version.

    Our Advice

    Critical Insight

    • DR documentation fails when organizations try to boil the ocean with an all-in-one plan aimed at auditors, business leaders, and IT. It’s too long, too hard to maintain, and ends up being little more than shelf-ware.
    • Using flowcharts, checklists, and diagrams aimed at an IT audience is more concise and effective in a disaster, quicker to create, and easier to maintain.
    • Create your DRP in layers to keep the work manageable. Start with a recovery workflow to ensure a coordinated response, and build out supporting documentation over time.

    Impact and Result

    • Create visual and concise DR documentation that strips out unnecessary content and is written for an IT audience – the team that would actually be executing the recovery. Your business leaders can take the same approach to create separate business response plans. Don’t mix the two in an all-in-one plan that is not effective for either audience.
    • Determine a documentation distribution strategy that supports ease of maintenance and accessibility during a disaster.
    • Incorporate DRP maintenance into change management procedures to systematically update and refine the DR documentation. Don’t save up changes for a year-end blitz, which turns document maintenance into an onerous project.

    Document and Maintain Your Disaster Recovery Plan Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should adopt a visual-based DRP, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Streamline DRP documentation

    Start by documenting your recovery workflow. Create supporting documentation in the form of checklists, flowcharts, topology diagrams, and contact lists. Finally, summarize your DR capabilities in a DRP Summary Document for stakeholders and auditors.

    • Document and Maintain Your Disaster Recovery Plan – Phase 1: Streamline DRP Documentation

    2. Select the optimal DRP publishing strategy

    Select criteria for assessing DRP tools, and evaluate whether a business continuity management tool, document management solution, wiki site, or manually distributing documentation is best for your DR team.

    • Document and Maintain Your Disaster Recovery Plan – Phase 2: Select the Optimal DRP Publishing Strategy
    • DRP Publishing and Document Management Solution Evaluation Tool
    • BCM Tool – RFP Selection Criteria

    3. Keep your DRP relevant through maintenance best practices

    Learn how to integrate DRP maintenance into core IT processes, and learn what to look for during testing and during annual reviews of your DRP.

    • Document and Maintain Your Disaster Recovery Plan – Phase 3: Keep Your DRP Relevant Through Maintenance Best Practices
    • Sample Project Intake Form Addendum for Disaster Recovery
    • Sample Change Management Checklist for Disaster Recovery
    • DRP Review Checklist
    • DRP-BCP Review Workflow (Visio)
    • DRP-BCP Review Workflow (PDF)

    4. Appendix: XMPL Case Study

    Model your DRP after the XMPL case study disaster recovery plan documentation.

    • Document and Maintain Your Disaster Recovery Plan – Appendix: XMPL Case Study
    • XMPL DRP Summary Document
    • XMPL Notification, Assessment, and Declaration Plan
    • XMPL Systems Recovery Playbook
    • XMPL Recovery Workflows (Visio)
    • XMPL Recovery Workflows (PDF)
    • XMPL Data Center and Network Diagrams (Visio)
    • XMPL Data Center and Network Diagrams (PDF)
    • XMPL DRP Business Impact Analysis Tool
    • XMPL DRP Workbook
    [infographic]

    Workshop: Document and Maintain Your Disaster Recovery Plan

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Streamline DRP Documentation

    The Purpose

    Teach your team how to create visual-based documentation.

    Key Benefits Achieved

    Learn how to create visual-based DR documentation.

    Activities

    1.1 Conduct a table-top planning exercise.

    1.2 Document your high-level incident response plan.

    1.3 Identify documentation to include in your playbook.

    1.4 Create an initial collection of supplementary documentation.

    1.5 Discuss what further documentation is necessary for recovering from a disaster.

    1.6 Summarize your DR capabilities for stakeholders.

    Outputs

    Documented high-level incident response plan

    List of documentation action items

    Collection of 1-3 draft checklists, flowcharts, topology diagrams, and contact lists

    Action items for ensuring that the DRP is executable for both primary and backup DR personnel

    DRP Summary Document

    2 Select the Optimal DRP Publishing Strategy

    The Purpose

    Learn the considerations for publishing your DRP.

    Key Benefits Achieved

    Identify the best strategy for publishing your DRP.

    Activities

    2.1 Select criteria for assessing DRP tools.

    2.2 Evaluate categories for DRP tools.

    Outputs

    Strategy for publishing DRP

    3 Learn How to Keep Your DRP Relevant Through Maintenance Best Practices

    The Purpose

    Address the common pain point of unmaintained DRPs.

    Key Benefits Achieved

    Create an approach for maintaining your DRP.

    Activities

    3.1 Alter your project intake considerations.

    3.2 Integrate DR considerations into change management.

    3.3 Integrate documentation into performance measurement and performance management.

    3.4 Learn best practices for maintaining your DRP.

    Outputs

    Project Intake Form Addendum Template

    Change Management DRP Checklist Template

    Further reading

    Document and Maintain Your Disaster Recovery Plan

    Put your DRP on a diet – keep it fit, trim, and ready for action.

    ANALYST PERSPECTIVE

    The traditional disaster recovery plan (DRP) “red binder” is dead. It takes too long to create, it’s too hard to maintain, and it’s not usable in a crisis.

    “This blueprint outlines the following key tactics to streamline your documentation effort and produce a better result:

    • Write for an IT audience and focus on how to recover. You don’t need 30 pages of fluff describing the purpose of the document.
    • Use flowcharts, checklists, and diagrams over traditional manuals. This drives documentation that is more concise, easier to maintain, and effective in a crisis.
    • Create your DRP in layers to get tangible results faster, starting with a recovery workflow that outlines your DR strategy, and then build out the specific documentation needed to support recovery.”
    (Frank Trovato, Research Director, Infrastructure, Info-Tech Research Group)

    This project is about DRP documentation after you have clarified your DR strategy; create these necessary inputs first

    These artifacts are the cornerstone for any disaster recovery plan.

    • Business Impact Analysis
    • DR Roles and Responsibilities
    • Recovery Workflow

    Missing a component? Start here. ➔ Create a Right-Sized Disaster Recovery Plan

    This blueprint walks you through building these inputs.
    Our approach saves clients on average US$16,825.22. (Clients self-reported an average saving of US$16,869.21 while completing the Create a Right-Sized Disaster Recovery Plan blueprint through advisory calls, guided implementations, or workshops (Info-Tech Research Group, 2017, N=129).)

    How this blueprint will help you document your DRP

    This Research is Designed For:

    • IT managers in charge of disaster recovery planning (DRP) and execution.
    • Organizations seeking to optimize their DRP using best-practice methodology.
    • Business continuity professionals that are involved with disaster recovery.

    This Research Will Help You:

    • Divide the process of creating DR documentation into manageable chunks, providing a defined scope for you to work in.
    • Identify an appropriate DRP document management and distribution strategy.
    • Ensure that DR documentation is up to date and accessible.

    This Research Will Also Assist:

    • IT managers preparing for a DR audit.
    • IT managers looking to incorporate components of DR into an IT operations document.

    This Research Will Help Them:

    • Follow a structured approach in building DR documentation using best practices.
    • Integrate DR into day-to-day IT operations.

    Executive summary

    Situation

    • DR documentation is often driven by audit or compliance requirements, rather than aimed at the team that would need to execute recovery.
    • Traditional DRPs are text-heavy, 300+ page manuals that are simply not usable in a crisis.
    • Compounding the problem, DR documentation is rarely updated, so it’s just shelf-ware.

    Complication

    • DRP is often given lower priority as day-to-day IT projects displace DR documentation efforts.
    • Inefficient publishing strategies result in your DRP not being accessible during disasters or key staff not knowing where to find the latest version.
    • Organizations that create traditional DRPs end up with massive manuals that are difficult to maintain, so they quickly become unreliable.

    Resolution

    • Create visual and concise DR documentation that strips out unnecessary content and is written for an IT audience – the team that would actually be executing the recovery. Your business leaders can take the same approach to create separate business response plans – don’t mix the two into an all-in-one plan that is not effective for either audience.
    • Determine a documentation distribution strategy that supports ease of maintenance and accessibility during a disaster.
    • Incorporate DRP maintenance into change management and project intake procedures to systematically update and refine the DR documentation. Don’t save up changes for a year-end blitz, which turns document maintenance into an onerous project.

    Info-Tech Insight

    1. DR documentation fails when organizations try to boil the ocean with an all-in-one plan aimed at auditors, business leaders, and IT. It’s too long, too hard to maintain, and ends up being little more than shelf-ware.
    2. Using flowcharts, checklists, and diagrams aimed at an IT audience is more concise and effective in a disaster, quicker to create, and easier to maintain.
    3. Create your DRP in layers to keep the work manageable. Start with a recovery workflow to ensure a coordinated response, and build out supporting documentation over time.

    An effective DRP that mitigates a wide range of potential outages is critical to minimizing the impact of downtime

    The criticality of having an effective DRP is underestimated.

    Cost of Downtime for the Fortune 1000
    • Cost of unplanned apps downtime per year: $1.25B to $2.5B
    • Cost of critical apps failure per hour: $500,000 to $1M
    • Cost of infrastructure failure per hour: $100,000
    • 35% reported to have recovered within 12 hours.
    • 17% of infrastructure failures took more than 24 hours to recover.
    • 13% of application failures took more than 24 hours to recover.
    Size of Impact Increasing Across Industries
    • The cost of downtime is rising across the board and not just for organizations that traditionally depend on IT (e.g. e-commerce).
    • Downtime cost increase since 2010:
      • Hospitality: 129% increase
      • Transportation: 108% increase
      • Media organizations: 104% increase
    Potential Lost Revenue
    A line graph of Potential Lost Revenue with vertical axis 'LOSS ($)' and horizontal axis 'TIME'. The line starts with low losses near the origin where 'Incident Occurs', gradually accelerates to higher losses as time passes, then decelerates before 'All Revenue Lost'. Note: 'Delay in recovery causes exponential revenue loss'.
    (Adapted from: Rothstein, Philip Jan. Disaster Recovery Testing: Exercising Your Contingency Plan (2007 Edition).)

    The impact of downtime increases significantly over time, not just in terms of lost revenue (as illustrated here) but also goodwill/reputation and health/safety. An effective DR solution and overall resiliency that mitigate a wide range of potential outages are critical to minimizing the impact of downtime.

    Without an effective DRP, your organization is gambling on being able to define and implement a recovery strategy during a time of crisis. At the very least, this means extended downtime – potentially weeks – and substantial impact.

    Only 38% of those with a full or mostly complete DRP believe their DRPs would be effective in a real crisis

    Organizations continue to struggle with creating DRPs, let alone making them actionable.

    Why are so many living with either an incomplete or ineffective DRP? For the same reasons that IT documentation in general continues to be a pain point:

    • It is an outdated model of what documentation should be – the traditional manual with detailed (lengthy) descriptions and procedures.
    • Despite the importance of DR, low priority is placed on creating a DRP and the day-to-day SOPs required to support a recovery.
    • There is a lack of effective processes for ensuring documentation stays up to date.
    A bar graph documenting percentages of survey responses about the completeness of their DRP. 'Only 20% of survey respondents indicated they have a complete DRP'. 13% said 'No DRP'. 33% said 'Partial DRP'. 34% said 'Mostly Completed'. 20% said 'Full DRP'.
    (Source: Info-Tech Research Group, N=165)
    A bar graph documenting percentages of survey responses about the level of confidence in their DRP. 'Only 38% of those who have a mostly completed or full DRP actually feel it would be effective in a crisis'. 4% said 'Low'. 58% said 'Unsure'. 38% said 'Confident'.
    (Source: Info-Tech Research Group, N=69 (includes only those who indicated DRP is mostly completed or completed))

    Improve usability and effectiveness with visual-based and more-concise documentation

    Choose flowcharts over process guides, checklists over lengthy procedures, and diagrams over descriptions.

    If you need a three-inch binder to hold your DRP, imagine having to flip through it to determine next steps during a crisis.

    DR documentation needs to be concise, scannable, and quickly understood to be effective. Visual-based documentation meets these requirements, so it’s no surprise that it also leads to higher DR success.

    DR success scores are based on:

    • Meeting recovery time objectives (RTOs).
    • Meeting recovery point objectives (RPOs).
    • IT staff’s confidence in their ability to meet RTOs/RPOs.
    A line graph of DR documentation types and their effectiveness. The vertical axis is 'DR Success', from Low to High. The horizontal axis is Documentation Type, from 'Traditional Manual' to 'Primarily flowcharts, checklists, and diagrams'. The line trends up to higher success with visual-based and more-concise documentation.(Source: Info-Tech Research Group, N=95)

    “Without question, 300-page DRPs are not effective. I mean, auditors love them because of the detail, but give me a 10-page DRP with contact lists, process flows, diagrams, and recovery checklists that are easy to follow.” (Bernard Jones, MBCI, CBCP, CORP, Manager Disaster Recovery/BCP, ActiveHealth Management)

    Maintainability is another argument for visual-based, concise documentation

    There are two end goals for your DR documentation: effectiveness and maintainability. Without either, you will not have success during a disaster.

    Organizations using a visual-based approach were 30% more likely to find that DR documentation is easy to maintain. “Easy to maintain” leads to a 46% higher rate of DR success.
    Two bar graphs documenting survey responses regarding maintenance ease of DR documentation types. The first graph compares Traditional Manual vs Visual-based. For 'Traditional Manual' 72% responded they were Difficult to maintain while 28% responded they were Easy to maintain; for 'Visual-based' 42% responded they were Difficult to maintain while 58% responded they were Easy to maintain. Visual-based DR documentation received 30% more votes for Easy to Maintain. The second graph compares success rates of 'Difficult to Maintain' vs 'Easy to Maintain' DR documentation with Difficult being 31% and Easy being 77%, a 46% difference. 'Source: Info-Tech Research Group, N=96'.

    Not only are visual-based disaster recovery plans more effective, but they are also easier to maintain.

    Overcome documentation inertia with a tiered model that allows you to eat the elephant one bite at a time

    Start with a recovery workflow to at least ensure a coordinated response. Then use that workflow to determine required supporting documentation.

    Recovery Workflow: Starting the project with overly detailed documentation can slow down the entire process. Overcome planning inertia by starting with high-level incident response plans in a flowchart format. For examples and additional information, see XMPL Medical’s Recovery Workflows.

    Recovery Procedures (Systems Recovery Playbook): For each step in the high-level flowchart, create recovery procedures where necessary using additional flowcharts, checklists, and diagrams as appropriate. Leverage Info-Tech’s Systems Recovery Playbook example as a starting point.

    Additional Reference Documentation: Reference existing IT documentation, such as network diagrams and configuration documents, as well as more detailed step-by-step procedures where necessary (e.g. vendor documentation), particularly where needed to support alternate recovery staff who may not be as well versed as the primary system owners.

    Info-Tech Insight

    Organizations that use flowcharts, checklist, and diagrams over traditional, dense DRP manuals are far more likely to meet their RTOs/RPOs because their documentation is more usable and easier to maintain.

    Use a DRP summary document to satisfy executives, auditors, and clients

    Stakeholders don’t have time to sift through a pile of paper. Summarize your overall continuity capabilities in one, easy-to-read place.

    DRP Summary Document

    • Summarize BIA results
    • Summarize DR strategy (including DR sites)
    • Summarize backup strategy
    • Summarize testing and maintenance plans

    Follow Info-Tech’s methodology to make DRP documentation efficient and effective

    Phases

    Phase 1: Streamline DRP documentation Phase 2: Select the optimal DRP publishing strategy Phase 3: Keep your DRP relevant through maintenance best practices

    Phases

    1.1

    Start with a recovery workflow

    2.1

    Decide on a publishing strategy

    3.1

    Incorporate DRP maintenance into core IT processes

    1.2

    Create supporting DRP documentation

    3.2

    Conduct an annual focused review

    1.3

    Write the DRP Summary

    Tools and Templates

    End-to-End Sample DRP DRP Publishing Evaluation Tool Project In-take/Request Form

    Change Management Checklist

    Follow XMPL Medical’s journey through DR documentation

    CASE STUDY

    Industry Healthcare
    Source Created by amalgamating data from Info-Tech’s client base

    Streamline your documentation and maintenance process by following the approach outlined in XMPL Medical’s journey to an end-to-end DRP.

    Outline of the Disaster Recovery Plan

    XMPL’s disaster recovery plan includes its business impact analysis and a subset of tier 1 and tier 2 patient care applications.

    Its DRP includes incident response flowcharts, system recovery checklists, and a communication plan. Its DRP also references IT operations documentation (e.g. asset management documents, system specs, and system configuration docs), but this material is not published with the example documentation.

    Resulting Disaster Recovery Plan

    XMPL’s DRP includes actionable documents in the form of high-level disaster response plan flowcharts and system recovery checklists. During an incident, the DR team is able to clearly see the items for which they are responsible.

    Disaster Recovery Plan
    • Recovery Workflow
    • Business Impact Analysis
    • DRP Summary
    • System Recovery Checklists
    • Communication, Assessment, and Disaster Declaration Plan

    Info-Tech Best Practice

    XMPL Medical’s disaster recovery plan illustrates an effective DRP. Model your end-to-end disaster recovery plan after XMPL’s completed templates. The specific data points will differ from organization to organization, but the structure of each document will be similar.

    Model your disaster recovery documentation off of our example

    CASE STUDY

    Industry Healthcare
    Source Created by amalgamating data from Info-Tech’s client base

    Recovery Workflow:

    • Recovery Workflows (PDF, VSDX)

    Recovery Procedures (Systems Recovery Playbook):

    • DR Notification, Assessment, and Disaster Declaration Plan
    • Systems Recovery Playbook
    • Network Topology Diagrams

    Additional Reference Documentation:

    • DRP Workbook
    • Business Impact Analysis
    • DRP Summary Document

    Use Info-Tech’s DRP Maturity Scorecard to evaluate your progress

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Document and Maintain Your Disaster Recovery Plan – Project Overview

    1. Streamline DRP Documentation 2. Select the Optimal DRP Publishing Strategy 3. Keep Your DRP Relevant
    Supporting Tool icon
    Best-Practice Toolkit

    1.1 Start with a recovery workflow

    1.2 Create supporting DRP documentation

    1.3 Write the DRP summary

    2.1 Create Committee Profiles

    3.1 Build Governance Structure Map

    3.2 Create Committee Profiles

    Guided Implementations
    • Review Info-Tech’s approach to DRP documentation.
    • Create a high-level recovery workflow.
    • Create supporting DRP documentation.
    • Write the DRP summary.
    • Identify criteria for selecting a DRP publishing strategy.
    • Select a DRP publishing strategy.
    • Optional: Select requirements for a BCM tool and issue an RFP.
    • Optional: Review responses to RFP.
    • Learn best practices for integrating DRP maintenance into day-to-day IT processes.
    • Learn best practices for DRP-focused reviews.
    Associated Activity icon
    Onsite Workshop
    Module 1:
    Streamline DRP documentation
    Module 2:
    Select the optimal DRP publishing strategy
    Module 3:
    Learn best practices for keeping your DRP relevant
    Phase 1 Outcome:
    • A complete end-to-end DRP
    Phase 2 Outcome:
    • Selection of a publishing and management tool for your DRP documentation
    Phase 3 Outcome:
    • Strategy for maintaining your DRP documentation

    Workshop Overview Associated Activity icon

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4 Workshop Day 5
    Info-Tech Analysts Finalize Deliverables
    Activities
    Assess DRP Maturity and Review Current Capabilities

    0.1 Assess current DRP maturity through Info-Tech’s Maturity Scorecard.

    0.2 Identify the IT systems that support mission-critical business activities, and select 2 or 3 key applications to be the focus of the workshop.

    0.3 Identify current recovery strategies for selected applications.

    0.4 Identify current DR challenges for selected applications.

    Document Your Recovery Workflow

    1.1 Create a recovery workflow: review tabletop planning, walk through DR scenarios, identify DR gaps, and determine how to fill them.

    Create Supporting Documentation

    1.2 Create supporting DRP documentation.

    1.3 Write the DRP summary.

    Establish a DRP Publishing, Management, and Maintenance Strategy

    2.1 Decide on a publishing strategy.

    3.1 Incorporate DRP maintenance into core IT.

    3.2 Considerations for reviewing your DRP regularly.

    Deliverables
    1. Baseline DRP metric (based on DRP Maturity Scorecard)
    1. High-level DRP workflow
    2. DRP gaps and risks identified
    1. Recovery workflow and/or checklist for sample of IT systems
    2. Customized DRP Summary Template
    1. Strategy for selecting a DRP publishing tool
    2. DRP management and maintenance strategy
    3. Workshop summary presentation deck

    Workshop Goal: Learn how to document and maintain your DRP.

    Use these icons to help direct you as you navigate this research

    Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

    A small monochrome icon of a wrench and screwdriver creating an X.

    This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

    A small monochrome icon depicting a person in front of a blank slide.

    This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.


    Phase 1: Streamline DRP Documentation

    Step 1.1: Start with a recovery workflow

    PHASE 1
    PHASE 2
    PHASE 3
    1.1 1.2 1.3 2.1 3.1 3.2
    Start with a Recovery Workflow Create Supporting Documentation Write the DRP Summary Select DRP Publishing Strategy Integrate into Core IT Processes Conduct an Annual Focused Review

    This step will walk you through the following activities:

    • Review a model DRP.
    • Review your recovery workflow.
    • Identify documentation required to support the recovery workflow.

    This step involves the following participants:

    • DRP Owner
    • System SMEs
    • Alternate DR Personnel

    Outcomes of this step

    • Understanding the visual-based, concise approach to DR documentation.
    • Creating a recovery workflow that provides a roadmap for coordinating incident response and identifying required supporting documentation.

    Info-Tech Insights

    A DRP is a collection of procedures and supporting documents that allow an organization to recover its IT services to minimize system downtime for the business.

    1.1 — Start with a recovery workflow to ensure a coordinated response and identify required supporting documentation

    The recovery workflow clarifies your DR strategy and ensures the DR team is on the same page.

    Recovery Workflow

    The recovery workflow maps out the incident response plan from event detection, assessment, and declaration to systems recovery and validation.

    This documentation includes:

    • Clarifying initial incident response steps.
    • Clarifying the order of systems recovery and which recovery actions can occur concurrently.
    • Estimating actual recovery timeline through each stage of recovery.
    Recovery Procedures (Playbook)
    Additional Reference Documentation

    “We use flowcharts for our declaration procedures. Flowcharts are more effective when you have to explain status and next steps to upper management.” (Assistant Director-IT Operations, Healthcare Industry)

    Review business impact analysis (BIA) results to plan your recovery workflow

    The BIA defines system criticality from the business’s perspective. Use it to guide system recovery order.

    Specifically, review the following from your BIA:

    • The list of tier 1, 2, and 3 applications. This will dictate the recovery order in your recovery workflow.
    • Application dependencies. This will outline what needs to be included as part of an application recovery workflow.
    • The recovery time objective (RTO) and recovery point objective (RPO) for each application. This will also guide the recovery, and enable you to identify gaps where the recovery workflow does not meet RTOs and RPOs.

    CASE STUDY: The XMPL DRP documentation is based on this Business Impact Analysis Tool.

    Haven’t conducted a BIA? Use Info-Tech’s streamlined approach.

    Info-Tech’s publication Create a Right-Sized Disaster Recovery Plan takes a very practical approach to BIA work. Our process gives IT leaders a mechanism to quickly get agreement on system recovery order and DR investment priorities.

    Conduct a tabletop planning exercise to determine your recovery workflow

    Associated Activity icon 1.1.1 Tabletop Planning Exercise

    1. Define a scenario to drive the tabletop planning exercise:
      • Use a scenario that forces a full failover to your DR environment, so you can capture an end-to-end recovery workflow.
      • Avoid scenarios that impact health and safety such as tornados or a fire. You want to focus on IT recovery.
      • Example scenarios: Burst water pipe that causes data-center-wide damage or a gas leak that forces evacuation and power to be shut down for at least two days.

    Note: You may have already completed this exercise as part of Create a Right-Sized Disaster Recovery Plan.

    Info-Tech Insight

    Use scenarios to provide context for DR planning, and to test your plans, but don’t create a separate plan for every possibility.

    The high-level recovery plan will be the same whether the incident is a fire, flood, or tornado. While there might be some variances and outliers, these scenarios can be addressed by adding decision points and/or separate, supplementary instructions.

    Walk through the scenario and capture the recovery workflow

    Associated Activity icon 1.1.2 Tabletop Planning Exercise
    1. Capture the following information for tier 1, tier 2, and tier 3 systems:
      1. On white cue cards, record the steps and track start and end times for each step (where 00:00 is when the incident occurred).
      2. On yellow cue cards, document gaps in people, process, and technology requirements to complete the step.
      3. On red cue cards, indicate risks (e.g. no backup person for a key staff member).

    Note:

    • Ensure the language is sufficiently genericized (e.g. refer to events, not specifically a burst water pipe).
    • Review isolated failures (e.g. hardware, software). Typically, the recovery procedure documented for individual systems covers the essence of the recovery workflow whether it’s just the one system that failed or it’s part of a site-wide recovery.

    Note: You may have already completed this exercise as part of Create a Right-Sized Disaster Recovery Plan.

    Document your current-state recovery workflow based on the results of the tabletop planning

    Supporting Tool icon 1.1.2 Incident Response Plan Flowcharts, Tabs 2 and 3

    After you finish the tabletop planning exercise, the steps on the set of cue cards define your recovery workflow. Capture this in a flowchart format.

    Use the sample DRP to guide your own flowchart. Some notes on the example are:

    • XMPL’s Incident Management to DR flowchart shows the connection between its standard Service Desk processes and DR processes.
    • XMPL’s high-level workflows outline its recovery of tier 1, 2, and 3 systems.
    • Where more detail is required, include links to supporting documentation. In this example, XMPL Medical includes links to its Systems Recovery Playbook.
    Preview of an Info-Tech Template depicting a sample flowchart.

    This sample flowchart is included in XMPL Recovery Workflows.

    Step 1.2: Create Supporting DRP Documentation

    PHASE 1
    PHASE 2
    PHASE 3
    1.11.21.32.13.13.2
    Start with a Recovery WorkflowCreate Supporting DocumentationWrite the DRP SummarySelect DRP Publishing StrategyIntegrate into Core IT ProcessesConduct an Annual Focused Review

    This step will walk you through the following activities:

    • Create checklists for your playbook.
    • Document more complex procedures with flowcharts.
    • Gather and/or write network topology diagrams.
    • Compile a contact list.
    • Ensure there is enough material for backup personnel.

    This step involves the following participants:

    • DRP Owner
    • System SMEs
    • Backup DR Personnel

    Outcomes of this step

    • Actionable supporting documentation for your disaster recovery plan.
    • Contact list for IT personnel, business personnel, and vendor support.

    1.2 — Create supporting documentation for your disaster recovery plan

    Now that you have a high-level incident response plan, collect the information you need for executing that plan.

    Recovery Workflow

    Write your recovery procedures playbook to be effective and usable. Your playbook documentation should include:

    • Supplementary flowcharts
    • Checklists
    • Topology diagrams
    • Contact lists
    • DRP summary

    Reference vendors’ technical information in your flowcharts and checklists where appropriate.

    Recovery Procedures (Playbook)

    Additional Reference Documentation

    Info-Tech Insight

    Write for your audience. The playbook is for IT; include only the information they need to execute the plan. DRP summaries are for executives and auditors; do not include information intended for IT. Similarly, your disaster recovery plan is not for business units; keep BCP content out of your DRP.

    Use checklists to streamline step-by-step procedures

    Supporting Tool icon 1.2.1 XMPL Medical’s System Recovery Checklists

    Checklists are ideal when staff just need a reminder of what to do, not how to do it.

    XMPL Medical used its high-level flowcharts as a roadmap for creating its Systems Recovery Playbook.

    • Since its Playbook is intended for experienced IT staff, the writing style in the checklists is concise. XMPL includes links to reference material to support recovery, especially for alternate staff who might need additional instruction.
    • XMPL includes key parameters (e.g. IP addresses) rather than assume those details would be memorized, especially in a stressful DR scenario.
    • Similarly, include links to other useful resources such as VM templates.
    Preview of the Info-Tech Template 'Systems Recovery Playbook'.

    Included in the XMPL Systems Recovery Playbook are checklists for recovering XMPL’s virtual desktop infrastructure, mission-critical applications, and core infrastructure components.

    Use flowcharts to document processes with concurrent tasks not easily captured in a checklist

    Supporting Tool icon 1.2.2 XMPL Medical’s Phone Services Recovery Flowchart

    Recovery procedures can consist of flowcharts, checklists, or both, as well as diagrams. The main goal is to be clear and concise.

    • XMPL Medical created a flowchart to capture its phone services recovery procedure to capture concurrent tasks.
    • Additional instructions, where required, could still be captured in a Playbook checklist or other supporting documentation.
    • The flowchart could have also included key settings or other details as appropriate, particularly if the DR team chose to maintain this recovery procedure just in a flowchart format.
    Preview of the Info-Tech Template 'Recovery Workflows'.

    Included in the XMPL DR documentation is an example flowchart for recovering phone systems. This flowchart is in Recovery Workflows.

    Reference this blueprint for more SOP flowchart examples: Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind

    Use topology diagrams to capture network layout, integrations, and system information

    Supporting Tool icon 1.2.4 XMPL Medical’s Data Center and Network Diagrams

    Topology diagrams, key checklists, and configuration settings are often enough for experienced networking staff to carry out their DR tasks.

    • XMPL Medical includes these diagrams with its DRP. Instead of recreating these diagrams, the XMPL Medical DR Manager asked their network team for these diagrams:
      • Primary data center diagram
      • DR site diagram
      • High-level network diagrams
    • Often, organizations already have network topology diagrams for reference purposes.

    “Our network engineers came to me and said our standard SOP template didn't work for them. They're now using a lot of diagrams and flowcharts, and that has worked out better for them.” (Assistant Director-IT Operations, Healthcare Industry)

    Preview of the Info-Tech Template 'Systems Recovery Playbook'.

    You can download a PDF and a VSD version of these Data Center and Network Diagrams from Info-Tech’s website.

    Create a list of organizational, IT, and vendor contacts that may be required to assist with recovery

    If there is something strange happening to your IT infrastructure, who you gonna call?

    Many DR managers have their team on speed dial. However, having the contact info of alternate staff, BCP leads, and vendors can be very helpful during a disaster. XMPL Medical lists the following information in its DRP Workbook:

    • The DR Teams, SMEs critical to disaster recovery, their backups, and key contacts (e.g. BC Management team leads, vendor contacts) that would be involved in:
      • Declaring a disaster.
      • Coordinating a response at an organizational level.
      • Executing recovery.
    • The people that have authority to declare a disaster.
    • Each person’s spending authority.
    • The rules for delegating authority.
    • Primary and alternate staff for each role.
    Example list of alternate staff, BCP leads, and vendors.

    Confirm with your DR team that you have all of the documentation that you need to recover during a disaster

    Associated Activity icon 1.2.7 Group Discussion

    DISCUSS: Is there enough information in your DRP for both primary and backup DR personnel?

    • Is it clear who is responsible for each DR task, including notification steps?
    • Have alternate staff for each role been identified?
    • Does the recovery workflow capture all of the high-level steps?
    • Is there enough documentation for alternate staff (e.g. network specs)?

    Step 1.3: Write the DRP Summary

    PHASE 1
    PHASE 2
    PHASE 3
    1.11.21.32.13.13.2
    Start with a Recovery WorkflowCreate Supporting DocumentationWrite the DRP SummarySelect DRP Publishing StrategyIntegrate into Core IT ProcessesConduct an Annual Focused Review

    This step will walk you through the following activities:

    • Write a DRP summary document.

    This step involves the following participants:

    • DRP Owner

    Outcomes of this step

    • High-level outline of your DRP capabilities for stakeholders such as executives, auditors, and clients.

    Summarize your DR capabilities using a DRP summary document

    Supporting Tool icon 1.3.1 DRP Summary Document

    The sample included on Info-Tech’s website is customized for the XMPL Medical Case Study – use the download as a starting point for your own summary document.

    DRP Summary Document

    XMPL’s DRP Summary is organized into the following categories:

    • DR requirements: This includes a summary of scope, business impact analysis (BIA), risk assessment, and high-level RTOs and achievable RTOs.
    • DR strategy: This includes a summary of XMPL’s recovery procedures, DR site, and backup strategy.
    • Testing and maintenance: This includes a summary of XMPL’s DRP testing and maintenance strategy.

    Be transparent about existing business risks in your DRP summary

    The DRP summary document is business facing. Include information of which business leaders (and other stakeholders) need to be aware.

    • Discrepancies between desired and achievable RTOs? Organizational leadership needs to know this information. Only then can they assign the resources and budget that IT needs to achieve the desired DR capabilities.
    • What is the DRP’s scope? XMPL Medical lists the IT components that will be recovered during a disaster, and components which will not. For instance, XMPL’s DRP does not recover medical equipment, and XMPL has separate plans for business continuity and emergency response coordination.
    Application tier Desired RTO (hh:mm) Desired RPO (hh:mm) Achievable RTO (hh:mm) Achievable RPO (hh:mm)
    Tier 1 4:00 1:00 *90:00 1:00
    Tier 2 8:00 1:00 *40:00 1:00
    Tier 3 48:00 24:00 *96:00 24:00

    The above table to is a snippet from the XMPL DR Summary Document (section 2.1.3.2).

    In the example, the DR team is unable to recover tier 1, 2, and 3 systems within the desired RTO. As such, they clearly communicate this information in the DRP summary, and include action items to address these gaps.

    Phase 2: Select the Optimal DRP Publishing Strategy

    Step 2.1: Select a DRP Publishing Strategy

    PHASE 1
    PHASE 2
    PHASE 3
    1.11.21.32.13.13.2
    Start with a Recovery WorkflowCreate Supporting DocumentationWrite the DRP SummarySelect DRP Publishing StrategyIntegrate into Core IT ProcessesConduct an Annual Focused Review

    This step will walk you through the following activities:

    • Select criteria for assessing DRP tools.
    • Evaluate categories for DRP tools.
    • Optional: Write an RFP for a BCM tool.

    This step involves the following participants:

    • DRP Owner

    Outcomes of this step

    • Identified strategies for publishing your DRP (i.e. making it available to your DR team).

    Info-Tech Insights

    Diversify your publishing strategy to ensure you can access your DRP in a disaster. For example, if you are using a BCM tool or SharePoint Online as your primary documentation repository, also push the DRP to your DR team’s smartphones as a backup in case the disaster affects internet access.

    2.1 — Select a DR publishing and document management strategy that fits your organization

    Publishing and document management considerations:

    Portability/External Access: Assume your primary site is down and inaccessible. Can you still access your documentation? As shown in this chart, traditional strategies of either keeping a copy at another location (e.g. at the failover site) or with staff (e.g. on a USB drive) still dominate, but these aren’t necessarily the best options.
    A bar chart titled 'Portability Strategy Popularity'. 'External Website (wiki site, cloud-based DRP tool, etc.)' scored 16%. 'Failover Site (network drive or redundant SharePoint, etc.)' scored 53%. 'Distribute to Staff (use USB drive, personal email, etc.)' scored 50%. 'Not Accessible Offsite' scored 7%.
    Note: Percentages total more than 100% due to respondents using more than one portability strategy.
    (Source: Info-Tech Research Group, N=118)
    Maintainability/Usability: How easy is it to create, update, and use the documentation? Is it easy to link to other documents as shown in the flowchart and checklist examples? Is there version control? Lack of version control can create a maintenance nightmare as well as issues in a crisis if staff are questioning whether they have the right version.
    Cost/Effort: Is the cost and effort appropriate? For example, a large enterprise may need a formal solution (e.g. DRP tools or SharePoint), but the cost might be hard to justify for a smaller company.

    Pros and cons of potential strategies

    This section will review the following strategies, their pros and cons, and how they meet publishing and document management requirements:

    • DRP tools (e.g. eBRP, Recovery Planner, LDRPS)
    • In-house solutions combining SharePoint and MS Office (or equivalent)
    • Wiki site
    • “Manual” approaches such as storing documents on a USB drive

    Avoid 42 hours of downtime due to a non-diversified publishing strategy

    CASE STUDY

    Industry Municipality
    Source Interview

    Situation

    • A municipal government has recently completed an end-to-end disaster recovery plan.
    • The team is feeling good about the fact that they were able to identify:
      • Relative criticality of applications.
      • Dependencies for each application.
      • Incident response plans for the current state and desired state.
      • System recovery procedures.

    Challenge

    • While the DR plan itself was comprehensive, the team only published the DR onto the government’s network drives.
    • A power generation issue caused power to be shut down, which in turn cascaded into downtime for the network.
    • Once the network was down, their DRP was inaccessible.

    Insights

    • Each piece of documentation that was created could have contributed to recovery efforts. However, because they were inaccessible, there was a delayed response to the incident. The result was 42 hours of downtime for end users.
    • Having redundant publishing strategies is just like having redundant IT infrastructure. In the event of downtime, not only do you need to have DR documentation, but you also need to make sure that it is accessible.

    Decide on a DR publishing strategy by looking at portability, maintainability, cost, and required effort

    Supporting Tool icon 2.1.1 DRP Publishing and Management Evaluation Tool

    Use the information included in Step 2.1 to guide your analysis of DRP publishing solutions.

    The tool enables you to compare two possible solutions based on these key considerations discussed in this section:

    • Portability/external access
    • Maintainability/usability
    • Cost
    • Effort

    The right choice will depend on factors such as current in-house tools, maturity around document management, the size of your IT department, and so on.

    For example, a small shop may do very well with the USB drive strategy, whereas a multi-national company will need a more formal strategy to manage consistent DRP distribution.

    Preview of Info-Tech's 'DRP Publishing and Management Solution Evaluation Tool'.

    The DRP Publishing and Management Solution Evaluation Tool helps you to evaluate the tools included in this section.

    Don’t think of a business continuity management (BCM) tool as a silver bullet; know what you’re getting out of it

    Portability/External Access:
    • Pros: Typically a SaaS option provides built-in external access with appropriate security and user administration to vary access rights.
    • Cons: Degree of external access is often dependent on the vendor.
    Maintainability/Usability:
    • Pros: Built-in templates encourage consistency and guide initial content development by indicating what details need to be captured.
    • Pros: Built-in document management (e.g. version control, metadata support), centralized access/navigation to required documents, and some automation (e.g. update contacts throughout the system).
    • Cons: Not a silver bullet. You still have to do the work to define and capture your processes.
    • Cons: Requires end-user and administrator training.
    Cost/Effort:
    • Pros: For large enterprises, the convenience of built-in document management and templates can outweigh the cost.
    • Cons: Expect leading DRP tools to cost $20K or more per year.

    About this approach:
    BCM tools are solutions that provide templates, tools, and document management to create BC and DR documentation.

    Info-Tech Insight

    The business case for a BCM tool is built by answering the following questions:

    • Will the BCM tool solve an unmet need?
    • Will the tool be more effective and efficient than an in-house solution?
    • Will the solution provide enhanced capabilities that an in-house solution cannot provide?

    If you cannot get a satisfactory answer to each of these questions, then opt for an in-house solution.

    “We explored a DRP tool, and it was something we might have used, but it was tens of thousands of pounds per year, so it didn’t stack up financially for us at all.” (Rik Toms, Head of Strategy – IP and IT, Cable and Wireless Communications)

    For in-house solutions, leverage tools such as SharePoint to provide document management capabilities

    Portability/External Access:
    • Pros: SharePoint is commonly web-enabled and supports external access with appropriate security and user administration.
    • Cons: Must be installed at redundant sites or be cloud-based to be effective in a crisis that takes down your primary data center.
    Maintainability/Usability:
    • Pros: Built-in document management (e.g. version control, metadata support) as well as centralized access/navigation to required documents.
    • Pros: No tool learning curve – SharePoint and MS Office would be existing solutions already used on a daily basis.
    • Cons: No built-in automation (e.g. automated updates to contacts throughout the system).
    • Cons: Consistency depends on creating templates and implementing processes for document updates, review, and approval.
    Cost/Effort:
    • Pros: Using existing tools, so this is a sunk cost in terms of capex.
    • Cons: Additional effort required to create templates and manage the documentation library.

    About this approach:
    DRPs and SOPs most often start as MS Office documents, even if there is a DRP tool available. For organizations that elect to bypass a formal DRP tool, and most do, the biggest gap they have to overcome is document management.

    Many organizations are turning to SharePoint to meet this need. For those that already have SharePoint in place, it makes sense to further leverage SharePoint for DR documentation and day-to-day SOPs.

    For SharePoint to be a practical solution, the documentation must still be accessible if the primary data center is down, e.g. by having redundant SharePoint instances at multiple in-house locations, or using a cloud-based SharePoint solution.

    “Just about everything that a DR planning tool does, you can do yourself using homegrown solutions or tools that you're already familiar with such as Word, Excel, and SharePoint.” (Allen Zuk, President and CEO, Sierra Management Consulting)

    A healthcare company uses SharePoint as its DRP and SOP documentation management solution

    CASE STUDY Healthcare

    • This organization is responsible for 50 medical facilities across three states.
    • It explored DRP tools, but didn’t find the right fit, so it has developed an in-house solution based in SharePoint. While DRP tools have improved, the organization no longer needs that type of solution. Its in-house solution is meeting its needs.
    • It has SharePoint instances at multiple locations to ensure availability if one site is down.

    Documentation Strategy

    • Created an IT operations library in SharePoint for DR and SOPs, from basic support to bare-metal restore procedures.
    • SOPs are linked from SharePoint to the virtual help desk for greater accessibility.
    • Where practical, diagrams and flowcharts are used, e.g. DR process flowcharts and network services SOPs dominated by diagrams and flowcharts.

    Management Strategy

    • Directors and the CIO have made finishing off SOPs their performance improvement objective for the year. The result is staff have made time to get this work done.
    • Status updates are posted monthly, and documentation is a regular agenda item in leadership meetings.
    • Regular tabletop testing validates documentation and ensures familiarity with procedures, including where to find required information.

    Results

    • Dependency on a few key individuals has been reduced. All relevant staff know what they need to do and where to access required documentation.
    • SOPs are enabling DR training as well as day-to-day operations training for new staff.
    • The organization has a high confidence in its ability to recovery from a disaster within established timelines.

    Explore using a wiki site as an inexpensive alternative to SharePoint and other content management solutions

    Portability/External Access:
    • Pros: Wiki sites can support external access as with any web solution.
    • Cons: Must be installed at redundant sites, hosted, or cloud-based to be effective in a crisis that takes down your primary data center.
    Maintainability/Usability:
    • Pros: Built-in document management (version control, metadata support, etc.) as well as centralized access/navigation to required information.
    • Pros: Authorized users can make updates dynamically, depending on how much restriction you have on the site.
    • Cons: No built-in automation (e.g. automated updates to contacts throughout the system).
    • Cons: Consistency depends on creating templates and implementing processes for document updates, review, and approval.
    Cost/Effort:
    • Pros: An inexpensive option compared to traditional content management solutions such as SharePoint.
    • Cons: Learning curve if wikis are new to your organization.

    About this approach:
    Wiki sites are websites where users collaborate to create and edit the content. Wikipedia is an example.

    While wiki sites are typically used for collaboration and dynamic content development, the traditional collaborative authoring model can be restricted to provide structure and an approval process.

    Several tools are available to create and manage wiki sites (and other collaboration solutions), as outlined in the following research:

    Info-Tech Insight

    If your organization is not already using wiki sites, this technology can introduce a culture shock. Start slow by using a wiki site within a specific department or for a particular project. Then evaluate how well your staff adapt to this technology as well as its potential effectiveness in your organization. Refer to our collaboration strategy research for additional guidance.

    For small IT shops, distributing documentation to key staff (e.g. via a USB drive) can still be effective

    Portability/External Access:
    • Pros: Appropriate staff have the documentation with them; there is no need to log into a remote site or access a tool to get at the information.
    • Cons: Relies on staff to be diligent about ensuring they have the latest documentation and keep it with them (not leave it in their desk drawer).
    Maintainability/Usability:
    • Pros: With this strategy, MS Office (or equivalent) is used to create and maintain the documentation, so there is no learning curve.
    • Pros: Simple, straightforward methodology – keep the master on a network drive, and download a copy to your USB drive.
    • Cons: No built-in automation (e.g. automated updates to contact information) or document management (e.g. version control).
    • Cons: Consistency depends on creating templates and implementing rigid processes for document updates, review, and approval.
    Cost/Effort:
    • Pros: Little to no cost and no tool management required.
    • Cons: “Manual” document management requires strict attention to process for version control, updates, approvals, and distribution.

    About this approach:
    With this strategy, your ERT and key IT staff keep a copy of your DRP and relevant documentation with them (e.g. on a USB drive). If the primary site experiences a major event, they have ready access to the documentation.

    Fifty percent of respondents in our recent survey use this strategy. A common scenario is to use a shared network drive or a solution such as SharePoint as the master centralized repository, but distribute a copy to key staff.

    Info-Tech Insight

    This approach can have similar disadvantages as using hard copies. Ensuring the USB drives are up to date, and that all staff who might need access have a copy, can become a burdensome process. More often, USB drives are updated periodically, so there is the risk that the information will be out of date or incomplete.

    Avoid extensive use of paper copies of DR documentation

    DR documents need to be easy to update, accessible from anywhere, and searchable. Paper doesn’t meet these needs.

    Portability/External Access:
    • Pros: Does not rely on technology or power.
    • Cons: Requires all staff who might be involved in a DR to have a copy, and to have it with them at all times, to truly have access at any time from anywhere.
    Maintainability/Usability:
    • Pros: In terms of usability, again there is no dependence on technology.
    • Cons: Updates need to be printed and distributed to all relevant staff every time there is a change to ensure staff have access to the latest, most accurate documentation if a disaster occurred. You can’t schedule disasters, so information needs to be current all the time.
    • Cons: Navigation to other information is manual – flipping through pages, etc. No searching or hyperlinks.
    Cost/Effort:
    • Pros: No technology system to maintain, aside from what you use for printing.
    • Cons: Printing expenses are actually among the highest incurred by organizations, and this adds to it.
    • Cons: Labor intensive due to need to print and physically distribute documentation updates.

    About this approach:
    Traditionally DRPs are printed and distributed to managers and/or kept in a central location at both the primary site and a secondary site. In addition, wallet cards are distributed that contain key information such as contact numbers.

    A wallet card or even a few printed copies of your high-level DRP for general reference can be helpful, but paper is not a practical solution for your overall DR documentation library, particularly when you include SOPs for recovery procedures.

    One argument in favor of paper is there is no dependency on power during a crisis. However, in a power outage, staff can use smartphones and potentially laptops (with battery power) to access electronically stored documentation to get through first response steps. In addition, your DR site should have backup power to be an appropriate recovery site.

    Optional: Partial list of BCM tool vendors

    A partial list of BCM tool vendors, including: Business Protector, catalyst, clearview, ContinuityLogic. Fusion, Logic Manager, Quantivate, RecoveryPlanner.com, MetricStream, SimpleRisk, riskonnect, Strategic BCP - ResilienceONE, RSA, and Sungard Availability Services.

    The list is only a partial list of BCM tool vendors. The order in which vendors are presented, and inclusion in this list, does not represent an endorsement.

    Optional: Use our list of requirements as a foundation for selecting and reviewing BCM tools

    Supporting Tool icon 2.1.2 BCM Tool – RFP Selection Criteria

    If a BCM tool is the best option for your environment, expedite the evaluation process with our BCM Tool – RFP Selection Criteria.

    Through advisory services, workshops, and consulting engagements, we have created this BCM Tool Requirements List. The featured requirements includes the following categories:

    1. Integrations
    2. Planning and Monitoring
    3. Administration
    4. Architecture
    5. Security
    6. Support and Training
    Preview of the Info-Tech template 'BCM Tool – RFP Selection Criteria'.

    This BCM Tool – RFP Selection Criteria can be appended to an RFP. You can leverage Info-Tech’s RFP Template if your organization does not have one.

    Info-Tech can write full RFPs

    As part of a consulting engagement, Info-Tech can write RFPs for BCM tools and provide a customized scoring tool based on your environment’s unique requirements.

    Phase 3: Keep Your DRP Relevant Through Maintenance Best Practices

    Step 3.1: Integrate DRP maintenance into core IT processes

    PHASE 1
    PHASE 2
    PHASE 3
    1.11.21.32.13.13.2
    Start with a Recovery WorkflowCreate Supporting DocumentationWrite the DRP SummarySelect DRP Publishing StrategyIntegrate into Core IT ProcessesConduct an Annual Focused Review

    This step will walk you through the following activities:

    • Integrate DRP maintenance with Project Management.
    • Integrate DRP considerations into Change Management.
    • Integrate with Performance Management.

    This step involves the following participants:

    • DRP Owner
    • Head of Project Management Office
    • Head of Change Advisory Board
    • CIO

    Outcomes of this step

    • Updated project intake form.
    • Updated change management practice.
    • Updated performance appraisals.

    3.1 — Incorporate DRP maintenance into core IT processes

    Focusing on these three processes will help ensure that your plan stays current, accurate, and usable.

    The Info-Tech / COBIT5 'IT Management and Governance Framework' with three processes highlighted: 'MEA01 Performance Measurement', 'BAI06 Change Management', and 'BAI01 Project Management'.

    Info-Tech Best Practice

    Prioritize quick wins that will have large benefits. The advice presented in this section offers easy ways to help keep your DRP up to date. These simple solutions can save a lot of time and effort for your DRP team as opposed to more intricate changes to the processes above.

    Assess how new projects impact service criticality and DR requirements upfront during project intake

    Icon for process 'BAI01 Project Management'.
    Supporting Tool icon 3.1.1 Sample Project Intake Form Addendum

    Understand the RTO/RPO requirements and IT impacts for new or enhanced services to ensure appropriate provisioning and overall DRP updates.

    • Have submitters include service continuity requirements. This information can be inserted into your business impact analysis. Use similar language that you use in your own BIA.
      • The submitter should know how critical the resulting project will be. Any items that the submitter doesn’t know, the Project Steering Committee should investigate.
    • Have IT assess the impact on the DRP. The submitter will not know how the DRP will be impacted directly. Ask the project committee to consider how DRP documentation and the DR environment will need to be changed due to the project under consideration.

    Note: The goal is not to make DR a roadblock, but rather to ensure project requirements will be met – including availability and DR requirements.

    Preview of the Info-Tech template 'Project Intake Form'.

    This Project Intake Form asks the submitter to fill out the availability and criticality requirements for the project.

    Leverage your change management process to identify required DRP updates as they occur

    Icon for process 'BAI06 Change Management'.

    Avoid the year-end rush to update your DRP. Keeping it up to date as changes occur saves time in the long run and ensures your plan is accurate when you need it.

    • As part of your change management process, identify potential updates to:
      • System documentation (e.g. configuration settings).
      • Recovery procedures (e.g. if a system has been virtualized, that changes the recovery procedure).
      • Your DR environment (e.g. system configuration updates for standby systems).
    • Keep track of how often a system has changed. Relevant DRP documentation might be due for a deeper review:
      • After a system has been changed ten times (even from routine changes), notify your DRP Manager to flag the relevant DRP documentation for review.
      • As part of formal DRP reviews, pay closer attention to DRP documentation for the flagged systems.
    Preview of the Info-Tech template 'Disaster Recovery Change Management'.

    This template asks the submitter to fill out the availability and criticality requirements for the project.

    For change management best practices beyond DRP considerations, please see Optimize Change Management.

    Integrate documentation into performance measurement and performance management

    Icon for process 'MEA01 Performance Measurement'.

    Documentation is a necessary evil – few like to create it and more immediate tasks take priority. If it isn’t scheduled and prioritized, it won’t happen.

    Why documentation is such a challenge

    How management can address these challenges

    We all know that IT staff typically do not like to write documentation. That’s not why they were hired, and good documentation is not what gets them promoted. Include documentation deliverables in your IT staff’s performance appraisal to stress the importance of ensuring documentation is up to date, especially where it might impact DR success.
    Similarly, documentation is secondary to more urgent tasks. Time to write documentation is often not allocated by project managers. Schedule time for developing documentation, just like any other project, or it won’t happen.
    Writing manuals is typically a time-intensive task. Focus on what is necessary for another experienced IT professional to execute the recovery. As discussed earlier, often a diagram or checklist is good enough and actually far more usable in a crisis.

    “Our directors and our CIO have tied SOP work to performance evaluations, and SOP status is reviewed during management meetings. People have now found time to get this work done.” (Assistant Director – IT Operations, Healthcare Industry)

    Step 3.2: Conduct an Annual Focused Review

    PHASE 1
    PHASE 2
    PHASE 3
    1.11.21.32.13.13.2
    Start with a Recovery WorkflowCreate Supporting DocumentationWrite the DRP SummarySelect DRP Publishing StrategyIntegrate into Core IT ProcessesConduct an Annual Focused Review

    This step will walk you through the following activities:

    1. Identify components of your DRP to refresh.
    2. Identify organizational changes requiring further focus.
    3. Test your DRP and identify problems.
    4. Correct problems identified with DRP.

    This step involves the following participants:

    • DRP Owner
    • System SMEs
    • Backup DR Personnel

    Outcomes of this step

    • An actionable, up-to-date DRP.

    Info-Tech Insight

    Testing is a waste of time and resources if you do not fix what’s broken. Tabletop testing is effective at uncovering gaps in your DR processes, but if you don’t address those gaps, then your DRP will still be unusable in a disaster.

    Set up a safety net to capture changes that slipped through the cracks with a focused review process

    Evaluate documentation supporting high-priority systems, as well as documentation supporting IT systems that have been significantly changed.

    • Ideally you’re maintaining documentation as you go along. But you need to have an annual review to catch items that may have slipped through.
    • Don’t review everything. Instead, review:
      • IT systems that have had 10+ changes: small changes and updates can add up over time. Ensure:
        • The plans for these systems are updated for changes (e.g. configuration changes).
        • SMEs and backup personnel are familiar with the changes.
      • Tier 1 / Gold Systems: Ensure that you can still recover tier 1 systems with your existing DRP documentation.
    • Track documentation issues that you discovered with your ticketing system or service desk tool to ensure necessary documentation changes are made.
    1. Annual Focused Review
    2. Tier 1 Systems
    3. Significantly Changed Systems
    4. Organizational Changes

    Identify larger changes, both organizational and within IT, that necessitate DRP updates

    During your focused review, consider how organizational changes have impacted your DRP.

    The COBIT 5 Enablers provide a foundation for this analysis. Consider:

    • Changes in regulatory requirements: Are there new requirements for IT that are not reflected in your DRP? Is the organization required to comply with any additional regulations?
    • Changes to organizational structures, business processes, and how employees work: Can employees still be productive once tier 1 services are restored or have RTOs changed? Has organizational turnover impacted your DRP?
    • SMEs leaving or changing roles: Can IT still execute your DRP? Are there still people for all the key roles?
    • Changes to IT infrastructure and applications: Can the business still access the information they need during a disaster? Is your BIA still accurate? Do new services need to be considered tier 1?

    Info-Tech Best Practice

    COBIT 5 Enablers
    What changes need to be reflected in your DRP?

    A cycle visualization titled 'Disaster Recovery Plan'. Starting at 'Changes in Regulatory Requirements', it proceeds clockwise to 'Organizational Structure', 'Changes in Business Processes', and 'How Employees Work', before it returns to DRP. Then 'Changes to Applications', 'Changes to Infrastructure', 'SMEs Leaving or Changing Roles', and then back to the DRP.

    Create a plan during your annual focused review to test your DRP throughout the year

    Regardless of your documentation approach, training and familiarity with relevant procedures is critical.

    • Start with tabletop exercises and progress to technology-based testing (simulation, parallel, and full-scale testing).
    • Ask staff to reference documentation while testing, even if they do not need to. This practice helps to confirm documentation accuracy and accessibility.
    • Incorporate cross-training in DR testing. This gives important experience to backup personnel and will further validate that documents are complete and accurate.
    • Track any discovered documentation issues with your ticketing system or project tracking tools to ensure necessary documentation changes are made.

    Example Test Schedule:

    1. Q1: Tabletop testing shadowed by backup personnel
    2. Q2: Tabletop testing led by backup personnel
    3. Q3: Technology-based testing
    4. Annual Focused Review: Review Results

    Reference this blueprint for guidance on DRP testing plans: Reduce Costly Downtime Through DR Testing

    Appendix A: XMPL Case Study

    Follow XMPL Medical’s journey through DR documentation

    CASE STUDY

    Industry Healthcare
    Source Created by amalgamating data from Info-Tech’s client base

    Streamline your documentation and maintenance process by following the approach outlined in XMPL Medical’s journey to an end-to-end DRP.

    Outline of the Disaster Recovery Plan

    XMPL’s disaster recovery plan includes its business impact analysis and a subset of tier 1 and tier 2 patient care applications.

    Its DRP includes incident response flowcharts, system recovery checklists, and a communication plan. Its DRP also references IT operations documentation (e.g. asset management documents, system specs, and system configuration docs), but this material is not published with the example documentation.

    Resulting Disaster Recovery Plan

    XMPL’s DRP includes actionable documents in the form of high-level disaster response plan flowcharts and system recovery checklists. During an incident, the DR team is able to clearly see the items for which they are responsible.

    Disaster Recovery Plan
    • Recovery Workflow
    • Business Impact Analysis
    • DRP Summary
    • System Recovery Checklists
    • Communication, Assessment, and Disaster Declaration Plan

    Info-Tech Best Practice

    XMPL Medical’s disaster recovery plan illustrates an effective DRP. Model your end-to-end disaster recovery plan after XMPL’s completed templates. The specific data points will differ from organization to organization, but the structure of each document will be similar.

    Model your disaster recovery documentation off of our example

    CASE STUDY

    Industry Healthcare
    Source Created by amalgamating data from Info-Tech’s client base

    Recovery Workflow:

    • Recovery Workflows (PDF, VSDX)

    Recovery Procedures (Systems Recovery Playbook):

    • DR Notification, Assessment, and Disaster Declaration Plan
    • Systems Recovery Playbook
    • Network Topology Diagrams

    Additional Reference Documentation:

    • DRP Workbook
    • Business Impact Analysis
    • DRP Summary Document

    Use our structure to create your practical disaster recovery plan.

    Appendix B: Summary, Next Steps, and Bibliography

    Insight breakdown

    Use visual-based documentation instead of a traditional DRP manual.

    • Flowcharts, checklists, and diagrams are more concise, easier to maintain, and more effective in a crisis.
    • Write for an IT audience and focus on how to recover. You don’t need 30 pages of fluff describing the purpose of the document.

    Create your DRP in layers to keep the work manageable.

    • Start with a recovery workflow to ensure a coordinated response, and build out supporting documentation over time.

    Prioritize quick wins to make DRP maintenance easier and more likely to happen.

    • Incorporate DRP maintenance into change management and project intake procedures to systematically update and refine the DR documentation. Don’t save up changes for a year-end blitz, which turns document maintenance into an onerous project.

    Summary of accomplishment

    Knowledge Gained

    • How to create visual-based DRP documentation
    • How to integrate DRP maintenance into core IT processes

    Processes Optimized

    • DRP documentation creation
    • DRP publishing tool selection
    • DRP documentation maintenance

    Deliverables Completed

    • DRP documentation
    • Strategy for publishing your DRP
    • Modified project-intake form
    • Change management checklist for DR considerations

    Project step summary

    Client Project: Document and Maintain Your Disaster Recovery Plan

    • Create a recovery workflow.
    • Create supporting DRP documentation.
    • Write a summary for your DRP.
    • Decide on a publishing strategy.
    • Incorporate DRP maintenance into core IT processes.
    • Conduct an annual focused review.

    Info-Tech Insight

    This project has the ability to fit the following formats:

    • Onsite workshop by Info-Tech Research Group consulting analysts.
    • Do-it-yourself with your team.
    • Remote delivery (Info-Tech Guided Implementation).

    Related Info-Tech research

    Create a Right-Sized Disaster Recovery Plan
    Close the gap between your DR capabilities and service continuity requirements.

    Reduce Costly Downtime Through DR Testing
    Improve the accuracy of your DRP and your team’s ability to efficiently execute recovery procedures through regular DR testing.

    Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind
    Go beyond satisfying auditors to drive process improvement, consistent IT operations, and effective knowledge transfer.

    Prepare for a DRP Audit
    Assess your current DRP maturity, identify required improvements, and complete an audit-ready DRP summary document.

    Bibliography

    A Structured Approach to Enterprise Risk Management (ERM) and the Requirements of ISO 31000. The Association of Insurance and Risk Managers, Alarm: The Public Risk Management Association, and The Institute of Risk Management, 2010.

    “APO012: Manage Risk.” COBIT 5: Enabling Processes. ISACA, 2012.

    Bird, Lyndon, Ian Charters, Mel Gosling, Tim Janes, James McAlister, and Charlie Maclean-Bristol. Good Practice Guidelines: A Guide to Global Good Practice in Business Continuity. Global ed. Business Continuity Institute, 2013.

    COBIT 5: A Business Framework for the Governance and Management of Enterprise IT. ISACA, 2012.

    “EDM03: Ensure Risk Optimisation.” COBIT 5: Enabling Processes. ISACA, 2012.

    Risk Management. ISO 31000:2009.

    Rothstein, Philip Jan. Disaster Recovery Testing: Exercising Your Contingency Plan. Rothstein Associates: 1 Oct. 2007.

    Societal Security – Business continuity management systems – Guidance. ISO 22313:2012.

    Societal Security – Business continuity management systems – Requirements. ISO 22301:2012.

    Understanding and Articulating Risk Appetite. KPMG, 2008.

    Break Open Your DAM With Intuitive Metadata

    • Buy Link or Shortcode: {j2store}389|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Organizations are facing challenges from explosive information growth in both volume and complexity, as well as the need to use more new sources of information for social media just to remain in business.
    • A lot of content can be created quickly, but managing those digital assets properly through metadata tagging that will be used consistently and effectively requires processes to be in place to create standardized and informational metadata at the source of content creation.
    • Putting these processes in place changes the way the organization handles its information, which may generate pushback, and requires socialization and proper management of the metadata strategy.

    Our Advice

    Critical Insight

    • Metadata is an imperative part of the organizations broader information management strategy. Some may believe that metadata is not needed anymore; Google search is not a magic act – it relies on information tagging that reflects cultural sentiment.
    • Metadata should be pliable. It needs to grow with the changing cultural and corporate vernacular and knowledge, and adapt to changing needs.
    • Build a map for your metadata before you dig for buried treasure. Implement metadata standards and processes for current digital assets before chasing after your treasure troves of existing artifacts.

    Impact and Result

    • Create a sustainable and effective digital asset management (DAM) program by understanding Info-Tech’s DAM framework and how the framework fits within your organization for better management of key digital assets.
    • Create an enterprise-wide metadata design principles handbook to keep track of metadata schemas and standards, as well as communicate the standards to the entire organization.
    • Gather requirements for your DAM program, as well as the DAM system and roles, by interviewing key stakeholders and identifying prevalent pains and opportunities. Understand where digital assets are created, used, and stored throughout the enterprise to gain a high-level perspective of DAM requirements.
    • Identify the organization’s current state of metadata management along with the target state, identify the gaps, and then define solutions to fill those gaps. Ensure business initiatives are woven into the mix.
    • Create a comprehensive roadmap to prioritize initiatives and delineate responsibilities.

    Break Open Your DAM With Intuitive Metadata Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop a digital asset management program focused on metadata, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build a foundation for your DAM project

    Gain an in-depth understanding of what digital asset management is as well as how it is supported by Info-Tech’s DAM framework.

    • Break Open Your DAM With Intuitive Metadata – Phase 1: Build a Foundation for Your DAM Project
    • DAM Design Principles Handbook
    • Where in the World Is My Digital Asset? Tool
    • Digital Asset Inventory Tool
    • DAM Requirements Gathering Tool

    2. Dive into the DAM strategy

    Create a metadata program execution strategy and assess current and target states for the organization’s DAM.

    • Break Open Your DAM With Intuitive Metadata – Phase 2: Dive Into the DAM Strategy
    • DAM Roadmap Tool
    • DAM Metadata Execution Strategy Document

    3. Create intuitive metadata for your DAM

    Design a governance plan for ongoing DAM and metadata management.

    • Break Open Your DAM With Intuitive Metadata – Phase 3: Create Intuitive Metadata for Your Digital Assets
    • Metadata Manager Tool
    [infographic]

    Workshop: Break Open Your DAM With Intuitive Metadata

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Structure the Metadata Project

    The Purpose

    Develop a foundation of knowledge regarding DAM and metadata, as well as the best practices for organizing the organization’s information and digital assets for ideal findability.

    Key Benefits Achieved

    Design standardized processes for metadata creation and digital asset management to help to improve findability of key assets.

    Gain knowledge of how DAM can benefit both IT and the business.

    Activities

    1.1 Build a DAM and metadata knowledge foundation.

    1.2 Kick-start creation of the organization’s DAM design principles handbook.

    1.3 Interview key business units to understand drivers for the program.

    1.4 Develop a DAM framework.

    Outputs

    DAM Design Principles Handbook

    DAM Execution Strategy Document

    2 Assess Requirements for the DAM Program

    The Purpose

    Inventory the organization’s key digital assets and their repositories.

    Gather the organization’s requirements for a full-time digital asset librarian, as well as the DAM system.  

    Key Benefits Achieved

    Determine clear and specific requirements for the organization from the DAM system and the people involved.

    Activities

    2.1 Conduct a digital asset inventory to identify key assets to include in DAM.

    2.2 Prioritize digital assets to determine their risk and value to ensure appropriate support through the information lifecycle.

    2.3 Determine the requirements of the business and IT for the DAM system and its metadata.

    Outputs

    Digital Asset Inventory Tool

    DAM Requirements Gathering Tool

    3 Design Roadmap and Plan Implementation

    The Purpose

    Determine strategic initiatives and create a roadmap outlining key steps required to get the organization to start enabling data-driven insights.

    Determine timing of the initiatives. 

    Key Benefits Achieved

    Establish a clear direction for the DAM program.

    Build a step-by-step outline of how to create effective metadata with true business-IT collaboration.

    Have prioritized initiatives with dependencies mapped out.

    Activities

    3.1 Assess current and target states of DAM in the organization.

    3.2 Brainstorm and document practical initiatives to close the gap.

    3.3 Discuss strategies rooted in business requirements to execute the metadata management program to improve findability of digital assets.

    Outputs

    DAM Roadmap Tool

    4 Establish Metadata Governance

    The Purpose

    Identify the roles required for effective DAM and metadata management.

    Create sample metadata according to established guiding principles and implement a feedback method to create intuitive metadata in the organization. 

    Key Benefits Achieved

    Metadata management is an ongoing project. Implementing it requires user input and feedback, which governance will help to support.

    By integrating metadata governance with larger information or data governance bodies, DAM and metadata management will gain sustainability. 

    Activities

    4.1 Discuss and assign roles and responsibilities for initiatives identified in the roadmap.

    4.2 Review policy requirements for the information assets in the organization and strategies to address enforcement.

    4.3 Integrate the governance of metadata into larger governance committees.

    Outputs

    DAM Execution Strategy

    Combine Security Risk Management Components Into One Program

    • Buy Link or Shortcode: {j2store}376|cart{/j2store}
    • member rating overall impact (scale of 10): 9.1/10 Overall Impact
    • member rating average dollars saved: $37,798 Average $ Saved
    • member rating average days saved: 32 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • Companies are aware of the need to discuss and assess risk, but many struggle to do so in a systematic and repeatable way.
    • Rarely are security risks analyzed in a consistent manner, let alone in a systematic and repeatable method to determine project risk as well as overall organizational risk exposure.

    Our Advice

    Critical Insight

    • The best security programs are built upon defensible risk management. With an appropriate risk management program in place, you can ensure that security decisions are made strategically instead of based on frameworks and gut feelings. This will optimize any security planning and budgeting.
    • All risks can be quantified. Security, compliance, legal, or other risks can be quantified using our methodology.

    Impact and Result

    • Develop a security risk management program to create a standardized methodology for assessing and managing the risk that information systems face.
    • Build a risk governance structure that makes it clear how security risks can be escalated within the organization and who makes the final decision on certain risks.
    • Use Info-Tech’s risk assessment methodology to quantifiably evaluate the threat severity for any new or existing project or initiative.
    • Tie together all aspects of your risk management program, including your information security risk tolerance level, threat and risk assessments, and mitigation effectiveness models.

    Combine Security Risk Management Components Into One Program Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop and implement a security risk management program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish the risk environment

    Lay down the foundations for security risk management, including roles and responsibilities and a defined risk tolerance level.

    • Combine Security Risk Management Components Into One Program – Phase 1: Establish the Risk Environment
    • Security Risk Governance Responsibilities and RACI Template
    • Risk Tolerance Determination Tool
    • Risk Weighting Determination Tool

    2. Conduct threat and risk assessments

    Define frequency and impact rankings then assess the risk of your project.

    • Combine Security Risk Management Components Into One Program – Phase 2: Conduct Threat and Risk Assessments
    • Threat and Risk Assessment Process Template
    • Threat and Risk Assessment Tool

    3. Build the security risk register

    Catalog an inventory of individual risks to create an overall risk profile.

    • Combine Security Risk Management Components Into One Program – Phase 3: Build the Security Risk Register
    • Security Risk Register Tool

    4. Communicate the risk management program

    Communicate the risk-based conclusions and leverage these in security decision making.

    • Combine Security Risk Management Components Into One Program – Phase 4: Communicate the Risk Management Program
    • Security Risk Management Presentation Template
    • Security Risk Management Summary Template
    [infographic]

    Workshop: Combine Security Risk Management Components Into One Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish the Risk Environment

    The Purpose

    Build the foundation needed for a security risk management program.

    Define roles and responsibilities of the risk executive.

    Define an information security risk tolerance level.

    Key Benefits Achieved

    Clearly defined roles and responsibilities.

    Defined risk tolerance level.

    Activities

    1.1 Define the security executive function RACI chart.

    1.2 Assess business context for security risk management.

    1.3 Standardize risk terminology assumptions.

    1.4 Conduct preliminary evaluation of risk scenarios to determine your risk tolerance level.

    1.5 Decide on a custom risk factor weighting.

    1.6 Finalize the risk tolerance level.

    1.7 Begin threat and risk assessment.

    Outputs

    Defined risk executive functions

    Risk governance RACI chart

    Defined quantified risk tolerance and risk factor weightings

    2 Conduct Threat and Risk Assessments

    The Purpose

    Determine when and how to conduct threat and risk assessments (TRAs).

    Complete one or two TRAs, as time permits during the workshop.

    Key Benefits Achieved

    Developed process for how to conduct threat and risk assessments.

    Deep risk analysis for one or two IT projects/initiatives.

    Activities

    2.1 Determine when to initiate a risk assessment.

    2.2 Review appropriate data classification scheme.

    2.3 Identify system elements and perform data discovery.

    2.4 Map data types to the elements.

    2.5 Identify STRIDE threats and assess risk factors.

    2.6 Determine risk actions taking place and assign countermeasures.

    2.7 Calculate mitigated risk severity based on actions.

    2.8 If necessary, revisit risk tolerance.

    2.9 Document threat and risk assessment methodology.

    Outputs

    Define scope of system elements and data within assessment

    Mapping of data to different system elements

    Threat identification and associated risk severity

    Defined risk actions to take place in threat and risk assessment process

    3 Continue to Conduct Threat and Risk Assessments

    The Purpose

    Complete one or two TRAs, as time permits during the workshop.

    Key Benefits Achieved

    Deep risk analysis for one or two IT projects/initiatives, as time permits.

    Activities

    3.1 Continue threat and risk assessment activities.

    3.2 As time permits, one to two threat and risk assessment activities will be performed as part of the workshop.

    3.3 Review risk assessment results and compare to risk tolerance level.

    Outputs

    One to two threat and risk assessment activities performed

    Validation of the risk tolerance level

    4 Establish a Risk Register and Communicate Risk

    The Purpose

    Collect, analyze, and aggregate all individual risks into the security risk register.

    Plan for the future of risk management.

    Key Benefits Achieved

    Established risk register to provide overview of the organizational aggregate risk profile.

    Ability to communicate risk to other stakeholders as needed.

    Activities

    4.1 Begin building a risk register.

    4.2 Identify individual risks and threats that exist in the organization.

    4.3 Decide risk responses, depending on the risk level as it relates to the risk tolerance.

    4.4 If necessary, revisit risk tolerance.

    4.5 Identify which stakeholders sign off on each risk.

    4.6 Plan for the future of risk management.

    4.7 Determine how to present risk to senior management.

    Outputs

    Risk register, with an inventory of risks and a macro view of the organization’s risk

    Defined risk-based initiatives to complete

    Plan for securing and managing the risk register

    Take Control of Cloud Costs on Microsoft Azure

    • Buy Link or Shortcode: {j2store}426|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $125,999 Average $ Saved
    • member rating average days saved: 50 Average Days Saved
    • Parent Category Name: Cloud Strategy
    • Parent Category Link: /cloud-strategy
    • Traditional IT budgeting and procurement processes don't work for public cloud services.
    • The self-service nature of the cloud means that often the people provisioning cloud resources aren't accountable for the cost of those resources.
    • Without centralized control or oversight, organizations can quickly end up with massive Azure bills that exceed their IT salary cost.

    Our Advice

    Critical Insight

    • Most engineers care more about speed of feature delivery and reliability of the system than they do about cost.
    • Often there are no consequences for overarchitecting or overspending on Azure.
    • Many organizations lack sufficient visibility into their Azure spend, making it impossible to establish accountability and controls.

    Impact and Result

    • Define roles and responsibilities.
    • Establish visibility.
    • Develop processes, procedures, and policies.

    Take Control of Cloud Costs on Microsoft Azure Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should take control of cloud costs, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build a cost accountability framework

    Assess your current state, define your cost allocation model, and define roles and responsibilities.

    • Cloud Cost Management Worksheet
    • Cloud Cost Management Capability Assessment
    • Cloud Cost Management Policy
    • Cloud Cost Glossary of Terms

    2. Establish visibility

    Define dashboards and reports, and document account structure and tagging requirements.

    • Service Cost Cheat Sheet for Azure

    3. Define processes and procedures

    Establish governance for tagging and cost control, define process for right-sizing, and define process for purchasing commitment discounts.

    • Right-Sizing Workflow (Visio)
    • Right-Sizing Workflow (PDF)
    • Commitment Purchasing Workflow (Visio)
    • Commitment Purchasing Workflow (PDF)

    4. Build an implementation plan

    Document process interactions, establish program KPIs, and build implementation roadmap and communication plan.

    • Cloud Cost Management Task List
    [infographic]

    Workshop: Take Control of Cloud Costs on Microsoft Azure

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Build a Cost Accountability Framework

    The Purpose

    Establish clear lines of accountability and document roles & responsibilities to effectively manage cloud costs.

    Key Benefits Achieved

    Understanding of key areas to focus on to improve cloud cost management capabilities.

    Activities

    1.1 Assess current state

    1.2 Determine cloud cost model

    1.3 Define roles & responsibilities

    Outputs

    Cloud cost management capability assessment

    Cloud cost model

    Roles & responsibilities

    2 Establish Visibility

    The Purpose

    Establish visibility into cloud costs and drivers of those costs.

    Key Benefits Achieved

    Better understanding of what is driving costs and how to keep them in check.

    Activities

    2.1 Develop architectural patterns

    2.2 Define dashboards and reports

    2.3 Define account structure

    2.4 Document tagging requirements

    Outputs

    Architectural patterns; service cost cheat sheet

    Dashboards and reports

    Account structure

    Tagging scheme

    3 Define Processes & Procedures

    The Purpose

    Develop processes, procedures, and policies to control cloud costs.

    Key Benefits Achieved

    Improved capability of reducing costs.

    Documented processes & procedures for continuous improvement.

    Activities

    3.1 Establish governance for tagging

    3.2 Establish governance for costs

    3.3 Define right-sizing process

    3.4 Define purchasing process

    3.5 Define notification and alerts

    Outputs

    Tagging policy

    Cost control policy

    Right-sizing process

    Commitment purchasing process

    Notifications and alerts

    4 Build an Implementation Plan

    The Purpose

    Document next steps to implement & improve cloud cost management program.

    Key Benefits Achieved

    Concrete roadmap to stand up and/or improve the cloud cost management program.

    Activities

    4.1 Document process interaction changes

    4.2 Define cloud cost program KPIs

    4.3 Build implementation roadmap

    4.4 Build communication plan

    Outputs

    Changes to process interactions

    Cloud cost program KPIs

    Implementation roadmap

    Communication plan

    Build a Roadmap for Service Management Agility

    • Buy Link or Shortcode: {j2store}280|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Service Management
    • Parent Category Link: /service-management
    • Business is moving faster than ever and IT is getting more demands at a faster pace.
    • Many IT organizations have traditional structures and approaches that have served them well in the past. However, these frameworks and approaches alone are no longer sufficient for today’s challenges and rapidly changing environment.
    • The inability to adaptively design and deliver services as requirements change has led to diminishing service quality and an increase in shadow IT.

    Our Advice

    Critical Insight

    • Being Agile is a mindset. It is not meant to be prescriptive, but to encourage you to leverage the best approaches, frameworks, and tools to meet your needs and get the job done now.
    • The goal of service management is to enable and drive value for the business. Service management practices have to be flexible and adaptable enough to manage and deliver the right service value at the right time at the right level of quality.

    Impact and Result

    • Understand Agile principles, how they align with service management principles, and what the optimal states for agility look like.
    • Use Info-Tech’s advice and tools to perform an assessment of your organization’s state of agility, identify the gaps, and create a custom roadmap to incorporate agility into your service management practice.
    • Increase business satisfaction. The ultimate outcome of having agility in your service delivery is satisfied customers.

    Build a Roadmap for Service Management Agility Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should create a roadmap for service management agility, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand the optimal state for agility

    Understand the components of agility and what the optimal states are for service management agility.

    • Build a Roadmap for Service Management Agility – Phase 1: Understand the Optimal States for Agility

    2. Assess your current state of agility

    Determine the current state of agility in the service management practice.

    • Build a Roadmap for Service Management Agility – Phase 2: Assess Your Current State of Agility
    • Service Management Agility Assessment Tool

    3. Build the roadmap

    Create a roadmap for service management agility and present it to key stakeholders to obtain their support.

    • Build a Roadmap for Service Management Agility – Phase 3: Build the Roadmap for Service Management Agility
    • Service Management Agility Roadmap Template
    • Building Agility Into Our Service Management Practice Stakeholders Presentation Template
    [infographic]

    Workshop: Build a Roadmap for Service Management Agility

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define the Optimal States for Agility in Service Management

    The Purpose

    Understand agility and how it can complement service management.

    Understand how the components of culture, structure, processes, and resources enable agility in service management.

    Key Benefits Achieved

    Clear understanding of Agile principles.

    Identifying opportunities for agility.

    Understanding of how Agile principles align with service management.

    Activities

    1.1 Understand agility.

    1.2 Understand how Agile methodologies can complement service management through culture, structure, processes, and resources.

    Outputs

    Summary of Agile principles.

    Summary of optimal components in culture, structure, processes, and resources that enable agility.

    2 Assess Your Current State of Agility in Service Management

    The Purpose

    Assess your current organizational agility with respect to culture, structure, processes, and resources.

    Identify your agility strengths and weaknesses with the agility score.

    Key Benefits Achieved

    Understand your organization’s current enablers and constraints for agility.

    Have metrics to identify strengths or weaknesses in culture, structure, processes, and resources.

    Activities

    2.1 Complete an agility assessment.

    Outputs

    Assessment score of current state of agility.

    3 Build the Roadmap for Service Management Agility

    The Purpose

    Determine the gaps between the current and optimal states for agility.

    Create a roadmap for service management agility.

    Create a stakeholders presentation.

    Key Benefits Achieved

    Have a completed custom roadmap that will help build sustainable agility into your service management practice.

    Present the roadmap to key stakeholders to communicate your plans and get organizational buy-in.

    Activities

    3.1 Create a custom roadmap for service management agility.

    3.2 Create a stakeholders presentation on service management agility.

    Outputs

    Completed roadmap for service management agility.

    Completed stakeholders presentation on service management agility.

    Manage Service Catalogs

    • Buy Link or Shortcode: {j2store}44|cart{/j2store}
    • Related Products: {j2store}44|crosssells{/j2store}
    • member rating overall impact (scale of 10): 9.0/10
    • member rating average dollars saved: $3,956
    • member rating average days saved: 24
    • Parent Category Name: Service Planning and Architecture
    • Parent Category Link: /service-planning-and-architecture

    The challenge

    • Your business users may not be aware of the full scope of your services.
    • Typically service information is written in technical jargon. For business users, this means that the information will be tough to understand.
    • Without a service catalog, you have no agreement o what is available, so business will assume that everything is.

    Our advice

    Insight

    • Define your services from a user's or customer perspective.
      • When your service catalog contains too much information that does not apply to most users, they will not use it.
    • Separate the line-of-business services from enterprise services. It simplifies your documentation process and makes the service catalog more comfortable to use.

    Impact and results 

    • Our approach helps you organize your service catalog in a business-friendly way while keeping it manageable for IT.
    • And manageable also means that your service catalog remains a living document. You can update your service records easily.
    • Your service catalog forms a visible bridge between IT and the business. Improve IT's perception by communicating the benefits of the service catalog.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started

    Our concise executive brief shows you why building a service catalog is a good idea for your company. We'll show you our methodology and the ways we can help you in handling this.

    Minimize the risks from attrition through an effective knowledge transfer process.

    Launch the initiative

    Our launch phase will walk you through the charter template, build help a balanced team, create your change message and communication plan to obtain buy-in from all your organization's stakeholders.

    • Design & Build a User-Facing Service Catalog – Phase 1: Launch the Project (ppt)
    • Service Catalog Project Charter (doc)

    Identify and define the enterprise services

    Group enterprise services which you offer to everyone in the company, logically together.

    • Design & Build a User-Facing Service Catalog – Phase 2: Identify and Define Enterprise Services (ppt)
    • Sample Enterprise Services (ppt)

    Identify and define your line-of-business (LOB) services

    These services apply only to one business line. Other business users should not see them in the catalog.

    • Design & Build a User-Facing Service Catalog – Phase 3: Identify and Define Line of Business Services (ppt)
    • Sample LOB Services – Industry Specific (ppt)
    • Sample LOB Services – Functional Group (ppt)

    Complete your services definition chart

    Complete this chart to allow the business to pick what services to include in the service catalog. It also allows you to extend the catalog with technical services by including IT-facing services. Of course, separated-out only for IT.

    • Design & Build a User-Facing Service Catalog – Phase 4: Complete Service Definitions (ppt)
    • Services Definition Chart (xls)

    Measure and Manage Customer Satisfaction Metrics That Matter the Most

    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • Lack of understanding of what is truly driving customer satisfaction or dissatisfaction.
    • Lack of insight into who our satisfied and dissatisfied customers are.
    • Lack of a system for early detection of declines in satisfaction.
    • Lack of clarity on what to improve and how resources should be allocated.

    Our Advice

    Critical Insight

    • All software companies measure satisfaction in some way, but many lack understanding of what’s truly driving customers to stay or leave. By understanding the true drivers of satisfaction, solution providers can measure and monitor satisfaction more effectively, pull actionable insights and feedback, and make changes to products and services that customers really care about and will keep them coming back to you to have their needs met.
    • Obstacles:
      • Use of metrics that don’t provide the insight needed to make impactful changes that will boost satisfaction and ultimately, retention and profit.
      • Lack of a clear definition of what satisfaction means to customers, metric definitions and/or standard methods of measurement, and a consistent monitoring cadence.

    Impact and Result

    • Understanding of who your satisfied and dissatisfied customers are.
    • Understanding of the true drivers of satisfaction and dissatisfaction among your customer segments.
    • Establishment of a repeatable process and cadence for effective satisfaction measurement and monitoring.
    • Development of an executable customer satisfaction improvement plan that identifies customer journey pain points and areas of dissatisfaction, and outlines how to improve them.
    • Knowledge of where money, time, and other resources are needed most to improve satisfaction levels and ultimately increase retention.

    Measure and Manage Customer Satisfaction Metrics That Matter the Most Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Measure and Manage the Customer Satisfaction Metrics that Matter the Most Deck – An overview of how to understand what drives customer satisfaction and how to measure and manage it for improved business outcomes.

    Understand the true drivers of customer satisfaction and build a process for managing and improving customer satisfaction.

    [infographic]

    Further reading

    Measure and Manage the Customer Satisfaction Metrics that Matter the Most

    Understand what truly keeps your customer satisfied. Start to measure what matters to improve customer experience and increase satisfaction and advocacy. 

    EXECUTIVE BRIEF

    Analyst perspective

    Understanding and measuring the true drivers of satisfaction enable the delivery of real customer value

    The image contains a picture of Emily Wright.

    “Healthy customer relationships are the paramount to long-term growth. When customers are satisfied, they remain loyal, spend more, and promote your company to others in their network. The key to high satisfaction is understanding and measuring the true drivers of satisfaction to enable the delivery of real customer value.

    Most companies believe they know who their satisfied customers are and what keeps them satisfied, and 76% of B2B buyers expect that providers understand their unique needs (Salesforce Research, 2020). However, on average B2B companies have customer experience scores of less than 50% (McKinsey, 2016). This disconnect between customer expectations and provider experience indicates that businesses are not effectively measuring and monitoring satisfaction and therefore are not making meaningful enhancements to their service, offerings, and overall experience.

    By focusing on the underlying drivers of customer satisfaction, organizations develop a truly accurate picture of what is driving deep satisfaction and loyalty, ensuring that their company will achieve sustainable growth and stay competitive in a highly competitive market.”

    Emily Wright

    Senior Research Analyst, Advisory

    SoftwareReviews

    Executive summary

    Your Challenge

    Common Obstacles

    SoftwareReviews’ Approach

    Getting a truly accurate picture of satisfaction levels among customers, and where to focus efforts to improve satisfaction, is challenging. Providers often find themselves reacting to customer challenges and being blindsided when customers leave. More effective customer satisfaction measurement is possible when providers self-assess for the following challenges:

    • Lack of understanding of what is truly driving customer satisfaction or dissatisfaction.
    • Lack of insight into who our satisfied and dissatisfied customers are.
    • Lack of a system for early detection of declines in satisfaction.
    • Lack of clarity of what needs to be improved and how resources should be allocated.
    • Lack of reliable internal data for effective customer satisfaction monitoring.

    What separates customer success leaders from developing a full view of their customers are several nagging obstacles:

    • Use of metrics that don’t provide the insight needed to make impactful changes that will boost satisfaction and ultimately, retention and profit.
    • Friction from customers participating in customer satisfaction studies.
    • Lack of data, or integrated databases from which to track, pull, and analyze customer satisfaction data.
    • Lack a clear definition of what satisfaction means to customers, metric definitions, and/or standard methods of measurement and a consistent monitoring cadence.
    • Lack of time, resources, or technology to uncover and effectively measure and monitor satisfaction drivers.

    Through the SoftwareReviews’ approach, customer success leaders will:

    • Understand who your satisfied and dissatisfied customers are.
    • Understand the true drivers of satisfaction and dissatisfaction among your customer segments.
    • Establish a repeatable process and cadence for effective satisfaction measurement and monitoring.
    • Develop an executable customer satisfaction improvement plan that identifies customer journey pain points and areas of dissatisfaction, and outlines how to improve them.
    • Know where money, time, and resources are needed most to improve satisfaction levels and ultimately retention.

    Overarching SoftwareReviews Advisory Insight:

    All companies measure satisfaction in some way, but many lack understanding of what’s truly driving customers to stay or leave. By understanding the true drivers of satisfaction, solution providers can measure and monitor satisfaction more effectively, pull actionable insights and feedback, and make changes to products and services that customers really care about. This will keep them coming back to you to have their needs met.

    Healthy Customer Relationships are vital for long-term success and growth

    Measuring customer satisfaction is critical to understanding the overall health of your customer relationships and driving growth.

    Through effective customer satisfaction measurement, organizations can:

    Improve Customer Experience

    Increase Retention and CLV

    Increase Profitability

    Reduce Costs

    • Provide insight into where and how to improve.
    • Enhance experience, increase loyalty.
    • By providing strong CX, organizations can increase revenue by 10-15% (McKinsey, 2014).
    • Far easier to retain existing customers than to acquire new ones.
    • Ensuring high satisfaction among customers increases Customer Lifetime Value (CLV) through longer tenure and higher spending.
    • NPS Promoter score has a customer lifetime value that's 600%-1,400% higher than a Detractor (Bain & Company, 2015).
    • Highly satisfied customers spend more through expansions and add-ons, as well as through their long tenure with your company.
    • They also spread positive word of mouth, which brings in new customers.
    • “Studies demonstrate a strong correlation between customer satisfaction and increased profits — with companies with high customer satisfaction reporting 5.7 times more revenue than competitors.” (Matthew Loper, CEO and Co-Founder of WELLTH, 2022)
    • Measuring, monitoring, and maintaining high satisfaction levels reduces costs across the board.
    • “Providing a high-quality customer experience can save up to 33% of customer service costs” (Deloitte, 2018).
    • Satisfied customers are more likely to spread positive word of mouth which reduces acquisition / marketing costs for your company.

    “Measuring customer satisfaction is vital for growth in any organization; it provides insights into what works and offers opportunities for optimization. Customer satisfaction is essential for improving loyalty rate, reducing costs and retaining your customers.”

    -Ken Brisco, NICE, 2019

    Poor customer satisfaction measurement is costly

    Virtually all companies measure customer satisfaction, but few truly do it well. All too often, customer satisfaction measurement consists of a set of vanity metrics that do not result in actionable insight for product/service improvement. Improper measurement can result in numerous consequences:

    Direct and Indirect Costs

    Being unaware of true drivers of satisfaction that are never remedied costs your business directly through customer churn, service costs, etc.

    Tarnished Brand

    Tarnished brand through not resolving issues drives dissatisfaction; dissatisfied customers share their negative experiences, which can damage brand image and reputation.

    Waste Limited Resources

    Putting limited resources towards vanity programs and/or fixes that have little to no bearing on core satisfaction drivers wastes time and money.

    “When customer dissatisfaction goes unnoticed, it can slowly kill a company. Because of the intangible nature of customer dissatisfaction, managers regularly underestimate the magnitude of customer dissatisfaction and its impact on the bottom line.”

    - Lakshmiu Tatikonda, “The Hidden Costs of Customer Dissatisfaction”, 2013

    SoftwareReviews Advisory Insight:

    Most companies struggle to understand what’s truly driving customers to stay or leave. By understanding the true satisfaction drivers, tech providers can measure and monitor satisfaction more effectively, avoiding the numerous harmful consequences that result from average customer satisfaction measurement.

    Does your customer satisfaction measurement process need improvement?

    Getting an accurate picture of customer satisfaction is no easy task. Struggling with any of the following means you are ready for a detailed review of your customer satisfaction measurement efforts:

    • Not knowing who your most satisfied customers are.
    • Lacking early detection for declining satisfaction – either reactive, or unaware of dissatisfaction as it’s occurring.
    • Lacking a process for monitoring changes in satisfaction and lack ability to be proactive; you feel blindsided when customers leave.
    • Inability to fix the problem and wasting money on the wrong areas, like vanity metrics that don’t bring value to customers.
    • Spending money and other resources towards fixes based on a gut feeling, without quantifying the real root cause drivers and investing in their improvement.
    • Having metrics and data but lacking context; don’t know what contributed to the metrics/results, why people are dissatisfied or what contributes to satisfaction.
    • Lacking clear definition of what satisfaction means to customers / customer segments.
    • Difficulty tying satisfaction back to financial results.

    Customers are more satisfied with software vendors who understand the difference between surface level and short-term satisfaction, and deep or long-term satisfaction

    Surface-level satisfaction

    Surface-level satisfaction has immediate effects, but they are usually short-term or limited to certain groups of users. There are several factors that contribute to satisfaction including:

    • Novelty of new software
    • Ease of implementation
    • Financial savings
    • Breadth of features

    Software Leaders Drive Deep Satisfaction

    Deep satisfaction has long-term and meaningful impacts on the way that organizations work. Deep satisfaction has staying power and increases or maintains satisfaction over time, by reducing complexity and delivering exceptional quality for end-users and IT alike. This report found that the following capabilities provided the deepest levels of satisfaction:

    • Usability and intuitiveness
    • Quality of features
    • Ease of customization
    • Vendor-specific capabilities

    The above solve issues that are part of everyday problems, and each drives satisfaction in deep and meaningful ways. While surface-level satisfaction is important, deep and impactful capabilities can sustain satisfaction for a longer time.

    Deep Customer Satisfaction Among Software Buyers Correlates Highly to “Emotional Attributes”

    Vendor Capabilities and Product Features remain significant but are not the primary drivers

    The image contains a graph to demonstrate a correlation to Satisfaction, all Software Categories.
    Source: SoftwareReviews buyer reviews (based on 82,560 unique reviews).

    Driving deep satisfaction among software customers vs. surface-level measures is key

    Vendor capabilities and product features correlate significantly to buyer satisfaction

    Yet, it’s the emotional attributes – what we call the “Emotional Footprint”, that correlate more strongly

    Business-Value Created and Emotional Attributes are what drives software customer satisfaction the most

    The image contains a screenshot of a graph to demonstrate Software Buyer Satisfaction Drivers and Emotional Attributes are what drives software customer satisfaction.

    Software companies looking to improve customer satisfaction will focus on business value created and the Emotional Footprint attributes outlined here.

    The essential ingredient is understanding how each is defined by your customers.

    Leaders focus on driving improvements as described by customers.

    SoftwareReviews Insight:

    These true drivers of satisfaction should be considered in your customer satisfaction measurement and monitoring efforts. The experience customers have with your product and brand is what will differentiate your brand from competitors, and ultimately, power business growth. Talk to a SoftwareReviews Advisor to learn how users rate your product on these satisfaction drivers in the SoftwareReviews Emotional Footprint Report.

    Benefits of Effective Customer Satisfaction Measurement

    Our research provides Customer Success leaders with the following key benefits:

    • Ability to know who is satisfied, dissatisfied, and why.
    • Confidence in how to understand or uncover the factors behind customer satisfaction; understand and identify factors driving satisfaction, dissatisfaction.
    • Ability to develop a clear plan for improving customer satisfaction.
    • Knowledge of how to establish a repeatable process for customer satisfaction measurement and monitoring that allows for proactivity when declines in satisfaction are detected.
    • Understanding of what metrics to use, how to measure them, and where to find the right information/data.
    • Knowledge of where money, time, and other resources are needed most to drive tangible customer value.

    “81% of organizations cite CX as a competitive differentiator. The top factor driving digital transformation is improving CX […] with companies reporting benefits associated with improving CX including:

    • Increased customer loyalty (92%)
    • An uplift in revenue (84%)
    • Cost savings (79%).”

    – Dan Cote, “Advocacy Blooms and Business Booms When Customers and Employees Engage”, Influitive, 2021

    The image contains a screenshot of a thought model that focuses on Measure & Manage the Customer Satisfaction Metrics That Matter the Most.

    Who benefits from improving the measurement and monitoring of customer satisfaction?

    This Research Is Designed for:

    • Customer Success leaders and marketers who are:
      • Responsible for understanding how to benchmark, measure, and understand customer satisfaction to improve satisfaction, NPS, and ROI.
      • Looking to take a more proactive and structured approach to customer satisfaction measurement and monitoring.
      • Looking for a more effective and accurate way to measure and understand how to improve customer satisfaction around products and services.

    This Research Will Help You:

    • Understand the factors driving satisfaction and dissatisfaction.
    • Know which customers are satisfied/dissatisfied.
    • Know where time, money, and resources are needed the most in order to improve or maintain satisfaction levels.
    • Develop a formal plan to improve customer satisfaction.
    • Establish a repeatable process for customer satisfaction measurement and monitoring that allows for proactivity when declines in satisfaction are detected.

    This Research Will Also Assist:

    • Customer Success Leaders, Marketing and Sales Directors and Managers, Product Marketing Managers, and Advocacy Managers/Coordinators who are responsible for:
      • Product improvements and enhancements
      • Customer service and onboarding
      • Customer advocacy programs
      • Referral/VoC programs

    This Research Will Help Them:

    • Coordinate and align on customer experience efforts and actions.
    • Gather and make use of customer feedback to improve products, solutions, and services provided.
    • Provide an amazing customer experience throughout the entirety of the customer journey.

    SoftwareReviews’ methodology for measuring the customer satisfaction metrics that matter the most

    1. Identify true customer satisfaction drivers

    2. Develop metrics dashboard

    3. Develop customer satisfaction measurement and management plan

    Phase Steps

    1. Identify data sources, documenting any gaps in data
    2. Analyze all relevant data on customer experiences and outcomes
    3. Document top satisfaction drivers
    1. Identify business goals, problems to be solved / define business challenges and marketing/customer success goals
    2. Use SR diagnostic to assess current state of satisfaction measurement, assessing metric alignment to satisfaction drivers
    3. Define your metrics dashboard
    4. Develop common metric definitions, language for discussing, and standards for measuring customer satisfaction
    1. Determine committee structure to measure performance metrics over time
    2. Map out gaps in satisfaction along customer journey/common points in journey where customers are least dissatisfied
    3. Build plan that identifies weak areas and shows how to fix using SR’s emotional footprint, other measures
    4. Create plan and roadmap for CSat improvement
    5. Create communication deck

    Phase Outcomes

    1. Documented satisfaction drivers
    2. Documented data sources and gaps in data
    1. Current state customer satisfaction measurement analysis
    2. Common metric definitions and measurement standards
    3. Metrics dashboard
    1. Customer satisfaction measurement plan
    2. Customer satisfaction improvement plan
    3. Customer journey maps
    4. Customer satisfaction improvement communication deck
    5. Customer Satisfaction Committee created

    Insight summary

    Understanding and measuring the true drivers of satisfaction enable the delivery of real customer value

    All software companies measure satisfaction in some way, but many lack understanding of what’s truly driving customers to stay or leave. By understanding the true drivers of satisfaction, solution providers can measure and monitor satisfaction more effectively, pull actionable insights and feedback, and make changes to products and services that customers really care about and which will keep them coming back to you to have their needs met.

    Positive experiences drive satisfaction more so than features and cost

    According to our analysis of software buyer reviews data*, the biggest drivers of satisfaction and likeliness to recommend are the positive experiences customers have with vendors and their products. Customers want to feel that:

    1. Their productivity and performance is enhanced, and the vendor is helping them innovate and grow as a company.
    2. Their vendor inspires them and helps them to continually improve.
    3. They can rely on the vendor and the product they purchased.
    4. They are respected by the vendor.
    5. They can trust that the vendor will be on their side and save them time.
    *8 million data points across all software categories

    Measure Key Relationship KPIs to gauge satisfaction

    Key metrics to track include the Business Value Created score, Net Emotional Footprint, and the Love/Hate score (the strength of emotional connection).

    Orient the organization around customer experience excellence

    1. Arrange staff incentives around customer value instead of metrics that are unrelated to satisfaction.
    2. Embed customer experience as a core company value and integrate it into all functions.
    3. Make working with your organization easy and seamless for customers.

    Have a designated committee for customer satisfaction measurement

    Best in class organizations create customer satisfaction committees that meet regularly to measure and monitor customer satisfaction, resolve issues quickly, and work towards improved customer experience and profit outcomes.

    Use metrics that align to top satisfaction drivers

    This will give you a more accurate and fulsome view of customer satisfaction than standard satisfaction metrics alone will.

    Guided Implementation

    What is our GI on measuring and managing the customer satisfaction metrics that matter most?

    Identify True Customer Satisfaction Drivers

    Develop Metrics Dashboard Develop Customer Satisfaction Measurement and Management Plan

    Call #1: Discuss current pain points and barriers to successful customer satisfaction measurement, monitoring and maintenance. Plan next call – 1 week.

    Call #2: Discuss all available data, noting any gaps. Develop plan to fill gaps, discuss feasibility and timelines. Plan next call – 1 week.

    Call #3: Walk through SoftwareReviews reports to understand EF and satisfaction drivers. Plan next call – 3 days.

    Call #4: Segment customers and document key satisfaction drivers. Plan next call – 2 week.

    Call #5: Document business goals and align them to metrics. Plan next call – 1 week.

    Call #6: Complete the SoftwareReviews satisfaction measurement diagnostic. Plan next call – 3 days.

    Call #7: Score list of metrics that align to satisfaction drivers. Plan next call – 2 days.

    Call #8: Develop metrics dashboard and definitions. Plan next call – 2 weeks.

    Call #9: Finalize metrics dashboard and definitions. Plan next call – 1 week.

    Call #10: Discuss committee and determine governance. Plan next call – 2 weeks.

    Call #11: Map out gaps in satisfaction along customer journey as they relate to top satisfaction drivers. Plan next call –2 weeks.

    Call #12: Develop plan and roadmap for satisfaction improvement. Plan next call – 1 week.

    Call #13: Finalize plan and roadmap. Plan next call – 1 week.

    Call # 14: Review and coach on communication deck.

    A Guided Implementation (GI) is series of calls with a SoftwareReviews Advisory analyst to help implement our best practices in your organization.

    For guidance on marketing applications, we can arrange a discussion with an Info-Tech analyst.

    Your engagement managers will work with you to schedule analyst calls.

    Software Reviews offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.” “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.” “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.” “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
    Included within Advisory Membership Optional add-ons

    Bibliography

    “Are you experienced?” Bain & Company, Apr. 2015. Accessed 6 June. 2022.

    Brisco, Ken. “Measuring Customer Satisfaction and Why It’s So Important.” NICE, Feb. 2019. Accessed 6 June. 2022.

    CMO.com Team. “The Customer Experience Management Mandate.” Adobe Experience Cloud Blog, July 2019. Accessed 14 June. 2022.

    Cote, Dan. “Advocacy Blooms and Business Booms When Customers and Employees Engage.” Influitive, Dec. 2021. Accessed 15 June. 2022.

    Fanderl, Harald and Perrey, Jesko. “Best of both worlds: Customer experience for more revenues and lower costs.” McKinsey & Company, Apr. 2014. Accessed 15 June. 2022.

    Gallemard, Jeremy. “Why – And How – Should Customer Satisfaction Be Measured?” Smart Tribune, Feb. 2020. Accessed 6 June. 2022.

    Kumar, Swagata. “Customer Success Statistics in 2021.” Customer Success Box, 2021. Accessed 17 June. 2022.

    Lakshmiu Tatikonda, “The Hidden Costs of Customer Dissatisfaction”, Management Accounting Quarterly, vol. 14, no. 3, 2013, pp 38. Accessed 17 June. 2022.

    Loper, Matthew. “Why ‘Customer Satisfaction’ Misses the Mark – And What to Measure Instead.” Newsweek, Jan. 2022. Accessed 16 June. 2022.

    Maechler, Nicolas, et al. “Improving the business-to-business customer experience.” McKinsey & Company, Mar. 2016. Accessed 16 June.

    “New Research from Dimension Data Reveals Uncomfortable CX Truths.” CISION PR Newswire, Apr. 2017. Accessed 7 June. 2022.

    Sheth, Rohan. 75 Must-Know Customer Experience Statistics to move Your Business Forward in 2022.” SmartKarrot, Feb. 2022. Accessed 17 June. 2022.

    Smith, Mercer. “111 Customer Service Statistics and Facts You Shouldn’t Ignore.” HelpScout, May 2022. Accessed 17 June. 2022.

    “State of the Connected Customer.” Salesforce, 2020. Accessed 14 June. 2022

    “The true value of customer experiences.” Deloitte, 2018. Accessed 15 June. 2022.

    Adopt Design Thinking in Your Organization

    • Buy Link or Shortcode: {j2store}327|cart{/j2store}
    • member rating overall impact (scale of 10): 9.6/10 Overall Impact
    • member rating average dollars saved: $23,245 Average $ Saved
    • member rating average days saved: 13 Average Days Saved
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • End users often have a disjointed experience while interacting with your organization in using its products and services.
    • You have been asked by your senior leadership to start a new or revive an existing design or innovation function within your organization. However, your organization has dismissed design thinking as the latest “management fad” and does not buy into the depth and rigor that design thinking brings.
    • The design or innovation function lives on the fringes of your organization due to its apathy towards design thinking or tumultuous internal politics.
    • You, as a CIO, want to improve the user satisfaction with the IT services your team provides to both internal and external users.

    Our Advice

    Critical Insight

    • A user’s perspective while interacting with the products and services is very different from the organization’s internal perspective while implementing and provisioning those. A design-based organization balances the two perspectives to drive user-satisfaction over end-to-end journeys.
    • Top management must have a design thinker – the guardian angel of the balance between exploration (i.e. discovering new business models) and exploitation (i.e. leveraging existing business models).
    • Your approach to adopt design thinking must consider your organization’s specific goals and culture. There’s no one-size-fits-all approach.

    Impact and Result

    • User satisfaction, with the end-to-end journeys orchestrated by your organization, will significantly increase.
    • Design-centric organizations enjoy disproportionate financial rewards.

    Adopt Design Thinking in Your Organization Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should adopt design thinking in your organization, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. What is design thinking?

    The focus of this phase is on revealing what designers do during the activity of designing, and on building an understanding of the nature of design ability. We will formally examine the many definitions of design thinking from experts in this field. At the core of this phase are several case studies that illuminate the various aspects of design thinking.

    • Adopt Design Thinking in Your Organization – Phase 1: What Is Design Thinking?
    • Victor Scheinman's Experiment for Design

    2. How does an organization benefit from design thinking?

    This phase will illustrate the relevance of design in strategy formulation and in service-design. At the core of this phase are several case studies that illuminate these aspects of design thinking. We will also identify the trends impacting your organization and establish a baseline of user-experience with the journeys orchestrated by your organization.

    • Adopt Design Thinking in Your Organization – Phase 2: How Does an Organization Benefit From Design Thinking?
    • Trends Matrix (Sample)

    3. How do you build a design organization?

    The focus of this phase is to:

  • Measure the design-centricity of your organization and subsequently, identify the areas for improvement.
  • Define an approach for a design program that suites your organization’s specific goals and culture.
    • Adopt Design Thinking in Your Organization – Phase 3: How Do You Build a Design Organization?
    • Report on How Design-Centric Is Your Organization (Sample)
    • Approach for the Design Program (Sample)
    • Interview With David Dunne on Design Thinking
    • Interview With David Dunne on Design Thinking (mp3)
    [infographic]

    Workshop: Adopt Design Thinking in Your Organization

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 What Is Design Thinking?

    The Purpose

    The focus of this module is on revealing what designers do during the activity of designing, and on building an understanding of the nature of design ability. We will also review the report on the design-centricity of your organization and subsequently, earmark the areas for improvement.

    Key Benefits Achieved

    An intimate understanding of the design thinking

    An assessment of design-centricity of your organization and identification of areas for improvement

    Activities

    1.1 Discuss case studies on how designers think and work

    1.2 Define design thinking

    1.3 Review report from Info-Tech’s diagnostic: How design-centric is your organization?

    1.4 Earmark areas for improvement to raise the design-centricity of your organization

    Outputs

    Report from Info-Tech’s diagnostic: ‘How design-centric is your organization?’ with identified areas for improvement.

    2 How Does an Organization Benefit From Design Thinking?

    The Purpose

    In this module, we will discuss the relevance of design in strategy formulation and service design. At the core of this module are several case studies that illuminate these aspects of design thinking. We will also identify the trends impacting your organization. We will establish a baseline of user experience with the journeys orchestrated by your organization.

    Key Benefits Achieved

    An in-depth understanding of the relevance of design in strategy formulation and service design

    An understanding of the trends that impact your organization

    A taxonomy of critical customer journeys and a baseline of customers’ satisfaction with those

    Activities

    2.1 Discuss relevance of design in strategy through case studies

    2.2 Articulate trends that impact your organization

    2.3 Discuss service design through case studies

    2.4 Identify critical customer journeys and baseline customers’ satisfaction with those

    2.5 Run a simulation of design in practice

    Outputs

    Trends that impact your organization.

    Taxonomy of critical customer journeys and a baseline of customers’ satisfaction with those.

    3 How to Build a Design Organization

    The Purpose

    The focus of this module is to define an approach for a design program that suits your organization’s specific goals and culture.

    Key Benefits Achieved

    An approach for the design program in your organization. This includes aspects of the design program such as its objectives and measures, its model (one of the five archetypes or a hybrid one), and its governance.

    Activities

    3.1 Identify objectives and key measures for your design thinking program

    3.2 Structure your program after reviewing five main archetypes of a design program

    3.3 Balance between incremental and disruptive innovation

    3.4 Review best practices of a design organization

    Outputs

    An approach for your design thinking program: objectives and key measures; structure of the program, etc.

    Proactively Identify and Mitigate Vendor Risk

    • Buy Link or Shortcode: {j2store}227|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • IT priorities are focused on daily tasks, pushing risk management to secondary importance and diverging from a proactive environment.
    • IT leaders are relying on an increasing number of third-party technology vendors and outsourcing key functions to meet the rapid pace of change within IT.
    • Risk levels can fluctuate over the course of the partnership, requiring manual process checks and/or automated solutions.

    Our Advice

    Critical Insight

    • Every IT vendor carries risks that have business implications. These legal, financial, security, and operational risks could inhibit business continuity and IT can’t wait until an issue arises to act.
    • Making intelligent decisions about risks without knowing what their financial impact will be is difficult. Risk impact must be quantified.
    • You don’t know what you don’t know, and what you don’t know, can hurt you. To find hidden risks, you must use a structured risk identification method.

    Impact and Result

    • A thorough risk assessment in the selection phase is your first line of defense. If you follow the principles of vendor risk management, you can mitigate collateral losses following an adverse event.
    • Make a conscious decision whether to accept the risk based on time, priority, and impact. Spend the required time to correctly identify and enact defined vendor management processes that determine spend categories and appropriately evaluate potential and preferred suppliers. Ensure you accurately assess the partnership potential.
    • Take a proactive stance against IT threats and vulnerabilities by identifying and assessing IT’s most significant risks before they happen.

    Proactively Identify and Mitigate Vendor Risk Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how to create a vendor risk management program that minimizes your organization’s vulnerability and mitigates adverse scenarios.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Review vendor risk fundamentals and establish governance

    Review IT vendor risk fundamentals and establish a risk governance framework.

    • Proactively Identify and Mitigate Vendor Risk – Phase 1: Review Vendor Risk Fundamentals and Establish Governance
    • Vendor Risk Management Maturity Assessment Tool
    • Vendor Risk Management Program Manual
    • Risk Event Action Plan

    2. Assess vendor risk and define your response strategy

    Categorize, prioritize, and assess your vendor risks. Follow up with creating effective response strategies.

    • Proactively Identify and Mitigate Vendor Risk – Phase 2: Assess Vendor Risk and Define Your Response Strategy
    • Vendor Classification Model Tool
    • Vendor Risk Profile and Assessment Tool
    • Risk Costing Tool
    • Risk Register Tool

    3. Monitor, communicate, and improve IT vendor risk process

    Assign accountability and responsibilities to formalize ongoing risk monitoring. Communicate your findings to management and share the plan moving forward.

    • Proactively Identify and Mitigate Vendor Risk – Phase 3: Monitor, Communicate, and Improve IT Vendor Risk Process
    • Risk Report
    [infographic]

    Workshop: Proactively Identify and Mitigate Vendor Risk

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Prepare for the Workshop

    The Purpose

    To prepare the team for the workshop.

    Key Benefits Achieved

    Avoids delays and interruptions once the workshop is in progress.

    Activities

    1.1 Send workshop agenda to all participants.

    1.2 Prepare list of vendors and review any contracts provided by them.

    1.3 Review current risk management process.

    Outputs

    All necessary participants assembled

    List of vendors and vendor contracts

    Understanding of current risk management process

    2 Review Vendor Risk Fundamentals and Establish Governance

    The Purpose

    Review IT vendor risk fundamentals.

    Assess current maturity and set risk management program goals.

    Engage stakeholders and establish a risk governance framework.

    Key Benefits Achieved

    Understanding of organizational risk culture and the corresponding risk threshold.

    Obstacles to effective IT risk management identified.

    Attainable goals to increase maturity established.

    Understanding of the gap to achieve vendor risk readiness.

    Activities

    2.1 Brainstorm vendor-related risks.

    2.2 Assess current program maturity.

    2.3 Identify obstacles and pain points.

    2.4 Develop risk management goals.

    2.5 Develop key risk indicators (KRIs) and escalation protocols.

    2.6 Gain stakeholders’ perspective.

    Outputs

    Vendor risk management maturity assessment

    Goals for vendor risk management

    Stakeholders’ opinions

    3 Assess Vendor Risk and Define Your Response Strategy

    The Purpose

    Categorize vendors.

    Prioritize assessed risks.

    Key Benefits Achieved

    Risk events prioritized according to risk severity – as defined by the business.

    Activities

    3.1 Categorize vendors.

    3.2 Map vendor infrastructure.

    3.3 Prioritize vendors.

    3.4 Identify risk contributing factors.

    3.5 Assess risk exposure.

    3.6 Calculate expected cost.

    3.7 Identify risk events.

    3.8 Input risks into the Risk Register Tool.

    Outputs

    Vendors classified and prioritized

    Vendor risk exposure

    Expected cost calculation

    4 Assess Vendor Risk and Define Your Response Strategy (continued)

    The Purpose

    Determine risk threshold and contract clause relating to risk prevention.

    Identify and assess risk response actions.

    Key Benefits Achieved

    Thorough analysis has been conducted on the value and effectiveness of risk responses for high-severity risk events.

    Risk response strategies have been identified for all key risks.

    Authoritative risk response recommendations can be made to senior leadership.

    Activities

    4.1 Determine the threshold for (un)acceptable risk.

    4.2 Match elements of the contract to related vendor risks.

    4.3 Identify and assess risk responses.

    Outputs

    Thresholds for (un)acceptable risk

    Risk responses

    5 Monitor, Communicate, and Improve IT Vendor Risk Process

    The Purpose

    Communicate top risks to management.

    Assign accountabilities and responsibilities for risk management process.

    Establish monitoring schedule.

    Key Benefits Achieved

    Risk monitoring responsibilities are established.

    Transparent accountabilities and established ongoing improvement of the vendor risk management program.

    Activities

    5.1 Create a stakeholder map.

    5.2 Complete RACI chart.

    5.3 Establish the reporting schedule.

    5.4 Finalize the vendor risk management program.

    Outputs

    Stakeholder map

    Assigned accountability for risk management

    Established monitoring schedule

    Risk report

    Vendor Risk Management Program Manual

    Time Study

    • Buy Link or Shortcode: {j2store}260|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • In ESG’s 2018 report “The Life of Cybersecurity Professionals,” 36% of participants expressed the overwhelming workload was a stressful aspect of their job.
    • Organizations expect a lot from their security specialists. From monitoring the threat environment, protecting business assets, and learning new tools, to keeping up with IT initiatives, cybersecurity teams struggle to balance their responsibilities with the constant emergencies and disruptions that take them away from their primary tasks.
    • Businesses fail to recognize the challenges associated with task prioritization and the time management practices of a security professional.

    Our Advice

    Critical Insight

    • The majority of scheduled calendar meetings include employees and peers.
      • Our research indicates cybersecurity professionals spent the majority of their meetings with employees (28%) and peers (24%). Other stakeholders involved in meetings included by myself (15%), boss (13%), customers (10%), vendors (8%), and board of directors (2%).
    • Calendar meetings are focused on project work, management, and operations.
      • When asked to categorize calendar meetings, the focus was on project work (26%), management (23%), and operations (22%). Other scheduled meetings included ones focused on strategy (15%), innovation (9%), and personal time (5%).
    • Time management scores were influenced by the percentage of time spent with employees and peers.
      • When participants were divided into good and poor time managers, we found good time managers spent less time with their peers and more time with their employees. This may be due to the nature of employee meetings being more directly tied to the project outputs of the manager than their peer meetings. Managers who spend more time in meetings with their employees feel a sense of accomplishment, and hence rate themselves higher in time management.

    Impact and Result

    • Understand how cybersecurity professionals allocate their time.
    • Gain insight on whether perceived time management skills are associated with calendar maintenance factors.
    • Identify common time management pain points among cybersecurity professionals.
    • Identify current strategies cybersecurity professionals use to manage their time.

    Time Study Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Read our Time Study

    Read our Time Study to understand how cybersecurity professionals allocate their time, what pain points they endure, and tactics that can be leveraged to better manage time.

    • Time Study Storyboard
    [infographic]

    Build an Extensible Data Warehouse Foundation

    • Buy Link or Shortcode: {j2store}342|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Big Data
    • Parent Category Link: /big-data
    • Data warehouse implementation is a costly and complex undertaking, and can end up not serving the business' needs appropriately.
    • Too heavy a focus on technology creates a data warehouse that isn’t sustainable and ends up with poor adoption.
    • Emerging data sources and technologies add complexity to how the appropriate data is made available to business users.

    Our Advice

    Critical Insight

    • A data warehouse is a project; but successful data warehousing is a program. An effective data warehouse requires planning beyond the technology implementation.
    • Governance, not technology needs to be the core support system for enabling a data warehouse program.
    • Understand business processes at the operational, tactical, and ad hoc levels to ensure a fit-for-purpose DW is built.

    Impact and Result

    • Leverage an approach that focuses on constructing a data warehouse foundation that is able to address a combination of operational, tactical, and ad hoc business needs.
    • Invest time and effort to put together pre-project governance to inform and provide guidance to your data warehouse implementation.
    • Develop “Rosetta Stone” views of your data assets to facilitate data modeling.
    • Select the most suitable architecture pattern to ensure the data warehouse is “built right” at the very beginning.

    Build an Extensible Data Warehouse Foundation Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why the data warehouse is becoming an important tool for driving business value, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prepare for the data warehouse foundation project

    Begin the data warehouse foundation by defining the project and governance teams, as well as reviewing supporting data management practices.

    • Build an Extensible Data Warehouse Foundation – Phase 1: Prepare for the Data Warehouse Foundation Project
    • Data Warehouse Foundation Project Plan Template
    • Data Warehouse Work Breakdown Structure Template
    • Data (Warehouse) Architect
    • Data Integration Specialist
    • Business Intelligence Specialist
    • Director of Data Warehousing/Business Intelligence
    • Data Warehouse Program Charter Template
    • Data Warehouse Steering Committee Charter Template

    2. Establish the business drivers and data warehouse strategy

    Using the business activities as a guide, develop a data model, data architecture, and technology plan for a data warehouse foundation.

    • Build an Extensible Data Warehouse Foundation – Phase 2: Establish the Business Drivers and Data Warehouse Strategy
    • Business Data Catalog
    • Data Classification Inventory Tool
    • Data Warehouse Architecture Planning Tool
    • Master Data Mapping Tool

    3. Plan for data warehouse governance

    Start developing a data warehouse program by defining how users will interact with the new data warehouse environment.

    • Build an Extensible Data Warehouse Foundation – Phase 3: Plan for Data Warehouse Governance
    • Data Warehouse Standard Operating Procedures Template
    • Data Warehouse Service Level Agreement
    [infographic]

    Workshop: Build an Extensible Data Warehouse Foundation

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Prepare for the Data Warehouse Foundation Project

    The Purpose

    Identify the members of the foundation project team.

    Define overarching statements and define success factors/risks.

    Outline basic project governance.

    Key Benefits Achieved

    Defined membership, roles, and responsibilities involved in the foundation project.

    Establishment of a steering committee as a starting point for the data warehouse program.

    Activities

    1.1 Identify foundation project team and create a RACI chart.

    1.2 Understand what a data warehouse can and cannot enable.

    1.3 Define critical success factors, key performance metrics, and project risks.

    1.4 Develop rough timelines for foundation project completion.

    1.5 Define the current and future states for key data management practices.

    Outputs

    Job Descriptions and RACI

    Data Warehouse Steering Committee Charter

    Data Warehouse Foundation Project Plan

    Work Breakdown Structure

    2 Establish the Business Drivers and Data Warehouse Strategy

    The Purpose

    Define the information needs of the business and its key processes.

    Create the components that will inform an appropriate data model.

    Design a data warehouse architecture model.

    Key Benefits Achieved

    Clear definition of business needs that will directly inform the data and architecture models.

    Activities

    2.1 Understand the most fundamental needs of the business.

    2.2 Define the data warehouse vision, mission, purpose, and goals.

    2.3 Detail the most important operational, tactical, and ad hoc activities the data warehouse should support.

    2.4 Link the processes that will be central to the data warehouse foundation.

    2.5 Walk through the four-column model and business entity modeling as a starting point for data modeling.

    2.6 Create data models using the business data glossary and data classification.

    2.7 Identify master data elements to define dimensions.

    2.8 Design lookup tables based on reference data.

    2.9 Create a fit-for-purpose data warehousing model.

    Outputs

    Data Warehouse Program Charter

    Data Warehouse Vision and Mission

    Documentation of Business Processes

    Business Entity Map

    Business Data Glossary

    Data Classification Scheme

    Data Warehouse Architecture Model

    3 Plan for Data Warehouse Governance

    The Purpose

    Create a plan for governing your data warehouse efficiently and effectively.

    Key Benefits Achieved

    Documentation of current standard operating procedures.

    Identified members of a data warehouse center of excellence.

    Activities

    3.1 Develop a technology capability map to visualize your desired state.

    3.2 Establish a data warehouse center of excellence.

    3.3 Create a data warehouse foundation roadmap.

    3.4 Define data warehouse service level agreements.

    3.5 Create standard operating procedures.

    Outputs

    Technology Capability Map

    Project Roadmap

    Service Level Agreement

    Data Warehouse Standard Operating Procedure Workbook

    Fast Track Your GDPR Compliance Efforts

    • Buy Link or Shortcode: {j2store}372|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $25,779 Average $ Saved
    • member rating average days saved: 30 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • Organizations often tackle compliance efforts in an ad hoc manner, resulting in an ineffective use of resources.
    • The alignment of business objectives, information security, and data privacy is new for many organizations, and it can seem overwhelming.
    • GDPR is an EU regulation that has global implications; it likely applies to your organization more than you think.

    Our Advice

    Critical Insight

    • Financial impact isn’t simply fines. A data controller fined for GDPR non-compliance may sue its data processor for damage.
    • Even day-to-day activities may be considered processing. Screen-sharing from a remote location is considered processing if the data shown onscreen contains personal data!
    • This is not simply an IT problem. Organizations that address GDPR in a siloed approach will not be as successful as organizations that take a cross-functional approach.

    Impact and Result

    • Follow a robust methodology that applies to any organization and aligns operational and situational GDPR scope. Info-Tech's framework allows organizations to tackle GDPR compliance in a right-sized, methodical approach.
    • Adhere to a core, complex GDPR requirement through the use of our documentation templates.
    • Understand how the risk of non-compliance is aligned to both your organization’s functions and data scope.
    • This blueprint will guide you through projects and steps that will result in quick wins for near-term compliance.

    Fast Track Your GDPR Compliance Efforts Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should fast track your GDPR compliance efforts, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand your compliance requirements

    Understand the breadth of the regulation’s requirements and document roles and responsibilities.

    • Fast Track Your GDPR Compliance Efforts – Phase 1: Understand Your Compliance Requirements
    • GDPR RACI Chart

    2. Define your GDPR scope

    Define your GDPR scope and prioritize initiatives based on risk.

    • Fast Track Your GDPR Compliance Efforts – Phase 2: Define Your GDPR Scope
    • GDPR Initiative Prioritization Tool

    3. Satisfy documentation requirements

    Understand the requirements for a record of processing and determine who will own it.

    • Fast Track Your GDPR Compliance Efforts – Phase 3: Satisfy Documentation Requirements
    • Record of Processing Template
    • Legitimate Interest Assessment Template
    • Data Protection Impact Assessment Tool
    • A Guide to Data Subject Access Requests

    4. Align your data breach requirements and security program

    Document your DPO decision and align security strategy to data privacy.

    • Fast Track Your GDPR Compliance Efforts – Phase 4: Align Your Data Breach Requirements & Security Program

    5. Prioritize your GDPR initiatives

    Prioritize any initiatives driven out of Phases 1-4 and begin developing policies that help in the documentation effort.

    • Fast Track Your GDPR Compliance Efforts – Phase 5: Prioritize Your GDPR Initiatives
    • Data Protection Policy
    [infographic]

    Workshop: Fast Track Your GDPR Compliance Efforts

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand Your Compliance Requirements

    The Purpose

    Kick-off the workshop; understand and define GDPR as it exists in your organizational context.

    Key Benefits Achieved

    Prioritize your business units based on GDPR risk.

    Assign roles and responsibilities.

    Activities

    1.1 Kick-off and introductions.

    1.2 High-level overview of weekly activities and outcomes.

    1.3 Identify and define GDPR initiative within your organization’s context.

    1.4 Determine what actions have been done to prepare; how have regulations been handled in the past?

    1.5 Identify key business units for GDPR committee.

    1.6 Document business units and functions that are within scope.

    1.7 Prioritize business units based on GDPR.

    1.8 Formalize stakeholder support.

    Outputs

    Prioritized business units based on GDPR risk

    GDPR Compliance RACI Chart

    2 Define Your GDPR Scope

    The Purpose

    Know the rationale behind a record of processing.

    Key Benefits Achieved

    Determine who will own the record of processing.

    Activities

    2.1 Understand the necessity for a record of processing.

    2.2 Determine for each prioritized business unit: are you a controller or processor?

    2.3 Develop a record of processing for most-critical business units.

    2.4 Perform legitimate interest assessments.

    2.5 Document an iterative process for creating a record of processing.

    Outputs

    Initial record of processing: 1-2 activities

    Initial legitimate interest assessment: 1-2 activities

    Determination of who will own the record of processing

    3 Satisfy Documentation Requirements and Align With Your Data Breach Requirements and Security Program

    The Purpose

    Review existing security controls and highlight potential requirements.

    Key Benefits Achieved

    Ensure the initiatives you’ll be working on align with existing controls and future goals.

    Activities

    3.1 Determine the appetite to align the GDPR project to data classification and data discovery.

    3.2 Discuss the benefits of data discovery and classification.

    3.3 Review existing incident response plans and highlight gaps.

    3.4 Review existing security controls and highlight potential requirements.

    3.5 Review all initiatives highlighted during days 1-3.

    Outputs

    Highlighted gaps in current incident response and security program controls

    Documented all future initiatives

    4 Prioritize GDPR Initiatives

    The Purpose

    Review project plan and initiatives and prioritize.

    Key Benefits Achieved

    Finalize outputs of the workshop, with a strong understanding of next steps.

    Activities

    4.1 Analyze the necessity for a data protection officer and document decision.

    4.2 Review project plan and initiatives.

    4.3 Prioritize all current initiatives based on regulatory compliance, cost, and ease to implement.

    4.4 Develop a data protection policy.

    4.5 Finalize key deliverables created during the workshop.

    4.6 Present the GDPR project to key stakeholders.

    4.7 Workshop executive presentation and debrief.

    Outputs

    GDPR framework and prioritized initiatives

    Data Protection Policy

    List of key tools

    Communication plans

    Workshop summary documentation

    Select and Use SDLC Metrics Effectively

    • Buy Link or Shortcode: {j2store}150|cart{/j2store}
    • member rating overall impact (scale of 10): 9.4/10 Overall Impact
    • member rating average dollars saved: $2,991 Average $ Saved
    • member rating average days saved: 32 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Your organization wants to implement (or revamp existing) software delivery metrics to monitor performance as well as achieve its goals.
    • You know that metrics can be a powerful tool for managing team behavior.
    • You also know that all metrics are prone to misuse and mismanagement, which can lead to unintended consequences that will harm your organization.
    • You need an approach for selecting and using effective software development lifecycle (SDLC) metrics that will help your organization to achieve its goals while minimizing the risk of unintended consequences.

    Our Advice

    Critical Insight

    • Metrics are powerful, dangerous, and often mismanaged, particularly when they are tied to reward or punishment. To use SDLC metrics effectively, know the dangers, understand good practices, and then follow Info-Tech‘s TAG (team-oriented, adaptive, and goal-focused) approach to minimize risk and maximize impact.

    Impact and Result

    • Begin by understanding the risks of metrics.
    • Then understand good practices associated with metrics use.
    • Lastly, follow Info-Tech’s TAG approach to select and use SDLC metrics effectively.

    Select and Use SDLC Metrics Effectively Research & Tools

    Start here – read the Executive Brief

    Understand both the dangers and good practices related to metrics, along with Info-Tech’s TAG approach to the selection and use of SDLC metrics.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand the dangers of metrics

    Explore the significant risks associated with metrics selection so that you can avoid them.

    • Select and Use SDLC Metrics Effectively – Phase 1: Understand the Risks of Metrics

    2. Know good practices related to metrics

    Learn about good practices related to metrics and how to apply them in your organization, then identify your team’s business-aligned goals to be used in SDLC metric selection.

    • Select and Use SDLC Metrics Effectively – Phase 2: Know Good Practices Related to Metrics
    • SDLC Metrics Evaluation and Selection Tool

    3. Rank and select effective SDLC metrics for your team

    Follow Info-Tech’s TAG approach to selecting effective SDLC metrics for your team, create a communication deck to inform your organization about your selected SDLC metrics, and plan to review and revise these metrics over time.

    • Select and Use SDLC Metrics Effectively – Phase 3: Rank and Select Effective SDLC Metrics for Your Team
    • SDLC Metrics Rollout and Communication Deck
    [infographic]

    Workshop: Select and Use SDLC Metrics Effectively

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand the Dangers of Metrics

    The Purpose

    Learn that metrics are often misused and mismanaged.

    Understand the four risk areas associated with metrics: Productivity loss Gaming behavior Ambivalence Unintended consequences

    Productivity loss

    Gaming behavior

    Ambivalence

    Unintended consequences

    Key Benefits Achieved

    An appreciation of the dangers associated with metrics.

    An understanding of the need to select and manage SDLC metrics carefully to avoid the associated risks.

    Development of critical thinking skills related to metric selection and use.

    Activities

    1.1 Examine the dangers associated with metric use.

    1.2 Share real-life examples of poor metrics and their impact.

    1.3 Practice identifying and mitigating metrics-related risk.

    Outputs

    Establish understanding and appreciation of metrics-related risks.

    Solidify understanding of metrics-related risks and their impact on an organization.

    Develop the skills needed to critically analyze a potential metric and reduce associated risk.

    2 Understand Good Practices Related to Metrics

    The Purpose

    Develop an understanding of good practices related to metric selection and use.

    Introduce Info-Tech’s TAG approach to metric selection and use.

    Identify your team’s business-aligned goals for SDLC metrics.

    Key Benefits Achieved

    Understanding of good practices for metric selection and use.

    Document your team’s prioritized business-aligned goals.

    Activities

    2.1 Examine good practices and introduce Info-Tech’s TAG approach.

    2.2 Identify and prioritize your team’s business-aligned goals.

    Outputs

    Understanding of Info-Tech’s TAG approach.

    Prioritized team goals (aligned to the business) that will inform your SDLC metric selection.

    3 Rank and Select Your SDLC Metrics

    The Purpose

    Apply Info-Tech’s TAG approach to rank and select your team’s SDLC metrics.

    Key Benefits Achieved

    Identification of potential SDLC metrics for use by your team.

    Collaborative scoring/ranking of potential SDLC metrics based on their specific pros and cons.

    Finalize list of SDLC metrics that will support goals and minimize risk while maximizing impact.

    Activities

    3.1 Select your list of potential SDLC metrics.

    3.2 Score each potential metric’s pros and cons against objectives using a five-point scale.

    3.3 Collaboratively select your team’s first set of SDLC metrics.

    Outputs

    A list of potential SDLC metrics to be scored.

    A ranked list of potential SDLC metrics.

    Your team’s first set of goal-aligned SDLC metrics.

    4 Create a Communication and Rollout Plan

    The Purpose

    Develop a rollout plan for your SDLC metrics.

    Develop a communication plan.

    Key Benefits Achieved

    SDLC metrics.

    A plan to review and adjust your SDLC metrics periodically in the future.

    Communication material to be shared with the organization.

    Activities

    4.1 Identify rollout dates and responsible individuals for each SDLC metric.

    4.2 Identify your next SDLC metric review cycle.

    4.3 Create a communication deck.

    Outputs

    SDLC metrics rollout plan

    SDLC metrics review plan

    SDLC metrics communication deck

    Build Your Data Quality Program

    • Buy Link or Shortcode: {j2store}127|cart{/j2store}
    • member rating overall impact (scale of 10): 9.1/10 Overall Impact
    • member rating average dollars saved: $40,241 Average $ Saved
    • member rating average days saved: 33 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Experiencing the pitfalls of poor data quality and failing to benefit from good data quality, including:
      • Unreliable data and unfavorable output.
      • Inefficiencies and costly remedies.
      • Dissatisfied stakeholders.
    • The chances of successful decision-making capabilities are hindered with poor data quality.

    Our Advice

    Critical Insight

    • Address the root causes of your data quality issues and form a viable data quality program.
      • Be familiar with your organization’s data environment and business landscape.
      • Prioritize business use cases for data quality fixes.
      • Fix data quality issues at the root cause to ensure proper foundation for your data to flow.
    • It is important to sustain best practices and grow your data quality program.

    Impact and Result

    • Implement a set of data quality initiatives that are aligned with overall business objectives and aimed at addressing data practices and the data itself.
    • Develop a prioritized data quality improvement project roadmap and long-term improvement strategy.
    • Build related practices such as artificial intelligence and analytics with more confidence and less risk after achieving an appropriate level of data quality.

    Build Your Data Quality Program Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should establish a data quality program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define your organization’s data environment and business landscape

    Learn about what causes data quality issues, how to measure data quality, what makes a good data quality practice in relation to your data and business environments.

    • Business Capability Map Template

    2. Analyze your priorities for data quality fixes

    Determine your business unit priorities to create data quality improvement projects.

    • Data Quality Problem Statement Template
    • Data Quality Practice Assessment and Project Planning Tool

    3. Establish your organization’s data quality program

    Revisit the root causes of data quality issues and identify the relevant root causes to the highest priority business unit, then determine a strategy for fixing those issues.

    • Data Lineage Diagram Template
    • Data Quality Improvement Plan Template

    4. Grow and sustain your data quality practices

    Identify strategies for continuously monitoring and improving data quality at the organization.

    Infographic

    Workshop: Build Your Data Quality Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Your Organization’s Data Environment and Business Landscape

    The Purpose

    Evaluate the maturity of the existing data quality practice and activities.

    Assess how data quality is embedded into related data management practices.

    Envision a target state for the data quality practice.

    Key Benefits Achieved

    Understanding of the current data quality landscape

    Gaps, inefficiencies, and opportunities in the data quality practice are identified

    Target state for the data quality practice is defined

    Activities

    1.1 Explain approach and value proposition

    1.2 Detail business vision, objectives, and drivers

    1.3 Discuss data quality barriers, needs, and principles

    1.4 Assess current enterprise-wide data quality capabilities

    1.5 Identify data quality practice future state

    1.6 Analyze gaps in data quality practice

    Outputs

    Data Quality Management Primer

    Business Capability Map Template

    Data Culture Diagnostic

    Data Quality Diagnostic

    Data Quality Problem Statement Template

    2 Create a Strategy for Data Quality Project 1

    The Purpose

    Define improvement initiatives

    Define a data quality improvement strategy and roadmap

    Key Benefits Achieved

    Improvement initiatives are defined

    Improvement initiatives are evaluated and prioritized to develop an improvement strategy

    A roadmap is defined to depict when and how to tackle the improvement initiatives

    Activities

    2.1 Create business unit prioritization roadmap

    2.2 Develop subject areas project scope

    2.3 By subject area 1 data lineage analysis, root cause analysis, impact assessment, and business analysis

    Outputs

    Business Unit Prioritization Roadmap

    Subject area scope

    Data Lineage Diagram

    3 Create a Strategy for Data Quality Project 2

    The Purpose

    Define improvement initiatives

    Define a data quality improvement strategy and roadmap

    Key Benefits Achieved

    Improvement initiatives are defined

    Improvement initiatives are evaluated and prioritized to develop an improvement strategy

    A roadmap is defined to depict when and how to tackle the improvement initiatives

    Activities

    3.1 Understand how data quality management fits in with the organization’s data governance and data management programs

    3.2 By subject area 2 data lineage analysis, root cause analysis, impact assessment, and business analysis

    Outputs

    Data Lineage Diagram

    Root Cause Analysis

    Impact Analysis

    4 Create a Strategy for Data Quality Project 3

    The Purpose

    Determine a strategy for fixing data quality issues for the highest priority business unit

    Key Benefits Achieved

    Strategy defined for fixing data quality issues for highest priority business unit

    Activities

    4.1 Formulate strategies and actions to achieve data quality practice future state

    4.2 Formulate a data quality resolution plan for the defined subject area

    4.3 By subject area 3 data lineage analysis, root cause analysis, impact assessment, and business analysis

    Outputs

    Data Quality Improvement Plan

    Data Lineage Diagram

    5 Create a Plan for Sustaining Data Quality

    The Purpose

    Plan for continuous improvement in data quality

    Incorporate data quality management into the organization’s existing data management and governance programs

    Key Benefits Achieved

    Sustained and communicated data quality program

    Activities

    5.1 Formulate metrics for continuous tracking of data quality and monitoring the success of the data quality improvement initiative

    5.2 Workshop Debrief with Project Sponsor

    5.3 Meet with project sponsor/manager to discuss results and action items

    5.4 Wrap up outstanding items from the workshop, deliverables expectations, GIs

    Outputs

    Data Quality Practice Improvement Roadmap

    Data Quality Improvement Plan (for defined subject areas)

    Further reading

    Build Your Data Quality Program

    Quality Data Drives Quality Business Decisions

    Executive Brief

    Analyst Perspective

    Get ahead of the data curve by conquering data quality challenges.

    Regardless of the driving business strategy or focus, organizations are turning to data to leverage key insights and help improve the organization’s ability to realize its vision, key goals, and objectives.

    Poor quality data, however, can negatively affect time-to-insight and can undermine an organization’s customer experience efforts, product or service innovation, operational efficiency, or risk and compliance management. If you are looking to draw insights from your data for decision making, the quality of those insights is only as good as the quality of the data feeding or fueling them.

    Improving data quality means having a data quality management practice that is sustainably successful and appropriate to the use of the data, while evolving to keep pace with or get ahead of changing business and data landscapes. It is not a matter of fixing one data set at a time, which is resource and time intensive, but instead identifying where data quality consistently goes off the rails, and creating a program to improve the data processes at the source.

    Crystal Singh

    Research Director, Data and Analytics

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Your organization is experiencing the pitfalls of poor data quality, including:

    • Unreliable data and unfavorable output.
    • Inefficiencies and costly remedies.
    • Dissatisfied stakeholders.

    Poor data quality hinders successful decision making.

    Common Obstacles

    Not understanding the purpose and execution of data quality causes some disorientation with your data.

    • Failure to realize the importance/value of data quality.
    • Unsure of where to start with data quality.
    • Lack of investment in data quality.

    Organizations tend to adopt a project mentality when it comes to data quality instead of taking the strategic approach that would be all-around more beneficial in the long term.

    Info-Tech’s Approach

    Address the root causes of your data quality issues by forming a viable data quality program.

    • Be familiar with your organization’s data environment and business landscape.
    • Prioritize business use cases for data quality fixes.
    • Fixing data quality issues at the root cause to ensure a proper foundation for your data to flow.

    It is important to sustain best practices and grow your data quality program.

    Info-Tech Insight

    Fix data quality issues as close as possible to the source of data while understanding that business use cases will each have different requirements and expectations from data quality.

    Data is the foundation of your organization’s knowledge

    Data enables your organization to make decisions.

    Reliable data is needed to facilitate data consumers at all levels of the enterprise.

    Insights, knowledge, and information are needed to inform operational, tactical, and strategic decision-making processes. Data and information are needed to manage the business and empower business processes such as billing, customer touchpoints, and fulfillment.

    Raw Data

    Business Information

    Actionable Insights

    Data should be at the foundation of your organization’s evolution. The transformational insights that executives are constantly seeking can be uncovered with a data quality practice that makes high-quality, trustworthy information readily available to the business users who need it.

    98% of companies use data to improve customer experience. (Experian Data Quality, 2019)

    High-Level Data Architecture

    The image is a graphic, which at the top shows different stages of data, and in the lower part of the graphic shows the data processes.

    Build Your Data Quality Program

    1. Data Quality & Data Culture Diagnostics Business Landscape Exercise
    2. Business Strategy & Use Cases
    3. Prioritize Use Cases With Poor Quality

    Info-Tech Insight

    As data is ingested, integrated, and maintained in the various streams of the organization's system and application architecture, there are multiple points where the quality of the data can degrade.

    1. Understand the organization's data culture and data quality environment across the business landscape.
    2. Prioritize business use cases with poor data quality.
    3. For each use case, identify data quality issues and requirements throughout the data pipeline.
    4. Fix data quality issues at the root cause.
    5. As data flow through quality assurance monitoring checkpoints, monitor data to ensure good quality output.

    Insight:

    Proper application of data quality dimensions throughout the data pipeline will result in superior business decisions.

    Data quality issues can occur at any stage of the data flow.

    The image shows the flow of data through various stages: Data Creation; Data Ingestion; Data Accumulation and Engineering; Data Delivery; and Reporting & Analytics. At the bottom, there are two bars: the left one labelled Fix data quality root causes here...; and the right reads: ...to prevent expensive cures here.

    The image is a legend that accompanies the data flow graphic. It indicates that a white and green square icon indicates Data quality dimensions; a red cube indicates a potential point of data quality degradation; the pink square indicates Root cause of poor data quality; and a green flag indicates Quality Assurance Monitoring.

    Prevent the domino effect of poor data quality

    Data is the foundation of decisions made at data-driven organizations.

    Therefore, if there are problems with the organization’s underlying data, this can have a domino effect on many downstream business functions.

    Let’s use an example to illustrate the domino effect of poor data quality.

    Organization X is looking to migrate their data to a single platform, System Y. After the migration, it has become apparent that reports generated from this platform are inconsistent and often seem wrong. What is the effect of this?

    1. Time must be spent on identifying the data quality issues, and often manual data quality fixes are employed. This will extend the time to deliver the project that depends on system Y by X months.
    2. To repair these issues, the business needs to contract two additional resources to complete the unforeseen work. The new resources cost $X each, as well as additional infrastructure and hardware costs.
    3. Now, the strategic objectives of the business are at risk and there is a feeling of mistrust in the new system Y.

    Three key challenges impacting the ability to deliver excellent customer experience

    30% Poor data quality

    30% Method of interaction changing

    30% Legacy systems or lack of new technology

    95% Of organizations indicated that poor data quality undermines business performance.

    (Source: Experian Data Quality, 2019)

    Maintaining quality data will support more informed decisions and strategic insight

    Improving your organization’s data quality will help the business realize the following benefits:

    Data-Driven Decision Making

    Business decisions should be made with a strong rationale. Data can provide insight into key business questions, such as, “How can I provide better customer satisfaction?”

    89% Of CIOs surveyed say lack of quality data is an obstacle to good decision making. (Larry Dignan, CIOs juggling digital transformation pace, bad data, cloud lock0in and business alignment, 2020)

    Customer Intimacy

    Improve marketing and the customer experience by using the right data from the system of record to analyze complete customer views of transactions, sentiments, and interactions.

    94% Percentage of senior IT leaders who say that poor data quality impinges business outcomes. (Clint Boulton, Disconnect between CIOs and LOB managers weakens data quality, 2016)

    Innovation Leadership

    Gain insights on your products, services, usage trends, industry directions, and competitor results to support decisions on innovations, new products, services, and pricing.

    20% Businesses lose as much as 20% of revenue due to poor data quality. (RingLead Data Management Solutions, 10 Stats About Data Quality I Bet You Didn’t Know)

    Operational Excellence

    Make sure the right solution is delivered rapidly and consistently to the right parties for the right price and cost structure. Automate processes by using the right data to drive process improvements.

    10-20% The implementation of data quality initiatives can lead to reductions in corporate budget of up to 20%. (HaloBI, 2015)

    However, maintaining data quality is difficult

    Avoid these pitfalls to get the true value out of your data.

    1. Data debt drags down ROI – a high degree of data debt will hinder you from attaining the ROI you’re expecting.
    2. Lack of trust means lack of usage – a lack of confidence in data results in a lack of data usage in your organization, which negatively effects strategic planning, KPIs, and business outcomes.
    3. Strategic assets become a liability – bad data puts your business at risk of failing compliance standards, which could result in you paying millions in fines.
    4. Increased costs and inefficiency – time spent fixing bad data means less workload capacity for your important initiatives and the inability to make data-based decisions.
    5. Barrier to adopting data-driven tech – emerging technologies, such as predictive analytics and artificial intelligence, rely on quality data. Inaccurate, incomplete, or irrelevant data will result in delays or a lack of ROI.
    6. Bad customer experience – Running your business on bad data can hinder your ability to deliver to your customers, growing their frustration, which negatively impacts your ability to maintain your customer base.

    Info-Tech Insight

    Data quality suffers most at the point of entry. This is one of the causes of the domino effect of data quality – and can be one of the most costly forms of data quality errors due to the error propagation. In other words, fix data ingestion, whether through improving your application and database design or improving your data ingestion policy, and you will fix a large majority of data quality issues.

    Follow Our Data & Analytics Journey

    Data Quality is laced into Data Strategy, Data Management, and Data Governance.

    • Data Strategy
      • Data Management
        • Data Quality
        • Data Governance
          • Data Architecture
            • MDM
            • Data Integration
            • Enterprise Content Management
            • Information Lifecycle Management
              • Data Warehouse/Lake/Lakehouse
                • Reporting and Analytics
                • AI

    Data quality is rooted in data management

    Extract Maximum Benefit Out of Your Data Quality Management.

    • Data management is the planning, execution, and oversight of policies, practices, and projects that acquire, control, protect, deliver, and enhance the value of data and information assets (DAMA, 2009).
    • In other words, getting the right information, to the right people, at the right time.
    • Data quality management exists within each of the data practices, information dimensions, business resources, and subject areas that comprise the data management framework.
    • Within this framework, an effective data quality practice will replace ad hoc processes with standardized practices.
    • An effective data quality practice cannot succeed without proper alignment and collaboration across this framework.
    • Alignment ensures that the data quality practice is fit for purpose to the business.

    The DAMA DMBOK2 Data Management Framework

    • Data Governance
      • Data Quality
      • Data Architecture
      • Data Modeling & Design
      • Data Storage & Operations
      • Data Security
      • Data Integration & Interoperability
      • Documents & Content
      • Reference & Master Data
      • Data Warehousing & Business Intelligence
      • Meta-data

    (Source: DAMA International)

    Related Info-Tech Research

    Build a Robust and Comprehensive Data Strategy

    • People often think that the main problems they need to fix first are related to data quality when the issues transpire at a much larger level. This blueprint is the key to building and fostering a data-driven culture.

    Create a Data Management Roadmap

    • Refer to this blueprint to understand data quality in the context of data disciplines and methods for improving your data management capabilities.

    Establish Data Governance

    • Define an effective data governance strategy and ensure the strategy integrates well with data quality with this blueprint.

    Info-Tech’s methodology for Data Quality

    Phase Steps 1. Define Your Organization’s Data Environment and Business Landscape 2. Analyze Your Priorities for Data Quality Fixes 3. Establish Your Organization’s Data Quality Program 4. Grow and Sustain Your Data Quality Practice
    Phase Outcomes This step identifies the foundational understanding of your data and business landscape, the essential concepts around data quality, as well as the core capabilities and competencies that IT needs to effectively improve data quality. To begin addressing specific, business-driven data quality projects, you must identify and prioritize the data-driven business units. This will ensure that data improvement initiatives are aligned to business goals and priorities. After determining whose data is going to be fixed based on priority, determine the specific problems that they are facing with data quality, and implement an improvement plan to fix it. Now that you have put an improvement plan into action, make sure that the data quality issues don’t keep cropping up. Integrate data quality management with data governance practices into your organization and look to grow your organization’s overall data maturity.

    Info-Tech Insight

    “Data Quality is in the eyes of the beholder.”– Igor Ikonnikov, Research Director

    Data quality means tolerance, not perfection

    Data from Info-Tech’s CIO Business Vision Diagnostic, which represents over 400 business stakeholders, shows that data quality is very important when satisfaction with data quality is low.

    However, when data quality satisfaction hit a threshold, it became less important.

    The image is a line graph, with the X-axis labelled Satisfaction with Data Quality, and the Y axis labelled Rated Importance for Data Quality. The line begins high, and then descends. There is text inside the graph, which is transcribed below.

    Respondents were asked “How satisfied are you with the quality, reliability, and effectiveness of the data you use to manage your group?” as well as to rank how important data quality was to their organization.

    When the business satisfaction of data quality reached a threshold value of 71-80%, the rated importance reached its lowest value.

    Info-Tech Insight

    Data needs to be good, but truly spectacular data may go unnoticed.

    Provide the right level of data quality, with the appropriate effort, for the correct usage. This blueprint will help you to determine what “the right level of data quality” means, as well as create a plan to achieve that goal for the business.

    Data Roles and Responsibilities

    Data quality occurs through three main layers across the data lifecycle

    Data Strategy

    Data Strategy should contain Data Quality as a standard component.

    ← Data Quality issues can occur throughout at any stage of the data flow →

    DQ Dimensions

    Timeliness – Representation – Usability – Consistency – Completeness – Uniqueness – Entry Quality – Validity – Confidence – Importance

    Source System Layer

    • Data Resource Manager/Collector: Enters data into a database and ensures that data collection sources are accurate

    Data Transformation Layer

    • ETL Developer: Designs data storage systems
    • Data Engineer: Oversees data integrations, data warehouses and data lakes, data pipelines
    • Database Administrator: Manages database systems, ensures they meet SLAs, performances, backups
    • Data Quality Engineer: Finds and cleanses bad data in data sources, creates processes to prevent data quality problems

    Consumption Layer

    • Data Scientist: Gathers and analyses data from databases and other sources, runs models, and creates data visualizations for users
    • BI Analyst: Evaluates and mines complex data and transforms it into insights that drive business value. Uses BI software and tools to analyze industry trends and create visualizations for business users
    • Data Analyst: Extracts data from business systems, analyzes it, and creates reports and dashboards for users
    • BI Engineer: Documents business needs on data analysis and reporting and develops BI systems, reports, and dashboards to support them
    Data Creation → [SLA] Data Ingestion [ QA] →Data Accumulation & Engineering → [SLA] Data Delivery [QA] →Reporting & Analytics
    Fix Data Quality root causes here… to prevent expensive cures here.

    Executive Brief Case Study

    Industry: Healthcare

    Source: Primary Info-Tech Research

    Align source systems to maximize business output.

    A healthcare insurance agency faced data quality issues in which a key business use case was impacted negatively. Business rules were not well defined, and default values instead of real value caused a concern. When dealing with multiple addresses, data was coming from different source systems.

    The challenge was to identify the most accurate address, as some were incomplete, and some lacked currency and were not up to date. This especially challenged a key business unit, marketing, to derive business value in performing key activities by being unable to reach out to existing customers to advertise any additional products.

    For this initiative, this insurance agency took an economic approach by addressing those data quality issues using internal resources.

    Results

    Without having any MDM tools or having a master record or any specific technology relating to data quality, this insurance agency used in-house development to tackle those particular issues at the source system. Data quality capabilities such as data profiling were used to uncover those issues and address them.

    “Data quality is subjective; you have to be selective in terms of targeting the data that matters the most. When getting business tools right, most issues will be fixed and lead to achieving the most value.” – Asif Mumtaz, Data & Solution Architect

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostic and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3 Phase 4
    • Call #1: Learn about the concepts of data quality and the common root causes of poor data quality.
    • Call #2: Identify the core capabilities of IT for improving data quality on an enterprise scale.
    • Call #3: Determine which business units use data and require data quality remediation.
    • Call #4: Create a plan for addressing business unit data quality issues according to priority of the business units based on value and impact of data.
    • Call #5: Revisit the root causes of data quality issues and identify the relevant root causes to the highest priority business unit.
    • Call #6: Determine a strategy for fixing data quality issues for the highest priority business unit.
    • Call #7: Identify strategies for continuously monitoring and improving data quality at the organization.
    • Call #8: Learn how to incorporate data quality practices in the organization’s larger data management and data governance frameworks.
    • Call #9: Summarize results and plan next steps on how to evolve your data landscape.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between eight to twelve calls over the course of four to six months.

    Workshop Overview

    Contact your account representative for more information. workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5
    Define Your Organization’s Data Environment and Business Landscape Create a Strategy for Data Quality Project 1 Create a Strategy for Data Quality Project 2 Create a Strategy for Data Quality Project 3 Create a Plan for Sustaining Data Quality
    Activities
    1. Explain approach and value proposition.
    2. Detail business vision, objectives, and drivers.
    3. Discuss data quality barriers, needs, and principles.
    4. Assess current enterprise-wide data quality capabilities.
    5. Identify data quality practice future state.
    6. Analyze gaps in data quality practice.
    1. Create business unit prioritization roadmap.
    2. Develop subject areas project scope.
    3. By subject area 1:
    • Data lineage analysis
    • Root cause analysis
    • Impact assessment
    • Business analysis
    1. Understand how data quality management fits in with the organization’s data governance and data management programs.
    2. By subject area 2:
    • Data lineage analysis
    • Root cause analysis
    • Impact assessment
    • Business analysis
    1. Formulate strategies and actions to achieve data quality practice future state.
    2. Formulate data quality resolution plan for defined subject area.
    3. By subject area 3:
    • Data lineage analysis
    • Root cause analysis
    • Impact assessment
    • Business analysis
    1. Formulate metrics for continuous tracking of data quality and monitoring the success of the data quality improvement initiative.
    2. Workshop Debrief with Project Sponsor.
    • Meet with project sponsor/manager to discuss results and action items.
    • Wrap up outstanding items from the workshop, deliverables expectations, GIs.
    Deliverables
    1. Data Quality Management Primer
    2. Business Capability Map Template
    3. Data Culture Diagnostic
    4. Data Quality Diagnostic
    5. Data Quality Problem Statement Template
    1. Business Unit Prioritization Roadmap
    2. Subject area scope
    3. Data Lineage Diagram
    1. Data Lineage Diagram
    2. Root Cause Analysis
    3. Impact Analysis
    1. Data Lineage Diagram
    2. Data Quality Improvement Plan
    1. Data Quality Practice Improvement Roadmap
    2. Data Quality Improvement Plan (for defined subject areas)

    Phase 1

    Define Your Organization’s Data Environment and Business Landscape

    Build Your Data Quality Program

    Data quality is a methodology and must be treated as such

    A comprehensive data quality practice includes appropriate business requirements gathering, planning, governance, and oversight capabilities, as well as empowering technologies for properly trained staff, and ongoing development processes.

    Some common examples of appropriate data management methodologies for data quality are:

    • The data quality team has the necessary competencies and resources to perform the outlined workload.
    • There are processes that exist for continuously evaluating data quality performance capabilities.
    • Improvement strategies are designed to increase data quality performance capabilities.
    • Policies and procedures that govern data quality are well-documented, communicated, followed, and updated.
    • Change controls exist for revising policies and procedures, including communication of updates and changes.
    • Self-auditing techniques are used to ensure business-IT alignment when designing or recalibrating strategies.

    Effective data quality practices coordinate with other overarching data disciplines, related data practices, and strategic business objectives.

    “You don’t solve data quality with a Band-Aid; you solve it with a methodology.” – Diraj Goel, Growth Advisor, BC Tech

    Data quality can be defined by four key quality indicators

    Similar to measuring the acidity of a substance with a litmus test, the quality of your data can be measured using a simple indicator test. As you learn about common root causes of data quality problems in the following slides, think about these four quality indicators to assess the quality of your data:

    • Completeness – Closeness to the correct value. Encompasses accuracy, consistency, and comparability to other databases.
    • Usability – The degree to which data meets current user needs. To measure this, you must determine if the user is satisfied with the data they are using to complete their business functions.
    • Timeliness – Length of time between creation and availability of data.
    • Accessibility – How easily a user can access and understand the data (including data definitions and context). Interpretability can also be used to describe this indicator.

    Info-Tech Insight

    Quality is a relative term. Data quality is measured in terms of tolerance. Perfect data quality is both impossible and a waste of time and effort.

    How to get investment for your data quality program

    Follow these steps to convince leadership of the value of data quality:

    “You have to level with people, you cannot just start talking with the language of data and expect them to understand when the other language is money and numbers.” – Izabela Edmunds, Information Architect at Mott MacDonald

    1. Perform Phases 0 & 1 of this blueprint as this will offer value in carrying out the following steps.
    2. Build credibility. Show them your understanding of data and how it aligns to the business.
    3. Provide tangible evidence of how significant business use cases are impacted by poor quality data.
    4. Present the ROI of fixing the data quality issues you have prioritized.
    5. Explain how the data quality program will be established, implemented, and sustained.
    6. Prove the importance of fixing data quality issues at the source and how it is the most efficient, effective, and cost-friendly solution.

    Phase 1 deliverables

    Each of these deliverables serve as inputs to detect key outcomes about your organization and to help complete this blueprint:

    1. Data Culture Diagnostic

    Use this report to understand where your organization lies across areas relating to data culture.

    While the Quality & Trust area of the report might be most prevalent to this blueprint, this diagnostic may point out other areas demanding more attention.

    Please speak to your account manager for access

    2. Business Capability Map Template

    Perform this process to understand the capabilities that enable specific value streams. The output of this deliverable is a high-level view of your organization’s defined business capabilities.

    Download this tool

    Info-Tech Insight

    Understanding your data culture and business capabilities are foundational to starting the journey of data quality improvement.

    Key deliverable:

    3. Data Quality Diagnostic

    The Data Quality Report is designed to help you understand, assess, and improve key organizational data quality issues. This is where respondents across various areas in the organization can assess Data Quality across various dimensions.

    Download this tool

    Data Quality Diagnostic Value

    Prioritize business use cases with our data quality dimensions.

    • Complete this diagnostic for each major business use case. The output from the Data Culture Diagnostic and the Business Capability Map should help you understand which use cases to address.
    • Involve all key stakeholders involved in the business use case. There may be multiple business units involved in a single use case.
    • Prioritize the business use cases that need the most attention pertaining to data quality by comparing the scores of the Importance and Confidence data quality dimensions.

    If there are data elements that are considered of high importance and low confidence, then they must be prioritized.

    Sample Scorecard

    The image shows a screen capture of a scorecard, with sample information filled in.

    The image shows a screen capture of a scorecard, with sample information filled in.

    Poor data quality develops due to multiple root causes

    After you get to know the properties of good quality data, understand the underlying causes of why those indicators can point to poor data quality.

    If you notice that the usability, completeness, timeliness, or accessibility of the organization’s data is suffering, one or more of the following root causes are likely plaguing your data:

    Common root causes of poor data quality, through the lens of Info-Tech’s Five-Tier Data Architecture:

    The image shows a graphic of Info-Tech's Five-Tier Data Architecture, with root causes of poor data quality identified. In the data creation and ingestion stages, the root causes are identified as Poor system/application design, Poor database design, Inadequate enterprise integration. The root causes identified in the latter stages are: Absence of data quality policies, procedures, and standards, and Incomplete/suboptimal business processes

    These root causes of poor data quality are difficult to avoid, not only because they are often generated at an organization’s beginning stages, but also because change can be difficult. This means that the root causes are often propagated through stale or outdated business processes.

    Data quality problems root cause #1:

    Poor system or application design

    Application design plays one of the largest roles in the quality of the organization’s data. The proper design of applications can prevent data quality issues that can snowball into larger issues downstream.

    Proper ingestion is 90% of the battle. An ounce of prevention is worth a pound of cure. This is true in many different topics, and data quality is one of them. Designing an application so that data gets entered properly, whether by internal staff or external customers, is the single most effective way to prevent data quality issues.

    Some common causes of data quality problems at the application/system level include:

    • Too many open fields (free-form text fields that accept a variety of inputs).
    • There are no lookup capabilities present. Reference data should be looked up instead of entered.
    • Mandatory fields are not defined, resulting in blank fields.
    • No validation of data entries before writing to the underlying database.
    • Manual data entry encourages human error. This can be compounded by poor application design that facilitates the incorrect data entry.

    Data quality problems root cause #2:

    Poor database design

    Database design also affects data quality. How a database is designed to handle incoming data, including the schema and key identification, can impact the integrity of the data used for reporting and analytics.

    The most common type of database is the relational database. Therefore, we will focus on this type of database.

    When working with and designing relational databases, there are some important concepts that must be considered.

    Referential integrity is a term that is important for the design of relational database schema, and indicates that table relationships must always be consistent.

    For table relationships to be consistent, primary keys (unique value for each row) must uniquely identify entities in columns of the table. Foreign keys (field that is defined in a second table but refers to the primary key in the first table) must agree with the primary key that is referenced by the foreign key. To maintain referential integrity, any updates must be propagated to the primary parent key.

    Info-Tech Insight

    Other types of databases, including databases with unstructured data, need data quality consideration. However, unstructured data may have different levels of quality tolerance.

    At the database level, some common root causes include:

    1. Lack of referential integrity.
    2. Lack of unique keys.
    3. Don’t have restricted data range.
    4. Incorrect datatype, string fields that can hold too many characters.
    5. Orphaned records.

    Databases and People:

    Even though database design is a technology issue, don’t forget about the people.

    A lack of training employees on database permissions for updating/entering data into the physical databases is a common problem for data quality.

    Data quality problems root cause #3:

    Improper integration and synchronization of enterprise data

    Data ingestion is another category of data-quality-issue root causes. When moving data in Tier 2, whether it is through ETL, ESB, point-to-point integration, etc., the integrity of the data during movement and/or transformation needs to be maintained.

    Tier 2 (the data ingestion layer) serves to move data for one of two main purposes:

    • To move data from originating systems to downstream systems to support integrated business processes.
    • To move data to Tier 3 where data rests for other purposes. This movement of data in its purest form means we move raw data to storage locations in an overall data warehouse environment reflecting any security, compliance and other standards in our choices for how to store. Also, it is where data is transformed for unique business purpose that will also be moved to a place of rest or a place of specific use. Data cleansing and matching and other data-related blending tasks occur at this layer.

    This ensures the data is pristine throughout the process and improves trustworthiness of outcomes and speed to task completion.

    At the integration layer, some common root causes of data quality problems include:

    1. No data mask. For example, zip code should have a mask of five numeric characters.
    2. Questionable aggregation, transformation process, or incorrect logic.
    3. Unsynchronized data refresh process in an integrated environment.
    4. Lack of a data matching tool.
    5. Lack of a data quality tool.
    6. Don’t have data profiling capability.
    7. Errors with data conversion or migration processes – when migrating, decommissioning, or converting systems – movement of data sets.
    8. Incorrect data mapping between data sources and targets.

    Data quality problems root cause #4:

    Insufficient and ineffective data quality policies and procedures

    Data policies and procedures are necessary for establishing standards around data and represent another category of data-quality-issue root causes. This issue spans across all five of the 5 Tier Architecture.

    Data policies are short statements that seek to manage the creation, acquisition, integrity, security, compliance, and quality of data. These policies vary amongst organizations, depending on your specific data needs.

    • Policies describe what to do, while standards and procedures describe how to do something.
    • There should be few data policies, and they should be brief and direct. Policies are living documents and should be continuously updated to respond to the organization’s data needs.
    • The data policies should highlight who is responsible for the data under various scenarios and rules around how to manage it effectively.

    Some common root causes of data quality issues related to policies and procedures include:

    1. Policies are absent or out of date.
    2. Employees are largely unaware of policies in effect.
    3. Policies are unmonitored and unenforced.
    4. Policies are in multiple locations.
    5. Multiple versions of the same policy exist.
    6. Policies are managed inconsistently across different silos.
    7. Policies are written poorly by untrained authors.
    8. Inadequate policy training program.
    9. Draft policies stall and lose momentum.
    10. Weak policy support from senior management.

    Data quality problems root cause #5:

    Inefficient or ineffective business processes

    Some common root causes of data quality issues related to business processes include:

    1. Multiple entries of the same record leads to duplicate records proliferating in the database.
    2. Many business definitions of data.
    3. Failure to document data manipulations when presenting data.
    4. Failure to train people on how to understand data.
    5. Manually intensive processes can result in duplication of effort (creates room for errors).
    6. No clear delineation of dependencies of business processes within or between departments, which leads to a siloed approach to business processes, rather than a coordinated and aligned approach.

    Business processes can impact data quality. How data is entered into systems, as well as employee training and knowledge about the correct data definitions, can impact the quality of your organization’s data.

    These problematic business process root causes can lead to:

    Duplicate records

    Incomplete data

    Improper use of data

    Wrong data entered into fields

    These data quality issues will result in costly and inefficient manual fixes, wasting valuable time and resources.

    Phase 1 Summary

    1. Data Quality Understanding

    • Understanding that data quality is a methodology and should be treated as such.
    • Data quality can be defined by four key indicators which are completeness, usability, timeliness, and accessibility.
    • Explained how to get investment for your data quality program and showcasing its value to leadership.

    2. Phase 0 Deliverables

    Introduced foundational tools to help you throughout this blueprint:

    • Complete the Data Culture Diagnostic and Business Capability Map Template as they are foundational in understanding your data culture and business capabilities to start the journey of data quality improvement.
    • Involve key relevant stakeholders when completing the Data Quality Diagnostic for each major business use case. Use the Importance and Confidence dimensions to help you prioritize which use case to address.

    3. Common Root Causes

    Addressed where multiple root causes can occur throughout the flow of your data.

    Analyzed the following common root causes of data quality:

    1. Poor system or application design
    2. Poor database design
    3. Improper integration and synchronization of enterprise data
    4. Insufficient and ineffective data quality policies and procedures
    5. Inefficient or ineffective business processes

    Phase 2

    Analyze Your Priorities for Data Quality Fixes

    Build Your Data Quality Program

    Business Context & Data Quality

    Establish the business context of data quality improvement projects at the business unit level to find common goals.

    • To ensure the data improvement strategy is business driven, start your data quality project evaluation by understanding the business context. You will then determine which business units use data and create a roadmap for prioritizing business units for data quality repairs.
    • Your business context is represented by your corporate business vision, mission, goals and objectives, differentiators, and drivers. Collectively, they provide essential information on what is important to your organization, and some hints on how to achieve that. In this step, you will gather important information about your business view and interpret the business view to establish a data view.

    Business Vision

    Business Goals

    Business Drivers

    Business Differentiators

    Not every business unit uses data to the same extent

    A data flow diagram can provide value by allowing an organization to adopt a proactive approach to data quality. Save time by knowing where the entry points are and where to look for data flaws.

    Understanding where data lives can be challenging as it is often in motion and rarely resides in one place. There are multiple benefits that come from taking the time to create a data flow diagram.

    • Mapping out the flow of data can help provide clarity on where the data lives and how it moves through the enterprise systems.
    • Having a visual of where and when data moves helps to understand who is using data and how it is being manipulated at different points.
    • A data flow diagram will allow you to elicit how data is used in a different use case.

    Info-Tech’s Four-Column Model of Data will help you to identify the essential aspects of your data:

    Business Use Case →Used by→Business Unit →Housed in→Systems→Used for→Usage of the Data

    Not every business unit requires the same standard of data quality

    To prioritize your business units for data quality improvement projects, you must analyze the relative importance of the data they use to the business. The more important the data is to the business, the higher the priority is of fixing that data. There are two measures for determining the importance of data: business value and business impact.

    Business Value of Data

    Business value of data can be evaluated by thinking about its ties to revenue generation for the organization, as well as how it is used for productivity and operations at the organization.

    The business value of data is assessed by asking what would happen to the following parameters if the data is not usable (due to poor quality, for example):

    • Loss of Revenue
    • Loss of Productivity
    • Increased Operating Costs

    Business Impact of Data

    Business impact of data should take into account the effects of poor data on both internal and external parties.

    The business impact of data is assessed by asking what the impact would be of bad data on the following parameters:

    • Impact on Customers
    • Impact on Internal Staff
    • Impact on Business Partners

    Value + Impact = Data Priority Score

    Ensure that the project starts on the right foot by completing Info-Tech’s Data Quality Problem Statement Template

    Before you can identify a solution, you must identify the problem with the business unit’s data.

    Download this tool

    Use Info-Tech’s Data Quality Problem Statement Template to identify the symptoms of poor data quality and articulate the problem.

    Info-Tech’s Data Quality Problem Statement Template will walk you through a step-by-step approach to identifying and describing the problems that the business unit feels regarding its data quality.

    Before articulating the problem, it helps to identify the symptoms of the problem. The following W’s will help you to describe the symptoms of the data quality issues:

    What

    Define the symptoms and feelings produced by poor data quality in the business unit.

    Where

    Define the location of the data that are causing data quality issues.

    When

    Define how severe the data quality issues are in frequency and duration.

    Who

    Define who is affected by the data quality problems and who works with the data.

    Info-Tech Best Practice

    Symptoms vs. Problems. Often, people will identify a list of symptoms of a problem and mistake those for the problem. Identifying the symptoms helps to define the problem, but symptoms do not help to identify the solution. The problem statement helps you to create solutions.

    Define the project problem to articulate the purpose

    1 hour

    Input

    • Symptoms of data quality issues in the business unit

    Output

    • Refined problem description

    Materials

    • Data Quality Problem Statement Template

    Participants

    • Data Quality Improvement Project team
    • Business line representatives

    A defined problem helps you to create clear goals, as well as lead your thinking to determine solutions to the problem.

    A problem statement consists of one or two sentences that summarize a condition or issue that a quality improvement team is meant to address. For the improvement team to fix the problem, the problem statement therefore has to be specific and concise.

    Instructions

    1. Gather the Data Quality Improvement Project Team in a room and start with an issue that is believed to be related to data quality.
    2. Ask what are the attributes and symptoms of that reality today; do this with the people impacted by the issue. This should be an IT and business collaboration.
    3. Draw your conclusions of what it all means: what have you collectively learned?
    4. Consider the implications of your conclusions and other considerations that must be taken into account such as regulatory needs, compliance, policy, and targets.
    5. Develop solutions – Contain the problem to something that can be solved in a realistic timeframe, such as three months.

    Download the Data Quality Problem Statement Template

    Case Study

    A strategic roadmap rooted in business requirements primes a data quality improvement plan for success.

    MathWorks

    Industry

    Software Development

    Source

    Primary Info-Tech Research

    As part of moving to a formalized data quality practice, MathWorks leveraged an incremental approach that took its time investigating business cases to support improvement actions. Establishing realistic goals for improvement in the form of a roadmap was a central component for gaining executive approval to push the project forward.

    Roadmap Creation

    In constructing a comprehensive roadmap that incorporated findings from business process and data analyses, MathWorks opted to document five-year and three-year overall goals, with one-year objectives that supported each goal. This approach ensured that the tactical actions taken were directed by long-term strategic objectives.

    Results – Business Alignment

    In presenting their roadmap for executive approval, MathWorks placed emphasis on communicating the progression and impact of their initiatives in terms that would engage business users. They focused on maintaining continual lines of communication with business stakeholders to demonstrate the value of the initiatives and also to gradually shift the corporate culture to one that is invested in an effective data quality practice.

    “Don’t jump at the first opportunity, because you may be putting out a fire with a cup of water where a fire truck is needed.” – Executive Advisor, IT Research and Advisory Firm

    Use Info-Tech’s Practice Assessment and Project Planning Tool to create your strategy for improving data quality

    Assess IT’s capabilities and competencies around data quality and plan to build these as the organization’s data quality practice develops. Before you can fix data quality, make sure you have the necessary skills and abilities to fix data quality correctly.

    The following IT capabilities are developed on an ongoing basis and are necessary for standardizing and structuring a data quality practice:

    • Meeting Business Needs
    • Services and Projects
    • Policies, Procedures, and Standards
    • Roles and Organizational Structure
    • Oversight and Communication
    • Data Quality of Different Data Types

    Download this Tool

    Data Handling and Remediation Competencies:

    • Data Standardization: Formatting values into consistent standards based on industry standards and business rules.
    • Data Cleansing: Modification of values to meet domain restrictions, integrity constraints, or other business rules for sufficient data quality for the organization.
    • Data Matching: Identification, linking, and merging related entries in or across sets of data.
    • Data Validation: Checking for correctness of the data.

    After these capabilities and competencies are assessed for a current and desired target state, the Data Quality Practice Assessment and Project Planning Tool will suggest improvement actions that should be followed in order to build your data quality practice. In addition, a roadmap will be generated after target dates are set to create your data quality practice development strategy.

    Benchmark current and identify target capabilities for your data quality practice

    1 hour

    Input

    • Current and desired data quality practices in the organization

    Output

    • Assessment of where the gaps lie in your data quality practice

    Materials

    • Data Quality Practice Assessment and Project Planning Tool

    Participants

    • Data Quality Project Lead
    • Business Line Representatives
    • Business Architects

    Use the Data Quality Practice Assessment and Project Planning Tool to evaluate the baseline and target capabilities of your practice in terms of how data quality is approached and executed.

    Download this Tool

    Instructions

    1. Invite the appropriate stakeholders to participate in this exercise. Examples:
      1. Business executives will have input in Tab 2
      2. Unique stakeholders: communications expert or executive advisors may have input
    2. On Tab 2: Practice Components, assess the current and target states of each capability on a scale of 1–5. Note: “Ad hoc” implies a capability is completed, but randomly, informally, and without a standardized method.

    These results will set the baseline against which you will monitor performance progress and keep track of improvements over time.

    Info-Tech Insight

    Focus on early alignment. Assessing capabilities within specific people’s job functions can naturally result in disagreement or debate, especially between business and IT people. Remind everyone that data quality should ultimately serve business needs wherever possible.

    Visualization improves the holistic understanding of where gaps exist in your data quality practice

    To enable deeper analysis on the results of your practice assessment, Tab 3: Data Quality Practice Scorecard in the Data Quality Practice Assessment and Project Planning Tool creates visualizations of the gaps identified in each of your practice capabilities and related data management practices. These diagrams serve as analysis summaries.

    Gap assessment of “Meeting Business Needs” capabilities

    The image shows a screen capture of the Gap assessment of 
“Meeting Business Needs” capabilities, with sample information filled in.

    Visualization of gap assessment of data quality practice capabilities

    The image shows a bar graph titled Data Quality Capabilities.

    1. Enhance your gap analyses by forming a relative comparison of total gaps in key practice capability areas, which will help in determining priorities.
    • Example: In Tab 2 compare your capabilities within “Policies, Procedures, and Standards.” Then in Tab 3, compare your overall capabilities in “Policies, Procedures, and Standards” versus “Empowering Technologies.”
  • Put these up on display to improve discussion in the gap analyses and prioritization sessions.
  • Improve the clarity and flow of your strategy template, final presentations, and summary documents by copying and pasting the gap assessment diagrams.
  • Before engaging in the data quality improvement project plan, receive signoff from IT regarding feasibility

    The final piece of the puzzle is to gain sign-off from IT.

    Hofstadter's law: It always takes longer than you expect, even when you take into account Hofstadter’s Law.

    This means that before engaging IT in data quality projects to fix the business units’ data in Phase 2, IT must assess feasibility of the data quality improvement plan. A feasibility analysis is typically used to review the strengths and weaknesses of the projects, as well as the availability of required skills and technologies needed to complete them. Use the following workflow to guide you in performing a feasibility analysis:

    Project evaluation process:

    Present capabilities

    • Operational Capabilities
    • System Capabilities
    • Schedule Capabilities
      • Summary of Evaluation Results
        • Recommendations/ modifications to the project plan

    Info-Tech Best Practice

    While the PMO identifies and coordinates projects, IT must determine how long and for how much.

    Conduct gap analysis sessions to review and prioritize the capability gaps

    1 hour

    Input

    • Current and Target State Assessment

    Output

    • Documented initiatives to help you get to the target state

    Materials

    • Data Quality Practice Assessment and Project Planning Tool

    Participants

    • Data Quality team
    • IT representatives

    Instructions

    • Analyze Gap Analysis Results – As a group, discuss the high-level results on Tab 3: Data Quality Practice Score. Discuss the implications of the gaps identified.
    • Do a line-item review of the gaps between current and target levels for each assessed capability by using Tab 2: Practice Components.
    • Brainstorm Alignment Strategies – Brainstorm the effort and activities that will be necessary to support the practice in building its capabilities to the desired target level. Ask the following questions:
      • What activities must occur to enable this capability?
      • What changes/additions to resources, process, technology, business involvement, and communication must occur?
    • Document Data Quality Initiatives – Turn activities into initiatives by documenting them in Tab 4. Data Quality Practice Roadmap. Review the initiatives and estimate the start and end dates of each one.
    • Continue to evaluate the assessment results in order to create a comprehensive set of data quality initiatives that support your practice in building capabilities.

    Download this Tool

    Create the organization’s data quality improvement strategy roadmap

    1 hour

    Input

    • Data quality practice gaps and improvement actions

    Output

    • Data quality practice improvement roadmap

    Materials

    • Data Quality Practice Assessment and Project Planning Tool

    Participants

    • Data Quality Project Lead
    • Business Executives
    • IT Executives
    • Business Architects

    Generating Your Roadmap

    1. Plan the sequence, starting time, and length of each initiative in the Data Quality Practice Assessment and Project Planning Tool.
    2. The tool will generate a Gantt chart based on the start and length of your initiatives.
    3. The Gantt chart is generated in Tab 4: Data Quality Practice Roadmap, and can be used to organize and ensure that all of the essential aspects of data quality are addressed.

    Use the Practice Roadmap to plan and improve data quality capabilities

    Download this Tool

    Info-Tech Best Practice

    To help get you started, Info-Tech has provided an extensive list of data quality improvement initiatives that are commonly undertaken by organizations looking to improve their data quality.

    Establish Baseline Metrics

    Baseline metrics will be improved through:

    2 hours

    Create practice-level metrics to monitor your data quality practice.

    Instructions:

    1. Establish metrics for both the business and IT that will be used to determine if the data quality practice development is effective.
    2. Set targets for each metric.
    3. Collect current data to calculate the metrics and establish a baseline.
    4. Assign an owner for tracking each metric to be accountable for performance.
    Metric Current Goal
    Usage (% of trained users using the data warehouse)
    Performance (response time)
    Performance (response time)
    Resource utilization (memory usage, number of machine cycles)
    User satisfaction (quarterly user surveys)
    Data quality (% values outside valid values, % fields missing, wrong data type, data outside acceptable range, data that violates business rules. Some aspects of data quality can be automatically tracked and reported)
    Costs (initial installation and ongoing, Total Cost of Ownership including servers, software licenses, support staff)
    Security (security violations detected, where violations are coming from, breaches)
    Patterns that are used
    Reduction in time to market for the data
    Completeness of data that is available
    How many "standard" data models are being used
    What is the extra business value from the data governance program?
    How much time is spent for data prep by BI & analytics team?

    Phase 2 summary

    As you improve your data quality practice and move from reactive to stable, don’t rest and assume that you can let data quality keep going by itself. Rapidly changing consumer requirements or other pains will catch up to your organization and you will fall behind again. By moving to the proactive and predictive end of the maturity scale, you can stay ahead of the curve. By following the methodology laid out in Phase 1, the data quality practices at your organization will improve over time, leading to the following results:

    Chaotic

    Before Data Quality Practice Improvements

    • No standards to data quality

    Reactive

    Year 1

    • Processes defined
    • Data cleansing approach to data quality

    Stable

    Year 2

    • Business rules/ stewardship in place
    • Education and training

    Proactive

    Year 3

    • Data quality practices fully in place and embedded in the culture
    • Trusted and intelligent enterprise

    (Global Data Excellence, Data Excellence Maturity Model)

    Phase 3

    Establish Your Organization’s Data Quality Program

    Build Your Data Quality Program

    Create a data lineage diagram to map the data journey and identify the data subject areas to be targeted for fixes

    It is important to understand the various data that exist in the business unit, as well as which data are essential to business function and require the highest degree of quality efforts.

    Visualize your databases and the flow of data. A data lineage diagram can help you and the Data Quality Improvement Team visualize where data issues lie. Keeping the five-tier architecture in mind, build your data lineage diagram.

    Reminder: Five-Tier Architecture

    The image shows the Five-Tier Architecture graphic.

    Use the following icons to represent your various data systems and databases.

    The image shows four icons. They are: the image of a square and a computer monitor, labelled Application; the image of two sheets of paper, labelled Desktop documents; the image of a green circle next to a computer monitor, labelled Web Application; and a blue cylinder labelled Database.

    Use Info-Tech’s Data Lineage Diagram to document the data sources and applications used by the business unit

    2 hours

    Input

    • Data sources and applications used by the business unit

    Output

    • Data lineage diagram

    Materials

    • Data Lineage Diagram Template

    Participants

    • Business Unit Head/Data Owner
    • Business Unit SMEs
    • Data Analysts/Architects

    Map the flow and location of data within a business unit by creating a system context diagram.

    Gain an accurate view of data locations and uses: Engage business users and representatives with a wide breadth of knowledge-related business processes and the use of data by related business operations.

    1. Sit down with key business representatives of the business unit.
    2. Document the sources of data and processes in which they’re involved, and get IT confirmation that the sources of the data are correct.
    3. Map out the sources and processes in a system context diagram.

    Download this Tool

    Sample Data Lineage Diagram

    The image shows a sample data lineage diagram, split into External Applications and Internal Applications, and showing the processes involved in each.

    Leverage Info-Tech’s Data Quality Practice Assessment and Project Planning Tool to document business context

    1 hour

    Input

    • Business vision, goals, and drivers

    Output

    • Business context for the data quality improvement project

    Materials

    • Data Quality Practice Assessment and Project Planning Tool

    Participants

    • Data Quality project lead
    • Business line representatives
    • IT executives

    Develop goals and align them with specific objectives to set the framework for your data quality initiatives.

    In the context of achieving business vision, mission, goals, and objectives and sustaining differentiators and key drivers, think about where and how data quality is a barrier. Then brainstorm data quality improvement objectives that map to these barriers. Document your list of objectives in Tab 5. Prioritize business units of the Data Quality Practice Assessment and Project Planning Tool.

    Establishing Business Context Example

    Healthcare Industry

    Vision To improve member services and make service provider experience more effective through improving data quality and data collection, aggregation, and accessibility for all the members.
    Goals

    Establish meaningful metrics that guide to the improvement of healthcare for member effectiveness of health care providers:

    • Data collection
    • Data harmonization
    • Data accessibility and trust by all constituents.
    Differentiator Connect service consumers with service providers, that comply with established regulations by delivering data that is accurate, trusted, timely, and easy to understand to connect service providers and eliminate bureaucracy and save money and time.
    Key Driver Seamlessly provide a healthcare for members.

    Download this Tool

    Document the identified business units and their associated data

    30 minutes

    Input

    • Business units

    Output

    • Documented business units to begin prioritization

    Materials

    • Data Quality Practice Assessment and Project Planning Tool

    Participants

    • Project Manager

    Instructions

    1. Using Tab 5: Prioritize Business Units of the Data Quality Practice Assessment and Project Planning Tool, document the business units that use data in the organization. This will likely be all business units in the organization.
    2. Next, document the primary data used by those business units.
    3. These inputs will then be used to assess business unit priority to generate a data quality improvement project roadmap.

    The image shows a screen capture of Tab 5: Prioritize Business Units, with sample information inputted.

    Reminder – Not every business unit requires the same standard of data quality

    To prioritize your business units for data quality improvement projects, you must analyze the relative importance of the data they use to the business. The more important the data is to the business, the higher the priority is of fixing that data. There are two measures for determining the importance of data: business value and business impact.

    Business Value of Data

    Business value of data can be evaluated by thinking about its ties to revenue generation for the organization, as well as how it is used for productivity and operations at the organization.

    The business value of data is assessed by asking what would happen to the following parameters if the data is not usable (due to poor quality, for example):

    • Loss of Revenue
    • Loss of Productivity
    • Increased Operating Costs

    Business Impact of Data

    Business impact of data should take into account the effects of poor data on both internal and external parties.

    The business impact of data is assessed by asking what the impact would be of bad data on the following parameters:

    • Impact on Customers
    • Impact on Internal Staff
    • Impact on Business Partners

    Value + Impact = Data Priority Score

    Assess the business unit priority order for data quality improvements

    2 hours

    Input

    • Assessment of value and impact of business unit data

    Output

    • Prioritization list for data quality improvement projects

    Materials

    • Data Quality Practice Assessment and Project Planning Tool

    Participants

    • Project Manager
    • Data owners

    Instructions

    Instructions In Tab 5: Prioritize Business Units of the Data Quality Practice Assessment and Project Planning Tool, assess business value and business impact of the data within each documented business unit.

    Use the ratings High, Medium, and Low to measure the financial, productivity, and efficiency value and impact of each business unit’s data.

    In addition to these ratings, assess the number of help desk tickets that are submitted to IT regarding data quality issues. This parameter is an indicator that the business unit’s data is high priority for data quality fixes.

    Download this Tool

    Create a business unit order roadmap for your data quality improvement projects

    1 hour

    Input

    • Rating of importance of data for each business unit

    Output

    • Roadmap for data quality improvement projects

    Materials

    • Data Quality Practice Assessment and Project Planning Tool

    Participants

    • Project Manager
    • Product Manager
    • Business line representatives

    Instructions

    After assessing the business units for the business value and business impact of their data, the Data Quality Practice Assessment and Project Planning Tool automatically assesses the prioritization of the business units based on your ratings. These prioritizations are then summarized in a roadmap on Tab 6: Data Quality Project Roadmap. The following is an example of a project roadmap:

    The image shows an example of a project roadmap, with three business units listed vertically along the left hand side, and a Gantt chart showing the time periods in which each Business Unit would work. At the bottom, a table shows the Length of the Project in days (100), and the start date for the first project.

    On Tab 6, insert the timeline for your data quality improvement projects, as well as the starting date of your first data quality project. The roadmap will automatically update with the chosen timing and dates.

    Download this Tool

    Identify metrics at the business unit level to track data quality improvements

    As you improve the data quality for specific business units, measuring the benefits of data quality improvements will help you demonstrate the value of the projects to the business.

    Use the following table to guide you in creating business-aligned metrics:

    Business Unit Driver Metrics Goal
    Sales Customer Intimacy Accuracy of customer data. Percent of missing or incomplete records. 10% decrease in customer record errors.

    Marketing

    Customer Intimacy Accuracy of customer data. Percent of missing or incomplete records. 10% decrease in customer record errors.
    Finance Operational Excellence Relevance of financial reports. Decrease in report inaccuracy complaints.
    HR Risk Management Accuracy of employee data. 10% decrease in employee record errors.
    Shipping Operational Excellence Timeliness of invoice data. 10% decrease in time to report.

    Info-Tech Insight

    Relating data governance success metrics to overall business benefits keeps executive management and executive sponsors engaged because they are seeing actionable results. Review metrics on an ongoing basis with those data owners/stewards who are accountable, the data governance steering committee, and the executive sponsors.

    Case Study

    Address data quality with the right approach to maximize the ROI

    EDC

    Industry: Government

    Source: Environment Development of Canada (EDC)

    Challenge

    Environment Development Canada (EDC) would initially identify data elements that are important to the business purely based on their business instinct.

    Leadership attempted to tackle the enterprise’s data issues by bringing a set of different tools into the organization.

    It didn’t work out because the fundamental foundational layer, which is the data and infrastructure, was not right – they didn't have the foundational capabilities to enable those tools.

    Solution

    Leadership listened to the need for one single team to be responsible for the data persistence.

    Therefore, the data platform team was granted that mandate to extensively execute the data quality program across the enterprise.

    A data quality team was formed under the Data & Analytics COE. They had the mandate to profile the data and to understand what quality of data needed to be achieved. They worked constantly with the business to build the data quality rules.

    Results

    EDC tackled the source of their data quality issues through initially performing a data quality management assessment with business stakeholders.

    From then on, EDC was able to establish their data quality program and carry out other key initiatives that prove the ROI on data quality.

    Begin your data quality improvement project starting with the highest priority business unit

    Now that you have a prioritized list for your data quality improvement projects, identify the highest priority business unit. This is the business unit you will work through Phase 3 with to fix their data quality issues.

    Once you have initiated and identified solutions for the first business unit, tackle data quality for the next business unit in the prioritized list.

    The image is a graphic labelled as Phase 2. On the left, there is a vertical arrow pointing upward labelled Priority of Business Units. Next to it, there are three boxes, with downward pointing arrows between them, each box labelled as each Business Unit's Data Quality Improvement Project. From there an arrow points right to a circle. Inside the circle are the steps necessary to complete the data quality improvement project.

    Create and document your data quality improvement team

    1 hour

    Input

    • Individuals who fit the data quality improvement plan team roles

    Output

    • Project team

    Materials

    • Data Quality Improvement Plan Template

    Participants

    • Data owner
    • Project Manager
    • Product Manager

    The Data Quality Improvement Plan is a concise document that should be created for each data quality project (i.e. for each business unit) to keep track of the project.

    Instructions

    1. Meet with the data owner of the business unit identified for the data quality improvement project.
    2. Identify individuals who fit the data quality improvement plan team roles.
    3. Using the Data Quality Improvement Plan Template to document the roles and individuals who will fit those roles.
    4. Have an introductory meeting with the Improvement team to clarify roles and responsibilities for the project.

    Download this Tool

    Team role Assigned to
    Data Owner [Name]
    Project Manager [Name]
    Business Analyst/BRM [Name]
    Data Steward [Name]
    Data Analyst [Name]

    Document the business context of the Data Quality Improvement Plan

    1 hour

    Input

    • Project team
    • Identified data attributes

    Output

    • Business context for the data quality improvement plan

    Materials

    • Data Quality Improvement Plan Template

    Participants

    • Data owner
    • Project Sponsor
    • Product owner

    Data quality initiatives have to be relevant to the business, and the business context will be used to provide inputs to the data improvement strategy. The context can then be used to determine exactly where the root causes of data quality issues are, which will inform your solutions.

    Instructions

    The business context of the data quality improvement plan includes documenting from previous activities:

    1. The Data Quality Improvement Team.
    2. Your Data Lineage Diagram.
    3. Your Data Quality Problem Statement.

    Info-Tech Best Practice

    While many organizations adopt data quality principles, not all organizations express them along the same terms. Have multiple perspectives within your organization outline principles that fit your unique data quality agenda. Anyone interested in resolving the day-to-day data quality issues that they face can be helpful for creating the context around the project.

    Download this tool

    Now that you have a defined problem, revisit the root causes of poor data quality

    You previously fleshed out the problem with data quality present in the business unit chosen as highest priority. Now it is time to figure out what is causing those problems.

    In the table below, you will find some of the common categories of causes of data quality issues, as well as some specific root causes.

    Category Description
    1. System/Application Design Ineffective, insufficient, or even incorrect system/application design accepts incorrect and missing data elements to the source applications and databases. The data records in those source systems may propagate into systems in tiers 2, 3, 4, and 5 of the 5-tier architecture, creating domino and ripple effects.
    2. Database design Database is created and modeled in an incorrect manner so that the management of the data records is incorrect, resulting in duplicated and orphaned records, and records that are missing data elements or records that contain incorrect data elements. Poor operational data in databases often leads to issues in tiers 2, 3, 4, and 5.
    3. Enterprise Integration Data or information is improperly integrated, transformed, masked, and aggregated in tier 2. In addition, some data integration tasks might not be timely, resulting in out-of-date data or even data that contradicts with other data. Enterprise integration is a precursor of loading a data warehouse and data marts. Issues in this layer affect tier 3, 4 and 5 on the 5-tier architecture.
    4. Policies and Procedures Policies and procedures are not effectively used to reinforce data quality. In some situations, policy gaps are found. In others, policies are overlapped and duplicated. Policies may also be out-of-date or too complex, affecting the users’ ability to interpret the policy objectives. Policies affect all tiers in the 5-tier architecture.
    5. Business Processes Improper business process design introduces poor data into the data systems. Failure to create processes around approving data changes, failure to document key data elements, and failure to train employees on the proper uses of data make data quality a burning problem.

    Leverage a root cause analysis approach to pinpoint the origins of your data issues

    A root cause analysis is a systematic approach to decompose a problem into its components. Use fishbone diagrams to help reveal the root causes of data issues.

    The image shows a fishbone diagram on the left, which starts with Process on the left, and then leads to Application and Integration, and then Database and Policies. This section is titled Root causes. The right hand section is titled Lead to problems with data... and includes 4 circles with the word or in between each. The circles are labelled: Completeness; Usability; Timeliness; Accessibility.

    Info-Tech recommends five root cause categories for assessing data quality issues:

    Application Design. Is the issue caused by human error at the application level? Consider internal employees, external partners/suppliers, and customers.

    Database Design. Is the issue caused by a particular database and stems from inadequacies in its design?

    Integration. Data integration tools may not be fully leveraged, or data matching rules may be poorly designed.

    Policies and Procedures. Do the issues take place because of lack of governance?

    Business Processes. Do the issues take place due to insufficient processes?

    For Example:

    When performing a deeper analysis of your data issues related to the accuracy of the business unit’s data, you would perform a root cause analysis by assessing the contribution of each of the five categories of data quality problem root causes:

    The image shows another fishbone diagram, with example information filled in. The first section on the left is titled Application Design, and includes the text: Data entry problems lead to incorrect accounting entries. The second is Integration, and includes the text: Data integration tools are not fully leveraged. The third section is Policies, and includes the text: No policy on standardizing name and address. The last section is Database design, with text that reads: Databases do not contain unique keys. The diagram ends with an arrow pointing right to a blue circle with Accuracy in it.

    Leverage a combination of data analysis techniques to identify and quantify root causes

    Info-Tech Insight

    Including all attributes of the key subject area in your data profiling activities may produce too much information to make sense of. Conduct data profiling primarily at the table level and undergo attribute profiling only if you are able to narrow down your scope sufficiently.

    Data Profiling Tool

    Data profiling extracts a sample of the target data set and runs it through multiple levels of analysis. The end result is a detailed report of statistics about a variety of data quality criteria (duplicate data, incomplete data, stale data, etc.).

    Many data profiling tools have built-in templates and reports to help you uncover data issues. In addition, they quantify the occurrences of the data issues.

    E-Discovery Tool

    This supplements a profiling tool. For Example, use a BI tool to create a custom grouping of all the invalid states (e.g. “CAL,” “AZN,” etc.) and visualize the percentage of invalid states compared to all states.

    SQL Queries

    This supplements a profiling tool. For example, use a SQL statement to group the customer data by customer segment and then by state to identify which segment–state combinations contain poor data.

    Identify the data issues for the particular business unit under consideration

    2 hours

    Input

    • Issues with data quality felt by the business unit
    • Data lineage diagram

    Output

    • Categorized data quality issues

    Materials

    • Whiteboard, markers, sticky notes
    • Data Quality Improvement Plan Template

    Participants

    • Data quality improvement project team
    • Business line representatives

    Instructions

    1. Gather the data quality improvement project team in a room, along with sticky notes and a whiteboard.
    2. Display your previously created data lineage diagram on the whiteboard.
    3. Using color-coded sticky notes, attach issues to each component of the data lineage diagram that team members can identify. Use different colors for the four quality attributes: Completeness, Usability, Timeliness, and Accessibility.

    Example:

    The image shows the data lineage diagram that has been shown in previous sections. In addition, the image shows 4 post-its arranges around the diagram, labelled: Usability; Completeness; Timeliness; and Accessibility.

    Map the data issues on fishbone diagrams to identify root causes

    1 hour

    Input

    • Categorized data quality issues

    Output

    • Completed fishbone diagrams

    Materials

    • Whiteboard, markers, sticky notes
    • Data Quality Improvement Plan Template

    Participants

    • Data quality improvement project team

    Now that you have data quality issues classified according to the data quality attributes, map these issues onto four fishbone diagrams.

    The image shows a fishbone diagram, which is titled Example: Root cause analysis diagram for data accuracy.

    Download this Tool

    Get to know the root causes behind system/application design mistakes

    Suboptimal system/application design provides entry points for bad data.

    Business Process
    Usually found in → Tier 1 Tier 2 Tier 3 Tier 4 Tier 5
    Issue Root Causes Usability Completeness Timeliness Accessibility
    Insufficient data mask No data mask is defined for a free-form text field in a user interface. E.g. North American phone number should have 4 masks – country code (1-digit), area code (3-digit), and local number (7-digit). X X
    Too many free-form text fields Incorrect use of free-form text fields (fields that accept a variety of inputs). E.g. Use a free-form text field for zip code instead of a backend look up. X X
    Lack of value lookup Reference data is not looked up from a reference list. E.g. State abbreviation is entered instead of being looked up from a standard list of states. X X
    Lack of mandatory field definitions Mandatory fields are not identified and reinforced. Resulting data records with many missing data elements. E.g. Some users may fill up 2 or 3 fields in a UI that has 20 non-mandatory fields. X

    The image shows a fishbone diagram, with the following sections, from left to right: Application Design; Integration; Processes; Policies; Database Design; Data Quality Measure. The Application Design section is highlighted.

    Get to know the root causes behind common database design mistakes

    Improper database design allows incorrect data to be stored and propagated.

    Business Process
    Usually found in → Tier 1 Tier 2 Tier 3 Tier 4 Tier 5
    Issue Root Causes Usability Completeness Timeliness Accessibility
    Incorrect referential integrity Referential integrity constraints are absent or incorrectly implemented, resulting in child records without parent records, or related records are updated or deleted in a cascading manner. E.g. An invoice line item is created before an invoice is created. X X
    Lack of unique keys Lack of unique keys creating scenarios where record uniqueness cannot be guaranteed. E.g. Customer records with the same customer_ID. X X
    Data range Fail to define a data range for incoming data, resulting in data values that are out of range. E.g. The age field is able to store an age of 999. X X
    Incorrect data type Incorrect data types are used to store data fields. E.g. A string field is used to store zip codes. Some users use that to store phone numbers, birthdays, etc. X X

    The image shows a fishbone diagram, with the following sections, from left to right: Application Design; Integration; Processes; Policies; Database Design; Data Quality Measure. The Database Design section is highlighted

    Get to know the root causes behind enterprise integration mistakes

    Improper data integration or synchronization may create poor analytical data.

    Business Process
    Usually found in → Tier 1 Tier 2 Tier 3 Tier 4 Tier 5
    Issue Root Causes Usability Completeness Timeliness Accessibility
    Incorrect transformation Transformation is done incorrectly. A wrong formula may have been used, transformation is done at the wrong data granularity, or aggregation logic is incorrect. E.g. Aggregation is done for all customers instead of just active customers. X X
    Data refresh is out of sync Data is synchronized at different intervals, resulting in a data warehouse where data domains are out of sync. E.g. Customer transactions are refreshed to reflect the latest activities but the account balance is not yet refreshed. X X
    Data is matched incorrectly Fail to match records from disparate systems, resulting in duplications and unmatched records. E.g. Unable to match customers from different systems because they have different cust_ID. X X
    Incorrect data mapping Fields from source systems are not properly matched with data warehouse fields. E.g. Status fields from different systems are mixed into one field. X X

    The image shows a fishbone diagram, with the following sections, from left to right: Application Design; Integration; Processes; Policies; Database Design; Data Quality Measure. The Integration section is highlighted

    Get to know the root causes behind policy and procedure mistakes

    Suboptimal policies and procedures undermine the effect of best practices.

    Business Process
    Usually found in → Tier 1 Tier 2 Tier 3 Tier 4 Tier 5
    Issue Root Causes Usability Completeness Timeliness Accessibility
    Policy Gaps There are gaps in the policy landscape in terms of some missing key policies or policies that are not refreshed to reflect the latest changes. E.g. A data entry policy is absent, leading to inconsistent data entry practices. X X
    Policy Communications Policies are in place but the policies are not communicated effectively to the organization, resulting in misinterpretation of policies and under-enforcement of policies. E.g. The data standard is created but very few developers are aware of its existence. X X
    Policy Enforcement Policies are in place but not proactively re-enforced and that leads to inconsistent application of policies and policy adoption. E.g. Policy adoption is dropping over time due to lack of reinforcement. X X
    Policy Quality Policies are written by untrained authors and they do not communicate the messages. E.g. A non-technical data user may find a policy that is loaded with technical terms confusing. X X

    The image shows a fishbone diagram, with the following sections, from left to right: Application Design; Integration; Processes; Policies; Database Design; Data Quality Measure. The Policies section is highlighted

    Get to know the root causes behind common business process mistakes

    Ineffective and inefficient business processes create entry points for poor data.

    Business Process
    Usually found in → Tier 1 Tier 2 Tier 3 Tier 4 Tier 5
    Issue Root Causes Usability Completeness Timeliness Accessibility
    Lack of training Key data personnel and business analysts are not trained in data quality and data governance, leading to lack of accountability. E.g. A data steward is not aware of downstream impact of a duplicated financial statement. X X
    Ineffective business process The same piece of information is entered into data systems two or more times. Or a piece of data is stalled in a data system for too long. E.g. A paper form is scanned multiple times to extract data into different data systems. X X
    Lack of documentation Fail to document the work flows of the key business processes. A lack of work flow results in sub-optimal use of data. E.g. Data is modeled incorrectly due to undocumented business logic. X X
    Lack of integration between business silos Business silos hold on to their own datasets resulting in data silos in which data is not shared and/or data is transferred with errors. E.g. Data from a unit is extracted as a data file and stored in a shared drive with little access. X X

    The image shows a fishbone diagram, with the following sections, from left to right: Application Design; Integration; Processes; Policies; Database Design; Data Quality Measure. The Processes section is highlighted

    Phase 3 Summary

    1. Data Lineage Diagram
    • Creating the data lineage diagram is recommended to help visualize the flow of your data and to map the data journey and identify the data subject areas to be targeted for fixes.
    • The data lineage diagram was leveraged multiple times throughout this Phase. For example, the data lineage diagram was used to document the data sources and applications used by the business unit
  • Business Context
    • Business context was documented through the Data Quality Practice Assessment and Project Planning Tool.
    • The same tool was used to document identified business units and their associated data.
    • Metrics were also identified at the business unit level to track data quality improvements.
  • Common Root Causes
    • Leverage a root cause analysis approach to pinpoint the origins of your data quality issues.
    • Analyzed and got to know the root causes behind the following:
      1. System/application design mistakes
      2. Common database design mistakes
      3. Enterprise integration mistakes
      4. Policies and procedures mistakes
      5. Common business processes mistakes
  • Phase 4

    Grow and Sustain Your Data Quality Program

    Build Your Data Quality Program

    For the identified root causes, determine the solutions for the problem

    As you worked through the previous step, you identified the root causes of your data quality problems within the business unit. Now, it is time to identify solutions.

    The following slides provide an overview of the solutions to common data quality issues. As you identify solutions that apply to the business unit being addressed, insert the solution tables in Section 4: Proposed Solutions of the Data Quality Improvement Plan Template.

    All data quality solutions have two components to them:

    • Technology
    • People

    For the next five data quality solution slides, look for the slider for the contributions of each category to the solution. Use this scale to guide you in creating solutions.

    When designing solutions, keep in mind that solutions to data quality problems are not mutually exclusive. In other words, an identified root cause may have multiple solutions that apply to it.

    For example, if an application is plagued with inaccurate data, the application design may be suboptimal, but also the process that leads to data being entered may need fixing.

    Data quality improvement strategy #1:

    Fix data quality issues by improving system/application design.

    Technology

    Application Interface Design

    Restrict field length – Capture only the characters you need for your application.

    Leverage data masks – Use data masks in standardized fields like zip code and phone number.

    Restrict the use of open text fields and use reference tables – Only present open text fields when there is a need. Use reference tables to limit data values.

    Provide options – Use radio buttons, drop-down lists, and multi-select instead of using open text fields.

    Data Validation at the Application Level

    Validate data before committing – Use simple validation to ensure the data entered is not random numbers and letters.

    Track history – Keep track of who entered what fields.

    Cannot submit twice – Only design for one-time submission.

    People

    Training

    Data-entry training – Training that is related to data entry, creating, or updating data records.

    Data resolution training – Training data stewards or other dedicated data personnel on how to resolve data records that are not entered properly.

    Continuous Improvement

    Standards – Develop application design principles and standards.

    Field testing – Field data entry with a few people to look for abnormalities and discrepancies.

    Detection and resolution – Abnormal data records should be isolated and resolved ASAP.

    Application Testing

    Thorough testing – Application design is your first line of defence against poor data. Test to ensure bad data is kept out of the systems.

    Case Study

    HMS

    Industry: Healthcare

    Source: Informatica

    Improve your data quality ingestion procedures to provide better customer intimacy for your users

    Healthcare Management Systems (HMS) provides cost containment services for healthcare sponsors and payers, and coordinates benefits services. This is to ensure that healthcare claims are paid correctly to both government agencies and individuals. To do so, HMS relies on data, and this data needs to be of high quality to ensure the correct decisions are made, the right people get the correct claims, and the appropriate parties pay out.

    To improve the integrity of HMS’s customer data, HMS put in place a framework that helped to standardize the collection of high volume and highly variable data.

    Results

    Working with a data quality platform vendor to establish a framework for data standardization, HMS was able to streamline data analysis and reduce new customer implementations from months to weeks.

    HMS data was plagued with a lack of standardization of data ingestion procedures.

    Before improving data quality processes After improving data quality processes
    Data Ingestion Data Ingestion
    Many standards of ingestion. Standardized data ingestion
    Data Storage Data Storage
    Lack of ability to match data, creating data quality errors.
    Data Analysis Data Analysis
    = =
    Slow Customer Implementation Time 50% Reduction in Customer Implementation Time

    Data quality improvement strategy #2:

    Fix data quality issues using proper database design.

    Technology

    Database Design Best Practices

    Referential integrity – Ensure parent/child relationships are maintained in terms of cascade creation, update, and deletion.

    Primary key definition – Ensure there is at least one key to guarantee the uniqueness of the data records, and primary key should not allow null.

    Validate data domain – Create triggers to check the data values entered in the database fields.

    Field type and length – Define the most suitable data type and length to hold field values.

    One-Time Data Fix (more on the next slide)

    Explore solutions – Where to fix the data issues? Is there a case to fix the issues?

    Running profiling tools to catch errors – Run scans on the database with defined criteria to identify occurrences of questionable data.

    Fix a sample before fixing all records – Use a proof-of-concept approach to explore fix options and evaluate impacts before fixing the full set.

    People

    The DBA Team

    Perform key tasks in pairs – Take a pair approach to perform key tasks so that validation and cross-check can happen.

    Skilled DBAs – DBAs should be certified and accredited.

    Competence – Assess DBA competency on an ongoing basis.

    Preparedness – Develop drills to stimulate data issues and train DBAs.

    Cross train – Cross train team members so that one DBA can cover another DBA.

    Data quality improvement strategy #3:

    Improve integration and synchronization of enterprise data.

    Technology

    Integration Architecture

    Info-Tech’s 5-Tier Architecture – When doing transformations, it is good practice to persist the integration results in tier 3 before the data is further refined and presented in tier 4.

    Timing, timing, and timing – Think of the sequence of events. You may need to perform some ETL tasks before other tasks to achieve synchronization and consistence.

    Historical changes – Ensure your tier 3 is robust enough to include historical data. You need to enable type 2 slowly, changing dimension to recreate the data at a point in time.

    Data Cleansing

    Standardize – Leverage data standardization to standardize name and address fields to improve matching and integration.

    Fuzzy matching – When there are no common keys between datasets. The datasets can only be matched by fuzzy matching. Fuzzy matching is not hard science; define a confidence level and think about a mechanism to deal with the unmatched.

    People

    Reporting and Documentations

    Business data glossary and data lineage – Define a business data glossary to enhance findability of key data elements. Document data mappings and ETL logics.

    Create data quality reports – Many ETL platforms provide canned data quality reports. Leverage those quality reports to monitor the data health.

    Code Review

    Create data quality reports – Many ETL platforms provide canned data quality reports. Leverage those quality reports to monitor the data health.

    ARB (architectural review board) – All ETL codes should be approved by the architectural review board to ensure alignment with the overall integration strategy.

    Data quality improvement strategy #4:

    Improve data quality policies and procedures.

    Technology

    Policy Reporting

    Data quality reports – Leverage canned data quality reports from the ETL platforms to monitor data quality on an on-going basis. When abnormalities are found, provoke the right policies to deal with the issues.

    Store policies in a central location that is well known and easy to find and access. A key way that technology can help communicate policies is by having them published on a centralized website.

    Make the repository searchable and easily navigable. myPolicies helps you do all this and more.

    myPolicies helps you do all this and more.

    Go to this link

    People

    Policy Review and Training

    Policy review – Create a schedule for reviewing policies on a regular basis – invite professional writers to ensure polices are understandable.

    Policy training – Policies are often unread and misread. Training users and stakeholders on policies is an effective way to make sure those users and stakeholders understand the rationale of the policies. It is also a good practice to include a few scenarios that are handled by the policies.

    Policy hotline/mailbox – To avoid misinterpretation of the policies, a policy hotline/mailbox should be set up to answer any data policy questions from the end users/stakeholders.

    Policy Communications

    Simplified communications – Create handy one-pagers and infographic posters to communicate the key messages of the polices.

    Policy briefing – Whenever a new data project is initiated, a briefing of data policies should be given to ensure the project team follows the policies from the very beginning.

    Data quality improvement strategy #5:

    Streamline and optimize business processes.

    Technology

    Requirements Gathering

    Data Lineage – Leverage a metadata management tool to construct and document data lineage for future reference.

    Documentations Repository – It is a best practice to document key project information and share that knowledge across the project team and with the stakeholder. An improvement understanding of the project helps to identify data quality issues early on in the project.

    “Automating creation of data would help data quality most. You have to look at existing processes and create data signatures. You can then derive data off those data codes.” – Patrick Bossey, Manager of Business Intelligence, Crawford and Company

    People

    Requirements Gathering

    Info-Tech’s 4-Column Model – The datasets may exist but the business units do not have an effective way of communicating the quality needs. Use our four-column model and the eleven supporting questions to better understand the quality needs. See subsequent slides.

    I don’t know what the data means so I think the quality is poor – It is not uncommon to see that the right data presented to the business but the business does not trust the data. They also do not understand the business logic done on the data. See our Business Data Glossary in subsequent slides.

    Understand the business workflow – Know the business workflow to understand the manual steps associated with the workflow. You may find steps in which data is entered, manipulated, or consumed inappropriately.

    “Do a shadow data exercise where you identify the human workflows of how data gets entered, and then you can identify where data entry can be automated.” – Diraj Goel, Growth Advisor, BC Tech

    Brainstorm solutions to your data quality issues

    4 hours

    Input

    • Data profiling results
    • Preliminary root cause analyses

    Output

    • Proposals for data fix
    • Fixed issues

    Materials

    • Data Quality Improvement Plan Template

    Participants

    • Business and Data Analysts
    • Data experts and stewards

    After walking through the best-practice solutions to data quality issues, propose solutions to fix your identified issues.

    Instructions

    1. Review Root Cause Analyses: Revisit the root cause analysis and data lineage diagram you have generated in Step 3.2. to understand the issues in greater details.
    2. Characterize Each Issue: You may need to generate a data profiling report to characterize the issue. The report can be generated by using data quality suites, BI platforms, or even SQL statements.
    3. Brainstorm the Solutions: As a group, discuss potential ways to fix the issue. You can tackle the issues by approaching from these areas:
    Solution Approaches
    Technology Approach
    People Approach

    X crossover with

    Problematic Areas
    Application/System Design
    Database Design
    Data Integration and Synchronization
    Policies and Procedures
    Business Processes
    1. Document and Communicate: Document the solutions to your data issues. You may need to reuse or refer to the solutions. Also brainstorm some ideas on how to communicate the results back to the business.

    Download this Tool

    Sustaining your data quality requires continuous oversight through a data governance practice

    Quality data is the ultimate outcome of data governance and data quality management. Data governance enables data quality by providing the necessary oversight and controls for business processes in order to maintain data quality. There are three primary groups (at right) that are involved in a mature governance practice. Data quality should be tightly integrated with all of them.

    Define an effective data governance strategy and ensure the strategy integrates well with data quality with Info-Tech’s Establish Data Governance blueprint.

    Visit this link

    Data Governance Council

    This council establishes data management practices that span across the organization. This should be comprised of senior management or C-suite executives that can represent the various departments and lines of business within the organization. The data governance council can help to promote the value of data governance, facilitate a culture that nurtures data quality, and ensure that the goals of the data governance program are well aligned with business objectives.

    Data Owners

    Identifying the data owner role within an organization helps to create a greater degree of accountability for data issues. They often oversee how the data is being generated as well as how it is being consumed. Data owners come from the business side and have legal rights and defined control over a data set. They ensure data is available to the right people within the organization.

    Data Stewards

    Conflict can occur within an organization’s data governance program when a data steward’s role is confused with that of the steering committee’s role. Data stewards exist to enforce decisions made about data governance and data management. Data stewards are often business analysts or power users of a particular system/dataset. Where a data owner is primarily responsible for access, a data steward is responsible for the quality of a dataset.

    Integrate the data quality management strategy with existing data governance committees

    Ongoing and regular data quality management is the responsibility of the data governance bodies of the organization.

    The oversight of ongoing data quality activities rests on the shoulders of the data governance committees that exist in the organization.

    There is no one-size-fits-all data governance structure. However, most organizations follow a similar pattern when establishing committees, councils, and cross-functional groups. They strive to identify roles and responsibilities at a strategic, tactical, and operational level:

    The image shows a pyramid, with Executive Sponsors at the top, with the following roles in descending order: DG Council; Steering Committee; Working Groups; Data Owners and Data Stewards; and Data Users. Along the left side of the pyramid, there are three labels, in ascending order: Operational, Tactical, and Strategic.

    The image is a flow chart showing project roles, in two sections: the top section is labelled Governing Bodies, and the lower section is labelled Data Quality Improvement Team. There is a note indicating that the Data Owner reports to and provides updates regarding the state of data quality and data quality initiatives.

    Create and update the organization’s Business Data Glossary to keep up with current data definitions

    2 hours

    Input

    • Metrics and goals for data quality

    Output

    • Regularly scheduled data quality checkups

    Materials

    • Business Data Glossary Template
    • Data Quality Dashboard

    Participants

    • Data steward

    A crucial aspect of data quality and governance is the Business Data Glossary. The Business Data Glossary helps to align the terminology of the business with the organization’s data assets. It allows the people who interact with the data to quickly identify the applications, processes, and stewardship associated with it, which will enhance the accuracy and efficiency of searches for organization data definitions and attributes, enabling better access to the data. This will, in turn, enhance the quality of the organization’s data because it will be more accurate, relevant, and accessible.

    Use the Business Data Glossary Template to document key aspects of the data, such as:

    • Definition
    • Source System
    • Possible Values
    • Data Steward
    • Data Sensitivity
    • Data Availability
    • Batch or Live
    • Retention

    Data Element

    • Mkt-Product
    • Fin-Product

    Info-Tech Insight

    The Business Data Glossary ensures that the crucial data that has key business use by key business systems and users is appropriately owned and defined. It also establishes rules that lead to proper data management and quality to be enforced by the data owners.

    Download this Tool

    Data Steward(s): Use the Data Quality Improvement Plan of the business unit for ongoing quality monitoring

    Integrating your data quality strategy into the organization’s data governance program requires passing the strategy over to members of the data governance program. The data steward role is responsible for data quality at the business unit level, and should have been involved with the creation and implementation of the data quality improvement project. After the data quality repairs have been made, it is the responsibility of the data steward to regularly monitor the quality of the business unit’s data.

    Create Improvement Plan ↓
    • Data Quality Improvement Team identifies root cause issues.
    • Brainstorm solutions.
    Implement Improvement Plan ↓
    • Data Quality Improvement Team works with IT.
    Sustain Improvement Plan
    • Data Steward should regularly monitor data quality.

    Download this tool

    See Info-Tech’s Data Steward Job Description Template for a detailed understanding of the roles and responsibilities of the data steward.

    Responsible for sustaining

    The image shows a screen capture of a document entitled Business Context & Subject Area Selection.

    Develop a business-facing data quality dashboard to show improvements or a sudden dip in data quality

    One tool that the data steward can take advantage of is the data quality dashboard. Initiatives that are implemented to address data quality must have metrics defined by business objectives in order to demonstrate the value of the data quality improvement projects. In addition, the data steward should have tools for tracking data quality in the business unit to report issues to the data owner and data governance steering committee.

    • Example 1: Marketing uses data for direct mail and e-marketing campaigns. They care about customer data in particular. Specifically, they require high data quality in attributes such as customer name, address, and product profile.
    • Example 2: Alternatively, Finance places emphasis on financial data, focusing on attributes like account balance, latency in payment, credit score, and billing date.

    The image is Business dashboard on Data Quality for Marketing. It features Data Quality metrics, listed in the left column, and numbers for each quarter over the course of one year, on the right.

    Notes on chart:

    General improvement in billing address quality

    Sudden drop in touchpoint accuracy may prompt business to ask for explanations

    Approach to creating a business-facing data quality dashboard:

    1. Schedule a meeting with the functional unit to discuss what key data quality metrics are essential to their business operations. You should consider the business context, functional area, and subject area analyses you completed in Phase 1 as a starting point.
    2. Discuss how to gather data for the key metrics and their associated calculations.
    3. Discuss and decide the reporting intervals.
    4. Discuss and decide the unit of measurement.
    5. Generate a dashboard similar to the example. Consider using a BI or analytics tool to develop the dashboard.

    Data quality management must be sustained for ongoing improvements to the organization’s data

    • Data quality is never truly complete; it is a set of ongoing processes and disciplines that requires a permanent plan for monitoring practices, reviewing processes, and maintaining consistent data standards.
    • Setting the expectation to stakeholders that a long-term commitment is required to maintain quality data within the organization is critical to the success of the program.
    • A data quality maintenance program will continually revise and fine-tune ongoing practices, processes, and procedures employed for organizational data management.

    Data quality is a program that requires continual care:

    →Maintain→Good Data →

    Data quality management is a long-term commitment that shifts how an organization views, manages, and utilizes its corporate data assets. Long-term buy-in from all involved is critical.

    “Data quality is a process. We are trying to constantly improve the quality over time. It is not a one-time fix.” – Akin Akinwumi, Manager of Data Governance, Startech.com

    Define a data quality review agenda for data quality sustainment

    2 hours

    Input

    • Metrics and goals for data quality

    Output

    • Regularly scheduled data quality checkups

    Materials

    • Data Quality Diagnostic
    • Data Quality Dashboard

    Participants

    • Data Steward

    As a data steward, you are responsible for ongoing data quality checks of the business unit’s data. Define an improvement agenda to organize the improvement activities. Organize the activities yearly and quarterly to ensure improvement is done year-round.

    Quarterly

    • Measure data quality metrics against milestones. Perform a regular data quality health check with Info-Tech’s Data Quality Diagnostic.
    • Review the business unit’s Business Data Glossary to ensure that it is up to date and comprehensive.
    • Assess progress of practice area initiatives (time, milestones, budget, benefits delivered).
    • Analyze overall data quality and report progress on key improvement projects and corrective actions in the executive dashboard.
    • Communicate overall status of data quality to oversight body.

    Annually

    • Calculate your current baseline and measure progress by comparing it to previous years.
    • Set/revise quality objectives for each practice area and inter-practice hand-off processes.
    • Re-evaluate/re-establish data quality objectives.
    • Set/review data quality metrics and tracking mechanisms.
    • Set data quality review milestones and timelines.
    • Revisit data quality training from an end-user perspective and from a practitioner perspective.

    Info-Tech Insight

    Do data quality diagnostic at the beginning of any improvement plan, then recheck health with the diagnostic at regular intervals to see if symptoms are coming back. This should be a monitoring activity, not a data quality fixing activity. If symptoms are bad enough, repeat the improvement plan process.

    Take the next step in your Data & Analytics Journey

    After establishing your data quality program, look to increase your data & analytics maturity.

    • Artificial Intelligence (AI) is a concept that many organizations strive to implement. AI can really help in areas such as data preparation. However, implementing AI solutions requires a level of maturity that many organizations are not at.
    • While a solid data quality foundation is essential for AI initiatives being successful, AI can also ensure high data quality.
    • An AI analytics solution can address data integrity issues at the earliest point of data processing, rapidly transforming these vast volumes of data into trusted business information. This can be done through Anomaly detection, which flags “bad” data, identifying suspicious anomalies that can impact data quality. By tracking and evaluating data, anomaly detection gives critical insights into data quality as data is processed. (Ira Cohen, The End to a Never-Ending Story? Improve Data Quality with AI Analytics, anodot, 2020)

    Consider… “Garbage in, garbage out.”

    Lay a solid foundation by addressing your data quality issues prior to investing heavily in an AI solution.

    Related Info-Tech Research

    Are You Ready for AI?

    • Use AI as a compelling event to expedite funding, resources, and project plans for your data-related initiatives. Check out this note to understand what it takes to be ready to implement AI solutions.

    Get Started With Artificial Intelligence

    • Current AI technology is data-enabled, automated, adaptive decision support. Once you believe you are ready for AI, check out this blueprint on how to get started.

    Build a Data Architecture Roadmap

    • The data lineage diagram was a key tool used in establishing your data quality program. Check out this blueprint and learn how to optimize your data architecture to provide greatest value from data.

    Create an Architecture for AI

    • Build your target state architecture from predefined best practice building blocks. This blueprint assists members first to assess if they have the maturity to embrace AI in their organization, and if so, which AI acquisition model fits them best.

    Phase 4 Summary

    1. Data Quality Improvement Strategy
    • Brainstorm solutions to your data quality issues using the following data quality improvement strategies as a guide:
      1. Fix data quality issues by improving system/application design
      2. Fix data quality issues using proper database design
      3. Improve integration and synchronization of enterprise data
      4. Improve data quality policies and procedures
      5. Streamline and optimize business processes
  • Sustain Your Data Quality Program
    • Quality data is the ultimate outcome of data governance and data quality management.
    • Sustaining your data quality requires continuous oversight through a data governance practice.
    • There are three primary groups (Data Governance Council, Data Owners, and Data Stewards) that are involved in a mature governance practice.
  • Grow Your Data & Analytics Maturity
    • After establishing your data quality program, take the next step in increasing your data & analytics maturity.
    • Good data quality is the foundation of pursuing different ways of maximizing the value of your data such as implementing AI solutions.
    • Continue your data & analytics journey by referring to Info-Tech’s quality research.
  • Research Contributors and Experts

    Izabela Edmunds

    Information Architect Mott MacDonald

    Akin Akinwumi

    Manager of Data Governance Startech.com

    Diraj Goel

    Growth Advisor BC Tech

    Sujay Deb

    Director of Data Analytics Technology and Platforms Export Development Canada

    Asif Mumtaz

    Data & Solution Architect Blue Cross Blue Shield Association

    Patrick Bossey

    Manager of Business Intelligence Crawford and Company

    Anonymous Contributors

    Ibrahim Abdel-Kader

    Research Specialist Info-Tech Research Group

    Ibrahim is a Research Specialist at Info-Tech Research Group. In his career to date he has assisted many clients using his knowledge in process design, knowledge management, SharePoint for ECM, and more. He is expanding his familiarity in many areas such as data and analytics, enterprise architecture, and CIO-related topics.

    Reddy Doddipalli

    Senior Workshop Director Info-Tech Research Group

    Reddy is a Senior Workshop Director at Info-Tech Research Group, focused on data management and specialized analytics applications. He has over 25 years of strong industry experience in IT leading and managing analytics suite of solutions, enterprise data management, enterprise architecture, and artificial intelligence–based complex expert systems.

    Andy Neill

    Practice Lead, Data & Analytics and Enterprise Architecture Info-Tech Research Group

    Andy leads the data and analytics and enterprise architecture practices at ITRG. He has over 15 years of experience in managing technical teams, information architecture, data modeling, and enterprise data strategy. He is an expert in enterprise data architecture, data integration, data standards, data strategy, big data, and development of industry standard data models.

    Crystal Singh

    Research Director, Data & Analytics Info-Tech Research Group

    Crystal is a Research Director at Info-Tech Research Group. She brings a diverse and global perspective to her role, drawing from her professional experiences in various industries and locations. Prior to joining Info-Tech, Crystal led the Enterprise Data Services function at Rogers Communications, one of Canada’s leading telecommunications companies.

    Igor Ikonnikov

    Research Director, Data & Analytics Info-Tech Research Group

    Igor is a Research Director at Info-Tech Research Group. He has extensive experience in strategy formation and execution in the information management domain, including master data management, data governance, knowledge management, enterprise content management, big data, and analytics.

    Andrea Malick

    Research Director, Data & Analytics Info-Tech Research Group

    Andrea Malick is a Research Director at Info-Tech Research Group, focused on building best practices knowledge in the enterprise information management domain, with corporate and consulting leadership in enterprise architecture and content management (ECM).

    Natalia Modjeska

    Research Director, Data & Analytics Info-Tech Research Group

    Natalia Modjeska is a Research Director at Info-Tech Research Group. She advises members on topics related to AI, machine learning, advanced analytics, and data science, including ethics and governance. Natalia has over 15 years of experience in developing, selling, and implementing analytical solutions.

    Rajesh Parab

    Research Director, Data & Analytics Info-Tech Research Group

    Rajesh Parab is a Research Director at Info-Tech Research Group. He has over 20 years of global experience and brings a unique mix of technology and business acumen. He has worked on many data-driven business applications. In his previous architecture roles, Rajesh created a number of product roadmaps, technology strategies, and models.

    Bibliography

    Amidon, Kirk. "Case Study: How Data Quality Has Evolved at MathWorks." The Fifth MIT Information Quality Industry Symposium. 13 July 2011. Web. 19 Aug. 2015.

    Boulton, Clint. “Disconnect between CIOs and LOB managers weakens data quality.” CIO. 05 February 2016. Accessed June 2020.

    COBIT 5: Enabling Information. Rolling Meadows, IL: ISACA, 2013. Web.

    Cohen, Ira. “The End to a Never-Ending Story? Improve Data Quality with AI Analytics.” anodot. 2020.

    “DAMA Guide to the Data Management Body of Knowledge (DAMA-DMBOK Guide).” First Edition. DAMA International. 2009. Digital. April 2014.

    "Data Profiling: Underpinning Data Quality Management." Pitney Bowes. Pitney Bowes - Group 1 Software, 2007. Web. 18 Aug. 2015.

    Data.com. “Data.com Clean.” Salesforce. 2016. Web. 18 Aug. 2015.

    “Dawn of the CDO." Experian Data Quality. 2015. Web. 18 Aug. 2015.

    Demirkan, Haluk, and Bulent Dal. "Why Do So Many Analytics Projects Fail?" The Data Economy: Why Do so Many Analytics Projects Fail? Analytics Magazine. July-Aug. 2014. Web.

    Dignan, Larry. “CIOs juggling digital transformation pace, bad data, cloud lock-in and business alignment.” ZDNet. 11 March 2020. Accessed July.

    Dumbleton, Janani, and Derek Munro. "Global Data Quality Research - Discussion Paper 2015." Experian Data Quality. 2015. Web. 18 Aug. 2015.

    Eckerson, Wayne W. "Data Quality and the Bottom Line - Achieving Business Success through a Commitment to High Quality Data." The Data Warehouse Institute. 2002. Web. 18 Aug. 2015.

    “Infographic: Data Quality in BI the Costs and Benefits.” HaloBI. 2015 Web.

    Lee, Y.W. and Strong, D.M. “Knowing-Why About Data Processes and Data Quality.” Journal of Management Information Systems. 2004.

    “Making Data Quality a Way of Life.” Cognizant. 2014. Web. 18 Aug. 2015.

    "Merck Serono Achieves Single Source of Truth with Comprehensive RIM Solutions." www.productlifegroup.com. ProductLife Group. 15 Apr. 2015. Web. 23 Nov. 2015.

    Myers, Dan. “List of Conformed Dimensions of Data Quality.” Conformed Dimensions of Data Quality (CDDQ). 2019. Web.

    Redman, Thomas C. “Make the Case for Better Data Quality.” Harvard Business Review. 24 Aug. 2012. Web. 19 Aug. 2015.

    RingLead Data Management Solutions. “10 Stats About Data Quality I Bet You Didn’t Know.” RingLead. Accessed 7 July 2020.

    Schwartzrock, Todd. "Chrysler's Data Quality Management Case Study." Online video clip. YouTube. 21 April. 2011. Web. 18 Aug. 2015

    “Taking control in the digital age.” Experian Data Quality. Jan 2019. Web.

    “The data-driven organization, a transformation in progress.” Experian Data Quality. 2020. Web.

    "The Data Quality Benchmark Report." Experian Data Quality. Jan. 2015. Web. 18 Aug. 2015.

    “The state of data quality.” Experian Data Quality. Sept. 2013. Web. 17 Aug. 2015.

    Vincent, Lanny. “Differentiating Competence, Capability and Capacity.” Innovation Management Services. Web. June 2008.

    “7 ways poor data quality is costing your business.” Experian Data Quality. July 2020. Web.

    Improve your core processes

    Improve your core processes


    We have over 45 fully detailed
    and interconnected process guides
    for you to improve your operations

    Managing and improving your processes is key to attaining commercial success

    Our practical guides help you to improve your operations

    We have hundreds of practical guides, grouped in many processes in our model. You may not need all of them. I suggest you browse within the belo top-level categories below and choose where to focus your attention. And with Tymans Group's help, you can go one process area at a time.

    If you want help deciding, please use the contact options below or click here.

    Check out our guides

    Our research and guides are priced from €299,00

    • Gert Taeymans Guidance

      Tymans Group Guidance & Consulting

      Tymans Group guidance and (online) consulting using both established and forward-looking research and field experience in our management domains.

      Contact

    • Tymans Group
      & Info-Tech
      Combo

      Get both inputs, all of the Info-tech research (with cashback rebate), and Tymans Group's guidance.

      Contact

    • Info-Tech Research

      Info-Tech offers a vast knowledge body, workshops, and guided implementations. You can buy Info-Tech memberships here at Tymans Group with cashback, reducing your actual outlay.

      Contact

    Continue reading

    Structure the Role of the DBA

    • Buy Link or Shortcode: {j2store}273|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Business Intelligence Strategy
    • Parent Category Link: /business-intelligence-strategy
    • The traditional role of Database Administrators (DBAs) is shifting due to a variety of changes such as cloud databases, increased automation, close relations with development, and the need for more integration with the business at large. All this means that organizations will have to adapt to integrate a new type of DBA into IT.
    • Organizations often have difficulty establishing a refined and effective DBA structure based on repeatable and well-grounded processes.
    • The relationship between DBAs and the rest of IT (especially development) can often be problematic due to a lack of mutual co-operation and clear communication.
    • There is often confusion in organizations as how to approach staffing DBAs.

    Our Advice

    Critical Insight

    • An organization’s relative focus on operations or development is essential in determining many DBA related decisions. This focus can determine what kinds of DBAs to hire, what staffing ratios to use, the viability of outsourcing, and the appropriate reporting structure for DBAs.
    • Utilizing technological strategies such as database automation, effective auditing, and database consolidation to bolster the DBA team helps make efficient use of DBA staff and can turn a reactive environment into a proactive one.
    • Ensuring refined and regularly assessed processes are in place for change and incident management is essential for maintaining effective and structured database administration.

    Impact and Result

    • Right-size, support, and structure your DBA team for increased cost effectiveness and optimal productivity.
    • Develop a superior level of co-operation between DBAs and the rest of IT as well as the business at large.
    • Build an environment in which DBAs will be motivated and flourish.

    Structure the Role of the DBA Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand how Database Administrators are evolving

    Develop an effective structure for managing and supporting Database Administrators.

    • Storyboard: Structure the Role of the DBA

    2. Create the right Database Administrator roles to meet organizational needs

    Build a team that is relevant to the focus of the organization.

    • System Database Administrator
    • Application Database Administrator
    [infographic]

    Effectively Recognize IT Employees

    • Buy Link or Shortcode: {j2store}547|cart{/j2store}
    • member rating overall impact (scale of 10): 8.0/10 Overall Impact
    • member rating average dollars saved: $100 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Engage
    • Parent Category Link: /engage
    • Even when organizations do have recognition programs, employees want more recognition than they currently receive.
    • In a recent study, McLean & Company found that 69% of IT employees surveyed felt they were not adequately praised and rewarded for superior work.
    • In a lot of cases, the issue with recognition programs isn’t that IT departments haven’t thought about the importance but rather that they haven’t focused on proper execution.

    Our Advice

    Critical Insight

    • You’re busy – don’t make your recognition program more complicated than it needs to be. Focus on day-to-day ideas and actively embed recognition into your IT team’s culture.
    • Recognition is impactful independent of rewards (i.e. items with a monetary value), but rewarding employees without proper recognition can be counterproductive. Put recognition first and use rewards as a way to amplify its effectiveness.

    Impact and Result

    • Info-Tech tools and guidance will help you develop a successful and sustainable recognition program aligned to strategic goals and values.
    • By focusing on three key elements – customization, alignment, and transparency – you can improve your recognition culture within four weeks, increasing employee engagement and productivity, improving relationships, and reducing turnover.

    Effectively Recognize IT Employees Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement an IT employee recognition program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Effectively Recognize IT Employees – Executive Brief
    • Effectively Recognize IT Employees – Phases 1-3

    1. Assess the current recognition landscape

    Understand the current perceptions around recognition practices in the organization and determine the behaviors that your program will seek to recognize.

    • Effectively Recognize IT Employees – Phase 1: Assess the Current Recognition Landscape
    • IT Employee Recognition Survey Questions

    2. Design the recognition program

    Determine the structure and processes to enable effective recognition in your IT organization.

    • Effectively Recognize IT Employees – Phase 2: Design the Recognition Program
    • Employee Recognition Program Guide
    • Employee Recognition Ideas Catalog
    • Employee Recognition Nomination Form

    3. Implement the recognition program

    Rapidly build and roll out a recognition action and sustainment plan, including training managers to reinforce behavior with recognition.

    • Effectively Recognize IT Employees – Phase 3: Implement the Recognition Program
    • Recognition Action and Communication Plan
    • Manager Training: Reinforce Behavior With Recognition
    [infographic]

    Select and Implement a Web Experience Management Solution

    • Buy Link or Shortcode: {j2store}556|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • A company’s web presence is its front face to the world. Ensuring you have the right suite of tools for web content management, experience design, and web analytics is critical to putting your best foot forward: failing to do so will result in customer attrition and lost revenue.
    • Web Experience Management (WEM) suites are a rapidly maturing and dynamic market, with a landscape full of vendors with cutting edge solutions and diverse offerings. As a result, finding a solution that is the best fit for your organization can be a complex process.

    Our Advice

    Critical Insight

    • WEM products are not a one-size-fits-all investment: unique evaluations and customization are required in order to deploy a solution that fits your organization.
    • WEM technology often complements core CRM and marketing management products – it does not supplant it, and must augment the rest of your customer experience management portfolio.
    • Phase your WEM implementation: Start with core capabilities such as content management, then add additional capabilities for site analytics and dynamic experience.

    Impact and Result

    • Align marketing needs with identified functional requirements.
    • Implement a best-fit WEM that increases customer acquisition and retention, and provides in-depth capabilities for site analysis.
    • Optimize procurement and operations costs for the WEM platform.

    Select and Implement a Web Experience Management Solution Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should select and implement a WEM solution, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Launch the WEM project and collect requirements

    Conduct a market overview, structure the project, and gather requirements.

    • Select and Implement a Web Experience Management Solution – Phase 1: Launch the WEM Project and Collect Requirements
    • WEM Project Charter Template
    • WEM Use-Case Fit Assessment Tool

    2. Select a WEM solution

    Analyze and shortlist vendors in the space and select a WEM solution.

    • Select and Implement a Web Experience Management Solution – Phase 2: Select a WEM Solution
    • WEM Vendor Shortlist & Detailed Feature Analysis Tool
    • WEM Vendor Demo Script Template
    • WEM RFP Template

    3. Plan the WEM implementation

    Plan the implementation and evaluate project metrics.

    • Select and Implement a Web Experience Management Solution – Phase 3: Plan the WEM Implementation
    • WEM Work Breakdown Structure Template
    [infographic]

    Workshop: Select and Implement a Web Experience Management Solution

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Launch of the WEM Selection Project

    The Purpose

    Discuss the general project overview for the WEM selection.

    Key Benefits Achieved

    Launch of your WEM selection project.

    Development of your organization’s WEM requirements.

    Activities

    1.1 Facilitation of activities from the Launch the WEM Project and Collect Requirements phase, including project scoping and resource planning.

    1.2 Conduct overview of the WEM market landscape, trends, and vendors.

    1.3 Conduct process mapping for selected marketing processes.

    1.4 Interview business stakeholders.

    1.5 Prioritize WEM functional requirements.

    Outputs

    WEM Procurement Project Charter

    WEM Use-Case Fit Assessment

    2 Plan the Procurement and Implementation Process

    The Purpose

    Plan the procurement and the implementation of the WEM solution.

    Key Benefits Achieved

    Selection of a WEM solution.

    A plan for implementing the selected WEM solution.

    Activities

    2.1 Complete marketing process mapping with business stakeholders.

    2.2 Interview IT staff and project team, identify technical requirements for the WEM suite, and document high-level solution requirements.

    2.3 Perform a use-case scenario assessment, review use-case scenario results, identify use-case alignment, and review the WEM Vendor Landscape vendor profiles and performance.

    2.4 Create a custom vendor shortlist and investigate additional vendors for exploration in the marketplace.

    2.5 Meet with project manager to discuss results and action items.

    Outputs

    Vendor Shortlist

    WEM RFP

    Vendor Evaluations

    Selection of a WEM Solution

    WEM projected work break-down

    Implementation plan

    Framework for WEM deployment and CRM/Marketing Management Suite Integration

    Explore the Secrets of Oracle Cloud Licensing

    • Buy Link or Shortcode: {j2store}142|cart{/j2store}
    • member rating overall impact (scale of 10): 9.5/10 Overall Impact
    • member rating average dollars saved: 5 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • Organizations are considering moving workloads to the cloud; however, they often struggle to understand Oracle's licensing and services models.
    • Complexity of licensing and high price tags can make the renewal process an overwhelming experience.
    • Oracle’s SaaS applications are the most mature, but Oracle’s on-premises E-Business Suite still has functionality gaps in comparison to Oracle’s cloud apps.

    Our Advice

    Critical Insight

    • Understand the Oracle agenda. Oracle has established a unique approach to their cloud offerings – they want all of your workloads on the Red Stack.
    • Communicate effectively. Be aware that Oracle will reach out to members at your organization at various levels. Having your executives on the same page is critical to successfully managing Oracle.
    • Negotiate hard. Oracle needs the deal more than the customer. Oracle's top leaders are heavily incentivized to drive massive cloud adoption and increase Oracle's share price. Use this to your advantage.

    Impact and Result

    • Conducting business with Oracle is not typical compared to other vendors. To emerge successfully from a commercial transaction with Oracle, customers must learn the “Oracle way” of conducting business, which includes a best-in-class sales structure, highly unique contracts, and license use policies coupled with a hyper-aggressive compliance function.
    • Leverage cloud spend to retire support on shelf-ware licenses, or gain virtualization rights for an on-premises environment.
    • Map out the process of how to negotiate from a position of strength, examining terms and conditions, discount percentages, and agreement pitfalls.
    • Carefully review key clauses in the Oracle Cloud Services Agreement to avoid additional spend and compliance risks.

    Explore the Secrets of Oracle Cloud Licensing Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should explore the secrets of Oracle Cloud licensing, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Evaluate licensing requirements

    Review current licensing options and models to determine which cloud products will most appropriately fit the organization's environment.

    • Oracle Cloud Services Agreement Terms and Conditions Evaluation Tool
    [infographic]

    Develop the Right Message to Engage Buyers

    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions

    Sixty percent of marketers find it hard to produce high-quality content consistently. SaaS marketers have an even more difficult job due to the technical nature of content production. Without an easy content development strategy, marketers have an insurmountable task of continually creating interesting content for an audience they don’t understand.

    Globally, B2B SaaS marketers without the ability to consistently produce and activate quality content will experience:

    • High website bounce rates and low time on site
    • Low page views
    • A low percentage of return visitors
    • Low conversions
    • Low open and click-through rates on email campaigns

    Our Advice

    Critical Insight

    Marketing content that identifies the benefit of the product along with a deep understanding of the buyer pain points, desired value, and benefit proof points is a key driver in delivering value to a prospect, thereby increasing marketing metrics such as open rates, time on site, page views, and click-through rates.

    Impact and Result

    Marketers that activate the SoftwareReviews message mapping architecture will be able to crack the code on the formula for improving open and click-through rates.

    By applying the SoftwareReviews message mapping architecture, clients will be able to:

    • Quickly diagnose the current state of their content marketing effectiveness compared to industry metrics.
    • Compare their current messaging approach versus the key elements of the Message Map Architecture.
    • Create more compelling and relevant content that aligns with a buyer’s needs and journey.
    • Shrink marketing and sales cycles.
    • Increase the pace of content production.

    Develop the Right Message to Engage Buyers Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Develop the Right Message to Engage Buyers Executive Brief – A mapping architecture to enable marketers to crack the code on the formula for improving open and click-through rates.

    Through this blueprint marketers will learn how to shift content away from low-performing content that only focuses on the product and company to high-performing customer-focused content that answers the “What’s in it for me?” question for a buyer, increasing engagement and conversions.

    Infographic

    Further reading

    Develop the Right Message to Engage Buyers

    Drive higher open rates, time-on-site, and click-through rates with buyer-relevant messaging.

    Analyst Perspective

    Develop the right message to engage buyers.

    Marketers only have seven seconds to capture a visitor's attention but often don't realize that the space between competitors and their company is that narrow. They often miss the mark on content and create reams of product and company-focused messaging that result in high bounce rates, low page views, low return visits, low conversions, and low click-through rates.

    We wouldn't want to sit in a conversation with someone who only speaks about themselves, so why would it be any different when we buy something? Today's marketers must quickly hook their visitors with content that answers the critical question of "What's in it for me?"

    Our research finds that leading content marketers craft messaging that lets their audience ”know they know them,” points out what’s in it for them, and includes proof points of promised value. This simple, yet often missed approach, we call Message Mapping, which helps marketers grab a visitor’s initial attention and when applied throughout the customer journey will turn prospects into customers, lifelong buyers, advocates, and referrals.

    Photo of Terra Higginson, Marketing Research Director, SoftwareReviews.

    Terra Higginson
    Marketing Research Director
    SoftwareReviews

    Executive Summary

    Your Challenge

    Globally, B2B SaaS marketers without the ability to consistently produce and activate quality content will experience:

    • High website bounce rates and low time on site
    • Low page views
    • A low percentage of return visitors
    • Low conversions
    • Low open and click-through rates on email campaigns
    Sixty percent of marketers find it hard to produce high-quality content consistently. SaaS marketers have an even more difficult job due to the technical nature of content production. Without an easy content development strategy, marketers have an insurmountable task of continually creating interesting content for an audience they don’t understand.
    Common Obstacles

    Marketers struggle to create content that quickly engages the buyer because they lack:

    • Resources to create a high volume of quality content.
    • True buyer understanding.
    • Experience in how to align technical messaging with the buyer persona.
    • Easy-to-deploy content strategy tools.
    Even though most marketers will say that it’s important to produce interesting content, only 58% of B2B markers take the time to ask their customers what’s important to them. Without a true and deep understanding of buyers, marketers continue to invest their time and resources in an uninteresting product and company-focused diatribe.
    SoftwareReviews’ Approach

    By applying the SoftwareReviews’ message mapping architecture, clients will be able to:

    • Quickly diagnose the current state of their content marketing effectiveness compared to industry metrics.
    • Compare their current messaging approach against the key elements of the Message Map Architecture.
    • Create more compelling and relevant content that aligns with a buyer’s needs and journey.
    • Shrink marketing and sales cycles.
    • Increase the pace of content production.
    Marketers that activate the SoftwareReviews message mapping architecture will be able to crack the code on the formula for improving open and click-through rates.

    SoftwareReviews Insight

    Marketing content that identifies the benefit of the product, along with a deep understanding of the buyer pain points, desired value, and benefit proof-points, is a key driver in delivering value to a prospect, thereby increasing marketing metrics such as open rates, time on site, page views, and click-through rates.

    Your Challenge

    65% of marketers find it challenging to produce engaging content.

    Globally, B2B SaaS marketers without the ability to consistently produce and activate quality content will experience:

    • High website bounce rates and low time on site
    • Low page views
    • A low percentage of return visitors
    • Low conversions
    • Low open and click-through rates on email campaigns

    A staggering 60% of marketers find it hard to produce high-quality content consistently and 62% don’t know how to measure the ROI of their campaigns according to OptinMonster.

    SaaS marketers have an even more difficult job due to the technical nature of content production. Without an easy content development strategy, marketers have an insurmountable task of continually creating interesting content for an audience they don’t understand.


    Over 64% of marketers want to learn how to build a better content
    (Source: OptinMonster, 2021)

    Benchmark your content marketing

    Do your content marketing metrics meet the industry-standard benchmarks for the software industry?
    Visualization of industry benchmarks for 'Bounce Rate', 'Organic CTR', 'Pages/Session', 'Average Session Duration', '% of New Sessions', 'Email Open Rate', 'Email CTR', and 'Sales Cycle Length (Days)' with sources linked below.
    GrowRevenue, MarketingSherpa, Google Analytics, FirstPageSage, Google Analytics, HubSpot
    • Leaders will measure content marketing performance against these industry benchmarks.
    • If your content performance falls below these benchmarks, your content architecture may be missing the mark with prospective buyers.

    Common flaws in content messaging

    Why do marketers have a hard time consistently producing messaging that engages the buyer?

    Mistake #1

    Myopic Focus on Company and Product

    Content suffers a low ROI due to a myopic focus on the company and the product. This self-focused content fails to engage prospects and move them through the funnel.

    Mistake #2

    WIIFM Question Unanswered

    Content never answers the fundamental “What’s in it for me?” question due to a lack of true buyer understanding. This leads to an inability to communicate the value proposition to the prospect.

    Mistake #3

    Inability to Select the Right Content Format

    Marketers often guess what kind of content their buyers prefer without any real understanding or research behind what buyers would actually want to consume.

    Leaders Will Avoid the “Big Three” Pitfalls
    • While outdated content, poor content organization on your website, and poor SEO are additional strategic factors (outside the scope of this research), poor messaging structure will doom your content marketing strategy.
    • Leaders will be vigilant to diagnose current messaging structure and avoid:
      1. Making messaging all about you and your company.
      2. Failing to describe what’s in it for your prospects.
      3. Often guessing at what approach to use when structuring your messaging.

    Implications of poor content

    Without quality content, the sales and marketing cycles elongate and content marketing metrics suffer.
    • Lost sales: Research shows that B2B buyers are 57-70% done with their buying research before they ever contact sales.(Worldwide Business Research, 2022)
    • The buyer journey is increasingly digital: Research shows that 67% of the buyer's journey is now done digitally.(Worldwide Business Research, 2022)
    • Wasted time: In a Moz study of 750,000 pieces of content, 50% had zero backlinks, indicating that no one felt these assets were interesting enough to reference or share. (Moz, 2015)
    • Wasted money: SaaS companies spend $342,000 to $1,080,000 per year (or more) on content marketing. (Zenpost, 2022) The wrong content will deliver a poor ROI.

    50% — Half of the content produced has no backlinks. (Source: Moz, 2015)

    Content matters more than ever since 67% of the buyer's journey is now done digitally. (Source: Worldwide Business Research, 2022)

    Benefits of good content

    A content mapping approach lets content marketers:
    • Create highly personalized content. Content mapping helps marketers to create highly targeted content at every stage of the buyer’s journey, helping to nurture leads and prospects toward a purchase decision.
    • Describe “What’s in it for me?” to buyers. Remember that you aren’t your customer. Good content quickly answers the question “What’s in it for me?” (WIIFM) developed from the findings of the buyer persona. WIIFM-focused content engages a prospect within seven seconds.
    • Increase marketing ROI. Content marketing generates leads three times greater than traditional marketing (Patel, 2016).
    • Influence prospects. Investing in a new SaaS product isn’t something buyers do every day. In a new situation, people will often look to others to understand what they should do. Good content uses the principles of authority and social proof to build the core message of WIIFM. Authority can be conferred with awards and accolades, whereas social proof is given through testimonials, case studies, and data.
    • Build competitive advantage. Increase competitive advantage by providing content that aligns with the ideal client profile. Fifty-two percent of buyers said they were more likely to buy from a vendor after reading its content (1827 Marketing, 2022).
    Avoid value claiming. Leaders will use client testimonials as proof points because buyers believe peers more than they believe you.

    “… Since 95 percent of the people are imitators and only 5 percent initiators, people are persuaded more by the actions of others than by any proof we can offer. (Robert Cialdini, Influence: The Psychology of Persuasion)

    Full slide: 'Message Map Architecture'.

    Full slide: 'Message Map Template' with field descriptions and notes.

    Full slide: 'Message Map Template' with field descriptions, no notes.

    Full slide: 'Message Map Template' with blank fields.

    Full slide: 'Message Map Template' with 'Website Example segment.com' filled in fields.

    Full slide: 'Website Example segment.com' the website as it appears online with labels on the locations of elements of the message map.

    Full slide: 'Website Example segment.com' the website as it appears online with labels on the locations of elements of the message map.

    Full slide: 'Website Example segment.com' the website as it appears online with labels on the locations of elements of the message map.

    Full slide: 'Website Example segment.com' the website as it appears online with labels on the locations of elements of the message map.

    Email & Social Post Example

    Use the message mapping architecture to create other types of content.

    Examples of emails and social media posts as they appear online with labels on the locations of elements of the message map.

    Insight Summary

    Create Content That Matters

    Marketing content that identifies the benefit of the product along with a deep understanding of the buyer pain points, desired value, and benefit proof-points is a key driver in delivering value to a prospect, thereby increasing marketing metrics such as open rates, time on site, page views, and click-through rates.

    What’s in It for Me?

    Most content has a focus on the product and the company. Content that lacks a true and deep understanding of the buyer suffers low engagement and low conversions. Our research shows that all content must answer ”What’s in it for me?” for a prospect.

    Social Proof & Authority

    Buyers that are faced with a new and unusual buying experience (such as purchasing SaaS) look at what others say about the product (social proof) and what experts say about the product (authority) to make buying decisions.

    Scarcity & Loss Framing

    Research shows that scarcity is a strong principle of influence that can be used in marketing messages. Loss framing is a variation of scarcity and can be used by outlining what a buyer will lose instead of what will be gained.

    Unify the Experience

    Use your message map to structure all customer-facing content across Sales, Product, and Marketing and create a unified and consistent experience across all touchpoints.

    Close the Gap

    SaaS marketers often find the gap between product and company-focused content and buyer-focused content to be so insurmountable that they never manage to overcome it without a framework like message mapping.

    Related SoftwareReviews Research

    Sample of 'Create a Buyer Persona and Journey' blueprint.

    Create a Buyer Persona and Journey

    Make it easier to market, sell, and achieve product-market fit with deeper buyer understanding.
    • Reduce time and treasure wasted chasing the wrong prospects.
    • Improve product-market fit.
    • Increase open and click-through rates in your lead gen engine.
    • Perform more effective sales discovery and increase eventual win rates.
    Sample of 'Diagnose Brand Health to Improve Business Growth' blueprint.

    Diagnose Brand Health to Improve Business Growth

    Have a significant and well-targeted impact on business success and growth by knowing how your brand performs, identifying areas of improvement, and making data-driven decisions to fix it.
    • Importance of brand is recognized, endorsed, and prioritized.
    • Support and resources allocated.
    • All relevant data and information collected in one place.
    • Ability to make data-driven recommendations and decisions on how to improve.
    Sample of 'Build a More Effective Go-to-Market Strategy' blueprint.

    Build a More Effective Go-to-Market Strategy

    Creating a compelling Go-to-Market strategy, and keeping it current, is a critical software company function – as important as financial strategy, sales operations, and even corporate business development – given its huge impact on the many drivers of sustainable growth.
    • Align stakeholders on a common vision and execution plan.
    • Build a foundation of buyer and competitive understanding.
    • Deliver a team-aligned launch plan that enables commercial success.

    Bibliography

    Arakelyan, Artash. “How SaaS Companies Increase Their ROI With Content Marketing.” Clutch.co, 27 July 2018. Accessed July 2022.

    Bailyn, Evan. “Average Session Duration: Industry Benchmarks.” FirstPageSage, 16 March 2022. Accessed July 2022.

    Burstein, Daniel. “Marketing Research Chart: Average clickthrough rates by industry.” MarketingSherpa, 1 April 2014. Accessed July 2022.

    Cahoon, Sam. “Email Open Rates By Industry (& Other Top Email Benchmarks).” HubSpot, 10 June 2021. Accessed July 2022.

    Cialdini, Robert. Influence: Science and Practice. 5th ed. Pearson, 29 July 2008. Print.

    Cialdini, Robert. Influence: The Psychology of Persuasion. Revised ed. Harper Business, 26 Dec. 2006. Print.

    Content Marketing—Statistics, Evidence and Trends.” 1827 Marketing, 7 Jan. 2022. Accessed July 2022.

    Devaney, Erik. “Content Mapping 101: The Template You Need to Personalize Your Marketing.” HubSpot, 21 April 2022. Accessed July 2022.

    Hiscox Business Insurance. “Growing Your Business--and Protecting It Every Step of the Way.” Inc.com. 25 April 2022. Accessed July 2022.

    Hurley Hall, Sharon. “85 Content Marketing Statistics To Make You A Marketing Genius.” OptinMonster, 14 Jan. 2021. Accessed July 2022.

    Patel, Neil. “38 Content Marketing Stats That Every Marketer Needs to Know.” NeilPatel.com, 21 Jan. 2016. Web.

    Prater, Meg. “SaaS Sales: 7 Tips on Selling Software from a Top SaaS Company.” HubSpot, 9 June 2021. Web.

    Polykoff, Dave. “20 SaaS Content Marketing Statistics That Lead to MRR Growth in 2022.” Zenpost blog, 22 July 2022. Web.

    Rayson, Steve. “Content, Shares, and Links: Insights from Analyzing 1 Million Articles.” Moz, 8 Sept. 2015. Accessed July 2022.

    “SaaS Content Marketing: How to Measure Your SaaS Content’s Performance.” Ken Moo, 9 June 2022. Accessed July 2022.

    Taylor Gregory, Emily. “Content marketing challenges and how to overcome them.” Longitude, 14 June 2022. Accessed July 2022.

    Visitors Benchmarking Channels. Google Analytics, 2022. Accessed July 2022.

    WBR Insights. “Here's How the Relationship Between B2B Buying, Content, and Sales Reps Has Changed.” Worldwide Business Research, 2022. Accessed July 2022.

    “What’s a good bounce rate? (Here’s the average bounce rate for websites).” GrowRevenue.io, 24 Feb. 2020. Accessed July 2022.

    Info-Tech Quarterly Research Agenda Outcomes Q2-Q3 2023

    • Buy Link or Shortcode: {j2store}297|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy

    At Info-Tech, we take pride in our research and have established the most rigorous publication standards in the industry. However, we understand that engaging with all our analysts to gauge the future may not always be possible. Hence, we have curated some compelling recently published research along with forthcoming research insights to assist you in navigating the next quarter.

    Our Advice

    Critical Insight

    We offer a quarterly Research Agenda Outcomes deck that thoroughly summarizes our recently published research, supplying decision makers with valuable insights and best practices to make informed and effective decisions. Our research is supported by our team of seasoned analysts with decades of experience in the IT industry.

    By leveraging our research, you can stay updated with the latest trends and technologies, giving you an edge over the competition and ensuring the optimal performance of your IT department. This way, you can make confident decisions that lead to remarkable success and improved outcomes.

    Impact and Result

    • Enhance preparedness for future market trends and developments: Keep up to date with the newest trends and advancements in the IT sector to be better prepared for the future.
    • Enhance your decision making: Acquire valuable information and insights to make better-informed, confident decisions.
    • Promote innovation: Foster creativity, explore novel perspectives, drive innovation, and create new products or services.

    Info-Tech Quarterly Research Agenda Outcomes Q2/Q3 2023 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Info-Tech Quarterly Research Agenda Q3 2023 Deck – An overview of our Research Agenda Outcome for Q2 and Q3 of 2023.

    A guide to our top research published to date for 2023 (Q2/Q3).

    • Info-Tech Quarterly Research Agenda Outcomes for Q2/Q3 2023
    [infographic]

    Further reading

    Featured Research Projects 2023 (Q2/Q3)

    “Here are my selections for the top research projects of the last quarter.”

    Photo of Gord Harrison, Head of Research & Advisory, Info-Tech Research Group.

    Gord Harrison
    Head of Research & Advisory
    Info-Tech Research Group

    CIO

    01
    Build Your Generative AI Roadmap

    Generative AI is here, and it's time to find its best uses – systematically and responsibly.

    02
    CIO Priorities 2023

    Engage cross-functional leadership to seize opportunity while protecting the organization from volatility.

    03
    Build an IT Risk Taxonomy

    If integrated risk is your destination, your IT risk taxonomy is the road to get you there.

    04
    Navigate the Digital ID Ecosystem to Enhance Customer Experience

    Beyond the hype: How it can help you become more customer-focused?

    05
    Effective IT Communications

    Generative AI is here, and it's time to find its best uses – systematically and responsibly.

    06
    Develop a Targeted Flexible Work Program for IT

    Select flexible work options that balance organizational and employee needs to drive engagement and improve attraction and retention.

    07
    Effectively Manage CxO Relations

    Make relationship management a daily habit with a personalized action plan.

    08
    Establish High-Value IT Performance Dashboards and Metrics

    Spend less time struggling with visuals and more time communicating about what matters to your executives.

    Applications

    09
    Build Your Enterprise Application Implementation Playbook

    Your implementation doesn't start with technology but with an effective plan that the team can align on.

    10
    Develop Your Value-First Business Process Automation Strategy

    As you scale your business automations, focus on what matters most.

    11
    Manage Requirements in an Agile Environment

    Agile and requirements management are complementary, not competitors.

    Security

    12
    Assess Your Cybersecurity Insurance Policy

    Adapt to changes in the cyber insurance market.

    13
    Design and Implement a Business-Aligned Security Program

    Focus first on business value.

    Infrastructure & Operations

    14
    Automate IT Asset Data Collection

    Acquire and use discovery tools wisely to populate, update, and validate the data in your ITAM database.

    Industry | Retail

    15
    Leveraging AI to Create Meaningful Insights and Visibility in Retail

    AI prominence across the enterprise value chain.

    Industry | Education

    16
    Understand the Implications of Generative AI in Education

    Bans aren't the answer, but what is?

    Industry | Wholesale

    17
    Wholesale Industry Business Reference Architecture

    Business capability maps, value streams, and strategy maps for the wholesale industry.

    Industry | Retail Banking

    18
    Mainframe Modernization for Retail Banking

    A strategy for modernizing mainframe systems to meet the needs of modern retail banking.

    Industry | Utilities

    19
    Data Analytics Use Cases for Utilities

    Building upon the collective wisdom for the art of the possible.

    Build Your Generative AI Roadmap

    Generative AI is here, and it's time to find its best uses – systematically and responsibly.

    CIO
    Strategy & Governance

    Photo of Bill Wong, Principal Research Director, Info-Tech Research Group.

    Bill Wong
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Build Your Generative AI Roadmap' research.

    Sample of the 'Build Your Generative AI Roadmap' research.

    Logo for Info-Tech.

    CIO Priorities 2023

    Engage cross-functional leadership to seize opportunity while protecting the organization from volatility.

    CIO
    Strategy & Governance

    Photo of Brian Jackson, Principal Research Director, Info-Tech Research Group.

    Brian Jackson
    Principal Research Director

    Download this report or book an analyst call on this topic

    Sample of the 'CIO Priorities 2023' report.

    Sample of the 'CIO Priorities 2023' report.

    Logo for Info-Tech.

    Build an IT Risk Taxonomy

    If integrated risk is your destination, your IT risk taxonomy is the road to get you there.

    CIO
    Strategy & Governance

    Photo of Donna Bales, Principal Research Director, Info-Tech Research Group.

    Donna Bales
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Build an IT Risk Taxonomy' research.

    Sample of the 'Build an IT Risk Taxonomy' research.

    Logo for Info-Tech.

    Navigate the Digital ID Ecosystem to Enhance Customer Experience

    Beyond the hype: How it can help you become more customer-focused?

    CIO
    Strategy & Governance

    Photo of Manish Jain, Principal Research Director, Info-Tech Research Group.

    Manish Jain
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Navigate the Digital ID Ecosystem to Enhance Customer Experience' research.

    Sample of the 'Navigate the Digital ID Ecosystem to Enhance Customer Experience' research.

    Logo for Info-Tech.

    Effective IT Communications

    Empower IT employees to communicate well with any stakeholder across the organization.

    CIO
    People & Leadership

    Photo of Brittany Lutes, Research Director, Info-Tech Research Group.

    Brittany Lutes
    Research Director

    Photo of Diana MacPherson, Senior Research Analyst, Info-Tech Research Group.

    Diana MacPherson
    Senior Research Analyst

    Download this research or book an analyst call on this topic

    Effective IT Communications' research.

    Sample of the 'Effective IT Communications' research.

    Logo for Info-Tech.

    Develop a Targeted Flexible Work Program for IT

    Select flexible work options that balance organizational and employee needs to drive engagement and improve attraction and retention.

    CIO
    People & Leadership

    Photo of Jane Kouptsova, Research Director, Info-Tech Research Group.

    Jane Kouptsova
    Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Develop a Targeted Flexible Work Program for IT' research.

    Sample of the 'Develop a Targeted Flexible Work Program for IT' research.

    Logo for Info-Tech.

    Effectively Manage CxO Relations

    Make relationship management a daily habit with a personalized action plan.

    CIO
    Value & Performance

    Photo of Mike Tweedle, Practice Lead, Info-Tech Research Group.

    Mike Tweedle
    Practice Lead

    Download this research or book an analyst call on this topic

    Sample of the 'Effectively Manage CxO Relations' research.

    Sample of the 'Effectively Manage CxO Relations' research.

    Logo for Info-Tech.

    Establish High-Value IT Performance Dashboards and Metrics

    Spend less time struggling with visuals and more time communicating about what matters to your executives.

    CIO
    Value & Performance

    Photo of Diana MacPherson, Senior Research Analyst, Info-Tech Research Group.

    Diana MacPherson
    Senior Research Analyst

    Download this research or book an analyst call on this topic

    Sample of the 'Establish High-Value IT Performance Dashboards and Metrics' research.

    Sample of the 'Establish High-Value IT Performance Dashboards and Metrics' research.

    Logo for Info-Tech.

    Build Your Enterprise Application Implementation Playbook

    Your implementation doesn't start with technology but with an effective plan that the team can align on.

    Applications
    Business Processes

    Photo of Ricardo de Oliveira, Research Director, Info-Tech Research Group.

    Ricardo de Oliveira
    Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Build Your Enterprise Application Implementation Playbook' research.

    Sample of the 'Build Your Enterprise Application Implementation Playbook' research.

    Logo for Info-Tech.

    Develop Your Value-First Business Process Automation Strategy

    As you scale your business automations, focus on what matters most.

    Applications
    Business Processes

    Photo of Andrew Kum-Seun, Research Director, Info-Tech Research Group.

    Andrew Kum-Seun
    Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Develop Your Value-First Business Process Automation Strategy' research.

    Sample of the 'Develop Your Value-First Business Process Automation Strategy' research.

    Logo for Info-Tech.

    Manage Requirements in an Agile Environment

    Agile and requirements management are complementary, not competitors.

    Applications
    Application Development

    Photo of Vincent Mirabelli, Principal Research Director, Info-Tech Research Group.

    Vincent Mirabelli
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Manage Requirements in an Agile Environment' research.

    Sample of the 'Manage Requirements in an Agile Environment' research.

    Logo for Info-Tech.

    Assess Your Cybersecurity Insurance Policy

    Adapt to changes in the cyber insurance market.

    Security
    Security Risk, Strategy & Governance

    Photo of Logan Rohde, Senior Research Analyst, Info-Tech Research Group.

    Logan Rohde
    Senior Research Analyst

    Download this research or book an analyst call on this topic

    Sample of the 'Assess Your Cybersecurity Insurance Policy' research.

    Sample of the 'Assess Your Cybersecurity Insurance Policy' research.

    Logo for Info-Tech.

    Design and Implement a Business-Aligned Security Program

    Focus first on business value.

    Security
    Security Risk, Strategy & Governance

    Photo of Michel Hébert, Research Director, Info-Tech Research Group.

    Michel Hébert
    Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Design and Implement a Business-Aligned Security Program' research.

    Sample of the 'Design and Implement a Business-Aligned Security Program' research.

    Logo for Info-Tech.

    Automate IT Asset Data Collection

    Acquire and use discovery tools wisely to populate, update, and validate the data in your ITAM database.

    Infrastructure & Operations
    I&O Process Management

    Photo of Andrew Sharp, Research Director, Info-Tech Research Group.

    Andrew Sharp
    Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Automate IT Asset Data Collection' research.

    Sample of the 'Automate IT Asset Data Collection' research.

    Logo for Info-Tech.

    Leveraging AI to Create Meaningful Insights and Visibility in Retail

    AI prominence across the enterprise value chain.

    Industry Coverage
    Retail

    Photo of Rahul Jaiswal, Principal Research Director, Info-Tech Research Group.

    Rahul Jaiswal
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Leveraging AI to Create Meaningful Insights and Visibility in Retail' research.

    Sample of the 'Leveraging AI to Create Meaningful Insights and Visibility in Retail' research.

    Logo for Info-Tech.

    Understand the Implications of Generative AI in Education

    Bans aren't the answer, but what is?

    Industry Coverage
    Education

    Photo of Mark Maby, Research Director, Info-Tech Research Group.

    Mark Maby
    Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Understand the Implications of Generative AI in Education' research.

    Sample of the 'Understand the Implications of Generative AI in Education' research.

    Logo for Info-Tech.

    Wholesale Industry Business Reference Architecture

    Business capability maps, value streams, and strategy maps for the wholesale industry.

    Industry Coverage
    Wholesale

    Photo of Rahul Jaiswal, Principal Research Director, Info-Tech Research Group.

    Rahul Jaiswal
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Wholesale Industry Business Reference Architecture' research.

    Sample of the 'Wholesale Industry Business Reference Architecture' research.

    Logo for Info-Tech.

    Mainframe Modernization for Retail Banking

    A strategy for modernizing mainframe systems to meet the needs of modern retail banking.

    Industry Coverage
    Retail Banking

    Photo of David Tomljenovic, Principal Research Director, Info-Tech Research Group.

    David Tomljenovic
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Mainframe Modernization for Retail Banking' research.

    Sample of the 'Mainframe Modernization for Retail Banking' research.

    Logo for Info-Tech.

    Data Analytics Use Cases for Utilities

    Building upon the collective wisdom for the art of the possible.

    Industry Coverage
    Utilities

    Photo of Jing Wu, Principal Research Director, Info-Tech Research Group.

    Jing Wu
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Data Analytics Use Cases for Utilities' research.

    Sample of the 'Data Analytics Use Cases for Utilities' research.

    Sneak Peaks: Research coming in next quarter!

    “Next quarter we have a big lineup of reports and some great new research!”

    Photo of Gord Harrison, Head of Research & Advisory, Info-Tech Research Group.

    Gord Harrison
    Head of Research & Advisory
    Info-Tech Research Group

    1. Build MLOps and Engineering for AI and ML

      Enabling you to develop your Engineering and ML Operations to support your current & planned use cases for AI and ML.
    2. Leverage Gen AI to Improve Your Test Automation Strategy

      Enabling you to embed Gen AI to assist your team during testing broader than Gen AI compiling code.
    3. Make Your IT Financial Data Accessible, Reliable, and Usable

      This project will provide a recipe for bringing IT's financial data to a usable state through a series of discovery, standardization, and policy-setting actions.
    4. Implement Integrated AI Governance

      Enabling you to implement best-practice governance principles when implementing Gen AI.
    5. Develop Exponential IT Capabilities

      Enabling you to understand and develop your strategic Exponential IT capabilities.
    6. Build Your AI Strategy and Roadmap

      This project will provide step-by-step guidance in development of your AI strategy with an AI strategy exemplar.
    7. Priorities for Data Leaders in 2024 and Beyond

      This report will detail the top five challenges expected in the upcoming year and how you as the CDAO can tackle them.
    8. Deploy AIOps More Effectively

      This research is designed to assess the process maturity of your IT operations and help identify pain pains and opportunities for AI deployment within your IT operations.
    9. Design Your Edge Computing Architecture

      This research will provide deployment guidelines and roadmap to address your edge computing needs.
    10. Manage Change in the AI-Enabled Enterprise

      Managing change is complex with the disruptive nature of emerging tech like AI. This research will assist you from an organizational change perspective.
    11. Assess the Security and Privacy Impacts of Your AI Vendors

      This research will allow you to enhance transparency, improve risk management, and ensure the security and privacy of data when working with AI vendors.
    12. Prepare Your Board for AI Disruption

      This research will arm you with tools to educate your board on the impact of Gen AI, addressing the potential risks and the potential benefits.

    Info-Tech Research Leadership Team

    “We have a world-class team of experts focused on providing practical, cutting-edge IT research and advice.”

    Photo of Gord Harrison, Head of Research & Advisory, Info-Tech Research Group.

    Gord Harrison
    Head of Research & Advisory
    Info-Tech Research Group

    Photo of Jack Hakimian, Senior Vice President, Research Development, Info-Tech Research Group.

    Jack Hakimian
    Senior Vice President
    Research Development

    Photo of Aaron Shum, Vice President, Security & Privacy Research, Info-Tech Research Group.

    Aaron Shum
    Vice President
    Security & Privacy Research

    Photo of Larry Fretz, Vice President, Industry Research, Info-Tech Research Group.

    Larry Fretz
    Vice President
    Industry Research

    Photo of Mark Tauschek, Vice President, Research Fellowships, Info-Tech Research Group.

    Mark Tauschek
    Vice President
    Research Fellowships

    Photo of Tom Zehren, Chief Product Officer, Info-Tech Research Group.

    Tom Zehren
    Chief Product Officer

    Photo of Rick Pittman, Vice President, Advisory Quality & Delivery, Info-Tech Research Group.

    Rick Pittman
    Vice President
    Advisory Quality & Delivery

    Photo of Nora Fisher, Vice President, Shared Services, Info-Tech Research Group.

    Nora Fisher
    Vice President
    Shared Services

    Photo of Becca Mackey, Vice President, Workshops, Info-Tech Research Group.

    Becca Mackey
    Vice President
    Workshops

    Photo of Geoff Nielson, Senior Vice President, Global Services & Delivery, Info-Tech Research Group.

    Geoff Nielson
    Senior Vice President
    Global Services & Delivery

    Photo of Brett Rugroden, Senior Vice President, Global Market Programs, Info-Tech Research Group.

    Brett Rugroden
    Senior Vice President
    Global Market Programs

    Photo of Hannes Scheidegger, Senior Vice President, Global Public Sector, Info-Tech Research Group.

    Hannes Scheidegger
    Senior Vice President
    Global Public Sector

    About Info-Tech Research Group

    Info-Tech Research Group produces unbiased and highly relevant research to help leaders make strategic, timely, and well-informed decisions. We partner closely with your teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for the organization.

    Sample of the IT Management & Governance Framework.

    Drive Measurable Results

    Our world-class leadership team is continually focused on building disruptive research and products that drive measurable results and save money.

    Info-Tech logo.

    Better Research Than Anyone

    Our team of experts is composed of the optimal mix of former CIOs, CISOs, PMOs, and other IT leaders and IT and management consultants as well as academic researchers and statisticians.

    Dramatically Outperform Your Peers

    Leverage Industry Best Practices

    We enable over 30,000 members to share their insights and best practices that you can use by having direct access to over 100 analysts as an extension of your team.

    Become an Info-Tech influencer:

    • Help shape our research by talking with our analysts.
    • Discuss the challenges, insights, and opportunities in your chosen areas.
    • Suggest new topic ideas for upcoming research cycles.

    Contact
    Jack Hakimian
    jhakimian@infotech.com

    We interview hundreds of experts and practitioners to help ensure our research is practical and focused on key member challenges.

    Why participate in expert interviews?

    • Discuss market trends and stay up to date.
    • Influence Info-Tech's research direction with your practical experience.
    • Preview our analysts' perspectives and preliminary research.
    • Build on your reputation as a thought leader and research contributor.
    • See your topic idea transformed into practical research.

    Thank you!

    Join us at our webinars to discuss more topics.

    For information on Info-Tech's products and services and to participate in our research process, please contact:

    Jack Hakimian
    jhakimian@infotech.com

    Initiate Your Service Management Program

    • Buy Link or Shortcode: {j2store}398|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Service Management
    • Parent Category Link: /service-management
    • IT organizations continue attempting to implement service management, often based on ITIL, with limited success and without visible value.
    • More than half of service management implementations have failed beyond simply implementing the service desk and the incident, change, and request management processes.
    • Organizational structure, goals, and cultural factors are not considered during service management implementation and improvement.
    • The business lacks engagement and understanding of service management.

    Our Advice

    Critical Insight

    • Service management is an organizational approach. Focus on producing successful and valuable services and service outcomes for the customers.
    • All areas of the organization are accountable for governing and executing service management. Ensure that you create a service management strategy that improves business outcomes and provides the value and quality expected.

    Impact and Result

    • Identified structure for how your service management model should be run and governed.
    • Identified forces that impact your ability to oversee and drive service management success.
    • Mitigation approach to restraining forces.

    Initiate Your Service Management Program Research & Tools

    Start here – read the Executive Brief

    Read this Executive Brief to understand why service management implementations often fail and why you should establish governance for service management.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify the level of oversight you need

    Use Info-Tech’s methodology to establish an effective service management program with proper oversight.

    • Service Management Program Initiation Plan
    [infographic]

    Make IT a Successful Partner in M&A Integration

    • Buy Link or Shortcode: {j2store}79|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy
    • Many organizations forget the essential role IT plays during M&A integration. IT is often unaware of a merger or acquisition until the deal is announced, making it very difficult to adequately interpret business goals and appropriately assess the target organization.
    • IT-related integration activities are amongst the largest cost items in an M&A, yet these costs are often overlooked or underestimated during due diligence.
    • IT is expected to use the M&A team’s IT due diligence report and estimated IT integration budget, which may not have been generated appropriately.
    • IT involvement in integration is critical to providing a better view of risks, improving the ease of integration, and optimizing synergies.

    Our Advice

    Critical Insight

    • Anticipate that you are going to be under pressure. Fulfill short-term, tactical operational imperatives while simultaneously conducting discovery and designing the technology end-state.
    • To migrate risks and guide discovery, select a high-level IT integration posture that aligns with business objectives.

    Impact and Result

    • Once a deal has been announced, use this blueprint to set out immediately to understand business M&A goals and expected synergies.
    • Assemble an IT Integration Program to conduct discovery and begin designing the technology end-state, while simultaneously identifying and delivering operational imperatives and quick-wins as soon as possible.
    • Following discovery, use this blueprint to build initiatives and put together an IT integration budget. The IT Integration Program has an obligation to explain the IT cost implications of the M&A to the business.
    • Once you have a clear understanding of the cost of your IT integration, use this blueprint to build a long-term action plan to achieve the planned technology end-state that best supports the business capabilities of the organization.

    Make IT a Successful Partner in M&A Integration Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should follow Info-Tech’s M&A IT integration methodology and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Launch the project

    Define the business’s M&A goals, assemble an IT Integration Program, and select an IT integration posture that aligns with business M&A strategy.

    • Make IT a Successful Partner in M&A Integration – Phase 1: Launch the Project
    • IT Integration Charter

    2. Conduct discovery and design the technology end-state

    Refine the current state of each IT domain in both organizations, and then design the end-state of each domain.

    • Make IT a Successful Partner in M&A Integration – Phase 2: Conduct Discovery and Design the Technology End-State
    • IT Integration Roadmap Tool

    3. Initiate operational imperatives and quick-wins

    Generate tactical operational imperatives and quick-wins, and then develop an interim action plan to maintain business function and capture synergies.

    • Make IT a Successful Partner in M&A Integration – Phase 3: Initiate Operational Imperatives and Quick-Wins

    4. Develop an integration roadmap

    Generate initiatives and put together a long-term action plan to achieve the planned technology end-state.

    • Make IT a Successful Partner in M&A Integration – Phase 4: Develop an Integration Roadmap
    [infographic]

    Workshop: Make IT a Successful Partner in M&A Integration

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Launch the Project

    The Purpose

    Identification of staffing and skill set needed to manage the IT integration.

    Generation of an integration communication plan to highlight communication schedule during major integration events.

    Identification of business goals and objectives to select an IT Integration Posture that aligns with business strategy.

    Key Benefits Achieved

    Defined IT integration roles & responsibilities.

    Structured communication plan for key IT integration milestones.

    Creation of the IT Integration Program.

    Generation of an IT Integration Posture.

    Activities

    1.1 Define IT Integration Program responsibilities.

    1.2 Build an integration communication plan.

    1.3 Host interviews with senior management.

    1.4 Select a technology end-state and IT integration posture.

    Outputs

    Define IT Integration Program responsibilities and goals

    Structured communication plan

    Customized interview guide for each major stakeholder

    Selected technology end-state and IT integration posture

    2 Conduct Discovery and Design the Technology End-State

    The Purpose

    Identification of information sources to begin conducting discovery.

    Definition of scope of information that must be collected about target organization.

    Definition of scope of information that must be collected about your own organization.

    Refinement of the technology end-state for each IT domain of the new entity. 

    Key Benefits Achieved

    A collection of necessary information to design the technology end-state of each IT domain.

    Adequate information to make accurate cost estimates.

    A designed end-state for each IT domain.

    A collection of necessary, available information to make accurate cost estimates. 

    Activities

    2.1 Define discovery scope.

    2.2 Review the data room and conduct onsite discovery.

    2.3 Design the technology end-state for each IT domain.

    2.4 Select the integration strategy for each IT domain.

    Outputs

    Tone set for discovery

    Key information collected for each IT domain

    Refined end-state for each IT domain

    Refined integration strategy for each IT domain

    3 Initiate Tactical Initiatives and Develop an Integration Roadmap

    The Purpose

    Generation of tactical initiatives that are operationally imperative and will help build business credibility.

    Prioritization and execution of tactical initiatives.

    Confirmation of integration strategy for each IT domain and generation of initiatives to achieve technology end-states.

    Prioritization and execution of integration roadmap.

    Key Benefits Achieved

    Tactical initiatives generated and executed.

    Confirmed integration posture for each IT domain.

    Initiatives generated and executed upon to achieve the technology end-state of each IT domain. 

    Activities

    3.1 Build quick-win and operational imperatives.

    3.2 Build a tactical action plan and execute.

    3.3 Build initiatives to close gaps and redundancies.

    3.4 Finalize your roadmap and kick-start integration.

    Outputs

    Tactical roadmap to fulfill short-term M&A objectives and synergies

    Confirmed IT integration strategies

    Finalized integration roadmap

    Build a Zero Trust Roadmap

    • Buy Link or Shortcode: {j2store}253|cart{/j2store}
    • member rating overall impact (scale of 10): 9.3/10 Overall Impact
    • member rating average dollars saved: $48,932 Average $ Saved
    • member rating average days saved: 42 Average Days Saved
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting
    • Many IT and security leaders struggle to understand zero trust and how best to deploy it with their existing IT resources.
    • The need to move from a perimeter-based approach to security toward an “Always Verify” approach is clear. The path to getting there is complex and expensive.
    • Zero trust as a principle is a moving target due to competing definitions and standards. A strategy that adapts evolving best practices must be supported by business stakeholders.
    • Full zero trust includes many components. Performing an accurate assessment of readiness and benefits to adopt zero trust can be extremely difficult when you don’t know where to start.

    Our Advice

    Critical Insight

    Apply zero trust to key protect surfaces. A successful zero trust strategy should evolve through an iterative and repeatable process by assessing the full spectrum of available technologies to apply zero trust principles to the most relevant protect surfaces.

    Impact and Result

    Every organization should have a zero trust strategy and the roadmap to deploy it must always be tested and refined. Our unique approach:

    • Assess resources and determine zero trust readiness.
    • Prioritize initiatives and build out roadmap.
    • Deploy zero trust and monitor with zero trust progress metrics.

    Build a Zero Trust Roadmap Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build a Zero Trust Roadmap Deck – The purpose of the storyboard is to provide a detailed description of the steps involving in building a roadmap for implementing zero trust.

    The storyboard contains five easy-to-follow steps on building a roadmap for implementing zero trust, from aligning initiatives to business goals to establishing metrics for measuring the progress and effectiveness of a zero trust implementation.

    • Build a Zero Trust Roadmap – Phases 1-5

    2. Zero Trust Protect Surface Mapping Tool – A tool to identify key protect surfaces and map them to business goals.

    Use this tool to develop your zero trust strategy by having it focus on key protect surfaces that are aligned to the goals of the business.

    • Zero Trust Protect Surface Mapping Tool

    3. Zero Trust Program Gap Analysis Tool – A tool to perform a gap analysis between the organization's current implementation of zero trust controls and its desired target state and to build a roadmap to achieve the target state.

    Use this tool to develop your zero trust strategy by creating a roadmap that is aligned with the current state of the organization when it comes to zero trust and its desired target state.

    • Zero Trust Program Gap Analysis Tool

    4. Zero Trust Candidate Solutions Selection Tool – A tool to identify and evaluate solutions for identified zero trust initiatives.

    Use this tool to develop your zero trust strategy by identifying the best solutions for zero trust initiatives.

    • Zero Trust Candidate Solutions Selection Tool

    5. Zero Trust Progress Monitoring Tool – A tool to identify metrics to measure the progress and efficiency of the zero trust implementation.

    Use this tool to develop your zero trust strategy by identifying metrics that will allow the organization to monitor how the zero trust implementation is progressing, and whether it is proving to be effective.

    • Zero Trust Progress Monitoring Tool

    6. Zero Trust Communication Deck – A template to present the zero trust template to key stakeholders.

    Use this template to present the zero trust strategy and roadmap to ensure all key elements are captured.

    • Zero Trust Communication Deck

    Infographic

    Workshop: Build a Zero Trust Roadmap

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Business Goals and Protect Surfaces

    The Purpose

    Align business goals to protect surfaces.

    Key Benefits Achieved

    A better understanding of how business goals can map to key protect surfaces and their associated DAAS elements.

    Activities

    1.1 Understand business and IT strategy and plans.

    1.2 Define business goals.

    1.3 Identify five critical protect surfaces and their associated DAAS elements.

    1.4 Map business goals and protect surfaces.

    Outputs

    Mapping of business goals to key protect surfaces and their associated DAAS elements.

    2 Begin Gap Analysis

    The Purpose

    Identify and define zero trust initiatives.

    Key Benefits Achieved

    A list of zero trust initiatives to be prioritized and set into a roadmap.

    Activities

    2.1 Assess current security capabilities and define the zero trust target state for a set of controls.

    2.2 Identify tasks to close maturity gaps.

    2.3 Assign tasks to zero trust initiatives.

    Outputs

    Security capabilities current state assessment

    Zero trust target state

    Tasks to address maturity gaps

    3 Complete Gap Analysis

    The Purpose

    Complete the zero trust gap analysis and prioritize zero trust initiatives.

    Key Benefits Achieved

    A prioritized list of zero trust initiatives aligned to business goals and key protect surfaces.

    Activities

    3.1 Align initiatives to business goals and key protect surfaces.

    3.2 Conduct cost/benefit analysis on zero trust initiatives.

    3.3 Prioritize initiatives.

    Outputs

    Zero trust initiative list mapped to business goals and key protect surfaces

    Prioritization of zero trust initiatives

    4 Finalize Roadmap and Formulate Policies

    The Purpose

    Finalize the zero trust roadmap and begin to formulate zero trust policies for roadmap initiatives.

    Key Benefits Achieved

    A zero trust roadmap of prioritized initiatives.

    Activities

    4.1 Define solution criteria.

    4.2 Identify candidate solutions.

    4.3 Evaluate candidate solutions.

    4.4 Finalize roadmap.

    4.5 Formulate policies for critical DAAS elements.

    4.6 Establish metrics for high-priority initiatives.

    Outputs

    Zero trust roadmap

    Zero trust policies for critical protect surfaces

    Method for defining zero trust policies for candidate solutions

    Metrics for high-priority initiatives

    Further reading

    Build a Zero Trust Roadmap

    Leverage an iterative and repeatable process to apply zero trust to your organization.

    EXECUTIVE BRIEF

    Analyst Perspective

    Internet is the new corporate network.

    For the longest time we have focused on reducing the attack surface to deter malicious actors from attacking organizations, but I dare say that has made these actors scream “challenge accepted.” With sophisticated tools, time, and money in their hands, they have embarrassed even the finest of organizations. A popular hybrid workforce and rapid cloud adoption have introduced more challenges for organizations, as the security and network perimeter have shifted and the internet is now the corporate network. Suffice it to say that a new mindset needs to be adopted to stay on top of the game.

    The success of most attacks is tied to denial of service, data exfiltration, and ransom. A shift from focusing on the attack surface to the protect surface will help organizations implement an inside-out architecture that protects critical infrastructure, prevents the success of any attack, makes it difficult to gain access, and links directly to business goals.

    Zero trust principles aid that shift across several pillars (Identity, Device, Application, Network, and Data) that make up a typical infrastructure; hence, the need for a zero trust roadmap to accomplish that which we desire for our organization.

    Victor Okorie
    Senior Research Analyst, Security and Privacy
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Many IT and security leaders struggle to understand zero trust and how best to deploy it with their existing IT resources.
    • The need to move from a perimeter-based approach to security toward an “Always Verify” approach is clear. The path to getting there is complex and expensive.

    Common Obstacles

    • Zero trust as a principle is a moving target due to competing definitions and standards. A strategy that adapts evolving best practices must be supported by business stakeholders.
    • Full zero trust includes many components. Performing an accurate assessment of readiness and benefits to adopt zero trust can be extremely difficult when you don’t know where to start.

    Info-Tech’s Approach

    • Every organization should have a zero trust strategy and the roadmap to deploy it must always be tested and refined.
    • Our unique approach:
      • Assess resources and determine zero trust readiness.
      • Address barriers and identify enablers.
      • Prioritize initiatives and build out roadmap.
      • Identify most appropriate vendors via vendor selection framework.
      • Deploy zero trust and monitor with zero trust progress metrics.

    Info-Tech Insight

    A successful zero trust strategy should evolve through an iterative and repeatable process by assessing the full spectrum of available technologies to apply zero trust principles to the most relevant protect surfaces.

    Your challenge

    This research is designed to help organizations:

    • Understand what zero trust is and decide how best to deploy it with their existing IT resources. Zero trust is a set of principles that defaults to the highest level of security; a failed implementation can easily disrupt the business. A pragmatic zero trust implementation must be flexible and adaptable yet maintain a consistent level of protection.
    • Move from a perimeter-based approach to security toward an “Always Verify” approach. The path to getting there is complex without a clear understanding of desired outcomes. Focusing efforts on key protection gaps and leveraging capable controls in existing architecture allows for a repeatable process that carries IT, security, and the business along on the journey.

    On this zero trust journey, identify your valuable assets and zero trust controls to protect them.

    Top three reasons for building a zero trust strategy

    44%

    Reduce attacker’s ability to move laterally

    44%

    Enforce least privilege access to critical resources

    41%

    Reduce enterprise attack surface

    Common obstacles

    These barriers make this challenge difficult to address for many organizations:

    • Due to zero trust’s many components, performing an accurate assessment of readiness and benefits to adopt zero trust can be extremely difficult when you don’t know where to start.
      • To feel ready to implement and to understand the benefits of zero trust, IT must first understand what zero trust means to the organization.
    • Zero trust as a set of principles is a moving target, with many developing standards and competing technology definitions. A strategy built around evolving best practices must be supported by related business stakeholders.
      • To ensure support, IT must be able to “sell” zero trust to business stakeholders by illustrating the value zero trust can bring to business objectives.

    43%

    Organizations with a full implementation of zero trust saved 43% on the costs of data breaches.
    (Source: Teramind, 2021)

    96%

    Zero trust is considered key to the success of 96% of organizations in a survey conducted by Microsoft.
    (Source: Microsoft, 2021)

    What is zero trust?

    It depends on who you ask…

    • Vendors use zero trust as a marketing buzzword.
    • Organizations try to comprehend zero trust in their own limited views.
    • Zero trust regulations/standards are still developing.

    “A cybersecurity paradigm focused on resource protection and the premise that trust is never granted implicitly but must be continually evaluated.”

    Source: NIST, SP 800-207: Zero Trust Architecture, 2020

    “An evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources.”

    Source: DOD, Zero Trust Reference Architecture, 2021

    “A security model, a set of system design principles, and a coordinated cybersecurity and system management strategy based on an acknowledgement that threats exist both inside and outside traditional network boundaries.”

    Source: NSA, Embracing a Zero Trust Security Model, 2021

    “Zero trust provides a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised.”

    Source: CISA, Zero Trust Maturity Model, 2021

    “The foundational tenet of the zero trust model is that no actor, system, network, or service operating outside or within the security perimeter is trusted.”

    Source: OMB, Moving the U.S. Government Toward Zero Trust Cybersecurity Principles, 2022

    What is zero trust?

    From Theoretical to Practical

    Zero trust is an ideal in the literal sense of the word, because it is a standard defined by its perfection. Just as nothing in life is perfect, there is no measure that determines an organization is absolutely zero trust. The best organizations can do is improve their security iteratively and get as close to ideal as possible.

    In the most current application of zero trust in the enterprise, a zero trust strategy applies a set of principles, including least-privilege access and per-request access enforcement, to minimize compromise to critical assets. A zero trust roadmap is a plan that leverages zero trust concepts, considers relationships between technical elements as well as security solutions, and applies consistent access policies to minimize areas of exposure.

    Zero Trust; Identity; Workloads & Applications; Network; Devices; Data

    Info-Tech Insight

    Solutions offering zero trust often align with one of five pillars. A successful zero trust implementation may involve a combination of solutions, each protecting the various data, application, assets, and/or services elements in the protect surface.

    Zero trust business benefits

    Reduce business and organizational risk

    Reduced business risks as continuous verification of identity, devices, network, applications, and data is embedded in the organizations practice.

    36% of data breaches involved internal actors.
    Source: Verizon, 2021

    Reduce CapEx and OpEx

    Reduced CapEx and OpEx due to the scalability, low staffing requirement, and improved time-to-respond to threats.
    Source: SecurityBrief - Australia, 2020.

    Reduce scope and cost of compliance

    Helps achieve compliance with several privacy standards and regulations, improves maturity for cyber insurance premium, and fewer gaps during audits.

    Scope of compliance reduced due to segmentation.

    Reduce risk of data breach

    Reduced risk of data breach in any instance of a malicious attack as there’s no lateral movement, secure segment, and improved visibility.

    10% Increase in data breach costs; costs went from $3.86 million to $4.24 million.
    Source: IBM, 2021

    This is an image of a thought map detailing Info-Tech's Build A Zero Trust Roadmap.  The main headings are: Define; Design; Develop; Monitor

    Info-Tech’s methodology for Building a Zero Trust Roadmap

    1. Define Business Goals and Protect Surfaces

    2. Assess Key Capabilities and Identify Zero Trust Initiatives

    3. Evaluate Candidate Solutions and Finalize Roadmap

    4. Formulate Policies for Roadmap Initiatives

    5. Monitor the Zero Trust Roadmap Deployment

    Phase Steps

    Define business goals

    Identify critical DAAS elements

    Map business goals to critical DAAS elements

    1. Review the Info-Tech framework
    2. Assess current capabilities and define the zero trust target state
    3. Identify tasks to close gaps
    4. Define tasks and initiatives
    5. Align initiatives to business goals and protect surfaces
    1. Define solution criteria
    2. Identify candidate solutions
    3. Evaluate candidate solutions
    4. Perform cost/benefit analysis
    5. Prioritize initiatives
    6. Finalize roadmap
    1. Formulate policies for critical DAAS elements
    2. Formulate policies to secure a path to access critical DAAS elements
    1. Establish metrics for roadmap tasks
    2. Track and report metrics
    3. Build a communication deck

    Phase Outcomes

    Mapping of business goals to protect surfaces

    Gap analysis of security capabilities

    Evaluation of candidate solutions and a roadmap to close gaps

    Method for defining zero trust policies for candidate solutions

    Metrics for measuring the progress and efficiency of the zero trust implementation

    Protect what is relevant

    Apply zero trust to key protect surfaces

    A successful zero trust strategy should evolve through an iterative and repeatable process by assessing the full spectrum of available technologies to apply zero trust principles to the most relevant protect surfaces.

    Align protect surfaces to business objectives

    Developing a zero trust roadmap collaboratively with business stakeholders enables alignment with upcoming business priorities and industry trends.

    Identify zero trust capabilities

    Deriving protect surface elements from business goals reframes how security controls are applied. Assess control effectiveness in this context and identify zero trust capabilities to close any gaps.

    Roadmap first, not solution first

    Don’t let your solution dictate your roadmap. Define your zero trust solution criteria before engaging in vendor selection.

    Create enforceable policies

    The success of a zero trust implementation relies on consistent enforcement. Applying the Kipling methodology to each protect surface is the best way to design zero trust policies.

    Success should benefit the organization

    To measure the efficacy of a zero trust implementation, ensure you know what a successful zero trust implementation means for your organization, and define metrics that demonstrate whether that success is being realized.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverable:

    Zero Trust Communication Deck

    Present your zero trust strategy in a prepopulated document that summarizes the work you have completed as a part of this blueprint.

    Zero Trust Protect Surface Mapping Tool

    Identify critical and vulnerable DAAS elements to protect and align them to business goals.

    Zero Trust Program Gap Analysis Tool

    Perform a gap analysis between current and target states to build a zero trust roadmap.

    Zero Trust Candidate Solutions Selection Tool

    Determine and evaluate candidate solutions based on defined criteria.

    Zero Trust Progress Monitoring Tool

    Develop metrics to track the progress and efficiency of the organization’s zero trust implementation.

    Blueprint benefits

    IT Benefits

    • A mapped transaction flow of critical and vulnerable assets and visibility of where to implement security controls that aligns with the principle of zero trust.
    • Improved security posture across the digital attack surface while focusing on the protect surface.
    • An inside-out architecture that leverages current existing architecture to tighten security controls, is automated, and gives granular visibility.

    Business Benefits

    • Reduced business risks as continuous verification of identity, devices, network, applications, and data is embedded in the organization’s practice.
    • Reduced CapEx and OpEx due to the scalability, low staffing requirement, and improved time-to-respond to threats.
    • Helps achieve compliance with several privacy standards and regulations, improves maturity for cyber insurance premium, and fewer gaps during audits.
    • Reduced risk of data breach in any instance of a malicious attack.

    Measure the value of this blueprint

    Save an average of $1.76 million dollars in the event of a data breach

    • This research set seeks to help organizations develop a mature zero trust implementation which, according to IBM’s “Cost of a Data Breach 2021 Report,” saves organizations an average of $1.76 million in the event of a data breach.
    • Leverage phase 5 of this research to develop metrics to track the implementation progress and efficacy of zero trust tasks.

    43%

    Organizations with a mature implementation of zero trust saved 43%, or $1.76 million, on the costs of data breaches.
    Source: IBM, 2021

    In phase 2 of this blueprint, we will help you establish zero trust implementation tasks for your organization.

    In phase 3, we will help you develop a game plan and a roadmap for implementing those tasks.

    This image contains a screenshot info-tech's methodology for building a zero-trust roadmap, discussed earlier in this blueprint

    Executive Brief Case Study

    National Aeronautics and Space Administration (NASA)

    INDUSTRY: Government

    SOURCE: Zero Trust Architecture Technical Exchange Meeting

    NASA recognized the potential benefits of both adopting a zero trust architecture (including aligning with OMB FISMA and DHS CDM DEFEND) and improving NASA systems, especially those related to user experience with dynamic access, application security with sole access from proxy, and risk-based asset management with trust score. The trust score is continually evaluated from a combination of static factors, such as credential and biometrics, and dynamic factors, such as location and behavior analytics, to determine the level of access. The enhanced access mechanism is projected on use-case flows of users and external partners to analyze the required initiatives.

    The lessons learned in adapting zero trust were:

    • Focus on access to data, assets, applications, and services; and don’t select solutions or vendors too early.
    • Provide support for mobile and external partners.
    • Complete zero trust infrastructure and services design with holistic risk-based management, including network access control with software-defined networking and an identity management program.
    • Develop a zero trust strategy that aligns with mission objectives.

    Results

    NASA implemented zero trust architecture by leveraging the agency existing components on a roadmap with phases related to maturity. The initial development includes privileged access management, security user behavior analytics, and a proof-of-concept lab for evaluating the technologies.
    Case Study Source: NASA, “Planning for a Zero Trust Architecture Target State,” 2019

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5
    Call #1:
    Scope requirements, objectives, and your specific challenges.

    Call #3:
    Define current security capabilities and zero trust target state.

    Call #5:

    Identify and evaluate solution criteria.

    Call #7:
    Create a process for formulating zero trust policies.

    Call #8:
    Establish metrics for assessing the implementation and effectiveness of zero trust.

    Call #2:
    Identify business goals and protect surfaces.

    Call #4:
    Identify gap-closing tasks and assign to zero trust initiatives.

    Call #6:
    Prioritize zero trust initiatives.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
    A typical GI is between 8 to 12 calls over the course of 2 to 4 months.

    Workshop Overview

    Contact your account representative for more information.workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5

    Define Business Goals and Protect Surfaces

    Begin Gap Analysis

    Complete Gap Analysis

    Finalize Roadmap and Formulate Policies

    Next Steps and
    Wrap-Up (offsite)

    Activities

    1.1 Understand business and IT strategy and plans.

    1.2 Define business goals.

    1.3 Identify five critical protect surfaces and their associated DAAS elements.

    1.4 Map business goals and protect surfaces.

    2.1 Assess current security capabilities and define the zero Trust target state for a set of controls.

    2.2 Identify tasks to close maturity gaps.

    2.3 Assign tasks to zero trust initiatives.

    3.1 Align initiatives to business goals and key protect surfaces.

    3.2 Conduct cost/benefit analysis on zero trust initiatives.

    3.3 Prioritize initiatives.

    4.1 Define solution criteria.

    4.2 Identify candidate solutions.

    4.3 Evaluate candidate solutions.

    4.4 Finalize roadmap.

    4.5 Formulate policies for critical DAAS elements.

    4.6 Establish metrics for high-priority initiatives.

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables
    1. 1.Mapping of business goals to key protect surfaces and their associated DAAS elements
    1. Security capabilities current state assessment
    2. Zero trust target state
    3. Tasks to address maturity gaps
    1. Zero trust initiative list mapped to business goals and key protect surfaces
    2. Prioritization of zero trust initiatives
    1. Zero trust roadmap
    2. Zero trust policies for critical protect surfaces
    3. Method for defining zero trust policies for candidate solutions
    4. Metrics for high-priority initiatives
    1. Zero trust roadmap documentation
    2. Mapping of Info-Tech resources against individual initiatives

    Phase 1

    Define Business Objectives and Protect Surfaces

    Build a Zero Trust Roadmap

    This phase will walk you through the following activities:

    • Identify and define the business goals.
    • Identify the critical DAAS elements and protect surface.
    • Align the business goals to the protect surface and critical DAAS elements.

    This phase involves the following participants:

    • Security Team
    • Business Executives
    • Subject Matter Experts From IT, Finance, HR, Legal, Facilities, Compliance, Audit, Risk Management

    Analyze your business goals

    Identifying business goals is the first step in aligning your zero trust roadmap with your business’ vision.

    • Security leaders need to understand the direction the business is headed in.
    • Wise security investments depend on aligning your security initiatives to business objectives.
    • Zero trust, and information security at large, should contribute to your organization’s business objectives by supporting operational performance, ensuring brand protection and shareholder value.
      • For example, if the organization is working on a new business initiative that requires the handling of credit card payments, the security organization needs to know as soon as possible to ensure the zero trust architecture will be extended to protect the PCI data and enable the organization to be PCI compliant.

      Info-Tech Insight

      Security and the business need to be in alignment when implementing zero trust. Defining the business goal helps rationalize the need for a zero trust implementation.

    1.1 Define your organization’s business goals

    Estimated time 1-3 hours

    1. As a group, brainstorm the business goals of the organization.
    2. Review relevant business and IT strategies.
    3. Review the business goal definitions in tab “2. Business Objectives” of the Zero Trust Protect Surface Mapping Tool, including the key goal indicator metrics.
    4. Record the most important business goals in the Business Goal column on tab “3. Protect Surfaces” of the Zero Trust Protect Surface Mapping Tool. Try to limit the number of business goals to no more than five primary goals. This limitation will be critical to help map the protect surface and the zero trust roadmap later.

    Input

    • Business and IT strategies

    Output

    • Prioritized list of business objectives

    Materials

    • Whiteboard/Flip Charts
    • Zero Trust Protect Surface Mapping Tool

    Participants

    • Security Team
    • IT Leadership
    • Business Stakeholders
    • Risk Management
    • Compliance
    • Legal

    Download the Zero Trust Protect Surface Mapping Tool

    Info-Tech Insight

    Developing a zero trust roadmap collaboratively with business stakeholders enables alignment with upcoming business priorities and industry trends.

    What does zero trust mean for you?

    For a successful implementation, focus on your zero trust outcome.

    This image describes the Who, What, When, Where, Why, and How for Zero Trust.

    Regardless of whether the user is accessing resources internally or externally, zero trust is posed to authenticate, authorize, and continuously verify the security policies and posture before access is granted or denied. Many network architecture can be local, cloud based, or hybrid and with users working from any location, there is no network perimeter as we knew it and the internet is now the corporate network.

    Zero trust framework seeks to extend the perimeter-less security to the present digital transformation.

    Understand protect surface

    Data, Application, Asset, and Services

    A protect surface can be described as what’s critical, most vulnerable, or most valuable to your organization. This protect surface could include at least one of the following – data, assets, applications, and services (DAAS) – that requires protection. This is also the area that zero trust policy is aimed to protect. Understanding what your protect surface is can help channel the required energy into protecting that which is crucial to the business, and this aligns with the shift from focusing on the attack surface to narrowing it down to a smaller and achievable area of protection.

    Anything and everything that connects to the internet is a potential attack surface and pursuing every loophole will leave us one step behind due to lack of resources. Since a protect surface contains one or more DAAS element, the micro-perimeter is created around it and the appropriate protection is applied around it. As a team, we can ask ourselves this question when thinking of our protect surface: to what degree does my organization want me to secure things? The knowledge of the answer to this question can be tied to the risk tolerance level of the organization and it is only fair for us to engage the business in identifying what the protect surface should be.

    Components of a protect surface

    • Data
    • Application
    • Asset
    • Services

    Info-Tech Insight

    The protect surface is a shift from focusing on the attack surface. DAAS elements show where the initiatives and controls associated with the zero trust pillars (Identity, Devices, Network, Application, and Data) need to be applied.

    Sample Scenario

    INDUSTRY: Healthcare

    SOURCE: Info-Tech Research Group

    Illustration

    A healthcare provider would consider personal health information a critical resource worthy of being protected against data exfiltration due to a host of reasons including but not limited to privacy regulations, loss of revenue, legal, and reputational loss; hence, this would be considered a protect surface.

    • What is the data that can’t be risked exfiltrated?
    • What application(s) is used to access this data?
    • What assets are used to generate and store the data?
    • What are the services we rely on to be able to access the data?

    DAAS Element

    • The data here is the patient information.
    • The application used to access the personal health information would be EPIC, OR list, and any other application used in that organization.
    • The assets used to store the data and generate the PHI would include physical workstations, medical scanners, etc.
    • The services that can be exploited to disrupt the operation or used to access the data would include active directory, single sign-on, etc.

    DAAS and Zero Trust Pillar

    This granular identification provides an opportunity to not only see what the protect surface and DAAS elements are but also understand where to apply security controls that align with the principle of zero trust as well as how the transaction flows. The application pillar initiatives will provide protection to the EPIC application and the device pillar initiatives will provide protection to the workstations and physical scanners. The identity pillar initiatives will apply protection to the active directory, and single sign-on services. The zero trust pillar initiatives align with the protection of the DAAS elements.

    Shift from attack surface to protect surface

    This image contains a screenshot of the thought map: Shift from attack surface to protect surface.  Go from complex to a micro perimeter approach.

    Info-Tech Insight

    The protect surface is a shift from focusing on the attack surface as it creates a micro-perimeter for the application of zero trust policies on the system. This drastically reduces the success of an attack whether internally or externally, reduces the attack surface, and is also repeatable.

    1.2 Identify critical DAAS elements

    Estimated time 1-3 hours

    1. As a group, brainstorm and identify critical, valuable, sensitive assets or resources requiring high availability in the organization. Each DAAS element is part of a protect surface, or sometimes, the DAAS element itself is a protect surface.
    • Data – The sensitive data that poses the greatest risk if exfiltrated or misused. What data needs to be protected?
    • Applications – The applications that use sensitive data or control critical assets. Which applications are critical for your business functions?
    • Assets – Physical or virtual assets, including an organization’s information technology (IT), operational technology (OT), or Internet of Things devices.
    • Services – The services an organization most depends on. Services that can be exploited to disrupt normal IT or business operations.
  • Record the critical DAAS elements and protect surface in their respective columns of the Zero Trust Protect Surface Mapping Tool. Try to limit the number of business goals to no more than five primary protect surfaces to match with the business goals.
  • Download the Zero Trust Protect Surface Mapping Tool

    Input

    • Critical resources to protect
    • Understanding of how they interoperate or connect

    Output

    • Protect surfaces

    Materials

    • Whiteboard/Flip Charts
    • Zero Trust Protect Surface Mapping Tool

    Participants

    • Security Team
    • IT Leadership
    • Business Stakeholders

    1.3 Map business goals to critical DAAS elements

    Estimated time 1-2 hours

    1. The protect surface will be generated from the critical DAAS elements as a standalone protect surface or a group of interconnected DAAS elements merged into one.
    • Each protect surface can be tied back to a business objective.
  • Select from the drop-down list of business objectives the option that fits the identified protect surface as it relates to the organization.
    • Type in your business objectives if the drop-down list does not apply.

    Download the Zero Trust Protect Surface Mapping Tool

    This image contains a screenshot from the Zero Trust Protect Surface Mapping Tool, with the following columns highlighted: Business Goal Name; Protect Surface Name

    Phase 2

    Assess Key Capabilities and Identify Zero Trust Initiatives

    Build a Zero Trust Roadmap

    This phase will walk you through the following activities:

    • Assess the organization’s current capabilities.
    • Define the zero trust target state.
    • Identify tasks to close gaps
    • Define zero trust initiatives and align zero trust initiatives to business goals and protect surfaces.

    This phase involves the following participants:

    • Security Team
    • Subject Matter Experts From IT, Finance, HR, Legal, Facilities, Compliance, Audit, Risk Management
    • Project Management Office

    The Info-Tech Zero Trust Framework

    Info-Tech’s Zero Trust Framework aligns with zero trust references, including:

    • ACT Zero Trust Cybersecurity Current Trends. 2019
    • NIST SP 800-207: Zero Trust Architecture. 2020
    • DOD Zero Trust Reference Architecture. 2021
    • NSA Embracing a Zero Trust Security Model. 2021
    • CISA Zero Trust Maturity Model. 2021
    • Executive Order (EO) 14028: Improving the Nation’s Cybersecurity, The White House. 2021
    • OMB Moving the U.S. Government Toward Zero Trust Cybersecurity Principles. 2022
    • NSTAC Zero Trust and Trusted Identity Management. 2022
    • NIST SP 800-53 r5: Security and Privacy Controls for Information Systems and Organizations

    Identity

    • Authentication
    • Authorization
    • Privileged Access Management

    Applications

    • Software Defined Compute
    • DevSecOps
    • Software Supply Chain

    Devices

    • Authentication
    • Authorization
    • Compliance

    Networks

    • Software Defined Networking
    • Macro Segmentations
    • Micro Segmentation

    Data

    • Software Defined Storage
    • Data Loss Prevention
    • Data Rights Management

    Info-Tech Insight

    A best-of-breed approach ensures holistic coverage of your zero trust program while refraining from locking you into a specific reference.

    2.1 Review the Info-Tech framework

    Estimated time 30-60 minutes

    1. As a group, have the team review the framework within the Zero Trust Program Gap Analysis Tool.
    2. Customize the tool as required using the instructions in tab “2. Setup”:
    • Define costing criteria
    • Define benefits criteria
    • Configure full-time equivalent hours and start year
    • Input business goals as mapped to protect surfaces (see next slide)

    Download the Zero Trust Program Gap Analysis Tool

    Input

    • Protect surfaces mapped to business objectives

    Output

    • Customized framework

    Materials

    • Zero Trust Program Gap Analysis Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT

    2.1.1 Input business goals as mapped to protect surfaces

    Refer to the Protect Surface Mapping Tool, copy the following elements from the Protect Surface tab.

    1. Enter Business Goals.
    2. Enter Protect Surfaces.
    3. Enter Data.
    4. Enter Application.
    5. Enter Assets.
    6. Enter Services.

    This image contains a screenshot from Info-Tech's Zero Trust Program Gap Analysis Tool.  The Column headings are labeled as follows: 1: Business Goal Name; 2: Protect Surface; 3: DATA; 4: APPLICATION; 5: ASSETS; 6: SERVICES

    Info-Tech Insight

    Deriving protect surface elements from business goals reframes how security controls are applied. Assess control effectiveness in this context and identify zero trust capabilities to close any gaps.

    2.2 Assess current capabilities and define zero trust target state

    Estimated time 6-12 hours

    1. Using the Zero Trust Program Gap Analysis Tool, review each of the controls in the Gap Analysis tab.
    2. Follow the instructions on the next slides to complete your current-state and target-state assessment.
    3. For most organizations, multiple internal subject matter experts will need to be consulted to complete the assessment.

    Download the Zero Trust Program Gap Analysis Tool

    Input

    • Protect surfaces mapped to business objectives
    • Information on current state of controls, including sources such as audit findings, vulnerability and penetration test results, and risk registers

    Output

    • Current-state and target-state assessment for gap analysis

    Materials

    • Zero Trust Program Gap Analysis Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, Facilities, Audit, Risk Management

    Understanding security target states

    Maturity models are very effective for determining target states. This table provides general descriptions for each maturity level. As a group, consider which description most accurately reflects the ideal target state in your organization.

    AD HOC 01

    Initial/ad hoc security programs are reactive. Lacking strategic vision, these programs are less effective and less responsive to the needs of the business.

    DEVELOPING 02

    Developing security programs can be effective at what they do but are not holistic. Governance is largely absent. These programs tend to rely on the talents of individuals rather than a cohesive plan.

    DEFINED 03

    A defined security program is holistic, documented, and proactive. At least some governance is in place; however, metrics are often rudimentary and operational in nature. These programs still often rely on best practices rather than strong risk management.

    MANAGED 04

    Managed security programs have robust governance and metrics processes. Management and board-level metrics for the overall program are produced. These are reviewed by business leaders and drive security decisions. More mature risk management practices take the place of best practices.

    OPTIMIZED 05

    An optimized security program is based on strong risk management practices, including the production of key risk indicators (KRIs). Individual security services are optimized using key performance indicators (KPIs) that continually measure service effectiveness and efficiency.

    2.2.1 Conduct current-state assessment

    1. Carefully review each of the controls in the Gap Analysis tab that are needed for the protect surfaces. For each control, indicate the current maturity level of the organization. The tool uses the maturity levels of the CMMI model to score maturity.
    • Only use “N/A” if you are confident that the control is not required in your protect surfaces. For example, if the protect surfaces do not require or use software-defined computing, select “N/A” for any controls related to software-defined computing.
  • Provide comments to describe your current state. This step is optional but recommended as it may be important to record this information for future reference.
  • Select the target maturity for the control.
  • This image contains a screenshot from Info-Tech's Zero Trust Program Gap Analysis Tool, with the following column headings highlighted and numbered: 1: Current Maturity; 2: Current State Comments (optional); Target Maturity

    Make sure that the gap between target state and current state is achievable for the current zero trust roadmap. For instance, if you set your current maturity to 1 – Ad Hoc, then having a target maturity of 4 – Managed or 5 – Optimized is not recommended due to the big jump.

    2.2.2 Review the Gap Analysis Dashboard

    1. Use the Dashboard to map your progress on assessing current- and future-state maturities. As you fill out the Zero Trust Program Gap Analysis Tool, check with the Dashboard to see the difference between your current and target state.
    2. Use the color-coded legend to see the size of the gap between your current and target state.
    3. Zero trust processes that appear white have not yet been assessed or are rated as “N/A.”
    this image contains a screenshot of Info-tech's Zero-Trust framework discussed earlier in this blueprint, with the addition of a legend demonstrating how to use the gap analysis tool to identify the size of the gap between current and target states

    2.3 Identify tasks to close gaps

    Estimated time 5 hours

    1. Using the Zero Trust Program Gap Analysis Tool, review each of the controls in the Gap Analysis tab.
    2. Follow the instructions on the next slides to identify gap closure tasks for each control that requires improvement.
    3. For most organizations, multiple internal subject matter experts will need to be consulted to complete the assessment.

    Download the Zero Trust Program Gap Analysis Tool

    Input

    • Zero trust controls gap information

    Output

    • Gap closure task list

    Materials

    • Zero Trust Program Gap Analysis Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, Facilities, Audit, Risk Management

    2.3 Identify tasks to close gaps (cont.)

    1. For each of the controls where there is a gap between the current and target state, a gap closure task should be identified:
    • Review the example tasks and copy one or more of them if appropriate. Otherwise, enter your own gap closure task.
  • Considerations for identifying gap closure tasks:
    • In small groups, have participants ask, “what would we have to do to achieve the target state?” Document these in the Gap Closure Tasks column.
    • The example gap closure tasks may be appropriate for your organization, but do not simply copy them without considering whether they are right for you.
    • Not all gaps require their own task. You can enter one task that may address multiple gaps.
    • Be aware that tasks that are along the lines of “investigate and make recommendations” may not fully close maturity gaps.
    this image contains a screenshot from Info-Tech's Zero Trust Program Gap Analysis Tool, with the following column heading highlighted and numbered: 1: Gap Closure Tasks

    Make sure that the Gap Closure Tasks are SMART (Specific, Measurable, Achievable, Realistic, Timebound).

    2.4 Define tasks and initiatives

    Estimated time 2-4 hours

    1. As a group, review the gap tasks identified in the Gap Analysis tab.
    2. Using the instructions on the following slides, finalize your tab “5. Task List.”
    3. Using the instructions on the following slides, review and consolidate your tab “6. Initiative List.”

    Download the Zero Trust Program Gap Analysis Tool

    Input

    • Gap analysis

    Output

    • Refined list of tasks
    • List of zero trust initiatives

    Materials

    • Zero Trust Program Gap Analysis Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, Facilities, Audit, Risk Management
    • Project Management Office

    2.4.1 Finalize your task list

    1. Define the gap closure task list in tab “5. Task List”:
      1. Obtain a list of all your tasks from Gap Closure Tasks column in tab “3. Gap Analysis.”
      2. Paste the list into the table in tab “5. Task List,” Task column.
    • Use Paste Values to retain the table formatting.
  • Consolidate tasks into initiatives when:
      • They have costs associated with them.
      • They require initial effort to implement and ongoing effort to maintain.
      • They must be accomplished dependently of other tasks.
    1. For each new initiative, create the initiative name on Initiative Name column in the tab “6. Initiative List.”
  • For tasks which are not incorporated into initiatives, enter a task owner and due date for each task.
  • this image contains a screenshot from Info-Tech's Zero Trust Gap analysis Tool with the following column headings highlighted and numbered: 1: Task; 2: Initiative Name; 3: (Task Owner; Due Date)

    Example: Initiative consolidation

    In the example below, we see three gap closure tasks within the Authentication process for the Identity pillar being consolidated into a single initiative “IAM modernization.”

    We can also see three gap closure tasks within the Micro Segmentation process for the Network pillar being grouped into another initiative “Network segmentation.”

    This image contains an example of Initiative Consolidation

    Info-Tech Insight

    As you go through this exercise, you may find that some tasks that you previously defined could be consolidated into an initiative.

    2.4.2 Finalize your initiative list

    1. As you go through this exercise, you may find that some tasks that you previously defined could be consolidated into an initiative.
    2. Review your final list of initiatives in tab “6. Initiative List” and make any required updates.
      1. Optionally, add a description or paste in a list of the individual gap closure actions that are associated with the initiative. This will make it easier to perform the cost and benefit analysis.
    3. Obtain a list of all gap closure tasks associated with an initiative by filtering the Initiative Name column in the Task List tab.
    4. Indicate the most appropriate pillar alignment for each initiative using the drop-down list.
      1. Refer to tab “5. Task List” for the pillar associated with an initiative under the Initiative Name column.

    This image contains a screenshot from Info-Tech's Zero Trust Program Gap Analysis Tool, the following column headings are numbered and highlighted: 1: Initiative Name; 2: Description; 3: Pillar

    If the list of tasks is too long for the Description column, then you can also shorten the name of the tasks or group several tasks to a more general task.

    2.5 Align initiatives to business goals and protect surfaces

    Estimated time 30-60 minutes

    1. Using the instructions on the following slides, align initiatives to business goals in tab “6. Initiative List.”
    2. Using the instructions on the following slides, align initiatives to protect surfaces in tab “6. Initiative List.”

    Download the Zero Trust Program Gap Analysis Tool

    Input

    • List of zero trust initiatives
    • Protect surfaces mapped to business objectives

    Output

    • List of zero trust initiatives aligned to business goals and protect surfaces

    Materials

    • Zero Trust Program Gap Analysis Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, Facilities, Audit, Risk Management
    • Project Management Office

    2.5.1 Align initiatives to business goals

    1. Indicate the most appropriate business goal(s) alignment for each initiative using the drop-down list in “Selection for Business Goal(s)” column.
      1. Use the legend to determine the most appropriate business goal(s).
    2. After that copy the selected business goal(s) to Business Goal(s) Alignment column.
    3. Then reset the selection using the blank cell in Selection for Business Goal(s) column.
    This image contains a screenshot from the Zero Trust Program Gap Analysis Tool, with the following column headings numbered: 1: Selection for Business Goal(s); Business Goals Alignment; 3: Selection for Business Goals

    2.5.2 Align initiatives to protect surfaces

    1. Indicate the most appropriate protect surface(s) for each initiative using the drop-down list in Selection for Protect Surface(s) column.
      1. Use the legend to determine the most appropriate protect surface(s).
    2. After that copy the selected protect surface(s) to Protect Surface(s) Coverage column.
    3. Reset the selection using the blank cell in Selection for Protect Surface(s) column.
    This image contains a screenshot from the Zero Trust Program Gap Analysis Tool, with the following column headings numbered: 1: Description; 2: Protect Surfaces Covered; 3: Selection for Protect Surfaces

    Phase 3

    Evaluate Candidate Solutions and Finalize Roadmap

    Build a Zero Trust Roadmap

    This phase will walk you through the following activities:

    • Define solution criteria.
    • Identify candidate solutions.
    • Evaluate candidate solutions.
    • Perform cost/benefit analysis.
    • Prioritize initiatives and build roadmap.

    This phase involves the following participants:

    • Security Team
    • Subject Matter Experts From IT, Finance, HR, Legal, Facilities, Compliance, Audit, Risk Management
    • Project Management Office

    3.1 Define solution criteria

    Estimated time 30-60 minutes

    1. As a group, review the scoring system within the Zero Trust Candidate Solutions Selection Tool.
    2. Customize the tool as required using the instructions on the following slides.

    Info-Tech Insight

    Don’t let your solution dictate your roadmap. Define your zero trust solution criteria before engaging in vendor selection.

    Download the Zero Trust Candidate Solutions Selection Tool

    Input

    • Zero trust initiative list

    Output

    • Zero trust candidate solutions

    Materials

    • Zero Trust Program Gap Analysis Tool
    • Zero Trust Candidate Solutions Selection Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT

    3.1.1 Define compliance and solution evaluation criteria

    On the Setup tab, provide a weight for each evaluation criterion to evaluate the candidate solutions. You can use “0%” weight if that criterion is not required in your solution selection.

    1. Verify that the Description for each criterion is accurate.
    2. Provide weights for the compliance score and the solution score, which are the overall evaluation:
    • Compliance score consists of tenets score, pillar score, threat protection score, and trust algorithm score.
    • Solution score consists of features score, usability score, affordability score, and architecture score.
    This image contains a screenshot from the Zero Trust Candidate Solutions Selection Tool, which demonstrates how to define compliance and solution evaluation criteria.

    3.1.2 Define remaining evaluation criteria

    On the Setup tab, provide a weight for each evaluation criterion to evaluate the candidate solutions. You can use “0%” weight if that criterion is not required in your solution selection.

    1. Verify that the Description for each criterion is accurate.
    2. Provide weights for the remaining evaluation criteria:
    • Tenets: Considers how well each initiative aligns with zero trust principles.
    • Pillars: Considers how well each initiative aligns with zero trust pillars.
    • Threats: Considers what zero trust threats are relevant with the candidate solution.
    • Trust Algorithm: Considers trust evaluation factors, trust evaluation process score, and input coverage.
    • Cost Estimation: Considers initial costs, which are one-time, upfront capital investments (e.g. hardware and software costs), and ongoing cost, which is any annually recurring operating expenses that are new budgetary costs (e.g. licensing, maintenance, subscription fees).
    • Deployment Architecture: Considers the solutions deployment architecture capabilities.

    This image contains a screenshot from the Zero Trust Candidate Solutions Selection Tool, and demonstrates where to define additional evaluation data

    Review available candidate solutions

    this image contains a list of available candidate Solutions.  This list includes: Zero Trust Identity; Zero-Trust Application & Workloads; Zero-Trust Networks; Zero-Trust Devices; and Zero-Trust Data

    The Rapid Application Selection Framework is a comprehensive yet fast-moving approach to help you select the right software for your organization

    Five key phases sequentially add rigor to your selection efforts while giving you a clear, swift-flowing methodology to follow.

    Awareness Education & Discovery Evaluation Selection Negotiation & Configuration
    1.1 Proactively Lead Technology Optimization & Prioritization 2.1 Understand Marketplace Capabilities & Trends 3.1 Gather & Prioritize Requirements & Establish Key Success Metrics 4.1 Create a Weighted Vendor Selection Decision Model 5.1 Initiate Price Negotiation With Top
    1.2 Scope & Define the Selection Process for Each Selection Request Action 2.2 Discover Alternative Solutions & Conduct Market Education 3.2 Conduct a Data-Driven Comparison of Vendor Features & Capabilities 4.2 Conduct Investigative Interviews Focused on Mission Critical Priorities With Top 2-4 Vendors 5.2 Negotiate Contract Terms & Product Configuration Two Vendors Selected
    1.3 Conduct an Accelerated Business Needs Assessment 2.3 Evaluate Enterprise Architecture & Application Portfolio 3.3 Narrow the Field to Four Top Contenders 4.3 Validate Key Issues With Deep Technical Assessments, Trial Configuration & Reference Checks 5.3 Finalize Budget Approval & Project Implementation Timeline
    1.4 Align Stakeholder Calendars to Reduce Elapsed Time & Asynchronous Evaluation 2.4 Validate the Business Case 5.4 Invest in Training & Onboarding Assistance

    Download the Rapid Application Selection Framework research

    Evaluate software category leaders through vendor rankings and awards

    SoftwareReviews

    The Data Quadrant is a thorough evaluation and ranking of all software in an individual category to compare platforms across multiple dimensions.

    The Data Quadrant Report

    Vendors are ranked by their Composite Score, based on individual feature evaluations, user satisfaction rankings, vendor capability comparisons, and likeliness to recommend the platform.

    Vendors ranked by their Composite Score

    The Emotional Footprint is a powerful indicator of overall user sentiment toward the relationship with the vendor, capturing data across five dimensions.

    Emotional Footprint

    Vendors are ranked by their Customer Experience (CX) Score, which combines the overall Emotional Footprint rating with a measure of the value delivered by the solution.

    Vendors ranked by their Customer Experience (CX) Score

    Sample whiteboard activity

    • Place sticky notes on the zero trust tenet that matches with the identified candidate solution to produce “solution requirements” that can be used to develop an RFP.
    • A sample sticky note is provided below for privileged access management.

    This image contains a screenshot of a sample whiteboard activity which can be done using sticky notes.

    • The PAM solution should support MFA
    • Live session monitoring, audit, and reporting
    • Should have password vaulting to prevent privileged users from knowing the passwords to critical systems and resources

    3.2 Identify candidate solutions

    Estimated time 2 hours

    1. As a group, have the team review the candidate solutions within the Zero Trust Program Gap Analysis Tool.
    2. On tab 3 in the Zero Trust Candidate Solutions Selection Tool:
    • Review the candidate solutions within the Zero Trust Program Gap Analysis Tool. For example, the candidate solutions with multifactor authentication (MFA) options are authenticators with SMS, mobile application, smartcard, or token.

    Input

    • Candidate solutions for zero trust tasks and initiatives

    Output

    • Suitability evaluation of candidate solutions

    Materials

    • Zero Trust Program Gap Analysis Tool
    • Zero Trust Candidate Solutions Selection Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT

    Info-Tech Insight

    Add a description associated with the candidate solution, e.g. reference link to vendors or manufacturers. This will make it easier to perform the evaluation.

    Download the Zero Trust Candidate Solutions Selection Tool

    3.2.1 Review candidate solutions

    1. Review the candidate solutions within the Zero Trust Program Gap Analysis Tool. For example, the candidate solutions with multifactor authentication (MFA) options are authenticators with SMS, mobile application, smartcard, or token.
    2. Enter candidate solutions to the Compliance Data Entry tab on the Solution column within the Zero Trust Candidate Solutions Selection Tool.
    3. Optionally, add a description associated with the candidate solution, e.g. reference link to vendors or manufacturers. This will make it easier to perform the evaluation.
    this image contains a screenshot of a sample candidate solution, which can be done using Info-Tech's Zero Trust Program Gap Analysis Tool

    3.3 Evaluate candidate solutions

    Estimated time 3 hours

    On the Scoring tab, evaluate solution features, usability, affordability, and architecture using the instructions on the following slides. This activity will produce a solution score that can be used to identify the suitability of a solution.

    Input

    • Candidate solutions

    Output

    • Candidate solutions scored

    Materials

    • Zero Trust Program Gap Analysis Tool
    • Zero Trust Candidate Solutions Selection Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT

    Download the Zero Trust Candidate Solutions Selection Tool

    3.3.3 Evaluate solution scores

    After all candidate solutions are evaluated, the Solution Score column can be sorted to rank the candidate solutions. After sorting, the top solutions can be used on prioritization of initiatives on Zero Trust Program Gap Analysis Tool.

    1. On Features
      1. Enter Coverage.
      2. Enter Quality.
    2. Enter Usability.
    3. On Affordability
      1. Enter Initial Cost.
      2. Enter Ongoing Cost (annual).
    4. Enter Architecture.
    this image contains a screenshot of how you can sort the solution score column in Info-Tech's Zero Trust Program Gap Analysis Tool

    3.4 Perform cost/benefit analysis

    Estimated time 1-2 hours

    1. Assign costing and benefits information for each initiative, following the instructions on the next slide.
    2. Define dependencies or business impacts if they will help with prioritization.

    Input

    • Ranked candidate solutions
    • Gap analysis
    • Initiative list

    Output

    • Completed cost/benefit analysis for initiative list

    Materials

    • Zero Trust Program Gap Analysis Tool
    • Zero Trust Candidate Solutions Selection Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, Facilities, Audit, Risk Management
    • Project Management Office

    Download the Zero Trust Program Gap Analysis Tool

    3.4.1 Complete the cost/benefit analysis

    Use Zero Trust Program Gap Analysis Tool.

    1. On the Prioritization tab, use the drop-down lists to enter the estimated costs and efforts for each initiative, using the criteria defined earlier.
    • Use the result from candidate selection to define the estimated costs.
    • If you have actual costs available, you can optionally enter them under the Detailed Cost Estimates columns.
  • Enter the estimated benefits, also using the criteria defined earlier.
  • This image contains a screenshot of a cost/benefit analysis table which can be found in the Zero Trust Program Gap Analysis Tool

    The Cost / Effort Rating is calculated based on the weight defined on step 2.1.1. The Benefit Rating is calculated based on the weight defined on step 2.1.2.

    3.4.2 Optionally enter detailed cost estimates

    Use Zero Trust Program Gap Analysis Tool.

    1. For each initiative, the tool will automatically populate the Detailed Cost Estimates and Detailed Staffing Estimates columns using the averages that you provided in step 2.1.1. However, if you have more detailed data about the costs and effort requirements for an initiative, you can override the calculated data by manually entering it into these columns. For example:
    • You are planning to subscribe to a security awareness vendor, and you have a quote from them specifying that the initial cost will be $75,000.
    • You have defined your “Medium” cost range as being “$10-100K,” so you select medium as your initial cost for this initiative in step 3.4.1. As you defined the average for medium costs as being $50,000, this is what the tool will put into the detailed cost estimate.
    • You can override this average by entering $75,000 as the initial cost in the detailed cost estimate column.

    This image contains a screenshot of a sample cost/benefit table found in the Zero Trust Program Gap Analysis Tool.

    The Benefits-Cost column will give results after comparing the cost and the benefit. Negative value means that the cost outweighs the benefit. Positive value means that the benefit outweighs the cost. Zero value means that the cost equals the benefit.

    3.5 Prioritize initiatives

    Estimated time 2-3 hours

    1. As a group, review the results of the cost/benefit analysis. Optionally, complete the Other Considerations columns in the Prioritization tab:
    • Dependencies can refer to other initiatives on the list or any other dependency that relates to activities or projects within the organization.
    • Business impacts can be helpful to document as they may require additional planning and communication that could impact initiative timelines.
  • Follow step 3.5.1 to create a visual effort map for your organization.
  • Follow step 3.5.2 and 3.5.3 to refine the effort map’s visual output.
  • Input

    • Gap analysis
    • Initiative list
    • Cost/benefit analysis

    Output

    • Prioritized list of initiatives

    Materials

    • Zero Trust Program Gap Analysis Tool

    Participants

    • Security Team
    • IT Leadership
    • Project Management Office

    Download the Zero Trust Program Gap Analysis Tool

    3.5.1 Create a visual effort map for your organization

    1 hour

    An effort map is a tool used for the visualization of a cost and benefit analysis. It is a quadrant output that visually shows how your gap initiatives were prioritized based on tab 7 in the Zero Trust Program Gap Analysis Tool.

    1. Establish the axes and colors for your effort map:
      1. X-axis represents the Benefit value from column J
      2. Y-axis represents the Cost/Effort value from column H
      3. Sticky note color is determined using the Alignment to Business value from column I
    2. Create sticky notes for each initiative and place them on the effort map or whiteboard based on the axes you have created with the help of your team.
    3. As you place initiatives on the visual effort map, discuss and modify rankings based on team member input.

    this image contains a sample visual effort map which can be found in the Zero Trust Program Gap Analysis Tool.

    Input

    • Outputs from activities 3.4.1 and 3.4.2

    Output

    • High-level prioritization for each of the gap-closing initiatives
    • Visual representation of quantitative values

    Materials

    • Zero Trust Program Gap Analysis Tool (tab 7)
    • Sticky notes
    • Markers
    • Whiteboard

    Participants

    • Security Team
    • IT Leadership
    • Project Management Office

    3.5.2 Refine the effort map’s visual output

    1 hour

    Once the effort map is complete, work to further simplify the visual output by categorizing initiatives based on the quadrant in which they have been placed.

    1. Before moving forward with the initiative wave prioritization (activity 3.7), identify any initiatives listed across all quadrants that are required as a part of compliance and mark with a sticky dot.
    2. Document these initiatives as Execution Wave 1.

    this image contains a screenshot of a refined visual effort map, which can be done by following the instructions in this section.

    Input

    • Outputs from activity 3.5.1

    Output

    • Prioritization for each of the gap-closing initiatives
    • First execution wave of gap-closing initiatives

    Materials

    • Zero Trust Program Gap Analysis Tool (tab 7)
    • Sticky notes
    • Sticky dots
    • Markers
    • Whiteboard

    Participants

    • Security Team
    • IT Leadership
    • Project Management Office

    3.5.3 Refine the effort map’s visual output

    30 minutes

    1. Use a separate area of the whiteboard to draw out four to five Execution Wave columns.
    2. Group initiatives into each Execution Wave column based on their placement within the quadrant from activities 3.5.1 and 3.5.2.
      1. Ensure that all identified mandatory activities as per governing privacy law fall within the first wave.
      2. Leverage the following 0-4 Execution Wave scale:
        1. Underway –Initiatives that are already underway
        2. Must Do – Initiatives that must happen right away
        3. Should Do – Initiatives that should happen but need more time/support
        4. Could Do – Initiatives that are not a priority
        5. Won’t Do – Initiatives that likely won’t be carried out
    3. Indicate the granular level for each execution wave using the a-z scale.
    • Use the lettering to track dependencies between initiatives.
      • If one must take place before another, ensure that its letter comes first alphabetically.
      • If multiple initiatives must take place at the same time, use the same letter to show they will take place in tandem.

    This image depicts the sample output for a refined visual effort map

    Input

    • Outputs from activity 3.5.2

    Output

    • Prioritization for each of the gap-closing initiatives
    • First execution wave of gap-closing initiatives

    Materials

    • Zero Trust Program Gap Analysis Tool (tab 7)
    • Sticky notes
    • Sticky dots
    • Markers
    • Whiteboard

    Participants

    • Security Team
    • IT Leadership
    • Project Management Office

    Wave assignment example

    In the example below, we see “IAM modernization” was assessed as 9 on cost/effort rating and 5 on benefit rating and its Benefits-Cost has a positive value of 1. We can label this as SHOULD DO (wave 2).

    We can also see “Network segmentation” was assessed as 6 on cost/effort rating and 4 on benefit rating and its Benefits-Cost has a positive value of 2. We can label this as MUST DO (wave 1).

    We can also see “Unified Endpoints Management” was assessed as 8 on cost/effort rating and 2 on benefit rating and its Benefits-Cost has a negative value of -4. We can label this as WON’T DO (no wave).

    We can also see “Data Protection” was assessed as 4 on cost/effort rating and 2 on benefit rating and its Benefits-Cost has a zero value. We can label this as COULD DO (wave 3).

    This image depicts a sample wave assignment output, discussed in this section.

    It is recommended to define the threshold of each wave based on the value of Benefits-Cost before assigning waves.

    3.6 Build roadmap

    Estimated time 2-3 hours

    1. As a group, follow step 3.6.1 to create your roadmap by scheduling initiatives into the Gantt chart within the Zero Trust Program Gap Analysis Tool.
    2. Review the roadmap for resourcing conflicts and adjust as required.
    3. Review the final cost and effort estimates for the roadmap.

    Input

    • Gap analysis
    • Cost/benefit analysis
    • Prioritized initiative list

    Output

    • Zero trust roadmap

    Materials

    • Zero Trust Program Gap Analysis Tool

    Participants

    • Security Team
    • IT Leadership
    • Project Management Office

    Download the Zero Trust Program Gap Analysis Tool

    3.6.1 Schedule initiatives using the Gantt chart

    1. On the Gantt Chart tab for each initiative, enter an owner (the role who will be primarily responsible for execution).
    2. Additionally, enter a start month and year for the initiative and the expected duration in months.
    • You can filter the Wave column to only see specific waves at any one time to assist with the scheduling.
    • You do not need to schedule Wave 4 initiatives as the expectation is that these initiatives will not be done.
    • This Image contains a screenshot of the Gantt Chart, with the following column headings highlighted and numbered: 1: Owner; 2: Expected Duration

    3.6.2 Review your roadmap

    1. When you have completed the Gantt chart, as a group review the overall roadmap to ensure that it is reasonable for your organization. Consider the following:
    • Do you have other IT or business projects planned during this time frame that may impact your resourcing or scheduling?
    • Does your organization have regular change freezes throughout the year that will impact the schedule?
    • Do you have over-subscribed resources? You can filter the list on the Owner column to identify potential over-subscription of resources.
    • Have you considered any long vacations, sabbaticals, parental leaves, or other planned longer-term absences?
    • Are your initiatives adequately aligned to your budget cycle? For instance, if you have an initiative that is expected to make recommendations for capital expenditure, it must be completed prior to budget planning.

    This image depicts an example roadmap which can be created following the use of the Gantt Chart

    3.6.3 Review your cost/effort estimates table

    1. Once you have completed your roadmap, review the total cost/effort estimates. This can be found in a table on the Results tab. This table will provide initial and ongoing costs and staffing requirements for each wave. This also includes the total three-year investment. In your review consider:
    • Is this investment realistic? Will completion of your roadmap require adding more staff or funding than you otherwise expected?
    • If the investment seems unrealistic, you may need to revisit some of your assumptions, potentially reducing target levels or increasing the amount of time to complete the strategy.

    This table provides you with the information to have important conversations with management and stakeholders.

    This image contains an example of the Zero Trust Roadmap Cost/Effort Estimates.  The column headings are as follows: Wave; Number of Initiatives; Initial Implementation - Cost; Initial Implementation - Effort; Ongoing Maintenance - Cost; Ongoing Maintenance - Effort.  A separate table is shown with the column heading: Estimated Total Three Year Investment

    Phase 4

    Formulate Policies for Roadmap Initiatives

    Build a Zero Trust Roadmap

    This phase will walk you through the following activities:

    • Formulate zero trust policies for critical DAAS elements.
    • Formulate zero trust policies to secure a path to access critical DAAS elements.

    This phase involves the following participants:

    • CIO
    • CISO
    • Business Executives
    • IT Manager
    • Security Team

    Understand the zero trust policy

    Use the Kipling methodology as a vendor agnostic approach to identify appropriate allow list elements when deploying multiple zero trust solutions.
    The policies help to prevent lateral movement.

    Who Who should access a resource? Here, the user ID that identifies the users through the principle of least privilege is allowed access to a particular resource. The authentication policy will be used to verify identity of a user when access request to a resource is made. Who requires MFA?
    What What application is used to access the resource? Application ID to identify applications that are only allowed on the network. Port control policies can be used for the application service.
    When When do users access the resource? Policy that identifies and enforces time schedule when an application accessed by users is used.
    Where Where is the resource located? The location of the destination resource should be added to the policy and, where possible, restrict the source of the traffic either by zone and/or IP address.
    Why Why is the data accessed? Data classification should be done to know why the data needs protection and the type of protection (data filtering).
    How How should you allow access to the resource? This covers the protection of the application traffic. Principle of least privilege access, log all traffic, configure security profiles, NGFW, decryption and encryption, consistent application of policy and threat prevention across all locations for all local and remote users on managed and unmanaged endpoints are ways to apply content-ID.

    Info-Tech Insight

    The success of a zero trust implementation relies on enforcing policies consistently. Applying the Kipling methodology to the protect surface is the best way to design zero trust policies.

    4.1.1 Formulate policy

    Estimated time 1-2 hours

    1. As a group, review the protect surface(s) identified in phase one, and using the Kipling methodology from the previous slide, formulate a policy. Each policy can be reviewed repeatedly until we are sure it satisfies the goal.
    2. The policy created should be consistent for both cloud and on-prem environments.
    3. As an example, let's use the healthcare scenario found in tab 3 of the Zero Trust Protect Surface Mapping Tool. The protect surface used is "Automated Medication Dispensing." Another example will be "Salesforce" accessed via the cloud.
    Who What When Where Why How
    Method User-ID App-ID Time limit System Object Classification Content-ID
    On-Prem Pyxis_Users Pyxis Any Pyxis_server Severe (high value data) Decrypt, Inspect, log traffic
    Cloud Sales Salesforce Working hours Canada Severe (high value data) Decrypt, Inspect, log traffic

    Input

    • Kipling methodology
    • Protect surface

    Output

    • Zero trust policy

    Materials

    • Whiteboard/Flip Charts
    • Zero Trust Protect Surface Mapping Tool

    Participants

    • CIO
    • CISO
    • Business Executives
    • IT Manager
    • Security Team

    4.1.2 Apply policy

    1-2 hours

    1. Place each protect surface in its own microperimeter. Each microperimeter should be segmented by a next-generation firewall or authentication broker that will serve as a segmentation gateway.
    2. Name the microperimeter and place it on a firewall.

    Input

    • Kipling methodology
    • Protect surface

    Output

    • Zero trust policy

    Materials

    • Whiteboard/Flip Charts
    • Sticky Notes
    • Zero Trust Protect Surface Mapping Tool

    Participants

    • CIO
    • CISO
    • Business Executives
    • IT Manager
    • Security Team

    Microperimeter A
    Protect Surface:
    DAAS Elements:

    Who What When Where Why How
    Method User-ID App-ID Time limit System Object Classification Content-ID

    Microperimeter B
    Protect Surface:
    DAAS Elements:

    Who What When Where Why How
    Method User-ID App-ID Time limit System Object Classification Content-ID

    Microperimeter C
    Protect Surface:
    DAAS Elements:

    Who What When Where Why How
    Method User-ID App-ID Time limit System Object Classification Content-ID

    4.2 Secure a path to access critical DAAS elements

    How should you allow access to the resource?

    This component makes up the final piece of formulating the policies as it applies the protection of the application traffic.

    The principle of least privilege is applied to the security policy to only allow access requests and restrict the access to the purpose it serves. This access request is then logged as well as the traffic (both internal and external). Most firewalls (NGFW) have policy rules that, by default, enable logging.

    Segmentation gateways (NGFW, VM-series firewalls, agent-based and clientless VPN solutions), are used to apply zero trust policy (Kipling methodology) in the network, cloud, and endpoint (managed and unmanaged) for all local and remote users.

    These policies need to be applied to security profiles on all allowed traffic. Some of these profiles include but are not limited to the following: URL filtering profile for web access and protect against phishing attacks, vulnerability protection profile intrusion prevention systems, anti spyware profiles to protect against command-and-control threats, malware and antivirus profile to protect against malware, and a file blocking profile to block and/or alert suspicious file types.

    Good visibility on your network can also be tied to decryption as you can inspect traffic and data to the lowest level possible that is generally accepted by your organization and in compliance with regulation.

    Conceptualized flow

    With users working from anywhere on managed and unmanaged devices, access to the internet, SAAS, public cloud, and the data center will have consistent policies applied regardless of their location.

    The policy is validating that the user is who they say they are based on the role profile, what they are trying to access to make sure their role or attribute profile has the appropriate permission to the application, and within the stipulated time limit. Where the data or application is located is also verified and the why needs to be satisfied before the requested access is granted. Based on the mentioned policies, the how element is then applied throughout the lifecycle of the access.

    Who

    (Internet)

    What

    (SAAS)

    When

    Where

    (Public Cloud)

    Why

    How

    (Data Center)

    Method User-ID App-ID Time limit System Object Classification Content-ID
    On-Prem Pyxis_Users Pyxis Any Pyxis_server Severe (high value data) Decrypt, Inspect, log traffic
    Cloud Sales Salesforce Working hours Canada Severe (high value data) Decrypt, Inspect, log traffic

    Phase 5

    Monitor Zero Trust Roadmap Deployment

    Build a Zero Trust Roadmap

    This phase will walk you through the following activities:

    • Establish metrics for roadmap tasks.
    • Track metrics for roadmap tasks.

    This phase involves the following participants:

    • Security Team
    • Subject Matter Experts From IT, HR, Legal, Facilities, Compliance, Audit, Risk Management
    • Project Management Office

    5.1 Establish metrics for roadmap tasks

    Estimated time 2 hours

    1. On tab “2. Task & Metric Register” of the Zero Trust Progress Monitoring Tool, identify metrics to measure implementation and efficacy of tasks
    2. On tab “2. Task & Metric Register” of the Zero Trust Progress Monitoring Tool, document metric metadata.
    3. On the Prioritization tab, use the drop-down lists to enter the estimated costs and efforts for each initiative, using the criteria defined earlier.
    • If you have actual costs available, you can optionally enter them under the Detailed Cost Estimates columns.
  • Enter the estimated benefits, also using the criteria defined earlier.
  • Input

    • Zero trust roadmap task list

    Output

    • Metrics for measuring zero trust task implementation and efficacy

    Materials

    • Zero Trust Progress Monitoring Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, HR, Legal, Facilities, Compliance, Audit, Risk Management
    • Project Management Office

    Download the Zero Trust Progress Monitoring Tool

    5.1.1 Identify metrics to measure implementation and efficacy of tasks

    Estimated time 3-4 hours

    1. On tab “2. Task & Metric Register” of the Zero Trust Progress Monitoring Tool, for each section defined in columns C and D, enter zero trust implementation tasks into column E. If you completed the Zero Trust Program Gap Analysis Tool, use the tasks identified there to populate column E.
    2. For each task, identify in column F any metrics that will communicate implementation progress and/or implementation efficacy.
    • If multiple metrics are needed for a single task, we recommend expanding the size of the row and adding additional metrics onto a new line in the same row. A sample is provided in the tool.

    this image contains a screenshot of tab 2 in the Zero Trust Progress Monitoring Tool

    Info-Tech Insight

    To measure the efficacy of a zero trust implementation, ensure you know what a successful zero trust implementation means for your organization, and define metrics that demonstrate whether that success is being realized.

    5.1.2 Document metric metadata

    Estimated time 1-2 hours

    For each metric defined in step 4.1.1:

    1. Identify in column G whether the metric can be measured now (Phase 1), measured in a few months’ time (Phase 2), or measured in a few years’ time (Phase 3).
    2. Identify in columns H through M who is responsible for collecting the metric (Person Source), who/what is consulted to collect the metric (Technology Source), who compiles the collected metric into dashboards and presentations (Compiler), and who is informed of the measurement of the metric (Audience).
    • Add more columns under the Audience category if needed.
    • Use “X” to identify if an audience group will be informed of the measurement of the metric.
  • Identify in columns N through P the target for the metric (Metric Target), the effort it takes to collect the metric (Effort to Collect), the frequency with which the organizations plans to collect the metric (Frequency of Collection), and any comments that people should know when collecting, compiling, or presenting metrics.
  • This image contains a screenshot from the Zero Trust Progress Monitoring Tool, with the following column headings numbered: 1: Priority; 2: Roles and Responsibilities; 3: effort to collect; frequency of collection; Metric Target; Comments

    5.2 Track and report metrics

    Estimated time 2 hours

    1. In the Zero Trust Progress Monitoring Tool, copy and paste metrics you plan to track in the tool from column F on tab 2 to column B on tab 3.
    2. Use tab 3 to identify collection frequency, metric target, and measurements collected for each metric. Add notes or comments to each metric or measurement to track contextual elements that could affect metric measurements.
    3. Leverage the graphs on tab 4 to communicate metrics to the appropriated audience groups, as defined in tab 2.

    Input

    • Metrics for measuring zero trust task implementation and efficacy

    Output

    • Metric data and graphs for presenting zero trust implementation metrics to audience groups

    Materials

    • Zero Trust Progress Monitoring Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, HR, Legal, Facilities, Compliance, Audit, Risk Management
    • Project Management Office

    Download the Zero Trust Progress Monitoring Tool

    5.2.1 Record baseline measurements for metrics

    Estimated time 1-2 hours

    On tab “3. Track Metrics” of the Zero Trust Progress Monitoring Tool:

    1. Copy and paste the metrics from Column F on tab “2. Task & Metric Register” that you want to track into Column B of this tab.
    2. For each metric, record the frequency of collection (Collection Frequency) and the metric target (Target) by referencing columns O and P on tab “2. Task & Metric Register.”
    3. Begin to record baseline/initial values for each metric in column E. Rename columns to match your highest frequency of collection.
      (e.g. if any metric is being measured monthly, there should be one column per month)
    4. Over time, conduct measurements of your metrics and store them in the table below.
    5. Add notes, as necessary.

    this image contains a screenshot of tab 3 of the Zero Trust Progress Monitoring Tool, with the following column headings numbered: 1: Your Metrics; 2: Collection Frequency; Target; 3: Jan; 4: Metric Measurements; 5: Notes

    5.2.2 Report metric health to audience groups

    Estimated time 1-2 hours

    On tab “4. Graphs” of the Zero Trust Progress Monitoring Tool:

    1. The Overall Metric Health gauge at the top of this tab presents the average percentage away from meeting metric targets for all metrics being tracked. To calculate this value, the differences between the most recent measurements and target values for each metric are averaged.
    2. Below the Overall Metric Health gauge, use the drop-down list in cell D9 to select one of the metrics from tab “3. Track Metrics.”
    3. Six different graphic representations of the tracked data for the selected metric will populate.

    Copy and paste desired graphs into presentations for audience members identified in step 5.1.2.

    This image contains a screenshot from tab “4. Graphs” of the Zero Trust Progress Monitoring Tool:

    5.3 Build a communication deck

    Estimated time 2 hours

    Leverage the Zero Trust Communication Deck to showcase the work that you have done in the tools and activities associated with this research.

    In this communication deck template, you will find the following sections:

    • Introduction
    • Protect Surfaces
    • Zero Trust Gap Analysis
    • Zero Trust Initiatives & Tasks

    Input

    • Protect surfaces mapped to business goals
    • Zero trust program gap analysis
    • Zero trust roadmap initiatives and tasks
    • Zero trust metrics

    Output

    • Communication deck for zero trust strategy

    Materials

    • Zero Trust Communication Deck

    Participants

    • Security Team
    • Subject Matter Experts From IT, HR, Legal, Facilities, Compliance, Audit, Risk Management
    • Project Management Office

    Download the Zero Trust Communication Deck

    Summary of Accomplishment

    Knowledge Gained

    • Knowledge of protect surfaces and the business goals protecting them supports
    • Comprehensive knowledge of zero trust current state and summary initiatives required to achieve zero trust objectives
    • Assessment of which solutions for zero trust tasks and initiatives are the most appropriate for the organization
    • A defined set of security metrics assessing zero trust implementation progress and efficacy

    Deliverables Completed

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop

    Contact your account representative for more information

    workshops@infotech.com

    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    Contact your account representative for more information.

    This is a picture of an Info-Tech Account Representative
    workshops@infotech.com 1-888-670-8889

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Zero Trust Program Gap Analysis Tool

    This is a screenshot from the Zero Trust Program Gap Analysis Tool

    Assess current security capabilities and build a roadmap of tasks and initiatives that close maturity gaps.

    Zero Trust Progress Monitoring Tool

    This is a screenshot from the Zero Trust Progress Monitoring Tool

    Identify and track metrics for zero trust tasks and initiatives.

    Research Contributors

    • Aaron Benson, CME Group, Director of IAM Governance
    • Brad Mateski, Zones, Solutions Architect for CyberSecurity
    • Bob Smock, Info-Tech Research Group, Vice President of Consulting
    • Dr. Chase Cunningham, Ericom Software, Chief Strategy Officer
    • John Kindervag, ON2IT Cybersecurity, Senior Vice President, Cybersecurity Strategy and ON2IT Group Fellow
    • John Zhao, Fonterra, Enterprise Security Architect
    • Rongxing Lu, University of New Brunswick, Associate Professor
    • Sumanta Sarkar, University of Warwick, Assistant Professor
    • Tim Malone, J.B. Hunt Transport, Senior Director Information Security
    • Vana Matte, J.B. Hunt Transport, Senior Vice President of Technology Services

    Related Info-Tech Research

    This is a screenshot from Info-Tech's Build an Information Security Strategy

    Build an Information Security Strategy

    Info-Tech has developed a highly effective approach to building an information security strategy – an approach that has been successfully tested and refined for over seven years with hundreds of organizations. This unique approach includes tools for ensuring alignment with business objectives, assessing organizational risk and stakeholder expectations, enabling a comprehensive current-state assessment, prioritizing initiatives, and building out a security roadmap.

    This is a screenshot from Info-Tech's Determine Your Zero Trust Readiness.

    Determine Your Zero Trust Readiness

    IT security was typified by perimeter security. However, the way the world does business has mandated a change to IT security. In response, zero trust is a set of principles that can add flexibility to planning your IT security strategy.

    Use this blueprint to determine your zero trust readiness and understand how zero trust can benefit both security and the business.

    This is a screenshot from Info-Tech's Mature Your Identity and Access Management Program

    Mature Your Identity and Access Management Program

    Many organizations are looking to improve their identity and access management (IAM) practices but struggle with where to start and whether all areas of IAM have been considered. This blueprint will help you improve the organization's identity and access management practices by following our three-phase methodology:

    • Assess identity and access requirements
    • Identify initiatives using the identity lifecycle
    • Prioritize initiatives and build a roadmap

    Bibliography

    • “2021 Data Breach Investigations Report.” Verizon, 2021. Web.
    • “A Zero-Trust Strategy Has 3 Needs - Identify, Authenticate, and Monitor Users and Devices On and Off The Network.” Fortinet, 15 July 2021. Web.
    • “Applying Zero Trust Principles to Enterprise Mobility.” CISA, March 2022. Web.
    • Biden Jr., Joseph R. “Executive Order on Improving the Nation’s Cybersecurity.” The White House, 12 May 2021. Web.
    • “CISA Zero Trust Maturity Model.” CISA - Cybersecurity Division, June 2021. Web.
    • “Continuous Diagnostics and Mitigation Program Overview.” CISA, Jan. 2022. Web.
    • Contributor. “The Five Business Benefits of a Zero Trust Approach to Security.” Security Brief - Australia, 19 Aug. 2020. Web.
    • “Cost of a Data Breach Report 2021.” IBM, July 2021. Web.
    • English, Melanie. “5 Stats That Show The Cost Saving Effect of Zero Trust.” Teramind, 29 Sept. 2021. Web.
    • “Improve Application Access and Security With Fortinet Zero Trust Network Access.” Fortinet, 2 March 2021. Web.
    • “Incorporating Zero-trust Strategies for Secure Network and Application Access.” Fortinet, 21 July 2021. Web.
    • Jakkal, Vasu. “Zero Trust Adoption Report: How Does Your Organization Compare?” Microsoft, 28 July 2021. Web.
    • “Jericho Forum™ Commandments.” The Open Group, Jericho Forum, May 2007. Web.
    • Johnson, Derrick. “Zero Trust vs. SASE - Here's What You Need to Know.” Security Magazine, 23 July 2021. Web.
    • Joint Defense Information Systems Agency (DISA) and National Security Agency (NSA) Zero Trust Engineering Team. “Department of Defense (DOD) Zero Trust Reference Architecture.” DoD CIO, Feb. 2021. Web.
    • Kay, Dennis. “Planning for a Zero Trust Architecture Target State.” NASA, NIST, 13 Nov. 2019. Web.
    • National Security Agency. “Embracing a Zero Trust Security Model.” U.S. Department of Defense, Feb. 2021. Web.
    • NSTAC. “Draft Report to the President - Zero Trust and Trusted Identity Management.” CISA, NSTAC, n.d. Web.
    • Rose, Scott W., et al. “Zero Trust Architecture.” NIST, 10 Aug. 2020. Web.
    • “Securing Digital Innovation Demands Zero-Trust Access.” Fortinet, 15 July 2021. Web.
    • Shackleford, Dave. “How to Create a Comprehensive Zero Trust Strategy.” SANS, Cisco, 2 Sept. 2020. Web.
    • “The CISO’s Guide to Effective Zero-Trust Access.” Fortinet, 28 April 2021. Web.
    • “The State of Zero Trust Security 2021.” Okta, June 2021. Web.
    • Kerman, Alper, et al. “Implementing a Zero Trust Architecture.” NIST - National Cybersecurity Center of Excellence, March 2020. Web.
    • Kindervag, John. “Keynote - John KINDERVAG - 021622.” Vimeo, VIRTUAL Eastern | CyberSecurity Conference, 16 Feb. 2022. Web.
    • Lodewijkx, Koos. “IBM CISO Perspective: Zero Trust Changes Security From Something You Do to Something You Have.” SecurityIntelligence, IBM, 19 Nov. 2020. Web.
    • VB Staff. “Report: Only 21% of Enterprises Use Zero Trust Architecture.” VentureBeat, 15 Feb. 2022. Web.
    • Young, Shalanda D. “Moving the U.S. Government Toward Zero Trust Cybersecurity Principles.” The White House, EXECUTIVE OFFICE OF THE PRESIDENT - OFFICE OF MANAGEMENT AND BUDGET, 26 Jan. 2022. Web.
    • “Zero Trust Access.” Fortinet, n.d. Web.
    • “Zero Trust Architecture Technical Exchange Meeting.” NIST - National Cybersecurity Center of Excellence, 12 Nov. 2019. Web.
    • “Zero Trust Cybersecurity Current Trends.” ACT-IAC, 18 April 2019. Web.
    • “Zero-Trust Access for Comprehensive Visibility and Control.” Fortinet, 24 Sep. 2020. Web.

    Define Requirements for Outsourcing the Service Desk

    • Buy Link or Shortcode: {j2store}493|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk
    • In organizations where technical support is viewed as non-strategic, many see outsourcing as a cost-effective way to provide this support. However, outsourced projects often fall short of their goals in terms of cost savings and the quality of support. 
    • Significant administrative work and up-front costs are required to outsource the service desk, and poor planning often results in project failure and a decrease of end-user satisfaction.
    • A complete turnover of the service desk can result in lost knowledge and control over processes, and organizations without an exit strategy can struggle to bring their service desk back in house and return the confidence of end users.

    Our Advice

    Critical Insight

    • Outsourcing is easy. Realizing the expected cost, quality, and focus benefits is hard. Successful outsourcing without being directly involved in service desk management is almost impossible.
    • You don’t need to standardize before you outsource, but you still need to conduct your due diligence. If you outsource without thinking about how you want the future to work, you will likely be unsatisfied with the result.
    • If cost is your only driver for outsourcing, understand that it comes at a cost. Customer service quality will likely be less, and your outsourcer may not add on frills such as Continual Improvement. Be careful that your specialists don’t end up spending more time working on incidents and service requests.

    Impact and Result

    • First decide if outsourcing is the correct step; there may be more preliminary work to do beforehand.
    • Assess requirements and make necessary adjustments before developing an outsource RFP.
    • Clearly define the project and produce an RFP to provide to vendors.
    • Plan for long-term success, not short-term gain.
    • Prepare to retain some of the higher-level service desk work.

    Define Requirements for Outsourcing the Service Desk Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define Requirements for Outsourcing the Service Desk Deck – A step-by-step document to walk you through building a strategy for efficient service desk outsourcing.

    This storyboard will help you craft a project charter, create an RFP, and outline strategies to build a long-term relationship with the vendor.

    • Define Requirements for Outsourcing the Service Desk – Storyboard
    • Service Desk Outsourcing Requirements Database Library

    2. Service Desk Outsourcing Project Charter Template and Requirements Library – Best-of-breed templates to help you determine processes and build a strategy to outsource them.

    These templates will help you determine your service desk requirements and document your proposed service desk outsourcing strategy.

    • Service Desk Outsourcing Project Charter Template

    3. Service Desk Outsourcing RFP Template – A structured document to help you outline expectations and communicate requirements to managed service providers.

    This template will allow you to create a detailed RFP for your outsourcing agreement, document the statement of work, provide service overview, record exit conditions, and document licensing model and estimated pricing.

    • Service Desk Outsourcing RFP Template

    4. Service Desk Outsourcing Reference Interview Template and Scoring Tool – Materials to help you conduct efficient briefings and select the best vendor to fulfill your service desk requirements.

    Use the Reference Interview Template to outline a list of questions for interviewing current/previous customers of your candidate vendors. These interviews will help you with unbiased vendor scoring. The RFP Vendor Scoring Tool will help you facilitate vendor briefings with your list of questions and score candidate vendors efficiently through quantifying evaluations.

    • Service Desk Outsourcing Reference Interview Template
    • Service Desk Outsourcing RFP Scoring Tool

    Infographic

    Further reading

    Define Requirements for Outsourcing the Service Desk

    Prepare your RFP for long-term success, not short-term gains

    Define Requirements for Outsourcing the Service Desk

    Prepare your RFP for long-term success, not short-term gains

    EXECUTIVE BRIEF

    Analyst Perspective

    Outsource services with your eyes wide open.

    Cost reduction has traditionally been an incentive for outsourcing the service desk. This is especially the case for organizations that don't have minimal processes in place and those that need resources and skills to fill gaps.

    Although cost reduction is usually the main reason to outsource the service desk, in most cases service desk outsourcing increases the cost in a short run. But without a proper model, you will only outsource your problems rather than solving them. A successful outsourcing strategy follows a comprehensive plan that defines objectives, assigns accountabilities, and sets expectations for service delivery prior to vendor outreach.

    For outsourcing the service desk, you should plan ahead, work as a group, define requirements, prepare a strong RFP, and contemplate tension metrics to ensure continual improvement. As you build a project charter to outline your strategy for outsourcing your IT services, ensure you focus on better customer service instead of cost optimization. Ensure that the outsourcer can support your demands, considering your long-term achievement.

    Think about outsourcing like a marriage deed. Take into account building a good relationship before beginning the contract, ensure to include expectations in the agreement, and make it possible to exit the agreement if expectations are not satisfied or service improvement is not achieved.

    This is a picture of Mahmoud Ramin, PhD, Senior Research Analyst, Infrastructure and Operations, Info-Tech Research Group

    Mahmoud Ramin, PhD
    Senior Research Analyst
    Infrastructure and Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    In organizations where technical support is viewed as non-strategic, many see outsourcing as a cost-effective way to provide this support. However, outsourcing projects often fall short of their goals in terms of cost savings and quality of support.

    Common Obstacles

    Significant administrative work and up-front costs are required to outsource the service desk, and poor planning often results in project failure and the decrease of end-user satisfaction.

    A complete turnover of the service desk can result in lost knowledge and control over processes, and organizations without an exit strategy can struggle to bring their service desk back in house and reestablish the confidence of end users.

    Info-Tech's Approach

    • First decide if outsourcing is the correct step; there may be more preliminary work to do beforehand.
    • Assess requirements and make necessary adjustments before developing an outsource RFP.
    • Clearly define the project and produce an RFP to provide to vendors.
    • Plan for long-term success, not short-term gains.
    • Prepare to retain some of the higher-level service desk work.

    Info-Tech Insight

    Outsourcing is easy. Realizing all of the expected cost, quality, and focus benefits is hard. Successful outsourcing without being directly involved in service desk management is almost impossible.

    Your challenge

    This research is designed to help organizations that need to:

    • Outsource the service desk or portions of service management to improve service delivery.
    • Improve and repatriate existing outsourcing outcomes by becoming more engaged in the management of the function. Regular reviews of performance metrics, staffing, escalation, knowledge base content, and customer satisfaction are critical.
    • Understand the impact that outsourcing would have on the service desk.
    • Understand the potential benefits that outsourcing can bring to the organization.

    This image contains a donut chart with the following information: Salaries and Benefits - 68.50%; Technology - 9.30%; Office Space and Facilities Expense - 14.90%; Travel, Training, and Office Supplies - 7.30%

    Source: HDI 2017

    About 68.5% of the service desk fund is allocated to agent salaries, while only 9.3% of the service desk fund is spent on technology. The high ratio of salaries and expenses over other expense drives organizations to outsource their service desk without taking other considerations into account.

    Info-Tech Insight

    The outsourcing contract must preserve your control, possession, and ownership of the intellectual property involved in the service desk operation. From the beginning of the process, repatriation should be viewed as a possibility and preserved as a capability.

    Your challenge

    This research helps organizations who would like to achieve these goals:

    • Determine objectives and requirements to outsource the service desk.
    • Develop a project charter and build an outsourcing strategy to efficiently define processes to reduce risk of failure.
    • Build an outsourcing RFP and conduct interviews to identify the best candidate for service delivery.
    • Build a long-term relationship with an outsourcing vendor, making sure the vendor is able to satisfy all requirements.
    • Include a continual improvement plan in the outsourcing strategy and contain the option upon service delivery dissatisfaction.

    New hires require between 10 and 80 hours of training (Forward Bpo Inc., 2019).

    A benchmark study by Zendesk from 45,000 companies reveals that timely resolution of issues and 24/7 service are the biggest factors in customer service experience.

    This image contains a bar graph with the following data: Timely issue resolution; 24/7 support; Friendly agent; Desired contact method; Not to repeat info; Proactive support; Self-serve; Call back; Rewards & freebies

    These factors push many businesses to consider service desk outsourcing to vendors that have capabilities to fulfill such requirements.

    Common obstacles

    These barriers make this challenge difficult to address for many organizations:

    • In most cases, organizations must perform significant administrative work before they can make a move. Those that fail to properly prepare impede a smooth transition, the success of the vendor, and the ability to repatriate.
    • Successful outsourcing comes from the recognition that an organization is experiencing complete turnover of its service desk staff. These organizations engage the vendor to transition knowledge and process to ensure continuity of quality.
    • IT realizes the most profound hidden costs of outsourcing when the rate of ticket escalation increases, diminishing the capacity of senior technical staff for strategic project work.

    Many organizations may not get the value they expect from outsourcing in their first year.

    Common Reasons:

    • Overall lack of due diligence in the outsourcing process
    • Unsuitable or unclear service transition plan
    • Poor service provider selection and management

    Poor transition planning results in delayed benefits and a poor relationship with your outsourcing service provider. A poor relationship with your service provider results in poor communication and knowledge transfer.

    Key components of a successful plan:

    1. Determine goals and identify requirements before developing an RFP.
    2. Finalize your outsourcing project charter and get ready for vendor evaluation.
    3. Assess and select the most appropriate provider; manage the transition and vendor relationship.

    Outsource the service desk properly, and you could see a wide range of benefits

    Service Desk Outsourcing: Ability to scale up/down; Reduce fixed costs; Refocus IT efforts on core activities; Access to up-to-date technology; Adhere to  ITSM best practices; Increased process optimization; Focus IT efforts on advanced expertise; Reframe to shift-left;

    Info-Tech Insight

    In your service desk outsourcing strategy, rethink downsizing first-level IT service staff. This can be an opportunity to reassign resources to more valuable roles, such as asset management, development or project backlog. Your current service desk staff are most likely familiar with the current technology, processes, and regulations within IT. Consider the ways to better use your existing resources before reducing headcount.

    Info-Tech's Approach

    Determine Goals

    Conduct activities in the blueprint to pinpoint your current challenges with the service desk and find out objectives to outsource customer service.

    Define Requirements

    You need to be clear about the processes that will be outsourced. Considering your objectives, we'll help you discover the processes to outsource, to help you achieve your goals.

    Develop RFP

    Your expectations should be documented in a formal proposal to help vendors provide solid information about how they will satisfy your requirements and what their plan is.

    Build Long-Term Relationship

    Make sure to plan for continual improvement by setting expectations, tracking the services with proper metrics, and using efficient communication with the provider. Think about the rainy day and include exit conditions for ending the relationship if needed.

    Info-Tech's methodology

    1. Define the Goal

    2. Design an Outsourcing Strategy

    3. Develop an RFP and Make a Long-Term Relationship

    Phase Steps

    1.1 Identify goals and objectives

    1.2 Assess outsourcing feasibility

    2.1 Identify project stakeholders

    2.2 Outline potential risks and constraints

    3.1 Prepare service overview and responsibility matrix

    3.2 Define approach to vendor relationship management

    3.3 Manage the outsource relationship

    Phase Outcomes

    Service Desk Outsourcing Vision and Goals

    Service Desk Processes to Outsource

    Outsourcing Roles and Responsibilities

    Outsourcing Risks and Constraints

    Service Desk Outsourcing Project Charter

    Service Desk Outsourcing RFP

    Continual Improvement Plan

    Exit Strategy

    This is an image of the strategy which you will use to build your requirements for outsourcing the service desk.  it includes: 1. Define the Goal; 2. Design an Outsourcing Strategy; 3. Develop RFP and long-term relationship.

    Insight summary

    Focus on value

    Outsourcing is easy. Realizing all of the expected cost, quality, and focus benefits is hard. Successful outsourcing without being directly involved in service desk management is almost impossible.

    Define outsourcing requirements

    You don't need to standardize before you outsource, but you still need to conduct your due diligence. If you outsource without thinking about how you want the future to work, you will likely be unsatisfied with the result.

    Don't focus on cost

    If cost is your only driver for outsourcing, understand that there will be other challenges. Customer service quality will likely be less, and your outsourcer may not add on frills such as Continual Improvement. Be careful that your specialists don't end up spending more time working on incidents and service requests.

    Emphasize on customer service

    A bad outsourcer relationship will result in low business satisfaction with IT overall. The service desk is the face of IT, and if users are dissatisfied with the service desk, then they are much likelier to be dissatisfied with IT overall.

    Vendors are not magicians

    They have standards in place to help them succeed. Determine ITSM best practices, define your requirements, and adjust process workflows accordingly. Your staff and end users will have a much easier transition once outsourcing proceeds.

    Plan ahead to guarantee success

    Identify outsourcing goals, plan for service and system integrations, document standard incidents and requests, and track tension metrics to make sure the vendor does the work efficiently. Aim for building a long-term relationship but contemplate potential exit strategy.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    This is a screenshot from the Service Desk Outsourcing Requirements Database Library

    Service Desk Outsourcing Requirements Database Library

    Use this library to guide you through processes to outsource

    This is a screenshot from the Service Desk Outsourcing RFP Template

    Service Desk Outsourcing RFP Template

    Use this template to craft a proposal for outsourcing your service desk

    This is a screenshot from the Service Desk Outsourcing Reference Interview Template

    Service Desk Outsourcing Reference Interview Template

    Use this template to verify vendor claims on service delivery with pervious or current customers

    This is a screenshot from the Service Desk Outsourcing Vendor Proposal Scoring Tool

    Service Desk Outsourcing Vendor Proposal Scoring Tool

    Use this tool to evaluate RFP submissions

    Key deliverable:

    This is a screenshot from the key deliverable, Service Desk Outsourcing Project Charter

    Service Desk Outsourcing Project Charter

    Document your project scope and outsourcing strategy in this template to organize the project for efficient resource and requirement allocation

    Blueprint benefits

    IT Benefits

    Business Benefits

    • Determine current challenges with the service desk and identify services to outsource.
    • Make the project charter for an efficient outsourcing strategy that will lead to higher satisfaction from IT.
    • Select the best outsource vendor that will satisfy most of the identified requirements.
    • Reduce the risk of project failure with efficient planning.
    • Understand potential feasibility of service desk outsourcing and its possible impact on business satisfaction.
    • Improve end-user satisfaction through a better service delivery.
    • Conduct more efficient resource allocation with outsourcing customer service.
    • Develop a long-term relationship between the enterprise and vendor through a continual improvement plan.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1Phase 2Phase 3

    Call #1: Scope your specific challenges and objectives

    Call #3: Identify project stakeholders, and potential risks and constraints

    Call #5: Create a detailed RFP

    Call #6: Identify strategy risks.

    Call #2: Assess outsourcing feasibility and processes to outsourceCall #4: Create a list of metrics to ensure efficient reporting

    Call #7: Prepare for vendor briefing and scoring each vendor

    Call #8: Build a communication plan

    A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 10 calls over the course of 4 to 6 months.

    Phase 1

    Define the goal

    Define the goal

    Design an outsourcing strategy

    Develop an RFP and make a long-term relationship

    1.1 Identify goals and objectives

    1.2 Assess outsourcing feasibility

    2.1 Identify project stakeholders

    2.2 Outline potential risks and constraints

    3.1 Prepare a service overview and responsibility matrix

    3.2 Define your approach to vendor relationship management

    3.3 Manage the outsource relationship

    This phase will walk you through the following activities:

    • Analysis outsourcing objectives
    • Assess outsourcing feasibility
    • Identify services and processes to outsource

    This phase involves the following participants:

    • Service Desk Team
    • IT Leadership

    Define requirements for outsourcing service desk support

    Step 1.1

    Identify goals and objectives

    Activities

    1.1.1 Find out why you want to outsource your service desk

    1.1.2 Document the benefits of outsourcing your service desk

    1.1.3 Identify your outsourcing vision and goals

    1.1.4 Prioritize service desk outsourcing goals to help structure your mission statement

    1.1.5 Craft a mission statement that demonstrates your decision to reach your outsourcing objectives

    Define the goal

    This step requires the following inputs:

    • List of strengths and weaknesses of the service desk
    • Challenges with the service desk

    This step involves the following participants:

    • CIO
    • IT Leadership
    • Service Desk Manager
    • IT Managers

    Outcomes of this step

    • Service desk outsourcing vision and goals
    • Benefits of outsourcing the service desk
    • Mission statement

    What is your rationale to outsource the service desk?

    Potential benefits of outsourcing the service desk:

    • Bring in the expertise and knowledge to manage tickets according to best-practice guidelines
    • Reduce the timeline to response and resolution
    • Improve IT productivity
    • Enhance IT services and improve performance
    • Augment relationship between IT and business through service-level improvement
    • Free up the internal team and focus IT on complex projects and higher priority tasks
    • Speed up service desk optimization
    • Improve end-user satisfaction through efficient IT services
    • Reduce impact of incidents through effective incident management
    • Increase service consistency via turnover reduction
    • Expand coverage hour and access points
    • Expand languages to service different geographical areas

    1.1.1 Find out why you want to outsource your service desk

    1 hour

    Service desk is the face of IT. Service desk improvement increases IT efficiency, lowers operation costs, and enhances business satisfaction.

    Common challenges that result in deciding to outsource the service desk are:

    Participants: IT Director, Service Desk Manager, Service Desk Team

    ChallengeExample
    Lack of tier 1 supportStartup does not have a dedicated service desk to handle incidents and provide services to end users.
    Inefficient ticket handlingMTTR is very high and end users are frustrated with their issues not getting solved quickly. Even if they call service desk, they are put on hold for a long time. Due to these inefficiencies, their daily work is greatly impacted.
    Restricted service hoursCompany headquartered in Texas does not have resources to provide 24/7 IT service. When users in the East Asia branch have a laptop issue, they must wait until the next day to get response from IT. This has diminished their satisfaction.
    Restricted languagesCompany X is headquartered in New York. An end user not fluent in English from Madrid calls in for support. It takes five minutes for the agent to understand the issue and log a ticket.
    Ticket backlogIT is in firefighting mode, very busy with taking care of critical incidents and requests from upper management. Almost no one is committed to the SLA because of their limited availability.

    Brainstorm your challenges with the service desk. Why have you decided to outsource your service desk? Use the above table as a sample.

    1.1.2 Document benefits of outsourcing your service desk

    1 hour

    1. Review the challenges with your current service desk identified in activity 1.1.1.
    2. Discuss possible ways to tackle these challenges. Be specific and determine ways to resolve these issues if you were to do it internally.
    3. Determine potential benefits of outsourcing the service desk to IT, business, and end users.
    4. For each benefit, describe dependencies. For instance, to reduce the number of direct calls (benefit), users should have access to service desk as a single point of contact (dependency).
    5. Document this activity in the Service Desk Outsourcing Project Charter Template.

    Download the Project Charter Template

    Input

    • List of challenges with the current service desk from activity 1.1.1

    Output

    • Benefits of outsourcing the service desk

    Materials

    • Whiteboard/flip charts
    • Markers
    • Sticky notes
    • Laptops

    Participants

    • IT Director/CIO
    • Service Desk Manager
    • Service Desk Team
    • IT Managers

    Why should you not consider cost reduction as a primary incentive to outsourcing the service desk?

    Assume that some of the costs will not go away with outsourcing

    When you outsource, the vendor's staff tend to gradually become less effective as:

    • They are managed by metrics to reduce costs by escalating sooner, reducing talk time, and proposing questionable solutions.
    • Turnover results in new employees that get insufficient training.

    You must actively manage the vendor to identify and resolve these issues. Many organizations find that service desk management takes more time after they outsource.

    You need to keep spending on service desk management, and you may not get away from technology infrastructure spending.

    Info-Tech Insight

    In their first year, almost 42% of Info-Tech's clients do not get the real value of outsourcing services as expected. This iss primarily because of misalignment of organizational goals with outcomes of the outsourced services.

    Consider the hidden costs of outsourcing

    Expected Costs

    Unexpected Costs

    Example

    Transition CostsSeverance and staff retention
    • Cost to adapt to vendor standards
    • Training cost of vendor staff
    • Lost productivity
    • Format for requirements
    • Training report developers to work with vendor systems
    FeesPrice of the engagement
    • Extra fees for additional services
    • Extra charges for uploading data to cloud storage
    • Portal access
    Management CostsTime directing account
    • Time directly managing vendor staff
    • Checking deliverables for errors
    • Disputing penalty amounts
    Rework CostsDowntime, defect rate, etc. (quality metrics measured in SLAs)
    • Time spent adapting deliverables for unanticipated requirements
    • Time spent assuring the quality and usefulness of deliverables
    • Completing quality assurance and updating knowledgebase articles
    • Adapting reporting for presentation to stakeholders

    Determine strategies to avoid each hidden cost

    Costs related to transitioning into the engagementAdapting to standards and training costs

    Adapting to standards: Define the process improvements you will need to work with each potential vendor.

    Training costs for vendor staff: Reduce training costs by keeping the same vendor staff on all of your projects.

    Fee-related costs

    Fees for additional services (that you thought were included)

    Carefully review each proposed statement of work to identify and reduce extra fees. Understand why extra fees occur in the SLA, the contract, and the proposed statement of work, and take steps to protect yourself and the vendor.

    Management-related costs

    Direct management of vendor staff and dispute resolution

    Direct management of vendor staff: Avoid excessive management costs by defining a two-tier management structure on both sides of the engagement.

    Time spent resolving disputes: Avoid prolonged resolution costs by defining terms of divorce for the engagement up front.

    Rework costs

    Unanticipated requirements and integration with existing systems

    Unanticipated requirements: Use a two-stage process to define requirements, starting with business people and then with review by technical staff.

    Integration with existing systems: Obtain a commitment from vendors that deliverables will conform to standards at points of integration with your systems.

    Your outsourcing strategy should address the reasons you decided to outsource

    A clear vision of strategic objectives prior to entering an outsourcing agreement will allow you to clearly communicate these objectives to the Managed Service Provider (MSP) and use them as a contracted basis for the relationship.

    • Define the business' overall approach to outsourcing along with the priorities, rules, and principles that will drive the outsourcing strategy and every subsequent outsourcing decision and activity.
    • Define specific business, service, and technical goals for the outsourcing project and relevant measures of success.

    "People often don't have a clear direction around what they're trying to accomplish. The strategic goals should be documented. Is this a cost-savings exercise? Is it because you're deficient in one area? Is it because you don't have the tools or expertise to run the service desk yourself? Figure out what problem you're trying to solve by outsourcing, then build your strategy around that.
    – Jeremy Gagne, Application Support Delivery Manager, Allegis Group

    Most organizations are driven to consider outsourcing their service desk hoping to improve the following:

    • Ability to scale (train people and acquire skills)
    • Focus on core competencies
    • Decrease capital costs
    • Access latest technology without large investment
    • Resolve labor force constraints
    • Gain access to special expertise without paying a full salary
    • Save money overall

    Info-Tech Insight

    Use your goals and objectives as a management tool. Clearly outline your desired project outcomes to both your in-house team and the vendor during implementation and monitoring. It will allow a common ground to unite both parties as the project progresses.

    Mitigate pitfalls that lay in the way of desired outcomes of outsourcing

    Desired outcomePitfalls to overcome
    IT can focus on core competencies and strategic initiatives rather than break-fix tasks.Escalation to second- and third-level support usually increases when the first level has been outsourced. Outsourcers will have less experience with your typical incidents and will give up on trying to solve some issues more quickly than your internal level-one staff.
    Low outsourcing costs compared to the costs needed to employ internal employees in the same role. Due to lack of incentive to decrease ticket volume, costs are likely to increase. As a result, organizations often find themselves paying more overall for an outsourced service desk than if they had a few dedicated IT service desk employees in-house.
    Improved employee morale as a result of being able to focus on more interesting tasks.Management often expects existing employee morale to increase as a result of shifting their focus to core and strategic tasks, but the fear of diminished job security often spreads to the remaining non-level-one employees.

    1.1.3 Identify outsourcing vision and goals

    Identify the goals and objectives of outsourcing to inform your strategy.

    Participants: IT Director, Service Desk Manager, Service Desk Team

    1-2 hours

    1. Meet with key business stakeholders and the service desk staff who were involved in the decision to outsource.
    2. As a group, review the results from activity 1.1.1 (challenges with current service desk operations) and identify the goals and objectives of the outsourcing initiative.
    3. Determine the key performance indicator (KPI) for each goal.
    4. Identify the impacted stakeholder/s for each goal.
    5. Discuss checkpoint schedule for each goal to make sure the list stays updated.

    Use the sample table as a starting point:

    1. Document your table in the Service Desk Outsourcing Project Charter Template.
    IDGoal DescriptionKPIImpacted StakeholdersCheckpoint Schedule
    1Provide capacity to take calls outside of current service desk work hours
    • Decreased in time to response
    • Decreased time to resolve
    • IT Entire organization
    • Every month
    2Take calls in different languages
    • Improved service delivery in different geographical regions
    • Improved end-user satisfaction
    • End users
    • Every month
    3Provide field support at remote sites with no IT presence without having to fly out an employee
    • 40% faster incident resolution and request fulfillment
    • Entire organization
    • Every month
    4Improve ease of management by vendor helping with managing and optimizing service desk tasks
    • Improved service management efficiency
    • Entire organization
    • Every 3 months

    Download the Project Charter Template

    Evaluate organizational demographics to assess outsourcing rationale

    The size, complexity, and maturity of your organization are good indicators of service desk direction with regards to outsourcing.

    Organization Size

    • As more devices, applications, systems, and users are added to the mix, vendor costs will increase but their ability to meet business needs will decrease.
    • Small organizations are often either rejected by vendors for being too small or locked into a contract that is overkill for their actual needs (and budget).

    Complexity

    • Highly customized environments and organizations with specialized applications or stringent regulatory requirements are very difficult to outsource for a reasonable cost and acceptable quality.
    • In these cases, the vendor is required to train skilled support or ends up escalating more tickets back to second- and third-level support.

    Requirements

    • Organizations looking to outsource must have defined outsourcing requirements before looking at vendors.
    • Without a requirement assessment, the vendor won't have guidelines to follow and you won't be able to measure their adherence.

    Info-Tech Insight

    Although less adherence to service desk best practices can be one of the main incentives to outsourcing the service desk, IT should have minimal processes in place to be able to set expectations with targeting vendors.

    1.1.4 Prioritize service desk outsourcing goals to help structure mission statement

    0.5-1 hour

    The evaluation process for outsourcing the service desk should be done very carefully. Project leaders should make sure they won't panic internal resources and impact their performance through the transition period.

    If the outsourcing process is rushed, it will result in poor evaluation, inefficient decision making, and project failure.

    1. Refer to results in activity 1.1.3. Discuss the service desk outsourcing goals once again.
    2. Brainstorm the most important objectives. Use sticky notes to prioritize the items from the most important to the least important.
    3. Edit the order accordingly.

    Input

    • Project goals from activity 1.1.3

    Output

    • Prioritized list of outsourcing goals

    Materials

    • Whiteboard/flip charts
    • Markers
    • Sticky notes
    • Laptops

    Participants

    • IT Director/CIO
    • Service Desk Manager
    • Service Desk Team
    • IT Managers

    Download the Project Charter Template

    1.1.5 Craft a mission statement that demonstrates your decision to reach outsourcing objectives

    Participants: IT Director, Service Desk Manager

    0.5-1 hour

    The IT mission statement specifies the function's purpose or reason for being. The mission should guide each day's activities and decisions. The mission statement should use simple and concise terminology and speak loudly and clearly, generating enthusiasm for the organization.

    Strong IT mission statements:

    • Articulate the IT function's purpose and reason for existence
    • Describe what the IT function does to achieve its vision
    • Define the customers of the IT function
    • Can be described as:
      • Compelling
      • Easy to grasp
      • Sharply focused
      • Inspirational
      • Memorable
      • Concise

    Sample mission statements:

    • To help fulfill organizational goals, IT has decided to empower business stakeholders with outsourcing the service desk.
    • To support efficient IT service provision, better collaboration, and effective communication, [Company Name] has decided to outsource the service desk.
    • [Company Name] plans to outsource the service desk so it can identify bottlenecks and inefficiencies with current service desk processes and enable [Company Name] to innovate and support business growth.
    • Considering the goals and benefits determined in the previous activities, outline a mission statement.
    • Document your outsourcing mission statement in the "Project Overview" section of the Project Charter Template.

    Download the Project Charter Template

    Step 1.2

    Assess outsourcing feasibility

    Activities

    1.2.1 Create a baseline of customer experience

    1.2.2 Identify service desk processes to outsource

    1.2.3 Design an outsourcing decision matrix for service desk processes and services

    1.2.4 Discuss if you need to outsource only service desk or if additional services would benefit from outsourcing too

    Define the goal

    This step requires the following inputs:

    • List of service desk tasks and responsibilities

    This step involves the following participants:

    • CIO
    • IT Leadership
    • Service Desk Manager
    • Infrastructure Manager

    Outcomes of this step

    • End-user satisfaction with the service desk
    • List of processes and services to outsource

    1.2.1 Create a baseline of customer experience

    Solicit targeted department feedback on IT's core service capabilities, communications, and business enablement from end users. Use this feedback to assess end-user satisfaction with each service, broken down by department and seniority level.

    1. Complete an end-user satisfaction survey to define the current state of your IT services, including service desk (timeliness and effectiveness). With Info-Tech's end-user satisfaction program, an analyst will help you set up the diagnostic and will go through the report with you.
    2. Evaluate survey results.
    3. Communicate survey results with team leads and discuss the satisfaction rates and comments of the end users.
    4. Schedule to launch another survey one year after outsourcing the service desk.
    5. Your results will be compared to the following year's results to analyze the overall success/failure of your outsourcing project.

    A decrease of business and end-user satisfaction is a big drive to outsourcing the service desk. Conduct a customer service survey to discover your end-user experience prior to and after outsourcing the service desk.

    Don't get caught believing common misconceptions: outsourcing doesn't mean sending away all the work

    First-time outsourcers often assume they are transferring most of the operations over to the vendor, but this is often not the case.

    1. Management of performance, SLAs, and customer satisfaction remain the responsibility of your organization.
    2. Service desk outsource vendors provide first-line response. This includes answering the phones, troubleshooting simple problems, and redirecting requests that are more complex.
    3. The vendor is often able to provide specialized support for standard applications (and for customized applications if you'll pay for it). However, the desktop support still needs someone onsite, and that service is very expensive to outsource.
    4. Tickets that are focused on custom applications and require specialized or advanced support are escalated back to your organization's second- and third-level support teams.

    Switching to a vendor won't necessarily improve your service desk maturity

    You should have minimal requirements before moving.

    Whether managing in-house or outsourcing, it is your job to ensure core issues have been clarified, processes defined, and standards maintained. If your processes are ad-hoc or non-existent right now, outsourcing won't fix them.

    You must have the following in place before looking to outsource:

    • Defined reporting needs and plans
    • Formalized skill-set requirements
    • Problem management and escalation guidelines
    • Ticket templates and classification rules
    • Workflow details
    • Knowledge base standards

    Info-Tech Insight

    If you expect your problems to disappear with outsourcing, they might just get worse.

    Define long-term requirements

    Anticipate growth throughout the lifecycle of your outsourcing contract and build that into the RFP

    • Most outsourcing agreements typically last three to five years. In that time, you risk outgrowing your service provider by neglecting to define your long-term service desk requirements.
    • Outgrowing your vendor before your contract ends can be expensive due to high switching costs. Managing multiple vendors can also be problematic.
    • It is crucial to define your service desk requirements before developing a request for proposal to make sure the service you select can meet your organization's needs.
    • Make sure that the business is involved in this planning stage, as the goals of IT need to scale with the growth strategy of the business. You may select a vendor with no additional capacity despite the fact that your organization has a major expansion planned to begin two years from now. Assessing future requirements also allows you to culture match with the vendor. If your outlooks and practices are similar, the match will likely click.

    Info-Tech Insight

    Don't select a vendor for what your company is today – select a vendor for what your company will be years from now. Define your future service desk requirements in addition to your current requirements and leave room for growth and development.

    You can't outsource everything

    Manage the things that stay in-house well or suffer the consequences.

    "You can't outsource management; you can only outsource supervision." Barry Cousins, Practice Lead, Info-Tech Research Group

    What can be the vendor in charge of?

    What stays in-house?

    • Call and email answering
    • Ongoing daily ticket creation and tracking
    • Tier 1 support
    • Internal escalation to Level 2 support
    • External escalation to specialized Level 2 and Level 3 support
    • Knowledge base article creation
    • Service desk-related hardware acquisition and maintenance
    • Service desk software acquisition and maintenance
    • Security and access management
    • Disaster recovery
    • Staff acquisition
    • Facilities
    • The role of the Service Desk Manager
    • Skills and training standards
    • Document standardization
    • Knowledge base quality assurance and documentation standardization
    • Self-service maintenance, promotion, and ownership
    • Short and long-term tracking of vendor performance

    Info-Tech Insight

    The need for a Service Desk Manager does not go away when you outsource. In fact, the need becomes even stronger and never diminishes.

    Assess current service desk processes before outsourcing

    Process standards with areas such as documentation, workflow, and ticket escalation should be in place before the decision to outsource has been made.

    Every effective service desk has a clear definition of the services that they are performing for the end user. You can't provide a service without knowing what the services are.

    MSPs typically have their own set of standards and processes in play. If your service desk is not at a similar level of maturity, outsourcing will not be pleasant.

    Make sure that your metrics are reported consistently and that they tell a story.

    "Establish baseline before outsourcing. Those organizations that don't have enough service desk maturity before outsourcing should work with the outsourcer to establish the baseline."
    – Yev Khobrenkov, Enterprise Consultant, Solvera Solutions

    Info-Tech Insight

    Outsourcing vendors are not service desk builders; they're service desk refiners. Switching to a vendor won't improve your maturity; you must have a certain degree of process maturity and standardization before moving.

    Case Study

    INDUSTRY: Cleaning Supplies

    SOURCE: PicNet

    Challenge

    • Reckitt Benckiser of Australia determined that its core service desk needed to be outsourced.
    • It would retain its higher level service desk staff to work on strategic projects.
    • The MSP needed to fulfill key requirements outlined by Reckitt Benckiser.

    Solution

    • Reckitt Benckiser recognized that its rapidly evolving IT needs required a service desk that could fulfill the following tasks:
    • Free up internal IT staff.
    • Provide in-depth understanding of business apps.
    • Offer efficient, cost-effective support onsite.
    • Focus on continual service improvement (CSI).

    Results

    • An RFP was developed to support the outsourcing strategy.
    • With the project structure outlined and the requirements of the vendor for the business identified, Reckitt Benckiser could now focus on selecting a vendor that met its needs.

    1.2.1 Identify service desk processes to outsource

    2-3 hours

    Review your prioritized project goals from activity 1.1.4.

    Brainstorm requirements and use cases for each goal and describe each use case. For example: To improve service desk timeliness, IT should improve incident management, to resolve incidents according to the defined SLA and based on ticket priority levels.

    Discuss if you're outsourcing just incident management or both incident management and request fulfillment. If both, determine what level of service requests will be outsourced? Will you ask the vendor to provide a service catalog? Will you outsource self-serve and automation?

    Document your findings in the service desk outsourcing requirements database library.

    Input

    • Outsourcing project goals from activity 1.1.4

    Output

    • List of processes to outsource

    Materials

    • Sticky notes
    • Markers
    • Whiteboard/flip charts
    • Laptops

    Participants

    • IT Director/CIO
    • Service Desk Manager
    • Service Desk Team

    Download the Requirements Database Library

    1.2.2 Design an outsourcing decision matrix for service desk processes and services

    Participants: IT Director, Service Desk Manager, Infrastructure manager

    2-3 hours

    Most successful service desk outsourcing engagements have a primary goal of freeing up their internal resources to work on complex tasks and projects. The key outsourcing success factor is to find out internal services and processes that are standardized or should be standardized, and then determine if they can be outsourced.

    1. Review the list of identified service desk processes from activity 1.2.1.
    2. Discuss the maturity level of each process (low, medium, high) and document under the maturity column of the Outsource the Service Desk Requirements Database Library.
    3. Use the following decision matrix for each process. Discuss which tasks are important to strategic objectives, which ones provide competitive advantage, and which ones require specialized in-house knowledge.
    4. Identify processes that receive high vendor's performance advantage. For instance, access to talent, lower cost at scale, and access to technology.
    5. In your outsourcing assessment, consider a narrow scope of engagement and a broad view of what is important to business outcome.
    6. Based on your findings, determine the priority of each process to be outsourced. Document results in the service desk outsourcing requirements database library, and section 4.1 of the service desk outsourcing project charter.
    • Important to strategic objectives
    • Provides competitive advantage
    • Specialized in-house knowledge required

    This is an image of a quadrant analysis, where the X axis is labeled Vendor's Performance Advantage, and the Y axis is labeled Importance to Business Outcomes.

    • Talent/access to skills
    • Economies of scale/lower cost at scale
    • Access to technology

    Download the Requirements Database Library

    Download the Project Charter Template

    Maintain staff and training: you need to know who is being hired, how, and why

    Define documentation rules to retain knowledge

    • Establish a standard knowledge article template and list of required information.
    • Train staff on the requirements of knowledge base creation and management. Help them understand the value of the time spent recording their work.
    • It is your responsibility to assure the quality of each knowledge article. Outline accountabilities for internal staff and track for performance evaluations.

    For information on better knowledge management, refer to Info-Tech's blueprint Optimize the Service Desk With a Shift-Left Strategy.

    Expect to manage stringent skills and training standards

    • Plan on being more formal about a Service Manager position and spending more time than you allocated previously.
    • Complete a thorough assessment of the skills you need to keep the service desk running smoothly.
    • Don't forget to account for any customized or proprietary systems. How will you train vendor staff to accommodate your needs? What does their turnaround look like: would it be more likely that you acquire a dependable employee in-house?
    • Staffing requirements need to be actively monitored to ensure the outsourcer doesn't have degradation of quality or hiring standards. Don't assume that things run well – complete regular checks and ask for access to audit results.
    • Are the systems and data being accessed by the vendor highly sensitive or subject to regulatory requirements? If so, it is your job to ensure that vendor staff are being screened appropriately.

    Does your service desk need to integrate to other IT services?

    A common challenge when outsourcing multiple services to more than one vendor is a lack of collaboration and communication between vendors.

    • Leverage SIAM capabilities to integrate service desk tasks to other IT services, if needed.
    • "Service Integration and Management (SIAM) is a management methodology that can be applied in an environment that includes services sourced from a number of service providers" (Scopism Limited, 2020).
    • SIAM supports cross-functional integrations. Organizations that look for a single provider will be less likely to get maximum benefits from SIAM.

    There are three layers of entities in SIAM:

    • Customer Organization: The customer who receives services, who defines the relationship with service providers.
    • Service Integrator: End-to-end service governance and integration is done at this layer, making sure all service providers are committed to their services.
    • Service Provider: Responsible party for service delivery according to contract. It can be combination of internal provider, managed by internal agreements, and external provider, managed by SLAs between providers and customer organization.

    Use SIAM to obtain better results from multiple service providers

    In the SIAM model, the customer organization keeps strategic, governance, and business activities, while integrating other services (either internally or externally).

    This is an image of the SIAM model

    SIAM Layers. Source: SIAM Foundation BoK

    Utilize SIAM to obtain better results from multiple service providers

    SIAM reduces service duplication and improves service delivery via managing internal and external service providers.

    To utilize the SIAM model, determine the following components:

    • Service providers
    • Service consumers
    • Service outcomes
    • Service obstacles and boundaries
    • Service dependencies
    • Technical requirements and interactions for each service
    • Service data and information including service levels

    To learn more about adopting SIAM, visit Scopism.

    1.2.3 Discuss if you need to outsource only service desk or if additional services would benefit from outsourcing too

    1-2 hours

    • Discuss principles and goals of SIAM and how integrating other services can apply within your processes.
    • Review the list of service desk processes and tasks to be outsourced from activities 1.2.1 and 1.2.2.
    • Brainstorm a list of other services that are outsourced/need to be outsourced.
    • Determine providers of each service (both internal and external). Document the other services to be integrated in the project charter template and requirements database library.

    Input

    • SIAM objectives
    • List of service desk processes to outsource

    Output

    • List of other services to outsource and integrate in the project

    Materials

    • Sticky notes
    • Markers
    • Whiteboard/flip charts
    • Laptops

    Participants

    • IT Director/CIO
    • Service Desk Manager
    • Service Desk Team

    Download the Requirements Database Library

    Download the Project Charter Template

    Establish requirements for problem management in the outsourcing plan

    Your MSP should not just fulfill SLAs – they should be a proactive source of value.

    Problem management is a group effort. Make sure your internal team is assisted with sufficient and efficient data by the outsourcer to conduct a better problem management.

    Clearly state your organization's expectations for enabling problem management. MSPs may not necessarily need, and cannot do, problem management; however, they should provide metrics to help you discover trends, define recurring issues, and enable root cause analysis.

    For more information on problem management, refer to Info-Tech's blueprint Improve Incident and Problem Management.

    PROBLEM MANAGEMENT

    INCIDENT MANAGEMENT

    INTAKE: Ticket data from incident management is needed for incident matching to identify problems. Critical Incidents are also a main input to problem management.

    EVENT MANAGEMENT

    INTAKE: SMEs and operations teams monitoring system health events can identify indicators of potential future issues before they become incidents.

    APPLICATION, INFRASTRUCTURE, and SECURITY TEAMS

    ACTION: Problem tickets require investigation from relevant SMEs across different IT teams to identify potential solutions or workarounds.

    CHANGE MANAGEMENT

    OUTPUT: Problem resolution may need to go through Change Management for proper authorization and risk management.

    Outline problem management protocols to gain value from your service provider

    • For example, with a deep dive into ticket trend analysis, your MSP should be able to tell you that you've had a large number of tickets on a particular issue in the past month, allowing you to look into means to resolve the issue and prevent it from reoccurring.
    • A proactive MSP should be able to help your service levels improve over time. This should be built into the KPIs and metrics you ask for from the outsourcer.

    Sample Scenario

    Your MSP tracks ticket volume by platform.

    There are 100 network tickets/month, 200 systems tickets/month, and 5,000 end-user tickets/month.

    Tracking these numbers is a good start, but the real value is in the analysis. Why are there 5,000 end-user tickets? What are the trends?

    Your MSP should be providing a monthly root-cause analysis to help improve service quality.

    Outcomes:

    1. Meeting basic SLAs tells a small part of the story. The MSP is performing well in a functional sense, but this doesn't shed any insight on what kind of knowledge or value is being added.
    2. The MSP should provide routine updates on ticket trends and other insights gained through data analysis.
    3. A commitment to continual improvement will provide your organization with value throughout the duration of the outsourcing agreement.

    Phase 2

    Design an Outsourcing Strategy

    Define the goal

    Design an outsourcing strategy

    Develop an RFP and make a long-term relationship

    1.1 Identify goals and objectives

    1.2 Assess outsourcing feasibility

    2.1 Identify project stakeholders

    2.2 Outline potential risks and constraints

    3.1 Prepare a service overview and responsibility matrix

    3.2 Define your approach to vendor relationship management

    3.3 Manage the outsource relationship

    This phase will walk you through the following activities:

    • Identify roles and responsibilities
    • Determine potential risks of outsourcing the service desk
    • Build a list of metrics

    This phase involves the following participants:

    • Service Desk Team
    • IT Leadership

    Define requirements for outsourcing service desk support

    Step 2.1

    Identify project stakeholders

    Activity

    2.1.1 Identify internal outsourcing roles and responsibilities

    Design an Outsourcing Strategy

    This step requires the following inputs:

    • List of service desk roles
    • Service desk outsourcing goals

    This step involves the following participants:

    • IT Managers
    • Project Team
    • Service Desk Manager

    Outcome of this step

    • Outsourcing roles and responsibilities

    Design an outsourcing strategy to capture the vision of your service desk

    An outsourcing strategy is crucial to the proper accomplishment of an outsourcing project. By taking the time to think through your strategy beforehand, you will have a clear idea of your desired outcomes. This will make your RFP of higher quality and will result in a much easier negotiation process.

    Most MSPs are prepared to offer a standard proposal to clients who do not know what they want. These are agreements that are doomed to fail. A clearly defined set of goals (discussed in Phase 1), risks, and KPIs and metrics (covered in this phase) makes the agreement more beneficial for both parties in the long run.

    1. Identify goals and objectives
    2. Determine mission statement
    3. Define roles and responsibilities
    4. Identify risks and constraints
    5. Define KPIs and metrics
    6. Complete outsourcing strategy

    A successful outsourcing initiative depends on rigorous preparation

    Outsourcing is a garbage in, garbage out initiative. You need to give your service provider the information they need to provide an effective product.

    • Data quality is critical to your outsourcing initiative's success.
    • Your vendor will be much better equipped to help you and to better price its services if it has a thorough understanding of your IT environment.
    • This means more than just building a catalog of your hardware and software. You will need to make available documented policies and processes so you and your vendor can understand where they fit in.
    • Failure to completely document your environment can lead to a much longer time to value as your provider will have to spend much more time (and thus much more money) getting their service up and running.

    "You should fill the gap before outsourcing. You should make sure how to measure tickets, how to categorize, and what the cost of outsourcing will be. Then you'll be able to outsource the execution of the service. Start your own processes and then outsource their execution."
    – Kris Krishan, Head of IT and business systems, Waymo

    Case Study

    Digital media company built an outsourcing strategy to improve customer satisfaction

    INDUSTRY: Digital Media

    SOURCE: Auxis

    Challenge

    A Canadian multi-business company with over 13,000 employees would like to maintain a growing volume of digital content with their endpoint management.

    The client operated a tiered model service desk. Tier 1 was outsourced, and tier 2 tasks were done internally, for more complex tasks and projects.

    As a result of poor planning and defining goals, the company had issues with:

    • Low-quality ticket handling
    • High volume of tickets escalated to tier 2, restraining them from working on complex tickets
    • High turn over and a challenge with talent retention
    • Insufficient documentation to train external tier 1 team
    • Long resolution time and low end-user satisfaction

    Solution

    The company structured a strategy for outsourcing service desk and defined their expectations and requirements.

    They engaged with another outsourcer that would fulfill their requirements as planned.

    With the help of the outsourcer's consulting team, the client was able to define the gaps in their existing processes and system to:

    • Implement a better ticketing system that could follow best-practices guidelines
    • Restructure the team so they would be able to handle processes efficiently

    Results

    The proactive planning led to:

    • Significant improvement in first call resolution (82%).
    • MTTR improvement freed tier 2 to focus on business strategic objectives and allowed them to work on higher-value activities.
    • With a better strategy around outsourcing planning, the company saved 20% of cost compared to the previous outsourcer.
    • As a result of this partnership, the company is providing a 24/7 structure in multiple languages, which is aligned with the company's growth.
    • Due to having a clear strategy built for the project, the client now has better visibility into metrics that support long-term continual improvement plans.

    Define roles and responsibilities for the outsourcing transition to form the base of your outsourcing strategy

    There is no "I" in outsource; make sure the whole team is involved

    Outsourcing is a complete top-to-bottom process that involves multiple levels of engagement:

    • Management must make high-level decisions about staffing and negotiate contract details with the vendor.
    • Service desk employees must execute on the documentation and standardization of processes in an effort to increase maturity.
    • Roles and responsibilities need to be clearly defined to ensure that all aspects of the transition are completed on time.
    • Implement a full-scale effort that involves all relevant staff. The most common mistake is to have the project design follow the same top-down pattern as the decision-making process.

    Info-Tech Insight

    The service desk doesn't operate in isolation. The service desk interfaces with many other parts of the organization (such as finance, purchasing, field support, etc.), so it's important to ensure you engage stakeholders from other departments as well. If you only engage the service desk staff in your discussions around outsourcing strategy and RFP development, you may miss requirements that will come up when it's too late.

    2.1.1 Identify internal outsourcing roles and responsibilities

    2 hours

    1. The sample RACI chart in section 5 of the Project Charter Template outlines which positions are responsible, accountable, consulted, and informed for each major task within the outsourcing project.
    2. Responsible, is the group that is responsible for the execution and oversight of activities for the project. Accountable is the owner of the task/process, who is accountable for the results and outcomes. Consulted is the subject matter expert (SME) who is actively involved in the task/process and consulted on decisions. Informed is not actively involved with the task/process and is updated about decisions around the task/process.
    3. Make sure that you assign only one person as accountable per process. There can be multiple people responsible for each task. Consulted and Informed are optional for each task.
    4. Complete the RACI chart with recommended participants, and document in your service desk outsourcing project charter, under section 5.

    Input

    • RACI template
    • Org chart

    Output

    • List of roles and responsibilities for outsource project

    Materials

    • Whiteboard/flip charts
    • Markers
    • Laptops

    Participants

    • IT Director/CIO
    • Service Desk Manager
    • Service Desk Team

    Download the Project Charter Template

    Step 2.2

    Outline potential risks and constraints

    Activities

    2.2.1 Identify potential risks and constraints that may impact achievement of objectives

    2.2.2 Arrange groups of tension metrics to balance your reporting

    Design an Outsourcing Strategy

    This step will walk you through the following activities:

    • Outsourcing objectives
    • Potential risks

    This step involves the following participants:

    • IT Managers
    • Project Team
    • Service Desk Manager

    Outcomes of this step

    • Mitigation strategy for each risk
    • Service desk metrics

    Know your constraints to reduce surprises during project implementation

    No service desk is perfect; know your limits and plan accordingly

    Define your constraints to outsourcing the service desk.

    Consider all types of constraints and opportunities, including:

    • Business forces
    • Economic cycles
    • Disruptive tech
    • Regulation and compliance issues
    • Internal organizational issues

    Within the scope of a scouring decision, define your needs and objectives, measure those as much as possible, and compare them with the "as-is" situation.

    Start determining what alternative approaches/scenarios the organization could use to fill the gaps. Start a comparison of scenarios against drivers, goals, and risks.

    Constraints

    Goals and objectives

    • Budget
    • Maturity
    • Compliance
    • Regulations
    • Outsourcing Strategy

    Plan ahead for potential risks that may impede your strategy

    Risk assessment must go hand-in-hand with goal and objective planning

    Risk is inherent with any outsourcing project. Common outsourcing risks include:

    • Lack of commitment to the customer's goals from the vendor.
    • The distraction of managing the relationship with the vendor.
    • A perceived loss of control and a feeling of over-dependence on your vendor.
    • Managers may feel they have less influence on the development of strategy.
    • Retained staff may feel they have become less skilled in their specialist field.
    • Unanticipated expenses that were assumed to be offered by the vendor.
    • Savings only result from high capital investment in new projects on the part of the customer.

    Analyze the risks associated with a specific scenario. This analysis should identify and understand the most common sourcing and vendor risks using a risk-reward analysis for selected scenarios. Use tools and guidelines to assess and manage vendor risk and tailor risk evaluation criteria to the types of vendors and products.

    Info-Tech Insight

    Plan for the worst to prevent it from happening. Evaluating risk should cover a wide variety of scenarios including the worst possible cases. This type of thinking will be crucial when developing your exit strategy in a later exercise.

    2.2.1 Identify potential risks and constraints that may impact achievement of objectives

    1-3 hours

    1. Brainstorm any potential risks that may arise through the outsourcing project. Describe each risk and categorize both its probability of occurring and impact on the organization as high (H), medium (M), or low (L), using the table below:
    Risk Description

    Probability(H/M/L)

    Impact(H/M/L)Planned Mitigation
    Lack of documentationMMUse cloud-based solution to share documents.
    Knowledge transferLMDetailed knowledge-sharing agreement in place in the RFP.
    Processes not followedLHClear outline and definition of current processes.
    1. Identify any constraints for your outsourcing strategy that may restrict, limit, or place certain conditions on the outsourcing project.
      • This may include budget restrictions or staffing limitations.
      • Identifying constraints will help you be prepared for risks and will lessen their impact.
    2. Document risks and constraints in section 6 of the Service Desk Outsourcing Project Charter Template.

    Input

    • RACI template
    • Org chart

    Output

    • List of roles and responsibilities for outsource project

    Materials

    • Whiteboard/flip charts
    • Markers

    Participants

    • IT Director/CIO
    • Service Desk Manager
    • Service Desk Team

    Download the Project Charter Template

    Define service tiers and roles to develop clear vendor SLAs

    Management of performance, SLAs, and customer satisfaction remain the responsibility of your organization.

    Define the tiers and/or services that will be the responsibility of the MSP, as well as escalations and workflows across tiers. A sample outsourced structure is displayed here:

    External Vendor

    Tickets beyond the scope of the service desk staff need to be escalated back to the vendor responsible for the affected system.

    Tier 3

    Tickets that are focused on custom applications and require specialized or advanced support are escalated back to your organization's second- and third-level support teams.

    Tier 2

    The vendor is often able to provide specialized support for standard applications. However, the desktop support still needs someone onsite as that service is very expensive to outsource.

    Tier 1

    Service desk outsource vendors provide first-line response. This includes answering the phones, troubleshooting simple problems, and redirecting requests that are more complex.

    Info-Tech Insight

    If you outsource everything, you'll be at the mercy of consultancy or professional services shops later on. You won't have anyone in-house to help you deploy anything; you're at the mercy of a consultant to come in and tell you what to do and how much to spend. Keep your highly skilled people in-house to offset what you'd have to pay for consultancy. If you need to repatriate your service desk later on, you will need skills in-house to do so.

    Don't become obsessed with managing by short-term metrics – look at the big picture

    "Good" metric results may simply indicate proficient reactive fixing; long-term thinking involves implementing proactive, balanced solutions.

    KPIs demonstrate that you are running an effective service desk because:

    • You close an average of 300 tickets per week
    • Your first call resolution is above 90%
    • Your talk time is less than five minutes
    • Surveys reveal clients are satisfied

    While these results may appear great on the surface, metrics don't tell the whole story.

    The effort from any support team seeks to balance three elements:

    FCR: Time; Resources; Quality

    First-Contact Resolution (FCR) Rate

    Percentage of tickets resolved during first contact with user (e.g. before they hang up or within an hour of submitting ticket). Could be measured as first-contact, first-tier, or first-day resolution.

    End-User Satisfaction

    Perceived value of the service desk measured by a robust annual satisfaction survey of end users and/or transactional satisfaction surveys sent with a percentage of tickets.

    Ticket Volume and Cost Per Ticket

    Monthly operating expenses divided by average ticket volume per month. Report ticket volume by department or ticket category, and look at trends for context.

    Average Time to Resolve (incidents) or Fulfill (service requests)

    Time elapsed from when a ticket is "open" to "resolved." Distinguish between ticket resolution vs. closure, and measure time for incidents and service requests separately.

    Focus on tension metrics to achieve long-term success

    Tension metrics help create a balance by preventing teams from focusing on a single element.

    For example, an MSP built incentives around ticket volume for their staff, but not the quality of tickets. As a result, the MSP staff rushed through tickets and gamed the system while service quality suffered.

    Use metrics to establish baselines and benchmarking data:

    • If you know when spikes in ticket volumes occur, you can prepare to resource more appropriately for these time periods
    • Create KB articles to tackle recurring issues and assist tier 1 technicians and end users.
      • Employ a root cause analysis to eliminate recurring tickets.

    "We had an average talk time of 15 minutes per call and I wanted to ensure they could handle those calls in 15 minutes. But the behavior was opposite, [the vendor] would wrap up the call, transfer prematurely, or tell the client they'd call them back. Service levels drive behavior so make sure they are aligned with your strategic goals with no unintended consequences."
    – IT Services Manager, Banking

    Info-Tech Insight

    Make sure your metrics work cooperatively. Metrics should be chosen that cause tension on one another. It's not enough to rely on a fast service desk that doesn't have a high end-user satisfaction rate or runs at too high a cost; there needs to be balance.

    2.2.2 Arrange groups of tension metrics to balance your reporting

    1-3 hours

    1. Define KPIs and metrics that will be critical to service desk success.
    2. Distribute sticky notes of different colors to participants around the table.
    3. Select a space to place the sticky notes – a table, whiteboard, flip chart, etc. – and divide it into three zones.
    4. Refer to your defined list of goals and KPIs from activity 1.1.3 and discuss metrics to fulfill each KPI. Note that each goal (critical success factor, CSF) may have more than one KPI. For instance:
      1. Goal 1: Increase end-user satisfaction; KPI 1: Improve average transactional survey score. KPI 2: Improve annual relationship survey score.
      2. Goal 2: Improve service delivery; KPI 1: Reduce time to resolve incidents. KPI 2: Reduce time to fulfill service requests.
    5. Recall that tension metrics must form a balance between:
      1. Time
      2. Resources
      3. Quality
    6. Record the results in section 7 of the Service Desk Outsourcing Project Charter Template.

    Input

    • Service desk outsourcing goals
    • Service desk outsourcing KPIs

    Output

    • List of service desk metrics

    Materials

    • Whiteboard/flip charts
    • Sticky notes
    • Markers
    • Laptops

    Participants

    • Project Team
    • Service Desk Manager

    Download the Project Charter Template

    Phase 3

    Develop an RFP and make a long-term relationship

    Define the goal

    Design an outsourcing strategy

    Develop an RFP and make a long-term relationship

    1.1 Identify goals and objectives

    1.2 Assess outsourcing feasibility

    2.1 Identify project stakeholders

    2.2 Outline potential risks and constraints

    3.1 Prepare a service overview and responsibility matrix

    3.2 Define your approach to vendor relationship management

    3.3 Manage the outsource relationship

    This phase will walk you through the following activities:

    • Build your outsourcing RFP
    • Set expectations with candidate vendors
    • Score and select your vendor
    • Manage your relationship with the vendor

    This phase involves the following participants:

    • CIO
    • Service Desk Manager
    • IT Managers
    • Project Managers

    Define requirements for outsourcing service desk support

    Step 3.1

    Prepare a service overview and responsibility matrix

    Activities

    3.1.1 Evaluate your technology, people, and process requirements

    3.1.2 Outline which party will be responsible for which service desk processes

    This step requires the following inputs:

    • Service desk processes and requirements

    This step involves the following participants:

    • CIO
    • Service Desk Manager
    • IT Managers
    • Project Managers

    Outcomes of this step

    • Knowledge management and technology requirements
    • Self-service requirements

    Develop an RFP and make a long-term relationship

    Create a detailed RFP to ensure your candidate vendor will fulfill all your requirements

    At its core, your RFP should detail the outcomes of your outsourcing strategy and communicate your needs to the vendor.

    The RFP must cover business needs and the more detailed service desk functions required. Many enterprises only consider the functionality they need, while ignoring operational and selection requirements.

    Negotiate a supply agreement with the preferred outsourcer for delivery of the required services. Ensure your RFP covers:

    1. Service specification
    2. Service levels
    3. Roles and responsibilities
    4. Transition period and acceptance
    5. Prices, payment, and duration
    6. Agreement administration
    7. Outsourcing issues

    In addition to defining your standard requirements, don't forget to take into consideration the following factors when developing your RFP:

    • Employee onboarding and hardware imaging for new users
    • Applications you need current and future support for
    • Reporting requirements
    • Self-service options
    • Remote support needs and locations

    Although it may be tempting, don't throw everything over the wall at your vendor in the RFP. Evaluate your service desk functions in terms of quality, cost effectiveness, and the value provided from the vendor. Organizations should only outsource functions that the vendor can operate better, faster, or cheaper.

    Info-Tech Insight

    Involve the right stakeholders in developing your RFP, not just service desk. If only service desk is involved in RFP discussion, the connection between tier 1 and specialists will be broken, as some processes are not considered from IT's point of view.

    Identify ITSM solution requirements

    Your vendor probably uses a different tool to manage their processes; make sure its capabilities align with the vision of your service desk.

    Your service desk and outsourcing strategy were both designed with your current ITSM solution in mind. Before you hand the reins to an MSP, it is crucial that you outline how your current ITSM solution is being used in terms of functionality.

    Find out if it's better to have the MSP use their own ITSM tools or your ITSM solution.

    Benefits of operating within your own ITSM while outsourcing the service desk:

    Disadvantages of using your own ITSM while outsourcing the service desk:

    • If you provide the service catalog, it's easier to control your ITSM tool yourself.
    • Using your own ITSM and giving access to the outsourcer will allow you to build your dashboard and access your operational metrics rather than relying on the MSP to provide you with metrics.
    • Usage of the current tool may be extended across multiple departments, so it may be in the best interest of your business to have the vendor adopt usage of the current tool.
    • While many ITSM solutions have similar functions, innate differences do exist between them. Outsourcers mostly want to operate in their own ticketing solution. As other departments besides IT may be using the service management tool, you will need to have the same tool across the organization. This makes purchasing the new ITSM license very expensive, unless you operate in the same ITSM as the outsourcer.
    • You need your vendor to be able to use the system you have in order to meet your requirements, which will limit your options in the market.
    • If the outsourcer is using your ITSM, you should provide training to them.

    Info-Tech Insight

    Defining your tool requirements can be a great opportunity to get the tool functionality you always wanted. Many MSPs offer enterprise-level ITSM tools and highly mature processes that may tempt you to operate within their ITSM environment. However, first define your goals for such a move, as well as pros and cons of operating in their service management tool to weigh if its benefits overweigh its downfalls.

    Case Study

    Lone Star College learned that it's important to select a vendor whose tool will work with your service desk

    INDUSTRY: Education

    SOURCE: ServiceNow

    Challenge

    Lone Star College has an end-user base of over 100,000 staff and students.

    The college has six campuses across the state of Texas, and each campus was using its own service desk and ITSM solution.

    Initially, the decision was to implement a single ITSM solution, but organizational complexity prevented that initiative from succeeding.

    A decision was made to outsource and consolidate the service desks of each of the campuses to provide more uniform service to end users.

    Solution

    Lone Star College selected a vendor that implemented FrontRange.

    Unfortunately, the tool was not the right fit for Lone Star's service and reporting needs.

    After some discussion, the outsourcing vendor made the switch to ServiceNow.

    Some time later, a hybrid outsourced model was implemented, with Lone Star and the vendor combining to provide 24/7 support.

    Results

    The consolidated, standardized approach used by Lone Star College and its vendor has created numerous benefits:

    • Standardized reporting
    • High end-user satisfaction
    • All SLAs are being met
    • Improved ticket resolution times
    • Automated change management.

    Lone Star outsourced in order to consolidate its service desks quickly, but the tools didn't quite match.

    It's important to choose a tool that works well with your vendor's, otherwise the same standardization issues can persist.

    Design your RFP to help you understand what the vendor's standard offerings are and what it is capable of delivering

    Your RFP should be worded in a way that helps you understand what your vendor's standard offerings are because that's what they're most capable of delivering. Rather than laying out all your requirements in a high level of detail, carefully craft your questions in a probing way. Then, understand what your current baseline is, what your target requirements are, and assess the gap.

    Design the RFP so that responses can easily be compared against one another.

    It is common to receive responses that are very different – RFPs don't provide a response framework. Comparing vastly different responses can be like comparing apples to oranges. Not only are they immensely time consuming to score, their scores also don't end up accurately reflecting the provider's capabilities or suitability as a vendor.

    If your RFP is causing a ten minute printer backlog, you're doing something wrong.

    Your RFP should not be hundreds of pages long. If it is, there is too much detail.

    Providing too much detail can box your responses in and be overly limiting on your responses. It can deter potentially suitable provider candidates from sending a proposal.

    Request
    For
    Proposal

    "From bitter experience, if you're too descriptive, you box yourself in. If you're not descriptive enough, you'll be inundated with questions or end up with too few bidders. We needed to find the best way to get the message across without putting too much detail around it."
    – Procurement Manager, Utilities

    Info-Tech's Service Desk Outsourcing RFP Template contains nine sections

    1. Statement of work
      • Purpose, coverage, and participation ààInsert the purpose and goals of outsourcing your service desk, using steps 1.1 findings in this blueprint as reference.
    2. General information
      • Information about the document, enterprise, and schedule of events ààInsert the timeline you developed for the RFP issue and award process in this section.
    3. Proposal preparation instructions
      • The vendor's understanding of the RFP, good faith statement, points of contact, proposal submission, method of award, selection and notification.
    4. Service overview
      • Information about organizational perspective, service desk responsibility matrix, vendor requirements, and service level agreements (SLAs).
    5. Scope of work, specifications and requirements
      • Technical and functional requirements à Insert the requirements gathered in Phase 1 in this section of the RFP. Remember to include both current and future requirements.
    6. Exit conditions
      • Overview of exit strategy and transition process.
    7. Vendor qualifications and references
    8. Account management and estimated pricing
    9. Vendor certification
    This is a screenshot of the Service Desk Outsourcing RFP Template.

    The main point of focus in this document is defining your requirements (discussed in Phase 1) and developing proposal preparation instructions.

    The rest of the RFP consists mostly of standard legal language. Review the rest of the RFP template and adapt the language to suit your organization's standards. Check with your legal departments to make sure the RFP adheres to company policies.

    3.1.1 Evaluate your technology, people, and process requirements

    1-2 hours

    1. Review the outsourcing goals you identified in Phase 1 (activity 1.1.3).
    2. For each goal, divide the defined requirements from your requirements database library (activity 1.2.1) into three areas:
      1. People Requirements
      2. Process Requirements
      3. Technical Requirements
    3. Group your requirements based on characteristics (e.g. recovery capabilities, engagement methodology, personnel, etc.).
    4. Validate these requirements with the relevant stakeholders.
    5. Document your results in section 4 of the Service Desk Outsourcing RFP Template.

    Input

    • Identified key requirements

    Output

    • Refined requirements to input into the RFP

    Materials

    • Whiteboard/flip charts
    • Markers
    • Laptops

    Participants

    • IT Director/CIO
    • Service Desk Manager
    • IT Managers

    Download the Service Desk Outsourcing RFP Template

    Assess knowledge management and technology requirements to enable the outsourcer with higher quality work

    Retain ownership of the knowledgebase to foster long-term growth of organizational intelligence

    With end users becoming more and more tech savvy, organizational intelligence is becoming an increasingly important aspect of IT support. Modern employees are able and willing to troubleshoot on their own before calling into the service desk. The knowledgebase and FAQs largely facilitate self-serve trouble shooting, both of which are not core concerns for the outsource vendor.

    Why would the vendor help you empower end users and decrease ticket volume when it will lead to less revenue in the future? Ticket avoidance is not simply about saving money by removing support. It's about the end-user community developing organizational intelligence so that it doesn't need as much technical support.

    Organizational intelligence occurs when shared knowledge and insight is used to make faster, better decisions.

    When you outsource, the flow of technical insight to your end-user community slows down or stops altogether unless you proactively drive it. Retain ownership of the knowledgebase and ensure that the content is:

    1. Validated to ensure it accurately describes the best solution.
    2. Actionable to ensure it prescribes repeatable, verifiable steps.
    3. Contextual to ensure the reader knows when NOT to apply the knowledge.
    4. Maintained to ensure the solution remains current.
    5. Applied, since knowledge is a cost with no benefit unless you apply it and turn it into organizational intelligence.

    Info-Tech Insight

    Include knowledge management process in your ticket handling workflows to make sure knowledge is transferred to the MSP and end users. For more information on knowledge management, refer to Info-Tech's Standardize the Service Desk and Optimize the Service Desk With a Shift-Left Strategy blueprints.

    Assess self-service requirements in your outsourcing plan

    When outsourcing the service desk, determine who will take ownership of the self-service portal.

    Nowadays, outsourcers provide innovative services such as self-serve options. However, bear in mind that the quality of such services is a differentiating factor. A well-maintained portal makes it easy to:

    • Report incidents efficiently via use-case-based forms
    • Place requests via a business-oriented service catalog
    • Automate request processes
    • Give visibility on ticket status
    • Access knowledgebase articles
    • Provide status on critical systems
    • Look for services by both clicking service lists and searching them
    • Provide 24/7 service via interactive communication with live agent and AI-powered machine
    • Streamline business process in multiple departments rather than only IT

    In the outsourcing process, determine your expectations from your vendor on self-serve options and discuss how they will fulfill these requirements. Similar to other processes, work internally to define a list of services your organization is providing that you can pass over to the outsourcer to convert to a service catalog.

    Use Info-Tech's Sample Enterprise Services document to start determining your business's services.

    Assess admin rights in your outsourcing plan to give access to the outsourcer while you keep ownership

    Provide accessibility to account management to improve self-service, which enables:

    • Group owners to be named who can add or remove people from their operating units
    • Users to update attributes such as photos, address, phone number
    • Synchronization with HRIS (Human Resource Information Systems) to enable two-way communication on attribute updates
    • Password reset self-service

    Ensure the vendor has access rights to execute regular clean up to help:

    • Find stale and inactive user and computer accounts (inactive, expired, stale, never logged in)
    • Bulk move and disable capabilities
    • Find empty groups and remove
    • Find and assess NTFS permissions
    • Automated tasks to search and remediate

    Give admin rights to outsourcer to enable reporting and auditing capabilities, such as:

    • Change tracking and notifications
    • Password reset attempts, account unlocks, permission and account changes
    • Anomaly detection and remediation
    • Privilege abuse, such as password sharing

    Info-Tech Insight

    Provide your MSP with access rights to enable the service desk to have account management without giving too much authentication. This way you'll enable moving tickets to the outsourcer while you keep ownership and supervision.

    3.1.2 Outline which party will be responsible for which service desk processes

    1-2 hours

    This activity is an expansion to the outcomes of activity 1.2.1, where you determined the outsourcing requirements and the party to deliver each requirement.

    1. Add your identified tasks from the requirements database library to the service desk responsibility matrix (section 4.2 of the Service Desk Outsourcing RFP Template).
    2. Break each task down into more details. For instance, incident management may include tier 1, tier 2/3, KB creation and update, reporting, and auditing.
    3. Refer to section 4.1 of your Project Charter to review the responsible party for each use case.
    4. Considering the use cases, assess whether your organization, the MSP, or both parties will be responsible for the task.
    5. Document the results in section 4.2 of the RFP.

    Input

    • Identified key requirements

    Output

    • Responsible party to deliver each task

    Materials

    • Whiteboard/flip charts
    • Markers
    • Laptops

    Participants

    • IT Director/CIO
    • Service Desk Manager
    • IT Managers

    Download the Service Desk Outsourcing RFP Template

    Step 3.2

    Define your approach to vendor relationship management

    Activities

    3.2.1 Define your SLA requirements

    3.2.2 Score each vendor to mitigate the risk of failure

    3.2.3 Score RFP responses

    3.2.4 Get referrals, conduct reference interviews and evaluate responses for each vendor

    Develop an RFP and make a long-term relationship

    This step requires the following inputs:

    • Service desk outsourcing RFP
    • List of service desk outsourcing requirements

    This step involves the following participants:

    • CIO
    • Service Desk Manager
    • IT Managers
    • Project Managers

    Outcomes of this step

    • Service desk SLA
    • RFP scores

    Don't rush to judgment; apply due diligence when selecting your vendor

    The most common mistake in vendor evaluation is moving too quickly. The process leading to an RFP evaluation can be exhausting, and many organizations simply want to be done with the whole process and begin outsourcing.

    The most common mistake in vendor evaluation is moving too quickly. The process leading to an RFP evaluation can be exhausting, and many organizations simply want to be done with the whole process and begin outsourcing.

    1. Call around to get referrals for each vendor
    2. Create a shortlist
    3. Review SLAs and contract terms
    4. Select your vendor

    Recognize warning signs in the MSP's proposal to ensure a successful negotiation

    Vendors often include certain conditions in their proposals that masquerade as appealing but may spell disaster. Watch for these red flags:

    1. Discounted Price
      • Vendors know the market value of their competitors' services. Price is not what sets them apart; it's the type of services offered as well as the culture present.
      • A noticeably low price is often indicative of a desperate organization that is not focused on quality managed services.
    2. No Pushback
      • Vendors should work to customize their proposal to suit both their capabilities and your needs. No pushback means they are not invested in your project as deeply as they should be.
      • You should be prepared for and welcome negotiations; they're a sign that both sides are reaching a mutually beneficial agreement.
    3. Continual SLA Improvement
      • Continual improvement is a good quality that your vendor should have, but it needs to have some strategic direction.
      • Throwing continual SLA improvement into the deal may seem great, but make sure that you'll benefit from the value-added service. Otherwise, you'll be paying for services that you don't actually need.

    Clearly define core vendor qualities before looking at any options

    Vendor sales and marketing people know just what to say to sway you: don't talk to them until you know what you're looking for.

    Geography

    Do you prefer global or local data centers? Do you need multiple locations for redundancy in case of disaster? Will language barriers be a concern?

    Contract Length

    Ensure you can terminate a poor arrangement by having shorter terms with optional renewals. It's better to renew and renegotiate if one side is losing in the deal in order to keep things fair. Don't assume that proposed long-term cost savings will provide a satisfactory service.

    Target Market

    Vendors are aiming at different business segments, from startups to large enterprises. Some will accept existing virtual machines, and others enforce compliance to appeal to government and health agencies.

    SLA

    A robust SLA strengthens a vendor's reliability and accountability. Agencies with special needs should have room in negotiations for customization. Providers should also account for regular SLA reviews and updates. Vendors should be tracking call volume and making projections that should translate directly to SLAs.

    Support

    Even if you don't need a vendor with 24/7 availability, vendors who cannot support this timing should be eliminated. You may want to upgrade later and will want to avoid the hassle of switching.

    Maturity

    Vendors must have the willingness and ability to improve processes and efficiencies over time. Maintaining the status-quo isn't acceptable in the constantly evolving IT world.

    Cost

    Consider which model makes the most sense: will you go with per call or per user pricing? Which model will generate vendor motivation to continually improve and meet your long-term goals? Watch out for variable pricing models.

    Define your SLA requirements so your MSP can create a solution that fits

    SLAs ensure accountability from the service provider and determine service price

    SLAs define the performance of the service desk and clarify what the provider and customer can expect in their outsourcing relationship.

    • Service categories
    • The acceptable range of end-user satisfaction
    • The scope of what functions of the service desk are being measured (availability, time to resolve, time to respond, etc.)
    • Credits and penalties for achieving or missing targets
    • Frequency of measurement/reporting
    • Provisions and penalties for ending the contractual relationship early
    • Management and communication structure
    • Escalation protocol for incidents relating to tiers 2 or 3

    Each MSP's RFP response will help you understand their basic SLA terms and enhanced service offerings. You need to understand the MSP's basic SLA terms to make sure they are adequate enough for your requirements. A well-negotiated SLA will balance the requirements of the customer and limit the liability of the provider in a win/win scenario.

    For more information on defining service level requirements, refer to Info-Tech's blueprint Reduce Risk With Rock-Solid Service-Level Agreements.

    3.2.1 Define your SLA requirements

    2-3 hours

    • As a team, review your current service desk SLA for the following items:
      • Response time
      • Resolution time
      • Escalation time
      • End-user satisfaction
      • Service availability
    • Use the sample table as a starting point to determine your current incident management SLA:
    • Determine your SLA expectations from the outsourcer.
    • Document your SLA expectations in section 4.4 of the RFP template.

    Participants: IT Managers, Service Desk Manager, Project Team

    Response
    PriorityResponse SLOResolution SLOEscalation Time
    T1
    Severity 1CriticalWithin 10 minutes4 hours to resolveImmediate
    Severity 2HighWithin 1 business hour8 business hours to resolve20 minutes
    Severity 3MediumWithin 4 business hours24 business hours to resolveAfter 20 minutes without progress
    Severity 4LowSame day (8 hours)72 business hours to resolve After 1 hour without progress
    SLO ResponseTime it takes for service desk to respond to service request or incident. Target response is 80% of SLO
    SLO ResolutionTime it takes to resolve incident and return business services to normal. Target resolution is 80% of SLO

    Download the Service Desk Outsourcing RFP Template

    Get a detailed plan from your selected vendor before signing a contract

    Build a standard process to evaluate candidate vendors

    Use section 5 of Info-Tech's Service Desk Outsourcing RFP Template for commonly used questions and requirements for outsourcing the service desk. Ask the right questions to secure an agreement that meets your needs. If you are already in a contract with an MSP, tale the opportunity of contract renewal to improve the contract and service.

    This is a screenshot of the Service Desk Outsourcing RFP Template.

    Download the Service Desk Outsourcing RFP Template

    Add your finalized assessment questions into Info-Tech's Service Desk Outsourcing RFP Scoring Tool to aggregate responses in one repository for comparison. Since the vendors are asked to respond in a standard format, it is easier to bring together all the responses to create a complete view of your options.

    This is an image of the Service Desk Vendor Proposal Scoring Tool

    Download the Service Desk Vendor Proposal Scoring Tool

    3.2.2 Score each vendor to mitigate the risk of failure

    1-2 hours

    Include the right requirements for your organization and analyze candidate vendors on their capability to satisfy them.

    1. Use section 5 of the RFP template to convert your determined requirements into questions to address in vendor briefings.
    2. Review the questions in the context of near- and long-term service desk outsourcing needs. In the template, we have separated requirements into 7 categories:
      • Vendor Requirements (VR)
      • Vendor Qualifications/Engagement/Administration Capabilities (VQ)
      • Service Operations (SO)
      • Service Support (SS)
      • Service Level Agreement (SLA)
      • Transition Processes (TP)
      • Account Management (AM)
    3. Define the priority for each question:
      • Required
      • Desired
      • Optional
    4. Leave the compliance and comments to when you brief with vendors.

    Input

    • Technical and functional requirements

    Output

    • Priority level for each requirement
    • Completed list of requirement questions

    Materials

    • Whiteboard/flip charts
    • Markers
    • Laptops

    Participants

    • IT Director/CIO
    • Service Desk Manager
    • IT Managers

    Download the Service Desk Outsourcing RFP Template

    3.2.3 Score RFP responses

    2-3 hours

    1. Enter the requirements questions into the RFP Scoring Tool and use it during vendor briefings.
    2. Copy the Required and Desired priority requirements from the previous activity into the RFP Questions column.
    3. Evaluate each RFP response against the RFP criteria based on the scoring scale.
    4. The Results section in the tool shows the vendor ranking based on their overall scores.
    5. Compare potential outsourcing partners considering scores on individual requirements categories and based on overall scores.

    Input

    • Completed list of requirement questions
    • Priority level for each requirement

    Output

    • List of top vendors for outsourcing the service desk

    Materials

    • Service Desk Vendor Proposal Scoring Tool

    Participants

    • Service Desk Manager
    • IT Managers
    • Project Managers
    • IT Director/CIO

    Download the Service Desk Vendor Proposal Scoring Tool

    3.2.3 Get referrals, conduct reference interviews, and evaluate responses for each vendor

    1. Outline a list of questions to conduct reference interviews with past/present clients of your candidate vendors.
    2. Use the reference interview template as a starting point. As a group review the questions and edit them to a list that will fulfill your requirements.
    3. Ask your candidate vendors to provide you with a list of three to five clients that have/had used their services. Make sure that vendors enforce the interview will be kept anonymous and names and results won't be disclosed.
    4. Ask vendors to book a 20-30 minute call with you and their client.
    5. Document your interview comments in your updated reference interview template.
    6. Update the RFP scoring tool accordingly.

    Input

    • List of top vendors for outsourcing the service desk

    Output

    • Updated list of top vendors for outsourcing the service desk

    Materials

    • Service Desk Outsourcing Reference Interview Template
    • Service Desk Vendor Proposal Scoring Tool

    Participants

    • Service Desk Manager
    • IT Managers
    • Project Managers

    Download the Service Desk Vendor Proposal Scoring Tool

    Compare pricing models of outsourcing services

    It's a common sales tactic to use a low price as an easy solution. Carefully evaluate the vendors on your short-list and ensure that SLAs, culture, and price all match to your organization.

    Research different pricing models and accurately assess which model fits your organization. Consider the following pricing models:

    Pay per technician

    In this model, a flat rate is allocated to agents tackling your service desk tickets. This is a good option for building long-term relationship with outsourcer's agents and efficient knowledge transfer to the external team; however, it's not ideal for small organizations that deal with few tickets. This is potentially an expensive model for small teams.

    Pay per ticket

    This model considers the number of tickets handled by the outsourcer. This model is ideal if you only want to pay for your requirement. Although the internal team needs to have a close monitoring strategy to make sure the outsourcer's efficiency in ticket resolution.

    Pay per call

    This is based on outbound and inbound calls. This model is proper for call centers and can be less expensive than the other models; however, tracking is not easy, as you should ensure service desk calls result in efficient resolution rather than unnecessary follow-up.

    Pay per time (minutes or hours)

    The time spent on tickets is considered in this model. With this model, you pay for the work done by agents, so that it may be a good and relatively cheap option. As quicker resolution SLA is usually set by the organization, customer satisfaction may drop, as agents will be driven to faster resolution, not necessarily quality of work.

    Pay per user

    This model is based on number of all users, or number of users for particular applications. In this model, correlation between number of users and number of tickets should be taken into account. This is an ideal model if you want to deal with impact of staffing changes on service price. Although you should first track metrics such as mean time to resolve and average number of tickets so you can prevent unnecessary payment based on number of users when most users are not submitting tickets.

    Step 3.3

    Manage the outsource relationship

    Activities

    3.3.1 Analyze your outsourced service desk for continual improvement

    3.3.2 Make a case to either rehabilitate your outsourcing agreement or exit

    3.3.3 Develop an exit strategy in case you need to end your contract early

    Develop an RFP and make a long-term relationship

    This step requires the following inputs:

    • Service desk SLA
    • List of impacted stakeholder groups
    • List of impacts and benefits of the outsourced service desk

    This step involves the following participants:

    • CIO
    • Service Desk Manager
    • IT Managers
    • Project Managers

    Outcomes of this step

    • Communication plan
    • Vendor management strategy

    Ensure formality of your vendor management practice

    A service desk outsourcing project is an ongoing initiative. Build a relationship plan to make sure the outsourcer complies with the agreement.

    This is an iamge of the cycle of relationship management and pre-contract management.

    Monitor Vendor Performance

    Key Activity:

    Measure performance levels with an agreed upon standard scorecard.

    Manage Vendor Risk

    Key Activity:

    Periodical assessment of the vendors to ensure they are meeting compliance standards.

    Manage Vendor Contracts and Relationships

    Key Activity:
    Manage the contracts and renewal dates, the level of demand for the services/products provided, and the costs accrued.

    COMPLETE Identify and Evaluate Vendors

    Key Activity:
    Develop a plan with procurement and key internal stakeholders to define clear, consistent, and stable requirements.

    COMPLETE Select a Vendor

    Key Activity:
    Develop a consistent and effective process for selecting the most appropriate vendor.

    Manage Vendor Contracts and Relationships

    Key Activity:
    Contracts are consistently negotiated to ensure the vendor and the client have a documented and consistent understanding of mutual expectations.

    Expect the vendor to manage processes according to your standards

    You need this level of visibility into the service desk process, whether in-house or outsourced

    Each of these steps requires documentation – either through standard operating procedures, SLAs, logs, or workflow diagrams.

    • Define key operating procedures and workflows
    • Record, classify, and prioritize tickets
    • Verify, approve, and fulfill tickets
    • Investigate, diagnose, and allocate tickets
    • Resolve, recover, and close tickets
    • Track and report

    "Make sure what they've presented to you is exactly what's happening."
    – Service Desk Manager, Financial Services

    Manage the vendor relationship through regular communication

    Regular contact with your MSP provides opportunities to address issues that emerge

    Designate a relationship manager to act as a liaison at the business to be a conduit between the business and the MSP.

    • The relationship manager will take feedback from the MSP and relate it back to you to bridge the technical and business gap between the two.

    Who should be involved

    • Routine review meetings should involve the MSP and your relationship manager.
    • Technical knowledge may be needed to address specific issues, but business knowledge and relationship management skills are absolutely required.
    • Other stakeholders and people who are deeply invested in the vendor relationship should be invited or at least asked to contribute questions and concerns.

    What is involved

    • Full review of the service desk statistics, escalations, staffing changes, process changes, and drivers of extra billing or cost.
    • Updates to key documentation for the issues listed above and changes to the knowledgebase.
    • Significant drivers of customer satisfaction and dissatisfaction.
    • Changes that have/are being proposed that can impact any of the above.

    Communicate changes to end users to avoid push back and get buy-in

    Top-down processes for outsourcing will leave end users in the dark

    • Your service desk staff has been involved in the outsourcing process the entire time, but end users are affected all the same.
    • The service desk is the face of IT. A radical shift in service processes and points of contact can be detrimental to not only the service desk, but all of IT.
    • Communicating the changes early to end users will both help them cope with the change and help the MSP achieve better results.
      • An internal communication plan should be rolled out in order to inform and educate end users about the changes associated with outsourcing the service desk.
    • Your relationship manager should be tasked with communicating the changes to end users. The focus should be on addressing questions or concerns about the transition while highlighting the value gained through outsourcing to an MSP.
    • Service quality is a two-way street; the end user needs to be informed of proper protocols and points of contact so that the service desk technicians can fulfill their duties to the best of their ability.

    "When my company decided to outsource, I performed the same role but for a different company. There was a huge disruption to the business flow and a lack of communication to manage the change. The transition took weeks before any end users figured out what the new processes were for submitting a ticket and who to ask for help, and from a personal side, it became difficult to maintain relationships with colleagues."
    – IT Specialist for a financial institution

    Info-Tech Insight

    Educate the enterprise on expectations and processes that are handled by the MSP. Identify stakeholder groups affected by the outsourced processes then build a communication plan on what's been changed, what the benefits are, and how they will be impacted. Determine a timeline for communicating these initiatives and how these announcements will be made. Use InfoTech's Sample Communication Plan as a starting point.

    Build a continual improvement plan to make sure your MSP is efficiently delivering services according to expectations

    Ensure that your quality assurance program is repeatable and applicable to the outsourced services

    1. Design a QA scorecard that can help you assess steps the outsourcer agents should follow. Keep the questionnaire high level but specific to your environment. The scorecard should include questions that follow the steps to take considering your intake channels. For instance, if end users can reach the service desk via phone, chat, and email, build your QA around assessing customer service for call, chat, and ticket quality.
    2. Build a training program for agents: Develop an internal monitoring plan to relay detailed feedback to your MSP. Assess performance and utilize KBs as training materials for coaching agents on challenging transactions.
    3. Everything that goes to your service desk has to be documented; there will be no organic transfer of knowledge and experience.
    4. You need to let your MSP know how their efforts are impacting the performance of your organization. Measure your internal performance against the external performance of your service desk.
    5. Constant internal check-ins ensure that your MSP is meeting the SLAs outlined in the RFP.
    6. Routine reporting of metrics and ticket trends allow you to enact problem management. Otherwise, you risk your MSP operating your service desk with no internal feedback from its owner.
    7. Use metrics to determine the service desk functionality.

    Consider the success story of your outsourced service desk

    Build a feedback program for your outsourced services. Utilize transactional surveys to discover and tell outsourcing success to the impacted stakeholders.

    Ensure you apply steps for providing feedback to make sure processes are handled as expected. Service desk is the face of IT. Customer satisfaction on ticket transactions reflects satisfaction with IT and the organization.

    Build customer satisfaction surveys and conduct them for every transaction to get a better sense of outsourced service desk functionality. Collaborate with the vendor to make sure you build a proper strategy.

    • Build a right list of questions. Multiple and lengthy questions may lead to survey taking fatigue. Make sure you ask the right questions and give an option to the customer to comment any additional notes.
    • Give the option to users to rate the transaction. Make the whole process very seamless and doable in a few seconds.
    • Ensure to follow-up on negative feedback. This will help you find gaps in services and provide training to improve customer service.

    3.3.1 Analyze your outsourced service desk for continual improvement

    1 hour

    1. In this project, you determined the KPIs based on your service desk objectives (activity 2.2.2).
    2. Refer to your list of metrics in section 7 of the Service Desk Outsourcing Project Charter.
    3. Think about what story you want to tell and determine what factors will help move the narrative.
    4. Discuss how often you would like to track these metrics. Determine the audience for each metric.
    5. Provide the list to the MSP to create reports with auto-distribution.

    Input

    • Determined CSFs and KPIs

    Output

    • List of metrics to track, including frequency to report and audience to report to

    Materials

    • Service Desk Outsourcing Project Charter

    Participants

    • Service Desk Manager
    • IT Managers
    • Project Managers

    Download the Project Charter Template

    Reward the MSP for performance instead of "punishing" them for service failure

    Turn your vendor into a true partner by including an "earn back" condition in the contract

    MSPs often offer clients credit requests (service credits) for their service failures, which are applied to the previous month's monthly recurring charge. They are applied to the last month's MRC (monthly reoccurring charges) at the end of term and then the vendor pays out the residual.

    However, while common, service credits are not always perceived to be a strong incentive for the provider to continually focus on improvement of mean-time-to-respond/mean-time-to-resolve.

    • Engage the vendor as a true partner within a relationship only based upon Service Credits.
    • Suggest the vendor include a minor change to the non-performance processes within the final agreement: the vendor implements an "earn back" condition in the agreement.
    • Where a bank of service credits exists because of non-performance, if the provider exceeds the SLA performance metrics for a number of consecutive months (two is common), then an amount of any prior credits received by client is returned to the provider as an earn back for improved performance.
    • This can be a useful mechanism to drive improved performance.

    Measure the outsourced service desk ROI constantly to drive efficient decisions for continual improvement or an exit plan

    Efficient outsourced service desk causes positive impacts on business satisfaction. To address the true value of the services outsourced, you should evaluate the return on investment (ROI) in these areas: Emotional ROI, Time ROI, Financial ROI

    Emotional ROI

    Service desk's main purpose should be to provide topnotch services to end users. Build a customer experience program and leverage transactional surveys and relationship surveys to constantly analyze customer feedback on service quality.

    Ask yourself:

    • How have the outsourced services improved customer satisfaction?
    • How has the service desk impacted the business brand?
    • Have these services improved agents' job satisfaction?
    • What is the NPS score of the service desk?
    • What should we do to reduce the detractor rate and improve satisfaction leveraging the outsourced service desk?

    Time ROI

    Besides customer satisfaction, SLA commitment is a big factor to consider when conducting ROI analysis.

    Ask these questions:

    • Have we had improvement in FCR?
    • What are the mean time to resolve incidents and mean time to fulfill requests?
    • Is the cost incurred to outsourced services worth improvement in such metrics?

    Financial ROI

    As already mentioned in Phase 1, the main motivation for outsourcing the service desk should not be around cost reduction, but to improve performance. Regardless, it's still important to understand the financial implications of your decision.

    To evaluate the financial impact of your outsourced service desk, ask these questions:

    • How much have the outsourced services impacted our business financially?
    • How much are we paying compared to when it was done internally?
    • Considering the emotional, time, and effort factors, is it worth bringing the services in house or changing the vendor?

    3.3.2 Make a case to either rehabilitate your outsourcing agreement or exit

    3-4 hours

    1. Refer to the results of activity 2.2.2. for the list of metrics and the metrics dashboard over the past quarter.
    2. Consider emotional and time ROI, assess end-user satisfaction and SLA, and run a report comparison with the baseline that you built prior to outsourcing the service desk.
    3. Estimate the organization's IT operating expenses over the next five years if you stay with the vendor.
    4. Estimate the organization's IT operating expenses over the next five years if you switch the vendor.
    5. Estimate the organization's IT operating expenses over the next five years if you repatriate the service desk.
    6. Estimate the non-recurring costs associated with the move, such as the penalty for early contract termination, data center moving costs, and cost of potential business downtime during the move. Sum them to determine the investment.
    7. Calculate the return on investment. Discuss and decide whether the organization should consider rehabilitating the vendor agreement or ending the partnership.

    Input

    • Outsourced service desk metrics
    • Operating expenses

    Output

    • Return on investment

    Materials

    • List of metrics
    • Laptop
    • Markers
    • Flip chart/whiteboard

    Participants

    • IT Director/CIO
    • Service Desk Manager
    • IT Managers

    For more information on conducting this activity, refer to InfoTech's blueprint Terminate the IT Infrastructure Outsourcing Relationship

    Define exit conditions to complete your contract with your MSP

    The end of outsourcing is difficult. Your organization needs to maintain continuity of service during the transition. Your MSP needs to ensure that its resources can be effectively transitioned to the next deployment with minimal downtime. It is crucial to define your exit conditions so that both sides can prepare accordingly.

    • Your exit conditions must be clearly laid out in the contract. Create a list of service desk functions and metrics that are important to your organization's success. If your MSP is not meeting those needs or performance levels, you should terminate your services.
    • Most organizations accomplish this through a clear definition of hard and measurable KPIs and metrics that must be achieved and what will happen in the case these metrics are not being regularly met. If your vendor doesn't meet these requirements as defined in your contract, you then have a valid reason and the ability to leave the agreement.

    Examples of exit conditions:

    • Your MSP did not meet their SLAs on priority 1 or 2 tickets two times within a month.
    • If they didn't meet the SLA twice in that 30 days, you could terminate the contract penalty-free.

    Info-Tech Insight

    If things start going south with your MSP, negotiate a "get well plan." Outline your problems to the MSP and have them come back to you with a list of how they're going to fix these problems to get well before you move forward with the contract.

    Try to rehabilitate before you repatriate

    Switching service providers or ending the contract can be expensive and may not solve your problems. Try to rehabilitate your vendor relationship before immediately ending it.

    You may consider terminating your outsourcing agreement if you are dissatisfied with the current agreement or there has been a change in circumstances (either the vendor has changed, or your organization has changed).

    Before doing so, consider the challenges:

    1. It can be very expensive to switch providers or end a contract.
    2. Switching vendors can be a large project involving transfer of knowledge, documentation, and data.
    3. It can be difficult to maintain service desk availability, functionality, and reliability during the transition.

    Diagnose the cause of the problem before assuming it's the MSP's fault. The issue may lie with poorly defined requirements and processes, lack of communication, poor vendor management, or inappropriate SLAs. Re-assess your strategy and re-negotiate your contract if necessary.

    Info-Tech Insight

    There are many reasons why outsourcing relationships fail, but it's not always the vendor's fault.

    Clients often think their MSP isn't doing a great job, but a lot of the time the reason comes back to the client. They may not have provided sufficient documentation on processes, were not communicating well, didn't have a regular point of contact, and weren't doing regular service reviews. Before exiting the relationship, evaluate why it's not working and try to fix things first.

    Don't stop with an exit strategy, you also need to develop a transition plan

    Plan out your transition timeline, taking into account current contract terms and key steps required. Be prepared to handle tickets immediately upon giving notice.

    • Review your outsourcing contract with legal counsel to identify areas of concern for lock-in or breech.
    • Complete a cost/benefit analysis.
    • Bring intellectual property (including ticket data, knowledge base articles, and reports) back in-house (if you'd like to repatriate the service desk) or transfer to the next service desk vendor (if you're outsourcing to another MSP).
    • Review and update service desk standard processes (escalation, service levels, ticket templates, etc.).
    • Procure service desk software, licenses, and necessary hardware as needed.
    • Train the staff (internal for repatriating the service desk, or external for the prospective MSP).
    • Communicate the transition plan and be prepared to start responding to tickets immediately.

    Info-Tech Insight

    Develop a transition plan about six months before the contract notice date. Be proactive by constantly tracking the MSP, running ROI analyses and training staff before moving the services to the internal team or the next MSP. This will help you manage the transition smoothly and handle intake channels so that upon potential exit, users won't be disrupted.

    3.3.3 Develop an exit strategy in case you need to end your contract early

    3-4 hours

    Create a plan to be prepared in case you need to end your contract with the MSP early.

    Your exit strategy should encompass both the conditions under which you would need to end your contract with the MSP and the next steps you will take to transition your services.

    1. Define the exit conditions you plan to negotiate into your contract with the MSP:
      • Identify the performance levels you will require your MSP to meet.
      • Identify the actions you expect the MSP to take if they fail to meet these performance levels.
      • Identify the conditions under which you would leave the contract early.
    2. Develop a strategy for transitioning services in the event you need to leave your contract with the MSP:
      • Will you hand the responsibility to a new MSP or repatriate the service desk back in-house?
      • How will you maintain services through the transition?
    3. Document your exit strategy in section 6 of the Service Desk Outsourcing RFP Template.

    Input

    • Outsourced service desk metrics
    • Operating expenses

    Output

    • Return on investment

    Materials

    • List of metrics
    • Laptop
    • Markers
    • Flip chart/whiteboard

    Participants

    • IT Director/CIO
    • Service Desk Manager
    • IT Managers

    Download the Service Desk Outsourcing RFP Template

    Summary of Accomplishment

    Problem Solved

    You have now re-envisioned your service desk by building a solid strategy for outsourcing it to a vendor. You first analyzed your challenges with the current service desk and evaluated the benefits of outsourcing services. Then you went through requirements assessment to find out which processes should be outsourced. Thereafter, you developed an RFP to communicate your proposal and evaluate the best candidates.

    You have also developed a continual improvement plan to ensure the outsourcer provides services according to your expectations. Through this plan, you're making sure to build a good relationship through incentivizing the vendor for accomplishments rather than punishing for service failures. However, you've also contemplated an exit plan in the RFP for potential consistent service failures.

    Ideally, this blueprint has helped you go beyond requirements identification and served as a means to change your mindset and strategy for outsourcing the service desk efficiently to gain long-term benefits.

    if you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop

    Contact your account representative for more information

    workshops@infotech.com

    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.

    This is a picture of Info-Tech analyst Mahmoud Ramin

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    This is a screenshot of activity 1.2.1 found in this blueprint

    Identify Processes to Outsource
    Identify service desk tasks that will provide the most value upon outsourcing.

    This is a screenshot of activity 3.2.2 found in this blueprint

    Score Candidate Vendors
    Evaluate vendors on their capabilities for satisfying your service desk requirements.

    Related Info-Tech Research

    Standardize the Service Desk

    • Improve customer service by driving consistency in your support approach and meeting SLAs.

    Outsource IT Infrastructure to Improve System Availability, Reliability, and Recovery

    • There are very few IT infrastructure components you should be housing internally – outsource everything else.

    Terminate the IT Infrastructure Outsourcing Relationship

    • There must be 50 ways to leave your vendor.

    Research Contributors and Experts

    Yev Khovrenkov; Enterprise Consultant, Solvera Solutions

    Kamil Salagan; I&O Manager, Bartek Ingredients

    Satish Mekerira; VP of IT, Coherus BioSciences

    Kris Krishan; Head of IT and Business Systems, Waymo

    Kris Arthur; Infra & Security Director, SEKO Logistics

    Valance Howden; Principal Research Advisor, Info-Tech Research Group

    Sandi Conrad; Principal Research Director, Info-Tech Research Group

    Graham Price; Senior Director of Executive Services, Info-Tech Research Group

    Barry Cousins; Practice Lead, Info-Tech Research Group

    Mark Tauschek; VP of I&O Research, Info-Tech Research Group

    Darin Stahl; Principal Research Advisor, Info-Tech Research Group

    Scott Yong; Principal Research Advisor, Info-Tech Research Group

    A special thank-you to five anonymous contributors

    Bibliography

    Allnutt, Charles. "The Ultimate List of Outsourcing Statistics." MicroSourcing, 2022. Accessed July 2022.
    "Considerations for outsourcing the service desk. A guide to improving your service desk and service delivery performance through outsourcing." Giva. Accessed May 2022.
    Hurley, Allison. "Service Desk Outsourcing | Statistics, Challenges, & Benefits." Forward BPO Inc., 2019. Accessed June 2022.
    Mtsweni, Patricia, et al. "The impact of outsourcing information technology services on business operations." South African Journal of Information Management, 2021, Accessed May 2022.
    "Offshore, Onshore or Hybrid–Choosing the Best IT Outsourcing Model." Calance, 2021. Accessed June 2022. Web.
    "Service Integration and Management (SIAM) Foundation Body of Knowledge." Scopism, 2020. Accessed May 2022.
    Shultz, Aaron. "IT Help Desk Outsourcing Pricing Models Comparison." Global Help Desk Services. Accessed June 2022. Web.
    Shultz, Aaron. "4 Steps to Accurately Measure the ROI of Outsourced Help Desk Services" Global Help Desk Services, Accessed June 2022. Web.
    Sunberg, John. "Great Expectations: What to Look for from Outsourced Service Providers Today." HDI. Accessed June 2022. Web.
    Walters, Grover. "Pivotal Decisions in outsourcing." Muma Case Review, 2019. Accessed May 2022.
    Wetherell, Steve. "Outsourced IT Support Services: 10 Steps to Better QA" Global Held Desk Services. Accessed May 2022. Web.

    Demystify Oracle Licensing and Optimize Spend

    • Buy Link or Shortcode: {j2store}136|cart{/j2store}
    • member rating overall impact (scale of 10): 9.9/10 Overall Impact
    • member rating average dollars saved: $85,754 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • License keys are not needed with optional features accessible upon install. Conducting quarterly checks of the Oracle environment is critical because if products or features are installed, even if they are not actively in use, it constitutes use by Oracle and requires a license.
    • Ambiguous license models and definitions abound: terminology and licensing rules can be vague, making it difficult to purchase licensing even with the best of intentions to keep compliant.
    • Oracle has aggressively started to force new Oracle License and Service Agreements (OLSA) on customers that slightly modify language and remove pre-existing allowances to tilt the contract terms in Oracle's favor.

    Our Advice

    Critical Insight

    • Focus on needs first. Conduct a thorough requirements assessment and document the results. Well-documented license needs will be your core asset in navigating Oracle licensing and negotiating your agreement.
    • Communicate effectively. Be aware that Oracle will reach out to employees at your organization at various levels. Having your executives on the same page will help send a strong message.
    • Manage the relationship. If Oracle is managing you, there is a high probability you are over paying or providing information that may result in an audit.

    Impact and Result

    • Conducting business with Oracle is not typical compared to other vendors. To emerge successfully from a commercial transaction with Oracle, customers must learn the "Oracle way" of conducting business, which includes a best-in-class sales structure, highly unique contracts and license use policies, and a hyper-aggressive compliance function.
    • Map out the process of how to negotiate from a position of strength, examining terms and conditions, discount percentages, and agreement pitfalls.
    • Develop a strategy that leverages and utilizes an experienced Oracle DBA to gather accurate information, and then optimizes it to mitigate and meet the top challenges.

    Demystify Oracle Licensing and Optimize Spend Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you need to understand and document your Oracle licensing strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish licensing requirements

    Begin your proactive Oracle licensing journey by understanding which information to gather and assessing the current state and gaps.

    • Demystify Oracle Licensing and Optimize Spend – Phase 1: Establish Licensing Requirements
    • Oracle Licensing Purchase Reference Guide
    • Oracle Database Inventory Tool
    • Effective Licensing Position Tool
    • RASCI Chart

    2. Evaluate licensing options

    Review current licensing models and determine which licensing models will most appropriately fit your environment.

    • Demystify Oracle Licensing and Optimize Spend – Phase 2: Evaluate Licensing Options

    3. Evaluate agreement options

    Review Oracle’s contract types and assess which best fit the organization’s licensing needs.

    • Demystify Oracle Licensing and Optimize Spend – Phase 3: Evaluate Agreement Options
    • Oracle TCO Calculator

    4. Purchase and manage licenses

    Conduct negotiations, purchase licensing, and finalize a licensing management strategy.

    • Demystify Oracle Licensing and Optimize Spend – Phase 4: Purchase and Manage Licenses
    • Oracle Terms & Conditions Evaluation Tool
    • Controlled Vendor Communications Letter
    • Vendor Communication Management Plan
    [infographic]

    Workshop: Demystify Oracle Licensing and Optimize Spend

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish Licensing Requirements

    The Purpose

    Assess current state and align goals; review business feedback

    Interview key stakeholders to define business objectives and drivers

    Key Benefits Achieved

    Have a baseline for requirements

    Assess the current state

    Determine licensing position

    Examine cloud options

    Activities

    1.1 Gather software licensing data

    1.2 Conduct a software inventory

    1.3 Perform manual checks

    1.4 Reconcile licenses

    1.5 Create your Oracle licensing team

    1.6 Meet with stakeholders to discuss the licensing position, cloud offerings, and budget allocation

    Outputs

    Copy of your Oracle License Statement

    Software inventory report from software asset management (SAM) tool

    Oracle Database Inventory Tool

    RASCI Chart

    Oracle Licensing Effective License Position (ELP) Template

    Oracle Licensing Purchase Reference Guide

    2 Evaluate Licensing Options

    The Purpose

    Review licensing options

    Review licensing rules

    Key Benefits Achieved

    Understand how licensing works

    Determine if you need software assurance

    Discuss licensing rules, application to current environment.

    Examine cloud licensing

    Understand the importance of documenting changes

    Meet with desktop product owners to determine product strategies

    Activities

    2.1 Review full, limited, restricted, and AST use licenses

    2.2 Calculate license costs

    2.3 Determine which database platform to use

    2.4 Evaluate moving to the cloud

    2.5 Examine disaster recovery strategies

    2.6 Understand purchasing support

    2.7 Meet with stakeholders to discuss the licensing position, cloud offerings, and budget allocation

    Outputs

    Oracle TCO Calculator

    Oracle Licensing Purchase Reference Guide

    3 Evaluate Agreement Options

    The Purpose

    Review contract option types

    Review vendors

    Key Benefits Achieved

    Understand why a type of contract is best for you

    Determine if ULA or term agreement is best

    The benefits of other types and when you should change

    Activities

    3.1 Prepare to sign or renew your ULA

    3.2 Decide on an agreement type that nets the maximum benefit

    Outputs

    Type of contract to be used

    Oracle TCO Calculator

    Oracle Licensing Purchase Reference Guide

    4 Purchase and Manage Licenses

    The Purpose

    Finalize the contract

    Prepare negotiation points

    Discuss license management

    Evaluate and develop a roadmap for future licensing

    Key Benefits Achieved

    Negotiation strategies

    Licensing management

    Introduction of SAM

    Leverage the work done on Oracle licensing to get started on SAM

    Activities

    4.1 Control the flow of communication terms and conditions

    4.2 Use Info-Tech’s readiness assessment in preparation for the audit

    4.3 Assign the right people to manage the environment

    4.4 Meet with stakeholders to discuss the licensing position, cloud offerings, and budget allocation

    Outputs

    Controlled Vendor Communications Letter

    Vendor Communication Management Plan

    Oracle Terms & Conditions Evaluation Tool

    RASCI Chart

    Oracle Licensing Purchase Reference Guide

    Assess Your Cybersecurity Insurance Policy

    • Buy Link or Shortcode: {j2store}255|cart{/j2store}
    • member rating overall impact (scale of 10): 9.1/10 Overall Impact
    • member rating average dollars saved: $33,656 Average $ Saved
    • member rating average days saved: 7 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • Organizations must adapt their information security programs to accommodate insurance requirements.
    • Organizations need to reduce insurance costs.
    • Some organizations must find alternatives to cyber insurance.

    Our Advice

    Critical Insight

    • Shopping for insurance policies is not step one.
    • First and foremost, we must determine what the organization is at risk for and how much it would cost to recover.
    • The cyber insurance market is still evolving. As insurance requirements change, effectively managing cyber insurance requires that your organization proactively manages risk.

    Impact and Result

    Perform an insurance policy comparison with scores based on policy coverage and exclusions.

    Assess Your Cybersecurity Insurance Policy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess Your Cybersecurity Insurance Policy Storyboard - A step-by-step document that walks you through how to acquire cyber insurance, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Use this blueprint to score your potential cyber insurance policies and develop skills to overcome common insurance pitfalls.

    • Assess Your Cybersecurity Insurance Policy Storyboard

    2. Acquire cyber insurance with confidence – Learn the essentials of the requirements gathering, policy procurement, and review processes.

    Use these tools to gather cyber insurance requirements, prepare for the underwriting process, and compare policies.

    • Threat and Risk Assessment Tool
    • DRP Business Impact Analysis Tool
    • Legacy DRP Business Impact Analysis Tool
    • DRP BIA Scoring Context Example
    • Cyber Insurance Policy Comparison Tool
    • Cyber Insurance Controls Checklist

    Infographic

    Improve Your Statements of Work to Hold Your Vendors Accountable

    • Buy Link or Shortcode: {j2store}233|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $10,638 Average $ Saved
    • member rating average days saved: 16 Average Days Saved
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • SOW reviews are tedious, and reviewers may lack the skills and experience to effectively complete the process.
    • Vendors draft provisions that shift the performance risk to the customer in subtle ways that are often overlooked or not identified by customers.
    • Customers don’t understand the power and implications of SOWs, treating them as an afterthought or formality.

    Our Advice

    Critical Insight

    • There is often a disconnect between what is sold and what is purchased. To gain the customer’s approval, vendors will present a solution- or outcome-based proposal. However, the SOW is task or activity based, shifting the risk for success to the customer.
    • A good SOW takes time and should not be rushed. The quality of the requirements and of the SOW wording drive success. Not allocating enough time to address both increases the risk of the project’s failure.

    Impact and Result

    • Info-Tech’s guidance and insights will help you navigate the complex process of SOW review and identify the key details necessary to maximize the protections for your organization and hold vendors accountable.
    • This blueprint provides direction on spotting vendor-biased terms and conditions and offers tips for mitigating the risk associated with words and phrases that shift responsibilities and obligations from the vendor to the customer.

    Improve Your Statements of Work to Hold Your Vendors Accountable Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should spend more time assessing your statements of work, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess SOW Terms and Conditions

    Use Info-Tech’s SOW review guidance to find common pitfalls and gotchas, to maximize the protections for your organization, and to hold vendors accountable.

    • Improve Your Statements of Work to Hold Your Vendors Accountable – Storyboard
    • Contract or SOW Guide
    • SOW Maps Tool
    • Red-Flag Words and Phrases Tool
    [infographic]

    Workshop: Improve Your Statements of Work to Hold Your Vendors Accountable

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess SOW Terms and Conditions

    The Purpose

    Gain a better understanding of common SOW clauses and phrases.

    Key Benefits Achieved

    Reduce risk

    Increase vendor accountability

    Improve negotiation positions

    Activities

    1.1 Review sample SOW provisions, identify the risks, and develop a negotiation position.

    1.2 Review Info-Tech tools.

    Outputs

    Awareness and increased knowledge

    Familiarity with the Info-Tech tools

    Build Your Enterprise Application Implementation Playbook

    • Buy Link or Shortcode: {j2store}605|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Selection & Implementation
    • Parent Category Link: /selection-and-implementation
    • Given the increasing complexity of software implementations, you are continually challenged with staying above water with your current team.
    • In addition, rapid changes in the business make maintaining project sponsors’ engagement challenging.
    • Project sprawl across the organization has created a situation where each project lead tracks progress in their own way. This makes it difficult for leadership to identify what was successful – and what wasn’t.

    Our Advice

    Critical Insight

    An effective enterprise application implementation playbook is not just a list of steps, but a comprehensive view of what is necessary to support your implementation. This starts with a people-first approach. Start by asking about sponsors, stakeholders, and goals. Without asking these questions first, the implementation will be set up for failure, regardless of the technology, processes, and tools available.

    Impact and Result

    Follow these steps to build your enterprise application playbook:

    • Define your sponsor, map out your stakeholders, and lay out the vision, goals and objectives for your project.
    • Detail the scope, metrics, and the team that will make it happen.
    • Outline the steps and processes that will carry you through the implementation.

    Build Your Enterprise Application Implementation Playbook Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build Your Enterprise Application Implementation Playbook Deck - Your implementation doesn’t start with technology, but with an effective plan that the team can align on.

    This blueprint provides the steps necessary to build your own enterprise application implementation playbook that can be deployed and leveraged by your implementation teams.

    • Build Your Enterprise Application Implementation Playbook – Phases 1-3

    2. Your Enterprise Application Implementation Playbook – The key output from leveraging this research is a completed implementation playbook.

    This is the main playbook that you build through the exercises defined in the blueprint.

    • Your Enterprise Application Implementation Playbook

    3. Your Enterprise Application Implementation Playbook - Timeline Tool – Supporting tool that captures the project timeline information, issue log, and follow-up dashboard.

    This tool provides input into the playbook around project timelines and planning.

    • Your Enterprise Application Implementation Playbook - Timeline Tool

    4. Light Project Change Request Form Template – This tool will help you record the requested change, allow assess the impact of the change and proceed the approval process.

    This provides input into the playbook around managing change requests

    • Light Project Change Request Form Template

    Infographic

    Workshop: Build Your Enterprise Application Implementation Playbook

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand the Project

    The Purpose

    Lay out the overall objectives, stakeholders, and governance structure for the project.

    Key Benefits Achieved

    Align everyone on the sponsor, key stakeholders, vision, and goals for your project

    Activities

    1.1 Select the project sponsor.

    1.2 Identify your stakeholders.

    1.3 Align on a project vision.

    1.4 List your guiding principles.

    1.5 Confirm your goals and objectives for the implementation project.

    1.6 Define the project governance structure.

    Outputs

    Project sponsor has been selected.

    Project stakeholders have been identified and mapped with their roles and responsibilities.

    Vision has been defined.

    Guiding principles have been defined.

    Articulated goals and objectives.

    Detailed governance structure.

    2 Set up for Success

    The Purpose

    Define the elements of the playbook that provide scope and boundaries for the implementation.

    Key Benefits Achieved

    Align the implementation team on the scope for the project and how the team should operate during the implementation.

    Activities

    2.1 Gather and review requirements, with an agreed to scope.

    2.2 Define metrics for your project.

    2.3 Define and document the risks that can impact the project.

    2.4 Establish team composition and identify the team.

    2.5 Detail your OCM structure, resources, roles, and responsibilities.

    2.6 Define requirements for training.

    2.7 Create a communications plan for stakeholder groups and delivery teams.

    Outputs

    Requirements for enterprise application implementation with an agreed-to scope.

    Metrics to help measure what success looks like for the implementation.

    Articulated list of possible risks during the implementation.

    The team responsible and accountable for implementation is identified.

    Details of your organization’s change management process.

    Outline of training required.

    An agreed-to plan for communication of project status.

    3 Document Your Plan

    The Purpose

    With the structure and boundaries in place, we can now lay out the details on the implementation plan.

    Key Benefits Achieved

    A high-level plan is in place, including next steps and a process on running retrospectives.

    Activities

    3.1 Define your implementation steps.

    3.2 Create templates to enable follow-up throughout the project.

    3.3 Decide on the tracking tools to help during your implementation.

    3.4 Define the follow-up processes.

    3.5 Define project progress communication.

    3.6 Create a Change request process.

    3.7 Define your retrospective process for continuous improvement.

    3.8 Prepare a closure document for sign-off.

    Outputs

    An agreed to high-level implementation plan.

    Follow-up templates to enable more effective follow-ups.

    Shortlist of tracking tools to leverage during the implementation.

    Defined processes to enable follow-up.

    Defined project progress communication.

    A process for managing change requests.

    A process and template for running retrospectives.

    A technique and template for closure and sign-off.

    Further reading

    Build Your Enterprise Application Implementation Playbook

    Your implementation doesn’t start with technology, but with an effective plan that the team can align on.

    Analyst Perspective

    Your implementation is not just about technology, but about careful planning, collaboration, and control.

    Recardo de Oliveira

    A successful enterprise application implementation requires more than great software; it requires a clear line of sight to the people, processes, metrics, and tools that can help make this happen.

    Additionally, every implementation is unique with its own set of challenges. Working through these challenges requires a tailored approach taking many factors into account. Building out your playbook for your implementation is an important initial step before diving head-first into technology.

    Regardless of whether you use an implementation partner, a playbook ensures that you don’t lose your enterprise application investment before you even get started!

    Ricardo de Oliveira

    Research Director,
    Application Delivery and Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Given the increasing complexity of software implementations, you are continually challenged with staying above water with your current team.
    • Rapid changes in the business make maintaining project sponsors’ engagement challenging.
    • Project sprawl across the organization has created a situation where project leads track progress in their own way. This makes it difficult for leadership to identify what was successful (and what wasn’t).

    Common Obstacles

    • Your best process experts are the same people you need to keep the business running. The business cannot afford to have its best people pulled into the implementation for long periods of time.
    • Enterprise application implementations generate huge organizational changes and the adoption of the new systems and processes resulting from these projects are quite difficult.
    • People are generally resistant to change, especially large, transformational changes that will impact the day-to-day way of doing things.

    Info-Tech's Approach

    • Build your enterprise application implementation playbook. Follow these steps to build your enterprise application playbook:
      • Define your sponsor, map out your stakeholders, and lay out the vision, goals, and objectives for your project.
      • Detail the scope, metrics, and the team that will make it happen.
      • Detail the steps and processes that will carry you through the implementation

    Info-Tech Insight

    An effective enterprise application implementation playbook is not just a list of steps; it is a comprehensive view of what is necessary to support your implementation. This starts with a people-first approach. Start by asking about sponsors, stakeholders, and goals. Without asking these questions first, the implementation will be set up for failure, regardless of the technology, processes, and tools available.

    Enterprise Applications Lifescycle Advisory Services. Strategy, selection, implementation, optimization and operations.

    Insight summary

    Building an effective playbook starts with asking the right questions, not jumping straight into the technical details.

    • This blueprint provides the steps required to lay out an implementation playbook to align the team on what is necessary to support the implementation.
    • Build your Enterprise Application Implementation Playbook by:
      • Aligning and confirming project’s goals, stakeholders, governance and team.
      • Clearly defining what is in and out of scope for the project and the risks involved.
      • Building up a strong change management process.
      • Providing the tools and processes to keep track of the project.
      • Pulling it all together into an actionable playbook.

    Grapsh showing 39%

    Lack of planning is the reason that 39% of projects fail. Poor project planning can be disastrous: The consequences are usually high costs and time overruns.

    Graph showing 20%

    Almost 20% of IT projects can fail so badly that they can become a threat to a company’s existence. Lack of proper planning, poor communication, and poorly defined goals all contribute to the failure of projects.

    Graph showig 2.5%

    A PwC study of over 10,640 projects found that a tiny portion of companies – 2.5% – completed 100% of their projects successfully. These failures extract a heavy cost – failed IT projects alone cost the United States $50-$150B in lost revenue and productivity.

    Source: Forbes, 2020

    Planning and control are key to enterprise project success

    An estimated 70% of large-scale corporate projects fail largely due to a lack of change management infrastructure, proper oversight, and regular performance check-ins to track progress (McKinsey, 2015).

    Table showing that 88% of projects completed on time, 90% completed within budget and 92% meet original goals. 68% of projects have scope creep, 24% deemed failures and 46% experience budget lose when project fails

    “A survey published in HBR found that the average IT project overran its budget by 27%. Moreover, at least one in six IT projects turns into a ‘black swan’ with a cost overrun of 200% and a schedule overrun of 70%. Kmart’s massive $1.2B failed IT modernization project, for instance, was a big contributor to its bankruptcy.”

    Source: Forbes, 2020

    Sponsor commitment directly improves project success.

    Having the right sponsor significantly improves your chances of success across many different dimensions:

    1. On-time delivery
    2. Delivering within budget
    3. Delivered within an agreed-to scope
    4. Delivered with sufficient quality.
    Graph that shows Project success scores versus sponsor involvement in change communication. Shows increase for projects on time, projects on budget, within scope and overall quality.

    Source: Info-Tech, PPM Current State Scorecard Diagnostic

    Executive Brief Case Study

    Chocolate manufacturer implementing a new ERP

    INDUSTRY

    Consumer Products

    SOURCE

    Carlton, 2021

    Challenge

    Not every ERP ends in success. This case study reviews the failure of Hershey, a 147-year-old confectioner, headquartered in Hershey Pennsylvania. The enterprise saw the implementation of an ERP platform as being central to its future growth.

    Solution

    Consequently, rather than approaching its business challenge on the basis of an iterative approach, it decided to execute a holistic plan, involving every operating center in the company. Subsequently, SAP was engaged to implement a $10 million systems upgrade; however, management problems emerged immediately.

    Results

    The impact of this decision was significant, and the company was unable to conduct business because virtually every process, policy, and operating mechanism was in flux simultaneously. The consequence was the loss of $150 million in revenue, a 19% reduction in share price, and the loss of 12% in international market share.

    Remember: Poor management can scupper implementation, even when you have selected the perfect system.

    A successful software implementation provides more than simply immediate business value…

    It can build competitive advantage.

    • When software projects fail, it can jeopardize an organization’s financial standing and reputation, and in some severe cases, it can bring the company down altogether.
    • Rarely do projects fail for a single reason, but by understanding the pitfalls, developing a risk mitigation plan, closely monitoring risks, and self-evaluating during critical milestones, you can increase the probability of delivering on time, on budget, and with the intended benefits.

    Benefits are not limited to just delivering on time. Some others include:

    • Building organizational delivery competence and overall agility.
    • The opportunity to start an inventory of best practices, eventually building them into a center of excellence.
    • Developing a competitive advantage by maximizing software value and continuously transforming the business.
    • An opportunity to develop a competent pool of staff capable of executing on projects and managing organizational change.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Your Enterprise Application Implementation Playbook – Timeline Tool

    Supporting template that captures the project timeline information, issue log, and follow-up dashboard.

    Info-Tech: Project Planning and Monitoring Tool.
    Light Project Change Request Form Template

    This tool will help you record the requested change, and allow you to assess the impact of the change and proceed with the approval process.

    Info-Tech: Light change request form template.

    Key deliverable:

    Your Enterprise Application Implementation Playbook

    Record the results from the exercises to define the steps for a successful implementation.

    Build your enterprise application implementation playbook.

    Info-Tech’s methodology for Your Enterprise Application Implementation Playbook

    Phase Steps

    1. Understand the Project

    1. Identify the project sponsor
    2. Define project stakeholders
    3. Review project vision and guiding principles
    4. Review project objectives
    5. Establish project governance

    2. Set up for success

    1. Review project scope
    2. Define project metrics
    3. Prepare for project risks
    4. Identify the project team
    5. Define your change management process

    3. Document your plan

    1. Develop a master project plan
    2. Define a follow-up plan
    3. Define the follow-up process
    4. Understand what’s next
    Phase Outcomes
    • Project sponsor has been selected
    • Project stakeholders have been identified and mapped with their roles and responsibilities.
    • Vision, guiding principles, goals objectives, and governance have been defined
    • Project scope has been confirmed
    • Project metrics to identify successful implementation has been defined
    • Risks have been assessed and articulated.
    • Identified project team
    • An agreed-to change management process
    • Project plan covering the overall implementation is in place, including next steps and retrospectives

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostic and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    The three phases of guided implementation.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889 Activities and deliverables for each module of the workshop. Module 1: understanding the project, Module 2: Set up for success, Modeule 3: Document your plan, and Post Workshop: Next steps and Wrap-up(offsite).

    Phase 1

    Understand the project

    3 phases, phase 1 is highlighted.

    This phase will walk you through the following activities:

    1.1 Identify the project sponsor

    1.2 Identify project stakeholders

    1.3 Review project vision and guiding principles

    1.4 Review project objectives

    1.5 Establish project governance

    This phase involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Step 1.1

    Identify the project sponsor

    Activities

    1.1.1 Define the project sponsor's responsibilities

    1.1.2 Shortlist potential sponsors

    1.1.3 Select the project sponsor

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Selected sponsor.

    Sponsor commitment directly improves project success.

    Having the right sponsor significantly improves your chances of success across many different dimensions:

    1. On-time delivery
    2. Delivering within budget
    3. Delivered within an agreed-to scope
    4. Delivered with sufficient quality.

    Graph that shows Project success scores versus sponsor involvement in change communication. Shows increase for projects on time, projects on budget, within scope and overall quality.

    Source: Info-Tech, PPM Current State Scorecard Diagnostic

    Typical project sponsor responsibilities

    • Help define the business goals of their projects before they start.
    • Provide guidance and support to the project manager and the project team throughout the project management lifecycle.
    • Ensure that sufficient financial resources are available for their projects.
    • Resolve problems and issues that require authority beyond that of the project manager.
    • Ensure that the business objectives of their projects are achieved and communicated.

    For further discussion on sponsor responsibilities, use Info-Tech’s blueprint, Drive Business Value With a Right-Sized Project Gating Process

    Portrait of head with multiple layers representing the responsibilities of a sponsor. From top down: Define business goals, provide guidance, ensure human ad financial resources, resolve problems and issues.

    1.1.1 Define the project sponsor’s responsibilities

    0.5-1 hour

    1. Discuss the minimum requirements for a sponsor at your organization.
    2. As a group, brainstorm the criteria necessary for an individual to be a project sponsor:
      1. Is there a limit to the number of projects they can sponsor at one time?
      2. Is there a minimum number of hours they must be available to the project team?
      3. Do they have to be at a certain seniority level in the organization?
      4. What is their role at each stage of the project lifecycle?
    3. Document these criteria on a whiteboard.
    4. Record the sponsor’s responsibilities in section 1.1 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • Requirements for a sponsor
    • Your responsibilities as a sponsor

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    1.1.1 Define the project sponsor’s responsibilities (Continued)

    Example

    Project sponsor responsibilities.

    1.1.2 Shortlist potential sponsors

    0.5-1 hour

    1. Based on the responsibilities defined in Exercise 1.1.1, produce a list of the potential sponsors.
    2. Record the sponsor’s shortlist in section 1.2 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • Characteristics of a sponsor
    • Your list of candidates

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    1.1.2 Shortlist potential sponsors (Continued)

    Example

    Shortlist of potential sponsors. 6 names listed with checkmarks on criteria ranking.

    Don’t forget, the project team is there to support the sponsor

    Given the burden of the sponsor role, the project team is committed to doing their best to facilitate a successful outcome.

    Project Success: Follow best practices, escalate issues, stay focused, communicate, adapt to change.

    • Follow the framework set out by the governance group at the organization to drive efficiency on the project.
    • Ensure stakeholders with proper authority are notified of issues that occur during the project.
    • Stay focused on the project tasks to drive quality on the deliverables and avoid rework after the project.
    • Communicate within the project team to drive coordination of tasks, complete deliverables, and avoid resource waste.
    • Changes are more common than not; the team must be prepared to adjust plans and stay agile to adapt to changes for the project.

    Seek the key characteristics of a sponsor

    Man walking up stairs denoting characteristics of a good sponsor. First step: Leader, second step: Strong Communicator, third step: knowledgeable, fourth step: problem solver, fifth step: delegator, final step: dedicated.

    1.1.3 Select the project sponsor

    0.5-1 hour

    1. Review the characteristics and the list of potential candidates.
    2. Assess availability, suitability, and desire of the selected sponsor.
    3. Record the selected sponsor in section 1.3 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • List of candidates
    • Characteristics of a sponsor
    • Your selected sponsor

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    1.1.3 Select the project sponsor (Continued)

    Example

    Name of example sponsor with their key traits listed.

    Step 1.2

    Identify the project stakeholders

    Activities

    1.2.1 Identify your stakeholders

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Stakeholders’ management plan

    How to find the right stakeholders

    Start with the obvious candidates, but keep an open mind.

    How to find stakeholders

    • Talk to your stakeholders and ask who else you should be talking to, to discover additional stakeholders and ensure you don’t miss anyone.
    • Less obvious stakeholders can be found by conducting various types of trace analysis, i.e. following various paths flowing from your initiative through to the path’s logical conclusion.

    Create a stakeholder network map for your application implementation

    Follow the trail of breadcrumbs from your direct stakeholders to their influencers to uncover hidden stakeholders.

    Stakeholder network map showing direction of professional influence as well as bidirectional, informal influence relationships.

    Info-Tech Insight

    Your stakeholder map defines the influence landscape your enterprise application operates in. It is every bit as important as the teams who enhance, support, and operate your applications directly.

    Use connectors to determine who may be influencing your direct stakeholders. They may not have any formal authority within the organization, but they may have substantial informal relationships with your stakeholders.

    Understand how to navigate the complex web of stakeholders

    Identify which stakeholders to include and what their level of involvement should be during requirements elicitation based on relevant topic expertise.

    Graph showing influence vs. interest, divided into 4 quadrants. Low influence and intersest is labeled: Monitor, low influence and high interest is labeled: Keep informed, High influence and low interest is labeled: Keep satisfied, and high influence and high interest is labeled: Involve closely

    Large-scale projects require the involvement of many stakeholders from all corners and levels of the organization, including project sponsors, IT, end users, and business stakeholders. Consider the influence and interest of stakeholders in contributing to the requirements elicitation process and involve them accordingly.

    Map the organization’s stakeholders

    List of various stakeholder titles. As well as a graph showing the influence vs involvement of each stakeholder title. Influence and interest is divided into 4 quadrants: Monitor, Keep informed, keep satisfied, and involve closely.

    1.2.1 Identify your stakeholders

    1-2 hours

    1. As a group, identify all the project stakeholders. A stakeholder may be an individual such as the CEO or CFO, or it may be a group such as front-line employees.
    2. Map each stakeholder on the quadrant based on their expected influence and involvement in the project
    3. Identify stakeholders and add them to the list.
    4. Record the stakeholders list in section 1.4 of Info-Tech’s Your Enterprise Application Implementation Playbook.
    5. Download Your Enterprise Application Implementation Playbook

      Input

      Output

      • Types of stakeholders
      • Your stakeholders initial list

      Materials

      Participants

      • Whiteboard/flip charts
      • Your Enterprise Application Implementation Playbook
      • Project team
      • Operations
      • SMEs
      • Team lead and facilitators
      • IT leaders

    1.2.1 Identify your stakeholders(Continued)

    Example

    Table with rows of stakeholders: Customer, End Users, IT, Vendor and other listed. Columns provide: description, examples, value and involvement level of each stakeholder.

    Step 1.3

    Review project vision and guiding principles

    Activities

    1.3.1 Align on a project vision

    1.3.2 List your guiding principles

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Project vision and guiding principles

    Vision and guiding principles

    GUIDING PRINCIPLES

    Guiding principles are high-level rules of engagement that help to align stakeholders from the outset. Determine guiding principles to shape the scope and ensure stakeholders have the same vision.

    Creating Guiding Principles

    Guiding principles should be constructed as full sentences. These statements should be able to guide decisions.

    EXAMPLES
    • [Organization] is implementing an ERP system to streamline processes and reduce redundancies, saving time and money.
    • [Organization] is implementing an ERP to integrate disparate systems and rationalize the application portfolio.
    • [Organization] is aiming at taking advantage of industry best practices and strives to minimize the level of customization required in solution.

    Questions to Ask

    1. What is a strong statement that will help guide decision making throughout the life of the ERP project?
    2. What are your overarching requirements for business processes?
    3. What do you ultimately want to achieve?
    4. What is a statement that will ensure all stakeholders are on the same page for the project?

    1.3.1 Align on a project vision

    1-2 hours

    1. As a group, discuss whether you want to create a separate project vision statement or restate your corporate vision and/or goals.
      1. A project vision statement will provide project-guiding principles, encompass the project objectives, and give a rationale for the project.
      2. Using the corporate vision/goals will remind the business and IT that the project is to implement an enterprise application that supports and enhances the organizational objectives.
    2. Record the project vision in section 1.5 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • Project vision statement defined during strategy building
    • Your project vision

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    1.3.1 Align on a project vision (Continued)

    Example

    Project Vision

    We, [Organization], will select and implement an integrated software suite that enhances the growth and profitability of the organization through streamlined global business processes, real-time data-driven decisions, increased employee productivity, and IT investment protection.

    Guiding principles examples

    The guiding principles will help guide your decision-making process. These can be adjusted to align with your internal language.

    • Support business agility: A flexible and adaptable integrated business system providing a seamless user experience.
    • Use best practices: Do not recreate or replicate what we have today; focus on modernization. Exercise customization governance by focusing on those customizations that are strategically differentiating.
    • Automate: Take manual work out where we can, empowering staff and improving productivity through automation and process efficiencies.
    • Stay focused: Focus on scope around core business capabilities. Maintain scope control. Prioritize demand in line with the strategy.
    • Strive for "one source of truth": Unify data model and integrate processes where possible. Assess integration needs carefully.

    1.3.2 List your guiding principles

    1-2 hours

    1. Start with the guiding principles defined during the strategy building.
    2. Review each of the sample guiding principles provided and ask the following questions:
      1. Do we agree with the statement?
      2. Is this statement framed in the language we use internally? Does everyone agree on the meaning of the statement?
      3. Will this statement help guide our decision-making process?
    3. Record the guiding principles in section 1.6 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • Guiding principles defined during strategy building
    • Your guiding principles

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    1.3.2 List your guiding principles (Continued)

    Example

    Guiding principals: Support business agility, use best practices, automate, stay focused, strive for `one source truth`.

    Step 1.4

    Review project objectives

    Activities

    1.4.1 Confirm your goals and objectives for the implementation project

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    The objectives of the implementation project

    Review the elements of the project charter

    Leverage completed deliverables to get project managers started down the path of success.

    Deliverables of project chaters for PMs. Project purpose, scope, logistics and sign-off.

    1.4.1 List your guiding principles

    1-2 hours

    1. Articulate the high-level objectives of the project. (What are the goals of the project?)
    2. Elicit the business benefits the sponsor is committed to achieving. (What are the business benefits of the project?)
    3. Record Project goals and objectives in section 1.7 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • Your BizDevOps objectives and metrics
    • Understanding of various collaboration methods, such as Scrum, Kanban, and Scrumban
    • Your chosen collaboration method

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    1.4.1 Confirm your goals and objectives for the implementation project (Continued)

    Example:

    Project Objectives: End-user visibility, New business development, employee experience. Business Benefits for each objective listed.

    Step 1.5

    Establish project governance

    Activities

    1.5.1 Define the project governance structure

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Approach to build an effective project governance

    1.5.1 List your guiding principles

    0.5-1 hour

    1. Identify the IT governance structure in place today and document the high-level function of each body (councils, steering committees, review boards, centers of excellence, etc.).
    2. Identify and document the existing enterprise applications governance structure, roles, and responsibilities (if any exist).
    3. Identify gaps and document the desired enterprise applications governance structure, roles, and responsibilities.
    4. Record the project governance structure in section 1.8 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • IT governance structure
    • Your project governance structure

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Governance is NOT management

    Three levels of governance: Team Level, Steering Committee Level, and Executive Governance Level.

    Info-Tech Insight

    You won’t get engagement unless there is a sense of accountability. Do not leave this vague. Accountability needs to be assigned to specific individuals in your organization to ensure the system development achieves what was intended by your organization and not what your system integrator (SI) intended.

    Who is accountable?

    Too many assumptions are made that the SI is accountable for all implementation activities and deliverables – this is simply untrue. All activities can be better planned for, and misunderstandings can be avoided, with a clear line of sight on roles and responsibilities and the documentation that will support these assumptions.

    Discuss, define, and document roles and responsibilities:
    • For each role (e.g. executive sponsor, delivery manager, test lead, conversion lead), clearly articulate the responsibilities of the role, who is accountable for fulfillment, and whether it’s a client role, SI role, or both.
    • Articulate the purpose of each deliverable clearly, define which individual or team has responsibility for it, and document who is expected to contribute.
    • Empower the team by granting them the authority to make decisions. Ease their reluctance to think outside the box for fear of stakeholder or user backlash.
    • The implementation cannot and will not be transformative if the wrong people are involved or if the right people have not been given the tools required to succeed in their role.

    1.5.2 List your guiding principles

    0.5-1 hour

    1. Assess the skills necessary for an enterprise implementation. Inventory the competencies required for an enterprise implementation team. Map your internal resources to each competency as applicable.
    2. Select your internal implementation team. Determine who needs to be involved closely with the implementation. Key stakeholders should also be considered as members of your implementation team.
    3. Identify the number of external consultants/support required for implementation. Consider your in-house skills, timeline, integration environment complexity, and cost constraints as you make your resourcing plan.
    4. Record governance team roles and responsibilities in 1.9 section of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • Available resources (internal, external, contract)
    • Your governance structure roles and responsibilities

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    1.5.2 Define governance team roles and responsibilities (Continued)

    Example

    Governance team roles and their responsibilities.

    Phase 2

    Set up for success

    3 phases, phase 2 is highlighted.

    This phase will walk you through the following activities:

    2.1. Review project scope

    2.2. Define project metrics

    2.3. Prepare for project risks

    2.4. Identify the project team

    2.5. Define your change management process

    This phase involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Step 2.1

    Review project scope

    Activities

    2.1.1 Gather and review requirements

    2.1.2 Confirm your scope for implementation

    2.1.3 Formulate a scope statement

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    The project scope

    Requirements are key to defining scope

    Project scope management includes the processes required to ensure that the project includes all and only the work required to complete the project successfully. Therefore, managing project scope is about defining and controlling what is and is not included in the project.

    PMBOK defines requirements as “conditions or capabilities that are to be met by the project or present in the product, service, or result to satisfy an agreement or other formally imposed specification.” Detailed requirements should be gathered and elicited in order to provide the basis for defining the project scope.

    70% of projects fail due to poor requirements, organizations using poor practices spent 62% more, 4th highest correlation to high IT performance is requirements gathering.

    Well-executed requirements gathering results in:

    • Consistent approach from project to project, resulting in more predictable outcomes.
    • Solutions that meet the business need on the surface and under the hood.
    • Reduce risk for fast-tracked projects by establishing a right-sized approach.
    • Requirements team that can drive process improvement and improved execution.
    • Confidence when exploring solution alternatives.

    Poorly executed requirements gathering results in:

    • IT receiving the blame for any project shortcomings or failures.
    • Business needs getting lost in the translation between the initial request and final output.
    • Inadequate solutions or cost overruns and dissatisfaction with IT.
    • IT losing its credibility as stakeholders do not see the value and work around the process.
    • Late projects that tie up IT resources longer than planned, and cost overruns that come out of the IT budget.
    • Inconsistent project execution, leading to inconsistent outcomes.

    Strong stakeholder satisfaction with requirements results in higher satisfaction in other areas

    High stakeholder satisfaction with requirements results in higher satisfaction in other areas.

    Note: “High satisfaction” was classified as a score greater or equal to eight, and “low satisfaction” was every organization that scored below eight on the same questions.

    2.1.1 Gather and review requirements

    1-2 hours

    1. Once existing documentation has been gathered, evaluate the effectiveness of the documentation and decide whether you need additional information to proceed to current-state mapping.
    2. The initiative team should avoid spending too much time on the discovery phase, as the goal of discovery is to obtain enough information to produce a level-one current-state map.
    3. Consider reviewing capabilities, business processes, current applications, integration, and data migration.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • Your requirements, capabilities, business processes, current applications, integration, and/or data migration
    • Your requirements, capabilities, business processes, current applications, integration, and/or data migration revisited

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.1.1 Requirements list

    Example

    Requirements with description, category and priority.

    2.1.2 Confirm your scope for implementation

    1-2 hours

    1. Based on the requirements, write down features of the product or services, as well as dependencies with other interfaces.
    2. Write down exclusions to guard against scope creep.
    3. Validate the scope by asking these questions:
      1. Will this scope provide a common understanding for all stakeholders, including those outside of IT, as to what the project will accomplish and what it excludes?
      2. Should any detail be added to prevent scope creep later?
    4. Record the project scope in section 2.1 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • What’s in scope
    • What’s out of scope
    • What needs to integrate
    • Your scope areas

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.1.2 Scope detail

    Example

    Example of scope detail. Table with scope levels: In scope, out of scope and existing scope. Each scope level has details about it listed.

    Distill your requirements into a scope statement

    Requirements are about the what and the how.
    Scope specifies the features of the product or service – what is in and what is out
    Table showing Requirement document vs. Scope statement. It lists the audience, content, inputs and outputs for each.

    The Build Your Enterprise Application Implementation Playbook 2.2 Project Scope Statement includes:

    • Scope description (features, how it interfaces with other solution components, dependencies).
    • Exclusions (what is not part of scope).
    • Deliverables (product outputs, documentation).
    • Acceptance criteria (what metrics must be satisfied for the deliverable to be accepted).
    • Final sign-off (owner).
    • Project exclusions (scope item, details).

    The scope statement should communicate the breadth of the project

    To assist in forming your scope statement, answer the following questions:
    • What are the major coverage points?
    • Who will be using the systems?
    • How will different users interact with the systems?
    • What are the objectives that need to be addressed?
    • Where do we start?
    • Where do we draw the line?

    2.1.3 Formulate a scope statement

    1-2 hours

    1. Lay out the scope description (features, how it interfaces with other solution components, dependencies).
    2. Record the exclusions (what is not part of scope).
    3. Fill out the scope statement.
    4. Record the scope statement in section 2.2 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your scope areas
    • Your scope statement

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Scope statement template
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.1.3 Scope statement

    Example

    Examples of scope statements showing the following: Product or service in scope, project deliverables and acceptance criteria, and project exclusions.

    Step 2.2

    Review project scope

    Activities

    2.2.1 Define metrics for your project

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    The project metrics

    Building leading indicators

    Lagging KPIs are relatively simple to identify, whereas leading KPIs can be more elusive.

    For example, take the lagging KPI “Customer Satisfaction.” How do you turn that into a leading KPI? One method is to look at sources of customer complaints. In a retail sales system, backordered items will negatively impact customer satisfaction. As a leading indicator, track the number of orders with backordered lines and the percentage of the total order that was backordered.

    Performance Metrics

    Use leading and lagging metrics, as well as benchmarks, to track the progress of your system.

    Leading KPIs: Input-oriented measures:

    • Number of active users in the system.
    • Time-to-completion for processes that previously experienced efficiency pain points.

    Lagging KPIs: Output-oriented measures:

    • Faster production times.
    • Increased customer satisfaction scores

    Benchmarks: A standard to measure performance against:

    • Number of days to ramp up new users.

    Info-Tech Insight

    Leading indicators make the news; lagging indicators report on the news. Focusing on leading indicators allows you to address challenges before they become large problems with only expensive solutions.

    2.2.1 Define metrics for your project

    1-2 hours

    1. Examine outputs from any feedback mechanisms you have (satisfaction surveys, emails, existing SLAs, burndown charts, resourcing costs, licensing costs per sprint, etc.).
    2. Look at historical trends and figures when available. However, be careful of frequent anomalies, as these may indicate a root cause that needs to be addressed.
    3. Explore the definition of specific metrics across different functional teams to ensure consistency of measurement and reporting.
    4. Record the Project Metrics in section 2.3 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Outputs of any feedback mechanism
    • Historical trends
    • Your project tracking metrics

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.2.1 Metrics

    In addition to delivery metrics and system performance metrics, equip the business with process-based metrics to continuously prove the value of the enterprise software. Review the examples below as a starting point.

    Table showing metrics and desciption. Metrics listed are: Percent of requirements complete, issues found, issues resolved, and percent of processess complete.

    Step 2.3

    Prepare for project risks

    Activities

    2.3.1 Build a risk event menu

    2.3.2 Determine contextual risks

    2.3.3 Determine process risks

    2.3.4 Determine business risks

    2.3.5 Determine change risks

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Steps to create your product canvas and product vision statement

    All risks are not created equal

    Project Risk consists of: Contextual risk, process risk, change risk and business risk.

    For more information on Info-Tech’s Four-Pillar Risk Framework, please see Right-Size Your Project Risk Investment.

    Info-Tech’s Four-Pillar Risk Framework

    Unusual risks should be detected by finding out how each project is different from the norm. Use this framework to start this process by confronting the risks that are more easily anticipated.

    2.3.1 Build a risk event menu

    0.5-1 hour

    1. Build and maintain an active menu of potential risk events across the four risk categories.
    2. Record the risk event menu in section 2.4 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Risk events
    • Your risk events menu

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.3.1 Risk event menu

    Example

    Risk event menu example. A table with: Contextual Risk, process risk, business risk, change risk events with examples for each.

    2.3.2 Determine contextual risks

    0.5-1 hour

    1. Contextual risk factors are those that operate within the context of your department, organization, and/or community.
    2. Fill out contextual risks.
    3. Record the contextual risks in section 2.5 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your risk events menu
    • Your list of people involved in risk management
    • Your contextual risks

    Materials

    Participants

    • Project Risk Management Workbook
    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.3.2 Contextual risks

    Example

    two tables for Contextual risks. Table 1: Risk identification with event name, risk cause, impact and risk owner. Table 2: shows probability of risk, impact, rating, recommended action, and any mitigations.

    2.3.3 Determine process risks

    0.5-1 hour

    1. Process risks are those that involve project sponsorship, project management, business and functional requirements, work assignment, communication, and/or visibility.
    2. Fill out process risks.
    3. Record the process risks in section 2.6 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your risk events menu
    • Your list of people involved in risk management
    • Your process risks

    Materials

    Participants

    • Project Risk Management Workbook
    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.3.3 Process risks

    Example

    two tables for Process risks. Table 1: Risk identification with event name, risk cause, impact and risk owner. Table 2: shows probability of risk, impact, rating, recommended action, and any mitigations.

    2.3.4 Determine business risks

    0.5-1 hour

    1. Business risks are those that affect the bottom line of the organization. They usually have implications on revenue, costs, and/or image.
    2. Fill out business risks.
    3. Record the business risks in section 2.7 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your risk events menu
    • Your list of people involved in risk management
    • Your business risks

    Materials

    Participants

    • Project Risk Management Workbook
    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.3.4 Business risks

    Example

    two tables for Business risks. Table 1: Risk identification with event name, risk cause, impact and risk owner. Table 2: shows probability of risk, impact, rating, recommended action, and any mitigations.

    2.3.5 Determine change risks

    0.5-1 hour

    1. Change risks are those that result from imposing changes on the people and customers of the organization and their daily routines.
    2. Fill change risks.
    3. Record the change risks in section 2.7 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your risk events menu
    • Your list of people involved in risk management
    • Your business risks

    Materials

    Participants

    • Project Risk Management Workbook
    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.3.5 Change risks

    Example

    two tables for Change risks. Table 1: Risk identification with event name, risk cause, impact and risk owner. Table 2: shows probability of risk, impact, rating, recommended action, and any mitigations.

    Step 2.4

    Identify the project team

    Activities

    2.4.1 Establish team composition

    2.4.2 Identify the team

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Steps to get your project team ready

    Understand the unique external resource considerations for the implementation

    Organizations rarely have sufficient internal staffing to resource an enterprise software implementation project entirely on their own. Consider the options for closing the gap in internal resource availability.

    The most common project resourcing structures for enterprise projects are:

    1. Management consultant
    2. Vendor consultant
    3. System integrator

    When contemplating a resourcing structure, consider:

    • Availability of in-house implementation competencies and resources.
    • Timeline and cost constraints.
    • Integration environment complexity.

    CONSIDER THE FOLLOWING

    Internal Vs. External Roles and Responsibilities

    Clearly delineate between internal and external team responsibilities and accountabilities and communicate this to your technology partner upfront.

    Internal Vs. External Accountabilities

    Accountability is different than responsibility. Your vendor or SI partner may be responsible for completing certain tasks, but be careful not to outsource accountability for the implementation – ultimately, the internal team will be accountable.

    Partner Implementation Methodologies

    Often vendors and/or SIs will have their own preferred implementation methodology. Consider the use of your partner’s implementation methodology; however, you know what will work for your organization.

    Info-Tech Insight

    Selecting a partner is not just about capabilities, it’s about compatibility! Ensure you select a partner that has a culture compatible with your own.

    2.4.1 Establish team composition

    0.5-1 hour

    1. Assess the skills necessary for an enterprise implementation.
    2. Select your internal implementation team.
    3. Identify the number of external consultants/support required for implementation.
    4. Document the roles and responsibilities, accountabilities, and other expectations as they relate to each step of the implementation.
    5. Record the team composition in section 2.9 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • List of project team skills
    • Your team composition
    • Your business risks

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.4.1 Team composition

    Example

    Team composition: Role of each team member, and their skills.

    2.4.2 Identify the team

    0.5-1 hour

    1. Identify a candidate for each role and determine their responsibility in the project and their expected time commitment.
    2. The project will require a cross-functional team within IT and business units. Make sure the responsibilities are clearly communicated to the selected project sponsor.
    3. Create a RACI matrix for the project.
    4. Record the team list in section 2.10 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your team composition
    • Your team with responsibilities and commitment

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.4.2 Team list

    Example

    Team list: Role of each team member, candidate, responsibilities, and their commitment in hours per week.

    RACI example

    RACI example. Responsibilities and team member roles that are tasked with each responsibility.

    Step 2.5

    Define your change management process

    Activities

    2.5.1 Define OCM structure and resources

    2.5.2 Define OCM team’s roles and responsibilities

    2.5.3 Define requirements for training

    2.5.4 Create a communications plan for stakeholder groups, and delivery teams

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    A structure and procedures for an effective organizational change management

    Define your change management process to improve quality and adoption

    Organizational change management is the practice through which the PMO can improve user adoption rates and maximize project benefits.

    Correlation of change management effectiveness with meeting results.

    “It’s one thing to provide a new technology tool to your end users.

    It’s quite another to get them to use the tool, and still different for them to use the new tool proficiently.

    When your end users fully use a new technology and make it part of their daily work habits, they have ‘adopted’ the new tool.”

    – “End-User Adoption and Change Management Process” (2022)

    Large projects require organizational change management

    Organizational change management (OCM) governs the introduction of new business processes and technologies to ensure stakeholder adoption. The purpose of OCM is to prepare the business to accept the change.

    OCM is a separate body of knowledge. However, as a practice, it is inseparable from project management.

    In IT, project planning tends to fixate on technology, and it underestimates the behavioral and cultural factors that inhibit user adoption. Whether change is project-specific or continuous, it’s more important to instill the desire to change than to apply specific tools and techniques.

    Accountability for instilling this desire should start with the project sponsor. The project manager should support this with effective stakeholder and communication management plans.

    16% of projects with poor change management met or exceeded objectives. 71% of projects with excellent change management finish on or ahead of schedule. 67% of organizations include project change management in their initiatives.

    For further discussion on organizational change, use Info-Tech’s blueprint, Master Organizational Change Management Practices

    Your application implementation will be best served by centralizing OCM

    A centralized approach to OCM is most effective, and the PMO is already a centralized project office and is already accountable for project outcomes.

    What’s more, in organizations where accountabilities for OCM are not explicitly defined, the PMO will likely already be assumed to be the default change leader by the wider organization.

    It makes sense for the PMO to accept this accountability – in the short term at least – and claim the benefits that will come from coordinating and consistently driving successful project outcomes.

    In the long term, OCM leadership will help the PMO become a strategic partner with the executive layer and the business side.

    Short-term gains made by the PMO can be used to spark dialogues with those who authorize project spending and have the implicit fiduciary obligation to drive project benefits.

    Ultimately, it’s their job to explicitly transfer that obligation along with the commensurate resourcing and authority for OCM activities.

    Organizational resistance to change is cited as the #1 challenge to project success that PMOs face. Companies with mature PMOs that effectively manage change meet expectations 90% of the time.

    For further discussion on organizational change, use Info-Tech’s blueprint, Master Organizational Change Management Practices

    2.5.1 Define OCM structure and resources

    0.5-1 hour

    1. Assess the roles and resources that might be needed to help support these OCM efforts.
    2. Record the OCM structure in section 2.11 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your project objectives
    • Your OCM structure and resources

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.5.1 OCM structure and resources

    Example

    OCM structure example. Table showing OCM activity and resources available to support.

    2.5.2 Define OCM team’s roles and responsibilities

    0.5-1 hour

    1. Assess the tasks required for the team.
    2. Determine roles and responsibilities.
    3. Record the results in the RACI matrix in section 2.13 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your communications timeline
    • Your OCM structure and resources
    • Your OCM plan and RACI matrix

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    OCM team’s roles and responsibilities

    Example

    Responsibilities for OCM team members.

    2.5.3 Define requirements for training

    0.5-1 hour

    1. Analyze HR requirements to ensure efficient use of HR and project stakeholder time.
    2. Outline appropriate HR and training activities.
    3. Define training content and make key logistical decisions concerning training delivery for staff and users.
    4. Record training requirements in section 2.14 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your OCM Plan and RACI matrix
    • Your HR training needs

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.5.3 Training requirements

    Example

    Training requirements example: Project milestones, milestone time frame, hr/training activities, activity timing, and notes.

    Project communication plans must address creation, flow, deposition, and security of project information

    A good communication management plan is like the oil that keeps moving parts going. Ensuring smooth information flow is a fundamental aspect of project management.

    Project communication management is more than keeping track of stakeholder requirements. A communication management plan must address timely and appropriate creation, flow, and deposition of information about the project – as well as the security of the information.

    Create:

    • In addition to standardized status reporting elements discussed for level 1 projects, level 2 and 3 projects may require additional information to be disseminated among key stakeholders and the PMO.

    Flow:

    • The plan must address the methods of communication. Distributed project teams require more careful planning, as they pose additional communication challenges.

    Deposit:

    • As the volume of information continues to grow exponentially, retrieving information becomes a challenge. The plan for depositing project information must be consistent with your organization’s content management policies.

    Security:

    • Preventing unauthorized access and information leaks is important for projectsthat are intended to provide the organization with a competitive edge or for projects that deal with confidential data.
    45% of organizations had established mature communications and engagement processes.

    2.5.4 Create a communications timeline

    0.5-1 hour

    1. Base your change communications on your organization’s cultural appetite for change in general.
    2. Document communications plan requirements.
    3. Create a high-level communications timeline.
    4. Tailor a communications strategy for each stakeholder group.
    5. Record the communications timeline in section 2.12 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your OCM structure and resources
    • Your project objectives
    • Your project scope
    • Your stakeholders’ management plan
    • Your communications timeline

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Example of communications timeline

    Project sponsors are the most compelling storytellers to communicate the change

    Example of project communications timeline. Planning, requirements, design, development, QA, deployment, warranty, and benefits/closure.

    Info-Tech Insight

    Communication with stakeholders and sponsors is not a single event, but a continual process throughout the lifecycle of the project implementation – and beyond!

    Phase 3

    Document your plan

    3 phases, phase 3 is highlighted.

    This phase will walk you through the following activities:

    3.1 Develop a master project plan

    3.2. Define a follow-up plan

    3.3. Define the follow-up process

    3.4. Understand what’s next

    This phase involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Step 3.1

    Develop a master project plan

    Activities

    3.1.1 Define your implementation steps

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Steps to create your resourcing and master plans

    Resources Vs. Demand

    Organizations rarely have sufficient internal staffing to resource an enterprise software implementation project entirely on their own. Consider the options for closing the gap in internal resource availability.

    Project demand: Data classification, cloud strategy, application rationalization, recovery planning etc. must be weighted against the organizations internal staffing resources.

    Competing priorities

    Example

    Table for competing priorities: List of projects, their timeline, priority notes, and their implications.

    3.1.1 Define your implementation steps

    0.5-1 hour

    1. Write each phase of the project on a separate sticky note and add it to the whiteboard. Determine what steps make up each phase. Write each step of the phase on a separate sticky note and add it to the whiteboard.
    2. Determine what tasks make up each step. Write each task of the step on a separate sticky note and add it to the whiteboard.
    3. Record the tasks in the Your Enterprise Application Implementation Playbook – Timeline tool. This tool has an example of a typical list of tasks, to help you start your master plan. Use the timeline for project planning and progress tracking.
    4. Record your project’s basic data and work schedule.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Project's work breakdown structure
    • Your project master plan

    Materials

    Participants

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Implementation plan – basic data

    Record your project name, project manager, and stakeholders from previous exercises.

    Example project information form: Project name, estimated start date, estimated end date, project manager, stakeholders, and time off of project.

    Implementation plan – work schedule

    Use this template to keep track of all project tasks, dates, owners, dependencies, etc.

    Use this template to keep track of all project tasks, dates, owners, dependencies, etc.

    “Actual Start Date” and “Actual Completion Date” columns must be updated to be reflected in the Gantt chart.

    This information will also be captured as the source for session 3.2.1 dashboards.

    Step 3.2

    Define a follow up plan

    Activities

    3.2.1 Create templates to enable follow-up throughout the project

    3.2.2 Decide on the tracking tools to help during your implementation

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Steps to create the processes and define the tools to track progress

    Leveraging dashboards

    Build a dashboard that reflects the leading metrics you have identified. Call out requirements that represent key milestones in the implementation.

    For further information on monitoring the project, use Info-Tech’s blueprint, Governance and Management of Enterprise Software Implementation

    Build a dashboard that reflects the leading metrics you have identified. Call out requirements that represent key milestones in the implementation.

    3.2.1 Create templates to enable follow-up throughout the project

    0.5-1 hour

    1. Create status report, dashboards/charts, budget control, risk/issues/gaps templates, and change request forms.
    2. Build a dashboard that reflects the leading metrics you have identified.
    3. Call out requirements that represent key milestones in the implementation.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your projects master plan
    • Your project follow-up kit

    Materials

    Participants

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Dashboards

    Based on the inputs in session 3.1.1 Define Your Implementation Steps, once the “Actual Start Date” and “Actual Completion Date” columns have been updated, this dashboard will present the project status and progress

    Based on the inputs in session 3.1.1 Define Your Implementation Steps, once the “Actual Start Date” and “Actual Completion Date” columns have been updated, this dashboard will present the project status and progress.

    This executive overview of the project's progress is meant to be used during the status meeting.

    Select the right tools

    Use SoftwareReviews to explore product features, vendor experience, and capability satisfaction.

    SoftwareReviews, Requirements Management, 2023

    SoftwareReviews, Project Management, 2023

    SoftwareReviews, Business Intelligence & Analytics, 2023

    3.2.2 Decide on the tracking tools to help during your implementation

    0.5-1 hour

    1. Based on the standards within your organization, select the appropriate project tracking tools to help you track the implementation project.
    2. If you do not have any tools or wish to change them, please see leverage Info-Tech’s SoftwareReviews to help you in making your decision.
    3. Consider tooling across a number of different categories:
      1. Requirements Management
      2. Project Management
      3. Reporting and Analytics
    4. Record the project tracking tools in section 3.3 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your project follow-up kit
    • Your project follow-up kit tools

    Materials

    Participants

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Example: project tools

    Table listing project tools by type, use, and products available.

    Step 3.3

    Define a follow-up process

    Activities

    3.3.1 Define project progress communication

    3.3.2 Create a change request process

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Steps to create your follow-up process

    Project status updates should occur throughout the implementation

    Project status updates can be both formal and informal. Formal status updates provide a standardized means of disseminating information on project progress. It is the lifeblood of project management: Accurate and up-to-date status reporting enables your project manager to ensure that your project can continue to use the resources needed.

    Informal status updates are done over coffee with key stakeholders to address their concerns and discuss key outcomes they want to see. Informal status updates help to build a more personal relationship.

    Ask for feedback during the status update meetings. Use the meeting as an opportunity to align values, goals, and incentives.

    Codify the following considerations:

    • Minimum requirement for a formal status update:
      • Frequency of reporting, as required by the project portfolio
      • Parties to be consulted and informed
      • Recording, producing, and archiving meeting minutes, both formal and informal
    • Procedure for follow-up on feedback generated from status updates:
      • Filing change requests
      • Keeping the change requester/relevant stakeholders in the loop

    3.3.1 Define project progress communication

    0.5-1 hour

    1. Provide a standardized means of disseminating information on project progress.
    2. Create an accurate and up-to-date status report to help keep team engaged and leadership supporting the project.
    3. Record the project progress communication in section 3.5 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your project follow-up process
    • Your project progress communication

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Project progress communication

    Example

    Example table of project progress communication. Audience, purpose, delivery/format, communicator, delivery date, and status/notes.

    Manage project scope changes

    1. Change in project scope is unpredictable and almost inevitable regardless of project size. If changes are not properly managed, the project runs the risk of scope creep and loss of progress. Therefore, changes need to be monitored and controlled.
    2. Scope change can be initiated voluntarily by the project sponsor or other stakeholders, or it could be a mandatory reaction to changing project process.
    3. Scope change may also take place due to internal factors such as a stakeholder requiring more extensive insights or external factors such as changing market conditions.
    4. Scope changes have the potential to affect project outcomes either positively or negatively, depending on how the change is managed and implemented. The project manager should take care to maintain focus on the project’s ultimate objectives; consideration needs to be given as to what to do and what to give up.
    5. If changes arise, project managers should ensure that adequate resources and actions are provided so the project can be completed on time and on budget.
    • The project manager needs to use both hard and soft skills: analytical skills for evaluating and quantifying the impact of potential changes and communication skills for communicating and negotiating with stakeholders.
    • Build trust and credibility by taking an evidence-based approach when presenting changes. This gives you room to respectfully push back on certain changes.
    • Assess changes before crossing them off the list, but don’t be afraid to say no. Greater care must be taken when there is very limited budgetary freedom or when scope changes will interfere with the critical path.
    • All change requests must be received by the project manager first so they can make sure that IT project resources are not approached with multiple ad hoc change requests.

    Document your process to manage project change requests

    1 Initial assessment

    Using the scope statement as the reference point:

    • Why do we need the change?
    • Is the change necessary?
    • What is the business value that the change brings to the project?

    Recommend alternative solutions that are easier to implement while consulting the requester.

    2 Minor change

    If the change has been classified as minor, the project manager and the project team can tackle it directly, since it doesn’t affect project budget or schedule in a significant way. Ensure that the change is documented.

    3 conduct an in-depth assessment

    The project manager should bring major changes to the attention of the project sponsor and carry out a detailed assessment of the change and its impact.

    Additional time and resources are required to do the in-depth assessment because the impact on the project can be complex and affect requirements, resources, budget, and schedule.

    4 Obtain approval from the governing body

    Present the results to the governing body. Since a major change significantly affects the project baseline beyond the authorized contingency, it is the responsibility of the governing body to either approve the change with allocation of additional resources or reject the change and maintain course.

    Flow chart to document your process to manage project change requests.

    For further discussion on change requests, use Info-Tech’s blueprint, Begin Your Projects With the End in Mind

    3.3.2 Create a change request process

    0.5-1 hour

    1. Identify any existing processes that you have for addressing changes for projects.
    2. Discuss whether or not the current change request process will suit the project at hand.
    3. Define the agreed-to change request process that fits your organization’s culture.
    4. For a change request template, you can leverage, refer to section 3.6 of Info-Tech’s Your Enterprise Application Implementation Playbook.
    5. Make any changes to the template as necessary.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your project scope
    • Your change request

    Materials

    Participants

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    3.3.2 Create a change request process (Continued)

    Example of a change request process form.

    Step 3.4

    Understand what's next

    Activities

    3.4.1 Run a “lessons learned” session for continuous improvement

    3.4.2 Prepare a closure document for sign-off

    3.4.3 Document optimization and future release opportunities

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Lessons learned throughout the project-guiding

    Good project planning is key to smooth project closing

    Begin with the end in mind. Without a clear scope statement and criteria for acceptance, it’s anyone’s guess when or how a project will end.

    During the closing process, the project manager should use planning and execution documents, such as the project charter and the scope statement, to assess project completeness and obtain sign-off based on the acceptance criteria.

    Project completion criteria should be clearly defined. For example, the project is defined as finished when costs are in, vendor receipts are received, financials are reviewed and approved, etc.

    However, there are other steps to be taken after completing the project deliverables. These activities include:

    • Transferring project knowledge and operations to support
    • Completing user training
    • Obtaining business sign-off and acceptance
    • Releasing resources
    • Conducting post-mortem meeting
    • Archiving project assets

    The project manager needs to complete all project management processes, including:

    • Risk management (close out risk assessment and action plan)
    • Quality management (test the final deliverables against acceptance criteria)
    • Stakeholder management (decision log, close out issues, plan and assign owners for resolutions of open issues)
    • Project team management (performance evaluation for team members as well as the project manager)

    3.4.1 Define the process for lessons learned

    0.5-1 hour

    1. Determine the reporting frequency for lessons learned.
    2. Consider attributing lessons learned to project phases.
    3. Coordinate lessons learned check-ins with project milestones to review and reflect.
    4. At each reporting session, the project team should identify challenges and successes informally.
    5. The PM and the PMO should transform the reports from each team member into formalized lessons.
    6. Record lessons learned for each project in section 3.7 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your project's lessons learned

    Materials

    Participants

    • Project Lessons Learned Template
    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Lessons learned

    Example

    Form: Project successes, notes, areas of imporvement, impact, solution.

    Watch for these potential problems with project closure

    Don’t leave the door open for stakeholder dissatisfaction. Properly close out your projects.

    Potential problems with project closure.

    For further information on project closure issues, use Info-Tech’s blueprint, Get Started With Project Management Excellence.

    3.4.2 Prepare a closure document for sign-off

    0.5-1 hour

    1. Create a realistic closure and transition process that gains sign-off from the sponsor.
    2. Prepare a project closure checklist.
    3. Transfer accountability to operations, release project resources, and avoid disrupting other projects that are trying to get started.
    4. Record the project closure document in section 3.8 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your project objectives
    • Your project scope
    • Your project's closure checklist

    Materials

    Participants

    • Project closure checklist Template
    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Closure checklist

    Project closure checklist. project management checklist, deliverables, goals, benefits, outstanding action items and issues, handover of technical documents, knowledge transfer, sign-off.

    For further information on closure procedures, use Info-Tech’s blueprint, Begin Your Projects With the End in Mind.

    3.4.3 Document optimization and future release opportunities

    0.5-1 hour

    Consider the future opportunities for improvement post-release:

    1. Product and vendor satisfaction opportunities
    2. Capability and feature optimization opportunities
    3. Process optimization opportunities
    4. Integration optimization opportunities
    5. Data optimization opportunities
    6. Cost-saving opportunities
    7. Record optimization and future release opportunities in section 3.9 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your project objectives
    • Your project scope
    • Your optimization opportunities list

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Optimization opportunities

    Example

    Optimization types and opportunities.

    Related Info-Tech Research

    Build upon your foundations

    Build an ERP Strategy and Roadmap

    • A business-led, top-management-supported initiative partnered with IT has the greatest chance of success. This blueprint provides business and IT the methodology for getting the right level of detail for the business processes that the ERP supports thus avoiding getting lost in the details.

    Governance and Management of Enterprise Software Implementation

    • Implementing enterprise software is hard. You need a framework that will greatly improve your chance of success. Traditional Waterfall project implementations have a demonstrated a low success rate for on-time, on-budget delivery.

    Select and Implement a Human Resource Information System

    • Your organization is in the midst of a selection and implementation process for a human resource information system (HRIS), and there is a need to disambiguate the market and arrive at a shortlist of vendors.

    Select and Implement an ERP Solution

    • Selecting and implementing an ERP is one of the most expensive and time-consuming technology transformations an organization can undertake. ERP projects are notorious for time and budget overruns, with only a margin of the anticipated benefits being realized.

    Right-Size Your Project Risk Investment

    • Avoid the all-or-nothing mindset; even modest investments in risk will provide a return. Learn from and record current and historical risk events so lessons learned can easily be embedded into future projects. Assign someone to own the risk topic and make it their job to keep a relevant menu of risks.

    Related Info-Tech Research

    Build upon your foundations

    Drive Business Value With a Right-Sized Project Gating Process

    • Many organizations have implemented gating as part of their project management process. So, what separates those who are successful from those who are not? For starters, successful gating requires that each gate is treated as an essential audit. That means there need to be clear roles and responsibilities in the framework.

    Master Organizational Change Management Practices

    • Organizational change management (OCM) is often an Achilles’ heel for IT departments and business units, putting projects and programs at risk – especially large, complex, transformational projects.

    Get Started With Project Management Excellence

    • Lack of proper scoping at the beginning of the project leads to constant rescoping, rescheduling, and budget overruns.

    ERP Requirements Picklist Tool

    • Use this tool to collect ERP requirements in alignment with the major functional areas of ERP. Review the existing set of ERP requirements as a starting point to compiling your organization's requirements.

    Begin Your Projects With the End in Mind

    • Stakeholders are dissatisfied with IT’s inability to meet or even provide consistent, accurate estimates. The business’ trust in IT erodes every time a project is late, lost, or unable to start.

    Get Started With IT Project Portfolio Management

    • Most companies are struggling to get their project work done. This is due in part to the fact that many prescribed remedies are confusing, disruptive, costly, or ineffective.

    Bibliography

    7 Shocking Project Management Statistics and Lessons We Should Learn.” TeamGantt, Jan. 2017.

    Akrong, Godwin Banafo, et al. "Overcoming the Challenges of Enterprise Resource Planning (ERP): A Systematic Review Approach." IJEIS vol.18, no.1 2022: pp.1-41.

    Andriole, S. “Why No One Can Manage Projects, Especially Technology Projects.” Forbes, 1 Dec. 2020.

    Andriole, Steve. “Why No One Can Manage Projects, Especially Technology Projects.” Forbes, 1 Dec. 2020.

    Beeson, K. “ERP Implementation Plan (ERP Implementation Process Guide).” ERP Focus, 8 Aug. 2022.

    Biel, Justin. “60 Critical ERP Statistics: 2022 Market Trends, Data and Analysis.” Oracle Netsuite, 12 July 2022.

    Bloch, Michael, et al. “Delivering Large-Scale IT Projects on Time, on Budget, and on Value.” McKinsey & Company, 2012.

    Buverud, Heidi. ERP System Implementation: How Top Managers' Involvement in a Change Project Matters. 2019. Norwegian School of Economics, Ph.D. thesis.

    Carlton, R. “Four ERP Implementation Case Studies You Can Learn From.” ERP Focus, 15 July 2015.

    Gopinath, S. Project Management in the Emerging World of Disruption. PMI India Research and Academic Conference 2019. Kozhikode Publishers.

    Grabis, J. “On-Premise or Cloud Enterprise Application Deployment: Fit-Gap Perspective.” Enterprise Information Systems. Edited by Filipe, J., Śmiałek, M., Brodsky, A., Hammoudi, S. ICEIS, 2019.

    Harrin, E. The Definitive Guide to Project Sponsors. RGPM, 13 Dec. 2022.

    Jacobs-Long, Ann. “EPMO’s Can Make A Difference In Your Organization.” 9 May 2012.

    Kotadia, C. “Challenges Involved in Adapting and Implementing an Enterprise Resource Planning (ERP) Systems.” International Journal of Research and Review vol. 7 no. 12 December 2020: 538-548.

    Panorama Consulting Group. "2018 ERP Report." Panorama Consulting Group, 2018. Accessed 12 Oct. 2021.

    Panorama Consulting Group. "2021 ERP Report." Panorama Consulting Group, 2021. Accessed 12 Oct. 2021.

    PM Solutions. (2014). The State of the PMO 2014.

    PMI. Pulse of the Profession. 2017.

    Podeswa, H. “The Business Case for Agile Business Analysis.” Requirements Engineering Magazine, 21 Feb. 2017.

    Project Delivery Performance in Australia. AIPM and KPMG, 2020.

    Prosci. (2020). Prosci 2020 Benchmarking Data from 2007, 2009, 2011, 2013, 2015, 2017, 2019.

    Swartz, M. “End User Adoption and Change Management Process.” Swartz Consulting LLC, 11 July 2022.

    Trammell, H. “28 Important Project Management KPIs (& How To Track Them).” ClearPoint Strategy, 2022.

    “What are Business Requirements?" Requirements.com, 18 Oct. 2018.

    “What Is the Role of a Project Sponsor?” Six Sigma Daily, 18 May 2022.

    “When Will You Think Differently About Programme Delivery?” 4th Global Portfolio and Programme Management Survey. PricewaterhouseCoopers, Sept. 2014.

    Prepare for the Upgrade to Windows 11

    • Buy Link or Shortcode: {j2store}166|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: End-User Computing Devices
    • Parent Category Link: /end-user-computing-devices
    • Windows 10 is going EOL in 2025.That is closer than you think.
    • Many of your endpoints are not eligible for the Windows 11 upgrade. You can’t afford to replace all your endpoints this year. How do you manage this Microsoft initiated catastrophe?
    • You want to stay close to the leading edge of technology and services, but how do you do that while keeping your spending in check and within budget?

    Our Advice

    Critical Insight

    Windows 11 is a step forward in security, which is one of the primary reasons for the release of the new operating system. Windows 11 comes with a list of hardware requirements that enable the use of tools and features that, when combined, will reduce malware infections.

    Impact and Result

    Windows 11 hardware requirements will result in devices that are not eligible for the upgrade. Companies will be left to spend money on replacement devices. Following the Info-Tech guidance will help clients properly budget for hardware replacements before Windows 10 is no longer supported by Microsoft. Eligible devices can be upgraded, but Info-Tech guidance can help clients properly plan the upgrade using the upgrade ring approach.

    Prepare for the Upgrade to Windows 11 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prepare for the Upgrade to Windows 11 Deck – A look into some of the pros and cons of Microsoft’s latest desktop operating system, along with guidance on moving forward with this inevitable upgrade.

    Discover the reason for the release of Windows 11, what you require to be eligible for the upgrade, what features were added or updated, and what features were removed. Our guidance will assist you with a planned and controlled rollout of the Windows 11 upgrade. We also provide guidance on how to approach a device refresh plan if some devices are not eligible for Windows 11. The upgrade is inevitable, but you have time, and you have options.

    • Prepare for the Upgrade to Windows 11 Storyboard

    2. What Are My Options If My Devices Cannot Upgrade to Windows 11? – Build a Windows 11 Device Replacement budget with our Hardware Asset Management Budgeting Tool.

    This tool will help you budget for a hardware asset refresh and to adjust the budget as necessary to accommodate any unexpected changes. The tool can easily be modified to assist in developing and justifying the budget for hardware assets for a Windows 11 project. Follow the instructions on each tab and feel free to play with the HAM budgeting tool to fit your needs.

    • HAM Budgeting Tool
    [infographic]

    Further reading

    Prepare for the Upgrade to Windows 11

    The upgrade is inevitable, but you have time, and you have options.

    Analyst Perspective

    Upgrading to Windows 11 is easy, and while it should be properly investigated and planned, it should absolutely be an activity you undertake.

    “You hear that Mr. Anderson? That is the sound of inevitability.” ("The Matrix Quotes" )

    The fictitious Agent Smith uttered those words to Keanu Reeves’ character, Neo, in The Matrix in 1999, and while Agent Smith was using them in a very sinister and figurative context, the words could just as easily be applied to the concept of upgrading to the Windows 11 operating system from Microsoft in 2022.

    There have been two common, recurring themes in the media since late 2019. One is the global pandemic and the other is cyber-related crime. Microsoft is not in a position to make an impact on a novel coronavirus, but it does have the global market reach to influence end-user technology and it appears that it has done just that. Windows 11 is a step forward in endpoint security and functionality. It also solidifies the foundation for future innovations in end-user operating systems and how they are delivered. Windows-as-a-Service (WAAS) is the way forward for Microsoft. Windows 10 is living on borrowed time, with a defined end of support date of October 14, 2025. Upgrading to Windows 11 is easy, and while it should be properly investigated and planned, it should absolutely be an activity you undertake.

    It is inevitable!

    P.J. Ryan

    Research Director, Infrastructure & Operations

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Windows 10 is going EOL in 2025. That is closer than you think.
    • Many of your endpoints are not eligible for the Windows 11 upgrade. You can’t afford to replace all your endpoints this year. How do you manage this Microsoft-initiated catastrophe?
    • You want to stay close to the leading edge of technology and services, but how do you do that while keeping your spending in check and within budget?

    Common Obstacles

    • The difference between Windows 10 and Windows 11 is not clear. Windows 11 looks like Windows 10 with some minor changes, mostly cosmetic. Many online users don’t see the need. Why upgrade? What are the benefits?
    • The cost of upgrading devices just to be eligible for Windows 11 is high.
    • Your end users don’t like change. This is not going to go over well!

    Info-Tech's Approach

    • Spend wisely. Space out your endpoint replacements and upgrades over several years. You do not have to upgrade everything right away.
    • Be patient. Windows 11 contained some bugs when it was initially released. Microsoft fixed most of the issues through monthly quality updates, but you should ensure that you are comfortable with the current level of functionality before you upgrade.
    • Use the upgrade ring approach. Test your applications with a small group first, and then stage the rollout to increasingly larger groups over time.

    Info-Tech Insight

    There is a lot of talk about Windows 11, but this is only an operating system upgrade, and it is not a major one. Understand what is new, what is added, and what is missing. Check your devices to determine how many are eligible and ineligible. Many organizations will have to spend capital on endpoint upgrades. Solid asset management practices will help.

    Insight summary

    Windows 11 is a step forward in security, which is one of the primary reasons for the release of the new operating system.

    Windows 11 comes with a list of hardware requirements that enable the use of tools and features that, when combined, will reduce malware infections.

    The hardware requirements for Windows 11 enable security features such as password-less logon, disk encryption, increased startup protection with secure boot, and virtualization-based security.

    Many organizations will have to spend capital on endpoint upgrades.

    Microsoft now insists that modern hardware is required for Windows 11 for not only security but also for improved stability. That same hardware requirement will mean that many devices that are only three or four years old (as well as older ones) may not be eligible for Windows 11.

    Windows 11 is a virtualization challenge for some providers.

    The hardware requirements for physical devices are also required for virtual devices. The TPM module appears to be the biggest challenge. Oracle VirtualBox and Citrix Hypervisor as well as AWS and Google are unable to support Windows 11 virtual devices as of the time of writing.

    Windows 10 will be supported by Microsoft until October 2025.

    That will remove some of the pressure felt due to the ineligibility of many devices and the need to refresh them. Take your time and plan it out, keeping within budget constraints. Use the upgrade ring approach for systems that are eligible for the Windows 11 upgrade.

    New look and feel, and a center screen taskbar.

    Corners are rounded, some controls look a little different, but overall Windows 11 is not a dramatic shift from Windows 10. It is easier to navigate and find features. Oh, and yes, the taskbar (and start button) is shifted to the center of the screen, but you can move them back to the left if desired.

    The education industry gets extra attention with the release of Windows 11.

    Windows 11 comes with multiple subscription-based education offerings, but it also now includes a new lightweight SE edition that is intended for the K-8 age group. Microsoft also released a Windows 11 Education SE specific laptop, at a very attractive price point. Other manufacturers also offer Windows 11 SE focused devices.

    Why Windows 11?

    Windows 10 was supposed to be the final desktop OS from Microsoft, wasn’t it?

    Maybe. It depends who you ask.

    Jerry Nixon, a Microsoft developer evangelist, gained notoriety when he uttered these words while at a Microsoft presentation as part of Microsoft Ignite in 2015: “Right now we’re releasing Windows 10, and because Windows 10 is the last version of Windows, we’re all still working on Windows 10,” (Hachman). Microsoft never officially made that statement. Interestingly enough, it never denied the comments made by Jerry Nixon either.

    Perhaps Microsoft released a new operating system as a financial grab, a way to make significant revenue?

    Nope.

    Windows 11 is a free upgrade or is included with any new computer purchase.

    Market share challenges?

    Doubtful.

    It’s true that Microsoft's market share of desktop operating systems is dropping while Apple OS X and Google Chrome OS are rising.

    In fact, Microsoft has relinquished over 13% of the market share since 2012 and Apple has almost doubled its market share. BUT:

    Microsoft is still holding 75.12% of the market while Apple is in the number 2 spot with 14.93% (gs.statcounter.com).

    The market share is worth noting for Microsoft but it hardly warrants a new operating system.

    New look and feel?

    Unlikely

    New start button and taskbar orientation, new search window, rounded corners, new visual look on some controls like the volume bar, new startup sound, new Windows logo, – all minor changes. Updates could achieve the same result.

    Security?

    Likely the main reason.

    Windows 11 comes with a list of hardware requirements that enable the use of tools and features that, when combined, will reduce malware infections.

    The hardware requirements for Windows 11 enable security features such as password-less logon, disk encryption, increased startup protection with secure boot, and virtualization-based security.

    The features are available on all Windows 11 physical devices, due to the common hardware requirements.

    Windows 11 hardware-based security

    These hardware options and features were available in Windows 10 but not enforced. With Windows 11, they are no longer optional. Below is a description and explanation of the main features.

    Feature What it is How it works
    TPM 2.0 (Trusted Platform Module) Chip TPM is a chip on the motherboard of the computer. It is used to store encryption keys, certificates, and passwords. TPM does this securely with tamper-proof prevention. It can also generate encryption keys and it includes its own unique encryption key that cannot be altered (helpdeskgeek.com). You do not need to enter your password once you setup Windows Hello, so the password is no longer easy to capture and steal. It is set up on a device per device basis, meaning if you go to a different device to sign in, your Windows Hello authentication will not follow you and you must set up your Hello pin or facial recognition again on that particular device. TPM (Trusted Platform Module) can store the credentials used by Windows Hello and encrypt them on the module.
    Windows Hello Windows Hello is an alternative to using a password for authentication. Users can use a pin, a fingerprint, or facial recognition to authenticate.
    Device Encryption Device encryption is only on when your device is off. It scrambles the data on your disk to make it unreadable unless you have the key to unscramble it. If your endpoint is stolen, the contents of the hard drive will remain encrypted and cannot be accessed by anyone unless they can properly authenticate on the device and allow the system to unscramble the encrypted data.
    UEFI Secure Boot Capable UEFI is an acronym for Unified Extensible Firmware Interface. It is an interface between the operating system and the computer firmware. Secure Boot, as part of the firmware interface, ensures that only unchangeable and approved software and drivers are loaded at startup and not any malware that may have infiltrated the system (Lumunge). UEFI, with Secure Boot, references a database containing keys and signatures of drivers and runtime code that is approved as well as forbidden. It will not let the system boot up unless the signature of the driver or run-time code that is trying to execute is approved. This UEFI Secure boot recognition process continues until control is handed over to the operating system.
    Virtualization Based Security (VBS) and Hypervisor-Protected Code Integrity (HVCI) VBS is security based on virtualization capabilities. It uses the virtualization features of the Windows operating system, specifically the Hyper-V hypervisor, to create and isolate a small chunk of memory that is isolated from the operating system. HVCI checks the integrity of code for violations. The Code Integrity check happens in the isolated virtual area of memory protected by the hypervisor, hence the acronym HVCI (Hypervisor Protected Code Integrity) (Murtaza). In the secure, isolated region of memory created by VBS with the hypervisor, Windows will run checks on the integrity of the code that runs various processes. The isolation protects the stored item from tampering by malware and similar threats. If they run incident free, they are released to the operating system and can run in the standard memory space. If issues are detected, the code will not be released, nor will it run in the standard memory space of the operating system, and damage or compromise will be prevented.

    How do all the hardware-based security features work?

    This scenario explains how a standard boot up and login should happen.

    You turn on your computer. Secure Boot authorizes the processes and UEFI hands over control to the operating system. Windows Hello works with TPM and uses a pin to authenticate the user and the operating systems gives you access to the Windows environment.

    Now imagine the same process with various compromised scenarios.

    You turn on your computer. Secure Boot does not recognize the signature presented to it by the second process in the boot sequence. You will be presented with a “Secure Boot Violation” message and an option to reboot. Your computer remains protected.

    You boot up and get past the secure boot process and UEFI passes control over to the Windows 11 operating system. Windows Hello asks for your pin, but you cannot remember the pin and incorrectly enter it three times before admitting temporary defeat. Windows Hello did not find a matching pin on the TPM and will not let you proceed. You cannot log in but in the eyes of the operating system, it has prevented an unauthorized login attempt.

    You power up your computer, log in without issue, and go about your morning routine of checking email, etc. You are not aware that malware has infiltrated your system and modified a page in system memory to run code and access the operating system kernel. VBS and HVCI check the integrity of that code and detect that it is malicious. The code remains isolated and prevented from running, protecting your system.

    TPM, Hello, UEFI with Secure Boot, VBS and HVCI all work together like a well-oiled machine.

    “Microsoft's rationale for Windows 11's strict official support requirements – including Secure Boot, a TPM 2.0 module, and virtualization support – has always been centered on security rather than raw performance.” – Andrew Cunningham, arstechnica.com

    “Windows 11 raises the bar for security by requiring hardware that can enable protections like Windows Hello, Device Encryption, virtualization-based security (VBS), hypervisor-protected code integrity (HVCI), and Secure Boot. These features in combination have been shown to reduce malware by 60% on tested devices.” – Steven J. Vaughan-Nichols, Computerworld

    Can any device upgrade to Windows 11?

    In addition to the security-related hardware requirements listed previously, which may exclude some devices from Windows 11 eligibility, Windows 11 also has a minimum requirement for other hardware components.

    Windows 7 and Windows 10 were publicized as being backward compatible and almost any hardware would be able to run those operating systems. That changed with Windows 11. Microsoft now insists that modern hardware is required for Windows 11 for not only security but also improved stability.

    Software Requirement

    You must be running Windows 10 version 2004 or greater to be eligible for a Windows 11 upgrade (“Windows 11 Requirements”).

    Complete hardware requirements for Windows 11

    • 1 GHz (or faster) compatible 64-bit processor with two or more cores
    • 4 GB RAM
    • 64 GB or more of storage space
    • Compatible with DirectX 12 or later with WDDM 2.0 driver
      • DirectX connects the hardware in your computer with Windows. It allows software to display graphics using the video card or play audio, as long as that software is DirectX compatible. Windows 11 requires version 12 (“What are DirectX 12 compatible graphics”).
      • WDDM is an acronym for Windows Display Driver Model. WDDM is the architecture for the graphics driver for Windows (“Windows Display Driver Model”).
      • Version 2.0 of WDDM is required for Windows 11.
    • 720p display greater than 9" diagonally with 8 bits per color channel
    • UEFI Secure Boot capable
    • TPM 2.0 chip
    • (“Windows 11 Requirements”)

    Windows 11 may challenge your virtual environment

    When Windows 11 was initially released, some IT administrators experienced issues when trying to install or upgrade to Windows 11 in the virtual world.

    The Challenge

    The issues appeared to be centered around the Windows 11 hardware requirements, which must be detected by the Windows 11 pre-install check before the operating system will install.

    The TPM 2.0 chip requirement was indeed a challenge and not offered as a configuration option with Citrix Hypervisor, the free VMware Workstation Player or Oracle VM VirtualBox when Windows 11 was released in October 2021, although it is on the roadmap for Oracle and Citrix Hypervisor. VMware provides alternative products to the free Workstation Player that do support a virtual TPM. Oracle and Citrix reported that the feature would be available in the future and Windows 11 would work on their platforms.

    Short-Term Solutions

    VMware and Microsoft users can add a vTPM hardware type when configuring a virtual Windows 11 machine. Microsoft Azure does offer Windows 11 as an option as a virtual desktop. Citrix Desktop-As-A-Service (DAAS) will connect to Azure, AWS, or Google Cloud and is only limited by the features of the hosting cloud service provider.

    Additional Insight

    According to Microsoft, any VM running Windows 11 must meet the following requirements (“Virtual Machine Support”):

    • It must be a generation 2 VM, and upgrading a generation 1 VM to Windows 11 (in-place) is not possible
    • 64 GB of storage or greater
    • Secure Boot capable with the virtual TPM enabled
    • 4 GB of memory or greater
    • 2 or more virtual processors
    • The CPU of the physical computer that is hosting the VM must meet the Windows 11 (“Windows Processor Requirements”)

    What’s new or updated in Windows 11?

    The following two slides highlight some of the new and updated features in Windows 11.

    Security

    The most important change with Windows 11 is what you cannot see – the security. Windows 11 adds requirements and controls to make the user and device more secure, as described in previous slides.

    Taskbar

    The most prominent change in relation to the look and feel of Windows 11 is the shifting of the taskbar (and Start button) to the center of the screen. Some users may find this more convenient but if you do not and prefer the taskbar and start button back on the left of your screen, you can change it in taskbar settings.

    Updated Apps

    Paint, Photos, Notepad, Media Player, Mail, and other standard Windows apps have been updated with a new look and in some cases minor enhancements.

    User Interface

    The first change users will notice after logging in to Windows 11 is the new user interface – the look and feel. You may not notice the additional colors added to the Windows palette, but you may have thought that the startup sound was different, and the logo also looks different. You would be correct. Other look-and-feel items that changed include the rounded corners on windows, slightly different icons, new wallpapers, and controls for volume and brightness are now a slide bar. File explorer and the settings app also have a new look.

    Microsoft Teams

    Microsoft Teams is now installed on the taskbar by default. Note that this is for a personal Microsoft account only. Teams for Work or School will have to be installed separately if you are using a work or school account.

    What’s new or updated in Windows 11?

    Snap Layouts

    Snap layouts have been enhanced and snap group functionality has been added. This will allow you to quickly snap one window to the side of the screen and open other Windows in the other side. This feature can be accessed by dragging the window you wish to snap to the left or right edge of the screen. The window should then automatically resize to occupy that half of the screen and allow you to select other Windows that are already open to occupy the remaining space on the screen. You can also hover your mouse over the maximize button in the upper right-hand corner of the window. A small screen with multiple snap layouts will appear for your selection. Multiple snapped Windows can be saved as a “Snap Group” that will open together if one of the group windows are snapped in the future.

    Widgets

    Widgets are expanding. Microsoft started the re-introduction of widgets in Windows 10, specifically focusing on the weather. Widgets now include other services such as news, sports, stock prices, and others.

    Android Apps

    Android apps can now run in Windows 11. You will have to use the Amazon store to access and install Android apps, but if it is available in the Amazon store, you can install it on Windows 11.

    Docking

    Docking has improved with Windows 11. Windows knows when you are docked and will minimize apps when you undock so they are not lost. They will appear automatically when you dock again.

    This is not intended to be an inclusive list but does cover some of the more prominent features.

    What’s missing from Windows 11?

    The following features are no longer found in Windows 11:

    • Backward compatibility
      • The introduction of the hardware requirements for Windows 11 removed the backward compatibility (from a hardware perspective) that made the transition from previous versions of Windows to their successor less of a hardware concern. If a computer could run Windows 7, then it could also run Windows 10. That does not automatically mean it can also run Windows 11.
    • Internet Explorer
      • Internet Explorer is no longer installed by default in Windows 11. Microsoft Edge is now the default browser for Windows. Other browsers can also be installed if preferred.
    • Tablet mode
      • Windows 11 does not have a "tablet" mode, but the operating system will maximize the active window and add more space between icons to make selecting them easier if the 2-in-1 hardware detects that you wish to use the device as a tablet (keyboard detached or device opened up beyond 180 degrees, etc.).
    • Semi-annual updates
      • It may take six months or more to realize that semi-annual feature updates are missing. Microsoft moved to an annual feature update schema but continued with monthly quality updates with Windows 11.
    • Specific apps
      • Several applications have been removed (but can be manually added from the Microsoft Store by the user). They include:
        • OneNote for Windows 10
        • 3D Viewer
        • Paint 3D
        • Skype
    • Cortana (by default)
      • Cortana is missing from Windows 11. It is installed but not enabled by default. Users can turn it on if desired.

    Microsoft included a complete list of features that have been removed or deprecated with Windows 11, which can be found here Windows 11 Specs and System Requirements.

    Windows 11 editions

    • Windows 11 is offered in several editions:
      • Windows 11 Home
      • Windows 11 Pro
      • Windows 11 Pro for Workstations
      • Windows 11 Enterprise Windows 11 for Education
      • Windows 11 SE for Education
    • Windows 11 hardware requirements and security features are common throughout all editions.
    • The new look and feel along with all the features mentioned previously are common to all editions as well.
    • Windows Home
      • Standard offering for home users
    • Pro versus Pro for Workstations
      • Windows 11 Pro and Pro for Workstations are both well suited for the business environment with available features such as support for Active Directory or Azure Active Directory, Windows Autopilot, OneDrive for Business, etc.
      • Windows Pro for Workstations is designed for increased demands on the hardware with the higher memory limits (2 TB vs. 6 TB) and processor count (2 CPU vs. 4 CPU).
      • Windows Pro for Workstations also features Resilient File System, Persistent Memory, and SMB Direct. Neither of these features are available in the Windows 11 Pro edition.
      • Windows 11 Pro and Pro for Workstations are both very business focused, although Pro may also be a common choice for non-business users (Home and Education).
    • Enterprise Offerings
      • Enterprise licenses are subscription based and are part of the Microsoft 365 suite of offerings.
      • Windows 11 Enterprise is Windows 11 Pro with some additional addons and functionality in areas such as device management, collaboration, and security services.
      • The level of the Microsoft 365 Enterprise subscription (E3 or E5) would dictate the additional features and functionality, such as the complete Microsoft Defender for Endpoint suite or the Microsoft phone system and Audio Conferencing, which are only available with the E5 subscription.

    Windows 11 Education Editions

    With the release of a laptop targeted specifically at the education market, Microsoft must be taking notice of the Google Chrome educational market penetration, especially with headlines like these.

    “40 Million Chromebooks in Use in Education” (Thurrott)

    “The Unprecedented Growth of the Chromebook Education Market Share” (Carklin)

    “Chromebooks Gain Market Share as Education Goes Online” (Hruska)

    “Chromebooks Gain Share of Education Market Despite Shortages” (Mandaro)

    “Chromebook sales skyrocketed in Q3 2020 with online education fueling demand” (Duke)

    • Education licenses are subscription based and are part of the Microsoft 365 suite of offerings. Educational pricing is one benefit of the Microsoft 365 Education model.
    • Windows 11 Education is Windows 11 Pro with some additional addons and functionality similar to the Enterprise offerings for Windows 11 in areas such as device management, collaboration, and security services. Windows 11 Education also adds some education specific settings such as Classroom Tools, which allow institutions to add new students and their devices to their own environment with fewer issues, and includes OneNote Class Notebook, Set Up School PCs app, and Take a Test app.
    • The level of the Microsoft 365 Education subscription (A3 or A5) would dictate the additional features and functionality, such as the complete Microsoft Defender for Endpoint suite or the Microsoft phone system and Audio Conferencing, which are only available with the A5 subscription.
    • Windows 11 SE for Education:
      • A cloud-first edition of Windows 11 specifically designed for the K-8 education market.
      • Windows 11 SE is a light version of Windows 11 that is designed to run on entry-level devices with better performance and security on that hardware.
      • Windows 11 SE requires Intune for Education and only IT admins can install applications.
    • Microsoft and others have come out with Windows SE specific devices at a low price point.
      • The Microsoft Surface Laptop SE comes pre-loaded with Windows 11 SE and can be purchased for US$249.00.
      • Dell, Asus, Acer, Lenovo, and others also offer Windows 11 SE specific devices (“Devices for Education”).

    Initial Reactions

    Below you can find some actual initial reactions to Windows 11.

    Initial reactions are mixed, as is to be expected with any new release of an operating system. The look and feel is new, but it is not a huge departure from the Windows 10 look and feel. Some new features are well received such as the snap feature.

    The shift of the taskbar (and start button) is the most popular topic of discussion online when it comes to Windows 11 reactions. Some love it and some do not. The best part about the shift of the taskbar is that you can adjust it in settings and move it back to its original location.

    The best thing about reactions is that they garner attention, and thanks in part to all the online reactions and comments, Microsoft is continually improving Windows 11 through quality updates and annual feature releases.

    “My 91-year-old Mum has found it easy!” Binns, Paul ITRG

    “It mostly looks quite nice and runs well.” Jmbpiano, Reddit user

    “It makes me feel more like a Mac user.” Chang, Ben Info-Tech

    “At its core, Windows 11 appears to be just Windows 10 with a fresh coat of paint splashed all over it.” Rouse, Rick RicksDailyTips.com

    “Love that I can snap between different page orientations.” Roberts, Jeremy Info-Tech

    “I finally feel like Microsoft is back on track again.” Jawed, Usama Neowin

    “A few of the things that seemed like issues at first have either turned out not to be or have been fixed with patches.” Jmbpiano, Reddit user

    “The new interface is genuinely intuitive, well-designed, and colorful.” House, Brett AnandTech

    “No issues. Have it out on about 50 stations.” Sandrews1313, Reddit User

    “The most striking change is to the Start menu.” Grabham, Dan pocket-lint.com

    How do I upgrade to Windows 11?

    The process is very similar to applying updates in Windows 10.

    • Windows 11 is offered as an upgrade through the standard Windows 10 update procedure. Windows Update will notify you when the Windows 11 upgrade is ready (assuming your device is eligible for Windows 11).
      • Allow the update (upgrade in this case) to proceed, reboot, and your endpoint will come back to life with Windows 11 installed and ready for you.
    • A fresh install can be delivered by downloading the required Windows 11 installation media from the Microsoft Software Download site for Windows 11.
    • Business users can control the timing and schedule of the Windows 11 rollout to corporate endpoints using Microsoft solutions such as WSUS, Configuration Manager, Intune and Endpoint Manager, or by using other endpoint management solutions.
    • WSUS and Configuration Manager will have to sync the product category for Windows 11 to manage the deployment.
    • Windows Update for Business policies will have to use the target version capability rather than using the feature update referrals alone.
    • Organizations using Intune and a Microsoft 365 E3 license will be able to use the Feature Update Deployments page to select Windows 11.
    • Other modern endpoint management solutions may also allow for a controlled deployment.

    Info-Tech Insight

    The upgrade itself may be a simple process but be prepared for the end-user reactions that will follow. Some will love it but others will despise it. It is not an optional upgrade in the long run, so everyone will have to learn to accept it.

    When can I upgrade to Windows 11?

    You can upgrade right now BUT there is no need to rush. Windows 11 was released in October 2021 but that doesn’t mean you have to upgrade everyone right away. Plan this out.

    • Build deployment rings into your Windows 11 upgrade approach: This approach, also referred to as Canary Releases or deployment rings, allows you to ensure that IT can support users if there's a major problem with the upgrade. Instead of disrupting all end users, you are only disrupting a portion of end users.
      • Deploy the initial update to your test environment.
      • After testing is successful or changes have been made, deploy Windows 11 to your pilot group of users.
      • After the pilot group gives you the thumbs up, deploy to the rest of production in phases. Phases are sometimes by office/location, sometimes by department, sometimes by persona (i.e. defer people that don't handle updates well), and usually by a combination of these factors.
      • Increase the size of each ring as you progress.
    • Always back up your data before any upgrade.

    Deployment Ring Example

    Pilot Ring - Individuals from all departments - 10 users

    Ring #1 - Dev, Finance - 20 Users

    Ring #2 - Research - 100 Users

    Ring #3 - Sales, IT, Marketing - 500 Users

    Upgrade your eligible devices and users to Windows 11

    Build Windows 11 Deployment Rings

    Instructions:

    1. Identify who will be in the pilot group. Use individuals instead of user groups.
    2. Identify how many standard rings you need. This number will be based on the total number of employees per office.
    3. Map groups to rings. Define which user groups will be in each ring.
    4. Allow some time to elapse between upgrades. Allow the first group to work with Windows 11 and identify any potential issues that may arise before upgrading the next group.
    5. Track and communicate. Record all information into a spreadsheet like the one on the right. This will aid in communication and tracking.
    Ring Department or Group Total Users Delay Time Before Next Group
    Pilot Ring Individuals from all departments 10 Three weeks
    Ring 1 Dev Finance 20 Two weeks
    Ring 2 Research 100 One week
    Ring 3 Sales, IT Marketing 500 N/A

    What are my options if my devices cannot upgrade to Windows 11?

    Don’t rush out to replace all the ineligible endpoint devices. You have some time to plan this out. Windows 10 will be available and supported by Microsoft until October 2025.

    Use asset management strategies and budget techniques in your Windows 11 upgrade approach:

    • Start with current inventory and determine which devices will not be eligible for upgrade to Windows 11.
    • Prioritize the devices for replacement, taking device age, the role of the user the device supports, and delivery times for remote users into consideration.
    • Take this opportunity to review overall device offerings and end-user compute strategy. This will help decide which devices to offer going forward while improving end-user satisfaction.
    • Determine the cost for replacement devices:
      • Compare vendor offerings using an RFP process.
    • Use the hardware asset management planning spreadsheet on the next slide to budget for the replacements over the coming months leading up to October 2025.

    Leverage Info-Tech research to improve your end-user computing strategy and hardware asset management processes:

    New to End User Computing Strategies? Start with Modernize and Transform Your End-User Computing Strategy.

    New to IT asset management? Use Info-Tech’s Implement Hardware Asset Management blueprint.

    Use Info-Tech’s HAM Budgeting Tool to plan your hardware asset budget

    Build a Windows 11 Device Replacement Budget

    The link below will open up a hardware asset management (HAM) budgeting tool. This tool can easily be modified to assist in developing and justifying the budget for hardware assets for the Windows 11 project. The tool will allow you to budget for hardware asset refresh and to adjust the budget as needed to accommodate any changes. Follow the instructions on each tab to complete the tool.

    A sample of a possible Windows 11 budgeting spreadsheet is shown on the right, but feel free to play with the HAM budgeting tool to fit your needs.

    HAM Budgeting Tool

    Windows 11 Replacement Schedule
    2022 2023 2024 2025
    Department Total to replace Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Left to allocate
    Finance 120 20 20 20 10 10 20 20 0
    HR 28 15 13 0
    IT 30 15 15 0
    Research 58 8 15 5 20 5 5 0
    Planning 80 10 15 15 10 15 15 0
    Other 160 5 30 5 15 15 30 30 30 0
    Totals 476 35 38 35 35 35 35 38 35 50 35 35 35 35 0

    Related Info-Tech Research

    Modernize and Transform Your End-User Computing Strategy

    This project helps support the workforce of the future by answering the following questions: What types of computing devices, provisioning models, and operating systems should be offered to end users? How will IT support devices? What are the policies and governance surrounding how devices are used? What actions are we taking and when? How do end-user devices support larger corporate priorities and strategies?

    Implement Hardware Asset Management

    This project will help you analyze the current state of your HAM program, define assets that will need to be managed, and build and involve the ITAM team from the beginning to help embed the change. It will also help you define standard policies, processes, and procedures for each stage of the hardware asset lifecycle, from procurement through to disposal.

    Bibliography

    aczechowski, et al. “Windows 11 Requirements.” Microsoft, 3 June 2022. Accessed 13 June 2022.

    Binns, Paul. Personal interview. 07 June 2022.

    Butler, Sydney. “What Is Trusted Platform Module (TPM) and How Does It Work?” Help Desk Geek, 5 August 2021. Accessed 18 May 2022.

    Carklin, Nicolette. “The Unprecedented Growth of the Chromebook Education Market Share.” Parallels International GmbH, 26 October 2021. Accessed 19 May 2022.

    Chang, Ben. Personal interview. 26 May 2022.

    Cunningham, Andrew. “Why Windows 11 has such strict hardware requirements, according to Microsoft.” Ars Technica, 27 August 2021. Accessed 19 May 2022.

    Dealnd-Han, et al. “Windows Processor Requirements.” Microsoft, 9 May 2022. Accessed 18 May 2022.

    “Desktop Operating Systems Market Share Worldwide.” Statcounter Globalstats, June 2021–June 2022. Accessed 17 May 2022.

    “Devices for education.” Microsoft, 2022. Accessed 13 June 2022.

    Duke, Kent. “Chromebook sales skyrocketed in Q3 2020 with online education fueling demand.” Android Police, 16 November 2020. Accessed 18 May 2022.

    Grabham, Dan. “Windows 11 first impressions: Our initial thoughts on using Microsoft's new OS.” Pocket-Lint, 24 June 2021. Accessed 3 June 2022.

    Hachman, Mark. “Why is there a Windows 11 if Windows 10 is the last Windows?” PCWorld, 18 June 2021. Accessed 17 May 2022.

    Howse, Brett. “What to Expect with Windows 11: A Day One Hands-On.” Anandtech, 16 November 2020. Accessed 3 June 2022.

    Hruska, Joel. “Chromebooks Gain Market Share as Education Goes Online.” Extremetech, 26 October 2020. Accessed 19 May 2022.

    Jawed, Usama. “I am finally excited about Windows 11 again.” Neowin, 26 February 2022. Accessed 3 June 2022.

    Jmbpiano. “Windows 11 - What are our initial thoughts and feelings?” Reddit, 22 November 2021. Accessed 3 June 2022.

    Lumunge, Erick. “UEFI and Legacy boot.” OpenGenus, n.d. Accessed 18 May 2022.

    Bibliography

    Mandaro, Laura. “Chromebooks Gain Share of Education Market Despite Shortages.” The Information, 9 September 2020. Accessed 19 May 2022.

    Murtaza, Fawad. “What Is Virtualization Based Security in Windows?” Valnet Inc, 24 October 2021. Accessed 17 May 2022.

    Roberts, Jeremy. Personal interview. 27 May 2022.

    Rouse, Rick. “My initial thoughts about Windows 11 (likes and dislikes).” RicksDailyTips.com, 5 September 2021. Accessed 3 June 2022.

    Sandrews1313. “Windows 11 - What are our initial thoughts and feelings?” Reddit, 22 November 2021. Accessed 3 June 2022.

    “The Matrix Quotes." Quotes.net, n.d. Accessed 18 May 2022.

    Thurrott, Paul.” Google: 40 Million Chromebooks in Use in Education.” Thurrott, 21 January 2020. Accessed 18 May 2022.

    Vaughan-Nichols, Steven J. “The real reason for Windows 11.” Computerworld, 6 July 2021, Accessed 19 May 2022.

    “Virtual Machine Support.” Microsoft,3 June 2022. Accessed 13 June 2022.

    “What are DirectX 12 compatible graphics and WDDM 2.x.” Wisecleaner, 20 August 2021. Accessed 19 May 2022.

    “Windows 11 Specs and System Requirements.” Microsoft, 2022. Accessed 13 June 2022.

    “Windows Display Driver Model.” MiniTool, n.d. Accessed 13 June 2022.

    Cyber Resilience Report 2018

    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A

    "The cyber threat landscape today is highly complex and rapidly changing. Cyber security incidents can have several impacts on organizations and society, both on a physical and non-physical level. Through the use of a computer, criminals can indeed cause IT outages, supply chain disruptions and other physical security incidents"

    -- excerpt from the foreword of the BCI Cyber resilience report 2018 by David Thorp, Executive Director, BCI

    There are a number of things you can do to protect yourself. And they range, as usual, from the fairly simple to the more elaborate and esoteric. Most companies can, with some common sense, if not close the door on most of these issues, at least prepare themselves to limit the consequences.

    Continue reading

    Develop a COVID-19 Pandemic Response Plan

    • Buy Link or Shortcode: {j2store}420|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity
    • IT departments are being asked to rapidly ramp up work-from-home capabilities and other business process workarounds.
    • Crisis managers are experiencing a pandemic more severe than what they’ve managed in the past.
    • Organizations are scrambling to determine how they can keep their businesses running through this pandemic.

    Our Advice

    Critical Insight

    • Obstacles to working from home go beyond internet speed and needing a laptop. Business input is critical to uncover unexpected obstacles.
    • IT needs to address a range of issues from security risk to increased service desk demand from users who don’t normally work from home.
    • Resist the temptation to bypass IT processes – your future-self will thank you for tracking all those assets about to go out the door.

    Impact and Result

    • Start with crisis management fundamentals – identify crisis management roles and exercise appropriate crisis communication.
    • Prioritize business processes and work-from-home requirements. Not everyone can be set up on day one.
    • Don’t over-complicate your work-from-home deployment plan. A simple spreadsheet (see the Work-from-Home Requirements Tool) to track requirements can be very effective.

    Develop a COVID-19 Pandemic Response Plan Research & Tools

    Start here

    Stay up to date on COVID-19 and the resources available to you.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Develop a COVID-19 Pandemic Response Plan Storyboard

    1. Manage the pandemic crisis

    Identify key roles and immediate steps to manage this crisis.

    • Pandemic Response Plan Example

    2. Create IT’s plan to support the pandemic response plan

    Plan the deployment of a work-from-home initiative.

    • Work-From-Home Requirements Tool
    [infographic]

    Leadership Workshop Overview

    • Buy Link or Shortcode: {j2store}475|cart{/j2store}
    • member rating overall impact (scale of 10): 8.8/10 Overall Impact
    • member rating average dollars saved: $69,299 Average $ Saved
    • member rating average days saved: 28 Average Days Saved
    • Parent Category Name: Leadership Development Programs
    • Parent Category Link: /leadership-development-programs

    Leadership has evolved over time. The velocity of change has increased and leadership for the future looks different than the past.

    Our Advice

    Critical Insight

    Development of the leadership mind should never stop. This program will help IT leaders continue to craft their leadership competencies to navigate the ever-changing world in which we operate.

    Impact and Result

    • Embrace and lead change through active sharing, transparency, and partnerships.
    • Encourage growth mindset to enhance innovative ideas and go past what has always been done.
    • Actively delegate responsibilities and opportunities that engage and develop team members to build on current skills and prepare for the future.

    Leadership Workshop Overview Research & Tools

    Start here – read the Workshop Overview

    Read our concise Workshop Overview to find out how this program can support the development needs of your IT leadership teams.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Info-Tech Leadership Workshop Overview
    [infographic]

    Maintain an Organized Portfolio

    • Buy Link or Shortcode: {j2store}432|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $3,059 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Portfolio Management
    • Parent Category Link: /portfolio-management
    • All too often, the portfolio of programs and projects looks more like a random heap than a strategically organized and balanced collection of investments that will drive the business forward.
    • Portfolio managers know that with the right kind of information and the right level of process maturity they can get better results through the portfolio; however, organizations often assume (falsely) that the required level of maturity is out of reach from their current state and perpetually delay improvements.

    Our Advice

    Critical Insight

    • The information needed to define clear and usable criteria for organizing the portfolio of programs and projects already exists. Portfolio managers only need to identify the sources of that information and institute processes for regularly reviewing that information in order to define those criteria.
    • Once a portfolio manager has a clear idea of the goals and constraints that shape what ought to be included (or removed) from the portfolio and once these have been translated into clear and usable portfolio criteria, basic portfolio management processes can be instituted to ensure that these criteria are used consistently throughout the various stages of the project lifecycle.
    • Portfolio management frameworks and processes do not need to be built from scratch. Well-known frameworks – such as the one outlined in COBIT 5 APO05 – can be instituted in a way that will allow even low-maturity organizations to start organizing their portfolio.
    • Organizations do not need to grow into portfolio management frameworks to get the benefits of an organized portfolio; instead, they can grow within such frameworks.

    Impact and Result

    • An organized portfolio will ensure that the projects and programs included in it are strategically aligned and can actually be executed within the finite constraints of budgetary and human resource capacity.
    • Portfolio managers are better empowered to make decisions about which projects should be included in the portfolio (and when) and are better empowered to make the very tough decisions about which projects should be removed from the portfolio (i.e. cancelled).
    • Building and maturing a portfolio management framework will more fully integrate the PMO into the broader IT management and governance frameworks, making it a more integral part of strategic decisions and a better business partner in the long run.

    Maintain an Organized Portfolio Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should maintain an organized portfolio of programs and projects, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess the current state of the portfolio and PPM processes

    Analyze the current mix of programs and projects in your portfolio and assess the maturity of your current PPM processes.

    • Maintain an Organized Portfolio – Phase 1: Assess the Current State of the Portfolio and PPM Processes
    • Project Portfolio Organizer
    • COBIT APO05 (Manage Portfolio) Alignment Workbook

    2. Enhance portfolio organization through improved PPM criteria and processes

    Enhance and optimize your portfolio management processes to ensure portfolio criteria are clearly defined and consistently applied across the project lifecycle when making decisions about which projects to include or remove from the portfolio.

    • Maintain an Organized Portfolio – Phase 2: Enhance Portfolio Organization Through Improved PPM Criteria and Processes
    • Portfolio Management Standard Operating Procedures

    3. Implement improved portfolio management practices

    Implement your portfolio management improvement initiatives to ensure long-term sustainable adoption of new PPM practices.

    • Maintain an Organized Portfolio – Phase 3: Implement Improved Portfolio Management Practices
    • Portfolio Management Improvement Roadmap Tool
    [infographic]

    Workshop: Maintain an Organized Portfolio

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess Portfolio Mix and Portfolio Process Current State

    The Purpose

    Analyze the current mix of the portfolio to determine how to better organize it according to organizational goals and constraints.

    Assess which PPM processes need to be enhanced to better organize the portfolio.

    Key Benefits Achieved

    An analysis of the existing portfolio of projects (highlighting areas of concern).

    An analysis of the maturity of current PPM processes and their ability to support the maintenance of an organized portfolio.

    Activities

    1.1 Pre-work: Prepare a complete project list.

    1.2 Define existing portfolio categories, criteria, and targets.

    1.3 Analyze the current portfolio mix.

    1.4 Identify areas of concern with current portfolio mix.

    1.5 Review the six COBIT sub-processes for portfolio management (APO05.01-06).

    1.6 Assess the degree to which these sub-processes have been currently achieved at the organization.

    1.7 Assess the degree to which portfolio-supporting IT governance and management processes exist.

    1.8 Perform a gap analysis.

    Outputs

    Analysis of the current portfolio mix

    Assessment of COBIT alignment and gap analysis.

    2 Define Portfolio Target Mix, Criteria, and Roadmap

    The Purpose

    Define clear and usable portfolio criteria.

    Record/design portfolio management processes that will support the consistent use of portfolio criteria at all stages of the project lifecycle.

    Key Benefits Achieved

    Clearly defined and usable portfolio criteria.

    A portfolio management framework that supports the consistent use of the portfolio criteria across all stages of the project lifecycle.

    Activities

    2.1 Identify determinants of the portfolio mix, criteria, and constraints.

    2.2 Define the target mix, portfolio criteria, and portfolio metrics.

    2.3 Identify sources of funding and resourcing.

    2.4 Review and record the portfolio criteria based upon the goals and constraints.

    2.5 Create a PPM improvement roadmap.

    Outputs

    Portfolio criteria

    Portfolio metrics for intake, monitoring, closure, termination, reprioritization, and benefits tracking

    Portfolio Management Improvement Roadmap

    3 Design Improved Portfolio Sub-Processes

    The Purpose

    Ensure that the portfolio criteria are used to guide decision making at each stage of the project lifecycle when making decisions about which projects to include or remove from the portfolio.

    Key Benefits Achieved

    Processes that support decision making based upon the portfolio criteria.

    Processes that ensure the portfolio remains consistently organized according to the portfolio criteria.

    Activities

    3.1 Ensure that the metrics used for each sub-process are based upon the standard portfolio criteria.

    3.2 Establish the roles, accountabilities, and responsibilities for each sub-process needing improvement.

    3.3 Outline the workflow for each sub-process needing improvement.

    Outputs

    A RACI chart for each sub-process

    A workflow for each sub-process

    4 Change Impact Analysis and Stakeholder Engagement Plan

    The Purpose

    Ensure that the portfolio management improvement initiatives are sustainably adopted in the long term.

    Key Benefits Achieved

    Stakeholder engagement.

    Sustainable long-term adoption of the improved portfolio management practices.

    Activities

    4.1 Conduct a change impact analysis.

    4.2 Create a stakeholder engagement plan.

    Outputs

    Change Impact Analysis

    Stakeholder Engagement Plan

    Completed Portfolio Management SOP

    Rationalize Your Collaboration Tools

    • Buy Link or Shortcode: {j2store}51|cart{/j2store}
    • member rating overall impact (scale of 10): 7.3/10 Overall Impact
    • member rating average dollars saved: 10 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: End-User Computing Applications
    • Parent Category Link: /end-user-computing-applications
    • Organizations collaboration toolsets are increasingly disordered and overburdened. Not only do organizations waste money by purchasing tools that overlap with their current toolset, but also employees’ productivity is destroyed by having to spend time switching between multiple tools.
    • Shadow IT is easier than ever. Without suitable onboarding and agreed-upon practices, employees will seek out their own solutions for collaboration. No transparency of what tools are being used means that information shared through shadow IT cannot be coordinated, monitored, or regulated effectively.

    Our Advice

    Critical Insight

    • Best-of-breed approaches create more confusion than productivity. Collaboration toolsets should be as streamlined as possible.
    • Employee-led initiatives to implement new toolsets are more successful. Focus on what is a suitable fit for employees’ needs.
    • Strategizing toolsets enhances security. File transfers and communication through unmonitored, unapproved tools increases phishing and hacking risks.

    Impact and Result

    • Categorize your current collaboration toolset, identifying genuine overlaps and gaps in your collaboration capabilities.
    • Work through our best-practice recommendations to decide which redundant overlapping tools should be phased out.
    • Build business requirements to fill toolset gaps and create an adoption plan for onboarding new tools.
    • Create a collaboration strategy that documents collaboration capabilities, rationalizes them, and states which capability to use when.

    Rationalize Your Collaboration Tools Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how to create a collaboration strategy that will improve employee efficiency and save the organization time and money.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Evaluate current toolset

    Identify and categorize current collaboration toolset usage to recognize unnecessary overlaps and legitimate gaps.

    • Rationalize Your Collaboration Tools – Phase 1: Evaluate Current Toolset
    • Identifying and Categorizing Shadow Collaboration Tools Survey
    • Overlaps and Gaps in Current Collaboration Toolset Template

    2. Strategize toolset overlaps

    Evaluate overlaps to determine which redundant tools should be phased out and explore best practices for how to do so.

    • Rationalize Your Collaboration Tools – Phase 2: Strategize Toolset Overlaps
    • Phase-Out Plan Gantt Chart Template
    • Phase-Out Plan Marketing Materials

    3. Fill toolset gaps

    Fill your collaboration toolset gaps with best-fit tools, build business requirements for those tools, and create an adoption plan for onboarding.

    • Rationalize Your Collaboration Tools – Phase 3: Fill Toolset Gaps
    • Adoption Plan Gantt Chart Template
    • Adoption Plan Marketing Materials
    • Collaboration Tools Business Requirements Document Template
    • Collaboration Platform Evaluation Tool
    [infographic]

    Workshop: Rationalize Your Collaboration Tools

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Categorize the Toolset

    The Purpose

    Create a collaboration vision.

    Acknowledge the current state of the collaboration toolset.

    Key Benefits Achieved

    A clear framework to structure the collaboration strategy

    Activities

    1.1 Set the vision for the Collaboration Strategy.

    1.2 Identify your collaboration tools with use cases.

    1.3 Learn what collaboration tools are used and why, including shadow IT.

    1.4 Begin categorizing the toolset.

    Outputs

    Beginnings of the Collaboration Strategy

    At least five archetypical use cases, detailing the collaboration capabilities required for these cases

    Use cases updated with shadow IT currently used within the organization

    Overlaps and Gaps in Current Capabilities Toolset Template

    2 Strategize Overlaps

    The Purpose

    Identify redundant overlapping tools and develop a phase-out plan.

    Key Benefits Achieved

    Communication and phase-out plans for redundant tools, streamlining the collaboration toolset.

    Activities

    2.1 Identify legitimate overlaps and gaps.

    2.2 Explore business and user strategies for identifying redundant tools.

    2.3 Create a Gantt chart and communication plan and outline post-phase-out strategies.

    Outputs

    Overlaps and Gaps in Current Capabilities Toolset Template

    A shortlist of redundant overlapping tools to be phased out

    Phase-out plan

    3 Build Business Requirements

    The Purpose

    Gather business requirements for finding best-fit tools to fill toolset gaps.

    Key Benefits Achieved

    A business requirements document

    Activities

    3.1 Use SoftwareReviews and the Collaboration Platform Evaluation Tool to shortlist best-fit collaboration tool.

    3.2 Build SMART objectives and goals cascade.

    3.3 Walk through the Collaboration Tools Business Requirements Document Template.

    Outputs

    A shortlist of collaboration tools

    A list of SMART goals and a goals cascade

    Completed Business Requirements Document

    4 Create an Adoption Plan

    The Purpose

    Create an adoption plan for successfully onboarding new collaboration tools.

    Key Benefits Achieved

    An adoption plan

    Activities

    4.1 Fill out the Adoption Plan Gantt Chart Template.

    4.2 Create the communication plan.

    4.3 Explore best practices to socialize the new tools.

    Outputs

    Completed Gantt chart

    Adoption plan marketing materials

    Long-term strategy for engaging employees with onboarded tools

    Plan Your Digital Transformation on a Page

    • Buy Link or Shortcode: {j2store}81|cart{/j2store}
    • member rating overall impact (scale of 10): 8.0/10 Overall Impact
    • member rating average dollars saved: $34,649 Average $ Saved
    • member rating average days saved: 20 Average Days Saved
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy
    • Digital investments often under deliver on expectations of return, and there is no cohesive approach to managing the flow of capital into digital.
    • The focus of the business has historically been to survive technological disruption rather than to thrive in it.
    • Strategy is based mostly on opinion rather than an objective analysis of the outcomes customers want from the organization.
    • Digital is considered a buzzword – nobody has a clear understanding of what it is and what it means in the organization’s context.

    Our Advice

    Critical Insight

    • The purpose of going digital is getting one step closer to the customer. The mark of a digital organization lies in how they answer the question, “How does what we’re doing contribute to what the customer wants from us?”
    • The goal of digital strategy is digital enablement. An organization that is digitally enabled no longer needs a digital strategy, it’s just “the strategy.”

    Impact and Result

    • Focus strategy making on delivering the digital outcomes that customers want.
      • Leverage the talent, expertise, and perspectives within the organization to build a customer-centric digital strategy.
    • Design a balanced digital strategy that creates value across the five digital value pools:
      • Digital marketing, digital channels, digital products, digital supporting capabilities, and business model innovation.
    • Ask how disruption can be leveraged, or even become the disruptor.
      • Manage disruption through quick-win approaches and empowering staff to innovate.
    • Use a Digital Strategy-on-a-Page to spark the digital transformation.
      • Drive awareness and alignment on the digital vision and spark your organization’s imagination around digital.

    Plan Your Digital Transformation on a Page Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to understand how digital disruption is driving the need for transformation, and how Info-Tech’s methodology can help.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Scope the digital transformation

    Learn how to apply the Digital Value Pools thought model and scope strategy around them.

    • Plan Your Digital Transformation on a Page – Phase 1: Scope the Digital Transformation

    2. Design the digital future state vision

    Identify business imperatives, define digital outcomes, and define the strategy’s guiding principles.

    • Plan Your Digital Transformation on a Page – Phase 2: Design the Digital Future State Vision
    • Digital Strategy on a Page

    3. Define the digital roadmap

    Define, prioritize, and roadmap digital initiatives and plan contingencies.

    • Plan Your Digital Transformation on a Page – Phase 3: Define the Digital Roadmap

    4. Sustain digital transformation

    Create, polish, and socialize the Digital Strategy-on-a-Page.

    • Plan Your Digital Transformation on a Page – Phase 4: Sustain Digital Transformation
    [infographic]

    Workshop: Plan Your Digital Transformation on a Page

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Scope the Digital Transformation

    The Purpose

    Identify the need for and use of digital strategy and determine a realistic scope for the digital strategy.

    Key Benefits Achieved

    The digital strategy project is planned and scoped around a subset of the five digital value pools.

    Activities

    1.1 Introduction to digital strategy.

    1.2 Establish motivation for digital.

    1.3 Discuss in-flight digital investments.

    1.4 Define the scope of digital.

    1.5 Identify stakeholders.

    1.6 Perform discovery interviews.

    1.7 Select two value pools to focus day 2, 3, and 4 activities.

    Outputs

    Business model canvas

    Stakeholder power map

    Discovery interview results

    Two value pools for focus throughout the workshop

    2 Design the Digital Future State Vision

    The Purpose

    Create guiding principles to help define future digital initiatives. Generate the target state with the help of strategic goals.

    Key Benefits Achieved

    Establish the basis for planning out the initiatives needed to achieve the target state from the current state.

    Activities

    2.1 Identify digital imperatives.

    2.2 Define key digital outcomes.

    2.3 Create a digital investment thesis.

    2.4 Define digital guiding principles.

    Outputs

    Corporate strategy analysis, PESTLE analysis, documented operational pain points (value streams)

    Customer needs assessment (journey maps)

    Digital investment thesis

    Digital guiding principles

    3 Define the Digital Roadmap

    The Purpose

    Understand the gap between the current and target state. Create transition options and assessment against qualitative and quantitative metrics to generate a list of initiatives the organization will pursue to reach the target state. Build a roadmap to plan out when each transition initiative will be implemented.

    Key Benefits Achieved

    Finalize the initiatives the organization will use to achieve the target digital state. Create a roadmap to plan out the timing of each initiative and generate an easy-to-present document for digital strategy approval.

    Activities

    3.1 Identify initiatives to achieve digital outcomes.

    3.2 Align in-flight initiatives to digital initiatives.

    3.3 Prioritize digital initiatives.

    3.4 Document architecturally significant requirements for high-priority initiatives.

    Outputs

    Digital outcomes and KPIs

    Investment/value pool matrix

    Digital initiative prioritization

    Architecturally significant requirements for high-priority initiatives

    4 Define the Digital Roadmap

    The Purpose

    Plan your approach to socializing the digital strategy to help facilitate the cultural changes necessary for digital transformation.

    Key Benefits Achieved

    Plant the seed of digital and innovation to start making digital a part of the organization’s DNA.

    Activities

    4.1 Review and refine Digital Strategy on a Page.

    4.2 Assess company culture.

    4.3 Define high-level cultural changes needed for successful transformation.

    4.4 Define the role of the digital transformation team.

    4.5 Establish digital transformation team membership and desired outcomes.

    Outputs

    Digital Strategy on a Page

    Strategyzer Culture Map

    Digital transformation team charter

    Deliver on Your Digital Product Vision

    • Buy Link or Shortcode: {j2store}351|cart{/j2store}
    • member rating overall impact (scale of 10): 9.2/10 Overall Impact
    • member rating average dollars saved: $133,318 Average $ Saved
    • member rating average days saved: 30 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Product organizations are under pressure to align the value they provide to the organization’s goals and overall company vision.
    • You need to clearly convey your direction, strategy, and tactics to gain alignment, support, and funding from your organization.
    • Products require continuous additions and enhancements to sustain their value. This requires detailed, yet simple communication to a variety of stakeholders.

    Our Advice

    Critical Insight

    • A vision without tactics is an unsubstantiated dream, while tactics without a vision is working without a purpose. You need to have a handle on both to achieve outcomes that are aligned with the needs of your organization.

    Impact and Result

    • Recognize that a vision is only as good as the data that backs it up – lay out a comprehensive backlog with quality built-in that can be effectively communicated and understood through roadmaps.
    • Your intent is only a dream if it cannot be implemented – define what goes into a release plan via the release canvas.
    • Define a communication approach that lets everyone know where you are heading.

    Deliver on Your Digital Product Vision Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a digital product vision that you can stand behind. Review Info-Tech’s methodology and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define a digital product vision

    Define a digital product vision that takes into account your objectives, business value, stakeholders, customers, and metrics.

    • Deliver on Your Digital Product Vision – Phase 1: Define a Digital Product Vision
    • Digital Product Strategy Template
    • Digital Product Strategy Supporting Workbook

    2. Build a better backlog

    Build a structure for your backlog that supports your product vision.

    • Deliver on Your Digital Product Vision – Phase 2: Build a Better Backlog
    • Product Backlog Item Prioritization Tool

    3. Build a product roadmap

    Define standards, ownership for your backlog to effectively communicate your strategy in support of your digital product vision.

    • Deliver on Your Digital Product Vision – Phase 3: Build a Product Roadmap
    • Product Roadmap Tool

    4. Release and deliver value

    Understand what to consider when planning your next release.

    • Deliver on Your Digital Product Vision – Phase 4: Release and Deliver Value

    5. Communicate the strategy – make it happen

    Build a plan for communicating and updating your strategy and where to go next.

    • Deliver on Your Digital Product Vision – Phase 5: Communicate the Strategy – Make It Happen!

    Infographic

    Workshop: Deliver on Your Digital Product Vision

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define a Digital Product Vision

    The Purpose

    Understand the elements of a good product vision and the pieces that back it up.

    Key Benefits Achieved

    Provide a great foundation for an actionable vision and goals people can align to.

    Activities

    1.1 Build out the elements of an effective digital product vision

    Outputs

    Completed product vision definition for a familiar product via the product canvas

    2 Build a Better Backlog

    The Purpose

    Define the standards and approaches to populate your product backlog that support your vision and overall strategy.

    Key Benefits Achieved

    A prioritized backlog with quality throughout that enables alignment and the operationalization of the overall strategy.

    Activities

    2.1 Introduction to key activities required to support your digital product vision

    2.2 What do we mean by a quality backlog?

    2.3 Explore backlog structure and standards

    2.4 Define backlog data, content, and quality filters

    Outputs

    Articulate the activities required to support the population and validation of your backlog

    An understanding of what it means to create a quality backlog (quality filters)

    Defining the structural elements of your backlog that need to be considered

    Defining the content of your backlog and quality standards

    3 Build a Product Roadmap

    The Purpose

    Define standards and procedures for creating and updating your roadmap.

    Key Benefits Achieved

    Enable your team to create a product roadmap to communicate your product strategy in support of your digital product vision.

    Activities

    3.1 Disambiguating backlogs vs. roadmaps

    3.2 Defining audiences, accountability, and roadmap communications

    3.3 Exploring roadmap visualizations

    Outputs

    Understand the difference between a roadmap and a backlog

    Roadmap standards and agreed-to accountability for roadmaps

    Understand the different ways to visualize your roadmap and select what is relevant to your context

    4 Define Your Release, Communication, and Next Steps

    The Purpose

    Build a release plan aligned to your roadmap.

    Key Benefits Achieved

    Understand what goes into defining a release via the release canvas.

    Considerations in communication of your strategy.

    Understand how to frame your vision to enable the communication of your strategy (via an executive summary).

    Activities

    4.1 Lay out your release plan

    4.2 How to introduce your product vision

    4.3 Communicate changes to your strategy

    4.4 Where do we get started?

    Outputs

    Release canvas

    An executive summary used to introduce other parties to your product vision

    Specifics on communication of the changes to your roadmap

    Your first step to getting started

    Data-driven IT strategy

    • Teaser Video: Visit Website
    • Teaser Video Title: Big data after pandemic
    • Parent Category Name: Strategy based on data
    • Parent Category Link: /strategy-based-on-data

    You must have something to manage before you can handle it, which means you need to measure what you want to manage.

    • Learn ways to measure IT performance objectively. Create reports that show off your successes.
    • Just asking for increases is not a good strategy. Use data to show that the demand for your services is increasing.
    • Support your budget story with a clear understanding of the business needs and a fitting IT roadmap.
    • Manage your key stakeholders to improve business satisfaction with IT services.

    Leverage Agile Goal Setting for Improved Employee Engagement & Performance

    • Buy Link or Shortcode: {j2store}593|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Manage & Coach
    • Parent Category Link: /manage-coach
    • Managers are responsible for driving the best performance out of their staff while still developing individuals professionally.
    • Micromanaging tasks is an ineffective, inefficient way to get things done and keep employees engaged at the same time.
    • Both managers and employees view goal setting as a cumbersome process that never materializes in day-to-day work.
    • Without a consistent and agile goal-setting environment that pervades every day, managers risk low productivity and disengaged employees.

    Our Advice

    Critical Insight

    • Effective performance management occurs throughout the year, on a daily and weekly basis, not just at annual performance review time. Managers must embrace this reality and get into the habit of setting agile short-term goals to drive productivity.
    • Employee empowerment is one of the most significant contributors to employee engagement, which is a proven performance driver. Short-term goal setting, which is ultimately employee-owned, develops and nurtures a strong sense of employee empowerment.
    • Micromanaging employee tasks will get managers nowhere quickly. Putting in the effort to collaboratively define goals that benefit both the organization and the employee will pay off in the long run.
    • Goal setting should not be a cumbersome activity, but an agile, rolling habit that ensures employees are focused, supported, and given appropriate feedback to continue to drive performance.

    Impact and Result

    • Managers who have daily meetings to set goals are 17% more successful in terms of employee performance than managers who set goals annually.
    • Managers must be agile goal-setting role models, or risk over a third of their staff being confused about productivity expectations.
    • Managers that allow tracking of goals to be an inhibitor to goal setting are most likely to have a negative effect on employee performance success. In fact, tracking goals should not be a priority in the short-term.

    Leverage Agile Goal Setting for Improved Employee Engagement & Performance Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Learn the agile, short-term goal-setting process

    Implement agile goal setting with your team right away and drive performance.

    • Storyboard: Leverage Agile Goal Setting for Improved Employee Engagement & Performance
    [infographic]

    Security Priorities 2022

    • Buy Link or Shortcode: {j2store}244|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting
    • Ransomware activities and the cost of breaches are on the rise.
    • Cybersecurity talent is hard to find, and an increasing number of cybersecurity professionals are considering leaving their jobs.
    • Moving to the digital world increases the risk of a breach.

    Our Advice

    Critical Insight

    • The pandemic has fundamentally changed the technology landscape. Security programs must understand how their threat surface is now different and adapt their controls to meet the challenge.
    • The upside to the upheaval in 2021 is new opportunities to modernize your security program.

    Impact and Result

    • Use the report to ensure your plan in 2022 addresses what’s important in cybersecurity.
    • Understand the current situation in the cybersecurity space.

    Security Priorities 2022 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Security Priorities 2022 – A report that describes priorities and recommendations for CISOs in 2022.

    Use this report to understand the current situation in the cybersecurity space and inform your plan for 2022. This report includes sections on protecting against and responding to ransomware, acquiring and retaining talent, securing a remote workforce, securing digital transformation, and adopting zero trust.

    • Security Priorities for 2022 Report

    Infographic

    Further reading

    Security Priorities 2022

    The pandemic has changed how we work

    disruptions to the way we work caused by the pandemic are here to stay.

    The pandemic has introduced a lot of changes to our lives over the past two years, and this is also true for various aspects of how we work. In particular, a large workforce moved online overnight, which shifted the work environment rapidly.

    People changed how they communicate, how they access company information, and how they connect to the company network. These changes make cybersecurity a more important focus than ever.

    Although changes like the shift to remote work occurred in response to the pandemic, they are largely expected to remain, regardless of the progression of the pandemic itself. This report will look into important security trends and the priorities that stemmed from these trends.

    30% more professionals expect transformative permanent change compared to one year ago.

    47% of professionals expect a lot of permanent change; this remains the same as last year. (Source: Info-Tech Tech Trends 2022 Survey; N=475)

    The cost of a security breach is rising steeply

    The shift to remote work exposes organizations to more costly cyber incidents than ever before.

    $4.24 million

    Average cost of a data breach in 2021
    The cost of a data breach rose by nearly 10% in the past year, the highest rate in over seven years.

    $1.07 million

    More costly when remote work involved in the breach

    The average cost of breaches where remote work is involved is $1.07 million higher than breaches where remote work is not involved.

    The ubiquitous remote work that we saw in 2021 and continue to see in 2022 can lead to more costly security events. (Source: IBM, 2021)

    Remote work is here to stay, and the cost of a breach is higher when remote work is involved.

    The cost comes not only directly from payments but also indirectly from reputational loss. (Source: IBM, 2021)

    Security teams can participate in the solution

    The numbers are clear: in 2022, when we face a threat environment like WE’VE never EXPERIENCED before, good security is worth the investment

    $1.76 million

    Saved when zero trust is deployed facing a breach

    Zero trust controls are realistic and effective controls.

    Organizations that implement zero trust dramatically reduce the cost of an adverse security event.

    35%

    More costly if it takes more than 200 days to identify and contain a breach

    With increased BYOD and remote work, detection and response is more challenging than ever before – but it is also highly effective.

    Organizations that detect and respond to incidents quickly will significantly reduce the impact. (Source: IBM, 2021)

    Breaches are 34% less costly when mature zero trust is implemented.

    A fully staffed and well-prepared security team could save the cost through quick responses. (Source: IBM, 2021)

    Top security priorities and constraints in 2022

    Survey results

    As part of its research process for the 2022 Security Priorities Report, Info-Tech Research Group surveyed security and IT leaders (N=97) to ask their top security priorities as well as their main obstacles to security success in 2022:

    Top Priorities
    A list of the top three priorities identified in the survey with their respective percentages, 'Acquiring and retaining talent, 30%', 'Protecting against and responding to ransomware, 23%', and 'Securing a remote workforce, 23%'.

    Survey respondents were asked to force-rank their security priorities.

    Among the priorities chosen most frequently as #1 were talent management, addressing ransomware threats, and securing hybrid/remote work.

    Top Obstacles
    A list of the top three obstacles identified in the survey with their respective percentages, 'Staffing constraints, 31%', 'Demand of ever-changing business environment, 23%', and 'Budget constraints, 15%'.

    Talent management is both the #1 priority and the top obstacle facing security leaders in 2022.

    Unsurprisingly, the ever-changing environment in a world emerging from a pandemic and budget constraints are also top obstacles.

    We know the priorities…

    But what are security leaders actually working on?

    This report details what we see the world demanding of security leaders in the coming year.

    Setting aside the demands – what are security leaders actually working on?

    A list of 'Top security topics among Info-Tech members' with accompanying bars, 'Security Strategy', 'Security Policies', 'Security Operations', 'Security Governance', and 'Security Incident Response'.

    Many organizations are still mastering the foundations of a mature cybersecurity program.

    This is a good idea!

    Most breaches are still due to gaps in foundational security, not lack of advanced controls.

    We know the priorities…

    But what are security leaders actually working on?

    A list of industries with accompanying bars representing their demand for security. The only industry with a significant positive percentage is 'Government'. Security projects included in annual plan relative to industry.

    One industry plainly stands out from the rest. Government organizations are proportionally much more active in security than other industries, and for good reason: they are common targets.

    Manufacturing and professional services are proportionally less interested in security. This is concerning, given the recent targeting of supply chain and personal data holders by ransomware gangs.

    5 Security Priorities for 2022 Logo for Info-Tech. Logo for ITRG.

    People

    1. Acquiring and Retaining Talent
      Create a good working environment for existing and potential employees. Invest time and effort into talent issues to avoid being understaffed.
    2. Securing a Remote Workforce
      Create a secure environment for users and help your people build safe habits while working remotely.

    Process

    1. Securing Digital Transformation
      Build in security from the start and check in frequently to create agile and secure user experiences.

    Technology

    1. Adopting Zero Trust
      Manage access of sensitive information based on the principle of least privilege.
    2. Protecting Against and Responding to Ransomware
      Put in your best effort to build defenses but also prepare for a breach and know how to recover.

    Main Influencing Factors

    COVID-19 Pandemic
    The pandemic has changed the way we interact with technology. Organizations are universally adapting their business and technology processes to fit the post-pandemic paradigm.
    Rampant Cybercrime Activity
    By nearly every conceivable metric, cybercrime is way up in the past two years. Cybercriminals smell blood and pose a more salient threat than before. Higher standards of cybersecurity capability are required to respond to this higher level of threat.
    Remote Work and Workforce Reallocation
    Talented IT staff across the globe enabled an extraordinarily fast shift to remote and distance work. We must now reckon with the security and human resourcing implications of this huge shift.

    Acquire and Retain Talent

    Priority 01

    Security talent was in short supply before the pandemic, and it's even worse now.

    Executive summary

    Background

    Cybersecurity talent has been in short supply for years, but this shortage has inflected upward since the pandemic.

    The Great Resignation contributed to the existing talent gap. The pandemic has changed how people work as well as how and where they choose work. More and more senior workers are retiring early or opting for remote working opportunities.

    The cost to acquire cybersecurity talent is huge, and the challenge doesn’t end there. Retaining top talent can be equally difficult.

    Current situation

    • A 2021 survey by ESG shows that 76% of security professional agree it’s difficult to recruit talent, and 57% said their organization is affected by this talent shortage.
    • (ISC)2 reports there are 2.72 million unfilled job openings and an increasing workforce gap (2021).

    2.72 million unfilled cybersecurity openings (Source: (ISC)2, 2021)

    IT leaders must do more to attract and retain talent in 2022

    • Over 70% of IT professionals are considering quitting their jobs (TalentLMS, 2021). Meanwhile, 51% of surveyed cybersecurity professionals report extreme burnout during the last 12 months and many of them have considered quitting because of it (VMWare, 2021).
    • Working remotely makes it easier for people to look elsewhere, lowering the barrier to leaving.
    • This is a big problem for security leaders, as cybersecurity talent is in very short supply. The cost of acquiring and retaining quality cybersecurity staff in 2022 is significant, and many organizations are unwilling or unable to pay the premium.
    • Top talent will demand flexible working conditions – even though remote work comes with security risk.
    • Most smart, talented new hires in 2022 are demanding to work remotely most of the time.
    Top reasons for resignations in 2021
    Burnout 30%
    Other remote opportunities 20%
    Lack of growth opportunities 20%
    Poor culture 20%
    Acquisition concerns 10%
    (Source: Survey of West Coast US cybersecurity professionals; TechBeacon, 2021)

    Talent will be 2022’s #1 strength and #1 weakness

    Staffing obstacles in 2022:

    “Attracting and retaining talent is always challenging. We don’t pay as well and my org wants staff in the office at least half of the time. Most young, smart, talented new hires want to work remotely 100 percent of the time.“

    “Trying to grow internal resources into security roles.”

    “Remote work expectations by employees and refusal by business to accommodate.”

    “Biggest obstacle: payscales that are out of touch with cybersecurity market.”

    “Request additional staff. Obtaining funding for additional position is most significant obstacle.”

    (Info-Tech Tech Security Priorities Survey 2022)
    Top obstacles in 2022:

    As you can see, respondents to our security priorities survey have strong feelings on the challenges of staffing a cybersecurity team.

    The growth of remote work means local talent can now be hired by anybody, vastly increasing your competition as an employer.

    Hiring local will get tougher – but so will hiring abroad. People who don’t want to relocate for a new job now have plenty of alternatives. Without a compelling remote work option, you will find non-local prospects unwilling to move for a new job.

    Lastly, many organizations are still reeling at the cost of experienced cybersecurity talent. Focused internal training and development will be the answer for many organizations.

    Recommended Actions

    Provide career development opportunities

    Many security professionals are dissatisfied with their unclear career development paths. To improve retention, organizations should provide their staff with opportunities and clear paths for career and skills advancement.

    Be open-minded when hiring

    To broaden the candidate pool, organizations should be open-minded when considering who to hire.

    • Enable remote work.
    • Do not fixate on certificates and years of experience; rather, be open to developing those who have the right interest and ability.
    • Consider using freelance workers.
    Facilitate work-life balance

    Many security professionals say they experience burnout. Promoting work-life balance in your organization can help retain critical skills.

    Create inclusive environment

    Hire a diverse team and create an inclusive environment where they can thrive.

    Talent acquisition and retention plan

    Use this template to explain the priorities you need your stakeholders to know about.

    Provide a brief value statement for the initiative.

    Address a top priority and a top obstacle with a plan to attract and retain top organizational and cybersecurity talent.

    Initiative Description:

    • Provide secure remote work capabilities for staff.
    • Work with HR to refine a hiring plan that addresses geographical and compensation gaps with cybersecurity and general staff.
    • Survey staff engagement to identify points of friction and remediate where needed.
    • Define a career path and growth plan for staff.
    Description must include what IT will undertake to complete the initiative.

    Primary Business Benefits:

    Arrow pointing down.
    Reduction in costs due to turnover and talent loss

    Other Expected Business Benefits:

    Arrow pointing up.
    Productivity due to good morale/ engagement
    Arrow pointing up.
    Improved corporate culture
    Align initiative benefits back to business benefits or benefits for the stakeholder groups that it impacts.

    Risks:

    • Big organizational and cultural changes
    • Increased attack surface of remote/hybrid workforce

    Related Info-Tech Research:

    Secure a Remote Workforce

    Priority 02

    Trends suggest remote work is here to stay. Addressing the risk of insecure endpoints can no longer be deferred.

    Executive summary

    Remote work poses unique challenges to cybersecurity teams. The personal home environment may introduce unauthorized people and unknown network vulnerabilities, and the organization loses nearly all power and influence over the daily cyber hygiene of its users.

    In addition, the software used for enabling remote work itself can be a target of cybersecurity criminals.

    Current situation

    • 70% of workers in technical services work from home.
    • Employees of larger firms and highly paid individuals are more likely to be working outside the office.
    • 80% of security and business leaders find that remote work has increased the risk of a breach.
    • (Source: StatCan, 2021)

    70% of tech workers work from home (Source: Statcan, 2021)

    Remote work demands new security solutions

    The security perimeter is finally gone

    The data is outside the datacenter.
    The users are outside the office.
    The endpoints are … anywhere and everywhere.

    Organizations that did not implement digital transformation changes following COVID-19 experience higher costs following a breach, likely because it is taking nearly two months longer, on average, to detect and contain a breach when more than 50% of staff are working remotely (IBM, 2021).

    In 2022 the cumulative risk of so many remote connections means we need to rethink how we secure the remote/hybrid workforce.

    Security
    • Distributed denial of service
    • DNS hijacking
    • Weak VPN protocols
    Identity
    • One-time verification allowing lateral movement
    Colorful tiles representing the surrounding security solutions. Network
    • Risk perimeter stops at corporate network edge
    • Split tunneling
    Authentication
    • Weak authentication
    • Weak password
    Access
    • Man-in-the-middle attack
    • Cross-site scripting
    • Session hijacking

    Recommended Actions

    Mature your identity management

    Compromised identity is the main vector to breaches in recent years. Stale accounts, contractor accounts, misalignment between HR and IT – the lack of foundational practices leads to headline-making breaches every week.
    Tighten up identity control to keep your organization out of the newspaper.

    Get a handle on your endpoints

    Work-from-home (WFH) often means unknown endpoints on unknown networks full of other unknown devices…and others in the home potentially using the workstation for non-work purposes. Gaining visibility into your endpoints can help to keep detection and resolution times short.

    Educate users

    Educate everyone on security best practices when working remotely:

    • Apply secure settings (not just defaults) to the home network.
    • Use strong passwords.
    • Identify suspicious email.
    Ease of use

    Many workers complain that the corporate technology solution makes it difficult to get their work done.

    Employees will take productivity over security if we force them to choose, so IT needs to listen to end users’ needs and provide a solution that is nimble and secure.

    Roadmap to securing remote/hybrid workforce

    Use this template to explain the priorities you need your stakeholders to know about.

    Provide a brief value statement for the initiative.

    The corporate network now extends to the internet – ensure your security plan has you covered.

    Initiative Description:

    • Reassess enterprise security strategy to include the WFH attack surface (especially endpoint visibility).
    • Ensure authentication requirements for remote workers are sufficient (e.g. MFA, strong passwords, hardware tokens for high-risk users/connections).
    • Assess the value of zero trust networking to minimize the blast radius in the case of a breach.
    • Perform penetration testing annually.
    Description must include what IT will undertake to complete the initiative.

    Primary Business Benefits:

    Arrow pointing down.


    Reduced cost of security incidents/reputational damage

    Other Expected Business Benefits:

    Arrow pointing up.
    Improved ability to attract and retain talent
    Arrow pointing up.
    Increased business adaptability
    Align initiative benefits back to business benefits or benefits for the stakeholder groups that it impacts.

    Risks:

    • Potential disruption to traditional working patterns
    • Cost of investing in WFH versus risk of BYOD

    Related Info-Tech Research:

    Secure Digital Transformation

    Priority 03

    Digital transformation could be a competitive advantage…or the cause of your next data breach.

    Executive summary

    Background

    Digital transformation is occurring at an ever-increasing rate these days. As Microsoft CEO Satya Nadella said early in the pandemic, “We’ve seen two years’ worth of digital transformation in two months.”

    We have heard similar stories from Info-Tech members who deployed rollouts that were scheduled to take months over a weekend instead.

    Microsoft’s own shift to rapidly expand its Teams product is a prime example of how quickly the digital landscape has changed. The global adaption to a digital world has largely been a success story, but rapid change comes with risk, and there is a parallel story of rampant cyberattacks like we have never seen before.

    Insight

    There is an adage that “slow is smooth, and smooth is fast” – the implication being that fast is sloppy. In 2022 we’ll see a pattern of organizations working to catch up their cybersecurity with the transformations we all made in 2020.

    $1.78 trillion expected in digital transformation investments (Source: World Economic Forum, 2021)

    An ounce of security prevention versus a pound of cure

    The journey of digital transformation is a risky one.

    Digital transformations often rely heavily on third-party cloud service providers, which increases exposure of corporate data.

    Further, adoption of new technology creates a new threat surface that must be assessed, mitigations implemented, and visibility established to measure performance.

    However, digital transformations are often run on slim budgets and without expert guidance.

    Survey respondents report as much: rushed deployments, increased cloud migration, and shadow IT are the top vulnerabilities reported by security leaders and executives.

    In a 2020 Ponemon survey, 82% of IT security and C-level executives reported experiencing at least one data breach directly resulting from a digital transformation they had undergone.

    Scope creep is inevitable on any large project like a digital transformation. A small security shortcut early in the project can have dire consequences when it grows to affect personal data and critical systems down the road.

    Recommended Actions

    Engage the business early and often

    Despite the risks, organizations engage in digital transformations because they also have huge business value.

    Security leaders should not be seeking to slow or stop digital transformations; rather, we should be engaging with the business early to get ahead of risks and enable successful transformation.

    Establish a vendor security program

    Data is moving out of datacenters and onto third-party environments. Without security requirements built into agreements, and clear visibility into vendor security capabilities, that data is a major source of risk.

    A robust vendor security program will create assurance early in the process and help to reinforce the responsibility of securing data with other parts of the organization.

    Build/revisit your security strategy

    The threat surface has changed since before your transformation. This is the right time to revisit or rebuild your security strategy to ensure that your control set is present throughout the new environment – and also a great opportunity to show how your current security investments are helping secure your new digital lines of business!

    Educate your key players

    Only 16% of security leaders and executives report alignment between security and business processes during digital transformation.

    If security is too low a priority, then key players in your transformation efforts are likely unaware of how security risks impact their own success. It will be incumbent upon the CISO to start that conversation.

    Securing digital transformation

    Use this template to explain the priorities you need your stakeholders to know about.

    Provide a brief value statement for the initiative.

    Ensure your investment in digital transformation is appropriately secured.

    Initiative Description:

    • Engage security with digital transformation and relevant governance structures (steering committees) to ensure security considerations are built into digital transformation planning.
    • Incorporate security stage gates in project management procedures.
    • Establish a vendor security assessment program.
    Description must include what IT will undertake to complete the initiative.

    Primary Business Benefits:

    Arrow pointing up.


    Increased likelihood of digital transformation success

    Other Expected Business Benefits:

    Arrow pointing up.
    Ability to make informed decisions for the field rep strategy
    Arrow pointing down.
    Reduced long-term cost of digital transformation
    Align initiative benefits back to business benefits or benefits for the stakeholder groups that it impacts.

    Risks:

    • Potential increased up front cost (reduced long-term cost)
    • Potential slowed implementation with security stage gates in project management

    Related Info-Tech Research:

    Adopt Zero Trust

    Priority 04

    Governments are recognizing the importance of zero trust strategies. So should your organization.

    Why now for zero trust?

    John Kindervag modernized the concept of zero trust back in 2010, and in the intervening years there has been enormous interest in cybersecurity circles, yet in 2022 only 30% of organizations report even beginning to roll out zero trust capabilities (Statista, 2022).

    Why such little action on a revolutionary and compelling model?

    Zero trust is not a technology; it is a principle. Zero trust adoption takes concerted planning, effort, and expense, for which the business value has been unclear throughout most of the last 10 years. However, several recent developments are changing that:

    • Securing technology has become very hard! The size, complexity, and attack surface of IT environments has grown significantly – especially since the pandemic.
    • Cyberattacks have become rampant as the cost to deploy harmful ransomware has become lower and the impact has become higher.
    • The shift away from on-premises datacenters and offices created an opening for zero trust investment, and zero trust technology is more mature than ever before.

    The time has come for zero trust adoption to begin in earnest.

    97% will maintain or increase zero trust budget (Source: Statista, 2022)

    Traditional perimeter security is not working

    Zero trust directly addresses the most prevalent attack vectors today

    A hybrid workforce using traditional VPN creates an environment where we are exposed to all the risks in the wild (unknown devices at any location on any network), but at a stripped-down security level that still provides the trust afforded to on-premises workers using known devices.

    What’s more, threats such as ransomware are known to exploit identity and remote access vulnerabilities before moving laterally within a network – vectors that are addressed directly by zero trust identity and networking. Ninety-three percent of surveyed zero trust adopters state that the benefits have matched or exceeded their expectations (iSMG, 2022).

    Top reasons for building a zero trust program in 2022

    (Source: iSMG, 2022)

    44%

    Enforce least privilege access to critical resources

    44%

    Reduce attacker ability to move laterally

    41%

    Reduce enterprise attack surface

    The business case for zero trust is clearer than ever

    Prior obstacles to Zero Trust are disappearing

    A major obstacle to zero trust adoption has been the sheer cost, along with the lack of business case for that investment. Two factors are changing that paradigm in 2022:

    The May 2021 US White House Executive Order for federal agencies to adopt zero trust architecture finally placed zero trust on the radar of many CEOs and board members, creating the business interest and willingness to consider investing in zero trust.

    In addition, the cost of adopting zero trust is quickly being surpassed by the cost of not adopting zero trust, as cyberattacks become rampant and successful zero trust deployments create a case study to support investment.

    Bar chart titled 'Cost to remediate a Ransomware attack' with bars representing the years '2021' and '2020'. 2021's cost sits around $1.8M while 2020's was only $750K The cost to remediate a ransomware attack more than doubled from 2020 to 2021. Widespread adoption of zero trust capabilities could keep that number from doubling again in 2022. (Source: Sophos, 2021)

    The cost of a data breach is on average $1.76 million less for organizations with mature zero trust deployments.

    That is, the cost of a data breach is 35% reduced compared to organizations without zero trust controls. (Source: IBM, 2021)

    Recommended Actions

    Start small

    Don’t put all your eggs in one basket by deploying zero trust in a wide swath. Rather, start as small as possible to allow for growing pains without creating business friction (or sinking your project altogether).

    Build a sensible roadmap

    Zero trust principles can be applied in a myriad of ways, so where should you start? Between identities, devices, networking, and data, decide on a use case to do pilot testing and then refine your approach.

    Beware too-good-to-be-true products

    Zero trust is a powerful buzzword, and vendors know it.

    Be skeptical and do your due diligence to ensure your new security partners in zero trust are delivering what you need.

    Zero trust roadmap

    Use this template to explain the priorities you need your stakeholders to know about.

    Provide a brief value statement for the initiative.

    Develop a practical roadmap that shows the business value of security investment.

    Initiative Description:

    • Define desired business and security outcomes from zero trust adoption.
    • Assess zero trust readiness.
    • Build roadmaps for zero trust:
      1. Identity
      2. Networking
      3. Devices
      4. Data
    Description must include what IT will undertake to complete the initiative.

    Primary Business Benefits:

    Arrow pointing up.


    Increased security posture and business agility

    Other Expected Business Benefits:

    Arrow pointing down.
    Reduced impact of security events
    Arrow pointing down.
    Reduced cost of managing complex control set
    Arrow pointing up.
    More secure business transformation (i.e. cloud/digital)
    Align initiative benefits back to business benefits or benefits for the stakeholder groups that it impacts.

    Risks:

    • Learning curve of implementation (start small and slow)
    • Transition from current control set to zero trust model

    Related Info-Tech Research:

    Protect Against and Respond to Ransomware

    Priority 05

    Ransomware is still the #1 threat to the safety of your data.

    Executive summary

    Background

    • Ransomware attacks have transformed in 2021 and show no sign of slowing in 2022. There is a new major security breach every week, despite organizations spending over $150 billion in a year on cybersecurity (Nasdaq, 2021).
    • Ransomware as a service (RaaS) is commonplace, and attackers are doubling down by holding encrypted data ransom and also demanding payment under threat to disclose exfiltrated data – and they are making good on their threats.
    • The global cost of ransomware is expected to rise to $265 billion by 2031 (Cybersecurity Ventures, 2021).
    • We expect to see an increase in ransomware incidents in 2022, both in severity and volume – multiple attacks and double extortion are now the norm.
    • High staff turnover increases risk because new employees are unfamiliar with security protocols.

    150% increase ransomware attacks in 2020 (Source: ENISA)

    This is a new golden age of ransomware

    What is the same in 2022

    Unbridled ransomware attacks make it seem like attackers must be using complex new techniques, but prevalent ransomware attack vectors are actually well understood.

    Nearly all modern variants are breaching victim systems in one of three ways:

    • Email phishing
    • Software vulnerabilities
    • RDP/Remote access compromise
    What is new in 2022
    The sophistication of victim targeting

    Victims often find themselves asking, “How did the attackers know to phish the most security-oblivious person in my staff?” Bad actors have refined their social engineering and phishing to exploit high-risk individuals, meaning your chain is only as strong as the weakest link.

    Ability of malware to evade detection

    Modern ransomware is getting better at bypassing anti-malware technology, for example, through creative techniques such as those seen in the MedusaLocker variant and in Ghost Control attacks.

    Effective anti-malware is still a must-have control, but a single layer of defense is no longer enough. Any organization that hopes to avoid paying a ransom must prepare to detect, respond, and recover from an attack.

    Many leaders still don’t know what a ransomware recovery would look like

    Do you know what it would take to recover from a ransomware incident?

    …and does your executive leadership know what it would take to recover?

    The organizations that are most likely to pay a ransom are unprepared for the reality of recovering their systems.

    If you have not done a tabletop or live exercise to simulate a true recovery effort, you may be exposed to more risk than you realize.

    Are your defenses sufficiently hardened against ransomware?

    Organizations with effective security prevention are often breached by ransomware – but they are prepared to contain, detect, and eradicate the infection.

    Ask yourself whether you have identified potential points of entry for ransomware. Assume that your security controls will fail.

    How well are your security controls layered, and how difficult would it be for an attacker to move east/west within your systems?

    Recommended Actions

    Be prepared for a breach

    There is no guarantee that an organization will not fall victim to ransomware, so instead of putting all their effort into prevention, organizations should also put effort into planning to respond to a breach.

    Security awareness training/phishing detection

    Phishing continues to be the main point of entry for ransomware. Investing in phishing awareness and detection among your end users may be the most impactful countermeasure you can implement.

    Zero trust adoption

    Always verify at every step of interaction, even when access is requested by internal users. Manage access of sensitive information based on the principle of least privilege access.

    Encrypt and back up your data

    Encrypt your data so that even if there is a breach, the attackers don’t have a copy of your data. Also, keep regular backups of data at a separate location so that you still have data to work with after a breach occurs.

    You never want to pay a ransom. Being prepared to deal with an incident is your best chance to avoid paying!

    Prevent and respond to ransomware

    Use this template to explain the priorities you need your stakeholders to know about.

    Provide a brief value statement for the initiative.

    Determine your current readiness, response plan, and projects to close gaps.

    Initiative Description:

    • Execute a systematic assessment of your current security and ransomware recovery capabilities.
    • Perform tabletop activities and live recoveries to test data recovery capabilities.
    • Train staff to detect suspicious communications and protect their identities.
    Description must include what IT will undertake to complete the initiative.

    Primary Business Benefits:

    Arrow pointing up.


    Improved productivity and brand protection

    Other Expected Business Benefits:

    Arrow pointing down.
    Reduced downtime and disruption
    Arrow pointing down.
    Reduced cost due to incidents (ransom payments, remediation)
    Align initiative benefits back to business benefits or benefits for the stakeholder groups that it impacts.

    Risks:

    • Friction with existing staff

    Related Info-Tech Research:

    Deepfakes: Dark-horse threat for 2022

    Deepfake video

    How long has it been since you’ve gone a full workday without having a videoconference with someone?

    We have become inherently trustful that the face we see on the screen is real, but the technology required to falsify that video is widely available and runs on commercially available hardware, ushering in a genuinely post-truth online era.

    Criminals can use deepfakes to enhance social engineering, to spread misinformation, and to commit fraud and blackmail.

    Deepfake audio

    Many financial institutions have recently deployed voiceprint authentication. TD describes its VoicePrint as “voice recognition technology that allows us to use your voiceprint – as unique to you as your fingerprint – to validate your identity” over the phone.

    However, hackers have been defeating voice recognition for years already. There is ripe potential for voice fakes to fool both modern voice recognition technology and the accounts payable staff.

    Bibliography

    “2021 Ransomware Statistics, Data, & Trends.” PurpleSec, 2021. Web.

    Bayern, Macy. “Why 60% of IT security pros want to quit their jobs right now.” TechRepublic, 10 Oct. 2018. Web.

    Bresnahan, Ethan. “How Digital Transformation Impacts IT And Cyber Risk Programs.” CyberSaint Security, 25 Feb. 2021. Web.

    Clancy, Molly. “The True Cost of Ransomware.” Backblaze, 9 Sept. 2021.Web.

    “Cost of a Data Breach Report 2021.” IBM, 2021. Web.

    Cybersecurity Ventures. “Global Ransomware Damage Costs To Exceed $265 Billion By 2031.” Newswires, 4 June 2021. Web.

    “Digital Transformation & Cyber Risk: What You Need to Know to Stay Safe.” Ponemon Institute, June 2020. Web.

    “Global Incident Response Threat Report: Manipulating Reality.” VMware, 2021.

    Granger, Diana. “Karmen Ransomware Variant Introduced by Russian Hacker.” Recorded Future, 18 April 2017. Web.

    “Is adopting a zero trust model a priority for your organization?” Statista, 2022. Web.

    “(ISC)2 Cybersecurity Workforce Study, 2021: A Resilient Cybersecurity Profession Charts the Path Forward.” (ISC)2, 2021. Web.

    Kobialka, Dan. “What Are the Top Zero Trust Strategies for 2022?” MSSP Alert, 10 Feb. 2022. Web.

    Kost, Edward. “What is Ransomware as a Service (RaaS)? The Dangerous Threat to World Security.” UpGuard, 1 Nov. 2021. Web.

    Lella, Ifigeneia, et al., editors. “ENISA Threat Landscape 2021.” ENISA, Oct. 2021. Web.

    Mello, John P., Jr. “700K more cybersecurity workers, but still a talent shortage.” TechBeacon, 7 Dec. 2021. Web.

    Naraine, Ryan. “Is the ‘Great Resignation’ Impacting Cybersecurity?” SecurityWeek, 11 Jan. 2022. Web.

    Oltsik, Jon. “ESG Research Report: The Life and Times of Cybersecurity Professionals 2021 Volume V.” Enterprise Security Group, 28 July 2021. Web.

    Osborne, Charlie. “Ransomware as a service: Negotiators are now in high demand.” ZDNet, 8 July 2021. Web.

    Osborne, Charlie. “Ransomware in 2022: We’re all screwed.” ZDNet, 22 Dec. 2021. Web.

    “Retaining Tech Employees in the Era of The Great Resignation.” TalentLMS, 19 Oct. 2021. Web.

    Rubin, Andrew. “Ransomware Is the Greatest Business Threat in 2022.” Nasdaq, 7 Dec. 2021. Web.

    Samartsev, Dmitry, and Daniel Dobrygowski. “5 ways Digital Transformation Officers can make cybersecurity a top priority.“ World Economic Forum, 15 Sept. 2021. Web.

    Seymour, John, and Azeem Aqil. “Your Voice is My Passport.” Presented at black hat USA 2018.

    Solomon, Howard. “Ransomware attacks will be more targeted in 2022: Trend Micro.” IT World Canada, 6 Jan. 2022. Web.

    “The State of Ransomware 2021.” Sophos, April 2021. Web.

    Tarun, Renee. “How The Great Resignation Could Benefit Cybersecurity.” Forbes Technology Council, Forbes, 21 Dec. 2021. Web.

    “TD VoicePrint.” TD Bank, n.d. Web.

    “Working from home during the COVID-19 pandemic, April 202 to June 2021.” Statistics Canada, 4 Aug. 2021. Web.

    “Zero Trust Strategies for 2022.” iSMG, Palo Alto Networks, and Optiv, 28 Jan. 2022. Web.

    Prototype With an Innovation Design Sprint

    • Buy Link or Shortcode: {j2store}90|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • The business has a mandate for IT-led innovation.
    • IT doesn’t have the budget it wants for high-risk, high-reward initiatives.
    • Many innovation projects have failed in the past.
    • Many projects that have moved through the approval process failed to meet their expectations.

    Our Advice

    Critical Insight

    • Don’t let perfect be the enemy of good. Think like a start-up and use experimentation and rapid re-iteration to get your innovative ideas off the ground.

    Impact and Result

    • Build and test a prototype in four days using Info-Tech’s Innovation Design Sprint Methodology.
    • Create an environment for co-creation between IT and the business.
    • Learn techniques for socializing and selling your ideas to business stakeholders.
    • Refine your prototype through rapid iteration and user-experience testing.
    • Socialize design thinking culture, tactics, and methods with the business.

    Prototype With an Innovation Design Sprint Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should evaluate your ideas using a design sprint, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand and ideate

    Define the problem and start ideating potential solutions.

    • Prototype With an Innovation Design Sprint – Day 1: Understand and Ideate
    • Prototyping Workbook

    2. Divide and conquer

    Split off into prototyping teams to build and test the first-iteration prototypes

    • Prototype With an Innovation Design Sprint – Day 2: Divide and Conquer
    • Research Study Log Tool

    3. Unite and integrate

    Integrate the best ideas from the first iterations and come up with a team solution to the problem.

    • Prototype With an Innovation Design Sprint – Day 3: Unite and Integrate
    • Prototype One Pager

    4. Build and sell

    Build and test the team’s integrated prototype, decide on next steps, and come up with a pitch to sell the solution to business executives.

    • Prototype With an Innovation Design Sprint – Day 4: Build and Sell
    [infographic]

    Workshop: Prototype With an Innovation Design Sprint

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand and Ideate

    The Purpose

    Align the team around a well-defined business problem and start ideating solutions.

    Key Benefits Achieved

    Ideate solutions in the face of organizational cconstraints and characterize the success of the prototype.

    Activities

    1.1 Frame the problem.

    1.2 Develop evaluation criteria.

    1.3 Diverge and converge.

    Outputs

    Problem statement(s)

    Evaluation criteria

    Ideated solutions

    2 Divide and Conquer

    The Purpose

    Break off into teams to try and develop solutions that address the problem in unique ways.

    Key Benefits Achieved

    Develop and test a first-iteration prototype.

    Activities

    2.1 Design first prototypes in teams.

    2.2 Conduct UX testing.

    Outputs

    First-iteration prototypes

    User feedback and data

    3 Unite and Integrate

    The Purpose

    Bring the team back together to develop a team vision of the final prototype.

    Key Benefits Achieved

    Integrated, second-iteration prototype.

    Activities

    3.1 Create and deliver prototype pitches.

    3.2 Integrate prototypes.

    Outputs

    Prototype practice pitches

    Second-iteration prototype

    4 Build and Sell

    The Purpose

    Build and test the second prototype and prepare to sell it to business executives.

    Key Benefits Achieved

    Second-iteration prototype and a budget pitch.

    Activities

    4.1 Conduct second round of UX testing.

    4.2 Create one pager and budget pitch.

    Outputs

    User feedback and data

    Prototype one pager and budget pitch

    2021 IT Talent Trend Report

    • Buy Link or Shortcode: {j2store}516|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $9,919 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: Lead
    • Parent Category Link: /lead
    • In March 2020, many organizations were forced to switch to a virtual working world. IT enabled organizations to be successful while working from home. Ultimately, this shift changed the way that we all work, and in turn, the way IT leaders manage talent.
    • Many organizations are considering long-term remote work (Kelly, 2020).
    • Change is starting but is lagging.

    Our Advice

    Critical Insight

    • Increase focus on employee experience to navigate new challenges.
    • A good employee experience is what is best for the IT department.

    Impact and Result

    • The data shows IT is changing in the area of talent management.
    • IT has a large role in enabling organizations to work from home, especially from a technological and logistics perspective. There is evidence to show that they are now expanding their role to better support employees when working from home.
    • Survey respondents identified efforts already underway for IT to improve employee experience and subsequently, IT effectiveness.

    2021 IT Talent Trend Report Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should focus on the employee experience and get an overview of what successful IT leaders are doing differently heading into 2021 – the five new talent management trends.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. DEI: A top talent objective

    The focus on diversity, equity, and inclusion (DEI) initiatives spans the entire organization beyond just HR. Learn which DEI efforts are underway with IT.

    • 2021 IT Talent Trend Report – Trend 1: DEI: A Top Talent Objective

    2. Remote work is here to stay

    Forced work-from-home demonstrated to organizations that employees can be productive while working away from the physical office. Learn more about how remote work is changing work.

    • 2021 IT Talent Trend Report – Trend 2: Remote Work Is Here to Stay

    3. A greater emphasis on wellbeing

    When the pandemic hit, organizations were significantly concerned about how employees were doing. Learn more about wellbeing.

    • 2021 IT Talent Trend Report – Trend 3: A Greater Emphasis on Wellbeing

    4. A shift in skills priorities

    Upskilling and finding sought after skills were challenging before the pandemic. How has it changed since? Learn more about skills priorities.

    • 2021 IT Talent Trend Report – Trend 4: A Shift in Skills Priorities

    5. Uncertainty unlocks performance

    The pandemic and remote work has affected performance. Learn about how uncertainty has impacted performance management.

    • 2021 IT Talent Trend Report – Trend 5: Uncertainty Unlocks Performance
    [infographic]

    Enter Into Mobile Development Without Confusion and Frustration

    • Buy Link or Shortcode: {j2store}282|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Mobile Development
    • Parent Category Link: /mobile-development
    • IT managers don’t know where to start when initiating a mobile program.
    • IT has tried mobile development in the past but didn't achieve success.
    • IT must initiate a mobile program quickly based on business priorities and needs a roadmap based on best practices.

    Our Advice

    Critical Insight

    • Form factors and mobile devices won't drive success – business alignment and user experience will. Don't get caught up with the latest features in mobile devices.
    • Software emulation testing is not true testing. Get on the device and run your tests.
    • Cross form-factor testing cannot be optimized to run in parallel. Therefore, anticipate longer testing cycles for cross form-factor testing.

    Impact and Result

    • Prepare your development, testing, and deployment teams for mobile development.
    • Get a realistic assessment of ROI for the launch of a mobile program.

    Enter Into Mobile Development Without Confusion and Frustration Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Make the Case for a Mobile Program

    Understand the current mobile ecosystem. Use this toolkit to help you initiate a mobile development program.

    • Storyboard: Enter Into Mobile Development Without Confusion and Frustration

    2. Assess Your Dev Process for Readiness

    Review and evaluate your current application development process.

    3. Prepare to Execute Your Mobile Program

    Prioritize your mobile program based on your organization’s prioritization profile.

    • Mobile Program Tool

    4. Communicate with Stakeholders

    Summarize the execution of the mobile program.

    • Project Status Communication Worksheet
    [infographic]

    Workshop: Enter Into Mobile Development Without Confusion and Frustration

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Build your Future Mobile Development State

    The Purpose

    Understand the alignment of stakeholder objectives and priorities to mobile dev IT drivers.

    Assess readiness of your organization for mobile dev.

    Understand how to build your ideal mobile dev process.

    Key Benefits Achieved

    Identify and address the gaps in your existing app dev process.

    Build your future mobile dev state.

    Activities

    1.1 Getting started

    1.2 Assess your current state

    1.3 Establish your future state

    Outputs

    List of key stakeholders

    Stakeholder and IT driver mapping and assessment of current app dev process

    List of practices to accommodate mobile dev

    2 Prepare and Execute your Mobile Program

    The Purpose

    Assess the impact of mobile dev on your existing app dev process.

    Prioritize your mobile program.

    Understand the dev practice metrics to gauge success.

    Key Benefits Achieved

    Properly prepare for the execution of your mobile program.

    Calculate the ROI of your mobile program.

    Prioritize your mobile program with dependencies in mind.

    Build a communication plan with stakeholders.

    Activities

    2.1 Conduct an impact analysis

    2.2 Prepare to execute

    2.3 Communicate with stakeholders

    Outputs

    Impact analysis of your mobile program and expected ROI

    Mobile program order of execution and project dependencies mapping

    List of dev practice metrics

    Lead Strategic Decision Making With Service Portfolio Management

    • Buy Link or Shortcode: {j2store}397|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Service Management
    • Parent Category Link: /service-management
    • There are no standardized processes for the intake of new ideas and no consistent view of the drivers needed to assess the value of these ideas.
    • IT is spending money on low-value services and doesn’t have the ability to understand and track value in order to prioritize IT investment.
    • CIOs are not trusted to drive innovation.

    Our Advice

    Critical Insight

    • The service portfolio empowers IT to be a catalyst in business strategy, change, and growth.
    • IT must drive value-based investment by understanding value of all services in the portfolio.
    • Organizations must assess the value of their services throughout their lifecycle to optimize business outcomes and IT spend.

    Impact and Result

    • Optimize IT investments by prioritizing services that provide more value to the business, ensuring that you do not waste money on low-value or out-of-date IT services.
    • Ensure that services are directly linked to business objectives, goals, and needs, keeping IT embedded in the strategic vision of the organization.
    • Enable the business to understand the impact of IT capabilities on business strategy.
    • Ensure that IT maintains a strategic and tactical view of the services and their value.
    • Drive agility and innovation by having a streamlined view of your business value context and a consistent intake of ideas.
    • Provide strategic leadership and create new revenue by understanding the relative value of new ideas vs. existing services.

    Lead Strategic Decision Making With Service Portfolio Management Research & Tools

    Start here – read the Executive Brief

    Service portfolio management enables organizations to become strategic value creators by establishing a dynamic view of service value. Understand the driving forces behind the need to manage services through their lifecycles.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish the service portfolio

    Establish and understand the service portfolio process by setting up the Service Portfolio Worksheet.

    • Lead Strategic Decision Making With Service Portfolio Management – Phase 1: Establish the Service Portfolio
    • Service Portfolio Worksheet

    2. Develop a value assessment framework

    Use the value assessment tool to assess services based on the organization’s context of value.

    • Lead Strategic Decision Making With Service Portfolio Management – Phase 2: Develop a Value Assessment Framework
    • Value Assessment Tool
    • Value Assessment Example Tool

    3. Manage intake and assessment of initiatives

    Create a centralized intake process to manage all new service ideas.

    • Lead Strategic Decision Making With Service Portfolio Management – Phase 3: Manage Intake and Assessment of Initiatives
    • Service Intake Form

    4. Assess active services

    Continuously validate the value of the existing service and determine the future of service based on the value and usage of the service.

    • Lead Strategic Decision Making With Service Portfolio Management – Phase 4: Assess Active Services

    5. Manage and communicate the service portfolio

    Communicate and implement the service portfolio within the organization, and create a mechanism to seek out continuous improvement opportunities.

    • Lead Strategic Decision Making With Service Portfolio Management – Phase 5: Manage and Communicate the Service Portfolio
    [infographic]

    Workshop: Lead Strategic Decision Making With Service Portfolio Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish the Service Portfolio

    The Purpose

    Establish and understand the service portfolio process by setting up the Service Portfolio Worksheet.

    Understand at a high level the steps involved in managing the service portfolio.

    Key Benefits Achieved

    Adapt the Service Portfolio Worksheet to organizational needs and create a plan to begin documenting services in the worksheet.

    Activities

    1.1 Review the Service Portfolio Worksheet.

    1.2 Adapt the Service Portfolio Worksheet.

    Outputs

    Knowledge about the use of the Service Portfolio Worksheet.

    Adapt the worksheet to reflect organizational needs and structure.

    2 Develop a Value Assessment Framework

    The Purpose

    Understand the need for a value assessment framework.

    Key Benefits Achieved

    Identify the organizational context of value through a holistic look at business objectives.

    Leverage Info-Tech’s Value Assessment Tool to validate and determine service value.

    Activities

    2.1 Understand value from business context.

    2.2 Determine the governing body.

    2.3 Assess culture and organizational structure.

    2.4 Complete the value assessment.

    2.5 Discuss value assessment score.

    Outputs

    Alignment on value context.

    Clear roles and responsibilities established.

    Ensure there is a supportive organizational structure and culture in place.

    Understand how to complete the value assessment and obtain a value score for selected services.

    Understand how to interpret the service value score.

    3 Manage Intake and Assessment of Initiatives

    The Purpose

    Create a centralized intake process to manage all new service ideas.

    Key Benefits Achieved

    Encourage collaboration and innovation through a transparent, formal, and centralized service intake process.

    Activities

    3.1 Review or design the service intake process.

    3.2 Review the Service Intake Form.

    3.3 Design a process to assess and transfer service ideas.

    3.4 Design a process to transfer completed services to the service catalog.

    Outputs

    Create a centralized process for service intake.

    Complete the Service Intake Form for a specific initiative.

    Have a process designed to transfer approved projects to the PMO.

    Have a process designed for transferring of completed services to the service catalog.

    4 Assess Active Services

    The Purpose

    Continuously validate the value of existing services.

    Key Benefits Achieved

    Ensure services are still providing the expected outcome.

    Clear next steps for services based on value.

    Activities

    4.1 Discuss/review management of active services.

    4.2 Complete value assessment for an active service.

    4.3 Determine service value and usage.

    4.4 Determine the next step for the service.

    4.5 Document the decision regarding the service outcome.

    Outputs

    Understand how active services must be assessed throughout their lifecycles.

    Understand how to assess an existing service.

    Place the service on the 2x2 matrix based on value and usage.

    Understand the appropriate next steps for services based on value.

    Formally document the steps for each of the IRMR options.

    5 Manage and Communicate Your Service Portfolio

    The Purpose

    Communicate and implement the service portfolio within the organization.

    Key Benefits Achieved

    Obtain buy-ins for the process.

    Create a mechanism to identify changes within the organization and to seek out continuous improvement opportunities for the service portfolio management process and procedures.

    Activities

    5.1 Create a communication plan for service portfolio and value assessment.

    5.2 Create a communication plan for service intake.

    5.3 Create a procedure to continuously validate the process.

    Outputs

    Document the target audience, the message, and how the message should be communicated.

    Document techniques to encourage participation and promote participation from the organization.

    Document the formal review process, including cycle, roles, and responsibilities.

    Identify and Manage Regulatory and Compliance Risk Impacts on Your Organization

    • Buy Link or Shortcode: {j2store}366|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management

    More than at any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.

    It is increasingly likely that one of your vendors, or their n-party support vendors, will fall out of regulatory compliance. Therefore, organizations must protect themselves by creating better mechanisms to hold their n-party vendors accountable and validate that they comply.

    Our Advice

    Critical Insight

    • Identifying and managing a vendor’s potential regulatory impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes may affect operations.
    • Organizational leadership is often taken unaware by changes, and their plans lack the flexibility to adjust to significant regulatory upheavals.

    Impact and Result

    Vendor management practices educate organizations on the different potential risks from vendors in your market and suggest creative and alternative ways to avoid and help manage them.

    • Prioritize and classify your vendors with quantifiable, standardized rankings.
    • Prioritize focus on your high-risk vendors.
    • Standardize your processes for identifying and monitoring vendor risks with our Regulatory Risk Impact Tool to manage potential impacts.

    Identify and Manage Regulatory and Compliance Risk Impacts on Your Organization Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and Manage Regulatory and Compliance Risk Impacts to Your Organization Storyboard – Use the research to better understand the negative impacts of vendor actions to your brand reputation.

    Use this research to identify and quantify the potential regulatory impacts caused by vendors. Use Info-Tech's approach to look at the regulatory impact from various perspectives to better prepare for issues that may arise.

    • Identify and Manage Regulatory and Compliance Risk Impacts on Your Organization Storyboard

    2. Regulatory Risk Impact Tool – Use this tool to help identify and quantify the operational impacts of negative vendor actions.

    By playing the “what if” game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    • Regulatory Risk Impact Tool
    [infographic]

    Further reading

    Identify and Manage Risk Impacts on Your Organization

    It is easier for prospective clients to find out what you did wrong than that you fixed the issue.

    Analyst perspective

    Organizations must understand the regulatory damage vendors may cause from lack of compliance.

    Frank Sewell.

    The sheer number of regulations on the international market is immense, ever-changing, and make it almost impossible for any organization to consistently keep up with compliance.

    As regulatory enforcement increases, organizations must hold their vendors accountable for compliance through ongoing monitoring and validation of regulatory compliance to the relevant standards in their industries, or face increasing penalties for non-compliance.

    Frank Sewell,

    Research Director, Vendor Management

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    More than at any previous time, our world is changing rapidly. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.

    It is increasingly likely that one of your vendors, or their n-party support vendors, will fall out of regulatory compliance. Organizations must protect themselves by creating better mechanisms to hold their n-party vendors accountable and validate that they comply.

    Identifying and managing a vendor’s potential regulatory impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes may affect operations.

    Organizational leadership is often taken unaware by changes, and their plans lack the flexibility to adjust to significant regulatory upheavals.

    Vendor management practices educate organizations on the different potential risks from vendors in your market and suggest creative and alternative ways to avoid and help manage them.

    Prioritize and classify your vendors with quantifiable, standardized rankings.

    Prioritize focus on your high-risk vendors.

    Standardize your processes for identifying and monitoring vendor risks with our Regulatory Risk Impact Tool to manage potential impacts.

    Info-Tech Insight

    Organizations must evolve their risk assessments to be more adaptive to respond to regulatory changes in the global market. Ongoing monitoring of the vendors who must comply with industry and governmental regulations is crucial to avoiding penalties and maintaining your regulatory compliance.

    Info-Tech’s multi-blueprint series on vendor risk assessment

    There are many individual components of vendor risk beyond cybersecurity.

    The image contains a cube that is divided into 6 asymmetrical to highlight the six components of vendor risk. Strategic, Security, Regulatory & Compliance, Financial, Reputational, Operational.

    This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.

    Out of Scope:

    This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.

    Regulatory and Compliance risk impacts

    Potential losses to the organization due regulatory and compliance incidents.

    • In this blueprint we’ll:
      • Explore regulatory and compliance risks and their impacts.
      • Identify potentially disruptive events to assess the overall impact on organizations and implement adaptive measures to identify, manage, and monitor vendor performance.

    The image contains a cube that is divided into 6 asymmetrical to highlight the six components of vendor risk. Strategic, Security, Regulatory & Compliance, Financial, Reputational, Operational. Regulatory & Compliance is highlighted on the cube.

    The world is constantly changing

    The IT market is constantly reacting to global influences. By anticipating changes, leaders can set expectations and work with their vendors to accommodate them and avoid penalties.

    When the unexpected happens, being able to adapt quickly to new priorities and regulations ensures continued long-term business success.

    Below are some things no one expected to happen in the last few years:

    45%

    Have no visibility into their upstream supply chain, or they can only see as far as their first-tier suppliers.

    2022 McKinsey

    61%

    Of compliance officers expect to increase investment in their compliance function over the next two years.

    2022 Accenture

    $770k+

    Breaches involving third-party vendors cost more on average.

    2022 HIT Consultant.net

    Regulatory Compliance

    Consider implementing vendor management initiatives and practices in your organization to help gain compliance with your expanding vendor landscape.

    Your organizational risks may be monitored but are your n-party vendors?

    The image contains a cube that is divided into 6 asymmetrical to highlight the six components of vendor risk. Strategic, Security, Regulatory & Compliance, Financial, Reputational, Operational.

    Review your expectations with your vendors and hold them accountable.

    Regulatory entities are looking beyond your organization’s internal compliance these days. More and more they are diving into your third-party and downstream relationships, particularly as awareness of downstream breaches increases globally.

    • Are you assessing your vendors regularly?
    • Are you validating those assessments?
    • Do your vendors have a map of their downstream support vendors?
    • Do they have the mechanisms to hold those downstream vendors accountable to your standards?

    Regulatory Guidance and Industry Standards

    Are you confident your vendors meet your standards?

    Identify and manage regulatory and compliance risks

    Environmental, Social, Governance (ESG)
    Regulatory agencies are putting more enforcement on ESG practices across the globe. As a result, organizations will need to monitor the changing regulations and validate that their vendors and n-party support vendors are adhering to these regulations, or face penalties for non-compliance.

    Data Protection
    Data Protection remains an issue in the world. Organizations should ensure that the data their vendors obtain remains protected throughout the vendor’s lifecycle, including post-termination. Otherwise, they could be monitoring for a data breach in perpetuity.

    Mergers and Acquisitions
    More prominent vendors continuously buy smaller companies to control the market in the IT industry. Therefore, organizations should put protections in their contracts to ensure that an IT vendor’s acquisition does not put them in a relationship with someone that could cause them an issue.

    What to look for

    Identify regulatory and compliance risk impacts.

    • Is there a record of complaints against the vendor from their employees or customers?
    • Has the vendor been cited for regulatory compliance issues in the past?
    • Does the vendor have a comprehensive list of their n-party vendor partners?
      • Are they willing to accept appropriate contractual protections regarding them?
    • Does the vendor self-audit, or do they use a vetted third-party audit firm to issue a SOC report annually?
    • Does the vendor operate in regions known for regulatory violations?
    • Is the vendor willing to make concessions on contractual protections, or are they only offering “one-sided” agreements with “as-is” warranties?

    Prepare your vendor risk management for success

    Due diligence will enable successful outcomes.

    1. Obtain top-level buy-in; it is critical to success.
    2. Build enterprise risk management (ERM) through incremental improvement.
    3. Focus initial efforts on the “big wins” to prove the process works.
    4. Use existing resources.
    5. Build on any risk management activities that already exist in the organization.
    6. Socialize ERM throughout the organization to gain additional buy‑in.
    7. Normalize the process long term, with ongoing updates and continuing education for the organization.

    (Adapted from COSO)

    How to assess third-party risk

    1. Review Organizational Regulations
    2. Understand the organization’s regulatory risks to prepare for the “What If” game exercise.

    3. Identify & Understand Potential Regulatory-Compliance Risks
    4. Play the “What If” game with the right people at the table.

    5. Create a Risk Profile Packet for Leadership
    6. Pull all the information together in a presentation document.

    7. Validate the Risks
    8. Work with leadership to ensure that the proposed risks are in line with their thoughts.

    9. Plan to Manage the Risks
    10. Lower the overall risk potential by putting mitigations in place.

    11. Communicate the Plan
    12. It is important not only to have a plan but also to socialize it in the organization for awareness.

    13. Enact the Plan
    14. Once the plan is finalized and socialized, put it in place with continued monitoring for success.

    Adapted from Harvard Law School Forum on Corporate Governance

    Insight summary

    Regulatory risk impacts often come from unexpected places and have significant consequences. Knowing who your vendors are using for their support and supply chain could be crucial in eliminating the risk of non-compliance for your organization. Having a plan to identify and validate the regulatory compliance of your vendors is a must for any organization, to avoid penalties.

    Insight 1

    Organizations fail to plan for vendor acquisitions appropriately.

    Vendors routinely get acquired in the IT space. Does your organization have appropriate safeguards from inadvertently entering a negative relationship? Do you have plans around replacing critical vendors purchased in such a manner?

    Insight 2

    Organizations often fail to understand how n-party vendors could place them in non-compliance.

    Even if you know your complete third-party vendor landscape, you may not be aware of the downstream vendors in play. Ensure that you get visibility into this space as well and hold your direct vendors accountable for the actions of their vendors.

    Insight 3

    Organizations need to know where their data lives and ensure it is protected.

    Make sure you know which vendors are accessing/storing your data, where they are keeping it, and that you can get it back and have the vendors destroy it when the relationship is over. Without adequate protection throughout the lifecycle of the vendor, you could be monitoring for breaches in perpetuity.

    Identifying regulatory and compliance risks

    Who should be included in the discussion.

    • While it is true that executive-level leadership defines the strategy for an organization, it is vital for those making decisions to make informed decisions.
    • Getting input from regulatory risk experts within your organization will enhance your long-term potential for successful compliance.
    • Involving those who not only directly manage vendors but also understand your regulatory requirements will aid in determining the path forward for relationships with your current vendors, and identifying new emerging potential partners.

    See the blueprint Build an IT Risk Management Program

    Review your risk management plans for new risks on a regular basis.

    Keep in mind Risk = Likelihood x Impact (R=L*I).

    Impact (I) tends to remain the same, while Likelihood (L) is becoming closer to 100% as threat actors become more prevalent

    Managing vendor regulatory and compliance risk impacts

    How could your vendors fall out of compliance?

    • Review vendors’ downstream connections to understand thoroughly with whom you are in business.
      • Monitor their regulatory stance as it could reflect on your organization.
    • Institute proper vendor lifecycle management.
      • Make sure to follow corporate due diligence and risk assessment policies and procedures.
      • Failure to consistently do so is a recipe for disaster.
    • Develop IT risk governance and change control.
    • Introduce continual risk assessment to monitor the relevant vendor markets.
      • Regularly review your regulatory requirements for new and changing risks.
    • Be adaptable and allow for innovations that arise from the current needs.
      • Capture lessons learned from prior incidents to improve over time, and adjust your plans accordingly.

    Organizations must review their regulatory risk appetite and tolerance levels, considering their complete landscape.

    Changing regulations, acquisitions, and events that affect global supply chains are current realities, not unlikely scenarios.

    Ongoing Improvement

    Incorporating lessons learned.

    • Over time, despite everyone’s best observations and plans, incidents will catch us off guard.
    • When it happens, follow your incident response plans and act accordingly.
    • An essential step is to document what worked and what did not – collectively known as the “lessons learned.”
    • Use the lessons learned document to devise, incorporate, and enact a better risk management process.

    Sometimes disasters occur despite our best plans to manage them.

    When this happens, it is important to document the lessons learned and update our plans.

    The “what if” game

    1-3 hours

    Vendor management professionals are in an excellent position to help senior leadership identify and pull together resources across the organization to determine potential risks. By playing the "what if" game and asking probing questions to draw out – or eliminate – possible adverse outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    1. Break into smaller groups (or if too small, continue as a single group).
    2. Use the Regulatory Risk Impact Tool to prompt discussion on potential risks. Keep this discussion flowing organically to explore all potentials but manage the overall process to keep the discussion pertinent and on track.
    3. Collect the outputs and ask the subject matter experts (SMEs) for management options for each one in order to present a comprehensive risk strategy. You will use this to educate senior leadership so that they can make an informed decision to accept or reject the solution.
    Input Output
    • List of identified potential risk scenarios scored by regulatory-compliance impact
    • List of potential mitigations of the scenarios to reduce the risk
    • Comprehensive regulatory risk profile on the specific vendor solution
    Materials Participants
    • Whiteboard/flip charts
    • Regulatory Risk Impact Tool to help drive discussion
    • Vendor Management – Coordinator
    • Organizational Leadership
    • Operations Experts (SMEs)
    • Legal/Compliance/Risk Manager

    High risk example from tool

    The image contains a screenshot demonstrating high risk example from the tool.

    How to mitigate:

    Contractually insist that the vendor have a third-party security audit performed annually, with the stipulation that they will not denigrate below your acceptable standards.

    Note: Even though a few items are “scored” they have not been added to the overall weight, signaling that the company has noted but does not necessarily hold them against the vendor.

    Low risk example from tool

    The image contains a screenshot demonstrating low risk example from the tool.

    Summary

    Seek to understand all regulatory requirements to obtain compliance.

    • Organizations need to understand and map out their entire vendor landscape.
    • Understand where all your data lives and how you can control it throughout the vendor lifecycle.
    • Those organizations that consistently follow their established risk assessment and due diligence processes are better positioned to avoid penalties.
    • Bring the right people to the table to outline potential risks in the market and your organization.
    • Incorporate “lessons learned” from prior incidents into your risk management process to build better plans for future issues.

    Keeping up with the ever-changing regulations can make compliance a difficult task.

    Organizations should increase the resources dedicated to monitoring these regulations as agencies continue to hold them more accountable.

    Related Info-Tech Research

    Identify and Manage Financial Risk Impacts on Your Organization

    • Vendor management practices educate organizations on potential financial impacts that vendors may incur and suggest systems to help manage them.
    • Standardize your processes for identifying and monitoring vendor risks to manage financial impacts with our Financial Risk Impact Tool.

    Identify and Manage Reputational Risk Impacts on Your Organization

    • Vendor management practices educate organizations on potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.
    • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your reputation and brand with our Reputational Risk Impact Tool.

    Identify and Manage Strategic Risk Impacts on Your Organization

    • Vendor management practices educate organizations on potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.
    • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your strategic plan with our Strategic Risk Impact Tool.

    Info-Tech Insight

    It is easier for prospective clients to find out what you did wrong than that you fixed the issue.


    Bibliography

    Alicke, Knut, et al. "Taking the pulse of shifting supply chains", McKinsey & Company, August 26th 2022. Accessed October 31st
    Regan, Samantha, et al. "Can compliance keep up with warp-speed Change?", accenture, May 18th 2022. Accessed Oct 31st 2022.
    Feria, Nathalie, and Rosenberg, Daniel. "Mitigating Healthcare Cyber Risk Through Vendor Management", HIT Consultant, October 17th 2022. Accessed Oct 31st 2022.
    Tonello, Matteo. “Strategic Risk Management: A Primer for Directors.” Harvard Law School Forum on Corporate Governance, 23 Aug. 2012.
    Frigo, Mark L., and Richard J. Anderson. “Embracing Enterprise Risk Management: Practical Approaches for Getting Started.” COSO, 2011.

    Create Stakeholder-Centric Architecture Governance

    • Buy Link or Shortcode: {j2store}583|cart{/j2store}
    • member rating overall impact (scale of 10): 8.0/10 Overall Impact
    • member rating average dollars saved: $3,099 Average $ Saved
    • member rating average days saved: 4 Average Days Saved
    • Parent Category Name: Strategy & Operating Model
    • Parent Category Link: /strategy-and-operating-model
    • Traditional enterprise architecture management (EAM) caters to only 10% – the IT people, and not to the remaining 90% of the organization.
    • EAM practices do not scale well with the agile way of working and are often perceived as "bottlenecks” or “restrictors of design freedom.”
    • The organization scale does not justify a full-fledged EAM with many committees, complex processes, and detailed EA artifacts.

    Our Advice

    Critical Insight

    Architecture is a competency, not a function. Project teams, including even business managers outside of IT, can assimilate “architectural thinking.”

    Impact and Result

    Increase business value through the dissemination of architectural thinking throughout the organization. Maturing your EAM practices beyond a certain point does not help.

    Create Stakeholder-Centric Architecture Governance Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Start here

    Improve benefits from your enterprise architecture efforts through the dissemination of architecture thinking throughout your organization.

    • Create Stakeholder-Centric Architecture Governance Storyboard
    [infographic]

    Sprint Toward Data-Driven Culture Using DataOps

    • Buy Link or Shortcode: {j2store}199|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $10,399 Average $ Saved
    • member rating average days saved: 9 Average Days Saved
    • Parent Category Name: Enterprise Integration
    • Parent Category Link: /enterprise-integration
    • Data teams do not have a mechanism to integrate with operations teams and operate in a silo.
    • Significant delays in the operationalization of analytical/algorithms due to lack of standards and a clear path to production.
    • Raw data is shared with end users and data scientists due to poor management of data, resulting in more time spent on integration and less on insight generation and analytics.

    Our Advice

    Critical Insight

    • Data and analytics teams need a clear mechanism to separate data exploratory work and repetitive data insights generation. Lack of such separation is the main cause of significant delays, inefficiencies, and frustration for data initiatives.
    • Access to data and exploratory data analytics is critical. However, the organization must learn to share insights and reuse analytics.
    • Once analytics finds wider use in the organization, they need to adopt a disciplined approach to ensure its quality and continuous integration in the production environment.

    Impact and Result

    • Use a metrics-driven approach and common framework across silos to enable the rapid development of data initiatives using Agile principles.
    • Implement an approach that allows business, data, and operation teams to collaboratively work together to provide a better customer experience.
    • Align DataOps to an overall data management and governance program that promotes collaboration, transparency, and empathy across teams, establishes the appropriate roles and responsibilities, and ensures alignment to a common set of goals.
    • Assess the current maturity of the data operations teams and implement a roadmap that considers the necessary competencies and capabilities and their dependencies in moving towards the desired DataOps target state.

    Sprint Toward Data-Driven Culture Using DataOps Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to understand the operational challenges associated with productizing the organization's data-related initiative. Review Info-Tech’s methodology for enabling the improved practice to operationalize data analytics and how we will support you in creating an agile data environment.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Discover benefits of DataOps

    Understand the benefits of DataOps and why organizations are looking to establish agile principles in their data practice, the challenges associated with doing so, and what the new DataOps strategy needs to be successful.

    • Sprint Toward Data-Driven Culture Using DataOps – Phase 1: Discover Benefits of DataOps

    2. Assess your data practice for DataOps

    Analyze DataOps using Info-Tech’s DataOps use case framework, to help you identify the gaps in your data practices that need to be matured to truly realize DataOps benefits including data integration, data security, data quality, data engineering, and data science.

    • Sprint Toward Data-Driven Culture Using DataOps – Phase 2: Assess Your Data Practice for DataOps
    • DataOps Roadmap Tool

    3. Mature your DataOps practice

    Mature your data practice by putting in the right people in the right roles and establishing DataOps metrics, communication plan, DataOps best practices, and data principles.

    • Sprint Toward Data-Driven Culture Using DataOps – Phase 3: Mature Your DataOps Practice
    [infographic]

    Workshop: Sprint Toward Data-Driven Culture Using DataOps

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify the Drivers of the Business for DataOps

    The Purpose

    Understand the DataOps approach and value proposition.

    Key Benefits Achieved

    A clear understanding of organization data priorities and metrics along with a simplified view of data using Info-Tech’s Onion framework.

    Activities

    1.1 Explain DataOps approach and value proposition.

    1.2 Review the common business drivers and how the organization is driving a need for DataOps.

    1.3 Understand Info-Tech’s DataOps Framework.

    Outputs

    Organization's data priorities and metrics

    Data Onion framework

    2 Assess DataOps Maturity in Your Organization

    The Purpose

    Assess the DataOps maturity of the organization.

    Key Benefits Achieved

    Define clear understanding of organization’s DataOps capabilities.

    Activities

    2.1 Assess current state.

    2.2 Develop target state summary.

    2.3 Define DataOps improvement initiatives.

    Outputs

    Current state summary

    Target state summary

    3 Develop Action Items and Roadmap to Establish DataOps

    The Purpose

    Establish clear action items and roadmap.

    Key Benefits Achieved

    Define clear and measurable roadmap to mature DataOps within the organization.

    Activities

    3.1 Continue DataOps improvement initiatives.

    3.2 Document the improvement initiatives.

    3.3 Develop a roadmap for DataOps practice.

    Outputs

    DataOps initiatives roadmap

    4 Plan for Continuous Improvement

    The Purpose

    Define a plan for continuous improvements.

    Key Benefits Achieved

    Continue to improve DataOps practice.

    Activities

    4.1 Create target cross-functional team structures.

    4.2 Define DataOps metrics for continuous monitoring.

    4.3 Create a communication plan.

    Outputs

    DataOps cross-functional team structure

    DataOps metrics

    Enable Organization-Wide Collaboration by Scaling Agile

    • Buy Link or Shortcode: {j2store}174|cart{/j2store}
    • member rating overall impact (scale of 10): 8.3/10 Overall Impact
    • member rating average dollars saved: $12,989 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Your organization is realizing benefits from adopting Agile principles and practices in pockets of your organization.
    • You are starting to investigate opportunities to extend Agile beyond these pilot implementations into other areas of the organization. You are looking for a coordinated approach aligned to business priorities.

    Our Advice

    Critical Insight

    • Not all lessons from a pilot project are transferable. Pilot processes are tailored to a specific project’s scope, team, and tools, and they may not account for the diverse attributes in your organization.
    • Control may be necessary for coordination. More moving parts means enforcing consistent cadences, reporting, and communication is a must if teams are not disciplined or lack good governance.
    • Scale Agile in departments tolerable to change. Incrementally roll Agile out in departments where its principles are accepted (e.g. a culture of continuous improvement, embracing failures as lessons).

    Impact and Result

    • Complete an Agile capability assessment of your pilot functional group to gauge anticipated Agile benefits. Identify the business objectives and the group drivers that are motivating a scaled Agile implementation.
    • Understand the challenges that you may face when scaling Agile. Investigate the root causes of inefficiencies that can derail your scaling initiatives.
    • Brainstorm solutions to your scaling challenges and envision a target state for your growing Agile environment. Your target state will discover new opportunities to drive more business value and eliminate current activities driving down productivity.
    • Coordinate the implementation and execution of scaling Agile initiatives with a Scaling Agile Playbook. This organic and collaborative document will lay out the process, roles, goals, and objectives needed to successfully manage your Agile environment.

    Enable Organization-Wide Collaboration by Scaling Agile Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should scale up Agile, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Gauge readiness to scale up Agile

    Evaluate the readiness of the pilot functional group and Agile development processes to adopt scaled Agile practices.

    • Enable Organization-Wide Collaboration by Scaling Agile – Phase 1: Gauge Readiness to Scale Up Agile
    • Scaling Agile Playbook Template
    • Scrum Development Process Template

    2. Define scaled Agile target state

    Alleviate scaling issues and risks and introduce new opportunities to enhance business value delivery with Agile practices.

    • Enable Organization-Wide Collaboration by Scaling Agile – Phase 2: Define Scaled Agile Target State

    3. Create implementation plan

    Roll out scaling Agile initiatives in a gradual, iterative approach and define the right metrics to demonstrate success.

    • Enable Organization-Wide Collaboration by Scaling Agile – Phase 3: Create Implementation Plan
    [infographic]

    Workshop: Enable Organization-Wide Collaboration by Scaling Agile

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Gauge Your Readiness to Scale Up Agile

    The Purpose

    Identify the business objectives and functional group drivers for adopting Agile practices to gauge the fit of scaling Agile.

    Select the pilot project to demonstrate the value of scaling Agile.

    Review and evaluate your current Agile development process and functional group structure.

    Key Benefits Achieved

    Understanding of the notable business and functional group gaps that can derail the scaling of Agile.

    Selection of a pilot program that will be used to gather metrics to continuously improve implementation and obtain buy-in for wider rollout.

    Realization of the root causes behind functional group and process issues in the current Agile implementation.

    Activities

    1.1 Assess your pilot functional group

    Outputs

    Fit assessment of functional group to pilot Agile scaling

    Selection of pilot program

    List of critical success factors

    2 Define Your Scaled Agile Target State

    The Purpose

    Think of solutions to address the root causes of current communication and process issues that can derail scaling initiatives.

    Brainstorm opportunities to enhance the delivery of business value to customers.

    Generate a target state for your scaled Agile implementation.

    Key Benefits Achieved

    Defined Agile capabilities and services of your functional group.

    Optimized functional group team structure, development process, and program framework to support scaled Agile in your context.

    Identification and accommodation of the risks associated with implementing and executing Agile capabilities.

    Activities

    2.1 Define Agile capabilities at scale

    2.2 Build your scaled Agile target state

    Outputs

    Solutions to scaling issues and opportunities to deliver more business value

    Agile capability map

    Functional group team structure, Agile development process and program framework optimized to support scaled Agile

    Risk assessment of scaling Agile initiatives

    3 Create Your Implementation Plan

    The Purpose

    List metrics to gauge the success of your scaling Agile implementation.

    Define the initiatives to scale Agile in your organization and to prepare for a wider rollout.

    Key Benefits Achieved

    Strategic selection of the right metrics to demonstrate the value of scaling Agile initiatives.

    Scaling Agile implementation roadmap based on current resource capacities, task complexities, and business priorities.

    Activities

    3.1 Create your implementation plan

    Outputs

    List of metrics to gauge scaling Agile success

    Scaling Agile implementation roadmap

    Review and Improve Your IT Policy Library

    • Buy Link or Shortcode: {j2store}193|cart{/j2store}
    • member rating overall impact (scale of 10): 9.3/10 Overall Impact
    • member rating average dollars saved: $34,724 Average $ Saved
    • member rating average days saved: 14 Average Days Saved
    • Parent Category Name: IT Governance, Risk & Compliance
    • Parent Category Link: /it-governance-risk-and-compliance
    • Your policies are out of date, disorganized, and complicated. They don’t reflect current regulations and don’t actually mitigate your organization’s current IT risks.
    • Your policies are difficult to understand, aren’t easy to find, or aren’t well monitored and enforced for compliance. As a result, your employees don’t care about your policies.
    • Policy issues are taking up too much of your time and distracting you from the real issues you need to address.

    Our Advice

    Critical Insight

    A dynamic and streamlined policy approach will:

    1. Right-size policies to address the most critical IT risks.
    2. Clearly lay out a step-by-step process to complete daily tasks in compliance.
    3. Obtain policy adherence without having to be “the police.”

    To accomplish this, the policy writer must engage their audience early to gather input on IT policies, increase policy awareness, and gain buy-in early in the process.

    Impact and Result

    • Develop more effective IT policies. Clearly express your policy goals and objectives, standardize the approach to employee problem solving, and write policies your employees will actually read.
    • Improve risk coverage. Ensure full coverage on the risk landscape, including legal regulations, and establish a method for reporting, documenting, and communicating risks.
    • Improve employee compliance. Empathize with your employees and use policy to educate, train, and enable them instead of restricting them.

    Review and Improve Your IT Policy Library Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how to write better policies that mitigate the risks you care about and get the business to follow them, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess

    Assess your risk landscape and design a plan to update your policy network based on your most critical risks.

    • Review and Improve Your IT Policy Library – Phase 1: Assess
    • Policy Management RACI Chart Template
    • Policy Management Tool
    • Policy Action Plan

    2. Draft and implement

    Use input from key stakeholders to write clear, consistent, and concise policies that people will actually read and understand. Then publish them and start generating policy awareness.

    • Review and Improve Your IT Policy Library – Phase 2: Draft and Implement
    • Policy Template
    • Policy Communication Plan Template

    3. Monitor, enforce, revise

    Use your policies to create a compliance culture in your organization, set KPIs, and track policy effectiveness.

    • Review and Improve Your IT Policy Library – Phase 3: Monitor, Enforce, Revise
    [infographic]

    Workshop: Review and Improve Your IT Policy Library

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish & Assess

    The Purpose

    Identify the pain points associated with IT policies.

    Establish the policy development process.

    Begin formulating a plan to re-design the policy network.

    Key Benefits Achieved

    Establish the policy process.

    Highlight key issues and pain points regarding policy.

    Assign roles and responsibilities.

    Activities

    1.1 Introduce workshop.

    1.2 Identify the current pain points with policy management.

    1.3 Establish high-level goals around policy management.

    1.4 Select metrics to measure achievement of goals.

    1.5 Create an IT policy working group (ITPWG).

    1.6 Define the scope and purpose of the ITPWG.

    Outputs

    List of issues and pain points for policy management

    Set of six to ten goals for policy management

    Baseline and target measured value

    Amended steering committee or ITPWG charter

    Completed RACI chart

    Documented policy development process

    2 Assess Your Risk Landscape & Map Policies to Risks; Create a Policy Action Plan

    The Purpose

    Identify key risks.

    Develop an understanding of which risks are most critical.

    Design a policy network that best mitigates those risks.

    Key Benefits Achieved

    Use a risk-driven approach to decide which policies need to be written or updated first.

    Activities

    2.1 Identify risks at a high level.

    2.2 Assess each identified risk scenario on impact and likelihood.

    2.3 Map current and required policies to risks.

    2.4 Assess policy effectiveness.

    2.5 Create a policy action plan.

    2.6 Select policies to be developed during workshop.

    Outputs

    Ranked list of IT’s risk scenarios

    Prioritized list of IT risks (simplified risk register)

    Policy action plan

    3 Develop Policies

    The Purpose

    Outline what key features make a policy effective and write policies that mitigate the most critical IT risks.

    Key Benefits Achieved

    Write policies that work and get them approved.

    Activities

    3.1 Define the policy audience, constraints, and in-scope and out-of-scope requirements for a policy.

    3.2 Draft two to four policies

    Outputs

    Drafted policies

    4 Create a Policy Communication and Implementation Plan and Monitor & Reassess the Portfolio

    The Purpose

    Build an understanding of how well the organization’s value creation activities are being supported.

    Key Benefits Achieved

    Identify an area or capability that requires improvement.

    Activities

    4.1 Review draft policies and update if necessary.

    4.2 Create a policy communication plan.

    4.3 Select KPIs.

    4.4 Review root-cause analysis techniques.

    Outputs

    Final draft policies

    Policy communications plan

    KPI tracking log

    Optimize Lead Generation With Lead Scoring

    • Buy Link or Shortcode: {j2store}557|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • Prospective buyer traffic into digital marketing platforms has exploded.
    • Many freemium/low-cost digital marketing platforms lack lead scoring and nurturing functionality.
    • As a result, the volume of unqualified leads being delivered to outbound sellers has increased dramatically.
    • This has reduced sales productivity, frustrated prospective buyers, and raised the costs of lead generation.

    Our Advice

    Critical Insight

    • Lead scoring is a must-have capability for high-tech marketers.
    • Without lead scoring, marketers will see increased costs of lead generation and decreased SQL-to-opportunity conversion rates.
    • Lead scoring increases sales productivity and shortens sales cycles.

    Impact and Result

    • Align Marketing, Sales, and Inside Sales on your ideal customer profile.
    • Re-evaluate the assets and activities that compose your current lead generation engine.
    • Develop a documented methodology to ignore, nurture, or contact right away the leads in your marketing pipeline.
    • Deliver more qualified leads to sellers, raising sales productivity and marketing/lead-gen ROI.

    Optimize Lead Generation With Lead Scoring Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should optimize lead generation with lead scoring, review SoftwareReviews Advisory’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Drive aligned vision for lead scoring

    Outline your plan, form your team, and plan marketing tech stack support.

    • Optimize Lead Generation With Lead Scoring – Phase 1: Drive an Aligned Vision for Lead Scoring

    2. Build and test your lead scoring model

    Set lead flow thresholds, define your ideal customer profile and lead generation engine components, and weight, score, test, and refine them.

    • Optimize Lead Generation With Lead Scoring – Phase 2: Build and Test Your Lead Scoring Model
    • Lead Scoring Workbook

    3. Apply your model to marketing apps and go live with better qualified leads

    Apply your lead scoring model to your lead management app, test it, validate the results with sellers, apply advanced methods, and refine.

    • Optimize Lead Generation With Lead Scoring – Phase 3: Apply Your Model to Marketing Apps and Go Live With Better Qualified Leads
    [infographic]

    Workshop: Optimize Lead Generation With Lead Scoring

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Drive Aligned Vision for Lead Scoring

    The Purpose

    Drive an aligned vision for lead scoring.

    Key Benefits Achieved

    Attain an aligned vision for lead scoring.

    Identify the steering committee and project team and clarify their roles and responsibilities.

    Provide your team with an understanding of how leads score through the marketing funnel.

    Activities

    1.1 Outline a vision for lead scoring.

    1.2 Identify steering committee and project team members.

    1.3 Assess your tech stack for lead scoring and seek advice from Info-Tech analysts to modernize where needed.

    1.4 Align on marketing pipeline terminology.

    Outputs

    Steering committee and project team make-up

    Direction on tech stack to support lead generation

    Marketing pipeline definitions alignment

    2 Buyer Journey and Lead Generation Engine Mapping

    The Purpose

    Define the buyer journey and map the lead generation engine.

    Key Benefits Achieved

    Align the vision for your target buyer and their buying journey.

    Identify the assets and activities that need to compose your lead generation engine.

    Activities

    2.1 Establish a buyer persona.

    2.2 Map your buyer journey.

    2.3 Document the activities and assets of your lead generation engine.

    Outputs

    Buyer persona

    Buyer journey map

    Lead gen engine assets and activities documented

    3 Build and Test Your Lead Scoring Model

    The Purpose

    Build and test your lead scoring model.

    Key Benefits Achieved

    Gain team alignment on how leads score and, most importantly, what constitutes a sales-accepted lead.

    Develop a scoring model from which future iterations can be tested.

    Activities

    3.1 Understand the Lead Scoring Grid and set your thresholds.

    3.2 Identify your ideal customer profile, attributes, and subattribute weightings – run tests.

    Outputs

    Lead scoring thresholds

    Ideal customer profile, weightings, and tested scores

    Test profile scoring

    4 Align on Engagement Attributes

    The Purpose

    Align on engagement attributes.

    Key Benefits Achieved

    Develop a scoring model from which future iterations can be tested.

    Activities

    4.1 Weight the attributes of your lead generation engagement model and run tests.

    4.2 Apply weightings to activities and assets.

    4.3 Test engagement and profile scenarios together and make any adjustments to weightings or thresholds.

    Outputs

    Engagement attributes and weightings tested and complete

    Final lead scoring model

    5 Apply Model to Your Tech Platform

    The Purpose

    Apply the model to your tech platform.

    Key Benefits Achieved

    Deliver better qualified leads to Sales.

    Activities

    5.1 Apply model to your marketing management/campaign management software and test the quality of sales-accepted leads in the hands of sellers.

    5.2 Measure overall lead flow and conversion rates through your marketing pipeline.

    5.3 Apply lead nurturing and other advanced methods.

    Outputs

    Model applied to software

    Better qualified leads in the hands of sellers

    Further reading

    Optimize Lead Generation With Lead Scoring

    In today’s competitive environment, optimizing Sales’ resources by giving them qualified leads is key to B2B marketing success.

    EXECUTIVE BRIEF

    Analyst Perspective

    Improve B2B seller win rates with a lead scoring methodology as part of your modern lead generation engine.

    The image contains a picture of Jeff Golterman.

    As B2B organizations emerge from the lowered demands brought on by COVID-19, they are eager to convert marketing contacts to sales-qualified leads with even the slightest signal of intent, but many sales cycles are wasted when sellers receive unqualified leads. Delivering highly qualified leads to sellers is still more art than science, and it is especially challenging without a way to score a contact profile and engagement. While most marketers capture some profile data from contacts, many will pass a contact over to Sales without any engagement data or schedule a demo with a contact without any qualifying profile data. Passing unqualified leads to Sales suboptimizes Sales’ resources, raises the costs per lead, and often results in lost opportunities. Marketers need to develop a lead scoring methodology that delivers better qualified leads to Field Sales scored against both the ideal customer profile (ICP) and engagement that signals lower-funnel buyer interest. To be successful in building a compelling lead scoring solution, marketers must work closely with key stakeholders to align the ICP asset/activity with the buyer journey. Additionally, working early in the design process with IT/Marketing Operations to implement lead management and analytical tools in support will drive results to maximize lead conversion rates and sales wins.

    Jeff Golterman

    Managing Director

    SoftwareReviews Advisory

    Executive Summary

    Your Challenge

    The affordability and ease of implementation of digital marketing tools have driven global adoption to record levels. While many marketers are fine-tuning the lead generation engine components of email, social media, and web-based advertising to increase lead volumes, just 32% of companies pass well-qualified leads over to outbound marketers or sales development reps (SDRs). At best, lead gen costs stay high, and marketing-influenced win rates remain suboptimized. At worst, marketing reputation suffers when poorly qualified leads are passed along to sellers.

    Common Obstacles

    Most marketers lack a methodology for lead scoring, and some lack alignment among Marketing, Product, and Sales on what defines a qualified lead. In their rush to drive lead generation, marketers often fail to “define and align” on the ICP with stakeholders, creating confusion and wasted time and resources. In the rush to adopt B2B marketing and sales automation tools, many marketers have also skipped the important steps to 1) define the buyer journey and map content types to support, and 2) invest in a consistent content creation and sourcing strategy. The wrong content can leave prospects unmotivated to engage further and cause them to seek alternatives.

    Info-Tech’s Approach

    To employ lead scoring effectively, marketers need to align Sales, Marketing, and Product teams on the definition of the ICP and what constitutes a Sales-accepted lead. The buyer journey needs to be mapped in order to identify the engagement that will move a lead through the marketing lead generation engine. Then the project team can score prospect engagement and the prospect profile attributes against the ICP to arrive at a lead score. The marketing tech stack needs to be validated to support lead scoring, and finally Sales needs to sign off on results.

    SoftwareReviews Advisory Insight:

    Lead scoring is a must-have capability for high-tech marketers. Without lead scoring, marketers will see increased costs of lead gen, decreased SQL to opportunity conversion rates, decreased sales productivity, and longer sales cycles.

    Who benefits from a lead scoring project?

    This Research Is Designed for:

    • Marketers and especially campaign managers who are:
      • Looking for a more precise way to score leads and deploy outbound marketing resources to optimize contacts-to-MQL conversion rates.
      • Looking for a more effective way to profile contacts raised by your lead gen engine.
      • Looking to use their lead management software to optimize lead scoring.
      • Starting anew to strengthen their lead generation engine and want examples of a typical engine, ways to identify buyer journey, and perform lead nurturing.

    This Research Will Help You:

    • Explain why having a lead scoring methodology is important.
    • Identify a methodology that will call for identifying an ICP against which to score prospect profiles behind each contact that engages your lead generation engine.
    • Create a process of applying weightings to score activities during contact engagement with your lead generation engine. Apply both scores to arrive at a contact/lead score.
    • Compare your current lead gen engine to a best-in-class example in order to identify gaps and areas for improvement and exploration.

    This Research Will Also Assist:

    • CMOs, Marketing Operations leaders, heads of Product Marketing, and regional Marketing leads who are stakeholders in:
      • Finding alternatives to current lead scoring approaches.
        • Altering current or evaluating new marketing technologies to support a refreshed lead scoring approaches.

    This Research Will Help Them:

    • Align stakeholders on an overall program of identifying target customers, building common understanding of what constitutes a qualified lead, and determining when to use higher-cost outbound marketing resources.
    • Deploy high-value applications that will improve core marketing metrics.

    Insight summary

    Continuous adjustment and improvement of your lead scoring methodology is critical for long-term lead generation engine success.

    • Building a highly functioning lead generation engine is an ongoing process and one that requires continual testing of new asset types, asset design, and copy variations. Buyer profiles change over time as you launch new products and target new markets.
    • Pass better qualified leads to Field Sales and improve sales win rates by taking these crucial steps to implement a better lead generation engine and a lead scoring methodology:
      • Make the case for lead scoring in your organization.
      • Establish trigger points that separate leads to ignore, nurture, qualify, or outreach/contact.
      • Identify your buyer journey and ICP through collaboration among Sales, Marketing, and Product.
      • Assess each asset and activity type across your lead generation engine and apply a weighting for each.
      • Test lead scenarios within our supplied toolkit and with stakeholders. Adjust weightings and triggers that deliver lead scores that make sense.
      • Work with IT/Marketing Operations to emulate your lead scoring methodology within your marketing automation/campaign management application.
      • Explore advanced methods including nurturing.
    • Use the Lead Scoring Workbook collaboratively with other stakeholders to design your own methodology, test lead scenarios, and build alignment across the team.

    Leading marketers who successfully implement a lead scoring methodology develop it collaboratively with stakeholders across Marketing, Sales, and Product Management. Leaders will engage Marketing Operations, Sales Operations, and IT early to gain support for the evaluation and implementation of a supporting campaign management application and for analytics to track lead progress throughout the Marketing and Sales funnels. Leverage the Marketing Lead Scoring Toolkit to build out your version of the model and to test various scenarios. Use the slides contained within this storyboard and the accompanying toolkit as a means to align key stakeholders on the ICP and to weight assets and activities across your marketing lead generation engine.

    What is lead scoring?

    Lead scoring weighs the value of a prospect’s profile against the ICP and renders a profile score. The process then weighs the value of the prospects activities against the ideal call to action (CTA) and renders an activity score. Combining the profile and activity scores delivers an overall score for the value of the lead to drive the next step along the overall buyer journey.

    EXAMPLE: SALES MANAGEMENT SOFTWARE

    • For a company that markets sales management software the ideal buyer is the head of Sales Operations. While the ICP is made up of many attributes, we’ll just score one – the buyer’s role.
    • If the prospect/lead that we wish to score has an executive title, the lead’s profile scores “High.” Other roles will score lower based on your ICP. Alongside role, you will also score other profile attributes (e.g. company size, location).
    • With engagement, if the prospect/lead clicked on our ideal CTA, which is “request a proposal,” our engagement would score high. Other CTAs would score lower.
    The image contains a screenshot of two examples of lead scoring. One example demonstrates. Profile Scoring with Lead Profile, and the second image demonstrates Activity Scoring and Lead Engagement.

    SoftwareReviews Advisory Insight:

    A significant obstacle to quality lead production is disagreement on or lack of a documented definition of the ideal customer profile. Marketers successful in lead scoring will align key stakeholders on a documented definition of the ICP as a first step in improving lead scoring.

    Use of lead scoring is in the minority among marketers

    The majority of businesses are not practicing lead scoring!

    Up to 66% of businesses don’t practice any type of lead scoring.

    Source: LeadSquared, 2014

    “ With lead scoring, you don’t waste loads of time on unworthy prospects, and you don’t ignore people on the edge of buying.”

    Source: BigCommerce

    “The benefits of lead scoring number in the dozens. Having a deeper understanding of which leads meet the qualifications of your highest converters and then systematically communicating with them accordingly increases both ongoing engagement and saves your internal team time chasing down inopportune leads.”

    – Joey Strawn, Integrated Marketing Director, in IndustrialMarketer.com

    Key benefit: sales resource optimization

    Many marketing organizations send Sales too many unqualified leads

    • Leads – or, more accurately, contacts – are not all qualified. Some are actually nothing more than time-wasters for sellers.
    • Leading marketers peel apart a contact into at least two dimensions – “who” and “how interested.”
      • The “who” is compared to the ICP and given a score.
      • The “how interested” measures contact activity – or engagement – within our lead gen engine and gives it a score.
    • Scores are combined; a contact with a low score is ignored, medium is nurtured, and high is sent to sellers.
    • A robust ICP, together with engagement scoring and when housed within your lead management software, prioritizes for marketers which contacts to nurture and gets hot leads to sellers more quickly.

    Optimizing Sales Resources Using Lead Scoring

    The image contains a screenshot of a graph to demonstrate optimizing sales resources with lead scoring.

    Lead scoring drives greater sales effectiveness

    When contacts are scored as “qualified leads” and sent to sellers, sales win rates and ROI climb

    • Contacts can be scored properly once marketers align with Sales on the ICP and work closely with colleagues in areas like product marketing and field marketing to assign weightings to lead gen activities.
    • When more qualified leads get into the hands of the salesforce, their win rates improve.
    • As win rates improve, and sellers are producing more wins from the same volume of leads, sales productivity improves and ROI on the marketing investment increases.

    “On average, organizations that currently use lead scoring experience a 77% lift in lead generation ROI, over organizations that do not currently use lead scoring.”

    – MarketingSherpa, 2012

    Average Lead Generation ROI by Use of Lead Scoring

    The image contains a screenshot of a graph to demonstrate the average lead generation ROI by using of lead scoring. 138% are currenting using lead scoring, and 78% are not using lead scoring.
    Source: 2011 B2B Marketing Benchmark Survey, MarketingSherpa
    Methodology: Fielded June 2011, N=326 CMOs

    SoftwareReviews’ Lead Scoring Approach

    1. Drive Aligned Vision for Lead Scoring

    2. Build and Test Your Lead Scoring Model

    3. Apply to Your Tech Platform and Validate, Nurture, and Grow

    Phase
    Steps

    1. Outline a vision for lead scoring and identify stakeholders.
    2. Assess your tech stack for lead scoring and seek advice from Info-Tech analysts to modernize where needed.
    3. Align on marketing pipeline terminology, buyer persona and journey, and lead gen engine components.
    1. Understand the Lead Scoring Grid and establish thresholds.
    2. Collaborate with stakeholders on your ICP, apply weightings to profile attributes and values, and test your model.
    3. Identify the key activities and assets of your lead gen engine, weight attributes, and run tests.
    1. Apply model to your marketing management software.
    2. Test quality of sales-accepted leads by sellers and measure conversion rates through your marketing pipeline.
    3. Apply advanced methods such as lead nurturing.

    Phase Outcomes

    1. Steering committee and stakeholder selection
    2. Stakeholder alignment
    3. Team alignment on terminology
    4. Buyer journey map
    5. Lead gen engine components and asset types documented
    1. Initial lead-stage threshold scores
    2. Ideal customer profile, weightings, and tested scores
    3. Documented activities/assets across your lead generation engine
    4. Test results to drive adjusted weightings for profile attributes and engagement
    5. Final model to apply to marketing application
    1. Better qualified leads in the hands of sellers
    2. Advanced methods to nurture leads

    Key Deliverable: Lead Scoring Workbook

    The workbook walks you through a step-by-step process to:

    • Identify your team.
    • Identify the lead scoring thresholds.
    • Define your IPC.
    • Weight the activities within your lead generation engine.
    • Run tests using lead scenarios.

    Tab 1: Team Composition

    Consider core functions and form a cross-functional lead scoring team. Document the team’s details here.

    The image contains a screenshot of the Lead Scoring Workbook, Tab 1.

    Tab 2: Threshold Setting

    Set your initial threshold weightings for profile and engagement scores.

    The image contains a screenshot of the Lead Scoring Workbook, Tab 2.

    Tab 3:

    Establish Your Ideal Customer Profile

    Identify major attributes and attribute values and the weightings of both. You’ll eventually score your leads against this ICP.

    Record and Weight Lead Gen Engine Activities

    Identify the major activities that compose prospect engagement with your lead gen engine. Weight them together as a team.

    Test Lead Profile Scenarios

    Test actual lead profiles to see how they score against where you believe they should score. Adjust threshold settings in Tab 2.

    Test Activity Engagement Scores

    Test scenarios of how contacts navigate your lead gen engine. See how they score against where you believe they should score. Adjust thresholds on Tab 2 as needed.

    Review Combined Profile and Activity Score

    Review the combined scores to see where on your lead scoring matrix the lead falls. Make any final adjustments to thresholds accordingly.

    The image contains screenshots of the Lead Scoring Workbook, Tab 3.

    Several ways we help you build your lead scoring methodology

    DIY Toolkit Guided Implementation Workshop Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    • Begin your project using the step-by-step process outlined in this blueprint.
    • Leverage the accompanying workbook.
    • Launch inquiries with the analyst who wrote the research.
    • Kick off your project with an inquiry with the authoring analyst and your engagement manager.
    • Additional inquiries will guide you through each step.
    • Leverage the blueprint and toolkit.
    • Reach out to your engagement manager.
    • During a half-day workshop the authoring analyst will guide you and your team to complete your lead scoring methodology.
    • Reach out to your engagement manager.
    • We’ll lead the engagement to structure the process, gather data, interview stakeholders, craft outputs, and organize feedback and final review.

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Phase 3

    Call #1: Collaborate on vision for lead scoring and the overall project.

    Call #2: Identify the steering committee and the rest of the team.

    Call #3: Discuss app/tech stack support for lead scoring. Understand key marketing pipeline terminology and the buyer journey.

    Call #4: Discuss your ICP, apply weightings, and run test scenarios.

    Call #5: Discuss and record lead generation engine components.

    Call #6: Understand the Lead Scoring Grid and set thresholds for your model.

    Call #7: Identify your ICP, apply weightings to attributes, and run tests.

    Call #8: Weight the attributes of engagement activities and run tests. Review the application of the scoring model on lead management software.

    Call #9: Test quality of sales-accepted leads in the hands of sellers. Measure lead flow and conversion rates through your marketing pipeline.

    Call #10: Review progress and discuss nurturing and other advanced topics.

    A Guided Implementation (GI) is series of calls with a SoftwareReviews Advisory analyst to help implement our best practices in your organization. For guidance on marketing applications, we can arrange a discussion with an Info-Tech analyst. Your engagement managers will work with you to schedule analyst calls.

    Workshop Overview

    Accelerate your project with our facilitated SoftwareReviews Advisory workshops

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Drive Aligned Vision for Lead Scoring

    Buyer Journey and Lead Gen Engine Mapping

    Build and Test Your Lead Scoring Model

    Align on Engagement Attributes

    Apply to Your Tech Platform

    Activities

    1.1 Outline a vision for lead scoring.

    1.2 Identify steering committee and project team members.

    1.3 Assess your tech stack for lead scoring and seek advice from Info-Tech analysts to modernize where needed.

    1.4 Align on marketing pipeline terminology.

    2.1 Establish a buyer persona (if not done already).

    2.2 Map your buyer journey.

    2.3 Document the activities and assets of your lead gen engine.

    3.1 Understand Lead Scoring Grid and set your thresholds.

    3.2 Identify ICP attribute and sub-attribute weightings. Run tests.

    4.1 Weight the attributes of your lead gen engagement model and run tests.

    4.2 Apply weightings to activities and assets.

    4.3 Test engagement and profile scenarios together and adjust weightings and thresholds as needed.

    5.1 Apply model to your campaign management software and test quality of sales-accepted leads in the hands of sellers.

    5.2. Measure overall lead flow and conversion rates through your marketing pipeline.

    5.3 Apply lead nurturing and other advanced methods.

    Deliverables

    1. Steering committee & project team composition
    2. Direction on tech stack to support lead gen
    3. Alignment on marketing pipeline definitions
    1. Buyer (persona if needed) journey map
    2. Lead gen engine assets and activities documented
    1. Lead scoring thresholds
    2. ICP, weightings, and tested scores
    3. Test profile scoring
    1. Engagement attributes and weightings tested and complete
    2. Final lead scoring model
    1. Model applied to your marketing management/ campaign management software
    2. Better qualified leads in the hands of sellers

    Phase 1

    Drive an Aligned Vision for Lead Scoring

    Phase 1

    Phase 2

    Phase 3

    1.1 Establish a cross-functional vision for lead scoring

    1.2 Asses your tech stack for lead scoring (optional)

    1.3 Catalog your buyer journey and lead gen engine assets

    2.1 Start building your lead scoring model

    2.2 Identify and verify your IPC and weightings

    2.3 Establish key lead generation activities and assets

    3.1 Apply model to your marketing management software

    3.2 Test the quality of sales-accepted leads

    3.3 Apply advanced methods

    This phase will walk you through the following activities:

    • Solidify your vision for lead scoring.
    • Achieve stakeholder alignment.
    • Assess your tech stack.

    This phase involves the following stakeholders:

    • Field Marketing/Campaign Manager
    • CMO
    • Product Marketing
    • Product Management
    • Sales Leadership/Sales Operations
    • Inside Sales leadership
    • Marketing Operations/IT
    • Digital Platform leadership

    Step 1.1

    Establish a Cross-Functional Vision for Lead Scoring

    Activities

    1.1.1 Identify stakeholders critical to success

    1.1.2 Outline the vision for lead scoring

    1.1.3 Select your lead scoring team

    This step will walk you through the following activities:

    • Discuss the reasons why lead scoring is important.
    • Review program process.
    • Identify stakeholders and team.

    This step involves the following participants:

    • Stakeholders
    • Project sponsors and leaders

    Outcomes of this step

    • Stakeholder alignment on vision of lead scoring
    • Stakeholders described and team members recorded
    • A documented buyer journey and map of your current lead gen engine

    1.1.1 Identify stakeholders critical to success

    1 hour

    1. Meet to identify the stakeholders that should be included in the project’s steering committee.
    2. Finalize selection of steering committee members.
    3. Contact members to ensure their willingness to participate.
    4. Document the steering committee members and the milestone/presentation expectations for reporting project progress and results
    Input Output
    • Stakeholder interviews
    • List of business process owners (lead management, inside sales lead qualification, sales opportunity management, marketing funnel metric measurement/analytics)
    • Lead generation/scoring stakeholders
    • Steering committee members
    Materials Participants
    • N/A
    • Initiative Manager
    • CMO, Sponsoring Executive
    • Departmental Leads – Sales, Marketing, Product Marketing, Product Management (and others)
    • Marketing Applications Director
    • Senior Digital Business Analyst

    SoftwareReviews Advisory Insight:

    B2B marketers that lack agreement among Marketing, Sales, Inside Sales, and lead management supporting staff of what constitutes a qualified lead will squander precious time and resources throughout the customer acquisition process.

    1.1.2 Outline the vision for lead scoring

    1 hour

    1. Convene a meeting of the steering committee and initiative team members who will be involved in the lead scoring project.
    • Using slides from this blueprint, understand the definition of lead scoring, the value of lead scoring to the organization, and the overall lead scoring process.
    • Understand the teams’ roles and responsibilities and help your Marketing Operations/IT colleagues understand some of the technical requirements needed to support lead scoring.
    • This is important because as the business members of the team are developing the lead scoring approach on paper, the technical team can begin to evaluate lead management apps within which your lead scoring model will be brought to life.
    Input Output
    • Slides to explain lead scoring and the lead scoring program
    • An understanding of the project among key stakeholders
    Materials Participants
    • Slides taken from this blueprint. We suggest slides from the Executive Brief (slides 3-16) and any others depending on the team’s level of familiarity.
    • Initiative Manager
    • CMO, Sponsoring Executive
    • Departmental leads from Sales, Marketing, Product Marketing, Product Management (and others)
    • Marketing Applications Director
    • Senior Digital Business Analyst

    SoftwareReviews Advisory Insight:

    While SMBs can implement some form of lead scoring when volume is very low and leads can be scored by hand, lead scoring and effective lead management cannot be performed without investment in digital platforms and lead management software and integration with customer relationship management (CRM) applications in the hands of inside and field sales staff. Marketers should plan and budget for the right combination of applications and tools to be in place for proper lead management.

    Lead scoring stakeholders

    Developing a common stakeholder understanding of the ICP, the way contact profiles are scored, and the way activities and asset engagement in your lead generation engine are scored will strengthen alignment between Marketing, Sales and Product Management.

    Title

    Key Stakeholders Within a Lead Generation/Scoring Initiative

    Lead Scoring Sponsor

    • Owns the project at the management/C-suite level
    • Responsible for breaking down barriers and ensuring alignment with organizational strategy
    • CMO, VP of Marketing, CEO (in SMB providers)

    Lead Scoring Initiative Manager

    • Typically a senior member of the marketing team
    • Responsible for preparing and managing the project plan and monitoring the project team’s progress
    • Marketing Manager or a field marketing team member who has strong program management skills, has run large-scale B2B generation campaigns, and is familiar with the stakeholder roles and enabling technologies

    Business Leads

    • Works alongside the lead scoring initiative manager to ensure that the strategy is aligned with business needs
    • In this case, likely to be a marketing lead
    • Marketing Director

    Digital, Marketing/Sales Ops/IT Team

    • Composed of individuals whose application and technology tools knowledge and skills are crucial to lead generation success
    • Responsible for understanding the business requirements behind lead generation and the requirements in particular to support lead scoring and the evaluation, selection, and implementation of the supporting tech stack – apps, website, analytics, etc.
    • Project Manager, Business Lead, CRM Manager, Integration Manager, Marketing Application SMEs, Sales Application

    Steering Committee

    • Composed of C-suite/management-level individuals who act as the lead generation process decision makers
    • Responsible for validating goals and priorities, defining the scope, enabling adequate resourcing, and managing change especially among C-level leaders in Sales & Product
    • Executive Sponsor, Project Sponsor, CMO, Business Unit SMEs

    SoftwareReviews Advisory Insight:

    Marketers managing the lead scoring initiative must include Product Marketing, Sales, Inside Sales, and Product Management. And given that world-class B2B lead generation engines cannot run without technology enablement, Marketing Operations/IT – those that are charged with enabling marketing and sales – must also be part of the decision making and implementation process of lead scoring and lead generation.

    1.1.3 Select your lead scoring team

    30 minutes

    1. The CMO and other key stakeholders should discuss and determine who will be involved in the lead scoring project.
    • Business leaders in key areas – Product Marketing, Field Marketing, Digital Marketing, Inside Sales, Sales, Marketing Ops, Product Management, and IT – should be involved.
  • Document the members of your lead scoring team in tab 1 of the Lead Scoring Workbook.
    • The size of the team will vary depending on your initiative and size of your organization.
    InputOutput
    • Stakeholders
    • List of lead scoring team members
    MaterialsParticipants
    • Lead Scoring Workbook
    • Initiative Manager
    • CMO, Sponsoring Executive
    • Departmental Leads – Sales, Marketing, Product Marketing, Product Management (and others)
    • Marketing Applications Director
    • Senior Digital Business Analyst

    Download the Lead Scoring Workbook

    Lead scoring team

    Consider the core team functions when composing the lead scoring team. Form a cross-functional team (i.e. across IT, Marketing, Sales, Service, Operations) to create a well-aligned lead management/scoring strategy. Don’t let your core team become too large when trying to include all relevant stakeholders. Carefully limit the size of the team to enable effective decision making while still including functional business units.

    Required Skills/Knowledge

    Suggested Team Members

    Business

    • Understanding of the customer
    • Understanding of brand
    • Understanding of multichannel marketing: email, events, social
    • Understanding of lead qualification
    • Field Marketing/Campaign Lead
    • Product Marketing
    • Sales Manager
    • Inside Sales Manager
    • Content Marketer/Copywriter

    IT

    • Campaign management application capabilities
    • Digital marketing
    • Marketing and sales funnel Reporting/metrics
    • Marketing Application Owners
    • CRM/Sales Application Owners
    • Marketing Analytics Owners
    • Digital Platform Owners

    Other

    • Branding/creative
    • Social
    • Change management
    • Creative Director
    • Social Media Marketer

    Step 1.2 (Optional)

    Assess Your Tech Stack for Lead Scoring

    Our model assumes you have:

    1.2.1 A marketing application/campaign management application in place that accommodates lead scoring.

    1.2.2 Lead management software integrated with the sales automation/CRM tool in the hands of Field Sales.

    1.2.3 Reporting/analytics that spans the entire lead generation pipeline/funnel.

    Refer to the following three slides if you need guidance in these areas.

    This step will walk you through the following activities:

    • Confirm that you have your tech stack in place.
    • Set up an inquiry with an Info-Tech analyst should you require guidance on evaluating lead pipeline reporting, CRM, or analytics applications.

    This step involves the following participants:

    • Stakeholders
    • Project sponsors and leaders

    Outcomes of this step

    • Understanding of what new application and technology support is required to support lead scoring.

    SoftwareReviews Advisory Insight:

    Marketers that collaborate closely with Marketing Ops/IT early in the process of lead scoring design will be best able to assess whether current marketing applications and tools can support a full lead scoring capability.

    1.2.1 Plan technology support for marketing management apps

    Work with Marketing Ops and IT early to evaluate application enablement for lead management, including scoring

    A thorough evaluation takes months – start early

    • Work closely with Marketing Operations (or the team that manages the marketing apps and digital platforms) as early as possible to socialize your approach to lead scoring.
    • Work with them on a set of updated requirements for selecting a marketing management suite or for changes to existing apps and tools to support your lead scoring approach that includes lead tracking and marketing funnel analytics.
    • Access the Info-Tech blueprint Select a Marketing Management Suite, along with analyst inquiry support during the requirements definition, vendor evaluation, and vendor selection phases. Use the SoftwareReviews Marketing Management Data Quadrant during vendor evaluation and selection.

    SoftwareReviews Marketing Management Data Quadrant

    The image contains a screenshot of the Marketing Management Data Quadrant.

    1.2.2 Plan technology support for sales opportunity management

    Work with Marketing Ops and IT early to evaluate applications for sales opportunity management

    A thorough evaluation takes months – start early

    • Work closely with Sales Operations as early as possible to socialize your approach to lead scoring and how lead management must integrate with sales opportunity management to manage the entire marketing and sales funnel management process.
    • Work with them on a set of updated requirements for selecting a sales opportunity management application that integrates with your marketing management suite or for changes to existing apps and tools to support your lead management and scoring approach that support the entire marketing and sales pipeline with analytics.

    Access the Info-Tech blueprint Select and Implement a CRM Platform, along with analyst inquiry support during the requirements definition, vendor evaluation, and vendor selection phases. Use the SoftwareReviews CRM Data Quadrant during vendor evaluation and selection.

    SoftwareReviews Customer Relationship Management Data Quadrant

    The image contains a screenshot of the SoftwareReviews Customer Relationship Management Data Quadrant.

    1.2.3 Plan analytics support for marketing pipeline analysis

    Work with Marketing Ops early to evaluate analytics tools to measure marketing and sales pipeline conversions

    A thorough evaluation takes weeks – start early

    • Work closely with Marketing and Sales Operations as early as possible to socialize your approach to measuring the lifecycle of contacts through to wins across the entire marketing and sales funnel management process.
    • Work with them on a set of updated requirements for selecting tools that can support the measurement of conversion ratios from contact to MQL, SQL, and opportunity to wins. Having this data enables you to measure improvement in component parts to your lead generation engine.
    • Access the Info-Tech blueprint Select and Implement a Reporting and Analytics Solution, along with analyst inquiry support during the requirements definition, vendor evaluation and vendor selection phases. Use the SoftwareReviews Best Business intelligence & Analytics Software Data Quadrant as well during vendor evaluation and selection.

    SoftwareReviews Business Intelligence Data Quadrant

    The image contains a screenshot of the Software Reviews Business Intelligent Quadrant.

    Step 1.3

    Catalog Your Buyer Journey and Lead Gen Engine Assets

    Activities

    1.3.1 Review marketing pipeline terminology

    1.3.2 Describe your buyer journey

    1.3.3 Describe your awareness and lead generation engine

    This step will walk you through the following activities:

    • Discuss marketing funnel terminology.
    • Describe your buyer journey.
    • Catalog the elements of your lead generation engine.

    This step involves the following participants:

    • Stakeholders

    Outcomes of this step

    • Stakeholder alignment on terminology, your buyer journey, and elements of your lead generation engine

    1.3.1 Review marketing pipeline terminology

    30 minutes

    1. We assume for this model the following:
      1. Our primary objective is to deliver more, and more-highly qualified, sales-qualified leads (SQLs) to our salesforce. The salesforce will accept SQLs and after further qualification turn them into opportunities. Sellers work opportunities and turn them into wins. Wins that had first/last touch attribution within the lead gen engine are considered marketing-influenced wins.
      2. This model assumes the existence of sales development reps (SDRs) whose mission it is to take marketing-qualified leads (MQLs) from the lead generation engine and further qualify them into SQLs.
      3. The lead generation engine takes contacts – visitors to activities, website, etc. – and scores them based on their profile and engagement. If the contact scores at or above the designated threshold, the lead generation engine rates it as an MQL and passes it along to Inside Sales/SDRs. If the contact scores above a certain threshold and shows promise, it is further nurtured. If the contact score is low, it is ignored.
    2. If an organization does not possess a team of SDRs or Inside Sales, you would adjust your version of the model to, for example, raise the threshold for MQLs, and when the threshold is reached the lead generation engine would pass the lead to Field Sales for further qualification.

    Stage

    Characteristics

    Actions

    Contact

    • Unqualified
    • No/low activity

    Nurture

    SDR Qualify

    Send to Sales

    Close

    MQL

    • Profile scores high
    • Engagement strong

    SQL

    • Profile strengthened
    • Demo/quote/next step confirmed

    Oppt’y

    • Sales acceptance
    • Sales opportunity management

    Win

    • Deal closed

    SoftwareReviews Advisory Insight:

    Score leads in a way that makes it crystal clear whether they should be ignored, further nurtured, further qualified, or go right into a sellers’ hands as a super hot lead.

    1.3.2 Describe your buyer journey

    1. Understand the concept of the buyer journey:
      1. Typically Product Marketing is charged with establishing deep understanding of the target buyer for each product or solution through a complete buyer persona and buyer journey map. The details of how to craft both are covered in the upcoming SoftwareReviews Advisory blueprint Craft a More Comprehensive Go-to-Market Strategy. However, we share our Buyer Journey Template here (on the next slide) to illustrate the connection between the buyer journey and the lead generation and scoring processes.
      2. Marketers and campaigners developing the lead scoring methodology will work closely with Product Marketing, asking them to document the buyer journey.
      3. The value of the buyer journey is to guide asset/content creation, nurturing strategy and therefore elements of the lead generation engine such as web experience, email, and social content and other elements of engagement.
      4. The additional value of having a buyer persona is to also inform the ICP, which is an essential element of lead scoring.
      5. For the purposes of lead scoring, use the template on the next slide to create a simple form of the buyer journey. This will guide lead generation engine design and the scoring of activities later in our blueprint.

    2 hours

    On the following slide:

    1. Tailor this template to suit your buyer journey. Text in green is yours to modify. Text in black is instructional.
    2. Your objective is to use the buyer journey to identify asset types and a delivery channel that once constructed/sourced and activated within your lead gen engine will support the buyer journey.
    3. Keep your buyer journey updated based on actual journeys of sales wins.
    4. Complete different buyer journeys for different product areas. Complete these collaboratively with stakeholders for alignment.

    SoftwareReviews Advisory Insight:

    Establishing a buyer journey is one of the most valuable tools that, typically, Product Marketing produces. Its use helps campaigners, product managers, and Inside and Field Sales. Leading marketers keep journeys updated based on live deals and characteristics of wins.

    Buyer Journey Template

    Personas: [Title] e.g. “BI Director”

    The image contains a screenshot of the describe persona level as an example.

    [Persona name] ([levels it includes from arrows above]) Buyer’s Journey for [solution type] Vendor Selection

    The image contains a screenshot of the Personas Type example to demonstrate a specific IT role, end use in a relevant department.

    1.3.3 Describe Your Awareness and Lead Gen Engine

    1. Understand the workings of a typical awareness and lead generation engine. Reference the image of a lead gen engine on the following slide when reviewing our guidance below:
      1. In our lead scoring example found in the Lead Scoring Workbook, tab 3, “Weight and Test,” we use a software company selling a sales automation solution, and the engagement activities match with the Typical Awareness and Lead Gen Engine found on the following slide. Our goal is to match a visual representation of a lead gen and awareness engine with the activity scoring portion of lead scoring.
      2. At the top of the Typical Awareness and Lead Generation Engine image, the activities are activated by a team of various roles: digital manager (new web pages), campaign manager (emails and paid media), social media marketer (organic and paid social), and events marketing manager (webinars).
      3. “Awareness” – On the right, the slide shows additional awareness activities driven by the PR/Corporate Comms and Analyst Relations teams.*
      4. The calls to action (CTAs) found in the outreach activities are illustrated below the timeline. The CTAs are grouped and are designed to 1) drive profile capture data via a main sales form fill, and 2) drive engagement that corresponds to the Education, Solution, and Selection buyer journey phases outlined on the prior slide. Ensure you have fast paths to get a hot lead – request a demo – directly to Field Sales when profiles score high.

    * For guidance on best practices in engaging industry analysts, contact your engagement manager to schedule an inquiry with our expert in this area. during that inquiry, we will share best practices and recommended analyst engagement models.

    Lead Scoring Workbook

    2 hours

    On the following slide:

    1. Tailor the slide to describe your lead generation engine as you will use it when you get to latter steps to describe the activities in your lead gen engine and weight them for lead scoring.
    2. Use the template to see what makes up a typical lead gen and awareness building engine. Record your current engine parts and see what you may be missing.
    3. Note: The “Goal” image in the upper right of the slide is meant as a reminder that marketers should establish a goal for SQLs delivered to Field Sales for each campaign.

    SoftwareReviews Advisory Insight:

    Marketing’s primary mission is to deliver marketing-influenced wins (MIWs) to the company. Building a compelling awareness and lead gen engine must be done with that goal in mind. Leaders are ruthless in testing – copy, email subjects, website navigation, etc. – to fine-tune the engine and staying highly collaborative with sellers to ensure high value lead delivery.

    Typical Awareness and Lead Gen Engine

    Understand how a typical lead generation engine works. Awareness activities are included as a reference. Use as a template for campaigns.

    The image contains a screenshot of a diagram to demonstrate how a lead generation engine works.

    Phase 2

    Build and Test Your Lead Scoring Model

    Phase 1

    Phase 2

    Phase 3

    1.1 Establish a cross-functional vision for lead scoring

    1.2 Asses your tech stack for lead scoring (optional)

    1.3 Catalog your buyer journey and lead gen engine assets

    2.1 Start building your lead scoring model

    2.2 Identify and verify your IPC and weightings

    2.3 Establish key lead generation activities and assets

    3.1 Apply model to your marketing management software

    3.2 Test the quality of sales-accepted leads

    3.3 Apply advanced methods

    This phase will walk you through the following activities:

    1. Understand the Lead Scoring Grid and establish thresholds.
    2. Collaborate with stakeholders on your ICP, apply weightings to profile attributes and values, and test.
    3. Identify the key activities and assets of your lead gen engine, weight attributes, and run tests.

    This phase involves the following participants:

    • Field Marketing/Campaign Manager
    • Product Marketing
    • Sales Leadership/Sales Operations
    • Inside Sales leadership
    • Marketing Operations/IT
    • Digital Platform leadership

    Step 2.1

    Start Building Your Lead Scoring Model

    Activities

    2.1.1 Understand the Lead Scoring Grid

    2.1.2 Identify thresholds

    This step will walk you through the following activities:

    • Discuss the concept of the thresholds for scoring leads in each of the various states – “ignore,” “nurture,” “qualify,” “send to sales.”
    • Open the Lead Scoring Workbook and validate your own states to suit your organization.
    • Arrive at an initial set of threshold scores.

    This step involves the following participants:

    • Stakeholders

    Outcomes of this step

    • Stakeholder alignment on stages
    • Stakeholder alignment on initial set of thresholds

    2.1.1 Understand the Lead Scoring Grid

    30 minutes

    1. Understand how lead scoring works and our grid is constructed.
    2. Understand the two important areas of the grid and the concept of how the contact’s scores will increase as follows:
      1. Profile – as the profile attributes of the contact approaches that of the ICP we want to score the contact/prospect higher. Note: Step 1.3 walks you through creating your ICP.
      2. Engagement – as the contact/prospect engages with the activities (e.g. webinars, videos, events, emails) and assets (e.g. website, whitepapers, blogs, infographics) in our lead generation engine, we want to score the contact/prospect higher. Note: You will describe your engagement activities in this step.
    3. Understand how thresholds work:
      1. Threshold percentages, when reached, trigger movement of the contact from one state to the next – “ignore,” “nurture,” “qualify with Inside Sales,” and “send to sales.”
    The image contains a screenshot of an example of the lead scoring grid, as described in the text above.

    2.1.2 Identify thresholds

    30 minutes

    We have set up a model Lead Scoring Grid – see Lead Scoring Workbook, tab 2, “Identify Thresholds.”

    Set your thresholds within the Lead Scoring Workbook:

    • Set your threshold percentages for ”Profile” and “Engagement.”
    • You will run test scenarios for each in later steps.
    • We suggest you start with the example percentages given in the Lead Scoring Workbook and plan to adjust them during testing in later steps.
    • Define the “Send to Sales,” “Qualify With Inside Sales,” “Nurture,” and “Ignore” zones.

    SoftwareReviews Advisory Insight:

    Clarify that all-important threshold for when a lead passes to your expensive and time-starved outbound sellers.

    The image contains a screenshot of the Lead Scoring Workbook, tab 2 demonstrating the Lead Scoring Grid.

    Lead Scoring Workbook

    Step 2.2

    Identify and Verify Your Ideal Customer Profile and Weightings

    Activities

    2.2.1 Identify your ideal customer profile

    2.2.2 Run tests to validate profile weightings

    This step will walk you through the following activities:

    • Identify the attributes that compose the ICP.
    • Identify the values of each attribute and their weightings.
    • Test different contact profile scenarios against what actually makes sense.
    • Adjust weightings if needed.

    This step involves the following participants:

    • Stakeholders

    Outcomes of this step

    • Stakeholder alignment on ICP
    • Stakeholder alignment on weightings given to attributes
    • Tested results to verify thresholds and cores

    2.2.1 Identify your ideal customer profile

    Collaborate with stakeholders to understand what attributes best describe your ICP. Assign weightings and subratings.

    2 hours

    1. Choose attributes such as job role, organization type, number of employees/potential seat holders, geographical location, interest area, etc., that describe the ideal profile of a target buyer. Best practice sees marketers choosing attributes based on real wins.
    2. Some marketers compare the email domain of the contact to a target list of domains. In the Lead Scoring Workbook, tab 3, “Weight and Test,” we provide an example profile for a “Sales Automation Software” ICP.
    3. Use the workbook as a template, remove our example, and create your own ICP attributes. Then weight the attributes to add up to 100%. Add in the attribute values and weight them. In the next step you will test scenarios.

    SoftwareReviews Advisory Insight:

    Marketers who align with colleagues in areas such as Product Marketing, Sales, Inside Sales, Sales Training/Enablement, and Product Managers and document the ICP give their organizations a greater probability of lead generation success.

    The image contains a screenshot of tab 3, demonstrating the weight and test with the example profile.

    Lead Scoring Workbook

    2.2.2 Run tests to validate profile weightings

    Collaborate with stakeholders to run different profile scenarios. Validate your model including thresholds.

    The image contains a screenshot of tab 3 to demonstrate the next step of running tests to validate profile weightings.

    SoftwareReviews Advisory Insight:

    Keep your model simple in the interest of fast implementation and to drive early learnings. The goal is not to be perfect but to start iterating toward success. You will update your scoring model even after going into production.

    2 hours

    1. Choose scenarios of contact/lead profile attributes by placing a “1” in the “Attribute” box shown at left.
    2. Place your estimate of how you believe the profile should score in the box to the right of “Estimated Profile State.” How does the calculated state, beneath, compare to the estimated state?
    3. In cases where the calculated state differs from your estimated state, consider weighting the profile attribute differently to match.
    4. If you find estimates and calculated states off dramatically, consider changing previously determined thresholds in tab 2, “Identify Thresholds.” Test multiple scenarios with your team.

    Lead Scoring Workbook

    Step 2.3

    Establish Key Lead Generation Activities and Assets

    Activities

    2.3.1 Establish activities, attribute values, and weights

    2.3.2 Run tests to evaluate activity ratings

    This step will walk you through the following activities:

    • Identify the activities/asset types in your lead gen engine.
    • Weight each attribute and define values to score for each one.
    • Run tests to ensure your model makes sense.

    This step involves the following participants:

    • Stakeholders
    • Project sponsors and leaders

    Outcomes of this step

    • Final stakeholder alignment on which assets compose your lead generation engine
    • Scoring model tested

    2.3.1 Establish activities, attribute values, and weights

    2 hours

    1. Catalog the assets and activities that compose your lead generation engine outlined in Activity 1.3.3. Identify their attribute values and weight them accordingly.
    2. Consider weighting attributes and values according to how close that asset gets to conveying your ideal call to action. For example, if your ideal CTA is “schedule a demo” and the “click” was submitted in the last seven days, it scores 100%. Take time decay into consideration. If that same click was 60 days ago, it scores less – maybe 60%.
    3. Different assets convey different intent and therefore command different weightings; a video comparing your offering against the competition, considered a down funnel asset, scores higher than the company video, considered a top-of-the-funnel activity and “awareness.”
    The image contains a screenshot of the next step of establishing activities, attribute values, and weights.

    Lead Scoring Workbook

    2.3.2 Run tests to validate activity weightings

    Collaborate with stakeholders to run different engagement scenarios. Validate your model including thresholds.

    The image contains a screenshot of activity 2.3.2: run tests to validate activity weightings.

    SoftwareReviews Advisory Insight:

    Use data from actual closed deals and the underlying activities to build your model – nothing like using facts to inform your key decisions. Use common sense and keep things simple. Then update further when data from new wins appears.

    2 hours

    1. Test scenarios of contact engagement by placing a “1” in the “Attribute” box shown at left.
    2. Place your estimate of how you believe the engagement should score in the box to the right of “Estimated Engagement State.” How does the calculated state, beneath, compare to the estimated state?
    3. In cases where the calculated state differs from your estimated state, consider weighting the activity attribute differently to match.
    4. If you find that the estimates and calculated states are off dramatically, consider changing previously determined thresholds in tab 2, “Identify Thresholds.” Test multiple scenarios with your team.

    Lead Scoring Workbook

    Phase 3

    Apply Your Model to Marketing Apps and Go Live With Better Qualified Leads

    Phase 1

    Phase 2

    Phase 3

    1.1 Establish a cross-functional vision for lead scoring

    1.2 Asses your tech stack for lead scoring (optional)

    1.3 Catalog your buyer journey and lead gen engine assets

    2.1 Start building your lead scoring model

    2.2 Identify and verify your IPC and weightings

    2.3 Establish key lead generation activities and assets

    3.1 Apply model to your marketing management software

    3.2 Test the quality of sales-accepted leads

    3.3 Apply advanced methods

    This phase will walk you through the following activities:

    1. Apply model to your marketing management/campaign management software.
    2. Get better qualified leads in the hands of sellers.
    3. Apply lead nurturing and other advanced methods.

    This phase involves the following participants:

    • Field Marketing/Campaign Manager
    • Sales Leadership/Sales Operations
    • Inside Sales leadership
    • Marketing Operations/IT
    • Digital Platform leadership

    Step 3.1

    Apply Model to Your Marketing Management Software

    Activities

    3.1.1 Apply final model to your lead management software

    This step will walk you through the following activities:

    • Apply the details of your scoring model to the lead management software.

    This step involves the following participants:

    • Stakeholders
    • Project sponsors and leaders

    Outcomes of this step

    • Marketing management software or campaign management application is now set up/updated with your lead scoring approach.

    3.1.1 Apply final model to your lead management software

    Now that your model is complete and ready to go into production, input your lead scoring parameters into your lead management software.

    The image contains a screenshot of activity 3.1.1 demonstrating tab 4 of the Lead Scoring Workbook.

    3 hours

    1. Go to the Lead Scoring Workbook, tab 4, “Model Summary” for a formatted version of your lead scoring model. Double-check print formatting and print off a copy.
    2. Use the copy of your model to show to prospective technology providers when asking them to demonstrate their lead scoring capabilities.
    3. Once you have finalized your model, use the printed output from this tab to ease your process of transposing the corresponding model elements into your lead management software.

    Lead Scoring Workbook

    Step 3.2

    Test the Quality of Sales-Accepted Leads

    Activities

    3.2.1 Achieve sales lead acceptance

    3.2.2 Measure and optimize

    This step will walk you through the following activities:

    • Suggest that the Inside Sales and Field Sales teams should assess whether to sign off on quality of leads received.
    • Campaign managers and stakeholders should now be able to track lead status more effectively.

    This step involves the following participants:

    • Stakeholders
    • Project sponsors and leaders

    Outcomes of this step

    • Sales leadership should be able to sign off that leads are better qualified.
    • With marketing pipeline analytics in place, campaigners can start to measure lead flow and conversion rates.

    3.2.1 Achieve sales lead acceptance

    Collaborate with sellers to validate your lead scoring approach.

    1 hour

    1. Gather a set of SQLs – leads that have been qualified by Inside Sales and delivered to Field Sales. Have Field Sales team members convey whether these leads were properly qualified.
    2. Where leads are deemed not properly qualified, determine if the issue was a) a lack of proper qualification by the Inside Sales team, or b) the lead generation engine, which should have further nurtured the lead or ignored it outright.
    3. Work collaboratively with Inside Sales to update your lead scoring model and/or Inside Sales practice.

    Stage

    Characteristics

    Actions

    Contact

    • Unqualified
    • No/low activity

    Nurture

    SDR Qualify

    Send to Sales

    Close

    MQL

    • Profile scores high
    • Engagement strong

    SQL

    • Profile strengthened
    • Demo/quote/next step confirmed

    Oppt’y

    • Sales acceptance
    • Sales opportunity management

    Win

    • Deal closed

    SoftwareReviews Advisory Insight:

    Marketers that collaborate with Sales – and in this case, a group of sellers as a sales advisory team – well in advance of sales acceptance to design lead scoring will save time during this stage, build trust with sellers, and make faster decisions related to lead management/scoring.

    3.2.2 Measure and optimize

    Leverage analytics that help you optimize your lead scoring methodology.

    Ongoing

    1. Work with Marketing Ops/IT team to design and implement analytics that enable you to:
    2. Meet frequently with your stakeholder team to review results.
    3. Learn from the wins: see how they actually scored and adjust thresholds and/or asset/activity weightings.
    4. Learn from losses: fix ineffective scoring, activities, assets, form-fill strategies, and engagement paths.
    5. Test from both wins and losses if demographic weightings are delivering accurate scores.
    6. Analyze those high scoring leads that went right to sellers but did not close. This could point to a sales training or enablement challenge.
    The image contains a screenshot of the lead scoring dashboard.

    Analytics will also drive additional key insights across your lead gen engine:

    • Are volumes increasing or decreasing? What percentage of leads are in what status (A1-D4)?
    • What nurturing will re-engage stalled leads that score high in profile but low in engagement (A3, B3)?
    • Will additional profile data capture further qualify leads with high engagement (C1, C2)?
    • And beyond all of the above, what leads move to Inside Sales and convert to SQLs, opportunities, and eventually marketing-influenced wins?

    Step 3.3

    Apply Advanced Methods

    Activities

    3.3.1 Employ lead nurturing strategies

    3.3.2 Adjust your model over time to accommodate more advanced methods

    This step will walk you through the following activities:

    • Apply lead nurturing to your lead gen engine.
    • Adjust your engine over time with more advanced methods.

    This step involves the following participants:

    • Stakeholders
    • Project sponsors and leaders

    Outcomes of this step

    • Marketers can begin to test lead nurturing strategies and other advanced methods.

    3.3.1 Employ lead nurturing strategies

    A robust content marketing competence with compelling assets and the capture of additional profile data for qualification are key elements of your nurturing strategy.

    The image contains a screenshot of the Lead Scoring Grid with a focus on Nurture.

    SoftwareReviews Advisory Insight:

    Nurturing success combines the art of crafting engaging copy/experiences and the science of knowing just where a prospect is within your lead gen engine. Great B2B marketers demonstrate the discipline of knowing when to drive engagement and/or additional profile attribute capture using intent while not losing the prospect to over-profiling.

    Ongoing

    1. The goal of lead nurturing is to move the collection of contacts/leads that are scoring, for example, in the A3, B3, C1, C2, and C3 cells into A2, B2, and B1 cells.
    2. How is this best done? To nurture leads that are A3 and B3, entice the prospect with engagement that leads to the bottom of funnel – e.g. “schedule a demo” or “schedule a consultation” via a compelling asset. See the example on the following slide.
    3. To nurture C1 and C2, we need to qualify them further, so entice with an asset that leads to deeper profile knowledge.
    4. For C3 leads, we need both profile and activity nurturing.

    Lead nurturing example

    The image contains an example of a lead nurturing example.

    SoftwareReviews Advisory Insight:

    When nurturing, choose/design content as to what “intent” it satisfies. For example, a head-to-head comparison with a key competitor signals “Selection” phase of the buyer journey. Content that helps determine what app-type to buy signals “Solution”. A company video, or a webinar replay, may mean your buyer is “educating themselves.

    3.3.2 Adjust your model over time to accommodate more advanced methods

    When getting started or within a smaller marketing team, focus on the basics outlined thus far in this blueprint. Larger and/or more experienced teams are able to employ more advanced methods.

    Ongoing

    Advanced Methods

    • Invest in technologies that interpret lead scores and trigger next-step actions, especially outreach by Inside and/or Field Sales.
    • Use the above to route into nurturing environments where additional engagement will raise scores and trigger action.
    • Recognize that lead value decays with time to time additional outreach/activities and to reduce lead scores over time.
    • Always be testing different engagement, copy, and subsequent activities to optimize lead velocity through your lead gen engine.
    • Build intent sensitivity into engagement activities; e.g. test if longer demo video engagement times imply ”contact me for a demo” via a qualification outreach. Update scores manually to drive learnings.
    • Vary engagement paths by demographics to deliver unique digital experiences. Use firmographics/email domain to drive leads through a more tailored account-based marketing (ABM) experience.
    • Reapply learnings from closed opportunities/wins to drive updates to buyer journey mapping and your ICP.

    Frequently used acronyms

    ABM

    Account-Based Marketing

    B2B

    Business to Business

    CMO

    Chief Marketing Officer

    CRM

    Customer Relationship Management

    ICP

    Ideal Customer Profile

    MIW

    Marketing-Influenced Win

    MQL

    Marketing-Qualified Lead

    SDR

    Sales Development Representative

    SQL

    Sales-Qualified Lead

    Works cited

    Arora, Rajat. “Mining the Real Gems from you Data – Lead Scoring and Engagement Scoring.” LeadSquared, 27 Sept. 2014. Web.

    Doyle, Jen. “2012 B2B Marketing Benchmark Report: Research and insights on attracting and converting the modern B2B buyer.” MarketingSherpa, 2012. Web.

    Doyle, Jen, and Sergio Balegno. “2011 MarketingSherpa B2B Marketing Benchmark Survey: Research and Insights on Elevating Marketing Effectiveness from Lead Generation to Sales Conversion.” MarketingSherpa, 2011.

    Kirkpatrick, David. “Lead Scoring: CMOs realize a 138% lead gen ROI … and so can you.” marketingsherpa blog, 26 Jan 2012. Web.

    Moser, Jeremy. “Lead Scoring Is Important for Your Business: Here’s How to Create Scoring Model and Hand-Off Strategy.” BigCommerce, 25 Feb. 2019. Web.

    Strawn, Joey. “Why Lead Scoring Is Important for B2Bs (and How You Can Implement It for Your Company.” IndustrialMarketer.com, 17 Aug. 2016. Web.

    Mature and Scale Product Ownership

    • Buy Link or Shortcode: {j2store}145|cart{/j2store}
    • member rating overall impact (scale of 10): 9.5/10 Overall Impact
    • member rating average dollars saved: $21,919 Average $ Saved
    • member rating average days saved: 13 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Product owners must bridge the gap between the customers, operations, and delivery to ensure products continuously deliver increasing value.
    • Product owners are often assigned to projects or product delivery without proper support, guidance, or alignment.
    • In many organizations, the product owner role is not well-defined, serves as a proxy for stakeholder ownership, and lacks reinforcement of the key skills needed to be successful.

    Our Advice

    Critical Insight

    A product owner is the CEO for their product. Successful product management starts with empowerment and accountability. Product owners own the vision, roadmap, and value realization for their product or family aligned to enterprise goals and priorities.

    • Product and service ownership share the same foundation - underlying capabilities and best practices to own and improve a product or service are identical for both roles. Use the terms that make the most sense for your culture.
    • Product owners represent three primary perspectives: Business (externally facing), Technical (systems and tools), or Operational (manual processes). Although all share the same capabilities, how they approach their responsibilities is influenced by their primary perspective.
    • Product owners are operating under an incomplete understanding of the capabilities needed to succeed. Most product/service owners lack a complete picture of the needed capabilities, skills, and activities to successfully perform their roles.

    Impact and Result

    • Create a culture of product management trust and empowerment with product owners aligned to your operational structure and product needs.
    • Promote and develop true Agile skills among your product owners and family managers.
    • Implement Info-Tech’s product owner capability model to define the role expectations and provide a development path for product owners.

    Mature and Scale Product Ownership Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Mature and Scale Product Ownership Storyboard – Establish a culture of success for product management and mature product owner capabilities.

    Strengthen the product owner role in your organization by focusing on core capabilities and proper alignment.

  • Establish a foundation for empowerment and success.
  • Assign and align product owners with products and stakeholders.
  • Mature product owner capabilities and skills.
    • Mature and Scale Product Ownership Storyboard

    2. Mature and Scale Product Ownership Readiness Assessment – Determine your readiness for a product-centric culture based on Info-Tech’s CLAIM+G model.

    Using Info-Tech’s CLAIM model, quickly determine your organization’s strengths and weaknesses preparing for a product culture. Use the heat map to identify key areas.

    • Mature and Scale Product Ownership Readiness Assessment

    3. Mature and Scale Product Ownership Playbook – Playbook for product owners and product managers.

    Use the blueprint exercises to build your personal product owner playbook. You can also use the workbook to capture exercise outcomes.

    • Mature and Scale Product Ownership Playbook

    4. Mature and Scale Product Ownership Workbook – Workbook for product owners and product managers.

    Use this workbook to capture exercise outcomes and transfer them to your Mature and Scale Product Ownership Playbook (optional).

    • Mature and Scale Product Ownership Workbook

    5. Mature and Scale Product Ownership Proficiency Assessment – Determine your current proficiency and improvement areas.

    Product owners need to improve their core capabilities and real Agile skills. The assessment radar will help identify current proficiency and growth opportunities.

    • Mature and Scale Product Ownership Proficiency Assessment
    [infographic]

    Workshop: Mature and Scale Product Ownership

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish the foundation for product ownership

    The Purpose

    Establish the foundation for product ownership.

    Key Benefits Achieved

    Product owner playbook with role clarity and RACI.

    Activities

    1.1 Define enablers and blockers of product management.

    1.2 Define your product management roles and names.

    1.3 Assess your product management readiness.

    1.4 Identify your primary product owner perspective.

    1.5 Define your product owner RACI.

    Outputs

    Enablers and blockers

    Role definitions.

    Product culture readiness

    Product owner perspective mapping

    Product owner RACI

    2 Align product owners to products

    The Purpose

    Align product owners to products.

    Key Benefits Achieved

    Assignment of resources to open products.

    A stakeholder management strategy.

    Activities

    2.1 Assign resources to your products and families.

    2.2 Visualize relationships to identify key influencers.

    2.3 Group stakeholders into categories.

    2.4 Prioritize your stakeholders.

    Outputs

    Product resource assignment

    Stakeholder management strategy

    Stakeholder management strategy

    Stakeholder management strategy

    3 Mature product owner capabilities

    The Purpose

    Mature product owner capabilities.

    Key Benefits Achieved

    Assess your Agile product owner readiness

    Assess and mature product owner capabilities

    Activities

    3.1 Assess your real Agile skill proficiency.

    3.2 Assess your vison capability proficiency.

    3.3 Assess your leadership capability proficiency.

    3.4 Assess your PLM capability proficiency.

    3.5 Assess your value realization capability proficiency.

    3.6 Identify your business value drivers and sources of value.

    Outputs

    Real Agile skill proficiency assessment

    Info-Tech’s product owner capability model proficiency assessment

    Info-Tech’s product owner capability model proficiency assessment

    Info-Tech’s product owner capability model proficiency assessment

    Info-Tech’s product owner capability model proficiency assessment

    Business value drivers and sources of value

    Further reading

    Mature and Scale Product Ownership

    Strengthen the product owner’s role in your organization by focusing on core capabilities and proper alignment.

    Executive Brief

    Analyst Perspective

    Empower product owners throughout your organization.

    Hans Eckman

    Whether you manage a product or service, the fundamentals of good product ownership are the same. Organizations need to focus on three key elements of product ownership in order to be successful.

    • Create an environment of empowerment and service leadership to reinforce product owners and product family managers as the true owners of the vision, improvement, and realized the value of their products.
    • Align product and product family owner roles based on operational alignment and the groups defined when scaling product management.
    • Develop your product owners to improve the quality of roadmaps, alignment to enterprise goals, and profit and loss (P&L) for each product or service.

    By focusing the attention of the teammates serving in product owner or service owner roles, your organization will deliver value sooner and respond to change more effectively.

    Hans Eckman

    Principal Research Director – Application Delivery and Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Product owners must bridge the gap between the customers, operations, and delivery to ensure products continuously deliver increasing value.

    Product owners are often assigned to projects or product delivery without proper support, guidance, or alignment.

    In many organizations the product owner role is not well-defined, serves as a proxy for stakeholder ownership, and lacks reinforcement of the key skills needed to be successful.

    Common Obstacles

    Organizations have poor alignment or missing product owners between lines of business, IT, and operations.

    Product owners are aligned to projects and demand management rather than long-term strategic product ownership.

    Product families are not properly defined, scaled, and supported within organizations.

    Individuals in product owner roles have an incomplete understanding of needed capabilities and lack a development path.

    Info-Tech's Approach

    Create a culture of product management trust and empowerment with product owners aligned to your operational structure and product needs.

    Promote and develop true Agile skills among your product owners and family managers.

    Implement Info-Tech’s product owner capability model to define the role expectations and provide a development path for product owners.

    Extend product management success using Deliver on Your Digital Product Vision and Deliver Digital Products at Scale.

    Info-Tech Insight

    There is no single correct approach to product ownership. Product ownership must be tuned and structured to meet the delivery needs of your organization and the teams it serves.

    Info-Tech’s Approach

    Product owners make the final decision

    • Establish a foundation for empowerment and success
    • Assign product owners and align with products and stakeholders
    • Mature product owner capabilities and skills
    Product Owner capabilities: Vision, Product Lifecycle Management, Leadership, Value Realization

    The Info-Tech difference

    1. Assign product owners where product decisions are needed, not to match org charts or delivery teams. The product owner has the final word on product decisions.
    2. Organize product owners into related teams to ensure product capabilities delivered are aligned to enterprise strategy and goals.
    3. Shared products and services must support the needs of many product owners with conflicting priorities. Shared service product owners must map and prioritize demand to align to enterprise priorities and goals.
    4. All product owners share the same capability model.

    Insight summary

    There is no single correct approach to product ownership

    Successful product management starts with empowerment and accountability. Product owners own the vision, roadmap, and value realization for their product or family aligned to enterprise goals and priorities.

    Phase 1 insight

    Product owners represent three primary perspectives: business (external-facing), technical (systems and tools), or operational (manual processes). Although all share the same capabilities, how they approach their responsibilities is influenced by their primary perspective.

    Phase 2 insight

    Start with your operational grouping of products and families, identifying where an owner is needed. Then, assign people to the products and families. The owner does not define the product or family.

    Phase 3 insight

    Product owners are operating under an incomplete understanding of the capabilities needed to succeed. Most product/service owners lack a complete picture of the needed capabilities, skills, and activities to successfully perform their roles.

    Product and service ownership share the same foundation

    The underlying capabilities and best practices to own and improve a product or service are identical for both roles. Use the terms that make the most sense for your culture.

    Map product owner roles to your existing job titles

    Identify where product management is needed and align expectations with existing roles. Successful product management does not require a dedicated job family.

    Projects can be a mechanism for funding product changes and improvements

    Projects can be a mechanism for funding product changes and improvements. Shows difference of value for project life-cycles, hybrid life-cycles, and product life-cycles.

    Projects within products

    Regardless of whether you recognize yourself as a product-based or project-based shop, the same basic principles should apply.

    You go through a period or periods of project-like development to build a version of an application or product.

    You also have parallel services along with your project development, which encompass the more product-based view. These may range from basic support and maintenance to full-fledged strategy teams or services like sales and marketing.

    Product and services owners share the same foundation and capabilities

    For the purpose of this blueprint, product/service and product owner/service owner are used interchangeably. The term “product” is used for consistency but would apply to services, as well.

    Product = Service

    Common foundations: Focus on continuous improvement, ROI, and value realization. Clear vision, goals, roadmap, and backlog.

    “Product” and “service” are terms that each organization needs to define to fit its culture and customers (internal and external). The most important aspect is consistent use and understanding of:

    • External products
    • Internal products
    • External services
    • Internal services
    • Products as a service (PaaS)
    • Productizing services (SaaS)

    Recognize the product owner perspectives

    The 3 product owner perspectives. 1. Business: Customer-facing, value-generating. 2. Technical: IT systems and tools. 3. Operations: Keep-the-lights-on processes.

    Product owners represent one of three primary perspectives. Although all share the same capabilities, how they approach their responsibilities is influenced by their primary perspective.

    Info-Tech Insight

    Product owners must translate needs and constraints from their perspective into the language of their audience. Kathy Borneman, Digital Product Owner at SunTrust Bank, noted the challenges of finding a common language between lines of business and IT (e.g. what is a unit?).

    Match your product management role definitions to your product family levels

    Product ownership exists at the different operational tiers or levels in your product hierarchy. This does not imply a management relationship.

    Product portfolio

    Groups of product families within an overall value stream or capability grouping.

    Project portfolio manager

    Product family

    A collection of related products. Products can be grouped along architectural, functional, operational, or experiential patterns.

    Product family manager

    Product

    Single product composed of one or more applications and services.

    Product owner

    Info-Tech Insight

    Define the current roles that will perform the product management function or define consistent role names to product owners and managers.

    Align enterprise value through product families

    Product families are operational groups based on capabilities or business functions. Product family managers translate goals, priorities, and constraints so they are actionable at the next level. Product owners prioritize changes to enhance the capabilities that allow you to realize your product family. Enabling capabilities realize value and help reach your goals.

    Understand special circumstances

    In Deliver Digital Products at Scale, products were grouped into families using Info-Tech’s five scaling patterns. Assigning owners to Enterprise Applications and Shared Services requires special consideration.

    Value stream alignment

    • Business architecture
      • Value stream
      • Capability
      • Function
    • Market/customer segment
    • Line of business (LoB)
    • Example: Customer group > value stream > products

    Enterprise applications

    • Enabling capabilities
    • Enterprise platforms
    • Supporting apps
    • Example: HR > Workday/Peoplesoft > Modules Supporting: Job board, healthcare administrator

    Shared Services

    • Organization of related services into service family
    • Direct hierarchy does not necessarily exist within the family
    • Examples: End-user support and ticketing, workflow and collaboration tools

    Technical

    • Domain grouping of IT infrastructure, platforms, apps, skills, or languages
    • Often used in combination with Shared Services grouping or LoB-specific apps
    • Examples: Java, .NET, low-code, database, network

    Organizational alignment

    • Used at higher levels of the organization where products are aligned under divisions
    • Separation of product managers from organizational structure is no longer needed because the management team owns the product management role

    Map sources of demand and influencers

    Use the stakeholder analysis to define the key stakeholders and sources of demand for enterprise applications and shared services. Extend your mapping to include their stakeholders and influencers to uncover additional sources of demand and prioritization.

    Map of key stakeholders for enterprise applications and shared services.

    Info-Tech Insight

    Your product owner map defines the influence landscape your product operates. It is every bit as important as the teams who enhance, support and operate your product directly.

    Combine your product owner map with your stakeholder map to create a comprehensive view of influencers.

    The primary value of the product owner is to fill the backlog with the highest ROI opportunities aligned with enterprise goals.

    Info-Tech Insight

    The product owner owns the direction of the product.

    • Roadmap - Where are we going?
    • Backlog - What changes are needed to get there?
    • Product review - Did we get close enough?

    Product delivery realizes value for your product family

    While planning and analysis are done at the family level, work and delivery are done at the individual product level.

    Product strategy includes: Vision, Goals, Roadmap, backlog and Release plan.

    Product family owners are more strategic

    When assigning resources, recognize that product family owners will need to be more strategic with their planning and alignment of child families and products.

    Product family owners are more strategic. They require a roadmap that is strategic, goal-based, high-level, and flexible.

    Info-Tech Insight

    Roadmaps for your product family are, by design, less detailed. This does not mean they aren’t actionable! Your product family roadmap should be able to communicate clear intentions around the future delivery of value in both the near and long term.

    Connecting your product family roadmaps to product roadmaps

    Your product and product family roadmaps should be connected at an artifact level that is common between both. Typically, this is done with capabilities, but it can be done at a more granular level if an understanding of capabilities isn’t available.

    Product family roadmap versus Product Roadmaps.

    Develop a product owner stakeholder strategy

    Stakeholder management, Product lifecycle, Project delivery, Operational support.

    Stakeholders are a critical cornerstone to product ownership. They provide the context, alignment, and constraints that influence or control what a product owner can accomplish.

    Product owners operate within a network of stakeholders who represent different perspectives within the organization.

    First, product owners must identify members of their stakeholder network. Next, they should devise a strategy for managing stakeholders.

    Without a stakeholder strategy, product owners will encounter obstacles, resistance, or unexpected changes.

    Create a stakeholder network map to product roadmaps and prioritization

    Follow the trail of breadcrumbs from your direct stakeholders to their influencers, to uncover hidden stakeholders.

    Stakeholder network map defines the influence landscape your product operates. Connectors determine who may be influencing your direct stakeholders.

    Info-Tech Insight

    Your stakeholder map defines the influence landscape your product operates. It is every bit as important as the teams who enhance, support and operate your product directly.

    Use “connectors” to determine who may be influencing your direct stakeholders. They may not have any formal authority within the organization, but they may have informal yet substantive relationships with your stakeholders.

    Being successful at Agile is more than about just doing Agile

    The following represents the hard skills needed to “Do Agile”:

    Being successful at Agile needs 4 hard skills: 1. Engineering skills, 2. Technician Skills, 3. Framework/Process skills, 4. Tools skills.
    • Engineering skills. These are the skills and competencies required for building brand-new valuable software.
    • Technician skills. These are the skills and competencies required for maintaining and operating the software delivered to stakeholders.
    • Framework/Process skills. These are the specific knowledge skills required to support engineering or technician skills.
    • Tools skills. This represents the software that helps you deliver other software.

    While these are important, they are not the whole story. To effectively deliver software, we believe in the importance of being Agile over simply doing Agile.

    Adapted from: “Doing Agile” Is Only Part of the Software Delivery Pie

    Why focus on core skills?

    They are the foundation to achieve business outcomes

    Skills, actions, output and outcomes

    The right skills development is only possible with proper assessment and alignment against outcomes.

    Focus on these real Agile skills

    Agile skills

    • Accountability
    • Collaboration
    • Comfort with ambiguity
    • Communication
    • Empathy
    • Facilitation
    • Functional decomposition
    • Initiative
    • Process discipline
    • Resilience

    Product capabilities deliver value

    As a product owner, you are responsible for managing these facets through your capabilities and activities.

    The core product and value stream consists of: Funding - Product management and governance, Business functionality - Stakeholder and relationship management, and Technology - Product delivery.

    Info-Tech Best Practice

    It is easy to lose sight of what matters when we look at a product from a single point of view. Despite what "The Agile Manifesto" says, working software is not valuable without the knowledge and support that people need in order to adopt, use, and maintain it. If you build it, they will not come. Product owners must consider the needs of all stakeholders when designing and building products.

    Recognize product owner knowledge gaps

    Pulse survey of product owners

    Pulse survey of product owners. Graph shows large percentage of respondents have alignment to common agile definition of product owners. Yet a significant perception gap in P&L, delivery, and analytics.

    Info-Tech Insight

    1. Less than 15% of respondents identified analytics or financial management as a key component of product ownership.
    2. Assess your product owner’s capabilities and understanding to develop a maturity plan.

    Source: Pulse Survey (N=18)

    Implement the Info-Tech product owner capability model

    Unfortunately, most product owners operate with incomplete knowledge of the skills and capabilities needed to perform the role. Common gaps include focusing only on product backlogs, acting as a proxy for product decisions, and ignoring the need for key performance indicators (KPIs) and analytics in both planning and value realization.

    Product Owner capabilities: Vision, Product Lifecycle Management, Leadership, Value Realization

    Vision

    • Market Analysis
    • Business Alignment
    • Product Roadmap

    Leadership

    • Soft Skills
    • Collaboration
    • Decision Making

    Product Lifecycle Management

    • Plan
    • Build
    • Run

    Value Realization

    • KPIs
    • Financial Management
    • Business Model

    Product owner capabilities provide support

    Vision predicts impact of Value realization. Value realization provides input to vision

    Your vision informs and aligns what goals and capabilities are needed to fulfill your product or product family vision and align with enterprise goals and priorities. Each item on your roadmap should have corresponding KPIs or OKRs to know how far you moved the value needle. Value realization measures how well you met your target, as well as the impacts on your business value canvas and cost model.

    Product lifecycle management builds trust with Leadership. Leadership improves quality of Product lifecycle management.

    Your leadership skills improve collaborations and decisions when working with your stakeholders and product delivery teams. This builds trust and improves continued improvements to the entire product lifecycle. A product owner’s focus should always be on finding ways to improve value delivery.

    Product owner capabilities provide support

    Leadership enhances Vision. Vision Guides Product Lifecycle Management. Product Lifecycle Management delivers Value Realization. Leadership enhances Value Realization

    Develop product owner capabilities

    Each capability: Vision, Product lifecycle management, Value realization and Leadership has 3 components needed for successful product ownership.

    Avoid common capability gaps

    Vision

    • Focusing solely on backlog grooming (tactical only)
    • Ignoring or failing to align product roadmap to enterprise goals
    • Operational support and execution
    • Basing decisions on opinion rather than market data
    • Ignoring or missing internal and external threats to your product

    Leadership

    • Failing to include feedback from all teams who interact with your product
    • Using a command-and-control approach
    • Viewing product owner as only a delivery role
    • Acting as a proxy for stakeholder decisions
    • Avoiding tough strategic decisions in favor of easier tactical choices

    Product lifecycle management

    • Focusing on delivery and not the full product lifecycle
    • Ignoring support, operations, and technical debt
    • Failing to build knowledge management into the lifecycle
    • Underestimating delivery capacity, capabilities, or commitment
    • Assuming delivery stops at implementation

    Value realization

    • Focusing exclusively on “on time/on budget” metrics
    • Failing to measure a 360-degree end-user view of the product
    • Skipping business plans and financial models
    • Limiting financial management to project/change budgets
    • Ignoring market analysis for growth, penetration, and threats

    Your product vision is your North Star

    It's ok to dream a little!

    Who is the target customer, what is the key benefit, what do they need, what is the differentiator

    Adapted from: Crossing the Chasm

    Info-Tech Best Practice

    A product vision shouldn’t be so far out that it doesn’t feel real or so short-term that it gets bogged down in minutiae and implementation details. Finding the right balance will take some trial and error and will be different for each organization.

    Leverage the product canvas to state and inform your product vision

    Leverage the product Canvas to state and inform your product vision. Includes: Product name, Tracking info, Vision, List of business objectives or goals, Metrics used to measure value realization, List of groups who consume the product/service, and List of key resources or stakeholders.

    Define product value by aligning backlog delivery with roadmap goals

    In each product plan, the backlogs show what you will deliver. Roadmaps identify when and in what order you will deliver value, capabilities, and goals.

    In each product plan, the backlogs show what you will deliver. Roadmaps identify when and in what order you will deliver value, capabilities, and goals.

    Use a balanced value to establish a common definition of goals and value

    Value drivers are strategic priorities aligned to our enterprise strategy and translated through our product families. Each product and change has an impact on the value driver helping us reach our enterprise goals.

    Importance of the value driver multiplied by the Impact of value score is equal to the Value score.

    Info-Tech Insight

    Your value drivers and impact helps estimate the expected value of roadmap items, prioritize roadmap and backlog items, and identify KPIs and OKRs to measure value realization and actual impact.

    Use CLAIM to guide your journey

    Culture, Learning, Automation, Integrated teams, Metrics and governance.

    Value is best created by self-managing teams who deliver in frequent, short increments supported by leaders who coach them through challenges.

    Product-centric delivery and Agile are a radical change in how people work and think. Structured, facilitated learning is required throughout the transformation to help leaders and practitioners make the shift.

    Product management, Agile, and DevOps have inspired SDLC tools that have become a key part of delivery practices and work management.

    Self-organizing teams that cross business, delivery, and operations are essential to gain the full benefits of product-centric delivery.

    Successful implementations require the disciplined use of metrics that support developing better teams

    Communicate reasons for changes and how they will be implemented

    Five elements of communicating change: What is the change? Why are we doing it? How are we going to go about it? How long will it take us to do it? What will the role be for each department individual?

    Leaders of successful change spend considerable time developing a powerful change message; that is, a compelling narrative that articulates the desired end state, and that makes the change concrete and meaningful to staff.

    The organizational change message should:

    • Explain why the change is needed.
    • Summarize what will stay the same.
    • Highlight what will be left behind.
    • Emphasize what is being changed.
    • Explain how the change will be implemented.
    • Address how change will affect various roles in the organization.
    • Discuss the staff’s role in making the change successful.

    Info-Tech’s methodology for mature and scale product ownership

    Phase steps

    1. Establish the foundation for product ownership

    Step 1.1 Establish an environment for product owner success

    Step 1.2 Establish your product ownership model

    2. Align product owners to products

    Step 2.1 Assign product owners to products

    Step 2.2 Manage stakeholder influence

    3. Mature product owner capabilities

    Step 3.1 Assess your Agile product owner readiness

    Step 3.2 Mature product owner capabilities

    Phase outcomes

    1.1.1 Define enablers and blockers of product management

    1.1.2 Define your product management roles and names

    1.2.1 Identify your primary product owner perspective

    1.2.2 Define your product owner RACI

    2.1.1 Assign resources to your products and families

    2.2.1 Visualize relationships to identify key influencers

    2.2.2 Group stakeholders into categories

    2.2.3 Prioritize your stakeholders

    3.1.1 Assess your real Agile skill proficiency

    3.2 Mature product owner capabilities

    3.2.1 Assess your vision capability proficiency

    3.2.2 Assess your leadership capability proficiency

    3.2.3 Assess your PLM capability proficiency

    3.2.4 Identify your business value drivers and sources of value

    3.2.5 Assess your value realization capability proficiency

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals.

    Key deliverable

    Mature and Scale Product Ownership Playbook

    Capture and organize the outcomes of the activities in the workbook.

    Mature and Scale Product Ownership Workbook

    The workbook helps organize and communicate the outcomes of each activity.

    Mature and Scale Product Ownership Readiness Assessment

    Determine your level of mastery of real Agile skills and product owner capabilities.


    Blueprint benefits

    IT benefits

    • Competent product owner who can support teams operating in any delivery methodology.
    • Representative viewpoint and input from the technical and operational product owner perspectives.
    • Products aligned to business needs and committed work are achievable.
    • Single point of contact with a business representative.
    • Acceptance of product owner role outside the Scrum teams.

    Business benefits

    • Better alignment to enterprise goals, vision, and outcomes.
    • Improved coordination with stakeholders.
    • Quantifiable value realization tied to vision.
    • Product decisions made at the right time and with the right input.
    • Product owner who has the appropriate business, operations, and technical knowledge.

    Measure the value of this blueprint

    Align product owner metrics to product delivery and value realization.

    Member outcome

    Suggested Metric

    Estimated impact

    Increase business application satisfaction Satisfaction of business applications (CIO BV Diagnostic) 20% increase within one year after implementation
    Increase effectiveness of application portfolio management Effectiveness of application portfolio management (M&G Diagnostic) 20% increase within one year after implementation
    Increase importance and effectiveness of application portfolio Importance and effectiveness to business (APA Diagnostic) 20% increase within one year after implementation
    Increase satisfaction of support of business operations Support to business (CIO BV Diagnostic) 20% increase within one year after implementation
    Successfully deliver committed work (productivity) Number of successful deliveries; burndown Reduction in project implementation overrun by 20%

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project"

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Establish the Foundation for Product Ownership

    Phase 2 Align Product Owners to Products

    Phase 3 Mature Product Owner Capabilities

    • Call #1:
      Scope objectives and your specific challenges
    • Call #2:
      Step 1.1 Establish an environment for product owner success
      Step 1.2 Establish your product ownership model
    • Call #3:
      Step 2.1 Assign product owners to products
    • Call #4:
      Step 2.2 Manage stakeholder influence
    • Call #5:
      Step 3.1 Assess your Agile product owner readiness
    • Call #6:
      Step 3.2 Mature product owner capabilities

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 and 12 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Phase 1

    Phase 2

    Phase 3

    Activities

    Establish the Foundation for Product Ownership

    Step 1.1 Establish an environment for product owner success

    1.1.1 Define enablers and blockers of product management

    1.1.2 Define your product management roles and names

    1.1.3 Assess your product management readiness

    Step 1.2 Establish your product ownership model

    1.2.1 Identify your primary product owner perspective

    1.2.2 Define your product owner RACI

    Align Product Owners to Products

    Step 2.1 Assign product owners to products

    2.1.1 Assign resources to your products and families

    Step 2.2 Manage stakeholder influence

    2.2.1 Visualize relationships to identify key influencers

    2.2.2 Group stakeholders into categories

    2.2.3 Prioritize your stakeholders

    Mature Product Owner Capabilities

    Step 3.1 Assess your Agile product owner readiness

    3.1.1 Assess your real Agile skill proficiency

    Step 3.2 Mature product owner capabilities=

    3.2.1 Assess your Vision capability proficiency

    3.2.2 Assess your Leadership capability proficiency

    3.2.3 Assess your PLM capability proficiency

    3.2.4 Identify your business value drivers and sources of value

    3.2.5 Assess your Value Realization capability proficiency

    Deliverables

    1. Enablers and blockers
    2. Role definitions
    3. Product culture readiness
    4. Product owner perspective mapping
    5. Product owner RACI
    1. Product resource assignment
    2. Stakeholder management strategy
    1. Real Agile skill proficiency assessment
    2. Info-Tech’s product owner capability model proficiency assessment
    3. Business value drivers and sources of value

    Related Info-Tech Research

    Product delivery

    Deliver on Your Digital Product Vision

    Build a product vision your organization can take from strategy through execution.

    Deliver Digital Products at Scale

    Deliver value at the scale of your organization through defining enterprise product families.

    Build Your Agile Acceleration Roadmap

    Quickly assess the state of your Agile readiness and plan your path forward to higher value realization.

    Develop Your Agile Approach for a Successful Transformation

    Understand Agile fundamentals, principles, and practices so you can apply them effectively in your organization.

    Implement DevOps Practices That Work

    Streamline business value delivery through the strategic adoption of DevOps practices.

    Extend Agile Practices Beyond IT

    Further the benefits of Agile by extending a scaled Agile framework to the business.

    Build Your BizDevOps Playbook

    Embrace a team sport culture built around continuous business-IT collaboration to deliver great products.

    Embed Security Into the DevOps Pipeline

    Shift security left to get into DevSecOps.

    Spread Best Practices With an Agile Center of Excellence

    Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Enable Organization-Wide Collaboration by Scaling Agile

    Execute a disciplined approach to rolling out Agile methods in the organization.

    Related Info-Tech Research

    Application portfolio management

    APM Research Center

    See an overview of the APM journey and how we can support the pieces in this journey.

    Application Portfolio Management Foundations

    Ensure your application portfolio delivers the best possible return on investment.

    Streamline Application Maintenance

    Effective maintenance ensures the long-term value of your applications.

    Streamline Application Management

    Move beyond maintenance to ensuring exceptional value from your apps.

    Build an Application Department Strategy

    Delivering value starts with embracing what your department can do.

    Embrace Business-Managed Applications

    Empower the business to implement its own applications with a trusted business-IT relationship.

    Optimize Applications Release Management

    Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Related Info-Tech Research

    Value, delivery metrics, estimation

    Build a Value Measurement Framework

    Focus product delivery on business value-driven outcomes.

    Select and Use SDLC Metrics Effectively

    Be careful what you ask for, because you will probably get it.

    Application Portfolio Assessment: End User Feedback

    Develop data-driven insights to help you decide which applications to retire, upgrade, re-train on, or maintain to meet the demands of the business.

    Create a Holistic IT Dashboard

    Mature your IT department by measuring what matters.

    Refine Your Estimation Practices With Top-Down Allocations

    Don’t let bad estimates ruin good work.

    Estimate Software Delivery With Confidence

    Commit to achievable software releases by grounding realistic expectations.

    Reduce Time to Consensus With an Accelerated Business Case

    Expand on the financial model to give your initiative momentum.

    Optimize Project Intake, Approval, and Prioritization

    Deliver more projects by giving yourself the voice to say “no” or “not yet” to new projects.

    Enhance PPM Dashboards and Reports

    Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Related Info-Tech Research

    Organizational design and performance

    Redesign Your IT Organizational Structure

    Focus product delivery on business value-driven outcomes.

    Build a Strategic Workforce Plan

    Have the right people in the right place, at the right time.

    Implement a New Organizational Structure

    Reorganizations are inherently disruptive. Implement your new structure with minimal pain for staff while maintaining IT performance throughout the change.

    Build an IT Employee Engagement Program

    Don’t just measure engagement, act on it.

    Set Meaningful Employee Performance Measures

    Set holistic measures to inspire employee performance.

    Phase 1

    Establish the Foundation for Product Ownership

    Phase 1: Establish an environment for product owner success, Establish your product ownership model

    Mature and Scale Product Ownership

    This phase will walk you through the following activities:

    1.1.1 Define enablers and blockers of product management

    1.1.2 Define your product management roles and names

    1.1.3 Assess your product management readiness

    1.2.1 Identify your primary product owner perspective

    1.2.2 Define your product owner RACI

    This phase involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Delivery managers
    • Business analysts

    Step 1.1

    Establish an environment for product owner success

    Activities

    1.1.1 Define enablers and blockers of product management

    1.1.2 Define your product management roles and names

    1.1.3 Assess your product management readiness

    Establish the foundation for product ownership

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Delivery managers
    • Business analysts

    Outcomes of this step

    • Enablers and blockers
    • Role definitions

    Empower product owners as the true owners of their product

    Product ownership requires decision-making authority and accountability for the value realization from those decisions. POs are more than a proxy for stakeholders, aggregators for changes, and the communication of someone else’s priorities.

    “A Product Owner in its most beneficial form acts like an Entrepreneur, like a 'mini-CEO'. The Product Owner is someone who really 'owns' the product.”

    – Robbin Schuurman,
    “Tips for Starting Technical Product Managers”

    Info-Tech Best Practice

    Implement Info-Tech’s Product Owner Capability Model to help empower and hold product owners accountable for the maturity and success of their product. The product owner must understand how their product fits into the organization’s mission and strategy in order to align to enterprise value.

    Product and service owners share the same foundation and capabilities

    For the purpose of this blueprint, product/service and product owner/service owner are used interchangeably. The term “product” is used for consistency but applies to services, as well.

    Product = Service

    Common foundations: Focus on continuous improvement, ROI, and value realization. Clear vision, goals, roadmap, and backlog.

    “Product” and “service” are terms that each organization needs to define to fit its culture and customers (internal and external). The most important aspect is consistent use and understanding of:

    • External products
    • Internal products
    • External services
    • Internal services
    • Products as a service (PaaS)
    • Productizing services (SaaS)

    Define product ownership to match your culture and customers

    Characteristics of a discrete product:

    • Has end users or consumers
    • Delivers quantifiable value
    • Evolves or changes over time
    • Has predictable delivery
    • Has definable boundaries
    • Has a cost to produce and operate
    • Has a discrete backlog and roadmap of improvements

    What does not need a product owner?

    • Individual features
    • Transactions
    • Unstructured data
    • One-time solutions
    • Non-repeatable processes
    • Solutions that have no users or consumers
    • People or teams

    Info-Tech Insight

    • Products are long-term endeavors that don’t end after the project finishes.
    • Products mature and improve their ability to deliver value.
    • Products have a discrete backlog of changes to improve the product itself, separate from operational requests fulfilled by the product or service.

    Need help defining your products or services? Download our blueprint Deliver Digital Products at Scale.

    Connect roadmaps to value realization with KPIs

    Every roadmap item should have an expected realized value once it is implemented. The associate KPIs or OKRs determine if our goal was met. Any gap in value feedback back into the roadmap and backlog refinement.</p data-verified=

    " loading="lazy">

    Info-Tech Insight

    Every roadmap item should have an expected realized value once it is implemented. The associate KPIs or OKRs determine if our goal was met. Any gap in value feedback back into the roadmap and backlog refinement.

    Identify the differences between a project-centric and a product-centric organization

    Differences between Project centric and Product centric organizations in regards to: Funding, Prioritization, Accountability, Product management, Work allocation, and Capacity management.

    Info-Tech Insight

    Product delivery requires significant shifts in the way you complete development work and deliver value to your users. Make the changes that support improving end-user value and enterprise alignment.

    Projects can be a mechanism for funding product changes and improvements

    Projects lifecycle, hybrid lifecycle and product lifecycle. Period or periods of project development have parallel services that encompass a more product-based view.

    Projects withing products

    Regardless of whether you recognize yourself as a product-based or project-based shop, the same basic principles should apply.

    You go through a period or periods of project-like development to build a version of an application or product.

    You also have parallel services along with your project development, which encompasses a more product-based view. These may range from basic support and maintenance to full-fledged strategy teams or services like sales and marketing.

    Recognize common barriers to product management

    The transition to product ownership is a series of behavioral and cultural changes supported by processes and governance. It takes time and consistency to be successful.

    • Command and control structures
    • Lack of ownership and accountability
    • High instability in the market, demand, or organization
    • Lack of dedicated teams align to delivery, service, or product areas
    • Culture of one-off projects
    • Lack of identified and engaged stakeholders
    • Lack of customer exposure and knowledge

    Agile’s four core values

    “…while there is value in the items on the right, we value the items on the left more.”

    Source: “The Agile Manifesto”

    We value...

    We value being agile: Individuals and interactions, Working Software, Customer collaboration, Responding to change. Versus being prescriptive: Processes and tools, Comprehensive documentation, Contract negotiation, following a plan.

    Exercise 1.1.1 Define enablers and blockers of product management

    1 hour
    1. Identify and mitigate blockers of product management in your organization.
    2. What enablers will support strong product owners?
    3. What blockers will make the transition to product management harder?
    4. For each blocker, also define at least one mitigating step.
    Define enablers e.g. team culture. Define blockers and at least one mitigating step

    Output

    • Enablers and blockers

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Capture in the Mature and Scale Product Ownership Playbook.

    Align enterprise value through product families

    Product families are operational groups based on capabilities or business functions. Product family managers translate goals, priorities, and constraints so they are actionable at the next level. Product owners prioritize changes to enhance the capabilities that allow you to realize your product family. Enabling capabilities realize value and help reach your goals.

    Effective product delivery requires thinking about more than just a single product

    Good application and product management begins with strengthening good practices for a single or small set of applications, products, and services.

    Product portfolio

    Groups of product families within an overall value stream or capability grouping.

    Project portfolio manager

    Product family

    A collection of related products. Products can be grouped along architectural, functional, operational, or experiential patterns.

    Product family manager

    Product

    Single product composed of one or more applications and services.

    Product owner

    Info-Tech Insight

    Define the current roles that will perform the product management function or define consistent role names to product owners and managers.

    Exercise 1.1.2 Define your product management roles and names

    1-2 hour
    1. Identify the roles in which product management activities will be owned.
    2. Define a common set of role names and describe the role.
    3. Map the level of accountability for each role: Product or Product Family
    4. Product owner perspectives will be defined in the next step.

    Define roles, description and level of product accountability.

    Output

    • Role definitions

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Capture in the Mature and Scale Product Ownership Playbook.

    Use CLAIM to guide your journey

    Culture, Learning, Automation, Integrated teams, Metrics and governance.

    Value is best created by self-managing teams who deliver in frequent, short increments supported by leaders who coach them through challenges.

    Product-centric delivery and Agile are a radical change in how people work and think. Structured, facilitated learning is required throughout the transformation to help leaders and practitioners make the shift.

    Product management, Agile, and DevOps have inspired SDLC tools that have become a key part of delivery practices and work management.

    Self-organizing teams that cross business, delivery, and operations are essential to gain the full benefits of product-centric delivery.

    Successful implementations require the disciplined use of metrics that support developing better teams

    Exercise 1.1.3 Assess your product management readiness

    1 hour
    1. Open and complete the Mature and Scale Product Ownership Readiness Assessment in your Playbook or the provided Excel tool.
    2. Discuss high and low scores for each area to reach a consensus.
    3. Record your results in your Playbook.

    Assess your culture, learning, automation, Integrated teams, metrics and governance.

    Output

    • Assessment of product management readiness based on Info-Tech’s CLAIM+G model.

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Capture in the Mature and Scale Product Ownership Readiness Assessment.

    Communicate reasons for changes and how they will be implemented

    Five elements of communicating change: What is the change? Why are we doing it? How are we going to go about it? How long will it take us to do it? What will the role be for each department individual?

    Leaders of successful change spend considerable time developing a powerful change message; that is, a compelling narrative that articulates the desired end state, and that makes the change concrete and meaningful to staff.

    The organizational change message should:

    Step 1.2

    Establish your product ownership model

    Activities

    1.2.1 Identify your primary product owner perspective

    1.2.2 Define your product owner RACI

    Establish the foundation for product ownership

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Delivery managers
    • Business analysts

    Outcomes of this step

    • Product owner perspective mapping
    • Product owner RACI

    Recognize the product owner perspectives

    The 3 product owner perspectives. 1. Business: Customer-facing, value-generating. 2. Technical: IT systems and tools. 3. Operations: Keep-the-lights-on processes.

    Product owners represent one of three primary perspectives. Although all share the same capabilities, how they approach their responsibilities is influenced by their primary perspective.

    Info-Tech Best Practice

    Product owners must translate needs and constraints from their perspective into the language of their audience. Kathy Borneman, Digital Product Owner at SunTrust Bank, noted the challenges of finding a common language between lines of business and IT (e.g. what is a unit?).

    Identify and align to product owner perspectives to ensure product success

    Product owner perspectives

    The 3 product owner perspectives. 1. Business: Customer-facing, value-generating. 2. Technical: IT systems and tools. 3. Operations: Keep-the-lights-on processes.
    1. Each product owner perspective provides important feedback, demand, and support for the product.
    2. Where a perspective is represented by a distinct role, the perspective is managed with that product owner.
    3. If separate roles don’t exist, the product owner must evaluate their work using two or three perspectives.
    4. The ultimate success of a product, and therefore product owner, is meeting the end-user value of the business product owner, tool support of the technical product owner, and manual processing support of the operations product owner.

    Line of business (LOB) product owners

    LOB product owners focus on the products and services consumed by the organization’s external consumers and users. The role centers on the market needs, competitive landscape, and operational support to deliver products and services.

    Business perspective

    • Alignment to enterprise strategy and priorities
    • Growth: market penetration and/or revenue
    • Perception of product value
    • Quality, stability, and predictability
    • Improvement and innovation
    • P&L
    • Market threats and opportunities
    • Speed to market
    • Service alignment
    • Meet or exceed individual goals

    Relationship to Operations

    • Customer satisfaction
    • Speed of delivery and manual processing
    • Continuity

    Relationship to Technical

    • Enabler
    • Analysis and insight
    • Lower operating and support costs

    Technical product owners

    Technical product owners are responsible for the IT systems, tools, platforms, and services that support business operations. Often they are identified as application or platform managers.

    Technical perspective

    • Application, application suite, or group of applications
    • Core platforms and tools
    • Infrastructure and networking
    • Third-party technology services
    • Enable business operations
    • Direct-to-customer product or service
    • Highly interconnected
    • Need for continuous improvement
    • End-of-life management
    • Internal value proposition and users

    Relationship to Business

    • Direct consumers
    • End users
    • Source of funding

    Relationship to Operations

    • End users
    • Process enablement or automation
    • Support, continuity, and manual intervention

    Operations (service) product owners

    Operational product owners focus on the people, processes, and tools needed for manual processing and decisions when automation is not cost-effective. Operational product owners are typically called service owners due to the nature of their work.

    Operational perspective

    • Business enablement
    • Continuity
    • Problem, incident, issue resolution
    • Process efficiency
    • Throughput
    • Error/defect avoidance
    • Decision enablement
    • Waste reduction
    • Limit time in process
    • Disaster recovery

    Relationship to Business

    • Revenue enablement
    • Manual intervention and processing
    • End-user satisfaction

    Relationship to Technical

    • Process enabler
    • Performance enhancement
    • Threat of automation

    Exercise 1.2.1 Identify your primary product owner perspective

    1 hour
    1. Identify which product owner perspective represents your primary focus.
    2. Determine where the other perspectives need to be part of your product roadmap or if they are managed by other product owners.

    Identify product/service name, identify product owner perspective, determine if other perspectives need to be part of roadmap.

    Output

    • Identification of primary product owner perspective.

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Capture in the Mature and Scale Product Ownership Playbook.

    Realign differences between project managers and product owners

    Differences between Project Manager and Product Owners in regards to: Funding, Prioritization, Accountability, Product management, Work allocation, and Capacity management.

    Manage and communicate key milestones

    Successful product owners understand and define the key milestones in their product delivery lifecycles. These need to be managed along with the product backlog and roadmap.

    Define key milestones and their product delivery life-cycles.

    Info-Tech Best Practice

    Product ownership isn’t just about managing the product backlog and development cycles. Teams need to manage key milestones such as learning milestones, test releases, product releases, phase gates, and other organizational checkpoints.

    Define who manages each key milestone

    Key milestones must be proactively managed. If a project manager is not available, those responsibilities need to be managed by the product owner or Scrum Master. Start with responsibility mapping to decide which role will be responsible.

    Example milestones and Project Manager, Product Owner and Team Facilitator.

    *Scrum Master, Delivery Manager, Team Lead

    Exercise 1.2.2 Define your product owner RACI

    60 minutes
    1. Review your product and project delivery methodologies to identify key milestones (including approvals, gates, reviews, compliance checks, etc.). List each milestone on a flip chart or whiteboard.
    2. For each milestone, define who is accountable for the completion.
    3. For each milestone, define who is responsible for executing the milestone activity. (Who does the work that allows the milestone to be completed?)
    4. Review any responsibility and accountability gaps and identify opportunities to better support and execute your operating model.
    5. If you previously completed Deliver Digital Products at Scale , review and update your RACI in the Mature and Scale Product Ownership Workbook .

    Define: Milestones, Project Manager, Product/service owner, Team Facilitator, and Other roles.

    Output

    • Product owner RACI

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Capture in the Mature and Scale Product Ownership Playbook.

    Phase 2

    Align Product Owners to Products

    Phase 2: Assign product owners to products, Manage stakeholder influence

    Mature and Scale Product Ownership

    This phase will walk you through the following activities:

    2.1.1 Assign resources to your products and families

    2.2.1 Visualize relationships to identify key influencers

    2.2.2 Group stakeholders into categories

    2.2.3 Prioritize your stakeholders

    This phase involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Delivery managers
    • Business analysts

    Step 2.1

    Assign product owners to products

    Activities

    2.1.1 Assign resources to your products and families

    Align product owners to products

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Delivery managers
    • Business analysts

    Outcomes of this step

    • Product resource assignment

    Match your product management role definitions to your product family levels

    Using the role definitions, you created in Exercise 1.1.2, determine which roles correspond to which levels of your product families.

    Product portfolio

    Groups of product families within an overall value stream or capability grouping.

    Project portfolio manager

    Product family

    A collection of related products. Products can be grouped along architectural, functional, operational, or experiential patterns.

    Product family manager

    Product

    Single product composed of one or more applications and services.

    Product owner

    Info-Tech Insight

    Define the current roles that will perform the product management function or define consistent role names to product owners and managers.

    Assign resources throughout your product families

    Project families are owned by a product manager. Product owners own each product that has a distinct backlog.

    Info-Tech Insight

    • Start by assigning resources to each product or product family box.
    • A product owner can be responsible for more than one product.
    • Ownership of more than one product does not mean they share the same backlog.
    • For help organizing your product families, please download Deliver Digital Products at Scale.

    Understand special circumstances

    In Deliver Digital Products at Scale , products were grouped into families using Info-Tech’s five scaling patterns. Assigning owners to Enterprise Applications and Shared Services requires special consideration.

    Value stream alignment

    • Business architecture
      • Value stream
      • Capability
      • Function
    • Market/customer segment
    • Line of business (LoB)
    • Example: Customer group > value stream > products

    Enterprise applications

    • Enabling capabilities
    • Enterprise platforms
    • Supporting apps
    • Example: HR > Workday/Peoplesoft > Modules Supporting: Job board, healthcare administrator

    Shared Services

    • Organization of related services into service family
    • Direct hierarchy does not necessarily exist within the family
    • Examples: End-user support and ticketing, workflow and collaboration tools

    Technical

    • Domain grouping of IT infrastructure, platforms, apps, skills, or languages
    • Often used in combination with Shared Services grouping or LoB-specific apps
    • Examples: Java, .NET, low-code, database, network

    Organizational alignment

    • Used at higher levels of the organization where products are aligned under divisions
    • Separation of product managers from organizational structure is no longer needed because the management team owns the product management role

    Map the source of demand to each product

    With enterprise applications and shared services, your demand comes from other product and service owners rather than end customers in a value stream.

    Enterprise applications

    • Primary demand comes from the operational teams and service groups using the platform.
    • Each group typically has processes and tools aligned to a module or portion of the overall platform.
    • Product owners determine end-user needs to assist with process improvement and automation.
    • Product family managers help align roadmap goals and capabilities across the modules and tools to ensure consistency and the alignment of changes.

    Shared services

    • Primary demand for shared services comes from other product owners and service managers whose solution or application is dependent on the shared service platform.
    • Families are grouped by related themes (e.g. workflow tools) to increase reusability, standard enterprise solutions, reduced redundancy, and consistent processes across multiple teams.
    • Product owners manage the individual applications or services within a family.

    Pattern: Enterprise applications

    A division or group delivers enabling capabilities and the team’s operational alignment maps directly to the modules/components of an enterprise application and other applications that support the specific business function.

    Workforce Management, Strategic HR, Talent Management, Core HR

    Example:

    • Human resources is one corporate function. Within HR, however, there are subfunctions that operate independently.
    • Each operational team is supported by one or more applications or modules within a primary HR system.
    • Even though the teams work independently, the information they manage is shared with, or ties into processes used by other teams. Coordination of efforts helps provide a higher level of service and consistency.

    For additional information about HRMS, please download Get the Most Out of Your HRMS.

    Assigning owners to enterprise applications

    Align your enterprise application owners to your operating teams that use the enterprise applications. Effectively, your service managers will align with your platform module owners to provide integrated awareness and planning.

    Family manager (top-level), Family managers (second-level) and Product owners.

    Pattern: Shared services

    Grouping by service type, knowledge area, or technology allows for specialization while families align service delivery to shared business capabilities.

    Grouping by service type, knowledge area, or technology allows for specialization while families align service delivery to shared business capabilities.

    Example:

    • Recommended for governance, risk, and compliance; infrastructure; security; end-user support; and shared platforms (workflow, collaboration, imaging/record retention). Direct hierarchies do not necessarily exist within the shared service family.
    • Service groupings are common for service owners (also known as support managers, operations managers, etc.).
    • End-user ticketing comes through a common request system, is routed to the team responsible for triage, and then is routed to a team for resolution.
    • Collaboration tools and workflow tools are enablers of other applications, and product families might support multiple apps or platforms delivering that shared capability.

    Assigning owners to shared services

    Assign owners by service type, knowledge area, or technology to provide alignment of shared business capabilities and common solutions.

    Family manager (top-level), Family managers (second-level) and Product owners.

    Map sources of demand and influencers

    Use the stakeholder analysis to define the key stakeholders and sources of demand for enterprise applications and shared services. Extend your mapping to include their stakeholders and influencers to uncover additional sources of demand and prioritization.

    Map of key stakeholders for enterprise applications and shared services.

    Info-Tech Insight

    Your product owner map defines the influence landscape your product operates. It is every bit as important as the teams who enhance, support, and operate your product directly.

    Combine your product owner map with your stakeholder map to create a comprehensive view of influencers.

    Exercise 2.1.1 Assign resources to your products and families

    1-4 hours
    1. Use the product families you completed in Deliver Digital Products at Scale to determine which products and product families need a resource assigned. Where the same resource fills more than one role, they are the product owner or manager for each independently.
    2. Product families that are being managed as products (one backlog for multiple products) should have one owner until the family is split into separate products later.
    3. For each product and family, define the following:
      • Who is the owner (role or person)?
      • Is ownership clearly defined?
      • Are there other stakeholders who make decisions for the product?
    4. Record the results in the Mature and Scale Product Ownership Workbook on the Product Owner Mapping worksheet.

    Output

    • Product owner and manager resource alignment.

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Capture in the Mature and Scale Product Ownership Playbook.

    Step 2.2

    Manage stakeholder influence

    Activities

    2.2.1 Visualize relationships to identify key influencers

    2.2.2 Group stakeholders into categories

    2.2.3 Prioritize your stakeholders

    Align product owners to products

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Delivery managers
    • Business analysts

    Outcomes of this step

    • Stakeholder management strategy

    Develop a product owner stakeholder strategy

    Stakeholder management, Product lifecycle, Project delivery, Operational support.

    Stakeholders are a critical cornerstone to product ownership. They provide the context, alignment, and constraints that influence or control what a product owner can accomplish.

    Product owners operate within a network of stakeholders who represent different perspectives within the organization.

    First, product owners must identify members of their stakeholder network. Next, they should devise a strategy for managing stakeholders.

    Without a stakeholder strategy, product owners will encounter obstacles, resistance, or unexpected changes.

    Create a stakeholder network map to product roadmaps and prioritization

    Follow the trail of breadcrumbs from your direct stakeholders to their influencers to uncover hidden stakeholders.

    Create a stakeholder network map to product roadmaps and prioritization. Use connectors to determine who may be influencing your direct stakeholders.

    Info-Tech Insight

    Your stakeholder map defines the influence landscape your product operates. It is every bit as important as the teams who enhance, support, and operate your product directly.

    Use connectors to determine who may be influencing your direct stakeholders. They may not have any formal authority within the organization, but they may have informal yet substantive relationships with your stakeholders.

    Exercise 2.2.1 Visualize relationships to identify key influencers

    1 hour
    1. List direct stakeholders for your product.
    2. Determine the stakeholders of your stakeholders and consider adding each of them to the stakeholder list.
    3. Assess who has either formal or informal influence over your stakeholders; add these influencers to your stakeholder list.
    4. Construct a diagram linking stakeholders and their influencers together.
      • Use black arrows to indicate the direction of professional influence.
      • Use dashed green arrows to indicate informal bidirectional influence relationships.
    5. Record the results in the Mature and Scale Product Ownership Workbook .

    Output

    • Relationships among stakeholders and influencers

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Capture in the Mature and Scale Product Ownership Playbook.

    Categorize your stakeholders with a prioritization map

    A stakeholder prioritization map helps product owners categorize their stakeholders by their level of influence and ownership in the product and/or teams.

    Influence versus Ownership/Interest

    There are four areas on the map, and the stakeholders within each area should be treated differently.

    • Players have a high interest in the initiative and the influence to effect change over the initiative. Their support is critical, and a lack of support can cause significant impediments to the objectives.
    • Mediators have a low interest but significant influence over the initiative. They can help to provide balance and objective opinions to issues that arise.
    • Noisemakers have low influence but high interest. They tend to be very vocal and engaged, either positively or negatively but have little ability to enact their wishes.
    • Spectators are generally apathetic and have little influence over or interest in the initiative.

    Exercise 2.2.2 Group stakeholders into categories

    1 hour
    1. Identify your stakeholders’ interest in and influence on your Agile implementation as high, medium, or low by rating the attributes below.
    2. Map your results to the model below to determine each stakeholder’s category.
    3. Record the results in the Mature and Scale Product Ownership Workbook .

    Influence versus Ownership/Interest with CMO, CIO and Product Manager in assigned areas.

    Output

    • Categorization of stakeholders and influencers

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Capture in the Mature and Scale Product Ownership Playbook.

    Prioritize your stakeholders

    There may be too many stakeholders to be able to manage them all. Focus your attention on the stakeholders that matter most.

    Stakeholder category versus level of support.

    Consider the three dimensions of stakeholder prioritization: influence, interest, and support. Support can be determined by rating the following question: How likely is it that your stakeholder would recommend your product? These parameters are used to prioritize which stakeholders are most important and should receive your focused attention. The table to the right indicates how stakeholders are ranked.

    Exercise 2.2.3 Prioritize your stakeholders

    1 hour
    1. Identify the level of support of each stakeholder by answering the following question: How likely is it that your stakeholder would endorse your product?
    2. Prioritize your stakeholders using the prioritization scheme on the previous slide.
    3. Record the results in the Mature and Scale Product Ownership Workbook .

    Stakeholder, Category, level of support, prioritization.

    Output

    • Stakeholder and influencer prioritization

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Capture in the Mature and Scale Product Ownership Playbook.

    Define strategies for engaging stakeholders by type

    Authority Vs. Ownership/Interest.

    Type

    Quadrant

    Actions

    Players

    High influence, high interest – actively engage Keep them updated on the progress of the project. Continuously involve players in the process and maintain their engagement and interest by demonstrating their value to its success.

    Mediators

    High influence, low interest – keep satisfied They can be the game changers in groups of stakeholders. Turn them into supporters by gaining their confidence and trust and including them in important decision-making steps. In turn, they can help you influence other stakeholders.

    Noisemakers

    Low influence, high interest – keep informed Try to increase their influence (or decrease it if they are detractors) by providing them with key information, supporting them in meetings, and using mediators to help them.

    Spectators

    Low influence, low interest – monitor They are followers. Keep them in the loop by providing clarity on objectives and status updates.

    Info-Tech Insight

    Each group of stakeholders draws attention and resources away from critical tasks. By properly identifying your stakeholder groups, the product owner can develop corresponding actions to manage stakeholders in each group. This can dramatically reduce wasted effort trying to satisfy spectators and noisemakers while ensuring the needs of mediators and players are met.

    Phase 3

    Mature Product Owner Capabilities

    Phase 3: Assess your Agile product owner readiness, Mature product owner capabilities.

    Mature and Scale Product Ownership

    This phase will walk you through the following activities:

    3.1.1 Assess your real Agile skill proficiency

    3.2.1 Assess your vision capability proficiency

    3.2.2 Assess your leadership capability proficiency

    3.2.3 Assess your PLM capability proficiency

    3.2.4 Identify your business value drivers and sources of value

    3.2.5 Assess your value realization capability proficiency

    This phase involves the following participants:

    • Product owners
    • Product managers

    Step 3.1

    Assess your Agile product owner readiness

    Activities

    3.1.1 Assess your real Agile skill proficiency

    Mature product owner capabilities

    This step involves the following participants:

    • Product owners
    • Product managers

    Outcomes of this step

    • Real Agile skill proficiency assessment

    Why focus on core skills?

    They are the foundation to achieve business outcomes

    Skills, actions, output and outcomes

    The right skills development is only possible with proper assessment and alignment against outcomes.

    Being successful at Agile is more than about just doing Agile

    The following represents the hard skills needed to “Do Agile”:

    Being successful at Agile needs 4 hard skills: 1. Engineering skills, 2. Technician Skills, 3. Framework/Process skills, 4. Tools skills.

    • Engineering skills. These are the skills and competencies required for building brand-new valuable software.
    • Technician skills. These are the skills and competencies required for maintaining and operating the software delivered to stakeholders.
    • Framework/Process skills. These are the specific knowledge skills required to support engineering or technician skills.
    • Tools skills. This represents the software that helps you deliver other software.

    While these are important, they are not the whole story. To effectively deliver software, we believe in the importance of being Agile over simply doing Agile.

    Adapted from: “Doing Agile” Is Only Part of the Software Delivery Pie

    Focus on these real Agile skills

    Agile skills

    • Accountability
    • Collaboration
    • Comfort with ambiguity
    • Communication
    • Empathy
    • Facilitation
    • Functional decomposition
    • Initiative
    • Process discipline
    • Resilience

    Info-Tech research shows these are the real Agile skills to get started with

    Skill Name

    Description

    Accountability

    Refers to the state of being accountable. In an Agile context, it implies transparency, dedication, acting responsibly, and doing what is necessary to get the job done.

    Collaboration

    Values diverse perspectives and working with others to achieve the best output possible. Effective at working toward individual, team, department, and organizational goals.

    Comfort with ambiguity

    Allows you to confidently take the next steps when presented with a problem without having all the necessary information present.

    Communication

    Uses different techniques to share information, concerns, or emotions when a situation arises, and it allows you to vary your approach depending on the current phase of development.

    Empathy

    Is the ability to understand and share the feelings of another to better serve your team and your stakeholders.

    Facilitation

    Refers to guiding and directing people through a set of conversations and events to learn and achieve a shared understanding.

    Functional decomposition

    Is being able to break down requirements into constituent epics and stories.

    Initiative

    Is being able to anticipate challenges and then act on opportunities that lead to better business outcomes.

    Process discipline

    Refers to the focus of following the right steps for a given activity at the right time to achieve the right outcomes.

    Resilience

    Refers to the behaviors, thoughts, and actions that allow a person to recover from stress and adversity.

    Accountability

    An accountable person:

    • Takes ownership of their own decisions and actions and is responsible for the quality of results.
    • Recognizes personal accountabilities to others, including customers.
    • Works well autonomously.
    • Ensures that the mutual expectations between themselves and others are clearly defined.
    • Takes the appropriate actions to ensure that obligations are met in a timely manner.
    • As a leader, takes responsibility for those being led.

    Accountability drives high performance in teams and organizations

    • The performance level of teams depends heavily on accountability and who demonstrates it:
      • In weak teams, there is no accountability.
      • In mediocre teams, supervisors demonstrate accountability.
      • In high-performance teams, peers manage most performance problems through joint accountability. (Grenny, 2014)
    • According to Bain & Company, accountability is the third most important attribute of high-performing companies. Some of the other key attributes include honest, performance-focused, collaborative, and innovative. (Mankins, 2013)

    All components of the employee empowerment driver have a strong, positive correlation with engagement.

    Employee empowerment and Correlation with engagement.

    Source: McLean & Company Engagement Database, 2018; N=71,794

    Accountability

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Alerts others to possible problems in a timely manner.
    • Seeks appropriate support to solve problems.
    • Actively contributes to the creation and evaluation of possible solutions.
    • Acts on solutions selected and decisions made as directed.
    • Makes effective decisions about how to complete work tasks.
    • Demonstrates the capability of breaking down concrete issues into parts and synthesizing information succinctly.
    • Collects and analyzes information from a variety of sources.
    • Seeks information and input to fully understand the cause of problems.
    • Takes action to address obstacles and problems before they impact performance and results.
    • Initiates the evaluation of possible solutions to problems.
    • Makes effective decisions about work task prioritization.
    • Appropriately assesses risks before deciding.
    • Effectively navigates through ambiguity, using multiple data points to analyze issues and identify trends.
    • Does not jump to conclusions.
    • Draws logical conclusions and provides opinions and recommendations with confidence.
    • Takes ownership over decisions and their consequences.
    • Demonstrates broad knowledge of information sources that can be used to assess problems and make decisions.
    • Invests time in planning, discovery, and reflection to drive better decisions.
    • Effectively leverages hard data as inputs to making decisions.
    • Garners insight from abstract data and makes appropriate decisions.
    • Coaches others in effective decision-making practices.
    • Has the authority to solve problems and make decisions.
    • Thinks several steps ahead in deciding the best course of action, anticipating likely outcomes, risks, or implications.
    • Establishes metrics to aid in decision-making, for self and teams
    • Prioritizes objective and ambiguous information and analyzes this when making decisions.
    • Solicits a diverse range of opinions and perspectives as inputs to decision making.
    • Applies frameworks to decision making, particularly in situations that have little base in prior experience.
    • Makes effective decisions about organizational priorities.
    • Holds others accountable for their decisions and consequences.
    • Creates a culture of empowerment and trust to facilitate effective problem solving and decision making.
    • Makes sound decisions that have organization-wide consequences and that influence future direction.

    Collaboration as a skill

    The principles and values of Agile revolve around collaboration.

    • Works well with others on specialized and cross-functional teams.
    • Can self-organize while part of a team.
    • Respects the commitments that others make.
    • Identifies and articulates dependencies.
    • Values diverse perspectives and works with others to achieve the best output possible.
    • Effective at working toward individual, team, department, and organizational goals.
    The principles and values of Agile revolve around collaboration. Doing what was done before (being prescriptive), going though the motions (doing Agile), living the principles (being Agile)

    Collaboration

    The Agile Manifesto has three principles that focus on collaboration:

    1. The business and developers must work together daily throughout the project.
    2. Build projects around motivated individuals. Give them the environment and support they need and trust them to get the job done.
    3. The most efficient and effective method of conveying information to and within a development team is face-to-face conversation.

    Effective collaboration supports Agile behaviors, including embracing change and the ability to work iteratively.

    Collaboration

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Understands role on the team and the associated responsibilities and accountabilities.
    • Treats team members with respect.
    • Contributes to team decisions and to the achievement of team goals and objectives.
    • Demonstrates a positive attitude.
    • Works cross-functionally to achieve common goals and to support the achievement of other team/department goals.
    • Values working in a diverse team and understands the importance of differing perspectives to develop unique solutions or ideas.
    • Fosters team camaraderie, collaboration, and cohesion.
    • Understands the impact of one's actions on the ability of team members to do their jobs.
    • Respects the differences other team members bring to the table by openly seeking others' opinions.
    • Helps the team accomplish goals and objectives by breaking down shared goals into smaller tasks.
    • Approaches challenging team situations with optimism and an open mind, focusing on coming to a respectful conclusion.
    • Makes suggestions to improve team engagement and effectiveness.
    • Supports implementation of team decisions.
    • Professionally gives and seeks feedback to achieve common goals.
    • Values working in a diverse team and understands the importance of differing perspectives to develop unique solutions or ideas.
    • Motivates the team toward achieving goals and exceeding expectations.
    • Reaches out to other teams and departments to build collaborative, cross-functional relationships.
    • Creates a culture of collaboration that leverages team members' strengths, even when the team is remote or virtual.
    • Participates and encourages others to participate in initiatives that improve team engagement and effectiveness.
    • Builds consensus to make and implement team decisions, often navigating through challenging task or interpersonal obstacles.
    • Values leading a diverse team and understands the importance of differing perspectives to develop unique solutions or ideas.
    • Creates a culture of collaboration among teams, departments, external business partners, and all employee levels.
    • Breaks down silos to achieve inter-departmental collaboration.
    • Demonstrates ownership and accountability for team/department/ organizational outcomes.
    • Uses an inclusive and consultative approach in setting team goals and objectives and making team decisions.
    • Coaches others on how to identify and proactively mitigate potential points of team conflict.
    • Recognizes and rewards teamwork throughout the organization.
    • Provides the tools and resources necessary for teams to succeed.
    • Values diverse teams and understands the importance of differing perspectives to develop unique solutions or ideas.

    Comfort with ambiguity

    Ability to handle ambiguity is a key factor in Agile success.

    • Implies the ability to maintain a level of effectiveness when all information is not present.
    • Able to confidently act when presented with a problem without all information present.
    • Risk and uncertainty can comfortably be handled.
    • As a result, can easily adapt and embrace change.
    • People comfortable with ambiguity demonstrate effective problem-solving skills.

    Relative importance of traits found in Agile teams

    1. Handles ambiguity
    2. Agreeable
    3. Conscientious

    Comfort with ambiguity

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Requires most information to be present before carrying out required activities.
    • Can operate with some information missing.
    • Comfortable asking people within their known circles for help.
    • Significant time is taken to reveal small pieces of information.
    • More adept at operating with information missing.
    • Willing to reach out to people outside of their regular circles for assistance and clarification.
    • Able to apply primary and secondary research methods to fill in the missing pieces.
    • Can operate essentially with a statement and a blank page.
    • Able to build a plan, drive others and themselves to obtain the right information to solve the problem.
    • Able to optimize only pulling what is necessary to answer the desired question and achieve the desired outcome.

    Communication

    Even though many organizations recognize its importance, communication is one of the root causes of project failure.

    Project success vs Communication effectiveness. Effective communications is associated with a 17% increase in finishing projects within budget.

    56%

    56% of the resources spent on a project are at risk due to ineffective communications.

    PMI, 2013.

    29%

    In 29% of projects started in the past 12 months, poor communication was identified as being one of the primary causes of failure.

    PMI, 2013.

    Why are communication skills important to the Agile team?

    It’s not about the volume, it’s about the method.

    • Effectively and appropriately interacts with others to build relationships and share ideas and information.
    • Uses tact and diplomacy to navigate difficult situations.
    • Relays key messages by creating a compelling story, targeted toward specific audiences.

    Communication effectiveness, Activity and Effort required.

    Adapted From: Agile Modeling

    Communication

    Your Score:____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Actively listens, learns through observation, and uses clear and precise language.
    • Possesses an open and approachable demeanor, with a positive and constructive tone.
    • Demonstrates interest in the thoughts and feelings of others.
    • Considers potential responses of others before speaking or acting.
    • Checks own understanding of others’ communication by repeating or paraphrasing.
    • Demonstrates self-control in stressful situations.
    • Provides clear, concise information to others via verbal or written communication.
    • Seeks to understand others' points of view, looking at verbal and non-verbal cues to encourage open and honest discussions.
    • Invites and encourages others to participate in discussions.
    • Projects a sincere and genuine tone.
    • Remains calm when dealing with others who are upset or angry.
    • Provides and seeks support to improve communication.
    • Does not jump to conclusions or act on assumptions.
    • Tailors messages to meet the different needs of different audiences.
    • Accurately interprets responses of others to their words and actions.
    • Provides feedback effectively and with empathy.
    • Is a role model for others on how to effectively communicate.
    • Ensures effective communication takes place at the departmental level.
    • Engages stakeholders using appropriate communication methods to achieve desired outcomes.
    • Creates opportunities and forums for discussion and idea sharing.
    • Demonstrates understanding of the feelings, motivations, and perspectives of others, while adapting communications to anticipated reactions.
    • Shares insights about their own strengths, weaknesses, successes, ad failures to show empathy and help others relate.
    • Discusses contentious issues without getting defensive and maintains a professional tone.
    • Coaches others on how to communicate effectively and craft targeted messages.
    • Sets and exemplifies standards for respectful and effective communications in the organization.
    • Comfortably delivers strategic messages supporting their function and the organization at the enterprise level.
    • Communicates with senior-level executives on complex organizational issues.
    • Promotes inter-departmental communication and transparency.
    • Achieves buy-in and consensus from people who share widely different views.
    • Shares complex messages in clear, understandable language.
    • Accurately interprets how they are perceived by others.
    • Rallies employees to communicate ideas and build upon differing perspectives to drive innovation.

    Empathy

    Empathy is the ability to understand and share the feelings of another in order to better serve your team and your stakeholders. There are three kinds:

    Cognitive

    Thought, understanding, intellect

    • Knowing how someone else feels and what they might be thinking.
    • Contributes to more effective communication.

    Emotional

    Feelings, physical sensation

    • You physically feel the emotions of the other person.
    • Helps build emotional connections with others.

    Compassionate

    Intellect, emotion with action

    • Along with understanding, you take action to help.

    How is empathy an Agile skill?

    Empathy enables you to serve your team, your customers, and your organization

    Serving the team

    • Primary types: Emotional and compassionate empathy.
    • The team is accountable for delivery.
    • By being able to empathize with the person you are talking to, complex issues can be addressed.
    • A lack of empathy leads to a lack of collaboration and being able to go forward on a common path.

    Serving your customers and stakeholders

    • Primary type: Cognitive empathy.
    • Agile enables the delivery of the right value at the right time to your stakeholders
    • Translating your stakeholders' needs requires an understanding of who they are as people. This is done through observations, interviews and conversations.
    • Leveraging empathy maps and user-story writing is an effective tool.

    Empathy

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Knowing how someone else feels and what they might be thinking.
    • Ability to build emotional connections with others.
    • Able to harness emotional connections to achieve tangible and experiential outcomes.
    • Demonstrates an awareness of different feelings and ways of thinking by both internal and external stakeholders.
    • Limited ability to make social connections with others outside of the immediate team.
    • Able to connect with similarly minded people to improve customer/stakeholder satisfaction. (Insights into action)
    • Able to interact and understand others with vastly different views.
    • Lack of agreement does not stop individual. from asking questions, understanding, and pushing the conversation forward

    Facilitation

    It’s not just your manager’s problem.

    “Facilitation is the skill of moderating discussions within a group in order to enable all participants to effectively articulate their views on a topic under discussion, and to ensure that participants in the discussion are able to recognize and appreciate the differing points of view that are articulated.” (IIBA, 2015)

    • Drives action through influence, often without authority.
    • Leads and impacts others' thinking, decisions, or behavior through inclusive practices and relationship building.
    • Encourages others to self-organize and hold themselves accountable.
    • Identifies blockers and constructively removes barriers to progress.

    Facilitation

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Drives action through influence, often without authority.
    • Leads and impacts others' thinking, decisions, or behavior through inclusive practices and relationship building.
    • Encourages others to self-organize and hold themselves accountable.
    • Identifies blockers and constructively removes barriers to progress.
    • Maps and executes processes effectively.
    • Uses facts and concrete examples to demonstrate a point and gain support from others.
    • Openly listens to the perspectives of others.
    • Builds relationships through honest and consistent behavior.
    • Understands the impact of their own actions and how others will perceive it.
    • Identifies impediments to progress.
    • Anticipates the effect of one's approach on the emotions and sensitivities of others.
    • Practices active listening while demonstrating positivity and openness.
    • Customizes discussion and presentations to include "what’s in it for me" for the audience.
    • Presents compelling information to emphasize the value of an idea.
    • Involves others in refining ideas or making decisions in order to drive buy-in and action.
    • Knows how to appropriately use influence to achieve outcomes without formal authority.
    • Seeks ways and the help of others to address barriers or blockers to progress.
    • Leverages a planned approach to influencing others by identifying stakeholder interests, common goals, and potential barriers.
    • Builds upon successes to gain acceptance for new ideas.
    • Facilitates connections between members of their network for the benefit of the organization or others.
    • Demonstrates the ability to draw on trusting relationships to garner support for ideas and action.
    • Encourages a culture that allows space for influence to drive action.
    • Adept at appropriately leveraging influence to achieve business unit outcomes.
    • Actively manages the removal of barriers and blockers for teams.

    Functional decomposition

    It’s not just a process, it’s a skill.

    “Functional decomposition helps manage complexity and reduce uncertainty by breaking down processes, systems, functional areas, or deliverables into their simpler constituent parts and allowing each part to be analyzed independently."

    (IIBA, 2015)

    Being able to break down requirements into constituent consumable items (example: epics and user stories).

    Start: Strategic Initiatives. 1: Epics. 2: Capabilities. 3: Features. End: Stories.

    Use artifact mapping to improve functional decomposition

    In our research, we refer to these items as epics, capabilities, features, and user stories. How you develop your guiding principles and structure your backlog should be based on the terminology and artifact types commonly used in your organization.

    Agile, Waterfall, Relationship, Decomposition skill most in demand, definition.

    Functional Decomposition

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Able to decompose items with assistance from other team members.
    • Able to decompose items independently, ensuring alignment with business value.
    • Able to decompose items independently and actively seeks out collaboration opportunities with relevant SME's during and after the refinement process to ensure completion.
    • Able to decompose items at a variety of granularity levels.
    • Able to teach and lead others in their decomposition efforts.
    • Able to quickly operate at different levels of the requirements stack.

    Initiative and self-organization

    A team that takes initiative can self-organize to solve critical problems.

    • "The best architectures, requirements, and designs emerge from self-organizing teams." (Agile Manifesto)
    • In a nutshell, the initiative represents the ability to anticipate challenges and act on opportunities that lead to better business outcomes.
    • Anticipates challenges and acts on opportunities that lead to better business outcomes.
    • Thinks critically and is motivated to use both specialist expertise and general knowledge.
    • Driven by the delivery of business value and better business outcomes.
    • Empowers others to act and is empowered and self-motivated.

    Initiative and self-organization

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Demonstrates awareness of an opportunity or issue which is presently occurring or is within the immediate work area.
    • Reports an opportunity or issue to the appropriate person.
    • Acts instead of waiting to be asked.
    • Willingly takes on challenges, even if they fall outside their area of expertise.
    • Is proactive in identifying issues and making recommendations to resolve them.
    • Within the scope of the work environment, takes action to improve processes or results, or to resolve problems.
    • Not deterred by obstacles.
    • Tackles challenges that require risk taking.
    • Procures the necessary resources, team and technical support to enable success.
    • Assists others to get the job done.
    • Demonstrates awareness of an opportunities or issues which are in the future or outside the immediate work area.
    • Typically exceeds the expectations of the job.
    • Learns new technology or skills outside their specialization so that they can be a more effective team member.
    • Recommends solutions to enhance results or prevent potential issues.
    • Drives implementation of new processes within the team to improve results.
    • Able to provide recommendations on plans and decisions that are strategic and future-oriented for the organization.
    • Identifies areas of high risk or of organizational level impact.
    • Able to empower significant recourses from the organization to enable success.
    • Leads long-term engagements that result in improved organizational capabilities and processes.

    Process discipline

    A common misconception is that Agile means no process and no discipline. Effective Agile teams require more adherence to the right processes to create a culture of self-improvement.

    • Refers to the focus of following the right steps for a given activity at the right time to achieve the right outcomes.
    • Focus on following the right steps for a given activity at the right time to achieve desired outcomes.
    Example: Scrum Ceremonies during a sprint (1 - 4 weeks/sprint). 1: Sprint planning, 2: Daily scrum, 3: Sprint review, 4: Sprint retrospective.

    Process discipline

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Demonstrates awareness of the key processes and steps that are needed in a given situation.
    • Limited consistency in following processes and limited understanding of the 'why' behind the processes.
    • Aware and follows through with key agile processes in a consistent manner.
    • Demonstrates not only the knowledge of processes but understands the 'why' behind their existence.
    • Aware and follows through with key agile processes in a consistent manner.
    • Demonstrates understanding of not only why specific processes exist but can suggest changes to improve efficiency, consistency, and outcomes.

    N/A -- Maximum level is '3

    Resilience

    If your team hits the wall, don’t let the wall hit them back.

    • Resilience is critical for an effective Agile transformation. A team that demonstrates resilience always exhibits:
    • Evolution over transformation – There is a recognition that changes happen over time.
    • Intensity and productivity – A race is not won by the ones who are the fastest, but by the ones who are the most consistent. Regardless of what comes up, the team can push through.
    • That organizational resistance is futile – Given that it is working on the right objectives, the team needs to demonstrate a consistency of approach and intensity regardless of what may stand in its way.
    • Refers to the behaviors, thoughts, and actions that allow a person to recover from stress and adversity.

    How resilience aligns with Agile

    A team is not “living the principles” without resilience.

    1. Purpose

      Aligns with: “Our highest priority is to satisfy the customer through early and continuous delivery of valuable software.” The vision or goals may not be clear in certain circumstances and can be difficult to relate to a single work item. Being able to intrinsically source and harness a sense of purpose becomes more important, especially as a self-organizing team.
    2. Perseverance

      Aligns with: “Agile processes harness change for the customer's competitive advantage.” Perseverance enables teams to continuously deliver at a steady pace, addressing impediments or setbacks and continuing to move forward.
    3. Composure

      Aligns with: “Agile processes promote sustainable development,” and “At regular intervals, the team reflects ... and adjusts its behavior accordingly.”
      When difficult situations arise, composure allows us to understand perspectives, empathize with customers, accept late changes, and sustain a steady pace.
    4. Self-Reliance

      Aligns with: “The best architectures, requirements, and designs emerge from self-organizing teams.” Knowing oneself, recognizing strengths, and drawing on past successes, can be a powerful aid in creating high-performing Agile teams
    5. Authenticity

      Aligns with: “At regular intervals, the team reflects … and adjusts its behavior accordingly,” and “Build projects around motivated individuals.”
      When difficult situations arise, authenticity is crucial. “For example, being able to openly disclose areas outside of your strengths in sprint planning or being able to contribute constructively toward self-organization.”

    Adapted from: Why Innovation, 2019.

    Resilience

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Easily distracted and stopped by moderately stressful and challenging situations.
    • Requires significant help from others to get back on track.
    • Not frequently able (or knows) how to ask for help
    • Handles typical stresses and challenges for the given role.
    • Able to get back on track with limited assistance.
    • Able to ask for help when they need it.
    • Quality of work unaffected by an increase in pressures and challenges.
    • Handles stresses and challenges what is deemed above and beyond their given role.
    • Able to provide advice to others on how to handle difficult and challenging situations.
    • Quality of work and outcomes is maintained and sometimes exceeded as pressure increases.
    • Team looks to this individual as being the gold standard on how to approach any given problem or situation.
    • Directly mentors others on approaches in situations regardless of the level of challenge.

    Exercise 1.2.1 Identify your primary product owner perspective

    1 hour
    1. Review each real Agile skill and determine your current proficiency.
    2. Complete your assessment in the Mature and Scale Product Owner Proficiency Assessment tool.
    3. Record the results in the Mature and Scale Product Ownership Playbook.
    4. Review the skills map to identify strengths and areas of growth.

    Accountability, Collaboration, Comfort in Ambiguity, Communication, Empathy, Facilitation, Functional Decomposition, Initiative, Process Discipline, Resilience.

    Output

    • Agile skills assessment results.

    Participants

    • Product owners
    • Product managers

    Capture in the Mature and Scale Product Owner Proficiency Assessment.

    Determine your Agile skills proficiency: Edit chart data to plot your scores or add your data points and connect the lines.

    Step 3.2

    Mature product owner capabilities

    Activities

    3.2.1 Assess your vision capability proficiency

    3.2.2 Assess your leadership capability proficiency

    3.2.3 Assess your PLM capability proficiency

    3.2.4 Identify your business value drivers and sources of value

    3.2.5 Assess your value realization capability proficiency

    Mature product owner capabilities

    This step involves the following participants:

    • Product owners
    • Product managers

    Outcomes of this step

    • Info-Tech product owner capability model proficiency assessment

    Product capabilities deliver value

    As a product owner, you are responsible for managing these facets through your capabilities and activities.

    The core product and value stream consists of: Funding - Product management and governance, Business functionality - Stakeholder and relationship management, and Technology - Product delivery.

    Info-Tech Best Practice

    It is easy to lose sight of what matters when we look at a product from a single point of view . Despite what "The Agile Manifesto" says, working software is not valuable without the knowledge and support that people need in order to adopt, use, and maintain it. If you build it, they will not come. Product owners must consider the needs of all stakeholders when designing and building products.

    Recognize product owner knowledge gaps

    Pulse survey of product owners

    Pulse survey of product owners. Graph shows large percentage of respondents have alignment to common agile definition of product owners. Yet a significant perception gap in P&L, delivery, and analytics.

    Info-Tech Insight

    1. Less than 15% of respondents identified analytics or financial management as a key component of product ownership.
    2. Assess your product owner’s capabilities and understanding to develop a maturity plan.

    Source: Pulse Survey (N=18)

    Implement the Info-Tech product owner capability model

    Unfortunately, most product owners operate with incomplete knowledge of the skills and capabilities needed to perform the role. Common gaps include focusing only on product backlogs, acting as a proxy for product decisions, and ignoring the need for key performance indicators (KPIs) and analytics in both planning and value realization.

    Product Owner capabilities: Vision, Product Lifecycle Management, Leadership, Value Realization

    Vision

    • Market Analysis
    • Business Alignment
    • Product Roadmap

    Leadership

    • Soft Skills
    • Collaboration
    • Decision Making

    Product Lifecycle Management

    • Plan
    • Build
    • Run

    Value Realization

    • KPIs
    • Financial Management
    • Business Model

    Product owner capabilities provide support

    Vision predicts impact of Value realization. Value realization provides input to vision

    Your vision informs and aligns what goals and capabilities are needed to fulfill your product or product family vision and align with enterprise goals and priorities. Each item on your roadmap should have corresponding KPIs or OKRs to know how far you moved the value needle. Value realization measures how well you met your target, as well as the impacts on your business value canvas and cost model.

    Product lifecycle management builds trust with Leadership. Leadership improves quality of Product lifecycle management.

    Your leadership skills improve collaborations and decisions when working with your stakeholders and product delivery teams. This builds trust and improves continued improvements to the entire product lifecycle. A product owner’s focus should always be on finding ways to improve value delivery.

    Product owner capabilities provide support

    Leadership enhances Vision. Vision Guides Product Lifecycle Management. Product Lifecycle Management delivers Value Realization. Leadership enhances Value Realization

    Develop product owner capabilities

    Each capability: Vision, Product lifecycle management, Value realization and Leadership has 3 components needed for successful product ownership.

    Avoid common capability gaps

    Vision

    • Focusing solely on backlog grooming (tactical only)
    • Ignoring or failing to align product roadmap to enterprise goals
    • Operational support and execution
    • Basing decisions on opinion rather than market data
    • Ignoring or missing internal and external threats to your product

    Leadership

    • Failing to include feedback from all teams who interact with your product
    • Using a command-and-control approach
    • Viewing product owner as only a delivery role
    • Acting as a proxy for stakeholder decisions
    • Avoiding tough strategic decisions in favor of easier tactical choices

    Product lifecycle management

    • Focusing on delivery and not the full product lifecycle
    • Ignoring support, operations, and technical debt
    • Failing to build knowledge management into the lifecycle
    • Underestimating delivery capacity, capabilities, or commitment
    • Assuming delivery stops at implementation

    Value realization

    • Focusing exclusively on “on time/on budget” metrics
    • Failing to measure a 360-degree end-user view of the product
    • Skipping business plans and financial models
    • Limiting financial management to project/change budgets
    • Ignoring market analysis for growth, penetration, and threats

    Capabilities: Vision

    Market Analysis

    • Customer Empathy: Identify the target users and unique value your product provides that is not currently being met. Define the size of your user base, segmentation, and potential growth.
    • Customer Journey: Define the future path and capabilities your users will respond to.
    • Competitive analysis: Complete a SWOT analysis for your end-to-end product lifecycle. Use Info-Tech’s Business SWOT Analysis Template.

    Business Alignment

    • Enterprise alignment: Align to enterprise and product family goals, strategies, and constraints.
    • Delivery and release strategy: Develop a delivery strategy to achieve value quickly and adapt to internal and external changes. Value delivery is constrained by your delivery pipeline.
    • OCM and go-to-market strategy: Create organizational change management, communications, and a user implementation approach to improve adoption and satisfaction from changes.

    Product Roadmap

    • Roadmap strategy: Determine the duration, detail, and structure of your roadmap to accurately communicate your vision.
    • Value prioritization: Define criteria used to evaluate and sequence demand items.
    • Release and capacity planning: Build your roadmap with realistic goals and milestones based on your delivery pipeline and dependencies.

    “Customers are best heard through many ears.”

    – Thomas K. Connellan, Inside the Magic Kingdom

    Vision: Market Analysis, Business Alignment, and Product Roadmap.

    Info-Tech Insight

    Data comes from many places and may still not tell the complete story.

    Build your product strategy playbook

    Complete Deliver on Your Digital Product Vision to define your Vision, Goals, Roadmap approach, and Backlog quality filters.

    Digital Product Strategy Supporting Workbook

    Supporting workbook that captures the interim results from a number of exercises that will contribute to your overall digital product vision.

    Product Backlog Item Prioritization Tool

    An optional tool to help you capture your product backlog and prioritize based on your given criteria

    Product Roadmap Tool

    An optional tool to help you build out and visualize your first roadmap.

    Your Digital Product Vision Details Strategy

    Record the results from the exercises to help you define, detail, and make real your digital product vision.

    Your product vision is your North Star

    It's ok to dream a little!

    Who is the target customer, what is the key benefit, what do they need, what is the differentiator

    Adapted from: Geoffrey Moore, 2014.

    Info-Tech Best Practice

    A product vision shouldn’t be so far out that it doesn’t feel real or so short-term that it gets bogged down in minutiae and implementation details. Finding the right balance will take some trial and error and will be different for each organization.

    Use product roadmaps to guide delivery

    In Deliver on Your Digital Product Vision, we showed how the product roadmap is key to value realization. As a product owner, the product roadmap is your communicated path to align teams and changes to your defined goals, while aligning your product to enterprise goals and strategy.

    As a product owner, the product roadmap is your communicated path to align teams and changes to your defined goals, while aligning your product to enterprise goals and strategy

    Info-Tech Best Practice

    Info-Tech Best Practice Product delivery requires a comprehensive set of business and technical competencies to effectively roadmap, plan, deliver, support, and validate your product portfolio. Product delivery is a “multi-faceted, complex discipline that can be difficult to grasp and hard to master.” It will take time to learn and adopt methods and become a competent product manager or owner (“What Is Product Management?”, Pichler Consulting Limited).

    Match your roadmap and backlog to the needs of the product

    Ultimately, you want products to be able to respond faster to changes and deliver value sooner. The level of detail in the roadmap and backlog is a tool to help the product owner plan for change. The duration of your product roadmap is all directly related to the tier of product owner in the product family.

    The level of detail in the roadmap and backlog is a tool to help the product owner plan for change. The duration of your product roadmap is all directly related to the tier of product owner in the product family.

    Product delivery realizes value for your product family

    While planning and analysis are done at the family level, work and delivery are done at the individual product level.

    Product strategy includes: Vision, Goals, Roadmap, backlog and Release plan.

    Use artifact mapping to improve functional decomposition

    In our research, we refer to these items as epics, capabilities, features, and user stories. How you develop your guiding principles and structure your backlog should be based on the terminology and artifact types commonly used in your organization.

    Agile, Waterfall, Relationship, Decomposition skill most in demand, definition.

    Manage and communicate key milestones

    Successful product owners understand and define the key milestones in their product delivery lifecycles. These need to be managed along with the product backlog and roadmap.

    Define key milestones and their release dates.

    Info-Tech Best Practice

    Product ownership isn’t just about managing the product backlog and development cycles! Teams need to manage key milestones such as learning milestones, test releases, product releases, phase gates, and other organizational checkpoints!

    Milestones

    • Points in the timeline when the established set of artifacts is complete (feature-based), or checking status at a particular point in time (time-based).
    • Typically assigned a date and used to show the progress of development.
    • Plays an important role when sequencing different types of artifacts.

    Release dates

    • Releases mark the actual delivery of a set of artifacts packaged together in a new version of the product.
    • Release dates, firm or not, allow stakeholders to anticipate when this is coming.

    Leverage the product canvas to state and inform your product vision

    Leverage the product Canvas to state and inform your product vision. Includes: Product name, Tracking info, Vision, List of business objectives or goals, Metrics used to measure value realization, List of groups who consume the product/service, and List of key resources or stakeholders.

    Capability: Vision

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Product backlog.
    • Basic roadmap with milestones and releases.
    • Unprioritized stakeholder list.
    • Understanding of product’s purpose and value.
    • Customers and end-users defined with core needs identified.
    • Roadmap with goals and capabilities defined by themes and set to appropriate time horizons.
    • Documented stakeholder management plan with communication and collaboration aligned to the stakeholder strategy.
    • Value drivers traced to product families and enterprise goals.
    • Customer personas defined with pain relievers and value creators defined.
    • Fully-developed roadmap traced to family (and child) roadmaps.
    • Expected ROI for all current and next roadmap items.
    • KPIs/OKRs used to improve roadmap prioritization and sequencing.
    • Proactive stakeholder engagement and reviews.
    • Cross-functional engagement to align opportunities and drive enterprise value.
    • Formal metrics to assess customer needs and value realization.
    • Roadmaps managed in an enterprise system for full traceability, value realization reporting, and views for defined audiences.
    • Proactive stakeholder engagement with regular planning and review ceremonies tied to their roadmaps and goals.
    • Cross-functional innovation to find disruptive opportunities to drive enterprise value.
    • Omni-channel metrics and customer feedback mechanisms to proactively evaluate goals, capabilities, and value realization.

    Exercise 3.2.1 Assess your Vision capability proficiency

    1 hour
    1. Review the expectations for this capability and determine your current proficiency for each skill.
    2. Complete your assessment in the Mature and Scale Product Owner Proficiency Assessment tool.
    3. Record the results in the Mature and Scale Product Ownership Playbook.
    4. Review the skills map to identify strengths and areas of growth.

    Output

    • Product owner capability assessment

    Participants

    • Product owners
    • Product managers

    Capture in the Mature and Scale Product Owner Proficiency Assessment.

    Capabilities: Leadership

    Soft Skills

    • Communication: Maintain consistent, concise, and appropriate communication using SMART guidelines (specific, measurable, attainable, relevant, and timely).
    • Integrity: Stick to your values, principles, and decision criteria for the product to build and maintain trust with your users and teams.
    • Influence: Manage stakeholders using influence and collaboration over contract negotiation.

    Collaboration

    • Stakeholder management: Build a communications strategy for each stakeholder group, tailored to individual stakeholders.
    • Relationship management: Use every interaction point to strengthen relationships, build trust, and empower teams.
    • Team development: Promote development through stretch goals and controlled risks to build team capabilities and performance.

    Decision Making

    • Prioritized criteria: Remove personal bias by basing decisions off data analysis and criteria.
    • Continuous improvement: Balance new features with the need to ensure quality and create an environment of continuous improvement.
    • Team empowerment/negotiation: Push decisions to teams closest to the problem and solution, using Delegation Poker to guide you.

    “Everything walks the walk. Everything talks the talk.”

    – Thomas K. Connellan, Inside the Magic Kingdom

    Leadership: Soft skills, collaboration, decision making.

    Info-Tech Insight

    Product owners cannot be just a proxy for stakeholder decisions. The product owner owns product decisions and management of all stakeholders.

    Capability: Leadership

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Activities are prioritized with minimal direction and/or assistance.
    • Progress self-monitoring against objectives with leadership apprised of deviations against plan.
    • Facilitated decisions from stakeholders or teams.
    • Informal feedback on performance and collaboration with teams.
    • Independently prioritized activities and provide direction or assistance to others as needed.
    • Managed issue resolution and provided guidance on goals, priorities, and constraints.
    • Product decision ownership with input from stakeholders, SMEs, and delivery teams.
    • Formal product management retrospectives with tracked and measured changes to improve performance.
    • Consulted in the most challenging situations to provide subject matter expertise on leading practices and industry standards.
    • Provide mentoring and coaching to your peers and/or teammates.
    • Use team empowerment, pushing decisions to the lowest appropriate level based on risk and complexity.
    • Mature and flexible communication.
    • Provide strategies and programs ensuring all individuals in the delivery organization obtain the level of coaching and supervision required for success in their position.
    • Provide leadership to the organization’s coaches ensuring delivery excellence across the organization.
    • Help develop strategic initiatives driving common approaches and utilizing information assets and processes across the enterprise.

    Exercise 3.2.2 Assess your Leadership capability proficiency

    1 hour
    1. Review the expectations for this capability and determine your current proficiency for each skill.
    2. Complete your assessment in the Mature and Scale Product Owner Proficiency Assessment tool.
    3. Record the results in the Mature and Scale Product Ownership Playbook.
    4. Review the skills map to identify strengths and areas of growth.

    Output

    • Product owner capability assessment

    Participants

    • Product owners
    • Product managers

    Capture in the Mature and Scale Product Owner Proficiency Assessment.

    Capability: Product lifecycle management

    Plan

    • Product backlog: Follow a schedule for backlog intake, grooming, updates, and prioritization.
    • Journey map: Create an end-user journey map to guide adoption and loyalty.
    • Fit for purpose: Define expected value and intended use to ensure product meets your end user’s needs.

    Build

    • Capacity management: Work with operations and delivery teams to ensure consistent and stable outcomes.
    • Release strategy: Build learning, release, and critical milestones into a repeatable release plan.
    • Compliance: Build policy compliance into delivery practices to ensure alignment and reduce avoidable risk (privacy, security).

    Run

    • Adoption: Focus attention on end-user adoption and proficiency to accelerate value and maximize retention.
    • Support: Build operational support and business continuity into every team.
    • Measure: Measure KPIs and validate expected value to ensure product alignment to goals and consistent product quality.

    “Pay fantastic attention to detail. Reward, recognize, celebrate.”

    – Thomas K. Connellan, Inside the Magic Kingdom

    Product Lifecycle Management: Plan, Build, Run

    Info-Tech Insight

    Product owners must actively manage the full lifecycle of the product.

    Define product value by aligning backlog delivery with roadmap goals

    In each product plan, the backlogs show what you will deliver. Roadmaps identify when and in what order you will deliver value, capabilities, and goals.

    In each product plan, the backlogs show what you will deliver. Roadmaps identify when and in what order you will deliver value, capabilities, and goals.

    A backlog stores and organizes PBIs at various stages of readiness

    A backlog stores and organizes PBIs at different levels of readiness. Stage 3 - Ideas are composed of raw, vague ideas that have yet to go through any formal valuation. Stage 2 - Qualified are researched and qualified PBIs awaiting refinement. Stage 1 - Ready are Discrete, refined RBIs that are read to be placed in your development team's sprint plans.

    A well-formed backlog can be thought of as a DEEP backlog:

    Detailed Appropriately: PBIs are broken down and refined, as necessary.

    Emergent: The backlog grows and evolves over time as PBIs are added and removed.

    Estimated: The effort a PBI requires is estimated at each tier.

    Prioritized: The PBI’s value and priority are determined at each tier.

    (Perforce, 2018)

    Distinguish your specific goals for refining in the product backlog vs. planning for a sprint itself

    Often backlog refinement is used interchangeably or considered a part of sprint planning. The reality is they are very similar, as the required participants and objectives are the same; however, there are some key differences.

    Backlog refinement versus Sprint planning. Differences in Objectives, Cadence and Participants

    Use quality filters to promote high value items into the delivery pipeline

    Product backlog has quality filters such as: Backlogged, Qualified and Ready. Sprint backlog has a backlog of accepted PBI's

    Basic scrum process

    The scrum process coordinates multiple stakeholders to deliver on business priorities.

    Prioritized Backlog, Sprint Backlog, Manage Delivery, Sprint Review, Product Release

    Capability: Product lifecycle management

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Informal or undocumented intake process.
    • Informal or undocumented delivery lifecycle.
    • Unstable or unpredictable throughput or quality.
    • Informal or undocumented testing and release processes.
    • Informal or undocumented organizational change management planning for each release.
    • Informal or undocumented compliance validation with every release.
    • Documented intake process with stakeholder prioritization of requests.
    • Consistent delivery lifecycle with stable and predictable throughput with an expected range of delivery variance.
    • Formal and documented testing and release processes.
    • Organizational change management planning for each major release.
    • Compliance validation with every major release.
    • Intake process using value drivers and prioritization criteria to sequence all items.
    • Consistent delivery lifecycle with stable and predictable throughput with little variance.
    • Risk-based and partially automated testing and release processes.
    • Organizational change management planning for all releases.
    • Automated compliance validation with every major release.
    • Intake process using enterprise value drivers and prioritization criteria to sequence all items.
    • Stable Agile DevOps with low variability and automation.
    • Risk-based automated and manual testing.
    • Multiple release channels based on risk. Automated build, validation, and rollback capabilities.
    • Cross-channel, integrated organizational change management for all releases.
    • Automated compliance validation with every change or release.

    Exercise 3.2.3 Assess your PLM capability proficiency

    1 hour
    1. Review the expectations for this capability and determine your current proficiency for each skill.
    2. Complete your assessment in the Mature and Scale Product Owner Proficiency Assessment tool.
    3. Record the results in the Mature and Scale Product Ownership Playbook.
    4. Review the skills map to identify strengths and areas of growth.

    Output

    • Product owner capability assessment

    Participants

    • Product owners
    • Product managers

    Capture in the Mature and Scale Product Owner Proficiency Assessment.

    Capabilities: Value realization

    Key performance indicators (KPIs)

    • Usability and user satisfaction: Assess satisfaction through usage monitoring and end-user feedback.
    • Value validation: Directly measure performance against defined value proposition, goals, and predicted ROI.
    • Fit for purpose: Verify the product addresses the intended purpose better than other options.

    Financial management

    • P&L: Manage each product as if it were its own business with profit and loss statements.
    • Acquisition cost/market growth: Define the cost of acquiring a new consumer, onboarding internal users, and increasing product usage.
    • User retention/market share: Verify product usage continues after adoption and solution reaches new user groups to increase value.

    Business model

    • Defines value proposition: Dedicate your primary focus to understanding and defining the value your product will deliver.
    • Market strategy and goals: Define your acquisition, adoption, and retention plan for users.
    • Financial model: Build an end-to-end financial model and plan for the product and all related operational support.

    “The competition is anyone the customer compares you with.”

    – Thomas K. Connellan, Inside the Magic Kingdom

    Value Realization: KPIs, Financial management, Business model

    Info-Tech Insight

    Most organizations stop with on-time and on-budget. True financial alignment needs to define and manage the full lifecycle P&L.

    Use a balanced value to establish a common definition of goals and value

    Value drivers are strategic priorities aligned to our enterprise strategy and translated through our product families. Each product and change has an impact on the value driver helping us reach our enterprise goals.

    Importance of the value driver multiplied by the Impact of value score is equal to the Value score.

    Info-Tech Insight

    Your value drivers and impact helps estimate the expected value of roadmap items, prioritize roadmap and backlog items, and identify KPIs and OKRs to measure value realization and actual impact.

    Include balanced value as one criteria to guide better decisions

    Your balanced value is just one of many criteria needed to align your product goals and sequence roadmap items. Feasibility, delivery pipeline capacity, shared services, and other factors may impact the prioritization of backlog items.

    Build your balanced business value score by using four key value drivers.

    Determine your value drivers

    Competent organizations know that value cannot always be represented by revenue or reduced expenses. However, it is not always apparent how to envision the full spectrum of sources of value. Dissecting value by benefit type and the value source’s orientation allows you to see the many ways in which a product or service brings value to the organization.

    Business value matrix

    Graph with 4 quadrants representing Outward versus Inward, and Financial benefit versus Human benefit. The quadrants are Reach customers, Increase revenue/demonstrate value, Enhance services, Reduce costs.

    Financial benefits vs. improved capabilities

    Financial benefits refer to the degree to which the value source can be measured through monetary metrics and is often quite tangible.

    Human benefits refer to how a product or service can deliver value through a user’s experience.

    Inward vs. outward orientation

    Inward refers to value sources that have an internal impact and improve your organization’s effectiveness and efficiency in performing its operations.

    Outward refers to value sources that come from your interaction with external factors, such as the market or your customers.

    Exercise 3.2.4 Identify your business value drivers and sources of value

    1 hour
    1. Brainstorm the different types of business value that you produce on the sticky notes (one item per page). Draw from examples of products in your portfolio.
    2. Identify the most important value items for your organization (two to three per quadrant).
    3. Record the results in the Mature and Scale Product Ownership Workbook.

    Output

    • Product owner capability assessment

    Participants

    • Product owners
    • Product managers

    Capture in the Mature and Scale Product Ownership Workbook.

    My business value sources

    Graph with 4 quadrants representing Outward versus Inward, and Financial benefit versus Human benefit. The quadrants are Reach customers, Increase revenue/demonstrate value, Enhance services, Reduce costs.

    Capability: Value realization

    Your Score: ____

    1 - Foundational: Transitioning and Growing

    2 - Capable/Competent: Core Contributor

    3 - Influential: Gifted Improver

    4 - Transformational: Towering Strength

    • Product canvas or basic product positioning overview.
    • Simple budget or funding mechanism for changes.
    • Product demos and informal user feedback mechanisms.
    • Business value canvas or basic business model tied to roadmap funding.
    • Product funding tied to roadmap milestones and prioritization.
    • Defined KPIs /OKRs for roadmap delivery throughput and value realization measurement.
    • Business model with operating cost structures, revenue/value traceability, and market/user segments.
    • Scenario-based roadmap funding alignment.
    • Roadmap aligned KPIs /OKRs for delivery throughput and value realization measurement as a key factor in roadmap prioritization.
    • Business model tied to enterprise operating costs and value realization KPIs/OKRs.
    • P&L roadmap and cost accounting tied to value metrics.
    • Roadmap aligned enterprise and scenario-based KPIs /OKRs for delivery throughput and value realization measurement as a key factor in roadmap prioritization.

    Exercise 3.2.5 Assess your value realization capability proficiency

    1 hour
    1. Review the expectations for this capability and determine your current proficiency for each skill.
    2. Complete your assessment in the Mature and Scale Product Owner Proficiency Assessment tool.
    3. Record the results in the Mature and Scale Product Ownership Playbook.
    4. Review the skills map to identify strengths and areas of growth.

    Output

    • Product owner capability assessment

    Participants

    • Product owners
    • Product managers

    Capture in the Mature and Scale Product Owner Proficiency Assessment.

    Determine your product owner capability proficiency in regards to: Vision, Leadership, Product Lifecycle, and Value Realization

    Summary of Accomplishment

    Problem solved.

    Product ownership can be one of the most difficult challenges facing delivery and operations teams. By focusing on operational grouping and alignment of goals, organizations can improve their value realization at all levels in the organization.

    The foundation for delivering and enhancing products and services is rooted in the same capability model. Traditionally, product owners have focused on only a subset of skills and capabilities needed to properly manage and grow their products. The product owner capability model is a useful tool to ensure optimal performance from product owners and assess the right level of detail for each product within the product families.

    Congratulations. You’ve completed a significant step toward higher-value products and services.

    If you would like additional support, have our analysts guide you through other phases as apart of an Info-Tech workshop

    Contact your account representative for more information

    workshops@infotech.com
    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as apart of an Info-Tech workshop

    Contact your account representative for more information
    workshops@infotech.com 1-888-670-8889

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1.1 Assess your real Agile skill proficiency

    Assess your skills and capabilities against the real Agile skills inventory

    2.2.3 Prioritize your stakeholders

    Build a stakeholder management strategy.

    Research Contributors and Experts

    Emily Archer

    Lead Business Analyst,
    Enterprise Consulting, authentic digital agency

    Emily Archer is a consultant currently working with Fortune 500 clients to ensure the delivery of successful projects, products, and processes. She helps increase the business value returned for organizations’ investments in designing and implementing enterprise content hubs and content operations, custom web applications, digital marketing, and e-commerce platforms.

    David Berg

    Founder & CTO
    Strainprint Technologies Inc.

    David Berg is a product commercialization expert who has spent the last 20 years delivering product management and business development services across a broad range of industries. Early in his career, David worked with product management and engineering teams to build core network infrastructure products that secure and power the internet we benefit from today. David’s experience also includes working with clean technologies in the area of clean power generation, agritech, and Internet of Things infrastructure. Over the last five years, David has been focused on his latest venture, Strainprint Technologies, a data and analytics company focused on the medical cannabis industry. Strainprint has built the largest longitudinal medical cannabis dataset in the world, with a goal to develop an understanding of treatment behavior, interactions, and chemical drivers to guide future product development.

    Research Contributors and Experts

    Kathy Borneman

    Digital Product Owner, SunTrust Bank

    Kathy Borneman is a senior product owner who helps people enjoy their jobs again by engaging others in end-to-end decision making to deliver software and operational solutions that enhance the client experience and allow people to think and act strategically.

    Charlie Campbell

    Product Owner, Merchant e-Solutions

    Charlie Campbell is an experienced problem solver with the ability to quickly dissect situations and recommend immediate actions to achieve resolution, liaise between technical and functional personnel to bridge the technology and communication gap, and work with diverse teams and resources to reach a common goal.

    Research Contributors and Experts

    Yarrow Diamond

    Sr. Director, Business Architecture
    Financial Services

    Yarrow Diamond is an experienced professional with expertise in enterprise strategy development, project portfolio management, and business process reengineering across financial services, healthcare and insurance, hospitality, and real estate environments. She has a master’s in Enterprise Architecture from Penn State University, LSSMBB, PMP, CSM, ITILv3.

    Cari J. Faanes-Blakey, CBAP, PMI-PBA

    Enterprise Business Systems Analyst,
    Vertex, Inc.

    Cari J. Faanes-Blakey has a history in software development and implementation as a Business Analyst and Project Manager for financial and taxation software vendors. Active in the International Institute of Business Analysis (IIBA), Cari participated on the writing team for the BA Body of Knowledge 3.0 and the certification exam.

    Research Contributors and Experts

    Kieran Gobey

    Senior Consultant Professional Services
    Blueprint Software Systems

    Kieran Gobey is an IT professional with 24 years of experience, focused on business, technology, and systems analysis. He has split his career between external and internal customer-facing roles, and this has resulted in a true understanding of what is required to be a Professional Services Consultant. His problem-solving skills and ability to mentor others have resulted in successful software implementations.

    Kieran’s specialties include deep system troubleshooting and analysis skills, facilitating communications to bring together participants effectively, mentoring, leadership, and organizational skills.

    Rupert Kainzbauer

    VP Product, Digital Wallets
    Paysafe Group

    Rupert Kainzbauer is an experienced senior leader with a passion for defining and delivering products that deliver real customer and commercial benefit. With a team of highly experienced and motivated product managers, he has successfully led highly complex, multi-stakeholder payments initiatives, from proposition development and solution design through to market delivery. Their domain experience is in building online payment products in high-risk and emerging markets, remittance, prepaid cards, and mobile applications.

    Research Contributors and Experts

    Saeed Khan

    Founder,
    Transformation Labs

    Saeed Khan has been working in high tech for 30 years in Canada and the US and has held several leadership roles in Product Management in that time. He speaks regularly at conferences and has been writing publicly about technology product management since 2005.

    Through Transformation Labs, Saeed helps companies accelerate product success by working with product teams to improve their skills, practices, and processes. He is a cofounder of ProductCamp Toronto and currently runs a Meetup group and global Slack community called Product Leaders; the only global community of senior level product executives.

    Hoi Kun Lo

    Product Owner
    Nielsen

    Hoi Kun Lo is an experienced change agent who can be found actively participating within the IIBA and WITI groups in Tampa, FL and a champion for Agile, architecture, diversity, and inclusion programs at Nielsen. She is currently a Product Owner in the Digital Strategy team within Nielsen Global Watch Technology.

    Research Contributors and Experts

    Abhishek Mathur

    Sr Director, Product Management
    Kasisto, Inc.

    Abhishek Mathur is a product management leader, an artificial intelligence practitioner, and an educator. He has led product management and engineering teams at Clarifai, IBM, and Kasisto to build a variety of artificial intelligence applications within the space of computer vision, natural language processing, and recommendation systems. Abhishek enjoys having deep conversations about the future of technology and helping aspiring product managers enter and accelerate their careers.

    Jeff Meister

    Technology Advisor and Product Leader

    Jeff Meister is a technology advisor and product leader. He has more than 20 years of experience building and operating software products and the teams that build them. He has built products across a wide range of industries and has built and led large engineering, design, and product organizations.

    Jeff most recently served as Senior Director of Product Management at Avanade, where he built and led the product management practice. This involved hiring and leading product managers, defining product management processes, solution shaping and engagement execution, and evangelizing the discipline through pitches, presentations, and speaking engagements.

    Jeff holds a Bachelor of Applied Science (Electrical Engineering) and a Bachelor of Arts from the University of Waterloo, an MBA from INSEAD (Strategy), and certifications in product management, project management, and design thinking.

    Research Contributors and Experts

    Vincent Mirabelli

    Principal,
    Global Project Synergy Group

    With over 10 years of experience in both the private and public sectors, Vincent Mirabelli possesses an impressive track record of improving, informing, and transforming business strategy and operations through process improvement, design and re-engineering, and the application of quality to business analysis, project management, and process improvement standards.

    Oz Nazili

    VP, Product & Growth
    TWG

    Oz Nazili is a product leader with a decade of experience in both building products and product teams. Having spent time at funded startups and large enterprises, he thinks often about the most effective way to deliver value to users. His core areas of interest include Lean MVP development and data-driven product growth.

    Research Contributors and Experts

    Mike Starkey

    Director of Engineering
    W.W. Grainger

    Mike Starkey is a Director of Engineering at W.W. Grainger, currently focusing on operating model development, digital architecture, and building enterprise software. Prior to joining W.W. Grainger, Mike held a variety of technology consulting roles throughout the system delivery lifecycle spanning multiple industries such as healthcare, retail, manufacturing, and utilities with Fortune 500 companies.

    Anant Tailor

    Cofounder and Head of Product
    Dream Payments Corp.

    Anant Tailor is a cofounder at Dream Payments where he currently serves as the COO and Head of Product, having responsibility for Product Strategy & Development, Client Delivery, Compliance, and Operations. He has 20+ years of experience building and operating organizations that deliver software products and solutions for consumers and businesses of varying sizes.

    Prior to founding Dream Payments, Anant was the COO and Director of Client Services at DonRiver Inc, a technology strategy and software consultancy that he helped to build and scale into a global company with 100+ employees operating in seven countries.

    Anant is a Professional Engineer with a Bachelor degree in Electrical Engineering from McMaster University and a certificate in Product Strategy & Management from the Kellogg School of Management at Northwestern University.

    Research Contributors and Experts

    Angela Weller

    Scrum Master, Businessolver

    Angela Weller is an experienced Agile business analyst who collaborates with key stakeholders to attain their goals and contributes to the achievement of the company’s strategic objectives to ensure a competitive advantage. She excels when mediating or facilitating teams.

    Related Info-Tech Research

    Product Delivery

    Deliver on Your Digital Product Vision

    Build a product vision your organization can take from strategy through execution.

    Deliver Digital Products at Scale

    Deliver value at the scale of your organization through defining enterprise product families.

    Build Your Agile Acceleration Roadmap

    Quickly assess the state of your Agile readiness and plan your path forward to higher value realization.

    Implement Agile Practices That Work

    Improve collaboration and transparency with the business to minimize project failure.

    Implement DevOps Practices That Work

    Streamline business value delivery through the strategic adoption of DevOps practices.

    Extend Agile Practices Beyond IT

    Further the benefits of Agile by extending a scaled Agile framework to the business.

    Build Your BizDevOps Playbook

    Embrace a team sport culture built around continuous business-IT collaboration to deliver great products.

    Embed Security Into the DevOps Pipeline

    Shift security left to get into DevSecOps.

    Spread Best Practices With an Agile Center of Excellence

    Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Enable Organization-Wide Collaboration by Scaling Agile

    Execute a disciplined approach to rolling out Agile methods in the organization.

    Related Info-Tech Research

    Application Portfolio Management

    APM Research Center

    See an overview of the APM journey and how we can support the pieces in this journey.

    Application Portfolio Management Foundations

    Ensure your application portfolio delivers the best possible return on investment.

    Streamline Application Maintenance

    Effective maintenance ensures the long-term value of your applications.

    Streamline Application Management

    Move beyond maintenance to ensuring exceptional value from your apps.

    Build an Application Department Strategy

    Delivering value starts with embracing what your department can do.

    Embrace Business-Managed Applications

    Empower the business to implement their own applications with a trusted business-IT relationship

    Optimize Applications Release Management

    Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Related Info-Tech Research

    Value, Delivery Metrics, Estimation

    Build a Value Measurement Framework

    Focus product delivery on business value–driven outcomes.

    Select and Use SDLC Metrics Effectively

    Be careful what you ask for, because you will probably get it.

    Application Portfolio Assessment: End User Feedback

    Develop data-driven insights to help you decide which applications to retire, upgrade, re-train on, or maintain to meet the demands of the business.

    Create a Holistic IT Dashboard

    Mature your IT department by measuring what matters.

    Refine Your Estimation Practices With Top-Down Allocations

    Don’t let bad estimates ruin good work.

    Estimate Software Delivery With Confidence

    Commit to achievable software releases by grounding realistic expectations.

    Reduce Time to Consensus With an Accelerated Business Case

    Expand on the financial model to give your initiative momentum.

    Optimize Project Intake, Approval, and Prioritization

    Deliver more projects by giving yourself the voice to say “no” or “not yet” to new projects.

    Enhance PPM Dashboards and Reports

    Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Related Info-Tech Research

    Organizational Design and Performance

    Redesign Your IT Organizational Structure

    Focus product delivery on business value-driven outcomes.

    Build a Strategic IT Workforce Plan

    Have the right people, in the right place, at the right time.

    Implement a New Organizational Structure

    Reorganizations are inherently disruptive. Implement your new structure with minimal pain for staff while maintaining IT performance throughout the change.

    Build an IT Employee Engagement Program

    Don’t just measure engagement, act on it

    Set Meaningful Employee Performance Measures

    Set holistic measures to inspire employee performance.

    Bibliography (Product Management)

    “12th Annual State of Agile Report.” VersionOne, 9 April 2018. Web.

    A, Karen. “20 Mental Models for Product Managers.” Product Management Insider, Medium, 2 Aug. 2018. Web.

    Adams, Paul. “Product Teams: How to Build & Structure Product Teams for Growth.” Inside Intercom, 30 Oct. 2019. Web.

    Aghina, Handscomb, Ludolph, West, and Abby Yip, “How to select and develop individuals for successful agile teams: A practical guide” McKinsey & Company 20 Dec. 2018. Web.

    Agile Alliance. “Product Owner.” Agile Alliance. n.d. Web.

    Ambler, Scott W. "Communication on Agile Software Teams“, Agile Modeling. 2001-2022. Web.

    Ambysoft. “2018 IT Project Success Rates Survey Results.” Ambysoft. 2018. Web.

    Banfield, Richard, et al. “On-Demand Webinar: Strategies for Scaling Your (Growing) Enterprise Product Team.” Pluralsight, 31 Jan. 2018. Web.

    Beck, Beedle, van Bennekum, Cockburn, Cunningham, Fowler, Grenning, Highsmith, Hunt, Jeffries, Kern, Marick, Martin, Mellor, Schwaber, Sutherland, Thomas, "Manifesto for Agile Software Development." agilemanifesto.org. 2001

    Berez, Steve, et al. “How to Plan and budget for Agile at Scale.” Bain & Company, 08 Oct 2019. Web

    Blueprint. “10 Ways Requirements Can Sabotage Your Projects Right From the Start.” Blueprint. 2012. Web.

    Breddels, Dajo, and Paul Kuijten. “Product Owner Value Game.” Agile2015 Conference, Agile Alliance 2015. Web.

    Cagan, Martin. “Behind Every Great Product.” Silicon Valley Product Group. 2005. Web.

    Cohn, Mike. “What Is a Product?” Mountain Goat Software. 6 Sept. 2016. Web.

    Connellan, Thomas K. Inside the Magic Kingdom, Bard Press, 1997.

    Curphey, Mark. “Product Definition.” SlideShare, 25 Feb. 2007. Web.

    “Delegation Poker Product Image.” Management 3.0, n.d. Web.

    Distel, Dominic, et al. “Finding the sweet spot in product-portfolio management.’ McKinsey, 4 Dec. 2020. Web

    Eringa, Ron. “Evolution of the Product Owner.” RonEringa.com, 12 June 2016. Web.

    Fernandes, Thaisa. “Spotify Squad Framework - Part I.” PM101, Medium, 6 Mar. 2017. Web.

    Galen, Robert. “Measuring Product Ownership – What Does ‘Good’ Look Like?” RGalen Consulting, 5 Aug. 2015. Web.

    Grenny, Joseph. “The Best Teams Hold Themselves Accountable.” Harvard Business Review, 30 May 2014. Web.

    Halisky, Merland, and Luke Lackrone. “The Product Owner’s Universe.” Agile2016 Conference, Agile Alliance, 2016. Web.

    Bibliography (Product Management)

    IIBA "A Guide to the Business Analysis Body of Knowledge® (BABOK® Guide) v3" IIBA. 15 APR 2015

    Kamer, Jurriaan. “How to Build Your Own ‘Spotify Model’.” The Ready, Medium, 9 Feb. 2018. Web.

    Kendis Team. “Exploring Key Elements of Spotify’s Agile Scaling Model.” Scaled Agile Framework, Medium, 23 Jul. 2018. Web.

    Lindstrom, Lowell. “7 Skills You Need to Be a Great Product Owner.” Scrum Alliance, n.d. Web.

    Lukassen, Chris. “The Five Belts Of The Product Owner.” Xebia.com, 20 Sept. 2016. Web.

    Mankins, Michael. “The Defining Elements of a Winning Culture.” Bain, 19 Dec. 2013. Web.

    McCloskey, Heather. “Scaling Product Management: Secrets to Defeating Common Challenges.” ProductPlan, 12 July 2019. Web.

    McCloskey, Heather. “When and How to Scale Your Product Team.” UserVoice, 21 Feb. 2017. Web. Mironov, Rich. “Scaling Up Product Manager/Owner Teams.” Rich Mironov's Product Bytes, Mironov Consulting, 12 Apr. 2014. Web.

    Moore, Geoffrey A. “Crossing the Chasm, 3rd Edition.” Collins Business Essentials, 28 Jan 2014

    Oh, Paul. “How Mastering Resilience Can Help Drive Agile Transformations.” Why Innovation!, 10 Oct. 2019.

    Overeem, Barry. “A Product Owner Self-Assessment.” Barry Overeem, 6 Mar. 2017. Web.

    Overeem, Barry. “Retrospective: Using the Team Radar.” Barry Overeem, 27 Feb. 2017. Web.

    Pichler, Roman. “How to Scale the Scrum Product Owner.” Roman Pichler, 28 June 2016 . Web.

    Pichler, Roman. “Product Management Framework.” Pichler Consulting Limited, 2014. Web.

    Pichler, Roman. “Sprint Planning Tips for Product Owners.” LinkedIn, 4 Sept. 2018. Web.

    Pichler, Roman. “What Is Product Management?” Pichler Consulting Limited, 26 Nov. 2014. Web.

    PMI "The high cost of low performance: the essential role of communications“. PMI Pulse of Profession, May 2013.

    Radigan,Dan. “Putting the ‘Flow' Back in Workflow With WIP Limits.” Atlassian, n.d. Web.

    Bibliography (Product Management)

    Rouse, Margaret. “Definition: product.” TechTarget, Sept. 2005. Web.

    Schuurman, Robbin. “10 Tips for Product Owners on (Business) Value.” Scrum.org, 30 Nov. 2017. Web.

    Schuurman, Robbin. “10 Tips for Product Owners on Agile Product Management.” Scrum.org, 28 Nov. 2017. Web.

    Schuurman, Robbin. “10 Tips for Product Owners on Product Backlog Management.” Scrum.org, 5 Dec. 2017. Web.

    Schuurman, Robbin. “10 Tips for Product Owners on the Product Vision.” Scrum.org, 29 Nov. 2017. Web.

    Schuurman, Robbin. “Tips for Starting Product Owners.” Scrum.org, 27 Nov. 2017. Web.

    Sharma, Rohit. “Scaling Product Teams the Structured Way.” Monetary Musings, 28 Nov. 2016. Web.

    Shirazi, Reza. “Betsy Stockdale of Seilevel: Product Managers Are Not Afraid To Be Wrong.” Austin Voice of Product, 2 Oct. 2018. Web.

    Spitz, Enid R. “The Three Kinds of Empathy: Emotional, Cognitive, Compassionate.” The Three Kinds of Empathy: Emotional, Cognitive, Compassionate. Heartmanity. Web.

    Steiner, Anne. “Start to Scale Your Product Management: Multiple Teams Working on Single Product.” Cprime, 6 Aug. 2019. Web.

    “The Qualities of Leadership: Leading Change.” Cornelius & Associates, 2016. Web.

    “The Standish Group 2015 Chaos Report.” The Standish Group. 2015. Web.

    Theus, Andre. “When Should You Scale the Product Management Team?” ProductPlan, 7 May 2019. Web.

    Tolonen, Arto. “Scaling Product Management in a Single Product Company.” Smartly.io, 26 Apr. 2018. Web.

    Ulrich, Catherine. “The 6 Types of Product Managers. Which One Do You Need?” Medium, 19 Dec. 2017. Web.

    Verwijs, Christiaan. “Retrospective: Do The Team Radar.” The Liberators, Medium, 10 Feb. 2017. Web.

    Vlaanderen, Kevin. “Towards Agile Product and Portfolio Management”. Academia.edu. 2010. Web.

    Backlog

    2009 Business Analysis Benchmark Study.” IAG Consulting, 2009. Web.

    Armel, Kate. “Data-driven Estimation, Management Lead to High Quality.” Quantitative Software Management Inc, 2015. Web.

    Bradley, Marty. “Agile Estimation Guidance.” Leading Agile, 30 Aug. 2016. Web. Feb. 2019.

    CollabNet and VersionOne. “12th Annual State of Agile Report.” VersionOne, 9 April 2018. Web.

    Craveiro, João. “Marty meets Martin: connecting the two triads of Product Management.” Product Coalition, 18 Nov. 2017. Accessed Feb. 2019.

    “Enablers.” Scaled Agile, n.d. Web.

    “Epic.” Scaled Agile, n.d. Web.

    Fischer, Christian. “Scrum Compact.” Itemis, n.d. Web. Feb. 2019.

    Hackshall, Robin. “Product Backlog Refinement.” Scrum Alliance, 9 Oct. 2014. Accessed Feb. 2019.

    Hartman, Bob. “New to agile? INVEST in good user stories.” Agile For All, 14 May 2009. Web.

    Huether, Derek. “Cheat Sheet for Product Backlog Refinement (Grooming).” Leading Agile, 2 Nov. 2013. Accessed Feb. 2019.

    Karlsson, Johan. “Backlog Grooming: Must-Know Tips for High-Value Products.” Perforce, 18 May 2018. Accessed Feb. 2019.

    Khan, Saeed. “Good Bye ‘Product Owner’, Hello ‘Backlog Manager.’” On Product Management, 27 June 2011. Accessed Feb. 2019.

    Khan, Saeed. “Let’s End the Confusion: A Product Owner is NOT a Product Manager.” On Product Management, 14 July 2017. Accessed Feb. 2019.

    Lawrence, Richard. “New Story Splitting Resource.” Agile For All. 27 Jan. 2012. Web. Feb. 2019.

    Leffingwell, Dean. “SAFe 4.0.” Scaled Agile Inc, 2017. Accessed Feb. 2019.

    Lucero, Mario. “Product Backlog – Deep Model.” Agilelucero, 8 Oct. 2014. Web.

    “PI Planning.” Scaled Agile, n.d. Web.

    Pichler, Roman. “The Product Roadmap and the Product Backlog.” Roman Pichler, 9 Sept. 2014. Accessed Feb. 2019.

    Rubin, Kenneth S. Essential Scrum: A Practical Guide to the Most Popular Agile Process. Pearson Education, 2012.

    Schuurman, Robbin. “10 Tips for Product Owners on Product Backlog Management.” Burozeven, 20 Nov. 2017. Accessed Feb. 2019.

    Srinivasan, Vibhu. “Product Backlog Management: Tips from a Seasoned Product Owner.” Agile Alliance, n.d. Accessed Feb. 2019.

    Todaro, Dave. “Splitting Epics and User Stories.” Ascendle, n.d. Accessed Feb. 2019.

    “What Characteristics Make Good Agile Acceptance Criteria?” Segue Technologies, 3 Sept. 2015. Web. Feb. 2019.

    Bibliography (Roadmap)

    Bastow, Janna. “Creating Agile Product roadmaps Everyone Understands.” ProdPad, 22 Mar. 2017. Accessed Sept. 2018.

    Bastow, Janna. “The Product Tree Game: Our Favorite Way To Prioritize Features.” ProdPad, 21 Feb. 2016. Accessed Sept. 2018.

    Chernak, Yuri. “Requirements Reuse: The State of the Practice.” 2012 IEEE International Conference, 12 June 2012, Herzliya, Israel. Web.

    Fowler, Martin. “Application Boundary.” MartinFowler.com, 11 Sept. 2003. Accessed 20 Nov. 2017.

    Harrin, Elizabeth. “Learn What a Project Milestone Is.” The Balance Careers, 10 May 2018. Accessed Sept. 2018.

    “How to create a product roadmap.” Roadmunk, n.d. Accessed Sept. 2018.

    Johnson, Steve. “How to Master the 3 Horizons of Product Strategy.” Aha!, 24 Sept. 2015. Accessed Sept. 2018.

    Johnson, Steve. “The Product Roadmap vs. the Technology Roadmap.” Aha!, 23 June 2016. Accessed Sept. 2018

    Juncal, Shaun. “How Should You Set Your Product Roadmap Timeframes?” ProductPlan, Web. Sept. 2018.

    Leffingwell, Dean. “SAFe 4.0.” Scaled Agile, 2017. Web.

    Maurya, Ash. “What is a Minimum Viable Product (MVP).” Leanstack, 12 June 2017. Accessed Sept. 2018.

    Pichler, Roman. “10 Tips for Creating an Agile Product Roadmap.” Roman Pichler, 20 July 2016. Accessed Sept. 2018.

    Pichler, Roman. Strategize: Product Strategy and Product Roadmap Practices for the Digital Age. Pichler Consulting, 2016.

    “Product Roadmap Contents: What Should You Include?” ProductPlan, n.d. Accessed 20 Nov. 2017.

    Saez, Andrea. “Why Your Roadmap Is Not a Release Plan.” ProdPad, 23 October 2015. Accessed Sept. 2018.

    Schuurman, Robbin. “Tips for Agile product roadmaps & product roadmap examples.” Scrum.org, 7 Dec. 2017. Accessed Sept. 2018.

    Bibliography (Vision and Canvas)

    Adams, Paul. “The Future Product Canvas.” Inside Intercom, 10 Jan. 2014. Web.

    “Aligning IT Funding Models to the Pace of Technology Change.” EDUCAUSE, 14 Dec. 2015. Web.

    Altman, Igor. “Metrics: Gone Bad.” OpenView, 10 Nov. 2009. Web.

    Barry, Richard. “The Product Vision Canvas – a Strategic Tool in Developing a Successful Business.” Polymorph, 2019. Web.

    “Business Canvas – Business Models & Value Propositions.” Strategyzer, 2019. Web.

    “Business Model Canvas.” Wikipedia: The Free Encyclopedia, 4 Aug. 2019. Web.

    Charak, Dinker. “Idea to Product: The Working Model.” ThoughtWorks, 13 July 2017. Web.

    Charak, Dinker. “Product Management Canvas - Product in a Snapshot.” Dinker Charak, 29 May 2017. Web.

    Chudley, James. “Practical Steps in Determining Your Product Vision (Product Tank Bristol, Oct. 2018).” LinkedIn SlideShare. Uploaded by cxpartners, 2 Nov. 2018. Web.

    Cowan, Alex. “The 20 Minute Business Plan: Business Model Canvas Made Easy.” COWAN+, 2019. Web.

    Craig, Desiree. “So You've Decided To Become A Product Manager.” Start it up, Medium, 2 June 2019. Web.

    “Create an Aha! Business Model Canvas Strategic Model.” Aha! Support, 2019. Web.

    Eick, Stephen. “Does Code Decay? Assessing the Evidence from Change Management Data.” IEEE Transactions on Software Engineering, vol. 27, no. 1, Jan. 2001, pp. 1-12. Web.

    Eriksson, Martin. “The next Product Canvas.” Mind the Product, 22 Nov. 2013. Web.

    “Experience Canvas: a Lean Approach: Atlassian Team Playbook.” Atlassian, 2019. Web.

    Freeman, James. “How to Make a Product Canvas – Visualize Your Product Plan.” Edraw, 23 Dec. 2019. Web.

    Fuchs, Danny. “Measure What Matters: 5 Best Practices from Performance Management Leaders.” OpenGov, 8 Aug. 2018. Web.

    Gorisse, Willem. “A Practical Guide to the Product Canvas.” Mendix, 28 Mar. 2017. Web.

    Gothelf, Jeff. “The Lean UX Canvas.” Jeff Gothelf, 15 Dec. 2016. Web.

    Gottesdiener, Ellen. “Using the Product Canvas to Define Your Product: Getting Started.” EBG Consulting, 15 Jan. 2019. Web.

    Gottesdiener, Ellen. “Using the Product Canvas to Define Your Product's Core Requirements.” EBG Consulting, 4 Feb. 2019. Web.

    Gray, Mark Krishan. “Should I Use the Business Model Canvas or the Lean Canvas?” Blog, Medium.com, 2019. Web.

    Bibliography (Vision and Canvas)

    Hanby, Jeff. "Software Maintenance: Understanding and Estimating Costs." LookFar, 21 Oct. 2016. Web.

    “How do you define a product?” Scrum.org, 4 Apr 2017, Web

    Juncal, Shaun. “How to Build a Product Roadmap Based on a Business Model Canvas.” ProductPlan, 19 June 2019. Web.

    “Lean Canvas Intro - Uber Example.” YouTube, uploaded by Railsware Product Academy, 12 Oct. 2018. Web.

    “Lesson 6: Product Canvas.” ProdPad Help Center, 2019. Web.

    Lucero, Mario. “The Product Canvas.” Agilelucero.com, 22 June 2015. Web.

    Maurya, Ash. “Create a New Lean Canvas.” Canvanizer, 2019. Web.

    Maurya, Ash. “Don't Write a Business Plan. Create a Lean Canvas Instead.” LEANSTACK, 2019. Web.

    Maurya, Ash. “Why Lean Canvas vs Business Model Canvas?” Medium, 27 Feb. 2012. Web.

    Mirabelli, Vincent. “The Project Value Canvas.” Vincent Mirabelli, 2019. Web.

    Mishra, LN. “Business Analysis Canvas – The Ultimate Enterprise Architecture.” BA Times, 19 June 2019. Web.

    Muller. Jerry Z. “Why performance metrics isn’t always the best way to judge performance.” Fast Company, 3 April 2019. Web.

    Perri, Melissa. “What Is Good Product Strategy?” Melissa Perri, 14 July 2016. Web.

    Pichler, Roman. “A Product Canvas for Agile Product Management, Lean UX, Lean Startup.” Roman Pichler, 16 July 2012. Web.

    Pichler, Roman. “Introducing the Product Canvas.” JAXenter, 15 Jan. 2013. Web.

    Pichler, Roman. “Roman's Product Canvas: Introduction.” YouTube, uploaded by Roman Pichler, 3 Mar. 2017. Web.

    Pichler, Roman. “The Agile Vision Board: Vision and Product Strategy.” Roman Pichler, 10 May 2011. Web.

    Pichler, Roman. “The Product Canvas – Template.” Roman Pichler, 11 Oct. 2016. Web.

    Pichler, Roman. “The Product Canvas Tutorial V1.0.” LinkedIn SlideShare. Uploaded by Roman Pichler, 14 Feb. 2013. Web.

    Pichler, Roman. “The Product Vision Board: Introduction.” YouTube uploaded by Roman Pichler, 3 Mar. 2017. Web.

    “Product Canvas PowerPoint Template.” SlideModel, 2019. Web.

    Bibliography (Vision and Canvas)

    “Product Canvas.” SketchBubble, 2019, Web.

    “Product Canvas.” YouTube, uploaded by Wojciech Szramowski, 18 May 2016. Web.

    “Product Roadmap Software to Help You Plan, Visualize, and Share Your Product Roadmap.” Productboard, 2019. Web.

    Roggero, Giulio. “Product Canvas Step-by-Step.” LinkedIn SlideShare, uploaded by Giulio Roggero, 18 May 2013. Web.

    Royce, Dr. Winston W. “Managing the Development of Large Software Systems.” Scf.usc.edu, 1970. Web.

    Ryan, Dustin. “The Product Canvas.” Qdivision, Medium, 20 June 2017. Web.

    Snow, Darryl. “Product Vision Board.” Medium, 6 May 2017. Web.

    Stanislav, Shymansky. “Lean Canvas – a Tool Your Startup Needs Instead of a Business Plan.” Railsware, 12 Oct. 2018. Web.

    Stanislav, Shymansky. “Lean Canvas Examples of Multi-Billion Startups.” Railsware, 20 Feb. 2019. Web.

    “The Product Vision Canvas.” YouTube, Uploaded by Tom Miskin, 20 May 2019. Web.

    Tranter, Leon. “Agile Metrics: the Ultimate Guide.” Extreme Uncertainty, n.d. Web.

    “Using Business Model Canvas to Launch a Technology Startup or Improve Established Operating Model.” AltexSoft, 27 July 2018. Web.

    Veyrat, Pierre. “Lean Business Model Canvas: Examples + 3 Pillars + MVP + Agile.” HEFLO BPM, 10 Mar. 2017. Web.

    “What Are Software Metrics and How Can You Track Them?” Stackify, 16 Sept. 2017. Web

    “What Is a Product Vision?” Aha!, 2019. Web.

    Supporting Research

    Transformation topics and supporting Info-Tech research to make the journey easier, with less rework.

    Supporting research and services

    Improving IT alignment

    Build a Business-Aligned IT Strategy

    Success depends on IT initiatives clearly aligned to business goals, IT excellence, and driving technology innovation.

    Includes a "Strategy on a page" template

    Make Your IT Governance Adaptable

    Governance isn't optional, so keep it simple and make it flexible.

    Create an IT View of the Service Catalog

    Unlock the full value of your service catalog with technical components.

    Application Portfolio Management Foundations

    Ensure your application portfolio delivers the best possible return on investment.

    Supporting research and services

    Shifting toward Agile DevOps

    Agile/DevOps Resource Center

    Tools and advice you need to be successful with Agile.

    Develop Your Agile Approach for a Successful Transformation

    Understand Agile fundamentals, principles, and practices so you can apply them effectively in your organization.

    Implement DevOps Practices That Work

    Streamline business value delivery through the strategic adoption of DevOps practices.

    Perform an Agile Skills Assessment

    Being Agile isn't about processes, it's about people.

    Define the Role of Project Management in Agile and Product-Centric Delivery

    Projects and products are not mutually exclusive.

    Supporting research and services

    Shifting toward product management

    Make the Case for Product Delivery

    Align your organization on the practices to deliver what matters most.

    Deliver on Your Digital Product Vision

    Build a product vision your organization can take from strategy through execution.

    Deliver Digital Products at Scale

    Deliver value at the scale of your organization through defining enterprise product families.

    Build a Better Product Owner

    Strengthen the product owner's role in your organization by focusing on core capabilities and proper alignment.

    Supporting research and services

    Improving value and delivery metrics

    Build a Value Measurement Framework

    Focus product delivery on business value-driven outcomes.

    Create a Holistic IT Dashboard

    Mature your IT department by measuring what matters.

    Select and Use SDLC Metrics Effectively

    Be careful what you ask for because you will probably get it.

    Reduce Time to Consensus With an Accelerated Business Case

    Expand on the financial model to give your initiative momentum.

    Supporting research and services

    Improving governance, prioritization, and value

    Make Your IT Governance Adaptable

    Governance isn't optional, so keep it simple and make it flexible.

    Maximize Business Value from IT Through Benefits Realization

    Embed benefits realization into your governance process to prioritize IT spending and confirm the value of IT.

    Drive Digital Transformation With Platform Strategies

    Innovate and transform your business models with digital platforms.

    Succeed With Digital Strategy Execution

    Building a digital strategy is only half the battle: create a systematic roadmap of technology initiatives to execute the strategy and drive digital transformation.

    Build a Value Measurement Framework

    Focus product delivery on business value-driven outcomes.

    Create a Holistic IT Dashboard

    Mature your IT department by measuring what matters.

    Supporting research and services

    Improving requirements management and quality assurance

    Requirements Gathering for Small Enterprises

    Right-size the guidelines of your requirements gathering process.

    Improve Requirements Gathering

    Back to basics: great products are built on great requirements.

    Build a Software Quality Assurance Program

    Build quality into every step of your SDLC.

    Automate Testing to Get More Done

    Drive software delivery throughput and quality confidence by extending your automation test coverage.

    Manage Your Technical Debt

    Make the case to manage technical debt in terms of business impact.

    Create a Business Process Management Strategy

    Avoid project failure by keeping the "B" in BPM.

    Build a Winning Business Process Automation Playbook

    Optimize and automate your business processes with a user-centric approach.

    Create a Winning BPI Playbook

    Don't waste your time focusing on the "as is." Focus on the improvements and the "to be."

    Supporting research and services

    Improving release management

    Optimize Applications Release Management

    Build trust by right-sizing your process using appropriate governance.

    Streamline Application Maintenance

    Effective maintenance ensures the long-term value of your applications.

    Streamline Application Management

    Move beyond maintenance to ensure exceptional value from your apps.

    Optimize Change Management

    Right-size your change management process.

    Manage Your Technical Debt

    Make the case to manage technical debt in terms of business impact.

    Improve Application Development Throughput

    Drive down your delivery time by eliminating development inefficiencies and bottlenecks while maintaining high quality.

    Supporting research and services

    Business relationship management

    Embed Business Relationship Management

    Leverage knowledge of the business to become a strategic IT partner.

    Improving security

    Build an Information Security Strategy

    Create value by aligning your strategy to business goals and business risks.

    Develop and Deploy Security Policies

    Enhance your overall security posture with a defensible and prescriptive policy suite.

    Simplify Identity and Access Management

    Leverage risk- and role-based access control to quantify and simplify the IAM process.

    Supporting research and services

    Improving and supporting business-managed applications

    Embrace Business-Managed Applications

    Empower the business to implement their own applications with a trusted business-IT relationship.

    Enhance Your Solution Architecture Practices

    Ensure your software systems solution is architected to reflect stakeholders’ short-and long-term needs.

    Satisfy Digital End Users With Low- and No-Code

    Extend IT, automation, and digital capabilities to the business with the right tools, good governance, and trusted organizational relationships.

    Build Your First RPA Bot

    Support RPA delivery with strong collaboration and management foundations.

    Automate Work Faster and More Easily With Robotic Process Automation

    Embrace the symbiotic relationship between the human and digital workforce.

    Supporting research and services

    Improving business intelligence, analytics, and reporting

    Modernize Data Architecture for Measurable Business Results

    Enable the business to achieve operational excellence, client intimacy, and product leadership with an innovative, Agile, and fit-for-purpose data architecture practice.

    Build a Reporting and Analytics Strategy

    Deliver actionable business insights by creating a business-aligned reporting and analytics strategy.

    Build Your Data Quality Program

    Quality data drives quality business decisions.

    Design Data-as-a-Service

    Journey to the data marketplace ecosystems.

    Build a Robust and Comprehensive Data Strategy

    Key to building and fostering a data-driven culture.

    Build an Application Integration Strategy

    Level the table before assembling the application integration puzzle or risk losing pieces.

    Appendix

    Pulse survey results

    Pulse survey (N=18): What are the key components of product/service ownership?

    Pulse survey results: What are the key components of product/service ownership? Table shows answer options and responses in percentage.

    Pulse Survey (N=18): What are the key individual skills for a product/service owner?

    What are the key individual skills for a product/service owner? Table shows answer options and responses in percentage

    Other choices entered by respondents:

    • Anticipating client needs, being able to support delivery in all phases of the product lifecycle, adaptability, and ensuring a healthy backlog (at least two sprints’ worth of work).
    • Requirements elicitation and prioritization.
    • The key skill is being product-focused to ensure it provides value for competitive advantage.

    Pulse Survey (N=18): What are three things an outstanding product/service owner does that an average one doesn’t?

    What are three things an outstanding product/service owner does that an average one doesn't? Table shows results.

    Create a Post-Implementation Plan for Microsoft 365

    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: End-User Computing Applications
    • Parent Category Link: /end-user-computing-applications

    M365 projects are fraught with obstacles. Common mistakes organizations make include:

    • Not having a post-migration plan in place.
    • Treating user training as an afterthought.
    • Inadequate communication to end users.

    Our Advice

    Critical Insight

    There are three primary areas where organizations fail in a successful implementation of M365: training, adoption, and information governance. While it is not up to IT to ensure every user is well trained, it is their initial responsibility to find champions, SMEs, and business-based trainers and manage information governance from the backup, retention, and security aspects of data management.

    Impact and Result

    Migrating to M365 is a disruptive move for most organizations. It poses risk to untrained IT staff, including admins, help desk, and security teams. The aim for organizations, especially in this new hybrid workspace, is to maintain efficiencies through collaboration, share information in a secure environment, and work from anywhere, any time.

    Create a Post-Implementation Plan for Microsoft 365 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create a Post-Implementation Plan for Microsoft 365 Storyboard – A deck that guides you through the important considerations that will help you avoid common pitfalls and make the most of your investment.

    There are three primary goals when deploying Microsoft 365: productivity, security and compliance, and collaborative functionality. On top of these you need to meet the business KPIs and IT’s drive for adoption and usage. This research will guide you through the important considerations that are often overlooked as this powerful suite of tools is rolled out to the organization.

    [infographic]

    Further reading

    Create a Post-Implementation Plan for Microsoft 365

    You’ve deployed M365. Now what? Look at your business goals and match your M365 KPIs to meet those objectives.

    Analyst perspective

    You’ve deployed M365. Now what?

    John Donovan

    There are three primary objectives when deploying Microsoft 365: from a business perspective, the expectations are based on productivity; from an IT perspective, the expectations are based on IT efficiencies, security, and compliance; and from an organizational perspective, they are based on a digital employee experience and collaborative functionality.

    Of course, all these expectations are based on one primary objective, and that is user adoption of Teams, OneDrive, and SharePoint Online. A mass adoption, along with a high usage rate and a change in the way users work, is required for your investment in M365 to be considered successful.

    So, adoption is your first step, and that can be tracked and analyzed through analytics in M365 or other tools. But what else needs to be considered once you have released M365 on your organization? What about backup? What about security? What about sharing data outside your business? What about self-service? What about ongoing training? M365 is a powerful suite of tools, and taking advantage of all that it entails should be IT’s primary goal. How to accomplish that, efficiently and securely, is up to you!

    John Donovan
    Principal Research Director, I&O
    Info-Tech Research Group

    Insight summary

    Collaboration, efficiencies, and cost savings need to be earned

    Migrating to M365 is a disruptive move for most organizations. Additionally, it poses risk to untrained IT staff, including admins, help desk, and security teams. The aim for organizations, especially in this new hybrid workspace, is to maintain efficiencies through collaboration, share information in a secure environment, and work from anywhere, any time. However, organizations need to manage their licensing and storage costs and build this new way of working through post-deployment planning. By reducing their hardware and software footprint they can ensure they have earned these savings and efficiencies.

    Understand any shortcomings in M365 or pay the price

    Failing to understand any shortcomings M365 poses for your organization can ruin your chances at a successful implementation. Commonly overlooked expenses include backup and archiving, especially for regulated organizations; spending on risk mitigation through third-party tools for security; and paying a premium to Microsoft to use its Azure offerings with Microsoft Sentinel, Microsoft Defender, or any security add-on that comes at a price above your E5 license, which is expensive in itself.

    Spend time with users to understand how they will use M365

    Understanding business processes is key to anticipating how your end users will adopt M365. By spending time with the staff and understanding their day-to-day activities and interactions, you can build better training scenarios to suit their needs and help them understand how the apps in M365 can help them do their job. On top of this you need to meet the business KPIs and IT’s drive for adoption and usage. Encourage early adopters to become trainers and champions. Success will soon follow.

    Executive summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    M365 is a full suite of tools for collaboration, communication, and productivity, but organizations find the platform is not used to its full advantage and fail to get full value from their license subscription.

    Many users are unsure which tool to use when: Do you use Teams or Viva Engage, MS Project or Planner? When do you use SharePoint versus OneDrive?

    From an IT perspective, finding time to help users at the outset is difficult – it’s quite the task to set up governance, security, and backup. Yet training staff must be a priority if the implementation is to succeed.

    M365 projects are fraught with obstacles. Common mistakes organizations make include:

    • No post-migration plan in place.
    • User training is an afterthought.
    • Lack of communication to end users.
    • No C-suite promotion and sponsorship.
    • Absence of a vision and KPIs to meet that vision.

    To define your post-migration tasks and projects:

    • List all projects in a spreadsheet and rank them according to difficulty and impact.
    • Look for quick wins with easy tasks that have high impact and low difficulty.
    • Build a timeline to execute your plans and communicate clearly how these plans will impact the business and meet that vision.

    Failure to take meaningful action will not bode well for your M365 journey.

    Info-Tech Insight

    There are three primary areas where organizations fail in a successful implementation of M365: training, adoption, and information governance. While it is not up to IT to ensure every user is well trained, it is their initial responsibility to find champions, SMEs, and business-based trainers and to manage information governance from backup, retention, and security aspects of data management.

    Business priorities

    What priorities is IT focusing on with M365 adoption?

    What IT teams are saying

    • In a 2019 SoftwareONE survey, the biggest reason IT decision makers gave for adopting M365 was to achieve a “more collaborative working style.”
    • Organizations must plan and execute a strategy for mass adoption and training to ensure processes match business goals.
    • Cost savings can only be achieved through rightsizing license subscriptions, retiring legacy apps, and building efficiencies within the IT organization.
    • With increased mobility comes with increased cybersecurity risk. Make sure you take care of your security before prioritizing mobility. Multifactor authentication (MFA), conditional access (CA), and additional identity management will maintain a safe work-from-anywhere environment.

    Top IT reasons for adopting M365

    61% More collaborative working style

    54% Cost savings

    51% Improved cybersecurity

    49% Greater mobility

    Source: SoftwareONE, 2019; N=200 IT decision makers across multiple industries and organization sizes

    Define & organize post-implementation projects

    Key areas to success

    • Using Microsoft’s M365 adoption guide, we can prioritize and focus on solutions that will bring about better use of the M365 suite.
    • Most of your planning and prioritizing should be done before implementation. Many organizations, however, adopted M365 – and especially Teams, SharePoint Online, and OneDrive – in an ad hoc manner in response to the pandemic measures that forced users to work from home.
    • Use a Power BI Pro license to set up dashboards for M365 usage analytics. Install GitHub from AppSource and use the templates that will give you good insight and the ability to create business reports to show adoption and usage rates on the platform.
    • Reimagine your working behavior. Remember, you want to bring about a more collective and open framework for work. Take advantage of a champion SME to show the way. Every organization is different, so make sure your training is aligned to your business processes.
    The image contains a screenshot of the M365 post-implementation tasks.

    Process steps

    Define Vision

    Build Team

    Plan Projects

    Execute

    Define your vision and what your priorities are for M365. Understand how to reach your vision.

    Ensure you have an executive sponsor, develop champions, and build a team of SMEs.

    List all projects in a to-be scenario. Rank and prioritize projects to understand impact and difficulty.

    Build your roadmap, create timelines, and ensure you have enough resources and time to execute and deliver to the business.

    Info-Tech’s approach

    Use the out-of-the-box tools and take advantage of your subscription.

    The image contains a screenshot of the various tools and services Microsoft provides.

    Info-Tech Insight

    A clear understanding of the business purpose and processes, along with insight into the organizational culture, will help you align the right apps with the right tasks. This approach will bring about better adoption and collaboration and cancel out the shadow IT products we see in every business silo.

    Leverage built-in usage analytics

    Adoption of services in M365

    To give organizations insight into the adoption of services in M365, Microsoft provides built-in usage analytics in Power BI, with templates for visualization and custom reports. There are third-party tools out there, but why pay more? However, the template app is not free; you do need a Power BI Pro license.

    Usage Analytics pulls data from ActiveDirectory, including location, department, and organization, giving you deeper insight into how users are behaving. It can collect up to 12 months of data to analyze.

    Reports that can be created include Adoption, Usage, Communication, Collaboration (how OneDrive and SharePoint are being used), Storage (cloud storage for mailboxes, OneDrive, and SharePoint), and Mobility (which clients and devices are used to connect to Teams, email, Yammer, etc.).

    Source: Microsoft 365 usage analytics

    Understand admin roles

    Prevent intentional or unintentional internal breaches

    Admin Roles

    Best Practices

    • Global admin: Assign this role only to users who need the most access to management features and data across your tenant. Only global admins can modify an admin role.
    • Exchange admin: Assign this role to users who need to view and manage user mailboxes, M365 groups, and Exchange Online and handle Microsoft support requests.
    • Groups admin: These users can create, edit, delete, and restore M365 groups as well as create expiration and naming policies.
    • Helpdesk admin: These users can resets passwords, force user sign-out, manage Microsoft support requests, and monitor service health.
    • Teams/SharePoint Online admin: Assign these roles for users who manage the Teams and SharePoint Admin Center.
    • User admin: These users can assign licenses, add users and groups, manage user properties, and create and manage user views.

    Only assign two to four global admins, depending on the size of the organization. Too many admins increases security risk. In larger organizations, segment admin roles using role-based access control.

    Because admins have access to sensitive data, you’ll want to assign the least permissive role so they can access only the tools and data they need to do their job.

    Enable MFA for all admins except one break-glass account that is stored in the cloud and not synced. Ensure a complex password, stored securely, and use only in the event of an MFA outage.

    Due to the large number of admin roles available and the challenges that brings with it, Microsoft has a built-in tool to compare roles in the admin portal. This can help you determine which role should be used for specific tasks.

    Secure your M365 tenant

    A checklist to ensure basic security coverage post M365

    • Multifactor Authentication: MFA is part of your M365 tenant, so using it should be a practical identity security. If you want additional conditional access (CA), you will require an Azure AD (AAD) Premium P1+ license. This will ensure adequate identity security protecting the business.
    • Password Protection: Use the AAD portal to set this up under Security > Authentication Methods. Microsoft provides a list of over 2,000 known bad passwords and variants to block.
    • Legacy Authentication: Disable legacy protocols; check to see if your legacy apps/workflows/scripts use them in the AAD portal. Once identified, update them and turn the protocols off. Use CA policies.
    • Self-Service Password Reset: Enable self-service to lower the helpdesk load for password resets. Users will have to initially register and set security questions. Hybrid AD businesses must write back to AD from AAD once changes are made.
    • Security Defaults: For small businesses, turn on default settings. To enable additional security settings, such as break- glass accounts, go into Manage Security Defaults in your AAD properties.
    • Conditional Access (CA) Policies: Use CA policies if strong identity security and zero trust are required. To create policies in AAD go to Security > Conditional Access > New Policies.

    Identity Checklist

    • Enable MFA for Admins
    • Enable MFA for Users
    • Disable App Passwords
    • Configure Trusted IPs
    • Disable Text/Phone MFA
    • Remember MFA on Trusted Devices for 90 Days
    • Train Staff in Using MFA Correctly
    • Integrate Apps Into Azure AD

    Training guidelines

    Identify business scenarios and training adoption KPIs

    • Customize your training to meet your organizational goals, align with your business culture, and define how users will work inside the world of M365.
    • Create scenario templates that align to your current day-to-day operations in each department. These can be created by individual business unit champions.
    • Make sure you have covered must-have capabilities and services within M365 that need to be rolled out post-pilot.
    • Phase in large transitions rather than multiple small ones to ensure collaboration between departments meets business scenarios.
    • Ensure your success metrics are being measured and continue to communicate and train after deployment using tools available in M365. See Microsoft’s adoption guidelines and template for training.

    Determine your training needs and align with your business processes. Choose training modalities that will give users the best chance of success. Consider one or many training methods, such as:

    • Online training
    • In-person classroom
    • Business scenario use cases
    • Mentoring
    • Department champion/Early adopter
    • Weekly bulletin fun facts

    Don’t forget backup!

    Providing 99% uptime and availability is not enough

    Why is M365 backup so important?

    Accidental Data Deletion.

    If a user is deleted, that deletion gets replicated across the network. Backup can save you here by restoring that user.

    Internal and External Security Threats.

    Malicious internal deletion of data and external threats including viruses, ransomware, and malware can severely damage a business and its reputation. A clean backup can easily restore the business’ uninfected data.

    Legal and Compliance Requirements.

    While e-discovery and legal hold are available to retain sensitive data, a third-party backup solution can easily search and restore all data to meet regulatory requirements – without depending on someone to ensure a policy was set.

    Retention Policy Gaps.

    Retention policies are not a substitute for backup. While they can be used to retain or delete content, they are difficult to keep track of and manage. Backups offer greater latitude in retention and better security for that data.

    Retire your legacy apps to gain adoption

    Identify like for like and retire your legacy apps

    Legacy

    Microsoft 365

    SharePoint 2016/19

    SharePoint Online

    Microsoft Exchange Server

    Microsoft Exchange in Azure

    Skype for Business Server

    Teams

    Trello

    Planner 2022

    System Center Configuration Manager (SCCM)

    Endpoint Manager, Intune, Autopilot

    File servers

    OneDrive

    Access

    Power Apps

    To meet the objectives of cost reduction and rationalization, look at synergies that M365 brings to the table. Determine what you are currently using to meet collaboration, storage, and security needs and plan to use the equivalent in your Microsoft entitlement.

    Managing M365’s hidden costs

    Licenses and storage limits TCO

    • Email security. Ninety-one percent of all cyberattacks come from phishing on email. Microsoft Defender for M365 is a bolt-on, so it is an additional cost.
    • Backup. This will bring additional cost to M365. Plan to spend more to ensure data is backed up and stored.
    • Email archiving. Archiving is different than backup. See our research on the subject. Archiving is needed for compliance purposes. Email archiving solutions are available through third-party software, which is an added cost.
    • Email end-to-end encryption. This is a requirement for all organizations that are serious about security. The enterprise products from Microsoft come at an additional cost.
    • Cybersecurity training. IT needs to ramp up on training, another expense.
    • Microsoft 365 Power Platform Licencing. From low-code and no-code developer tools (Power Apps), workflow tools (Power Automate), and business intelligence (Power BI) – while the E5 license gives you Power BI Pro, there are limitations and costs. Power BI Pro has limitations for data volume, data refresh, and query response time, so your premium license comes at a considerably marked up cost.

    M365 is not standalone

    • While Microsoft 365 is a platform that is ”just good enough,” it is actually not good enough in today’s cyberthreat environment. Microsoft provides add-ons with Defender for 365, Purview, and Sentinel, which pose additional costs, just like a third-party solution would. See the Threat Intelligence & Incident Response research in our Security practice.
    • The lack of data archiving, backup, and encryption means additional costs that may not have been budgeted for at the outset. Microsoft provides 30-60-90-day recovery, but anything else is additional cost. For more information see Understand the Difference between Backups and Archiving.

    Compliance and regulations

    Security and compliance features out of the box

    There are plenty of preconfigured security features contained in M365, but what’s available to you depends on your license. For example, Microsoft Defender, which has many preset policies, is built-in for E5 licenses, but if you have E3 licenses Defender is an add-on.

    Three elements in security policies are profiles, policies, and policy settings.

    • Preset Profiles come in the shape of:
      • Standard – baseline protection for most users
      • Strict – aggressive protection for profiles that may be high-value targets
      • Built-in Protection – turned on by default; it is not recommended to make exceptions based on users, groups, or domains
    • Preset Security Policies
      • Exchange Online Protection Policies – anti-spam, -malware, and -phishing policies
      • Microsoft Defender Policies – safe links and safe attachments policies
    • Policy Settings
      • User impersonation protection for internal and external domains
      • Select priorities from strict, standard, custom, and built-in

    Info-Tech Insight

    Check your license entitlement before you start purchasing add-ons or third-party solutions. Security and compliance are not optional in today’s cybersecurity risk world. With many organizations offering hybrid and remote work arrangements and bring-your-own-device (BYOD) policies, it is necessary to protect your data at the tenant level. Defender for Microsoft 365 is a tool that can protect both your exchange and collaboration environments.

    More information: Microsoft 365 Defender

    Use Intune and Autopilot

    Meet the needs of your hybrid workforce

    • Using the tools available in M365 can help you develop your hybrid or remote work strategy.
    • This strategy will help you maintain security controls for mobile and BYOD.
    • Migrating to Intune and Autopilot will give rise to the opportunity to migrate off SCCM and further reduce your on-premises infrastructure.

    NOTE: You must have Azure AD Premium and Windows 10 V1703 or later as well as Intune or other MDM service to use Autopilot. There is a monthly usage fee based on volume of data transmitted. These fees can add up over time.

    For more details visit the following Microsoft Learn pages:

    Intune /Autopilot Overview

    The image contains a screenshot of the Intune/Autopilot Overview.

    Info-Tech’s research on zero-touch provisioning goes into more detail on Intune and Autopilot:
    Simplify Remote Deployment With Zero-Touch Provisioning

    M365 long-term strategies

    Manage your costs in an inflationary world

    • Recent inflation globally, whether caused by supply chain woes or political uncertainty, will impact IT and cloud services along with everything else. Be prepared to pay more for your existing services and budget accordingly.
    • Your long-term strategies must include ongoing cost management, data management, security risks, and license and storage costs.
    • Continually investigate efficiencies, overlaps, and new tools in M365 that can get the job done for the business. Use as many of the applications as you can to ensure you are getting the best bang for your buck.
    • Watch for upgrades in the M365 suite of tools. As Microsoft continues to improve and deliver on most business applications well after their first release, you may find that something that was previously inefficient could work in your environment today and replace a tool you currently use.

    Ongoing Activities You Need to Maintain

    • Be aware of increased license costs and higher storage costs.
    • Keep an eye on Teams sprawl.
    • Understand your total cost of ownership.
    • Continue to look at legacy apps and get rid of your infrastructure debt.

    Activity

    Build your own M365 post-migration plan

    1. Using slide 6 as your guideline, create your own project list using impact and difficulty as your weighting factors.
    2. Do this exercise as a whiteboard sticky note exercise to agree on impact and difficulty as a team.
    3. Identify easy wins that have high impact.
    4. Place the projects into a project plan with time lines.
    5. Agree on start and completion dates.
    6. Ensure you have the right resources to execute.

    The image contains a screenshot of the activity described in the above text.

    Related Info-Tech Research

    Govern Office 365

    • Office 365 is as difficult to wrangle as it is valuable. Leverage best practices to produce governance outcomes aligned with your goals.

    Drive Ongoing Adoption With an M365 Center of Excellence

    • Accelerate business processes change and get more value from your subscription by building and sharing, thanks to an effective center of excellence.

    Simplify Remote Deployment With Zero-Touch Provisioning

    • Adopt zero-touch provisioning to provide better services to your end users.
    • Save time and resources during device deployment while providing a high-quality experience to remote end users.

    Bibliography

    “5 Reasons Why Microsoft Office 365 Backup Is Important.” Apps 4Rent, Dec 2021, Accessed Oct 2022 .
    Chandrasekhar, Aishwarya. “Office 365 Migration Best Practices & Challenges 2022.” Saketa, 31 Mar 2022. Accessed Oct. 2022.
    Chronlund, Daniel. “The Fundamental Checklist – Secure your Microsoft 365 Tenant”. Daniel Chronlund Cloud Tech Blog,1 Feb 2019. Accessed 1 Oct 2022.
    Davies, Joe. “The Microsoft 365 Enterprise Deployment Guide.” Tech Community, Microsoft, 19 Sept 2018. Accessed 2 Oct 2022.
    Dillaway, Kevin. “I Upgraded to Microsoft 365 E5, Now What?!.” SpyGlassMTG, 10 Jan 2022. Accessed 4 Oct. 2022.
    Hartsel, Joe. “How to Make Your Office 365 Implementation Project a Success.” Centric, 20 Dec 2021. Accessed 2 Oct. 2022.
    Jha, Mohit. “The Ultimate Microsoft Office 365 Migration Checklist for Pre & Post Migration.” Office365 Tips.Org, 24 June 2022. Accessed Sept. 2022.
    Lang, John. “Why organizations don't realize the full value of Microsoft 365.“Business IT, 29 Nov 202I. Accessed 10 Oct 2022.
    Mason, Quinn. “How to increase Office 365 / Microsoft 365 user adoption.” Sharegate, 19 Sept 2019. Accessed 3 Oct 2022.
    McDermott, Matt. “6-Point Office 365 Post-Migration Checklist.” Spanning , 12 July 2019 . Accessed 4 Oct 2022.
    “Microsoft 365 usage analytics.” Microsoft 365, Microsoft, 25 Oct 2022. Web.
    Sharma, Megha. “Office 365 Pre & Post Migration Checklist.’” Kernel Data Recovery, 26 July 2022. Accessed 30 Sept. 2022.
    Sivertsen, Per. “How to avoid a failed M365 implementation? Infotechtion, 19 Dec 2021. Accessed 2 Oct. 2022.
    St. Hilaire, Dan. “Most Common Mistakes with Office 365 Deployment (and How to Avoid Them).“ KnowledgeWave, 4Mar 2019. Accessed Oct. 2022.
    “Under the Hood of Microsoft 365 and Office 365 Adoption.” SoftwareONE, 2019. Web.

    Essentials of Vendor Management for Small Business

    • Buy Link or Shortcode: {j2store}229|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • Each year, SMB IT organizations spend more money “outsourcing” tasks, activities, applications, functions, and other items.
    • Many SMBs lack the affordability of implementing a sophisticated vendor management initiative or office.
    • The increased spend and associated outsourcing leads to less control, and more risk for IT organizations. Managing this becomes a higher priority for IT, but many IT organizations are ill-equipped to do this proactively.

    Our Advice

    Critical Insight

    • Vendor management is not “plug and play” – each organization’s vendor management initiative (VMI) needs to fit its culture, environment, and goals. There are commonalities among vendor management initiatives, but the key is to adapt vendor management principles to fit your needs, not the other way around.
    • All vendors are not of equal importance to an organization. Internal resources are a scarce commodity and should be deployed so that they provide the best return on the organization’s investment. Classifying or segmenting your vendors allows you to focus your efforts on the most important vendors first, allowing your VMI to have the greatest impact possible.
    • Having a solid foundation is critical to the VMI’s ongoing success. Whether you will be creating a formal vendor management office or using vendor management techniques, tools, and templates “informally”, starting with the basics is essential. Make sure you understand why the VMI exists and what it hopes to achieve, what is in and out of scope for the VMI, what strengths the VMI can leverage and the obstacles it will have to address, and how it will work with other areas within your organization.

    Impact and Result

    • Build and implement a vendor management initiative tailored to your environment.
    • Create a solid foundation to sustain your vendor management initiative as it evolves and matures.
    • Leverage vendor management-specific tools and templates to manage vendors more proactively and improve communication.
    • Concentrate your vendor management resources on the right vendors.
    • Build a roadmap and project plan for your vendor management journey to ensure you reach your destination.
    • Build collaborative relationships with critical vendors.

    Essentials of Vendor Management for Small Business Research & Tools

    Start here – read the Executive Brief

    Read this Executive Brief to understand how changes in the vendor landscape and customer reliance on vendors have made a vendor management initiative indispensible.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Plan

    This phase helps you organize your VMI and document internal processes, relationships, roles, and responsibilities. The main outcomes from this phase are organizational documents, a baseline VMI maturity level, and a desired future state for the VMI.

    • Essentials of Vendor Management for Small Business – Phase 1: Plan
    • Phase 1 Small Business Tools and Templates Compendium

    2. Build

    This phase helps you configure and create the tools and templates that will help you run the VMI. The main outcomes from this phase are a clear understanding of which vendors are important to you, the tools to manage the vendor relationships, and an implementation plan.

    • Essentials of Vendor Management for Small Business – Phase 2: Build
    • Phase 2 Small Business Vendor Classification Tool
    • Phase 2 Small Business Risk Assessment Tool
    • Phase 2 Small Business Tools and Templates Compendium

    3. Run

    This phase helps you begin operating the VMI. The main outcomes from this phase are guidance and the steps required to implement your VMI.

    • Essentials of Vendor Management for Small Business – Phase 3: Run

    4. Review

    This phase helps the VMI identify what it should stop doing, start doing, and continue doing as it improves and matures. The main outcomes from this phase are ways to advance the VMI and maintain internal alignment.

    • Essentials of Vendor Management for Small Business – Phase 4: Review
    [infographic]

    Further reading

    Essentials of Vendor Management for Small Business

    Create and implement a vendor management framework to begin obtaining measurable results in 90 days.


    EXECUTIVE BRIEF

    Analyst Perspective

    Vendor Management Challenge

    Small businesses are often challenged by the growth and complexity of their vendor ecosystem, including the degree to which the vendors control them. Vendors are increasing, obtaining more and more budget dollars, while funding for staff or headcount is decreasing as a result of cloud-based applications and an increase in our reliance on Managed Service Providers. Initiating a vendor management initiative (VMI) vs. creating a fully staffed vendor management office will get you started on the path of proactively controlling your vendors instead of consistently operating in a reactionary mode. This blueprint is designed with that very thought: to assist small businesses in creating the essentials of a vendor management initiative.

    This is a picture of Steve Jeffery

    Steve Jeffery
    Principal Research Director, Vendor Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Each year, IT organizations "outsource" tasks, activities, functions, and other items. During 2021:

    • Spend on as-a-service providers increased 38% over 2020.*
    • Spend on managed service providers increased 16% over 2020.*
    • IT service providers increased their merger and acquisition numbers by 47% over 2020.*

    This leads to more spend, less control, and more risk for IT organizations. Managing this becomes a higher priority for IT, but many IT organizations are ill-equipped to do this proactively.

    Common Obstacles

    As new contracts are negotiated and existing contracts are renegotiated or renewed, there is a perception that the contracts will yield certain results, output, performance, solutions, or outcomes. The hope is that these will provide a measurable expected value to IT and the organization. Oftentimes, much of the expected value is never realized. Many organizations don't have a VMI to help:

    • Ensure at least the expected value is achieved.
    • Improve on the expected value through performance management.
    • Significantly increase the expected value through a proactive VMI.

    Info-Tech's Approach

    Vendor Management is a proactive, cross-functional lifecycle. It can be broken down into four phases:

    • Plan
    • Build
    • Run
    • Review

    The Info-Tech process addresses all four phases and provides a step-by-step approach to configure and operate your VMI. The content in this blueprint helps you quickly establish your VMI and sets a solid foundation for its growth and maturity.

    Info-Tech Insight

    Vendor management is not a one-size-fits-all initiative. It must be configured:

    • For your environment, culture, and goals.
    • To leverage the strengths of your organization and personnel.
    • To focus your energy and resources on your critical vendors.

    Executive Summary

    Your challenge

    Spend on managed service providers and as-a-service providers continues to increase. In addition, IT services vendors continue to be active in the mergers and acquisitions arena. This increases the need for a VMI to help with the changing IT vendor landscape.

    38%

    2021

    16%

    2021

    47%

    2021

    Spend on as-a-service providers

    Spend on managed services providers

    IT services merger & acquisition growth (transactions)

    Source: Information Services Group, Inc., 2022.

    Executive Summary

    Common obstacles

    When organizations execute, renew, or renegotiate a contract, there is an "expected value" associated with that contract. Without a robust VMI, most of the expected value will never be realized. With a robust VMI, the realized value significantly exceeds the expected value during the contract term.

    A contract's realized value with and without a vendor management initiative

    This is an image of a bar graph showing the difference in value between those with and without a VMI, with and for those with a VMI, with Vendor Collaboration and with Vendor Performance Management. The data for those with a VMI have substantially more value.

    Source: Based on findings from Geller & Company, 2003.

    Executive Summary

    Info-Tech's approach

    A sound, cyclical approach to vendor management will help you create a VMI that meets your needs and stays in alignment with your organization as they both change (i.e. mature and grow).

    This is an image of the 4 Step Vendor Management Process. The four steps are: 1. Plan; 2. Build; 3. Run; 4. Review.

    Info-Tech's methodology for creating and operating your vmi

    Phase 1 - Plan Phase 2 - Build Phase 3 - Run Phase 4 - Review
    Phase Steps

    1.1 Mission Statement and Goals

    1.2 Scope

    1.3 Strengths and Obstacles

    1.4 Roles and Responsibilities

    2.1 Classification Model

    2.2 Risk Assessment Tool

    2.3 Scorecards and Feedback

    2.4 Business Alignment Meeting Agenda

    2.5 Relationship Alignment Document

    2.6 Vendor Orientation

    2.7 3-Year Roadmap

    2.8 90-Day Plan

    2.9 Quick Wins2.10 Reports

    3.1 Classify Vendors

    3.2 Compile Scorecards

    3.3 Conduct Business Alignment Meetings

    3.4 Work the 90-Day Plan

    3.5 Manage the 3-Year Roadmap

    3.6 Develop/Improve Vendor Relationships

    4.1 Incorporate Leading Practices

    4.2 Leverage Lessons Learned

    4.3 Maintain Internal Alignment

    Phase Outcomes This phase helps you organize your VMI and document internal processes, relationships, roles, and responsibilities. The main outcomes from this phase are organizational documents, a baseline VMI maturity level, and a desired future state for the VMI. This phase helps you configure and create the tools and templates that will help you run the VMI. The main outcomes from this phase are a clear understanding of which vendors are important to you, the tools to manage the vendor relationships, and an implementation plan. This phase helps you begin operating the VMI. The main outcomes from this phase are guidance and the steps required to implement your VMI. This phase helps the VMI identify what it should stop doing, start doing, and continue doing as it improves and matures. The main outcomes from this phase are ways to advance the VMI and maintain internal alignment.

    Insight Summary

    Insight 1

    Vendor management is not "plug and play" – each organization's vendor management initiative (VMI) needs to fit its culture, environment, and goals. While there are commonalities and leading practices associated with vendor management, your initiative won't look exactly like another organization's. The key is to adapt vendor management principles to fit your needs.

    Insight 2

    All vendors are not of equal importance to your organization. Internal resources are a scarce commodity and should be deployed so that they provide the best return on the organization's investment. Classifying or segmenting your vendors allows you to focus your efforts on the most important vendors first, allowing your VMI to have the greatest impact possible.

    Insight 3

    Having a solid foundation is critical to the VMI's ongoing success. Whether you will be creating a formal vendor management office or using vendor management techniques, tools, and templates "informally", starting with the basics is essential. Make sure you understand why the VMI exists and what it hopes to achieve, what is in and out of scope for the VMI, what strengths the VMI can leverage and the obstacles it will have to address, and how it will work with other areas within your organization.

    Blueprint benefits

    IT benefits

    • Identify and manage risk proactively.
    • Reduce costs and maximize value.
    • Increase visibility with your critical vendors.
    • Improve vendor performance.
    • Create a collaborative environment with key vendors.
    • Segment vendors to allocate resources more effectively and more efficiently.

    Business benefits

    • Improve vendor accountability.
    • Increase collaboration between departments.
    • Improve working relationships with your vendors.
    • Create a feedback loop to address vendor/customer issues before they get out of hand or are more costly to resolve.
    • Increase access to meaningful data and information regarding important vendors.

    Phase 1 - Plan

    Phase 1

    Phase 2 Phase 3 Phase 4

    1.1 Mission Statement and Goals

    1.2 Scope

    1.3 Strengths and Obstacles

    1.4 Roles and Responsibilities

    2.1 Classification Model

    2.2 Risk Assessment Tool

    2.3 Scorecards and Feedback

    2.4 Business Alignment Meeting Agenda

    2.5 Relationship Alignment Document

    2.6 Vendor Orientation

    2.7 3-Year Roadmap

    2.8 90-Day Plan

    2.9 Quick Wins

    2.10 Reports

    3.1 Classify Vendors

    3.2 Compile Scorecards

    3.3 Conduct Business Alignment Meetings

    3.4 Work the 90-Day Plan

    3.5 Manage the 3-Year Roadmap

    3.6 Develop/Improve Vendor Relationships

    4.1 Incorporate Leading Practices

    4.2 Leverage Lessons Learned

    4.3 Maintain Internal Alignment

    This phase will walk you through the following activity:

    • Organizing your VMI and document internal processes, relationships, roles, and responsibilities. The main outcomes from this phase are organizational documents, and a desired future state for the VMI.

    This phase involves the following participants:

    • VMI team
    • Applicable stakeholders and executives
    • Procurement/Sourcing
    • IT
    • Others as needed

    Vendor Management Initiative Basics for the Small/Medium Businesses

    Phase 1 – Plan

    Get Organized

    Phase 1 – Plan focuses on getting organized. Foundational elements (Mission Statement, Goals, Scope, Strengths and Obstacles, Roles and Responsibilities, and Process Mapping) will help you define your VMI. These and the other elements of this Phase will follow you throughout the process of starting up your VMI and running it.

    Spending time up front to ensure that everyone is on the same page will help avoid headaches down the road. The tendency is to skimp (or even skip) on these steps to get to "the good stuff." To a certain extent, the process provided here is like building a house. You wouldn't start building your dream home without having a solid blueprint. The same is true with vendor management. Leveraging vendor management tools and techniques without the proper foundation may provide some benefit in the short term, but in the long term it will ultimately be a house of cards waiting to collapse.

    Step 1.1 – Mission statement and goals

    Identify why the VMI exists and what it will achieve

    Whether you are starting your vendor management journey or are already down the path, it is important to know why the vendor management initiative exists and what it hopes to achieve. The easiest way to document this is with a written declaration in the form of a Mission Statement and Goals. Although this is the easiest way to proceed, it is far from easy.

    The Mission Statement should identify at a high level the nature of the services provided by the VMI, who it will serve, and some of the expected outcomes or achievements. The Mission Statement should be no longer than one or two sentences.

    The complement to the Mission Statement is the list of goals for the VMI. Your goals should not be a reassertion of your Mission Statement in bullet format. At this stage it may not be possible to make them SMART (Specific, Measurable, Achievable/Attainable, Relevant, Time-Bound/Time-Based), but consider making them as SMART as possible. Without some of the SMART parameters attached, your goals are more like dreams and wishes. At a minimum, you should be able to determine the level of success achieved for each of the VMI goals.

    Although the VMI's Mission Statement will stay static over time (other than for significant changes to the VMI or organization as a whole), the goals should be reevaluated periodically using a SMART filter, and adjusted as needed.

    1.1.1 – Mission statement and goals

    20 – 40 Minutes

    1. Meet with the participants and use a brainstorming activity to list, on a whiteboard or flip chart, the reasons why the VMI will exist.
    2. Review external mission statements for inspiration.
    3. Review internal mission statements from other areas to ensure consistency.
    4. Draft and document your Mission Statement in the Phase 1 Tools and Templates Compendium – Tab 1.1 Mission Statement and Goals.
    5. Continue brainstorming and identify the high-level goals for the VMI.
    6. Review the list of goals and make them as SMART (Specific, Measurable, Achievable/Attainable, Relevant, Time-Bound/Time-Based) as possible.
    7. Document your goals in the Phase 1 Tools and Templates Compendium– Tab 1.1 Mission Statement and Goals.
    8. Obtain signoff on the Mission Statement and goals from stakeholders and executives as required.

    Input

    • Brainstorming results
    • Mission statements from other internal and external sources

    Output

    • Completed Mission Statement and Goals

    Materials

    • Whiteboard/Flip Charts
    • Phase 1 Tools and Templates Compendium – Tab 1.1 Mission Statement and Goals

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Download the Info-Tech Phase 1 Tools and Templates Compendium

    Step 1.2 – Scope

    Determine what is in scope and out of scope for the VMI

    Regardless of where your VMI resides or how it operates, it will be working with other areas within your organization. Some of the activities performed by the VMI will be new and not currently handled by other groups or individuals internally; at the same time, some of the activities performed by the VMI may be currently handled by other groups or individuals internally. In addition, executives, stakeholders, and other internal personnel may have expectations or make assumptions about the VMI. As a result, there can be a lot of confusion about what the VMI does and doesn't do, and the answers cannot always be found in the VMI's Mission Statement and Goals.

    One component of helping others understand the VMI landscape is formalizing the VMI Scope. The Scope will define boundaries for the VMI. The intent is not to fence itself off and keep others out but provide guidance on where the VMI's territory begins and ends. Ultimately, this will help clarify the VMI's roles and responsibilities, improve workflow, and reduce errant assumptions.

    When drafting your VMI scoping document, make sure you look at both sides of the equation (similar to what you would do when following best practices for a statement of work). Identify what is in scope and what is out of scope. Be specific when describing the individual components of the VMI Scope, and make sure executives and stakeholders are onboard with the final version.

    1.2.1 – Scope

    20 - 40 Minutes

    1. Meet with the participants and use a brainstorming activity to list, on a whiteboard or flip chart, the activities and functions in scope and out of scope for the VMI.
      1. Be specific to avoid ambiguity and improve clarity.
      2. Go back and forth between in scope and out of scope as needed; it is not necessary to list all the in-scope items and then turn your attention to the out-of-scope items.
    2. Review the lists to make sure there is enough specificity. An item may be in scope or out of scope, but not both.
    3. Use the Phase 1 Tools and Templates Compendium – Tab 1.2 Scope to document the results.
    4. Obtain signoff on the Scope from stakeholders and executives as required.

    Input

    • Brainstorming results
    • Mission Statement and Goals

    Output

    • Completed list of items in and out of scope for the VMI

    Materials

    • Whiteboard/Flip Charts
    • Phase 1 Tools and Templates Compendium – Tab 1.2 Scope

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Download the Info-Tech Phase 1 Tools and Templates Compendium

    Step 1.3 – Strengths and obstacles

    Pinpoint the VMI's strengths and obstacles

    A SWOT analysis (strengths, weaknesses, opportunities, and threats) is a valuable tool, but it is overkill for your VMI at this point. However, using a modified and simplified form of this tool (strengths and obstacles) will yield significant results and benefit the VMI as it grows and matures.

    Your output will be two lists: the strengths associated with the VMI and the obstacles the VMI is facing. For example, strengths could include items such as smart people working within the VMI and executive support. Obstacles could include items such as limited headcount and training required for VMI staff.

    The goals are 1) to harness the strengths to help the VMI be successful and 2) to understand the impact of the obstacles and plan accordingly. The output can also be used to enlighten executives and stakeholders about the challenges associated with their directives or requests (e.g. human bandwidth may not be sufficient to accomplish some of the vendor management activities and there is a moratorium on hiring until the next budget year).

    For each strength identified, determine how you will or can leverage it when things are going well or when the VMI is in a bind. For each obstacle, list the potential impact on the VMI (e.g. scope, growth rate, and number of vendors that can actively be part of the VMI).

    As you do your brainstorming, be as specific as possible and validate your lists with stakeholders and executives as needed.

    1.3.1 – Strengths and obstacles

    20 - 40 Minutes

    Meet with the participants and use a brainstorming activity to list, on a whiteboard or flip chart, the VMI's strengths and obstacles.

    Be specific to avoid ambiguity and improve clarity.

    Go back and forth between strengths and obstacles as needed; it is not necessary to list all the strengths first and then all the obstacles.

    It is possible for an item to be a strength and an obstacle; when this happens, add details to distinguish the situations.

    Review the lists to make sure there is enough specificity.

    Determine how you will leverage each strength and how you will manage each obstacle.

    Use the Phase 1 Tools and Templates Compendium – Tab 1.3 Strengths and Obstacles to document the results.

    Obtain signoff on the strengths and obstacles from stakeholders and executives as required.

    Input

    • Brainstorming
    • Mission Statement and Goals
    • Scope

    Output

    • Completed list of items impacting the VMI's ability to be successful: strengths the VMI can leverage and obstacles the VMI must manage

    Materials

    • Whiteboard/Flip Charts
    • Phase 1 Tools and Templates Compendium – Tab 1.3 Strengths and Obstacles

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Download the Info-Tech Phase 1 Tools and Templates Compendium

    Step 1.4 – Roles and responsibilities

    Obtain consensus on who is responsible for what

    One crucial success factor for VMIs is gaining and maintaining internal alignment. There are many moving parts to an organization, and a VMI must be clear on the various roles and responsibilities related to the relevant processes. Some of this information can be found in the VMI's Scope referenced in Step 1.2, but additional information is required to avoid stepping on each other's toes; many of the processes require internal departments to work together. (For example, obtaining requirements for a request for proposal takes more than one person or department). While it is not necessary to get too granular, it is imperative that you have a clear understanding of how the VMI activities will fit within the larger vendor management lifecycle (which is comprised of many sub processes) and who will be doing what.

    As we have learned through our workshops and guided implementations, a traditional RACI* or RASCI* Chart does not work well for this purpose. These charts are not intuitive, and they lack the specificity required to be effective. For vendor management purposes, a higher-level view and a slightly different approach provide much better results.

    This step will lead your through the creation of an OIC* Chart to determine vendor management lifecycle roles and responsibilities. Afterward, you'll be able to say, "Oh, I see clearly who is involved in each part of the process and what their role is."

    *RACI – Responsible, Accountable, Consulted, Informed

    *RASCI – Responsible, Accountable, Support, Consulted, Informed

    *OIC – Owner, Informed, Contributor

    This is an image of a table, where the row headings are: Role 1-5, and the Column Headings are: Step 1-5.

    Step 1.4 – Roles and responsibilities (cont'd)

    Obtain consensus on who is responsible for what

    To start, define the vendor management lifecycle steps or process applicable to your VMI. Next, determine who participates in the vendor management lifecycle. There is no need to get too granular – think along the lines of departments, subdepartments, divisions, agencies, or however you categorize internal operational units. Avoid naming individuals other than by title; this typically happens when a person oversees a large group (e.g. the CIO [chief information officer] or the CPO [chief procurement officer]). Be thorough, but don't let the chart get out of hand. For each role and step of the lifecycle, ask whether the entry is necessary; does it add value to the clarity of understanding the responsibilities associated with the vendor management lifecycle? Consider two examples, one for roles and one for lifecycle steps. 1) Is IT sufficient or do you need IT Operations and IT Development? 2) Is "negotiate contract documents" sufficient or do you need negotiate the contract and negotiate the renewal? The answer will depend on your culture and environment but be wary of creating a spreadsheet that requires an 85-inch monitor to view it.

    After defining the roles (departments, divisions, agencies) and the vendor management lifecycle steps or process, assign one of three letters to each box in your chart:

    • O – Owner – who owns the process; they may also contribute to it.
    • I – Informed – who is informed about the progress or results of the process.
    • C – Contributor – who contributes or works on the process; it can be tangible or intangible contributions.

    This activity can be started by the VMI or done as a group with representatives from each of the named roles. If the VMI starts the activity, the resulting chart should be validated by the each of the named roles.

    1.4.1 – Roles and responsibilities

    1 – 6 hours

    1. Meet with the participants and configure the OIC Chart in the Phase 1 Tools and Templates Compendium – Tab 1.4 OIC Chart.
      1. Review the steps or activities across the top of the chart and modify as needed.
      2. Review the roles listed along the left side of the chart and modify as needed.
    2. For each activity or step across the top of the chart, assign each role a letter – O for owner of that activity or step, I for informed, or C for contributor. Use only one letter per cell.
    3. Work your way across the chart. Every cell should have an entry or be left blank if it is not applicable.
    4. Review the results and validate that every activity or step has an O assigned to it; there must be an owner for every activity or step.
    5. Obtain signoff on the OIC Chart from stakeholders and executives as required.

    Input

    • A list of activities or steps to complete a project starting with requirements gathering and ending with ongoing risk management.
    • A list of internal areas (departments, divisions, agencies, etc.) and stakeholders that contribute to completing a project.

    Output

    • Completed OCI chart indicating roles and responsibilities for the VMI and other internal areas.

    Materials

    • Phase 1 Tools and Templates Compendium – Tab 1.4 OIC Chart

    Participants

    • VMI team
    • Procurement/Sourcing
    • IT
    • Representatives from other areas as needed
    • Applicable stakeholders and executives (as needed)

    Download the Info-Tech Phase 1 Tools and Templates Compendium

    Phase 2 - Build

    Create and configure tools, templates, and processes

    Phase 1

    Phase 2Phase 3Phase 4

    1.1 Mission Statement and Goals

    1.2 Scope

    1.3 Strengths and Obstacles

    1.4 Roles and Responsibilities

    2.1 Classification Model

    2.2 Risk Assessment Tool

    2.3 Scorecards and Feedback

    2.4 Business Alignment Meeting Agenda

    2.5 Relationship Alignment Document

    2.6 Vendor Orientation

    2.7 3-Year Roadmap

    2.8 90-Day Plan

    2.9 Quick Wins

    2.10 Reports

    3.1 Classify Vendors

    3.2 Compile Scorecards

    3.3 Conduct Business Alignment Meetings

    3.4 Work the 90-Day Plan

    3.5 Manage the 3-Year Roadmap

    3.6 Develop/Improve Vendor Relationships

    4.1 Incorporate Leading Practices

    4.2 Leverage Lessons Learned

    4.3 Maintain Internal Alignment

    This phase will walk you through the following activities:

    • Configuring and creating the tools and templates that will help you run the VMI. The main outcomes from this phase are a clear understanding of which vendors are important to you, the tools to manage the vendor relationships, and an implementation plan.

    This phase involves the following participants:

    • VMI team
    • Applicable stakeholders and executives
    • Human Resources
    • Legal
    • Others as needed

    Vendor Management Initiative Basics for the Small/Medium Businesses

    Phase 2 – Build

    Create and configure tools, templates, and processes

    Phase 2 – Build focuses on creating and configuring the tools and templates that will help you run your VMI. Vendor management is not a plug and play environment, and unless noted otherwise, the tools and templates included with this blueprint require your input and thought. The tools and templates must work in concert with your culture, values, and goals. That will require teamwork, insights, contemplation, and deliberation.

    During this Phase you'll leverage the various templates and tools included with this blueprint and adapt them for your specific needs and use. In some instances, you'll be starting with mostly a blank slate; while in others, only a small modification may be required to make it fit your circumstances. However, it is possible that a document or spreadsheet may need heavy customization to fit your situation. As you create your VMI, use the included materials for inspiration and guidance purposes rather than as absolute dictates.

    Step 2.1 – Classification model

    Configure the COST vendor classification tool

    One of the functions of a VMI is to allocate the appropriate level of vendor management resources to each vendor since not all vendors are of equal importance to your organization. While some people may be able intuitively to sort their vendors into vendor management categories, a more objective, consistent, and reliable model works best. Info-Tech's COST model helps you assign your vendors to the appropriate vendor management category so that you can focus your vendor management resources where they will do the most good.

    COST is an acronym for Commodity, Operational, Strategic, and Tactical. Your vendors will occupy one of these vendor management categories, and each category helps you determine the nature of the resources allocated to that vendor, the characteristics of the relationship desired by the VMI, and the governance level used.

    The easiest way to think of the COST model is as a 2 x 2 matrix or graph. The model should be configured for your environment so that the criteria used for determining a vendor's classification align with what is important to you and your organization. However, at this point in your VMI's maturation, a simple approach works best. The Classification Model included with this blueprint requires minimal configuration to get your started, and that is discussed on the activity slide associated with this Step 2.1.

    This is an image of the COST Vendor Classification Tool.

    Step 2.1 – Classification model (cont'd)

    Configure the COST vendor classification tool

    Common characteristics by vendor management category

    Operational

    Strategic
    • Low to moderate risk and criticality; moderate to high spend and switching costs
    • Product or service used by more than one area
    • Price is a key negotiation point
    • Product or service is valued by the organization
    • Quality or the perception of quality is a differentiator (i.e. brand awareness)
    • Moderate to high risk and criticality; moderate to high spend and switching costs
    • Few competitors and differentiated products and services
    • Product or service significantly advances the organization's vision, mission, and success
    • Well-established in their core industry

    Commodity

    Tactical
    • Low risk and criticality; low spend and switching costs
    • Product or service is readily available from many sources
    • Market has many competitors and options
    • Relationship is transactional
    • Price is the main differentiator
    • Moderate to high risk and criticality; low to moderate spend and switching costs
    • Vendor offerings align with or support one or more strategic objectives
    • Often IT vendors "outside" of IT (i.e. controlled and paid for by other areas)
    • Often niche or new vendors

    Source: Compiled in part from Guth, Stephen. "Vendor Relationship Management Getting What You Paid for (And More)." 2015.

    2.1.1 – Classification model

    15 – 30 Minutes

    1. Meet with the participants to configure the spend ranges in Phase 2 Vendor Classification Tool – Tab 1. Configuration for your environment.
    2. Collect your vendors and their annual spend to sort by largest to lowest.
    3. Update cells F14-J14 in the Classification Model based on your actual data.
      1. Cell F14 – Set the boundary at a point between the spend for your 10th and 11th ranked vendors. For example, if the 10th vendor by spend is $1,009, 850 and the 11th vendor by spend is $980,763, the range for F14 would be $1,000,00+.
      2. Cell G14 – Set the bottom of the range at a point between the spend for your 30th and 31st ranked vendors; the top of the range will be $1 less than the bottom of the range specified in F14.
      3. Cell H14 – Set the bottom of the range slightly below the spend for your 50th ranked vendor; the top of the range will be $1 less than the bottom of the range specified in G14.
      4. Cells I14 and J14 – Divide the remaining range in half and split it between the two cells; for J14 the range will be $0 to $1 less than the bottom range in I14.
    4. Ignore the other variables at this time.

    Input

    • Phase 1 List of Vendors by Annual Spend

    Output

    • Configured Vendor Classification Tool

    Materials

    • Phase 2 Vendor Classification Tool – Tab 1. Configuration

    Participants

    • VMI team

    Download the Info-Tech Phase 2 Vendor Classification Tool

    Step 2.2 – Risk assessment tool

    Identify risks to measure, monitor, and report on

    One of the typical drivers of a VMI is risk management. Organizations want to get a better handle on the various risks their vendors pose. Vendor risks originate from many areas: financial, performance, security, legal, and others. However, security risk is the high-profile risk, and the one organizations often focus on almost exclusively, which leaves the organization vulnerable in other areas.

    Risk management is a program, not a project; there is no completion date. A proactive approach works best and requires continual monitoring, identification, and assessment. Reacting to risks after they occur can be costly and have other detrimental effects on the organization. Any risk that adversely affects IT will adversely affect the entire organization.

    While the VMI won't necessarily be quantifying or calculating the risk directly, it generally is the aggregator of risk information across the risk categories, which it then includes in its reporting function (see Steps 2.12 and 3.8).

    At a minimum, your risk management strategy should involve:

    • Identifying the risks you want to measure and monitor.
    • Identifying your risk appetite (the amount of risk you are willing to live with).
    • Measuring, monitoring, and reporting on the applicable risks.
    • Developing and deploying a risk management plan to minimize potential risk impact.

    Vendor risk is a fact of life, but you do have options for how to handle it. Be proactive and thoughtful in your approach, and focus your resources on what is important.

    2.2.1 – Risk assessment tool

    30 - 90 Minutes

    1. Meet with the participants to configure the risk indicators in Phase 2 Vendor Risk Assessment Tool – Tab 1. Set parameters for your environment.
    2. Review the risk categories and determine which ones you will be measuring and monitoring.
    3. Review the risk indicators under each risk category and determine whether the indicator is acceptable as written, is acceptable with modifications, should be replaced, or should be deleted.
    4. Make the necessary changes to the risk indicators; these changes will cascade to each of the vendor tabs. Limit the number of risk indicators to no more than seven per risk category.
    5. Gain input and approval as needed from sponsors, stakeholders, and executives as required.

    Input

    • Scope
    • OIC Chart
    • Process Maps
    • Brainstorming

    Output

    • Configured Vendor Risk Assessment Tool

    Materials

    • Phase 2 Vendor Risk Assessment Tool – Tab 1. Set Parameters

    Participants

    • VMI team

    Download the Info-Tech Phase 2 Vendor Classification Tool

    Step 2.3 – Scorecards and feedback

    Design a two-way feedback loop with your vendors

    A vendor management scorecard is a great tool for measuring, monitoring, and improving relationship alignment. In addition, it is perfect for improving communication between you and the vendor.

    Conceptually, a scorecard is similar to a school report card. At the end of a learning cycle, you receive feedback on how well you do in each of your classes. For vendor management, the scorecard is also used to provide periodic feedback, but there are some nuances and additional benefits and objectives when compared to a report card.

    Although scorecards can be used in a variety of ways, the focus here will be on vendor management scorecards – contract management, project management, and other types of scorecards will not be included in the materials covered in this Step 2.3 or in Step 3.4.

    This image contains a table with the score for objectives A-D. The scores are: A4, B3, C5, D4.

    Step 2.3 – Scorecards and feedback (cont'd)

    Design a two-way feedback loop with your vendors

    Anatomy

    The Info-Tech scorecard includes five areas:

    • Measurement categories. Measurement categories help organize the scorecard. Limit the number of measurement categories to three to five; this allows the parties to stay focused on what's important. Too many measurement categories make it difficult for the vendor to understand the expectations.
    • Criteria. The criteria describe what is being measured. Create criteria with sufficient detail to allow the reviewers to fully understand what is being measured and to evaluate it. Criteria can be objective or subjective. Use three to five criteria per measurement category.
    • Measurement category weights. Not all your measurement categories may be of equal importance to you; this area allows you to give greater weight to a measurement category when compiling the overall score.
    • Rating. Reviewers will be asked to assign a score to each criteria using a 1 to 5 scale.
    • Comments. A good scorecard will include a place for reviewers to provide additional information regarding the rating, or other items that are relevant to the scorecard.

    An overall score is calculated based on the rating for each criteria and the measurement category weights.

    Step 2.3 – Scorecards and feedback (cont'd)

    Design a two-way feedback loop with your vendors

    Goals and objectives

    Scorecards can be used for a variety of reasons. Some of the common ones are:

    • Improving vendor performance.
    • Conveying expectations to the vendor.
    • Identifying and recognizing top vendors.
    • Increasing alignment between the parties.
    • Improving communication with the vendor.
    • Comparing vendors across the same criteria.
    • Measuring items not included in contract metrics.
    • Identifying vendors for "strategic alliance" consideration.
    • Helping the organization achieve specific goals and objectives.

    Identifying and resolving issues before they impact performance or the relationship.

    Identifying your scorecard drivers first will help you craft a suitable scorecard.

    Step 2.3 – Scorecards and feedback (cont'd)

    Design a two-way feedback loop with your vendors

    Info-Tech recommends starting with simple scorecards to allow you and the vendors to acclimate to the new process and information. As you build your scorecards, keep in mind that internal personnel will be scoring the vendors and the vendors will be reviewing the scorecard. Make your scorecard easy for your personnel to fill out, and containing meaningful content to drive the vendor in the right direction. You can always make the scorecard more complex in the future.

    Our recommendation of five categories is provided below. Choose three to five of the categories that help you accomplish your scorecard goals and objectives:

    1. Timeliness – Responses, resolutions, fixes, submissions, completions, milestones, deliverables, invoices, etc.
    2. Cost – Total cost of ownership, value, price stability, price increases/decreases, pricing models, etc.
    3. Quality – Accuracy, completeness, mean time to failure, bugs, number of failures, etc.
    4. Personnel – Skilled, experienced, knowledgeable, certified, friendly, trustworthy, flexible, accommodating, etc.
    5. Risk – Adequate contractual protections, security breaches, lawsuits, finances, audit findings, etc.

    Some criteria may be applicable in more than one category. The categories above should cover at least 80% of the items that are important to your organization. The general criteria listed for each category is not an exhaustive list, but most things break down into time, money, quality, people, and risk issues.

    Step 2.3 – Scorecards and feedback (cont'd)

    Design a two-way feedback loop with your vendors

    Additional Considerations

    • Even a good rating system can be confusing. Make sure you provide some examples or a way for reviewers to discern the differences between a 1, 2, 3, 4, and 5. Don't assume your "rating key" will be intuitive.
    • When assigning weights, don't go lower than 10% for any measurement category. If the weight is too low, it won't be relevant enough to have an impact on the total score. If it doesn't "move the needle", don't include it.
    • Final sign-off on the scorecard template should occur outside the VMI. The heavy lifting can be done by the VMI to create it, but the scorecard is for the benefit of the organization overall, and those impacted by the vendors specifically. You may end up playing arbiter or referee, but the scorecard is not the exclusive property of the VMI. Try to reach consensus on your final template whenever possible.
    • You should notice improved ratings and total scores over time for your vendors. One explanation for this is the Pygmalion Effect: "The Pygmalion [E]ffect describes situations where someone's high expectations improves our behavior and therefore our performance in a given area. It suggests that we do better when more is expected of us."* Convey your expectations and let the vendors' competitive juices take over.
    • While creating your scorecard and materials to explain the process to internal personnel, identify those pieces that will help you explain it to your vendors during vendor orientation (see Steps 2.6 and 3.4). Leveraging pre-existing materials is a great shortcut.

    *Source: The Decision Lab, n.d.

    Step 2.3 – Scorecards and feedback (cont'd)

    Design a two-way feedback loop with your vendors

    Vendor Feedback

    After you've built your scorecard, turn your attention to the second half of the equation – feedback from the vendor. A communication loop cannot be successful without dialogue flowing both ways. While this can happen with just a scorecard, a mechanism specifically geared toward the vendor providing you with feedback improves communication, alignment, and satisfaction.

    You may be tempted to create a formal scorecard for the vendor to use; avoid that temptation until later in your maturity or development of the VMI. You'll be implementing a lot of new processes, deploying new tools and templates, and getting people to work together in new ways. Work on those things first.

    For now, implement an informal process for obtaining information from the vendor. Start by identifying information that you will find useful – information that will allow you to improve overall, to reduce waste or time, to improve processes, to identify gaps in skills. Incorporate these items into your business alignment meetings (see Steps 2.4 and 3.5). Create three to five good questions to ask the vendor and include these in the business alignment meeting agenda. The goal is to get meaningful feedback, and that starts with asking good questions.

    Keep it simple at first. When the time is right, you can build a more formal feedback form or scorecard. Don't be in a rush; as long as the informal method works, keep using it.

    2.3.1 – Scorecards and feedback

    30 – 60 Minutes

    1. Meet with the participants and brainstorm ideas for your scorecard measurement categories:
      1. What makes a vendor valuable to your organization?
      2. What differentiates a "good" vendor from a "bad" vendor?
      3. What items would you like to measure and provide feedback on to the vendor to improve performance, the relationship, risk, and other areas?
    2. Select three, but no more than five, of the following measure categories: timeliness, cost, quality, personnel, and risk.
    3. Within each measurement category, list two or three criteria that you want to measure and track for your vendors. Choose items that are as universal as possible rather than being applicable to one vendor or one vendor type.
    4. Assign a weight to each measurement category, ensuring that the total weight is 100% for all measurement categories.
    5. Document your results as you go in Phase 2 Tools and Templates Compendium – Tab 2.3 Scorecard.

    Input

    • Brainstorming

    Output

    • Configured Scorecard template

    Materials

    • Phase 2 Tools and Templates Compendium – Tab 2.3 Scorecard

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Download the Info-Tech Phase 2 Tools and Templates Compendium

    2.3.2 – Scorecards and feedback

    15 to 30 Minutes

    1. Meet with the participants and brainstorm ideas for feedback to seek from your vendors during your business alignment meetings. During the brainstorming, identify questions to ask the vendor about your organization that will:
      1. Help you improve the relationship.
      2. Help you improve your processes or performance.
      3. Help you improve ongoing communication.
      4. Help you evaluate your personnel.
    2. Identify the top five questions you want to include in your business alignment meeting agenda. (Note: you may need to refine the actual questions from the brainstorming activity before they are ready to include in your business alignment meeting agenda.)
    3. Document both your brainstorming activity and your final results in Phase 2 Tools and Templates Compendium – Tab 2.3 Feedback. The brainstorming questions can be used in the future as your VMI matures and your feedback transforms from informal to formal. The results will be used in Steps 2.4 and 3.5.

    Input

    • Brainstorming

    Output

    • Feedback questions to include with the business alignment meeting agenda

    Materials

    • Phase 2 Tools and Templates Compendium – Tab 2.3 Feedback

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Download the Info-Tech Phase 2 Tools and Templates Compendium

    Step 2.4 – Business alignment meeting agenda

    Craft an agenda that meets the needs of the VMI

    A business alignment meeting (BAM) is a multi-faceted tool to ensure the customer and the vendor stay focused on what is important to the customer at a high level. BAMs are not traditional operational meetings where the parties get into the details of the contracts, deal with installation problems, address project management issues, or discuss specific cost overruns. The focus of the BAM is the scorecard (see Step 2.3), but other topics are discussed, and other purposes are served. For example:

    • You can use the BAM to develop the relationship with the vendor's leadership team so that if escalation is ever needed, your organization is more than just a name on a spreadsheet or customer list.
    • You can learn about innovations the vendor is working on (without the meeting turning into a sales call).
    • You can address high-level performance trends and request corrective action as needed.
    • You can clarify your expectations.
    • You can educate the vendor about your industry, culture, and organization.
    • You can learn more about the vendor.

    As you build your BAM Agenda, someone in your organization may say, "Oh, that's just a quarterly business review (QBR) or top-to-top meeting." In most instances, an existing QBRs or top-to-top meeting is not the same as a BAM. Using the term QBR or top-to-top meeting instead of BAM can lead to confusion internally. The VMI may say to the business unit, procurement, or another department, "We're going to start running some QBRs for our strategic vendors." The typical response is, "There's no need; we already run QBRs/top-to-top meetings with our important vendors." This may be accompanied by an invitation to join their meeting, where you may be an afterthought, have no influence, and get five minutes at the end to talk about your agenda items. Keep your BAM separate so that it meets your needs.

    Step 2.4 – Business alignment meeting agenda (cont'd)

    Craft an agenda that meets the needs of the VMI

    As previously noted, using the term BAM more accurately depicts the nature of the VMI meeting and prevents confusion internally with other meetings already occurring. In addition, hosting the BAM yourself rather than piggybacking onto another meeting ensures that the VMI's needs are met. The VMI will set and control the BAM agenda and determine the invite list for internal personnel and vendor personnel. As you may have figured out by now, having the right customer and vendor personnel attend will be essential.

    BAMs are conducted at the vendor level, not the contract level. As a result, the frequency of the BAMs will depend on the vendor's classification category (see Steps 2.1 and 3.1). General frequency guidelines are provided below, but they can be modified to meet your goals:

    • Commodity vendors – Not applicable
    • Operational vendors – Biannually or annually
    • Strategic vendors – Quarterly
    • Tactical vendors – Quarterly or biannually

    BAMs can help you achieve some additional benefits not previously mentioned:

    • Foster a collaborative relationship with the vendor.
    • Avoid erroneous assumptions by the parties.
    • Capture and provide a record of the relationship (and other items) over time.

    Step 2.4 – Business alignment meeting agenda (cont'd)

    Craft an agenda that meets the needs of the VMI

    As with any meeting, building the proper agenda will be one of the keys to an effective and efficient meeting. A high-level BAM agenda with sample topics is set out below:

    BAM Agenda

    • Opening remarks
      • Welcome and introductions
      • Review of previous minutes
    • Active discussion
      • Review of open issues
      • Scorecard and feedback
      • Current status of projects to ensure situational awareness by the vendor
      • Roadmap/strategy/future projects
      • Accomplishments
    • Closing remarks
      • Reinforce positives (good behavior, results, and performance, value added, and expectations exceeded)
      • Recap
    • Adjourn

    2.4.1 – Business alignment meeting agenda

    20 – 45 Minutes

    1. Meet with the participants and review the sample agenda in Phase 2 Tools and Templates Compendium – Tab 2.4 BAM Agenda.
    2. Using the sample agenda as inspiration and brainstorming activities as needed, create a BAM agenda tailored to your needs.
      1. Select the items from the sample agenda applicable to your situation.
      2. Add any items required based on your brainstorming.
      3. Add the feedback questions identified during Activity 2.3.2 and documented in Phase 2 Tools and Templates Compendium – Tab 2.3 Feedback.
    3. Gain input and approval from sponsors, stakeholders, and executives as required or appropriate.
    4. Document the final BAM agenda in Phase 2 Tools and Templates Compendium –Tab 2.4 BAM Agenda.

    Input

    • Brainstorming
    • Phase 2 Tools and Templates Compendium – Tab 2.3 Feedback

    Output

    • Configured BAM agenda

    Materials

    • Phase 2 Tools and Templates Compendium – Tab2 .4 BAM Agenda

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Download the Info-Tech Phase 2 Tools and Templates Compendium

    Step 2.5 – Relationship alignment document

    Draft a document to convey important VMI information to your vendors

    Throughout this blueprint, alignment is mentioned directly (e.g. business alignment meetings [Steps 2.4 and 3.3]) or indirectly implied. Ensuring you and your vendors are on the same page, have clear and transparent communication, and understand each other's expectations is critical to fostering strong relationships. One component of gaining and maintaining alignment with your vendors is the Relationship Alignment Document (RAD). Depending upon the Scope of your VMI and what your organization already has in place, your RAD will fill in the gaps on various topics.

    Early in the VMI's maturation, the easiest approach is to develop a short document (1 one page) or a pamphlet (i.e. the classic trifold) describing the rules of engagement when doing business with your organization. The RAD can convey expectations, policies, guidelines, and other items. The scope of the document will depend on:

    1. What you believe is important for the vendors to understand.
    2. Any other similar information already provided to the vendors.

    The first step to drafting a RAD is to identify what information vendors need to know to stay on your good side. You may want vendors to know about your gift policy (e.g. employees may not accept vendor gifts above a nominal value, such as a pen or mousepad). Next, compare your list of what vendors need to know and determine if the content is covered in other vendor-facing documents such as a vendor code of conduct or your website's vendor portal. Lastly, create your RAD to bridge the gap between what you want and what is already in place. In some instances, you may want to include items from other documents to reemphasize them with the vendor community.

    Info-Tech Insight

    The RAD can be used with all vendors regardless of classification category. It can be sent directly to the vendors or given to them during vendor orientation (see Step 3.3)

    2.5.1 – Relationship alignment document

    1 to 4 Hours

    1. Meet with the participants and review the RAD sample and checklist in Phase 2 Tools and Templates Compendium – Tab 2.5 Relationship Alignment Doc.
    2. Determine:
      1. Whether you will create one RAD for all vendors or one RAD for strategic vendors and another RAD for tactical and operational vendors; whether you will create a RAD for commodity vendors.
      2. The concepts you want to include in your RAD(s).
      3. The format for your RAD(s) – traditional, pamphlet, or other.
      4. Whether signoff or acknowledgement will be required by the vendors.
    3. Draft your RAD(s) and work with other internal areas, such as Marketing to create a consistent brand for the RADS, and Legal to ensure consistent use and preservation of trademarks or other intellectual property rights and other legal issues.
    4. Review other vendor-facing documents (e.g. supplier code of conduct, onsite safety and security protocols) for consistencies between them and the RAD(s).
    5. Obtain signoff on the RAD(s) from stakeholders, sponsors, executives, Legal, Marketing, and others as needed.

    Input

    • Brainstorming
    • Vendor-facing documents, policies, and procedures

    Output

    • Completed Relationship Alignment Document(s)

    Materials

    • Phase 2 Tools and Templates Compendium – Tab 2.5 Relationship Alignment Doc

    Participants

    • VMI team
    • Marketing, as needed
    • Legal, as needed

    Download the Info-Tech Phase 2 Tools and Templates Compendium

    Step 2.6 – Vendor orientation

    Create a VMI awareness process to build bridges with your vendors

    Your organization is unique. It may have many similarities with other organizations, but your culture, risk tolerance, mission, vision, and goals, finances, employees, and "customers" (those that depend on you) make it different. The same is true of your VMI. It may have similar principles, objectives, and processes to other organizations' VMIs, but yours is still unique. As a result, your vendors may not fully understand your organization and what vendor management means to you.

    Vendor orientation is another means to helping you gain and maintain alignment with your important vendors, educate them on what is important to you, and provide closure when/if the relationship with the vendor ends. Vendor orientation is comprised of three components, each with a different function:

    • Orientation
    • Reorientation
    • Debrief

    Vendor orientation focuses on the vendor management pieces of the puzzle (e.g. the scorecard process) rather than the operational pieces (e.g. setting up a new vendor in the system to ensure invoices are processed smoothly).

    Step 2.6 – Vendor orientation (cont'd)

    Create a VMI awareness process to build bridges with your vendors

    Reorientation

    • Reorientation is either identical or similar to orientation, depending upon the circumstances. Reorientation occurs for several reasons, and each reason will impact the nature and detail of the reorientation content. Reorientation occurs whenever:
    • There is a significant change in the vendor's products or services.
    • The vendor has been through a merger, acquisition, or divestiture.
    • A significant contract renewal/renegotiation has recently occurred.
    • Sufficient time has passed from orientation; commonly 2 to 3 years.
    • The vendor has been placed in a "performance improvement plan" or "relationship improvement plan" protocol.
    • Significant turnover has occurred within your organization (executives, key stakeholders, and/or VMI personnel).
    • Substantial turnover has occurred at the vendor at the executive or account management level.
    • The vendor has changed vendor classification categories after the most current classification.
    • As the name implies, the goal is to refamiliarize the vendor with your current VMI situation, governances, protocols, and expectations. The drivers for reorientation will help you determine the reorientation's scope, scale, and frequency.

    Step 2.6 – Vendor orientation (cont'd)

    Create a VMI awareness process to build bridges with your vendors

    Debrief

    To continue the analogy from orientation, debrief is like an exit interview for an employee when their employment is terminated. In this case, debrief occurs when the vendor is no longer an active vendor with your organization - all contracts have terminated or expired, and no new business with the vendor is anticipated within the next three months.

    Similar to orientation and reorientation, debrief activities will be based on the vendor's classification category within the COST model. Strategic vendors don't go away very often; usually, they transition to operational or tactical vendors first. However, if a strategic vendor is no longer providing products or services to you, dig a little deeper into their experiences and allocate extra time for the debrief meeting.

    The debrief should provide you with feedback on the vendor's experience with your organization and their participation in your VMI. Additionally, it can provide closure for both parties since the relationship is ending. Be careful that the debrief does not turn into a finger-pointing meeting or therapy session for the vendor. It should be professional and productive; if it is going off the rails, terminate the meeting before more damage can occur.

    End the debrief on a high note if possible. Thank the vendor, highlight its key contributions, and single out any personnel who went above and beyond. You never know when you will be doing business with this vendor again – don't burn bridges!

    Step 2.6 – Vendor orientation (cont'd)

    Create a VMI awareness process to build bridges with your vendors

    As you create your vendor orientation materials, focus on the message you want to convey.

    • For orientation and reorientation:
      • What is important to you that vendors need to know?
      • What will help the vendors understand more about your organization and your VMI?
      • What and how are you different from other organizations overall, and in your "industry"?
      • What will help them understand your expectations?
      • What will help them be more successful?
      • What will help you build the relationship?
    • For debrief:
      • What information or feedback do you want to obtain?
      • What information or feedback to you want to give?

    The level of detail you provide strategic vendors during orientation and reorientation may be different from the information you provide tactical and operational vendors. Commodity vendors are not typically involved in the vendor orientation process. The orientation meetings can be conducted on a one-to-one basis for strategic vendors and a one-to-many basis for operational and tactical vendors; reorientation and debrief are best conducted on a one-to-one basis. Lastly, face-to-face or video meetings work best for vendor orientation; voice-only meetings, recorded videos, or distributing only written materials seldom hit their mark or achieve the desired results.

    Step 2.7 – Three-year roadmap

    Plot your path at a high level

    1. The VMI exists in many planes concurrently:
    2. It operates both tactically and strategically.

    It focuses on different timelines or horizons (e.g., the past, the present, and the future). Creating a three-year roadmap facilitates the VMI's ability to function effectively across these multiple landscapes.

    The VMI roadmap will be influenced by many factors. The work product from Phase 1 – Plan, input from executives, stakeholders, and internal clients, and the direction of the organization are great sources of information as you begin to build your roadmap.

    To start, identify what you would like to accomplish in year 1. This is arguably the easiest year to complete: budgets are set (or you have a good idea what the budget will look like), personnel decisions have been made, resources have been allocated, and other issues impacting the VMI are known with a higher degree of certainty than any other year. This does not mean things won't change during the first year of the VMI, but expectations are usually lower, and the short event horizon makes things more predictable during the year-1 ramp-up period.

    Years 2 and 3 are more tenuous, but the process is the same: identify what you would like to accomplish or roll out in each year. Typically, the VMI maintains the year-1 plan into subsequent years and adds to the scope or maturity. For example, you may start year 1 with BAMs and scorecards for three of your strategic vendors; during year 2, you may increase that to five vendors; and during year 3, you may increase that to nine vendors. Or, you may not conduct any market research during year 1, waiting to add it to your roadmap in year 2 or 3 as you mature.

    Breaking things down by year helps you identify what is important and the timing associated with your priorities. A conservative approach is recommended. It is easy to overcommit, but the results can be disastrous and painful.

    2.7.1 – Three-year roadmap

    45 – 90 Minutes

    1. Meet with the participants and decide how to coordinate year 1 of your three-year roadmap with your existing fiscal year or reporting year. Year 1 may be shorter or longer than a calendar year.
    2. Review the VMI activities listed in Phase 2 Tools and Templates Compendium – Tab 2.7 Three-year roadmap. Use brainstorming and your prior work product from Phase 1 and Phase 2 to identify additional items for the roadmap and add them at the bottom of the spreadsheet.
    3. Starting with the first activity, determine when that activity will begin and put an X in the corresponding column; if the activity is not applicable, leave it blank or insert N/A.
    4. Go back to the top of the list and add information as needed.
      1. For any year-1 or year-2 activities, add an X in the corresponding columns if the activity will be expanded/continued in subsequent periods (e.g., if a Year 2 activity will continue in year 3, put an X in year 3 as well).
      2. Use the comments column to provide clarifying remarks or additional insights related to your plans or "X's". For example, "Scorecards begin in year 1 with three vendors and will roll out to five vendors in year 2 and nine vendors in year 3."
    5. Obtain signoff from stakeholders, sponsors, and executives as needed.

    Input

    • Phase 1 work product
    • Steps 2.1 – 2.6 work product
    • Brainstorming

    Output

    • High level three-year roadmap for the VMI

    Materials

    • Phase 2 Tools and Templates Compendium – Tab 2.7 Three-Year Roadmap

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Download the Info-Tech Phase 2 Tools and Templates Compendium

    Step 2.8 – 90-day plan

    Pave your short-term path with a series of detailed quarterly plans

    Now that you have prepared a three-year roadmap, it's time to take the most significant elements from the first year and create action plans for each three-month period. Your first 90-day plan may be longer or shorter if you want to sync to your fiscal or calendar quarters. Aligning with your fiscal year can make it easier for tracking and reporting purposes; however, the more critical item is to make sure you have a rolling series of four 90-day plans to keep you focused on the important activities and tasks throughout the year.

    The 90-day plan is a simple project plan that will help you measure, monitor, and report your progress. Use the Info-Tech tool to help you track:

    Activities.

    • Tasks comprising each activity.
    • Who will be performing the tasks.
    • An estimate of the time required per person per task.
    • An estimate of the total time to achieve the activity.
    • A due date for the activity.
    • A priority of the activity.

    The first 90-day plan will have the greatest level of detail and should be as thorough as possible; the remaining three 90-day plans will each have less detail for now. As you approach the middle of the first 90-day plan, start adding details to the next 90-day plan; toward the end of the first quarter add a high-level 90-day plan to the end of the chain. Continue repeating this cycle each quarter and consult the three-year roadmap and the leadership team, as necessary.

    2.8.1 – 90-day plan

    45 – 90 Minutes

    1. Meet with the participants and decide how to coordinate the first "90-day" plan with your existing fiscal year or reporting cycles. Your first plan may be shorter or longer than 90 days.
    2. Looking at the year-1 section of the three-year roadmap, identify the activities that will be started during the next 90 days.
    3. Using the Phase 2 Tools and Templates Compendium – Tab 2.8 90-Day Plan, enter the following information into the spreadsheet for each activity to be accomplished during the next 90 days:
      1. Activity description.
      2. Tasks required to complete the activity (be specific and descriptive).
      3. The people who will be performing each task.
      4. The estimated number of hours required to complete each task.
      5. The start date and due date for each task or the activity.
    4. Validate the tasks are a complete list for each activity and the people performing the tasks have adequate time to complete the tasks by the due date(s).
    5. Assign a priority to each Activity.

    Input

    • Three-Year Roadmap
    • Phase 1 work product
    • Steps 2.1 – 2.7 work product
    • Brainstorming

    Output

    • Detailed plan for the VMI for the next quarter or "90" days

    Materials

    • Phase 2 Tools and Templates Compendium – Tab 2.8 90-Day Plan

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Download the Info-Tech Phase 2 Tools and Templates Compendium

    Step 2.9 – Quick wins

    Identify potential short-term successes to gain momentum and show value immediately

    As the final step in the timeline trilogy, you are ready to identify some quick wins for the VMI. Using the first 90-day plan and a brainstorming activity, create a list of things you can do in 15 to 30 days that add value to your initiative and build momentum.

    As you evaluate your list of potential candidates, look for things that:

    • Are achievable within the stated timeline.
    • Don't require a lot of effort.
    • Involve stopping a certain process, activity, or task; this is sometimes known as a "stop doing stupid stuff" approach.
    • Will reduce or eliminate inefficiencies; this is sometimes known as the war on waste.
    • Have a moderate to high impact or bolster the VMI's reputation.

    As you look for quick wins, you may find that everything you identify does not meet the criteria. That's okay; don't force the issue. Return your focus to the 90-day plan and three-year roadmap and update those documents if the brainstorming activity associated with Step 2.9 identified anything new.

    2.9.1 – Quick wins

    15 - 30 Minutes

    1. Meet with the participants and review the three-year roadmap and 90-day plan. Determine if any item on either document can be completed:
      1. Quickly (30 days or less).
      2. With minimal effort.
      3. To provide or show moderate to high levels of value or provide the VMI with momentum.
    2. Brainstorm to identify any other items that meet the criteria in step 1 above.
    3. Compile a comprehensive list of these items and select up to five to pursue.
    4. Document the list in the Phase 2 Tools and Templates Compendium – Tab 2.9 Quick Wins.
    5. Manage the quick wins list and share the results with the VMI team and applicable stakeholders and executives.

    Input

    • Three-Year Roadmap
    • 90-Day Plan
    • Brainstorming

    Output

    • A list of activities that require low levels of effort to achieve moderate to high levels of value in a short period

    Materials

    • Phase 2 Tools and Templates Compendium – Tab 2.9 Quick Wins

    Participants

    • VMI team

    Download the Info-Tech Phase 2 Tools and Templates Compendium

    Step 2.10 – Reports

    Construct your reports to resonate with your audience

    Issuing reports is a critical piece of the VMI since the VMI is a conduit of information for the organization. It may be aggregating risk data from internal areas, conducting vendor research, compiling performance data, reviewing market intelligence, or obtaining relevant statistics, feedback, comments, facts, and figures from other sources. Holding onto this information minimizes the impact a VMI can have on the organization; however, the VMI's internal clients, stakeholders, and executives can drown in raw data and ignore it completely if it is not transformed into meaningful, easily-digested information.

    Before building a report, think about your intended audience:

    • What information are they looking for? What will help them understand the big picture?
    • What level of detail is appropriate, keeping in mind the audience may not be like-minded?
    • What items are universal to all the readers and what items are of interest to one or two readers?
    • How easy or hard will it be to collect the data? Who will be providing it, and how time consuming will it be?
    • How accurate, valid, and timely will the data be?
    • How frequently will each report need to be issued?

    Step 2.10 – Reports (cont'd)

    Construct your reports to resonate with your audience

    Use the following guidelines to create reports that will resonate with your audience:

    • Value information over data, but sometimes data does have a place in your report.
    • Use pictures, graphics, and other representations more than words, but words are often necessary in small, concise doses.
    • Segregate your report by user; for example, general information up top, CIO information below that on the right, CFO information to the left of CIO information, etc.
    • Send a draft report to the internal audience and seek feedback, keeping in mind you won't be able to cater to or please everyone.

    2.10.1 – Reports

    15 – 45 Minutes

    1. Meet with the participants and review the applicable work product from Phase 1 and Phase 2; identify qualitative and quantitative items the VMI measures, monitors, tracks, or aggregates.
    2. Determine which items will be reported and to whom (by category):
      1. Internally to personnel within the VMI.
      2. Internally to personnel outside the VMI.
      3. Externally to vendors.
    3. Within each category above, determine your intended audiences/recipients. For example, you may have a different list of recipients for a risk report than you do a scorecard summary report. This will help you identify the number of reports required.
    4. Create a draft structure for each report based on the audience and the information being conveyed. Determine the frequency of each report and person responsible for creating for each report.
    5. Document your final choices in Phase 2 Tools and Templates Compendium – Tab 2.10 Reports.

    Input

    • Brainstorming
    • Phase 1 work product
    • Steps 2.1 – 2.11 work product

    Output

    • A list of reports used by the VMI
    • For each report
      • The conceptual content
      • A list of who will receive or have access
      • A creation/distribution frequency

    Materials

    • Phase 2 Tools and Templates Compendium – Tab 2.10 Reports

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Download the Info-Tech Phase 2 Tools and Templates Compendium

    Phase 3 - Run

    Implement your processes and leverage your tools and templates

    Phase 1

    Phase 2Phase 3Phase 4

    1.1 Mission Statement and Goals

    1.2 Scope

    1.3 Strengths and Obstacles

    1.4 Roles and Responsibilities

    2.1 Classification Model

    2.2 Risk Assessment Tool

    2.3 Scorecards and Feedback

    2.4 Business Alignment Meeting Agenda

    2.5 Relationship Alignment Document

    2.6 Vendor Orientation

    2.7 3-Year Roadmap

    2.8 90-Day Plan

    2.9 Quick Wins

    2.10 Reports

    3.1 Classify Vendors

    3.2 Compile Scorecards

    3.3 Conduct Business Alignment Meetings

    3.4 Work the 90-Day Plan

    3.5 Manage the 3-Year Roadmap

    3.6 Develop/Improve Vendor Relationships

    4.1 Incorporate Leading Practices

    4.2 Leverage Lessons Learned

    4.3 Maintain Internal Alignment

    This phase will walk you through the following activity:

    • Beginning to operate the VMI. The main outcomes from this phase are guidance and the steps required to initiate your VMI.

    This phase involves the following participants:

    • VMI team
    • Applicable stakeholders and executives
    • Others as needed

    Vendor Management Initiative Basics for the Small/Medium Businesses

    Phase 3 – Run

    Implement your processes and leverage your tools and templates

    All the hard work invested in Phase 1 – Plan and Phase 2 – Build begins to pay off in Phase 3 – Run. It's time to stand up your VMI and ensure that the proper level of resources is devoted to your vendors and the VMI itself. There's more hard work ahead, but the foundational elements are in place. This doesn't mean there won't be adjustments and modifications along the way, but you are ready to use the tools and templates in the real world; you are ready to begin reaping the fruits of your labor.

    Phase 3 – Run guides you through the process of collecting data, monitoring trends, issuing reports, and conducting effective meetings to:

    • Manage risk better.
    • Improve vendor performance.
    • Improve vendor relationships.
    • Identify areas where the parties can improve.
    • Improve communication between the parties.
    • Increase the value proposition with your vendors.

    Step 3.1 – Classify vendors

    Begin classifying your top 25 vendors by spend

    Step 3.1 sets the table for many of the subsequent steps in Phase 3 – Run. The results of your classification process will determine which vendors go through the scorecarding process (Step 3.2); which vendors participate in BAMs (Step 3.3), and which vendors you will devote relationship-building resources to (Step 3.6).

    As you begin classifying your vendors, Info-Tech recommends using an iterative approach initially to validate the results from the classification model you configured in Step 2.1.

    1. Identify your top 25 vendors by spend.
    2. Run your top 10 vendors by spend through the classification model and review the results.
      1. If the results are what you expected and do not contain any significant surprises, go to 3. on the next page.
      2. If the results are not what you expected or do contain significant surprises, look at the configuration page of the tool (Tab 1) and adjust the weights or the spend categories slightly. Be cautious in your evaluation of the results before modifying the configuration page - some legitimate results are unexpected, or are surprises based on bias. If you modify the weighting, review the new results and repeat your evaluation. If you modify the spend categories, review the answers on the vendor tabs to ensure that the answers are still accurate; review the new results and repeat your evaluation.

    Step 3.1 – Classify vendors (cont'd)

    Review your results and adjust the classification tool as needed

    1. Run your top 11-through-25 vendors by spend through the classification model and review the results. Identify any unexpected results. Determine if further configuration makes sense and repeat the process outlined in 2.b., previous page, as necessary. If no further modifications are required, continue to 4., below.
    2. Share the preliminary results with the leadership team, executives, and stakeholders to obtain their approval or adjustments to the results.
      1. They may have questions and want to understand the process before approving the results.
      2. They may request that you move a vendor from one quadrant to another based on your organization's roadmap, the vendor's roadmap, or other information not available to you.
    3. Identify the vendors that will be part of the VMI at this stage – how many and which ones. Based on this number and the VMI's scope (Step 1.2), make sure you have the resources necessary to accommodate the number of vendors participating in the VMI. Proceed cautiously and gradually increase the number of vendors participating in the VMI.

    Step 3.1 – Classify vendors (cont'd)

    Finalize the results and update VMI tools and templates

    1. Update the vendor inventory tool (Step 1.7) to indicate the current classification status for the top 25 vendors by spend. Once your vendors have been classified, you can sort the vendor inventory tool by classification status to see all the vendors in that category at once.
    2. Review your three-year roadmap (Step 2.9) and 90-day plans (Step 2.6) to determine if any modifications are needed to the activities and timelines.

    Additional classification considerations:

    • You should only have a few vendors that fit in the strategic category. As a rough guideline, no more than 5% to 10% of your IT vendors should end up in the strategic category. If you have many vendors, even 5% may be too many. the classification model is an objective start to the classification process, but common sense must prevail over the "math" at the end of the day.
    • At this point, there is no need to go beyond the top 25 by spend. Most VMIs starting out can't handle more than three to five strategic vendors initially. Allow the VMI to run a pilot program with a small sample size, work out any bugs, make adjustments, and then ramp up the VMI's rollout in waves. Vendors can be added quarterly, biannually, or annually, depending upon the desired goals and available resources.

    Step 3.1 – Classify vendors (cont'd)

    Align your vendor strategy to your classification results

    As your VMI matures, additional vendors will be part of the VMI. Review the table below and incorporate the applicable strategies into your deployment of vendor management principles over time. Stay true to your mission, goals, and scope, and remember that not all your vendors are of equal importance.

    Operational

    Strategic
    • Focus on spend containment
    • Concentrate on lowering total cost of ownership
    • Invest moderately in cultivating the relationship
    • Conduct BAMs biannually or annually
    • Compile scorecards quarterly or biannually
    • Identify areas for performance and cost improvement
    • Focus on value, collaboration, and alignment
    • Review market intelligence for the vendor's industry
    • Invest significantly in cultivating the relationship
    • Initiate executive-to-executive relationships
    • Conduct BAMs quarterly
    • Compile scorecards quarterly
    • Understand how the vendors view your organization

    Commodity

    Tactical
    • Investigate vendor rationalization and consolidation
    • Negotiate for the best-possible price
    • Leverage competition during negotiations
    • Streamline the purchasing and payment process
    • Allocate minimal VMI resources
    • Assign the lowest priority for vendor management metrics
    • Conduct risk assessments biannually or annually
    • Cultivate a collaborative relationship based on future growth plans or potential with the vendor
    • Conduct BAMs quarterly or biannually
    • Compile scorecards quarterly
    • Identify areas of performance improvement
    • Leverage innovation and creative problem solving

    Step 3.1 – Classify vendors (cont'd)

    Be careful when using the word "partner" with your strategic and other vendors

    For decades, vendors have used the term "partner" to refer to the relationship they have with their clients and customers. This is often an emotional ploy used by the vendors to get the upper hand. To fully understand the terms "partner" and "partnership", let's evaluate them through two more objective, less cynical lenses.

    If you were to talk to your in-house or outside legal counsel, you may be told that partners share in profits and losses, and they have a fiduciary obligation to each other. Unless there is a joint venture between the parties, you are unlikely to have a partnership with a vendor from this perspective.

    What about a "business" partnership — one that doesn't involve sharing profits and losses? What would that look like? Here are some indicators of a business partnership (or preferably a strategic alliance):

    • Trust and transparent communication exist.
    • You have input into the vendor's roadmap for products and services.
    • The vendor is aligned with your desired outcomes and helps you achieve success.
    • You and the vendor are accountable for actions and inactions, with both parties being at risk.
    • There is parity in the peer-to-peer relationships between the organizations (e.g. C-Level to C-Level).
    • The vendor provides transparency in pricing models and proactively suggests ways for you to reduce costs.
    • You and the vendor work together to make each party better, providing constructive feedback on a regular basis.
    • The vendor provides innovative suggestions for you to improve your processes, performance, the bottom line, etc.
    • Negotiations are not one-sided; they are meaningful and productive, resulting in an equitable distribution of money and risk.

    Step 3.1 – Classify vendors (cont'd)

    Understand the implications and how to leverage the words "partner" and "partnership"

    By now you might be thinking, "What's all the fuss? Why does it matter?" At Info-Tech, we've seen firsthand how referring to the vendor as a partner can have the following impact:

    • Confidences are disclosed unnecessarily.
    • Negotiation opportunities and leverage are lost.
    • Vendors no longer have to earn the customer's business.
    • Vendor accountability is missing due to shared responsibilities.
    • Competent skilled vendor resources are assigned to other accounts.
    • Value erodes over time since contracts are renewed without being competitively sourced.
    • One-sided relationships are established, and false assurances are provided at the highest levels within the customer organization.

    Proceed with caution when using partner or partnership with your vendors. Understand how your organization benefits from using these terms and mitigate the negatives outlined above by raising awareness internally to ensure people understand the psychology behind the terms. Finally, use the term to your advantage when warranted by referring to the vendor as a partner when you want or need something that the vendor is reluctant to provide. Bottom line: be strategic in how you refer to vendors and know the risks.

    Step 3.2 – Compile scorecards

    Begin scoring your top vendors

    The scorecard process typically is owned and operated by the VMI, but the actual rating of the criteria within the measurement categories is conducted by those with day-to-day interactions with the vendors, those using or impacted by the services and products provided by the vendors, and those with the skills to research other information on the scorecard (e.g. risk). Chances are one person will not be able to complete an entire scorecard by themselves. As a result, the scorecard process is a team sport comprised of sub-teams where necessary.

    The VMI will compile the scores, calculate the final results, and aggregate all the comments into one scorecard. There are two common ways to approach this task:

    1. Send out the scorecard template to those who will be scoring the vendor and ask them to return it when completed, providing them with a due date a few days before you need it; you'll need time to compile, calculate, and aggregate.
    2. Invite those who will be scoring the vendor to a meeting and let the contributors use that time to score the vendors; make VMI team members available to answer questions and facilitate the process.

    Step 3.2 – Compile scorecards (cont'd)

    Gather input from stakeholders and others impacted by the vendors

    Since multiple people will be involved in the scorecarding process or have information to contribute, the VMI will have to work with the reviewers to ensure he right mix of data is provided. For example:

    • If you are tracking lawsuits filed by or against the vendor, one person from Legal may be able to provide that, but they may not be able to evaluate any other criteria on the scorecard.
    • If you are tracking salesperson competencies, multiple people from multiple areas may have valuable insights.
    • If you are tracking deliverable timeliness, several project managers may want to contribute across several projects.

    Where one person is contributing exclusively to limited criteria, make it easy for them to identify the criteria they are to evaluate. When multiple people from the same functional area will provide insights, they can contribute individually (and the VMI will average their responses) or they can respond collectively after reaching consensus as a group.

    After the VMI has compiled, calculated, and aggregated, share the results with executives, impacted stakeholders, and others who will be attending the BAM for that vendor. Depending upon the comments provided by internal personnel, you may need to create a sanitized version of the scorecard for the vendor.

    Make sure your process timeline has a buffer built in. You'll be sending the final scorecard to the vendor three to five days before the BAM, and you'll need some time to assemble the results. The scorecarding process can be perceived as a low-priority activity for people outside of the VMI, and other "priorities" will arise for them. Without a timeline buffer, the VMI may find itself behind schedule and unprepared, due to things beyond its control.

    Step 3.3 – Conduct business alignment meetings

    Determine which vendors will participate and how long the meetings will last

    At their core, BAMs aren't that different from any other meeting. The basics of running a meeting still apply, but there are a few nuances that apply to BAMs. Set out below are leading practices for conducing your BAMs; adapt them to meet your needs and suit your environment.

    Who

    Initially, BAMs are conducted with the strategic vendors in your pilot program. Over time you'll add vendors until all your strategic vendors are meeting with you quarterly. After that, roll out the BAMs to those tactical and operational vendors located close to the strategic quadrant in the classification model (Steps 2.1 and 3.1) and as VMI resources allow. It may take several years before you are holding regular BAMs with all your strategic, tactical, and operational vendors.

    Duration

    Keep the length of your meetings reasonable. The first few with a vendor may need to be 60 to 90 minutes long. After that, you should be able to trim them to 45 minutes to 60 minutes. The BAM does not have to fill the entire time. When you are done, you are done.

    Step 3.3 – Conduct business alignment meetings (cont'd)

    Identify who will be invited and send out invitations

    Invitations

    Set up a recurring meeting whenever possible. Changes will be inevitable but keeping the timeline regular works to your advantage. Also, the vendors included in your initial BAMs won't change for twelve months. For the first BAM with a vendor, provide adequate notice; four weeks is usually sufficient, but calendars will fill up quickly for the main attendees from the vendor. Treat the meeting as significant and make sure your invitation reflects this. A simple meeting request will often be rejected, treated as optional, or ignored completely by the vendor's leadership team (and maybe yours as well!).

    Invitees

    Internal invitees should include those with a vested interest in the vendor's performance and the relationship. Other functional areas may be invited based on need or interest. Be careful the attendee list doesn't get too big. Based on this, internal BAM attendees often include representatives from IT, Sourcing/Procurement, and the applicable business units. At times, Finance and Legal are included.

    From the vendor's side, strive to have decision makers and key leaders attend. The salesperson/account manager is often included for continuity, but a director or vice president of sales will have more insights and influence. The project manager is not needed at this meeting due to the nature of the meeting and its agenda; however, a director or vice president from the product or service delivery area is a good choice. Bottom line: get as high into the vendor's organization as possible whenever possible; look at the types of contracts you have with that vendor to provide guidance on the type of people to invite.

    Step 3.3 – Conduct business alignment meetings (cont'd)

    Prepare for the Meetings and Maintain Control

    Preparation

    Send the scorecard and agenda to the vendor five days prior to the BAM. The vendor should provide you with any information you require for the meeting five days prior, as well.

    Decide who will run the meeting. Some customers like to lead, and others let the vendor present. How you craft the agenda and your preferences will dictate who runs the show.

    Make sure the vendor knows what materials they should bring to the meeting or have access to. This will relate to the agenda and any specific requests listed under the discussion points. You don't want the vendor to be caught off guard and unable to discuss a matter of importance to you.

    Running the BAM

    Regardless of which party leads, make sure you manage the agenda to stay on topic. This is your meeting – not the vendor's, not IT's, not Procurement's or Sourcing's. Don't let anyone hijack it.

    Make sure someone is taking notes. If you are running this virtually, consider recording the meeting. Check with your legal department first for any concerns, notices, or prohibitions that may impact your recording the session.

    Remember, this is not a sales call, and it is not a social activity. Innovation discussions are allowed and encouraged, but that can quickly devolve into a sales presentation. People can be friendly toward one another, but the relationship building should not overwhelm the other purposes.

    Step 3.3 – Conduct business alignment meetings (cont'd)

    Follow these additional guidelines to maximize your meetings

    More leading practices

    • Remind everyone that the conversation may include items covered by various confidentiality provisions or agreements.
    • Publish the meeting minutes on a timely basis (within 48 hours).
    • Focus on the bigger picture by looking at trends over time; get into the details only when warranted.
    • Meet internally immediately beforehand to prepare – don't go in cold. Review the agenda and the roles and responsibilities for the attendees.
    • Physical meetings are better than virtual meetings, but travel constraints, budgets, and pandemics may not allow for physical meetings.

    Final thoughts

    • When performance or the relationship is suffering, be constructive in your feedback and conversations rather than trying to assign blame; lead with the carrot rather than the stick.
    • Look for collaborative solutions whenever possible and avoid referencing the contract if possible. Communicate your willingness to help resolve outstanding issues.
    • Use inclusive language and avoid language that puts the vendor on the defensive.
    • Make sure that your meetings are not focused exclusively on the negative, but don't paint a rosy picture where one doesn't exist.
    • A vendor that is doing well should be commended. This is an important part of relationship building.

    Step 3.4 – Work the 90-day plan

    Monitor your progress and share your results

    Having a 90-day plan is a good start, but assuming the tasks on the plan will be accomplished magically or without any oversight can lead to failure. While it won't take a lot of time to work the plan, following a few basic guidelines will help ensure the 90-day plan gets results and wasn't created in vain.

    1. Measure and track your progress against the initial/current 90-day plan at least weekly; with a short timeline, any delay can have a huge impact.
    2. If adjustments are needed to any elements of the plan, understand the cause and the impact of those adjustments before making them.
    3. Make adjustments ONLY when warranted. The temptation will be to push activities and tasks further out on the timeline (or to the next 90-day plan!) when there is any sort of hiccup along the way, especially when personnel outside the VMI are involved. Hold true to the timeline whenever possible; once you start slipping, it often becomes a habit.
    4. Report on progress every week and hold people accountable for their assignments and contributions.
    5. Take the 90-day plan seriously and treat it as you would any significant project. This is part of the VMI's branding and image.

    Step 3.5 – Manage the three-year roadmap

    Keep an eye on the future since it will feed the present

    The three-year roadmap is a great planning tool, but it is not 100% reliable. There are inherent flaws and challenges. Essentially, the roadmap is a set of three "crystal balls" attempting to tell you what the future holds. The vision for year 1 may be clear, but for each subsequent year, the crystal ball becomes foggier. In addition, the timeline is constantly changing; before you know it, tomorrow becomes today and year 2 becomes year 1.

    To help navigate through the roadmap and maximize its potential, follow these principles:

    • Manage each year of the roadmap differently.
      • Review the year-1 map each quarter to update your 90-day plans (See steps 2.10 and 3.4).
      • Review the year-2 map every six months to determine if any changes are necessary. As you cycle through this, your vantage point of year 2 will be 6 months or 12 months away from the beginning of year 2, and time moves quickly.
      • Review the year-3 map annually, and determine what needs to be added, changed, or deleted. Each time you review year 3, it will be a "new" year 3 that needs to be built.
    • Analyze the impact on the proposed modifications from two perspectives: 1) What is the impact if a requested modification is made? 2) What is the impact if a requested modification is not made?
    • Validate all modifications with leadership and stakeholders before updating the three-year roadmap to ensure internal alignment.

    Step 3.6 – Develop/improve vendor relationships

    Drive better performance through better relationships

    One of the key components of a VMI is relationship management. Good relationships with your vendors provide many benefits for both parties, but they don't happen by accident. Do not assume the relationship will be good or is good merely because your organization is buying products and services from a vendor.

    In many respects, the VMI should mirror a vendor's sales organization by establishing relationships at multiple levels within the vendor organizations, not just with the salesperson or account manager. Building and maintaining relationships is hard work, but the return on investment makes it worthwhile.

    Business relationships are comprised of many components, not all of which must be present to have a great relationship. However, there are some essential components. Whether you are trying to develop, improve, or maintain a relationship with a vendor, make sure you are conscious of the following:

    • Focusing your energies on strategic vendors first and then tactical and operational vendors.
    • Being transparent and honest in your communications.
    • Continuously building trust by being responsive and honoring commitments (timely).
    • Creating a collaborative environment and build upon common ground.
    • Thanking the vendor when appropriate.
    • Resolving disputes early, avoiding the "blame game", and being objective when there are disagreements.

    Phase 4 - Review

    Keep your VMI up to date and running smoothly

    Phase 1

    Phase 2Phase 3Phase 4

    1.1 Mission Statement and Goals

    1.2 Scope

    1.3 Strengths and Obstacles

    1.4 Roles and Responsibilities

    2.1 Classification Model

    2.2 Risk Assessment Tool

    2.3 Scorecards and Feedback

    2.4 Business Alignment Meeting Agenda

    2.5 Relationship Alignment Document

    2.6 Vendor Orientation

    2.7 3-Year Roadmap

    2.8 90-Day Plan

    2.9 Quick Wins

    2.10 Reports

    3.1 Classify Vendors

    3.2 Compile Scorecards

    3.3 Conduct Business Alignment Meetings

    3.4 Work the 90-Day Plan

    3.5 Manage the 3-Year Roadmap

    3.6 Develop/Improve Vendor Relationships

    4.1 Incorporate Leading Practices

    4.2 Leverage Lessons Learned

    4.3 Maintain Internal Alignment

    This phase will walk you through the following activity:

    • Helping the VMI identify what it should stop doing, start doing, and continue doing as it improves and matures. The main outcomes from this phase are ways to advance the VMI and maintain internal alignment.

    This phase involves the following participants:

    • VMI team
    • Applicable stakeholders and executives
    • Others as needed

    Vendor Management Initiative Basics for the Small/Medium Businesses

    Phase 4 – Review

    Keep your VMI up to date and running smoothly

    As the adage says, "The only thing constant in life is change." This is particularly true for your VMI. It will continue to mature, people inside and outside of the VMI will change, resources will expand or contract from year to year, your vendor base will change. As a result, your VMI needs the equivalent of a physical every year. In place of bloodwork, x-rays, and the other paces your physician may put you through, you'll assess compliance with your policies and procedures, incorporate leading practices, leverage lessons learned, maintain internal alignment, and update governances.

    Be thorough in your actions during this Phase to get the most out of it. It requires more than the equivalent of gauging a person's health by taking their temperature, measuring their blood pressure, and determining their body mass index. Keeping your VMI up-to-date and running smoothly takes hard work.

    Some of the items presented in this Phase require an annual review; others may require quarterly review or timely review (i.e. when things are top of mind and current). For example, collecting lessons learned should happen on a timely basis rather than annually, and classifying your vendors should occur annually rather than every time a new vendor enters the fold.

    Ultimately, the goal is to improve over time and stay aligned with other areas internally. This won't happen by accident. Being proactive in the review of your VMI further reinforces the nature of the VMI itself – proactive vendor management, not reactive!

    Step 4.1 – Incorporate leading practices

    Identify and evaluate what external VMIs are doing

    The VMI's world is constantly shifting and evolving. Some changes will take place slowly, while others will occur quickly. Think about how quickly the cloud environment has changed over the past five years versus the 15 years before that; or think about issues that have popped up and instantly altered the landscape (we're looking at you COVID and ransomware). As a result, the VMI needs to keep pace, and one of the best ways to do that is to incorporate leading practices.

    At a high level, a leading practice is a way of doing something that is better at producing a particular outcome or result or performing a task or activity than other ways of proceeding. The leading practice can be based on methodologies, tools, processes, procedures, and other items. Leading practices change periodically due to innovation, new ways of thinking, research, and other factors. Consequently, a leading practice is to identify and evaluate leading practices each year.

    Step 4.1 – Incorporate leading practices (cont'd)

    Update your VMI based on your research

    • A simple approach for incorporating leading practices into your regular review process is set out below:
    • Research:
      • What other VMIs in your industry are doing.
      • What other VMIs outside your industry are doing.
      • Vendor management in general.
    • Based on your results, list specific leading practices others are doing that would improve your VMI (be specific – e.g. other VMIs are incorporating risk into their classification process).
    • Evaluate your list to determine which of these potential changes fit or could be modified to fit your culture and environment.
    • Recommend the proposed changes to leadership (with a short business case or explanation/justification, as needed) and gain approval.

    Remember: Leading practices or best practices may not be what is best for you. In some instances, you will have to modify them to fit in your culture and environment; in other instances, you will elect not to implement them at all (in any form).

    Step 4.2 – Leverage lessons learned

    Tap into the collective wisdom and experience of your team members

    There are many ways to keep your VMI running smoothly, and creating a lessons learned library is a great complement to the other ways covered in this Phase 4 - Review. By tapping into the collective wisdom of the team and creating a safe feedback loop, the VMI gains the following benefits:

    • Documented institutional wisdom and knowledge normally found only in the team members' brains.
    • The ability for one team member to gain insights and avoid mistakes without having to duplicate the events leading to the insights or mistakes.
    • Improved methodologies, tools, processes, procedures, skills, and relationships.

    Many of the processes raised in this Phase can be performed annually, but a lessons learned library works best when the information is deposited in a timely manner. How you choose to set up your lessons learned process will depend on the tools you select and your culture. You may want to have regular input meetings to share the lessons as they are being deposited, or you may require team members to deposit lessons learned on a regular basis (within a week after they happen, monthly, or quarterly). Waiting too long can lead to vague or lost memories and specifics; timeliness of the deposits is a crucial element.

    Step 4.2 – Leverage lessons learned (cont'd)

    Create a library to share valuable information across the team

    Lessons learned are not confined to identifying mistakes or dissecting bad outcomes. You want to reinforce good outcomes, as well. When an opportunity for a lessons-learned deposit arises, identify the following basic elements:

    • A brief description of the situation and outcome.
    • What went well (if anything) and why did it go well?
    • What didn't go well (if anything) and why didn't it go well?
    • What would/could you do differently next time?
    • A synopsis of the lesson(s) learned.

    Info-Tech Insights

    The lessons learned library needs to be maintained. Irrelevant material needs to be culled periodically, and older or duplicate material may need to be archived.

    the lessons learned process should be blameless. The goal is to share insightful information, not to reward or punish people based on outcomes or results.

    Step 4.3 – Maintain internal alignment

    Review the plans of other internal areas to stay in sync

    Maintaining internal alignment is essential for the ongoing success of the VMI. Over time, it is easy to lose sight of the fact that the VMI does not operate in a vacuum; it is an integral component of a larger organization whose parts must work well together to function optimally. Focusing annually on the VMI's alignment within the enterprise helps reduce any breakdowns that could derail the organization.

    To ensure internal alignment:

    • Review the key components of the applicable materials from Phase 1 - Plan and Phase 2 - Build with the appropriate members of the leadership team (e.g. executives, sponsors, and stakeholders). Not every item from those Phases and Steps needs to be reviewed but err on the side of caution for the first set of alignment discussions, and be prepared to review each item. You can gauge the audience's interest on each topic and move quickly when necessary or dive deeper when needed. Identify potential changes required to maintain alignment.
    • Review the strategic plans (e.g. 1-, 3-, and 5- year plans) for various portions of the organization if you have access to them or gather insights if you don't have access.
      • If the VMI is under the IT umbrella, review the strategic plans for IT and its departments.
      • Review the strategic plans for the areas the VMI works with (e.g. Procurement, Business Units).
      • The organization itself.
    • Create and vet a list of modifications to the VMI and obtain approval.
    • Develop a plan for making the necessary changes.

    Summary of Accomplishment

    Problem solved

    Vendor management is a broad, often overwhelming, comprehensive spectrum that encompasses many disciplines. By now, you should have a great idea of what vendor management can or will look like in your organization. Focus on the basics first: Why does the VMI exist and what does it hope to achieve? What is it's scope? What are the strengths you can leverage, and what obstacles must you manage? How will the VMI work with others? From there, the spectrum of vendor management will begin to clarify and narrow.

    Leverage the tools and templates from this blueprint and adapt them to your needs. They will help you concentrate your energies in the right areas and on the right vendors to maximize the return on your organization's investment in the VMI of time, money, personnel, and other resources. You may have to lead by example internally and with your vendors at first, but they will eventually join you on your path if you stay true to your course.

    At the heart of a good VMI is the relationship component. Don't overlook its value in helping you achieve your vendor management goals. The VMI does not operate in a vacuum, and relationships (internal and external) will be critical.

    Lastly, seek continual improvement from the VMI and from your vendors. Both parties should be held accountable, and both parties should work together to get better. Be proactive in your efforts, and you, the VMI, and the organization will be rewarded.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop

    Contact your account representative for more information

    workshops@infotech.com
    1-888-670-8889

    Related Info-Tech Research

    Prepare for Negotiations More Effectively
    Don't leave negotiation preparations and outcomes to chance. Learn how to prepare for negotiations more effectively and improve your results.

    Understand Common IT Contract Provisions to Negotiate More Effectively
    Info-Tech's guidance and insights will help you navigate the complex process of contract review and identify the key details necessary to maximize the protections for your organization.

    Capture and Market the ROI of Your VMO
    Calculating the impact or value of a vendor management office (VMO) can be difficult without the right framework and tools. Let Info-Tech's tools and templates help you account for the contributions made by your VMO.

    Bibliography

    Slide 5 – ISG Index 4Q 2021, Information Services Group, Inc., 2022.

    Slide 6 – ISG Index 4Q 2021, Information Services Group, Inc., 2022.

    Slide 7 – Geller & Company. "World-Class Procurement — Increasing Profitability and Quality." Spend Matters. 2003. Web. Accessed 4 Mar. 2019.

    Slide 26 – Guth, Stephen. The Vendor Management Office: Unleashing the Power of Strategic Sourcing. Lulu.com, 2007. Print. Protiviti. Enterprise Risk Management. Web. 16 Feb. 2017.

    Slide 34 – "Why Do We Perform Better When Someone Has High Expectations of Us?" The Decision Lab. Accessed January 31, 2022.

    Slide 56 - Top 10 Tips for Creating Compelling Reports," October 11, 2019, Design Eclectic. Accessed March 29, 2022.

    Slide 56 – "Six Tips for Making a Quality Report Appealing and Easy To Skim," Agency for Health Research and Quality. Accessed March 29, 2022.

    Slide 56 –Tucker, Davis. Marketing Reporting: Tips to Create Compelling Reports, March 28, 2020, 60 Second Marketer. Accessed March 29, 2022.

    Tech Trend Update: If Biosecurity Then Autonomous Edge

    • Buy Link or Shortcode: {j2store}99|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation

    COVID-19 has created new risks to physical encounters among workers and customers. New biosecurity processes and ways to effectively enforce them – in the least intrusive way possible – are required to resume these activities.

    Our Advice

    Critical Insight

    New biosecurity standards will be imposed on many industries, and the autonomous edge will be part of the solution to manage that new reality.

    Impact and Result

    There are some key considerations for businesses considering new biosecurity measures:

    1. If prevention, then ID-based access control
    2. If intervention, then alerts based on data
    3. If investigation, then contact tracing

    Tech Trend Update: If Biosecurity Then Autonomous Edge Research & Tools

    Tech Trend Update: If Biosecurity Then Autonomous Edge

    Understand how new biosecurity requirements could affect your business and why AI at the edge could be part of the solution.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Tech Trend Update: If Biosecurity Then Autonomous Edge Storyboard
    [infographic]

    Innovation

    • Buy Link or Shortcode: {j2store}21|cart{/j2store}
    • Related Products: {j2store}21|crosssells{/j2store}
    • Teaser Video: Visit Website
    • Teaser Video Title: Digital Ethics = Data Equity
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • sidebar graphic: Visit Link
    • Parent Category Name: Strategy and Governance
    • Parent Category Link: /strategy-and-governance
    Innovation is the at heart of every organization, especially in these fast moving times. It does not matter if you are in a supporting or "traditional" sector.  The company performing the service in a faster, better and more efficient way, wins.

    innovation

    Considerations for a Hub and Spoke Model When Deploying Infrastructure in the Cloud

    • Buy Link or Shortcode: {j2store}472|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Cloud Strategy
    • Parent Category Link: /cloud-strategy
    • The organization is planning to move resources to cloud or devise a networking strategy for their existing cloud infrastructure to harness value from cloud.
    • The right topology needs to be selected to deploy network level isolation, design the cloud for management efficiencies and provide access to shared services on cloud.
    • A perennial challenge for infrastructure on cloud is planning for governance vs flexibility which is often overlooked.

    Our Advice

    Critical Insight

    Don’t wait until the necessity arises to evaluate your networking in the cloud. Get ahead of the curve and choose the topology that optimizes benefits and supports organizational needs in the present and the future.

    Impact and Result

    • Define organizational needs and understand the pros and cons of cloud network topologies to strategize for the networking design.
    • Consider the layered complexities of addressing the governance vs. flexibility spectrum for your domains when designing your networks.

    Considerations for a Hub and Spoke Model When Deploying Infrastructure in the Cloud Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Considerations for a Hub and Spoke Model When Deploying Infrastructure in the Cloud Deck – A document to guide you through designing your network in the cloud.

    What cloud networking topology should you use? How do you provide access to shared resources in the cloud or hybrid infrastructure? What sits in the hub and what sits in the spoke?

    • Considerations for a Hub and Spoke Model When Deploying Infrastructure in the Cloud Storyboard
    [infographic]

    Further reading

    Considerations for a Hub and Spoke Model When Deploying Infrastructure in the Cloud

    Don't revolve around a legacy design; choose a network design that evolves with the organization.

    Analyst Perspective

    Cloud adoption among organizations increases gradually across both the number of services used and the amount those services are used. However, network builders tend to overlook the vulnerabilities of network topologies, which leads to complications down the road, especially since the structures of cloud network topologies are not all of the same quality. A network design that suits current needs may not be the best solution for the future state of the organization.

    Even if on-prem network strategies were retained for ease of migration, it is important to evaluate and identify the cloud network topology that can not only elevate the performance of your infrastructure in the cloud, but also that can make it easier to manage and provision resources.

    An "as the need arises" strategy will not work efficiently since changing network designs will change the way data travels within your network, which will then need to be adopted to existing application architectures. This becomes more complicated as the number of services hosted in the cloud grows.

    Keep a network strategy in place early on and start designing your infrastructure accordingly. This gives you more control over your networks and eliminates the need for huge changes to your infrastructure down the road.

    This is a picture of Nitin Mukesh

    Nitin Mukesh
    Senior Research Analyst, Infrastructure and Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    The organization is planning to move resources to the cloud or devise a networking strategy for their existing cloud infrastructure to harness value from the cloud.

    The right topology needs to be selected to deploy network level isolation, design the cloud for management efficiencies, and provide access to shared services in the cloud.

    A perennial challenge for infrastructure in the cloud is planning for governance vs. flexibility, which is often overlooked.

    Common Obstacles

    The choice of migration method may result in retaining existing networking patterns and only making changes when the need arises.

    Networking in the cloud is still new, and organizations new to the cloud may not be aware of the cloud network designs they can consider for their business needs.

    Info-Tech's Approach

    Define organizational needs and understand the pros and cons of cloud network topologies to strategize for the networking design.

    Consider the layered complexities of addressing the governance vs. flexibility spectrum for your domains when designing your networks.

    Insight Summary

    Don't wait until the necessity arises to evaluate your networking in the cloud. Get ahead of the curve and choose the topology that optimizes benefits and supports organizational needs in the present and future.

    Your challenge

    Selecting the right topology: Many organizations migrate to the cloud retaining a mesh networking topology from their on-prem design, or they choose to implement the mesh design leveraging peering technologies in the cloud without a strategy in place for when business needs change. While there may be many network topologies for on-prem infrastructure, the network design team may not be aware of the best approach in cloud platforms for their requirements, or a cloud networking strategy may even go overlooked during the migration.

    Finding the right cloud networking infrastructure for:

    • Management efficiencies
    • Network-level isolation of resources
    • Access to shared services

    Deciding between governance and flexibility in networking design: In the hub and spoke model, if a domain is in the hub, the greater the governance over it, and if it sits in the spoke, the higher the flexibility. Having a strategy for the most important domains is key. For example, some security belongs in the hub and some security belongs in the spoke. The tradeoff here is if it sits completely in the spoke, you give it a lot of freedom, but it becomes harder to standardize across the organization.

    Mesh network topology

    A mesh is a design where virtual private clouds (VPCs) are connected to each other individually creating a mesh network. The network traffic is fast and can be redirected since the nodes in the network are interconnected. There is no hierarchical relationship between the networks, and any two networks can connect with each other directly.

    In the cloud, this design can be implemented by setting up peering connections between any two VPCs. These VPCs can also be set up to communicate with each other internally through the cloud service provider's network without having to route the traffic via the internet.

    While this topology offers high redundancy, the number of connections grows tremendously as more networks are added, making it harder to scale a network using a mesh topology.

    Mesh Network on AWS

    This is an image of a Mesh Network on AWS

    Source: AWS, 2018

    Constraints

    The disadvantages of peering VPCs into a mesh quickly arise with:

    • Transitive connections: Transitive connections are not supported in the cloud, unlike with on-prem networking. This means that if there are two networks that need to communicate, a single peering link can be set up between them. However, if there are more than two networks and they all need to communicate, they should all be connected to each other with separate individual connections.
    • Cost of operation: The lack of transitive routing requires many connections to be set up, which adds up to a more expensive topology to operate as the number of networks grows. Cloud providers also usually limit the number of peering networks that can be set up, and this limit can be hit with as few as 100 networks.
    • Management: Mesh tends to be very complicated to set up, owing to the large number of different peering links that need to be established. While this may be manageable for small organizations with small operations, for larger organizations with robust cybersecurity practices that require multiple VPCs to be deployed and interconnected for communications, mesh opens you up to multiple points of failure.
    • Redundancy: With multiple points of failure already being a major drawback of this design, you also cannot have more than one peered connection between any two networks at the same time. This makes designing your networking systems for redundancy that much more challenging.
    Number of virtual networks 10 20 50 100
    Peering links required
    [(n-1)*n]/2
    45 190 1225 4950

    Proportional relationship of virtual networks to required peering links in a mesh topology

    Case study

    INDUSTRY: Blockchain
    SOURCE: Microsoft

    An organization with four members wants to deploy a blockchain in the cloud, with each member running their own virtual network. With only four members on the team, a mesh network can be created in the cloud with each of their networks being connected to each other, adding up to a total of 12 peering connections (four members with three connections each). While the members may all be using different cloud accounts, setting up connections between them will still be possible.

    The organization wants to expand to 15 members within the next year, with each new member being connected with their separate virtual networks. Once grown, the organization will have a total of 210 peering connections since each of the virtual networks will then need 14 peering connections. While this may still be possible to deploy, the number of connections makes it harder to manage and would be that much more difficult to deploy if the organization grows to even 30 or 40 members. The new scale of virtual connections calls for an alternative networking strategy that cloud providers offer – the hub and spoke topology.

    This is an image of the connections involved in a mesh network with four participants.

    Source: Microsoft, 2017

    Hub and spoke network topology

    In hub and spoke network design, each network is connected to a central network that facilitates intercommunication between the networks. The central network, also called the hub, can be used by multiple workloads/servers/services for hosting services and for managing external connectivity. Other networks connected to the hub through network peering are called spokes and host workloads.

    Communications between the workloads/servers/services on spokes pass in or out of the hub where they are inspected and routed. The spokes can also be centrally managed from the hub with IT rules and processes.

    A hub and spoke design enable a larger number of virtual networks to be interconnected as each network only needs one peered connection (to the hub) to be able to communicate with any other network in the system.

    Hub and Spoke Network on AWS

    This is an image of the Hub and Spoke Network on AWS

    What hub and spoke networks do better

    1. Ease of connectivity: Hub and spoke decreases the liabilities of scale that come from a growing business by providing a consistent connection that can be scaled easily. As more networks are added to an organization, each will only need to be connected once – to the hub. The number of connections is considerably lower than in a mesh topology and makes it easier to maintain and manage.
    2. Business agility and scalability: It is easier to increase the number of networks than in mesh, making it easier to grow your business into new channels with less time, investment, and risk.
    3. Data collection: With a hub and spoke design, all data flows through the hub – depending on the design, this includes all ingress and egress to and from the system. This makes it an excellent central network to collect all business data.
    4. Network-level isolation: Hub and spoke enables separation of workloads and tiers into different networks. This is particularly useful to ensure an issue affecting a network or a workload does not affect the rest.
    5. Network changes: Changes to a separated network are much easier to carry out knowing the changes made will not affect all the other connected networks. This reduces work-hours significantly when systems or applications need to be altered.
    6. Compliance: Compliance requirements such as SOC 1 and SOC 2 require separate environments for production, development, and testing, which can be done in a hub and spoke model without having to re-create security controls for all networks.

    Hub and spoke constraints

    While there are plenty of benefits to using this topology, there are still a few notable disadvantages with the design.

    Point-to-point peering

    The total number of total peered connections required might be lower than mesh, but the cost of running independent projects is cheaper on mesh as point-to-point data transfers are cheaper.

    Global access speeds with a monolithic design

    With global organizations, implementing a single monolithic hub network for network ingress and egress will slow down access to cloud services that users will require. A distributed network will ramp up the speeds for its users to access these services.

    Costs for a resilient design

    Connectivity between the spokes can fail if the hub site dies or faces major disruptions. While there are redundancy plans for cloud networks, it will be an additional cost to plan and build an environment for it.

    Leverage the hub and spoke strategy for:

    Providing access to shared services: Hub and spoke can be used to give workloads that are deployed on different networks access to shared services by placing the shared service in the hub. For example, DNS servers can be placed in the hub network, and production or host networks can be connected to the hub to access it, or if the central network is set up to host Active Directory services, then servers in other networks can act as spokes and have full access to the central VPC to send requests. This is also a great way to separate workloads that do not need to communicate with each other but all need access to the same services.

    Adding new locations: An expanding organization that needs to add additional global or domestic locations can leverage hub and spoke to connect new network locations to the main system without the need for multiple connections.

    Cost savings: Apart from having fewer connections than mesh that can save costs in the cloud, hub and spoke can also be used to centralize services such as DNS and NAT to be managed in one location rather than having to individually deploy in each network. This can bring down management efforts and costs considerably.

    Centralized security: Enterprises can deploy a center of excellence on the hub for security, and the spokes connected to it can leverage a higher level of security and increase resilience. It will also be easier to control and manage network policies and networking resources from the hub.

    Network management: Since each spoke is peered only once to the hub, detecting connectivity problems or other network issues is made simpler in hub and spoke than on mesh. A network manager deployed on the cloud can give access to network problems faster than on other topologies.

    Hub and spoke – mesh hybrid

    The advantages of using a hub and spoke model far exceed those of using a mesh topology in the cloud and go to show why most organizations ultimately end up using the hub and spoke as their networking strategy.

    However, organizations, especially large ones, are complex entities, and choosing only one model may not serve all business needs. In such cases, a hybrid approach may be the best strategy. The following slides will demonstrate the advantages and use cases for mesh, however limited they might be.

    Where it can be useful:

    An organization can have multiple network topologies where system X is a mesh and system Y is a hub and spoke. A shared system Z can be a part of both systems depending on the needs.

    An organization can have multiple networks interconnected in a mesh and some of the networks in the mesh can be a hub for a hub-spoke network. For example, a business unit that works on data analysis can deploy their services in a spoke that is connected to a central hub that can host shared services such as Active Directory or NAT. The central hub can then be connected to a regional on-prem network where data and other shared services can be hosted.

    Hub and spoke – mesh hybrid network on AWS

    This is an image of the Hub and spoke – mesh hybrid network on AWS

    Why mesh can still be useful

    Benefits Of Mesh

    Use Cases For Mesh

    Security: Setting up a peering connection between two VPCs comes with the benefit of improving security since the connection can be private between the networks and can isolate public traffic from the internet. The traffic between the networks never has to leave the cloud provider's network, which helps reduce a class of risks.

    Reduced network costs: Since the peered networks communicate internally through the cloud's internal networks, the data transfer costs are typically cheaper than over the public internet.

    Communication speed: Improved network latency is a key benefit from using mesh because the peered traffic does not have to go over the public internet but rather the internal network. The network traffic between the connections can also be quickly redirected as needed.

    Higher flexibility for backend services: Mesh networks can be desirable for back-end services if egress traffic needs to be blocked to the public internet from the deployed services/servers. This also helps avoid having to set up public IP or network address translation (NAT) configurations.

    Connecting two or more networks for full access to resources: For example, consider an organization that has separate networks for each department, which don't all need to communicate with each other. Here, a peering network can be set up only between the networks that need to communicate with full or partial access to each other such as finance to HR or accounting to IT.

    Specific security or compliance need: Mesh or VPC peering can also come in handy to serve specific security needs or logging needs that require using a network to connect to other networks directly and in private. For example, global organizations that face regulatory requirements of storing or transferring data domestically with private connections.

    Systems with very few networks that do not need internet access: Workloads deployed in networks that need to communicate with each other but do not require internet access or network address translation (NAT) can be connected using mesh especially when there are security reasons to keep them from being connected to the main system, e.g. backend services such as testing environments, labs, or sandboxes can leverage this design.

    Designing for governance vs. flexibility in hub and spoke

    Governance and flexibility in managing resources in the cloud are inversely proportional: The higher the governance, the less freedom you have to innovate.

    The complexities of designing an organization's networks grow with the organization as it becomes global and takes on more services and lines of business. Organizations that choose to deploy the hub and spoke model face a dilemma in choosing between governance and flexibility for their networks. Organizations need to find that sweet spot to find the right balance between how much they want to govern their systems, mainly for security- and cost-monitoring, and how much flexibility they want to provide for innovation and other operations, since the two usually tend to have an inverse relationship.

    This decision in hub and spoke usually means that the domains chosen for higher governance must be placed in the hub network, and the domains that need more flexibility in a spoke. The key variables in the following slide will help determine the placement of the domain and will depend entirely on the organization's context.

    The two networking patterns in the cloud have layered complexities that need to be systematically addressed.

    Designing for governance vs. flexibility in hub and spoke

    If a network has more flexibility in all or most of these domains, it may be a good candidate for a spoke-heavy design; otherwise, it may be better designed in a hub-centric pattern.

    • Function: The function the domain network is assigned to and the autonomy the function needs to be successful. For example, software R&D usually requires high flexibility to be successful.
    • Regulations: The extent of independence from both internal and external regulatory constraints the domain has. For example, a treasury reporting domain typically has high internal and external regulations to adhere to.
    • Human resources: The freedom a domain has to hire and manage its resources to perform its function. For example, production facilities in a huge organization have the freedom to manage their own resources.
    • Operations: The freedom a domain has to control its operations and manage its own spending to perform its functions. For example, governments usually have different departments and agencies, each with its own budget to perform its functions.
    • Technology: The independence and the ability a domain has to manage its selection and implementation of technology resources in the cloud. For example, you may not want a software testing team to have complete autonomy to deploy resources.

    Optimal placement of services between the hub and spoke

    Shared services and vendor management

    Resources that are shared between multiple projects or departments or even by the entire organization should be hosted on the hub network to simplify sharing these services. For example, e-learning applications that may be used by multiple business units to train their teams, Active Directory accessed by most teams, or even SAAS platforms such as O365 and Salesforce can leverage buying power and drive down the costs for the organization. Shared services should also be standardized across the organization and for that, it needs to have high governance.

    Services that are an individual need for a network and have no preexisting relationship with other networks or buying power and scale can be hosted in a spoke network. For example, specialized accounting software used exclusively by the accounting team or design software used by a single team. Although the services are still a part of the wider network, it helps separate duties from the shared services network and provides flexibility to the teams to customize and manage their services to suit their individual needs.

    Network egress and interaction

    Network connections, be they in the cloud or hybrid-cloud, are used by everyone to either connect to the internet, access cloud services, or access the organization's data center. Since this is a shared service, a centralized networking account must be placed in the hub for greater governance. Interactions between the spokes in a hub and spoke model happens through the hub, and providing internet access to the spokes through the hub can help leverage cost benefits in the cloud. The network account will perform routing duties between the spokes, on-prem assets, and egress out to the internet.

    For example, NAT gateways in the cloud that are managed services are usually charged by the hour, and deploying NAT on each spoke can be harder to manage and expensive to maintain. A NAT gateway deployed in a central networking hub can be accessed by all spokes, so centralizing it is a great option.

    Note that, in some cases, when using edge locations for data transfers, it may be cost effective to deploy a NAT in the spoke, but such cases usually do not apply to most organizational units.

    A centralized network hub can also be useful to configure network policies and network resources while organizational departments can configure non-network resources, which helps separate responsibilities for all the spokes in the system. For example, subnets and routes can be controlled from the central network hub to ensure standardized network policies across the network.

    Security

    While there needs to be security in the hub and the spokes individually, finding the balance of operation can make the systems more robust. Hub and spoke design can be an effective tool for security when a principal security hub is hosted in the hub network. The central security hub can collect data from the spokes as well as non-spoke sources such as regulatory bodies and threat intelligence providers, and then share the information with the spokes.

    Threat information sharing is a major benefit of using this design, and the hub can take actions to analyze and enrich the data before sharing it with spokes. Shared services such as threat intelligence platforms (TIP) can also benefit from being centralized when stationed in the hub. A collective defense approach between the hub and spoke can be very successful in addressing sophisticated threats.

    Compliance and regulatory requirements such as HIPAA can also be placed in the hub, and the spokes connected to it can make use of it instead of having to deploy it in each spoke individually.

    Cloud metering

    The governance vs. flexibility paradigm usually decides the placement of cloud metering, i.e. if the organization wants higher control over cloud costs, it should be in the central hub, whereas if it prioritizes innovation, the spokes should be allowed to control it. Regardless of the placement of the domain, the costs can be monitored from the central hub using cloud-native monitoring tools such as Azure Monitor or any third-party software deployed in the hub.

    For ease of governance and since resources are usually shared at a project level, most cloud service providers suggest that an individual metering service be placed in the spokes. The centralized billing system of the organization, however, can make use of scale and reserved instances to drive down the costs that the spokes can take advantage of. For example, billing and access control resources are placed in the lower levels in GCP to enable users to set up projects and perform their tasks. These billing systems in the lower levels are then controlled by a centralized billing system to decide who pays for the resources provisioned.

    Don't get stuck with your on-prem network design. Design for the cloud.

    1. Peering VPCs into a mesh design can be an easy way to get onto the cloud, but it should not be your networking strategy for the long run.
    2. Hub and spoke network design offers more benefits than any other network strategy to be adopted only when the need arises. Plan for the design early on and keep a strategy in place to deploy it as early as possible.
    3. Hybrid of mesh and hub and spoke will be very useful in connecting multiple large networks especially when they need to access the same resources without having to route the traffic over the internet.
    4. Governance vs. flexibility should be a key consideration when designing for hub and spoke to leverage the best out of your infrastructure.
    5. Distribute domains across the hub or spokes to leverage costs, security, data collection, and economies of scale, and to foster secure interactions between networks.

    Cloud network design strategy

    This is an image of the framework for developing a Cloud Network Design Strategy.

    Bibliography

    Borschel, Brett. "Azure Hub Spoke Virtual Network Design Best Practices." Acendri Solutions, 13 Jan. 2022. Web.
    Singh, Garvit. "Amazon Virtual Private Cloud Connectivity Options." AWS, January 2018. Web.
    "What Is the Hub and Spoke Information Sharing Model?" Cyware, 16 Aug. 2021. Web.
    Youseff, Lamia. "Mesh and Hub-and-Spoke Networks on Azure." Microsoft, Dec. 2017. Web.

    Get the Most Out of Your SAP

    • Buy Link or Shortcode: {j2store}240|cart{/j2store}
    • member rating overall impact (scale of 10): 9.7/10 Overall Impact
    • member rating average dollars saved: $6,499 Average $ Saved
    • member rating average days saved: 11 Average Days Saved
    • Parent Category Name: Optimization
    • Parent Category Link: /optimization
    • SAP systems are changed rarely and changing them has significant impact on an organization.
    • Research shows that even newly installed systems often fail to realize their full potential benefit to the organization.
    • Business process improvement is rarely someone’s day job.

    Our Advice

    Critical Insight

    A properly optimized SAP business process will reduce costs and increase productivity.

    Impact and Result

    • Build an ongoing optimization team to conduct application improvements.
    • Assess your SAP application(s) and the environment in which they exist. Take a business first strategy to prioritize optimization efforts.
    • Validate SAP capabilities, user satisfaction, issues around data, vendor management, and costs to build out an optimization strategy.
    • Pull this all together to develop a prioritized optimization roadmap.

    Get the Most Out of Your SAP Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Get the Most Out of Your SAP Storyboard – A guide to optimize your SAP.

    SAP is a core tool that the business leverages to accomplish its goals. Use this blueprint to strategically re-align business goals, identify business application capabilities, complete a process assessment, evaluate user adoption, and create an optimization plan that will drive a cohesive technology strategy that delivers results.

    • Get the Most Out of Your SAP – Phases 1-4

    2. Get the Most Out of Your SAP Workbook – A tool to document and assist with optimizing your SAP.

    The Get the Most out of Your SAP Workbook serves as the holding document for the different elements for the Get the Most out of Your SAP blueprint. Use each assigned tab to input the relevant information for the process of optimizing your SAP.

    • Get the Most Out of Your SAP Workbook

    Infographic

    Workshop: Get the Most Out of Your SAP

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Your SAP Application Vision

    The Purpose

    Get the most out of your SAP.

    Key Benefits Achieved

    Develop an ongoing SAP optimization team.

    Re-align SAP and business goals.

    Understand your current system state capabilities and processes.

    Validate user satisfaction, application fit, and areas of improvement to optimize your SAP.

    Take a 360-degree inventory of your SAP and related systems.

    Realign business and technology drivers. Assess user satisfaction.

    Review the SAP marketplace.

    Complete a thorough examination of capabilities and processes.

    Manage your vendors and data.

    Pull this all together to prioritize optimization efforts and develop a concrete roadmap.

    Activities

    1.1 Determine your SAP optimization team.

    1.2 Align organizational goals.

    1.3 Inventory applications and interactions.

    1.4 Define business capabilities.

    1.5 Explore SAP-related costs.

    Outputs

    SAP optimization team

    SAP business model

    SAP optimization goals

    SAP system inventory and data flow

    SAP process list

    SAP and related costs

    2 Map Current-State Capabilities

    The Purpose

    Map current-state capabilities.

    Key Benefits Achieved

    Complete an SAP process gap analysis to understand where the SAP is underperforming.

    Review the SAP application portfolio assessment to understand user satisfaction and data concerns.

    Undertake a software review survey to understand your satisfaction with the vendor and product.

    Activities

    2.1 Conduct gap analysis for SAP processes.

    2.2 Perform an application portfolio assessment.

    2.3 Review vendor satisfaction.

    Outputs

    SAP process gap analysis

    SAP application portfolio assessment

    ERP software reviews survey

    3 Assess SAP

    The Purpose

    Assess SAP.

    Key Benefits Achieved

    Learn the processes that you need to focus on.

    Uncover underlying user satisfaction issues to address these areas.

    Understand where data issues are occurring so that you can mitigate this.

    Investigate your relationship with the vendor and product, including that relative to others.

    Identify any areas for cost optimization (optional).

    Activities

    3.1 Explore process gaps.

    3.2 Analyze user satisfaction.

    3.3 Assess data quality.

    3.4 Understand product satisfaction and vendor management.

    3.5 Look for SAP cost optimization opportunities (optional).

    Outputs

    SAP process optimization priorities

    SAP vendor optimization opportunities

    SAP cost optimization

    4 Build the Optimization Roadmap

    The Purpose

    Build the optimization roadmap.

    Key Benefits Achieved

    Understanding where you need to improve is the first step, now understand where to focus your optimization efforts.

    Activities

    4.1 SAP process gap analysis

    4.2 SAP application portfolio assessment

    4.3 SAP software reviews survey

    Outputs

    ERP optimization roadmap

    Further reading

    Get the Most Out of Your SAP

    In today’s connected world, the continuous optimization of enterprise applications to realize your digital strategy is key.

    EXECUTIVE BRIEF

    Analyst Perspective

    Focus optimization on organizational value delivery.

    The image contains a picture of Chad Shortridge.

    Chad Shortridge

    Senior Research Director, Enterprise Applications

    Info-Tech Research Group

    The image contains a picture of Lisa Highfield.

    Lisa Highfield

    Research Director, Enterprise Applications

    Info-Tech Research Group

    Enterprise resource planning (ERP) is a core tool that the business leverages to accomplish its goals. An ERP that is doing its job well is invisible to the business. The challenges come when the tool is no longer invisible. It has become a source of friction in the functioning of the business.

    SAP systems are expensive, benefits can be difficult to quantify, and issues with the products can be difficult to understand. Over time, technology evolves, organizational goals change, and the health of these systems is often not monitored. This is complicated in today’s digital landscape with multiple integrations points, siloed data, and competing priorities.

    Too often organizations jump into selecting replacement systems without understanding the health of their systems. We can do better than this.

    IT leaders need to take a proactive approach to continually monitor and optimize their enterprise applications. Strategically re-align business goals, identify business application capabilities, complete a process assessment, evaluate user adoption, and create an optimization plan that will drive a cohesive technology strategy that delivers results.

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    Your SAP ERP systems are critical to supporting the organization’s business processes. They are expensive. Direct benefits and ROI can be hard to measure.

    SAP application portfolios are often behemoths to support. With complex integration points and unique business processes, stabilization is the norm.

    Application optimization is essential to staying competitive and productive in today’s digital environment.

    Balancing optimization with stabilization is one of the most difficult decisions for ERP application leaders.

    Competing priorities and often unclear ERP strategies make it difficult to make decisions about what, how, and when to optimize.

    Enterprise applications involve large numbers of processes, users, and evolving vendor roadmaps.

    Teams do not have a framework to illustrate, communicate, and justify the optimization effort in the language your stakeholders understand.

    In today’s rapidly changing SAP landscape it is imperative to evaluate your applications for optimization, no matter what your strategy is moving forward.

    Assess your SAP applications and the environment in which they exist. Take a business-first strategy to prioritize optimization efforts.

    Validate ERP capabilities, user satisfaction, issues around data, vendor management, and costs to build out an overall roadmap and optimization strategy.

    Pull this all together to prioritize optimization efforts and develop a concrete roadmap.

    Info-Tech Insight

    SAP ERP environments are changing, but we cannot stand still on our optimization efforts. Understand your product(s), processes, user satisfaction, integration points, and the availability of data to business decision makers. Examine these areas to develop a personalized SAP optimization roadmap that fits the needs of your organization. Incorporate these methodologies into an ongoing optimization strategy aimed at enabling the business, increasing productivity, and reducing costs.

    The image contains an Info-Tech Thought model on get the most out of your ERP.

    Insight summary

    Continuous assessment and optimization of your SAP ERP systems is critical to the success of your organization.

    • Applications and the environments in which they live are constantly evolving.
    • This blueprint provides business and application managers with a method to complete a health assessment of their ERP systems to identify areas for improvement and optimization.
    • Put optimization practices into effect by:
      • Aligning and prioritizing key business and technology drivers.
      • Identifying ERP process classification and performing a gap analysis.
      • Measuring user satisfaction across key departments.
      • Evaluating vendor relations.
      • Understanding how data plays into the mix.
      • Pulling it all together into an optimization roadmap.

    SAP enterprise resource planning (ERP) systems facilitate the flow of information across business units. It allows for the seamless integration of systems and creates a holistic view of the enterprise to support decision making. In many organizations, the SAP system is considered the lifeblood of the enterprise. Problems with this key operational system will have a dramatic impact on the ability of the enterprise to survive and grow. ERP implementation should not be a one-and-done exercise. There needs to be ongoing optimization to enable business processes and optimal organizational results.

    SAP enterprise resource planning (ERP)

    The image contains a diagram of the SAP enterprise resource planning. The diagram includes a circle with smaller circles all around it. The inside of the circle contains SAP logos. The circles around the big circle are labelled: Human Resources Management, Sales, Marketing, Customer Service, Asset Management, Logistics, Supply Chain Management, Manufacturing, R&D and Engineering, and Finance.

    What is SAP?

    SAP ERP systems facilitate the flow of information across business units. They allow for the seamless integration of systems and create a holistic view of the enterprise to support decision making.

    In many organizations, the ERP system is considered the lifeblood of the enterprise. Problems with this key operational system will have a dramatic impact on the ability of the enterprise to survive and grow.

    An ERP system:

    • Automates processes, reducing the amount of manual, routine work.
    • Integrates with core modules, eliminating the fragmentation of systems.
    • Centralizes information for reporting from multiple parts of the value chain to a single point.

    SAP use cases:

    Product-Centric

    Suitable for organizations that manufacture, assemble, distribute, or manage material goods.

    Service-Centric

    Suitable for organizations that provide and manage field services and/or professional services.

    SAP Fast Facts

    Product Description

    • SAP has numerous ERP products. Products can be found under ERP, Finance, Customer Relations and Experience, Supply Chain Management, Human Resources, and Technology Platforms.
    • SAP offers on-premises and cloud solutions for its ERP. In 2011, SAP released the HANA in-memory database. SAP ECC 6.0 reaches the end of life in 2027 (2030 extended support).
    • Many organizations are facing mandatory transformation. This is an excellent opportunity to examine ERP portfolios for optimization opportunities.
    • Now is the time to optimize to ensure you are prepared for the journey ahead.
    The image contains a timeline of the evolution of SAP ERP. The timeline is ordered: SAP R1-R3 1972-1992, SAP ECC 2003-2006, ERP Business Suite 2000+, SAP HANA In-Memory Database 2011, S/4 2015.

    Vendor Description

    • SAP SE was founded in 1972 by five former IBM employees.
    • The organization is focused on enterprise software that integrates all business processes and enables data processing in real-time.
    • SAP stands for Systems, Applications, and Products in Data Processing.
    • SAP offers more than 100 solutions covering all business functions.
    • SAP operates 65 data centers at 35 locations in 16 countries.

    Employees

    105,000

    Headquarters

    Walldorf, Baden-Württemberg, Germany

    Website

    sap.com

    Founded

    1972

    Presence

    Global, Publicly Traded

    SAP by the numbers

    Only 72% of SAP S/4HANA clients were satisfied with the product’s business value in 2022. This was 9th out of 10 in the enterprise resource planning category.

    Source: SoftwareReviews

    As of 2022, 65% of SAP customers have not made the move to S/4HANA. These customers will continue to need to optimize the current ERP to meet the demanding needs of the business.

    Source: Statista

    Organizations will need to continue to support and optimize their SAP ERP portfolios. As of 2022, 42% of ASUG members were planning a move to S/4HANA but had not yet started to move.

    Source: ASUG

    Your challenge

    This research is designed to help organizations who need to:

    • Understand the multiple deployment models and the roadmap to successfully navigate a move to S/4HANA.
    • Build a business case to understand the value behind a move.
    • Map functionality to ensure future compatibility.
    • Understand the process required to commercially navigate a move to S/4HANA.
    • Avoid a costly audit due to missed requirements or SAP whiteboarding sessions.

    HANA used to be primarily viewed as a commercial vehicle to realize legacy license model discounts. Now, however, SAP has built a roadmap to migrate all customers over to S/4HANA. While timelines may be delayed, the inevitable move is coming.

    30-35% of SAP customers likely have underutilized assets. This can add up to millions in unused software and maintenance.

    – Upperedge

    SAP challenges and dissatisfaction

    Drivers of Dissatisfaction

    Organizational

    People and teams

    Technology

    Data

    Competing priorities

    Knowledgeable staff/turnover

    Integration issues

    Access to data

    Lack of strategy

    Lack of internal skills

    Selecting tools and technology

    Data hygiene

    Budget challenges

    Ability to manage new products

    Keeping pace with technology changes

    Data literacy

    Lack of training

    Update challenges

    One view of the customer

    Finance, IT, Sales, and other users of the ERP system can only optimize ERP with the full support of each other. The cooperation of the departments is crucial when trying to improve ERP technology capabilities and customer interaction.

    Info-Tech Insight

    While technology is the key enabler of building strong customer experiences, there are many other drivers of dissatisfaction. IT must stand shoulder-to-shoulder with the business to develop a technology framework for ERP.

    Where are applications leaders focusing?

    Big growth numbers

    Year-over-year call topic requests

    Other changes

    Year-over-year call topic requests

    The image contains a graph to demonstrate year-over-year call topic requests. Year 1 has 79%, Year 2 76%, Year 3 65% requests, and Year 4 has 124% requests. The image contains a graph to demonstrate other changes in year-over-year call topic requests. Year 1 has -25%, Year 2 has 4%, and Year 3 has 13%.

    We are seeing applications leaders’ priorities change year over year, driven by a shift in their approach to problem solving. Leaders are moving from a process-centric approach to a collaborative approach that breaks down boundaries and brings teams together.

    Software development lifecycle topics are tactical point solutions. Organizations have been “shifting left” to tackle the strategic issues such as product vision and Agile mindset to optimize the whole organization.

    The S/4HANA journey

    Optimization can play a role in your transition to S/4HANA.

    • The business does not stop. Satisfy ongoing needs for business enablement.
    • Build out a collaborative SAP optimization team across the business and IT.
    • Engage the business to understand requirements.
    • Discover applications and processes.
    • Explore current-state capabilities and future-state needs.
    • Evaluate optimization opportunities. Are there short-term wins? What are the long-term goals?
    • Navigate the path to S/4HANA and develop some timelines and stage gates.
    • Set your course and optimization roadmap.
    • Capitalize on the methodologies for an ongoing optimization effort that can be continued after the S/4HANA go-live date.

    Many organizations may be coming up against changes to their SAP ERP application portfolio.

    Some challenges organizations may be dealing with include:

    • Heavily customized instances
    • Large volumes of data
    • Lack of documentation
    • Outdated business processes
    • Looming end of life

    Application optimization is risky without a plan

    Avoid these common pitfalls:

    • Not pursuing optimization because you are migrating to S/4HANA.
    • Not considering how this plays into the short-, medium-, and long-term ERP strategy.
    • Not considering application optimization as a business and IT partnership, which requires the continuous formal engagement of all participants.
    • Not having a good understanding of your current state, including integration points and data.
    • Not adequately accommodating feedback and changes after digital applications are deployed and employed.
    • Not treating digital applications as a motivator for potential future IT optimization efforts and incorporating digital assets in strategic business planning.
    • Not involving department leads, management, and other subject-matter experts to facilitate the organizational change digital applications bring.

    “[A] successful application [optimization] strategy starts with the business need in mind and not from a technological point of view. No matter from which angle you look at it, modernizing a legacy application is a considerable undertaking that can’t be taken lightly. Your best approach is to begin the journey with baby steps.”

    – Medium

    Info-Tech’s methodology for getting the most out of your ERP

    1. Map Current-State Capabilities

    2. Assess Your Current State

    3. Identify Key Optimization Areas

    4. Build Your Optimization Roadmap

    Phase Steps

    1. Identify stakeholders and build your SAP optimization team.
    2. Build an SAP strategy model.
    3. Inventory current system state.
    4. Define business capabilities.
    1. Conduct a gap analysis for ERP processes.
    2. Assess user satisfaction.
    3. Review your satisfaction with the vendor and product.
    1. Identify key optimization areas.
    2. Evaluate product sustainability over the short, medium, and long term.
    3. Identify any product changes anticipated over short, medium, and long term.
    1. Prioritize optimization opportunities.
    2. Identify key optimization areas.
    3. Compile optimization assessment results.

    Phase Outcomes

    1. Stakeholder map
    2. SAP optimization team
    3. SAP business model
    4. Strategy alignment
    5. Systems inventory and diagram
    6. Business capabilities map
    7. Key SAP processes list
    1. Gap analysis for SAP-related processes
    2. Understanding of user satisfaction across applications and processes
    3. Insight into SAP data quality
    4. Quantified satisfaction with the vendor and product
    5. Understanding SAP costs
    1. List of SAP optimization opportunities
    1. SAP optimization roadmap

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Get the Most Out of Your SAP Workbook

    Identify and prioritize your SAP optimization goals.

    The image contains screenshots of the SAP Workbook.

    Application Portfolio Assessment

    Assess IT-enabled user satisfaction across your SAP portfolio.

    The image contains a screenshot of the Application Portfolio Assessment.

    Key deliverable:

    The image contains a screenshot of the SAP Organization Roadmap.

    SAP Optimization Roadmap

    Complete an assessment of processes, user satisfaction, data quality, and vendor management.

    The image contains screenshots further demonstrating SAP deliverables.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.

    Guided Implementation

    Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.

    Workshop

    We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.

    Consulting

    Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Phase 3 Phase 4

    Call #1: Scope requirements, objectives, and your specific challenge.

    Call #2:

    • Build the SAP team.
    • Align organizational goals.

    Call #3:

    • Map current state.
    • Inventory SAP capabilities and processes.
    • Explore SAP-related costs.

    Call #4: Understand product satisfaction and vendor management.

    Call #5: Review APA results.

    Call #6: Understand SAP optimization opportunities.

    Call #7: Determine the right SAP path for your organization.

    Call #8:

    Build out optimization roadmap and next steps.

    A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is 8 to 12 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com1-888-670-8889

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Define Your SAP Application Vision

    Map Current State

    Assess SAP

    Build Your Optimization Roadmap

    Next Steps and Wrap-Up (offsite)

    Activities

    1.1 Identify Stakeholders and Build Your Optimization Team

    1.2 Build an SAP Strategy Model

    1.3 Inventory Current System State

    1.4 Define Optimization Timeframe

    1.5 Understand SAP Costs

    2.1 Assess SAP Capabilities

    2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

    3.1 Prioritize Optimization Opportunities

    3.2 Discover Optimization Initiatives

    4.1 Build Your Optimization Roadmap

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    1. SAP optimization team
    2. SAP business model
    3. SAP optimization goals
    4. System inventory and data flow
    5. Application and business capabilities list
    6. SAP optimization timeline
    1. SAP capability gap analysis
    2. SAP user satisfaction (application portfolio assessment)
    3. SAP SoftwareReviews survey results
    4. SAP current costs
    1. Product and vendor satisfaction opportunities
    2. Capability and feature optimization opportunities
    3. Process optimization opportunities
    4. Integration optimization opportunities
    5. Data optimization opportunities
    6. SAP cost-saving opportunities
    1. SAP optimization roadmap

    Phase 1

    Map Current-State Capabilities

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    1.1 Identify Stakeholders and Build Your Optimization Team

    1.2 Build an SAP Strategy Model

    1.3 Inventory Current System State

    1.4 Define Optimization Timeframe

    1.5 Understand SAP Costs

    2.1 Assess SAP Capabilities

    2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

    3.1 Prioritize Optimization Opportunities

    3.2 Discover Optimization Initiatives

    4.1 Build Your Optimization Roadmap

    This phase will guide you through the following activities:

    • Align your organizational goals
    • Gain a firm understanding of your current state
    • Inventory ERP and related applications
    • Confirm the organization’s capabilities

    This phase involves the following participants:

    • CFO
    • Department Leads – Finance, Procurement, Asset Management
    • Applications Director
    • Senior Business Analyst
    • Senior Developer
    • Procurement Analysts

    Step 1.1

    Identify Stakeholders and Build Your Optimization Team

    Activities

    1.1.1 Identify stakeholders critical to success

    1.1.2 Map your SAP optimization stakeholders

    1.1.3 Determine your SAP optimization team

    This step will guide you through the following activities:

    • Identify ERP drivers and objectives
    • Explore ERP challenges and pain points
    • Discover ERP benefits and opportunities
    • Align the ERP foundation with the corporate strategy

    This step involves the following participants:

    • Stakeholders
    • Project sponsors and leaders

    Outcomes of this step

    • Stakeholder map
    • SAP Optimization Team

    ERP optimization stakeholders

    • Understand the roles necessary to get the most out of your SAP.
    • Understand the role of each player within your project structure. Look for listed participants on the activities slides to determine when each player should be involved.

    Title

    Role Within the Project Structure

    Organizational Sponsor

    • Owns the project at the management/C-suite level
    • Responsible for breaking down barriers and ensuring alignment with your organizational strategy
    • CIO, CFO, COO, or similar

    Project Manager

    • The IT individual(s) that oversee day-to-day project operations
    • Responsible for preparing and managing the project plan and monitoring the project team’s progress
    • Applications Manager or other IT Manager, Business Analyst, Business Process Owner, or similar

    Business Unit Leaders

    • Works alongside the IT Project Manager to ensure the strategy is aligned with business needs
    • In this case, likely to be a marketing, sales, or customer service lead
    • Sales Director, Marketing Director, Customer Care Director, or similar

    Optimization Team

    • Comprised of individuals whose knowledge and skills are crucial to project success
    • Responsible for driving day-to-day activities, coordinating communication, and making process and design decisions; can assist with persona and scenario development for ERP
    • Project Manager, Business Lead, ERP Manager, Integration Manager, Application SMEs, Developers, Business Process Architects, and/or similar SMEs

    Steering Committee

    • Comprised of the C-suite/management-level individuals that act as the project’s decision makers
    • Responsible for validating goals and priorities, defining the project scope, enabling adequate resourcing, and managing change
    • Project Sponsor, Project Manager, Business Lead, CFO, Business Unit SMEs, or similar

    Info-Tech Insight

    Do not limit project input or participation. Include subject-matter experts and internal stakeholders at stages within the project. Such inputs can be solicited on a one-off basis as needed. This ensures you take a holistic approach to create your ERP optimization strategy.

    1.1.1 Identify SAP optimization stakeholders

    1 hour

    1. Hold a meeting to identify the SAP optimization stakeholders.
    2. Use next slide as a guide.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot from the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    Understand how to navigate the complex web of stakeholders in ERP

    Identify which stakeholders to include and what their level of involvement should be during requirements elicitation based on relevant topic expertise.

    Sponsor

    End User

    IT

    Business

    Description

    An internal stakeholder who has final sign-off on the ERP project.

    Front-line users of the ERP technology.

    Back-end support staff who are tasked with project planning, execution, and eventual system maintenance.

    Additional stakeholders that will be impacted by any ERP technology changes.

    Examples

    • CEO
    • CIO/CTO
    • COO
    • CFO
    • Warehouse personnel
    • Sales teams
    • HR admins
    • Applications manager
    • Vendor relationship manager(s)
    • Director, Procurement
    • VP, Marketing
    • Manager, HR

    Value

    Executive buy-in and support is essential to the success of the project. Often, the sponsor controls funding and resource allocation.

    End users determine the success of the system through user adoption. If the end user does not adopt the system, the system is deemed useless and benefits realization is poor.

    IT is likely to be responsible for more in-depth requirements gathering. IT possesses critical knowledge around system compatibility, integration, and data.

    Involving business stakeholders in the requirements gathering will ensure alignment between HR and organizational objectives.

    Large-scale ERP projects require the involvement of many stakeholders from all corners and levels of the organization, including project sponsors, IT, end users, and business stakeholders. Consider the influence and interest of stakeholders in contributing to the requirements elicitation process and involve them accordingly.

    EXAMPLE: Stakeholder involvement during selection

    The image contains an example of stakeholder involvement during selection. The graph is comparing influence and interest. In the lowest section of both influence and interest, it is labelled Monitor. With low interest but high influence that is labelled Keep Satisfied. In low influence but high interest it is labelled Keep Informed. The section that is high in both interest and influence that is labelled Involve closely.

    Activity 1.1.2 Map your SAP optimization stakeholders

    1 hour

    1. Use the list of SAP optimization stakeholders.
    2. Map each stakeholder on the quadrant based on their expected influence and involvement in the project.
    3. [Optional] Color code the users using the scale below to quickly identify the group that the stakeholder belongs to.

    The image contains an example of a colour scheme. Sponsor is coloured blue, End user is purple, IT is yellow, and Business is light blue.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of an example map on organization's stakeholders.

    Download the Get the Most Out of Your SAP Workbook

    Map the organization’s stakeholders

    The image contains a larger version of the image from the previous slide where there is a graph comparing influence and involvement and has a list of stakeholders in a legend on the side.

    The SAP optimization team

    Consider the core team functions when putting together the project team. Form a cross-functional team (i.e. across IT, Marketing, Sales, Service, Operations) to create a well-aligned ERP optimization strategy. Don’t let your project team become too large when trying to include all relevant stakeholders. Carefully limiting the size of the project team will enable effective decision making while still including functional business units such as Marketing, Sales, Service, and Finance as well as IT.

    Required Skills/Knowledge

    Suggested Project Team Members

    Business

    • Department leads
    • Business process leads
    • Business analysts
    • Subject matter experts
    • SMEs/Business process leads –All functional areas; example: Strategy, Sales, Marketing, Customer Service, Finance, HR

    IT

    • Application development
    • Enterprise integration
    • Business processes
    • Data management
    • Product owner
    • ERP application manager
    • Business process manager
    • Integration manager
    • Application developer
    • Data stewards

    Other

    • Operations
    • Administrative
    • Change management
    • COO
    • CFO
    • Change management officer

    1.1.3 Determine your SAP optimization team

    1 hour

    1. Have the project manager and other key stakeholders discuss and determine who will be involved in the SAP optimization project.
    • The size of the team will depend on the initiative and size of your organization.
    • Key business leaders in key areas and IT representatives should be involved.

    Note: Depending on your initiative and the size of your organization, the size of this team will vary.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of the section ERP Optimization Team in the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    Step 1.2

    Build an SAP Strategy Model

    Activities

    1.2.1 Explore environmental factors and technology drivers

    1.2.2 Consider potential barriers and challenges

    1.2.3 Discuss enablers of success

    1.2.4 Develop your SAP optimization goals

    This step will guide you through the following activities:

    • Identify ERP drivers and objectives
    • Explore ERP challenges and pain points
    • Discover ERP benefits and opportunities
    • Align the ERP foundation with the corporate strategy

    This step involves the following participants:

    • SAP Optimization Team

    Outcomes of this step

    • ERP business model
    • Strategy alignment

    Align your SAP strategy with the corporate strategy

    Corporate Strategy

    Unified ERP Strategy

    IT Strategy

    Your corporate strategy:

    • Conveys the current state of the organization and the path it wants to take.
    • Identifies future goals and business aspirations.
    • Communicates the initiatives that are critical for getting the organization from its current state to the desired future state.
    • The ideal ERP strategy is aligned with overarching organizational business goals and with broader IT initiatives.
    • Include all affected business units and departments in these conversations.
    • The ERP optimization can be and should be linked, with metrics, to the corporate strategy and ultimate business objectives

    Your IT strategy:

    • Communicates the organization’s budget and spending on ERP.
    • Identifies IT initiatives that will support the business and key ERP objectives.
    • Outlines staffing and resourcing for ERP initiatives.

    ERP projects are more successful when the management team understands the strategic importance and the criticality of alignment. Time needs to be spent upfront aligning business strategies with ERP capabilities. Effective alignment between IT and the business should happen daily. Alignment doesn’t just need to occur just at the executive level but at each level of the organization.

    ERP Business Model Template

    The image contains a screenshot of a ERP Business Model Template.

    Conduct interviews to elicit the business context

    Stakeholder Interviews

    Begin by conducting interviews of your executive team. Interview the following leaders:

    1. Chief Information Officer
    2. Chief Executive Officer
    3. Chief Financial Officer
    4. Chief Revenue Officer/Sales Leader
    5. Chief Operating Officer/Supply Chain & Logistics Leader
    6. Chief Technology Officer/Chief Product Officer

    INTERVIEWS MUST UNCOVER

    1. Your organization’s top three business goals
    2. Your organization’s top ten business initiatives
    3. Your organization’s mission and vision

    Understand the ERP drivers and organizational objectives

    Business Needs

    Business Drivers

    Technology Drivers

    Environmental Factors

    Definition

    A business need is a requirement associated with a particular business process.

    Business drivers can be thought of as business-level goals. These are tangible benefits the business can measure such as customer retention, operation excellence, and financial performance.

    Technology drivers are technological changes that have created the need for a new ERP enablement strategy. Many organizations turn to technology systems to help them obtain a competitive edge.

    These external considerations are factors that take place outside of the organization and impact the way business is conducted inside the organization. These are often outside the control of the business.

    Examples

    • Audit tracking
    • Authorization levels
    • Business rules
    • Data quality
    • Customer satisfaction
    • Branding
    • Time-to-resolution
    • Deployment model (i.e. SaaS)
    • Integration
    • Reporting capabilities
    • Fragmented technologies
    • Economic and political factors
    • Competitive influencers
    • Compliance regulations

    Info-Tech Insight

    One of the biggest drivers for ERP adoption is the ability to make quicker decisions from timely information. This driver is a result of external considerations. Many industries today are highly competitive, uncertain, and rapidly changing. To succeed under these pressures, there needs to be timely information and visibility into all components of the organization.

    1.2.1 Explore environmental factors and technology drivers

    30 minutes

    1. Identify business drivers that are contributing to the organization’s need for ERP.
    2. Understand how the company is running today and what the organization’s future will look like. Try to identify the purpose for becoming an integrated organization. Use a whiteboard or flip charts and markers to capture key findings.
    3. Consider external considerations, organizational drivers, technology drivers, and key functional requirements.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a diagram on exploring the environmental factors and technology drivers.

    External Considerations

    Organizational Drivers

    Technology Considerations

    Functional Requirements

    • Funding constraints
    • Regulations
    • Compliance
    • Scalability
    • Operational efficiency
    • Data accuracy
    • Data quality
    • Better reporting
    • Information availability
    • Integration between systems
    • Secure data

    Download the Get the Most Out of Your SAP Workbook

    Create a realistic ERP foundation by identifying the challenges and barriers the project will bestow

    There are several different factors that may stifle the success of an ERP implementation. Organizations that are creating an ERP foundation must scan their current environment to identify internal barriers and challenges.

    Common Internal Barriers

    Management Support

    Organizational Culture

    Organizational Structure

    IT Readiness

    Definition

    The degree of understanding and acceptance toward ERP systems.

    The collective shared values and beliefs.

    The functional relationships between people and departments in an organization.

    The degree to which the organization’s people and processes are prepared for a new ERP system.

    Questions

    • Is an ERP project recognized as a top priority?
    • Will management commit time to the project?
    • Are employees resistant to change?
    • Is the organization highly individualized?
    • Is the organization centralized?
    • Is the organization highly formalized?
    • Is there strong technical expertise?
    • Is there strong infrastructure?

    Impact

    • Funding
    • Resources
    • Knowledge sharing
    • User acceptance
    • Flow of knowledge
    • Quality of implementation
    • Need for reliance on consultants

    ERP Business Model

    Organizational Goals

    Enablers

    Barriers

    • Efficiency
    • Effectiveness
    • Integrity
    • One source of truth for data
    • One team
    • Customer service, external and internal
    • Cross-trained employees
    • Desire to focus on value-add activities
    • Collaborative
    • Top-level executive support
    • Effective change management process
    • Organizational silos
    • Lack of formal process documentation
    • Funding availability
    • What goes first? Organizational priorities

    What does success look like?

    Top 15 critical success factors for ERP system implementation

    The image contains a graph that demonstrates the top 15 critical success factors for ERP system implementation. The top 15 are: Top management support and commitment, Interdepartmental communication and cooperations throughout the institution, Commitment to business process re-engineering to do away with redundant processes, Implementation project management from initiation to closing, Change management program to ensure awareness and readiness for possible changes, Project team competence, Education and training for stakeholders, Project champion to lead implementation, Project mission and goals for the system with clear objectives agreed upon, ERP expert consultant use to guide the implementation process, Minimum level of customization to use ERP functionalities to maximum, Package selection, Understanding the institutional culture, Use involvement and participation throughout implementation, ERP vendor support and partnership.

    Source: Epizitone and Olugbara, 2020; CC BY 4.0

    Info-Tech Insight

    Complement your ability to deliver on your critical success factors with the capabilities of your implementation partner to drive a successful ERP implementation.

    “Implementation partners can play an important role in successful ERP implementations. They can work across the organizational departments and layers creating a synergy and a communications mechanism.” – Ayogeboh Epizitone, Durban University of Technology

    1.2.2 Consider potential barriers and challenges

    1-3 hours

    • Open tab “1.2 Strategy & Goals,” in the Get the Most Out of Your SAP Workbook.
    • Identify barriers to ERP optimization success.
    • Review the ERP critical success factors and how they relate to your optimization efforts.
    • Discuss potential barriers to successful ERP optimization.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains the same diagram as shown previously, where it demonstrated the environmental factors in relation to the ERP strategy. The same diagram is used and highlights the barriers section.

    Functional Gaps

    Technical Gaps

    Process Gaps

    Barriers to Success

    • No online purchase order for requisitions
    • Inconsistent reporting – data quality concerns
    • Duplication of data
    • Lack of system integration
    • Cultural mindset
    • Resistance to change
    • Lack of training
    • Funding

    Download the Get the Most Out of Your SAP Workbook

    1.2.3 Discuss enablers of success

    1-3 hours

    1. Open tab “1.2 Strategy & Goals,” in the Get the Most Out of Your SAP Workbook.
    2. Identify barriers to ERP optimization success.
    3. Review the ERP critical success factors and how they relate to your optimization efforts.
    4. Discuss potential barriers to successful ERP optimization.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains the same diagram as shown previously, where it demonstrated the environmental factors in relation to the ERP strategy. The same diagram is used and highlights the enablers and organizational goals sections.

    Business Benefits

    IT Benefits

    Organizational Benefits

    Enablers of Success

    • Business-IT alignment
    • Compliance
    • Scalability
    • Operational efficiency
    • Data accuracy
    • Data quality
    • Better reporting
    • Change management
    • Training
    • Alignment with strategic objectives

    Download the Get the Most Out of Your SAP Workbook

    The Business Value Matrix

    Rationalizing and quantifying the value of SAP

    Benefits can be realized internally and externally to the organization or department and have different drivers of value.

    • Financial benefits refer to the degree to which the value source can be measured through monetary metrics and are often quite tangible.
    • Human benefits refer to how an application can deliver value through a user’s experience.
    • Inward refers to value sources that have an internal impact and improve your organization’s effectiveness and efficiency in performing its operations.
    • Outward refers to value sources that come from your interaction with external factors, such as the market or your customers.

    Organizational Goals

    • Increased Revenue
    • Application functions that are specifically related to the impact on your organization’s ability to generate revenue and deliver value to your customers.

    • Reduced Costs
    • Reduction of overhead. The ways in which an application limits the operational costs of business functions.

    • Enhanced Services
    • Functions that enable business capabilities that improve the organization’s ability to perform its internal operations.

    • Reach Customers
    • Application functions that enable and improve the interaction with customers or produce market information and insights.

    Business Value Matrix

    The image contains a screenshot of a Business Value Matrix. It includes: Reach Customers, Increase Revenue or Deliver Value, Reduce Costs, and Enhance Services.

    Link SAP capabilities to organizational value

    The image contains screenshots that demonstrate linking SAP capabilities to organizational value.

    1.2.4 Define your SAP optimization goals

    30 minutes

    1. Discuss the ERP business model and ERP critical success factors.
    2. Through the lens of corporate goals and objectives think about supporting ERP technology. How can the ERP system bring value to the organization? What are the top things that will make this initiative a success?
    3. Develop five to ten optimization goals that will form the basis for the success of this initiative.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains an example of the activity describe above on defining your SAP optimization goals.

    Download the Get the Most Out of Your SAP Workbook

    Step 1.3

    Inventory Current System State

    Activities

    1.3.1 Inventory SAP applications and interactions

    1.3.2 Draw your SAP system diagram

    1.3.3 Inventory your SAP modules and business capabilities (or business processes)

    1.3.4 Define your key SAP optimization modules and business capabilities

    This step will guide you through the following activities:

    • Inventory of applications
    • Mapping interactions between systems

    This step involves the following participants:

    • SAP Optimization Team
    • Enterprise Architect
    • Data Architect

    Outcomes of this step

    • Systems inventory
    • Systems diagram

    1.3.1 Inventory SAP applications and interfaces

    1-3+ hours

    1. Enter your SAP systems, SAP extended applications, and integrated applications within scope.
    2. Include any abbreviated names or nicknames.
    3. List the application type or main function.
    4. List the modules the organization has licensed.
    5. List any integrations.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of the SAP application inventory.

    Download the Get the Most Out of Your SAP Workbook

    ERP Data Flow

    The image contains an example ERP Data Flow with a legend.

    Be sure to include enterprise applications that are not included in the ERP application portfolio. Popular systems to consider for POIs include billing, directory services, content management, and collaboration tools.

    ERP – enterprise resource planning

    Email – email system such as Microsoft Exchange

    Calendar – calendar system such as Microsoft Outlook

    WEM – web experience management

    ECM – enterprise content management

    When assessing the current application portfolio that supports your ERP, the tendency will be to focus on the applications under the ERP umbrella. These relate mostly to marketing, sales, and customer service. Be sure to include systems that act as input to, or benefit due to outputs from, ERP or similar applications.

    1.3.2 Draw your SAP system diagram

    1-3+ hours

    1. From the SAP application inventory, diagram your network.
    2. Include:

    • Any internal or external systems
    • Integration points
    • Data flow

    The image contains a screenshot of the example ERP Systems Diagram.

    Download the Get the Most Out of Your SAP Workbook

    Sample SAP and integrations map

    The image contains a screenshot of a sample SAP and integrations map.

    Business capability map (Level 0)

    The image contains a screenshot of the business capability map, level 0. The capability map includes: Products and Services Development, Revenue Generation, Demand Fulfillment, and Enterprise Management and Planning.

    In business architecture, the primary view of an organization is known as a business capability map. A business capability defines what a business does to enable value creation, rather than how.

    Business capabilities:

    • Represent stable business functions.
    • Are unique and independent of each other.
    • Will typically have a defined business outcome.

    A business capability map provides details that help the business architecture practitioner direct attention to a specific area of the business for further assessment.

    ERP process mapping

    The image contains screenshots to demonstrate the ERP process mapping. One of the screenshots is of the business capability map, level 0, the second screenshot contains the objectives , value streams, capabilities, and processes. The third image contains a screenshot of the SAP screenshot with the circles around it as previously shown.

    The operating model

    An operating model is a framework that drives operating decisions. It helps to set the parameters for the scope of ERP and the processes that will be supported. The operating model will serve to group core operational processes. These groupings represent a set of interrelated, consecutive processes aimed at generating a common output. From your developed processes and your SAP license agreements you will be able to pinpoint the scope for investigation including the processes and modules.

    APQC Framework

    Help define your inventory of sales, marketing, and customer services processes.

    Operating Processes

    1. Develop vision and strategy 2. Develop and manage products and services 3. Market and sell products and services 4. Deliver physical products 5. Deliver services

    Management and Support Processes

    6.Manage customer service

    7. Develop and manage human capital

    8. Manage IT

    9. Manage financial resources

    10. Acquire, construct, and manage assets

    11. Manage enterprise risk, compliance, remediation, and resiliency

    12. Manage external relationships

    13. Develop and manage business capabilities

    Source: APQC

    If you do not have a documented process model, you can use the APQC Framework to help define your inventory of sales business processes. APQC’s Process Classification Framework is a taxonomy of cross-functional business processes intended to allow the objective comparison of organizational performance within and among organizations.

    APQC’s Process Classification Framework

    The value stream

    Value stream defined:

    Value Streams

    Design Product

    Produce Product

    Sell Product

    Customer Service

    • Manufacturers work proactively to design products and services that will meet consumer demand.
    • Products are driven by consumer demand and government regulations.
    • Production processes and labor costs are constantly analyzed for efficiencies and accuracies.
    • Quality of product and services are highly regulated through all levels of the supply chain.
    • Sales networks and sales staff deliver the product from the organization to the end consumer.
    • Marketing plays a key role throughout the value stream, connecting consumers’ wants and needs to the products and services offered.
    • Relationships with consumers continue after the sale of products and services.
    • Continued customer support and data mining is important to revenue streams.

    Value streams connect business goals to the organization’s value realization activities in the marketplace. Those activities are dependent on the specific industry segment in which an organization operates.

    There are two types of value streams: core value streams and support value streams.

    • Core value streams are mostly externally facing. They deliver value to either an external or internal customer and they tie to the customer perspective of the strategy map.
    • Support value streams are internally facing and provide the foundational support for an organization to operate.

    An effective method for ensuring all value streams have been considered is to understand that there can be different end-value receivers.

    Process mapping hierarchy

    The image contains a screenshot of the PCF levels explained. The levels are 1-5. The levels are: Category, Process Group, Process, Activity, and Task.

    Source: APQC

    APQC provides a process classification framework. It allows organizations to effectively define their processes and manage them appropriately.

    APQC’s Process Classification Framework

    Cross-industry classification framework

    Level 1 Level 2 Level 3 Level 4

    Market and sell products and services

    Understand markets, customers, and capabilities

    Perform customer and market intelligence analysis

    Conduct customer and market research

    Market and sell products and services

    Develop a sales strategy

    Develop a sales forecast

    Gather current and historic order information

    Deliver services

    Manage service delivery resources

    Manage service delivery resource demand

    Develop baseline forecasts

    ? ? ? ?

    Info-Tech Insight

    Focus your initial assessment on the level 1 processes that matter to your organization. This allows you to target your scant resources on the areas of optimization that matter most to the organization and minimize the effort required from your business partners. You may need to iterate the assessment as challenges are identified. This allows you to be adaptive and deal with emerging issues more readily and become a more responsive partner to the business.

    SAP modules and process enablement

    Cloud/Hardware

    Fiori

    Analytics

    Integrations

    Extended Solutions

    R&D Engineering

    • Enterprise Portfolio and Project Management
    • Product Development Foundation
    • Enterprise Portfolio and Project Management
    • Product Lifecycle Management
    • Product Compliance
    • Enterprise Portfolio and Project Management
    • Product Safety and Stewardship
    • Engineering Record

    Sourcing and Procurement

    • Procurement Analytics
    • Sourcing & Contract Management
    • Operational Procurement
    • Invoice Management
    • Supplier Management

    Supply Chain

    • Inventory
    • Delivery & Transportation
    • Warehousing
    • Order Promising

    Asset Management

    • Maintenance Operations
    • Resource Scheduling
    • Env, Health and Safety
    • Maintenance Management
    The image contains a diagram of the SAP enterprise resource planning. The diagram includes a circle with smaller circles all around it. The inside of the circle contains SAP logos. The circles around the big circle are labelled: Human Resources Management, Sales, Marketing, Customer Service, Asset Management, Logistics, Supply Chain Management, Manufacturing, R&D and Engineering, and Finance.

    Finance

    • Financial Planning and Analysis
    • Accounting and Financial Close
    • Treasury Management
    • Financial Operations
    • Governance, Risk & Compliance
    • Commodity Management

    Human Resources

    • Core HR
    • Payroll
    • Timesheets
    • Organization Management
    • Talent Management

    Sales

    • Sales Support
    • Order and Contract Management
    • Agreement Management
    • Performance Management

    Service

    • Service Operations and Processes
    • Basic Functions
    • Workforce Management
    • Case Management
    • Professional Services
    • Service Master Data Management
    • Service Management

    Beyond the core

    The image contains a screenshot of a diagram to demonstrate beyond the core. In the middle of the image is S/4 Core, and the BTP: Business Technology Platform. Surrounding it are: SAP Fieldglass, SAP Concur, SAP Success Factors, SAP CRM SAO Hybris, SAP Ariba. On the left side of the image are: Business Planning and Consolidations, Transportation Management System, Integrated Business Planning, Extended Warehouse Management.

    1.3.3 Inventory your SAP modules and business capabilities

    1-3+ hours

    1. Look at the major functions or processes within the scope of ERP.
    2. From the inventory of current systems, choose the submodules or processes that you want to investigate and are within scope for this optimization initiative.
    3. Use tab 1.3 “SAP Capabilities” in Get the Most Out of Your SAP Workbook for a list of common SAP Level 1 and Level 2 modules/business capabilities.
    4. List the top modules, capabilities, or processes that will be within the scope of this optimization initiative.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of an example of what to do for the activity 1.3.3.

    Download the Get the Most Out of Your SAP Workbook

    1.3.4 Define your key SAP optimization modules and business capabilities

    1-3+ hours

    1. Look at the major functions or processes within the scope of ERP.
    2. From the inventory of current systems, choose the submodules or processes for this optimization initiative. Base this on those that are most critical to the business, those with the lowest levels of satisfaction, or those that perhaps need more knowledge around them.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of the Key SAP Optimization Capabilities.

    Download the Get the Most Out of Your SAP Workbook

    Step 1.4

    Define Optimization Timeframe

    Activities

    1.4.1 Define SAP key dates and SAP optimization roadmap timeframe and structure

    This step will guide you through the following activities:

    • Defining key dates related to your optimization initiative
    • Identifying key building blocks for your optimization roadmap

    This step involves the following participants:

    • SAP Optimization Team
    • Vendor Management

    Outcomes of this step

    • Optimization Key Dates
    • Optimization Roadmap Timeframe and Structure

    1.4.1 Optimization roadmap timeframe and structure

    1-3+ hours

    1. Record key items and dates relevant to your optimization initiatives, such as any products reaching end of life or end of contract or budget proposal submission deadlines.
    2. Enter the expected Optimization Initiative Start Date.
    3. Enter the Roadmap Length. This is the total amount of time you expect to participate in the SAP optimization initiative.
    4. This includes short-, medium- and long-term initiatives.
    5. Enter your Roadmap Date markers: how you want dates displayed on the roadmap.
    6. Enter Column time values: what level of granularity will be helpful for this initiative?
    7. Enter the sprint or cycle timeframe; use this if following Agile.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of the Optimization Roadmap Timeframe and Structure.

    Download the Get the Most Out of Your SAP Workbook

    Step 1.5

    Understand SAP Costs

    Activities

    1.5.1 Document costs associated with SAP

    This step will walk you through the following activities:

    • Define your SAP direct and indirect costs
    • List your SAP expense line items

    This step involves the following participants:

    • Finance Representatives
    • SAP Optimization Team

    Outcomes of this step

    • Current SAP and related costs

    1.5.1 Document costs associated with SAP

    1-3 hours

    Before you can make changes and optimization decisions, you need to understand the high-level costs associated with your current application architecture. This activity will help you identify the types of technology and people costs associated with your current systems.

    1. Identify the types of technology costs associated with each current system:
      1. System Maintenance
      2. Annual Renewal
      3. Licensing
    2. Identify the cost of people associated with each current system:
      1. Full-Time Employees
      2. Application Support Staff
      3. Help Desk Tickets

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of the activity 1.5.1 on documenting costs associated with SAP.

    Download the Get the Most Out of Your SAP Workbook

    Phase 2

    Assess Your Current State

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    1.1 Identify Stakeholders and Build Your Optimization Team

    1.2 Build an SAP Strategy Model

    1.3 Inventory Current System State

    1.4 Define Optimization Timeframe

    1.5 Understand SAP Costs

    2.1 Assess SAP Capabilities

    2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

    3.1 Prioritize Optimization Opportunities

    3.2 Discover Optimization Initiatives

    4.1 Build Your Optimization Roadmap

    This phase will walk you through the following activities:

    • Determine process relevance
    • Perform a gap analysis
    • Perform a user satisfaction survey
    • Assess software and vendor satisfaction

    This phase involves the following participants:

    • SAP Optimization Team
    • Users across functional areas of your ERP and related technologies

    Step 2.1

    Assess SAP Capabilities

    Activities

    2.1.1 Rate capability relevance to organizational goals

    2.1.2 Complete an SAP application portfolio assessment

    2.1.3 (Optional) Assess SAP process maturity

    This step will guide you through the following activities:

    • Capability relevance
    • Process gap analysis
    • Application Portfolio Assessment

    This step involves the following participants:

    • SAP Users

    Outcomes of this step

    • SAP Capability Assessment

    Benefits of the Application Portfolio Assessment

    The image contains a screenshot of the activity of assessing the health of the application portfolio.

    Assess the health of the application portfolio

    • Get a full 360-degree view of the effectiveness, criticality, and prevalence of all relevant applications to get a comprehensive view of the health of the applications portfolio.
    • Identify opportunities to drive more value from effective applications, retire nonessential applications, and immediately address at-risk applications that are not meeting expectations.
    The image contains a screenshot of the activity on providing targeted department feedback.

    Provide targeted department feedback

    • Share end-user satisfaction and importance ratings for core IT services, IT communications, and business enablement to focus on the right end-user groups or lines of business, and ramp up satisfaction and productivity.
    The image contains a screenshot of the activity on gaining insight into the state of data quality.

    Gain insight into the state of data quality

    • Data quality is one of the key issues causing poor CRM user satisfaction and business results. This can include the relevance, accuracy, timeliness, or usability of the organization’s data.
    • Targeted, open-ended feedback around data quality will provide insight into where optimization efforts should be focused.

    2.1.1 Complete a current-state assessment (via the Application Portfolio Assessment)

    3 hours

    Option 1: Use Info-Tech’s Application Portfolio Assessment to generate your user satisfaction score. This tool not only measures application satisfaction but also elicits great feedback from users regarding the support they receive from the IT team around SAP.

    1. Download the ERP Application Inventory Tool.
    2. Complete the “Demographics” tab (tab 2).
    3. Complete the “Inventory” tab (tab 3).
      1. Complete the inventory by treating each module within your SAP system as an application.
      2. Treat every department as a separate column in the department section. Feel free to add, remove, or modify department names to match your organization.
      3. Include data quality for all applications applicable.

    Option 2: Create a survey manually.

    1. Use tab (Reference) 2.1 “APA Questions” as a guide for creating your survey.
    2. Send out surveys to end users.
    3. Modify tab 2.1, “SAP Assessment,” if required.

    Record Results

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of the Application Portfolio Assessment.

    Download the ERP Application Inventory Tool

    Download the Get the Most Out of Your SAP Workbook

    Sample Report from Application Portfolio Assessment.

    The image contains a screenshot of a sample report from the Application Portfolio Assessment.

    2.1.2 (Optional) Assess SAP process and technical maturity

    1-3 hours

    1. As with any ERP system, the issues encountered may not be related to the system itself but processes that have developed over time.
    2. Use this opportunity to interview key stakeholders to learn about deeper capability processes.
    • Identify key stakeholders.
    • Hold sessions to document deeper processes.
    • Discuss processes and technical enablement in each area.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains an example of the process maturity activity.

    Download the Get the Most Out of Your SAP Workbook

    Process Maturity Assessment

    The image contains a screenshot of the Process Maturity Assessment.

    Step 2.2

    Review Your Satisfaction With the Vendor/Product and Willingness for Change

    Activities

    2.2.1 Rate your vendor and product satisfaction

    2.2.2 Review SAP product scores (if applicable)

    2.2.3 Evaluate your product satisfaction

    2.2.4 Check your business process change tolerance

    This step will guide you through the following activities:

    • Rate your vendor and product satisfaction
    • Compare with survey data from SoftwareReviews

    This step involves the following participants:

    • SAP Product Owner(s)
    • Procurement Representative
    • Vendor Contracts Manager

    Outcomes of this step

    • Quantified satisfaction with vendor and product

    2.2.1 Rate your vendor and product satisfaction

    30 minutes

    Use Info-Tech’s vendor satisfaction survey to identify optimization areas with your ERP product(s) and vendor(s).

    1. Option 1 (recommended): Conduct a satisfaction survey using SoftwareReviews. This option allows you to see your results in the context of the vendor landscape.
    2. Option 2: Use the Get the Most Out of Your SAP Workbook to review your satisfaction with your SAP software.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of the activity Vendor Optimization.

    SoftwareReviews’ Enterprise Resource Planning Category

    Download the Get the Most Out of Your SAP Workbook

    2.2.2 Review SAP product scores (if applicable)

    30 minutes

    1. Download the scorecard for your SAP product from the SoftwareReviews website. (Note: Not all products are represented or have sufficient data, so a scorecard may not be available.)
    2. Use the Get the Most Out of Your SAP Workbook tab 2.2 “Vend. & Prod. Sat” to record the scorecard results.
    3. Use your Get the Most Out of Your SAP Workbook to flag areas where your score may be lower than the product scorecard. Brainstorm ideas for optimization.

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of the activity 2.2.2 review SAP product scores.

    Download the Get the Most Out of Your SAP Workbook

    SoftwareReviews’ Enterprise Resource Planning Category

    2.2.3 How does your satisfaction compare with your peers?

    Use SoftwareReviews to explore product features, vendor experience, and capability satisfaction.

    The image contains two screenshots of SoftwareReviews. One is of the ERP Mid-Market, and the second is of the ERP Enterprise.

    Source: SoftwareReviews ERP Mid-Market, April 2022

    Source: SoftwareReviews ERP Enterprise, April 2022

    2.2.4 Check your business process change tolerance

    1 hours

    1. As a group, review the level 0 business capabilities on the previous slide.
    2. Assess the department’s willingness for change and the risk of maintaining the status quo.
    3. Color-code the level 0 business capabilities based on:
    • Green – Willing to follow best practices
    • Yellow – May be challenging or unique business model
    • Red – Low tolerance for change
  • For clarity, move to level 1 if specific areas need to be called out and use the same color code.
  • Input Output
    • Business process capability map
    • Heat map of risk areas that require more attention for validating best practices or minimizing customization
    Materials Participants
    • Whiteboard/flip charts
    • Get the Most Out of Your SAP Workbook
    • Implementation team
    • CIO
    • Key stakeholders

    Download Get the Most Out of Your SAP Workbook for additional process levels

    Heat map representing desire for best practice or those having the least tolerance for change

    The image contains a screenshot of a heat map to demonstrate desire for best practice or those having the least tolerance for change.

    Determine the areas of risk to conform to best practice and minimize customization. These will be areas needing focus from the vendor supporting change and guiding best practice. For example: Must be able to support our unique process manufacturing capabilities and enhance planning and visibility to detailed costing.

    Phase 3

    Identify Key Optimization Opportunities

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    1.1 Identify Stakeholders and Build Your Optimization Team

    1.2 Build an SAP Strategy Model

    1.3 Inventory Current System State

    1.4 Define Optimization Timeframe

    1.5 Understand SAP Costs

    2.1 Assess SAP Capabilities

    2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

    3.1 Prioritize Optimization Opportunities

    3.2 Discover Optimization Initiatives

    4.1 Build Your Optimization Roadmap

    This phase will walk you through the following activities:

    • Identify key optimization areas
    • Create an optimization roadmap

    This phase involves the following participants:

    • SAP Optimization Team

    Assessing application business value

    In this context…business value is

    the value of the business outcome that the application produces. Additionally, it is how effective the application is at producing that outcome.

    Business value is not

    the user’s experience or satisfaction with the application.

    The image contains a screenshot of a Venn Diagram. In the left circle, labelled The Business it contains the following text: Keepers of the organization’s mission, vision, and value statements that define IT success. The business maintains the overall ownership and evaluation of the applications. In the right circle labelled IT, it contains the following text: Technical subject-matter experts of the applications they deliver and maintain. Each IT function works together to ensure quality applications are delivered to stakeholder expectations. The middle space is labelled: Business Value of Applications.

    First, the authorities on business value need to define and weigh their value drivers that describe the priorities of the organization. This will allow the applications team to apply a consistent, objective, and strategically aligned evaluation of applications across the organization.

    Brainstorm IT initiatives to enable high areas of opportunity to support the business

    Brainstorm ERP optimization initiatives in each area. Ensure you are looking for all-encompassing opportunities within the context of IT, the business, and SAP systems.

    Capabilities are what the system and business does that creates value for the organization. Optimization initiatives are projects with a definitive start and end date, and they enhance, create, maintain, or remove capabilities with the goal of increasing value.

    The image contains a Venn Diagram with 3 circles. The circles are labelled as: Process, Technology, and Organization.

    Info-Tech Insight

    Enabling a high-performing organization requires excellent management practices and continuous optimization efforts. Your technology portfolio and architecture are important, but we must go deeper. Taking a holistic view of ERP technologies in the environments in which they operate allows for the inclusion of people and process improvements – this is key to maximizing business results. Using a formal ERP optimization initiative will drive business-IT alignment, identify IT automation priorities, and dig deep into continuous process improvement.

    Address process gaps:

    • ERP and related technologies are invaluable to the goal of organizational enablement, but they must have supported processes driven by business goals.
    • Identify areas where capabilities need to be improved and work toward optimization.

    Support user satisfaction:

    • The best technology in the world won’t deliver business results if it’s not working for the users who need it.
    • Understand concerns, communicate improvements, and support users in all roles.

    Improve data quality:

    • Data quality is unique to each business unit and requires tolerance, not perfection.
    • Implement data quality initiatives that are aligned with overall business objectives and aimed at addressing data practices and the data itself.

    Proactively manage vendors:

    • Vendor management is a critical component of technology enablement and IT satisfaction.
    • Assess your current satisfaction against that of your peers and work toward building a process that is best fit for your organization.

    Step 3.1

    Prioritize Optimization Opportunities

    Activities

    3.1.1 Prioritize optimization capability areas

    This step will guide you through the following activities:

    • Explore existing process gaps
    • Identify the impact of processes on user satisfaction
    • Identify the impact of data quality on user satisfaction
    • Review your overall product satisfaction and vendor management

    This step involves the following participants:

    • SAP Optimization Team

    Outcomes of this step

    • Application optimization plan

    The Business Value Matrix

    Rationalizing and quantifying the value of SAP

    Benefits can be realized internally and externally to the organization or department and have different drivers of value.

    • Financial benefits refer to the degree to which the value source can be measured through monetary metrics and are often quite tangible.
    • Human benefits refer to how an application can deliver value through a user’s experience.
    • Inward refers to value sources that have an internal impact and improve your organization’s effectiveness and efficiency in performing its operations.
    • Outward refers to value sources that come from your interaction with external factors, such as the market or your customers.

    Organizational Goals

    • Increased Revenue
    • Application functions that are specifically related to the impact on your organization’s ability to generate revenue and deliver value to your customers.

    • Reduced Costs
    • Reduction of overhead. The ways in which an application limits the operational costs of business functions.

    • Enhanced Services
    • Functions that enable business capabilities that improve the organization’s ability to perform its internal operations.

    • Reach Customers
    • Application functions that enable and improve the interaction with customers or produce market information and insights.

    Business Value Matrix

    The image contains a screenshot of a Business Value Matrix. It includes: Reach Customers, Increase Revenue or Deliver Value, Reduce Costs, and Enhance Services.

    Prioritize SAP optimization areas that will bring the most value to the organization

    Review your ERP capability areas and rate them according to relevance to organizational goals. This will allow you to eliminate optimization ideas that may not bring value to the organization.

    The image contains a screenshot of a graph that compares satisfaction by relevance to organizational goals to demonstrate high priority.

    3.1.1 Prioritize and rate optimization capability areas

    1-3 hours

    1. From the SAP capabilities, discuss areas of scope for the SAP optimization initiative.
    2. Discuss the four areas of the business value matrix and identify how each module, along with organizational goals, can bring value to the organization.
    3. Rate each of your SAP capabilities for the level of importance to your organization. The levels of importance are:
    • Crucial
    • Important
    • Secondary
    • Unimportant
    • Not applicable

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of activity 3.1.1.

    Download the Get the Most Out of Your SAP Workbook

    Step 3.2

    Discover Optimization Initiatives

    Activities

    3.2.1 Discover product and vendor satisfaction opportunities

    3.2.2 Discover capability and feature optimization opportunities

    3.2.3 Discover process optimization opportunities

    3.2.4 Discover integration optimization opportunities

    3.2.5 Discover data optimization opportunities

    3.2.6 Discover SAP cost-saving opportunities

    This step will guide you through the following activities:

    • Explore existing process gaps
    • Identify the impact of processes on user satisfaction
    • Identify the impact of data quality on user satisfaction
    • Review your overall product satisfaction and vendor management

    This step involves the following participants:

    • SAP Optimization Team

    Outcomes of this step

    • Application optimization plan

    Satisfaction with SAP product

    The image contains three screenshots to demonstrate satisfaction with sap product.

    Improving vendor management

    Create a right-size, right-fit strategy for managing the vendors relevant to your organization.

    The image contains a diagram to demonstrate lower strategic value, higher vendor spend/switching costs, higher strategic value, and lower vendor spend/switching costs.

    Info-Tech Insight

    A vendor management initiative (VMI) is an organization’s formalized process for evaluating, selecting, managing, and optimizing third-party providers of goods and services.

    The amount of resources you assign to managing vendors depends on the number and value of your organization’s relationships. Before optimizing your vendor management program around the best practices presented in Info-Tech’s Jump Start Your Vendor Management Initiative blueprint, assess your current maturity and build the process around a model that reflects the needs of your organization.

    Note: Info-Tech uses VMI interchangeably with the terms “vendor management office (VMO),” “vendor management function,” “vendor management process,” and “vendor management program.”

    Jump Start Your Vendor Management Initiative

    3.2.1 Discover product and vendor satisfaction

    1-2 hours

    1. Use tab 3.1 “Optimization Priorities” and tab 2.2 “Vend. & Prod. Sat” to review the capabilities and features of your SAP system.
    2. Answer the following questions:
      1. Document overall product satisfaction.
      2. How does your satisfaction compare with your peers?
      3. Is the overall system fit for use?
      4. Do you have a proactive vendor management strategy in place?
      5. Is the product dissatisfaction at the point that you need to evaluate if it is time to replace the product?
      6. Could your vendor or Systems Integrator help you achieve better results?
    3. Review the Value Effort Matrix for each initiative.

    Record this information in the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    Examples from Application Portfolio Assessment

    The image contains screenshots from the Application Portfolio Assessment.

    3.2.2 Discover capability and feature optimization opportunities

    1-2 hours

    1. Use tab 3.1 “Optimization Priorities” and tab 2.2 “Vend. & Prod. Sat” to review the capabilities and features of your SAP system.
    2. Answer the following questions:
      1. What capabilities and features are performing the worst?
      2. Do other organizations and users struggle with these areas?
      3. Why is it not performing well?
      4. Is there an opportunity for improvement?
      5. What are some optimization initiatives that could be undertaken?
    3. Review the Value Effort Matrix for each initiative.

    Record this information in the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    Process optimization: the hidden goldmine

    In ~90% of SAP business process analysis reports, SAP identified significant potential for improving the existing SAP implementation, i.e. the large majority of customers are not yet using their SAP Business Suite to the full extent.

    Goals of Process Improvement

    Process Improvement Sample Areas

    Improvement Possibilities

    • Optimize business and improve value drivers
    • Reduce TCO
    • Reduce process complexity
    • Eliminate manual processes
    • Increase efficiencies
    • Support digital transformation and enablement
    • Order to cash
    • Procure to pay
    • Order to replenish
    • Plan to produce
    • Request to settle
    • Make to order
    • Make to stock
    • Purchase to order
    • Increase number of process instances processed successfully end-to-end
    • Increase number of instances processed in time
    • Increase degree of process automation
    • Speed up cycle times of supply chain processes
    • Reduce number of process exceptions
    • Apply internal best practices across organizational units

    3.2.3 Discover process optimization opportunities

    1-2 hours

    1. Use exercise 2.13 and tab 2.1 “SAP Current State Assessment” to assess process optimization opportunities.
    2. List underperforming capabilities around process.
    3. Answer the following:
      1. What is the state of the current processes?
      2. Is there an opportunity for process improvement?
      3. What are some optimization initiatives that could be undertaken in this area?

    Record this information in the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    Integration provides long-term usability

    Balance the need for secure, compliant data availability with organizational agility.

    The Benefits of Integration

    The Challenges of Integration

    • The largest benefit is the extended use of data. The ERP data can be used in the enterprise-level business intelligence suite rather than the application-specific analytics.
    • Enhanced data security. Integrated approaches lend themselves to auditable processes such as sign-on and limiting the email movement of data.
    • Regulatory compliance. Large multi-site organizations have many layers of regulation. A clear understanding of where orders, deliveries, and payments were made streamlines the audit process.
    • Extending a single instance ERP to multiple sites. The challenge for data management is the same as any SaaS application. The connection and data replication present challenges.
    • Combining data from equally high-volume systems. For SAP it is recommended that one instance is set to primary and all other sites are read-only to maintain data integrity.
    • Incorporating data from the separate system(s). The proprietary and locked-in nature of the data collection and definitions for ERP systems often limit the movement of data between separate systems.

    Common integration and consolidation scenarios

    Financial Consolidation

    Data Backup

    Synchronization Across Sites

    Legacy Consolidation

    • Require a holistic view of data format and accounting schedules.
    • Use a data center as the main repository to ensure all geographic locations have equal access to the necessary data.
    • Set up synchronization schedules based on data usage, not site location.
    • Carefully define older transactions. Only active transactions should be brought in the ERP. Send older data to storage.
    • Problem: Controlling financial documentation across geographic regions.
      Most companies are required to report in each region where they maintain a presence. Stakeholders and senior management also need a holistic view. This leads to significant strain on the financial department to consolidate both revenue and budget allocations for cross-site projects across the various geographic locations on a regular basis.
    • Solution: For enterprises with a single vendor, SAP-only portfolios, SAP can offer integration tools. For those needing to integrate with other ERPs, the use of a connector may be required to send financial data to the main system. The format and accounting calendar for transactions should match the primary ERP system to allow consolidation. The local-specific format should be a role-based customization at the level of the site’s specific instance.
    • Problem: ERP systems generate high volumes of data. Most systems have a defined schedule of back-up during off-hours. Multi-instance brings additional issues through lack of defined off-hours, higher volume of data, and the potential for cross-site or instance data relationships. This leads to headaches for both the database administrator and business analysts.
    • Solution: The best solution is an off-site data center with high availability. This may include cloud storage or hosted data centers. Regardless of where the data is stored, centralize the data and replicate to each site. Ensure that the data center can mirror the database and binary large object (BLOB) storage that exists for each site.
    • Problem: Providing access to up-to-date transactions requires copying of both contextual information (permissions, timestamp, location, history) and the transaction itself across multiple sites to allow local copies to be used for analysis and audits. The sheer volume of information makes timely synchronization difficult.
    • Solution: Not all data needs to be synchronized in a timely fashion. In SAP, administrators can use NetWeaver to maintain and alter global data synchronization through the Master Data Management module. Permissions can be given to users to perform on-demand synchronization of data attached to that user.
    • The Problem: Subsidiaries and acquired companies often have a Tier 2 ERP product. Prior to fully consolidating the processes many enterprises will want to migrate data to their ERP system to build compliance and audit trails. Migration of data often breaks historical linkages between transactions.
    • Solution: SAP offers tools to integrate data across applications that can be used as part of a data migration strategy. The process of data migration should be combined with data warehousing to ensure a cost-effective process. For most enterprises, the lack of experience in data migration will necessitate the use of consultants and independent software vendors (ISV).

    For more information: Implement a Multi-site ERP

    3.2.4 Discover integration optimization opportunities

    1-2 hours

    1. Use tab 1.3.1 “SAP Application Inventory” to discuss integrations and how they are related to capability areas that are not performing well.
    2. List capabilities that might be affected by integration issues. Think about exercise 3.2.1 and discuss how integrations could be affecting overall product satisfaction.
    3. Answer the following:
      1. Are there some areas where integration could be improved?
      2. Is there an opportunity for process improvement?
      3. What are some optimization initiatives that could be undertaken in this area?

    Record this information in the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    System and data optimization

    Consolidating your business and technology requires an overall system and data migration plan.

    The image contains a screenshot of a diagram that demonstrates three different integrations: system, organization, and data.

    Info-Tech Insight

    Have an overall data migration plan before beginning your systems consolidation journey to S/4HANA.

    Use a data strategy that fixes the enterprise-wide data management issues

    Your data management must allow for flexibility and scalability for future needs.

    IT has several concerns around ERP data and wide dissemination of that data across sites. Large organizations can benefit from building a data warehouse or at least adopting some of the principles of data warehousing. The optimal way to deal with the issue of integration is to design a metadata-driven data warehouse that acts as a central repository for all ERP data. They serve as the storage facility for millions of transactions, formatted to allow analysis and comparison.

    Key considerations:

    • Technical: At what stage does data move to the warehouse? Can processes be automated to dump data or to do a scheduled data movement?
    • Process: Data integration requires some level of historical context for all data. Ensure that all data has multiple metadata tags to future-proof the data.
    • People: Who will be accessing the data and what are the key items that users will need to adapt to the data warehouse process?

    Info-Tech Insight

    Data warehouse solutions can be expensive. See Info-Tech’s Build a Data Warehouse on a Solid Foundation for guidance on what options are available to meet your budget and data needs.

    Optimizing SAP data, additional considerations

    Data Quality Management

    Effective Data Governance

    Data-Centric Integration Strategy

    Extensible Data Warehousing

    • Prevention is ten times cheaper than remediation. Stop fixing data quality with band-aid solutions and start fixing at the source of the problem.
    • Data quality is unique to each business unit and requires tolerance, not perfection. If the data allows the business to operate at the desired level, don’t waste time fixing data that may not need to be fixed.
    • Implement a set of data quality initiatives that are aligned with overall business objectives and aimed at addressing data practices and the data itself.
    • Develop a prioritized data quality improvement project roadmap and long-term improvement strategy.
    • Build related practices with more confidence and less risk after achieving an appropriate level of data quality.
    • Data governance enables data-driven insight. Think of governance as a structure for making better use of data.
    • Collaboration is critical. The business may own the data, but IT understands the data. Data governance will not work unless the business and IT work together.
    • Data governance powers the organization up the data value chain through policies and procedures, master data management, data quality, and data architecture.
    • Create a roadmap to prioritize initiatives and delineate responsibilities among data stewards, data owners, and the data governance steering committee.
    • Ensure buy-in from business and IT stakeholders. Communicate initiatives to end users and executives to reduce resistance.
    • Every enterprise application involves data integration. Any change in the application and database ecosystem requires you to solve a data integration problem.
    • Data integration is becoming more and more critical for downstream functions of data management and for business operations to be successful. Poor integration holds back these critical functions.
    • Build your data integration practice with a firm foundation in governance and a reference architecture. Ensure that your process is scalable and sustainable.
    • Support the flow of data through the organization and meet the organization’s requirements for data latency, availability, and relevancy.
    • Data availability must be frequently reviewed and repositioned to continue to grow with the business.
    • A data warehouse is a project, but successful data warehousing is a program. An effective data warehouse requires planning beyond the technology implementation.
    • Governance, not technology, needs to be the core support system for enabling a data warehouse program.
    • Leverage an approach that focuses on constructing a data warehouse foundation that can address a combination of operational, tactical, and ad hoc business needs.
    • Invest time and effort to put together pre-project governance to inform and guide your data warehouse implementation.
    • Select the most suitable architecture pattern to ensure the data warehouse is “built right” at the very beginning.

    Restore Trust in Your Data Using a Business-Aligned Data Quality Management Approach

    Establish Data Governance

    Build a Data Integration Strategy

    Build an Extensible Data Warehouse Foundation

    Data Optimization

    Organizations are faced with challenges associated with changing data landscapes.

    Data migrations should not be taken lightly. It requires an overall data governance to assure data integrity for the move to S/4HANA and beyond.

    Have a solid plan before engaging S/4HANA Migration Cockpit.

    Develop a Master Data Management Strategy and Roadmap

    • Master data management (MDM) is complex in practice and requires investments in governance, technology, and planning.
    • Develop a MDM strategy and initiative roadmap using Info-Tech’s MDM framework, which takes data governance, architecture, and other critical data capabilities into consideration.

    Establish Data Governance

    • Ensure your data governance program delivers measurable business value by aligning the associated data governance initiatives with the business architecture.
    • Data governance must continuously align with the organization’s enterprise governance function. It should not be perceived as a pet project of IT but rather as an enterprise-wide, business-driven initiative.
    The image contains a screenshot of the S/4HANA Migration Cockpit.

    3.2.5 Discover data optimization opportunities

    1-2 hours

    1. Use your APA or user satisfaction survey to understand issues related to data.
      Note: Data issues happen for a number of reasons:
    • Poor underlying data in the system
    • More than one source of truth
    • Inability to consolidate data
    • Inability to measure KPIs effectively
    • Reporting that is cumbersome or non-existent
  • List underperforming capabilities related to data.
  • Answer the following:
    1. What are some underlying issues?
    2. Is there an opportunity for data improvement?
    3. What are some optimization initiatives that could be undertaken in this area?

    Record this information in the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    SAP cost savings

    SAP cost savings does not have to be complicated.

    Look for quick wins:

    • Evaluate user licensing:
      • Ensure you are not double paying for employees or paying for employees who are no longer with the organization.
      • Verify user activity – if users are accessing the system very infrequently it does not make sense to license them as full users.
      • Audit your user classifications – ensure title positions and associated licenses are up to date.
    • Curb data sprawl.
    • Consolidate applications.

    30-35% of SAP customers likely have underutilized assets. This can add up to millions in unused software and maintenance.

    -Riley et al.

    20% Only 20 percent of companies manage to capture more than half the projected benefits from ERP systems.

    -McKinsey
    The image contains a screenshot of the Explore the Secrets of SAP Software Contracts to Optimize Spend and Reduce Compliance Risk.

    Explore the Secrets of SAP Software Contracts to Optimize Spend and Reduce Compliance Risk

    The image contains a screenshot of Secrets of SAP S/4HANA Licensing.

    Secrets of SAP S/4HANA Licensing

    License Optimization

    With the relatively slow uptake of the S/4HANA platform, the pressure is immense for SAP to maintain revenue growth.

    SAP’s definitions and licensing rules are complex and vague, making it extremely difficult to purchase with confidence while remaining compliant.

    Without having a holistic negotiation strategy, it is easy to hit a common obstacle and land into SAP’s playbook, requiring further spend.

    Price Benchmarking & Negotiation

    • Use price benchmarking and negotiation intelligence to secure a market-competitive price.
    • Understand negotiation tactics that can be used to better your deal.

    Secrets of SAP S/4HANA Licensing:

    • Build a business case to evaluate S/4HANA.
    • Understand the S/4HANA roadmap and map current functionality to ensure compatibility.

    SAP’s 2025 Support End of Life Date Delayed…As Predicted Here First

    • The math simply did not add up for SAP.
    • Extended support post 2027 is a mixed bag.

    3.2.6 Discover SAP cost-saving opportunities

    1-2 hours

    1. Use tab 1.5 “Current Costs” as an input for this exercise.
    2. Look for opportunities to cut SAP costs, both quick-wins and long-term strategy.
    3. Review Info-Tech’s SAP vendor management resources to understand cost-saving strategies:
    4. List cost-savings initiatives and opportunities.

    Record this information in the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    Other optimization opportunities

    There are many opportunities to improve your SAP portfolio. Choose the ones that are right for your business:

    • Artificial intelligence (AI) (and management of the AI lifecycle)
    • Machine learning (ML)
    • Augment business interactions
    • Automatically execute sales pipelines
    • Process mining
    • SAP application monitoring
    • Be aware of the SAP product roadmap
    • Implement and take advantage of SAP tools and product offerings

    Phase 4

    Build Your Optimization Roadmap

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    1.1 Identify Stakeholders and Build Your Optimization Team

    1.2 Build an SAP Strategy Model

    1.3 Inventory Current System State

    1.4 Define Optimization Timeframe

    1.5 Understand SAP Costs

    2.1 Assess SAP Capabilities

    2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

    3.1 Prioritize Optimization Opportunities

    3.2 Discover Optimization Initiatives

    4.1 Build Your Optimization Roadmap

    This phase will walk you through the following activities:

    • Review the different options to solve the identified pain points
    • Build out a roadmap showing how you will get to those solutions
    • Build a communication plan that includes the stakeholder presentation

    This phase involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP applications support team

    Get the Most Out of Your SAP

    Step 4.1

    4.1 Build Your Optimization Roadmap

    Activities

    4.1.1 Pick your path

    4.1.2 Pick the right SAP migration path

    4.1.3 Build a roadmap

    4.1.4 Build a visual roadmap

    This step will walk you through the following activities:

    • Review the different options to solve the identified pain points then build out a roadmap of how to get to that solution.

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP applications support team

    Outcomes of this step

    • A strategic direction is set
    • An initial roadmap is laid out

    Choose the right path for your organization

    There are several different paths you can take to achieve your ideal future state. Make sure to pick the one that suits your needs as defined by your current state.

    The image contains a diagram to demonstrate the different paths that can be taken. The pathways are: Optimize current system, augment current system, consolidate current systems, upgrade system, and replace system.

    Explore the options for achieving your ideal future state

    CURRENT STATE

    STRATEGY

    There is significant evidence of poor user satisfaction, inefficient processes, lack of data usage, poor integrations, and little vendor management. Look for opportunities to improve the system.

    OPTIMIZE CURRENT SYSTEM

    Your existing application is, for the most part, functionally rich but may need some tweaking. Spend time and effort building and enhancing additional functionalities or consolidating and integrating interfaces.

    AUGMENT CURRENT SYSTEM

    Your ERP application portfolio consists of multiple apps serving the same functions. Consolidating applications with duplicate functionality is more cost efficient and makes integration and data sharing simpler.

    CONSOLIDATE CURRENT SYSTEMS

    The current system is reaching end of life and the software vendor offers a fit-for-use upgrade or system to which you can migrate. Prepare your migration strategy to move forward on the product roadmap.

    UPGRADE SYSTEM

    The current SAP system and future SAP roadmap are not fit for use. Vendor satisfaction is at an all-time low. Revisit your ERP strategy as you move into requirements gathering and selection.

    REPLACE SYSTEM

    Option: Optimize your current system

    Look for process, workflow, data usage, and vendor relation improvements.

    MAINTAIN CURRENT SYSTEM

    Keep the system but look for optimization opportunities.

    Your existing application portfolio satisfies both functionality and integration requirements. The processes surrounding it likely need attention, but the system should be considered for retention.

    Maintaining your current system entails adjusting current processes and/or adding new ones and involves minimal cost, time, and effort.

    INDICATORS

    POTENTIAL SOLUTIONS

    People

    • User satisfaction is in the mid-range
    • There is an opportunity to rectify problems
    • Contact vendor to inquire about employee training opportunities
    • Build a change management strategy

    Process

    • Processes are old and have not been optimized
    • There are many manual processes and workarounds
    • Low process maturity or undocumented inconsistent processes
    • Explore process reengineering and process improvement opportunities
    • Evaluate and standardize processes

    Technology

    • No major capability gaps
    • Supported for 5+ years
    • Explore opportunities outside of the core technology including workflows, integrations, and reporting

    Alternative 1: Optimize your current system

    MAINTAIN CURRENT SYSTEM

    • Keep your SAP system running
    • Invest in resolving current challenges
    • Automate manual processes where appropriate
    • Improve/modify current system
    • Evaluate current system against requirements/processes
    • Reimplement functionality

    Alternative Overview

    Initial Investment ($)

    Medium

    Risk

    Medium

    Change Management Required

    Medium

    Operating Costs ($)

    Low

    Alignment With Organizational Goals and ERP Strategy

    Medium-Low

    Key Considerations

    • Now that I know my needs, where is the current system underused?
    • Do we have specialized needs?
    • Which functions can best enable the business?

    Advantages

    • Less cost investment than upgrading or replacing the system
    • Less technology risk
    • The current system has several optimization initiatives that can be implemented
    • Familiarity with the system; IT and business users know the system well
    • Least amount of changes
    • Integrations will be able to be maintained and will mean less complexity
    • Will allow us to leverage current investments and build on our current confidence in the solution
    • Allow us to review processes and engineer some workflow and process improvements

    Disadvantages

    • The system may need some augmentation to handle some improvement areas
    • Build some items from scratch
    • Less user-friendly
    • Need to reimplement and reconfigure some modules
    • Lots of workarounds – more staff needed to support current processes
    • Increase customization (additional IT development investment)
    • System gaps would remain
    • System feels “hard” to use
    • Workarounds still needed
    • Hard to overcome “negative” experience with the current system
    • Some functional gaps will remain
    • Less system development and support from the vendor as the product ages.
    • May become a liability and risk area in the future

    For what time frame does this make sense?

    Short Term

    Medium Term

    Long Term

    Option: Augment your current system

    Use augmentation to resolve your existing technology and data pain points.

    AUGMENT CURRENT SYSTEM

    Add to the system.

    Your existing application is for the most part functionally rich but may need some tweaking. Spend time and effort enhancing your current system.

    You will be able to add functions by leveraging existing system features. Augmentation requires limited investment and less time and effort than a full system replacement.

    INDICATORS

    POTENTIAL SOLUTIONS

    Technology Pain Points

    • Lack of reporting functions
    • Lacking functional depth in key process areas
    • Add point solutions or enable modules to address missing functionality

    Data Pain Points

    • Poor data quality
    • Lack of data for processing and reporting
    • Single-source data entry
    • Add modules or augment processes to capture data

    Alternative 2: Augment current solution

    AUGMENT CURRENT SYSTEM

    Maintain core system.

    Invest in SAP modules or extended functionality.

    Add functionality with bolt-on targeted “best of breed” solutions.

    Invest in tools to make the SAP portfolio and ecosystem work better.

    Alternative Overview

    Initial Investment ($)

    High

    Risk

    High

    Change Management

    High

    Operating Costs ($)

    High

    Alignment With Organizational Goals and ERP Strategy

    High

    Key Considerations

    • Now that I know my needs, where is the current system underused?
    • Do we have specialized needs?
    • Which functions can best enable the business?

    Advantages

    • Meet specific business needs – right solution for each component
    • Well-aligned to specific business needs
    • Higher morale – best solution with improved user interface
    • Allows you to find the right solution for the unique needs of the organization
    • Allows you to incorporate a light change management strategy that can include training for the end users and IT
    • Incorporate best practice processes
    • Leverage out-of-the-box functionality

    Disadvantages

    • Multiple technological solutions
    • Lots of integrations
    • Out-of-sync upgrades
    • Extra costs – potential less negotiation leverage
    • Multiple solutions to support
    • Multiple vendors
    • Less control over upgrades – including timing (potential out of sync)
    • More training – multiple products, multiple interfaces
    • Confusion – which system to use when
    • Need more HR specialization
    • More complexity in reporting
    • More alignment with JDE E1 information

    For what time frame does this make sense?

    Short Term

    Medium Term

    Long Term

    Option: Consolidate systems

    Consolidate and integrate your current systems to address your technology and data pain points.

    CONSOLIDATE AND INTEGRATE SYSTEMS

    Get rid of one system, combine two, or connect many.

    Your ERP application portfolio consists of multiple apps serving the same functions.

    Consolidating your systems eliminates the need to manage multiple pieces of software that provide duplicate functionality. Reducing the number of ERP applications makes integration and data sharing simpler.

    INDICATORS

    POTENTIAL SOLUTIONS

    Technology Pain Points

    • Disparate and disjointed systems
    • Multiple systems supporting the same function
    • Unused software licenses
    • System consolidation
    • System and module integration
    • Assess usage and consolidate licensing

    Data Pain Points

    • Multiple versions of same data
    • Duplication of data entry in different modules or systems
    • Poor data quality
    • Centralize core records
    • Assign data ownership
    • Single-source data entry

    Alternative 3: Consolidate systems

    AUGMENT CURRENT SYSTEM

    Get rid of old disparate on-premise solutions.

    Consolidate into an up-to-date ERP solution.

    Standardize across the organization.

    Alternative Overview

    Initial Investment ($)

    High

    Risk

    Med

    Change Management

    Med

    Operating Costs ($)

    Med

    Alignment With Organizational Goals and ERP Strategy

    High

    Key Considerations

    • Now that I know my needs, where is the current system underused?
    • Do we have specialized needs?
    • Which functions can best enable the business?

    Advantages

    • Aligns the technology across the organization
    • Streamlining of processes
    • Opportunity for decreased costs
    • Easier to maintain
    • Modernizes the SAP portfolio
    • Easier to facilitate training
    • Incorporate best practice processes
    • Leverage out-of-the-box functionality

    Disadvantages

    • Unique needs of some business units may not be addressed
    • Will require change management and training
    • Deeper investment in SAP

    For what time frame does this make sense?

    Short Term

    Medium Term

    Long Term

    Option: Upgrade System

    Upgrade your system to address gaps in your existing processes and various pain points.

    REPLACE CURRENT SYSTEM

    Move to a new SAP solution

    You’re transitioning from an end-of-life legacy system. Your existing system offers poor functionality and poor integration. It would likely be more cost- and time-efficient to replace the application and its surrounding processes altogether. You are satisfied with SAP overall and want to continue to leverage your SAP relationships and investments.

    INDICATORS

    POTENTIAL SOLUTIONS

    Technology Pain Points

    • Obsolete or end-of-life technology portfolio
    • Lack of functionality and poor integration
    • Not aligned with technology direction or enterprise architecture plans
    • Evaluate the ERP technology landscape
    • Determine if you need to replace the current system with a point solution or an all-in-one solution
    • Align ERP technologies with enterprise architecture

    Data Pain Points

    • Limited capability to store and retrieve data
    • Understand your data requirements

    Process Pains

    • Insufficient tools to manage workflow
    • Review end-to-end processes
    • Assess user satisfaction

    Alternative 4: Upgrade System

    UPGRADE SYSTEM

    Upgrade your current SAP systems with SAP product replacements.

    Invest in SAP with the appropriate migration path for your organization.

    Alternative Overview

    Initial Investment ($)

    High

    Risk

    Med

    Change Management

    Med

    Operating Costs ($)

    Med

    Alignment With Organizational Goals and ERP Strategy

    High

    Key Considerations

    • Now that I know my needs, where is the current system underused?
    • Do we have specialized needs?
    • Which functions can best enable the business?

    Advantages

    • Aligns the technology across the organization
    • Opportunity for business transformation
    • Allows you to leverage your SAP and SI relationships
    • Modernizes your ERP portfolio
    • May offer you advantages around business transformation and process improvement
    • Opportunity for new hosting options
    • May offer additional opportunities for consolidation or business enablement

    Disadvantages

    • Big initiative
    • Costly
    • Adds business risk during ERP upgrade
    • May require a high amount of change management
    • Organization will have to build resources to support the replacement and ongoing support of the new product
    • Training will be required across business and IT
    • Integrations with other applications may need to be rebuilt

    For what time frame does this make sense?

    Short Term

    Medium Term

    Long Term

    Option: Replace your current system

    Replace your system to address gaps in your existing processes and various pain points.

    REPLACE CURRENT SYSTEM

    Start from scratch.

    You’re transitioning from an end-of-life legacy system. Your existing system offers poor functionality and poor integration. It would likely be more cost and time efficient to replace the application and its surrounding processes all together.

    INDICATORS

    POTENTIAL SOLUTIONS

    Technology Pain Points

    • Lack of functionality and poor integration
    • Obsolete technology
    • Not aligned with technology direction or enterprise architecture plans
    • Dissatisfaction with SAP and SI
    • Evaluate the ERP technology landscape
    • Determine if you need to replace the current system with a point solution or an all-in-one solution
    • Align ERP technologies with enterprise architecture

    Data Pain Points

    • Limited capability to store and retrieve data
    • Understand your data requirements

    Process Pains

    • Insufficient tools to manage workflow
    • Review end-to-end processes
    • Assess user satisfaction

    Alternative 5: Replace SAP with another ERP solution

    AUGMENT CURRENT SYSTEM

    Get rid of old disparate on-premises solutions.

    Consolidate into an up-to-date ERP solution.

    Standardize across the organization.

    Alternative Overview

    Initial Investment ($)

    High

    Risk

    Med

    Change Management

    Med

    Operating Costs ($)

    Med

    Alignment With Organizational Goals and ERP Strategy

    High

    Key Considerations

    • Do we have the appetite to walk away from SAP?
    • What opportunities are we looking for?
    • Are other ERP solutions better for our business?

    Advantages

    • Allows you to explore ERP options outside of SAP
    • Aligns the technology across the organization
    • Opportunity for business transformation
    • Allows you to move away from SAP
    • Modernizes your ERP portfolio
    • May offer you advantages around business transformation and process improvement
    • Opportunity for new hosting options
    • May offer additional opportunities for consolidation or business enablement

    Disadvantages

    • Big initiative
    • Costly
    • Adds business risk during ERP replacement
    • Relationships will have to be rebuilt with ERP vendor and SIs
    • May require a high amount of change management
    • Organization will have to build resources to support the replacement and ongoing support of the new product
    • Training will be required across business and IT
    • Integrations with other applications may need to be rebuilt

    For what time frame does this make sense?

    Short Term

    Medium Term

    Long Term

    Activity 4.1.1: Pick your path

    1.5 hours

    For each given path selected, identify:

    • Advantage
    • Disadvantages
    • Initial Investment ($)
    • Risk
    • Change Management
    • Operating Costs ($)
    • Alignment With ERP Objectives
    • Key Considerations
    • Timeframe

    Record this information in the Get the Most Out of Your SAP Workbook.

    The image contains a screenshot of activity 4.1.1 pick your path.

    Download the Get the Most Out of Your SAP Workbook

    Pick the right SAP migration path for your organization

    There are three S/4HANA paths you can take to achieve your ideal future state. Make sure to pick the one that suits your needs as defined by your current state and meets your overall long-term roadmap.

    The image contains a diagram of the pathways that can be take from current state to future state. The options are: BEST PRACTICE QUICK WIN
(Public Cloud), AUGMENT BEST PRACTICE (Private Cloud), OWN FULL SOLUTION (On Premise)

    SAP S/4 HANA offerings can be confusing

    The image contains a screenshot that demonstrates the SAP S/4 Offerings.

    What is the cloud, how is it deployed, and how is service provided?

    The image contains a screenshot from the National Institute of Standards and Technology that describes the Cloud Characteristics, Service Model, and Delivery Model.

    A workload-first approach will allow you to take full advantage of the cloud’s strengths

    • Under all but the most exceptional circumstances good cloud strategies will incorporate different service models. Very few organizations are “IaaS shops” or “SaaS shops,” even if they lean heavily in a one direction.
    • These different service models (including non-cloud options like colocation and on-premises infrastructure) each have different strengths. Part of your cloud strategy should involve determining which of the services makes the most sense for you.
    • Own the cloud by understanding which cloud (or non-cloud!) offering makes the most sense for you, given your unique context.

    See Info-Tech’s Define Your Cloud Vision for more information.

    Cloud service models

    • This research focuses on five key service models, each of which has its own strengths and weaknesses. Moving right from “on-prem” customers gradually give up more control over their environments to cloud service providers.
    • An entirely premises-based environment means that the customer is responsible for everything ranging from the dirt under the datacenter to application-level configurations. Conversely, in a SaaS environment, the provider is responsible for everything but those top-level application configurations.
    • A managed service provider or other third-party can manage any or of the components of the infrastructure stack. A service provider may, for example, build a SaaS solution on top of another provider’s IaaS or offer configuration assistance with a commercially available SaaS.

    Info-Tech Insight

    Not all workloads fit well in the cloud. Many environments will mix service models (e.g. SaaS for some workloads, some in IaaS, some on-premises) and this can be perfectly effective. It must be consistent and intentional, however.

    The image contains a screenshot of cloud service models: On-prem, CoLo, laaS, PaaS, and SaaS

    Option: Best Practice Quick Win

    S/4HANA Cloud, Essentials

    Updates

    4 times a year

    License Model

    Subscription

    Server Platform

    SAP

    Platform Management

    SAP only

    Pre-Set Templates (industries)

    Not allowed

    Single vs. Multi-Tenant

    Multi-client

    Maintenance ALM Tool

    SAP ALM

    New Implementation

    This is a public cloud solution for new clients adopting SAP that are mostly looking for full functionality within best practice.

    Consider a full greenfield approach. Even for mid-size existing customers looking for a best-practice overhaul.

    Functionality is kept to the core. Any specialties or unique needs would be outside the core.

    Regional localization is still being expanded and must be evaluated early if you are a global company.

    Option: Augment Best Practice

    S/4HANA Cloud, Extended Edition

    Updates

    Every 1-2 years or up to client’s schedule

    License Model

    Subscription

    Server Platform

    AZURE, AWS, Google

    Platform Management

    SAP only

    Pre-Set Templates (industries)

    Coded separately

    Single vs. Multi-Tenant

    Single tenant

    Maintenance ALM Tool

    SAP ALM or SAP Solution Manager

    New Implementation With Client Specifics

    No longer available to new customers from January 25, 2022, though available for renewals.

    Replacement is called SAP Extended Services for SAP S/4HANA Cloud, private edition.

    This offering is a grey area, and the extended offerings are being defined.

    New S/4HANA Cloud extensibility is being offered to early adopters, allowing for customization within a separate system landscape (DTP) and aiming for an SAP Central Business Configuration solution for the cloud. A way of fine-tuning to meet customer-specific needs.

    Option: Augment Best Practice (Cont.)

    S/4HANA Cloud, Private Edition

    Updates

    Every 1-5 years or up to client’s schedule

    License Model

    Subscription

    Server Platform

    AZURE, AWS, Google

    Platform Management

    SAP only

    Pre-Set Templates (industries)

    Allowed

    Single vs. Multi-Tenant

    Single tenant

    Maintenance ALM Tool

    SAP ALM or SAP Solution Manager

    New Implementation With Client Specifics

    This is a private cloud solution for existing or new customers needing more uniqueness, though still looking to adopt best practice.

    Still considered a new implementation with data migration requirements that need close attention.

    This offering is trying to move clients to the S/4HANA Cloud with close competition with the Any Premise product offering. Providing client specific scalability while allowing for standardization in the cloud and growth in the digital strategy. All customizations and ABAP functionality must be revisited or revamped to fit standardization.

    Option: Own Full Solution

    S/4HANA Any Premise

    Updates

    Client decides

    License Model

    Perpetual or subscription

    Server Platform

    AZURE, AWS, Google, partner's or own server room

    Platform Management

    Client and/or partner

    Pre-Set Templates (industries)

    Allowed

    Single vs. Multi-Tenant

    Single tenant

    Maintenance ALM Tool

    SAP Solution Manager

    Status Quo Migration to S/4HANA

    This is for clients looking for a quick transition to S/4HANA with minimal risks and without immediate changes to their operations.

    Though knowing the direction with SAP is toward its cloud solution, this may be a long costly path to getting the that end state.

    The Any Premise version carries over existing critical ABAP functionalities, and the SAP GUI can remain as the user interface.

    Activity 4.1.2 (Optional) Evaluate optimization initiatives

    1 hour

    1. If there is an opportunity to optimize the current SAP environment or prepare for the move to a new platform, continue with this step.
    2. Valuate your optimization initiatives from tab 3.2 “Optimization Initiatives.”

    Consider: relevance to achieving goals, number of users, importance to role, satisfaction with features, usability, data quality

    Value Opportunities: increase revenue, decrease costs, enhanced services, reach customers

    Additional Factors:

    • Current to Future Risk Profile
    • Number of Departments to Benefit
    • Importance to Stakeholder Relations
    • Resources: Do we have resources available and the skillset?
    • Cost
    • Overall Effort Rating
    • "Gut Check: Is it achievable? Have we done it or something similar before? Are we willing to invest in it?"

    Prioritize

    • Relative priority
    • Determine if this will be included in your optimization roadmap
    • Decision to proceed
    • Next steps

    Record this information in the Get the Most Out of Your SAP Workbook.

    Download the Get the Most Out of Your SAP Workbook

    Activity 4.1.3 Roadmap building blocks: SAP migration

    1 hour

    Migration paths: Determine your migration path and next steps using the Activity 4.1.1 “SAP System Options.”

    1. Identify initiatives and next steps.
    2. For each item on your roadmap, assign an owner who will be accountable to the completion of the roadmap item.
    3. Wherever possible, assign a start date, month, or quarter. The more specific you can be the better.
    4. Identify completion dates to create a sense of urgency. If you are struggling with start dates, it can help to start with a finish date and “back in” to a start date based on estimated efforts.
    5. Include periphery tasks such as communication strategy.

    Record this information in the Get the Most Out of Your SAP Workbook.

    Note: Your roadmap should be treated as a living document that is updated and shared with the stakeholders on a regular schedule.

    The image contains a diagram of the pathways that can be take from current state to future state. The options are: BEST PRACTICE QUICK WIN
(Public Cloud), AUGMENT BEST PRACTICE (Private Cloud), OWN FULL SOLUTION (On Premise)

    Download the Get the Most Out of Your SAP Workbook

    Activity 4.1.4 Roadmap building blocks: SAP optimization

    1 hour

    Optimization initiatives: Determine which if any to proceed with.

    1. Identify initiatives.
    2. For each item on your roadmap, assign an owner who will be accountable to the completion of the roadmap item.
    3. Wherever possible, assign a start date, month, or quarter. The more specific you can be the better.
    4. Identify completion dates to create a sense of urgency. If you are struggling with start dates, it can help to start with a finish date and “back in” to a start date based on estimated efforts.
    5. Include periphery tasks such as communication strategy.

    Record this information in the Get the Most Out of Your SAP Workbook.

    Note: Your roadmap should be treated as a living document that is updated and shared with the stakeholders on a regular schedule.

    The image contains a screenshot of activity 4.1.4 SAP optimization.

    Download the Get the Most Out of Your SAP Workbook

    SAP optimization roadmap

    Initiative

    Owner

    Start Date

    Completion Date

    Create final workshop deliverable

    Info-Tech

    16 September 2021

    Review final deliverable

    Workshop sponsor

    Present to executive team

    October 2021

    Build business case

    CFO, CIO, Directors

    3 weeks to build

    3-4 weeks process time

    Build an RFI for initial costings

    1-2 weeks

    Stage 1 approval for requirements gathering

    Executive committee

    Milestone

    Determine and acquire BA support for next step

    1 week

    Requirements gathering – level 2 processes

    Project team

    1 week

    Build RFP (based on informal approval)

    CFO, CIO, Directors

    4th calendar quarter 2022

    Possible completion: January 2023

    2-4 weeks

    Data strategy optimization

    The image contains a graph to demonstrate the data strategy optimization.

    Activity 4.1.5 (Optional) Build a visual SAP roadmap

    1 hour

    1. For some, a visual representation of a roadmap is easier to comprehend. Consider taking the roadmap built in 4.1.4 and creating a visual.
    2. Record this information in the Get the Most Out of Your SAP Workbook.

      The image contains a screenshot of activity 4.1.5 build a visual SAP roadmap.

    Download the Get the Most Out of Your SAP Workbook

    SAP strategy roadmap

    The image contains a screenshot of the SAP strategy roadmap.

    Implementations Partners

    • Able to consult, migrate, implement, and manage the SAP S/4HANA business suite across industries.
    • Able to transform the enterprise’s core business system to achieve the desired outcome.
    • Capable in strategic planning, building business cases, developing roadmaps, cost and time analysis, deployment model (on-prem, cloud, hybrid model), database conversion, database and operational support, and maintenance services.

    Info-Tech Insight

    It is becoming a common practice for implementation partners to engage in a two- to three-month Discovery Phase or Phase 0 to prepare an implementation roadmap. It is important to understand how this effort is tied to the overall service agreement.

    The image contains several logos of the implementation partners: Atos, Accenture, Cognizant, EY, Infosys, Tech Mahindra, LTI, Capgemini, Wipro, IBM, tos.

    Summary of Accomplishment

    Get the Most Out of Your SAP

    ERP technology is critical to facilitating an organization’s flow of information across business units. It allows for seamless integration of systems and creates a holistic view of the enterprise to support decision making. ERP implementation should not be a one-and-done exercise. There needs to be an ongoing optimization to enable business processes and optimal organizational results.

    Get the Most Out of Your SAP allows organizations to proactively implement continuous assessment and optimization of their enterprise resource planning system, including:

    • Alignment and prioritization of key business and technology drivers.
    • Identification of processes, including classification and gap analysis.
    • Measurement of user satisfaction across key departments.
    • Improved vendor relations.
    • Data quality initiatives.

    This formal SAP optimization initiative will drive business-IT alignment, identify IT automation priorities, and dig deep into continuous process improvement.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com

    1-888-670-8889

    Research Contributors

    The image contains a picture of Ben Dickie.

    Ben Dickie

    Research Practice Lead

    Info-Tech Research Group

    Ben Dickie is a Research Practice Lead at Info-Tech Research Group. His areas of expertise include customer experience management, CRM platforms, and digital marketing. He has also led projects pertaining to enterprise collaboration and unified communications.

    The image contains a picture of Scott Bickley.

    Scott Bickley

    Practice Lead and Principal Research Director

    Info-Tech Research Group

    Scott Bickley is a Practice Lead and Principal Research Director at Info-Tech Research Group focused on vendor management and contract review. He also has experience in the areas of IT asset management (ITAM), software asset management (SAM), and technology procurement along with a deep background in operations, engineering, and quality systems management.

    The image contains a picture of Andy Neil.

    Andy Neil

    Practice Lead, Applications

    Info-Tech Research Group

    Andy is a Senior Research Director, Data Management and BI, at Info-Tech Research Group. He has over 15 years of experience in managing technical teams, information architecture, data modeling, and enterprise data strategy. He is an expert in enterprise data architecture, data integration, data standards, data strategy, big data, and the development of industry standard data models.

    Bibliography

    Armel, Kate. "New Article: Data-Driven Estimation, Management Lead to High Quality." QSM: Quantitative Software Management, 14 May 2013. Accessed 4 Feb. 2021.

    Enterprise Resource Planning. McKinsey, n.d. Accessed 13 Apr. 2022.

    Epizitone, Ayogeboh. Info-Tech Interview, 10 May 2021.

    Epizitone, Ayogeboh, and Oludayo O. Olugbara. “Principal Component Analysis on Morphological Variability of Critical Success Factors for Enterprise Resource Planning.” International Journal of Advanced Computer Science and Applications (IJACSA), vol. 11, no. 5, 2020. Web.

    Gheorghiu, Gabriel. "The ERP Buyer’s Profile for Growing Companies." Selecthub, 2018. Accessed 21 Feb. 2021.

    Karlsson, Johan. "Product Backlog Grooming Examples and Best Practices." Perforce, 18 May 2018. Accessed 4 Feb. 2021.

    Lichtenwalter, Jim. “A look back at 2021 and a look ahead to 2022.” ASUG, 23 Jan. 2022. Web.

    “Maximizing the Emotional Economy: Behavioral Economics." Gallup, n.d. Accessed 21 Feb. 2021.

    Mell, Peter, and Timothy Grance. “The NIST Definition of Cloud Computing.” National Institute of Standards and Technology. Sept. 2011. Web.

    Norelus, Ernese, Sreeni Pamidala, and Oliver Senti. "An Approach to Application Modernization: Discovery and Assessment Phase," Medium, 24 Feb 2020. Accessed 21 Feb. 2021.

    “Process Frameworks." APQC, n.d. Accessed 21 Feb. 2021.

    “Quarterly number of SAP S/4HANA subscribers worldwide, from 2015 to 2021.” Statista, n.d. Accessed 13 Apr. 2022.

    Riley, L., C.Hanna, and M. Tucciarone. “Rightsizing SAP in these unprecedented times.” Upperedge, 19 May 2020.

    Rubin, Kenneth S. Essential Scrum: A Practical Guide to the Most Popular Agile Process. Pearson Education, 2012.

    “SAP S/4HANA Product Scorecard Report.” SoftwareReviews, n.d. Accessed 18 Apr. 2022.

    Saxena, Deepak, and Joe Mcdonagh. "Evaluating ERP Implementations: The Case for a Lifecycle-based Interpretive Approach." The Electronic Journal of Information Systems Evaluation, vol. 22, no. 1, 2019, pp. 29-37. Accessed 21 Feb. 2021.

    Smith, Anthony. "How To Create A Customer-Obsessed Company Like Netflix." Forbes, 12 Dec. 2017. Accessed 21 Feb. 2021.

    Create a Data Management Roadmap

    • Buy Link or Shortcode: {j2store}122|cart{/j2store}
    • member rating overall impact (scale of 10): 9.3/10 Overall Impact
    • member rating average dollars saved: $100,135 Average $ Saved
    • member rating average days saved: 36 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management

    Data has quickly become one of the most valuable assets in any organization. But when it comes to strategically and effectively managing those data assets, many businesses find themselves playing catch-up. The stakes are high because ineffective data management practices can have serious consequences, from poor business decisions and missed revenue opportunities to critical cybersecurity risks.

    Successful management and consistent delivery of data assets requires collaboration between the business and IT and the right balance of technology, process, and resourcing solutions.

    Build an effective and collaborative data management practice

    Data management is not one-size-fits-all. Cut through the noise around data management and create a roadmap that is right for your organization:

    • Align data management plans with business requirements and strategic plans.
    • Create a collaborative plan that unites IT and the business in managing data assets.
    • Design a program that can scale and evolve over time.
    • Perform data strategy planning and incorporate data capabilities into your broader plans.
    • Identify gaps in current data services and the supporting environment and determine effective corrective actions.

    This blueprint will help you design a data management practice that builds capabilities to support your organization’s current use of data and its vision for the future.

    Create a Data Management Roadmap Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create a Data Management Roadmap Storyboard – Use this deck to help you design a data management practice and turn data into a strategic enabler for the organization.

    Effective data delivery and management provides the business with new and improved opportunities to leverage data for business operations and decision making. This blueprint will help you design a data management practice that will help your team build capabilities that align to the business' current usage of data and its vision for the future.

    • Create a Data Management Roadmap – Phases 1-2

    2. Data Management Strategy Planning Tools – Use these tools to align with the business and lay the foundations for the success of your data management practice.

    Begin by using the interview guide to engage stakeholders to gain a thorough understanding of the business’ challenges with data, their strategic goals, and the opportunities for data to support their future plans. From there, these tools will help you identify the current and target capabilities for your data management practice, analyze gaps, and build your roadmap.

    • Data Strategy Planning Interview Guide
    • Data Management Assessment and Planning Tool
    • Data Management Project Charter Template

    3. Stakeholder Communication and Assessment Tools – Use these templates to develop a communication strategy that will convey the value of the data management project to the organization and meet the needs of key stakeholders.

    Strong messaging around the value and purpose of the data management practice is essential to ensure buy-in. Use these templates to build a business case for the project and socialize the idea of data management across the various levels of the organization while anticipating the impact on and reactions from key stakeholders.

    • Data Management Communication/Business Case Template
    • Project Stakeholder and Impact Assessment Tool

    4. Data Management Strategy Work Breakdown Structure Template – Use this template to maintain strong project management throughout your data management project.

    This customizable template will support an organized approach to designing a program that addresses the business’ current and evolving data management needs. Use it to plan and track your deliverables and outcomes related to each stage of the project.

    • Data Management Strategy Work Breakdown Structure Template

    5. Data Management Roadmap Tools – Use these templates to plan initiatives and create a data management roadmap presentation.

    Create a roadmap for your data management practice that aligns to your organization’s current needs for data and its vision for how it wants to use data over the next 3-5 years. The initiative tool guides you to identify and record all initiative components, from benefits to costs, while the roadmap template helps you create a presentation to share your project findings with your executive team and project sponsors.

    • Initiative Definition Tool
    • Data Management Roadmap Template

    6. Track and Measure Benefits Tool – Use this tool to monitor the project’s progress and impact.

    Benefits tracking enables you to measure the effectiveness of your project and make adjustments where necessary to realize expected benefits. This tool will help you track benefit metrics at regular intervals to report progress on goals and identify benefits that are not being realized so that you can take remedial action.

    • Track and Measure Benefits Tool

    Infographic

    Workshop: Create a Data Management Roadmap

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Develop Data Strategies

    The Purpose

    Understand the business’s vision for data and the role of the data management practice.

    Determine business requirements for data.

    Map business goals and strategic plans to create data strategies.

    Key Benefits Achieved

    Understanding of business’s vision for data

    Unified vision for data management (business and IT)

    Identification of the business’s data strategies

    Activities

    1.1 Establish business context for data management.

    1.2 Develop data management principles and scope.

    1.3 Develop conceptual data model (subject areas).

    1.4 Discuss strategic information needs for each subject area.

    1.5 Develop data strategies.

    1.6 Identify data management strategies and enablers.

    Outputs

    Practice vision

    Data management guiding principles

    High-level data requirements

    Data strategies for key data assets

    2 Assess Data Management Capabilities

    The Purpose

    Determine the current and target states of your data management practice.

    Key Benefits Achieved

    Clear understanding of current environment

    Activities

    2.1 Determine the role and scope of data management within the organization.

    2.2 Assess current data management capabilities.

    2.3 Set target data management capabilities.

    2.4 Identify performance gaps.

    Outputs

    Data management scope

    Data management capability assessment results

    3 Analyze Gaps and Develop Improvement Initiatives

    The Purpose

    Identify how to bridge the gaps between the organization’s current and target environments.

    Key Benefits Achieved

    Creation of key strategic plans for data management

    Activities

    3.1 Evaluate performance gaps.

    3.2 Identify improvement initiatives.

    3.3 Create preliminary improvement plans.

    Outputs

    Data management improvement initiatives

    4 Design Roadmap and Plan Implementation

    The Purpose

    Create a realistic and action-oriented plan for implementing and improving the capabilities for data management.

    Key Benefits Achieved

    Completion of a Data Management Roadmap

    Plan for how to implement the roadmap’s initiatives

    Activities

    4.1 Align data management initiatives to data strategies and business drivers.

    4.2 Identify dependencies and priorities

    4.3 Build a data management roadmap (short and long term)

    4.4 Create a communication plan

    Outputs

    Data management roadmap

    Action plan

    Communication plan

    Further reading

    Contents

    Executive Brief
    Analyst Perspective
    Executive Summary
    Phase 1: Build Business and User Context
    Phase 2: Assess Data Management and Build Your Roadmap
    Additional Support
    Related Research
    Bibliography

    Create a Data Management Roadmap

    Ensure the right capabilities to support your data strategy.

    EXECUTIVE BRIEF

    Analyst Perspective

    Establish a data management program to realize the data strategy vision and data-driven organization.

    Data is one of the most valuable organizational assets, and data management is the foundation – made up of plans, programs, and practices – that delivers, secures, and enhances the value of those assets.

    Digital transformation in how we do business and innovations like artificial intelligence and automation that deliver exciting experiences for our customers are all powered by readily available, trusted data. And there’s so much more of it.

    A data management roadmap designed for where you are in your business journey and what’s important to you provides tangible answers to “Where do we start?” and “What do we do?”

    This blueprint helps you build and enhance data management capabilities as well as identify the next steps for evaluating, strengthening, harmonizing, and optimizing these capabilities, aligned precisely with business objectives and data strategy.

    Andrea Malick
    Director, Research & Advisory, Data & Analytics Practice
    Info-Tech Research Group

    Frame the problem

    Who this research is for
    • Data management professionals looking to improve the organization’s ability to leverage data in value-added ways
    • Data governance managers and data analysts looking to improve the effectiveness and value of their organization’s data management practice
    This research will help you
    • Align data management plans with business requirements and strategic plans.
    • Create a collaborative plan that unites IT and the business in managing the organization’s data assets.
    • Design a data management program that can scale and evolve over time.
    This research will also assist
    • Business leaders creating plans to leverage data in their strategic planning and business processes
    • IT professionals looking to improve the environment that manages and delivers data
    This research will also help you
    • Perform data strategy planning and incorporate data capabilities and plans into your broader plans.
    • Identify gaps in current data services and the supporting environment and determine effective corrective actions.

    Executive Summary

    Your Challenge
    • The organizational appetite for data is increasing, with growing demands for data to better support business processes and inform decision making.
    • For data to be accessible and trustworthy for the business it must be effectively managed throughout its lifecycle.
    • With so much data circulating throughout our systems and a steady flow via user activity and business activities, it is imperative that we understand our data environment, focus our data services and oversight on what really matters, and work closely with business leads to ensure data is an integral part of the digital solution.
    Common Obstacles
    • Despite the growing focus on data, many organizations struggle to develop an effective strategy for managing their data assets.
    • Successful management and consistent delivery of data assets throughout their lifecycle requires the collaboration of the business and IT and the balance of technology, process, and resourcing solutions.
    • Employees are doing their best to just get things done with their own spreadsheets and familiar patterns of behavior. It takes leadership to pause those patterns and take a thoughtful enterprise and strategic approach to a more streamlined – and transformed – business data service.
    Info-Tech’s Approach
    • Incremental approach: Building a mature and optimized practice doesn’t occur overnight – it takes time and effort. Use this blueprint’s approach and roadmap results to support your organization in building a practice that prioritizes scope, increases the effectiveness of your data management practice, and improves your alignment with business data needs.
    • Build smart: Don’t do data management for data management’s sake; instead, align it to business requirements and the business’ vision for the organization’s data. Ensure initiatives and program investments best align to business priorities and support the organization in becoming more data driven and data centric.

    Info-Tech Insight

    Use value streams and business capabilities to develop a prioritized and practical data management plan that provides the highest business satisfaction in the shortest time.

    Full page illustration of the 'Create a Data Management Roadmap' using the image of a cargo ship labelled 'Data Management' moving in the direction of 'Business Strategy'. The caption at the top reads 'Data Management capabilities create new business value by augmenting data & optimizing it for analytics. Data is a digital imprint of organizational activities.'

    Data Management Capabilities

    A similar concept to the last one, with a ship moving toward 'Business Strategy', except the ship is cross-sectioned with different capabilities filling the interior of the silhouette. Below are different steps in data management 'Data Creation', 'Data Ingestion', 'Data Accumulation, 'Data Augmentation', 'Data Delivery', and 'Data Consumption'.

    Data is a business asset and needs to be treated like one

    Data management is an enabler of the business and therefore needs to be driven by business goals and objectives. For data to be a strategic asset of the business, the business and IT processes that support its delivery and management must be mature and clearly executed.

    Business Drivers
    1. Client Intimacy/Service Excellence
    2. Product and Service Innovations
    3. Operational Excellence
    4. Risk and Compliance Management
    Data Management Enablers
    • Data Governance
    • Data Strategy Planning
    • Data Architecture
    • Data Operations Management
    • Data Risk Management
    • Data Quality Management

    Industry spotlight: Risk management in the financial services sector

    REGULATORY
    COMPLIANCE

    Regulations are the #1 driver for risk management.

    US$11M:

    Fine incurred by a well-known Wall Street firm after using inaccurate data to execute short sales orders.
    “To successfully leverage customer data while maintaining compliance and transparency, the financial sector must adapt its current data management strategies to meet the needs of an ever-evolving digital landscape.” (Phoebe Fasulo, Security Scorecard, 2021)

    Industry spotlight: Operational excellence in the public sector

    GOVERNMENT
    TRANSPARENCY

    With frequent government scandals and corruption dominating the news, transparency to the public is quickly becoming a widely adopted practice at every level of government. Open government is the guiding principle that the public has access to the documents and proceedings of government to allow for effective public oversight. With growing regulations and pressure from the public, governments must adopt a comprehensive data management strategy to ensure they remain accountable to their rate payers, residents, businesses, and other constituents.

    1. Transparency Transparency is not just about access; it’s about sharing and reuse.
    2. Social and commercial value Everything from finding your local post office to building a search engine requires access to data.
    3. Participatory government Open data enables citizens to be more directly informed and involved in decision making.

    Industry spotlight: Operational excellence and client intimacy in major league sports

    SPORTS
    ANALYTICS

    A professional sports team is essentially a business that is looking for wins to maximize revenue. While they hope for a successful post-season, they also need strong quarterly results, just like you. Sports teams are renowned for adopting data-driven decision making across their organizations to do everything from improving player performance to optimizing tickets sales. At the end of the day, to enable analytics you must have top-notch information management.

    Team Performance Benefits
    1. Talent identification
    2. In-game decision making
    3. Injury reduction
    4. Athlete performance
    5. Bargaining agreement
    Team Performance Benefits
    1. Fan engagement
    2. Licensing
    3. Sports gambling
    (Deloitte Insights, 2020)
    Industry leaders cite data, and the insights they glean from it, as their means of standing apart from their competitors.

    Industry spotlight: Operational excellence and service delivery within manufacturing and supply chain services

    SUPPLY CHAIN
    EFFICIENCY

    Data offers key insights and opportunities when it comes to supply chain management. The supply chain is where the business strategy gets converted to operational service delivery of the business. Proper data management enables business processes to become more efficient, productive, and profitable through the greater availability of quality data and analysis.

    Fifty-seven percent of companies believe that supply chain management gives them a competitive advantage that enables them to further develop their business (FinancesOnline, 2021).

    Involving Data in Your Supply Chain

    25%

    Companies can reap a 25% increase in productivity, a 20% gain in space usage, and a 30% improvement in stock use efficiency if they use integrated order processing for their inventory system.

    36%

    Thirty-six percent of supply chain professionals say that one of the top drivers of their analytics initiatives is the optimization of inventory management to balance supply and demand.
    (Source: FinancesOnline, 2021)

    Industry spotlight: Intelligent product innovation and strong product portfolios differentiate consumer retailers and CPGs

    INFORMED PRODUCT
    DEVELOPMENT
    Consumer shopping habits and preferences are notoriously variable, making it a challenge to develop a well-received product. Information and insights into consumer trends, shopping preferences, and market analysis support the probability of a successful outcome.

    Maintaining a Product Portfolio
    What is selling? What is not selling?

    Product Development
    • Based on current consumer buying patterns, what will they buy next?
    • How will this product be received by consumers?
    • What characteristics do consumers find important?
    A combination of operational data and analytics data is required to accurately answer these questions.
    Internal Data
    • Organizational sales performance
    External Data
    • Competitor performance
    • Market analysis
    • Consumer trends and preferences
    Around 75% of ideas fail for organizational reasons – viability or feasibility or time to market issues. On the other hand, around 20% of product ideas fail due to user-related issues – not valuable or usable (Medium, 2020).

    Changes in business and technology are changing how organizations use and manage data

    The world moves a lot faster today

    Businesses of today operate in real time. To maintain a competitive edge, businesses must identify and respond quickly to opportunities and events.

    To effectively do this businesses must have accurate and up-to-date data at their fingertips.

    To support the new demands around data consumption, data velocity (pace in which data is captured, organized, and analyzed) must also accelerate.

    Data Management Implications
    • Strong integration capabilities
    • Intelligent and efficient systems
    • Embedded data quality management
    • Strong transparency into the history of data and its transformation

    Studies and projections show a clear case of how data and its usage will grow and evolve.

    Zettabyte Era

    64.2

    More Data

    The amount of data created, consumed, and stored globally is forecast to increase rapidly, reaching 64.2 zettabytes in 2020 and projected to grow to over 180 zettabyes in 2025 (Statista, 2021).

    Evolving Technologies

    $480B

    Cloud Proliferation

    Global end-user spending on public cloud services is expected to exceed $480 billion next year (Info-Tech, 2021).

    To differentiate and remain competitive in today’s marketplace, organizations are becoming more data-driven

    Pyramid with a blue tip. Sublevels from top down are labelled 'Analytical Companies', 'Analytical Aspirations', 'Localized Analytics', and 'Analytically Impaired'.

    Analytic Competitor

    “Given the unforgiving competitive landscape, organizations have to transform now, and correctly. Winning requires an outcome-focused analytics strategy.” (Ramya Srinivasan, Forbes, 2021)
    Data and the use of data analytics has become a centerpiece to effective modern business. Top-performing organizations across a variety of industries have been cited as using analytics five times more than lower performers (MIT Sloan).

    The strategic value of data

    Power intelligent and transformative organizational performance through leveraging data.

    Respond to industry disruptors

    Optimize the way you serve your stakeholders and customers

    Develop products and services to meet ever-evolving needs

    Manage operations and mitigate risk

    Harness the value of your data

    Despite investments in data initiatives, organizations are carrying high levels of data debt

    Data debt is the accumulated cost that is associated with the suboptimal governance of data assets in an enterprise, like technical debt.

    Data debt is a problem for 78% of organizations.

    40%

    of organizations say individuals within the business do not trust data insights.

    66%

    of organizations say a backlog of data debt is impacting new data management initiatives.

    33%

    of organizations are not able to get value from a new system or technology investment.

    30%

    of organizations are unable to become data-driven.

    (Source: Experian, 2020)

    The journey to being data-driven

    The journey to becoming a data-driven organization requires a pit stop at data enablement.

    The Data Economy

    Diagram of 'The Data Economy' with three points on an arrow. 'Data Disengaged: You have a low appetite for data and rarely use data for decision making.' 'Data Enabled: Technology, data architecture, and people and processes are optimized and supported by data governance.' 'Data Driven: You are differentiating and competing on data and analytics, described as a “data first” organization. You’re collaborating through data. Data is an asset.'

    Measure success to demonstrate tangible business value

    Put data management into the context of the business:
    • Tie the value of data management and its initiatives back to the business capabilities that are enabled.
    • Leverage the KPIs of those business capabilities to demonstrate tangible and measurable value. Use terms and language that will resonate with senior leadership.

    Don’t let measurement be an afterthought:

    Start substantiating early on how you are going to measure success as your data management program evolves.

    Build a right-sized roadmap

    Formulate an actionable roadmap that is right-sized to deliver value in your organization.

    Key considerations:
    • When building your data management roadmap, ensure you do so through an enterprise lens. Be cognizant of other initiatives that might be coming down the pipeline that may require you to align your data governance milestones accordingly.
    • Apart from doing your planning with consideration for other big projects or launches that might be in-flight and require the time and attention of your data management partners, also be mindful of the more routine yet still demanding initiatives.
    • When doing your roadmapping, consider factors like the organization’s fiscal cycle, typical or potential year-end demands, and monthly/quarterly reporting periods and audits. Initiatives such as these are likely to monopolize the time and focus of personnel key to delivering on your data management milestones
    Sample milestones:
    • Data Management Leadership & Org Structure Definition
      Define the home for data management, as approved by senior leadership.
    • Data Management Charter and Policies
      Create a charter for your program and build/refresh associated policies.
    • Data Culture Diagnostic
      Understand the organization’s current data culture, perception of data, value of data, and knowledge gaps.
    • Use Case Build and Prioritization
      Build a use case that is tied to business capabilities. Prioritize accordingly.
    • Business Data Glossary/Catalog
      Build and/or refresh the business’ glossary for addressing data definitions and standardization issues.
    • Tools & Technology
      Explore the tools and technology offering in the data management space that would serve as an enabler to the program (e.g. RFI, RFP).

    Insight summary

    Overarching insight

    Your organization’s value streams and the associated business capabilities require effectively managed data. Whether building customer service excellence or getting ahead of cyberattacks, a data management practice is the dependable mainstay supporting business operations and transformation.

    Insight 1

    Data – it’s your business.
    Data is a digital imprint of business activities. Data architecture and flows are reflective of the organizational business architecture. Take data management capabilities as seriously as other core business capabilities.

    Insight 2

    Take a data-oriented approach.
    Data management must be data-centric – with technology and functional enablement built around the data and its structure and flows. Maintain the data focus during project’s planning, delivery, and evaluation stages.

    Insight 3

    Get the business into the data business.
    Data is not “IT’s thing.” Just as a bank helps you properly allocate your money to achieve your financial goals, IT will help you implement data management to support your business goals, but the accountability for data resides with the business.

    Tactical insight

    Data management is the program and environment we build once we have direction, i.e. a data strategy, and we have formed an ongoing channel with the guiding voice of the business via data governance. Without an ultimate goal in a strategy or the real requirements of the business, what are we building data systems and processes for? We are used to tech buzz words and placing our hope in promising innovations like artificial intelligence. There are no shortcuts, but there are basic proven actions we can take to meet the digital revolution head on and let our data boost our journey.

    Key deliverable:

    Data Management Roadmap Template

    Use this template to guide you in translating your project's findings and outcomes into a presentation that can be shared with your executive team and project sponsors.

    Sample of the 'Data Management Roadmap Template' key deliverable.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Data Management Assessment and Planning Tool

    Use this tool to support your team in assessing and designing the capabilities and components of your organization's data management practice. Sample of the 'Data Management Assessment and Planning Tool' deliverable.

    Data Culture Diagnostic and Scorecard

    Sample of the 'Data Culture Diagnostic and Scorecard' deliverable.

    Leverage Info-Tech’s Data Culture Diagnostic to understand how your organization scores across 10 areas relating to data culture.

    Business Capability Map

    This template takes you through a business capability and value stream mapping to identify the data capabilities required to enable them. Sample of the 'Business Capability Map' deliverable.

    Measure the value of this blueprint

    Leverage this blueprint’s approach to ensure your data management initiatives align and support your key value streams and their business capabilities.
    • Aligning your data management program and its initiatives to your organization’s business capabilities is vital for tracing and demonstrating measurable business value for the program.
    • This alignment of data management with value streams and business capabilities enables you to use business-defined KPIs and demonstrate tangible value.

    Project outcome

    Metric

    Timely data delivery Time of data delivery to consumption
    Improved data quality Data quality scorecard metrics
    Data provenance transparency Time for data auditing (from report/dashboard to the source)
    New reporting and analytic capabilities Number of level 2 business capabilities implemented as solutions
    In Phase 1 of this blueprint, we will help you establish the business context, define your business drivers and KPIs, and understand your current data management capabilities and strengths.

    In Phase 2, we will help you develop a plan and a roadmap for addressing any gaps and improving the relevant data management capabilities so that data is well positioned to deliver on those defined business metrics.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Create a Data Management Roadmap project overview

    1. Build Business Context and Drivers for the Data Management Program 2. Assess Data Management and Build Your Roadmap
    Best-Practice Toolkit

    1.1 Review the Data Management Framework

    1.2 Understand and Align to Business Drivers

    1.3 Build High-Value Use Cases

    1.4 Create a Vision

    2.1 Assess Data Management

    2.2 Build Your Data Management Roadmap

    2.3 Organize Business Data Domains

    Guided Implementation
    • Call 1
    • Call 2
    • Call 3
    • Call 4
    • Call 5
    • Call 6
    • Call 7
    • Call 8
    • Call 9
    Phase Outcomes
    • An understanding of the core components of an effective data management program
    • Your organization’s business capabilities and value streams
    • A business capability map for your organization
    • High-value use cases for data management
    • Vision and guiding principles for data management
    • An understanding of your organization’s current data management capabilities
    • Definition of target-state capabilities and gaps
    • Roadmap of priority data management initiatives
    • Business data domains and ownership

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 8 to 12 calls over the course of 4 to 6 months.

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Call #1: Understand drivers, business context, and scope of data management at your organization. Learn about Info-Tech’s approach and resources.

    Call #2: Get a detailed overview of Info-Tech’s approach, framework, Data Culture Diagnostic, and blueprint.

    Call #3:Align your business capabilities with your data management capabilities. Begin to develop a use case framework.

    Call #4:Further discuss alignment of business capabilities to data management capabilities and use case framework.

    Call #5: Assess your current data management capabilities and data environment. Review your Data Culture Diagnostic Scorecard, if applicable.

    Call #6: Plan target state and corresponding initiatives.

    Call #7: Identify program risks and formulate a roadmap.

    Call #8: Identify and prioritize improvements. Define a RACI chart.

    Call #9: Summarize results and plan next steps.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com1-888-670-8889
    Day 1 Day 2 Day 3 Day 4 Day 5
    Activities
    Understand and contextualize

    1.1 Review your data strategy.

    1.2 Learn data management capabilities.

    1.3 Discuss DM capabilities cross-dependencies and interactions.

    1.4 Develop high-value use cases.

    Assess current DM capabilities and set improvement targets

    2.1 Assess you current DM capabilities.

    2.2 Set targets for DM capabilities.

    Formulate and prioritize improvement initiatives

    3.1 Formulate core initiatives for DM capabilities improvement.

    3.2 Discuss dependencies across the initiatives and prioritize them.

    Plan for delivery dates and assign RACI

    4.1 Plan dates and assign RACI for the initiatives.

    4.2 Brainstorm initiatives to address gaps and enable business goals.

    Next steps and wrap-up (offsite)

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables
    1. Understanding of the data management capabilities and their interactions and logical dependencies
    2. Use cases
    1. DM capability assessment results
    2. DM vision and guiding principles
    1. Prioritized DM capabilities improvement initiatives
    1. DM capabilities improvement roadmap
    2. Business data domains and ownership
    1. Workshop final report with key findings and recommendations

    Full page diagram of the 'Data & Analytics landscape'. Caption reads 'The key to landscaping your data environment lies in ensuring foundational disciplines are optimized in a way that recognizes the interdependency among the various disciplines.' Many foundational disciplines are color-coded to a legend determining whether its 'accountability sits with IT' or 'with the business; CDO'. An arrow labeled 'You Are Here' points to 'Data Management', which is coded in both colors meaning both IT and the business are accountable.

    What is data management and why is it needed?

    “Data management is the development, execution, and supervision of plans, policies, programs and practices that deliver, control, protect and enhance the value of data and information assets throughout their lifecycles.” (DAMA International, 2017)

    Achieving successful management and consistent delivery of data assets throughout their lifecycle requires the collaboration of the business and IT and the balance of technology, process, and resourcing solutions.

    Who:

    This research is designed for:
    • Data management heads and professionals looking to improve their organization’s ability to leverage data in value-added ways.
    • Data management and IT professionals looking to optimize the data environment, from creation and ingestion right through to consumption.

    Are your data management capabilities optimized to support your organization’s data use and demand?

    What is the current situation?

    Situation
    • The volume and variety of data are growing exponentially and show no sign of slowing down.
    • Business landscapes and models are evolving.
    • Users and stakeholders are becoming more and more data-centric, with maturing and demanding expectations.
    Complication
    • Organizations struggle to develop a comprehensive approach to optimizing data management.
    • In their efforts to keep pace with the demands for data, data management groups often adopt a piecemeal approach that includes turning to tools as a means to address the needs.
    • Data architecture, models, and designs fail to deliver real and measurable business impact and value. Technology ROI is not realized.
    Info-Tech Insight

    A data strategy should never be formulated disjointed from the business. Ensure the data strategy aligns with the business strategy and supports the business architecture.

    Info-Tech’s Data Management Framework

    What Is Data Management?

    Data management is the development, execution, and supervision of plans, policies, programs and practices that deliver, control, protect and enhance the value of data and information assets throughout their lifecycles.” (DAMA International, 2017)

    The three-tiered Data Management Framework, tiers are labelled 'Data Management Enablers', 'Information Dimensions', and 'Business Information'.

    Adapted from DAMA-DMBOK and Advanced Knowledge Innovations Global Solutions

    Info-Tech’s Approach

    Info-Tech’s Data Management Framework is designed to show how an organization’s business model sits as the foundation of its data management practice. Drawing from the requirements of the underpinning model, a practice is designed and maintained through the creation and application of the enablers and dimensions of data management.

    Build a data management practice that is centered on supporting the business and its use of key data assets

    Business Resources

    Data subject areas provide high-level views of the data assets that are used in business processes and enable an organization to perform its business functions.

    Classified by specific subjects, these groups reflect data elements that, when used effectively, are able to support analytical and operational use cases of data.

    This layer is representative of the delivery of the data assets and the business’ consumption of the data.

    Data is an integral business asset that exists across all areas of an organization

    Equation stating 'Trustworthy and Usable Data' plus 'Well-Designed and Executed Processes' equals 'Business Capabilities and Functions'.
    Data Management Framework with only the bottom tier highlighted.

    For a data management practice to be effective it ultimately must show how its capabilities and operations better support the business in accessing and leveraging its key data assets.*

    *This project focuses on building capabilities for data management. Leverage our data quality management research to support you in assessing the performance of this model.

    Information dimensions support the different types of data present within an organization’s environment

    Information Dimensions

    Components at the Information Dimensions layer manage the different types of data and information present with an environment.

    At this layer, data is managed based on its type and how the business is looking to use and access the data.

    Custom capabilities are developed at this level to support:

    • Structured data
    • Semi-structured data
    • Unstructured data
    The types, formats, and structure of the data are managed at this level using the data management enablers to support their successful execution and performance.
    Data Management Framework with only the middle tier highlighted.

    Build a data management practice with strong process capabilities

    Use these guiding principles to contextualize the purpose and value for each data management enabler.

    Data Management Framework with only the top tier highlighted.

    Data Management Enablers

    Info-Tech categorizes data management enablers as the processes that guide the management of the organization’s data assets and support the delivery.

    Govern and Direct

    • Ensures data management practices and processes follow the standards and policies outlined for them
    • Manages the executive oversight of the broader practice

    Align and Plan

    • Aligns data management plans to the business’ data requirements
    • Creates the plans to guide the design and execution of data management components

    Build, Acquire, Operate, Deliver, and Support

    • Executes the operations that manage data as it flows through the business environment
    • Manages the business’ risks in relation to its data assets and the level of security and access required

    Monitor and Improve

    • Analyzes the performance of data management components and the quality of business data
    • Creates and execute plans to improve the performance of the practice and the quality and use of data assets

    Use Info-Tech’s assessment framework to support your organization’s data management planning

    Info-Tech employs a consumer-driven approach to requirements gathering in order to support a data management practice. This will create a vision and strategic plan that will help to make data an enabler to the business as it looks to achieve its strategic objectives.

    Data Strategy Planning

    To support the project in building an accurate understanding of the organization’s data requirements and the role of data in its operations (current and future), the framework first guides organizations on a business and subject area assessment.

    By focusing on data usage and strategies for unique data subject areas, the project team will be better able to craft a data management practice with capabilities that will generate the greatest value and proactively handle evolving data requirements.

    Arrow pointing right.

    Data Management Assessment

    To support the design of a fit-for-purpose data management practice that aligns with the business’ data requirements this assessment will guide you in:

    • Determining the target capabilities for the different dimensions of data management.
    • Identifying the interaction dependencies and coordination efforts required to build a successful data management practice.

    Create a Data Management Roadmap

    Phase 1

    Build Business Context and Drivers for the Data Management Program

    Phase 1

    1.1 Review the Data Management Framework

    1.2 Understand and Align to Business Drivers

    1.3 Build High-Value Use Cases

    1.4 Create a Vision

    Phase 2

    2.1 Assess Data Management

    2.2 Build Your Data Management Roadmap

    2.3 Organize Business Data Domains

    This phase will walk you through the following activities:

    • Identify your business drivers and business capabilities.
    • Align data management capabilities with business goals.
    • Define scope and vision of the data management plan.
    • This phase involves the follow

    This phase involves the following participants:

    • Data Management Lead/Information Management Lead, CDO, Data Lead
    • Senior Business Leaders
    • Business SMEs
    • Data Owners, Records Managers, Regulatory Subject Matter Experts (e.g. Legal Counsel, Security)

    Step 1.1

    Review the Data Management Framework

    Activities

    1.1.1 Walk through the main parts of the best-practice Data Management Framework

    This step will guide you through the following activities:

    • Understand the main disciplines and makeup of a best-practice data management program.
    • Determine which data management capabilities are considered high priority by your organization.

    Outcomes of this step

    • A foundation for data management initiative planning that’s aligned with the organization’s business architecture: value streams, business capability map, and strategy map
    Build Business Context and Drivers
    Step 1.1 Step 1.2 Step 1.3 Step 1.4

    Full page diagram of the 'Data & Analytics landscape'. Caption reads 'The key to landscaping your data environment lies in ensuring foundational disciplines are optimized in a way that recognizes the interdependency among the various disciplines.' Many foundational disciplines are color-coded to a legend determining whether its 'accountability sits with IT' or 'with the business; CDO'. An arrow labeled 'You Are Here' points to 'Data Management', which is coded in both colors meaning both IT and the business are accountable.

    Full page illustration of the 'Create a Data Management Roadmap' using the image of a cargo ship labelled 'Data Management' moving in the direction of 'Business Strategy'. The caption at the top reads 'Data Management capabilities create new business value by augmenting data & optimizing it for analytics. Data is a digital imprint of organizational activities.'

    Data Management Capabilities

    A similar concept to the last one, with a ship moving toward 'Business Strategy', except the ship is cross-sectioned with different capabilities filling the interior of the silhouette. Below are different steps in data management 'Data Creation', 'Data Ingestion', 'Data Accumulation, 'Data Augmentation', 'Data Delivery', and 'Data Consumption'.

    Build a Robust & Comprehensive Data Strategy

    Business Strategy

    Organizational Goals & Objectives

    Business Drivers

    Industry Drivers

    Current Environment

    Data Management Capability Maturity Assessment

    Data Culture Diagnostic

    Regulatory and Compliance Requirements

    Data Strategy

    Organizational Drivers and Data Value

    Data Strategy Objectives & Guiding Principles

    Data Strategy Vision and Mission

    Data Strategy Roadmap

    People: Roles and Organizational Structure

    Data Culture & Data Literacy

    Data Management and Tools

    Risk and Feasibility

    Unlock the Value of Data

    Generate Game-Changing Insights

    Fuel Data-Driven Decision Making

    Innovate and Transform With Data

    Thrive and Differentiate With a Data-Driven Culture

    Elevate Organizational Data IQ

    Build a Foundation for Data Valuation

    What is a data strategy and why is it needed?

    • Your data strategy is the vehicle for ensuring data is poised to support your organization’s strategic objectives.
    • For any CDO or equivalent data leader, a robust and comprehensive data strategy is the number one tool in your toolkit for generating measurable business value from data.
    • The data strategy will serve as the mechanism for making high-quality, trusted, and well-governed data readily available and accessible to deliver on your organizational mandate.

    What is driving the need to formulate or refresh your organization’s data strategy?

    Who:

    This research is designed for:

    • Chief Data Officer (CDO) or equivalent
    • Head of Data
    • Chief Analytics Officer (CAO)
    • Head of Digital Transformation
    • CIO

    Info-Tech Insight

    A data strategy should never be formulated disjointed from the business. Ensure the data strategy aligns with the business strategy and supports the business architecture.

    Info-Tech’s Data Governance Framework

    Model of Info-Tech's Data Governance Framework titled 'Key to Data Enablement'. There are inputs, a main Data Governance cycle, and a selection of outputs. The inputs are 'Business Strategy' and 'Data Strategy' injected into the cycle via 'Strategic Goals & Objectives'. The cycle consists of 'Operating Model', 'Policies & Procedures', 'Data Literacy & Culture', 'Enterprise Projects & Services', 'Data Management', 'Data Privacy & Security', 'Data Leadership', and 'Data Ownership & Stewardship'. The latter two are part of 'Enterprise Governance's 'Oversight & Alignment' cycle. Outputs are 'Defined Data Accountability & Responsibility', 'Knowledge & Common Understanding of Data Assets', 'Trust & Confidence in Traceable Data', 'Improved Data ROI & Reduced Data Debt', and 'Support of Ethical Use of Data in a Data-Driven Culture'.

    What is data governance and why is it needed?

    • Data governance is an enabling framework of decision rights, responsibilities, and accountabilities for data assets across the enterprise.
    • It should deliver agreed-upon models that are conducive to your organization’s operating culture, where there is clarity on who can do what with which data and via what means.
    • It is the key enabler for bringing high-quality, trusted, secure, and discoverable data to the right users across your organization.
    • It promotes and drives responsible and ethical use and handling of data while helping to build and foster an organizational culture of data excellence.

    Do you feel there is a clear definition of data accountability and responsibility in your organization?

    Who:

    This research is designed for:

    • Chief Data Officer (CDO) or equivalent
    • Head of Data Governance, Lead Data Governance Officer
    • Head of Data
    • Head of Digital Transformation
    • CIO

    Info-Tech Insight

    Data governance should not sit as an island in your organization. It must continuously align with the organization’s enterprise governance function.

    A diagram titled 'Data Platform Selection - Make complex tasks simple by applying proven methodology to connect businesses to software' with five steps. '1. Formalize a Business Strategy', '2. Identify Platform Specific Considerations', '3. Execute Data Platform Architecture Selection', 'Select Software', 'Achieve Business Goals'.

    Info-Tech’s Data Platform Framework

    Data pipeline for versatile and scalable data delivery

    a diagram showing the path from 'Data Creation' to 'Data Accumulation', to 'Engineering & Augmentation', to 'Data Delivery'. Each step has a 'Fast Lane', 'Operational Lane', and 'Curated Lane'.

    What are the data platform and practice and why are they needed?

    • The data platform and practice are two parts of the data and analytics equation:
      • The practice is about the operating model for data; that is, how stakeholders work together to deliver business value on your data platform. These stakeholders are a combination of business and IT from across the organization.
      • The platform is a combination of the architectural components of the data and analytics landscape that come together to support the role the business plays day to day with respect to data.
    • Don’t jump directly into technology: use Info-Tech tools to solve and plan first.
    • Create a continuous roadmap to implement and evolve your data practice and platform.
    • Promote collaboration between the business and IT by clearly defining responsibilities.

    Does your data platform effectively serve your reporting and analytics capabilities?

    Who:

    This research is designed for:

    • Data and Information Leadership
    • Enterprise Information Architect
    • Data Architect
    • Data Engineer/Modeler

    Info-Tech Insight

    Info-Tech’s approach is driven by business goals and leverages standard data practice and platform patterns. This enables the implementation of critical and foundational data and analytics components first and subsequently facilitates the evolution and development of the practice and platform over time.

    Info-Tech’s Reporting and Analytics Framework

    Formulating an enterprise reporting and analytics strategy requires the business vision and strategies to first be substantiated. Any optimization to the data warehouse, integration, and source layers is in turn driven by the enterprise reporting and analytics strategy.
    A diagram of the 'Reporting and Analytics Framework' with 'Business vision/strategies' fed through four stages beginning with 'Business Intelligence: Reporting & Analytics Strategy', 'Data Warehouse: Data Warehouse/ Data Lake Strategy', 'Integration and Translation: Data Integration Strategy', 'Sources: Source Strategy (Content/Quality)'
    The current states of your integration and warehouse platforms determine what data can be used for BI and analytics.
    Your enterprise reporting and analytics strategy is driven by your organization’s vision and corporate strategy.

    What is reporting and analytics and why is it needed?

    • Reporting and analytics bridges the gap between an organization’s data assets and consumable information that facilitates insight generation and informed or evidence-based decision making.
    • The reporting and analytics strategy drives data warehouse and integration strategies and the data needs to support business decisions.
    • The reporting and analytics strategy ensures that the investment made in optimizing the data environment to support reporting and analytics is directly aligned with the organization’s needs and priorities and hence will deliver measurable business value.

    Do you have a strategy to enable self-serve analytics? What does your operating model look like? Have you an analytics CoE?

    Who:

    This research is designed for:

    • Head of BI and Analytics
    • CIO or Business Unit (BU) Leader looking to improve reporting and analytics
    • Applications Lead

    Info-Tech Insight

    Formulating an enterprise reporting and analytics strategy requires the business vision and strategies to first be substantiated. Any optimization to the data warehouse, integration, and source layer is in turn driven by the enterprise reporting and analytics strategy.

    Info-Tech’s Data Architecture Framework

    Info-Tech’s methodology:
      1. Prioritize your core business objectives and identify your business driver.
      2. Learn how business drivers apply to specific tiers of Info-Tech’s five-tier data architecture model.
      3. Determine the appropriate tactical pattern that addresses your most important requirements.
    Visual diagram of the first two parts of the methodology on the left. Objectives apply to the data architecture model, which appropriates tactical patterns, which leads to a focus.
      1. Select the areas of the five-tier architecture to focus on.
      2. Measure your current state.
      3. Set the targets of your desired optimized state.
      1. Roadmap your tactics.
      2. Manage and communicate change.
    Visual diagram of the third part of the methodology on the left. A roadmap of tactics leads to communicating change.

    What is data architecture and why is it needed?

    • Data architecture is the set of rules, policies, standards, and models that govern and define the type of data collected and how it is used, stored, managed, and integrated within the organization and its database systems.
    • In general, the primary objective of data architecture is the standardization of data for the benefit of the organization.

    Is your architecture optimized to sustainably deliver readily available and accessible data to users?

    Who:

    This research is designed for:

    • Data Architects or their equivalent
    • Enterprise Architects
    • Head of Data
    • CIO
    • Database Administrators

    Info-Tech Insight

    Data architecture is not just about models. Viewing data architecture as just technical data modeling can lead to a data environment that does not aptly serve or support the business. Identify your business’ priorities and adapt your data architecture to those needs.

    A diagram titled 'Build Your Data Quality Program'. '1. Data Quality & Data Culture Diagnostics Business Landscape Exercise', '2. Business Strategy & Use Cases', '3. Prioritize Use Cases With Poor Quality'. 'Info-Tech Insight: As data is ingested, integrated, and maintained in the various streams of the organization's system and application architecture, there are multiple points where the quality of the data can degrade.' A data flow diagram points out how 'Data quality issues can occur at any stage of the data flow', and that it is better to 'Fix data quality root causes here' during the 'Data Creation', 'Data Ingestion', and 'Data Accumulation & Engineering' stages in order 'to prevent expensive cures here' in the 'Data Delivery' and 'Reporting & Analytics' stages.

    What is data quality management and why is it needed?

    • Data is the foundation of decisions made at data-driven organizations.
    • Data quality management ensures that foundation is sustainably solid.
    • If there are problems with the organization’s underlying data, it can have a domino effect on many downstream business functions.
    • The transformational insights that executives are constantly seeking can be uncovered by a data quality practice that makes high-quality, trustworthy information readily available to the business users who need it.

    Do your users have an optimal level of trust and confidence in the quality of the organization’s data?

    Who:

    This research is designed for:

    • Chief Data Officer (CDO) or equivalent Head of Data
    • Chief Analytics Officer (CAO)
    • Head of Digital Transformation
    • CIO

    Info-Tech Insight

    Data quality suffers most at the point of entry. The resulting domino effect of error propagation makes these errors among the most costly forms of data quality errors. Fix data ingestion, whether through improving your application and database design or improving your data ingestion policy, and you will fix a majority of data quality issues.

    Info-Tech’s Enterprise Content Management Framework

    Drivers Governance Information Architecture Process Policy Systems Architecture
    Regulatory, Legal –›
    Efficiency, Cost-Effectiveness –›
    Customer Service –›
    User Experience –›
    • Establish decision-making committee
    • Define and formalize roles (RACI, charter)
    • Develop policies
    • Create business data glossary
    • Decide who approves documents in workflow
    • Operating models
    • Information categories (taxonomy)
    • Classifications, retention periods
    • Metadata (for findability and as tags in automated workflows)
    • Review and approval process, e.g. who approves
    • Process for admins to oversee performance of IM service
    • Process for capturing and classifying incoming documents
    • Audit trails and reporting process
    • Centralized index of data and records to be tracked and managed throughout their lifecycle
    • Data retention policy
    • E-signature policy
    • Email policy
    • Information management policies
    • Access/privacy rules
    • Understand the flow of content through multiple systems (e.g. email, repositories)
    • Define business and technical requirements to select a new content management platform/service
    • Improve integrations
    • Right-size solutions for use case (e.g. DAM)
    • Communication/Change Management
    • Data Literacy

    What is enterprise content management and why is it needed?

    “Enterprise Content Management is the systematic collection and organization of information that is to be used by a designated audience – business executives, customers, etc. Neither a single technology nor a methodology nor a process, it is a dynamic combination of strategies, methods and tools used to capture, manage, store, preserve and deliver information supporting key organizational processes through its entire lifecycle.” (AIIM, 2021)

    • Changing your ECM capabilities is about changing organizational behavior; take an all-hands-on-deck approach to make the most of information gathering, create a vested interest, and secure buy-in.
    • It promotes and drives responsible and ethical use and handling of content while helping to build and foster an organizational culture of information excellence.

    Who:

    This research is designed for:

    • Information Architect
    • Chief Data Officer (CDO)
    • Head of Data, Information Management
    • Records Management
    • CIO

    Info-Tech Insight

    ECM is critical to becoming a digital and modernized operation, where both structured data (such as sales reports) and unstructured content (such as customer sentiment in social media) are brought together for a 360-degree view of the customer or for a comprehensive legal discovery.

    Metadata management/Data cataloging

    Overview

    Metadata is structured information that describes, explains, locates, or otherwise makes it easier to retrieve, use, or manage an information resource. Metadata is often called data about data or information about information (NISO).

    Metadata management is the function that manages and maintains the technology and processes that creates, processes, and stores metadata created by business processes and data.

    90%

    The majority of data is unstructured information like text, video, audio, web server logs, social media, and more (MIT Sloan, 2021).
    As data becomes more unstructured, complex, and manipulated, the importance and value of metadata will grow exponentially and support improved:
    • Data consumption
    • Quality management
    • Risk management

    Value of Effective Metadata Management

    • Supports the traceability of data through an environment.
    • Creates standards and logging that enable information and data to be searchable and cataloged.
    • Metadata schemas enable easier transferring and distribution of data across different environments.
    Data about data: The true value of metadata and the management practices supporting it is its ability to provide deeper understanding and auditability to the data assets and processes of the business.
    Metadata supports the use of:
    Big Data
    Unstructured data
    Content and Documents
    Unstructured and semi-structured data
    Structured data
    Master, reference, etc.

    Critical Success Factors of Metadata Management

    • Consistent and documented data standards and definitions
    • Architectural planning for metadata
    • Incorporation of metadata into system design and the processing of data
    • Technology to support metadata creation, collection, storage, and reviews (metadata repository, meta marts, etc.)

    Info-Tech’s Data Integration Framework

    On one hand…

    Data has massive potential to bring insight to an organization when combined and analyzed in creative ways.

    On the other hand…

    It is difficult to bring data together from different sources to generate insights and prevent stale data.

    How can these two ideas be reconciled?

    Answer: Info-Tech’s Data Integration Onion Framework summarizes an organization’s data environment at a conceptual level and is used to design a common data-centric integration environment.

    A diagram of the 'Data Integration Onion Framework' with five layers: 'Enterprise Business Processes', 'Enterprise Analytics', 'Enterprise Integration', 'Enterprise Data Repositories', and 'Enterprise Data' at the center.
    Info-Tech’s Data Integration Onion Framework
    Data-centric integration is the solution you need to bring data together to break down data silos.

    What is data integration and why is it needed?

    • To get more value from their information, organizations are relying on increasingly more complex data sources. These diverse data sources have to be properly integrated to unlock the full potential of that data.
    • Integrating large volumes of data from the many varied sources in an organization has incredible potential to yield insights, but many organizations struggle with creating the right structure for that blending to take place, and that leads to the formation of data silos.
    • Data-centric integration capabilities can break down organizational silos. Once data silos are removed and all the information that is relevant to a given problem is available, problems with operational and transactional efficiencies can be solved, and value from business intelligence (BI) and analytics can be fully realized.

    Is your integration near real time and scalable?

    Who:

    This research is designed for:

    • Data Engineers
    • Business Analysts
    • Data Architects
    • Head of Data Management
    • Enterprise Architects

    Info-Tech Insight

    Every IT project requires data integration. Any change in the application and database ecosystem requires you to solve a data integration problem.

    Info-Tech’s Master Data Management Framework

    Master data management (MDM) “entails control over Master Data values and identifiers that enable consistent use, across systems, of the most accurate and timely data about essential business entities” (DAMA, 2017).

    The Data Management Framework from earlier with tier 2 item 'Reference and Master' highlighted.

    Fundamental objective of MDM: Enable the business to see one view of critical data elements across the organization.

    Phases of the MDM Framework. 'Phase 1: Build a Vision for MDM' entails a 'Readiness Assessment', then both 'Identify the Master Data Needs of the Business' and 'Create a Strategic Vision'. 'Phase 2: Create a Plan and Roadmap for the Organization’s MDM Program' entails 'Assess Current MDM Capabilities', then 'Initiative Planning', then 'Strategic Roadmap'.

    What is MDM and why is it needed?

    • Master data management (MDM) “entails control over Master Data values and identifiers that enable consistent use, across systems, of the most accurate and timely data about essential business entities” (DAMA, 2017).
    • The fundamental objective of MDM is to enable the business to see one view of critical data elements across the organization.
    • What is included in the scope of MDM?
      • Party data (employees, customers, etc.)
      • Product/service data
      • Financial data
      • Location data

    Is there traceability and visibility into your data’s lineage? Does your data pipeline facilitate that single view across the organization?

    Who:

    This research is designed for:

    • Chief Data Officer (CDO)
    • Head of Data Management, CIO
    • Data Architect
    • Head of Data Governance, Data Officer

    Info-Tech Insight

    Successful MDM requires a comprehensive approach. To be successfully planned, implemented, and maintained it must include effective capabilities in the critical processes and subpractices of data management.

    Data Modeling Framework

    • The framework consists of the business, enterprise, application, and implementation layers.
    • The Business Layer encodes real-world business concepts via the conceptual model.
    • The Enterprise Layer defines all enterprise data asset details and their relationships.
    • The Application Layer defines the data structures as used by a specific application.
    • The Implementation Layer defines the data models and artifacts for use by software tools.
    Data Modeling Framework with items from the 'Implementation Layer' contributing to items in the 'Application Layer' and 'Enterprise Layer' before turning into a 'Conceptual Model' in the 'Business Layer'.

    Model hierarchy

    • The Conceptual data model describes the organization from a business perspective.
    • The Message model is used to describe internal- and external-facing messages and is equivalent to the canonical model.
    • The Enterprise model depicts the whole organization and is divided into domains.
    • The Analytical model is built for specific business use cases.
    • Application models are application-specific operational models.
    Model hierarchy with items from the 'Implementation Layer' contributing to items in the 'Application Layer' and 'Enterprise Layer' before turning into a 'Conceptual Model' in the 'Business Layer'.

    Info-Tech Insight

    The Conceptual model acts as the root of all the models required and used by an organization.

    Data architecture and modeling processes

    A diagram moving from right to left through 5 phases: 'Business concepts defined and organized', 'Business concepts enriched with attribution', 'Physical view of the data, still vendor agnostic', 'The view being used by developers and business', and 'Manage the progression of your data assets'.

    Info-Tech Insight

    The Conceptual data model adds relationships to your business data glossary terms and is the first step of the modeling journey.

    Data operations

    Objectives of Data Operations Management

    • Implement and follow policies and procedures to manage data at each stage of its lifecycle.
    • Maintain the technology supporting the flow and delivery of data (applications, databases, systems, etc.).
    • Control the delivery of data within the system environment.

    Indicators of Successful Data Operations Management

    • Effective delivery of data assets to end users.
    • Successful maintenance and performance of the technical environment that collects, stores, delivers, and purges organizational data.
    'Data Lifecycle' with steps 'Create', 'Acquire', 'Store', 'Maintain', 'Use', and 'Archive/Destroy'.
    This data management enabler has a heavy focus on the management and performance of data systems and applications.
    It works closely with the organization’s technical architecture to support successful data delivery and lifecycle management (data warehouses, repositories, databases, networks, etc.).

    Step 1.2

    Understand and Align to Business Drivers

    Activities

    1.2.1 Define your value streams

    1.2.2 Identify your business capabilities

    1.2.3 Categorize your organization’s key business capabilities

    1.2.4 Develop a strategy map tied to data management

    This step will guide you through the following activities:

    • Leverage your organization’s existing business capability map or initiate the formulation of a business capability map.
    • Determine which business capabilities are considered high priority by your organization.
    • Map your organization’s strategic objectives to value streams and capabilities to communicate how objectives are realized with the support of data.

    Outcomes of this step

    • A foundation for data management initiative planning that’s aligned with the organization’s business architecture: value streams, business capability map, and strategy map

    Build Business Context and Drivers

    Step 1.1 Step 1.2 Step 1.3 Step 1.4

    Identifying value streams

    Value streams connect business goals to organization’s value realization activities. They enable an organization to create and capture value in the marketplace by engaging in a set of interconnected activities.
    There are several key questions to ask when endeavouring to identify value streams.

    Key Questions

    • Who are your customers?
    • What are the benefits we deliver to them?
    • How do we deliver those benefits?
    • How does the customer receive the benefits?

    1.2.1 Define value streams

    1-3 hours

    Input: Business strategy/goals, Financial statements, Info-Tech’s industry-specific business architecture

    Output: List of organization-specific value streams, Detailed value stream definition(s)

    Materials: Whiteboard/kanban board, Info-Tech’s Reference Architecture Template – contact your Account Representative for details, Other industry standard reference architecture models: BIZBOK, APQC, etc., Info-Tech’s Archimate models

    Participants: Enterprise/Business Architect, Business Analysts, Business Unit Leads, CIO, Departmental Executive & Senior managers

    Unify the organization’s perspective on how it creates value.

    1. Write a short description of the value stream that includes a statement about the value provided and a clear start and end for the value stream. Validate the accuracy of the descriptions with your key stakeholders.
    2. Consider:
      • How does the organization deliver those benefits?
      • How does the customer receive the benefits?
      • What is the scope of your value stream? What will trigger the stream to start and what will the final value be?
    3. Avoid:
      • Don’t start with a blank page. Use Info-Tech’s business architecture models for sample value streams.

    Contact your Account Representative for access to Info-Tech’s Reference Architecture Template

    Define or validate the organization’s value streams

    Value streams connect business goals to the organization’s value realization activities. These value realization activities, in turn, depend on data.

    If the organization does not have a business architecture function to conduct and guide Activity 1.2.1, you can leverage the following approach:

    • Meet with key stakeholders regarding this topic, then discuss and document your findings.
    • When trying to identify the right stakeholders, consider: Who are the decision makers and key influencers? Who will impact this piece of business architecture–related work? Who has the relevant skills, competencies, experience, and knowledge about the organization?
    • Engage with these stakeholders to define and validate how the organization creates value. Consider:
      • Who are your main stakeholders? This will depend on the industry in which you operate. For example, they could be customers, residents, citizens, constituents, students, patients.
      • What are your stakeholders looking to accomplish?
      • How does your organization’s products and/or services help them accomplish that?
      • What are the benefits your organization delivers to them and how does your organization deliver those benefits?
      • How do your stakeholders receive those benefits?

    Align data management to the organization’s value realization activities.

    Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

    Info-Tech Insight

    Your organization’s value streams and the associated business capabilities require effectively managed and governed data. Without this, you could face elevated operational costs, missed opportunities, eroded stakeholder satisfaction, negative impact to reputation and brand, and/or increased exposure to business risk.

    Example of value streams – Retail Banking

    Value streams connect business goals to the organization’s value realization activities.

    Example value stream descriptions for: Retail Banking

    Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities. Example Value Stream for Retail Banking with five value chains. 'Attract Customers: Retail banks design new products to fill gaps in their product portfolios by analyzing the market for changing customer needs and new competitor offerings or pricing; Pricing a product correctly through analysis and rate setting is a delicate balance and fundamental to a bank’s success.' 'Supply Loans and Mortgages and Credit Cards: Selecting lending criteria helps banks decide on the segment of customer they should take on and the degree of risk they are willing to accept.' 'Provide Core Banking Services: Servicing includes the day-to-day interactions with customers for onboarding, payments, adjustments, and offboarding through multiple banking channels; Customer retention and growing share of wallet are crucial capabilities in servicing that directly impact the growth and profitability of retail banks.' 'Offer Card Services: Card servicing involves quick turnarounds on card delivery and acceptance at a large number of merchants; Accurate billing and customizable spending alerts are crucial in ensuring that the customer understands their spending habits.' 'Grow Investments and Manage Wealth: Customer retention can be increased through effective wealth management and additional services that will increase the number of products owned by a customer.'

    For this value stream, download Info-Tech’s Industry Reference Architecture for Retail Banking.

    Example of value streams – Higher Education

    Value streams connect business goals to the organization’s value realization activities.

    Example value stream descriptions for: Higher Education

    Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities. Example Value Stream for Higher Education with five value chains. 'Shape Institutional Research: Institutional research provides direct benefits to both partners and faculty, ensuring efficient use of resources and compliance with ethical and methodological standards; This value stream involves all components of the research lifecycle, from planning and resourcing to delivery and commercialization.' 'Facilitate Curriculum Design: Curriculum design is the process by which learning content is designed and developed to achieve desired student outcomes; Curriculum management capabilities include curriculum planning, design and commercialization, curriculum assessment, and instruction management.' 'Design Student Support Services: Support services design and development provides a range of resources to assist students with academic success, such as accessibility, health and counseling, social services, housing, and academic skills development.' 'Manage Academic Administration: Academic administration involves the broad capabilities required to attract and enroll students in institutional programs; This value stream involves all components related to recruitment, enrollment, admissions, and retention management.' 'Deliver Student Services: Delivery of student services comes after curricular management, support services design, and academic administration. It comprises delivery of programs and services to enable student success; Program and service delivery capabilities include curriculum delivery, convocation management, and student and alumni support services.'

    For this value stream, download Info-Tech’s Industry Reference Architecture for Higher Education.

    Example of value streams – Local Government

    Value streams connect business goals to the organization’s value realization activities.

    Example value stream descriptions for: Local Government

    Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities. Example Value Stream for Local Government with five value chains. 'Sustain Land, Property, and the Environment: Local governments act as the stewards of the regional land and environment that are within their boundaries; Regional government bodies are responsible for ensuring that the natural environment is protected and sustained for future citizens in the form of parks and public land.' 'Facilitate Civic Engagement: Local governments engage with constituents to maintain a high quality of life through art, culture, and education.' 'Protect Local Health and Safety: Health concerns are managed by a local government through specialized campaigns and clinics; Emergency services are provided by the local authority to protect and react to health and safety concerns including police and firefighting services.' 'Grow the Economy: Economic growth is a cornerstone of a strong local government. Growth comes from flourishing industries, entrepreneurial success, high levels of employment, and income from tourism.' 'Provide Regional Infrastructure: Local governments ensure that infrastructure is built, maintained, and effective in meeting the needs of constituents. (Includes: electricity, water, sustainable energy sources, waste collection, transit, and local transportation.'

    For this value stream, download Info-Tech’s Industry Reference Architecture for Local Government.

    Example of value streams – Manufacturing

    Value streams connect business goals to the organization’s value realization activities.

    Example value stream descriptions for: Manufacturing

    Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities. Example Value Stream for Manufacturing with three value chains. 'Design Product: Manufacturers proactively analyze their respective markets for any new opportunities or threats; They design new products to serve changing customer needs or to rival any new offerings by competitors; A manufacturer’s success depends on its ability to develop a product that the market wants at the right price and quality level.' 'Produce Product: Optimizing production activities is an important capability for manufacturers. Raw materials and working inventories need to be managed effectively to minimize wastage and maximize the utilization of the production lines; Processes need to be refined continuously over time to remain competitive and the quality of the materials and final products needs to be strictly managed.' 'Sell Product: Once produced, manufacturers need to sell the products. This is done through distributors, retailers, and, in some cases, directly to the end consumer; After the sale, manufacturers typically have to deliver the product, provide customer care, and manage complaints; Manufacturers also randomly test their end products to ensure they meet quality requirements.'

    For this value stream, download Info-Tech’s Industry Reference Architecture for Manufacturing.

    Define the organization’s business capabilities in a business capability map

    A business capability defines what a business does to enable value creation. Business capabilities represent stable business functions and typically will have a defined business outcome.

    Business capabilities can be thought of as business terms defined using descriptive nouns such as “Marketing” or “Research and Development.”

    If your organization doesn’t already have a business capability map, you can leverage the following approach to build one. This initiative requires a good understanding of the business. By working with the right stakeholders, you can develop a business capability map that speaks a common language and accurately depicts your business.

    Working with the stakeholders as described in the slide entitled “Define or validate the organization’s value streams”:

    • Analyze the value streams to identify and describe the organization’s capabilities that support them.
    • Consider the objective of your value stream. (This can highlight which capabilities support which value stream.)
    • As you initiate your engagement with your stakeholders, don’t start a blank page. Leverage the examples on the next slides as a starting point for your business capability map.
    • When using these examples, consider: What are the activities that make up your particular business? Keep the ones that apply to your organization, remove the ones that don’t, and add any needed.

    Align data management to the organization’s value realization activities.

    Info-Tech Insight

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data management program must support.

    For more information, refer to Info-Tech’s Document Your Business Architecture.

    1.2.2 Identify your business capabilities

    Input: List of confirmed value streams and their related business capabilities

    Output: Business capability map with value streams for your organization

    Materials: Your existing business capability map, Business Alignment worksheet provided in the Data Management Assessment and Planning Tool, Info-Tech’s Document Your Business Architecture blueprint

    Participants: Key business stakeholders, Data stewards, Data custodians, Data leads and administrators

    Confirm your organization's existing business capability map or initiate the formulation of a business capability map:

    • If you have an existing business capability map, meet with the relevant business owners/stakeholders to confirm that the content is accurate and up to date. Confirm the value streams (how your organization creates and captures value) and their business capabilities reflect the organization’s current business environment.
    • If you do not have an existing business capability map, complete this activity to initiate the formulation of a map (value streams and related business capabilities):
      1. Define the organization’s value streams. Meet with senior leadership and other key business stakeholders to define how your organization creates and captures value.
      2. Define the relevant business capabilities. Meet with senior leadership and other key business stakeholders to define the business capabilities.

    Note: A business capability defines what a business does to enable value creation. Business capabilities are business terms defined using nouns such as “Marketing” or “Research and Development.” They represent stable business functions, are unique and independent of one another, and typically will have a defined business outcome.

    Example business capability map – Retail Banking

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip: Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data management program.

    Example business capability map for: Retail Banking

    Example business capability map for Retail Banking with value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

    For this business capability map, download Info-Tech’s Industry Reference Architecture for Retail Banking.

    Example business capability map – Higher Education

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip: Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data management program.

    Example business capability map for: Higher Education

    Example business capability map for Higher Education with value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

    For this business capability map, download Info-Tech’s Industry Reference Architecture for Higher Education.

    Example business capability map – Local Government

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip: Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data governance program.

    Example business capability map for: Local Government

    Example business capability map for Local Government with value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

    For this business capability map, download Info-Tech’s Industry Reference Architecture for Local Government.

    Example business capability map – Manufacturing

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip: Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data governance program.

    Example business capability map for: Manufacturing

    Example business capability map for Manufacturing with value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

    For this business capability map, download Info-Tech’s Industry Reference Architecture for Manufacturing.

    Example business capability map – Retail

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip: Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data governance program.

    Example business capability map for: Retail

    Example business capability map for Retail with value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

    For this business capability map, download Info-Tech’s Industry Reference Architecture for Retail.

    1.2.3 Categorize your organization’s key capabilities

    Input: Strategic insight from senior business stakeholders on the business capabilities that drive value for the organization

    Output: Business capabilities categorized and prioritized (e.g. cost advantage creators, competitive advantage differentiators, high value/high risk) See next slide for an example

    Materials: Your existing business capability map or the business capability map derived in Activity 1.2.2

    Participants: Key business stakeholders, Data stewards, Data custodians, Data governance working group

    Determine which capabilities are considered high priority in your organization.

    1. Categorize or heatmap the organization’s key capabilities. Consult with senior and other key business stakeholders to categorize and prioritize the business’ capabilities. This will aid in ensuring your data governance future-state planning is aligned with the mandate of the business. One approach to prioritizing capabilities with business stakeholders is to examine them through the lens of cost advantage creators, competitive advantage differentiators, and/or by high value/high risk.
    2. Identify cost advantage creators. Focus on capabilities that drive a cost advantage for your organization. Highlight these capabilities and prioritize programs that support them.
    3. Identify competitive advantage differentiators. Focus on capabilities that give your organization an edge over rivals or other players in your industry.

    This categorization/prioritization exercise helps highlight prime areas of opportunity for building use cases, determining prioritization, and the overall optimization of data and data governance.

    For more information, refer to Info-Tech’s Document Your Business Architecture.

    Example of business capabilities categorization or heatmapping – Retail

    This exercise is useful in ensuring the data governance program is focused and aligned to support the priorities and direction of the business.

    • Depending on the mandate from the business, priority may be on developing cost advantage. Hence the capabilities that deliver efficiency gains are the ones considered to be cost advantage creators.
    • The business’ priority may be on maintaining or gaining a competitive advantage over its industry counterparts. Differentiation might be achieved in delivering unique or enhanced products, services, and/or experiences, and the focus will tend to be on the capabilities that are more end-stakeholder-facing (e.g. customer-, student-, patient,- and/or constituent-facing). These are the organization’s competitive advantage creators.

    Example: Retail

    Example business capability map for Retail with capabilities categorized into Cost Advantage Creators and Competitive Advantage creators via a legend. Value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

    For this business capability map, download Info-Tech’s Industry Reference Architecture for Retail.

    1.2.4 Develop a strategy map tied to data management

    Input: Strategic objectives as outlined by the organization’s business strategy and confirmed by senior leaders

    Output: A strategy map that maps your organizational strategic objectives to value streams, business capabilities, and ultimately data programs

    Materials: Your existing business capability map or the one created in Activity 1.2.2, Business strategy (see next slide for an example)

    Participants: Key business stakeholders, Data stewards, Data custodians, Data governance working group

    Identify the strategic objectives for the business. Knowing the key strategic objectives will drive business–data governance alignment. It’s important to make sure the right strategic objectives of the organization have been identified and are well understood.

    1. Meet with senior business leaders and other relevant stakeholders to help identify and document the key strategic objectives for the business.
    2. Leverage their knowledge of the organization’s business strategy and strategic priorities to visually represent how these map to value streams, business capabilities, and ultimately data and data governance needs and initiatives. Tip: Your map is one way to visually communicate and link the business strategy to other levels of the organization.
    3. Confirm the strategy mapping with other relevant stakeholders.

    Example of a strategy map tied to data management

    • Strategic objectives are the outcomes the organization is looking to achieve.
    • Value streams enable an organization to create and capture value in the market through interconnected activities that support strategic objectives.
    • Business capabilities define what a business does to enable value creation in value streams.
    • Data capabilities and initiatives are descriptions of action items on the data and data governance roadmap that will enable one or multiple business capabilities in its desired target state.

    Info-Tech Tip: Start with the strategic objectives, then map the value streams that will ultimately drive them. Next, link the key capabilities that enable each value stream. Then map the data and data governance initiatives that support those capabilities. This process will help you prioritize the data initiatives that deliver the most value to the organization.

    Example: Retail

    Example of a strategy map tied to data management with diagram column headers 'Strategic Objectives' (are realized through...) 'Value Streams' (are enabled by...) 'Key Capabilities' (are driven by...) 'Data Capabilities and Initiatives'. Row headers are objectives and fields are composed of three examples of each column header.

    For this strategy map, download Info-Tech’s Industry Reference Architecture for Retail.

    Step 1.3

    Build High-Value Use Cases for Data Management

    Activities

    1.3.1 Build high-value use cases

    This step will guide you through the following activities:

    • Understand the main disciplines and makeup of a best-practice data management program.
    • Determine which data management capabilities are considered high priority by your organization.

    Outcomes of this step

    • A foundation for data management initiative planning that’s aligned with the organization’s business architecture: value streams, business capability map, and strategy map

    Build Business Context and Drivers

    Step 1.1 Step 1.2 Step 1.3 Step 1.4

    1.3.1 Build high-value use cases

    Input: Value streams and business capabilities as defined by business leaders, Business stakeholders’ subject area expertise, Data custodian systems, integration, and data knowledge

    Output: Use cases that articulate data-related challenges, needs, or opportunities that are tied to defined business capabilities and hence, if addressed, will deliver measurable value to the organization

    Materials: Your business capability map from Activity 1.2.2, Info-Tech’s Data Use Case Framework Template, Whiteboard or flip charts (or shared screen if working remotely), Markers/pens

    Participants: Key business stakeholders, Data stewards and business SMEs, Data custodians, Data leads and administrators

    This business needs gathering activity will highlight and create relevant use cases around data-related problems or opportunities that are clear and contained and, if addressed, will deliver value to the organization.

    1. Bring together key business stakeholders (data owner, stewards, SMEs) from a particular line of business as well the relevant data custodian(s) to build cases for their units. Leverage the business capability map you created for facilitating this act.
    2. Leverage Info-Tech’s Data Use Case Framework Template as seen on the next slide.
    3. Have the stakeholders move through each breakout session outlined in the use case worksheet. Use flip charts or a whiteboard to brainstorm and document their thoughts.
    4. Debrief and document results in the Data Use Case Framework Template.
    5. Repeat this exercise with as many lines of the business as possible, leveraging your business capability map to guide your progress and align with business value.

    Tip: Don’t conclude these use case discussions without substantiating what measures of success will be used to demonstrate the business value of the effort to produce the desired future state, as relevant to each particular use case.

    Download Info-Tech’s Data Use Case Framework Template

    Data use cases

    Sample Data

    The following is the list of use cases as articulated by key stakeholders at [Organization Name].

    The stakeholders see these as areas that are relevant and highly valuable for delivering strategic value to [Organization Name].

    Use Case 1: Customer/Student/Patient/Resident 360 View

    Use Case 2: Project/Department Financial Performance

    Use Case 3: Vendor Lifecycle Management

    Use Case 4: Project Risk Management

    Prioritization of use cases

    Example table for use case prioritization. Column headers are 'Use Case', 'Order of Priority', and 'Comments'. Fields are empty.

    Use case 1

    Sample Data

    Problem statement:

    • We are not realizing our full growth potential because we do not have a unified 360 view of our customers/clients/[name of external stakeholder].
    • This impacts: our cross-selling; upselling; talent acquisition and retention; quality of delivery; ability to identify and deliver the right products, markets, and services...

    If we could solve this:

    • We would be able to better prioritize and position ourselves to meet evolving customer needs.
    • We would be able to optimize the use of our limited resources.

    Use case 1: challenges, risks, and opportunities

    Sample Data

    1. What is the number one risk you need to alleviate?
      • Loss of potential revenue, whether from existing or net new customers.
        • How?
          • By not maximizing opportunities with customers or even by losing customers; by not understanding or addressing their greatest needs
          • By not being able to win potential new customers because we don’t understand their needs
    2. What is the number one opportunity you wish to see happen?
      • The ability to better understand and anticipate the needs of both existing and potential customers.
    3. What is the number one pain point you have when working with data?
      • I can’t do my job with confidence because it’s not based on comprehensive, sound, reliable data. My group spends significant time reconciling data sets with little time left for data use and analysis.
    4. What are your challenges in performing the activity today?
      • I cannot pull together customer data in a timely manner due to having a high level of dependence on specific individuals with institutional knowledge rather than having easy access to information.
      • It takes too much time and effort to pull together what we know about a customer.
      • The necessary data is not consolidated or readily/systematically available for consumption.
      • These challenges are heightened when dealing with customers across markets.

    Use case 1 (cont'd)

    Sample Data

    1. What does “amazing” look like if we solve this perfectly?
      • Employees have immediate, self-service access to necessary information, leading to better and more timely decisions. This results in stronger business and financial growth.
    2. What other business unit activities/processes will be impacted/improved if we solve this?
      • Marketing/bid and proposal, staffing, procurement, and contracting strategy
    3. What compliance/regulatory/policy concerns do we need to consider in any solution?
      • PII, GDPR, HIPAA, CCPA, etc.
    4. What measures of success/change should we use to prove the value of the effort (KPIs/ROI)?
      • Win rate, number of services per customer, gross profit, customer retention, customer satisfaction scores, brand awareness, and net promoter score
    5. What are the steps in the process/activity today?
      • Manual aggregation (i.e. pull data from systems into Excel), reliance on unwritten knowledge, seeking IT support, canned reports

    Use case 1 (cont'd)

    Sample Data

    1. What are the applications/systems used at each step?
      • Salesforce CRM, Excel, personal MS Access databases, SharePoint
    2. What data elements (domains) are involved, created, used, or transformed at each step?
      • Bid and proposal information, customer satisfaction, forecast data, list of products, corporate entity hierarchy, vendor information, key staffing, recent and relevant news, and competitor intelligence

    Use case worksheet

    Objective: This business needs gathering activity will help you highlight and create relevant use cases around data-related problems or opportunities. They should be clear and contained and, if addressed, will deliver value to the organization.

    1.

    What business capability (or capabilities) in your business area is this use case tied to?

    Examples: Demand Planning, Assortment Planning, Allocation & Replenishment, Fulfillment Planning, Customer Management
    2.

    What are your data-related challenges in performing this today?

    Use case worksheet (cont’d.)

    Objective: This business needs gathering activity will help you highlight and create relevant use cases around data-related problems or opportunities. They should be clear and contained and, if addressed, will deliver value to the organization.

    3.

    What are the steps in the process/activity today?

    4.

    What are the applications/systems used at each step today?

    5.

    What data domains are involved, created, used, or transformed at each step today?

    Use case worksheet (cont’d.)

    Objective: This business needs gathering activity will help you highlight and create relevant use cases around data-related problems or opportunities. They should be clear and contained and, if addressed, will deliver value to the organization.

    6.

    What does an ideal or improved state look like?

    7.

    What other business units, business capabilities, activities, or processes will be impacted and/or improved if this were to be solved?

    8.

    Who are the stakeholders impacted by these changes? Who needs to be consulted?

    9.

    What are the risks to the organization (business capability, revenue, reputation, customer loyalty, etc.) if this is not addressed?

    Use case worksheet (cont’d.)

    Objective: This business needs gathering activity will help you highlight and create relevant use cases around data-related problems or opportunities. They should be clear and contained and, if addressed, will deliver value to the organization.

    10.

    What compliance, regulatory, or policy concerns do we need to consider in any solution?

    11.

    What measures of success or change should we use to prove the value of the effort (KPIs/ROI)? What is the measurable business value of doing this?

    Use case worksheet (cont’d.)

    Objective: This business needs gathering activity will help you highlight and create relevant use cases around data-related problems or opportunities. They should be clear and contained and, if addressed, will deliver value to the organization.

    10.

    Conclusion: What are the data capabilities that need to be optimized, addressed, or improved to support or help realize the business capability (or capabilities) highlighted in this use case?

    (Tip: This will inform your future-state data capabilities optimization planning and roadmapping activities.)

    Data Management Workshop
    Use Case 1: Covid-19 Emergency Management

    [SAMPLE]

    Problem Statement

    Inability to provide insights to DPH due to inconsistent data, inaccurate reporting, missing governance, and unknown data sources resulting in decisions that impact citizens being made without accurate information.

    Challenges
    • Data is not suitable for analytics. It takes lot of effort to clean data.
    • Data intervals are not correct and other data quality issues.
    • The roles are not clearly defined.
    • Lack of communication between key stakeholders.
    • Inconsistent data/reporting/governance in the agencies. This has resulted in number of issues for Covid-19 emergency management. Not able to report accurately on number of cases, deaths, etc.
    • Data collection systems changed overtime (forms, etc.).
    • GIS has done all the reporting. However, why GIS is doing all the reporting is not clear. GIS provides critical information for location. Reason: GIS was ready with reporting solution ArcGIS.
    • Problem with data collection, consolidation, and providing hierarchical view.
    • Change in requirements, metrics – managing crisis by email and resulting in creating one dashboard after another. Not sure whether these dashboards being used.
    • There is a lot of manual intervention and repeated work.
    What Does Amazing Look Like?
    • One set of dashboards (or single dashboard) – too much time spend on measure development
    • Accurate and timely data
    • Automated data
    • Access to granular data (for researchers and other stakeholders)
    • Clear ownership of data and analytics
    • It would have been nice to have governance already prior to this crisis
    • Proper metrics to measure usage and value
    • Give more capabilities such as predictive analytics, etc.
    Related Processes/Impact
    • DPH
    • Schools
    • Business
    • Citizens
    • Resources & Funding
    • Data Integration & GIS
    • Data Management
    • Automated Data Quality
    Compliance
    • HIPAA, FERPA, CJIS, IRS
    • FEMA
    • State compliance requirement – data classification
    • CDC
    • Federal data-sharing agreements/restrictions
    Benefits/KPIs
    • Reduction in cases
    • Timely response to outbreak
    • Better use of resources
    • Economic impact
    • Educational benefits
    • Trust and satisfaction

    Data Management Workshop
    Use Case 1: Covid-19 Emergency Management

    [SAMPLE]

    Problem Statement

    Inability to provide insights to DPH due to inconsistent data, inaccurate reporting, missing governance, and unknown data sources resulting in decisions that impact citizens being made without accurate information.

    Current Steps in Process Activity (Systems)
    1. Collect data through Survey123 using ArcGIS (hospitals are managed to report by 11 am) – owned KYEM
    2. KYEM stores this information/data
    3. Deduplicate data (emergency preparedness group)
    4. Generate dashboard using ArcGIS
    5. Map to monitor status of the update
    6. Error correction using web portal (QAQC)
    7. Download Excel/CVS after all 97 hospital reports
    8. Sent to federal platform (White House, etc.)
    9. Generate reports for epidemiologist (done manually for public reporting)
    Data Flow diagram

    Data flow diagram.

    SystemsData Management Dimensions
    1. Data Governance
    2. Data Quality
    3. Data Integrity
    4. Data Integration
    1. Data Architecture
    2. Metadata
    3. Data Warehouse, Reporting & Analytics
    4. Data Security

    Data Management Workshop
    Use Case 1: Covid-19 Emergency Management

    [SAMPLE]

    Problem Statement

    Inability to provide insights to DPH due to inconsistent data, inaccurate reporting, missing governance, and unknown data sources resulting in decisions that impact citizens being made without accurate information.

    List Future Process Steps

    Prior to COVID-19 Emergency Response:

    • ArcGIS data integrated available in data warehouse/data lake.
    • KYEM data integrated and available in data warehouse/data lake.
    • CHFS data integrated and available in data warehouse/data lake.
    • Reporting standards and tools framework established.

    After COVID-19 Emergency Response:

    • Collect data through Survey123 using ArcGIS (hospitals are managed to report by 11 am) – owned KYEM.
    • Error correction using web portal (QAQC).
    • Generate reports/dashboard/files as per reporting/analytical requirements:
      • Federal reporting
      • COVID dashboards
      • Epidemiologist reports
      • Lab reporting
    Future Process and Data Flow

    Data flow diagram with future processes.

    Step 1.4

    Create a Vision and Guiding Principles for Data Management

    Activities

    1.4.1 Craft a vision

    1.4.2 Create guiding principles

    This step will guide you through the following activities:

    • Leverage your organization’s existing business capability map or initiate the formulation of a business capability map, guided by info-Tech’s approach.
    • Determine which business capabilities are considered high priority by your organization.
    • Map your organization’s strategic objectives to value streams and capabilities to communicate how objectives are realized with the support of data.

    Outcomes of this step

    • A foundation for data management initiative planning that’s aligned with the organization’s business architecture: value streams, business capability map, and strategy map

    Build Business Context and Drivers

    Step 1.1 Step 1.2 Step 1.3 Step 1.4

    1.4.1 Craft a vision

    Input: Organizational vision and mission statements, Stakeholder survey results and elicitation findings, Use cases, Business and data capability map

    Output: Vision and mission statements

    Materials: Markers and pens, Whiteboard, Online whiteboard, Vision samples and templates

    Participants: Key business stakeholders, Data managers, Data owners, Business leads and SMEs, Project team, Project sponsor

    Complete the vision statement to set the direction, the “why,” for the changes we’re making. The vision is a reference point that should galvanize everyone in the organization and set guardrails for technical and process decisions to follow.

    1. Bring together key business stakeholders (content owners, SMEs, and relevant IT custodians) to craft a data management vision statement.
    2. Start by brainstorming keywords, such as customer-focused, empower the business, service excellence, findable and manageable, protected, accessible, paperless.
    3. Highlight the keywords that resonate most with the group. Refer to example vision statements for ideas.

    Create a common data management vision that is consistently communicated to the organization

    A data management program should be an enterprise-wide initiative.

    • To create a strong vision for data management, there must be participation from the business and IT. A common vision will articulate the state the organization wishes to achieve and how it will reach that state. Visioning helps to develop long-term goals and direction.
    • Once the vision is established, it must be effectively communicated to everyone, especially those who are involved in creating, managing, disposing, or archiving data.
    • The data management program should be periodically refined. This will ensure the organization continues to incorporate best methods and practices as the organization grows and data needs evolve.
    Stock image of a megaphone with multiple icons pouring from its opening.

    Info-Tech Tips

    • Use information from the stakeholder interviews to derive business goals and objectives.
    • Work to integrate different opinions and perspectives into the overall vision for data management.
    • Brainstorm guiding principles for content and understand the overall value to the organization.

    Create compelling vision and mission statements for the organization’s future data management practice

    A vision represents the way your organization intends to be in the future.

    A clear vision statement helps align the entire organization to the same end goal.

    Your vision should be brief, concise, and inspirational; it is attempting to say a lot in a few words, so be very thoughtful and careful with the words you choose. Consider your strengths across departments – business and IT, the consumers of your services, and your current/future commitments to service quality.

    Remember that a vision statement is internally facing for other members of your company throughout the process.

    A mission expresses why you exist.

    While your vision is a declaration of where your organization aspires to be in the future, your mission statement should communicate the fundamental purpose of the data management practice.

    It identifies the function of the practice, what it produces, and its high-level goals that are linked to delivering timely, high-quality, relevant, and valuable data to business processes and end users. Consider if the practice is responsible for providing data for analytical and/or operational use cases.

    A mission statement should be a concise and clear statement of purpose for both internal and external stakeholders.

    “The Vision is the What, Where or Who you want the company to become. The Mission is the WHY the company exists, it is your purpose, passion or cause.” (Doug Meyer-Cuno, Forbes, 2021)

    Data Management Vision and Mission Statements: Draft

    Vision and mission statements crafted by the workshop participants. These statements are to be reviewed, refined into a single version, approved by members of the senior leadership team, and then communicated to the wider organization.

    Corporate

    Group 1

    Group 2

    Vision:
    Create and maintain an institution of world-class excellence.
    Vision: Vision:
    Mission:
    Foster an economic and financial environment conducive to sustainable economic growth and development.
    Mission: Mission:

    Information management framework

    The information management framework is a way to organize all the ECM program’s guidelines and artifacts

    Information management framework with 'Information Management Vision' above six principles. Below them are 'Information Management Policies' and 'Information Management Standards and Procedures.'

    The vision is a statement about the organization’s goals and provides a basis to guide decisions and rally employees toward a shared goal.

    The principles or themes communicate the organization’s priorities for its information management program.

    Policies are a set of official guidelines that determine a course of action. For example: Company is committed to safety for its employees.

    Procedures are a set of actions for doing something. For example: Company employees will wear protective gear while on the production floor.

    Craft your vision

    Use the insights you gathered from users and stakeholders to develop a vision statement
    • The beginning of a data management practice is a clear set of goals and key performance indicators (KPIs).
      A good set of goals takes time and input from senior leadership and stakeholders.
    • The data management program lead is selling a compelling vision of what is possible.
    • The vision also helps set the scope and expectations about what the data management program lead is and is not doing.
    • Be realistic about what you can do and how long it will take to see a difference.
    Table comparing the talk (mission statements, vision statements, and values) with the walk (strategies/goals, objectives, and tactical plans). Example vision statements:
    • The organization is dedicated to creating an enabling structure that helps the organization get the right information to the right people at the right time.
    • The organization is dedicated to creating a program that recognizes data as an asset, establishing a data-centric culture, and ensuring data quality and accessibility to achieve service excellence.
    The vision should be short, memorable, inspirational and draw a clear picture of what that future-state data management experience looks like.

    Is it modern and high end, with digital self-service?

    Is it a trusted and transparent steward of customer assets?

    1.4.2 Create guiding principles

    Input: Sample data management guiding principles, Stakeholder survey results and elicitation findings, Use cases, Business and data capability map

    Output: Data management guiding principles

    Materials: Markers and pens, Whiteboard, Online whiteboard, Guiding principles samples and templates

    Participants: Key business stakeholders, Data managers, Data owners, Business leads and SMEs, Project team, Project sponsor

    Draft a set of guiding principles that express your program’s values as a framework for decisions and actions and keep the data strategy alive.

    1. Bring together key business stakeholders (data owners, SMEs, and relevant IT custodians) to craft a set of data management guiding principles.
    2. Refer to industry sample guiding principles for data management.
    3. Discuss what’s important to stakeholders and owners, e.g. security, transparency, integrity. Good guiding principles address real challenges.
    4. A helpful tip: Craft principles as “We will…” statements for the problems you’ve identified.

    Twelve data management universal principles

    [SAMPLE]
    Principle Definitions
    Data Is Accessible Data is accessible across the organization based on individuals’ roles and privileges.
    Treat Data as an Asset Treat data as a most valuable foundation to make right decisions at the right time. Manage the data lifecycle across organization.
    Manage Data Define strategic enterprise data management that defines, integrates, and effectively retrieves data to generate accurate, consistent insights.
    Define Ownership & Stewardship Organizations should clearly appoint data owners and data stewards and ensure all team members understand their role in the company’s data management system.
    Use Metadata Use metadata to ensure data is properly managed by tacking how data has been collected, verified, reported, and analyzed.
    Single Source of Truth Ensure the master data maintenance across the organization.
    Ensure Data Quality Ensure data integrity though out the lifecycle of data by establishing a data quality management program.
    Data Is Secured Classify and maintain the sensitivity of the data.
    Maximize Data Use Extend the organization’s ability to make the most of its data.
    Empower the Users Foster data fluency and technical proficiency through training to maximize optimal business decision making.
    Share the Knowledge Share and publish the most valuable insights appropriately.
    Consistent Data Definitions Establish a business data glossary that defines consistent business definitions and usage of the data.

    Create a Data Management Roadmap

    Phase 2

    Assess Data Management and Build Your Roadmap

    Phase 1

    1.1 Review the Data Management Framework

    1.2 Understand and Align to Business Drivers

    1.3 Build High-Value Use Cases

    1.4 Create a Vision

    Phase 2

    2.1 Assess Data Management

    2.2 Build Your Data Management Roadmap

    2.3 Organize Business Data Domains

    This phase will walk you through the following activities:

    • Understand your current data management capabilities.
    • Define target-state capabilities required to achieve business goals and enable the data strategy.
    • Identify priority initiatives and planning timelines for data management improvements.

    This phase involves the following participants:

    • Data Management Lead/Information Management Lead, CDO, Data Lead
    • Senior Business Leaders
    • Business SMEs
    • Data owners, records managers, regulatory subject matter experts (e.g. legal counsel, security)

    Step 2.1

    Assess Your Data Management Capabilities

    Activities

    2.1.1 Define current state of data management capabilities

    2.1.2 Set target state and identify gaps

    This step will guide you through the following activities:

    • Assess the current state of your data management capabilities.
    • Define target-state capabilities required to achieve business goals and enable the data strategy.
    • Identify gaps and prioritize focus areas for improvement.

    Outcomes of this step

    • A prioritized set of improvement areas aligned with business value stream and drivers

    Assess Data Management and Build Your Roadmap

    Step 2.1 Step 2.2 Step 2.3

    Define current state

    The Data Management Assessment and Planning Tool will help you analyze your organization’s data requirements, identify data management strategies, and systematically develop a plan for your target data management practice.
    • Based on Info-Tech’s Data Management Framework, evaluate the current-state performance levels for your organization’s data management practice.
    • Use the CMMI maturity index to assign values 1 to 5 for each capability and enabler.

    A visualization of stairs numbered up from the bottom. Main headlines of each step are 'Initial and Reactive', 'Managed while developing DG capabilities', 'Defined DG capabilities', 'Quantitatively Managed by DG capabilities', and 'Optimized'.

    Sample of the 'Data Management Current State Assessment' form the Data Management Assessment and Planning Tool.

    2.1.1 Define current state

    Input: Stakeholder survey results and elicitation findings, Use cases, Business and data management capability map

    Output: Current-state data management capabilities

    Materials: Data Management Assessment and Planning Tool

    Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

    Assign a maturity level value from 1 to 5 for each question in the assessment tool, organized into capabilities, e.g. Data Governance, Data Quality, Risk.

    1. Bring together key business stakeholders (data owners, SMEs, and relevant IT custodians) to assign current-state maturity levels in each question of the worksheet.
    2. Remember that there is more distance between levels 4 and 5 than there is between 1 and 2 – the distance between levels is not even throughout.
    3. To help assign values, think of the higher levels as representing cross-enterprise standardization, monitored for continuous improvement, formalized and standardized, while the lower levels mean applied within individual units, not formalized or tracked for performance.
    4. In tab 4, “Current State Assessment,” populate a current-state value for each item in the Data Management Capabilities worksheet.
    5. Once you’ve entered values in tab 4, a visual and summary report of the results will be generated on tab 5, “Current State Results.”

    2.1.2 Set target state and identify gaps

    Input: Stakeholder survey results and elicitation findings, Use cases, Business and data management capability map to identify priorities

    Output: Target-state data management capabilities, Gaps identification and analysis

    Materials: Data Management Assessment and Planning Tool

    Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

    Assign a maturity level value from 1 to 5 for each question in the assessment tool, organized into capabilities, e.g., Data Governance, Data Quality, Risk.

    1. Bring together key business stakeholders (data owners, SMEs, and relevant IT custodians) to assign target-state maturity levels in each question of the worksheet.
    2. Remember that there is more distance between levels 4 and 5 than there is between 1 and 2 – the distance between levels is not even throughout.
    3. To help assign values, think of the higher levels as representing cross-enterprise standardization, monitored for continuous improvement, formalized and standardized, while the lower levels mean applied within individual units, not formalized or tracked for performance.
    4. In tab 6, “Target State & Gap Analysis,” enter maturity values in each item of the Capabilities worksheet in the Target State column.
    5. Once you’ve assigned both target-state and current-state values, the tool will generate a gap analysis chart on tab 7, “Gap Analysis Results,” where you can start to decide first- and second-line priorities.

    Step 2.2

    Build Your Data Management Roadmap

    Activities

    2.2.1 Describe gaps

    2.2.2 Define gap initiatives

    2.2.2 Build a data management roadmap

    This step will guide you through the following activities:

    • Identify and understand data management gaps.
    • Develop data management improvement initiatives.
    • Build a data management–prioritized roadmap.

    Outcomes of this step

    • A foundation for data management initiative planning that’s aligned with the organization’s business architecture: value streams, business capability map, and strategy map

    Assess Data Management and Build Your Roadmap

    Step 2.1 Step 2.2 Step 2.3

    2.2.1 Describe gaps

    Input: Target-state maturity level

    Output: Detail and context about gaps to lead planners to specific initiatives

    Materials: Data Management Assessment and Planning Tool

    Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

    Based on the gaps result, describe the nature of the gap, which will lead to specific initiatives for the data management plan:

    1. In tab 6, “Target State & Gap Analysis,” the same tab where you entered your target-state maturity level, enter additional context about the nature and extent of each gap in the Gap Description column.
    2. Based on the best-practices framework we walked through in Phase 1, note the specific areas that are not fully developed in your organization; for example, we don’t have a model of our environment and its integrations, or there isn’t an established data quality practice with proactive monitoring and intervention.

    2.2.2 Define gap initiatives

    Input: Gaps analysis, Gaps descriptions

    Output: Data management initiatives

    Materials: Data Management Assessment and Planning Tool

    Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

    Based on the gap analysis, start to define the data management initiatives that will close the gaps and help the organization achieve its target state.

    1. In tab 6, “Target State & Gap Analysis,” the same tab where you entered your target-state maturity level, note in the Gap Initiative column what actions you can take to address the gap for each item. For example, if we found through diagnostics and use cases that users didn’t understand the meaning of their data or reports, an initiative might be, “Build a standard enterprise business data catalog.”
    2. It’s an opportunity to brainstorm, to be creative, and think about possibilities. We’ll use the roadmap step to select initiatives from this list.
    3. There are things we can do right away to make a difference. Acknowledge the resources, talent, and leadership momentum you already have in your organization and leverage those to find activities that will work in your culture. For example, one company held a successful Data Day to socialize the roadmap and engage users.

    2.2.3 Build a data management roadmap

    Input: Gap initiatives, Target state and current-state assessment

    Output: Data management initiatives and roadmap

    Materials: Data Management Assessment and Planning Tool

    Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

    Start to list tangible actions you will take to address gaps and achieve data objectives and business goals along with timelines and responsibility:

    1. With an understanding of your priority areas and specific gaps, and referring back to your use cases, draw up specific initiatives that you can track, measure, and align with your original goals.
    2. For example, in data governance, initiatives might include:
      • Assign data owners and stewards for all data assets.
      • Consolidate disparate business data catalogs.
      • Create a data governance charter or terms of reference.
    3. Alongside the initiatives, fill in other detail, especially who is responsible and timing (start and end dates). Assigning responsibility and some time markers will help to keep momentum alive and make the work projects real.

    Step 2.3

    Organize Business Data Domains

    Activities

    2.3.1 Define business data domains and assign owners

    This step will guide you through the following activities:

    • Identify business data domains that flow through and support the systems environment and business processes.
    • Define and organize business data domains with assigned owners, artifacts, and profiles.
    • Apply the domain map to building governance program.

    Outcomes of this step

    • Business data domain map with assigned owners and artifacts

    Assess Data Management and Build Your Roadmap

    Step 2.1 Step 2.2 Step 2.3

    2.3.1 Define business data domains

    Input: Target-state maturity level

    Output: Detail and context about gaps to lead planners to specific initiatives

    Materials: Data Management Assessment and Planning Tool

    Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

    Identify the key data domains for each line of business, where the data resides, and the main contact or owner.

    1. We have an understanding of what the business wants to achieve, e.g. build customer loyalty or comply with privacy laws. But where is the data that can help us achieve that? What systems is that data moving and living in and who, if anyone, owns it?
    2. Define the main business data domains apart from what system it may be spread over. Use the worksheet on the next slide as an example.
    3. Examples of business data domains: Customer, Product, Vendor.
    4. Each domain should have owners and associated business processes. Assign data domain owners, application owners, and business process owners.

    Business and data domains

    [SAMPLE]

    Business Domain App/Data Domains Business Stewards Application Owners Business Owners
    Client Experience and Sales Tech Salesforce (Sales, Service, Experience Clouds), Mulesoft (integration point) (Any team inputting data into the system)
    Quality and Regulatory Salesforce
    Operations Salesforce, Salesforce Referrals, Excel spreadsheets, SharePoint
    Finance Workday, Sage 300 (AccPac), Salesforce, Moneris Finance
    Risk/Legal Network share drive/SharePoint
    Human Resources Workday, Network share drive/SharePoint HR team
    Corporate Sales Salesforce (Sales, Service, Health, Experience Clouds),
    Sales and Client Success Mitel, Outlook, PDF intake forms, Workday, Excel. Sales & Client Success Director, Marketing Director CIO, Sales & Client Success Director, Marketing Director

    Embrace the technology

    Make the available data governance tools and technology work for you:
    • Data catalog
    • Business data glossary
    • Data lineage
    • Metadata management
    While data governance tools and technologies are no panacea, leverage their automated and AI-enabled capabilities to augment your data governance program.
    Array of logos of tech companies whose products are used for this type of work: Informatica, Collibra, Tibco, Alation, Immuta, TopQuadrant, and SoftwareReviews.

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.
    Photo of an analyst.

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:
    Sample of the Data Governance Strategy Map slide from earlier.

    Build Your Business and User Context

    Work with your core team of stakeholders to build out your data management roadmap, aligning data management initiatives with business capabilities, value streams, and, ultimately, your strategic priorities.
    Sample of a 'Data Management Enablers' table.

    Formulate a Plan to Get to Your Target State

    Develop a data management future-state roadmap and plan based on an understanding of your current data governance capabilities, your operating environment, and the driving needs of your business.

    Related Info-Tech Research

    Stock image of people pointing to a tablet with a dashboard.

    Build a Robust and Comprehensive Data Strategy

    Key to building and fostering a data-driven culture.
    Sample of the 'Data & Analytics Landscape' slide from earlier.

    Understand the Data and Analytics Landscape

    Optimize your data and analytics environment.
    Stock image of co-workers looking at the same thing.

    Build a Data Pipeline for Reporting and Analytics

    Data architecture best practices to prepare data for reporting and analytics.

    Research Contributors

    Name Position Company
    Anne Marie Smith Board of Directors DAMA International
    Andy Neill Practice Lead, Data & Analytics Info-Tech Research Group
    Dirk Coetsee Research Director, Data & Analytics Info-Tech Research Group
    Graham Price Executive Advisor, Advisory Executive Services Info-Tech Research Group
    Igor Ikonnikov Research Director, Data & Analytics Info-Tech Research Group
    Jean Bujold Senior Workshop Delivery Director Info-Tech Research Group
    Mario Cantin Chief Data Strategist Prodago
    Martin Sykora Director NexJ Analytics
    Michael Blaha Author, Patterns of Data Modeling Consultant
    Rajesh Parab Research Director, Data & Analytics Info-Tech Research Group
    Ranjani Ranganathan Product Manager, Research – Workshop Delivery Info-Tech Research Group
    Reddy Doddipalli Senior Workshop Director Info-Tech Research Group

    Bibliography

    AIIM, “What is Enterprise Content Management (ECM)?” Intelligent Information Management Glossary, AIIM, 2021. Web.

    BABOK V3: A Guide to Business Analysis Body of Knowledge. IIBA, 2014. Web.

    Barton, Dominic, and David Court. "Three Keys To Building a Data-Driven Strategy." McKinsey and Company, 1 Mar. 2013. Web.

    Boston University Libraries. "Data Life Cycle » Research Data Management | Boston University." Research Data Management RSS. Boston University, n.d. Accessed Oct. 2015.

    Chang, Jenny. “97 Supply Chain Statistics You Must Know: 2020 / 2021 Market Share Analysis & Data.” FinancesOnline, 2021. Web.

    COBIT 5: Enabling Information. ISACA, 2013. Web.

    CSC (Computer Sciences Corporation), Big Data Infographic, 2012. Web.

    DAMA International. DAMA-DMBOK Guide. 1st ed., Technics Publications, 2009. Digital.

    DAMA International. “DAMA Guide to the Data Management Body of Knowledge (DAMA-DMBOK2 Guide).” 2nd ed., 2017. Accessed June 2017.

    Davenport, Thomas H. "Analytics in Sports: The New Science of Winning." International Institute for Analytics, 2014. Web.

    Department of Homeland Security. Enterprise Data Management Policy. Department of Homeland Security, 25 Aug. 2014. Web.

    Enterprise Data Management Data Governance Plan. US Federal Student Aid, Feb. 2007. Accessed Oct. 2015.

    Experian. “10 signs you are sitting on a pile of data debt.” Experian, 2020. Accessed 25 June 2021.

    Fasulo, Phoebe. “6 Data Management Trends in Financial Services.” SecurityScorecard, 3 June 2021. Web.

    Georgia DCH Medicaid Enterprise – Data Management Strategy. Georgia Department of Community Health, Feb. 2015. Accessed Oct. 2015.

    Hadavi, Cyrus. “Use Exponential Growth of Data to Improve Supply Chain Operations.” Forbes, 5 Oct. 2021. Web.

    Harbert, Tam. “Tapping the power of unstructured data.” MIT Sloan, 1 Feb. 2021. Web.

    Hoberman, Steve, and George McGeachie. Data Modeling Made Simple with PowerDesigner. Technics Pub, 2011. Print.

    “Information Management Strategy.” Information Management – Alberta. Service Alberta, Nov.-Dec. 2013. Web.

    Jackson, Brian, et al. “2021 Tech Trends.” Info-Tech Research Group, 2021. Web.

    Jarvis, David, et al. “The hyperquantified athlete: Technology, measurement, and the business of sports.” Deloitte Insights, 7 Dec. 2020. Web.

    Bibliography

    Johnson, Bruce. “Leveraging Subject Area Models.” EIMInsight Magazine, vol. 3, no. 4, April 2009. Accessed Sept. 2015.

    Lewis, Larry. "How to Use Big Data to Improve Supply Chain Visibility." Talking Logistics, 14 Sep. 2014. Web.

    McAfee, Andrew, and Erik Brynjolfsson. “Big Data: The Management Revolution,” Harvard Business Review, vol. 90, no. 10, 2012, pp. 60-68.

    Meyer-Cuno, Doug. “Is A Vision Statement Important?” Forbes, 24 Feb. 2021. Web.

    MIT. “Big Data: The Management Revolution.” MIT Center for Digital Business, 29 May 2014. Accessed April 2014.

    "Open Framework, Information Management Strategy & Collaborative Governance.” MIKE2 Methodology RSS, n.d. Accessed Aug. 2015.

    PwC. “Asset Management 2020: A Brave New World.” PwC, 2014. Accessed April 2014.

    Riley, Jenn. Understanding Metadata: What is Metadata, and What is it For: A Primer. NISO, 1 Jan. 2017. Web.

    Russom, Philip. "TDWI Best Practices Report: Managing Big Data." TDWI, 2013. Accessed Oct. 2015.

    Schneider, Joan, and Julie Hall. “Why Most Product Launches Fail.” Harvard Business Review, April 2011. Web.

    Sheridan, Kelly. "2015 Trends: The Growth of Information Governance | Insurance & Technology." InformationWeek. UBM Tech, 10 Dec. 2014. Accessed Nov. 2015.

    "Sports Business Analytics and Tickets: Case Studies from the Pros." SloanSportsConference. Live Analytics – Ticketmaster, Mar. 2013. Accessed Aug. 2015.

    Srinivasan, Ramya. “Three Analytics Breakthroughs That Will Define Business in 2021.” Forbes, 4 May 2021. Web.

    Statista. “Amount of data created, consumed, and stored 2010-2020.” Statista, June 2021. Web.

    “Understanding the future of operations: Accenture Global Operations Megatrends research.” Accenture Consulting, 2015. Web.

    Vardhan, Harsh. “Why So Many Product Ideas Fail?” Medium, 26, Sept. 2020. Web.

    Identify and Manage Security Risk Impacts on Your Organization

    • Buy Link or Shortcode: {j2store}221|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • More than any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.
    • A new global change will impact your organization at any given time. Ensure that you monitor threats appropriately and that your plans are flexible enough to manage the inevitable consequences.

    Our Advice

    Critical Insight

    • Identifying and managing a vendor’s potential security risk impacts on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes could introduce new risks.
    • Organizational leadership is often taken unaware during crises, and their plans lack the flexibility needed to adjust to significant market upheavals and surprise incidents.

    Impact and Result

    • Vendor management practices educate organizations on the potential risks from vendors in your market and suggest creative and alternative ways to avoid and manage them.
    • Prioritize and classify your vendors with quantifiable, standardized rankings.
    • Prioritize focus on your high-risk vendors.
    • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts with our Security Risk Impact Tool.

    Identify and Manage Security Risk Impacts on Your Organization Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and Manage Security Risk Impacts on Your Organization Deck – Use the research to better understand the negative impacts of vendor actions on your security.

    Use this research to identify and quantify the potential security impacts caused by vendors. Use Info-Tech’s approach to look at the security impacts from various perspectives to better prepare for issues that may arise.

    • Identify and Manage Security Risk Impacts on Your Organization Storyboard

    2. Security Risk Impact Tool – Use this tool to help identify and quantify the security impacts of negative vendor actions.

    By playing the “what if” game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    • Security Risk Impact Tool
    [infographic]

    Further reading

    Identify and Manage Security Risk Impacts on Your Organization

    Know where the attacks are coming from so you know where to protect.

    Analyst perspective

    It is time to start looking at risk realistically and move away from “trust but verify” toward zero trust.

    Frank Sewell, Research Director, Vendor Management

    Frank Sewell,
    Research Director, Vendor Management
    Info-Tech Research Group

    We are inundated with a barrage of news about security incidents on what seems like a daily basis. In such an environment, it is easy to forget that there are ways to help prevent such things from happening and that they have actual costs if we relax our diligence.

    Most people are aware of defense strategies that help keep their organization safe from direct attack and inside threats. Likewise, they expect their trusted partners to perform the same diligence. Unfortunately, as more organizations use cloud service vendors, the risks with n-party vendors are increasing.

    Over the last few years, we have learned the harsh lesson that downstream attacks affect more businesses than we ever expected as suppliers, manufacturers of base goods and materials, and rising transportation costs affect the global economy.

    “Trust but verify” – while a good concept – should give way to the more effective zero-trust model in favor of knowing it’s not a matter of if an incident happens but when.

    Executive Summary

    Your Challenge

    More than any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.

    A new global change will impact your organization at any given time. Ensure that you monitor threats appropriately and that your plans are flexible enough to manage the inevitable consequences.

    Common Obstacles

    Identifying and managing a vendor’s potential security risk impacts on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes could introduce new risks.

    Organizational leadership is often taken unaware during crises, and their plans lack the flexibility needed to adjust to significant market upheavals and surprise incidents.

    Info-Tech’s Approach

    Vendor management practices educate organizations on the potential risks from vendors in your market and suggest creative and alternative ways to avoid and manage them.

    Prioritize and classify your vendors with quantifiable, standardized rankings.

    Prioritize focus on your high-risk vendors.

    Standardize your processes for identifying and monitoring vendor risks to manage potential impacts with our Security Risk Impact Tool.

    Info-Tech Insight
    Organizations must evolve their security risk assessments to be more adaptive to respond to global changes in the market. Ongoing monitoring of third-party vendor risks and holding those vendors accountable throughout the vendor lifecycle are critical to preventing disastrous impacts.

    Info-Tech’s multi-blueprint series on vendor risk assessment

    There are many individual components of vendor risk beyond cybersecurity.

    Multi-blueprint series on vendor risk assessment

    This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.

    Out of Scope:
    This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.

    Security risk impacts

    Potential losses to the organization due to security incidents

    • In this blueprint we’ll explore security risks, particularly from third-party vendors, and their impacts.
    • Identify potentially disruptive events to assess the overall impact on organizations and implement adaptive measures to correct security plans.

    The world is constantly changing

    The IT market is constantly reacting to global influences. By anticipating changes, leaders can set expectations and work with their vendors to accommodate them.

    When the unexpected happens, being able to adapt quickly to new priorities ensures continued long-term business success.

    Below are some things no one expected to happen in the last few years:

    62% 83% 84%
    Ransomware attacks spiked 62% globally (and 158% in North America alone). 83% of companies increased organizational focus on third-party risk management in 2020. In a 2020 survey, 84% of organizations reported having experienced a third-party incident in the last three years.
    One Trust, 2022 Help Net Security, 2021 Deloitte, 2020

    Identify and manage security risk impacts on your organization

    Identify and manage security risk impacts on your organization

    Due diligence will enable successful outcomes.

    What is third-party risk?

    Third-Party Vendor: Anyone who provides goods or services to a company or individual in exchange for payment transacted with electronic instructions (Law Insider).

    Third-Party Risk: The potential threat presented to organizations’ employee and customer data, financial information, and operations from the organization’s supply chain and other outside parties that provide products and/or services and have access to privileged systems (Awake Security).

    It is essential to know not only who your vendors are but also who their vendors are (n-party vendors). Organizations often overlook that their vendors rely on others to support their business, and those layers can add risk to your organization.

    Identify and manage security risks

    Global Pandemic

    Very few people could have predicted that a global pandemic would interrupt business on the scale experienced today. Organizations should look at their lessons learned and incorporate adaptable preparations into their security planning and ongoing monitoring moving forward.

    Vendor Breaches

    The IT market is an ever-shifting environment; more organizations are relying on cloud service vendors, staff augmentation, and other outside resources. Organizations should hold these vendors (and their downstream vendors) to the same levels of security and standards of conduct that they hold their internal resources.

    Resource Shortages

    A lack of resources is often overlooked, but it’s easily recognized as a reason for a security incident. All too often, companies are unwilling to dedicate resources to their vendors’ security risk assessment and ongoing monitoring needs. Only once an incident occurs do companies decide it is time to reprioritize.

    Foster Data-Driven Culture With Data Literacy

    • Buy Link or Shortcode: {j2store}132|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $12,999 Average $ Saved
    • member rating average days saved: 115 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management

    Organizations are joining the wave and adopting machine learning and artificial intelligence (AI) to unlock the value in their data and power their competitive advantage. But to succeed with these complex analytics programs, they need to begin by looking at their data – empowering their people to realize and embrace the valuable insights within the organization’s data.

    The key to achieve becoming a data-driven organization is to foster a strong data culture and equip employees with data skills through an organization-wide data literacy program.

    Our Advice

    Critical Insight

    • Start with real business problems in a hands-on format to demonstrate the value of data.
    • Use a formalized organization-wide approach to data literacy program to bridge the data skills gap.
    • Provide relevant and practical training programs tailored to different learning styles and tenures (e.g. onboarding, development plan).

    Impact and Result

    Data literacy is critical to the success of digital transformation and AI analytics. Info-Tech’s approach to creating a sustainable and effective data literacy program is recognizing it is:

    • More than just technical training. A data literacy program isn’t just about data; it encompasses aspects of business, IT, and data.
    • More than a one-off exercise. To keep the literacy skills alive the program must be regular, sustainable, and tailored to different needs across all levels of the organization.
    • More than one delivery format. Different delivery methods need to be considered to suit various learning styles to ensure an effective delivery.

    Foster Data-Driven Culture With Data Literacy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Foster Data-Driven Culture With Data Literacy Storyboard – A step-by-step guide to help organizations build an effective and sustainable data literacy program that benefits all employees who work with data.

    Data literacy as part of the data governance strategic program should be launched to all levels of employees that will help your organization bridge the data knowledge gap at all levels of the organization. This research recommends approaches to different learning styles to address data skill needs and helps members create a practical and sustainable data literacy program.

    • Foster Data-Driven Culture With Data Literacy Storyboard

    2. Fundamental Data Literacy Program Template – A document that provides an example of a fundamental data literacy program.

    Kick off a data awareness program that explains the fundamental understanding of data and its lifecycle. Explore ways to create or mature the data literacy program with smaller amounts of information on a more frequent basis.

    • Fundamental Data Literacy Program Template
    [infographic]

    Further reading

    Foster Data-Driven Culture With Data Literacy

    Data literacy is an essential part of a data-driven culture, bridging the data knowledge gaps across all levels of the organization.

    Analyst Perspective

    Data literacy is the missing link to becoming a data-driven organization.

    “Digital transformation” and “data driven” are two terms that are inseparable. With organizations accelerating in their digital transformation roadmap implementation, organizations need to invest in developing data skills with their people. Talent is scarce and the demand for data skills is huge, with 70% of employees expected to work heavily with data by 2025. There is no time like the present to launch an organization-wide data literacy program to bridge the data knowledge gap and foster a data-driven culture.

    Data literacy training is as important as your cybersecurity training. It impacts all levels of the organization. Data literacy is critical to success with digital transformation and AI analytics.

    Annabel Lui

    Principal Advisory Director, Data & Analytics Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Organizations are joining the wave and adopting machine learning (ML) and artificial intelligence (AI) to unlock the value in their data and power their competitive advantage. But to succeed with these complex analytics programs, they need to begin by empowering their people to realize and embrace the valuable insights within the organization’s data.

    The key to becoming a data-driven organization is to foster a strong data culture and equip people with data skills through an organization-wide data literacy program.

    Common Obstacles

    Challenges the data leadership is likely to face as digital transformation initiatives drive intensified competition:

    • Resistance to change
    • Technological distractions
    • “Shadow data”
    • Difficulty securing resources and skilled data professionals
    • Inability to appreciate the value of data and its meaning for users – even fear of it

    Info-Tech's Approach

    We interviewed data leaders and instructors to gather insights about investing in data:

    • Start with real business problems in a hands-on format to demonstrate the value of data.
    • Implement a formalized organization-wide approach to data literacy program to bridge the data skill gap.
    • Provide relevant and practical training programs tailored to different learning styles and tenures (e.g. onboarding,development plan).

    Info-Tech Insight

    By thoughtfully designing a data literacy training program for the audience's own experience, maturity level, and learning style, organizations build the data-driven and engaged culture that helps them to unlock their data's full potential and outperform other organizations.

    Your Challenge

    Data literacy is the missing link to drive business outcomes from data.

    • Having a data-driven culture as an organization’s mission statement without implementing a data literacy program is like making an empty promise and leaving the value unrealized and unattainable.
    • A study conducted by the Data Literacy Project clearly indicates that organizations with aggressive data literacy programs will outperform those who do not have such programs. By 2030, data literacy will be one of the most sought-after skill sets. All employees require data literacy skills.
    • Everyone has a role in data. From employees who are actively involved in data collection to operational teams who create reports with analytics tools and finally to executives who use data to make business decisions – they all require continuous data literacy training in a data-driven organization. Because of differences in maturity, data literacy strategies cannot be one-size-fits-all.

    “Data literacy is the ability to read, work with, analyze, and communicate with data. It's a skill that empowers all levels of workers to ask the right questions of data and machines, build knowledge, make decisions, and communicate meaning to others.” – Qlik, n.d.

    75% of organizational employees have access to data tools – only 21% demonstrated confidence in their data skills.

    Source: Accenture, 2020.

    89% of C-level executives expect team members to explain how data has informed their decisions, but only 11% employees are fully confident in their ability to read, analyze, work with, and communicate with data

    Source: Qlik, 2022.

    Data debt or data asset?

    Manage your data as strategic assets.

    “[Data debt is] when you have undocumented, unused, incomplete, and inconsistent data,” according to Secoda (2023). “When … data debt is not solved, data teams could risk wasting time managing reports no one uses and producing data that no one understands.”

    Signs of data debt when considering investing in data literacy:

    • Lack of definition and understanding of data terms, therefore they don’t speak the same language. Without data literacy, an organization will not succeed in becoming a data-driven organization.
    • Putting data literacy as a low priority. Organization sees this as “another” training to put on the list and keeps it on the back burner.
    • Data literacy is not seen as the number one skill set needed in the organization. However, anyone who works with data requires data skills.
    • End users are not trained on self-serve features and tools.
    • Focusing on a minority group of people rather than everyone in the organization or seeing it as a one-off exercise.
    • Delays or failure to deliver digital transformation projects due to lack of data skills and data access issues.

    66%

    of organizations say a backlog of data debt is impacting new data management initiatives.

    40%

    of organizations say individuals within the business do not trust data insights.

    30%

    of organizations are unable to become data-driven.

    Source: Experian, 2020

    Info-Tech’s Approach

    Data literacy is critical to success with digital transformation and AI analytics.

    Diagram showing components of Data literacy: 1 - Data: understand your data, 2 - Business: define the purpose, 3 - IT: Introduce new ways of working

    The Info-Tech difference:

    1. More than just technical training. Data literacy program isn’t just about data but rather encompasses aspects of business, IT, and data.
    2. More than a one-off exercise. To keep literacy skills alive, the program must be routine and sustainable, tailored to different needs across all levels of the organization.
    3. More than one delivery format. Different delivery methods need to be considered to suit various learning styles.

    Data needs to be processed

    Data – facts – are organized, processed, and given meaning to become insights.

    Data, information, knowledge, insight, wisdom

    Image source: Welocalize, 2020.

    Data represents a discrete fact or event without relation to other things (e.g. it is raining). Data is unorganized and not useful on its own.

    Information organizes and structures data so that it is meaningful and valuable for a specific purpose (i.e. it answers questions). Information is a refined form of data.

    When information is combined with experience and intuition, it results in knowledge. It is our personal map/model of the world.

    Knowledge set with context generates insight. We become knowledgeable as a result of reading, researching, and memorizing (i.e. accumulating information).

    Wisdom means the ability to make sound judgments. Wisdom synthesizes knowledge and experiences into insights.

    Investment in data literacy is a game changer.

    Data literacy is the ability to collect, manage, evaluate, and apply data in a critical manner.

    A data-driven culture is “an operating environment that seeks to leverage data whenever and wherever possible to enhance business efficiency and effectiveness” (Forbes).

    Info-Tech Insight

    Data-driven culture refers to a workplace where decisions are made based on data evidence, not on gut instinct.

    Info-Tech’s methodology for building a data literacy program

    Phase Steps

    1. Define Data Literacy Objectives

    1.1 Understand organization’s needs

    1.2 Create vision and objective for data literacy program

    2. Assess Learning Style and Align to Program Design

    2.1 Create persona and identify audience

    2.2 Assess learning style and align to program design

    2.3 Determine the right delivery method

    3. Socialize Roadmap and Milestones

    3.1 Establish a roadmap

    3.2 Set key performance metrics and milestones

    Phase Outcomes

    Identify key objectives to establish and grow the data literacy program by articulating the problem and solutions proposed.

    Assess each audience’s learning style and adapt the program to their unique needs.

    Show a roadmap with key performance indicators to track each milestone and tell a data story.

    Insight Summary

    “In a world of more data, the companies with more data-literate people are the ones that are going to win.”

    – Miro Kazakoff, senior lecturer, MIT Sloan, in MIT Sloan School of Management, 2021

    Overarching insight

    By thoughtfully designing a data literacy training program personalized to each audience's maturity level, learning style, and experience, organizations can develop and grow a data-driven culture that unlocks the data's full potential for competitive differentiation.

    Module 1 insight

    We can learn a lot from each other. Literacy works both ways – business data stewards learn to “speak data” while IT data custodians understand the business context and value. Everyone should strive to exchange knowledge.

    Module 2 insight

    Avoid traditional classroom teaching – create a data literacy program that is learner-centric to allow participants to learn and experiment with data.

    Aligning program design to those learning styles will make participants more likely to be receptive to learning a new skill.

    Module 3 insight

    A data literacy program isn’t just about data but rather encompasses aspects of business, IT, and data. With executive support and partnership with business, running a data literacy program means that it won’t end up being just another technical training. The program needs to address why, what, how questions.

    Tactical insight

    A lot of programs don’t include the fundamentals. To get data concepts to stick, focus on socializing the data/information/knowledge/wisdom foundation.

    Tactical insight

    Many programs speak in abstract terms. We present case studies and tangible use cases to personalize training to the audience’s world and showcase opportunities enabled through data.

    Key performance indicators (KPIs) for your data literacy program

    How do you know if your data literacy program is successful? Here are some useful KPIs:

    Program Adoption Metrics

    • Percentage of employees attending data literacy training
    • Percentage of participants who report gains in data management knowledge after training sessions
    • Maturity assessment result
    • Survey and diagnostic feedback before and after training
    • Trend analysis of overall data literacy program

    Operational Metrics

    • Number of requests for analytics/reporting services
    • Number of reports created by users
    • Speed and quality of business decisions
    • User satisfaction with reports and analytics services
    • Improved business performance (customer satisfaction)
    • Improved valuation of organization data

    A data-driven culture builds tools and skills, builds users’ trust in the quality of data across sources, and raises the skills and understanding among the frontlines by encouraging everyone to leverage data for critical thinking and innovation.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of the project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Session 1

    Session 2

    Session 3

    Session 4

    Activities

    Define Data Literacy Objectives

    1.1 Review Data Culture Diagnostic results

    1.2 Identify business context: business goals, initiatives

    1.3 Create vision and objective for data literacy program

    Assess Learning Style and Align to Program Design

    2.1 Identify audience

    2.2 Assess learning style and align to program design

    2.3 Determine the right delivery method

    Build a Data Literacy Roadmap and Milestones

    3.1 Identify program initiatives and topics

    3.2 Determine delivery methods

    3.3 Build the data literacy roadmap

    Operational Strategy to implement Data Literacy

    4.1 Identify key performance metrics

    4.2 Identify owners and document RACI matrix

    4.3 Discuss next steps and wrap up.

    Deliverables

    1. Diagnostics reports (data culture survey)
    2. Vision and value statement
    1. Assessment of audience covering all levels of organization
    1. List of key program initiatives and topics
    2. Allocation of delivery methods
    3. Roadmap
    1. Data literacy metrics
    2. List of owners and roles and responsibilities
    3. Next step and implementation schedule

    Phase 1

    Define Data Literacy Objectives

    Phase 1: step 1 - Understand organization's needs, step 2 - Create vision and objective for data literacy program.

    Foster Data-Driven Culture With Data Literacy

    This phase will walk you through the following activities:

    • Understand the organization’s needs.
    • Create vision and objective for data literacy program.

    This phase involves the following participants:

    • Data governance sponsor
    • Data owners
    • Data stewards
    • Data custodians

    1.1 Gauge your organization’s current data culture

    Conduct data culture survey or diagnostic.

    1. Identify members of the data user base, data consumers, and other key stakeholders for surveying.
    2. Conduct an information session to introduce Info-Tech’s Data Culture Diagnostic survey. Explain the objective and importance of the survey and its role in helping to understand the organization’s current data culture and inform the improvement of that culture.
    3. Roll out the Info-Tech Data Culture Diagnostic survey to the identified users and stakeholders.
    4. Debrief and document the results and scorecard in the Data Strategy Stakeholder Interview Guide and Findings document.

    Input

    • Email addresses of participants in your organization who should receive the survey

    Output

    • Your organization’s Data Culture Scorecard for understanding current data culture as it relates to the use and consumption of data
    • An understanding of whether data is currently perceived to be an asset to the organization

    Materials

    • Info-Tech’s Data Culture Diagnostic service

    Participants

    • Participants include those at the senior leadership level through to middle management, as well as other business stakeholders at varying levels across the organization
    • Data owners, stewards, and custodians
    • Core data users and consumers

    Contact your Info-Tech Account Representative for details on launching a Data Culture Diagnostic.

    1.2 Define data literacy objectives

    1. Understand the organization’s needs by identifying opportunities and challenges relating to data. Document the described real-life examples.
    2. Categorize the list and identify areas where data literacy can address the business problem.
    3. Create a vision statement for the data literacy program, ensuring that it covers all levels of the organization.
    4. Articulate the intended targets and goals in planning for a data literacy program.

    Input

    • List of opportunities and challenges relating to data
    • Relevant business real-life examples

    Output

    • Categorized list of data literacy needs
    • Vision for literacy program
    • Targets and goals

    Materials

    • Whiteboard/flip charts
    • Sticky notes

    Participants

    • CDO or sponsor
    • Key business stakeholders
    • Data stewards
    • Data custodians
    • Data governance working group

    Quick wins for improving data literacy

    Data collected through Info-Tech’s Data Culture Diagnostic suggests three ways to improve data literacy:

    87%

    think more can be done to define and document commonly used terms with methods such as a business data glossary.

    68%

    think they can have a better understanding of the meaning of all data elements that are being captured or managed.

    86%

    feel that they can have more training in terms of tools as well as on what data is available at the organization.

    Source: Info-Tech Research Group's Data Culture Diagnostic, 2022; N=2,652

    Quick Wins

    • Create a business data glossary to document and define common terms.
    • Provide easy access to the business data glossary and procedures on how data is captured and managed.
    • Launch an organization-wide data literacy program.

    Delivering value is a means and the goal

    Start with real business problems in a hands-on format to demonstrate the value of data.

    Identify business problem:

    • Business decisions without facts are just guesses.
    • Management spends a lot of time finding and fixing data.
    • Unknown challenges on data assets and risk.
    • Incomplete view of customer/client and industry.
    • Not ready for modern data opportunities (e.g. artificial intelligence).

    Create an objective

    Treat data as a strategic asset to gain insight into our customers for all levels of organization.

    The solution: Data-driven culture powered by people who speak data.

    • Data dictionary
    • Data literacy
    • Trusted single source
    • Access to analytics tools
    • Decision making

    "According to Forrester, 91% of organizations find it challenging to improve the use of data insights for decision-making – even though 90% see it as a priority. Why the disconnect? A lack of data literacy."

    – Alation, 2020

    Fundamental data literacy

    Data literacy is more than just a technical training or a one-off exercise.

    Info-Tech provides various topics suited for a data literacy program that can accommodate different data skill requirements and encompasses relevant aspects of business, IT, and data.

    Info-Tech Research Group’s Data Literacy Program

    Use discovery and diagnostics to understand users’ comfort level and maturity with data.

    Data lunch 'n' learn

    • The power and value of data
    • Everyone is a data steward
    • Becoming data literate
    • Data 101
    • The future is data
    1 hour
    For: General audience, senior leadership, data leads, change management

    Speak data

    • What is data
    • Meet the data team
    • Day in the life of a steward
    • How data impacts you
    • Tools of the trade
    1/2 day
    For: New stewards, data owners, pre-data strategy workshop

    Your data story

    • Ask the right questions
    • Find the top five data elements
    • Understand your data
    • Present your data story
    • Lessons from COVID-19
    1/2 day
    For: New stewards, business data owners, pre-BI/analytics workshop

    Phase 2

    Assess Learning Style and Align to Program Design

    Phase 2: step 1 - Identify audience, step 2 - Access learning style and align to program design, step 3 - Determine the right delivery method.

    Foster Data-Driven Culture With Data Literacy

    This phase will walk you through the following activities:

    • Identify your audience.
    • Assess learning styles and align them to the data program design.
    • Determine the right delivery method.

    This phase involves the following participants:

    • Data governance sponsor
    • Data owners
    • Data stewards
    • Data custodians

    Avoid common pitfalls

    75%

    feel that training was too long to remember or to apply in their day-to-day work.

    21%

    find training had insufficient follow-up to help them apply on the job.

    Source: Grovo, 2018.

    1. Information Overload

      Trying to cover too much useful information results in overwhelm and does not deliver on key training objectives.
    2. Limited Implementation

      Learning is only the beginning. The real results are obtained when learning is followed by practice, which turns new knowledge into reliable habits.
    3. Lack of Organizational Alignment

      Implementing training without a clear link to organizational objectives leaves you unable to clearly communicate its value, undermines your ability to secure buy-in from attendees and executives, and leaves you unable to verify that the training is actually improving effectiveness.

    2.1 Understand learning style

    1. Create persona and identify the audiences and their roles in data across all levels of the organization.
    2. Identify the data program initiatives and assign the best delivery method to each initiative.
    3. Assign participants to each program initiative based on their skill gap and learning style.

    Input

    • List of audiences, their roles, and tenures
    • Data skill gap assessment
    • List of literacy program initiatives/topics

    Output

    • Target audience grouping
    • List of program initiatives with assigned groups

    Materials

    • Whiteboard/flip charts
    • Sticky notes

    Participants

    • CDO or sponsor
    • Key business stakeholders
    • Data stewards
    • Data custodians
    • Data governance working group

    You and data

    Is data an integral part of your work?

    Do you feel comfortable finding and using data in your organization?

    • Many people feel intimidated by data and therefore miss out on what data can do for them.
    • Often the obstacle is language. If you don’t understand the semantics around data, you will not feel confident to contribute to discussions around data.
    • You use data every day but need additional vocabulary to understand how to handle it properly.
    • Data literacy is the ability to “speak data” and to understand what data means (i.e. how to read charts and graphs, draw valid conclusions, and recognize when data is misinterpreted or used inappropriately to be misleading).
    • The business often doesn’t understand its role in data governance and how it informs and assists IT in responsible data management.

    Info-Tech Insight

    IT and data professionals need to understand the business as much as business needs to talk about data. Bidirectional learning and feedback improves the synergy between business and IT.

    Create personas

    Persona creation is a way to brainstorm ideas for the data literacy program.

    Choose a data role (e.g. data steward, data owner, data scientist).

    Describe the persona based on goals, priorities, tenures, preferred learning style, type of work with data.

    Identify data skill and level of skills required.

    Persona 1: Denise - Manager, People and Culture. Goals, priorities, tenure, data role, learning style, skill level

    Consider these other ways to brainstorm:

    • Review current in-flight projects.
    • Analyze types of data requests.
    • Understand needs by department.
    • Share learnings in a community of practice.

    Program design

    Categorize into six data skill areas

    Not everyone needs the same level of skill sets

    Bullseye board with skill levels (Innermost going outward): Expert, advanced, intermediate and Basic. The six data skill areas: 1. Understanding Data, 2. Find and Obtain Data, 3. Read, Interpret and Evaluate Data, 4. Manage Data, 5. Create and Use Data, 6. Tell a Story and Share Data are placed equally around in sections.

    Map the personas to the program

    Bridging the data knowledge gap.

    • Each component will promote the value of data to all levels of employees when demonstrating the right way for data to be understood, managed, and consumed in the organization.
    • Categorizing the data literacy program into six areas and levels of skill sets will provide clarity into which areas to focus on.
    • The program is intended to be implemented in stages, allowing the audience to learn and adopt the new skills. Leveraging in-flight projects for rolling out training will have a higher success because the need is already built into the project.
    Personas are placed at different points in the data skill area and skill level.

    Align program design to learning styles

    The four methods (Discussion, Information, Coaching, and Self-Discovery) are based on learner-centered model design rather than the traditional teacher-centered model.

    Info-Tech Insight

    Tailor your data literacy program to meet your organization’s needs, filling your range of knowledge gaps and catering to different levels of users.

    When it comes to rolling out a data literacy program, there is no one-size-fits-all solution. Your data literacy program is intended to spread knowledge throughout your organization. It should target everyone from executive leadership to management to subject matter experts across all functions of the business.

    Discussion method

    Delivery Method

    • Interactive format between instructor and learner
    • Instructor empowers and motivates learner through dialogues and exercises

    The imaginative learner

    The imaginative learner group likes to engage in feelings and spend time on reflection. This type of learner desires personal meaning and involvement. They focus on personal values for themselves and others and make connections quickly.

    For this group of learners, their question is: why should I learn this?

    Learning characteristics

    • Seek meaning
    • Need to be personally involved
    • Learn by listening and sharing ideas
    • Function through social interaction

    Information method

    Delivery Method

    • Instructor does most of the talking in the training
    • Instructor is teaching the content, delivering the training content, and demonstrating

    Analytical learner

    The analytical learner group likes to listen, to think about information, and to come up with ideas. They are interested in acquiring facts and delving into concepts and processes. They can learn effectively and enjoy doing independent research.

    For this group of learners, their question is: what should I learn?

    Learning characteristics

    • Seek and examine the facts
    • Need to know what experts think
    • Interested in ideas and concepts
    • Critique information and collect data
    • Function by adapting to experts

    Coaching method

    Delivery Method

    • Learning has on-the-job training or learning through role-play exercises
    • Instructor is coaching and facilitating learner

    Common sense learner

    The common sense learner group likes thinking and doing. They are satisfied when they can carry out experiments, build and design, and create usability. They like tinkering and applying useful ideas.

    For this group of learners, their question is: how should I learn?

    Learning characteristics

    • Seek usability
    • Need to know how things work
    • Learn by testing theories using practical methods
    • Use factual data to build concepts
    • Enjoy hands-on experience

    Self-discovery method

    Delivery Method

    • Interactive format between instructor and learner
    • Instructor provides evaluation and remedial instruction

    Common sense learner

    The dynamic learner group learns through doing and experiencing. They are continually looking for hidden possibilities and researching ideas to make original adjustments. They learn through trial and error and self-discovery.

    For this group of learners, their question is: what if I learn this?

    Learning characteristics

    • Seek hidden possibilities
    • Need to know what can be done with things
    • Learn by trial and error
    • Enjoy variety and excel in being flexible

    Delivery method considerations

    There are four common ways to learn a new skill: by watching, conceptualizing, doing, and experiencing. The following are some suggestions on ways to implement your data literacy program through different delivery methods.

    There are four common ways to learn a new skill: by watching, conceptualizing, doing, and experiencing. The following are some suggestions on ways to implement your data literacy program through different delivery methods.

    Phase 3

    Map Out Data Literacy Roadmap and Milestones

    Phase 3: step 1 - Roadmap exercise, step 2 - Set key performance metrics and milestones.

    Foster Data-Driven Culture With Data Literacy

    This phase will walk you through the following activities:

    • Complete a roadmap exercise.
    • Set key performance metrics and milestones.

    This phase involves the following participants:

    • Data governance sponsor
    • Data owners
    • Data stewards
    • Data custodians

    3.1 Build the data literacy roadmap and milestones

    1-3 hours
    1. Gather the data literacy objectives and list of program initiatives with their assigned groups.
    2. Discuss each program initiative with the data literacy creation team, assigning content owners and estimating effort required to build the content.

    For the Gantt chart:

    • Input the roadmap start year.
    • List each data literacy topic and delivery method.
    • Populate the planned start and end dates for the prepopulated list of program initiatives.

    Input

    • List of data literacy topics with assigned groups
    • Vision statement of data literacy program
    • Data literacy objectives

    Output

    • Roadmap Gantt chart
    • List of program initiatives with start and end date
    • Content owner assignment

    Materials

    • Whiteboard/flip charts
    • Sticky notes
    • MS Projects/Excel

    Participants

    • CDO or sponsor
    • Key business stakeholders
    • Data stewards
    • Data custodians
    • Data governance working group

    Data literacy journey mapping

    Making it sustainable

    • Deliver the literacy program in stages to make it easier for the audience to consume the content.
    • Allow opportunities to apply the learnings at work.
    • Map out the data literacy trainings as they get delivered and identify gaps, if any. Continue to refine and adjust the program and delivery method for better outcome.
    • Set clear goals and KPIs measurement up front.
    • Conduct Info-Tech Research Group’s Data Culture Diagnostics to set the baseline and repeat the assessment in 12 to 18 months.
    • Assign champions to lead change and influence end users to adopt better processes.
    Data Literacy journey mapping. Different departments need different skills in data literacy.

    Research contributors

    Name

    Position

    Andrea Malick Advisory Director, Info-Tech Research Group
    Andy Neill AVP, Data and Analytics, Chief Enterprise Architect, Info-Tech Research Group
    Crystal Singh Research Director, Info-Tech Research Group
    Imad Jawadi Senior Manager, Consulting Advisory, Info-Tech Research Group
    Irina Sedenko Research Director, Info-Tech Research Group
    Reddy Doddipalli Senior Workshop Director, Info-Tech Research Group
    Sherwick Min Technical Counselor, Info-Tech Research Group
    Wayne Cain Principal Advisory Director, Info-Tech Research Group

    Info-Tech’s Data Literacy Program

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Session 1

    Session 2

    Session 3

    Session 4

    Activities

    Understand the WHY and Value of Data

    1.1 Business context, business objectives, and goals

    1.2 You and data

    1.3 Data journey from data to insights

    1.4 Speak data – common terminology

    Learn about the WHAT Through Data Flow

    2.1 Data creation

    2.2 Data ingestion

    2.3 Data accumulation

    2.4 Data augmentation

    2.5 Data delivery

    2.6 Data consumption

    Explore the HOW Through Data Visualization Training

    3.1 Ask the right questions

    3.2 Find the top five data elements

    3.3 Understand your data

    3.4 Present your data story

    3.5 Sharing of lessons learned

    Put Them All Together Through Data Governance Awareness

    4.1 Data governance framework

    4.2 Data roles and responsibilities

    4.3 Data domain and owners

    Deliverables

    1. Learning material for understanding the data fundamental and its terminology
    1. Learning material for data flow elements
    1. Learning material for data visualization
    1. Learning material for data governance awareness program

    Related Info-Tech Research

    Establish Data Governance

    Deliver measurable business value.

    Build a Robust and Comprehensive Data Strategy

    Key to building and fostering a data-driven culture.

    Create a Data Management Roadmap

    Streamline your data management program with our simplified framework.

    Bibliography

    About Learning. “4MAT overview.” About Learning., 16 Aug. 2001. Web.

    Accenture. “The Human Impact of Data Literacy,” Accenture, 2020. Web.

    Anand, Shivani. “IDC Reveals India Data and Content Technologies Predictions for 2022 and onwards; Focus on Data Literacy for an Elevated data Culture.” IDC, 14 Mar. 2022. Web.

    Belissent, Jennifer, and Aaron Kalb. “Data Literacy: The Key to Data-Driven Decision Making.” Alation, April 2020. Web.

    Brown, Sara. “How to build data literacy in your company.” MIT Sloan School of Management, 9 Feb 2021. Web.

    ---. “How to build a data-driven company.” MIT Sloan School of Management, 24 Sept. 2020. Web.

    Domo. “Data Never Sleeps 9.0.” Domo, 2021. Web.

    Dykes, Brent. “Creating A Data-Driven Culture: Why Leading By Example Is Essential.” Forbes, 26 Oct. 2017. Web.

    Experian. “10 signs you are sitting on a pile of data debt.” Experian, 2020. Accessed 25 June 2021. Web.

    Experian. “2019 Global Data Management Research.” Experian, 2019. Web.

    Knight, Michelle. “Data Literacy Trends in 2023: Formalizing Programs.” Dataversity, 3 Jan. 2023. Web.

    Ghosh, Paramita. “Data Literacy Skills Every Organization Should Build.” Dataversity, 2 Nov. 2022. Web.

    Johnson, A., et al., “How to Build a Strategy in a Digital World,” Compact, 2018, vol. 2. Web.

    LifeTrain. “Learning Style Quiz.” EMTrain, Web.

    Lambers, E., et al. “How to become data literate and support a data-drive culture.” Compact, 2018, vol. 4. Web.

    Marr, Benard. “Why is data literacy important for any business?” Bernard Marr & Co., 16 Aug. 2022. Web.

    Marr, Benard. “8 simple ways to enhance your data literacy skills.” Bernard Marr & Co., 16 Aug. 2022. Web/

    Mendoza, N.F. “Data literacy: Time to cure data phobia” Tech Republic, 27 Sept. 2022. Web.

    Mizrahi, Etai. “How to stay ahead of data debt and downtime?” Secoda, 17 April 2023. Web.

    Needham, Mass., “IDC FutureScape: Top 10 Predictions for the Future of Intelligence.” IDC, 5 Dec. 2022. Web.

    Paton, J., and M.A.P. op het Veld. “Trusted Analytics.” Compact, 2017, vol. 2. Web.

    Qlik. “Data Literacy to be Most In-Demand Skill by 2030 as AI Transforms Global Workplaces.” Qlik., 16 Mar 2022. Web.

    Qlik. “What is data literacy?” Qlik, n.d. Web.

    Reed, David. Becoming Data Literate. Harriman House Publishing, 1 Sept. 2021. Print.

    Salomonsen, Summer. “Grovo’s First-Time Manager Microlearning® Program Will Help Your New Managers Thrive in 2018.” Grovos Blog, 5 Dec. 2018. Web.

    Webb, Ryan. “More Than Just Reporting: Uncovering Actionable Insights From Data.” Welocalize, 1 Sept. 2020. Web.

    Determine Your Zero Trust Readiness

    • Buy Link or Shortcode: {j2store}249|cart{/j2store}
    • member rating overall impact (scale of 10): 9.8/10 Overall Impact
    • member rating average dollars saved: $24,574 Average $ Saved
    • member rating average days saved: 12 Average Days Saved
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting

    CISOs pushing for zero trust as their security strategy face several challenges including:

    • Understanding and clarifying the benefits of zero trust for the organization.
    • The inability to verify all business operations are maintaining security best practices.
    • Convincing business units to add more security controls that go against the grain of reducing friction in workflows while still demonstrating these controls support the business.

    Our Advice

    Critical Insight

    • Zero trust must benefit the business and security. Because the road to zero trust is an iterative process, IT security will need to constantly determine how different areas of zero trust will affect core business processes.
    • Zero trust reduces reliance on perimeter security. Zero trust is a strategy that solves how to move beyond the reliance on perimeter security and move controls to where the user accesses resources.
    • Not everyone can achieve zero trust, but everyone can adopt it. Zero trust will be different for every organization and may not be applicable in every control area. This means that zero trust is not a one-size-fits-all approach to IT security. Zero trust is the goal, but some organizations can only get so close to the ideal.

    Impact and Result

    Zero trust is a journey that uses multiple capabilities and requires multiple parties to contribute to an organization’s security. Use Info-Tech’s approach to:

    • Understand zero trust as a strategic platform for building your security roadmap.
    • Assess your current state and determine the benefits of adopting zero trust to help plan your roadmap.
    • Separate vendors from the hype surrounding zero trust to adopt a vendor-agnostic approach to your zero trust planning.

    Determine Your Zero Trust Readiness Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should determine your zero trust readiness, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand zero trust

    Recognize the zero trust ideal and understand the different zero trust schools of thought.

    2. Assess your zero trust readiness

    Assess and determine the benefits of zero trust and identify and evaluate vendors in the zero trust market.

    • Zero Trust Security Benefit Assessment Tool
    [infographic]

    Optimize Social Media Strategy by Service

    • Buy Link or Shortcode: {j2store}562|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $12,599 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • Many organizations are jumping the gun on service selection and missing valuable opportunities to tap into conversations their consumers are having about them.
    • Companies are struggling to harness real benefits from social media because they dive into content and engagement strategy without spending the appropriate amount of time on social media service selection.
    • After organizations have selected the appropriate social media services, clients fail to understand best practices for participating in conversations and therefore are unable to optimize their success on each service.

    Our Advice

    Critical Insight

    • Conventional wisdom dictates that you should pick the social network where you have the greatest subscriber base to reach, but this is irrelevant. Organizations need to consider all the social media services available when selecting services, to ensure they are optimizing their social media strategy and interacting with the right people.
    • In today’s social media landscape there is a wide variety of social media services to choose from. Services range from hot micro-blogging services, like Twitter, to more niche social multimedia services, like Flickr or Vimeo.
    • Each department should manage its set of relevant services regardless of platform. For example a marketing manager should manage all social media services in marketing, rather than have one person manage all Twitter feeds, one person manage all Facebook pages, etc.
    • The services your organization selects shouldn’t operate as islands. Consider not only how the services will fit with each other, but also how they will fit with existing channels. Use a market coverage model to ensure the services you select are complementing each other.
    • The landscape for social media services changes rapidly. It is essential to conduct an audit of services to maintain an optimal mix of services. Conduct the audit semi-annually for best effect.

    Impact and Result

    • Learn about the importance of choosing the correct services to ensure you are reaching your consumers and not wasting time playing with the wrong people.
    • Understand the business use cases for each service and best practices for using them.
    • Leverage different social media services to create a market coverage model that balances social media services with your products/services and business objectives.
    • Identify the risks associated with specific platforms and ensure IT works to mitigate them.
    • Create a plan for conducting a Social Media Service Audit to stay on top of changing trends.

    Optimize Social Media Strategy by Service Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create the right social media service mix

    Understand the different social media services, their unique value propositions for customer interaction, and the content and timing best practices for each.

    • Storyboard: Optimize Social Media Strategy by Service
    • Social Media Service Selection Tool

    2. Execute a plan for social service selection and management

    Leverage different social media services to create a market coverage model and assign responsibilities.

    3. Perform a semi-annual social media service audit

    Conduct an audit to stay on top of changing trends.

    • Social Media Services Audit Template
    [infographic]

    Define Service Desk Metrics That Matter

    • Buy Link or Shortcode: {j2store}491|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk
    • Consolidate your metrics and assign context and actions to ones currently tracked.
    • Establish tension metrics to see and tell the whole story.
    • Split your metrics for each stakeholder group. Assign proper cadences for measurements as a first step to building an effective dashboard.

    Our Advice

    Critical Insight

    • Identify the metrics that serve a real purpose and eliminate the rest. Establish a formal review process to ensure metrics are still valid, continue to provide the answers needed, and are at a manageable and usable level.

    Impact and Result

    • Tracking goal- and action-based metrics allows you to make meaningful, data-driven decisions for your service desk. You can establish internal benchmarks to set your own baselines.
    • Predefining the audience and cadence of each metric allows you to construct targeted dashboards to aid your metrics analysis.

    Define Service Desk Metrics That Matter Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define Service Desk Metrics That Matter Storyboard – A deck that shows you how to look beyond benchmarks and rely on internal metrics to drive success.

    Deciding which service desk metrics to track and how to analyze them can be daunting. Use this deck to narrow down your goal-oriented metrics as a starting point and set your own benchmarks.

    • Define Service Desk Metrics That Matter Storyboard

    2. Service Desk Metrics Workbook – A tool to organize your service desk metrics.

    For each metric, consider adding the relevant overall goal, audience, cadence, and action. Use the audience and cadence of the metric to split your tracked metrics into various dashboards. Your final list of metrics and reports can be added to your service desk SOP.

    • Service Desk Metrics Workbook
    [infographic]

    Further reading

    Define Service Desk Metrics That Matter

    Look beyond benchmarks and rely on internal metrics to drive success.

    Analyst Perspective

    Don’t get paralyzed by benchmarks when establishing metrics

    When establishing a suite of metrics to track, it’s tempting to start with the metrics measured by other organizations. Naturally, benchmarking will enter the conversation. While benchmarking is useful, measuring you organization against others with a lack of context will only highlight your failures. Furthermore, benchmarks will highlight the norm or common practice. It does not necessarily highlight best practice.

    Keeping the limitations of benchmarking in mind, establish your own metrics suite with action-based metrics. Define the audience, cadence, and actions for each metric you track and pair them with business goals. Measure only what you need to.

    Slowly improve your metrics process over time and analyze your environment using your own data as your benchmark.

    Benedict Chang

    Research Analyst, Infrastructure & Operations

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Measure the business value provided by the service desk.
    • Consolidate your metrics and assign context and actions to ones currently tracked.
    • Establish tension metrics to see and tell the whole story.
    • Split your metrics for each stakeholder group. Assign proper cadences for measurements as a first step to building an effective dashboard or effective dashboards.

    Common Obstacles

    • Becoming too focused on benchmarks or unidimensional metrics (e.g. cost, first-contact resolution, time to resolve) can lead to misinterpretation of the data and poorly informed actions.
    • Sifting through the many sources of data post hoc can lead to stalling in data analysis or slow reaction times to poor metrics.
    • Dashboards can quickly become cluttered with uninformative metrics, thus reducing the signal-to-noise ratio of meaningful data.

    Info-Tech's Approach

    • Use metrics that drive productive change and improvement. Track only what you need to report on.
    • Ensure each metric aligns with the desired business goal, is action-based, and includes the answers to what, why, how, and who.
    • Establish internal benchmarks by analyzing the trends from your own data to set baselines.
    • Act on the results of your metrics by adjusting targets and measuring success.

    Info-Tech Insight

    Identify the metrics that serve a real purpose and eliminate the rest. Establish a formal review process to ensure metrics are still valid, continue to provide the answers needed, and are at a manageable and usable level.

    Improve your metrics to align IT with strategic business goals

    The right metrics can tell the business how hard IT works and how well they perform.

    • Only 19% of CXOs feel that their organization is effective at measuring the success of IT projects with their current metrics.
    • Implementing the proper metrics can facilitate communication between the business division and IT practice.
    • The proper metrics can help IT know what issues the business has and how the CEO and CIO should tackle them.
    • If the goals above resonate with your organization, our blueprint Take Control of Infrastructure and Operations Metrics will take you through the right steps.

    Current Metrics Suite

    19% Effective

    36% Some Improvement Necessary

    45% Significant Improvement Necessary

    Source: Info-Tech Research Group’s CEO/CIO Alignment Diagnostic, 2019; N=622

    CXOs stress that value is the most critical area for IT to improve in reporting

    • You most likely have to improve your metrics suite by addressing business value.
    • Over 80% of organizations say they need improvement to their business value metrics, with 32% of organizations reporting that significant improvement is needed.
    • Of course, measuring metrics for service desk operations is important, but don’t forget business-oriented metrics such as measuring knowledgebase articles written for shift-left enablement, cost (time and money) of service desk tickets, and overall end-user satisfaction.

    The image shows a bar graph with percentages on the Y-Acis, and the following categories on the X-Axis: Business value metrics; Stakeholder satisfaction reporting; Risk metrics; Technology performance & operating metrics; Cost & Salary metrics; and Ad hoc feedback from executives and staff. Each bar is split into two sections, with the blue section marked a Significant Improvement Necessary, and the purple section labelled Some Improvement necessary. Two sections are highlighted with red circles: Business Value metrics--32% blue; 52% purple; and Technology performance & operating metrics--23% blue and 51% purple.

    Source: Info-Tech Research Group’s CEO/CIO Alignment Diagnostic, 2019; N=622

    Benchmarking used in isolation will not tell the whole story

    Benchmarks can be used as a step in the metrics process

    They can be the first step to reach an end goal, but if benchmarks are observed in isolation, it will only highlight your failures.

    Benchmarking relies on standardized models

    This does not account for all the unique variables that make up an IT organization.

    For example, benchmarks that include cost and revenue may include organizations that prioritize first-call resolution (FCR), but the variables that make up this benchmark model will be quite different within your own organization.

    Info-Tech Insight

    Benchmarks reflect the norm and common practice, not best practice.

    Benchmarks are open to interpretation

    Taking the time to establish proper metrics is often more valuable time spent than going down the benchmark rabbit hole.

    Being above or below the norm is neither a good nor a bad thing.

    Determining what the results mean for you depends on what’s being measured and the unique factors, characteristics, and priorities in your organization.

    If benchmark data is a priority within your IT organization, you may look up organizations like MetricNet, but keep the following in mind:

    Review the collected benchmark data

    See where IT organizations in your industry typically stand in relation to the overall benchmark.

    Assess the gaps

    Large gaps between yourself and the overall benchmark could indicate areas for improvement or celebration. Use the data to focus your analysis, develop deeper self-awareness, and prioritize areas for potential concern.

    Benchmarks are only guidelines

    The benchmark source data may not come from true peers in every sense. Each organization is different, so always explore your unique context when interpreting any findings.

    Rely on internal metrics to measure and improve performance

    Measure internal metrics over time to define goals and drive real improvement

    • Internally measured metrics are more reliable because they provide information about your actual performance over time. This allows for targeted improvements and objective measurements of your milestones.
    • Whether a given metric is the right one for your service desk will depend on several different factors, including:
      • The maturity and capability of your service desk processes
      • The volume of service requests and incidents
      • The complexity of your environment when resolving tickets
      • The degree to which your end users are comfortable with self-service

    Take Info-Tech’s approach to metrics management

    Use metrics that drive productive change and improvement. Track only what you need to report on.

    Ensure each metric aligns with the desired business goal, is action-based, and includes the answers to what, why, how, and who.

    Establish internal benchmarks by analyzing the trends from your own data to set baselines.

    Act on the results of your metrics by adjusting targets and measuring success.

    Define action-based metrics to cut down on analysis paralysis

    Every metric needs to be backed with the following criteria:

    • Defining audience, cadence, goal, and action for each metric allows you to keep your tracked metrics to a minimum while maximizing the value.
    • The audience and cadence of each metric may allow you to define targeted dashboards.

    Audience - Who is this metric tracked for?

    Goal - Why are you tracking this metric? This can be defined along with the CSFs and KPIs.

    Cadence - How often are you going to view, analyze, and action this metric?

    Action - What will you do if this metric spikes, dips, trends up, or trends down?

    Activity 1. Define your critical success factors and key performance indicators

    Critical success factors (CSFs) are high-level goals that help you define the direction of your service desk. Key performance indicators (KPIs) can be treated as the trend of metrics that will indicate that you are moving in the direction of your CSFs. These will help narrow the data you have to track and action (metrics).

    CSFs, or your overall goals, typically revolve around three aspects of the service desk: time spent on tickets, resources spent on tickets, and the quality of service provided.

    1. As a group, brainstorm the CSFs and the KPIs that will help narrow your metrics. Use the Service Desk Metrics Workbook to record the results.
    2. Look at the example to the right as a starting point.

    Example metrics:

    Critical success factor Key performance indicator
    High End-User Satisfaction Increasing CSAT score on transactional surveys
    High end-user satisfaction score
    Proper resolution of tickets
    Low time to resolve
    Low Cost per Ticket Decreasing cost per ticket (due to efficient resolution, FCR, automation, self-service, etc.)
    Improve Access to Self-Service (tangential to improve customer service) High utilization of knowledgebase
    High utilization of portal

    Download the Service Desk Metrics Workbook

    Activity 2. Define action-based metrics that align with your KPIs and CSFs

    1. Now that you have defined your goals, continue to fill the workbook by choosing metrics that align with those goals.
    2. Use the chart below as a guide. For every metric, define the cadence of measurement, audience of the metric, and action associated with the metric. There may be multiple metrics for each KPI.
    3. If you find you are unable to define the cadence, audience, or action associated with a metric, you may not need to track the metric in the first place. Alternatively, if you find that you may action a metric in the future, you can decide to start gathering data now.

    Example metrics:

    Critical success factor Key performance indicator Metric Cadence Audience Action
    High End-User Satisfaction Increasing CSAT score on transactional surveys Monthly average of ticket satisfaction scores Monthly Management Action low scores immediately, view long-term trends
    High end-user satisfaction score Average end-user satisfaction score from annual survey Annually IT Leadership View IT satisfaction trends to align IT with business direction
    Proper resolution of tickets Number of tickets reopened Weekly Service Desk Technicians Action reopened tickets, look for training opportunities
    SLA breach rate Daily Service Desk Technicians Action reopened tickets, look for training opportunities
    Low time to resolve Average TTR (incidents) Weekly Management Look for trends to monitor resources
    Average TTR by priority Weekly Management Look for TTR solve rates to align with SLA
    Average TTR by tier Weekly Management Look for improperly escalated tickets or shift-left opportunities

    Download the Service Desk Metrics Workbook

    Activity 3. Define the data ownership, metric viability, and dashboards

    1. For each metric, define where the data is housed. Ideally, the data is directly in the ticketing tool or ITSM tool. This will make it easy to pull and analyze.
    2. Determine how difficult the metric will be to pull or track. If the effort is high, decide if the value of tracking the metric is worth the hassle of gathering it.
    3. Lastly, for each metric, use the cadence and audience to place the metric in a reporting dashboard. This will help divide your metrics and make them easier to report and action.
    4. You may use the output of this exercise to add your tracked metrics to your service desk SOP.
    5. A full suite of metrics can be found in our Infrastructure & Operations Metrics Library in the Take Control of Infrastructure Metrics Storyboard. The metrics have been categorized by low, medium, and advanced capabilities for you.

    Example metrics:

    Metric Who Owns the Data? Efforts to Track? Dashboards
    Monthly average of ticket satisfaction scores Service Desk Low Monthly Management Meeting
    Average end-user satisfaction score Service Desk Low Leadership Meeting
    Number of tickets reopened Service Desk Low Weekly Technician Standup
    SLA breach rate Service Desk Low Daily Technician Standup
    Average TTR (incidents) Service Desk Low Weekly Technician Standup
    Average TTR by priority Service Desk Low Weekly Technician Standup
    Average TTR by tier Service Desk Low Weekly Technician Standup
    Average TTR (SRs) Service Desk Low Weekly Technician Standup
    Number of tickets reopened Service Desk Low Daily Technician Standup

    Download the Service Desk Metrics Workbook

    Keep the following considerations in mind when defining which metrics matter

    Keep the customer in mind

    Metrics are typically focused on transactional efficiency and process effectiveness and not what was achieved against the customers’ need and satisfaction.

    Understand the relationships between performance and metrics management to provide the end-to-end service delivery picture you are aiming to achieve.

    Don’t settle for tool defaults

    ITSM solutions offer an abundance of metrics to choose from. The most common ones are typically built into the reporting modules of the tool suite.

    Do not start tracking everything. Choose metrics that are specifically aligned to your organization’s desired business outcomes.

    Establish tension metrics to achieve balance

    Don’t ignore the correlation and context between the suites of metrics chosen and how one interacts and affects the other.

    Measuring metrics in isolation may lead to an incomplete picture or undesired technician behavior. Tension metrics help complete the picture and lead to proper actions.

    Adjust those targets

    An arbitrary target on a metric that is consistently met month over month is useless. Each metric should inform the overall performance by combining capable service level management and customer experience programs to prove the value IT is providing to the organization.

    Related Info-Tech Research

    Standardize the Service Desk

    This project will help you build and improve essential service desk processes, including incident management, request fulfillment, and knowledge management, to create a sustainable service desk.

    Take Control of Infrastructure and Operations Metrics

    Make faster decisions and improve service delivery by using the right metrics for the job.

    Analyze Your Service Desk Ticket Data

    Take a data-driven approach to service desk optimization.

    IT Diagnostics: Build a Data-Driven IT Strategy

    Our data-driven programs ask business and IT stakeholders the right questions to ensure you have the inputs necessary to build an effective IT strategy.

    Slash Spending by Optimizing Your Software Maintenance and Support

    • Buy Link or Shortcode: {j2store}217|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • Perpetual software maintenance (SW M&S) is an annual budget cost that increases almost yearly. You don’t really know if there is value in it, if its required by the vendor, or if there are opportunities for cost savings.
    • Most organizations never reap the full benefits of software M&S. They blindly send renewal fees to the vendor every year without validating their needs or the value of the maintenance. In addition, your vendor maintenance may be under contract and you aren’t sure what the obligations are for both parties.

    Our Advice

    Critical Insight

    • Analyzing the benefits contained within a vendor’s software M&S will provide the actual cost value of the M&S and whether there are critical support requirements vs. “nice to have” benefits.
    • Understanding the value and your requirement for M&S will allow you to make an informed decision on how best to optimize and reduce your annual software M&S spend.
    • Use a holistic approach when looking to reduce your software M&S spend. Review the entire portfolio for targeted reduction that will result in short- and long-term savings.
    • When targeting vendors to negotiate M&S price or coverage reduction, engaging them three to six months in advance of renewal will provide you with more time to effectively negotiate and not fall to the pressure of time.

    Impact and Result

    • Reduce annual costs for software maintenance and support.
    • Complete a value of investment (VOI) analysis of your software M&S for strategic vendors.
    • Maximize value of the software M&S by using all the benefits being paid for.
    • Right-size support coverage for your requirements.
    • Prioritize software vendors to target for cost reduction and optimization.

    Slash Spending by Optimizing Your Software Maintenance and Support Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how to prioritize your software vendors and effectively target M&S for reduction, optimization, or elimination.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Evaluate

    Evaluate what software maintenance you are spending money.

    • Slash Spending by Optimizing Your Software Maintenance and Support – Phase 1: Evaluate
    • Software M&S Inventory and Prioritization Tool

    2. Establish

    Establish your software M&S requirements and coverage.

    • Slash Spending by Optimizing Your Software Maintenance and Support – Phase 2: Establish
    • Software Vendor Classification Tool

    3. Optimize

    Optimize your M&S spend, reduce or eliminate, where applicable.

    • Slash Spending by Optimizing Your Software Maintenance and Support – Phase 3: Optimize
    • Software M&S Value of Investment Tool
    • Software M&S Cancellation Decision Guide
    • Software M&S Executive Summary Template
    • Software M&S Cancellation Support Template
    [infographic]

    Security Strategy

    • Buy Link or Shortcode: {j2store}42|cart{/j2store}
    • Related Products: {j2store}42|crosssells{/j2store}
    • member rating overall impact (scale of 10): 9.4/10
    • member rating average dollars saved: $33,431
    • member rating average days saved: 29
    • Parent Category Name: Security and Risk
    • Parent Category Link: /security-and-risk

    The challenge

    You may be experiencing one or more of the following:

    • You may not have sufficient security resources to handle all the challenges.
    • Security threats are prevalent. Yet many businesses struggle to embed systemic security thinking into their culture.
    • The need to move towards strategic planning of your security landscape is evident. How to get there is another matter.

    Our advice

    Insight

    To have a successful information security strategy, take these three factors into account:

    • Holistic: your view must include people, processes, and technology.
    • Risk awareness: Base your strategy on the actual risk profile of your company. And then add the appropriate best practices.
    • Business-aligned: When your strategic security plan demonstrates alignment with the business goals and supports it, embedding will go much more straightforward.

    Impact and results 

    • We have developed a highly effective approach to creating your security strategy. We tested and refined this for more than seven years with hundreds of different organizations.
    • We ensure alignment with business objectives.
    • We assess organizational risk and stakeholder expectations.
    • We enable a comprehensive current state assessment.
    • And we prioritize initiatives and build out a right-sized security roadmap.

     

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get up to speed

    Read up on why you should build your customized information security strategy. Review our methodology and understand the four ways we can support you.

    Assess the security requirements

    It all starts with risk appetite, yes, but security is something you want to get right. Determine your organizations' security pressures and business goals, and then determine your security program's goals.

    • Build an Information Security Strategy – Phase 1: Assess Requirements
    • Information Security Requirements Gathering Tool (xls)
    • Information Security Pressure Analysis Tool (xls)

    Build your gap initiative

    Our best-of-breed security framework makes you perform a gap analysis between where you are and where you want to be (your target state). Once you know that, you can define your goals and duties.

    • Build an Information Security Strategy – Phase 2: Assess Gaps
    • Information Security Program Gap Analysis Tool (xls)

    Plan the implementation of your security strategy 

    With your design at this level, it is time to plan your roadmap.

    • Build an Information Security Strategy – Phase 3: Build the Roadmap

    Let it run and continuously improve. 

    Learn to use our methodology to manage security initiatives as you go. Identify the resources you need to execute the evolving strategy successfully.

    • Build an Information Security Strategy – Phase 4: Execute and Maintain
    • Information Security Strategy Communication Deck (ppt)
    • Information Security Charter (doc)

     

    Build a Data Pipeline for Reporting and Analytics

    • Buy Link or Shortcode: {j2store}126|cart{/j2store}
    • member rating overall impact (scale of 10): 9.3/10 Overall Impact
    • member rating average dollars saved: $61,999 Average $ Saved
    • member rating average days saved: 20 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Continuous and disruptive database design updates while trying to have one design pattern to fit all use cases.
    • Sub-par performance while loading, retrieving, and querying data.
    • You want to shorten time-to-market of the projects aimed at data delivery and consumption.
    • Unnecessarily complicated database design limits usability of the data and requires knowledge of specific data structures for their effective use.

    Our Advice

    Critical Insight

    • Evolve your data architecture. Data pipeline is an evolutionary break away from the enterprise data warehouse methodology.
    • Avoid endless data projects. Building centralized all-in-one enterprise data warehouses takes forever to deliver a positive ROI.
    • Facilitate data self-service. Use-case optimized data delivery repositories facilitate data self-service.

    Impact and Result

    • Understand your high-level business capabilities and interactions across them – your data repositories and flows should be just a digital reflection thereof.
    • Divide your data world in logical verticals overlaid with various speed data progression lanes, i.e. build your data pipeline – and conquer it one segment at a time.
    • Use the most appropriate database design pattern for a given phase/component in your data pipeline progression.

    Build a Data Pipeline for Reporting and Analytics Research & Tools

    Start here – read the Executive Brief

    Build your data pipeline using the most appropriate data design patterns.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand data progression

    Identify major business capabilities, business processes running inside and across them, and datasets produced or used by these business processes and activities performed thereupon.

    • Build a Data Pipeline for Reporting and Analytics – Phase 1: Understand Data Progression

    2. Identify data pipeline components

    Identify data pipeline vertical zones: data creation, accumulation, augmentation, and consumption, as well as horizontal lanes: fast, medium, and slow speed.

    • Build a Data Pipeline for Reporting and Analytics – Phase 2: Identify Data Pipeline Components

    3. Select data design patterns

    Select the right data design patterns for the data pipeline components, as well as an applicable data model industry standard (if available).

    • Build a Data Pipeline for Reporting and Analytics – Phase 3: Select Data Design Patterns
    [infographic]

    Workshop: Build a Data Pipeline for Reporting and Analytics

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand Data Progression

    The Purpose

    Identify major business capabilities, business processes running inside and across them, and datasets produced or used by these business processes and activities performed thereupon.

    Key Benefits Achieved

    Indicates the ownership of datasets and the high-level data flows across the organization.

    Activities

    1.1 Review & discuss typical pitfalls (and their causes) of major data management initiatives.

    1.2 Discuss the main business capabilities of the organization and how they interact.

    1.3 Discuss the business processes running inside and across business capabilities and the datasets involved.

    1.4 Create the Enterprise Business Process Model (EBPM).

    Outputs

    Understanding typical pitfalls (and their causes) of major data management initiatives.

    Business capabilities map

    Business processes map

    Enterprise Business Process Model (EBPM)

    2 Identify Data Pipeline Components

    The Purpose

    Identify data pipeline vertical zones: data creation, accumulation, augmentation, and consumption, as well as horizontal lanes: fast, medium, and slow speed.

    Key Benefits Achieved

    Design the high-level data progression pipeline.

    Activities

    2.1 Review and discuss the concept of a data pipeline in general, as well as the vertical zones: data creation, accumulation, augmentation, and consumption.

    2.2 Identify these zones in the enterprise business model.

    2.3 Review and discuss multi-lane data progression.

    2.4 Identify different speed lanes in the enterprise business model.

    Outputs

    Understanding of a data pipeline design, including its zones.

    EBPM mapping to Data Pipeline Zones

    Understanding of multi-lane data progression

    EBPM mapping to Multi-Speed Data Progression Lanes

    3 Develop the Roadmap

    The Purpose

    Select the right data design patterns for the data pipeline components, as well as an applicable data model industry standard (if available).

    Key Benefits Achieved

    Use of appropriate data design pattern for each zone with calibration on the data progression speed.

    Activities

    3.1 Review and discuss various data design patterns.

    3.2 Discuss and select the data design pattern selection for data pipeline components.

    3.3 Discuss applicability of data model industry standards (if available).

    Outputs

    Understanding of various data design patterns.

    Data Design Patterns mapping to the data pipeline.

    Selection of an applicable data model from available industry standards.

    Select and Prioritize Digital Initiatives

    • Buy Link or Shortcode: {j2store}102|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation

    The business has embarked on its digital transformation journey. As CIO, you are being relied on to help triage what is most important – initiatives that will move the needle to achieve and fulfill the digital goals and ambitions of the organization.

    • If selection criteria are not identified and well defined, then digital initiatives risk being misprioritized or, worse yet, incorrectly labelled as having high ROI.
    • Like any other project, net-new digital initiatives must be triaged according to the value they bring to the organization.
    • Just as importantly, the complexity of each initiative must also be weighed as a critical factor of success.

    Our Advice

    Critical Insight

    Once the scope of the digital strategy and its goals are finalized, the heavy lifting begins. CIOs must prepare for this change by evaluating opportunities and prioritizing which will become digital initiatives.

    Impact and Result

    By using an appropriate selection process, CIOs can prioritize the digital initiatives that will matter most to the organization and drive business value.

    Select and Prioritize Digital Initiatives Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Select and Prioritize Digital Initiatives Storyboard – A step-by-step document that walks you through how to prepare an IT department to embrace innovation and support the organization’s digital initiatives.

    Part of Info-Tech’s seven-phase approach for aligning IT with the business’ digital strategy, this deck focuses the core and enabling initiatives that define IT’s innovation goals. By the end of this deck, the IT leader will have a roadmap of prioritized initiatives that enable the organization’s digital business initiatives.

    • Select and Prioritize Digital Initiatives Storyboard
    [infographic]

    Further reading

    Select and Prioritize Digital Initiatives

    Build your digital investment business case.

    Info-Tech Research Group

    Info-Tech is a provider of best-practice IT research advisory services that make every IT leader’s job easier.
    35,000 members sharing best practices you can leverage. Millions spent annually developing tools and templates. Leverage direct access to over 100 analysts as an extension of your team. Use our massive database of benchmarks and vendor assessments. Get up to speed in a fraction of the time.

    Key Concepts

    Digital initiative

    A project – or a group of interdependent projects – whose primary purpose is to enable digital technologies and/or digital business models. These technologies and models may be net new to the organization, or they may be existing ones that are optimized and improved by the initiative itself.

    The feasibility of any initiative is gauged by answering:

    • What amount of return on investment (ROI) or value does it bring to the organization?
    • What level of complexity does it pose to project execution?
    • To what extent does it solve a problem or leverage an opportunity?
    • To what degree is it aligned with digital business goals?

    Digital strategy

    The plan to deploy existing/emerging technologies to look at developing new products and services, new business models, and operational efficiency to meet or exceed performance targets.

    IT strategy

    The plan for deploying and maintaining applications, hardware, infrastructure, and IT services that support the business goals in a secure/regulatory-compliant manner to ensure reliability.

    Digital transformation

    Digital transformation is an at-scale change program – planned and executed over a finite time period – with the aspiration of creating material and sustainable improvement in the performance of an organization. Techniques include deploying a programmatic approach to innovation along with enabling technologies, capabilities, and practices that drive efficiency and create new products, markets, and business models.

    Your Challenge

    • Once the scope of the digital strategy and its goals are finalized, the heavy lifting begins.
    • The CIO must prepare for this change by evaluating opportunities and prioritizing which will become digital initiatives.
    • But where to start with prioritization? What should the selection criteria be?
    • To answer these all-important questions, the CIO must identify what success actually looks like.

    Common Obstacles

    • If selection criteria are not identified and well-defined, then digital initiatives risk being neglected or worse yet, incorrectly labelled as having high ROI.
    • Like any other project, net-new digital initiatives must be triaged according to the value they bring to the organization.
    • Just as importantly, the complexity of each initiative must also be weighed as a critical factor of success.

    Solution

    • Determine and set your selection criteria by leveraging the matrix provided in this deck.
    • Evaluate each proposed initiative against this repeatable process in order to test your assumptions.
    • Develop a business case for each high priority digital initiative that captures its benefits and business value.
    • Assemble your prioritized list of digital initiatives to present to stakeholders.

    Info-Tech Insight

    The business has embarked on its digital transformation journey. As CIO, you are being relied on to help triage what is most important – initiatives that will move the needle to achieve and fulfill the digital goals and ambitions of the organization.

    Analyst Perspective

    Prioritization follows ideation, and it’s not always easy.

    Ross Armstrong

    Your stakeholders have spent considerable time and effort identifying and articulating a digital business strategy. Now that ideas have turned into opportunities, the CIO must prioritize those opportunities as actual initiatives. Where to begin?

    Your first task is to identify the criteria that will be used to conduct prioritization activities. These criteria should be immutable and rigorously applied.

    Your second task will be to develop business cases for each opportunity that passes muster. But don’t worry, you won’t need an MBA to get the job done properly.

    Ross Armstrong

    Principal Research Director
    Info-Tech Research Group

    Info-Tech’s digital transformation journey

    Info-Tech’s digital transformation journey: 1 - Visualize the art of the digitally possible, 2 - Evolve your digital business strategy, 3 - Execute with confidence

    Info-Tech's digital transformation journey for industry members. Table shows the stakeholders, advisory support and deliverables for each industry members

    By now, you have established your current strategic context

    You have reviewed trends to reimagine the future of your industry and undertaken a digital maturity assessment to validate your business objectives and innovation goals. Now you need to evolve the current scope of your digital vision and opportunities.

    • Phase 1.1: Industry Trends Report

    • Phase 1.2: Digital Maturity Assessment

    • Phase 2.1: Zero In on Business Objectives

    By this point you have leveraged industry roundtables to better understand the art of the possible – exploring global trends, shifts in market forces or industry, customer needs, emerging technologies, and economic forecasts and creating opportunities out of these disruptions.

    In Phase 2.1, you identified your business and innovation goals and documented your current capabilities, prioritized for transformation.

    Business and innovation goals have been established through stakeholder interviews and business document review.

    Current capabilities have been prioritized for transformation and heat mapped.

    You have also formalized your digital strategy

    Throughout the course of Phase 2.2, you identified new digital opportunities, identified the business capabilities required to capitalize those opportunities, and updated the digital goals of your organization, accordingly.

    An example of a formalized digital strategy from Phase 2.2.

    The end result of this exercise is a new goals cascade that aligns digital goals and capabilities with those of the business. Digital initiatives were also identified but not yet selected or prioritized for execution at the project level.

    Now you will select and prioritize digital initiatives

    The goal of this phase is to ensure that initiatives that are green-lit for execution have been successfully assessed against your chosen criteria and that the business case for each initiative is firmly established and documented.

    Info-Tech’s digital transformation journey for industry members.

    There are three key activities outlined here that describe the actions that can be undertaken by industry members to help select and prioritize digital initiatives for the business.

    1. Identify your selection criteria

    2. Evaluate initiatives against criteria

    3. Determine a prioritized list of initiatives

    Info-Tech’s approach

    1

    Identify your selection criteria

    • Define what viability actually looks like.
    • Conduct an evaluation session to test your assumptions
    2

    Evaluate initiatives against criteria

    • Evaluate and validate an initiative to determine its viability.
    • Map the benefits and value proposition for each initiative.
    • Build a business case and profile for each selected initiative.
    3

    Determine a prioritized list of initiatives

    • Finalize your initiatives list and compile all relevant information.
    • Communicate the list to stakeholders.

    Step 1: Identify Your Selection Criteria

    Understand which conditions must be met in order to turn an opportunity into a digital initiative.

    Step 1: Identify Your Selection Criteria

    Step 1

    Identify Your Selection Criteria

    1.1

    Define what "viable" looks like

    Set criteria types and thresholds.

    It is impossible to gauge whether or not an opportunity is worthwhile if you don’t have a yardstick to measure it by. However, what is viable for one organization in a particular industry may not be viable for a company elsewhere.

    Consider:
    • Use the criteria already set forth in this deck.
    • If for any reason you cannot use these criteria, work with stakeholders to establish viability factors that suit both the business and IT.
    Avoid:
    • Vague language when establishing your own criteria.
    • Ambiguity in both measures and their definitions. Be crystal clear.

    1.2

    Conduct an evaluation session

    Test your assumptions by piloting prioritization.

    Select an initiative from one of the opportunity profiles from Phase 2.2 and run it through the selection criteria. From there, determine if your assumptions are sound. If not, tweak the criteria and test again until all stakeholders have confidence in the process.

    Consider:
    • Most if not all projects must go through the IT project management office (PMO) or project management leader, so why not create a “digital-only” track for digital business initiatives?
    • Which digital initiatives also represent a sound strategic fit to the organization?
    • Have we undertaken previous projects that are similar? Were those successful? Why or why not?
    Avoid:
    • Making too many initiatives high priority. IT resources are limited, so be ruthless.
    • Taking on too many initiatives at once. Most IT organizations can only work on a small number at any given time.

    Use these selection criteria to prioritize initiatives

    Ideas matter, but not all ideas are created equal. Now that you have elicited ideas and identified opportunities, discuss the assumptions, risks, and benefits associated with each proposed digital business initiative.

    Complexity versus Impact. Shows initiatives that have a business Must Prioritize (High value/low complexity), Should Plan (High value/high complexity), Could Have (Low Value/ Low complexity), and Don't need (Low value/high complexity)

    Prioritize opportunities into initiatives

    Recall that the opportunities identified in Phase 2.2 also became proposed digital initiatives demonstrated in your goals cascade.

    In your discussion, evaluate each opportunity through a matrix to create tension between value and complexity or other dimensions. Capture the information based on measurable business benefits-realization; risks or considerations; assumptions; and competencies, talent, and assets needed to deliver.

    Prioritize opportunities into Initiatives. For example: new digital products and services, intelligent fleet management via automation, ERP automation etc.

    Leverage opportunity profiles from your digital strategy

    To start, take one of the opportunity profiles you created in Phase 2.2, Build Your Digital Vision and Strategy, and use it throughout the following steps. Once done, repeat with the next opportunity profile until all have been vetted against criteria. If you did not use Info-Tech’s approach, simply use whatever list of digital business opportunities provided to you from stakeholders.

    Robotic process automation Template.

    Prioritization Criteria

    Run each initiative through the following evaluation criteria. When finished, any opportunities that appear in the top left quadrant (high value/low complexity) are now your highest priority digital initiatives.

    Instructions:

    Assign each initiative a letter. As you decide on each one, move a copy of the circled letter to its appropriate place on the 2x2 selection matrix.

    List of digital opportunities.

    Complexity versus Impact. Shows initiatives that have a business Must Prioritize (High value/low complexity), Should Plan (High value/high complexity), Could Have (Low Value/ Low complexity), and Don't need (Low value/high complexity)

    Info-Tech Insight

    Evaluation should be based on the insights from analysis across all criteria. Leverage group discussion to help contextualize and challenge assumptions when validating opportunities.

    Digital initiative ≠ IT project

    Every idea is a good one, unless you need one that works. What “works” as a digital initiative is not the same thing as a straightforward IT project that would be typically managed by a project manager or PMO. These latter projects will be addressed in Phase 3.1 of the digital journey.

    Opportunities and business needs > Business model > Impact > Mandatory > Innovation path forward

    Digital Track

    Focus: Transform the business and operations

    1. Problem may not be well defined.
    2. “Initiative” is not clear.
    3. Based on market research, customer needs, trend analysis, and economic forecast, risk to the business if fit-for-purpose initiative is not identified.
    4. Previous delivery results not as expected, or uncertain how to continue the project.
    5. Highly complex with significant impact to transform the business or operations.
    6. Execution approach is not clear.
    7. Capabilities may not exist within IT.

    IT PMO

    1. Emerging technology trends create opportunities to modernize IT, not transform business.
    2. Problem is well defined and understood.
    3. Initiative is clearly identified.
    4. New IT project.
    5. Can be complex but does not transform the business.
    6. Standard PMP approach is a good fit.
    7. Capabilities exist to execute within IT.
    8. Software vendor or systems integrator is initiative provider.

    Step 2: Evaluate Initiatives Against Criteria

    Ruthlessly prioritize which opportunities will deliver the greatest business value and pose the best chance of success.

    Step 2: Evaluate initiatives against criteria.

    Step 2

    Evaluate Initiatives Against Criteria

    2.1

    Evaluate and validate

    Evaluate and validate (or invalidate) opportunities.

    Now that you have tested and refined the selection criteria, take each opportunity profile from Phase 2.2 and run it through its paces. Once plotted on the 2x2 matrix, you will have a clear and concise view of high priority digital initiatives.

    Consider:
    • What are the timing, relevance, and impact of each initiative being evaluated?
    • What are the merits of each opportunity?
    • What are the extent and reach of their impacts?
    Avoid:
    • Guesswork. Stick with what you know based on the available information and data at hand.

    2.2

    Determine benefits

    Document benefits and value proposition.

    Identify and determine the benefits of each high priority initiative, including the benefit type (e.g. observable, financial, etc.). In addition, discuss and articulate the value proposition for each high priority initiative.

    Consider:
    • Tangible and intangible benefits.
    • Creating a vision statement for each initiative selected as high priority.
    Avoid:
    • Don’t reach too much when identifying benefits. Be realistic.

    2.3

    Make your case

    Build a business case for each initiative.

    Once you have enunciated the value and benefits of each high priority initiative, create a business case and profile for each one that includes known costs, risks, and so on. These materials will be crucial for project execution and IT capability planning in Phase 2.3 of your digital journey.

    Consider:
    • All forms of costs, both in terms of time, labor, and physical assets and resources.
    • Stick with a short-form business case for now to save time. You can always expand it into full-form business case later on, if necessary.
    Avoid:
    • Generalities. Be conservative in your estimates and keep them grounded in what has transpired in past initiatives at the organization.

    Exemplar: Prioritization criteria

    Your prioritization matrix should look something like this. Initiatives B and C will now have short-form business cases developed for them. Initiatives in the “Should Plan” quadrant can be dealt with later.

    List of initiatives for digital opportunities. Complexity versus Impact. Shows initiatives that have a business Must Prioritize (High value/low complexity), Should Plan (High value/high complexity), Could Have (Low Value/ Low complexity), and Don't need (Low value/high complexity)

    Draw information from the opportunity profiles

    You created opportunity profiles in Phase 2.2 to clarify, validate and evaluate specific ideas for digital initiatives. In these profiles, you considered the timing, relevance, and impact of those opportunities.

    Some prioritized initiatives will have an immediate and significant impact on your business. Some may have a significant impact, but on a longer timeline. Understanding this is important context for your overall digital business strategy.

    Above all, you must be able to communicate to stakeholders how the newly prioritized digital initiatives are relevant to driving the strategic growth of the business.

    Start by elucidating further on initiative benefits and business value as outlined in the opportunity profile. This will become crucial for completing your next step – building a short-form business case for each prioritized initiative.

    Robotics Process Automation Template. Benefits and outcomes as well as incremental value are highlighted. The next slide is a template for the short-form business case, while the slides after that contain instructions on how to fill out each section of the business case.

    Short-Form Business Case Template

    Short form business case template. Shows value proposition, initiative benefits and initiative roadmap.

    Prepare your business case for each initiative

    Tasks:

    1. On a whiteboard, draw the visual initiative canvas supplied below.
    2. For each prioritized initiative, leverage its opportunity profile (if used) to list the resulting customer or stakeholder products/services and its pain relievers and gain creators in the associated sections of the canvas.
    3. Ensure that the top pains, gains, and jobs are addressed by products/services, pain relievers, and gain creators.
    4. Use this information as a basis for further exercises in this section, such as defining benefits, articulating value proposition and vision, and cost estimates.
    Initiative canvas example.

    Input

    • The initiative’s opportunity profile from Phase 2.2 of the Digital Journey series (if used)

    Output

    • Short-form initiative business case

    Materials

    • Whiteboard and markers

    Participants

    • Opportunity owner
    • Opportunity group/team

    Expand on the key benefits of each initiative

    Business cases are not just a vehicle with which to acquire resources for investments, they are a mechanism that helps ensure the benefits of an investment are realized. To accomplish this, a business case must have a set of clearly defined benefits, combined with an understanding of how they will be measured and an explicitly stated beneficiary who can corroborate that the benefit has been realized.

    What is a benefit?

    Benefits are the advantages, or outcomes, that specific groups or individuals realize as a result of the proposed initiative’s implementation.

    Initiative inputs

    Initiative inputs are the time, resources, and scope dedicated to the endeavor of implementing an initiative.

    Benefits of initiative and initiative inputs diagram.

    Identify how to measure benefit achievement

    Benefits are realized when an organization either starts doing something new, stops doing something, or improves the way something is already being done. The impact of these changes must be measured in order to determine whether the change is positive and if the case warrants more resources in order to scale.

    Types of benefits

    • Observable: These are measured by opinion or judgement.
    • Measurable: These can be identified when there is an existing measure in place for the benefit (or when one can be easily created).
    • Quantifiable: Similar to measurable benefits; however, these benefits additionally feature size or magnitude (if it can be reliably estimated).
    • Financial: These are benefits that can be communicated in monetary terms. A benefit should only be classified as financial when sufficient evidence is available to show that the stated value is likely to be achieved.

    Benefit owners and responsibilities

    1. Each benefit should have assigned to it an explicit owner who gains an advantage as a result of the initiative’s implementation.
    2. For most benefits, the owner will be the primary beneficiary of the initiative.
    3. These individuals are the ones who must corroborate that a benefit has been realized.
    4. Assigning an owner to each benefit will foster a sense of accountability in terms of benefits realization and will also create a traceable path that helps track the success of the initiative.

    Complete the benefits section of the business case

    Tasks:

    1. Use the Short-Form Business Case Template included in this deck.
    2. Arrange a meeting with the key beneficiary or beneficiaries of your initiative. Refer back to the benefits and outcomes section of the initiative’s opportunity profile (if used) as a starting point.
    3. Clearly define what the key benefits of your initiative will be and list them in the Short-Form Business Case Template.
    4. Assign an owner to each benefit – the individual who will corroborate that the benefit has accrued.
    5. Come to a mutual agreement with the beneficiaries as to whether each benefit is:
      • Financial
      • Quantifiable
      • Measurable
      • Observable
    6. Discuss and list the methods that will be used to measure each benefit and list them in the Short-Form Business Case Template.

    Input

    • Key benefits of the initiative, how they will be measured, and who owns the benefits

    Output

    • Completed benefits section of the Short-Form Business Case Template

    Materials

    • Short-Form Business Case Template

    Participants

    • Opportunity owner
    • Key beneficiary

    Craft value proposition and vision statements

    The way one articulates the value an initiative provides is just as important as the initiative itself. Use the previous exercises as inputs to craft a statement that reflects the value your initiative will provide, but also describes how the initiative will create value. Specifically, a value proposition should answer the following questions:

    1. Who is the initiative for?
    2. What is the initiative?
    3. What does the initiative do?
    4. How is the initiative different from others?

    Complete value prop and vision statement sections of the business case

    Tasks:

    1. Having already completed the benefits section of the Short-Form Business Case Template, turn your attention to the value proposition section.
    2. Using your problem and initiative canvases, in addition to the benefits section, craft a value proposition statement that answers the following questions in one or two sentences:
      • Who is the initiative for?
      • What is the initiative?
      • What does the initiative do?
      • How is the initiative different?
    3. Input the value proposition statement into the value proposition section of the Short-Form Business Case Template.

    Input

    • Initiative canvas
    • Benefits section of the Short-Form Business Case Template

    Output

    • Completed value proposition section of the Short-Form Business Case Template

    Materials

    • Short-Form Business Case Template

    Participants

    • Opportunity owner
    • Opportunity group/team

    Identify initiative steps and add to business case

    Tasks:

    Turn your attention to the roadmap section of the Short-Form Business Case Template and fill it in through the following steps:

    1. Select which scope, resource, and/or time reduction tactics to apply given the context of the project.
    2. Use the test, run, gauge, and collect framework supplied, unless you elect to generate your own project phases. If that is the case, ensure that phases are mutually exclusive and completely exhaustive (MECE).
    3. For each phase, supply a brief description of the activities to be undertaken for that phase.
    4. Map the benefits to be accrued within each phase.
    5. For each phase, supply a set of two to three potential factors that create risk toward the benefits listed.
    6. For each risk, supply a mitigation tactic that could be employed to diffuse the risk or to mitigate it completely.

    Input

    • Project benefits
    • Scope, resource, and time reduction tactics

    Output

    • Roadmap section of the Short-Form Business Case Template

    Materials

    • Short-Form Business Case Template

    Participants

    • Opportunity owner

    Fill out the cost section of the business case

    Tasks:

    1. Having already completed the roadmap part of the Short-Form Business Case Template, turn your attention to the cost section.
    2. Use the scope, resource, and time reduction tactics and roadmap to estimate the cost necessary to execute the project. Remember that costs are a factor of the resources required and the cost type.
      • Resources:
        • Hardware
        • Software
        • Human
        • Network and communications
        • Facilities
      • Cost Types:
        • Acquisition
        • Operation
        • Growth and change
    3. Complete the cost section of the Short-Form Business Case Template with the cost estimate for the project.

    Input

    • Roadmap
    • Scope, resource, and time reduction tactics

    Output

    • Cost section of the Short-Form Business Case Template

    Materials

    • Short-Form Business Case Template

    Participants

    • Opportunity owner
    • Opportunity group/team

    Exemplar: Short-Form Business Case

    Short form business case template. Shows value proposition, initiative benefits and initiative roadmap.

    Step 3: Determine a Prioritized List of Initiatives

    Green-light opportunities for digital investment and create your list of high-priority digital initiatives.

    Step 3: Determine a prioritized list of initiatives.

    Step 3

    Determine a Prioritized List of Initiatives

    3.1

    Compile information

    Finalize your list of high priority initiatives.

    This list should also include the short-form business cases that you completed in the previous step. This compilation of initiative information will be used in the next phase of your digital journey and is critical for its successful completion.

    Consider:
    • Checking your work. Does it ring true? Does it create excitement? People will be working on these initiatives in the near future, so it’s ideal if they feel good about the outcomes.
    • Integrating with your IT strategy, if you have one. These digital initiatives will figure prominently in the fiscal quarters to come.
    Avoid:
    • Dramatic effect. While you want stakeholders and IT staff to be enthusiastic about the work ahead, don’t dress up the initiatives as something they’re not.

    3.2

    Communicate

    It’s time to communicate with stakeholders.

    By now you should have a relatively short yet potent list of digital business initiatives – plus a business case for each – that has been thoroughly vetted and prioritized. Stakeholders are eager to learn more about these initiatives, though the details that matter most may differ from stakeholder to stakeholder.

    Consider:
    • Socializing the business cases before formally presenting to stakeholders for approval.
    • You will want to first elicit feedback and make any recommended changes to messaging.
    • Tailoring your message depending on stakeholder type, their priorities and concerns, and so on.
    Avoid:
    • Sugar coating. Many, if not all, of these stakeholders have the authority to invalidate or disapprove any business case that fails to pass muster. Give it to them straight.

    Compile your prioritized initiatives

    There are two follow-up actions to do with your newly prioritized list of digital initiative business cases: present them to stakeholders for approval and then add them to your IT strategic roadmap.

    Compile prioritized initiatives. Present to stakeholders and then add them to your IT strategic roadmap.

    Present business cases to stakeholders

    For most high-profile digital business initiatives, the short-form business case will not be the first time stakeholders hear about them. By this point, securing approval should only be a formality if the initiative has been effectively socialized beforehand. If this is not the case, one must build an adequate understanding of the stakeholder landscape and then use this understanding to effectively present business cases for digital initiative and receive approval to proceed with them.

    Gauge the importance of various stakeholders and tailor your message according to their concerns and the requirements of their role. Consider the following important questions about each stakeholder:

    • Authority: How much influence does the stakeholder have? Enough to drive the initiative forward?
    • Involvement: How interested is the stakeholder? How involved is the stakeholder in the initiative already?
    • Impact: To what degree will the stakeholder be impacted? Will this significantly change how they do their job?
    • Support: Is the stakeholder a supporter of the initiative? Neutral? A resistor?

    Develop a stakeholder map

    A stakeholder map helps visualize the importance of various stakeholders and their concerns so you can prioritize your time according to those stakeholders who are most impacted by a digital initiative, as well as those who have the authority to green-light them.

    1. Evaluate each stakeholder in terms of authority, involvement, impact, and support, as discussed in the previous slide.
    2. Map each stakeholder to an area on the right template (slide four) based upon the level of their authority and involvement (high or low).
      • Vary the size of the circle to distinguish stakeholders that are highly impacted by the IT strategy from those who are not. Color each circle to show each stakeholder’s estimated or gauged level of support for the project.
    3. Ask yourself if the stakeholder map looks accurate. Is there someone who has no involvement in digital initiatives, but should?
      • A) For example, if a CFO who has the authority to disapprove project funding is heavily impacted and not involved, the success of the business cases will be put at risk.
    4. Draw a dotted circle to show where that stakeholder needs to be located (increased involvement and support), and an arrow with a dotted line to signify the needed change. Some stakeholders may have influence over others.
      • B) For example, a COO who highly values the opinion of the director of operations would be influenced by that director. Draw an arrow from one stakeholder to another to signify this relationship.

    Focus on key players: Relevant stakeholders who have high power are highly impacted and should have high involvement. Engage the stakeholders that are impacted most and have the authority to influence digital initiatives and approve business cases.

    Stakeholder map. Authority versus involvement of key players.

    Summary of key insights

    By now, you should have a firm understanding of the principles and desired actions, behaviors, and outcomes that have been presented in this methodology. Furthermore:

    1. Prioritization of digital opportunities can be a relatively straightforward task as long as the correct stakeholders are involved and use a common and agreed upon set of criteria.
    2. Developing a business case for a digital initiative in an agile manner need not be a grueling exercise provided that a vetted and repeatable process is used.
    3. Above all, remember that this is a journey. Going from an intangible (macro-trend, problem, or opportunity) to a tangible (actual project or initiative) does not happen all at once.

    Related Info-Tech Research

    Understand Industry Trends

    Assess how the external environment presents opportunities or threats to your organization.

    Build a Business-Aligned IT Strategy

    Align with the business by creating an IT strategy that documents the business context, key initiatives, and a strategic roadmap.

    Define Your Digital Business Strategy

    Design a strategy that applies innovation to your business model, streamlines and transforms processes, and makes use of technologies to enhance interactions with customers and employees.

    Research Contributors and Experts

    Ross Armstrong

    Ross Armstrong

    Principal Research Director, CIO Advisory
    Info-Tech Research Group

    Ross Armstrong is a Principal Research Director in the CIO Advisory practice at Info-Tech Research Group, covering the areas of IT strategic planning, digital strategy, digital transformation, and IT innovation.

    Ross has worked in a variety of public and private sector industries including automotive, IT, mobile/telecom, and higher education. All of his roles over the years have centered around data-driven market research – in pursuit of insightful and successful product development and product management – at their core.

    In addition to his long tenure as an Info-Tech Research Group analyst, Ross has worked in research and product innovation positions at Autodata initiatives (J.D. Power), BlackBerry, and Ivey Business School (Western University).

    Ross holds a Master of Arts degree in English Language and Literature from Western University (UWO) and has served as an advisory board member for a number of not-for-profit and educational institutions.

    Joanne Lee

    Joanne Lee

    Principal Research Director, CIO Advisory
    Info-Tech Research Group

    Joanne is an executive with over 25 years of experience providing leadership in digital technology and management consulting across both public and private entities from initiative delivery to organizational redesign across BC, Ontario, and Globally.

    A Director within KPMG’s CIO Advisory Management Consulting services and practice lead for Digital Health in BC, Joanne has led various client engagements from ERP Cloud Strategy, IT Operating Models, Data and Analytics maturity, to process redesign. More recently, Joanne was the Chief Program Officer and Executive Director responsible for leading the implementation of a $450M technology and business transformation initiative across 13 hospitals and community services for one of the largest health authorities in BC.

    A former clinician, Joanne has held progressive leadership roles in healthcare with accountabilities across IT operations and service management, data analytics, project management office (PMO), clinical informatics, and privacy and contract management. Joanne is passionate about connecting people, concepts, and capital.

    Bibliography

    “AI: From Data to ROI.” Cognizant, September 2020. Accessed November 2022.

    Bughin, Jacques, et al. “The Case for Digital Reinvention.” McKinsey Quarterly, February 2017. Accessed November 2022.

    “The Business Case for Digital Transformation.” CPA Canada, June 2021. Accessed November 2022.

    “The Case for Digital Transformation.” The National Center for the Middle Market, Ohio State University, 2020. Accessed October 2022.

    “Digital Transformation in Government Case Study.” Ionology, April 2020. Accessed October 2022.

    Louis, Peter, et al. “Internet of Things – From Buzzword to Business Case.” Siemens, 11 January 2021. Accessed December 2022.

    Miesen, Nick. “Case Studies of Digital Transformations in Process and Aerospace Industries.” Jugaad, 2018. Accessed November 2022.

    Proff, Harald, and Claudia Bittrich. “The Digital Business Case - Done Right!” Deloitte, August 2019. Accessed October 2022.

    “Propelling an Aerospace Innovator.” Accenture, 2021. Accessed October 2022.

    Schmidt-Subramanian, Maxie. “The ROI of CX Transformation.” Forrester, 15 August 2019. Accessed November 2022.

    Ward, John, et al. “Building Better Business Cases for IT Investments.” California Management Review, Sept. 2007. Web.

    Effectively Acquire Infrastructure Services

    • Buy Link or Shortcode: {j2store}467|cart{/j2store}
    • member rating overall impact (scale of 10): 9.6/10 Overall Impact
    • member rating average dollars saved: $26,627 Average $ Saved
    • member rating average days saved: 12 Average Days Saved
    • Parent Category Name: Data Center & Facilities Optimization
    • Parent Category Link: /data-center-and-facilities-optimization
    • Most organizations are good at procuring IT products, but few are truly good at acquiring infrastructure services.
    • The lack of expertise in acquiring services is problematic – not only is the acquisition process for services more complex, but it also often has high stakes with large deal sizes, long-term contracts, and high switching costs.

    Our Advice

    Critical Insight

    • Don’t treat infrastructure service acquisitions lightly. Not only are failure rates high, but the stakes are high as well.
    • Make sure your RFP strategy aligns with your deal value. Large deals, characterized by high monthly spend, high criticality to the organization, and high switching costs, warrant a more thorough and lengthy planning period and RFP process.
    • Word your RFP carefully and do your due diligence when reviewing SLAs. Make sure your RFP will help you understand what the vendor’s standard offerings are and don’t treat your service level agreements like an open negotiation. The vendor’s standard offerings will be your most reliable options.

    Impact and Result

    • Follow this blueprint to avoid common pitfalls and navigate the tricky business of acquiring infrastructure services.
    • This blueprint will provide step-by-step guidance from assessing your acquisition goals to transitioning your service. Make sure you do the due diligence required to acquire the best service for your needs.

    Effectively Acquire Infrastructure Services Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should follow the blueprint to effectively acquire infrastructure services, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Develop the procurement strategy and process

    Kick off an acquisition by establishing acquisition goals, validating the decision to acquire a service, and structuring an acquisition approach. There are several RFP approaches and strategies – evaluate the options and develop one that aligns with the nature of the acquisition.

    • Effectively Acquire Infrastructure Services – Phase 1: Develop the Procurement Strategy and Process

    2. Assess requirements and build the RFP

    A solid RFP is critical to the success of this project. Assess the current and future requirements, examine the characteristics of an effective RFP, and develop an RFP.

    • Effectively Acquire Infrastructure Services – Phase 2: Assess Requirements and Build the RFP
    • Infrastructure Service RFP Template

    3. Manage vendor questions and select the vendor

    Manage the activities surrounding vendor questions and score the RFP responses to select the best-fit solution.

    • Effectively Acquire Infrastructure Services – Phase 3: Manage Vendor Questions and Select the Vendor
    • Vendor Question Organizer Template
    • Infrastructure Outsourcing RFP Scoring Tool

    4. Manage the contract, transition, and vendor

    Perform due diligence in reviewing the SLAs and contract before signing. Plan to transition the service into the environment and manage the vendor on an ongoing basis for a successful partnership.

    • Effectively Acquire Infrastructure Services – Phase 4: Manage the Contract, Transition, and Vendor
    • Service Acquisition Planning and Tracking Tool
    • Vendor Management Template
    [infographic]

    Workshop: Effectively Acquire Infrastructure Services

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Develop the Procurement Strategy and Process

    The Purpose

    Establish procurement goals and success metrics.

    Develop a projected acquisition timeline.

    Establish the RFP approach and strategy.

    Key Benefits Achieved

    Defined acquisition approach and timeline.

    Activities

    1.1 Establish your acquisition goals.

    1.2 Establish your success metrics.

    1.3 Develop a projected acquisition timeline.

    1.4 Establish your RFP process and refine your RFP timeline.

    Outputs

    Acquisition goals

    Success metrics

    Acquisition timeline

    RFP strategy and approach

    2 Gather Service Requirements

    The Purpose

    Gather requirements for services to build into the RFP.

    Key Benefits Achieved

    Gathered requirements.

    Activities

    2.1 Assess the current state.

    2.2 Evaluate service requirements and targets.

    2.3 Assess the gap and validate the service acquisition.

    2.4 Define requirements to input into the RFP.

    Outputs

    Current State Assessment

    Service requirements

    Validation of services being acquired and key processes that may need to change

    Requirements to input into the RFP

    3 Develop the RFP

    The Purpose

    Build the RFP.

    Key Benefits Achieved

    RFP development.

    Activities

    3.1 Build the RFP requirement section.

    3.2 Develop the rest of the RFP.

    Outputs

    Service requirements input into the RFP

    Completed RFP

    4 Review RFP Responses and Select a Vendor (Off-Site)

    The Purpose

    Review RFP responses to select the best solution for the acquisition.

    Key Benefits Achieved

    Vendor selected.

    Activities

    4.1 Manage vendor questions regarding the RFP.

    4.2 Review RFP responses and shortlist the vendors.

    4.3 Conduct additional due diligence on the vendors.

    4.4 Select a vendor.

    Outputs

    Managed RFP activities

    Imperceptive scoring of RFP responses and ranking of vendors

    Additional due diligence and further questions for the vendor

    Selected vendor

    Secure IT-OT Convergence

    • Buy Link or Shortcode: {j2store}382|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $10,499 Average $ Saved
    • member rating average days saved: 19 Average Days Saved
    • Parent Category Name: Security Processes & Operations
    • Parent Category Link: /security-processes-and-operations

    IT and OT are both very different complex systems. However, significant benefits have driven OT to be converged to IT. This results in IT security leaders, OT leaders and their teams' facing challenges in:

    • Governing and managing IT and OT security and accountabilities.
    • Converging security architecture and controls between IT and OT environments.
    • Compliance with regulations and standards.
    • Metrics for OT security effectiveness and efficiency.

    Our Advice

    Critical Insight

    • Returning to isolated OT is not beneficial for the organization, therefore IT and OT need to learn to collaborate starting with communication to build trust and to overcome differences between IT and OT. Next, negotiation is needed on components such as governance and management, security controls on OT environments, compliance with regulations and standards, and metrics for OT security.
    • Most OT incidents start with attacks against IT networks and then move laterally into the OT environment. Therefore, converging IT and OT security will help protect the entire organization.
    • OT interfaces with the physical world while IT system concerns more on cyber world. Thus, the two systems have different properties. The challenge is how to create strategic collaboration between IT-OT based on negotiation and this needs top-down support.

    Impact and Result

    Info-Tech’s approach in preparing for IT/OT convergence in the planning phase is coordination and collaboration of IT and OT to

    • initiate communication to define roles and responsibilities.
    • establish governance and build cross-functional team.
    • identify convergence components and compliance obligations.
    • assess readiness.

    Secure IT/OT Convergence Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Secure IT/OT Convergence Storyboard – A step-by-step document that walks you through how to secure IT-OT convergence.

    Info-Tech provides a three-phase framework of secure IT/OT convergence, namely Plan, Enhance, and Monitor & Optimize. The essential steps in Plan are to:

  • Initiate communication to define roles and responsibilities.
  • Establish governance and build a cross-functional team.
  • Identify convergence components and compliance obligations.
  • Assess readiness.
    • Secure IT/OT Convergence Storyboard

    2. Secure IT/OT Convergence Requirements Gathering Tool – A tool to map organizational goals to secure IT-OT goals.

    This tool serves as a repository for information about the organization, compliance, and other factors that will influence your IT/OT convergence.

    • Secure IT/OT Convergence Requirements Gathering Tool

    3. Secure IT/OT Convergence RACI Chart Tool – A tool to identify and understand the owners of various IT/OT convergence across the organization.

    A critical step in secure IT/OT convergence is populating a RACI (Responsible, Accountable, Consulted, and Informed) chart. The chart assists you in organizing roles for carrying out convergence steps and ensures that there are definite roles that different individuals in the organization must have. Complete this tool to assign tasks to suitable roles.

    • Secure IT/OT Convergence RACI Chart Tool
    [infographic]

    Further reading

    Secure IT/OT Convergence

    Create a holistic IT/OT security culture.

    Analyst Perspective

    Are you ready for secure IT/OT convergence?

    IT/OT convergence is less of a convergence and more of a migration. The previously entirely separate OT ecosystem is migrating into the IT ecosystem, primarily to improve access via connectivity and to leverage other standard IT capabilities for economic benefit.

    In the past, OT systems were engineered to be air gapped, relying on physical protection and with little or no security in design, (e.g. OT protocols without confidentiality properties). However, now, OT has become dependent on the IT capabilities of the organization, thus OT inherits IT’s security issues, that is, OT is becoming more vulnerable to attack from outside the system. IT/OT convergence is complex because the culture, policies, and rules of IT are quite foreign to OT processes such as change management, and the culture, policies, and rules of OT are likewise foreign to IT processes.

    A secure IT/OT convergence can be conceived of as a negotiation of a strong treaty between two systems: IT and OT. The essential initial step is to begin with communication between IT and OT, followed by necessary components such as governing and managing OT security priorities and accountabilities, converging security controls between IT and OT environments, assuring compliance with regulations and standards, and establishing metrics for OT security.

    Photo of Ida Siahaan, Research Director, Security and Privacy Practice, Info-Tech Research Group. Ida Siahaan
    Research Director, Security and Privacy Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    IT and OT are both very different complex systems. However, significant benefits have driven OT to converge with IT. This results in IT security leaders, OT leaders, and their teams facing challenges with:

    • Governing and managing IT and OT security and accountabilities.
    • Converging security architecture and controls between IT and OT environments.
    • Compliance with regulations and standards.
    • Metrics for OT security effectiveness and efficiency.
    Common Obstacles
    • IT/OT network segmentation and remote access issues, as most OT incidents indicate that the attackers gained access through the IT network, followed by infiltration into OT networks.
    • OT proprietary devices and unsecure protocols use outdated systems which may be insecure by design.
    • Different requirements of OT and IT security – i.e. IT (confidentiality, integrity, and availability) vs. OT (safety, reliability, and availability).
    Info-Tech’s Approach

    Info-Tech’s approach in preparing for IT/OT convergence (i.e. the Plan phase) is coordination and collaboration of IT and OT to:

    • Initiate communication to define roles and responsibilities.
    • Establish governance and build a cross-functional team.
    • Identify convergence components and compliance obligations.
    • Assess readiness.

    Info-Tech Insight

    Returning to isolated OT is not beneficial for the organization, so IT and OT need to learn to collaborate, starting with communication to build trust and to overcome their differences. Next, negotiation is needed on components such as governance and management, security controls on OT environments, compliance with regulations and standards, and establishing metrics for OT security.

    Consequences of unsecure IT/OT convergence

    OT systems were built with no or little security design

    90% of organizations that use OT experienced a security incident. (Fortinet, 2021. Ponemon, 2019.)

    Bar graph comparing three years, 2019-2021, of four different OT security incidents: 'Ransomeware', 'Insider breaches', 'Phishing', and 'Malware'.
    (Source: Fortinet, 2021.)
    Lack of visibility

    86% of OT security-related service engagements lack complete visibility of OT network in 2021 (90% in 2020, 81% in 2019). (Source: “Cybersecurity Year In Review” Dragos, 2022.)

    The need for secure IT/OT convergence

    Important Industrial Control System (ICS) cyber incidents

    2000
    Target: Australian sewage plant. Method: Insider attack. Impact: 265,000 gallons of untreated sewage released.
    2012
    Target: Middle East energy companies. Method: Shamoon. Impact: Overwritten Windows-based systems files.
    2014
    Target: German Steel Mill. Method: Spear-phishing. Impact: Blast furnace failed to shut down.
    2017
    Target: Middle East safety instrumented system (SIS). Method: TRISIS/TRITON. Impact: Modified SIS ladder logic.
    2022
    Target: Viasat’s KA-SAT network. Method: AcidRain. Impact: Significant loss of communication for the Ukrainian military, which relied on Viasat’s services.
    Timeline of Important Industrial Control System (ICS) cyber incidents.
    1903
    Target: Marconi wireless telegraph presentation. Method: Morse code. Impact: Fake message sent “Rats, rats, rats, rats. There was a young fellow of Italy, Who diddled the public quite prettily.”
    2010
    Target: Iranian uranium enrichment plant. Method: Stuxnet. Impact: Compromised programmable logic controllers (PLCs).
    2013
    Target: ICS supply chain. Method: Havex. Impact: Remote Access Trojan (RAT) collected information and uploaded data to command-and-control (C&C) servers
    2016
    Target: Ukrainian power grid. Method: BlackEnergy. Impact: For 1-6 hours, power outages for 230,000 consumers.
    2021
    Target: Colonial Pipeline. Method: DarkSide ransomware. Impact: Compromised billing infrastructure halted the pipeline operation.

    (Source: US Department of Energy, 2018.


    ”Significant Cyber Incidents,” CSIS, 2022


    MIT Technology Review, 2022.)

    Info-Tech Insight

    Most OT incidents start with attacks against IT networks and then move laterally into the OT environment. Therefore, converging IT and OT security will help protect the entire organization.

    Case Study

    Horizon Power
    Logo for Horizon Power.
    INDUSTRY
    Utilities
    SOURCE
    Interview

    Horizon Power is the regional power provider in Western Australia and stands out as a leader not only in the innovative delivery of sustainable power, but also in digital transformation. Horizon Power is quite mature in distributed energy resource management; moving away from centralized generation to decentralized, community-led generation, which reflects in its maturity in converging IT and OT.

    Horizon Power’s IT/OT convergence journey started over six years ago when advanced metering infrastructure (AMI) was installed across its entire service area – an area covering more than one quarter of the Australian continent.

    In these early days of the journey, the focus was on leveraging matured IT approaches such as adoption of cloud services to the OT environment, rather than converging the two. Many years later, Horizon Power has enabled OT data to be more accessible to derive business benefits such as customer usage data using data analytics with the objective of improving the collection and management of the OT data to improve business performance and decision making.

    The IT/OT convergence meets legislation such as the Australian Energy Sector Cyber Security Framework (AESCSF), which has impacts on the architectural layer of cybersecurity that support delivery of the site services.

    Results

    The lessons learned in converging IT and OT from Horizon Power were:

    • Start with forming relationships to build trust and overcome any divide between IT and OT.
    • Collaborate with IT and OT teams to successfully implement solutions, such as vulnerability management and discovery tools for OT assets.
    • Switch the focus from confidentiality and integrity to availability in solutions evaluation
    • Develop training and awareness programs for all levels of the organization.
    • Actively encourage visible sponsorship across management by providing regular updates and consistent messaging.
    • Monitor cybersecurity metrics such as vulnerabilities, mean time to treat vulnerabilities, and intrusion attempts.
    • Manage third-party vendors using a platform which not only performs external monitoring but provides third-party vendors with visibility or potential threats in their organization.

    The Secure IT/OT Convergence Framework

    IT/OT convergence is less of a convergence and more of a migration. The previously entirely separate OT ecosystem is migrating onto the IT ecosystem, to improve access via the internet and to leverage other standard IT capabilities. However, IT and OT are historically very different, and without careful calculation, simply connecting the two systems will result in a problem. Therefore, IT and OT need to learn to live together starting with communication to build trust and to overcome differences between IT and OT.
    Convergence Elements
    • Process convergence
    • Software and data convergence
    • Network and infrastructure convergence
    Target Groups
    • OT leader and teams
    • IT leader and teams
    • Security leader and teams
    Security Components
    • Governance and compliance
    • Security strategy
    • Risk management
    • Security policies
    • IR, DR, BCP
    • Security awareness and training
    • Security architecture and controls

    Plan

    • Initiate communication
    • Define roles and responsibilities
    • Establish governance and build a cross-functional team
    • Identify convergence elements and compliance obligations
    • Assess readiness

    Governance

    Compliance

    Enhance

    • Update security strategy for IT/OT convergence
    • Update risk-management framework for IT/OT convergence
    • Update security policies and procedures for IT/OT convergence
    • Update incident response, disaster recovery, and business continuity plan for IT/OT convergence

    Security strategy

    Risk management

    Security policies and procedures

    IR, DR, and BCP

    Monitor &
    Optimize

    • Implement awareness, induction, and cross-training program
    • Design and deploy converging security architecture and controls
    • Establish and monitor IT/OT security metrics on effectiveness and efficiency
    • Red-team followed by blue-team activity for cross-functional team building

    Awareness and cross-training

    Architecture and controls

    Phases
    Color-coded phases with arrows looping back up from the bottom to top phase.
    • Plan
    • Enhance
    • Monitor & Optimize
    Plan Outcomes
    • Mapping business goals to IT/OT security goals
    • RACI chart for priorities and accountabilities
    • Compliance obligations register
    • Readiness checklist
    Enhance Outcomes
    • Security strategy for IT/OT convergence
    • Risk management framework
    • Security policies & procedures
    • IR, DR, BCP
    Monitor & Optimize Outcomes
    • Security awareness and training
    • Security architecture and controls
    Plan Benefits
    • Improved flexibility and less divided IT/OT
    • Improved compliance
    Enhance Benefits
    • Increased strategic common goals
    • Increased efficiency and versatility
    Monitor & Optimize Benefits
    • Enhanced security
    • Reduced costs

    Plan

    Initiate communication

    To initiate communication between the IT and OT teams, it is important to understand how the two groups are different and to build trust to find a holistic approach which overcomes those differences.
    IT OT
    Remote Access Well-defined access control Usually single-level access control
    Interfaces Human Machine, equipment
    Software ERP, CRM, HRIS, payroll SCADA, DCS
    Hardware Servers, switches, PCs PLC, HMI, sensors, motors
    Networks Ethernet Fieldbus
    Focus Reporting, communication Up-time, precision, safety
    Change management Frequent updates and patches Infrequent updates and patches
    Security Confidentiality, integrity, availability Safety, reliability, availability
    Time requirement Normally not time critical Real time

    Info-Tech Insight

    OT interfaces with the physical world while IT system concerns more on cyber world. Thus, the two systems have different properties. The challenge is how to create strategic collaboration between IT and OT based on negotiation, and this needs top-down support.

    Identifying organization goals is the first step in aligning your secure IT/OT convergence with your organization’s vision.

    • Security leaders need to understand the direction the organization is headed in.
    • Wise security investments depend on aligning your security initiatives to the organization.
    • Secure IT/OT convergence should contribute to your organization’s objectives by supporting operational performance and ensuring brand protection and shareholder value.

    Map organizational goals to IT/OT security goals

    Input: Corporate, IT, and OT strategies

    Output: Your goals for the security strategy

    Materials: Secure IT/OT Convergence Requirements Gathering Tool

    Participants: Executive leadership, OT leader, IT leader, Security leader, Compliance, Legal, Risk management

    1. As a group, brainstorm organization goals.
      1. Review relevant corporate, IT, and OT strategies.
    2. Record the most important business goals in the Secure IT/OT Convergence Requirements Gathering Tool. Try to limit the number of business goals to no more than 10 goals. This limitation will be critical to helping focus on your secure IT/OT convergence.
    3. For each goal, identify one to two security alignment goals. These should be objectives for the security strategy that will support the identified organization goals.

    Download the Secure IT/OT Convergence Requirements Gathering Tool

    Record organizational goals

    Sample of the definitions table with columns numbered 1-4.

    Refer to the Secure IT/OT Convergence Framework when filling in the following elements.

    1. Record your identified organization goals in the Goals Cascade tab of the Secure IT/OT Convergence Requirements Gathering Tool.
    2. For each of your organizational goals, identify IT alignment goals.
    3. For each of your organizational goals, identify OT alignment goals.
    4. For each of your organizational goals, select one to two IT/OT security alignment goals from the drop-down lists.

    Establish scope and boundaries

    It is important to know at the outset of the strategy: What are we trying to secure in IT/OT convergence ?
    This includes physical areas we are responsible for, types of data we care about, and departments or IT/OT systems we are responsible for.

    This also includes what is not in scope. For some outsourced services or locations, you may not be responsible for their security. In some business departments, you may not have control of security processes. Ensure that it is made explicit at the outset what will be included and what will be excluded from security considerations.

    Physical Scope and Boundaries

    • How many offices and locations does your organization have?
    • Which locations/offices will be covered by your information security management system (ISMS)?
    • How sensitive is the data residing at each location?
    • You may have many physical locations, and it is not necessary to list each one. Rather, list exceptional cases that are specifically in or out of scope.

    IT Systems Scope and Boundaries

    • There may be hundreds of applications that are run and maintained in your organization. Some of these may be legacy applications. Do you need to secure all your programs or only a select few?
    • Is the system owned or outsourced?
    • Where are you accountable for security?
    • How sensitive is the data that each system handles?

    Organizational Scope and Boundaries

    • Will your ISMS cover all departments within your organization? For example, do certain departments (e.g. operations) not need any security coverage?
    • Do you have the ability to make security decisions for each department?
    • Who are the key stakeholders/data owners for each department?

    OT Systems Scope and Boundaries

    • There may be hundreds of OT systems that are run and maintained in your organization. Do you need to secure all OT or a select subset?
    • Is the system owned or outsourced?
    • Where are you accountable for safety and security?
    • What reliability requirements does each system handle?

    Record scope and boundaries

    Sample Scope and Boundaries table. Refer to the Secure IT/OT Convergence Framework when filling in the following elements:
    • Record your security-related organizational scope, physical location scope, IT systems scope, and OT systems scope in the Scope tab of the Secure IT/OT Convergence Requirements Gathering Tool.
    • For each item scoped, give the rationale for including it in the comments column. Careful attention should be paid to any elements that are not in scope.

    Plan

    Define roles and responsibilities

    Input: List of relevant stakeholders

    Output: Roles and responsibilities for the secure IT/OT convergence program

    Materials: Secure IT/OT Convergence RACI Chart Tool

    Participants: Executive leadership, OT leader, IT leader, Security leader

    There are many factors that impact an organization’s level of effectiveness as it relates to IT/OT convergence. How the two groups interact, what skill sets exist, the level of clarity around roles and responsibilities, and the degree of executive support and alignment are only a few. Thus, it is imperative in the planning phase to identify stakeholders who are:

    • Responsible: The people who do the work to accomplish the activity; they have been tasked with completing the activity and/or getting a decision made.
    • Accountable: The person who is accountable for the completion of the activity. Ideally, this is a single person and will often be an executive or program sponsor.
    • Consulted: The people who provide information. This is usually several people, typically called subject matter experts (SMEs).
    • Informed: The people who are updated on progress. These are resources that are affected by the outcome of the activities and need to be kept up to date.

    Download the Secure IT/OT Convergence RACI Chart Tool

    Define RACI Chart

    Sample RACI chart with only the 'Plan' section enlarged.

    Define responsible, accountable, consulted, and informed (RACI) stakeholders.
    1. Customize the "work units" to best reflect your operation with applicable stakeholders.
    2. Customize the "action“ rows as required.
    Info-Tech Insight

    The roles and responsibilities should be clearly defined. For example, IT network should be responsible for the communication and configuration of all access points and devices from the remote client to the control system DMZ, and controls engineering should be responsible from the control system DMZ to the control system.

    Plan

    Establish governance and build cross-functional team

    To establish governance and build an IT/OT cross-functional team, it is important to understand the operation of OT systems and their interactions with IT within the organization, e.g. ad hoc, centralized, decentralized.

    The maturity ladder with levels 'Fully Converged', 'Collaborative Partners', 'Trusted Resources', 'Affiliated Entities', and 'Siloed' at the bottom. Each level has four maturity indicators listed.

    Info-Tech Insight

    To determine IT/OT convergence maturity level, Info-Tech provides the IT/OT Convergence Self-Evaluation Tool.

    Centralized security governance model example

    Example of a centralized security governance model.

    Plan

    Identify convergence elements and compliance obligations

    To switch the focus from confidentiality and integrity to safety and availability for OT system, it is important to have a common language such as the Purdue model for technical communication.
    • A lot of OT compliance standards are technically focused and do not address governance and management, e.g. IT standards like the NIST Cybersecurity Framework. For example, OT system modeling with Purdue model will help IT teams to understand assets, networking, and controls. This understanding is needed to know the possible security solutions and where these solutions could be embedded to the OT system with respect to safety, reliability, and availability.
    • However, deployment of technical solutions or patches to OT system may nullify warranty, so arrangements should be made to manage this with the vendor or manufacturer prior to modification.
    • Finally, OT modernizations such as smart grid together with the advent of IIoT where data flow is becoming less hierarchical have encouraged the birth of a hybrid Purdue model, which maintains segmentation with flexibility for communications.

    Level 5: Enterprise Network

    Level 4: Site Business

    Level 3.5: DMZ
    Example: Patch Management Server, Application Server, Remote Access Server

    Level 3: Site Operations
    Example: SCADA Server, Engineering Workstation, Historian

    Level 2: Area Supervisory Control
    Example: SCADA Client, HMI

    Level 1: Basic Control
    Example: Batch Controls, Discrete Controls, Continuous Process Controls, Safety Controls, e.g. PLCs, RTUs

    Level 0: Process
    Example: Sensors, Actuators, Field Devices

    (Source: “Purdue Enterprise Reference Architecture (PERA) Model,” ISA-99.)

    Identify compliance obligations

    To manage compliance obligations, it is important to use a platform which not only performs internal and external monitoring, but also provides third-party vendors with visibility on potential threats in their organization.
    Example table of compliance obligations standards. Example tables of compliance obligations regulations and guidelines.

    Source:
    ENISA, 2013
    DHS, 2009.

    • OT system has compliance obligations with industry regulations and security standards/regulations/guidelines. See the lists given. The lists are not exhaustive.
    • OT system owner can use the standards/regulations/guidelines as a benchmark to determine and manage the security level provided by third parties.
    • It is important to understand the various frameworks and to adhere to the appropriate compliance obligations, e.g. IEC/ISA 62443 - Security for Industrial Automation and Control Systems Series.

    IEC/ISA 62443 - Security for Industrial Automation and Control Systems Series

    International series of standards for asset owners, system integrators, and product manufacturers.
    Diagram of the international series of standards for asset owners.
    (Source: Cooksley, 2021)
    • IEC/ISA 62443 is a comprehensive international series of standards covering security for ICS systems, which recognizes three roles, namely: asset owner, system integrator, and product manufacturer.
    • In IEC/ISA 62443, requirements flow from the asset owner to the product manufacturer, while solutions flow in the opposite direction.
    • For the asset owner who owns and operates a system, IEC 62443-2 enables defining target security level with reference to a threat level and using the standard as a benchmark to determine the current security level.
    • For the system integrator, IEC 62443-3 assists to evaluate the asset owner’s requirements to create a system design. IEC 62443-3 also provides a method for verification that components provided by the product manufacturer are securely developed and support the functionality required.

    Record your compliance obligations

    Refer to the “Goals Cascade” tab of the Secure IT/OT Convergence Requirements Gathering Tool.
    1. Identify your compliance obligations. Most organizations have compliance obligations that must be adhered to. These can include both mandatory and voluntary obligations. Mandatory obligations include:
      1. Laws
      2. Government regulations
      3. Industry standards
      4. Contractual agreements
      Voluntary obligations include standards that the organization has chosen to follow for best practices and any obligations that are required to maintain certifications. Organizations will have many different compliance obligations. For the purposes of your secure IT/OT convergence, include only those that have OT security requirements.
    2. Record your compliance obligations, along with any notes, in your copy of the Secure IT/OT Convergence Requirements Gathering Tool.
    3. Refer to the “Compliance DB” tab for lists of standards/regulations/guidelines.
    Table of mandatory and voluntary security compliance obligations.

    Plan

    Assess readiness

    Readiness checklist for secure IT/OT convergence

    People

    • Define roles and responsibilities on interaction based on skill sets and the degree of support and alignment.
    • Adopt well-established security governance practices for cross-functional teams.
    • Analyze and develop skills required by implementing awareness, induction, and cross-training program.

    Process

    • Conduct a maturity assessment of key processes and highlight interdependencies.
    • Redesign cybersecurity processes for your secure IT/OT convergence program.
    • Develop a baseline and periodically review on risks, security policies and procedures, incident response, disaster recovery, and business continuity plan.

    Technology

    • Conduct a maturity assessment and identify convergence elements and compliance obligations.
    • Develop a roadmap and deploy converging security architecture and controls step by step, working with trusted technology partners.
    • Monitor security metrics on effectiveness and efficiency and conduct continuous testing by red-team and blue-team activities.

    (Source: “Grid Modernization: Optimize Opportunities And Minimize Risks,” Info-Tech)

    Enhance

    Update security strategy

    To update security strategy, it is important to actively encourage visible sponsorship across management and to provide regular updates.

    Cycle for updating security strategy: 'Architecture design', 'Procurement', 'Installation', 'Maintenance', 'Decommissioning'.
    (Source: NIST SP 800-82 Rev.3, “Guide to Operational Technology (OT) Security,” NIST, 2022.)
    • OT system life cycle is like the IT system life cycle, starting with architectural design and ending with decommissioning.
    • Currently, IT only gets involved from installation or maintenance, so they may not fully understand the OT system. Therefore, if OT security is compromised, the same personnel who commissioned the OT system (e.g. engineering, electrical, and maintenance specialists) must be involved. Thus, it is important to have the IT team collaborate with the OT team in each stage of the OT system’s life cycle.
    • Finally, it is necessary to have propositional sharing of responsibilities between IT leaders, security leaders, and OT leaders who have broader responsibilities.

    Enhance

    Update risk management framework

    The need for asset and threat taxonomy

    • One of issues in IT/OT convergence is that OT systems focus on production, so IT solutions like security patching or updates may deteriorate a machine or take a machine offline and may not be applicable. For example, some facilities run with reliability of 99.999%, which only allows maximum of 5 minutes and 35 seconds or less of downtime per year.
    • Managing risks requires an understanding of the assets and threats for IT/OT systems. Having a taxonomy of the assets and the threats cand help.
    • Applying normal IT solutions to mitigate security risks may not be applicable in an OT environment, e.g. running an antivirus tool on OT system may remove essential OT operations files. Thus, this approach must be avoided; instead, systems must be rebuilt from golden images.
    Risk management framework.
    (Source: ENISA, 2018.)

    Enhance

    Update security policies and procedures

    • Policy is the link between people, process, and technology for any size of organization. Small organizations may think that having formal policies in place is not necessary for their operations, but compliance is applicable to all organizations, and vulnerabilities affect organizations of all sizes as well. Small organizations partnering with clients or other organizations are sometimes viewed as ideal proxies for attackers.
    • Updating security policies to align with the OT system so that there is a uniform approach to securing both IT and OT environments has several benefits. For example, enhancing the overall security posture as issues are pre-emptively avoided, being better prepared for auditing and compliance requirements, and improving governance especially when OT governance is weak.
    • In updating security policies, it is important to redefine the policy framework to include the OT framework and to prioritize the development of security policies. For example, entities that own or manage US and Canadian electric power grids must comply with North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards, specifically CIP-003 for Policy and Governance. This can be achieved by understanding the current state of policies and by right-sizing the policy suite based on a policy hierarchy.
    The White House released an Executive Order on Improving the Nation’s Cybersecurity (EO 14028) in 2021 that establishes new requirements on the scope of protection and security policy such that it must include both IT and OT.

    Policy hierarchy example

    This example of a policy hierarchy features templates from Info-Tech’s Develop and Deploy Security Policies and Identify the Best Framework for Your Security Policies research.

    Example policy hierarchy with four levels, from top-down: 'Governance', 'Process-based policies', 'Prescriptive/ technical (for IT including OT elements)', 'Prescriptive/ technical (for users)'.

    Enhance

    Update IR, DR, and BCP

    A proactive approach to security is important, so actions such as updating and testing the incident response plan for OT are a must. (“Cybersecurity Year In Review” Dragos, 2022.)

    1. Customize organizational chart for IT/OT IR, DR, BCP based on governance and management model.
      E.g. ad hoc, internal distributed, internal centralized, combined distributed, and decentralized. (Software Engineering Institute, 2003)
    2. Adjust the authority of the new organizational chart and decide if it requires additional staffing.
      E.g. full authority, shared authority. (Software Engineering Institute, 2003)
    3. Update IR plan, DR plan, and BCP for IT/OT convergence.
      E.g. incorporate zero trust principles for converge network
    4. Testing updated IR plan, DR plan, and BCP.

    Optimize

    Implement awareness, induction, and cross-training

    To develop training and awareness programs for all levels of the organization, it is important to understand the common challenges in IT security that also affect secure IT/OT convergence and how to overcome those challenges.

    Alert Fatigue

    Too many false alarms, too many events to process, and an evolving threat landscape that wastes analysts’ valuable time on mundane tasks such as evidence collection. Meanwhile, only limited time is given for decision and conclusion, which results in fear of missing an incident and alert fatigue.

    Skill Shortages

    Obtaining and retaining cybersecurity-skilled talent is challenging. Organizations need to invest in the people, but not all organizations will be able to invest sufficiently to have their own dedicated security team.

    Lack of Insight

    To report progress, clear metrics are needed. However, cybersecurity still falls short in this area, as the system itself is complex, and much work is siloed. Furthermore, lessons learned are not yet distilled into insights yet for improving future accuracy.

    Lack of Visibility

    Ensuring complete visibility of the threat landscape, risks, and assets requires system integration and consistent workflow across the organization, and the convergence of OT, IoT, and IT enhances this challenge (e.g. machines cannot be scanned during operational uptime).
    (Source: Security Intelligence, 2020.)
    “Cybersecurity staff are feeling burnout and stressed to the extent that many are considering leaving their jobs.” (Danny Palmer, ZDNET News, 2022)

    Awareness may not correspond to readiness

    • An issue with IT/OT convergence training and awareness happens when awareness exists, but the personnel are trained only for IT security and are not trained for OT-specific security. For example, some organizations still use generic topics such as not opening email attachments, when the personnel do not even operate using email nor in a web browsing environment. (“Assessing Operational Readiness,” Dragos, 2022)
    • Meanwhile, as is the case with IT, OT security training topics are broad, such as OT threat intelligence, OT-specific incident response, and tabletop exercises.
    • Hence, it requires the creation of a training program development plan that considers the various audiences and topics and maps them accordingly.
    • Moreover, roles are also evolving due to convergence and modernization. These new roles require an integrative skill set. For example, the grid security & ops team might consist of an IT security specialist, SCADA technician/engineer, and OT/IIOT security specialist where OT/IIOT security specialist is a new role. (Grid Modernization: Optimize Opportunities and Minimize Risks,” Info-Tech)
    • In conclusion, it is important to approach talent development with an open mind. The ability to learn and flexibility in the face of change are important attributes, and technical skill sets can be improved with certifications and training.
    “One area regularly observed by Dragos is a weakness in overall cyber readiness and training tailored specific to the OT environment.” (“Assessing Operational Technology,” Dragos, 2022.)

    Certifications

    What are the options?
    • One of issues in certification is the complexity on relevancy in topics with respect to roles and levels.
    • An example solution is the European Union Agency for Cybersecurity (ENISA)’s approach to analyzing existing certifications by orientation, scope, and supporting bodies, grouped into specific certifications, relevant certifications, and safety certifications.

    Specific cybersecurity certification of ICS/SCADA
    Example: ISA-99/IEC 62443 Cybersecurity Certificate Program, GIAC Global Industrial Cyber Security Professional (GICSP), Certified SCADA Security Architect (CSSA), EC-Council ICS/SCADA Cybersecurity Training Course.

    Other relevant certification schemes
    Example: Network and Information Security (NIS) Driving License, ISA Certified Automation Professional (CAP), Industrial Security Professional Certification (NCMS-ISP).

    Safety Certifications
    Example: Board of Certified Safety Professionals (BCSP), European Network of Safety and Health Professional Organisations (ENSHPO).

    Order of certifications with 'Orientation' at the top, 'Scope', then 'Support'.(Source: ENISA, 2015.)

    Optimize

    Design and deploy converging security architecture and controls

    • IT/OT convergence architecture can be modeled as a layered structure based on security. In this structure, the bottom layer is referred as “OT High-Security Zone” and the topmost layer is “IT Low-Security Zone.” In this model, each layer has its own set of controls configured and acts like an additional layer of security for the zone underneath it.
    • The data flows from the “OT High-Security Zone” to the topmost layer, the “IT Low-Security Zone,” and the traffic must be verified to pass to another zone based on the need-to-know principle.
    • In the normal control flow within the “OT High-Security Zone” from level 3 to level 0, the traffic must be verified to pass to another level based on the principle of least privilege.
    • Remote access (dotted arrow) is allowed under strict access control and change control based on the zero-trust principle with clear segmentation and a point for disconnection between the “OT High-Security Zone” and the “OT Low-Security Zone”
    • This model simplifies the security process, as if the lower layers have been compromised, then the compromise can be confined on that layer, and it also prevents lateral movement as access is always verified.
    Diagram for the deployments of converging security architecture.(Source: “Purdue Enterprise Reference Architecture (PERA) model,” ISA-99.)

    Off-the-shelf solutions

    Getting the right recipe: What criteria to consider?

    Image of a shopping cart with the four headlines on the right listed in order from top to bottom.
    Icon of an eye crossed out. Visibility and Asset Management

    Passive data monitoring using various protocol layers, active queries to devices, or parsing configuration files of OT, IoT, and IT environments on assets, processes, and connectivity paths.

    Icon of gears. Threat Detection, Mitigation, and Response (+ Hunting)

    Automation of threat analysis (signature-based, specification-based, anomaly-based, sandboxing) not only in IT but also in relevant environments, e.g. IoT, IIoT, and OT on assets, data, network, and orchestration with threat intelligence sharing and analytics.

    Icon of a check and pen. Risk Assessment and Vulnerability Management

    Risk scoring approach (qualitative, quantitative) based on variables such as behavioral patterns and geolocation. Patching and vulnerability management.

    Icon of a wallet. Usability, Architecture, Cost

    The user and administrative experience, multiple deployment options and extensive integration capabilities, and affordability.

    Optimize

    Establish and monitor IT/OT security metrics for effectiveness and efficiency

    Role of security metrics in a cybersecurity program (EPRI, 2017.)
    • Requirements for secure IT/OT are derived from mandatory or voluntary compliance, e.g. NERC CIP, NIST SP 800-53.
    • Frameworks for secure IT/OT are used to build and implement security, e.g. NIST CSF, AESCSF.
    • Maturity of secure IT/OT is used to measure the state of security, e.g. C2M2, CMMC.
    • Security metrics have the role of measuring effectiveness and efficiency.

    Icon of a person ascending stairs.
    Safety

    OT interfaces with the physical world. Thus, metrics based on risks related with life, health, and safety are crucial. These metrics motivate personnel by making clear why they should care about security. (EPRI, 2017.)

    Icon of a person ascending stairs.
    Business Performance

    The impact of security on the business can be measured in various metrics such as operational metrics, service level agreements (SLAs), and financial metrics. (BMC, 2022.)

    Icon of a person ascending stairs.
    Technology Performance

    Early detection will lead to faster remediation and less damage. Therefore, metrics such as maximum tolerable downtime (MTD) and mean time to recovery (MTR) indicate system reliability. (Dark Reading, 2022)

    Icon of a person ascending stairs.
    Security Culture

    The metrics for the overall quality of security culture with indicators such as compliance and audit, vulnerability management, and training and awareness.

    Further information

    Related Info-Tech Research

    Sample of 'Build an Information Security Strategy'.

    Build an Information Security Strategy

    Info-Tech has developed a highly effective approach to building an information security strategy – an approach that has been successfully tested and refined for over seven years with hundreds of organizations.

    This unique approach includes tools for ensuring alignment with business objectives, assessing organizational risk and stakeholder expectations, enabling a comprehensive current-state assessment, prioritizing initiatives, and building a security roadmap.

    Sample of 'Preparing for Technology Convergence in Manufacturing'.

    Preparing for Technology Convergence in Manufacturing

    Information technology (IT) and operational technology (OT) teams have a long history of misalignment and poor communication.

    Stakeholder expectations and technology convergence create the need to leave the past behind and build a culture of collaboration.

    Sample of 'Implement a Security Governance and Management Program'.

    Implement a Security Governance and Management Program

    Your security governance and management program needs to be aligned with business goals to be effective.

    This approach also helps provide a starting point to develop a realistic governance and management program.

    This project will guide you through the process of implementing and monitoring a security governance and management program that prioritizes security while keeping costs to a minimum.

    Bibliography

    Assante, Michael J. and Robert M. Lee. “The Industrial Control System Cyber Kill Chain.” SANS Institute, 2015.

    “Certification of Cyber Security Skills of ICS/SCADA Professionals.” European Union Agency for Cybersecurity (ENISA), 2015. Web.

    Cooksley, Mark. “The IEC 62443 Series of Standards: A Product Manufacturer‘s Perspective.” YouTube, uploaded by Plainly Explained, 27 Apr. 2021. Accessed 26 Aug. 2022.

    “Cyber Security Metrics for the Electric Sector: Volume 3.” Electric Power Research Institute (EPRI), 2017.

    “Cybersecurity and Physical Security Convergence.” Cybersecurity and Infrastructure Security Agency (CISA). Accessed 19 May 2022.

    “Cybersecurity in Operational Technology: 7 Insights You Need to Know,” Ponemon, 2019. Web.

    “Developing an Operational Technology and Information Technology Incident Response Plan.” Public Safety Canada, 2020. Accessed 6 Sep. 2022.

    Gilsinn, Jim. “Assessing Operational Technology (OT) Cybersecurity Maturity.” Dragos, 2021. Accessed 02 Sep. 2022.

    “Good Practices for Security of Internet of Things.” European Union Agency for Cybersecurity (ENISA), 2018. Web.

    Greenfield, David. “Is the Purdue Model Still Relevant?” AutomationWorld. Accessed 1 Sep. 2022

    Hemsley, Kevin E., and Dr. Robert E. Fisher. “History of Industrial Control System Cyber Incidents.” US Department of Energy (DOE), 2018. Accessed 29 Aug. 2022.

    “ICS Security Related Working Groups, Standards and Initiatives.” European Union Agency for Cybersecurity (ENISA), 2013.

    Killcrece, Georgia, et al. “Organizational Models for Computer Security Incident Response Teams (CSIRTs).” Software Engineering Institute, CMU, 2003.

    Liebig, Edward. “Security Culture: An OT Survival Story.” Dark Reading, 30 Aug. 2022. Accessed 29 Aug. 2022.

    Bibliography

    O'Neill, Patrick. “Russia Hacked an American Satellite Company One Hour Before the Ukraine Invasion.” MIT Technology Review, 10 May 2022. Accessed 26 Aug. 2022.

    Palmer, Danny. “Your Cybersecurity Staff Are Burned Out – And Many Have Thought About Quitting.” Zdnet, 08 Aug. 2022. Accessed 19 Aug. 2022.

    Pathak, Parag. “What Is Threat Management? Common Challenges and Best Practices.” SecurityIntelligence, 23 Jan. 2020. Web.

    Raza, Muhammad. “Introduction To IT Metrics & KPIs.” BMC, 5 May 2022. Accessed 12 Sep. 2022.

    “Recommended Practice: Developing an Industrial Control Systems Cybersecurity Incident Response Capability.” Department of Homeland Security (DHS), Oct. 2009. Web.

    Sharma, Ax. “Sigma Rules Explained: When and How to Use Them to Log Events.” CSO Online, 16 Jun. 2018. Accessed 15 Aug. 2022.

    “Significant Cyber Incidents.” Center for Strategic and International Studies (CSIS). Accessed 1 Sep. 2022.

    Tom, Steven, et al. “Recommended Practice for Patch Management of Control Systems.” Department of Homeland Security (DHS), 2008. Web.

    “2021 ICS/OT Cybersecurity Year In Review.” Dragos, 2022. Accessed 6 Sep. 2022.

    “2021 State of Operational Technology and Cybersecurity Report,” Fortinet, 2021. Web.

    Zetter, Kim. “Pre-Stuxnet, Post-Stuxnet: Everything Has Changed, Nothing Has Changed.” Black Hat USA, 08 Aug. 2022. Accessed 19 Aug. 2022.

    Research Contributors and Experts

    Photo of Jeff Campbell, Manager, Technology Shared Services, Horizon Power, AU. Jeff Campbell
    Manager, Technology Shared Services
    Horizon Power, AU

    Jeff Campbell has more than 20 years' experience in information security, having worked in both private and government organizations in education, finance, and utilities sectors.

    Having focused on developing and implementing information security programs and controls, Jeff is tasked with enabling Horizon Power to capitalize on IoT opportunities while maintaining the core security basics of confidentiality, integrity and availability.

    As Horizon Power leads the energy transition and moves to become a digital utility, Jeff ensures the security architecture that supports these services provides safer and more reliable automation infrastructures.

    Christopher Harrington
    Chief Technology Officer (CTO)
    Carolinas Telco Federal Credit Union

    Frank DePaola
    Vice President, Chief Information Security Officer (CISO)
    Enpro

    Kwasi Boakye-Boateng
    Cybersecurity Researcher
    Canadian Institute for Cybersecurity

    IT Risk Management · IT Leadership & Strategy implementation · Operational Management · Service Delivery · Organizational Management · Process Improvements · ITIL, CORM, Agile · Cost Control · Business Process Analysis · Technology Development · Project Implementation · International Coordination · In & Outsourcing · Customer Care · Multilingual: Dutch, English, French, German, Japanese · Entrepreneur
    Tymans Group is a brand by Gert Taeymans BV
    Gert Taeymans bv
    Europe: Koning Albertstraat 136, 2070 Burcht, Belgium — VAT No: BE0685.974.694 — phone: +32 (0) 468.142.754
    USA: 4023 KENNETT PIKE, SUITE 751, GREENVILLE, DE 19807 — Phone: 1-917-473-8669

    Copyright 2017-2022 Gert Taeymans BV